function writeDB_private_message($to_userid, $image, $subject, $from_userid, $message, $copie)
{
global $NPDS_Prefix;
$res = sql_query("SELECT uid, user_langue FROM " . $NPDS_Prefix . "users WHERE uname='{$to_userid}'");
list($to_useridx, $user_languex) = sql_fetch_row($res);
if ($to_useridx == "") {
forumerror('0016');
} else {
global $gmt;
$time = date(translate("dateinternal"), time() + $gmt * 3600);
include_once "language/lang-multi.php";
$subject = removeHack($subject);
$message = str_replace("\n", "<br />", $message);
$message = addslashes(removeHack($message));
$sql = "INSERT INTO " . $NPDS_Prefix . "priv_msgs (msg_image, subject, from_userid, to_userid, msg_time, msg_text) ";
$sql .= "VALUES ('{$image}', '{$subject}', '{$from_userid}', '{$to_useridx}', '{$time}', '{$message}')";
if (!($result = sql_query($sql))) {
forumerror('0020');
}
if ($copie) {
$sql = "INSERT INTO " . $NPDS_Prefix . "priv_msgs (msg_image, subject, from_userid, to_userid, msg_time, msg_text, type_msg, read_msg) ";
$sql .= "VALUES ('{$image}', '{$subject}', '{$from_userid}', '{$to_useridx}', '{$time}', '{$message}', '1', '1')";
if (!($result = sql_query($sql))) {
forumerror('0020');
}
}
global $subscribe, $nuke_url;
if ($subscribe) {
$sujet = translate_ml($user_languex, "Vous avez un nouveau message.");
$message = translate_ml($user_languex, "Bonjour") . ",<br /><br /><a href=\"{$nuke_url}/viewpmsg.php\">" . translate_ml($user_languex, "Cliquez ici pour lire votre nouveau message.") . "</a><br /><br />";
include "signat.php";
copy_to_email($to_useridx, $sujet, $message);
}
}
}
function ancre($forum_id, $topic_id, $post_id, $posts_per_page)
{
global $NPDS_Prefix;
$rowQ1 = Q_Select("SELECT post_id FROM " . $NPDS_Prefix . "posts WHERE forum_id='{$forum_id}' AND topic_id='{$topic_id}' ORDER BY post_id ASC", 600);
if (!$rowQ1) {
forumerror('0015');
}
$i = 0;
while (list(, $row) = each($rowQ1)) {
if ($row['post_id'] == $post_id) {
break;
}
$i++;
}
$start = $i - $i % $posts_per_page;
return "&ancre=1&start={$start}#" . $forum_id . $topic_id . $post_id;
}
echo '<img class="img-fluid d-block mx-auto" src="' . $site_logo . '" alt="website logo" />';
} else {
echo '<img class="img-fluid d-block mx-auto" src="images/' . $site_logo . '" alt="website logo" />';
}
echo '<p class="mt-2">' . translate("Forum Index") . ' » » ';
echo stripslashes($forum_name);
echo '</p>';
echo "\n <table border=\"0\" >\n <tr>\n <td width=\"15%\"><hr />" . translate("Author") . "</td>\n <td><hr />{$topic_subject}</td>\n </tr>";
if ($Mmod) {
$post_aff = ' ';
} else {
$post_aff = " AND post_aff='1' ";
}
$sql = "SELECT * FROM " . $NPDS_Prefix . "posts WHERE topic_id='{$topic}' and post_id='{$post_id}'" . $post_aff;
if (!($result = sql_query($sql))) {
forumerror(01);
}
$myrow = sql_fetch_assoc($result);
if ($allow_upload_forum) {
$visible = '';
if (!$Mmod) {
$visible = ' AND visible = 1';
}
$sql = "SELECT att_id FROM {$upload_table} WHERE apli='forum_npds' && topic_id = '{$topic}' {$visible}";
$att = sql_num_rows(sql_query($sql));
if ($att > 0) {
include "modules/upload/include_forum/upload.func.forum.php";
}
}
echo "<tr align=\"left\">";
$posterdata = get_userdata_from_id($myrow['poster_id']);
function anti_flood($modoX, $paramAFX, $poster_ipX, $userdataX, $gmtX)
{
// anti_flood : nd de post dans les 90 puis 30 dernières minutes / les modérateurs echappent à cette règle
