function CheckQuery($query)
{
$check = preg_replace("@'.*?[^\\\\]'@si", 'lolstring', $query);
$check = preg_replace("@\".*?[^\\\\]\"@si", 'lolstring', $check);
if (preg_match("@UPDATE\\s+?users\\s+?SET\\s+?.*?`?(powerlevel|tempbanpl)`?\\s*?=\\s*?[\"']?\\d+?[\"']?@si", $check)) {
Report("Unauthorized user powerlevel change (" . $query . ")", 1, 2);
}
}
function CleanupUploads()
{
$targetdir = DATA_DIR . 'uploads';
$timebeforedel = time() - 604800;
// one week
$todelete = Query("SELECT physicalname, user, filename FROM {uploadedfiles} WHERE deldate!=0 AND deldate<{0}", $timebeforedel);
if (NumRows($todelete)) {
while ($entry = Fetch($todelete)) {
Report("[b]{$entry['filename']}[/] deleted by auto-cleanup", false);
DeleteUpload($targetdir . '/' . $entry['physicalname'], $entry['user']);
}
Query("DELETE FROM {uploadedfiles} WHERE deldate!=0 AND deldate<{0}", $timebeforedel);
}
}
function uploadFile($file, $cattype, $cat)
{
global $loguserid, $uploaddirs, $goodfiles, $badfiles, $userquota, $maxSize;
$targetdir = $uploaddirs[$cattype];
$totalsize = foldersize($targetdir);
$filedata = $_FILES[$file];
$c = FetchResult("SELECT COUNT(*) FROM {uploader} WHERE filename={0} AND cattype={1} AND user={2} AND deldate=0", $filedata['name'], $cattype, $loguserid);
if ($c > 0) {
return "You already have a file with this name. Please delete the old copy before uploading a new one.";
}
if ($filedata['size'] == 0) {
if ($filedata['tmp_name'] == '') {
return 'No file given.';
} else {
return 'File is empty.';
}
}
if ($filedata['size'] > $maxSize) {
return 'File is too large. Maximum size allowed is ' . BytesToSize($maxSize) . '.';
}
$randomid = Shake();
$pname = $randomid . '_' . Shake();
$fname = $_FILES['newfile']['name'];
$temp = $_FILES['newfile']['tmp_name'];
$size = $_FILES['size']['size'];
$parts = explode(".", $fname);
$extension = end($parts);
if ($totalsize + $size > $quot) {
Alert(format(__("Uploading \"{0}\" would break the quota."), $fname));
} else {
if (in_array(strtolower($extension), $badfiles) || is_array($goodfiles) && !in_array(strtolower($extension), $goodfiles)) {
return 'Forbidden file type.';
} else {
$description = $_POST['description'];
$big_descr = $cat['showindownloads'] ? $_POST['big_description'] : '';
Query("insert into {uploader} (id, filename, description, big_description, date, user, private, category, deldate, physicalname) values ({7}, {0}, {1}, {6}, {2}, {3}, {4}, {5}, 0, {8})", $fname, $description, time(), $loguserid, $privateFlag, $_POST['cat'], $big_descr, $randomid, $pname);
copy($temp, $targetdir . "/" . $pname);
Report("[b]" . $loguser['name'] . "[/] uploaded file \"[b]" . $fname . "[/]\"" . ($privateFlag ? " (privately)" : ""), $privateFlag);
die(header("Location: " . actionLink("uploaderlist", "", "cat=" . $_POST["cat"])));
}
}
}
}
if ($check) {
$fn = FetchResult("SELECT filename FROM {uploader} WHERE id={0}", $fid);
Query("UPDATE {uploader} SET deldate={0} WHERE id={1}", time(), $fid);
Report("[b]" . $loguser['name'] . "[/] deleted \"[b]" . $fn . "[/]\" ({$fid}).", 1);
die(header("Location: " . actionLink("uploaderlist", "", "cat=" . $_GET["cat"])));
} else {
Alert(__("No such file or not yours to mess with."));
}
} else {
if ($_GET['action'] == 'restore' && HasPermission('uploader.deletefiles')) {
$fid = $_GET['fid'];
$check = FetchResult("select count(*) from {uploader} where id = {0}", $fid);
if ($check) {
Query("UPDATE {uploader} SET deldate=0 WHERE id={0}", $fid);
Report("[b]" . $loguser['name'] . "[/] restored \"[b]" . $entry['filename'] . "[/]\" ({$fid}).", 1);
die(header("Location: " . actionLink("uploaderlist", "", "cat=" . $_GET["cat"])));
} else {
Alert(__("No such file."));
}
} else {
MakeCrumbs(array(actionLink("uploader") => "Uploader"), $links);
$errormsg = __("No categories found.");
