function showratings($rating_type, $rating_item_id, $rating_link)
{
global $locale, $userdata;
$settings = \fusion_get_settings();
if ($settings['ratings_enabled'] == "1") {
if (iMEMBER) {
$d_rating = dbarray(dbquery("SELECT rating_vote,rating_datestamp FROM " . DB_RATINGS . " WHERE rating_item_id='" . $rating_item_id . "' AND rating_type='" . $rating_type . "' AND rating_user='******'user_id'] . "'"));
if (isset($_POST['post_rating'])) {
// Rate
if (isnum($_POST['rating']) && $_POST['rating'] > 0 && $_POST['rating'] < 6 && !isset($d_rating['rating_vote'])) {
$result = dbquery("INSERT INTO " . DB_RATINGS . " (rating_item_id, rating_type, rating_user, rating_vote, rating_datestamp, rating_ip, rating_ip_type) VALUES ('{$rating_item_id}', '{$rating_type}', '" . $userdata['user_id'] . "', '" . $_POST['rating'] . "', '" . time() . "', '" . USER_IP . "', '" . USER_IP_TYPE . "')");
if ($result) {
defender::unset_field_session();
}
}
redirect($rating_link);
} elseif (isset($_POST['remove_rating'])) {
// Unrate
$result = dbquery("DELETE FROM " . DB_RATINGS . " WHERE rating_item_id='{$rating_item_id}' AND rating_type='{$rating_type}' AND rating_user='******'user_id'] . "'");
if ($result) {
defender::unset_field_session();
}
redirect($rating_link);
}
}
$ratings = array(5 => $locale['r120'], 4 => $locale['r121'], 3 => $locale['r122'], 2 => $locale['r123'], 1 => $locale['r124']);
if (!iMEMBER) {
$message = str_replace("[RATING_ACTION]", "<a href='" . BASEDIR . "login.php'>" . $locale['login'] . "</a>", $locale['r104']);
if (fusion_get_settings("enable_registration") == TRUE) {
$message = str_replace("[RATING_ACTION]", "<a href='" . BASEDIR . "login.php'>" . $locale['login'] . "</a> " . $locale['or'] . " <a href='" . BASEDIR . "register.php'>" . $locale['register'] . "</a>", $locale['r104']);
}
echo "<div class='text-center'>" . $message . "</div>\n";
} elseif (isset($d_rating['rating_vote'])) {
echo "<div class='display-block'>\n";
echo openform('removerating', 'post', $rating_link, array('class' => 'display-block text-center'));
echo sprintf($locale['r105'], $ratings[$d_rating['rating_vote']], showdate("longdate", $d_rating['rating_datestamp'])) . "<br /><br />\n";
echo form_button('remove_rating', $locale['r102'], $locale['r102'], array('class' => 'btn-default', 'icon' => 'fa fa-times m-r-10'));
echo closeform();
echo "</div>\n";
} else {
echo "<div class='display-block'>\n";
echo openform('postrating', 'post', $rating_link, array('max_tokens' => 1, 'notice' => 0, 'class' => 'm-b-20 text-center'));
echo form_select('rating', $locale['r106'], '', array('options' => $ratings, 'class' => 'display-block text-center'));
echo form_button('post_rating', $locale['r103'], $locale['r103'], array('class' => 'btn-primary btn-sm', 'icon' => 'fa fa-thumbs-up m-r-10'));
echo closeform();
echo "</div>\n";
}
$rating_votes = dbarray(dbquery("\n\t\tSELECT\n\t\tSUM(IF(rating_vote='5', 1, 0)) as r120,\n\t\tSUM(IF(rating_vote='4', 1, 0)) as r121,\n\t\tSUM(IF(rating_vote='3', 1, 0)) as r122,\n\t\tSUM(IF(rating_vote='2', 1, 0)) as r123,\n\t\tSUM(IF(rating_vote='1', 1, 0)) as r124\n\t\tFROM " . DB_RATINGS . " WHERE rating_type='" . $rating_type . "' and rating_item_id='" . intval($rating_item_id) . "'\n\t\t"));
if (!empty($rating_votes)) {
echo "<div id='ratings' class='rating_container'>\n";
foreach ($rating_votes as $key => $num) {
echo progress_bar($num, $locale[$key], FALSE, '10px', TRUE, FALSE);
}
echo "</div>\n";
} else {
echo "<div class='text-center'>" . $locale['r101'] . "</div>\n";
}
}
}
function dj_info_box($id = "0", $info = "Keine Infos", $feld_id, $name = "")
{
global $sp_settings, $userdata, $locale;
$ausgabe = "";
if (!isnum($id)) {
fallback("index.php");
}
if ($id > 0) {
$info_result = dbquery("SELECT * FROM " . DB_USERS . " WHERE user_id='" . $id . "'");
if (dbrows($info_result) != 0) {
$user_info = dbarray($info_result);
if (sp_check($sp_settings['grss_sgroup'], $user_info['user_groups'])) {
$mod = "<b>" . $locale['grsp124'] . "</b><br />" . $locale['grsp125'] . "<br /><br />";
} elseif (sp_check($sp_settings['grss_ggroup'], $user_info['user_groups'])) {
$mod = "<b>" . $locale['grsp124'] . "</b><br />" . $locale['grsp126'] . "<br /><br />";
} else {
$mod = "";
}
if ($user_info['user_avatar'] != "") {
$avatar = IMAGES . "avatars/" . $user_info['user_avatar'];
} else {
$avatar = IMAGES . "avatars/nopic.gif";
}
$infos = "<div align=\\'center\\'><img src=\\'" . $avatar . "\\' /><br /><br /></div><b>" . $locale['grsp122'] . "</b><br /><span class=\\'info2\\'>" . $user_info['user_name'] . "</span><br /><br />" . $mod . "<b>" . $locale['grsp123'] . "</b><br />" . $info . "<br /><br />";
$ausgabe .= '<a onmouseover="return overlib(\'' . $infos . '\', STICKY, FGCLASS, \'sp1\', BGCLASS, \'sp2\', CAPTIONFONTCLASS, \'a\', CLOSEFONTCLASS, \'a\', CAPTION, \'' . $locale['grsp139'] . '\', RIGHT, CLOSETEXT, \' \');" onmouseout="return nd(\'true\');" href="' . BASEDIR . 'profile.php?lookup=' . $user_info['user_id'] . '">' . ($sp_settings['grss_djpic'] == 1 ? "<img src=\"" . $avatar . "\" height=\"40\" border=\"0\" /><br />" : "") . $user_info['user_name'] . '</a>';
if ((sp_group($sp_settings['grss_sgroup']) || sp_group($sp_settings['grss_ggroup'])) && $userdata['user_id'] == $user_info['user_id'] || sp_group($sp_settings['grss_agroup']) || iSUPERADMIN) {
