function history_get() { global $DB, $Parse, $Core; $last = MD5($DB->value("SELECT extract(epoch from stamp) FROM chat ORDER BY stamp DESC LIMIT 1")); // Technically, we should add the ignore WHERE clause on to the above, but... if (session('id')) { $DB->query("UPDATE member SET last_chat=now() WHERE id=\$1", array(session('id'))); } if ($last == id()) { print $last; exit_clean(); } if ($list = array_keys($Core->list_ignored(session('id')))) { $list = implode(",", $list); } else { $list = "0"; } $DB->query("SELECT\n extract(epoch from c.stamp) as stamp,\n c.member_id as member_id,\n m.name as name,\n c.chat as chat\n FROM\n chat c\n LEFT JOIN\n member m\n ON\n m.id=c.member_id\n WHERE\n c.member_id NOT IN ({$list})\n ORDER BY c.stamp DESC LIMIT 100"); $chats = $DB->load_all(); if ($chats === FALSE) { print $last; exit_clean(); } $chats = array_reverse($chats); $output = $last; foreach ($chats as $chat) { $output .= date("h:i:s A", $chat['stamp']) . " | "; $output .= "<strong>" . $Core->member_link($chat['name']) . "</strong>: "; $output .= "<span>" . $Parse->run($chat['chat']) . "</span><br/>\n"; } print str_replace(": <span>/me ", "<span> ", $output); exit_clean(); }
function resetlink_get() { global $Security, $DB; if (id() && $Security->is_admin(session('id')) && md5(session_id()) == cmd(3)) { $DB->query("SELECT email_signup||pass FROM member WHERE id=\$1", array(id())); $hash = md5($DB->load_result() . time()); $DB->update("member", "id", id(), array("reset" => $hash)); print "http://{$_SERVER['HTTP_HOST']}/member/reset/{$hash}/"; } exit_clean(); }
function editpost_post() { $Data = new Data(); if (trim(post('body')) == "") { print "You must enter a post body."; } else { if (!$Data->thread_post_update($_POST, id())) { print "Your thread was not submitted."; } } exit_clean(); }
function reply_post() { $Data = new Data(); if (trim(post('body')) == "") { print "You must enter a post body."; } else { if (!$Data->thread_post_insert($_POST)) { print "Your post was not submitted."; } } exit_clean(); }
function speak_post() { global $DB; if (!session('id') || !post('msg')) { return; } if (post('msg') != "") { $insert = array(); $insert['member_id'] = session('id'); $insert['chat'] = post('msg'); $DB->insert("chat", $insert); } exit_clean(); }
function accept_post() { global $DB; // read the post from PayPal system and add 'cmd' $req = "cmd=_notify-validate"; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&{$key}={$value}"; } // send post back to paypal $url = "http://www.paypal.com/cgi-bin/webscr"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $req); $res = curl_exec($ch); curl_close($ch); if (strcmp($res, "VERIFIED") == 0) { // if correct item and email continue if (post('item_name') == FUNDRAISER_ITEM_NAME) { // prep data for insertion/updating $data = array(); $data['fundraiser_id'] = FUNDRAISER_ID; $data['payment_status'] = post('payment_status'); $data['payer_email'] = post('payer_email'); $data['txn_id'] = post('txn_id'); $data['payment_fee'] = '$' . post('payment_fee'); $data['payment_gross'] = '$' . post('payment_gross'); // if transaction exists, update it otherwise insert it if ($DB->check("SELECT true FROM donation WHERE txn_id=\$1 AND fundraiser_id=\$2", array(post('txn_id'), FUNDRAISER_ID))) { $DB->update("donation", "txn_id", post('txn_id'), $data); } else { $DB->insert("donation", $data); } } } else { $email = ""; foreach ($_POST as $key => $value) { $email .= "{$key}={$value}\n"; } send_email(ADMIN_EMAIL, "donation failure: {$res}", $email); } exit_clean(); }
