$query = "SELECT * FROM press WHERE `Deleted`='0' AND `Approved`='1' ORDER BY `Posted` DESC LIMIT 6";
            $section = "press";
        } elseif ($_GET['q'] == "ext_top_7days") {
            $query = "SELECT * FROM ext WHERE `Deleted`='0' AND `Visible`='1' AND `Posted` >= DATE_SUB(CURRENT_DATE(), INTERVAL {$recent_days} DAY) ORDER BY `Rank` DESC LIMIT 4";
            $section = "external-news";
        } elseif ($_GET['q'] == "ext_top_all") {
            $query = "SELECT * FROM ext WHERE `Deleted`='0' AND `Visible`='1' ORDER BY `Rank` DESC LIMIT 4";
            $section = "external-news";
        } elseif ($_GET['q'] == "ext_bottom_7days") {
            $query = "SELECT * FROM ext WHERE `Deleted`='0' AND `Visible`='1' AND `Posted` >= DATE_SUB(CURRENT_DATE(), INTERVAL {$recent_days} DAY) ORDER BY `Rank` ASC LIMIT 4";
            $section = "external-news";
        } elseif ($_GET['q'] == "ext_bottom_all") {
            $query = "SELECT * FROM ext WHERE `Deleted`='0' AND `Visible`='1' ORDER BY `Rank` ASC LIMIT 4";
            $section = "external-news";
        }
        if ($result = mysql_query_cached($query)) {
            foreach ($result->data as $item) {
                $name = utf8entities(stripslashes($item['Name']));
                $id = $item['Id'];
                $comments = $item['CommentCount'];
                $rank = $section == "external-news" ? $item['Rank'] : 0;
                $upvotes = $section == "press" ? $item['Upvotes'] : 0;
                echo template_item($name, $section, $id, $comments, false, $upvotes, $rank);
            }
        }
    }
} else {
    die("Error: No valid query was passed on.");
}
/*
if(!isset($_GET['s']) || !isset($_GET['f']) || !isset($_GET['o']) || !isset($_GET['p']))
if (!isset($_ANONNEWS)) {
    die;
}
/* Protect from direct requests */
/* This module handles the thread listing. */
$post_id = is_numeric($var_id) ? $var_id : 0;
if ($result = mysql_query_cached("SELECT * FROM forum_posts WHERE `Id`='{$var_id}' AND `ParentId`='0'", 5)) {
    $post = $result->data[0];
    $query = "SELECT * FROM forum_categories WHERE `Id`='{$post['CategoryId']}'";
    if ($category = mysql_query_cached($query)->data[0]) {
        $topic = utf8entities(stripslashes($post['Topic']));
        $caturlname = utf8entities(stripslashes($category['UrlName']));
        $catname = utf8entities(stripslashes($category['Name']));
        echo "<h2><a href=\"/forum\">Forum</a> &gt; <a href=\"/forum/category/{$caturlname}/\">{$catname}</a> &gt; {$topic}</h2>";
        echo template_post($post);
        $query = "SELECT * FROM forum_posts WHERE `ParentId`='{$post['Id']}'";
        if ($children = mysql_query_cached($query, 5)) {
            foreach ($children->data as $child) {
                echo template_post($child);
            }
        }
        echo "<div class=\"forum-reply\">\n\t\t\t<h3>Post a reply</h3>\n\t\t\t<form class=\"forum\" method=\"post\" action=\"/forum/post/{$var_id}/reply\">\n\t\t\t\t<input type=\"text\" name=\"name\" value=\"Anonymous\">\n\t\t\t\t<textarea name=\"body\"></textarea>\n\t\t\t\t<div class=\"forum-reply-button\">\n\t\t\t\t\t<button type=\"submit\" name=\"submit\">Post reply &gt;&gt;</button>\n\t\t\t\t\t" . template_captcha() . "\n\t\t\t\t</div>\n\t\t\t</form>\n\t\t</div>";
    } else {
        $var_code = ANONNEWS_ERROR_NOT_FOUND;
        require "module.error.php";
    }
} else {
    $var_code = ANONNEWS_ERROR_NOT_FOUND;
    require "module.error.php";
}
<?php

