public function post_create()
{
$posts = Input::all();
$title = $posts['thread_name'];
$contentRaw = $posts['inputarea'];
if ($title != '' && strlen($contentRaw) > 10) {
$alias = Str::slug($title, '-');
$exist = Thread::where('alias', '=', $alias)->first();
if ($exist != null) {
return Redirect::to($exist->id);
}
$threadData = array('title' => $posts['thread_name'], 'alias' => $alias, 'type' => 0, 'poster_ip' => Request::ip(), 'dateline' => date("Y-m-d H:i:s"), 'last_message_at' => date("Y-m-d H:i:s"));
$thread = Thread::create($threadData);
if ($thread != null) {
$content = static::replace_at(BBCode2Html(strip_tags_attributes($contentRaw)), $thread->id);
$postData = array('thread_id' => $thread->id, 'entry' => $content, 'userip' => Request::ip(), 'user_id' => Sentry::user()->id, 'datetime' => date("Y-m-d H:i:s"), 'count' => 1, 'type' => 0);
$pst = Post::create($postData);
if ($pst != null) {
return Redirect::to($thread->id);
}
}
} else {
return Redirect::to(URL::full());
}
}
function parsetext($text)
{
$res = $text;
// убираем переводы строк внутри тэгов
do {
$oldRes = $res;
$res = preg_replace("/(<[^>]*)[\n\r]/m", '$1 ', $res);
} while ($res != $oldRes);
$res = auto_link_text($res);
$res = strip_tags_attributes($res, array('<strike>', '<s>', '<sup>', '<sub>', '<embed>', '<object>', '<param>', '<p>', '<b>', '<i>', '<br>', '<br/>', '<a>', '<em>', '<font>', '<strong>', '<img>', '<img/>', '<small>', '<big>', '<div>', '<span>'));
$res = closetags($res);
$res = redirectExternalLinks($res);
$res = nl2br($res);
$res = str_replace(array("\n", "\r"), " ", $res);
$res = trim($res);
return $res;
}
$var_code = ANONNEWS_ERROR_UPLOAD_ERR;
// Generic upload error
require "module.error.php";
}
if ($error === false) {
// Either no file was uploaded or the file was successfully uploaded, continue...
if (!empty($_POST['title'])) {
if (!empty($_POST['body'])) {
if ($file_uploaded === false) {
$upload_url = "";
}
$body = $_POST['body'];
if ($_POST['js_enabled'] === "false") {
$body = nl2br($body, false);
}
$body = mysql_real_escape_string(str_replace("javascript:", "", strip_tags_attributes($body, "<a><b><i><u><span><div><p><br><hr><font><ul><li><ol><dt><dd><h1><h2><h3><h4><h5><h6><h7><del><map><area><strong><em><big><small><sub><sup><ins><pre><blockquote><cite><q><center><marquee><table><tr><td><th>", "href,src,alt,class,style,align,valign,color,face,size,width,height,shape,coords,target,border,cellpadding,cellspacing,colspan,rowspan")));
$title = mysql_real_escape_string($_POST['title']);
$language = mysql_real_escape_string($_POST['language']);
$query = "INSERT INTO press (`Name`, `Body`, `CommentCount`, `Deleted`, `Approved`, `Attachment`, `Upvotes`, `Mod`, `ExternalAttachment`, `Language`, `Posted`)\n\t\t\t\t\t\t\tVALUES ('{$title}', '{$body}', '0', '0', '0', '{$upload_url}', '0', '', '1', '{$language}', CURRENT_TIMESTAMP)";
if (mysql_query($query)) {
$insert_id = mysql_insert_id();
if (!empty($_POST['tags'])) {
// tags were entered.