if ($sp_settings['grss_djedit'] == 1 || sp_group($sp_settings['grss_agroup']) || iSUPERADMIN) {
$ausgabe .= "<br /><input type='submit' value='" . $locale['grsp130'] . "' class='button' style='width:80px;' onclick='popup=window.open(\"" . INFUSIONS . "gr_sendeplan/gr_sendeplan_popup.php?status=edit&id=" . $feld_id . "\",\"DJ_Admin\",\"toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=1,resizable=1,width=500,height=220,left=250,top=250\"); return false;' />";
}
if ($sp_settings['grss_djoff'] == 1 || sp_group($sp_settings['grss_agroup']) || iSUPERADMIN) {
$ausgabe .= '<br /><form method="post" action="' . FUSION_SELF . '?id=' . $feld_id . '"><input type="submit" name="sp_delete" value="' . $locale['grsp131'] . '" class="button" style="width:80px;" /></form>';
}
}
}
} elseif ($id == 0 && $name != "") {
$infos = "<div align=\\'center\\'><img src=\\'" . IMAGES . "avatars/nopic.gif\\' /><br /><br /></div><b>" . $locale['grsp122'] . "</b><br /><span class=\\'info2\\'>" . $name . "</span><br /><br /><b>" . $locale['grsp123'] . "</b><br />" . $info . "<br /><br />";
$ausgabe .= '<a onmouseover="return overlib(\'' . $infos . '\', STICKY, FGCLASS, \'sp1\', BGCLASS, \'sp2\', CAPTIONFONTCLASS, \'a\', CLOSEFONTCLASS, \'a\', CAPTION, \'' . $locale['grsp139'] . '\', RIGHT, CLOSETEXT, \' \');" onmouseout="return nd(\'true\');">' . ($sp_settings['grss_djpic'] == 1 ? "<img src=\"" . IMAGES . "avatars/nopic.gif\" height=\"40\" border=\"0\" /><br />" : "") . $name . '</a>';
if (sp_group($sp_settings['grss_agroup']) || iSUPERADMIN) {
$ausgabe .= "<br /><input type='submit' value='" . $locale['grsp130'] . "' class='button' style='width:80px;' onclick='popup=window.open(\"" . INFUSIONS . "gr_sendeplan/gr_sendeplan_popup.php?status=edit&id=" . $feld_id . "\",\"DJ_Admin\",\"toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=1,resizable=1,width=500,height=220,left=250,top=250\"); return false;' />";
$ausgabe .= '<br /><form method="post" action="' . FUSION_SELF . '?id=' . $feld_id . '"><input type="submit" name="sp_delete" value="' . $locale['grsp131'] . '" class="button" style="width:80px;" /></form>';
}
}
if ($ausgabe == "") {
if ($sp_settings['grss_djon'] == 1 && !($sp_settings['grss_week'] == 1 && $feld_id < 169) && (sp_group($sp_settings['grss_sgroup']) || sp_group($sp_settings['grss_ggroup'])) || sp_group($sp_settings['grss_agroup']) || iSUPERADMIN) {
$ausgabe .= "<a href='javascript:;' onclick='popup=window.open(\"" . INFUSIONS . "gr_sendeplan/gr_sendeplan_popup.php?status=add&id=" . $feld_id . "\",\"DJ_Admin\",\"toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=1,resizable=1,width=500,height=220,left=250,top=250\"); return false;'>" . $locale['grsp121'] . "</a>";
} else {
$ausgabe .= ($sp_settings['grss_djpic'] == 1 && $sp_settings['grss_autodjpic'] == 1 ? "<img src=\"" . INFUSIONS . "gr_sendeplan/autodj.gif\" height=\"40\" border=\"0\" /><br />" : "") . $locale['grsp120'];
}
}
if ($sp_settings['grss_replay'] == 1 && $feld_id > 168 && (sp_group($sp_settings['grss_agroup']) || iSUPERADMIN)) {
$info_result = dbquery("SELECT * FROM " . DB_GR_SENDEPLAN_REPLAY . " WHERE grsr_re_id='" . $feld_id . "'");
if (dbrows($info_result) != 0) {
$ausgabe .= '<form method="post" action="' . FUSION_SELF . '?id=' . $feld_id . '"><input type="submit" name="sp_re_delete" value="' . $locale['grsp140'] . '" class="button" style="width:80px;" /></form>';
}
}
return $ausgabe;
}
/**
* SQL Delete Site Link Action
* @param $link_id
* @return bool|mixed|null|PDOStatement|resource
*/
public static function delete_sitelinks($link_id)
{
$result = NULL;
if (isnum($link_id)) {
$data = dbarray(dbquery("SELECT link_order FROM " . DB_SITE_LINKS . " " . (multilang_table("SL") ? "WHERE link_language='" . LANGUAGE . "' AND" : "WHERE") . " link_id='" . $_GET['link_id'] . "'"));
$result = dbquery("UPDATE " . DB_SITE_LINKS . " SET link_order=link_order-1 " . (multilang_table("SL") ? "WHERE link_language='" . LANGUAGE . "' AND" : "WHERE") . " link_order>'" . $data['link_order'] . "'");
if ($result) {
$result = dbquery("DELETE FROM " . DB_SITE_LINKS . " WHERE link_id='" . $_GET['link_id'] . "'");
}
return $result;
}
return $result;
}
public function __construct()
{
global $admin_pages, $aidlink;
$this->admin_pages = $admin_pages;
$this->locale = fusion_get_locale('', LOCALE . LOCALESET . "admin/main.php");
$this->admin_sections = array(0 => $GLOBALS['locale']['ac00'], 1 => $GLOBALS['locale']['ac01'], 2 => $GLOBALS['locale']['ac02'], 3 => $GLOBALS['locale']['ac03'], 4 => $GLOBALS['locale']['ac04'], 5 => $GLOBALS['locale']['ac05']);
$this->current_page = self::_currentPage();
// Dashboard breadcrumb
add_breadcrumb(array('link' => ADMIN . 'index.php' . $aidlink . '&pagenum=0', 'title' => $GLOBALS['locale']['ac10']));
$acTab = isset($_GET['pagenum']) && isnum($_GET['pagenum']) ? $_GET['pagenum'] : $this->_isActive();
if ($acTab != 0 && $acTab <= 5) {
add_breadcrumb(array('link' => ADMIN . $aidlink . "&pagenum=" . $acTab, 'title' => $GLOBALS['locale']['ac0' . $acTab]));
}
}
function filter_show($row_start_key = false, $items_per_page_key = false)
{
if (isset($_GET[$row_start_key]) || isset($_GET[$items_per_page_key])) {
$condition = '';
if ($_GET[$items_per_page_key]) {
// WHEN show is available we set to rowstat, and show items.
