function bh_session_create($username) { global $dbconfig, $bhconfig; # Create the session id srand(microtime() * microtime()); $sessionid = md5(rand(1, 9999999) . rand(1, 9999999) . rand(1, 9999999) . rand(1, 9999999)); $oldprefix = $dbconfig['prefix']; $olddb = $dbconfig['db']; $dbconfig['prefix'] = $bhconfig['phpbb_prefix']; $dbconfig['db'] = $bhconfig['phpbb_db']; # Get the user id for the username $userrows = select_bhdb("users", array("username" => $username), 1); foreach ($userrows as $userrow) { $userid = $userrow['user_id']; } # Insert session row insert_bhdb("sessions", array("session_id" => $sessionid, "session_user_id" => $user_id, "session_start" => time(), "session_time" => time(), "session_ip" => encode_ip($_SERVER['REMOTE_ADDR']), "session_page" => "0", "session_logged_in" => "1")); $dbconfig['prefix'] = $oldprefix; $dbconfig['db'] = $olddb; return array("username" => $username); }
<?php //TMP (debug purpose) //include('dBug.php'); //Pluton library include '_includes/core.php'; //Sajax include '_includes/Sajax.php'; //Sets the true URL and not the rewrited one as Sajax remote URL $sajax_remote_uri = '/?' . $_SERVER["QUERY_STRING"]; //IceDeck library include '_includes/IceDeck/Card.php'; include '_includes/IceDeck/Keywords.php'; //Session $IP = encode_ip($_SERVER["REMOTE_ADDR"]); session_start(); $_session[ID] = session_id(); SessionUpdate(); //updates or creates the session include "_includes/login.php"; //login/logout $Utilisateur = GetUtilisateurInfos($IP); //Gets current user infos //Preferences define('LANG', 'english'); define('THEME', 'default'); //Smarty require '_includes/Smarty/Smarty.class.php'; $smarty = new Smarty(); //TODO : trouver solution plus élégante et compatible Windows $current_dir = dirname(__FILE__);
foreach ($ip_sep as $val) { if ($val == 0) { $strip_num += 2; } } if (count($ip_sep) < 4) { $strip_num += 2 * (4 - count($ip_sep)); } } if (preg_match('/(([0-9]{1,3})(\\.)?){1,4}/', $search_ip)) { $host = @gethostbyaddr($search_ip); } else { $host = $search_ip; $search_ip = @gethostbyname($host); } $encoded_ip = encode_ip($search_ip); if ($strip_num) { $encoded_ip = substr($encoded_ip, 0, strlen($encoded_ip) - $strip_num); $ip_sql = "LIKE '" . $encoded_ip . "%'"; } else { $ip_sql = "= '" . $encoded_ip . "'"; } $template->assign_vars(array('L_IP_SEARCH_RESULTS' => $lang['IPSearch_Search_Results'], 'L_OTHER_USERS' => $lang['Users_this_IP'], 'L_SEARCH' => $lang['Search'], 'L_AGAIN' => $lang['IPSearch_Again'], 'SEARCH_IMG' => $phpbb_root_path . $images['icon_search'], 'IP' => $search_ip, 'HOST' => $host, 'U_IP_SEARCH' => append_sid('admin_ip_search.' . $phpEx))); // Get users who've posted under this IP $sql = 'SELECT u.user_id, u.username, COUNT(*) as postings FROM ' . USERS_TABLE . ' u, ' . POSTS_TABLE . ' p WHERE p.poster_id = u.user_id AND p.poster_ip ' . $ip_sql . ' GROUP BY u.user_id, u.username ORDER BY ' . (SQL_LAYER == 'msaccess' ? 'COUNT(*)' : 'postings') . ' DESC'; if (!($result = $db->sql_query($sql))) {
case 3: $users[] = encode_ip($ip_split[0] . "." . $ip_split[1] . ".255.255"); break; case 2: $users[] = encode_ip($ip_split[0] . ".255.255.255"); break; } } elseif (preg_match('/^([0-9]{1,2}|[0-2][0-9]{0,2})(\\.([0-9]{1,2}|[0-2][0-9]{0,2})){3}(\\s)*-(\\s)*([0-9]{1,2}|[0-2][0-9]{0,2})(\\.([0-9]{1,2}|[0-2][0-9]{0,2})){3}$/', $ip_address)) { $range = preg_split('/[-\\s]+/', $ip_address); $start_range = explode('.', $range[0]); $end_range = explode('.', $range[1]); if ($start_range[0] . $start_range[1] . $start_range[2] != $end_range[0] . $end_range[1] . $end_range[2] || $start_range[3] > $end_range[3]) { bb_die($lang['SEARCH_INVALID_IP']); } for ($i = $start_range[3]; $i <= $end_range[3]; $i++) { $users[] = encode_ip($start_range[0] . "." . $start_range[1] . "." . $start_range[2] . "." . $i); } } else { bb_die($lang['SEARCH_INVALID_IP']); } $ip_in_sql = $ip_like_sql = $ip_like_sql_flylast = $ip_like_sql_flyreg = ''; foreach ($users as $address) { if (preg_match('/(ff){1,3}$/i', $address)) { if (preg_match('/[0-9a-f]{2}ffffff/i', $address)) { $ip_start = substr($address, 0, 2); } elseif (preg_match('/[0-9a-f]{4}ffff/i', $address)) { $ip_start = substr($address, 0, 4); } elseif (preg_match('/[0-9a-f]{6}ff/i', $address)) { $ip_start = substr($address, 0, 6); } $ip_like_sql_flylast = $ip_like_sql . ($ip_like_sql != '') ? " OR user_last_ip LIKE '" . $ip_start . "%'" : "user_last_ip LIKE '" . $ip_start . "%'";
