function isUser($user, $password, $db_connection)
{
/* CHECK WHAT KIND OF USER IS TRYING TO LOG IN
* Asumes $user and $password are arranged
* Returns the userdata array or false
*/
// Do we have real data here?
if ($user == '' || $password == '') {
return false;
}
// Check for that user on the db
$query = "SELECT idUser, username, pass, type, idEditor, DATE_FORMAT (date_created, '%b %y') AS date_created, country, email, limbo, limbo_reason FROM users LEFT JOIN editors ON users.idUser = editors.idEditor WHERE username='******'";
$result = mysql_query($query, $db_connection);
if (!empty($result)) {
$user_row = mysql_fetch_array($result);
unset($query, $result);
// Are we talking about the same password?
if ($user_row['pass'] == $password) {
if ($user_row['limbo'] == 'in') {
global $error;
$reason = $user_row['limbo_reason'];
$error['limbo'] = 'Your account has been temporarily disabled. Reason: ' . $reason;
}
// update date_modified to have last date logs
$id = $user_row['idUser'];
$d = date("Y-m-d H:i:s");
$query = "UPDATE users SET date_modified = '{$d}' WHERE idUser = '******'";
$result = mysql_query($query, $db_connection);
//Check if login IP is the same as current user IP.
$IP = $_SERVER['REMOTE_ADDR'];
if (isset($_SESSION['NC_IP'])) {
if ($_SESSION['NC_IP'] != $IP) {
$error['IP'] = 'Your IP appears to have changed. Please login again.';
session_destroy();
return false;
}
} else {
$_SESSION['NC_IP'] = $IP;
}
// <-- this only happens once, at login.
if (empty($error)) {
// & return the userArray without slashes
$user_row = strip_slashes_arr($user_row);
return $user_row;
} else {
return false;
}
} else {
return false;
}
} else {
return false;
}
}
// Is user connected? Get the userArray (updates the login date at DB too).
if (!empty($_SESSION['NC_user']) && !empty($_SESSION['NC_password'])) {
$arrUser = isUser($_SESSION['NC_user'], $_SESSION['NC_password'], $dbConn);
}
// Get the selected user data
if (!empty($_GET['id'])) {
$id = mysql_real_escape_string($_GET['id']);
$query = "SELECT idUser, username, type, first_name, last_name, country, DATE_FORMAT (date_created, '%b %D, %Y') AS date_created, date_modified, homepage, about, location FROM users WHERE idUser='******'";
$result = mysql_query($query, $dbConn);
if (empty($result)) {
$error['noUser'] = "******";
} else {
$user = mysql_fetch_array($result);
unset($query, $result);
// array $user to single vars
$user = strip_slashes_arr($user);
extract($user);
unset($user, $arr, $u);
// and userpic
$userpic = get_user_pic($idUser, 128);
}
} else {
$error['noUser'] = "******";
}
// page info
$page_title = "NoClan: Home";
// used at 'includes/head.inc'
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
{
$now = time();
$when = strtotime($timestamp);
if ($now - $when < $seconds) {
return true;
} else {
return false;
}
}
// BRING BACK THE COMMENTS OF THE POST
$query = "SELECT idComment, userId, username, content, date FROM comments INNER JOIN users ON userId = idUser WHERE postId = '{$idPost}' ORDER BY comments.date ASC";
$result = mysql_query($query, $dbConn);
//...and arrage it in $arrComments
$arrComments = array();
while ($row = mysql_fetch_assoc($result)) {
array_push($arrComments, strip_slashes_arr($row));
}
unset($query, $result, $row);
$c = count($arrComments);
// number of comments. Used on the page.
// SET THE USER OPTIONABLE COMMENTS: Get the last comment user sent to put the edit/delete buttons in.