$condition = " LIMIT ";
$condition .= isset($_GET[$row_start_key]) && isnum($_GET[$row_start_key]) ? stripinput($_GET[$row_start_key]) : 0;
if (isset($_GET[$items_per_page_key]) && isnum($_GET[$items_per_page_key])) {
$condition .= "," . stripinput($_GET[$items_per_page_key]);
}
}
return $condition;
}
}
function ratings_forum($thread_id)
{
global $settings, $locale;
$text = "";
if ($settings['forum_ratings'] && isnum($thread_id)) {
$result = dbquery("SELECT SUM(rating_vote) AS sum, COUNT(rating_vote) AS count\r\n\t\tFROM " . DB_RATINGS . " WHERE rating_type='F' AND rating_item_id='" . (int) $thread_id . "'");
$data = dbarray($result);
$rating = $data['count'] ? $data['sum'] / $data['count'] : 0;
if ($rating > 0) {
$rounded = round($rating);
$text = "<img src='" . IMAGES . "ratings/" . $rounded . ".gif' alt='" . $locale['r130'] . $rounded . "' title='" . $locale['r130'] . round($rating, 2) . " " . sprintf($locale['r135'], $data['count']) . "' style='vertical-align:middle; border: 0;' />\n";
}
}
return $text;
}
public function display_news()
{
if (isset($_GET['readmore']) && isnum($_GET['readmore'])) {
// Item Result
$info = $this->set_NewsItemInfo($_GET['readmore']);
render_news_item($info);
} elseif (isset($_GET['cat_id']) && isnum($_GET['cat_id'])) {
// Category Result
$info = $this->set_NewsCatInfo($_GET['cat_id']);
render_main_news($info);
} else {
// All Results
$info = $this->set_NewsInfo();
render_main_news($info);
}
}
public function __construct()
{
global $locale, $admin_pages, $aidlink;
@(list($title) = dbarraynum(dbquery("SELECT admin_title FROM " . DB_ADMIN . " WHERE admin_link='" . FUSION_SELF . "'")));
set_title($locale['global_123'] . $locale['global_201'] . ($title ? $title . $locale['global_200'] : ""));
$this->admin_pages = $admin_pages;
// generate core sections
$this->admin_sections = array(0 => $locale['ac00'], 1 => $locale['ac01'], 2 => $locale['ac02'], 3 => $locale['ac03'], 4 => $locale['ac04'], 5 => $locale['ac05']);
$this->current_page = self::_currentPage();
// Dashboard breadcrumb
add_breadcrumb(array('link' => ADMIN . 'index.php' . $aidlink . '&pagenum=0', 'title' => $locale['ac10']));
$activetab = isset($_GET['pagenum']) && isnum($_GET['pagenum']) ? $_GET['pagenum'] : $this->_isActive();
if ($activetab != 0 && $activetab <= 5) {
add_breadcrumb(array('link' => ADMIN . $aidlink . "&pagenum=" . $activetab, 'title' => $locale['ac0' . $activetab]));
}
}
function weblink_admin_subsubcats($id)
{
global $aidlink, $locale;
$result = dbquery("SELECT weblink_cat_id, weblink_cat_name FROM " . DB_WEBLINK_CATS . " WHERE weblink_cat_parent='" . (int) $id . "' ORDER BY weblink_cat_name");
$sublist = "";
while ($data = dbarray($result)) {
if (!isset($_GET['weblink_cat_id']) || !isnum($_GET['weblink_cat_id'])) {
$_GET['weblink_cat_id'] = 0;
}
if ($data['weblink_cat_id'] == $_GET['weblink_cat_id']) {
$p_img = "off";
$div = "";
} else {
$p_img = "on";
$div = "style='display:none'";
}
$sublist .= "<tr>\n";
$sublist .= "<td class='tbl2'>--" . $data['weblink_cat_name'] . "</td>\n";
$sublist .= "<td class='tbl2' align='right'><img src='" . get_image("panel_{$p_img}") . "' alt='' name='b_" . $data['weblink_cat_id'] . "' onclick=\"javascript:flipBox('" . $data['weblink_cat_id'] . "')\" /></td>\n";
$sublist .= "</tr>\n";
$result2 = dbquery("SELECT weblink_id, weblink_name, weblink_url FROM " . DB_WEBLINKS . " WHERE weblink_cat='" . $data['weblink_cat_id'] . "' ORDER BY weblink_name");
if (dbrows($result2)) {
$sublist .= "<tr>\n<td colspan='2'>\n";
$sublist .= "<div id='box_" . $data['weblink_cat_id'] . "'" . $div . ">\n";
$sublist .= "<table cellpadding='0' cellspacing='0' width='100%'>\n";
while ($data2 = dbarray($result2)) {
$sublist .= "<tr>\n";
$sublist .= "<td class='tbl'><a href='" . $data2['weblink_url'] . "' target='_blank'>" . $data2['weblink_name'] . "</a></td>\n";
$sublist .= "<td width='75' class='tbl'><a href='" . FUSION_SELF . $aidlink . "&action=edit&weblink_cat_id=" . $data['weblink_cat_id'] . "&weblink_id=" . $data2['weblink_id'] . "'>" . $locale['533'] . "</a> -\n";
$sublist .= "<a href='" . FUSION_SELF . $aidlink . "&action=delete&weblink_cat_id=" . $data['weblink_cat_id'] . "&weblink_id=" . $data2['weblink_id'] . "' onclick=\"return confirm('" . $locale['550'] . "');\">" . $locale['534'] . "</a></td>\n";
$sublist .= "</tr>\n";
}
$sublist .= "</table>\n</div>\n</td>\n</tr>\n";
} else {
$sublist .= "<tr>\n<td colspan='2'>\n";
$sublist .= "<div id='box_" . $data['weblink_cat_id'] . "' style='display:none'>\n";
$sublist .= "<table width='100%' cellspacing='0' cellpadding='0'>\n<tr>\n";
$sublist .= "<td class='tbl'>" . $locale['535'] . "</td>\n";
$sublist .= "</tr>\n</table>\n</div>\n";
}
$sublist .= weblink_admin_subsubcats($data['weblink_cat_id']);
}
$sublist .= "</tr>\n";
return $sublist;
}
function download_admin_subcats($id)
{
global $aidlink, $locale;
$sublist = "";
$result = dbquery("SELECT download_cat_id, download_cat_name FROM " . DB_DOWNLOAD_CATS . " WHERE download_cat_parent='" . (int) $id . "' ORDER BY download_cat_name");
if (dbrows($result)) {
while ($data = dbarray($result)) {
if (!isset($_GET['download_cat_id']) || !isnum($_GET['download_cat_id'])) {
$_GET['download_cat_id'] = 0;
}
if ($data['download_cat_id'] == $_GET['download_cat_id']) {
$p_img = "off";
$div = "";
} else {
$p_img = "on";
$div = "style='display:none'";
}
$sublist .= "<tr>\n";
$sublist .= "<td class='tbl2'>-" . $data['download_cat_name'] . "</td>\n";
$sublist .= "<td class='tbl2' style='text-align:right;'><img src='" . get_image("panel_{$p_img}") . "' name='b_" . $data['download_cat_id'] . "' alt='' onclick=\"javascript:flipBox('" . $data['download_cat_id'] . "')\" /></td>\n";
$sublist .= "</tr>\n";
$result2 = dbquery("SELECT download_id, download_title, download_url, download_file FROM " . DB_DOWNLOADS . " WHERE download_cat='" . $data['download_cat_id'] . "' ORDER BY download_title");
if (dbrows($result2) != 0) {
$sublist .= "<tr>\n<td colspan='2'>\n";
$sublist .= "<div id='box_" . $data['download_cat_id'] . "'" . $div . ">\n";
$sublist .= "<table cellpadding='0' cellspacing='0' style='width:100%;'>\n";
while ($data2 = dbarray($result2)) {
if (!empty($data2['download_file']) && file_exists(DOWNLOADS . $data2['download_file'])) {
$download_url = DOWNLOADS . $data2['download_file'];
} elseif (!strstr($data2['download_url'], "http://") && !strstr($data2['download_url'], "../")) {
$download_url = BASEDIR . $data2['download_url'];
} else {
$download_url = $data2['download_url'];
}
$sublist .= "<tr>\n<td class='tbl1'><a href='" . $download_url . "' target='_blank'>" . $data2['download_title'] . "</a></td>\n";
$sublist .= "<td class='tbl1' style='text-align:right;width:100px;'><a href='" . FUSION_SELF . $aidlink . "&action=edit&download_cat_id=" . $data['download_cat_id'] . "&download_id=" . $data2['download_id'] . "'>" . $locale['442'] . "</a> -\n";
$sublist .= "<a href='" . FUSION_SELF . $aidlink . "&action=delete&download_cat_id=" . $data['download_cat_id'] . "&download_id=" . $data2['download_id'] . "' onclick=\"return confirm('" . $locale['460'] . "');\">" . $locale['443'] . "</a></td>\n";
$sublist .= "</tr>\n";
}
$sublist .= "</table>\n</div>\n</td>\n</tr>\n";
}
}
}
return $sublist;
}
/**
* @param $form_name
* @param $method - 'post' or 'get'
* @param $action_url - form current uri
* @param array $options :
* form_id = default as form_name
* class = default empty
* enctype = true or false , set true to allow file upload
* max_tokens = store into session number of tokens , default as 1.