$result = query($sql, "Couldn't obtain ip data from {$table} (" . $fields . ")"); $row = $db->sql_fetchrow($result); $maxid = $row['max_id']; for ($i = 0; $i <= $maxid; $i += $batchsize) { $batchstart = $i; $batchend = $i + $batchsize; $field_id = $data_array['id']; $field = $data_array['field']; print " * Converting IP format '" . $field . "' / '{$table}' ( {$batchstart} to {$batchend} ) :: "; flush(); $sql = "SELECT {$field_id}, {$field} \n\t\t\t\t\t\tFROM {$table} \n\t\t\t\t\t\tWHERE {$field_id} \n\t\t\t\t\t\t\tBETWEEN {$batchstart} \n\t\t\t\t\t\t\t\tAND {$batchend}"; $result = query($sql, "Couldn't obtain ip data from {$table} (" . $fields . ")"); $per_pct = ceil($db->sql_numrows($result) / 40); $inc = 0; while ($row = $db->sql_fetchrow($result)) { $sql = "UPDATE {$table} \n\t\t\t\t\t\t\tSET {$field} = '" . encode_ip($row[$field]) . "' \n\t\t\t\t\t\t\tWHERE {$field_id} = " . $row[$field_id]; query($sql, "Couldn't convert IP format of {$field} in {$table} with {$field_id} of " . $rowset[$field_id]); $inc++; if ($inc == $per_pct) { print "."; flush(); $inc = 0; } } print " <span class=\"ok\"><b>OK</b></span><br />\n"; } } lock_tables(0); end_step('convert_dates'); case 'convert_dates': $names = array(POSTS_TABLE => array('post_time'), TOPICS_TABLE => array('topic_time'), PRIVMSGS_TABLE => array('msg_time'));
if (!verify_ip($ip)) { if ($tr_cfg['allow_host_ip']) { $ip = gethostbyname($ip); if (!verify_ip($ip)) { error_exit("Unable to resolve host name {$ip}"); } } else { $ip = $_SERVER['REMOTE_ADDR']; } } } if (!verify_ip($ip)) { error_exit("Invalid IP: {$ip}"); } // convert IP to phpBB compatible format $ip = encode_ip($ip); // Define "numwant" if ($tr_cfg['ignor_numwant'] || !isset($numwant) || !$numwant) { $numwant = $tr_cfg['numwant']; } else { $numwant = min($numwant, $tr_cfg['numwant_max']); } // Define tracker peers-list output mode (standard, compact...) and events $started = isset($event) && $event == 'started' ? TRUE : FALSE; $stopped = isset($event) && $event == 'stopped' ? TRUE : FALSE; $completed = isset($event) && $event == 'completed' ? TRUE : FALSE; $compact_mode = $tr_cfg['compact_mode'] || isset($compact) ? TRUE : FALSE; $no_peer_id_mode = isset($no_peer_id) ? TRUE : FALSE; // Define if peer is seeder (this value will stored in DB) $seeder = $left == 0 ? 1 : 0; // Verify if torrent registered on tracker and user authorized
/** * Submit a vote for a forum poll * @since Version 3.2 * @version 3.2 * @param int $user_id * @param int $option_id * @return boolean */ public function vote($user_id = false, $option_id = false) { if (!$user_id || !$option_id || !$this->id || empty($this->polldata)) { return false; } if ($this->db instanceof \sql_db) { $query = "UPDATE nuke_bbvote_results SET vote_result = vote_result + 1 WHERE vote_id = " . $this->polldata['id'] . " AND vote_option_id = " . $this->db->real_escape_string($option_id); if ($this->db->query($query)) { // Hooray - now to record this user's vote $dataArray = array(); $dataArray['vote_id'] = $this->polldata['id']; $dataArray['vote_user_id'] = $user_id; $dataArray['vote_user_ip'] = encode_ip($_SERVER['REMOTE_ADDR']); $query = $this->db->buildQuery($dataArray, "nuke_bbvote_voters"); if ($this->db->query($query)) { return true; } else { throw new Exception($this->db->error); return false; } } else { throw new Exception($this->db->error); return false; } } else { // Ehhh } }
