} else { if ($result === "DELETING_TOPIC") { print_out(lang('error_deleting_topic'), lang('redirecting')); } } } if (!$error) { print_out(lang('success_deleted_topic'), lang('redirecting')); } } } else { print_out(lang_parse('error_invalid_given', array(lang('id'))), lang('redirecting')); } } else { if (isset($_GET['delete'])) { if (alpha($_GET['delete'], 'numeric')) { // Try getting that data! $delete_data = topic($_GET['delete']); // Is it their topic? if ($delete_data['starter_id'] == $user_data['id']) { $result = delete_post($_GET['delete']); // User data if ($result === "ID_INVALID") { print_out(lang_parse('error_invalid_given', array(lang('id'))), lang('redirecting')); } else { if ($result === "DELETING_POST") { print_out(lang('error_deleting_post'), lang('redirecting')); } } if (!$error) { if ($delete_data['reply']) {
/** * Grabs the users avatar by their id * @global array * @param integer $id used to retrieve the user data * @return string|boolean */ function get_avatar($id, $size = "100", $rating = "R") { global $config; if (alpha($id, 'numeric')) { $data = user_data($id); if ($data['avatar']) { switch ($config['avatar_use']) { case "username": // Avatar folder path $folder_path = $config['url_path'] . "/" . $config['avatar_folder_name'] . "/"; // Do we md5? if ($config['avatar_md5_use']) { $name = md5($data['username']); } else { $name = $data['username']; } // The outcome return $folder_path . $name . ".png"; break; case "email": // Avatar folder path $folder_path = $config['url_path'] . "/" . $config['avatar_folder_name'] . "/"; // Do we md5? if ($config['avatar_md5_use']) { $name = md5($data['email']); } else { $name = $data['email']; } // The outcome return $folder_path . $name . ".png"; break; case "id": // Avatar folder path $folder_path = $config['url_path'] . "/" . $config['avatar_folder_name'] . "/"; // Do we md5? if ($config['avatar_md5_use']) { $name = md5($data['id']); } else { $name = $data['id']; } // The outcome return $folder_path . $name . ".png"; break; } } else { // Default to the gravatar $gravatar = get_gravatar($data['email'], $size, $rating); // Default return $gravatar; } } else { return false; } }
/** * Cleans up the guest array * @global array * @global array */ function profile_edit() { global $config, $user_data, $errors, $key, $data; // Check the data, output error into errors array if there was an error. if ($key == "title") { // Check the data, output error into errors array if there was an error. if (alpha($data, 'alpha-spacers') || $data == "") { if (!in_array($data, $config['banned_titles'])) { $length = length($data, 2, 32); if ($length) { if ($length == "TOO_LONG") { $errors[$key] = lang('error_title_too_long'); } else { $errors[$key] = lang('error_title_too_short'); } } else { // update user update_user($user_data['id'], false, $key, $data); // update revisions if (insert_revision($user_data['id'], $data)) { $errors[$key] = insert_revision($user_data['id'], $data); } } } } else { $errors[$key] = lang_parse('error_invalid_chars', array(lang('title_c'))); } } }
echo ' <div class="media-left media-middle"> <img src="' . $ibid_avatar . '" class=" media-object n-ava img-thumbnail" alt="avatar" /> </div>'; } echo ' <div class="media-body"><br /> ' . translate("Greetings to our latest registered user:"******"media-heading"><a href="user.php?op=userinfo&uname=' . $lastuser . '">' . $lastuser . '</a></h4> </div> </div> <hr />'; } echo ' <div class="card card-block"> <p>'; alpha(); echo '</p>'; SortLinks($letter); echo ' </div>'; $min = $pagesize * ($page - 1); $max = $pagesize; $ws_req = ''; if (isset($uid_from_ws) and $uid_from_ws != "") { $ws_req = 'WHERE uid REGEXP \'' . $uid_from_ws . '\' '; } $count = "SELECT COUNT(uid) AS total FROM " . $NPDS_Prefix . "users "; $select = "SELECT uid, name, uname, femail, url, user_regdate, user_from, email, is_visible, user_viewemail, user_avatar, mns, user_lastvisit FROM " . $NPDS_Prefix . "users "; if ($letter != translate("Other") and $letter != translate("All")) { if ($admin and preg_match('#^[_\\.0-9a-z-]+@[0-9a-z-\\.]+\\.+[a-z]{2,4}$#i', $letter)) { $where = "WHERE uname LIKE '" . $letter . "%' OR email LIKE '%" . strtolower($letter) . "%'" . str_replace('WHERE', ' AND', $ws_req);