* @return string
*/
function openform($form_name, $method, $action_url, array $options = array())
{
global $defender;
$method = strtolower($method) == 'post' ? 'post' : 'get';
$options = array('form_id' => !empty($options['form_id']) ? $options['form_id'] : $form_name, 'class' => !empty($options['class']) ? $options['class'] : '', 'enctype' => !empty($options['enctype']) && $options['enctype'] == TRUE ? TRUE : FALSE, 'max_tokens' => !empty($options['max_tokens']) && isnum($options['max_tokens']) ? $options['max_tokens'] : 1);
$class = "";
if (!$defender->safe()) {
$class .= "class='warning " . $options['class'] . "' ";
} elseif (!empty($options['class'])) {
$class .= "class='" . $options['class'] . "'";
}
$action_prefix = fusion_get_settings("site_seo") && !defined("ADMIN_PANEL") ? FUSION_ROOT : "";
$html = "<form name='" . $form_name . "' id='" . $options['form_id'] . "' method='" . $method . "' action='" . $action_prefix . $action_url . "' " . $class . " " . ($options['enctype'] ? "enctype='multipart/form-data'" : '') . " >\n";
if ($method == 'post') {
$token = $defender->generate_token($options['form_id'], $options['max_tokens']);
$html .= "<input type='hidden' name='fusion_token' value='" . $token . "' />\n";
$html .= "<input type='hidden' name='form_id' value='" . $options['form_id'] . "' />\n";
}
return $html;
}
function whoishere_observer($forum_place)
{
global $userdata;
$user_id = iMEMBER ? $userdata['user_id'] : USER_IP;
$forum_id = "";
$thread_id = "";
if ($forum_place == "index") {
$forum_id = 0;
$thread_id = 0;
} elseif ($forum_place == "forum" && isset($_GET['forum_id']) && isnum($_GET['forum_id'])) {
$forum_id = $_GET['forum_id'];
$thread_id = 0;
} elseif ($forum_place == "thread" && isset($_GET['thread_id']) && isnum($_GET['thread_id'])) {
list($forum_id) = dbarraynum(dbquery("SELECT forum_id FROM " . DB_THREADS . " WHERE thread_id='" . (int) $_GET['thread_id'] . "'"));
$thread_id = $_GET['thread_id'];
}
if (isnum($forum_id) && isnum($thread_id)) {
dbquery("REPLACE INTO " . DB_FORUM_OBSERVER . " SET user_id='" . $user_id . "', forum_id='" . $forum_id . "', thread_id='" . $thread_id . "', age='" . time() . "'");
}
dbquery("DELETE FROM " . DB_FORUM_OBSERVER . " WHERE age < (" . time() . "-5*60)");
}
function openform($form_name, $form_id, $method, $action, $array = false)
{
global $defender;
if (!is_array($array)) {
$class = '';
$enctype = '';
$downtime = 10;
$notice = 1;
} else {
$class = array_key_exists('class', $array) && $array['class'] ? $array['class'] : '';
$enctype = array_key_exists('enctype', $array) && $array['enctype'] == 1 ? 1 : 0;
$downtime = array_key_exists('downtime', $array) && isnum($array['downtime']) ? $array['downtime'] : 10;
$notice = array_key_exists('notice', $array) && isnum($array['notice']) ? $array['notice'] : 1;
}
$html = "<form name='" . $form_name . "' id='" . $form_id . "' method='" . $method . "' action='" . $action . "' class='" . (defined('FUSION_NULL') ? 'warning' : '') . " {$class}' " . ($enctype ? "enctype='multipart/form-data'" : '') . " >\n";
$html .= generate_token($form_name, $downtime);
if (defined('FUSION_NULL') && $notice) {
echo $defender->showNotice();
}
return $html;
}
function form_photosize($title, $input_name, $input_id, $input_value_width, $input_value_height, $array = false)
{
$title = isset($title) && !empty($title) ? $title : "";
$title2 = isset($title) && !empty($title) ? $title : ucfirst(strtolower(str_replace("_", " ", $input_name)));
$input_name = isset($input_name) && !empty($input_name) ? stripinput($input_name) : "";
$input_id = isset($input_id) && !empty($input_id) ? stripinput($input_id) : "";
if (!is_array($array)) {
$inline = '';
$placeholder = 'px';
$deactivate = '';
$required = 0;
$error_text = '';
} else {
$inline = array_key_exists('rowstart', $array) ? 1 : 0;
$placeholder = array_key_exists('placeholder', $array) ? $array['placeholder'] : 'px';
$deactivate = array_key_exists('deactivate', $array) ? $array['deactivate'] : "";
$class = array_key_exists('class', $array) ? "class='" . $array['class'] . "'" : "";
$required = array_key_exists('required', $array) && $array['required'] == 1 ? 1 : 0;
$deactivate = '';
$error_text = array_key_exists("error_text", $array) ? $array['error_text'] : "";
}
$html = "<div id='{$input_id}-field' class='form-group m-b-0 has-feedback'>\n";
$html .= $title ? "<label class='control-label " . ($inline ? "col-xs-3 col-sm-3 col-md-3 col-lg-3" : '') . "' for='{$input_id}'>{$title} " . ($required == 1 ? "<span class='required'>*</span>" : '') . "</label>\n" : '';
$html .= $inline ? "<div class='col-xs-9 col-sm-9 col-md-9 col-lg-9'>\n" : "<div class='col-xs-12 col-sm-12 col-md-12 col-lg-12 p-l-0 form-horizontal'>\n";
$html .= "<div class='form-group m-b-0 has-feedback col-sm-6 col-md-6 col-lg-6 m-r-10'>";
$html .= "<input type='text' class='form-control input-sm {$class}' name='" . $input_name . "_w' id='" . $input_id . "' value='{$input_value_width}' placeholder='width (" . $placeholder . ")' " . ($deactivate == "1" && isnum($deactivate) ? "readonly" : "") . ">\n";
$html .= "<div class='form-control-feedback'><i class='glyphicon glyphicon-resize-horizontal'></i></div>\n";
$html .= "<div id='{$input_id}-help' style='display:inline-block !important;'></div>";
$html .= "</div>\n";
$html .= "<div class='form-group m-b-0 has-feedback col-sm-6 col-md-6 col-lg-6'>";
$html .= "<input type='text' class='form-control input-sm {$class}' name='" . $input_name . "_h' id='" . $input_id . "' value='{$input_value_height}' placeholder='height (" . $placeholder . ")' " . ($deactivate == "1" && isnum($deactivate) ? "readonly" : "") . ">\n";
$html .= "<div class='form-control-feedback'><i class='glyphicon glyphicon-resize-vertical'></i></div>\n";
$html .= "<div id='{$input_id}-help' style='display:inline-block !important;'></div>";
$html .= "</div>\n";
$html .= "</div></div>\n";
$html .= "<input type='hidden' name='def['" . $input_name . "_w']' value='[type=text],[title={$title2}],[id={$input_id}],[required={$required}],[safemode=0]" . ($error_text ? ",[error_text={$error_text}]" : '') . "' readonly />";
$html .= "<input type='hidden' name='def['" . $input_name . "_h']' value='[type=text],[title={$title2}],[id={$input_id}],[required={$required}],[safemode=0]" . ($error_text ? ",[error_text={$error_text}]" : '') . "' readonly />";
return $html;
}
public function post_mood()