$tags = $_POST['tags'];
$tags_list = explode(",", $tags);
foreach ($tags_list as $tag) {
$tag = mysql_real_escape_string(trim(clean_tag($tag)));
if (!empty($tag)) {
$query = "INSERT INTO tags (`Table`, `ItemId`, `TagName`) VALUES ('press', '{$insert_id}', '{$tag}')";
mysql_query($query);
}
<?php
echo link_to($sTag, "@tags?name={$sTag}");
if ($i != $last) {
echo ', ';
}
?>
<?php
}
?>
</h4>
<div class="content">
<?php
//echo $post->getContent()
?>
<?php
echo strip_tags_attributes($post->getContent(), $allow);
?>
<?php
if ($post->getShortened()) {
?>
<div id="content-more-<?php
echo $post->getId();
?>
" style="display: none"></div>
<p id="content-nav1-<?php
echo $post->getId();
?>
">
<?php
echo link_to_remote('Czytaj dalej tutaj (rozwija treść wpisu)', array('update' => 'content-more-' . $post->getId(), 'url' => 'post/more?id=' . $post->getId(), 'loading' => "showIndicator({$post->getId()})", 'success' => "hideIndicator({$post->getId()})"));
//echo "pagemode = user<br> ";
} else {
//echo 'fail ';
}
}
}
checkMode('init');
//echo '<br>Name: ' . $uname. " <br>PassSHA1: ".$upass;
$db = mysqli_connect($dbhost, $dbuname, $dbupass, $dbname);
if (mysqli_connect_errno()) {
//echo "Failed to connect to MySQL: " . mysqli_connect_error();
echo "<script type='text/javascript'>displayLoginError('error', 'MySQL conn failed: " . mysqli_connect_error() . "')</script>";
}
if (isset($_POST['Login'])) {
$unamesub = addslashes(strip_tags_attributes($_POST['unamesub']));
$upassSHA = addslashes(strip_tags_attributes($_POST['upasssub']));
$user = mysqli_query($db, "SELECT * FROM Users WHERE name='{$unamesub}'");
$row = mysqli_fetch_array($user);
$passwordFromPost = $_POST['upasssub'];
$hashedPasswordFromDB = $row['pass'];
$mode = $row['isAdmin'];
//echo "<script type='text/javascript'>console.log('" . $mode . "');</script>";
if (password_verify($passwordFromPost, $hashedPasswordFromDB)) {
echo "<script type='text/javascript'>\$('#passvalid').css('color','#99c68e') //light green\n\t\t\t\t\t\t.removeClass('fa-exclamation-triangle')\n\t\t\t\t\t\t.addClass('fa-check-square');</script>";
if ($mode == 1) {
$_SESSION['mode'] = 'admin';
} else {
$_SESSION['mode'] = 'loggeduser';
}
$_SESSION['user'] = $unamesub;
$_SESSION['username'] = $row['disname'];
$passtoset = password_hash($newpass, PASSWORD_BCRYPT, $options);
$sql = "UPDATE Users SET pass='******' WHERE name='{$userToSet}'";
if (mysqli_query($db, $sql)) {
echo 1;
} else {
echo 0;
}
}
} else {
echo 0;
}
}
if (isset($_POST['newemail'])) {
$newemail = addslashes(strip_tags_attributes($_POST['newemail']));
//$newemail = addslashes($_POST['newemail']);
$userToSet = addslashes(strip_tags_attributes($_POST['user']));
$user = $sessionUser;
if ($userToSet === $user || $sessionMode === 'admin') {
$sql = "UPDATE Users SET email='{$newemail}' WHERE name='{$userToSet}'";
if (mysqli_query($db, $sql)) {
echo 1;
} else {
echo 0;
}
} else {
echo 'user does not match userSet';
}
}
if (isset($_POST['userlist'])) {
if ($_POST['userlist'] == 'all') {
if (isset($sessionMode)) {
}
mysqli_close($db);
//header('Location: ' . dirname($_SERVER['REQUEST_URI']));
echo '<script type="text/javascript">location.href = "' . dirname($_SERVER['REQUEST_URI']) . '";</script>';
}
if (isset($_POST['Edit'])) {
if (isset($_POST['type'])) {
if ($_POST['type'] === 'reply') {
//bla
}
} else {
$newtitle = addslashes(strip_tags_attributes($_POST['title']));
$newtags = addslashes(strip_tags_attributes($_POST['tags']));
$isNSFW = $_POST['nsfwcheck'];
}
$newcontent = addslashes(strip_tags_attributes($_POST['content']));
$postid = $_POST['postid'];
$return_to = $_GET['return_to'];
$db = mysqli_connect($dbhost, $dbuname, $dbupass, $dbname);
if (mysqli_connect_errno()) {
//echo "Failed to connect to MySQL: " . mysqli_connect_error();
echo "<script type='text/javascript'>displayLoginError('error', 'MySQL conn failed: " . mysqli_connect_error() . "')</script>";
