function do_login()
{
global $s;
if (isset($_POST[login_submit])) {
$checkun = iprotect($_POST[login_un]);
$rchecktheuser = dbquery("SELECT * FROM users WHERE username = '******'");
if (dbrows($rchecktheuser) != 1) {
return 'Sorry, the specified user doesn\'t exist. Please try again.';
}
$checktheuser = dbrow($rchecktheuser);
if ($checktheuser[pwhash] == md5(md5($checktheuser['salt']) . md5($_POST[login_pw]))) {
// authenticated correctly!
$iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$storediv = addslashes(base64_encode($iv));
$encryptedpw = base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, PassEncodeKey, $_POST[login_pw], MCRYPT_MODE_CBC, $iv));
dbquery("UPDATE users SET lastivused = '{$storediv}' WHERE username = '******'");
$cookietime = time() + 15768000;
makecookie('logged_in', 1, $cookietime);
makecookie('username', $_POST[login_un], $cookietime);
makecookie('password', $encryptedpw, $cookietime);
$_SESSION[logged_in] = 1;
$_SESSION[username] = $_POST[login_un];
$_SESSION[password] = $encryptedpw;
$s[logged_in] = 1;
return true;
} else {
return 'Wrong password, sorry.';
}
}
// if it returns a non-blank string, it's an error
// if it returns true (check with === not ==) you've logged in successfully
// if it returns nothing, just show the form
}
function getProfilePic($user_id, $size)
{
$profile_pic = dbrow("SELECT profile_pic FROM litter_users\n\t\tWHERE user_id = '{$user_id}'");
if (!$profile_pic['profile_pic']) {
$pic = 'userIMG/profile.png';
} else {
$pic = 'userIMG/' . $user_id . '/' . $profile_pic['profile_pic'];
}
return '<img src="' . $pic . '" height="' . $size . '">';
}
function request($frm)
{
if (isset($_POST["btn_back"])) {
return enter($frm);
}
if ($frm->validate("request")) {
return confirm($frm);
}
$newkey = genkey();
if (isset($_REQUEST["suppid"])) {
$suppid = $_REQUEST["suppid"];
$custid = "0";
} else {
$custid = $_REQUEST["custid"];
$suppid = "0";
}
$cols = grp(m("introtime", raw("CURRENT_TIMESTAMP")), m("introip", "0.0.0.0"), m("email", $_REQUEST["email"]), m("custid", $custid), m("suppid", $suppid), m("key", dbrow("0.0.0.0/0", "", $newkey)), m("userid", USER_ID));
$upd = new dbUpdate("keys", "trh", $cols);
$upd->run(DB_INSERT);
if ($upd->affected() > 0) {
if (isset($_REQUEST["suppid"])) {
if (($r = send_trhmsg("supp", $_REQUEST["suppid"], $_REQUEST["email"], "reqkey", $newkey)) === true) {
$OUT = "Sent request for communication to supplier. On response you will be notified.";
} else {
$OUT = "Error sending request for communication: {$r}";
}
} else {
if (($r = send_trhmsg("cust", $_REQUEST["custid"], $_REQUEST["email"], "reqkey", $newkey)) === true) {
$OUT = "Sent request for communication to customer. On response you will be notified.";
} else {
$OUT = "Error sending request for communication: {$r}";
}
}
} else {
$OUT = "Error sending request for communication: Error updating database.";
}
return $OUT;
}
print "<td style='color: #af3333'><input type='radio' name='rep' value='-1'> Negative (-1)</td>";
print "<td style='color: #af3333'><input type='radio' name='rep' value='-2'> Negative (-2)</td>";
print "</tr>";
print "</table>";
print "<input type='text' size='70' maxlength='120' name='comment' class='textentry'>";
print " <input type='submit' name='makeit' value='Rate!' class='button'>";
print "</form>";
print "<hr>";
}
$getit = dbquery("SELECT reputation.*,users.userid,users.username,users.powerlevel FROM reputation LEFT JOIN users ON reputation.sender=users.userid WHERE recipient = {$userid} ORDER BY reputation.date desc");
if (mysql_num_rows($getit) == 0) {
print "No one has rated " . htmlspecialchars($userdata[username]) . " yet. :(";
} else {