$optionable_comments = array();
// idUser => idComent
// Foreach user that has comments here, get the last comment
if (!empty($arrComments)) {
foreach ($arrComments as $candidate) {
if (is_recent($candidate['date'], 360)) {
$optionable_comments[$candidate['userId']] = $candidate['idComment'];
}
}
}
// Good Bye User Session
include './includes/logout.php';
}
// Is user connected?
if (!empty($_SESSION['NC_user']) && !empty($_SESSION['NC_password'])) {
$arrUser = isUser($_SESSION['NC_user'], $_SESSION['NC_password'], $dbConn);
}
// page info
$page_title = "NoClan: Members";
// used at 'includes/head.inc'
// GET THE MEMBERS DATA
$query = "SELECT idUser, username, type, country, first_name, last_name, date_created, homepage, picasaUser, about FROM users WHERE users.type = 'member' OR users.type = 'admin' ORDER by date_created";
$result = mysql_query($query, $dbConn);
$arrMembers = array();
while ($row = mysql_fetch_assoc($result)) {
array_push($arrMembers, strip_slashes_arr($row));
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<?php
include $_SERVER['DOCUMENT_ROOT'] . '/includes/head.inc.php';
?>
</head>
<!-- Load javascript timers to update page -->
<body onload='StartUp(<?php
if (!empty($arrUser) && $arrUser['type'] != 'user') {
echo '1';
function strip_slashes_arr($arr)
{
/* Recursie function that strip slashes
* on values of an array.
*/
if (is_array($arr)) {
foreach ($arr as $i => $v) {
if (is_array($v)) {
strip_slashes_arr($v);
} else {
$arr[$i] = stripslashes($v);
}
}
return $arr;
} else {
return false;
}
}
echo '<img src="' . $u_pic . '" alt="' . $u_username . '" title="' . $u_username . '"/>';
echo '</a>';
echo '<h3 style="padding: 0; margin: 0;">';
echo '<a class="fancy" href="' . rurl() . '/user/show_userinfo.php?id=' . $u_idUser . '">' . $u_username . '</a>';
echo '</h3>';
echo '<span class="location">' . $u_location . ' (' . $u_country . ')</span><br />';
echo '<span class="label">' . $u_type . ' since ' . $u_date_created . '</span>';
echo '<br /><span><a class="more" href="' . rurl() . '/user/' . $u_username . '/" title="Visit ' . friendly_str($u_username) . '\'s profile">-more info-</a></span>';
echo '</div>';
}
}
if (!empty($arr_search_comments)) {
echo '<h2 style="clear: both;">Comments</h2>';
}
foreach ($arr_search_comments as $c) {
extract(strip_slashes_arr($c), EXTR_PREFIX_ALL, 'c');
$c_pic = get_user_pic($c_userId, 32);
$c_title = '<a href="' . rurl() . '/post/' . $c_postId . '/' . friendly_str($c_title) . '">' . $c_title . '</a>';
$c_content = cut_string($c_content, 60);
$c_content = '<a class="acomm" href="' . rurl() . '/post/' . $c_postId . '/' . friendly_str($c_title) . '#comm_' . $c_idComment . '">' . $c_content . '</a>';
$c_date = date("M j/Y", strtotime($c_date));
echo '<div class="comment_found">';
echo '<p><img src="' . $c_pic . '" alt="' . $c_username . '" title="' . $c_username . '"/>';
echo '<a class="fancy" href="' . rurl() . '/user/show_userinfo.php?id=' . $c_userId . '">' . $c_username . '</a>, on ' . $c_title . ': ';
echo '<em>' . $c_content . '</em>';
echo '<span style="color: #505050; font-size: 0.8em;"> (' . $c_date . ')</span>';
echo '</p></div>';
}
}
// end USERS and COMMENTS FOUND!
?>
require_once '../admin/functions.php';
require_once rdir() . '/admin/connect.php';
require_once rdir() . '/admin/isUser.php';
// db connection
$dbConn = connect_db();
if (!empty($_SESSION['NC_user']) && !empty($_SESSION['NC_password'])) {
$arrUser = isUser($_SESSION['NC_user'], $_SESSION['NC_password'], $dbConn);
}
// Number of comments to show
$n = 10;
if (empty($arrUser) || !empty($arrUser) && $arrUser['type'] == 'user') {
// Get the Last Comments of public posts posts.
$q = "SELECT idComment, comments.userId, postId, content, comments.date, username, title FROM comments INNER JOIN posts ON postId = idPost INNER JOIN users ON comments.userId = users.idUser WHERE posts.postFor = 'all' ORDER BY comments.date DESC LIMIT 0,{$n}";
} else {
// Members, friends and admins can see all...
