$error_msg = array();
//inizializzo l'array di errori
if (@$_GET['login'] == 1) {
$username = clear($_POST['username']);
$password = $_POST['password'];
if (empty($username) && empty($password)) {
$error_msg[] = "<font color=red><p><i>Inserire i dati per il Login!</i><p></font>";
} elseif (login($username, md5($password)) == FALSE) {
$error_msg[] = "<font color=red><p><i>Dati inseriti Errati!</i><p></font>";
} elseif (check_maintenance(2) == 1 && level($username) == 'user') {
$error_msg[] = "<font color=red><p><i>Login Impossibile (Forum in Modalità Manutenzione)</i><p></font>";
} elseif (login($username, md5($password)) == TRUE && empty($error_msg)) {
setcookie("0xBB_user", $username);
setcookie("0xBB_pass", md5($password));
//aggiorno l'IP dell'utente nel ban_ip
mysql_query("UPDATE " . __PREFIX__ . "ban_ip \n\t\t\t\t\t\tSET ip = '" . $_SERVER['REMOTE_ADDR'] . "' \n\t\t\t\t\t WHERE user_id = '" . nick2uid($username) . "'") or _err(mysql_error());
header("Location: index.php");
exit;
} else {
$error_msg[] = "<font color=red><p><i>Errore di Login! Riprova</i><p></font>";
}
}
if ($error_msg) {
print '<div class="error_msg">
<h3 align="center">ERRORI nella fase di LOGIN!</h2><br />
<br />';
foreach ($error_msg as $error_message) {
print $error_message . "<br />\n";
}
print "<br />\n<center><a href='javascript:history.back()'>Torna Indietro</a>\n</center>\n</div>\n";
} else {
case '13':
if (@$_GET['reset'] == 1) {
mysql_query("UPDATE " . __PREFIX__ . "users SET theme = 'default.css'") or _err(mysql_error());
print "\n<script>alert(\"Reset Completato\"); window.location=\"admin.php\";</script>";
}
print "<script>" . "\n\tif(confirm('Sei sicuro di voler procedere al reset del tema per tutti gli utenti?.') == true) {" . "\n\t\tlocation.href = 'admin.php?mode=13&reset=1'" . "\n\t}else{" . "\n\t\tlocation.href = 'admin.php'" . "\n\t}" . "\n</script>";
break;
case '14':
@($username = clear($_POST['username']));
if ($username) {
$query = "SELECT id, level FROM " . __PREFIX__ . "users WHERE username = '******'";
$row = mysql_fetch_row(mysql_query($query));
if (!$row[0]) {
_err("Errore! L'Username Specificato non esiste!");
}
if ($row[0] == nick2uid($usr)) {
_err("Errore! L'utente selezionato è già VIP!");
}
if ($row[1] == 'vip') {
$query = "UPDATE " . __PREFIX__ . "users SET level = 'user' WHERE id = '" . $row[0] . "'";
} else {
$query = "UPDATE " . __PREFIX__ . "users SET level = 'vip' WHERE id = '" . $row[0] . "'";
}
mysql_query($query) or _err(mysql_error());
header("Location: admin.php?mode=14");
} else {
?>
<form action = 'admin.php?mode=14' method = 'POST'>
<br /><b>Gestione dei permessi per Utenti VIP:</b>
<p>Aggiungi/Rimuovi un' utente VIP(Basta scrivere l'username): <input name = 'username'><br />
<input type = 'submit' value = 'Invia'>
$result = mysql_query($query_2) or _err(mysql_error());
while ($row = mysql_fetch_row($result)) {
$query = "SELECT id FROM " . __PREFIX__ . "topic WHERE replyof = '" . $row[0] . "'";
$res2 = mysql_query($query);
$replies = 0;
while (mysql_fetch_row($res2)) {
$replies++;
}
?>
<tr>
<td class="forums"><a href = 'viewtopic.php?id=<?php