$alternating = true;
print "<table cellpadding='0' cellspacing='0' style='width: 100%' id='rep'>";
while ($row = dbrow($getit)) {
$alternating = !$alternating;
if ($alternating) {
$alt = " class='rowalt'";
} else {
$alt = "";
}
print "<tr{$alt}>";
print "<td align='left' valign='top'>";
$userlink = userlink($row[userid], htmlspecialchars($row[username]), $row[powerlevel]);
$date = parsedate($row[date]);
print "<span style='font-size: 11px'>{$userlink} rated at {$date}:";
if ($candelete) {
print " (<a href='index.php?m=reputation&id={$userid}&deleterep={$row['id']}'>delete</a>)";
}
print "</span>";
<?php
if (!defined('IN_TBB')) {
die;
}
$threadid = $_GET['id'];
if (!is_numeric($threadid)) {
print "Invalid thread ID.<br><a href='index.php'>Return to the main page</a>";
} else {
$threadid = intval($threadid);
// just to be safe
$threadquery = dbquery("SELECT * FROM threads WHERE id = {$threadid}");
if (mysql_num_rows($threadquery) == 0) {
print "No thread with this ID exists.<br><a href='index.php'>Return to the main page</a>";
} else {
$threadinfo = dbrow($threadquery);
$checkifpoll = dbquery("SELECT id FROM polls WHERE thread = {$threadid}");
if (mysql_num_rows($checkifpoll) != 0) {
print "This thread already has a poll.<br><a href='index.php?showthread={$threadid}'>Return to the thread</a>";
} else {
if ($threadinfo['authorid'] != $s['user']['userid']) {
print "You can't add a poll to a thread you didn't create.<br><a href='index.php?showthread={$threadid}'>Return to the thread</a>";
} else {
// if it returns a non-blank string, it's an error
// if it returns true (check with === not ==) the poll has been created successfully
// if it returns nothing, just show the form
$result = add_poll();
if ($result === true) {
header("Location: index.php?showthread={$threadid}");
} else {
if ($result != '') {
<?php
if (!defined('IN_TBB')) {
die;
}
$pollid = $_GET['id'];
if (!is_numeric($pollid)) {
print "Invalid poll ID.<br><a href='index.php'>Return to the main page</a>";
} else {
$pollid = intval($pollid);
// just to be safe
$pollquery = dbquery("SELECT * FROM polls WHERE id = {$pollid}");
if (mysql_num_rows($pollquery) == 0) {
print "No poll with this ID exists.<br><a href='index.php'>Return to the main page</a>";
} else {
$pollinfo = dbrow($pollquery);
if (isset($_GET['vote'])) {
$checkit = dbquery("SELECT id FROM votes WHERE poll={$pollid} AND voter={$s[user][userid]}");
if (mysql_num_rows($checkit) == 0) {
$choice = intval($_GET['vote']);
if ($choice >= 0 && $choice < $pollinfo[choicecount]) {
$voteinfo = explode('|', $pollinfo[voteinfo]);
$voteinfo[$choice]++;
$newvoteinfo = implode('|', $voteinfo);
dbquery("UPDATE polls SET voteinfo='{$newvoteinfo}', votecount = votecount + 1 WHERE id = {$pollid}");
$time = time();
dbquery("INSERT INTO votes (poll,voter,choice,date) VALUES ({$pollid},{$s[user][userid]},{$choice},{$time})");
}
header("Location: index.php?showthread={$pollinfo['thread']}");
}
}
print "</form>";
}
}
break;
case 'order':
print "Editing forum orders: (<a href='index.php?m=admin&act=forums&do=list'>Return to editing forums</a>)";
//print "<div class='bigspacing'></div>";
print "<form action='index.php?m=admin&act=forums&do=updateorders' method='post'>";
$categories = array(0 => array('name' => 'Uncategorised', 'power' => 1, 'order' => -1));
$getcategories = dbquery("SELECT * FROM categories ORDER BY `order`");
while ($row = dbrow($getcategories)) {
$row[forums] = array();
$categories[$row[id]] = $row;
}
$getforums = dbquery("SELECT * FROM forums ORDER BY `order`");
while ($row = dbrow($getforums)) {
$categories[$row[category]][forums][$row[id]] = $row;
}
foreach ($categories as $cat) {