{
$response = FALSE;
// this is general single static output
if (isset($_POST['post_mood']) && isnum($_POST['post_mood'])) {
// if is a valid mood
// insert into post notify
$notify_data = array('post_id' => form_sanitizer($_POST['post_id'], 0, 'post_id'), 'notify_mood_id' => intval($_POST['post_mood']), 'notify_datestamp' => time(), 'notify_user' => form_sanitizer($_POST['post_author'], 0, 'post_author'), 'notify_sender' => fusion_get_userdata('user_id'), 'notify_status' => 1);
if (\defender::safe() && dbcount('(mood_id)', DB_FORUM_MOODS, "mood_id='" . $notify_data['notify_mood_id'] . "'") && !$this->mood_exists($notify_data['notify_sender'], $notify_data['notify_mood_id'], $notify_data['post_id'])) {
dbquery_insert(DB_POST_NOTIFY, $notify_data, 'save');
$response = TRUE;
}
} elseif (isset($_POST['unpost_mood']) && isnum($_POST['unpost_mood'])) {
// if is a valid mood
// insert into post notify
$notify_data = array('post_id' => form_sanitizer($_POST['post_id'], 0, 'post_id'), 'notify_mood_id' => intval($_POST['unpost_mood']), 'notify_user' => form_sanitizer($_POST['post_author'], 0, 'post_author'), 'notify_sender' => fusion_get_userdata('user_id'));
if (\defender::safe() && dbcount('(mood_id)', DB_FORUM_MOODS, "mood_id='" . $notify_data['notify_mood_id'] . "'") && $this->mood_exists($notify_data['notify_sender'], $notify_data['notify_mood_id'], $notify_data['post_id'])) {
dbquery("DELETE FROM " . DB_POST_NOTIFY . " WHERE post_id=" . $notify_data['post_id'] . "\n AND notify_mood_id=" . $notify_data['notify_mood_id'] . "\n AND notify_user="******"\n AND notify_sender=" . $notify_data['notify_sender']);
$response = TRUE;
}
}
return (bool) $response;
}
private function __construct()
{
global $aidlink;
$locale = fusion_get_locale("", LOCALE . LOCALESET . "admin/sitelinks.php");
$this->language_opts = fusion_get_enabled_languages();
$this->link_index = dbquery_tree(DB_SITE_LINKS, 'link_id', 'link_cat');
$this->position_opts = array('1' => $locale['SL_0025'], '2' => $locale['SL_0026'], '3' => $locale['SL_0027'], '4' => $locale['custom'] . " ID");
$_GET['link_id'] = isset($_GET['link_id']) && isnum($_GET['link_id']) ? $_GET['link_id'] : 0;
$_GET['link_cat'] = isset($_GET['link_cat']) && isnum($_GET['link_cat']) ? $_GET['link_cat'] : 0;
$_GET['action'] = isset($_GET['action']) ? $_GET['action'] : '';
self::link_breadcrumbs($this->link_index);
// must move this out.
add_to_head("<script type='text/javascript' src='" . INCLUDES . "jquery/jquery-ui.js'></script>");
add_to_jquery("\n\t\t\$('#site-links').sortable({\n\t\t\thandle : '.handle',\n\t\t\tplaceholder: 'state-highlight',\n\t\t\tconnectWith: '.connected',\n\t\t\tscroll: true,\n\t\t\taxis: 'y',\n\t\t\tupdate: function () {\n\t\t\t\tvar ul = \$(this),\n order = ul.sortable('serialize'),\n i = 0;\n\t\t\t\t\$('#info').load('" . ADMIN . "includes/site_links_updater.php" . $aidlink . "&' +order+ '&link_cat=" . intval($_GET['link_cat']) . "');\n\t\t\t\tul.find('.num').each(function(i) {\n\t\t\t\t\t\$(this).text(i+1);\n\t\t\t\t});\n\t\t\t\tul.find('li').removeClass('tbl2').removeClass('tbl1');\n\t\t\t\tul.find('li:odd').addClass('tbl2');\n\t\t\t\tul.find('li:even').addClass('tbl1');\n\t\t\t\twindow.setTimeout('closeDiv();',2500);\n\t\t\t}\n\t\t});\n\n\t\tfunction checkLinkPosition( val ) {\n if ( val == 4 ) {\n \$('#link_position_id').prop('disabled', false).show();\n } else {\n \$('#link_position_id').prop('disabled', true).hide();\n }\n }\n\t\t");
switch ($_GET['action']) {
case 'edit':
$this->data = self::load_sitelinks($_GET['link_id']);
if (!$this->data['link_id']) {
redirect(FUSION_SELF . $aidlink);
}
$this->form_action = FUSION_SELF . $aidlink . "&action=edit&section=nform&link_id=" . $_GET['link_id'] . "&link_cat=" . $_GET['link_cat'];
add_breadcrumb(array("link" => $this->form_action, "title" => $locale['SL_0011']));
break;
case 'delete':
$result = self::delete_sitelinks($_GET['link_id']);
if ($result) {
addNotice("success", $locale['SL_0017']);
redirect(FUSION_SELF . $aidlink);
}
break;
default:
$this->form_action = FUSION_SELF . $aidlink . "&section=link_form";
add_breadcrumb(array("link" => $this->form_action, "title" => $locale['SL_0010']));
break;
}
}
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
if (!defined("IN_FUSION")) {
die("Access Denied");
}
if (file_exists(INFUSIONS . "member_poll_panel/locale/" . LOCALESET . "member_poll_panel.php")) {
include INFUSIONS . "member_poll_panel/locale/" . LOCALESET . "member_poll_panel.php";
} else {
include INFUSIONS . "member_poll_panel/locale/English/member_poll_panel.php";
}
if (iMEMBER && isset($_POST['cast_vote']) && (isset($_POST['poll_id']) && isnum($_POST['poll_id'])) && (isset($_POST['voteoption']) && isnum($_POST['voteoption']))) {
$result = dbquery("SELECT v.vote_user, v.vote_id, p.poll_opt_0, p.poll_opt_1, p.poll_opt_2, p.poll_opt_3, p.poll_opt_4, p.poll_opt_5, p.poll_opt_6, p.poll_opt_7, p.poll_opt_8, p.poll_opt_9, p.poll_started, p.poll_ended\n\t\tFROM " . DB_POLLS . " p \n\t\tLEFT JOIN " . DB_POLL_VOTES . " v ON p.poll_id = v.poll_id\n\t\tWHERE p.poll_id='" . $_POST['poll_id'] . "'\n\t\tORDER BY v.vote_id");
if (dbrows($result)) {
$voters = array();
while ($pdata = dbarray($result)) {
$voters[] = $pdata['vote_user'];
$data = $pdata;
}
if ($data['poll_started'] < time() && $data['poll_ended'] == 0 && (empty($voters) || !in_array($userdata['user_id'], $voters)) && !empty($data["poll_opt_" . $_POST['voteoption']])) {
// bug #1010
$result = dbquery("INSERT INTO " . DB_POLL_VOTES . " (vote_user, vote_opt, poll_id) VALUES ('" . $userdata['user_id'] . "', '" . $_POST['voteoption'] . "', '" . $_POST['poll_id'] . "')");
}
}
redirect(FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : ""));
}
openside($locale['global_130']);