// security.log est utilisée pour enregistrer les tentatives
global $NPDS_Prefix;
global $anonymous;
if (!array_key_exists('uname', $userdataX)) {
$compte = $anonymous;
} else {
$compte = $userdataX['uname'];
}
if (!$modoX and $paramAFX > 0) {
$sql = "SELECT COUNT(poster_ip) AS total FROM " . $NPDS_Prefix . "posts WHERE post_time>'";
if ($userdataX['uid'] != 1) {
$sql2 = "' AND (poster_ip='{$poster_ipX}' OR poster_id='" . $userdataX['uid'] . "')";
} else {
$sql2 = "' AND poster_ip='{$poster_ipX}'";
}
$timebase = date("Y-m-d H:i", time() + $gmtX * 3600 - 5400);
list($time90) = sql_fetch_row(sql_query($sql . $timebase . $sql2));
if ($time90 > $paramAFX * 2) {
Ecr_Log("security", "Forum Anti-Flood : " . $compte, "");
forumerror(translate("You are not allowed to post in this forum"));
} else {
$timebase = date("Y-m-d H:i", time() + $gmtX * 3600 - 1800);
list($time30) = sql_fetch_row(sql_query($sql . $timebase . $sql2));
if ($time30 > $paramAFX) {
Ecr_Log("security", "Forum Anti-Flood : " . $compte, "");
forumerror(translate("You are not allowed to post in this forum"));
}
}
}
}
forumerror('0009');
}
// ordre de mise à jour d'un champ externe ?
if ($comments_req_raz != '') {
sql_query("UPDATE " . $NPDS_Prefix . $comments_req_raz);
}
redirect_url("{$url_ret}");
break;
case 'viewip':
include "header.php";
$sql = "SELECT u.uname, p.poster_ip, p.poster_dns FROM " . $NPDS_Prefix . "users u, posts p WHERE p.post_id = '{$post}' AND u.uid = p.poster_id";
if (!($r = sql_query($sql))) {
forumerror('0013');
}
if (!($m = sql_fetch_assoc($r))) {
forumerror('0014');
}
echo '
<h3>' . translate("Users IP and Account information") . '</h3>
<div class="card card-block">
<strong>' . translate("Nickname: ") . '</strong> ' . $m['uname'] . '<br />
<strong>' . translate("User IP: ") . '</strong> ' . $m['poster_ip'] . '<br />
<strong>' . translate("User DNS: ") . '</strong> ' . $m['poster_dns'] . '<br />
</div>
<p><a href="' . rawurldecode($url_ret) . '" class="btn btn-primary">' . translate("Go Back") . '</a></p>';
include "footer.php";
break;
case 'aff':
$sql = "UPDATE " . $NPDS_Prefix . "posts SET post_aff = '{$ordre}' WHERE post_id = '{$post}'";
sql_query($sql);
// ordre de mise à jour d'un champ externe ?
if ($forum_type != 6 and $forum_type != 5) {
$messageP = make_clickable($messageP);
$messageP = removeHack($messageP);
if ($allow_bbcode) {
$messageP = aff_video_yt($messageP);
}
}
$messageP = addslashes($messageP);
break;
case 'editpost':
$userdata = get_userdata($userdata[1]);
settype($post_id, "integer");
$sql = "SELECT poster_id, topic_id FROM " . $NPDS_Prefix . "posts WHERE (post_id = '{$post_id}')";
$result = sql_query($sql);
if (!$result) {
forumerror('0022');
}
$row2 = sql_fetch_assoc($result);
$userdata['uid'] = $row2['poster_id'];
// IF we made it this far we are allowed to edit this message
settype($forum, "integer");
$myrow2 = sql_fetch_assoc(sql_query("SELECT forum_type FROM " . $NPDS_Prefix . "forums WHERE (forum_id = '{$forum}')"));
$forum_type = $myrow2['forum_type'];
if ($allow_html == 0 || isset($html)) {
$messageP = htmlspecialchars($messageP, ENT_COMPAT | ENT_HTML401, cur_charset);
}
if ($allow_bbcode and $forum_type != 6 and $forum_type != 5) {
$messageP = smile($messageP);
}
if ($forum_type != 6 and $forum_type != 5) {
$messageP = aff_code($messageP);
if ($Mmod) {
echo '
<div class="form-group row">
<div class="col-sm-3">