print "<div class='bigspacing'></div>";
print "Category: <b>{$cat['name']}</b>";
print "<div class='bigspacing'></div>";
print "<table class='styled' style='width: 100%; max-width: 800px; margin: 0 auto' cellpadding='0' cellspacing='0'>";
print "<tr class='header'><td style='width: 10%'>Order</td><td>Forum</td></tr>";
foreach ($cat[forums] as $row) {
print "<tr><td><input type='text' size='3' maxlength='3' name='order[{$row['id']}]' value='{$row['order']}' class='textentry'></td><td>{$row['name']}</td></tr>";
}
print "</table>";
print "<hr>";
}
print "<input type='submit' name='makeit' value='Update Forum Orders' class='button'>";
function send_pm()
{
global $s;
// self note: not having this is why so many functions mess up
if (isset($_POST[makeit])) {
$error_string = '';
$recipient = iprotect($_POST['recipient']);
$getrec = dbquery("SELECT userid FROM users WHERE username = '******'");
if (dbrows($getrec) == 0) {
$error_string .= 'No user named ' . htmlspecialchars($_POST['recipient']) . ' seems to exist.<br>' . "\n";
} else {
$getit = dbrow($getrec);
$recipientid = $getit[userid];
}
if (!($_POST['title'] != '' && strlen($_POST['title']) <= 70)) {
$error_string .= 'Message title was either not entered, or too long.<br>' . "\n" . 'It must be 70 characters or less.<br>' . "\n";
}
if (!isset($_POST['text']) or $_POST['text'] == '') {
$error_string .= 'You didn\'t enter a message.<br>';
}
if ($error_string != '') {
//print 'WE HANDLED AN ERROR IT WAS '.$error_string;
return $error_string;
} else {
print 'THERE WAS NO ERROR';
$inserttitle = iprotect($_POST['title']);
$inserttext = iprotect($_POST['text']);
$currenttime = time();
dbquery("INSERT INTO pmessages (title,sender,recipient,exists_sender,exists_recipient,pmread,text,sentdate) VALUES ('{$inserttitle}',{$s[user][userid]},{$recipientid},1,1,0,'{$inserttext}',{$currenttime})");
// WHY THE F**K DOES THIS NOT TRIGGER
//print mysql_error();
return true;
}
}
// if it returns a non-blank string, it's an error
// if it returns true (check with ===) the PM has been sent successfully
// if it returns nothing, just show the form
}
if ($s[logged_in] && $row[lastpostdate] > $lastread[$row[forum]] && $row[id] != $row[thread]) {
$icon = "<img src='{$theme}images/icon_unreadtiny.png' alt='This thread has unread posts.' title='This thread has unread posts.'>";
} else {
$icon = "<img src='{$theme}images/icon_tiny.png' alt='This thread has no unread posts.' title='This thread has no unread posts.'>";
}
print "{$icon} <a href='index.php?showthread={$row['id']}{$doit['2']}'>{$row['name']}</a> by {$author}<br>";
}
?>
</div>
<?php
}
?>
<div class='portalheader'>Board Statistics</div>
<div class='portalbox'>
<?php
$getcounts = dbquery("SELECT count(userid) FROM users");
$getit = dbrow($getcounts);
$users = $getit['count(userid)'];
$getcounts = dbquery("SELECT count(id) FROM threads");
$getit = dbrow($getcounts);
$threads = $getit['count(id)'];
$getcounts = dbquery("SELECT count(id) FROM posts");
$getit = dbrow($getcounts);
$posts = $getit['count(id)'];
print "This board has {$users} members, who have made {$threads} threads and {$posts} posts.";
?>
</div>
</td>
</tr>
</table>
} else {
if ($result != '') {
print '<b>The following errors occurred while posting your reply:<br>' . $result . '</b><br>Your post data has been saved.<hr>';
}
if (isset($_POST['preview'])) {
print "<b>Preview:</b>";
$posttext = getpost($_POST['text'], true, true, false);
display_post($s[user], 'Posted', time(), $cmds, $posttext);
print "<br>";
}
if (isset($_GET['quote'])) {
$quoteid = intval($_GET[quote]);
$getquote = dbquery("SELECT * FROM posts WHERE id = {$quoteid} AND thread = {$threadid}");
if (dbrows($getquote) != 0) {