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['photo_watermark']) ? $_POST['photo_watermark'] : "0") . "' WHERE settings_name='photo_watermark'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['photo_watermark_save']) ? $_POST['photo_watermark_save'] : "0") . "' WHERE settings_name='photo_watermark_save'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . stripinput($_POST['photo_watermark_image']) . "' WHERE settings_name='photo_watermark_image'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['photo_watermark_text']) ? $_POST['photo_watermark_text'] : "0") . "' WHERE settings_name='photo_watermark_text'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (preg_match("/^([0-9A-F]){6}\$/i", $_POST['photo_watermark_text_color1']) ? $_POST['photo_watermark_text_color1'] : "FF6600") . "' WHERE settings_name='photo_watermark_text_color1'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (preg_match("/^([0-9A-F]){6}\$/i", $_POST['photo_watermark_text_color2']) ? $_POST['photo_watermark_text_color2'] : "FFFF00") . "' WHERE settings_name='photo_watermark_text_color2'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (preg_match("/^([0-9A-F]){6}\$/i", $_POST['photo_watermark_text_color3']) ? $_POST['photo_watermark_text_color3'] : "FFFFFF") . "' WHERE settings_name='photo_watermark_text_color3'");
if (!$result) {
$error = 1;
}
<?php
defined("IN_FUSION") or die("FU");
if (isset($_GET['id']) && isnum($_GET['id'])) {
}
$result = dbquery("SELECT f.forum_id, f.forum_name, f2.forum_name AS forum_cat_name\r\n\tFROM " . DB_FORUMS . " f\r\n\tINNER JOIN " . DB_FORUMS . " f2 ON f.forum_cat=f2.forum_id\r\n\tWHERE " . groupaccess('f.forum_access') . " AND f.forum_cat!='0' ORDER BY f2.forum_order ASC, f.forum_order ASC");
while ($data2 = dbarray($result)) {
if ($data2['forum_cat_name'] != $current_cat) {
if ($current_cat != "") {
$forum_list .= "</optgroup>\n";
}
$current_cat = $data2['forum_cat_name'];
$forum_list .= "<optgroup label='" . $data2['forum_cat_name'] . "'>\n";
}
$sel = $data2['forum_id'] == $fdata['forum_id'] ? " selected='selected'" : "";
$forum_list .= "<option value='" . $data2['forum_id'] . "'{$sel}>" . $data2['forum_name'] . "</option>\n";
}
$forum_list .= "</optgroup>\n";
echo "<div style='padding-top:5px'>\n" . $locale['540'] . "<br />\n";
echo "<select name='jump_id' class='textbox' onchange=\"jumpforum(this.options[this.selectedIndex].value);\">";
echo $forum_list . "</select>\n</div>\n";
echo "<div><hr />\n";
echo "<img src='" . get_image("foldernew") . "' alt='" . $locale['560'] . "' style='vertical-align:middle;' /> - " . $locale['470'] . "<br />\n";
echo "<img src='" . get_image("folder") . "' alt='" . $locale['561'] . "' style='vertical-align:middle;' /> - " . $locale['472'] . "<br />\n";
echo "<img src='" . get_image("folderlock") . "' alt='" . $locale['564'] . "' style='vertical-align:middle;' /> - " . $locale['473'] . "<br />\n";
echo "<img src='" . get_image("stickythread") . "' alt='" . $locale['563'] . "' style='vertical-align:middle;' /> - " . $locale['474'] . "\n";
echo "</div><!--sub_forum-->\n";
closetable();
echo "<script type='text/javascript'>\n" . "function jumpforum(forumid) {\n";
echo "document.location.href='" . FORUM . "viewforum.php?forum_id='+forumid;\n}\n";
echo "</script>\n";
list($threadcount, $postcount) = dbarraynum(dbquery("SELECT COUNT(thread_id), SUM(thread_postcount) FROM " . DB_THREADS . " WHERE forum_id='" . $_GET['forum_id'] . "'"));
if (isnum($threadcount) && isnum($postcount)) {
dbquery("UPDATE " . DB_FORUMS . " SET forum_postcount='{$postcount}', forum_threadcount='{$threadcount}' WHERE forum_id='" . $_GET['forum_id'] . "'");
}
require_once THEMES . "templates/footer.php";
+--------------------------------------------------------*/
require_once "../../maincore.php";
require_once THEMES . "templates/header.php";
if (file_exists(INFUSIONS . "fusionboard4/locale/" . $settings['locale'] . ".php")) {
include INFUSIONS . "fusionboard4/locale/" . $settings['locale'] . ".php";
} else {
include INFUSIONS . "fusionboard4/locale/English.php";
}
if (!iMEMBER) {
redirect("../../index.php");
}
add_to_title($locale['global_200'] . $locale['global_042']);
$result = dbquery("SELECT COUNT(post_id) FROM " . DB_POSTS . " tp\n\tINNER JOIN " . DB_FORUMS . " tf ON tp.forum_id=tf.forum_id\n\tWHERE " . groupaccess('tf.forum_access') . " AND post_author='" . $userdata['user_id'] . "'\n\tORDER BY tp.post_datestamp DESC LIMIT 100");
$rows = dbrows($result);
if ($rows) {
if (!isset($_GET['rowstart']) || !isnum($_GET['rowstart'])) {
$_GET['rowstart'] = 0;
}
$result = dbquery("SELECT tp.forum_id, tp.thread_id, tp.post_id, tp.post_author, tp.post_datestamp,\n\t\ttf.forum_name, tf.forum_access, tt.thread_subject\n\t\tFROM " . DB_POSTS . " tp\n\t\tINNER JOIN " . DB_FORUMS . " tf ON tp.forum_id=tf.forum_id\n\t\tINNER JOIN " . DB_THREADS . " tt ON tp.thread_id=tt.thread_id\n\t\tWHERE " . groupaccess('tf.forum_access') . " AND tp.post_author='" . $userdata['user_id'] . "'\n\t\tORDER BY tp.post_datestamp DESC LIMIT " . $_GET['rowstart'] . ",20");
$i = 0;
opentable($locale['global_042']);
echo "<table cellpadding='0' cellspacing='0' width='100%' class='tbl-border'>\n<tr>\n";
echo "<td width='1%' class='tbl2' style='white-space:nowrap'><strong>" . $locale['global_048'] . "</strong></td>\n";
echo "<td width='100%' class='tbl2'><strong>" . $locale['global_044'] . "</strong></td>\n";
echo "<td align='center' width='1%' class='tbl2' style='white-space:nowrap'><strong>" . $locale['global_049'] . "</strong></td>\n";
echo "</tr>\n";
while ($data = dbarray($result)) {
if ($i % 2 == 0) {
$row_color = "tbl1";
} else {
$row_color = "tbl2";
$memory_exhaused = false;
} else {
$memory_exhaused = true;
}
return $memory_exhaused;
}
function search_navigation($rows)
{
global $site_search_count, $composevars;
$site_search_count += $rows;
$navigation_result = "<div align='center' style='margin-top:5px;'>\n" . makePageNav($_GET['rowstart'], 10, $site_search_count > 100 || search_globalarray("") ? 100 : $site_search_count, 3, FUSION_SELF . "?stype=" . $_GET['stype'] . "&stext=" . urlencode($_GET['stext']) . "&" . $composevars) . "\n</div>\n";
return $navigation_result;
}
$composevars = "method=" . $_GET['method'] . "&datelimit=" . $_GET['datelimit'] . "&fields=" . $_GET['fields'] . "&sort=" . $_GET['sort'] . "&order=" . $_GET['order'] . "&chars=" . $_GET['chars'] . "&forum_id=" . $_GET['forum_id'] . "&";
$memory_limit = str_replace("m", "", strtolower(ini_get("memory_limit"))) * 1024 * 1024;
$memory_limit = !isnum($memory_limit) ? 8 * 1024 * 1024 : $memory_limit < 8 * 1024 * 1024 ? 8 * 1024 * 1024 : $memory_limit;
$memory_limit = $memory_limit - ceil($memory_limit / 4);
$global_string_count = 0;
$site_search_count = 0;
$search_result_array = array();
$navigation_result = "";
$items_count = "";
$_GET['stext'] = urldecode($_GET['stext']);
if ($_GET['stext'] != "" && strlen($_GET['stext']) >= 3) {
add_to_title($locale['global_201'] . $locale['408']);
opentable($locale['408']);
