function register()
{
global $globals, $mysql, $theme, $done, $error;
global $user;
global $l;
$theme['name'] = 'register';
$theme['call_theme_func'] = 'register';
loadlang();
fheader($title = 'Registration');
if (isset($_POST['sub_register'])) {
// special characters, etc not allowed
// only AlphaNumeric and _ (underscore) charachters allowed
$username = mandff($_POST['username'], $l['user_req']);
$password = mandff($_POST['password'], $l['pass_req']);
$email = mandff($_POST['email'], $l['email_req']);
$url = $_POST['url'];
if ($error) {
return false;
}
// cleanup of $_POST not happening.
// now cleanup of POST happening
foreach ($_POST as $k => $v) {
$v = check_input($v);
}
$username = $username;
$password = $password;
$email = $email;
$url = $url;
$salt = 'abc';
// by default the level of user & privileges are minimum, level=1
$group = 1;
// Password & Salt getting md5()'d
$password = md5($password . $salt);
$q1 = "SELECT `email` FROM `users` WHERE `email` = '{$email}'";
$qq1 = mysql_query($q1);
if (mysql_num_rows($qq1) > 0) {
$error['email_exists'] = $l['email_exists'];
return false;
}
// $q = "INSERT INTO `users`(`username`, `password`, `email`, `url`, `salt`) VALUES('$username', '$password', '$email', '$url', '$salt') ";
$q[1] = "INSERT INTO `users`(`username`, `password`, `email`, `url`, `salt`, `group`) VALUES('{$username}', '{$password}', '{$email}', '{$url}', '{$salt}', '{$group}')";
$qu[1] = mysql_query($q[1]);
//$ins_id = mysql_insert_id($qu[1]);
$ins_id = mysql_insert_id();
//echo "ins_id = " . $ins_id;
// an insert id goes in here, which becomes the user[uid]
$q[2] = "INSERT INTO `profile` (`users_uid`) VALUES('{$ins_id}')";
$qu[2] = mysql_query($q[2]);
$q[3] = "INSERT INTO `ai_actions_taken` (`users_uid`) VALUES('{$ins_id}')";
$qu[3] = mysql_query($q[3]);
if ($qu[1]) {
$done = true;
} else {
$errors = 'faltugiri';
}
}
}
function permissions()
{
global $globals, $mysql, $theme, $done, $error;
global $user;
global $l;
$theme['name'] = 'permissions';
$theme['call_theme_func'] = 'permissions';
loadlang();
fheader($title = 'Permissions');
if (isset($_POST['sub_register'])) {
$email = mandff($_POST['email'], $l['user_email_req']);
$password = mandff($_POST['password'], $l['pass_req']);
if ($error) {
return false;
}
// cleanup of $_POST not happening.
// now cleanup of POST happening
foreach ($_POST as $k => $v) {
$v = check_input($v);
}
$email = $email;
$password = $password;
$salt = 'abc';
// Password & Salt getting md5()'d
$password = md5($password . $salt);
/*
* Select only 1 column from email or username
$q1 = "SELECT * FROM `users` WHERE
(
( `email` = '$email' OR username = '******' )
AND
`password` = '$password'
) ";
*/
$q1 = "SELECT * FROM `users` WHERE \n\t\t`email` = '{$email}' AND `password` = '{$password}' \n\t\tOR \n\t\tusername = '******' AND `password` = '{$password}' \n\t\t";
$qq1 = db_query($q1);
if (mysql_num_rows($qq1) > 0) {
$done = true;
// if successful login, redirect to index.php
header("Location: index.php");
} else {
$error[] = 'Username/Email not valid';
}
}
}
function addReply()
{
global $globals, $mysql, $theme, $done, $errors, $error, $notice, $db;
global $themedir, $l, $user;
global $qu, $board;
global $time, $reqPrivs;
global $row;
global $ai;
$theme['name'] = 'addReply';
$theme['call_theme_func'] = 'addReply';
//loadlang();
loadlang('allFunc', __FUNCTION__);
fheader($title = 'Add Reply');
// if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