// ignore the quote if it's an invalid id
$quotepost = dbrow($getquote);
$quotetime = parsedate($quotepost[postdate]);
$quote = "[quote={$quotepost['authorname']} ({$quotetime})]{$quotepost['posttext']}[/quote]\n\n";
}
}
?>
<b>Replying to <?php
echo htmlspecialchars($threadinfo[name]);
?>
: (<a href='index.php?showthread=<?php
echo $threadid;
?>
'>Return to Thread</a>)</b>
<br>
<form action='index.php?m=board&act=postreply&id=<?php
echo $threadid;
$newlastthread[name] = iprotect($newlastthread[name]);
$newlastthread[lastpostername] = iprotect($newlastthread[lastpostername]);
if ($newlastthread) {
dbquery("UPDATE forums SET lastposterid = {$newlastthread['lastposterid']}, lastposter = '{$newlastthread['lastpostername']}', lastpostedin = '{$newlastthread['name']}', lastpostedinid = {$newlastthread['id']}, lastpostdate = {$newlastthread['lastpostdate']}, threads = threads - 1, posts = posts - {$subtract} WHERE id = {$threadinfo['forum']}");
} else {
dbquery("UPDATE forums SET lastposterid = 0, lastposter = '', lastpostedin = '', lastpostedinid = 0, lastpostdate = 0, threads = threads - 1, posts = posts - {$subtract} WHERE id = {$threadinfo['forum']}");
}
$action = true;
}
} elseif (isset($_POST[do_delete])) {
$getpostcount = dbrow(dbquery("SELECT COUNT(id) FROM posts WHERE thread = {$threadid}"));
$subtract = $getpostcount['COUNT(id)'];
dbquery("DELETE FROM posts WHERE thread = {$threadid}");
dbquery("DELETE FROM threads WHERE id = {$threadid}");
dbquery("DELETE FROM threadread WHERE thread = {$threadid}");
$newlastthread = dbrow(dbquery("SELECT threads.*,users.username FROM threads LEFT JOIN users ON threads.lastposterid=users.userid WHERE forum = {$threadinfo['forum']} ORDER BY lastpostdate DESC LIMIT 1"));
$newlastthread[name] = iprotect($newlastthread[name]);
$newlastthread[lastpostername] = iprotect($newlastthread[lastpostername]);
if ($newlastthread) {
dbquery("UPDATE forums SET lastposterid = {$newlastthread['lastposterid']}, lastposter = '{$newlastthread['lastpostername']}', lastpostedin = '{$newlastthread['name']}', lastpostedinid = {$newlastthread['id']}, lastpostdate = {$newlastthread['lastpostdate']}, threads = threads - 1, posts = posts - {$subtract} WHERE id = {$threadinfo['forum']}");
} else {
dbquery("UPDATE forums SET lastposterid = 0, lastposter = '', lastpostedin = '', lastpostedinid = 0, lastpostdate = 0, threads = threads - 1, posts = posts - {$subtract} WHERE id = {$threadinfo['forum']}");
}
header("Location: index.php?showforum={$threadinfo['forum']}");
}
if ($action) {
header("Location: index.php?showthread={$threadid}");
}
}
}
}
print "The two passwords you entered didn't match.<br>";
print "<a href='index.php?m=admin&act=users&do=edit&id={$id}'>Return to editing {$showuser}</a>";
} else {
dbquery("update users set pwhash = '{$newhash}' where userid = {$id}");
header("Location: index.php?m=admin&act=users&do=edit&id={$id}");
}
}
break;
case 'updateprofile':
$id = intval($_GET['id']);
$getuser = dbquery("SELECT * FROM users WHERE userid = {$id}");
if (mysql_num_rows($getuser) == 0) {
print "No user exists with this ID.<br>";
print "<a href='index.php?m=admin&act=users&do=list'>Return to editing users</a>";
} else {
$user = dbrow($getuser);
$powerlevel = intval($_POST[powerlevel]);
$posts = intval($_POST[posts]);
$threads = intval($_POST[threads]);
$email = iprotect($_POST[email]);
$usertitle = iprotect($_POST[usertitle]);
$hasavatar = 0;
if ($_POST[hasavatar] == 'haveit') {
$hasavatar = 1;
}
$avatarext = iprotect($_POST[avatarext]);
$location = iprotect($_POST[location]);
$quote = iprotect($_POST[quote]);
$birthday = '';
if ($_POST[birthday] != '') {
$validify = explode('-', $_POST[birthday]);