<label class="form-control-label" for="subject">' . translate("Title") . '</label>
</div>
<div class="col-sm-9">
<input class="form-control textbox_standard" type="text" name="subject" size="40" maxlength="100" value="' . htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, cur_charset) . '" />
</div>
</div>';
} else {
echo "<b>" . translate("Editing Post") . "</b> : {$title}</td></tr>";
echo "<input type=\"hidden\" name=\"subject\" value=\"" . htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, cur_charset) . "\" />";
}
} else {
forumerror('0036');
}
if ($smilies) {
echo '
<div class="form-group row">
<div class="col-sm-3">
<label class="form-control-label">' . translate("Message Icon: ") . '</label>
</div>
<div class="col-sm-9">
' . emotion_add($image_subject) . '
</div>
</div>';
}
echo '
<div class="form-group row">
<div class="col-sm-3">
}
$message = make_clickable($message);
$message = removeHack($message);
$image_subject = '';
$message = addslashes($message);
$time = date("Y-m-d H:i:s", time() + $gmt * 3600);
$sql = "INSERT INTO " . $NPDS_Prefix . "posts (post_idH, topic_id, image, forum_id, poster_id, post_text, post_time, poster_ip, poster_dns) VALUES ('0', '{$topic}', '{$image_subject}', '{$forum}', '" . $userdata['uid'] . "', '{$message}', '{$time}', '{$poster_ip}', '{$hostname}')";
if (!($result = sql_query($sql))) {
forumerror('0020');
} else {
$IdPost = sql_last_id();
}
$sql = "UPDATE " . $NPDS_Prefix . "users_status SET posts=posts+1 WHERE (uid = '" . $userdata['uid'] . "')";
$result = sql_query($sql);
if (!$result) {
forumerror('0029');
}
// ordre de mise à jour d'un champ externe ?
if ($comments_req_add != "") {
sql_query("UPDATE " . $NPDS_Prefix . $comments_req_add);
}
redirect_url("{$url_ret}");
} else {
echo '<p class="text-xs-center">' . translate("You must type a message to post.") . '<br /><br />';
echo "[ <a href=\"javascript:history.go(-1)\" class=\"noir\">" . translate("Go Back") . "</a> ]</p>";
}
} else {
include 'header.php';
if ($allow_bbcode == 1) {
include "lib/formhelp.java.php";
}
}
if ($display) {
echo '
<tr class="table-danger">
<td colspan="6"><input type="hidden" name="total_messages" value="' . $total_messages . '"><button class="btn btn-danger-outline btn-sm" type="submit" name="delete_messages" value="delete_messages" >' . translate("Delete") . '</button></td>
</tr>';
}
echo '
<tbody>
</table>
</form>
</div>';
$sql = "SELECT * FROM " . $NPDS_Prefix . "priv_msgs WHERE from_userid = '" . $userdata['uid'] . "' AND type_msg='1' ORDER BY msg_id DESC";
$resultID = sql_query($sql);
if (!$resultID) {
forumerror(05);
}
echo '
<div class="card card-block ">
<h2><a href="replypmsg.php?send=1" title="' . translate("Write a new Private Message") . '" data-toggle="tooltip" ><i class="fa fa-edit"></i></a> ' . translate("Private Message") . " - " . translate("Outbox") . '</h2>
<form id="" name="prvmsgB" method="get" action="replypmsg.php">
<table class="table table-hover table-striped table-sm" >
<thead class="thead-default">
<tr>
<th data-checkbox="true" ><input name="allbox" onclick="CheckAllB();" type="checkbox" value="Check All" /></th>
<th align="center" ><i class="fa fa-long-arrow-down"></i></th>';
if ($smilies) {
echo '
<th align="center" > </th>';
}
echo '
</fieldset>
';
} else {
echo '' . translate("You are not allowed to reply in this forum") . '';
}
echo "\n\t\t</div>\n\t\t</form>";
if ($allow_to_reply) {
