if ($session_status == 'on') {
if (isset($_POST['draft'], $_POST['id'], $_POST['bin_mod']) && intval($_POST['draft']) == 0) {
$id = $_POST['id'];
$bin_mod = $_POST['bin_mod'];
$sql = 'UPDATE ' . $info_table . " SET `draft` = '0', `bin_mod` = '" . $bin_mod . "' WHERE `id` = '" . $id . "'";
$res = mysql_query($sql) or die("<h2>MySQL error</h2> " . mysql_errno() . " : " . mysql_error());
if ($res) {
$contents = '<div class="section">' . "\n" . '<h2 class="archive-title">' . $lang['file_published'] . "</h2>\n" . "</div>\n";
}
// Next, pull out the data and display the preview.
$sql = 'SELECT ' . "`id`, `bin_title`, `bintype`, `binname`, `binsize`, `bindate`, " . "DATE_FORMAT(`bin_mod`, '%Y-%m-%d %T') as `bin_mod`, `bin_category`, `bincomment`, `bin_count`, `draft`" . ' FROM ' . $info_table . " WHERE `id` = '{$id}'";
$res = mysql_query($sql);
$row = mysql_fetch_array($res);
// Generate XHTML
$row = convert_to_utf8($row);
format_date($row_name = 'bindate');
$title_date = $formatted_date;
$contents .= '<div class="section">' . "\n" . '<h2 class="date-title">' . $title_date . "</h2>\n";
$contents .= display_binary_box($row);
$contents .= file_uploaded();
$contents .= "</div><!-- End .section -->\n";
xhtml_output('');
} else {
// if user auth failed...
header('Location: ' . $http . '://' . $_SERVER['HTTP_HOST'] . $cfg['root_path'] . 'index.php');
exit;
}
} else {
header('Location: ' . $http . '://' . $_SERVER['HTTP_HOST'] . $cfg['root_path'] . 'index.php');
exit;
}
// Deny comment with same content
$check_sql = 'SELECT COUNT(id) as num FROM ' . $forum_table . " WHERE comment = '{$comment}'";
$check_res = mysql_query($check_sql);
$check_row = mysql_fetch_array($check_res);
if ($check_row['num'] > 1) {
header('Location: ' . $cd . '/forum/index.php');
exit;
}
// Matching a valid User password
if (!preg_match('/^[0-9a-zA-Z]{4,16}$/i', $_POST['user_pass'])) {
$contents = '<h2>' . $lang['invalid_pass'] . '</h2>' . '<p class="warning">' . $lang['invalid_pass_msg'] . '</p>';
xhtml_output('forum');
exit;
} elseif ($_POST[$comment_field_name] == '') {
$contents = "<h2>Ooops.</h2>\n" . '<p class="warning">' . $lang['no_comment'] . "</p>\n";
xhtml_output('forum');
exit;
} else {
// Get remote host info
if (!isset($_SERVER['REMOTE_HOST'])) {
$re_host = $_SERVER['REMOTE_ADDR'];
} else {
$re_host = $_SERVER['REMOTE_HOST'];
}
if (isset($_POST['user_uri'])) {
$user_uri = $_POST['user_uri'];
}
// Check the max value of thread ID in database, and then
// plus "1" to the ID of the new thread.
$get_id_sql = "SELECT MAX(`tid`) FROM `{$forum_table}`";
$max_id_res = mysql_query($get_id_sql);
</div>
<div class="section">
<h2 class="date-title">{$title_date}</h2>
EOD;
do {
// $tmp_date = substr($row['bindate'], 0, 10);
format_date($row_name = 'bindate');
$tmp_date = $formatted_date;
if ($title_date != $tmp_date) {
$title_date = $tmp_date;
$contents .= '</div><!-- End .section -->' . "\n\n" . '<div class="section">' . "\n" . '<h2 class="date-title">' . $title_date . "</h2>\n";
}
$row = convert_to_utf8($row);
$contents .= display_binary_box($row);
} while ($row = mysql_fetch_array($res));
$contents .= "</div><!-- End .section -->\n\n";
$contents .= display_prev_logs_navi('files/search');
} else {
$contents = "\n" . '<div class="section">' . "\n" . '<h2>' . $lang['recent'] . '<strong>' . $rows . '</strong>' . $lang['files'] . "</h2>\n";
while ($row = mysql_fetch_array($res)) {
$row = convert_to_utf8($row);
$contents .= display_binary_box($row);
}
$contents .= "</div><!-- End .section -->\n\n";
$contents .= display_prev_logs_navi('files/search');
}
} else {
$contents = "\n" . '<div class="section">' . "\n" . '<h2>Welcome to ' . $cfg['blog_title'] . " !</h2>\n" . '<p>' . $lang['no_files'] . "</p>\n" . "</div>\n";
}
xhtml_output('file');
<div class="section">
<h3>Oops!</h3>
<p class="warning">{$lang['choose_table']}</p>
</div>
</div>
EOD;
session_control();
against_xss();
if ($session_status == 'on') {
if (isset($_REQUEST['tables'])) {
$date = date($date_fname_format);
header('Content-type: application/x-download');
//header('Content-type: application/octet-stream');
header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT');
if (preg_match('@MSIE ([0-9].[0-9]{1,2})@', $_SERVER['HTTP_USER_AGENT'])) {
header('Content-Disposition: inline; filename="' . $dbname . '-' . $date . '.sql.gz');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
} else {
header('Content-Disposition: attachment; filename=' . $dbname . '-' . $date . '.sql.gz');
header('Pragma: no-cache');
}
dbDump($_REQUEST['tables']);
die;
} else {
$contents = $error_div;
xhtml_output($contents);
}
} else {
die('<h1>Oops!</h1>');
}
$section_content .= display_article_box($row);
} while ($row = mysql_fetch_array($res));
//------------- WITHOUT-DATE-TITLE MODE --------------
} else {
$section_content = '';
while ($row = mysql_fetch_array($res)) {
$row = convert_to_utf8($row);
$section_content .= display_article_box($row);
}
}
} else {
$flip_link = '';
$section_content = '<h2>' . $lang['no_matches'] . "</h2>";
}
} else {
$flip_link = '';
$section_content = '<h2>' . $lang['no_matches'] . "</h2>";
}
} else {
$hit_result = '';
$flip_link = '';
$section_content = '<h2>' . $lang['category'] . "</h2>\n" . '<p>' . $lang['status_idle'] . "</p>\n";
}
$contents = <<<EOD
{$hit_result}
<div class="section">
{$flip_link}{$section_content}{$flip_link}
</div>
EOD;
xhtml_output('log');