}
if (!isset($_POST['type'])) {
$sql = "UPDATE Posts SET title='{$newtitle}', content='{$newcontent}', tags='{$newtags}', isNSFW='{$isNSFW}' WHERE PID={$postid}";
$header = dirname($_SERVER['REQUEST_URI']) . 'index.php?p=' . $return_to;
} else {
$sql = "UPDATE Replies SET content='{$newcontent}' WHERE PID={$postid}";
$header = dirname($_SERVER['REQUEST_URI']) . 'post.php?reply_to=' . $return_to;
}
if (!mysqli_query($db, $sql)) {
function scrapeTable($inputGrid, $stationID)
{
$entries = $inputGrid->find("tr");
$rowCount = 0;
foreach ($entries as $entry) {
$trainDepartureTime = "";
$isDeviationInDeparture = "";
$trainDeviatingDepartureTime = "";
$trainName = "";
$trainLink = "";
$trainDestination = "";
$trainOperatorName = "";
$trainOperatorLink = "";
$trainCurrentState = "";
$trainCurrentStatePlace = "";
$trainDeviationInMinutes = "";
$trainDeviationType = "";
$trainType = "";
$trainTrack = "";
$cells = $entry->find("td");
$colCount = 0;
if ($rowCount > 0) {
foreach ($cells as $cell) {
$divs = $cell->find("div");
$divCount = 0;
$isDeviationInDeparture = false;
foreach ($divs as $div) {
$data = strip_tags_attributes($div, '<a>', 'href');
if ($colCount == 0) {
if ($divCount == 0) {
$trainDepartureTime = $data;
# print("Ordinarie avgångstid: " . $trainDepartureTime);
}
if ($divCount == 1) {
if ($data == "Avgick") {
$isDeviationInDeparture = true;
} else {
$isDeviationInDeparture = false;
}
}
if ($divCount == 2 && $isDeviationInDeparture == true) {
$trainDeviatingDepartureTime = $data;
# print("\nAvgick: ". $data);
}
}
if ($colCount == 1) {
// 1. Tåg nr + länk
if ($divCount == 0) {
$trainLink = get_href($data);
$trainName = str_replace(" till", "", strip_tags(fix_chars($data)));
$trainName = str_replace("Tåg nr ", "", $trainName);
# print("Tåg nr: ". $trainName);
}
// 2. Destination
if ($divCount == 1) {
$trainDestination = fix_chars($data);
# print(" Till: " . $trainDestination );
}
// 3. Operatör + länk
if ($divCount == 2) {
$trainOperatorLink = get_href($data);
$trainOperatorName = fix_chars(trim(strip_tags($data)));
# print (" Operatör: " . $trainOperatorName . " (" . $trainOperatorLink . ")" );
}
}
if ($colCount == 2) {
// Tåg som just passerat / ankommit
if ($divCount == 0) {
if (strpos($data, "Ankom")) {
$trainCurrentState = "ARRIVED";
$trainCurrentStatePlace = str_replace("Ankom ", "", fix_chars($data));
} else {
$trainCurrentState = "PASSED";
$trainCurrentStatePlace = str_replace("Passerade ", "", fix_chars($data));
}
# print("--> " . $trainCurrentState . " " . $trainCurrentStatePlace );
}
// Avvikelse i minuter
if ($divCount == 1) {
if (strpos($data, "tidig")) {
$trainDeviationInMinutes = str_replace(" min tidig", "", fix_chars($data));
$trainDeviationType = "EARLY";
} else {
$trainDeviationInMinutes = str_replace(" min försenad", "", fix_chars($data));
$trainDeviationType = "EARLY";
}
# print(" (" . $trainDeviationInMinutes . " " . $trainDeviationType . ")");
}
}
if ($colCount == 3) {
// Hämta tågtyp
if ($divCount == 0) {
$trainType = fix_chars($data);
# print("Tågtyp: " . $trainType);
}
}
if ($colCount == 4) {
if ($divCount == 0) {
$trainTrack = trim($data);
# print("Spår: " . $data);
}
}
$divCount++;
}
# print("\n");
$colCount++;
}
}
// trainDepartureTime, isDeviationInDeparture, trainDeviatingDepartureTime
// trainName, trainLink, trainDestination, trainOperatorName, trainOperatorLink,
// trainCurrentState, trainCurrentStatePlace
// trainDeviationInMinutes, trainDeviationType
// trainType, trainTrack
$dataset = array('StationID' => $stationID, 'Avgång' => $trainDepartureTime, 'Avvikelse' => $isDeviationInDeparture, 'AvvikelseAvgång' => $isDeviationInDeparture, 'TågNamn' => $trainName, 'TågLänk' => $trainLink, 'Destination' => $trainDestination, 'Operatör' => $trainOperatorName, 'OperatörLänk' => $trainOperatorLink, 'Aktuellt' => $trainCurrentState, 'AktuelltPlats' => $trainCurrentStatePlace, 'AvvikelseMinuter' => $trainDeviationInMinutes, 'AvvikelseTyp' => $trainDeviationType, 'TågTyp' => $trainType, 'Spår' => $trainTrack);