}
print "<tr{$rowalt}><td>{$choice} ({$vote} vote{$plural}){$votelink}</td></tr>";
$idx++;
}
}
print "</table>";
print "<br>";
} else {
if ($threadinfo[authorid] == $s[user][userid]) {
print "<a href='index.php?m=board&act=addpoll&id={$threadid}'>Add Poll</a><br>";
}
}
print "<b>Pages:</b> ";
pagination($pagecount, $pagenum, "index.php?showthread={$threadid}");
print "<br>";
while ($post = dbrow($postquery)) {
$posttext = getpost($post[posttext], true, true, false);
$cmds = '';
if ($post[editinfo]) {
$cmds = " · {$post['editinfo']}";
}
if ($s[user][powerlevel] >= $foruminfo[reply_power]) {
$cmds .= " · <a href='index.php?m=board&act=postreply&id={$threadid}"e={$post['id']}'>Quote</a>";
}
if ($s[user][userid] == $post[userid] || $s[user][powerlevel] >= $foruminfo[mod_power]) {
$cmds .= " · <a href='index.php?m=board&act=editpost&id={$post['id']}'>Edit</a>";
}
if ($s[user][powerlevel] >= $foruminfo[mod_power]) {
$cmds .= " · <a href='#' onClick='if (confirm(\"Are you sure you want to delete this post?\") == true) { window.location = \"index.php?m=board&act=modpost&id={$post['id']}&func=delete\"; }'>Delete</a>";
}
print "<a name='post{$post['id']}'></a>";
die;
}
$postid = $_GET['id'];
if (!is_numeric($postid)) {
print "Invalid post ID.<br><a href='index.php'>Return to the main page</a>";
} else {
$postid = intval($postid);
// just to be safe
$postquery = dbquery("SELECT * FROM posts WHERE id = {$postid}");
if (mysql_num_rows($postquery) == 0) {
print "No post with this ID exists. This post may have been deleted.<br><a href='index.php'>Return to the main page</a>";
} else {
$postinfo = dbrow($postquery);
$userinfo = dbrow(dbquery("SELECT * FROM users WHERE userid = {$postinfo['authorid']}"));
$threadinfo = dbrow(dbquery("SELECT * FROM threads WHERE id = {$postinfo['thread']}"));
$foruminfo = dbrow(dbquery("SELECT * FROM forums WHERE id = {$threadinfo['forum']}"));
$threadinfo[name] = htmlspecialchars($threadinfo[name]);
if ($s[user][powerlevel] < $foruminfo[mod_power] && $s[user][userid] != $postinfo[authorid]) {
print "You're not allowed to edit this post.<br><a href='index.php?showthread={$threadid}'>Return to the thread</a>";
} else {
// if it returns a non-blank string, it's an error
// if it returns true (check with ===) the post has been edited successfully
// if it returns nothing, just show the form
$result = edit_post();
if ($result === true) {
header("Location: index.php?showthread={$threadinfo['id']}&post={$postid}#post{$postid}");
} else {
if ($result != '') {
print '<b>The following errors occurred while editing your post:<br>' . $result . '</b><br>Your post data has been saved.<hr>';
}
if (isset($_POST['preview'])) {
/**
* handles a order request
*
* @param string $key
* @param clsMailMsg $oMSG
* @param array $config
* @return bool
*/
function request_order($key, $oMSG, $config)
{
if (($stds = msg_std($oMSG)) === false) {
return false;
}
list($compname, $ipaddr, $bustel, $fromwho, $email) = $stds;
/* other side key */
if (($yourkey = getfrommmsg(REGEX_YOURKEY, $oMSG)) === false) {
return false;
}
/* validate keys */
if (($keyinfo = trhKeyPair($key, $yourkey)) === false) {
return false;
}
$custid = $keyinfo["custid"];
if (count($oMSG->parts) < 2) {
print "Invalid message: count(parts) < 2\n";
return false;
}
$attach = new clsMailMsg();
$attach->processMessage(implode("\r\n", $oMSG->parts[1]));
if ($attach->getAttachmentFilename() != "data.xml") {
print "Invalid message part. Disposition name != data.xml\n";
return false;
}
$XML = base64_decode(preg_replace("/[ \r\n\t]/", "", implode("", $attach->body)));
global $reqpur_activetag, $purch_info, $purch_items;
