<?php if (!$user->valid() || !isset($forum)) { header("Location: " . $page); exit; } $tid = $_REQUEST['tid']; $page = $_REQUEST['page']; if (!$user->is_valid_token($_REQUEST['token'])) { err_not_found("invalid token"); } if (isset($_REQUEST['time']) && is_numeric($_REQUEST['time'])) { $time = $_REQUEST['time']; } else { $time = time(); } /* Unix time (seconds since epoch) */ /* Convert it to MySQL format */ /* TZ: strftime is local time of SQL server -> used for tstamp */ $time = strftime("%Y%m%d%H%M%S", $time); if ($tid == "all") { require_once "thread.inc"; /* for is_thread_bumped() */ foreach ($tthreads as $tthread) { $iid = tid_to_iid($tthread['tid']); if (!isset($iid)) { continue; } /* TZ: unixtime is seconds since epoch */ $thread = db_query_first("select *, UNIX_TIMESTAMP(tstamp) as unixtime from f_threads{$iid} where tid = ?", array($tthread['tid'])); if (is_thread_bumped($thread)) {
<?php require_once 'thread.inc'; if (!isset($forum)) { echo "Invalid forum\n"; exit; } $page = $_REQUEST['page']; $tid = $_REQUEST['tid']; $time = $_REQUEST['time']; if (!$user->valid() || !is_numeric($tid)) { header("Location: {$page}"); exit; } $iid = tid_to_iid($tid); if (!isset($iid)) { echo "Invalid thread!\n"; exit; } if (!$user->is_valid_token($_REQUEST['token'])) { err_not_found("Invalid token"); } if (!is_numeric($time)) { err_not_found("Invalid timestamp"); } track_thread($forum['fid'], $tid, '', $time); Header("Location: {$page}"); // vim: sw=2
$new[] = "url: " . $nmsg['url']; } if (!empty($nmsg['imageurl'])) { $new[] = "imageurl: " . $nmsg['imageurl']; } if (!empty($nmsg['video'])) { $new[] = "video: " . $nmsg['video']; } $diff .= diff($old, $new); /* IMAGEURL HACK - prepend before insert */ /* for diffing and for entry into the db */ $nmsg = image_url_hack_insert($nmsg); /* Add it into the database */ $iid = mid_to_iid($mid); if (!isset($iid)) { err_not_found("message {$mid} has no iid"); exit; } $sql = "update f_messages{$iid} set name = ?, email = ?, flags = ?, subject = ?, " . "message = ?, url = ?, urltext = ?, video = ?, state = ?, " . "changes = CONCAT(changes, 'Edited by ', ?, '/', ?, ' at ', NOW(), ' from ', ?, '\n', ?, '\n') " . "where mid = ?"; db_exec($sql, array($nmsg['name'], $nmsg['email'], $nmsg['flags'], $nmsg['subject'], $nmsg['message'], $nmsg['url'], $nmsg['urltext'], $nmsg['video'], $nmsg['state'], $user->name, $user->aid, $remote_addr, $diff, $mid)); $sql = "replace into f_updates ( fid, mid ) values ( ?, ? )"; db_exec($sql, array($forum['fid'], $mid)); /* update user post counts and f_indexes */ if ($state_changed) { msg_state_changed($forum['fid'], $msg, $nmsg['state']); } if ($track_thread) { track_thread($forum['fid'], $nmsg['tid'], $send_email ? "SendEmail" : ""); } else { untrack_thread($forum['fid'], $nmsg['tid']); }
$yatt->set("forum_header", $hdr->parse("FORUM_HEADER", "forum_header")); $yatt->set("user_token", $user->token()); $yatt->set("page", $tpl->get_var("PAGE")); $yatt->set("forum", $forum); $yatt->set("time", time()); if (!isset($curpage)) { $curpage = 1; } $tpp = $user->threadsperpage; if ($tpp <= 0) { $tpp = 20; } $out = process_tthreads(); $numpages = ceil($out['numshown'] / $tpp); if ($numpages && $curpage > $numpages) { err_not_found("Page out of range"); exit; } $yatt->set('shown', $out['numshown']); $yatt->set('numpages', $numpages); /* calc start/end thread points */ $start = $tpp * ($curpage - 1); $end = $tpp * $curpage; $fmt = "/" . $forum['shortname'] . "/tracking/%d.phtml"; $yatt->set("pages", gen_pagenav($fmt, $curpage, $numpages)); if (isset($user->pref['SimpleHTML'])) { $block = "simple"; } else { $block = "normal"; } $new = false;
