function AddWordFilter($text, $reason, $punishtype, $punishduration, $replacement)
{
global $User;
$text = DB::Q($text);
$reason = DB::Q($reason);
$replacement = DB::Q($replacement);
$res = DB::Execute("SELECT 1 FROM {P}Filters WHERE filter={$text}");
if ($res->RecordCount() > 0) {
return;
}
$f = array('filText' => $text, 'filReason' => $reason, 'filPunishType' => intval($punishtype), 'filPunishDuration' => $punishduration, 'filReplacement' => $replacement);
DB::EasyInsert('{P}Filters', $f);
}
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require 'includes/header.php';
// If you're not a mod, f**k off.
if (!$moderator && !$administrator) {
add_error('You are not wise enough.', true);
}
// Demand UID.
if (!isset($_GET['uid'])) {
add_error('No UID specified.', true);
}
$uid = DB::Q($_GET['uid']);
// Demand a _valid_ UID, fetch first_seen, IP address, and hostname.
$res = DB::Execute('SELECT first_seen, ip_address FROM {P}Users WHERE uid = ' . $uid);
if ($res->RecordCount() < 1) {
add_error('There is no such user.', true);
}
list($id_first_seen, $id_ip_address) = $res->FetchRow();
$id_hostname = @gethostbyaddr($id_ip_address);
if ($id_hostname === $id_ip_address) {
$id_hostname = false;
}
$ban = GetBanFromUID($_GET['uid']);
if ($ban != array()) {
$banned = true;
}
// Fetch number of topics and replies.
add_error('Invalid ID.', true);
}
$stmt = DB::Prepare('SELECT headline, visits, replies, author FROM {P}Topics WHERE id = ?');
$stmt = DB::Execute($stmt, array($_GET['id']));
if ($stmt->RecordCount() < 1) {
$page_title = 'Non-existent topic';
add_error('There is no such topic. It may have been deleted.', true);
}
list($topic_headline, $topic_visits, $topic_replies, $topic_author) = $stmt->FetchRow();
update_activity('topic_trivia', $_GET['id']);
$page_title = 'Trivia for topic: <a href="/topic/' . $_GET['id'] . '">' . htmlspecialchars($topic_headline) . '</a>';
$statistics = array();
$topic_watchers = DB::GetOne("SELECT count(*) FROM {P}Watchlists WHERE topic_id = " . DB::Q($_GET['id']));
$topic_readers = DB::GetOne("SELECT count(*) FROM {P}Activity WHERE action_name = 'topic' AND action_id = " . DB::Q($_GET['id']));
$topic_writers = DB::GetOne("SELECT count(*) FROM {P}Activity WHERE action_name = 'replying' AND action_id = " . DB::Q($_GET['id']));
$topic_participants = DB::GetOne("SELECT count(DISTINCT author) FROM {P}Replies WHERE parent_id = " . DB::Q($_GET['id']) . " AND author != " . DB::Q($topic_author));
// Alternatively, we could select the most recent poster_number. I'm not sure which method would be fastest.
?>
<table>
<tr>
<th class="minimal">Total visits</th>
<td><?php
echo format_number($topic_visits);
?>
</td>
</tr>
<tr class="odd">
<th class="minimal">Watchers</th>
<td><?php
// Get our user's settings from the database.
// Done by User class now
if ($_POST['form_sent']) {
$name = POST::GetEString('memorable_name', true);
$pass = POST::GetEString('memorable_password', true);
$pass2 = POST::GetEString('memorable_password2', true);
$email = POST::GetEString('email', true);
$theme = POST::GetEString('theme', true, 'atbbs');
$flag_topics = POST::GetInt('topics_mode') == 1;
$flag_ostrich = POST::GetInt('ostrich_mode') == 1;
$flag_spoiler = POST::GetInt('spoiler_mode') == 1;
$snippet_len = POST::GetInt('snippet_length');
// Make some specific validations ...
if (!empty($_POST['form']['memorable_name']) && $_POST['form']['memorable_name'] != $user_config['memorable_name']) {
// Check if the name is already being used.