$reqpur_activetag = $purch_info = $purch_items = array();
$parser = xml_parser_create();
xml_set_element_handler($parser, "stElement", "endElement");
xml_parse($parser, $XML, true);
xml_parser_free($parser);
$i = grp(m("approved", "n"), m("custid", $custid), m(raw("trhkey"), dbrow("0.0.0.0/0", "{$keyinfo['send_key']}", "{$keyinfo['recv_key']}")));
$purch_info = array_merge($purch_info, $i);
foreach ($purch_info as $k => $v) {
if (empty($v)) {
$purch_info[$k] = raw("NULL");
}
}
$upd = new dbUpdate("recvpurch", "trh", $purch_info);
$upd->run(DB_INSERT);
$recvpurch_id = pglib_lastid("trh.recvpurch", "id");
$upd->setTable("recvpurch_items", "trh");
foreach ($purch_items as $pi_det) {
unset($pi_det["id"]);
$pi_det["recvpurch_id"] = $recvpurch_id;
$upd->setOpt($pi_det);
$upd->run(DB_INSERT);
}
print "Purchase inserted.\n";
$userinfo = qryUsers($config["MANAGEUSER"]);
msgSend($userinfo["username"], "Purchase received via Transheks. Click <a target='mainframe' href='../transheks/order_approve.php'>here</a> to view.");
}
header('Location: index.php?m=admin&act=cats&do=list');
}
break;
case 'delete':
$id = intval($_GET['id']);
dbquery("DELETE FROM categories WHERE id={$id}");
header('Location: index.php?m=admin&act=cats&do=list');
break;
case 'order':
print "Editing category orders: (<a href='index.php?m=admin&act=cats&do=list'>Return to editing categories</a>)";
print "<div class='bigspacing'></div>";
print "<form action='index.php?m=admin&act=cats&do=updateorders' method='post'>";
print "<table class='styled' style='width: 100%; max-width: 800px; margin: 0 auto' cellpadding='0' cellspacing='0'>";
print "<tr class='header'><td style='width: 15%'>Order</td><td>Category</td></tr>";
$getcategories = dbquery("SELECT * FROM categories ORDER BY `order`");
while ($row = dbrow($getcategories)) {
print "<tr><td><input type='text' size='3' maxlength='3' name='order[{$row['id']}]' value='{$row['order']}' class='textentry'></td><td>{$row['name']}</td></tr>";
}
print "</table>";
print "<input type='submit' name='makeit' value='Update Category Orders' class='button'>";
print "</form>";
break;
case 'updateorders':
if (isset($_POST['order']) && is_array($_POST['order']) && count($_POST['order']) > 0) {
foreach ($_POST['order'] as $id => $order) {
$iid = intval($id);
$iorder = intval($order);
dbquery("UPDATE categories SET `order` = {$iorder} WHERE id = {$iid}");
}
header('Location: index.php?m=admin&act=cats&do=list');
}
while ($forum = dbrow($getforums)) {
if (!can_view_forum($forum)) {
continue;
}
$getlastread = dbquery("SELECT * FROM forumread WHERE forum = {$forum['id']} AND user = {$s[user][userid]}");
if (dbrows($getlastread) == 0) {
$lastread = 0;
} else {
$getit = dbrow($getlastread);
$lastread = $getit[lastread];
}
$checkagain = dbquery("SELECT COUNT(user) FROM threadread WHERE forum = {$forum['id']} AND user = {$s[user][userid]}");
$getit = dbrow($checkagain);
$readcount = $getit['COUNT(user)'];
$checkunread = dbquery("SELECT COUNT(id) FROM threads WHERE forum = {$forum['id']} AND lastpostdate > {$lastread}");
$getit = dbrow($checkunread);
$totalcount = $getit['COUNT(id)'];
if ($s[logged_in] && $totalcount > $readcount) {
$unread = $totalcount - $readcount;
$forumicon = "<img src='{$theme}images/forumicon.php?number={$unread}' alt='This forum has {$unread} unread threads.' title='This forum has {$unread} unread threads.'>";
} else {
$forumicon = '';
$forumicon = "<img src='{$theme}images/icon_forumread.png' alt='This forum has no unread threads.' title='This forum has no unread threads.'>";
}
$alternating = !$alternating;
if ($alternating) {
print "<tr class='rowalt'>";
} else {
print "<tr>";
}
print "<td style='text-align: center'>{$forumicon}</td>";
