function do_login() { global $s; if (isset($_POST[login_submit])) { $checkun = iprotect($_POST[login_un]); $rchecktheuser = dbquery("SELECT * FROM users WHERE username = '******'"); if (dbrows($rchecktheuser) != 1) { return 'Sorry, the specified user doesn\'t exist. Please try again.'; } $checktheuser = dbrow($rchecktheuser); if ($checktheuser[pwhash] == md5(md5($checktheuser['salt']) . md5($_POST[login_pw]))) { // authenticated correctly! $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_CBC); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $storediv = addslashes(base64_encode($iv)); $encryptedpw = base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, PassEncodeKey, $_POST[login_pw], MCRYPT_MODE_CBC, $iv)); dbquery("UPDATE users SET lastivused = '{$storediv}' WHERE username = '******'"); $cookietime = time() + 15768000; makecookie('logged_in', 1, $cookietime); makecookie('username', $_POST[login_un], $cookietime); makecookie('password', $encryptedpw, $cookietime); $_SESSION[logged_in] = 1; $_SESSION[username] = $_POST[login_un]; $_SESSION[password] = $encryptedpw; $s[logged_in] = 1; return true; } else { return 'Wrong password, sorry.'; } } // if it returns a non-blank string, it's an error // if it returns true (check with === not ==) you've logged in successfully // if it returns nothing, just show the form }
function getProfilePic($user_id, $size) { $profile_pic = dbrow("SELECT profile_pic FROM litter_users\n\t\tWHERE user_id = '{$user_id}'"); if (!$profile_pic['profile_pic']) { $pic = 'userIMG/profile.png'; } else { $pic = 'userIMG/' . $user_id . '/' . $profile_pic['profile_pic']; } return '<img src="' . $pic . '" height="' . $size . '">'; }
function request($frm) { if (isset($_POST["btn_back"])) { return enter($frm); } if ($frm->validate("request")) { return confirm($frm); } $newkey = genkey(); if (isset($_REQUEST["suppid"])) { $suppid = $_REQUEST["suppid"]; $custid = "0"; } else { $custid = $_REQUEST["custid"]; $suppid = "0"; } $cols = grp(m("introtime", raw("CURRENT_TIMESTAMP")), m("introip", "0.0.0.0"), m("email", $_REQUEST["email"]), m("custid", $custid), m("suppid", $suppid), m("key", dbrow("0.0.0.0/0", "", $newkey)), m("userid", USER_ID)); $upd = new dbUpdate("keys", "trh", $cols); $upd->run(DB_INSERT); if ($upd->affected() > 0) { if (isset($_REQUEST["suppid"])) { if (($r = send_trhmsg("supp", $_REQUEST["suppid"], $_REQUEST["email"], "reqkey", $newkey)) === true) { $OUT = "Sent request for communication to supplier. On response you will be notified."; } else { $OUT = "Error sending request for communication: {$r}"; } } else { if (($r = send_trhmsg("cust", $_REQUEST["custid"], $_REQUEST["email"], "reqkey", $newkey)) === true) { $OUT = "Sent request for communication to customer. On response you will be notified."; } else { $OUT = "Error sending request for communication: {$r}"; } } } else { $OUT = "Error sending request for communication: Error updating database."; } return $OUT; }
print "<td style='color: #af3333'><input type='radio' name='rep' value='-1'> Negative (-1)</td>"; print "<td style='color: #af3333'><input type='radio' name='rep' value='-2'> Negative (-2)</td>"; print "</tr>"; print "</table>"; print "<input type='text' size='70' maxlength='120' name='comment' class='textentry'>"; print " <input type='submit' name='makeit' value='Rate!' class='button'>"; print "</form>"; print "<hr>"; } $getit = dbquery("SELECT reputation.*,users.userid,users.username,users.powerlevel FROM reputation LEFT JOIN users ON reputation.sender=users.userid WHERE recipient = {$userid} ORDER BY reputation.date desc"); if (mysql_num_rows($getit) == 0) { print "No one has rated " . htmlspecialchars($userdata[username]) . " yet. :("; } else { $alternating = true; print "<table cellpadding='0' cellspacing='0' style='width: 100%' id='rep'>"; while ($row = dbrow($getit)) { $alternating = !