$entries = Query("select * from {uploader_categories} order by ord");
if (NumRows($entries) == 0) {
print "\n\t\t<table class=\"outline margin\">\n\t\t\t<tr class=\"header0\">\n\n\n\n\t\t\t\t<th colspan=\"7\">" . __("Files") . "</th>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell1\">\n\t\t\t\t<td colspan=\"4\">\n\t\t\t\t\t" . $errormsg . "\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t</table>\n\t\t";
} else {
print "\n\t\t<table class=\"outline margin width100\">\n\t\t\t<tr class=\"header0\">\n\t\t\t\t<th colspan=\"7\">" . __("Categories") . "</th>\n\t\t\t</tr>\n\t\t";
$cellClass = 0;
while ($entry = Fetch($entries)) {
$filecount = FetchResult("select count(*) from {uploader} where category = {0} AND deldate=0", $entry['id']);
$sets[] = "pluginsettings = '" . SqlEscape(serialize($pluginSettings)) . "'";
if ($editUserMode && ((int) $_POST['primarygroup'] != $user['primarygroup'] || $_POST['dopermaban'])) {
$sets[] = "tempbantime = 0";
if ((int) $_POST['primarygroup'] != $user['primarygroup']) {
$sets[] = "tempbanpl = " . (int) $user['primarygroup'];
}
Report($user['name'] . "'s primary group was changed from " . $groups[$user['primarygroup']] . " to " . $groups[(int) $_POST['primarygroup']]);
}
$query .= join($sets, ", ") . " WHERE id = " . $userid;
if (!$failed) {
RawQuery($query);
$his = "[b]" . $user['name'] . "[/]'s";
if ($loguserid == $userid) {
$his = HisHer($user['sex']);
}
Report("[b]" . $loguser['name'] . "[/] edited " . $his . " profile. -> [g]#HERE#?uid=" . $userid, 1);
die(header("Location: " . actionLink("profile", $userid, '', $_POST['name'] ?: $user['name'])));
}
}
//If failed, get values from $_POST
//Else, get them from $user
foreach ($epFields as $catid => $cfields) {
foreach ($cfields as $field => $item) {
if ($item['type'] == "label" || $item['type'] == "password") {
continue;
}
if (!$failed) {
if (!isset($item['value'])) {
$item['value'] = $user[$field];
}
} else {
if (trim($_POST['reason'])) {
$bantitle .= __(': ') . $_POST['reason'];
}
Query("update {users} set tempbanpl = {0}, tempbantime = {1}, primarygroup = {4}, title = {3} where id = {2}", $user['u_primarygroup'], $expire, $id, $bantitle, Settings::get('bannedGroup'));
Report($loguser['name'] . ' banned ' . $user['u_name'] . ($expire ? ' for ' . TimeUnits($time) : ' permanently') . ($_POST['reason'] ? ': ' . $_POST['reason'] : '.'), true);
die(header('Location: ' . actionLink('profile', $id, '', $user['name'])));
} else {
if ($_POST['unban']) {
if ($_POST['token'] !== $loguser['token']) {
Kill('No.');
}
if ($user['u_primarygroup'] != Settings::get('bannedGroup')) {
Kill(__('This user is not banned.'));
}
Query("update {users} set primarygroup = tempbanpl, tempbantime = {0}, title = {1} where id = {2}", 0, '', $id);
Report($loguser['name'] . ' unbanned ' . $user['u_name'] . '.', true);
die(header('Location: ' . actionLink('profile', $id, '', $user['name'])));
}
}
if (isset($_GET['unban'])) {
$title = __('Unban user');
MakeCrumbs(array(actionLink("profile", $id, '', $user['u_name']) => htmlspecialchars($user['u_displayname'] ? $user['u_displayname'] : $user['u_name']), actionLink('banhammer', $id, 'unban=1') => __('Unban user')));
$userlink = userLink(getDataPrefix($user, 'u_'));
$fields = array('target' => $userlink, 'btnUnbanUser' => '<input type="submit" name="unban" value="Unban user">');
$template = 'form_unbanuser';
} else {
$title = __('Ban user');
MakeCrumbs(array(actionLink("profile", $id, '', $user['u_name']) => htmlspecialchars($user['u_displayname'] ? $user['u_displayname'] : $user['u_name']), actionLink('banhammer', $id) => __('Ban user')));
$duration = '
<label><input type="radio" name="permanent" value="0"> For: </label>
<input type="text" name="time" size="4" maxlength="2">
}
$qThreads = "update threads set title='" . justEscape($_POST['title']) . "', icon='" . $iconurl . "', closed=" . $isClosed . ", sticky=" . $isSticky . " where id=" . $tid . " limit 1";