print $row[0] . "'>" . $row[4] . "</a> " . check_graphic_block_topic($row[0]);
?>
</td>
<td class="forums"><a href = 'profile.php?id=<?php
print nick2uid($row[3]) . "'>" . $row[3];
?>
</a></td>
<td class="forums"><?php
print $replies;
?>
</td>
</tr>
<tr>
<td colspan="3"><hr style="margin:1px;height:1px;border:none;background-color:white;"></td>
</tr>
<?php
}
// end while write topics
print "</table>\n";
footer();
<input type = 'hidden' name = 'topic_id' value = '<?php
print $id;
?>
' >
<input type = 'hidden' name = 'user_id' value = '<?php
print nick2uid($row[3]);
?>
'>
<input class='karma_più' type = 'submit' value = '+1' name = 'vote' > <input class='karma_meno' type = 'submit' value = '-1' name = 'vote'>
</form>
</div>
<div style="float: right;"><a href="pm.php?mode=3&to=<?php
print $row[3];
?>
">PM</a> <a href = 'profile.php?id=<?php
print nick2uid($row[3]);
?>
'>Profile</a></div>
</div>
</div>
<div id="topic">
<b>Titolo: </b><?php
print $row[4] . check_graphic_block_topic($row[0]) . check_graphic_important_topic($row[0]) . check_graphic_announcement_topic($row[0]) . "<br />\n<font size=1> @<i>Scritto il " . $row[9] . " alle ore " . $row[8] . "</i></font>\n";
?>
<br />
<?php
if (login($username, $password) && ($row[2] == $username || level($username) == 'admin') || level($username) == 'mod') {
print "\n<a href = 'manage.php?id=" . $row[0] . "&t_id=" . $id . "'>[Edita]</a>" . "\n<a href='manage.php?id=" . $row[0] . "&t_id=" . $id . "&delete=1'>[Elimina]</a>";
}
?>
if (!empty($web_site)) {
if (check_url($web_site) == FALSE) {
$error_msg[] = 'Il Sito Web inserito non è valido';
}
}
if (strlen($username) > 20) {
$error_msg[] = 'L\'username è troppo lungo ( Max. 20 caratteri )';
}
if (!$error_msg) {
$pass = md5($pass);
$query = "INSERT INTO " . __PREFIX__ . "users (\n\t\t\t\t\t\tusername, password, level, email, web_site, msn, theme\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t'" . $username . "', '{$pass}', 'user', '{$email}', '{$web_site}', '{$msn}', 'default.css')";
mysql_query($query) or _err(mysql_error());
$sql = "INSERT INTO " . __PREFIX__ . "karma (\n\t\t\t\t\t\tvote_user_id, vote\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t'" . nick2uid($username) . "', '0')";
mysql_query($sql) or _err(mysql_error());
//ban ip inserimenti IP
$ban_ip = "INSERT INTO " . __PREFIX__ . "ban_ip (\n\t\t\t\t\t\tuser_id, ip, banned\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t'" . nick2uid($username) . "', '" . $_SERVER['REMOTE_ADDR'] . "', '0')";
mysql_query($ban_ip) or _err(mysql_error());
$oggetto = "Benvenuto in " . SITE_NAME . ".";
$messaggio = "Ciao " . $username . "\n" . "Siamo lieti di darti il benvenuto in " . SITE_NAME . "\n" . "I tuoi dati di accesso sono:\n\n" . "Username: "******"\n" . "Password: "******"\n\n" . "Ti auguriamo una buona permanenza,\n" . "Lo Staff ~ " . SITE_NAME . ".";
$check_send_mail = @mail($email, $oggetto, $messaggio, "From: " . $email);
if ($check_send_email == TRUE) {
die("<div class=\"success_msg\" align=\"center\">\nRegistrazione Avvenuta con Successo!\n<br /><p>E-Mail di Benvenuto Inviata!</p><br />\n<a href=\"login.php\">Vai al Login</a></div>");