// if from Admin Board Settings table, loginReq column is 1, then, login is required to view
// so redirect him to login page
if ($reqPrivs['board']['loginReq']) {
if (!userUidSet()) {
redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
}
}
// Will have to see
// how reply table works in SMF
// replies table takes
// topic id replied to
// id of user
// log IP of user
// time/date (microtime() , less than 5(or other, variable factor) seconds, post cant be made by same IP) that post made
//
// if not isset $_GET[post], that means it is not a createTopic, it only an addReply
// if isset $_GET[post], that means it is a createTopic event
if (!isset($_GET['post'])) {
// adding limit 1, as the topic will always be only 1
$q = "SELECT * FROM `topics` WHERE `tid` = {$_GET['topic']} LIMIT 1";
$qu[0] = db_query($q);
$row = mysql_fetch_assoc($qu[0]);
$q = null;
}
if (isset($_POST['reply_sub']) && !empty($_POST['reply'])) {
$subject = '';
if (!isset($_GET['post'])) {
$subject = trim(mandff(check_input($_POST["subject"]), "Subject Empty"));
}
$reply = trim(mandff(check_input($_POST["reply"]), "Reply field empty"));
//echo "reply: ";
//printrr($reply);
//ai
/*
// the AI(ai) object from the AI_Execute class
if( $ai && is_object($ai ) )
{
// CHECKING FOR SPAM WORDS (Some AI Foo)
// $ai execute class for spam words in reply
if ($ai->spam_words($reply) ) // if true, then log the activity into the AI_Logs table, for reason "is_spam" & userid & username, date(unix epoch) etc
{
// corresponds to the ai_logs table, logggin the ai activity
// sending user uid, reason like cause, effect or action etc, type: spam_words, any_definition and time
ai_logs($users['uid'], $reason, $type, $definition, $time );
// now select the, number of times, logs present in the ai_logs table,
// check the severity, that becomes the severity,
// now goto, the effects table & see what corresponds to is_spam with given severity.
// now goto the Action table for that reason with given severity,
// and see which action is listed,
// include the file, take the action
// passing $_POST[reply]
print_r($ai->spam_words_e($reply) );
}
}
*/
// the AI(ai) object from the AI_Execute class
if ($ai && is_object($ai)) {
// CHECKING FOR SPAM WORDS (Some AI Foo)
// $ai execute class for spam words in reply
$ai->spam_words_e($reply);
}
//ai-
/*
$arr = array(
"keys" => array( "rbody", "topic_id", "poster_users_id", "date", "user_ip") ,
"values" => array(
array( "$reply", "$_GET[topic]", "$user[uid]", round( $time->scriptTime() ), "$_SERVER[REMOTE_ADDR]"
)
)
);
*/
$t = round($time->scriptTime());
// -> insert_arr($arr);
// if, its a reply to a topic
// if( !isset( $_GET['post'] ) )
if (isset($_GET['topic'])) {
// for the moment just putting $_SERVER[REMOTE_ADDR] in the query,
// instead of $user[REMOTE_ADDR]
$q1I = "INSERT INTO `replies`(\n\t\t\t`rsubject`, `rbody`, `topic_tid`, `poster_users_uid`, `date`, `user_ip`\n\t\t\t) \n\t\t\tVALUES( \n\t\t\t'{$subject}', '{$reply}', {$_GET['topic']}, {$user['uid']}, {$t}, '{$_SERVER['REMOTE_ADDR']}' \n\t\t\t)";
$q1E = db_query($q1I);
$id = mysql_insert_id();
} else {
// temporary this line of $user[uid], remove it later
// $user['uid'] = 1;
//
$q1I = "INSERT INTO `wall_post_reply`(\n\t\t\t`wpr_content`, `wpr_by_uid`, `wpr_date`, `wp_id`\n\t\t\t) \n\t\t\tVALUES(\n\t\t\t'{$reply}', {$user['uid']}, {$t}, {$_GET['post']}\n\t\t\t)";
// These 2 lines of code is also written above in the