$rThreads = Query($qThreads);
Report("[b]" . $loguser['name'] . "[/] edited thread [b]" . $thread['title'] . "[/] -> [g]#HERE#?tid=" . $tid, $isHidden);
Redirect(__("Edited!"), "thread.php?id=" . $tid, __("the thread"));
exit;
} else {
Alert(__("Your thread title is empty. Enter a message and try again."));
}
}
} else {
if ($_POST['action'] == __("Edit")) {
if ($_POST['title']) {
$qThreads = "update threads set title='" . justEscape($_POST['title']) . "' where id=" . $tid . " limit 1";
$rThreads = Query($qThreads);
Report("[b]" . $loguser['name'] . "[/] renamed thread [b]" . $thread['title'] . "[/] -> [g]#HERE#?tid=" . $tid, $isHidden);
Redirect(__("Edited!"), "thread.php?id=" . $tid, __("the thread"));
exit;
} else {
Alert(__("Your thread title is empty. Enter a message and try again."));
}
}
}
if (!$_POST['title']) {
$_POST['title'] = $thread['title'];
}
$match = array();
if (preg_match("@^img/icons/icon(\\d+)\\..{3,}\$@si", $thread['icon'], $match)) {
$_POST['iconid'] = $match[1];
} elseif ($thread['icon'] == "") {
//Has no icon
<?php
if ($loguserid == 0) {
Kill("Only members can install their layouts");
}
if (isset($_POST['action']) && $_POST['action'] == "Install") {
//Changed this to not to use the uploader since it's now a plugin. ~Dirbaio
if (!is_dir("layoutmaker")) {
mkdir("layoutmaker/");
}
$path = "layoutmaker/" . $loguserid . ".css";
file_put_contents($path, $_POST['css']);
$path = resourceLink($path);
$head = "<link rel=\"stylesheet\" type=\"text/css\" href=\"" . $path . "\" />\n" . $_POST['header'];
$foot = $_POST['footer'];
Query("UPDATE {users} SET postheader = {0}, signature = {1} WHERE id = {2}", $head, $foot, $loguserid);
Report("[b]" . $loguser['name'] . "[/] edited his layout with the layout maker. -> [g]#HERE#?uid=" . $userid, 1);
die(header("Location: " . actionLink("profile", $loguserid)));
}
} else {
if ($_POST['unstick']) {
$mod .= ", sticky = 0";
}
}
}
$now = time();
$rUsers = Query("update {users} set posts=posts+1, lastposttime={0} where id={1} limit 1", time(), $loguserid);
$rPosts = Query("insert into {posts} (thread, user, date, ip, num, options, mood) values ({0},{1},{2},{3},{4}, {5}, {6})", $tid, $loguserid, $now, $_SERVER['REMOTE_ADDR'], $loguser['posts'] + 1, $options, (int) $_POST['mood']);
$pid = InsertId();
$rPostsText = Query("insert into {posts_text} (pid,text,revision,user,date) values ({0}, {1}, {2}, {3}, {4})", $pid, $post, 0, $loguserid, time());
$rFora = Query("update {forums} set numposts=numposts+1, lastpostdate={0}, lastpostuser={1}, lastpostid={2} where id={3} limit 1", $now, $loguserid, $pid, $fid);
$rThreads = Query("update {threads} set lastposter={0}, lastpostdate={1}, replies=replies+1, lastpostid={2}" . $mod . " where id={3} limit 1", $loguserid, $now, $pid, $tid);
$attachs = HandlePostAttachments($pid, true);
Query("UPDATE {posts} SET has_attachments={0} WHERE id={1}", !empty($attachs) ? 1 : 0, $pid);
Report("New reply by [b]" . $loguser['name'] . "[/] in [b]" . $thread['title'] . "[/] (" . $forum['title'] . ") -> [g]#HERE#?pid=" . $pid, $isHidden);
$bucket = "newreply";
include BOARD_ROOT . "lib/pluginloader.php";
die(header("Location: " . actionLink("post", $pid)));
} else {
$attachs = HandlePostAttachments(0, false);
}
}
}
}
$prefill = htmlspecialchars($_POST['text']);
if ($_GET['quote']) {
$rQuote = Query("\tselect\n\t\t\t\t\tp.id, p.deleted, pt.text,\n\t\t\t\t\tt.forum fid, \n\t\t\t\t\tu.name poster\n\t\t\t\tfrom {posts} p\n\t\t\t\t\tleft join {posts_text} pt on pt.pid = p.id and pt.revision = p.currentrevision\n\t\t\t\t\tleft join {threads} t on t.id=p.thread\n\t\t\t\t\tleft join {users} u on u.id=p.user\n\t\t\t\twhere p.id={0}", (int) $_GET['quote']);
if (NumRows($rQuote)) {
$quote = Fetch($rQuote);
//SPY CHECK!