$alternating; if ($alternating) { $alt = " class='rowalt'"; } else { $alt = ""; } print "<tr{$alt}>"; print "<td align='left' valign='top'>"; $userlink = userlink($row[userid], htmlspecialchars($row[username]), $row[powerlevel]); $date = parsedate($row[date]); print "<span style='font-size: 11px'>{$userlink} rated at {$date}:"; if ($candelete) { print " (<a href='index.php?m=reputation&id={$userid}&deleterep={$row['id']}'>delete</a>)"; } print "</span>";
<?php if (!defined('IN_TBB')) { die; } $threadid = $_GET['id']; if (!is_numeric($threadid)) { print "Invalid thread ID.<br><a href='index.php'>Return to the main page</a>"; } else { $threadid = intval($threadid); // just to be safe $threadquery = dbquery("SELECT * FROM threads WHERE id = {$threadid}"); if (mysql_num_rows($threadquery) == 0) { print "No thread with this ID exists.<br><a href='index.php'>Return to the main page</a>"; } else { $threadinfo = dbrow($threadquery); $checkifpoll = dbquery("SELECT id FROM polls WHERE thread = {$threadid}"); if (mysql_num_rows($checkifpoll) != 0) { print "This thread already has a poll.<br><a href='index.php?showthread={$threadid}'>Return to the thread</a>"; } else { if ($threadinfo['authorid'] != $s['user']['userid']) { print "You can't add a poll to a thread you didn't create.<br><a href='index.php?showthread={$threadid}'>Return to the thread</a>"; } else { // if it returns a non-blank string, it's an error // if it returns true (check with === not ==) the poll has been created successfully // if it returns nothing, just show the form $result = add_poll(); if ($result === true) { header("Location: index.php?showthread={$threadid}"); } else { if ($result != '') {
<?php if (!defined('IN_TBB')) { die; } $pollid = $_GET['id']; if (!is_numeric($pollid)) { print "Invalid poll ID.<br><a href='index.php'>Return to the main page</a>"; } else { $pollid = intval($pollid); // just to be safe $pollquery = dbquery("SELECT * FROM polls WHERE id = {$pollid}"); if (mysql_num_rows($pollquery) == 0) { print "No poll with this ID exists.<br><a href='index.php'>Return to the main page</a>"; } else { $pollinfo = dbrow($pollquery); if (isset($_GET['vote'])) { $checkit = dbquery("SELECT id FROM votes WHERE poll={$pollid} AND voter={$s[user][userid]}"); if (mysql_num_rows($checkit) == 0) { $choice = intval($_GET['vote']); if ($choice >= 0 && $choice < $pollinfo[choicecount]) { $voteinfo = explode('|', $pollinfo[voteinfo]); $voteinfo[$choice]++; $newvoteinfo = implode('|', $voteinfo); dbquery("UPDATE polls SET voteinfo='{$newvoteinfo}', votecount = votecount + 1 WHERE id = {$pollid}"); $time = time(); dbquery("INSERT INTO votes (poll,voter,choice,date) VALUES ({$pollid},{$s[user][userid]},{$choice},{$time})"); } header("Location: index.php?showthread={$pollinfo['thread']}"); } }
print "</form>"; } } break; case 'order': print "Editing forum orders: (<a href='index.php?m=admin&act=forums&do=list'>Return to editing forums</a>)"; //print "<div class='bigspacing'></div>"; print "<form action='index.php?m=admin&act=forums&do=updateorders' method='post'>"; $categories = array(0 => array('name' => 'Uncategorised', 'power' => 1, 'order' => -1)); $getcategories = dbquery("SELECT * FROM categories ORDER BY `order`"); while ($row = dbrow($getcategories)) { $row[forums] = array(); $categories[$row[id]] = $row; } $getforums = dbquery("SELECT * FROM forums ORDER BY `order`"); while ($row = dbrow($getforums)) { $categories[$row[category]][forums][$row[id]] = $row; } foreach ($categories as $cat) { print "<div class='bigspacing'></div>"; print "Category: <b>{$cat['name']}</b>"; print "<div class='bigspacing'></div>"; print "<table class='styled' style='width: 100%; max-width: 800px; margin: 0 auto' cellpadding='0' cellspacing='0'>"; print "<tr class='header'><td style='width: 10%'>Order</td><td>Forum</td></tr>"; foreach ($cat[forums] as $row) { print "<tr><td><input type='text' size='3' maxlength='3' name='order[{$row['id']}]' value='{$row['order']}' class='textentry'></td><td>{$row['name']}</td></tr>"; } print "</table>"; print "<hr>"; } print "<input type='submit' name='makeit' value='Update Forum Orders' class='button'>";
function send_pm() { global $s; // self note: not having this is why so many functions mess up if (isset($_POST[makeit])) { $error_string = ''; $recipient = iprotect($_POST['recipient']); $getrec = dbquery("SELECT userid FROM users WHERE username = '******'"); if (dbrows($getrec) == 0) { $error_string .= 'No user named ' . htmlspecialchars($_POST['recipient']) . ' seems to exist.<br>' . "\n"; } else { $getit = dbrow($getrec); $recipientid = $getit[userid]; } if (!($_POST['title'] != '' && strlen($_POST['title']) <= 70)) { $error_string .= 'Message title was either not entered, or too long.<br>' . "\n" . 'It must be 70 characters or less.<br>' . "\n"; } if (!isset($_POST['text']) or $_POST['text'] == '') { $error_string .= 'You didn\'t enter a message.<br>'; } if ($error_string != '') { //print 'WE HANDLED AN ERROR IT WAS '.$error_string; return $error_string; } else { print 'THERE WAS NO ERROR'; $inserttitle = iprotect($_POST['title']); $inserttext = iprotect($_POST['text']); $currenttime = time(); dbquery("INSERT INTO pmessages (title,sender,recipient,exists_sender,exists_recipient,pmread,text,sentdate) VALUES ('{$inserttitle}',{$s[user][userid]},{$recipientid},1,1,0,'{$inserttext}',{$currenttime})"); // WHY THE F**K DOES THIS NOT TRIGGER //print mysql_error(); return true; } } // if it returns a non-blank string, it's an error // if it returns true (check with ===) the PM has been sent successfully // if it returns nothing, just show the form }
if ($s[logged_in] && $row[lastpostdate] > $lastread[$row[forum]] && $row[id] != $row[thread]) { $icon = "<img src='{$theme}images/icon_unreadtiny.png' alt='This thread has unread posts.' title='This thread has unread posts.'>"; } else { $icon = "<img src='{$theme}images/icon_tiny.png' alt='This thread has no unread posts.' title='This thread has no unread posts.'>"; } print "{$icon} <a href='index.php?showthread={$row['id']}{$doit['2']}'>{$row['name']}</a> by {$author}<br>"; } ?> </div> <?php } ?> <div class='portalheader'>Board Statistics</div> <div class='portalbox'> <?php $getcounts = dbquery("SELECT count(userid) FROM users"); $getit = dbrow($getcounts); $users = $getit['count(userid)']; $getcounts = dbquery("SELECT count(id) FROM threads"); $getit = dbrow($getcounts); $threads = $getit['count(id)']; $getcounts = dbquery("SELECT count(id) FROM posts"); $getit = dbrow($getcounts); $posts = $getit['count(id)']; print "This board has {$users} members, who have made {$threads} threads and {$posts} posts."; ?> </div> </td> </tr> </table>