function addmember_post() { global $Core; if (!post('names')) { exit; } $respond = ""; $members = post('names'); $members = array_unique(explode(",", $members)); foreach ($members as $member) { if ($id = $Core->idfromname(strtolower(str_replace(SPACE, "", $member)))) { if ($id == session('id')) { continue; } $respond .= $id . "," . $Core->member_link($member) . ","; } } print substr($respond, 0, -1); exit_clean(); }
function history_get() { global $DB, $Parse, $Core; $last = MD5($DB->value("SELECT extract(epoch from stamp) FROM chat ORDER BY stamp DESC LIMIT 1")); if ($last == id()) { print $last; exit_clean(); } if (session('id')) { $DB->query("UPDATE member SET last_chat=now() WHERE id=\$1", array(session('id'))); } $DB->query("SELECT\r\n extract(epoch from c.stamp) as stamp,\r\n c.member_id as member_id,\r\n m.name as name,\r\n c.chat as chat\r\n FROM\r\n chat c\r\n LEFT JOIN\r\n member m\r\n ON\r\n m.id=c.member_id\r\n ORDER BY c.stamp DESC LIMIT 100"); $chats = array_reverse($DB->load_all()); $output = $last; foreach ($chats as $chat) { $output .= date("h:i:s A", $chat['stamp']) . " | "; $output .= "<strong>" . $Core->member_link($chat['name']) . "</strong>: "; $output .= "<span>" . $Parse->run($chat['chat']) . "</span><br/>\n"; } print str_replace(": <span>/me ", "<span> ", $output); exit_clean(); }
function editcolors_post() { global $DB, $Core; $theme = array(); foreach ($_POST as $key => $val) { if (substr($key, 0, 1) == "_" || $key == "theme") { continue; } switch ($key) { case "font": case "fontsize": break; case "body": case "even": case "odd": case "me": case "readbar": $val = "#" . substr($val, 0, 6); break; case "hover": if ($val == "none") { $val = "transparent"; } else { $val = "#" . substr($val, 0, 6); } break; default: continue; break; } $theme[$key] = strip_tags($val); } $save = serialize($theme); if ($Core->member_pref(session('id'), "theme")) { $DB->query("UPDATE member_pref SET value=\$1 WHERE member_id=\$2 AND pref_id=15", array($save, session('id'))); } else { $insert = array(); $insert['member_id'] = session('id'); $insert['pref_id'] = 15; $insert['value'] = $save; $DB->insert("member_pref", $insert); } return to_index("/"); exit_clean(); }
function reset_get() { global $DB; $DB->query("SELECT id,reset FROM member WHERE reset=\$1", array(id())); if ($data = $DB->load_array()) { $pass = md5($data['reset']); $update = array("reset" => null, "pass" => md5($pass)); $DB->update("member", "id", $data['id'], $update); print "Your new password: {$pass}"; } exit_clean(); }
require_once "class/Admin.php"; // search management require_once "class/Plugin.php"; // plugins $Security = new BoardSecurity(); $Core = new BoardCore(); $DB = new DB(DB, true); $Parse = new BoardParse($_bbc_, $_rep_); if (!session('id') && cookie('board')) { $Security->login_cookie(); } $Style = new BoardStyle(session('id')); if (!isset($commandline)) { ob_start(); if (!$DB->db) { $Base = new Base(); $Base->title("Dead database!"); $Base->header(); $Base->footer(); } else { $Core->command_parse(); if (get('ajax')) { $buffer = ob_get_contents(); ob_end_clean(); print $buffer; exit_clean(); } $buffer = ob_get_contents(); ob_end_clean(); } }
function togglefavorite_get() { global $DB, $Core; if (!session('id')) { print "failed to change"; exit_clean(); } if ($Core->check_favorite(id())) { $DB->query("DELETE FROM favorite WHERE thread_id=\$1 AND member_id=\$2", array(id(), session('id'))); print "add"; exit_clean(); } else { $insert = array(); $insert['thread_id'] = id(); $insert['member_id'] = session('id'); $DB->insert("favorite", $insert); print "remove"; exit_clean(); } }
function undot_get() { global $DB, $Core; if (!session('id')) { print "undot failed."; exit_clean(); } $DB->query("UPDATE thread_member SET undot=true WHERE thread_id=\$1 AND member_id=\$2", array(id(), session('id'))); print "undotted"; exit_clean(); }