$fswords = explode(" ", $_GET['stext']);
$swords = array();
$iwords = array();
for ($i = 0; $i < sizeof($fswords); $i++) {
if (strlen($fswords[$i]) >= 3) {
}
echo "<input type='submit' name='save_link' value='" . $locale['525'] . "' class='button' /></td>\n";
echo "</tr>\n</table>\n</form>\n";
closetable();
opentable($locale['502']);
echo "<table cellpadding='0' cellspacing='0' width='400' class='center'>\n";
$result = dbquery("SELECT weblink_cat_id, weblink_cat_name FROM " . DB_WEBLINK_CATS . " ORDER BY weblink_cat_name");
if (dbrows($result)) {
echo "<tr>\n";
echo "<td class='tbl2'>" . $locale['531'] . "</td>\n";
echo "<td align='right' class='tbl2'>" . $locale['532'] . "</td>\n";
echo "</tr>\n<tr>\n";
echo "<td colspan='2' height='1'></td>\n";
echo "</tr>\n";
while ($data = dbarray($result)) {
if (!isset($_GET['weblink_cat_id']) || !isnum($_GET['weblink_cat_id'])) {
$_GET['weblink_cat_id'] = 0;
}
if ($data['weblink_cat_id'] == $_GET['weblink_cat_id']) {
$p_img = "off";
$div = "";
} else {
$p_img = "on";
$div = "style='display:none'";
}
echo "<tr>\n";
echo "<td class='tbl2'>" . $data['weblink_cat_name'] . "</td>\n";
echo "<td class='tbl2' align='right'><img src='" . get_image("panel_{$p_img}") . "' alt='' name='b_" . $data['weblink_cat_id'] . "' onclick=\"javascript:flipBox('" . $data['weblink_cat_id'] . "')\" /></td>\n";
echo "</tr>\n";
$result2 = dbquery("SELECT weblink_id, weblink_name, weblink_url FROM " . DB_WEBLINKS . " WHERE weblink_cat='" . $data['weblink_cat_id'] . "' ORDER BY weblink_name");
if (dbrows($result2)) {
}
$editlist = "";
$result = dbquery("SELECT * FROM " . DB_POLLS . " ORDER BY poll_id DESC");
if (dbrows($result)) {
while ($data = dbarray($result)) {
$editlist .= "<option value='" . $data['poll_id'] . "'>" . $data['poll_title'] . "</option>\n";
}
opentable($locale['402']);
echo "<div style='text-align:center'>\n<form name='editform' method='post' action='" . FUSION_SELF . $aidlink . "'>\n";
echo "<select name='poll_id' class='textbox' style='width:200px;'>\n" . $editlist . "</select>\n";
echo "<input type='submit' name='edit' value='" . $locale['421'] . "' class='button' />\n";
echo "<input type='submit' name='delete' value='" . $locale['422'] . "' class='button' />\n";
echo "</form>\n</div>\n";
closetable();
}
if (isset($_POST['edit']) && (isset($_POST['poll_id']) && isnum($_POST['poll_id']))) {
$_GET['poll_id'] = $_POST['poll_id'];
$data = dbarray(dbquery("SELECT * FROM " . DB_POLLS . " WHERE poll_id='" . $_POST['poll_id'] . "'"));
$poll_title = $data['poll_title'];
$poll_option = array();
for ($i = 0; $i <= 9; $i++) {
if ($data["poll_opt_" . $i]) {
$poll_option[$i] = $data["poll_opt_" . $i];
}
}
$opt_count = count($poll_option);
$poll_started = $data['poll_started'];
$_GET['poll_ended'] = $data['poll_ended'];
}
if (isset($_POST['addoption'])) {
$poll_title = stripinput($_POST['poll_title']);
}
} else {
opentable($locale['410']);
if (!isset($_POST['search_users']) || !isset($_POST['search_criteria'])) {
echo "<form name='searchform' method='post' action='" . FUSION_SELF . $aidlink . "'>\n";
echo "<table cellpadding='0' cellspacing='0' width='450' class='center'>\n";
echo "<tr>\n<td align='center' class='tbl'>" . $locale['411'] . "<br /><br />\n";
echo "<input type='text' name='search_criteria' class='textbox' style='width:300px' />\n</td>\n";
echo "</tr>\n<tr>\n<td align='center' class='tbl'>\n";
echo "<label><input type='radio' name='search_type' value='user_name' checked='checked' />" . $locale['413'] . "</label>\n";
echo "<label><input type='radio' name='search_type' value='user_id' />" . $locale['412'] . "</label></td>\n";
echo "</tr>\n<tr>\n<td align='center' class='tbl'><input type='submit' name='search_users' value='" . $locale['414'] . "' class='button' /></td>\n";
echo "</tr>\n</table>\n</form>\n";
} elseif (isset($_POST['search_users']) && isset($_POST['search_criteria'])) {
$mysql_search = "";
if ($_POST['search_type'] == "user_id" && isnum($_POST['search_criteria'])) {
$mysql_search .= "user_id='" . $_POST['search_criteria'] . "' ";
} elseif ($_POST['search_type'] == "user_name" && preg_match("/^[-0-9A-Z_@\\s]+\$/i", $_POST['search_criteria'])) {
$mysql_search .= "user_name LIKE '" . $_POST['search_criteria'] . "%' ";
}
if ($mysql_search) {
$result = dbquery("SELECT user_id, user_name FROM " . DB_USERS . " WHERE " . $mysql_search . " AND user_level='101' ORDER BY user_name");
}
if (isset($result) && dbrows($result)) {
echo "<form name='add_users_form' method='post' action='" . FUSION_SELF . $aidlink . "'>\n";
echo "<table cellpadding='0' cellspacing='1' width='450' class='tbl-border center'>\n";
$i = 0;
$users = "";
while ($data = dbarray($result)) {
$row_color = $i % 2 == 0 ? "tbl1" : "tbl2";
$i++;
}
}
}
}
if ($error == "") {
if ($settings['email_verification'] == "1") {
require_once INCLUDES . "sendmail_include.php";
mt_srand((double) microtime() * 1000000);
$salt = "";
for ($i = 0; $i <= 7; $i++) {
$salt .= chr(rand(97, 122));
}
$user_code = md5($email . $salt);
$activation_url = $settings['siteurl'] . "register.php?activate=" . $user_code;
if (sendemail($username, $email, $settings['siteusername'], $settings['siteemail'], $locale['449'], $locale['450'] . $activation_url)) {
$user_info = serialize(array("user_name" => $username, "user_password" => encrypt_pw($password1), "user_email" => $email, "user_hide_email" => isnum($_POST['user_hide_email']) ? $_POST['user_hide_email'] : "1"));
$result = dbquery("INSERT INTO " . DB_NEW_USERS . " (user_code, user_email, user_datestamp, user_info) VALUES('{$user_code}', '" . $email . "', '" . time() . "', '{$user_info}')");
// Log Registration + Security Question
log_registration($username, $email, $log);
opentable($locale['400']);
echo "<div style='text-align:center'><br />\n" . $locale['454'] . "<br /><br />\n</div>\n";
closetable();
} else {
opentable($locale['456']);
echo "<div style='text-align:center'><br />\n" . $locale['457'] . "<br /><br />\n</div>\n";
closetable();
}
} else {
$user_status = $settings['admin_activation'] == "1" ? "2" : "0";
$result = dbquery("INSERT INTO " . DB_USERS . " (user_name, user_password, user_admin_password, user_email, user_hide_email, user_avatar, user_posts, user_threads, user_joined, user_lastvisit, user_ip, user_rights, user_groups, user_level, user_status" . $db_fields . ") VALUES('{$username}', '" . encrypt_pw($password1) . "', '', '" . $email . "', '{$user_hide_email}', '', '0', '0', '" . time() . "', '0', '" . USER_IP . "', '', '', '" . nMEMBER . "', '{$user_status}'" . $db_values . ")");