function start($page_id) { global $db, $board_config, $SID, $mvModuleName; $current_time = time(); if (isset($_SERVER['HTTP_USER_AGENT']) && !empty($_SERVER['HTTP_USER_AGENT'])) { $this->browser = $_SERVER['HTTP_USER_AGENT']; } elseif (isset($_ENV['HTTP_USER_AGENT']) && !empty($_ENV['HTTP_USER_AGENT'])) { $this->browser = $_ENV['HTTP_USER_AGENT']; } else { $this->browser = 'Unknown'; } if (strlen($this->browser) > BROWSER_MAX_LEN) { $this->browser = substr($this->browser, 0, BROWSER_MAX_LEN); } if (isset($_SERVER['REQUEST_URI']) && !empty($_SERVER['REQUEST_URI'])) { $this->page = $_SERVER['REQUEST_URI']; } elseif (isset($_ENV['REQUEST_URI']) && !empty($_ENV['REQUEST_URI'])) { $this->page = $_ENV['REQUEST_URI']; } else { $this->page = $_SERVER['PHP_SELF']; } if (!defined('IN_ADMIN') && $mvModuleName != '') { $page_id = constant('MODULE_' . $mvModuleName . '_' . $page_id); } $this->page_id = intval($page_id); unset($page_id); $cookiename = $board_config['cookie_name']; if (isset($_COOKIE[$cookiename . '_sid']) || isset($_COOKIE[$cookiename . '_data'])) { $sessiondata = isset($_COOKIE[$cookiename . '_data']) ? unserialize(stripslashes($_COOKIE[$cookiename . '_data'])) : array(); $this->session_id = isset($_COOKIE[$cookiename . '_sid']) ? $_COOKIE[$cookiename . '_sid'] : ''; $this->session_method = SESSION_METHOD_COOKIE; $SID = defined('NEED_SID') ? 'sid=' . $this->session_id : ''; } else { $sessiondata = array(); $this->session_id = isset($_GET['sid']) ? $_GET['sid'] : ''; $this->session_method = SESSION_METHOD_GET; $SID = 'sid=' . $this->session_id; } if (!preg_match('/^[A-Za-z0-9]*$/', $this->session_id)) { $this->session_id = ''; } $this->ip = isset($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : getenv('REMOTE_ADDR'); if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $private_ip = array('#^0\\.#', '#^127\\.0\\.0\\.1#', '#^192\\.168\\.#', '#^172\\.16\\.#', '#^10\\.#', '#^224\\.#', '#^240\\.#'); $bits = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); $ip_list = array(); foreach ($bits as $x_ip) { if (preg_match('#([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+)#', $x_ip, $ip_list)) { if (($this->ip = trim(preg_replace($private_ip, $this->ip, $ip_list[1]))) == trim($ip_list[1])) { break; } } } } $this->ip = encode_ip($this->ip); /* Load Limit */ // // Does a session exist? // if (!empty($this->session_id) && (!defined('NEED_SID') || $this->session_id == (isset($_GET['sid']) ? $_GET['sid'] : ''))) { // // session_id exists so go ahead and attempt to grab all // data in preparation // $sql = "SELECT u.*, s.*\n\t\t\t\tFROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u\n\t\t\t\tWHERE s.session_id = '" . $db->sql_escape($this->session_id) . "'\n\t\t\t\t\tAND u.user_id = s.session_user_id"; if (!($result = $db->sql_query($sql))) { message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); } $this->data = $db->sql_fetchrow($result); $db->sql_freeresult($result); // // Did the session exist in the DB? // if (isset($this->data['user_id'])) { // Validate IP length according to admin ... has no effect on IPv6 $s_ip = substr($this->data['session_ip'], 0, $board_config['ip_check']); $u_ip = substr($this->ip, 0, $board_config['ip_check']); //$s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $board_config['ip_check'])); //$u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $board_config['ip_check'])); $s_browser = $board_config['browser_check'] ? $this->data['session_browser'] : ''; $u_browser = $board_config['browser_check'] ? $this->browser : ''; if ($s_ip == $u_ip && $s_browser == $u_browser) { // Only update session DB a minute or so after last update or if page changes if ($current_time - $this->data['session_time'] > 60 || $this->data['session_page'] != $this->page_id) { $sql = 'UPDATE ' . SESSIONS_TABLE . "\n\t\t\t\t\t\t\tSET session_time = {$current_time}, session_page = '" . $db->sql_escape($this->page_id) . "'\n\t\t\t\t\t\t\tWHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; if (!