function reviews_index() { global $bgcolor3, $bgcolor2, $prefix, $multilingual, $currentlang, $db, $module_name; include 'header.php'; if ($multilingual == 1) { $querylang = "WHERE rlanguage='{$currentlang}'"; } else { $querylang = ""; } OpenTable(); echo "<table border=\"0\" width=\"95%\" CELLPADDING=\"2\" CELLSPACING=\"4\" align=\"center\">\r\n <tr><td colspan=\"2\"><center><font class=\"title\">" . _RWELCOME . "</font></center><br><br><br>"; $result = $db->sql_query("select title, description from " . $prefix . "_reviews_main"); list($title, $description) = $result->fetch_row(); $title = filter($title, "nohtml"); $description = filter($description); echo "<center><b>{$title}</b><br><br>{$description}</center>"; echo "<br><br><br>"; alpha(); echo "</td></tr>"; echo "<tr><td width=\"50%\" bgcolor=\"{$bgcolor2}\"><b>" . _10MOSTPOP . "</b></td>"; echo "<td width=\"50%\" bgcolor=\"{$bgcolor2}\"><b>" . _10MOSTREC . "</b></td></tr>"; $result_pop = $db->sql_query("SELECT id, title, hits from " . $prefix . "_reviews {$querylang} order by hits DESC limit 10"); $result_rec = $db->sql_query("SELECT id, title, date, hits from " . $prefix . "_reviews {$querylang} order by date DESC limit 10"); $y = 1; for ($x = 0; $x < 10; $x++) { $myrow = $db->sql_fetchrow($result_pop); $id = intval($myrow['id']); $title = filter($myrow['title'], "nohtml"); $hits = intval($myrow['hits']); echo "<tr><td width=\"50%\" bgcolor=\"{$bgcolor3}\">{$y}) <a href=\"modules.php?name={$module_name}&rop=showcontent&id={$id}\">{$title}</a></td>"; $myrow2 = $db->sql_fetchrow($result_rec); $id = intval($myrow2['id']); $title = filter($myrow2['title'], "nohtml"); $hits = intval($myrow2['hits']); echo "<td width=\"50%\" bgcolor=\"{$bgcolor3}\">{$y}) <a href=\"modules.php?name={$module_name}&rop=showcontent&id={$id}\">{$title}</a></td></tr>"; $y++; } echo "<tr><td colspan=\"2\"><br></td></tr>"; $result2 = $db->sql_query("SELECT * FROM " . $prefix . "_reviews {$querylang}"); $numresults = $db->sql_numrows($result2); echo "<tr><td colspan=\"2\"><br><center>" . _THEREARE . " {$numresults} " . _REVIEWSINDB . "</center></td></tr></table>"; CloseTable(); include "footer.php"; }
/** * Gets the plugin data from filename * @param string $path really just the filename. * @return array */ function get_plugin_data($path) { $path_ext = pathinfo($path, PATHINFO_EXTENSION); $path_name = pathinfo($path, PATHINFO_FILENAME); if ($path_ext == "php") { $plugin_data = implode('', file(BASEPATH . '../plugins/' . $path)); // fetch data preg_match('|Plugin Name:(.*)$|mi', $plugin_data, $plugin_name); preg_match('|Description:(.*)$|mi', $plugin_data, $description); preg_match('|Author:(.*)$|mi', $plugin_data, $author_name); preg_match('|Author URI:(.*)$|mi', $plugin_data, $author_uri); preg_match('|Version:(.*)$|mi', $plugin_data, $version); $plugin_name[1] = trim($plugin_name[1]); // Check name if ($plugin_name[1] == '') { return array('name' => $path_name . $path_ext, 'description' => trim($description[1]), 'author' => trim($author_name[1]), 'url' => trim($author_uri[1]), 'version' => trim($version[1]), 'error' => lang('error_plugin_no_name')); } if (!alpha($plugin_name[1], 'alpha-spacers')) { return array('name' => trim($plugin_name[1]), 'description' => trim($description[1]), 'author' => trim($author_name[1]), 'url' => trim($author_uri[1]), 'version' => trim($version[1]), 'error' => lang('error_plugin_name')); } return array('name' => trim($plugin_name[1]), 'description' => trim($description[1]), 'author' => trim($author_name[1]), 'url' => trim($author_uri[1]), 'version' => trim($version[1]), 'plugin' => $path_name, 'file' => $path_name . "." . $path_ext); } }