$user_id = mysql_insert_id();
for ($i = 1; $i < count($inf_newtable) + 1; $i++) {
$result = dbquery("CREATE TABLE " . $inf_newtable[$i]);
}
}
if (isset($inf_insertdbrow) && is_array($inf_insertdbrow) && count($inf_insertdbrow)) {
for ($i = 1; $i < count($inf_insertdbrow) + 1; $i++) {
$result = dbquery("INSERT INTO " . $inf_insertdbrow[$i]);
}
}
$result = dbquery("INSERT INTO " . DB_INFUSIONS . " (inf_title, inf_folder, inf_version) VALUES ('" . $inf_title . "', '" . $inf_folder . "', '" . $inf_version . "')");
}
}
}
redirect(FUSION_SELF . $aidlink);
}
if (isset($_GET['defuse']) && isnum($_GET['defuse'])) {
$result = dbquery("SELECT * FROM " . DB_INFUSIONS . " WHERE inf_id='" . $_GET['defuse'] . "'");
$data = dbarray($result);
include INFUSIONS . $data['inf_folder'] . "/infusion.php";
if (isset($inf_adminpanel) && is_array($inf_adminpanel) && count($inf_adminpanel)) {
for ($i = 1; $i < count($inf_adminpanel) + 1; $i++) {
$result = dbquery("DELETE FROM " . DB_ADMIN . " WHERE admin_rights='" . ($inf_adminpanel[$i]['rights'] ? $inf_adminpanel[$i]['rights'] : "IP") . "' AND admin_link='" . INFUSIONS . $inf_folder . "/" . $inf_adminpanel[$i]['panel'] . "' AND admin_page='4'");
$result = dbquery("SELECT user_id, user_rights FROM " . DB_USERS . " WHERE user_level>='102'");
while ($data = dbarray($result)) {
$user_rights = explode(".", $data['user_rights']);
if (in_array($inf_adminpanel[$i]['rights'], $user_rights)) {
$key = array_search($inf_adminpanel[$i]['rights'], $user_rights);
unset($user_rights[$key]);
}
$result2 = dbquery("UPDATE " . DB_USERS . " SET user_rights='" . implode(".", $user_rights) . "' WHERE user_id='" . $data['user_id'] . "'");
}
| at www.gnu.org/licenses/agpl.html. Removal of this copyright header is
| strictly prohibited without written permission from the original author(s).
+---------------------------------------------------------------------------*/
require "../../maincore.php";
require INCLUDES . "class.httpdownload.php";
function unstripinput($text)
{
if (QUOTES_GPC) {
$text = stripslashes($text);
}
$search = array("\n", "&", """, "'", "\", """, "'", "<", ">");
$replace = array("\r\n", "&", "\"", "'", "\\", '\\"', "\\'", "<", ">");
$text = str_replace($search, $replace, $text);
return $text;
}
if (isset($_GET['thread_id']) && isnum($_GET['thread_id']) && (isset($_GET['post_id']) && isnum($_GET['post_id'])) && (isset($_GET['code_id']) && isnum($_GET['code_id']))) {
$result = dbquery("SELECT fp.*, ff.* FROM " . DB_POSTS . " AS fp\r\n\t\tINNER JOIN " . DB_FORUMS . " AS ff ON ff.forum_id=fp.forum_id\r\n\t\tWHERE fp.thread_id='" . $_GET['thread_id'] . "' AND fp.post_id='" . $_GET['post_id'] . "'");
if (dbrows($result)) {
$data = dbarray($result);
if (!checkgroup($data['forum_access']) || !$data['forum_cat']) {
redirect(BASEDIR . "forum/viewthread.php?thread_id=" . $_GET['thread_id']);
}
$text = $data['post_message'];
preg_match_all("#\\[geshi=(.*?)\\](.*?)\\[/geshi\\]#si", $text, $matches, PREG_PATTERN_ORDER);
if (isset($matches[1][$_GET['code_id']]) && isset($matches[2][$_GET['code_id']])) {
$ext = strtolower(str_replace("4strict", "", $matches[1][$_GET['code_id']]));
$text = unstripinput($matches[2][$_GET['code_id']]);
$filename = "geshi_" . $_GET['thread_id'] . "_" . $_GET['post_id'] . "_" . $_GET['code_id'] . "." . $ext;
$object = new httpdownload();
$object->set_bydata($text);
$object->use_resume = true;
if ($settings['comments_enabled'] == "0" || $settings['ratings_enabled'] == "0") {
$sys = "";
if ($settings['comments_enabled'] == "0" && $settings['ratings_enabled'] == "0") {
$sys = $locale['459'];
} elseif ($settings['comments_enabled'] == "0") {
$sys = $locale['457'];
} else {
$sys = $locale['458'];
}
echo "<tr>\n<td colspan='2' class='tbl1' style='font-weight:bold;text-align:left; color:black !important; background-color:#FFDBDB;'>";
echo "<span style='color:red;font-weight:bold;margin-right:5px;'>*</span>" . sprintf($locale['456'], $sys);
echo "</td>\n</tr>";
}
echo "<tr>\n";
echo "<td align='center' colspan='2' class='tbl'><br />\n";
if (isset($_POST['article_id']) && isnum($_POST['article_id']) || isset($_GET['article_id']) && isnum($_GET['article_id'])) {
echo form_hidden('', 'article_id', 'article_id', isset($_POST['article_id']) ? $_POST['article_id'] : $_GET['article_id']);
//echo "<input type='hidden' name='article_id' value='".(isset($_POST['article_id']) ? $_POST['article_id'] : $_GET['article_id'])."' />\n";
}
echo form_button($locale['430'], 'preview', 'preview', $locale['430'], array('class' => 'btn-primary m-r-10'));
echo form_button($locale['431'], 'save', 'save', $locale['431'], array('class' => 'btn-primary'));
echo "</tr>\n</table>\n</form>\n";
closetable();
add_to_jquery("\r\n function DeleteArticle() { return confirm('" . $locale['451'] . "');}\r\n \$('#save, #preview').bind('click', function(e) {\r\n var subject = \$('#subject').val();\r\n if (subject == '') { alert('" . $locale['450'] . "'); return false; }\r\n });\r\n ");
}
}
} else {
opentable($locale['403']);
echo "<div style='text-align:center'>" . $locale['452'] . "<br />\n" . $locale['453'] . "<br />\n";
echo "<a href='article_cats.php" . $aidlink . "'>" . $locale['454'] . "</a>" . $locale['455'] . "</div>\n";
closetable();
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['email_verification']) ? $_POST['email_verification'] : "1") . "' WHERE settings_name='email_verification'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['admin_activation']) ? $_POST['admin_activation'] : "0") . "' WHERE settings_name='admin_activation'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['display_validation']) ? $_POST['display_validation'] : "1") . "' WHERE settings_name='display_validation'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['enable_terms']) ? $_POST['enable_terms'] : "0") . "' WHERE settings_name='enable_terms'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='{$license_agreement}' WHERE settings_name='license_agreement'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='{$license_lastupdate}' WHERE settings_name='license_lastupdate'");
if (!$result) {
$error = 1;
}
if ($error) {
addNotice('danger', $locale['901']);
} else {
addNotice('success', $locale['900']);