function __Error_Handler__($Number, $Error, $File, $Line)
{
#-------------------------------------------------------------------------------
$Message = SPrintF('[!!%s]-%s в линии %s файла %s', $Number, $Error, $Line, $File);
#-------------------------------------------------------------------------------
$__ERR_CODE =& $GLOBALS['__ERR_CODE'];
#-------------------------------------------------------------------------------
if ((int) $Error && $__ERR_CODE == 100) {
$__ERR_CODE = $Error;
}
#-------------------------------------------------------------------------------
Debug(SPrintF('[!] %s', $Message));
//Debug(SPrintF('[!] %s',debug_print_backtrace()));
#-------------------------------------------------------------------------------
//Error_Reporting(E_ALL);
#-------------------------------------------------------------------------------
if (Error_Reporting()) {
#-------------------------------------------------------------------------------
$JBsErrorID = SPrintF('%s[%s]', HOST_ID, Md5(Implode(':', array($Number, $Error, $Line, $File))));
#-------------------------------------------------------------------------------
$__SYSLOG =& $GLOBALS['__SYSLOG'];
#-------------------------------------------------------------------------------
$Log = Implode("\n", $__SYSLOG);
#-------------------------------------------------------------------------------
Report($JBsErrorID, $JBsErrorID);
#-------------------------------------------------------------------------------
foreach (array(SYSTEM_PATH, '/tmp') as $Folder) {
#-------------------------------------------------------------------------------
$Path = SPrintF('%s/jbs-errors.log', $Folder);
#-------------------------------------------------------------------------------
if (File_Exists($Path)) {
if (FileSize($Path) > 1024 * 1024) {
UnLink($Path);
}
}
#-------------------------------------------------------------------------------
umask(077);
#-------------------------------------------------------------------------------
if (!@File_Put_Contents($Path, SPrintF("%s\n\n%s\n\n", $JBsErrorID, $Log), FILE_APPEND)) {
#-------------------------------------------------------------------------------
Debug(SPrintF('[__Error_Handler__]: не удалось осуществить запись ошибки в системный лог (%s)', $Path));
#-------------------------------------------------------------------------------
continue;
#-------------------------------------------------------------------------------
}
#-------------------------------------------------------------------------------
break;
#-------------------------------------------------------------------------------
}
#-------------------------------------------------------------------------------
if (File_Exists(SPrintF('%s/DEBUG.OUT', SYSTEM_PATH)) || !isset($_SERVER["REMOTE_PORT"])) {
#-------------------------------------------------------------------------------
exit($Log);
} else {
#-------------------------------------------------------------------------------
$Errors = array(100 => 'Ошибка выполнения', 101 => 'Неизвестный результат', 201 => 'Неверные параметры', 400 => 'Ошибка данных', 500 => 'Системная ошибка', 600 => 'Ошибка политики безопасности', 601 => 'Неверный реферер', 602 => 'Отсутствует реферер', 603 => 'Неверный ключ CSRF', 700 => 'Нарушение политики прав');
#-------------------------------------------------------------------------------
$FilePath = SPrintF('%s/hosts/root/templates/modules/Trigger.Error.html', SYSTEM_PATH);
#-------------------------------------------------------------------------------
if (Is_Readable($FilePath)) {
#-------------------------------------------------------------------------------
$Result = @File_Get_Contents($FilePath);
#-------------------------------------------------------------------------------
} else {
#-------------------------------------------------------------------------------
$Result = SPrintF("Cannot read error file: %s<BR />\nError: %%s<BR />\n<!--%%s-->\nErrorID: %%s\n<!--%%s-->", $FilePath);
#-------------------------------------------------------------------------------
}
#-------------------------------------------------------------------------------
$String = SPrintF('%s (%s)', $Errors[$__ERR_CODE], $__ERR_CODE);
#-------------------------------------------------------------------------------
@Header(SPrintF('JBs-ErrorID: %s', $JBsErrorID));
#-------------------------------------------------------------------------------
if (isset($_POST['XMLHttpRequest'])) {
#-------------------------------------------------------------------------------
$Answer = array('Error' => array('CodeID' => $__ERR_CODE, 'String' => $String), 'Status' => 'Error');
#-------------------------------------------------------------------------------
exit(JSON_Encode($Answer));
#-------------------------------------------------------------------------------
} else {