if (!isset($_ANONNEWS)) {
    die;
}
/* Protect from direct requests */
if (isset($_POST['submit'])) {
    // Process login.
    $sUsername = mysql_real_escape_string($_POST['username']);
    $sPassword = sha1($_POST['password']);
    if ($result = mysql_query_cached("SELECT * FROM mods WHERE `Username` = '{$sUsername}' AND `Hash` = '{$sPassword}'")) {
        $_SESSION['loggedin'] = true;
        $_SESSION['userid'] = $result->data[0]['Id'];
        $_SESSION['accesslevel'] = $result->data[0]['AccessLevel'];
        echo "Successfully logged in! <a href=\"/moderation/\">Continue...</a>";
    } else {
        echo "The login details you entered are incorrect.";
    }
} else {
    // Show login form
    echo "\n\t\t<form method=\"post\" action=\"/moderation/login/\">\n\t\t\t<strong>Log in to access the moderator panel.</strong><br>\n\t\t\tUsername: <input type=\"text\" name=\"username\"><br>\n\t\t\tPassword: <input type=\"password\" name=\"password\"><br>\n\t\t\t<button type=\"submit\" name=\"submit\" value=\"submit\">Log in</button>\n\t\t</form>\n\t";
}
function spam_score($url, $title = "", $check_ip = true)
{
    $score = 0;
    if ($check_ip) {
        /* Check DNSBLs */
        if (check_blacklisted()) {
            /* If a user is blacklisted in a DNSBL, his submission will be
             * held for manual review. We do not want to assign any further
             * spam points to this submission to avoid him accidentally
             * getting blocked, so we return with a score of 5. */
            return 5;
        }
        /* Check internal banlist */
        if (check_banlist()) {
            return 10;
        }
    }
    if (!preg_match("/^https?:\\/\\/([^\\/:]*?\\.[^\\/:]*)(\\/|:[0-9]{1,5}|\$)/", $url, $matches)) {
        return 10;
    }
    $domain = $matches[1];
    if (preg_match("/^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\$/", $domain)) {
        $localhost = false;
        $localhost = $localhost || ip_in_range($domain, "10.0.0.0/8");
        $localhost = $localhost || ip_in_range($domain, "127.0.0.1/8");
        $localhost = $localhost || ip_in_range($domain, "172.16.0.0/12");
        $localhost = $localhost || ip_in_range($domain, "192.168.0.0/16");
        if ($localhost) {
            // Adding entries that point to localhost is not allowed.
            return 10;
        }
    }
    $domain_parts = explode(".", $domain);
    $top_domain = $domain_parts[count($domain_parts) - 2] . "." . $domain_parts[count($domain_parts) - 1];
    if ($result = mysql_query_cached("SELECT * FROM blacklist")) {
        $blacklist = $result->data;
    } else {
        return $score;
    }
    $banned_domains = array();
    $banned_parts = array();
    $banned_ips = array();
    $banned_titles = array();
    foreach ($blacklist as $element) {
        if ($element['Type'] == "0") {
            $banned_ips[] = $element['Value'];
        } elseif ($element['Type'] == "1") {
            $banned_parts[] = $element['Value'];
        } elseif ($element['Type'] == "2") {
            $banned_domains[] = $element['Value'];
        } elseif ($element['Type'] == "3") {
            $banned_titles[] = $element['Value'];
        }
    }
    $ipList = explode(",", get_ip());
    foreach ($ipList as $ip) {
        if (in_array($ip, $banned_ips)) {
            $score += 5;
        }
    }
    if (count($domain_parts) >= 3) {
        $sub_domain = $domain_parts[count($domain_parts) - 3] . "." . $domain_parts[count($domain_parts) - 2] . "." . $domain_parts[count($domain_parts) - 1];
    } else {
        $sub_domain = $top_domain;
    }
    foreach ($banned_domains as $part) {
        if (strtolower($part) == strtolower($top_domain) || strtolower($part) == strtolower($sub_domain)) {
            $score += 10;
        } elseif (strpos($url, $part) !== false) {
            $score += 5;
        }
    }
    foreach ($banned_parts as $part) {
        if (strpos(strtolower($url), strtolower($part)) !== false) {
            $score += 3;
        }
    }
    if (!empty($title)) {
        foreach ($banned_titles as $part) {
            if (strpos(strtolower($title), strtolower($part)) !== false) {
                $score += 3;
            }
        }
    }
    return $score;
}
                }
            } else {
                $var_code = ANONNEWS_ERROR_INCORRECT_CAPTCHA;
                require "module.error.php";
            }
        }
    }
} elseif ($var_mode == "reply") {
    // Post a reply to an existing thread.
    $recaptcha = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
    if ($recaptcha->is_valid) {
        $post_id = is_numeric($var_id) ? $var_id : 0;
        $name = !empty($_POST['name']) ? mysql_real_escape_string($_POST['name']) : "Anonymous";
        $body = mysql_real_escape_string($_POST['body']);
        if (!empty($body)) {
            if ($result = mysql_query_cached("SELECT * FROM forum_posts WHERE `Id`='{$post_id}'")) {
                $parent = $result->data[0];
                $query = "INSERT INTO forum_posts (`CategoryId`, `ParentId`, `Name`, `Topic`, `Posted`, `Body`, `Replies`, `LastReplyUser`, `LastReplyTime`)\n\t\t\t\tVALUES ('{$parent['CategoryId']}', '{$post_id}', '{$name}', '', CURRENT_TIMESTAMP, '{$body}', '0', '', CURRENT_TIMESTAMP)";