} else {
die("<div class=\"success_msg\" align=\"center\">\nRegistrazione Avvenuta con Successo!\n<br /><p>E-Mail di Benvenuto non Inviata!</p><br />\n<a href=\"login.php\">Vai al Login</a></div>");
}
} else {
print "\n<div class=\"error_msg\">" . "\n<h3 align=\"center\">Errori nella form!</h2><br />" . "\n<br /><center>";
foreach ($error_msg as $error_message) {
print $error_message . " <br />\n";
}
print "<br />\n<a href='javascript:history.back()'>Torna Indietro</a>\n</center>\n</div>\n";
function show_menu()
{
list($username, $password) = get_data();
if (login($username, $password)) {
$not_read = 0;
$query = "SELECT level FROM " . __PREFIX__ . "users WHERE username = '******'";
$row = mysql_fetch_row(mysql_query($query));
$query = "SELECT id FROM " . __PREFIX__ . "pm WHERE to_usr = '******' AND new = 1";
$res = mysql_query($query);
while (mysql_fetch_row($res)) {
$not_read++;
}
?>
<div class="menu" id="menu" >
<ul>
<li><b>Benvenuto, <a href="profile.php?id=<?php
print nick2uid($username);
?>
"><?php
print $username;
?>
</a>!</b></li>
<li><a href = 'settings.php'>[Pannello utente]</a></li>
<li><a href = 'users_list.php'>Lista Utenti</a></li>
<?php
if ($not_read) {
print "\t\t\t<li><b><a href = 'pm.php?mode=1'>{$not_read} new PM(s)</a></b></li>\n";
} else {
print "\t\t<li><a href = 'pm.php?mode=1'>No new PMs</a></li>\n";
}
if ($row[0] == 'admin') {
print "\t\t\t\t<li><a href = 'admin.php'>[Amministrazione]</a></li>\n";
}
if ($row[0] == 'mod') {
print "\t<li><a href = 'modcp.php'>[-Mod Panel-]</a></li>\n";
}
?>
<li><a href = 'index.php?logout=1'>Logout</a></li>
</ul>
</div>
<div class = 'main' id = 'main'>
<?php
} else {
//Se non si è loggati allora Guest :P
?>
<div class = 'menu' id = 'menu'>
<ul>
<li><b>Benvenuto, Guest!</b></li>
<li><a href = 'users_list.php'>Lista Utenti</a></li>
<li><a href = 'login.php'>Login</a></li>
<li><a href = 'register.php'>Register</a></li>
</ul>
</div>
<div class = 'main' id = 'main'>
<?php
}
}
}
header("Location: modcp.php?mode=2");
} else {
?>
<form action = 'modcp.php?mode=2&ban=2' method = 'POST'>
<br /><b>Gestione Ban per IP:</b>
<p>Banna IP Esterno: <input name = 'ip'><br />
<input type = 'submit' value = 'Banna'></p>
</form>
<br /><br />
<?php
}
if (@$_GET['ban'] == 1) {
$query = "SELECT * FROM " . __PREFIX__ . "ban_ip WHERE ip = '{$ip}'";
$row = mysql_fetch_row(mysql_query($query));
if ($row[1] == nick2uid($usr)) {
_err("Errore! Questo IP da bannare è identico al tuo, ti banni?");
}
if ($row[3] == 0) {
$query = "UPDATE " . __PREFIX__ . "ban_ip SET banned = '1' WHERE id = '" . $row[0] . "'";
} else {
$query = "UPDATE " . __PREFIX__ . "ban_ip SET banned = '0' WHERE id = '" . $row[0] . "'";
}
mysql_query($query) or _err(mysql_error());
header("Location: modcp.php?mode=2");
}
if (@$_GET['elimina'] == 1 && !empty($_GET['id'])) {
$id = (int) $_GET['id'];
mysql_query("DELETE FROM " . __PREFIX__ . "ban_ip WHERE id = '" . $id . "'") or _err(mysql_error());
print '<script>alert("IP Cancellato!); window.location="modcp.php?mode=2";</script>';
}