$q = "SELECT idComment, comments.userId, postId, content, comments.date, username, title FROM comments INNER JOIN posts ON postId = idPost INNER JOIN users ON comments.userId = users.idUser ORDER BY comments.date DESC LIMIT 0,{$n}";
}
if ($r = mysql_query($q, $dbConn)) {
while ($commentrow = mysql_fetch_array($r)) {
extract(strip_slashes_arr($commentrow), EXTR_PREFIX_ALL, "lastc");
$lastc_pic = get_user_pic($lastc_userId, 24);
$lastc_title = '<a href="' . rurl() . '/post/' . $lastc_postId . '/' . friendly_str($lastc_title) . '">' . $lastc_title . '</a>';
$lastc_content = cut_string($lastc_content, 60);
$lastc_content = '<a class="acomm" href="' . rurl() . '/post/' . $lastc_postId . '/' . friendly_str($lastc_title) . '#comm_' . $lastc_idComment . '">' . $lastc_content . '</a>';
echo '<div class="comment">';
echo '<p><img class="userpic" src="' . $lastc_pic . '" alt="' . $lastc_username . '" title="' . $lastc_username . '"/>';
echo '<strong>' . ' ' . $lastc_username . '</strong>, on ' . $lastc_title . ' says: ';
echo '<em>' . $lastc_content . '</em></p>';
echo '</div>';
}
}
<language>en</language>
<pubDate>' . $rss_date . '</pubDate>
<image>
<url>' . $rss_image_url . '</url>
<title>' . $rss_title . '</title>
<link>' . rurl() . '</link>
</image>
';
// NEWS
$dbConn = connect_db();
$query = "SELECT idPost, postFor, title, summary, summary_img, date_pub, COUNT(idComment) AS numc, username FROM posts INNER JOIN users ON posts.userId = users.idUser LEFT JOIN comments ON comments.postId = posts.idPost GROUP BY idPost HAVING posts.postFor = 'all' AND date_pub <= CURRENT_TIMESTAMP ORDER BY date_pub DESC LIMIT 0,20";
$result = mysql_query($query, $dbConn);
//...and arrage it in $arrPosts
$arrNews = array();
while ($row = mysql_fetch_assoc($result)) {
array_push($arrNews, strip_slashes_arr($row));
}
unset($query, $result, $row);
foreach ($arrNews as $new) {
// vars
$title = clear($new['title']);
$link = rurl() . '/post/' . $new['idPost'] . '/' . friendly_str($new['title']);
$pubDate = date("r", strtotime($new['date_pub']));
$author = $new['username'];
// comments
if (empty($new['numc'])) {
$comms = 'no comments yet';
} else {
$comms = $new['numc'] . ' comments';
}
// image
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/admin/config.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/admin/functions.php';
require_once rdir() . '/admin/connect.php';
require_once rdir() . '/admin/isUser.php';
// db connection
$dbConn = connect_db();
// This page needs idPost
if (empty($_GET['idPost'])) {
} else {
// GET THE POST
$idPost = mysql_real_escape_string($_GET['idPost']);
$query = "SELECT idPost, summary, summary_img, postFor, title, date_pub, userId, body, tags, username FROM prePosts INNER JOIN users ON userId = idUser WHERE idPost = '{$idPost}'";
$result = mysql_query($query, $dbConn);
if ($row = mysql_fetch_assoc($result)) {
extract(strip_slashes_arr($row), EXTR_PREFIX_ALL, 'p');
unset($query, $result, $row, $arrPost);
} else {
go_home();
}
// page info
$page_title = $p_title;
// used at 'includes/head.inc'
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" itemscope itemtype="http://schema.org/Blog">
<head>
<?php
include rdir() . '/includes/head.inc.php';
?>
});
}
});
});
</script>
<style type='text/css'>.pwi_pager{display: ;}</style>
<?php
} else {
// FOR INDEX
$picasaUsers = array();
$query = "SELECT idUser, username, picasaUser FROM users WHERE (users.type = 'member' OR users.type = 'admin') AND users.picasaUser != ''";
$result = mysql_query($query, $dbConn);
while ($row = mysql_fetch_array($result)) {
array_push($picasaUsers, strip_slashes_arr($row));
}
echo '<script type="text/javascript">';
echo '$(document).ready(function() {';
foreach ($picasaUsers as $pu) {
echo '$("#' . $pu['username'] . '_container").pwi({';
echo 'username: \'' . $pu['picasaUser'] . '\',';
echo 'mode: \'album\',';
echo 'album: \'NC\',';
echo 'maxResults: 4,';
echo 'thumbCrop: 1,';
echo 'popupExt: function(photos){';
echo 'photos.fancybox({';
echo $fancy_conf;
echo '});';
echo '}';