if ($rowCount > 0) {
scraperwiki::save(array('Avgång', 'TågNamn'), $dataset);
#print("Tågnamn : " . $trainName);
}
#print( "\n" );
$rowCount++;
}
}
{
//email verification madness
return preg_match("/^[-_.[:alnum:]]+@((([[:alnum:]]|[[:alnum:]][[:alnum:]-]*[[:alnum:]])\\.)+(ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|com|coop|cr|cs|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gh|gi|gl|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|in|info|int|io|iq|ir|is|it|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mg|mh|mil|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no|np|nr|nt|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)\$|(([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5])\\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5]))\$/i", $email);
}
if (isset($_POST['Register'])) {
$unamesub = addslashes(strip_tags_attributes($_POST['unamesub']));
$uemailsub = addslashes(strip_tags_attributes($_POST['uemailsub']));
$uage = $_POST['dateyear'] . '-' . $_POST['datemonth'] . '-' . $_POST['dateday'];
if ($_POST['upasssub'] != $_POST['upasssub2']) {
echo '<script type="text/javascript">displayLoginError(\'error\', \'Passwords must match\');</script>';
} else {
if (preg_match('/\\s/', $unamesub)) {
echo '<script type="text/javascript">displayLoginError(\'error\', \'Username cannot have spaces\');</script>';
} else {
$options = ['cost' => 11];
$upass = password_hash(addslashes(strip_tags_attributes($_POST['upasssub'])), PASSWORD_BCRYPT, $options);
//$upass = SHA2($_POST['upass'], 512);
$default = 'not set';
$passwordFromPost = $upass;
//check to see if uname/email is taken
$sql = "INSERT INTO Users (name, pass, email, disname, age, isAdmin, filterPref)\n\t VALUES ('{$unamesub}', \n\t '{$passwordFromPost}',\n\t '{$uemailsub}',\n\t '{$unamesub}',\n\t '{$uage}',\n\t '0',\n\t '1')";
if (!mysqli_query($db, $sql)) {
die('Error: ' . mysqli_error($db));
}
//header('Location: ' . dirname($_SERVER['REQUEST_URI']) . '/login.php');
echo '<script type="text/javascript">location.href = "login.php";</script>';
}
}
}
?>
public function post_post()
{
$data = json_decode(Input::get('json'));
$fields = array('post' => $data->inputarea, 'threadid' => $data->thread_id);
if (Sentry::guest()) {
return json_encode(array("success" => 0, "msg" => "üye olda gel"));
}
//filter falan ama sonra ..
$userid = Sentry::user()->id;
$userip = Request::ip();
$cThread = Thread::where('id', '=', $fields['threadid'])->first();
/*FLOOD PROTECTION*/
####################
/*$_messageTime = Post::where(function ($query) use ($cThread,$userid){
$query->where('thread_id','=',$cThread->id);
$query->where('user_id', '=',$userid);
})
->order_by('datetime','DESC')
->first(array('datetime'));
if($_messageTime){
$_timestamp = strtotime($_messageTime->datetime);
$_timeCalc = time()-10;
if($_timestamp >= $_timeCalc)
{
return json_encode(array("success" => 0,"msg" => "C*k hızlı giriyorsun babacan!"));
}
}*/
####################
/*FLOOD PROTECTION*/
// Check user has 10 post if he newbie member
if (Sentry::user()->user_type == 0) {
$fulled = false;
$post = Post::where('user_id', '=', Sentry::user()->id);
if ($post->count() >= 10) {
return json_encode(array("success" => 0, "msg" => "Çaylak Olarak Bu kadar Yazdıgınız Yeter.\nLütfen Bir adminin onaylamasını bekleyiniz."));
}
}
if (Sentry::user()->has_access('can_post') && $cThread->type == 0) {
if (Sentry::user()->user_type == 0) {
$post_type = 0;
} else {
$post_type = 1;
}
if (strlen(trim($fields['post'])) >= 5 || Sentry::user()->has_access('is_mod')) {
$max = Post::where('thread_id', '=', $fields['threadid'])->max('count');
$post = static::replace_at(BBCode2Html(strip_tags_attributes($fields['post'])), $fields['threadid']);