                if (mysql_query($query)) {
                    $insid = mysql_insert_id();
                    $topic = mysql_real_escape_string(stripslashes($parent['Topic']));
                    mysql_query("UPDATE forum_categories SET `Posts`=`Posts`+1 , `LastPostTime`=CURRENT_TIMESTAMP , `LastPostTopic`='{$topic}' WHERE `Id`='{$parent['CategoryId']}'");
                    mysql_query("UPDATE forum_posts SET `Replies`=`Replies`+1 , `LastReplyUser`='{$name}' , `LastReplyTime`=CURRENT_TIMESTAMP WHERE `Id`='{$post_id}'");
                    echo "<p><strong>Your post was successful!</strong> It may take a few seconds to appear.</p>\n\t\t\t\t\t<p><a href=\"/forum/post/{$post_id}/#p-{$insid}\" class=\"page-button\">&lt;&lt; back to thread</a></p>";
                } else {
                    $var_code = ANONNEWS_ERROR_DATABASE_ERROR;
                    require "module.error.php";
                }
            } else {
                $var_code = ANONNEWS_ERROR_NOT_FOUND;
                require "module.error.php";
        // PRIMARY KEY, safe to assign
        echo "<div class=\"mod-item\">\n\t\t\t<a href=\"/press/item/{$sId}/\" target=\"_blank\">{$sTitle}</a>\n\t\t\t<a href=\"/moderation/item/press/{$sId}/approve/\" class=\"mod-approve\">Approve</a>\n\t\t\t<a href=\"/moderation/item/press/{$sId}/reject/\" class=\"mod-reject\">Reject</a>\n\t\t</div>";
    }
} else {
    echo "No unmoderated press releases.";
}
echo "<div class=\"mod-spacer\"></div><h3>External news sources</h3>";
if ($result = mysql_query_cached("SELECT * FROM ext WHERE `Deleted` = '0' AND `Approved` = '0' ORDER BY `Visible` DESC LIMIT 100", 2)) {
    foreach ($result->data as $item) {
        $sUrl = htmlspecialchars(stripslashes($item['Url']));
        $sTitle = utf8entities(stripslashes($item['Name']));
        $sId = $item['Id'];
        // PRIMARY KEY, safe to assign
        echo "<div class=\"mod-item\">\n\t\t\t<a href=\"{$sUrl}\" target=\"_blank\">{$sTitle}</a> \n\t\t\t<a href=\"/moderation/item/external-news/{$sId}/approve/\" class=\"mod-approve\">Approve</a>\n\t\t\t<a href=\"/moderation/item/external-news/{$sId}/reject/\" class=\"mod-reject\">Reject</a>\n\t\t\t<div class=\"mod-url\">{$sUrl}</div>\n\t\t</div>";
    }
} else {
    echo "No unmoderated external news sources.";
}
echo "<div class=\"mod-spacer\"></div><h3>Related sites</h3>";
if ($result = mysql_query_cached("SELECT * FROM sites WHERE `Deleted` = '0' AND `Approved` = '0' ORDER BY `Id` ASC LIMIT 100", 2)) {
    foreach ($result->data as $item) {
        $sUrl = htmlspecialchars(stripslashes($item['Url']));
        $sTitle = utf8entities(stripslashes($item['Name']));
        $sId = $item['Id'];
        // PRIMARY KEY, safe to assign
        echo "<div class=\"mod-item\">\n\t\t\t<a href=\"{$sUrl}\" target=\"_blank\">{$sTitle}</a> \n\t\t\t<a href=\"/moderation/item/external-news/{$sId}/approve/\" class=\"mod-approve\">Approve</a>\n\t\t\t<a href=\"/moderation/item/external-news/{$sId}/reject/\" class=\"mod-reject\">Reject</a>\n\t\t\t<div class=\"mod-url\">{$sUrl}</div>\n\t\t</div>";
    }
} else {
    echo "No unmoderated related sites.";
}
//$result = mysql_query_cached("SELECT * FROM sites WHERE `Approved` = '0'", 2);
                        if (mysql_num_rows($res) > 0) {
                            $row = mysql_fetch_array($res);
                            $total = $row['Upvotes'] + 1;
                            mysql_query("UPDATE press SET `Upvotes`='{$total}' WHERE `Id`='{$var_id}'");
                        }
                    }
                    echo "<strong>Your comment is now visible.</strong>\n\t\t\t\t\t<p><a href=\"/{$var_section}/item/{$var_id}/comments/#c-{$comment_id}\" class=\"page-button\"><< back to thread</a></p>";
                    render_comments($var_table, $var_id);
                    $validated = true;
                } else {
                    echo "<strong>The captcha you entered was incorrect.</strong> Try again.<br><br>";
                }
            }
        } else {
            $error = true;
            $var_code = ANONNEWS_ERROR_NOT_FOUND;
            require "module.error.php";
        }
    }
    if ($error === false && ($posted === true || $validated === false)) {
        if ($result = mysql_query_cached("SELECT * FROM comments WHERE `Id`='{$comment_id}'")) {
            $linecount = count(explode("\n", $result->data[0]['Body']));
            $charcount = strlen($result->data[0]['Body']);
            echo "\n\t\t\t<form method=\"post\" action=\"/{$var_section}/item/{$var_id}/comments/post/{$parent}/\">\n\t\t\t\t<input type=\"hidden\" name=\"commentid\" value=\"{$comment_id}\">\n\t\t\t\t<input type=\"hidden\" name=\"validate\" value=\"true\">\n\t\t\t\t" . template_captcha();
            if ($var_section == "press" && $linecount >= 2 && $charcount >= 100) {
                echo "<br><input type=\"checkbox\" name=\"upvote\" value=\"true\"> Upvote this press release<br><br>";
            }
            echo "<button type=\"submit\" name=\"submit\">Verify</button>\n\t\t\t</form>\n\t\t\t";
        }
    }
}
/* Protect from direct requests */
/* This module handles the category overview. */
?>