// if condition, so this is code repetition,
// though i cud have just written the 2 lines of code only once,
// and written the below 2 procedures $qS2 & $qU1,
// in another if condition corresponding to this else condition
// as in, if( isset( $_GET[post]) ), but then, that wud have meant,
// an if() condition check for every time the script gets executed,
// for not repeting 2 lines of code(for saving 2 lines of space)
// it seemed a bad trade-of
// whereas in this case, though 2 lines will be extra,
// but, 2 times if condition checking will be saved,
// only once it will check, in this if() condition block,
// and decide what to do
$q1E = db_query($q1I);
$id = mysql_insert_id();
// First select all ids from wall_post table
// then execute this select query, then
// Run Update query on the the wall post id, with
// the new wall_post_reply id that you received by inserting
// new reply
$qS2 = "SELECT * from `wall_post` WHERE `wp_id`={$_GET['post']}";
$res = db_query($qS2);
$row = mysql_fetch_assoc($res);
// Dont need this line, the 2 lines below it lines will suffice
// $string = ( empty( $row['wpr_id'] ) ? $id : ( $row['wpr_id'] . "," . $id ) );
$string = $row['wpr_id'] . "," . $id;
$string = trim($string, ',');
$qU1 = "UPDATE `wall_post` set `wpr_id`='{$string}' WHERE `wp_id`={$_GET['post']}";
$res2 = db_query($qU1);
}
// header("Location: ");
// header("Location:{$globals['boardurl']}{$globals['ind']}action=topic&topic={$_GET['topic']}");
// header("Location: index.php?action=topic&topic={$_GET['topic']}");
if (is_bool($q1E)) {
if (isset($_GET['topic'])) {
$notice['success'] = "Muaah :x, Reply posted successfully. You can go <a href='{$globals['ind']}action=topic&topic={$_GET['topic']}'>HERE</a> to check your reply.";
} else {
// $_GET['post'] is set
$notice['success'] = "Muaah :x, Reply posted successfully. You can go <a href='{$globals['ind']}action=wall&uid={$_GET['uid']}&post={$_GET['post']}'>HERE</a> to check your post.";
}
//$notice['success'] = $l['success_wall'];
} else {
$error['no_success'] = "Could not post the reply.";
}
//$error['no_success'] = $l['no_success'];
}
}
if( $dbmake )
echo "dbmake";
echo 1;
exit();
printrr($_SERVER);
echo ( file_exists(dirname($_SERVER['SCRIPT_FILENAME'] ) . "/myforum_3.sql" ) ) ? "yes" : "no" ;
*/
if (isset($_POST['admin_set'])) {
$adminuser = mandff($_POST['adminuser'], 'Invalid Admin Username');
$adminpass = mandff($_POST['adminpass'], 'Invalid Admin Password');
$adminemail = mandff($_POST['adminemail'], 'Invalid Email');
$adminpass = md5($adminpass);
if (!empty($error)) {
echo "Errors: <br />";
foreach ($error as $err) {
echo $err . "<br />";
}
die;
//die($error);
}
// take $dbhost, $dbuser, $dbpass, $dbconn from config file now,
// as config file has been written in previous step
include 'config.php';
$conn = mysql_connect($host, $dbuser, $dbpass) or mysql_dead('No Db connection');
$select_db = mysql_select_db($dbname) or mysql_dead('No DB selected');
if ($select_db) {
function login()
{
global $globals, $mysql, $theme, $done, $error;
global $user;
global $l;
$theme['name'] = 'login';
$theme['call_theme_func'] = 'login';
loadlang();
fheader($title = 'Login');
if (isset($_POST['sub_register'])) {
$email = mandff(check_input($_POST['email']), $l['user_email_req']);
$password = mandff(check_input($_POST['password']), $l['pass_req']);
if ($error) {
return false;
}
// cleanup of $_POST not happening.