if (!$update_user_data) { $major_error = lang('error_user_doesnt_exist'); } } /** * Include users */ include $config['template_path'] . "admin/users.php"; } else { if ($action == "categories") { if (isset($_GET['delete'])) { // What method should we use? if ($_GET['method'] == "all") { $method = "all"; } else { if (alpha($_GET['method'], 'numeric')) { $method = $_GET['method']; } } $result = delete_category($_GET['delete'], $method); // Check to see if category was deleted or not if ($result === "INVALID_ID") { $error = lang_parse('error_invalid_given', array(lang('id'))); } else { if ($result === "INVALID_METHOD") { $error = lang_parse('error_invalid_given', array(lang('method'))); } else { if ($result === "INVALID_CATEGORY") { $error = lang_parse('error_invalid_given', array(lang('category'))); } else { if ($result === "DELETING_CATEGORY") {
/** * Unban a user * @global resource * @param $id user identification number * @return string|boolean */ function unban_user($id) { global $database; if (!alpha($id, 'numeric')) { return 'ID_INVALID'; } $banned = $database->query("UPDATE `users` SET `banned` = '0' WHERE `id` = '{$id}' LIMIT 1"); // Check to see if the user was banned. if ($banned) { return true; } else { return 'BANNING_USER'; } }
require "include/common.php"; // Start point @($page = $_GET['page']); // What page are we on? if (is_numeric($page)) { if (!isset($page) || $page < 0) { $page = 0; } } else { $page = 0; } // Start point $start = $page * $config['messages_per_page']; // Category if (isset($_GET['category'])) { if (alpha($_GET['category'], 'numeric') && category($_GET['category'])) { $current_category = $_GET['category']; $category_data = category($_GET['category']); } else { $current_category = 0; } } else { $current_category = 0; } // Sticky topics $sticky_topics = fetch($current_category, true); // Check the numbers to fetch. if (isset($start)) { if (is_numeric($start)) { $topics = fetch($current_category, false, false, 'updated', 'DESC', intval($start), $config['messages_per_page']); } else {
function beta() { alpha(); }
/** * Updates revisions * @global array * @global resource * @param integer $revision the revision to update * @param string $text contains the revision to title * @return boolean */ function update_revision($revision, $text) { global $database; if (!alpha($revision, 'numeric')) { return false; } // Clean the data $text = $database->escape($text); // Update the revision $result = $database->query("UPDATE `revisions` SET `text`='{$text}' WHERE `id` = '{$revision}'"); }
function encyclopedia_terms($eid, $ltr) { global $prefix, $db, $admin_file; include "header.php"; $eid = intval($eid); GraphicAdmin(); title("" . _ENCYCLOPEDIAMANAGER . ""); $result = $db->sql_query("select title from " . $prefix . "_encyclopedia where eid='{$eid}' AND UPPER(title) LIKE '%{$ltr}%'"); list($title) = $result->fetch_row(); $title = filter($title, "nohtml"); title("{$title}"); OpenTable(); echo "<center>" . _SELECTONETERM . "</center><br><br>" . "<table border=\"0\" align=\"center\">"; $result = $db->sql_query("select tid, title from " . $prefix . "_encyclopedia_text WHERE UPPER(title) LIKE '{$ltr}%' AND eid='{$eid}'"); if ($db->sql_numrows($result) == 0) { echo "<center><i>" . _NOCONTENTFORLETTER . " {$ltr}.</i></center>"; } while (list($tid, $title) = $result->fetch_row()) { $tid = intval($tid); $title = filter($title, "nohtml"); echo "<tr><td><a href=\"" . $admin_file . ".php?op=encyclopedia_text_edit&tid={$tid}\">{$title}</a></td></tr>"; } echo "</table><br><br>"; alpha($eid); echo "<center>" . _GOBACK . "</center>"; CloseTable(); include "footer.php"; }