} else { if ($result != '') { print '<b>The following errors occurred while posting your reply:<br>' . $result . '</b><br>Your post data has been saved.<hr>'; } if (isset($_POST['preview'])) { print "<b>Preview:</b>"; $posttext = getpost($_POST['text'], true, true, false); display_post($s[user], 'Posted', time(), $cmds, $posttext); print "<br>"; } if (isset($_GET['quote'])) { $quoteid = intval($_GET[quote]); $getquote = dbquery("SELECT * FROM posts WHERE id = {$quoteid} AND thread = {$threadid}"); if (dbrows($getquote) != 0) { // ignore the quote if it's an invalid id $quotepost = dbrow($getquote); $quotetime = parsedate($quotepost[postdate]); $quote = "[quote={$quotepost['authorname']} ({$quotetime})]{$quotepost['posttext']}[/quote]\n\n"; } } ?> <b>Replying to <?php echo htmlspecialchars($threadinfo[name]); ?> : (<a href='index.php?showthread=<?php echo $threadid; ?> '>Return to Thread</a>)</b> <br> <form action='index.php?m=board&act=postreply&id=<?php echo $threadid;
$newlastthread[name] = iprotect($newlastthread[name]); $newlastthread[lastpostername] = iprotect($newlastthread[lastpostername]); if ($newlastthread) { dbquery("UPDATE forums SET lastposterid = {$newlastthread['lastposterid']}, lastposter = '{$newlastthread['lastpostername']}', lastpostedin = '{$newlastthread['name']}', lastpostedinid = {$newlastthread['id']}, lastpostdate = {$newlastthread['lastpostdate']}, threads = threads - 1, posts = posts - {$subtract} WHERE id = {$threadinfo['forum']}"); } else { dbquery("UPDATE forums SET lastposterid = 0, lastposter = '', lastpostedin = '', lastpostedinid = 0, lastpostdate = 0, threads = threads - 1, posts = posts - {$subtract} WHERE id = {$threadinfo['forum']}"); } $action = true; } } elseif (isset($_POST[do_delete])) { $getpostcount = dbrow(dbquery("SELECT COUNT(id) FROM posts WHERE thread = {$threadid}")); $subtract = $getpostcount['COUNT(id)']; dbquery("DELETE FROM posts WHERE thread = {$threadid}"); dbquery("DELETE FROM threads WHERE id = {$threadid}"); dbquery("DELETE FROM threadread WHERE thread = {$threadid}"); $newlastthread = dbrow(dbquery("SELECT threads.*,users.username FROM threads LEFT JOIN users ON threads.lastposterid=users.userid WHERE forum = {$threadinfo['forum']} ORDER BY lastpostdate DESC LIMIT 1")); $newlastthread[name] = iprotect($newlastthread[name]); $newlastthread[lastpostername] = iprotect($newlastthread[lastpostername]); if ($newlastthread) { dbquery("UPDATE forums SET lastposterid = {$newlastthread['lastposterid']}, lastposter = '{$newlastthread['lastpostername']}', lastpostedin = '{$newlastthread['name']}', lastpostedinid = {$newlastthread['id']}, lastpostdate = {$newlastthread['lastpostdate']}, threads = threads - 1, posts = posts - {$subtract} WHERE id = {$threadinfo['forum']}"); } else { dbquery("UPDATE forums SET lastposterid = 0, lastposter = '', lastpostedin = '', lastpostedinid = 0, lastpostdate = 0, threads = threads - 1, posts = posts - {$subtract} WHERE id = {$threadinfo['forum']}"); } header("Location: index.php?showforum={$threadinfo['forum']}"); } if ($action) { header("Location: index.php?showthread={$threadid}"); } } } }
print "The two passwords you entered didn't match.<br>"; print "<a href='index.php?m=admin&act=users&do=edit&id={$id}'>Return to editing {$showuser}</a>"; } else { dbquery("update users set pwhash = '{$newhash}' where userid = {$id}"); header("Location: index.php?m=admin&act=users&do=edit&id={$id}"); } } break; case 'updateprofile': $id = intval($_GET['id']); $getuser = dbquery("SELECT * FROM users WHERE userid = {$id}"); if (mysql_num_rows($getuser) == 0) { print "No user exists with this ID.<br>"; print "<a href='index.php?m=admin&act=users&do=list'>Return to editing users</a>"; } else { $user = dbrow($getuser); $powerlevel = intval($_POST[powerlevel]); $posts = intval($_POST[posts]); $threads = intval($_POST[threads]); $email = iprotect($_POST[email]); $usertitle = iprotect($_POST[usertitle]); $hasavatar = 0; if ($_POST[hasavatar] == 'haveit') { $hasavatar = 1; } $avatarext = iprotect($_POST[avatarext]); $location = iprotect($_POST[location]); $quote = iprotect($_POST[quote]); $birthday = ''; if ($_POST[birthday] != '') { $validify = explode('-', $_POST[birthday]);