// now cleanup of POST happening
foreach ($_POST as $k => $v) {
$v = check_input($v);
}
$email = $email;
$password = $password;
$salt = 'abc';
// Password & Salt getting md5()'d
$password = md5($password . $salt);
/*
//--- commented ---
// Select only 1 column from email or username
$q1 = "SELECT * FROM `users` WHERE
(
( `email` = '$email' OR username = '******' )
AND
`password` = '$password'
) ";
// AND `password` = '$password'
// $q1 = "SELECT u.uid, u.username, u.email, u.url, u.group, g.g_name, g.g_priv
*/
/*
$q1 = "SELECT *
FROM `users` `u`
LEFT JOIN
`groups` `g` ON `u`.`group` = `g`.`g_id`
WHERE
( `u`.`email` = '$email'
OR
`u`.`username` = '$email' ) AND `u`.`password` = '$password'
";
*/
$q1 = "SELECT * \n\t\tFROM `users` `u` \n\t\tWHERE \n\t\t( `u`.`email` = '{$email}' \n\t\tOR \n\t\t`u`.`username` = '{$email}' ) AND `u`.`password` = '{$password}' \n\t\t";
$qq1 = db_query($q1);
if (mysql_num_rows($qq1) == 1) {
$_SESSION['user']['loggedIn'] = 1;
$data = array();
$data = mysql_fetch_assoc($qq1);
$_SESSION['user']['uid'] = $data['uid'];
/*
$done = true;
// if successful login, set sessions, redirect to index.php
$data = array();
while( $data = mysql_fetch_assoc($qq1) )
{
// set $_SESSION; else set the object $user & its properties
// $user->setAttributes();
foreach( $data as $k => $v )
{
$_SESSION["user"]["$k"] = $user["$k"] = $v;
if( $k == "password" || $k == "salt" )
{
unset( $_SESSION["user"]["$k"] );
unset( $user["$k"] );
unset( $data["$k"] );
}
// if $key of $data has been copied into $user,
// then, we will not require $data, so unloading php baggage
// by unsetting and emptying the memory with $data
if(isset($user["$k"] ) )
unset( $data["$k"] );
}
}
*/
header("Location: index.php?action=wall");
} else {
$error[] = 'Username/Email not valid';
}
}
}
function sendMessage()
{
global $themedir;
global $globals, $mysql, $theme, $done, $error, $errors;
global $l;
global $time;
global $user;
global $par;
global $db;
$theme['name'] = 'messages';
$theme['call_theme_func'] = 'sendMessage';
loadlang();
fheader($title = 'Send Message');
//$con = array();
//$con['dbname'] = 'myforum_3_testing';
//dbconn( $con );
if (isset($_POST['sendMess'])) {
$mess = array();
$mess['to'] = check_input(mandff($_POST['to'], "{$l['to_emp']}"));
$mess['body'] = check_input(mandff($_POST['body'], "{$l['body_emp']}"));
$mess['subject'] = check_input(optff($_POST['subject']));
if ($errors || $error) {
return false;
}
$q = "INSERT INTO `pm`(`pm_from_uid`, `pm_deleted_by_sender`, `pm_from_name`, `pm_sent_time`, `pm_subject`, `pm_body`) \n\t\t\t\t\t\t\t\t\tVALUES('{$user['uid']}', 0, '{$user['username']}', '{$timeNow}', '{$mess['subject']}', '{$mess['body']}') ";
$q1 = db_query($q);
$id = db_insert_id();
//$q2 = "SELECT `uid`, `username` FROM `users`";
//$q2 = db_query($q2);
$toArr = array();
$toArr = explode(",", $mess['to']);
$str = '';
foreach ($toArr as $k => $v) {
$toArr[$k] = $v = trim($v);
$str .= "'" . $v . "',";
}
$str = rtrim($str, ",");
$q2 = "SELECT `uid`, `username` FROM `users` WHERE `username` IN ( {$str} )";
$q22 = db_query($q2);
$userGot = array();
$userNotGot = array();
while ($row = mysql_fetch_assoc($q22)) {
$userGot[$row['uid']] = $row['username'];
}
$userNotGot = array();
$userNotGot = array_diff($toArr, $userGot);
if (!empty($userNotGot)) {
$error[] = 'Users not done: ' . implode(", ", $userNotGot) . "";