#-------------------------------------------------------------------------------
exit(SPrintF($Result, $String, $String, $JBsErrorID, Date('Y', Time())));
#-------------------------------------------------------------------------------
}
#-------------------------------------------------------------------------------
}
#-------------------------------------------------------------------------------
}
#-------------------------------------------------------------------------------
}
include "lib/header.php";
write("\n\t<form action=\"login.php\" method=\"post\">\n\t\t<table class=\"outline margin width50\">\n\t\t\t<tr class=\"header0\">\n\t\t\t\t<th colspan=\"2\">\n\t\t\t\t\t" . __("Log in") . "\n\t\t\t\t</th>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class=\"cell2\">\n\t\t\t\t\t<label for=\"un\">" . __("User name") . "</label>\n\t\t\t\t</td>\n\t\t\t\t<td class=\"cell0\">\n\t\t\t\t\t<input type=\"text\" id=\"un\" name=\"name\" style=\"width: 98%;\" maxlength=\"25\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class=\"cell2\">\n\t\t\t\t\t<label for=\"pw\">" . __("Password") . "</label>\n\t\t\t\t</td>\n\t\t\t\t<td class=\"cell1\">\n\t\t\t\t\t<input type=\"password\" id=\"pw\" name=\"pass\" size=\"13\" maxlength=\"32\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class=\"cell2\"></td>\n\t\t\t\t<td class=\"cell1\">\n\t\t\t\t\t<label>\n\t\t\t\t\t\t<input type=\"checkbox\" name=\"session\" />\n\t\t\t\t\t\t" . __("This session only") . "\n\t\t\t\t\t</label>\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell2\">\n\t\t\t\t<td></td>\n\t\t\t\t<td>\n\t\t\t\t\t<input type=\"submit\" name=\"action\" value=\"" . __("Log in") . "\" />\n\t\t\t\t\t{0}\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t</table>\n\t</form>\n", $mailResetFrom == "" ? "" : "<button onclick=\"document.location = 'lostpass.php'; return false;\">" . __("Forgot password?") . "</button>");
} elseif ($_POST['action'] == __("Log in")) {
$original = $_POST['pass'];
$escapedName = justEscape($_POST['name']);
$qUser = "******" . $escapedName . "'";
$rUser = Query($qUser);
if (NumRows($rUser)) {
$user = Fetch($rUser);
$sha = hash("sha256", $original . $salt . $user['pss'], FALSE);
if ($user['password'] != $sha) {
include "lib/header.php";
Report("A visitor from [b]" . $_SERVER['REMOTE_ADDR'] . "[/] tried to log in as [b]" . $user['name'] . "[/].", 1);
Kill(__("Invalid user name or password.") . "<br /><a href=\"./\">" . __("Back to main") . "</a> • <a href=\"login.php\">" . __("Try again") . "</a></div>");
}
} else {
include "lib/header.php";
Kill(__("Invalid user name or password.") . "<br /><a href=\"./\">" . __("Back to main") . "</a> • <a href=\"login.php\">" . __("Try again") . "</a></div>");
}
$logdata['loguserid'] = $user['id'];
$logdata['bull'] = hash('sha256', $user['id'] . $user['password'] . $salt . $user['pss'], FALSE);
$logdata_s = base64_encode(serialize($logdata));
if (isset($_POST['session'])) {
setcookie("logdata", $logdata_s, 0, "", "", false, true);
} else {
setcookie("logdata", $logdata_s, 2147483647, "", "", false, true);
}
include "lib/header.php";
Report("[b]" . $escapedName . "[/] logged in.", 1);
Redirect(__("You are now logged in."), "./", __("the main page"));
}
}
}
// auth plugins
if (!$okay) {
$bucket = 'login';
include BOARD_ROOT . 'lib/pluginloader.php';
}
if (!$okay) {
Report("A visitor from [b]" . $_SERVER['REMOTE_ADDR'] . "[/] tried to log in as [b]" . $user['name'] . "[/].", 1);
Alert(__("Invalid user name or password."));
} else {
//TODO: Tie sessions to IPs if user has enabled it (or probably not)
$sessionID = Shake();
setcookie("logsession", $sessionID, 2147483647, URL_ROOT, "", false, true);
Query("INSERT INTO {sessions} (id, user, autoexpire) VALUES ({0}, {1}, {2})", doHash($sessionID . SALT), $user['id'], $_POST['session'] ? 1 : 0);
Report("[b]" . $user['name'] . "[/] logged in.", 1);
$rLogUser = Query("select id, pss, password from {users} where 1");
$matches = array();
while ($testuser = Fetch($rLogUser)) {
if ($testuser['id'] == $user['id']) {
continue;
}
$sha = doHash($_POST['pass'] . SALT . $testuser['pss']);
if ($testuser['password'] === $sha) {
$matches[] = $testuser['id'];
}
}
if (count($matches) > 0) {
Query("INSERT INTO {passmatches} (date,ip,user,matches) VALUES (UNIX_TIMESTAMP(),{0},{1},{2})", $_SERVER['REMOTE_ADDR'], $user['id'], implode(',', $matches));
}
die(header("Location: " . URL_ROOT));
} else {
if (!isset($_GET['fid']) || !isset($_GET['img'])) {
Alert(__("Both category and image must be chosen to set your avatar."), __("Error"));
} elseif (!is_numeric($_GET['fid']) || !is_numeric($_GET['img'])) {
Alert(__("Category and image are supposed to be numerical!"), "WTFHAX?");
} else {
if ($avalib[$fid]['content'][$_GET['img']] == "") {
Alert(__("Unknown image."), __("Error"));
} else {
//Here's where the fun starts.