} print "<tr{$rowalt}><td>{$choice} ({$vote} vote{$plural}){$votelink}</td></tr>"; $idx++; } } print "</table>"; print "<br>"; } else { if ($threadinfo[authorid] == $s[user][userid]) { print "<a href='index.php?m=board&act=addpoll&id={$threadid}'>Add Poll</a><br>"; } } print "<b>Pages:</b> "; pagination($pagecount, $pagenum, "index.php?showthread={$threadid}"); print "<br>"; while ($post = dbrow($postquery)) { $posttext = getpost($post[posttext], true, true, false); $cmds = ''; if ($post[editinfo]) { $cmds = " · {$post['editinfo']}"; } if ($s[user][powerlevel] >= $foruminfo[reply_power]) { $cmds .= " · <a href='index.php?m=board&act=postreply&id={$threadid}"e={$post['id']}'>Quote</a>"; } if ($s[user][userid] == $post[userid] || $s[user][powerlevel] >= $foruminfo[mod_power]) { $cmds .= " · <a href='index.php?m=board&act=editpost&id={$post['id']}'>Edit</a>"; } if ($s[user][powerlevel] >= $foruminfo[mod_power]) { $cmds .= " · <a href='#' onClick='if (confirm(\"Are you sure you want to delete this post?\") == true) { window.location = \"index.php?m=board&act=modpost&id={$post['id']}&func=delete\"; }'>Delete</a>"; } print "<a name='post{$post['id']}'></a>";
die; } $postid = $_GET['id']; if (!is_numeric($postid)) { print "Invalid post ID.<br><a href='index.php'>Return to the main page</a>"; } else { $postid = intval($postid); // just to be safe $postquery = dbquery("SELECT * FROM posts WHERE id = {$postid}"); if (mysql_num_rows($postquery) == 0) { print "No post with this ID exists. This post may have been deleted.<br><a href='index.php'>Return to the main page</a>"; } else { $postinfo = dbrow($postquery); $userinfo = dbrow(dbquery("SELECT * FROM users WHERE userid = {$postinfo['authorid']}")); $threadinfo = dbrow(dbquery("SELECT * FROM threads WHERE id = {$postinfo['thread']}")); $foruminfo = dbrow(dbquery("SELECT * FROM forums WHERE id = {$threadinfo['forum']}")); $threadinfo[name] = htmlspecialchars($threadinfo[name]); if ($s[user][powerlevel] < $foruminfo[mod_power] && $s[user][userid] != $postinfo[authorid]) { print "You're not allowed to edit this post.<br><a href='index.php?showthread={$threadid}'>Return to the thread</a>"; } else { // if it returns a non-blank string, it's an error // if it returns true (check with ===) the post has been edited successfully // if it returns nothing, just show the form $result = edit_post(); if ($result === true) { header("Location: index.php?showthread={$threadinfo['id']}&post={$postid}#post{$postid}"); } else { if ($result != '') { print '<b>The following errors occurred while editing your post:<br>' . $result . '</b><br>Your post data has been saved.<hr>'; } if (isset($_POST['preview'])) {
/** * handles a order request * * @param string $key * @param clsMailMsg $oMSG * @param array $config * @return bool */ function request_order($key, $oMSG, $config) { if (($stds = msg_std($oMSG)) === false) { return false; } list($compname, $ipaddr, $bustel, $fromwho, $email) = $stds; /* other side key */ if (($yourkey = getfrommmsg(REGEX_YOURKEY, $oMSG)) === false) { return false; } /* validate keys */ if (($keyinfo = trhKeyPair($key, $yourkey)) === false) { return false; } $custid = $keyinfo["custid"]; if (count($oMSG->parts) < 2) { print "Invalid message: count(parts) < 2\n"; return false; } $attach = new clsMailMsg(); $attach->processMessage(implode("\r\n", $oMSG->parts[1])); if ($attach->getAttachmentFilename() != "data.xml") { print "Invalid message part. Disposition name != data.xml\n"; return false; } $XML = base64_decode(preg_replace("/[ \r\n\t]/", "", implode("", $attach->body))); global $reqpur_activetag, $purch_info, $purch_items; $reqpur_activetag = $purch_info = $purch_items = array(); $parser = xml_parser_create(); xml_set_element_handler($parser, "stElement", "endElement"); xml_parse($parser, $XML, true); xml_parser_free($parser); $i = grp(m("approved", "n"), m("custid", $custid), m(raw("trhkey"), dbrow("0.0.0.0/0", "{$keyinfo['send_key']}", "{$keyinfo['recv_key']}"))); $purch_info = array_merge($purch_info, $i); foreach ($purch_info as $k => $v) { if (empty($v)) { $purch_info[$k] = raw("NULL"); } } $upd = new dbUpdate("recvpurch", "trh", $purch_info); $upd->run(DB_INSERT); $recvpurch_id = pglib_lastid("trh.recvpurch", "id"); $upd->setTable("recvpurch_items", "trh"); foreach ($purch_items as $pi_det) { unset($pi_det["id"]); $pi_det["recvpurch_id"] = $recvpurch_id; $upd->setOpt($pi_det); $upd->run(DB_INSERT); } print "Purchase inserted.\n"; $userinfo = qryUsers($config["MANAGEUSER"]); msgSend($userinfo["username"], "Purchase received via Transheks. Click <a target='mainframe' href='../transheks/order_approve.php'>here</a> to view."); }
header('Location: index.php?m=admin&act=cats&do=list'); } break; case 'delete': $id = intval($_GET['id']); dbquery("DELETE FROM categories WHERE id={$id}"); header('Location: index.php?m=admin&act=cats&do=list'); break; case 'order': print "Editing category orders: (<a href='index.php?m=admin&act=cats&do=list'>Return to editing categories</a>)"; print "<div class='bigspacing'></div>"; print "<form action='index.php?m=admin&act=cats&do=updateorders' method='post'>"; print "<table class='styled' style='width: 100%; max-width: 800px; margin: 0 auto' cellpadding='0' cellspacing='0'>"; print "<tr class='header'><td style='width: 15%'>Order</td><td>Category</td></tr>"; $getcategories = dbquery("SELECT * FROM categories ORDER BY `order`"); while ($row = dbrow($getcategories)) { print "<tr><td><input type='text' size='3' maxlength='3' name='order[{$row['id']}]' value='{$row['order']}' class='textentry'></td><td>{$row['name']}</td></tr>"; } print "</table>"; print "<input type='submit' name='makeit' value='Update Category Orders' class='button'>"; print "</form>"; break; case 'updateorders': if (isset($_POST['order']) && is_array($_POST['order']) && count($_POST['order']) > 0) { foreach ($_POST['order'] as $id => $order) { $iid = intval($id); $iorder = intval($order); dbquery("UPDATE categories SET `order` = {$iorder} WHERE id = {$iid}"); } header('Location: index.php?m=admin&act=cats&do=list'); }
while ($forum = dbrow($getforums)) { if (!can_view_forum($forum)) { continue; } $getlastread = dbquery("SELECT * FROM forumread WHERE forum = {$forum['id']} AND user = {$s[user][userid]}"); if (dbrows($getlastread) == 0) { $lastread = 0; } else { $getit = dbrow($getlastread); $lastread = $getit[lastread]; } $checkagain = dbquery("SELECT COUNT(user) FROM threadread WHERE forum = {$forum['id']} AND user = {$s[user][userid]}"); $getit = dbrow($checkagain); $readcount = $getit['COUNT(user)']; $checkunread = dbquery("SELECT COUNT(id) FROM threads WHERE forum = {$forum['id']} AND lastpostdate > {$lastread}"); $getit = dbrow($checkunread); $totalcount = $getit['COUNT(id)']; if ($s[logged_in] && $totalcount > $readcount) { $unread = $totalcount - $readcount; $forumicon = "<img src='{$theme}images/forumicon.php?number={$unread}' alt='This forum has {$unread} unread threads.' title='This forum has {$unread} unread threads.'>"; } else { $forumicon = ''; $forumicon = "<img src='{$theme}images/icon_forumread.png' alt='This forum has no unread threads.' title='This forum has no unread threads.'>"; } $alternating = !$alternating; if ($alternating) { print "<tr class='rowalt'>"; } else { print "<tr>"; } print "<td style='text-align: center'>{$forumicon}</td>";