echo '<h3 class="text-xs-center">' . translate("Topic Review") . '</h3>';
if ($Mmod) {
$post_aff = "";
} else {
$post_aff = " and post_aff='1' ";
}
$sql = "SELECT * FROM " . $NPDS_Prefix . "posts WHERE topic_id='{$topic}' and forum_id='{$forum}'" . $post_aff . "ORDER BY post_id DESC limit 0,10";
if (!($result = sql_query($sql))) {
forumerror('0001');
}
$myrow = sql_fetch_assoc($result);
$count = 0;
do {
echo '
<div class="row">
<div class="col-md-2">
';
$posterdata = get_userdata_from_id($myrow['poster_id']);
if ($posterdata['uname'] != $anonymous) {
echo '<a href="powerpack.php?op=instant_message&to_userid=' . $posterdata['uname'] . '" class="noir">' . $posterdata['uname'] . '</a>';
} else {
echo $posterdata['uname'];
}
echo '<br />';
function MergeForumAction($oriforum, $destforum)
{
global $upload_table;
global $NPDS_Prefix;
$sql = "UPDATE " . $NPDS_Prefix . "forumtopics SET forum_id='{$destforum}' WHERE forum_id='{$oriforum}'";
if (!($r = sql_query($sql))) {
forumerror('0010');
}
$sql = "UPDATE " . $NPDS_Prefix . "posts SET forum_id='{$destforum}' WHERE forum_id='{$oriforum}'";
if (!($r = sql_query($sql))) {
forumerror('0010');
}
$sql = "UPDATE " . $NPDS_Prefix . "forum_read SET forum_id='{$destforum}' WHERE forum_id='{$oriforum}'";
if (!($r = sql_query($sql))) {
forumerror('0001');
}
$sql = "UPDATE {$upload_table} SET forum_id='{$destforum}' WHERE apli='forum_npds' and forum_id='{$oriforum}'";
sql_query($sql);
sql_free_result;
Q_Clean();
header("location: admin.php?op=MaintForumAdmin");
}
function read_imm($msg_id, $sub_op)
{
global $cookie, $NPDS_Prefix;
if (!$cookie) {
Header("Location: user.php");
} else {
$sql = "UPDATE " . $NPDS_Prefix . "priv_msgs SET read_msg='1' WHERE msg_id='{$msg_id}' AND to_userid='{$cookie['0']}'";
if (!sql_query($sql)) {
forumerror('0021');
}
if ($sub_op == 'reply') {
echo "<script type=\"text/javascript\">\n //<![CDATA[\n window.location='replypmsg.php?reply=1&msg_id={$msg_id}&userid={$cookie['0']}&full_interface=short';\n //]]>\n </script>";
die;
}
echo '<script type="text/javascript">
//<![CDATA[
window.location="readpmsg_imm.php?op=new_msg";
//]]>
</script>';
die;
}
}
$sql = "SELECT msg_image, subject, from_userid, to_userid FROM " . $NPDS_Prefix . "priv_msgs WHERE to_userid='" . $userdata['uid'] . "' AND msg_id='{$msg_id}' AND type_msg='0'";
$result = sql_query($sql);
if (!$result) {
forumerror('0022');
}
$row = sql_fetch_assoc($result);
if (!$row) {
forumerror('0023');
}
$fromuserdata = get_userdata_from_id($row['from_userid']);
if ($fromuserdata[0] == 1) {
forumerror('0101');
}
$touserdata = get_userdata_from_id($row['to_userid']);
if ($user and $userdata['uid'] != $touserdata['uid']) {
forumerror('0024');
}
}
echo '
<h3>' . translate("Private Message") . '</h3>
<hr />
<blockquote class="blockquote">' . translate("About Posting:") . '<br />' . translate("All registered users can post private messages.") . '</blockquote>
<form action="replypmsg.php" method="post" name="coolsus">';
if ($submitP) {
echo "<hr noshade=\"noshade\" class=\"ongl\" /><p align=\"center\" class=\"header\">" . translate("Preview") . "</p>\n <table border=\"0\" cellpadding=\"2\" cellspacing=\"1\" width=\"100%\">";
echo "<b>" . StripSlashes($subject) . "</b><br /><br />\n";
$Xmessage = $message = StripSlashes($message);
if ($allow_html == 0 || isset($html)) {
$Xmessage = htmlspecialchars($Xmessage, ENT_COMPAT | ENT_HTML401, cur_charset);
}
if ($sig) {