function reviews_index() { global $db, $prefix, $bgcolor4, $bgcolor2, $multilingual, $currentlang, $MAIN_CFG; require_once 'header.php'; if ($multilingual == 1) { $querylang = "WHERE language='{$currentlang}' OR language=''"; } else { $querylang = ''; } OpenTable(); echo '<table border="0" width="95%" cellpadding="2" cellspacing="4" align="center"> <tr><td colspan="2"><div style="text-align:center;"><span class="title">' . _RWELCOME . '</span><br /><br /><br />'; echo '<b>' . $MAIN_CFG['Reviews']['title'] . '</b><br /><br />' . nl2br($MAIN_CFG['Reviews']['description']) . '</div>'; echo '<br /><br /><br />'; alpha(); echo '</td></tr>'; echo '<tr><td style="width:50%; background:' . $bgcolor2 . ';"><b>' . _10MOSTPOP . '</b></td>'; echo '<td style="width:50%; background:' . $bgcolor2 . ';"><b>' . _10MOSTREC . '</b></td></tr>'; $result_pop = $db->sql_query("SELECT id, title, hits FROM " . $prefix . "_reviews {$querylang} ORDER BY hits DESC LIMIT 10"); $result_rec = $db->sql_query("SELECT id, title, date, hits FROM " . $prefix . "_reviews {$querylang} ORDER BY date DESC LIMIT 10"); $y = 1; for ($x = 0; $x < 10; $x++) { $myrow = $db->sql_fetchrow($result_pop); $id = $myrow['id']; $title = $myrow['title']; $hits = $myrow['hits']; echo '<tr><td style="width:50%; background:' . $bgcolor4 . ';"><b>•</b> <a href="' . URL::index('&rop=showcontent&id=' . $id) . '">' . $title . '</a></td>'; $myrow = $db->sql_fetchrow($result_rec); $id = $myrow['id']; $title = $myrow['title']; $hits = $myrow['hits']; echo '<td style="width:50%; background:' . $bgcolor4 . ';"><b>•</b> <a href="' . URL::index('&rop=showcontent&id=' . $id) . '">' . $title . '</a></td></tr>'; $y++; } $db->sql_freeresult($result_pop); $db->sql_freeresult($result_rec); echo '<tr><td colspan="2"><br /></td></tr>'; $result = $db->sql_query("SELECT * FROM " . $prefix . "_reviews {$querylang}"); $numresults = $db->sql_numrows($result); echo '<tr><td colspan="2"><br /><center>' . _THEREARE . " {$numresults} " . _REVIEWSINDB . '</center></td></tr></table>'; CloseTable(); }
// New topic $title = lang('posting_new_topic'); } } else { $reply = 0; // New topic $title = lang('posting_new_topic'); } } else { $reply = 0; // New topic $title = lang('posting_new_topic'); } } else { if (isset($_GET['edit'])) { if (alpha($_GET['edit'], 'numeric')) { $reply = false; $edit = true; // Get topic data $post = topic($_GET['edit']); if ($post) { // Title $title = lang('editing_post'); // Convienent stuff. $subject = $post['subject']; $content = html_entity_decode(htmlspecialchars_decode(stripslashes($post['message']))); $sticky = $post['sticky']; $closed = $post['closed']; $category = $post['category']; } else { $reply = 0;
} } // Include the navigation include $config['template_path'] . "user/navigation.php"; // Include profile template include $config['template_path'] . "user/profile.php"; } else { if ($action == "signature") { // Include the navigation include $config['template_path'] . "user/navigation.php"; // Include profile template include $config['template_path'] . "user/signature.php"; } else { if ($action == "view") { if (isset($_GET['id'])) { if (alpha($_GET['id'], 'numeric')) { $viewing = user_data($_GET['id']); } else { print_out(lang_parse('error_invalid_given'), array(lang('id'))); } } else { print_out(lang_parse('error_no_given'), array(lang('id'))); } // Include profile template include $config['template_path'] . "user/view.php"; } } } } } }