$db->sql_query($sql)) { message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql); } if ($this->data['user_id'] != ANONYMOUS) { $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\t\t\t\t\tSET user_session_time = {$current_time}, user_session_page = '" . $this->page_id . "'\n\t\t\t\t\t\t\t\tWHERE user_id = '" . $this->data['user_id'] . "'"; if (!$db->sql_query($sql)) { message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql); } } } return $this->data; //return true; // Once no more $userdata } else { //die ('Session Hijacking'); } } } // // If we reach here then no (valid) session exists. So we'll create a new one, // using the cookie user_id if available to pull basic user prefs. // $autologin = isset($sessiondata['autologinid']) ? $sessiondata['autologinid'] : ''; $user_id = isset($sessiondata['userid']) ? intval($sessiondata['userid']) : ANONYMOUS; if (!($this->data = $this->create($user_id, $autologin, FALSE, $this->page_id))) { message_die(CRITICAL_ERROR, 'Error creating user session', '', __LINE__, __FILE__, $sql); } return $this->data; }
die; } $sql = sprintf("SELECT id, last_date FROM usagetracker WHERE hash = '%s' LIMIT 1", $db->real_escape_string($hash)); $res = $db->query($sql); if ($res->num_rows > 0) { // Shouldn't normally be here but happens if GCS settings are reset // or if the request come from another source than GCS. $hashUpdate = $res->fetch_assoc(); if ($hashUpdate['last_date'] < time() - 3600) { // Update timestamp and connection count. $sql = sprintf("UPDATE usagetracker SET last_date = %u, count = count + 1 WHERE id = %u LIMIT 1", time(), $hashUpdate['id']); $db->query($sql); } } else { // New hash $sql = sprintf("INSERT INTO usagetracker (first_date, last_date, ip, data, hash)\n VALUES (%u, %u, '%s', '%s', '%s')", time(), time(), encode_ip($_SERVER['REMOTE_ADDR']), $db->real_escape_string($string), $db->real_escape_string($_GET['hash'])); $db->query($sql); } $db->close(); function usage_error() { //ob_start(); header($_SERVER["SERVER_PROTOCOL"] . " 404 Not Found"); header("Status: 404 Not Found"); // Matching server 404 output can be added. exit; } function encode_ip($dotquad_ip) { $ip_sep = explode('.', $dotquad_ip); return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);
function initializeBase() { // set the default timezone if (function_exists('date_default_timezone_set')) { @date_default_timezone_set('Asia/Shanghai'); } // define the start of our script define('MICROTIME', microtime(TRUE)); // path to the html templates folder. // base path define('DIR_BASE', dirname(dirname(__FILE__)) . '/'); // path to the private source code define('DIR_PRIVATE', DIR_BASE . 'private/'); // path to the 3rd Party vendors define('DIR_VENDORS', DIR_BASE . 'vendors/'); // path public_html folder //define('DIR_PUBLIC_HTML', DIR_BASE .'wp-content/themes/seecblog/'); define('DIR_PUBLIC_HTML', DIR_BASE); // define the path to the classes directory define('DIR_CLASSES', DIR_PRIVATE . 'classes/'); // path to php includes define('DIR_INCLUDES', DIR_PRIVATE . 'includes/'); // path to script includes. define('DIR_SCRIPT_INCLUDES', DIR_PRIVATE . 'script_includes/'); // path to circuit application directory root define('DIR_CIRCUIT_APPS', DIR_PRIVATE . 'circuit-apps/'); // include general fuctions include_once DIR_INCLUDES . 