$res = DB::Execute('SELECT 1 FROM {P}UserSettings WHERE LOWER(usrName) = LOWER(' . DB::Q($_POST['form']['memorable_name']) . ')');
if ($res->RecordCount() > 0) {
add_error('The memorable name "' . htmlspecialchars($_POST['memorable_name']) . '" is already being used.');
}
}
if ($pass != $pass2) {
add_error(' Both password fields must match.');
}
if (!array_key_exists($theme, getAvailableThemes())) {
Output::HardError($theme . ' isn\'t a valid theme.');
}
if (!$erred) {
$User->UserName = $name;
$User->Email = $email;
$User->Flags = 0;
if ($flag_topics) {
function show_trash($uid, $silence = false)
{
$output = '<table><thead><tr> <th class="minimal">Headline</th> <th>Body</th> <th class="minimal">Time since deletion ▼</th> </tr></thead> <tbody>';
$trash = DB::GetAll('SELECT headline, body, time FROM {P}Trash WHERE uid = ' . DB::Q($uid) . ' ORDER BY time DESC');
$table = new TablePrinter('tblTrash');
$columns = array('Headline', 'Body', 'Time since deletion ▼');
$table->DefineColumns($columns, 'Body');
foreach ($trash as $row) {
if (empty($row['headline'])) {
$row['headline'] = '<span class="unimportant">(Reply.)</span>';
} else {
$row['headline'] = htmlspecialchars($row['headline']);
}
$values = array($row['headline'], nl2br(htmlspecialchars($row['body'])), '<span class="help" title="' . format_date($row['time']) . '">' . calculate_age($row['time']) . '</span>');
$table->Row($values);
}
if ($table->num_rows_fetched === 0) {
return false;
}
return $table;
}
if (!$editing) {
//Lurk more?
if ($_SERVER['REQUEST_TIME'] - $_SESSION['first_seen'] < REQUIRED_LURK_TIME_TOPIC) {
Output::HardError('Lurk for at least ' . REQUIRED_LURK_TIME_TOPIC . ' seconds before posting your first topic.');
}
// Flood control.
$too_early = $_SERVER['REQUEST_TIME'] - FLOOD_CONTROL_TOPIC;
$res = DB::Execute(sprintf('SELECT 1 FROM {P}Topics WHERE author_ip = \'%s\' AND time > %d', $_SERVER['REMOTE_ADDR'], $too_early));
if ($res->RecordCount() > 0) {
Output::HardError('Wait at least ' . FLOOD_CONTROL_TOPIC . ' seconds before creating another topic. ');
}
// Prepare our query...
DB::Execute(sprintf('INSERT INTO {P}Topics (author, name, author_ip, headline, body, last_post, time) VALUES (\'%s\', \'%s\',\'%s\', \'%s\', %s, UNIX_TIMESTAMP(), UNIX_TIMESTAMP())', $author, $authorname, $_SERVER['REMOTE_ADDR'], $headline, DB::Q($body)));
$congratulation = 'Topic created.';
} else {
$sql = sprintf('UPDATE {P}Topics SET headline = \'%s\', name=\'%s\', body = %s, flags = %d, edit_time = UNIX_TIMESTAMP() WHERE id = %d', $headline, $authorname, DB::Q($body), 0 | 1 * $edit_mod, $_GET['edit']);
DB::Execute($sql);
$congratulation = 'Topic edited.';
}
}
// If all is well, execute!
if (!$erred) {
if ($unlock_table) {
DB::Execute('UNLOCK TABLE');
}
//if($stmt->affected_rows > 0)
//{
// We did it!
if (!$editing) {
setcookie('last_bump', time(), $_SERVER['REQUEST_TIME'] + 315569260, '/');
if ($reply) {
$password = $_GET['password'];
} else {
if (!empty($_POST['memorable_name'])) {
$sql = DB::Prepare('SELECT u.uid,u.password FROM {P}UserSettings as s INNER JOIN {P}Users as u WHERE s.usrID=u.uid AND LOWER(s.usrName) = LOWER(?) AND usrPasshash = SHA1(CONCAT(s.usrID,?))');
$res = DB::Execute($sql, array($_POST['memorable_name'], $_POST['memorable_password']));
if ($res->RecordCount() == 0) {
add_error('Your memorable information was incorrect.');
} else {
list($uid, $password) = $res->FetchRow();
}
}
}
}
}
if (!empty($uid)) {
$res = DB::Execute('SELECT password FROM {P}Users WHERE uid = ' . DB::Q($uid));
list($db_password) = $res->FetchRow();
if (empty($db_password)) {
add_error('There is no such UID.');
} else {
if ($password != $db_password) {
add_error('Incorrect password.');
} else {
$_SESSION['UID'] = $uid;
$_SESSION['IDActivated'] = true;
setcookie('UID', $uid, $_SERVER['REQUEST_TIME'] + 315569260, '/');
setcookie('Password', $password, $_SERVER['REQUEST_TIME'] + 315569260, '/');
$_SESSION['notice'] = 'Welcome back.';
header('Location: ' . DOMAIN);
exit;
// Get settings, etc.