}
foreach ($userGot as $k => $v) {
$q3 = "INSERT INTO `pm_recepients`(`pm_id`, `pm_sent_to_uid`, `pm_is_read`, `pm_is_new`, `pm_is_deleted`) \n\t\t\t\t\t\t\t\t\t\tVALUES('{$id}', '{$k}', '0', '1', '0') ";
$q33 = db_query($q3);
}
}
/*
* Profile table
* CREATE TABLE `profile` (
`users_uid` foreign key references users(`uid`) INDEX KEY,
* `about` ,
* `displaypic_url` ,
`dob` INT default 0,
`sex` varchar(10) default 'na',
`perfume` varchar(255) default 'none',
* `website_url`,
`profile_id` INT NOT NULL AUTO INCREMENT,
);
alter table `users`
add column (
`about` longtext,
`dob` timestamp,
`sex` char(1),
`displaypic_url` varchar(255),
`website_url` varchar(255),
`perfume` varchar(255)
)
*/
}
function wall()
{
global $themedir, $theme, $l;
global $globals, $mysql, $theme, $done, $error, $errors;
global $user, $time;
global $qu, $reqPrivs;
$theme['name'] = 'wall';
$theme['call_theme_func'] = 'wall';
// echo ( $qu == 0 ) ? "yes" : "no" ? "under" : "not";
loadlang();
fheader('Wall');
// Base64encode for everything coming from URL
// Checking input, checking everything coming from $_GET url,
// sanitizing it, and casting it into an (int) datatype
// $uid = ( isset($_GET["uid"] ) ? (int) check_input( $_GET["uid"] ) : $user["uid"] );
// if get uid set, see if user has permission to view this profile, if yes then allow, else error, no permission
if (isset($_GET['uid'])) {
// if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
// if from Admin Board Settings table, loginReq column is 1, then, login is required to view
// so redirect him to login page
// if( $reqPrivs['board']['loginReq'] )
if (!userUidSet()) {
redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
}
// if( $user['perms'] & $reqPrivs['view']['a_priv'] )
if ($user['g_priv'] & $reqPrivs['view']['a_priv']) {
$uid = $_GET['uid'];
} else {
$error['perms_denied'] = 'No permission to view this page.';
return false;
}
} else {
if (isset($user['uid'])) {
$uid = $user['uid'];
} else {
// if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
// if from Admin Board Settings table, loginReq column is 1, then, login is required to view
// so redirect him to login page
// if( $reqPrivs['board']['loginReq'] )
if (!userUidSet()) {
redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
}
}
}
//if( isset($_POST['wall_sub']) && !empty($_POST['post'] ) )
if (isset($_POST['wall_sub'])) {
$reply = mandff(check_input($_POST['post']), 'Wall Post Empty');
if (empty($error) && empty($errors)) {
$now = round($time->scriptTime());
/*
$qI = "INSERT INTO wall_post(`wp_on_uid`, `wp_by_uid`, `wp_post`, `wp_date`)
VALUES ( $_GET[uid], $user[uid], '$reply', $now )";
*/
$qI = "INSERT INTO wall_post(`wp_on_uid`, `wp_by_uid`, `wp_post`, `wp_date`) \n\t\t\tVALUES ( {$uid}, {$user['uid']}, '{$reply}', {$now} )";
$qI_e = db_query($qI);
}
}
// $_GET[uid] below signifies, that on whose wall all the post are getting made
//$q = "SELECT * FROM `wall_post` `wp` JOIN `users` `u` ON `wp`.`wp_by_uid` = `u`.`uid` WHERE `wp`.`wp_on_uid`='$_GET[uid]' ORDER BY `wp`.`wp_date` DESC";
$q = "SELECT * FROM `wall_post` `wp` JOIN `users` `u` ON `wp`.`wp_by_uid` = `u`.`uid` WHERE `wp`.`wp_on_uid`='{$uid}' ORDER BY `wp`.`wp_date` DESC";
$qu = db_query($q);
//mail("*****@*****.**", "Hi Ashish", "Message for u buddy");
// printrr( $GLOBALS );
// printrr( $_SESSION );
}