print "<b>Pages:</b> ";
pagination($pagecount, $pagenum, "index.php?m=users");
break;
case 'profile':
$userid = $_GET['id'];
if (!is_numeric($userid)) {
print "Invalid user ID.<br><a href='index.php'>Return to the main page</a>";
break;
}
$userid = intval($userid);
// just to be safe
$memberquery = dbquery("SELECT * FROM users WHERE userid = {$userid}");
if (mysql_num_rows($memberquery) == 0) {
print "No user with this ID exists.<br><a href='index.php'>Return to the main page</a>";
} else {
$member = dbrow($memberquery);
//$member[username] = htmlspecialchars($member[username]);
$namelink = userlink($member[userid], htmlspecialchars($member[username]), $member[powerlevel]);
print "<table class='styled' style='width: 100%; margin: 0px auto; border: 0px' cellpadding='0' cellspacing='0'>";
print "<tr><td colspan='2' style='font-size: 15px; font-weight: bold'>Profile for {$namelink}</td></tr>";
print "<tr>";
// left bit
print "<td style='width: 50%' valign='top'>";
print "<table class='styled' style='width: 100%'>";
print "<tr class='header'><td>Profile Info</td></tr>";
print "<tr><td style='text-align: left'>";
if ($member[hasavatar] == 1) {
print "<img src='avatars/{$member['userid']}.{$member['avatarext']}' alt='Avatar' style='display: block; margin: 0 auto'>";
print "<div class='bigspacing'></div>";
}
if ($member[usertitle]) {
$comma = false;
while ($row = dbrow($getpeople)) {
if ($comma) {
print ', ';
} else {
$comma = true;
}
print userlink($row[userid], htmlspecialchars($row[username]), $row[powerlevel]);
}
}
$bddate = date('d-m-%');
$getpeople = dbquery("SELECT userid,username,powerlevel FROM users WHERE birthday LIKE '{$bddate}'");
if (dbrows($getpeople) != 0) {
print " · <b>Today's Birthdays:</b> ";
$comma = false;
while ($row = dbrow($getpeople)) {
if ($comma) {
print ', ';
} else {
$comma = true;
}
print userlink($row[userid], htmlspecialchars($row[username]), $row[powerlevel]);
}
}
?>
</div>
<?php
echo $page;
?>
<div style='font-style: italic; color: #555; margin: 4px 0px; border-top: 1px solid #aad6ff; padding-top: 4px; text-align: right;'>perpetually unfinished, totally custom board software - © 2009-2010 Treeki</div>
<!-- random debug info: render time: <?php
<?php
if (!defined('IN_TBB')) {
die;
}
$forumid = $_GET['id'];
if (!is_numeric($forumid)) {
print "Invalid forum ID.<br><a href='index.php'>Return to the main page</a>";
} else {
$forumid = intval($forumid);
// just to be safe
$forumquery = dbquery("SELECT * FROM forums WHERE id = {$forumid}");
if (mysql_num_rows($forumquery) == 0) {
print "No forum with this ID exists.<br><a href='index.php'>Return to the main page</a>";
} else {
$foruminfo = dbrow($forumquery);
if ($s[user][powerlevel] < $foruminfo[thread_power] || !can_view_forum($foruminfo)) {
print "You're not allowed to create threads in this forum.<br><a href='index.php'>Return to the main page</a>";
} else {
// if it returns a non-blank string, it's an error
// if it returns a thread id (check with is_numeric) the thread has been created successfully
// if it returns nothing, just show the form
$result = create_thread();
if (is_numeric($result)) {
header("Location: index.php?showthread={$result}");
} else {
if ($result != '') {
print '<b>The following errors occurred while creating your thread:<br>' . $result . '</b><br>Your post data has been saved.<hr>';
}
if (isset($_POST['preview'])) {
print "<b>Preview:</b>";
function showthreads($threadquery, $alternating)
{
global $postspp, $s, $lastread, $theme;
while ($thread = dbrow($threadquery)) {
$thread[name] = htmlspecialchars($thread[name]);
$thread[desc] = htmlspecialchars($thread[desc]);
$alternating = !$alternating;