print "<b>Pages:</b> "; pagination($pagecount, $pagenum, "index.php?m=users"); break; case 'profile': $userid = $_GET['id']; if (!is_numeric($userid)) { print "Invalid user ID.<br><a href='index.php'>Return to the main page</a>"; break; } $userid = intval($userid); // just to be safe $memberquery = dbquery("SELECT * FROM users WHERE userid = {$userid}"); if (mysql_num_rows($memberquery) == 0) { print "No user with this ID exists.<br><a href='index.php'>Return to the main page</a>"; } else { $member = dbrow($memberquery); //$member[username] = htmlspecialchars($member[username]); $namelink = userlink($member[userid], htmlspecialchars($member[username]), $member[powerlevel]); print "<table class='styled' style='width: 100%; margin: 0px auto; border: 0px' cellpadding='0' cellspacing='0'>"; print "<tr><td colspan='2' style='font-size: 15px; font-weight: bold'>Profile for {$namelink}</td></tr>"; print "<tr>"; // left bit print "<td style='width: 50%' valign='top'>"; print "<table class='styled' style='width: 100%'>"; print "<tr class='header'><td>Profile Info</td></tr>"; print "<tr><td style='text-align: left'>"; if ($member[hasavatar] == 1) { print "<img src='avatars/{$member['userid']}.{$member['avatarext']}' alt='Avatar' style='display: block; margin: 0 auto'>"; print "<div class='bigspacing'></div>"; } if ($member[usertitle]) {
$comma = false; while ($row = dbrow($getpeople)) { if ($comma) { print ', '; } else { $comma = true; } print userlink($row[userid], htmlspecialchars($row[username]), $row[powerlevel]); } } $bddate = date('d-m-%'); $getpeople = dbquery("SELECT userid,username,powerlevel FROM users WHERE birthday LIKE '{$bddate}'"); if (dbrows($getpeople) != 0) { print " · <b>Today's Birthdays:</b> "; $comma = false; while ($row = dbrow($getpeople)) { if ($comma) { print ', '; } else { $comma = true; } print userlink($row[userid], htmlspecialchars($row[username]), $row[powerlevel]); } } ?> </div> <?php echo $page; ?> <div style='font-style: italic; color: #555; margin: 4px 0px; border-top: 1px solid #aad6ff; padding-top: 4px; text-align: right;'>perpetually unfinished, totally custom board software - © 2009-2010 Treeki</div> <!-- random debug info: render time: <?php
<?php if (!defined('IN_TBB')) { die; } $forumid = $_GET['id']; if (!is_numeric($forumid)) { print "Invalid forum ID.<br><a href='index.php'>Return to the main page</a>"; } else { $forumid = intval($forumid); // just to be safe $forumquery = dbquery("SELECT * FROM forums WHERE id = {$forumid}"); if (mysql_num_rows($forumquery) == 0) { print "No forum with this ID exists.<br><a href='index.php'>Return to the main page</a>"; } else { $foruminfo = dbrow($forumquery); if ($s[user][powerlevel] < $foruminfo[thread_power] || !can_view_forum($foruminfo)) { print "You're not allowed to create threads in this forum.<br><a href='index.php'>Return to the main page</a>"; } else { // if it returns a non-blank string, it's an error // if it returns a thread id (check with is_numeric) the thread has been created successfully // if it returns nothing, just show the form $result = create_thread(); if (is_numeric($result)) { header("Location: index.php?showthread={$result}"); } else { if ($result != '') { print '<b>The following errors occurred while creating your thread:<br>' . $result . '</b><br>Your post data has been saved.<hr>'; } if (isset($_POST['preview'])) { print "<b>Preview:</b>";