'functions.php'; // EVENTUALLY INTEGRATE THIS FILE INTO THIS PAGE // get rid of stupid errors. if (!defined('IN_PHPBB')) { define('IN_PHPBB', true); } // This will NOT report uninitialized variables if (SC::isEmpty('board_config.report_errors')) { error_reporting(E_ERROR | E_WARNING | E_PARSE); } else { error_reporting(E_ALL); ini_set('report_errors', 1); // ini_set('display_errors', 1); } // // Obtain and encode users IP $user_ip_address = get_user_ip(); define('USER_IP', encode_ip($user_ip_address)); SC::setGlobal('user_ip', USER_IP); // not sure if we still need this but just trying to keep consistent. // i converted to string replace instead of preg_match then preg_replace. // still not sure we need it tho. foreach ($_SERVER as $key => $ex_check) { if (is_string($ex_check)) { $_SERVER[$key] = str_replace(array('"', "'"), '', $ex_check); } } // becuase register_globals is turned off... // $PHP_SELF doesn't work anymore... // so, we have to force it to work for bw compatibility. // as soon as possible, remove this! SC::setGlobal('PHP_SELF', $_SERVER['PHP_SELF']); // start output buffering buffer_browser_output(); }
if ($x_ip === $_GET['ip']) { if (!$bb_cfg['allow_internal_ip'] && preg_match("#^(10|172\\.16|192\\.168)\\.#", $x_ip)) { break; } $ip = $x_ip; break; } } } } // Check that IP format is valid if (!verify_ip($ip)) { msg_die("Invalid IP: {$ip}"); } // Convert IP to HEX format $ip_sql = encode_ip($ip); // Peer unique id $peer_hash = md5(rtrim($info_hash, ' ') . $passkey . $ip . $port); // Get cached peer info from previous announce (last peer info) $lp_info = CACHE('tr_cache')->get(PEER_HASH_PREFIX . $peer_hash); if (DBG_LOG) { dbg_log(' ', '$lp_info-get_from-CACHE-' . ($lp_info ? 'hit' : 'miss')); } // Drop fast announce if ($lp_info && (!isset($event) || $event !== 'stopped')) { drop_fast_announce($lp_info); } // Functions function drop_fast_announce($lp_info) { global $announce_interval;
function convert_comment($comment) { $post_text = prepare_message($comment['text'], true, true); $post_data = array("posts" => array("post_id" => $comment['id'], "topic_id" => $comment['torrent'], "forum_id" => $comment['category'], "poster_id" => $comment['user'], "post_time" => $comment['added'], "poster_ip" => encode_ip($comment['ip']), "post_edit_time" => $comment['editedat'], "post_edit_count" => $comment['editedat'] ? 1 : 0), "posts_text" => array("post_id" => $comment['id'], "post_text" => $post_text)); tp_add_post($post_data); return; }
} $ip_2_counter++; } $ip_1_counter++; } } else { if (preg_match("/^([\\w\\-_]\\.?){2,}\$/is", trim($ip_list_temp[$i]))) { $ip = gethostbynamel(trim($ip_list_temp[$i])); for ($j = 0; $j < count($ip); $j++) { if (!empty($ip[$j])) { $ip_list[] = encode_ip($ip[$j]); } } } else { if (preg_match("/^([0-9]{1,3})\\.([0-9\\*]{1,3})\\.([0-9\\*]{1,3})\\.([0-9\\*]{1,3})\$/", trim($ip_list_temp[$i]))) { $ip_list[] = encode_ip(str_replace("*", "255", trim($ip_list_temp[$i]))); } } } } } $email_list = array(); if (isset($HTTP_POST_VARS['ban_email'])) { $email_list_temp = explode(",", $HTTP_POST_VARS['ban_email']); for ($i = 0; $i < count($email_list_temp); $i++) { // // This ereg match is based on one by php@unreelpro.com // contained in the annotated php manual at php.com (ereg // section) // if (eregi("^(([[:alnum:]\\*]+([-_.][[:alnum:]\\*]+)*\\.?)|(\\*))@([[:alnum:]]+([-_]?[[:alnum:]]+)*\\.){1,3}([[:alnum:]]{2,6})\$", trim($email_list_temp[$i]))) {
/** * Update a PM * @since Version 3.3 * @version 3.3 * @return boolean */ public function commit() { if (!filter_var($this->id, FILTER_VALIDATE_INT)) { throw new Exception("Cannot commit changes to PM - PM does not exist!"); } $this->validate(); // Theoretically nothing but the type should change. I'll leave the rest in for now... $dataArray = array(); $dataArray['privmsgs_type'] = $this->type; $dataArray['privmsgs_subject'] = $this->subject; $dataArray['privmsgs_from_userid'] = $this->from_user_id; $dataArray['privmsgs_to_userid'] = $this->to_user_id; $dataArray['privmsgs_ip'] = encode_ip($_SERVER['REMOTE_ADDR']); $dataArray['privmsgs_enable_bbcode'] = $this->enable_bbcode; $dataArray['privmsgs_enable_html'] = $this->enable_html; $dataArray['privmsgs_enable_smilies'] = $this->enable_smilies; $dataArray['privmsgs_attach_sig'] = $this->enable_signature; $dataArray['hide_from'] = $this->hide_from; $dataArray['hide_to'] = $this->hide_to; if (filter_var($this->id, FILTER_VALIDATE_INT)) { // Update $where = array("privmsgs_id = ?" => $this->id); $this->db->update("nuke_bbprivmsgs", $dataArray, $where); $data = array('privmsgs_bbcode_uid' => $this->bbcode_uid, 'privmsgs_text' => $this->body); $where = array("privmsgs_text_id = ?" => $this->id); $this->db->update("nuke_bbprivmsgs_text", $data, $where); $this->Memcached->delete($this->mckey); return true; } else { // Insert $this->db->insert("nuke_bbprivmsgs", $dataArray); $this->id = $this->db->lastInsertId(); $data = array('privmsgs_bbcode_uid' => $this->bbcode_uid, 'privmsgs_text' => $this->body, 'privmsgs_text_id' => $this->id); $this->db->insert("nuke_bbprivmsgs_text", $data); return true; } }
// Saves users name for next time. Expires in a year setcookie("forumUser", $forumUser, time() + 31556926, '/'); // Send push notifications // if ($forumId == 1) // notificationEveryone(); // $postAssocArray = mysql2AssocArray(mysqli_fetch_array($newPostResult), MYSQLI_ASSOC); // Get post just submitted in all it's properly formatted glory // Send email // $emailId = ($postAssocArray['parentPostId'] == 0)? $postAssocArray['id'] : $postAssocArray['parentPostId']; // emailPost($emailId, $postAssocArray['forumUser'], $postAssocArray['forumMessage']); // Send formatted post to client $postData = posts2send($newPostResult); // var_dump($postData); returnJSON('post', $postData); } else { if ($_POST['action'] == 'editPost') { $clientIp = $_SERVER['REMOTE_ADDR'] == '::1' ? '00000000' : encode_ip($_SERVER['REMOTE_ADDR']); $forumId = mysqli_real_escape_string($db, $_POST['forumId']); $postId = mysqli_real_escape_string($db, $_POST['postId']); $usersForumId = mysqli_real_escape_string($db, $_COOKIE['usersForumId']); $forumUser = mysqli_real_escape_string($db, $_POST['forumUser']); $forumMessage = mysqli_real_escape_string($db, htmlentities($_POST['forumMessage'])); $forumMessage = $emojione->toShort($forumMessage); $postTime = time(); // Check for spam checkSpam($clientIp, $forumUser, $forumMessage); // Copy previous post to deleted forum $backupSQL = "INSERT INTO `forum_posts`(`parent_id`, `forum`, `users_forum_id`, `sender`, `post_time`, `message`, `ipaddress`, `length1`, `length2`)\n SELECT `parent_id`, 0, `users_forum_id`, `sender`, `post_time`, `message`, `ipaddress`, `length1`, `length2` FROM `forum_posts` WHERE `id` = {$postId}"; $updateSQL = "UPDATE `forum_posts` SET `message` = '{$forumMessage}', `ipaddress` = '{$clientIp}' WHERE `id` = {$postId}"; if (!mysqli_query($db, $backupSQL) || !mysqli_query($db, $updateSQL)) { $errorData = mysqli_error($db); returnJSON('error', $errorData);
} $ip_2_counter++; } $ip_1_counter++; } } else { if (preg_match('/^([\\w\\-_]\\.?){2,}$/is', trim($ip_list_temp[$i]))) { $ip = gethostbynamel(trim($ip_list_temp[$i])); for ($j = 0; $j < count($ip); $j++) { if (!empty($ip[$j])) { $ip_list[] = encode_ip($ip[$j]); } } } else { if (preg_match('/^([0-9]{1,3})\\.([0-9\\*]{1,3})\\.([0-9\\*]{1,3})\\.([0-9\\*]{1,3})$/', trim($ip_list_temp[$i]))) { $ip_list[] = encode_ip(str_replace('*', '255', trim($ip_list_temp[$i]))); } } } } } $email_list = array(); if (isset($HTTP_POST_VARS['ban_email'])) { $email_list_temp = explode(',', $HTTP_POST_VARS['ban_email']); for ($i = 0; $i < count($email_list_temp); $i++) { // // This ereg match is based on one by php@unreelpro.com // contained in the annotated php manual at php.com (ereg // section) // if (preg_match('#^(([a-z0-9&.-_+])|(\\*))+@[a-z0-9\\-]+\\.([a-z0-9\\-]+\\.)*?[a-z]+$#is', trim($email_list_temp[$i]))) {