if ($alternating) {
print "<tr class='rowalt'>";
} else {
print "<tr>";
}
$dot = '';
if ($thread[checkpostedin]) {
$dot = 'dot';
}
if ($s[logged_in] && $thread[lastpostdate] >= $lastread && $thread[thread] != $thread[id]) {
if ($thread[locked] == 1) {
$threadicon = "<img src='{$theme}images/icon_threadlockedunread.png' alt='This thread has unread posts, and is locked.' title='This thread has unread posts, and is locked.'>";
} else {
$threadicon = "<img src='{$theme}images/icon_threadunread{$dot}.png' alt='This thread has unread posts.' title='This thread has unread posts.'>";
}
} else {
if ($thread[locked] == 1) {
$threadicon = "<img src='{$theme}images/icon_threadlocked.png' alt='This thread has no unread posts, and is locked.' title='This thread has no unread posts, and is locked.'>";
} else {
$threadicon = "<img src='{$theme}images/icon_thread{$dot}.png' alt='This thread has no unread posts.' title='This thread has no unread posts.'>";
}
}
$pages = '';
if ($thread[replies] + 1 > $postspp) {
$threadpagecount = ceil(($thread[replies] + 1) / $postspp);
$pages .= ' <span class=\'pages\'>(pages: ';
if ($threadpagecount > 6) {
$dleft = 3;
$dright = $threadpagecount - 2;
} else {
$dleft = 7;
$dright = -1;
}
$docomma = false;
for ($cp = 1; $cp <= $threadpagecount; $cp++) {
if ($cp > $dleft && $cp < $dright) {
continue;
}
if ($docomma) {
$pages .= ', ';
} else {
$docomma = true;
}
$pages .= "<a href='index.php?showthread={$thread['id']}&page={$cp}'>{$cp}</a>";
if ($cp == $dleft) {
$pages .= "...";
$docomma = false;
}
}
$pages .= ')</span>';
}
print "<td>{$threadicon}</td>";
$threadcustomicon = '';
if ($thread[icon]) {
$threadcustomicon = "<img src='smilies/{$thread['icon']}' alt='Icon'>";
}
print "<td>{$threadcustomicon}</td>";
print "<td style='text-align: left'><a href='index.php?showthread={$thread['id']}' style='font-size: 12px'>{$thread['name']}</a><br><div style='font-size: 11px; margin: 2px 0px 0px 2px'>{$thread['desc']}{$pages}</div></td>";
$author = userlink($thread[authorid], htmlspecialchars($thread[authorname]), $thread[authorpower]);
print "<td>{$author}</td>";
print "<td>{$thread['replies']}</td>";
print "<td style='font-size: 11px'>";
$lastpostdate = parsedate($thread[lastpostdate]);
print "{$lastpostdate}<br>";
$lastposter = userlink($thread[lastposterid], htmlspecialchars($thread[lastpostername]), $thread[lastposterpower]);
print "by {$lastposter}";
print "</td>";
print "</tr>";
}
}
}
print "<div class='bigspacing'></div>";
print "<b>Post an Admin Note:</b><br>";
print "<form action='index.php?m=admin&act=idx' method='post'>";
print "<textarea rows='4' cols='70' name='data'></textarea>";
print "<br>";
print "<input type='submit' name='makeit' value='Add Note' class='button'>";
print "</form>";
print "<hr>";
$getnotes = dbquery("select adminnotes.*,users.userid,users.username,users.powerlevel from adminnotes left join users on adminnotes.author=users.userid order by adminnotes.notedate");
if (mysql_num_rows($getnotes) == 0) {
print "Apparently no one has posted any notes yet.";
} else {
$alternating = true;
print "<table cellpadding='0' cellspacing='0' style='width: 100%' id='rep'>";
while ($row = dbrow($getnotes)) {
$alternating = !$alternating;
if ($alternating) {
$alt = " class='rowalt'";
} else {
$alt = "";
}
print "<tr{$alt}>";
print "<td align='left' valign='top'>";
$userlink = userlink($row[userid], htmlspecialchars($row[username]), $row[powerlevel]);
$date = parsedate($row[notedate]);
print "<span style='font-size: 11px'>{$userlink} posted at {$date}:</span>";
print "<div class='smallspacing'></div>";
print getpost($row[data], true, true, false);
print "</td>";
print "</tr>";