function terms($eid, $ltr) { global $module_name, $prefix, $sitename, $db, $admin; $eid = intval($eid); $ltr = substr($ltr, 0, 1); if (ereg("[^a-zA-Z0-9]", $ltr)) { die('Invalid letter/digit specified!'); } $row = $db->sql_fetchrow($db->sql_query("SELECT active FROM " . $prefix . "_encyclopedia WHERE eid='{$eid}'")); $active = intval($row['active']); $row2 = $db->sql_fetchrow($db->sql_query("SELECT title FROM " . $prefix . "_encyclopedia WHERE eid='{$eid}'")); $title = filter($row2['title'], "nohtml"); include "header.php"; title("{$title}"); OpenTable(); if ($active == 1 or is_admin($admin)) { if ($active != 1 and is_admin($admin)) { echo "<center>" . _YOURADMINENCY . "</center><br><br>"; } echo "<center>Please select one term from the following list:</center><br><br>" . "<table border=\"0\" align=\"center\">"; $result3 = $db->sql_query("SELECT tid, title FROM " . $prefix . "_encyclopedia_text WHERE UPPER(title) LIKE '{$ltr}%' AND eid='{$eid}'"); $numrows = $db->sql_numrows($result3); if ($numrows == 0) { echo "<center><i>" . _NOCONTENTFORLETTER . " " . htmlentities($ltr) . ".</i></center>"; } while ($row3 = $db->sql_fetchrow($result3)) { $tid = intval($row3['tid']); $title = filter($row3['title'], "nohtml"); echo "<tr><td><a href=\"modules.php?name={$module_name}&op=content&tid={$tid}\">{$title}</a></td></tr>"; } echo "</table><br><br>"; alpha($eid); } else { echo "<center>" . _ENCYNOTACTIVE . "<br><br>" . "" . _GOBACK . "</center>"; } CloseTable(); include "footer.php"; }
/** * Count replies for the forum or user * @global resource * @param integer $id id used to retrieve data for topics users etc * @param boolean $type refers to what are we retrieving * @param boolean $exclude_stickies include stickies in our count? * @param boolean $posts count posts? * @param boolean $today show count from past day only? * @return int */ function forum_count($category, $id, $type, $today = false, $topics = false) { global $database; if ($type == "all") { if ($category) { if (alpha($category, 'numeric')) { $category = " WHERE `category` = '{$category}'"; } } if ($topics) { $category .= " AND `reply` = '0'"; } // Query $query = "SELECT id FROM `forum`{$category}"; // Return Data $return = $database->query($query); // Return the count return $database->num($return); } if ($type == "posts") { if ($category) { if (alpha($category, 'numeric')) { $category = "`category` = '{$category}' AND "; } } if ($today) { $query = "SELECT `id` FROM `forum` WHERE {$category}(`reply` != '0' AND `time` >= " . strtotime('-1 day') . ")"; } else { // Query $query = "SELECT id FROM `forum` WHERE {$category}(`reply` != '0')"; } // Return Data $return = $database->query($query); // Return the count return $database->num($return); } if ($type == "user") { if (is_numeric($id)) { // Query $query = "SELECT id FROM `forum` WHERE `starter_id` = '{$id}'"; // Return Data $return = $database->query($query); // Return the count return $database->num($return); } else { return intval(0); } } if ($id === "*") { if ($category) { if (alpha($category, 'numeric')) { $category = "`category` = '{$category}' AND "; } } if ($type == "exclude_stickies") { if ($today) { $query = "SELECT `id` FROM `forum` WHERE {$category}(`reply` = '0' AND `sticky` = '0') AND (`time` >= " . strtotime('-1 day') . ")"; } else { // Query $query = "SELECT id FROM `forum` WHERE {$category}(`reply` = '0' AND `sticky` = '0')"; } } else { if ($today) { $query = "SELECT `id` FROM `forum` WHERE {$category}(`reply` != '0' AND `time` >= " . strtotime('-1 day') . ")"; } else { // Query $query = "SELECT id FROM `forum` WHERE {$category}(`reply` = '0')"; } } // Return Data $return = $database->query($query); // Return the count return $database->num($return); } else { // Query $query = "SELECT id FROM `forum` WHERE `reply` = {$id}"; // Return Data $return = $database->query($query); // Return the count return $database->num($return); } }