$image = "img/avatars/library/" . $avalib[$fid]['name'] . "/" . $avalib[$fid]['content'][$_GET['img']] . ".png";
//Copy the selected image to /avatars/$loguserid.png (assume library is 100x100)
copy($image, "img/avatars/" . $loguserid);
//Set your profile
Query("update users set picture='img/avatars/" . $loguserid . "' where id=" . $loguserid . " limit 1");
Report("[b]" . $loguser['name'] . "[/] switched avatars to [b]\"" . $avalib[$fid]['content'][$_GET['img']] . "\"[/] -> [g]#HERE#?uid=" . $loguserid, 1);
Redirect(format(__("Your avatar has been set to \"{0}\"."), $avalib[$fid]['content'][$_GET['img']]), "profile.php?id=" . $loguserid, __("your profile"));
}
}
}
}
$i = 0;
$options = "";
foreach ($avalib as $category) {
$options .= format("<option value=\"{0}\" {1}>{2}</option>\n", $i, $selected[$i++], $category['name']);
}
write("\n\t<form action=\"avatarlibrary.php\" method=\"get\" id=\"myForm\">\n\t\t<table class=\"outline margin\">\n\t\t\t<tr class=\"header1\">\n\t\t\t\t<th colspan=\"2\">" . __("Avatar library") . "</th>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell0\">\n\t\t\t\t<td style=\"width: 10%;\">" . __("Category") . "</td>\n\t\t\t\t<td>\n\t\t\t\t\t<select name=\"fid\" size=\"1\" onchange=\"myForm.submit();\">\n\t\t\t\t\t\t{0}\n\t\t\t\t\t</select>\n\t\t\t\t\t<input type=\"submit\" value=\"" . __("Change") . "\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t</table>\n\t</form>\n", $options);
if (isset($fid)) {
$i = 0;
$set = "";
if ($loguserid) {
if ($setting[0][0] == "#") {
continue;
}
if ($setting[0][0] == "\$") {
registerSetting(substr($setting[0], 1), $setting[1]);
} else {
$plugins[$plugin][$setting[0]] = $setting[1];
}
$minver = 220;
//we introduced these plugins in 2.2.0 so assume this.
if ($setting[0] == "minversion") {
$minver = (int) $setting[1];
}
}
if ($minver > $misc['version']) {
Report(Format("Disabled plugin \"{0}\" -- meant for a later version.", $plugin), 1);
rename("./plugins/" . $plugin . "/plugin.settings", "./plugins/" . $plugin . "/plugin.disabled");
unset($plugins[$plugin]);
continue;
}
$dir = "./plugins/" . $plugins[$plugin]['dir'];
$pdir = @opendir($dir);
while ($f = readdir($pdir)) {
if (substr($f, strlen($f) - 4, 4) == ".php") {
$pluginbuckets[substr($f, 0, strlen($f) - 4)][] = $plugins[$plugin]['dir'];
}
}
} else {
unset($plugins[$plugin]);
continue;
}
}
}
}
if ($err) {
Alert($err, __('Error'));
} else {
$newsalt = Shake();
$sha = doHash($_POST['pass'] . SALT . $newsalt);
$uid = FetchResult("SELECT id+1 FROM {users} WHERE (SELECT COUNT(*) FROM {users} u2 WHERE u2.id={users}.id+1)=0 ORDER BY id ASC LIMIT 1");
if ($uid < 1) {
$uid = 1;
}
$rUsers = Query("insert into {users} (id, name, password, pss, primarygroup, regdate, lastactivity, lastip, email, sex, theme) values ({0}, {1}, {2}, {3}, {4}, {5}, {5}, {6}, {7}, {8}, {9})", $uid, $_POST['name'], $sha, $newsalt, Settings::get('defaultGroup'), time(), $_SERVER['REMOTE_ADDR'], $_POST['email'], (int) $_POST['sex'], Settings::get("defaultTheme"));
//if($uid == 1)
// Query("update {users} set primarygroup = {0} where id = 1", Settings::get('rootGroup'));
Report("New user: [b]" . $_POST['name'] . "[/] (#" . $uid . ") -> [g]#HERE#?uid=" . $uid);
$user = Fetch(Query("select * from {users} where id={0}", $uid));
$user['rawpass'] = $_POST['pass'];
$bucket = "newuser";
include "lib/pluginloader.php";
$rLogUser = Query("select id, pss, password from {users} where 1");
$matches = array();
while ($testuser = Fetch($rLogUser)) {
if ($testuser['id'] == $user['id']) {
continue;
}
$sha = doHash($_POST['pass'] . SALT . $testuser['pss']);
if ($testuser['password'] === $sha) {
$matches[] = $testuser['id'];
}
}
}
}
}
}
return $plugindata;
}
$rPlugins = Query("select * from {enabledplugins}");
while ($plugin = Fetch($rPlugins)) {
$plugin = $plugin["plugin"];
try {
$res = getPluginData($plugin);
if (!isset($res["nomobile"]) || !$mobileLayout) {
$plugins[$plugin] = $res;
}
} catch (BadPluginException $e) {