function adr_item_quest_cheat_notification($user_id, $cheat_type) { echo 'DEBUG: cheat'; global $board_config, $userdata, $adr_general, $adr_user, $lang, $db, $phpEx, $table_prefix, $HTTP_SERVER_VARS, $HTTP_ENV_VARS; $adr_ban_punishment = false; if ($board_config['zone_cheat_auto_ban_adr']) { $sql = "UPDATE " . USERS_TABLE . "\r\n\t\t\t\tSET user_adr_ban = '1'\r\n\t\t\t\tWHERE user_id = '{$user_id}'"; $result = $db->sql_query($sql); if (!$result) { message_die(GENERAL_ERROR, "Couldn't UPDATE ADR User Ban", "", __LINE__, __FILE__, $sql); } $cheat_punishment = '1~'; $adr_ban_punishment = true; } else { $cheat_punishment = '0~'; } $board_ban_punishment = false; if ($board_config['zone_cheat_auto_ban_board']) { $sql = "SELECT *\r\n\t\t\t\tFROM " . BANLIST_TABLE; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, "Couldn't obtain banlist information", "", __LINE__, __FILE__, $sql); } $current_banlist = $db->sql_fetchrowset($result); $db->sql_freeresult($result); $kill_session_sql = ''; $in_banlist = false; for ($j = 0; $j < count($current_banlist); $j++) { if ($user_id == $current_banlist[$j]['ban_userid']) { $in_banlist = true; } } if (!$in_banlist) { $kill_session_sql .= ($kill_session_sql != '' ? ' OR ' : '') . "session_user_id = " . $user_id; $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid)\r\n\t\t\t\t\tVALUES (" . $user_id . ")"; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", __LINE__, __FILE__, $sql); } } if ($kill_session_sql != '') { $sql = "DELETE FROM " . SESSIONS_TABLE . "\r\n\t\t\t\t\tWHERE {$kill_session_sql}"; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql); } } $cheat_punishment .= '1~'; $board_ban_punishment = true; } else { $cheat_punishment .= '0~'; } $jail_punishment = false; if ($board_config['zone_cheat_auto_jail']) { include_once $phpbb_root_path . 'adr/includes/adr_functions_jail.' . $phpEx; define('ADR_JAIL_USERS_TABLE', $table_prefix . 'adr_jail_users'); $time_day = intval($board_config['zone_cheat_auto_time_day']); $time_hour = intval($board_config['zone_cheat_auto_time_hour']); $time_minute = intval($board_config['zone_cheat_auto_time_minute']); $caution = intval($board_config['zone_cheat_auto_caution']); $cautionable = intval($board_config['zone_cheat_auto_cautionable']); $freeable = intval($board_config['zone_cheat_auto_freeable']); $punishment = intval($board_config['zone_cheat_auto_punishment']); $sentence = sprintf($lang['Adr_zone_cell_sentence_example'], $cheat_type); adr_cell_imprison_user($user_id, $time_day, $time_hour, $time_minute, $caution, $cautionable, $freeable, $sentence, $punishment); $jail_term = $lang['Adr_zone_cheat_log_imprisoned_for']; if ($time_day) { if ($time_day > 1) { $jail_term .= $time_day . $lang['Adr_zone_cheat_log_days']; } else { $jail_term .= $time_day . $lang['Adr_zone_cheat_log_day']; } } if ($time_hour) { if ($time_day) { if ($time_minute) { $jail_term .= ', '; } else { $jail_term .= $lang['Adr_zone_cheat_log_and']; } } if ($time_hour > 1) { $jail_term .= $time_hour . $lang['Adr_zone_cheat_log_hours']; } else { $jail_term .= $time_hour . $lang['Adr_zone_cheat_log_hour']; } } if ($time_minute) { if ($time_hour && $time_day) { $jail_term .= $lang['Adr_zone_cheat_log_comma_and']; } else { if (!$time_hour && $time_day || $time_hour && !$time_day) { $jail_term .= $lang['Adr_zone_cheat_log_and']; } } if ($time_minute > 1) { $jail_term .= $time_hour . $lang['Adr_zone_cheat_log_minutes']; } else { $jail_term .= $time_hour . $lang['Adr_zone_cheat_log_minute']; } } $cheat_punishment .= '1~' . $jail_term; $jail_punishment = true; } else { $cheat_punishment .= '0~'; } $cheat_public = '0'; if (!$board_config['zone_cheat_auto_ban_adr'] && !$board_config['zone_cheat_auto_ban_board'] && !$board_config['zone_cheat_auto_jail']) { $cheat_punishment = ''; $current_punishments = ''; } else { $current_punishments = ''; if ($adr_ban_punishment) { $current_punishments .= $lang['Adr_zone_cheat_log_banned_adr']; } if ($board_ban_punishment) { if ($adr_ban_punishment) { if ($jail_punishment) { $current_punishments .= sprintf($lang['Adr_zone_cheat_log_comma_and_sprintf'], $lang['Adr_zone_cheat_log_banned_board']); } else { $current_punishments .= sprintf($lang['Adr_zone_cheat_log_and_sprintf'], $lang['Adr_zone_cheat_log_banned_board']); } } else { $current_punishments .