<?php $aid = $user->aid; $user = new AccountUser(); $user->find_by_aid((int) $aid); if (!$user->unsetcookie()) { err_not_found('unsetcookie() failed'); } if (isset($_GET['url'])) { $url = "url=" . $_GET['url'] . "&"; } header("Location: login.phtml?{$url}" . "message=" . urlencode("You have been logged out"));
function process_request($tpl, $arg) { global $user; if (!count($arg)) { return; } dump($arg); $args = ''; if (isset($arg['gid']) && is_numeric($arg['gid'])) { $gid = $arg['gid']; if ($gid < 0 || $gid > 31) { err_not_found("GID out of range"); } } if (isset($gid)) { $sqls = array(); $sargs = array(); $name = $user->name; if (isset($arg['submit']) && $arg['submit'] == "Update Slot {$gid}") { global $subject_tags; $subject = stripcrap($arg['subject'], $subject_tags); $url = stripcrapurl($arg['url']); $sqls[] = "update f_global_messages set " . "subject = ?, url = ?, " . "name = ?, date = NOW() " . "where gid = ?"; $sargs[] = array($subject, $url, $name, $gid); /* resend edit so we get the form back */ $args = "?gid={$gid}&edit"; } if (isset($arg['add'])) { $sqls[] = "insert into f_global_messages " . "(gid, name, date) values " . "(?, ?, NOW())"; $sargs[] = array($gid, $name); } if (isset($arg['take'])) { $sqls[] = "update f_global_messages set " . "name = ?, date = NOW() " . "where gid = ?"; $sargs[] = array($name, $gid); } if (isset($arg['touch'])) { $sqls[] = "update f_global_messages set " . "date = NOW() " . "where gid = ?"; $sargs[] = array($gid); } if (isset($arg['unhide'])) { $sqls[] = "update u_users set " . "gmsgfilter = gmsgfilter & ~(1<<{$gid}) where gmsgfilter & (1<<{$gid})"; $sargs[] = array(); } if (count($sqls)) { /* don't allow any sql updates unless we have a valid token */ if (!$user->is_valid_token($arg['token'])) { err_not_found("invalid token"); } for ($i = 0; $i < count($sqls); $i++) { $sql = $sqls[$i]; $sarg = $sargs[$i]; debug($sql . "\narray(" . implode(",", $sarg) . ")\n"); db_exec($sql, $sarg); } } if (isset($arg['edit'])) { /* on edit and add, we will send Location: but with "edit" again, stripping add and the token */ if (isset($arg['add'])) { $args = "?gid={$gid}&edit"; } else { generate_edit_form($tpl, $gid); } } if (count($sqls)) { header("Location: /admin/gmessage.phtml{$args}"); } } }
$tpl->set_block("success", "create"); $tpl->set_block("success", "email"); $tpl->set_block("success", "forgot_password"); $errors = array("unknown", "invalid_aid", "activate_failed", "dup_email"); $successes = array("create", "email", "forgot_password"); if (!isset($_REQUEST['cookie'])) { err_not_found('No cookie'); } $cookie = $_REQUEST['cookie']; $pending = db_query_first("select * from u_pending where cookie = ?", array($cookie)); if (!$pending) { if (isset($cookie) && !empty($cookie)) { $error = "unknown"; $tpl->set_var("COOKIE", $cookie); } else { err_not_found('No cookie'); } } else { $user = new AccountUser(); $user->find_by_aid((int) $pending['aid']); if (!$user->valid()) { $error = "invalid_aid"; } else { db_exec("update u_pending set status = 'Done' where tid = ?", array($pending['tid'])); switch ($pending['type']) { case "NewAccount": if ($user->status == 'Create') { $user->status("Active"); if (!$user->update()) { $error = "activate_failed"; } else {