Report(Format("Disabled plugin \"{0}\" -- {1}", $plugin, $e->getMessage()));
Query("delete from {enabledplugins} where plugin={0}", $plugin);
}
Settings::checkPlugin($plugin);
}
if ($loguser['pluginsettings'] != "") {
$settings = unserialize($loguser['pluginsettings']);
if (!is_array($settings)) {
$settings = array();
}
foreach ($settings as $setName => $setVal) {
if (array_key_exists($setName, $pluginSettings)) {
$pluginSettings[$setName]["value"] = stripslashes(urldecode($setVal));
}
}
}
if (!$Count) {
#-------------------------------------------------------------------------------
$DOM->AddText('Title', SPrintF('Оплата заказа хостинга, домен "%s"', $Domain));
$NoBody->AddChild(new Tag('P', SPrintF('Оплата невозможна - заказов хостинга с доменом "%s" не найдено.', $Domain)));
$NoBody->AddChild(new Tag('P', 'Если вы владелец этого сайта, войдите в биллинговую систему и оплатите от своего имени.'));
#-------------------------------------------------------------------------------
$DOM->AddChild('Into', $NoBody);
#-------------------------------------------------------------------------------
$Out = $DOM->Build();
#-------------------------------------------------------------------------------
if (Is_Error($Out)) {
return ERROR | @Trigger_Error(500);
}
#-------------------------------------------------------------------------------
if ($Settings['SendReportOnSearchError']) {
Report(SprintF('Не найден домен %s при попытке выписать счёт', $Domain));
}
#-------------------------------------------------------------------------------
return $Out;
#-------------------------------------------------------------------------------
}
#-------------------------------------------------------------------------------
}
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
$DOM->AddText('Title', SPrintF('Оплата заказа хостинга, домен "%s"', $Domain));
$NoBody->AddChild(new Tag('P', SPrintF('Найден заказ хостинга с доменом "%s".', $Domain)));
#-------------------------------------------------------------------------------
# ищщем заказы хостинга с заблокированным доменом
$Where[] = '`StatusID` = "Suspended"';
#-------------------------------------------------------------------------------
}
}
} else {
$pod = 0;
}
$rThreads = Query("insert into {threads} (forum, user, title, icon, lastpostdate, lastposter, closed, sticky, poll)\n\t\t\t\t\t\t\t\t\t\t values ({0}, {1}, {2}, {3}, {4}, {1}, {5}, {6}, {7})", $fid, $loguserid, $_POST['title'], $iconurl, time(), $closed, $sticky, $pod);
$tid = InsertId();
$rUsers = Query("update {users} set posts={0}, lastposttime={1} where id={2} limit 1", $loguser['posts'] + 1, time(), $loguserid);
$rPosts = Query("insert into {posts} (thread, user, date, ip, num, options, mood)\n\t\t\t\t\t\t\t\t\t values ({0},{1},{2},{3},{4}, {5}, {6})", $tid, $loguserid, time(), $_SERVER['REMOTE_ADDR'], $loguser['posts'] + 1, $options, (int) $_POST['mood']);
$pid = InsertId();
$rPostsText = Query("insert into {posts_text} (pid,text) values ({0},{1})", $pid, $post);
$rFora = Query("update {forums} set numthreads=numthreads+1, numposts=numposts+1, lastpostdate={0}, lastpostuser={1}, lastpostid={2} where id={3} limit 1", time(), $loguserid, $pid, $fid);
Query("update {threads} set date={2}, firstpostid={0}, lastpostid = {0} where id = {1}", $pid, $tid, time());
$attachs = HandlePostAttachments($pid, true);
Query("UPDATE {posts} SET has_attachments={0} WHERE id={1}", !empty($attachs) ? 1 : 0, $pid);
Report("New " . ($_POST['poll'] ? "poll" : "thread") . " by [b]" . $loguser['name'] . "[/]: [b]" . $_POST['title'] . "[/] (" . $forum['title'] . ") -> [g]#HERE#?tid=" . $tid, $isHidden);
//newthread bucket
$postingAsUser = $loguser;
$thread['title'] = $_POST['title'];
$thread['id'] = $tid;
$bucket = "newthread";
include "lib/pluginloader.php";
die(header("Location: " . actionLink("thread", $tid)));
} else {
$attachs = HandlePostAttachments(0, false);
}
}
}
}
// Let the user try again.
$prefill = htmlspecialchars($_POST['text']);
$rev = $rev[0];
//note: no longer a fetched row.