$postData = array('thread_id' => $fields['threadid'], 'entry' => $post, 'userip' => $userip, 'user_id' => $userid, 'datetime' => date("Y-m-d H:i:s"), 'count' => $max + 1, 'type' => $post_type);
/*
Update last message on thread table
*/
$cThread->last_message_at = date("Y-m-d H:i:s");
$cThread->save();
$id = DB::table('posts')->insert_get_id($postData);
$entry = Post::with('author')->where_id($id)->first();
$threadid = $fields['threadid'];
$count = Post::where(function ($query) use($threadid) {
$query->where('thread_id', '=', $threadid);
$query->where('type', '=', 1);
})->count();
// cache deki konuyu okumuş memberlari sil
DB::query('DELETE FROM xr_threadsmembers WHERE thread_id=?', array($threadid));
/*Page Function*/
$pagenum = ceil($count / static::$per_page);
//doing ajax callbacks
//create view
$view = array("id" => $entry->id, "count" => $entry->count, "entry" => $entry->entry, "author" => $entry->author->username, "date" => $entry->datetime, "page" => $pagenum);
return Response::json($view);
} else {
return json_encode(array("success" => 0, "msg" => "entry çok kısa babacan"));
}
} else {
return json_encode(array("success" => 0, "msg" => "yetki yok hocam"));
}
return json_encode(array("success" => 0, "msg" => "Undefined Error!"));
}
function filter_basic($input)
{
return strip_tags_attributes($input, "<b><i><u><span><p><font><ul><li><ol><dt><dd><del><strong><big><small><sub><sup><ins><pre><blockquote><cite><q><center><table><tr><td><th>", "href,src,alt,class,style,align,valign,color,face,size,width,height,border,cellpadding,cellspacing,colspan,rowspan");
}
</p>
</div>
<div class="modal-footer">
<button id="delSubBtn" data-dismiss="modal" value="Delete" name="deletepost" class="btn btn-submit" onClick="document.getElementById('delpost').submit()">Delete</button>
</div>
</div>
</div>
</div>
<form action="login.php" method="post" name="logout" id="logout">
<input type="hidden" value="logout">
</form>
<?php
if (isset($_POST["submitcomment"])) {
if ($isLoggedUser || $isAdmin) {
$content = addslashes(strip_tags_attributes($_POST["submitcommenttextarea"]));
if ($content != '') {
//Change this so that apostraphes and stuff can be used
$creator = '<a href="user.php?u=' . $_SESSION['user'] . '">' . $_SESSION['username'] . '</a>';
date_default_timezone_set('America/New_York');
$timestamp = date("m/d/Y") . ' at ' . date("h:i:s a");
$reply_to = $_GET['reply_to'];
$sql = "INSERT INTO Replies (reply_to, content, creator, timestamp)\n\t VALUES ('{$reply_to}', \n\t '{$content}', \n\t '{$creator}',\n\t '{$timestamp}')";
if (!mysqli_query($db, $sql)) {
die('Error: ' . mysqli_error($db));
}
echo '<script type="text/javascript">location.href = "post.php?' . $_SERVER['QUERY_STRING'] . '";</script>';
}
}
}
if (isset($_POST['deletereply'])) {
function clean_richtext($text)
{
/*{{{*/
$allowtags = '<a><b><i><u><blockquote><img><strong><em><font><p><ol><ul><li><h1><h2><h3><h4><h5><h6><strike><span><br><table><tbody><th><tr><td><caption><colgroup><div><embed>';
$allowattributes = 'href,target,src,width,height,alt,title,size,face,color,align,style,name,rowspan,colspan,border,rev,class';
$text = preg_replace("/<(script.*?)>(.*?)<(\\/script.*?)>/si", "", $text);
// strip out any \r characters. all we need is \n
// $text = strtr($text, array("\r" => '', '&' => '&'));
// $text = strtr($text, array("onmouseover" => '', 'onmouseout' => '', 'on'));
$text = utf8_sanitize($text);
$text = strip_tags_attributes($text, $allowtags, $allowattributes);
$text = preg_replace('/mso-.*?:.*?(;|\\"|\'|>)/si', '$1', $text);
// $text = preg_replace('/(?<!href=")(?<!src=")((https?:\/\/)([-a-zA-Z0-9@:%_\+.~#?&\/=]+))/i', '<a href="$1" target="_blank">$3</a>', $text);
// XSS protection: <a href="javascript: alert(...
$text = preg_replace('/href=([\'"]).*?javascript:(.*)?\\1/i', 'href="#$2"', $text);
$text = tidy_html($text);
return $text;
}