/** * Allows updating of topics, stuck or closed, and posts * @global array * @global array * @param integer $id post we are editing * @param string $topic post subject * @param string $content post content * @param integer $reply id of topic we are replying to * @param boolean $sticky are we sticking it to the top? * @param boolean $closed are we closing it? * @return string|int */ function update($id, $topic, $content, $sticky = false, $closed = false) { global $config, $user_data; // The time. milliseconds / seconds may change. $time = time(); // Is the id numeric? if (!alpha($id, 'numeric')) { return lang_parse('error_given_not_numeric', array(lang('post') . " " . lang('id'))); } // Grab the data for the update. $post_data = topic($id); // Check to see if the post or topic was found. if (!$post_data) { return lang('error_post_missing'); } // Pre-Parse $topic = clean_input(strip_repeat($topic)); $content = htmlentities($content); $content = clean_input(stripslashes($content)); // Is the user currently logged in? If not we can't update return error. if ($_SESSION['logged_in']) { // Editing a topic not post if ($post_data['reply'] == 0) { if ($topic == "") { return lang_parse('error_no_given', array(lang('username'))); } } else { if ($topic == "") { $topic = "re:"; } } // Is the subject valid? if (!alpha($topic, 'alpha-extra')) { return lang_parse('error_invalid_chars', array(lang('subject'))); } // Did they give us any content to work with? if ($content != "") { if (!is_string(length($content, $config['message_minimum_length'], $config['message_max_length']))) { // Check to see if the user is an admin and able to sticky / close the topic if ($_SESSION['admin'] || $_SESSION['moderator']) { // Sticky $sticky = $sticky ? '1' : '0'; // Closed $closed = $closed ? '1' : '0'; // Admin functions update_field($id, 'sticky', $sticky); update_field($id, 'closed', $closed); } // Parsing $content = htmlspecialchars($content); // Update the post already inside of the database with the new data $result = mysql_query("UPDATE `forum` SET `subject`='{$topic}', `message`='{$content}', `updated`='{$time}', `replies`='{$replies}' WHERE id = '{$id}'") or die(mysql_error()); // Did it work? if ($result) { return true; } else { return false; } } else { return lang_parse('error_message_length', array($config['message_max_length'], $config['message_minimum_length'])); } } else { return lang_parse('error_no_given', array(lang('message'))); } } else { return lang('error_not_logged'); } }
function terms() { global $prefix, $sitename, $db, $pagetitle; $eid = intval($_GET['eid']); $ltr = substr($_GET['ltr'], 0, 1); $sql = "SELECT active FROM " . $prefix . "_encyclopedia WHERE eid='{$eid}'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $active = $row['active']; $sql = "SELECT title FROM " . $prefix . "_encyclopedia WHERE eid='{$eid}'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $title = $row['title']; $pagetitle .= ' ' . _BC_DELIM . ' ' . $title; require_once 'header.php'; OpenTable(); if ($active == 1 || is_admin()) { if ($active != 1 && is_admin()) { echo "<center>" . _YOURADMINENCY . "</center><br /><br />"; } echo "<center>Please select one term from the following list:</center><br /><br />" . "<table border=\"0\" align=\"center\">"; $sql = "SELECT tid, title FROM " . $prefix . "_encyclopedia_text WHERE UPPER(title) LIKE '{$ltr}%' AND eid='{$eid}'"; $result = $db->sql_query($sql); $numrows = $db->sql_numrows($result); if ($numrows == 0) { echo "<center><i>" . _NOCONTENTFORLETTER . " {$ltr}.</i></center>"; } while ($row = $db->sql_fetchrow($result)) { $tid = $row['tid']; $title = $row['title']; echo "<tr><td><a href=\"" . getlink("&op=content&tid={$tid}") . "\">{$title}</a></td></tr>"; } echo "</table><br /><br />"; alpha($eid); } else { echo "<center>" . _ENCYNOTACTIVE . "<br /><br />" . "" . _GOBACK . "</center>"; } CloseTable(); }