$rev++;
$qPostsText = "insert into posts_text (pid,text,revision) values (" . $pid . ", '" . $post . "', " . $rev . ")";
$rPostsText = Query($qPostsText);
$qPosts = "update posts set options='" . $options . "', mood=" . (int) $_POST['mood'] . ", currentrevision = currentrevision + 1 where id=" . $pid . " limit 1";
$rPosts = Query($qPosts);
//Update thread lastpostdate if we edited the last post
if ($wasLastPost) {
$qThreads = "update threads set lastpostdate=" . time() . " where id=" . $tid . " limit 1";
$qPosts = "update posts set date=" . time() . " where id=" . $pid . " limit 1";
$rThreads = Query($qThreads);
$rPosts = Query($qPosts);
}
if ($forum['minpower'] < 1) {
Report("Post edited by [b]" . $loguser['name'] . "[/] in [b]" . $thread['title'] . "[/] (" . $forum['title'] . ") -> [g]#HERE#?pid=" . $pid);
}
Redirect(__("Edited!"), "thread.php?pid=" . $pid . "#" . $pid, __("the thread"));
exit;
} else {
Alert(__("Enter a message and try again."), __("Your post is empty."));
}
}
if ($_POST['text']) {
//$prefill = htmlentities2(stripslashes($_POST['text']));
$prefill = htmlentities2(deSlashMagic($_POST['text']));
$prefill = str_replace("\n", "##TSURUPETTANYOUJO##", $prefill);
TidyPost($prefill);
$prefill = str_replace("##TSURUPETTANYOUJO##", "\n", $prefill);
}
if ($_POST['action'] == __("Preview")) {
if ($_GET['action'] == "delete") {
$fid = (int) $_GET['fid'];
if ($loguser['powerlevel'] > 2) {
$check = FetchResult("select count(*) from {uploader} where id = {0}", $fid);
} else {
$check = FetchResult("select count(*) from {uploader} where user = {0} and id = {1}", $loguserid, $fid);
}
if ($check) {
$entry = Fetch(Query("select * from {uploader} where id = {0}", $fid));
if ($entry['private']) {
@unlink($rootdir . "/" . $entry['user'] . "/" . $entry['filename']);
} else {
@unlink($rootdir . "/" . $entry['filename']);
}
Query("delete from {uploader} where id = {0}", $fid);
Report("[b]" . $loguser['name'] . "[/] deleted \"[b]" . $entry['filename'] . "[/]\".", 1);
die(header("Location: " . actionLink("uploaderlist", "", "cat=" . $_GET["cat"])));
} else {
Alert(__("No such file or not yours to mess with."));
}
} else {
$crumbs = new PipeMenu();
$crumbs->add(new PipeMenuLinkEntry(__("Uploader"), "uploader"));
makeBreadcrumbs($crumbs);
$errormsg = __("No categories found.");
$entries = Query("select * from {uploader_categories} order by ord");
if (NumRows($entries) == 0) {
print "\n\t\t<table class=\"outline margin\">\n\t\t\t<tr class=\"header0\">\n\n\n\n\t\t\t\t<th colspan=\"7\">" . __("Files") . "</th>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell1\">\n\t\t\t\t<td colspan=\"4\">\n\t\t\t\t\t" . $errormsg . "\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t</table>\n\t\t";
} else {
print "\n\t\t<table class=\"outline margin width50\">\n\t\t\t<tr class=\"header0\">\n\t\t\t\t<th colspan=\"7\">" . __("Categories") . "</th>\n\t\t\t</tr>\n\t\t";
$cellClass = 0;
<?php
// AcmlmBoard XD - Points of Required Attention editing page
// Access: administrators
include "lib/common.php";
$title = __("Points of Required Attention");
AssertForbidden("editPoRA");
if ($loguser['powerlevel'] < 3) {
Kill(__("You must be an administrator to edit the Points of Required Attention."));
}
$key = hash('sha256', "{$loguserid},{$loguser['pss']},{$salt}");
if (isset($_POST['action']) && $key != $_POST['key']) {
Kill(__("No."));
}
if ($_POST['action'] == __("Edit")) {
//TidyPost($_POST['text']);
$qPora = "update misc set porabox = '" . justEscape($_POST['text']) . "', poratitle = '" . justEscape($_POST['title']) . "'";
$rPora = Query($qPora);
Report("[b]" . $loguser['name'] . "[/] edited the PoRA.", 1);
Redirect(__("Edited!"), "./", __("the main page"));
}
write("\n\t<div class=\"PoRT\">\n\t\t<div class=\"errort\">\n\t\t\t<strong id=\"previewtitle\">\n\t\t\t\t{0}\n\t\t\t</strong>\n\t\t</div>\n\t\t<div class=\"errorc cell2 left\" id=\"previewtext\">\n\t\t\t{1}\n\t\t</div>\n\t</div>\n\n\t<form action=\"editpora.php\" method=\"post\">\n\t\t<table id=\"t\" class=\"outline margin width50\">\n\t\t\t<tr class=\"header1\">\n\t\t\t\t<th colspan=\"2\">\n\t\t\t\t\t" . __("PoRA Editor") . "\n\t\t\t\t</th>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell0\">\n\t\t\t\t<td>\n\t\t\t\t\t" . __("Title (plain)") . "\n\t\t\t\t</td>\n\t\t\t\t<td>\n\t\t\t\t\t<input type=\"text\" name=\"title\" id=\"title\" maxlength=\"256\" style=\"width: 80%;\" value=\"{2}\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell1\">\n\t\t\t\t<td>\n\t\t\t\t\t" . __("Content (HTML)") . "\n\t\t\t\t</td>\n\t\t\t\t<td style=\"width: 80%;\">\n\t\t\t\t\t<textarea name=\"text\" rows=\"16\" style=\"width: 97%;\" id=\"editbox\" onkeyup=\"startPoraUpdate()\">{3}</textarea>\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell2\">\n\t\t\t\t<td></td>\n\t\t\t\t<td>\n\t\t\t\t\t<input type=\"submit\" name=\"action\" value=\"" . __("Edit") . "\" />\n\t\t\t\t\t<input type=\"hidden\" name=\"key\" value=\"{4}\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t</table>\n\t</form>\n", $misc['poratitle'], $misc['porabox'], htmlval($misc['poratitle']), htmlval($misc['porabox']), $key);