function find_msg_index($mid) { global $indexes; reset($indexes); while (list($key) = each($indexes)) { if ($indexes[$key]['minmid'] <= $mid && $indexes[$key]['maxmid'] >= $mid) { return $indexes[$key]['iid']; } } return -1; } function find_thread_index($tid) { global $indexes; reset($indexes); while (list($key) = each($indexes)) { if ($indexes[$key]['mintid'] <= $tid && $indexes[$key]['maxtid'] >= $tid) { return $indexes[$key]['iid']; } } return -1; } if (preg_match("#^/[a-z]*/([a-z\\.]*)\$#", $script_name . $path_info, $regs)) { if (isset($scripts[$regs[1] . ""])) { include $scripts[$regs[1] . ""]; } else { err_not_found("no script for '{$regs['1']}'"); } } else { err_not_found("preg_match '{$script_name}{$path_info}' failed"); }
} else { $email = ""; } if (isset($_POST['password1'])) { $password1 = $_POST['password1']; } else { $password1 = ""; } if (isset($_POST['password2'])) { $password2 = $_POST['password2']; } else { $password2 = ""; } if (isset($_POST['submit'])) { if (!$user->is_valid_token($_POST['token'])) { err_not_found('Invalid token'); } if (!empty($name)) { $name = striptag($name, $no_tags); $name = trim($name); /* Filter out bad characters. Do the & first to catch SGML entities */ $name = preg_replace("/&/", "&#" . ord('&') . ";", $name); $name = preg_replace("/</", "<", $name); $name = preg_replace("/>/", ">", $name); if (!empty($name)) { $user->name($name); } } if (!empty($email)) { $email = trim($email); if (is_valid_email($email)) {
<?php $user->req("ForumAdmin"); if (is_valid_integer($_REQUEST['aid'])) { $aid = $_REQUEST['aid']; } else { err_not_found("Invalid FID or AID"); } /* If submit is set, shove the data into the database (well, after some */ /* error checking) */ if (isset($_POST['submit'])) { $opts = $_POST['opts']; for ($i = 0; $i < count($opts); $i++) { $capabilities = array(); if (is_valid_signed_integer($opts[$i]['fid'])) { $fid = $opts[$i]['fid']; if (isset($opts[$i]['Lock'])) { $capabilities[] = "Lock"; } if (isset($opts[$i]['Moderate'])) { $capabilities[] = "Moderate"; } if (isset($opts[$i]['Delete'])) { $capabilities[] = "Delete"; } if (isset($opts[$i]['OffTopic'])) { $capabilities[] = "OffTopic"; } if (isset($opts[$i]['Advertise'])) { $capabilities[] = "Advertise"; }
<?php $user->req("ForumAdmin"); if (!$user->is_valid_token($_REQUEST['token'])) { err_not_found('Invalid token'); } if ($_GET['clean'] == 1) { $sql = "delete from u_pending where status = 'Done'"; db_exec($sql); $sql = "delete from u_pending where TO_DAYS(NOW()) - TO_DAYS(tstamp) > 30"; db_exec($sql); Header("Location: pending.phtml?message=" . urlencode("Cleaned up completed requests")); } else { if (is_valid_integer($_GET['aid']) && is_valid_integer($_GET['tid'])) { $aid = $_GET['aid']; $tid = $_GET['tid']; } else { err_not_found('Invalid aid/tid'); } $sql = "delete from u_pending where aid = ? and tid = ?"; db_exec($sql, array($aid, $tid)); Header("Location: pending.phtml?message=" . urlencode("Request Deleted")); }