<h2>Forum</h2>

<div class="forum-header">
	Be sure to read the <a href="/static/forumrules">Forum Rules</a>! All posting is anonymous, no registration is necessary and no IPs are kept.
</div>

<table class="forum-table">
	<tr>
		<th class="forum-header-category-name">Category</th>
		<th class="forum-header-category-threads">Threads</th>
		<th class="forum-header-category-posts">Posts</th>
	</tr>
	<?php 
$result = mysql_query_cached("SELECT * FROM forum_categories ORDER BY `Name` ASC", 10);
foreach ($result->data as $category) {
    if ($category['Posts'] > 0) {
        $posttime = date("F j, Y H:i:s", strtotime($category['LastPostTime']));
        $lasttopic = utf8entities($category['LastPostTopic']);
        $lastpost = "Last post: <strong>{$lasttopic}</strong> @ {$posttime}";
    } else {
        $lastpost = "There are no posts in this category yet.";
    }
    echo "<tr>\n\t\t\t<td class=\"forum-item-category-name\">\n\t\t\t\t<a class=\"forum-table-link\" href=\"/forum/category/{$category['UrlName']}\">\n\t\t\t\t\t<div class=\"forum-table-name\">{$category['Name']}</div>\n\t\t\t\t\t<div class=\"forum-table-date\">{$lastpost}</div>\n\t\t\t\t</a>\n\t\t\t</td>\n\t\t\t<td class=\"forum-item-category-threads\">{$category['Threads']}</td>\n\t\t\t<td class=\"forum-item-category-posts\">{$category['Posts']}</td>\n\t\t</tr>";
}
?>
</table>
	
	<div class="forum-buttons">
		<a href="/forum/category/<?php 
    echo $var_id;
    ?>
/new">Create new thread</a>
		<div class="clear"></div>
	</div>
	
	<table class="forum-table">
		<tr>
			<th class="forum-header-threads-name">Thread Title</th>
			<th class="forum-header-threads-replies">Replies</th>
		</tr>
		<?php 
    if ($result = mysql_query_cached("SELECT * FROM forum_posts WHERE `CategoryId`='{$catid}' AND `ParentId`='0' ORDER BY `LastReplyTime` DESC", 10)) {
        foreach ($result->data as $post) {
            $teaser = cut_text(utf8entities(stripslashes($post['Body'])), 90);
            $topic = utf8entities(stripslashes($post['Topic']));
            echo "<tr>\n\t\t\t\t\t<td class=\"forum-item-threads-name\">\n\t\t\t\t\t\t<a class=\"forum-table-link\" href=\"/forum/post/{$post['Id']}\">\n\t\t\t\t\t\t\t<div class=\"forum-table-name\">{$topic}</div>\n\t\t\t\t\t\t\t<div class=\"forum-table-teaser\">{$teaser}</div>\n\t\t\t\t\t\t</a>\n\t\t\t\t\t</td>\n\t\t\t\t\t<td class=\"forum-item-threads-replies\">{$post['Replies']}</td>\n\t\t\t\t</tr>";
        }
    } else {
        echo "<tr>\n\t\t\t\t<td colspan=\"2\">There are no threads in this category yet.</td>\n\t\t\t</tr>";
    }
    ?>
	</table>
	
	<?php 
} else {
    $var_code = ANONNEWS_ERROR_NOT_FOUND;
    require "module.error.php";