= $lang['Adr_zone_cheat_log_banned_board']; } } if ($jail_punishment) { if ($adr_ban_punishment) { if ($board_ban_punishment) { $current_punishments .= sprintf($lang['Adr_zone_cheat_log_comma_and_sprintf'], $jail_term); } else { $current_punishments .= sprintf($lang['Adr_zone_cheat_log_and_sprintf'], $jail_term); } } else { $current_punishments .= $jail_term; } } $current_punishments = sprintf($lang['Adr_zone_cheat_log_punishment'], $current_punishments); } $cheat_public = $board_config['zone_cheat_auto_public']; $pm_members = explode(',', $board_config['zone_cheat_member_pm']); $port = $board_config['server_port'] == '80' ? '' : ':' . $board_config['server_port']; $profile = 'http://' . $board_config['server_name'] . $port . $board_config['script_path'] . 'profile.php?mode=viewprofile&u=' . $user_id; $subject = sprintf($lang['Adr_zone_npc_cheating_pm_subject'], $userdata['username']); $message = sprintf($lang['Adr_zone_npc_cheating_pm_message'], $userdata['username'], $adr_user['character_name'], $cheat_type, $current_punishments, $profile); for ($i = 0; $i < count($pm_members); $i++) { adr_send_pm($pm_members[$i], $subject, $message); } $ip = !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : (!empty($HTTP_ENV_VARS['REMOTE_ADDR']) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR')); $sql = "INSERT INTO " . ADR_CHEAT_LOG_TABLE . "\r\n\t\t\tVALUES ('', '" . encode_ip($ip) . "', '" . $cheat_type . "', '" . time() . "', '{$user_id}', '{$cheat_punishment}', '{$cheat_public}' )"; $db->sql_query($sql); adr_previous(Adr_zone_npc_cheating, adr_zones, ''); }
include $phpbb_root_path . 'includes/sessions.' . $phpEx; include $phpbb_root_path . 'includes/auth.' . $phpEx; include $phpbb_root_path . 'includes/functions.' . $phpEx; include $phpbb_root_path . 'includes/db.' . $phpEx; // We do not need this any longer, unset for safety purposes unset($dbpasswd); // // Obtain and encode users IP // // I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as // private range IP's appearing instead of the guilty routable IP, tough, don't // even bother complaining ... go scream and shout at the idiots out there who feel // "clever" is doing harm rather than good ... karma is a great thing ... :) // $client_ip = !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : (!empty($HTTP_ENV_VARS['REMOTE_ADDR']) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR')); $user_ip = encode_ip($client_ip); // // Setup forum wide options, if this fails // then we output a CRITICAL_ERROR since // basic forum information is not available // $sql = "SELECT *\n\tFROM " . CONFIG_TABLE; if (!($result = $db->sql_query($sql))) { message_die(CRITICAL_ERROR, "Could not query config information", "", __LINE__, __FILE__, $sql); } while ($row = $db->sql_fetchrow($result)) { $board_config[$row['config_name']] = $row['config_value']; } include $phpbb_root_path . 'attach_mod/attachment_mod.' . $phpEx; if (file_exists('install') || file_exists('contrib')) { message_die(GENERAL_MESSAGE, 'Please_remove_install_contrib');
</td> </tr>'; } echo ' </tbody> <tfoot> <tr> <td>' . $tableFooter . ' </td> </tr> </tfoot> </table>'; } else { addHeader(); // Check to see if the user has already voted on this poll $user_ip = encode_ip($_SERVER['REMOTE_ADDR']); // encode users ip for database check $existing_voters = mysqli_query($db, "SELECT * FROM poll_voters WHERE poll='{$poll}' AND ip='{$user_ip}' LIMIT 1"); $tableFooter = ''; if (mysqli_num_rows($existing_voters) == 0) { // Not voted yet $tableFooter = '<input class="btn btn-primary" type="submit" name="vote" title="You only get one" value="Cast Vote" />'; } else { // Aleady voted $tableFooter = ' <input disabled class="btn btn-primary disabled" type="submit" name="vote" title="You\'ve already voted" value="Cast Vote" /> <a class="btn btn-default" href="polls/results/' . $currentpoll['id'] . '">View Results</a>'; } echo ' <h2> Vote