<?php $user->req("ForumAdmin"); /* If submit is set, shove the data into the database (well, after some */ /* error checking) */ if (isset($_POST['submit'])) { if (!is_valid_integer($_POST['fid'])) { err_not_found("Invalid fid"); } $fid = $_POST['fid']; $name = $_POST['name']; $shortname = $_POST['shortname']; if (isset($_POST['read'])) { $options[] = "Read"; } if (isset($_POST['postthread'])) { $options[] = "PostThread"; } if (isset($_POST['postreply'])) { $options[] = "PostReply"; } if (isset($_POST['postedit'])) { $options[] = "PostEdit"; } if (isset($_POST['offtopic'])) { $options[] = "OffTopic"; } if (isset($_POST['searchable'])) { $options[] = "Searchable"; } if (isset($_POST['logintoread'])) {
function find_thread_index($tid) { global $indexes; if (!isset($indexes) || !count($indexes)) { err_not_found("indexes cache is empty"); exit; } foreach ($indexes as $k => $v) { if ($v['mintid'] <= $tid && $tid <= $v['maxtid']) { return $k; } } return null; }
<?php $aid = $user->aid; $user = new AccountUser(); $user->find_by_aid((int) $aid); if (!$user->unsetcookie()) { err_not_found(); } header("Location: login.phtml?message=" . urlencode("You have been logged out"));
<?php $user->req("ForumAdmin"); if (is_valid_integer($_GET['aid']) && is_valid_signed_integer($_GET['fid'])) { $aid = $_GET['aid']; $fid = $_GET['fid']; } else { err_not_found("invalid fid or aid"); } db_exec("delete from f_moderators where aid = ? and fid = ?", array($aid, $fid)); Header("Location: useracl.phtml?message=" . urlencode("User ACL Deleted"));
} else { if (empty($path_info) || $path_info == "/") { $uuser = new ForumUser(); /* find by cookie */ if (!$uuser->valid()) { /* dont go to login page if user is invalid */ err_not_found("Unknown user"); } Header("Location: /account/{$uuser->aid}.phtml"); exit; } else { err_not_found("Unknown path"); } } if (!$uuser->valid()) { err_not_found("Unknown user"); } $stats = get_stats($uuser); if (array_key_exists('noob', $_GET)) { noob($_GET['noob'], $uuser->aid, $stats['active']); return; } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title><?php echo "{$domain}"; ?> : Account Information for <?php echo "{$uuser->name}";
<?php require_once "listthread.inc"; require_once "filter.inc"; require_once "thread.inc"; require_once "message.inc"; require_once "page-yatt.inc.php"; $tpl->set_file(array("showthread" => "showthread.tpl", "forum_header" => array("forum/" . $forum['shortname'] . ".tpl", "forum/generic.tpl"))); $tpl->set_var("FORUM_NAME", $forum['name']); $tpl->set_var("FORUM_SHORTNAME", $forum['shortname']); $tpl->parse("FORUM_HEADER", "forum_header"); /* $tid set by main.php for showthread.php */ $thread = get_thread($tid); if (!isset($thread)) { err_not_found("No such thread {$tid}"); } /* Mark the thread as read if need be */ if (is_thread_bumped($thread)) { $sql = "update f_tracking set tstamp = NOW() where tid = ? and aid = ?"; db_exec($sql, array($tid, $user->aid)); } /* look for my message and later */ for ($index = find_msg_index($thread['mid']); isset($indexes[$index]); $index++) { $iid = $indexes[$index]['iid']; /* TZ: unixtime is seconds since epoch */ $sql = "select " . "mid, tid, pid, aid, state, UNIX_TIMESTAMP(date) as unixtime, ip, subject, " . "message, url, urltext, video, flags, name, email, views, changes " . "from f_messages{$iid} where tid = ? order by mid"; $sth = db_query($sql, array($tid)); while ($message = $sth->fetch()) { $message['date'] = gen_date($user, $message['unixtime']); /* FIXME: translate pid -> pmid */ if (!isset($message['pmid']) && isset($message['pid'])) {