//Determine author
if(isset($_POST['admin']) && $User->isAdmin())
{
$author = '<b><u>Sysop</u></b>';
} else {
$author = "?";
}
if(!isset($_POST['body']))
{
Output::HardError("It appears you did not actually type anything. Stopping here...");
} else {
$body = $_POST['body'];
}
//Actually do the posting... pretty messy but I don't really care
// I DO. PRETTIFIED.
DB::Execute('INSERT INTO {P}Bulletins (time, author, body) VALUES (UNIX_TIMESTAMP(),'.DB::Q($author).','.DB::Q($body).')');
redirect("Bulletin posted.");
}
} else {
?>
<form action="" method="post">
<h3>Add new bulletin</h3>
<div class="body">
<div class="noscreen">
<input name="form_sent" type="hidden" value="1" />
<input name="start_time" type="hidden" value="<?php echo $start_time ?>" />
</div>
<div class="row">
<label for="body" class="noscreen">Post body</label> (Use of HTML allowed.)
<textarea name="body" cols="120" rows="18" tabindex="2" id="body" class="mceEditor"></textarea>
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require 'includes/header.php';
force_id();
update_activity('statistics');
Output::Assign('sidebar', $sidebar);
Output::$tpl->display('dashhead.tpl.php');
$page_title = 'Statistics';
$uid = DB::Q($_SESSION['UID']);
$num_topics = DB::GetOne('SELECT count(*) FROM {P}Topics');
$num_replies = DB::GetOne('SELECT count(*) FROM {P}Replies');
$replies_per_topic = round($num_replies / $num_topics);
$num_bans = DB::GetOne('SELECT count(*) FROM {P}UIDBans');
$your_topics = DB::GetOne("SELECT count(*) FROM {P}Topics WHERE author = {$uid}");
$your_replies = DB::GetOne("SELECT count(*) FROM {P}Replies WHERE author = {$uid}");
$your_posts = $your_topics + $your_replies;
$num_ip_bans = DB::GetOne('SELECT count(*) FROM {P}IPBans');
$total_posts = $num_topics + $num_replies;
$days_since_start = floor(($_SERVER['REQUEST_TIME'] - SITE_FOUNDED) / 86400);
$posts_per_day = $days_since_start > 0 ? round($total_posts / $days_since_start) : 0;
$topics_per_day = $days_since_start > 0 ? round($num_topics / $days_since_start) : 0;
$replies_per_day = $days_since_start > 0 ? round($num_replies / $days_since_start) : 0;
?>
function Activate()
{
$sql = sprintf('SELECT password, first_seen FROM {P}Users WHERE uid = %s', DB::Q($_COOKIE['UID']));
$res = DB::Execute($sql);
list($db_password, $first_seen) = $res->fields;
if (!empty($db_password) && $_COOKIE['Password'] === $db_password) {
// The password is correct!
$_SESSION['UID'] = $_COOKIE['UID'];
// Our ID wasn't just created.
$_SESSION['IDActivated'] = true;
// For post.php
$_SESSION['first_seen'] = $first_seen;
return true;
}
// If the password was wrong, create a new ID.
$this->CreateID();
}
}
DB::Execute($sql);
?>
<p><?=$i?> IP bans removed.</p>
<?
}
if(count($_POST['deny_appeal'])>0)
{
$sql='UPDATE {P}Bans SET flags=flags|'.BANF_APPEAL_DENIED.' WHERE ';
$i=0;
foreach($_POST['deny_appeal'] as $uid)
{
if($i>0) $sql.=" OR ";
$i++;
$sql.='uid='.DB::Q($uid);
}
DB::Execute($sql);
?>
<p><?=$i?> appeals denied.</p>
<?
}
break;
default:
Output::HardError(htmlentities(Path::FetchIndex(0)).' is an unrecognized method.');
exit;
break;
}
Output::$tpl->display('dashfooter.tpl.php');
require('includes/footer.php');
* 404 handler
*
* Copyright (c) 2009-2010 ATBBS Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require 'includes/header.php';
$requested_page = ltrim($_SERVER['REQUEST_URI'], '/');
$res = DB::Execute('SELECT page_title, content FROM {P}Pages WHERE url = ' . DB::Q($requested_page));
if ($res->RecordCount() == 0) {
redirect('The page you requested (' . htmlentities($requested_page) . ') was not found.', '');
}
list($page_title, $content) = $res->FetchRow();
echo $content;
require 'includes/footer.php';