function showthreads($threadquery, $alternating) { global $postspp, $s, $lastread, $theme; while ($thread = dbrow($threadquery)) { $thread[name] = htmlspecialchars($thread[name]); $thread[desc] = htmlspecialchars($thread[desc]); $alternating = !$alternating; if ($alternating) { print "<tr class='rowalt'>"; } else { print "<tr>"; } $dot = ''; if ($thread[checkpostedin]) { $dot = 'dot'; } if ($s[logged_in] && $thread[lastpostdate] >= $lastread && $thread[thread] != $thread[id]) { if ($thread[locked] == 1) { $threadicon = "<img src='{$theme}images/icon_threadlockedunread.png' alt='This thread has unread posts, and is locked.' title='This thread has unread posts, and is locked.'>"; } else { $threadicon = "<img src='{$theme}images/icon_threadunread{$dot}.png' alt='This thread has unread posts.' title='This thread has unread posts.'>"; } } else { if ($thread[locked] == 1) { $threadicon = "<img src='{$theme}images/icon_threadlocked.png' alt='This thread has no unread posts, and is locked.' title='This thread has no unread posts, and is locked.'>"; } else { $threadicon = "<img src='{$theme}images/icon_thread{$dot}.png' alt='This thread has no unread posts.' title='This thread has no unread posts.'>"; } } $pages = ''; if ($thread[replies] + 1 > $postspp) { $threadpagecount = ceil(($thread[replies] + 1) / $postspp); $pages .= ' <span class=\'pages\'>(pages: '; if ($threadpagecount > 6) { $dleft = 3; $dright = $threadpagecount - 2; } else { $dleft = 7; $dright = -1; } $docomma = false; for ($cp = 1; $cp <= $threadpagecount; $cp++) { if ($cp > $dleft && $cp < $dright) { continue; } if ($docomma) { $pages .= ', '; } else { $docomma = true; } $pages .= "<a href='index.php?showthread={$thread['id']}&page={$cp}'>{$cp}</a>"; if ($cp == $dleft) { $pages .= "..."; $docomma = false; } } $pages .= ')</span>'; } print "<td>{$threadicon}</td>"; $threadcustomicon = ''; if ($thread[icon]) { $threadcustomicon = "<img src='smilies/{$thread['icon']}' alt='Icon'>"; } print "<td>{$threadcustomicon}</td>"; print "<td style='text-align: left'><a href='index.php?showthread={$thread['id']}' style='font-size: 12px'>{$thread['name']}</a><br><div style='font-size: 11px; margin: 2px 0px 0px 2px'>{$thread['desc']}{$pages}</div></td>"; $author = userlink($thread[authorid], htmlspecialchars($thread[authorname]), $thread[authorpower]); print "<td>{$author}</td>"; print "<td>{$thread['replies']}</td>"; print "<td style='font-size: 11px'>"; $lastpostdate = parsedate($thread[lastpostdate]); print "{$lastpostdate}<br>"; $lastposter = userlink($thread[lastposterid], htmlspecialchars($thread[lastpostername]), $thread[lastposterpower]); print "by {$lastposter}"; print "</td>"; print "</tr>"; } }
} print "<div class='bigspacing'></div>"; print "<b>Post an Admin Note:</b><br>"; print "<form action='index.php?m=admin&act=idx' method='post'>"; print "<textarea rows='4' cols='70' name='data'></textarea>"; print "<br>"; print "<input type='submit' name='makeit' value='Add Note' class='button'>"; print "</form>"; print "<hr>"; $getnotes = dbquery("select adminnotes.*,users.userid,users.username,users.powerlevel from adminnotes left join users on adminnotes.author=users.userid order by adminnotes.notedate"); if (mysql_num_rows($getnotes) == 0) { print "Apparently no one has posted any notes yet."; } else { $alternating = true; print "<table cellpadding='0' cellspacing='0' style='width: 100%' id='rep'>"; while ($row = dbrow($getnotes)) { $alternating = !$alternating; if ($alternating) { $alt = " class='rowalt'"; } else { $alt = ""; } print "<tr{$alt}>"; print "<td align='left' valign='top'>"; $userlink = userlink($row[userid], htmlspecialchars($row[username]), $row[powerlevel]); $date = parsedate($row[notedate]); print "<span style='font-size: 11px'>{$userlink} posted at {$date}:</span>"; print "<div class='smallspacing'></div>"; print getpost($row[data], true, true, false); print "</td>"; print "</tr>";