function LoadGroups() { global $usergroups, $loguserid, $loguser, $loguserGroup, $loguserPermset; global $guestPerms, $guestGroup, $guestPermset; $guestGroup = $usergroups[Settings::get('defaultGroup')]; $res = Query("SELECT *, 1 ord FROM {permissions} WHERE applyto=0 AND id={0} AND perm IN ({1c})", $guestGroup['id'], $guestPerms); $guestPermset = LoadPermset($res); if (!$loguserid) { $loguserGroup = $guestGroup; $loguserPermset = $guestPermset; $loguser['banned'] = false; $loguser['root'] = false; return; } $secgroups = array(); $loguserGroup = $usergroups[$loguser['primarygroup']]; $res = Query("SELECT groupid FROM {secondarygroups} WHERE userid={0}", $loguserid); while ($sg = Fetch($res)) { $secgroups[] = $sg['groupid']; } $res = Query("\tSELECT *, 1 ord FROM {permissions} WHERE applyto=0 AND id={0}\n\t\t\t\t\tUNION SELECT *, 2 ord FROM {permissions} WHERE applyto=0 AND id IN ({1c})\n\t\t\t\t\tUNION SELECT *, 3 ord FROM {permissions} WHERE applyto=1 AND id={2}\n\t\t\t\t\tORDER BY ord", $loguserGroup['id'], $secgroups, $loguserid); $loguserPermset = LoadPermset($res); $maxrank = FetchResult("SELECT MAX(rank) FROM {usergroups}"); $loguser['banned'] = $loguserGroup['id'] == Settings::get('bannedGroup'); $loguser['root'] = $loguserGroup['id'] == Settings::get('rootGroup'); }
function getActivity($id) { global $activityCache; if (!isset($activityCache[$id])) { $activityCache[$id] = FetchResult("select count(*) from {posts} where user = {0} and date > {1}", $id, time() - 86400); } return $activityCache[$id]; }
function recursionCheck($fid, $cid) { if ($cid >= 0) { return; } $check = array(); for (;;) { $check[] = -$cid; if ($check[0] == $fid) { dieAjax('Endless recursion detected; choose another parent for this forum.'); } $cid = FetchResult("SELECT catid FROM {forums} WHERE id={0}", $cid); if ($cid >= 0) { break; } } }
function uploadFile($file, $cattype, $cat) { global $loguserid, $uploaddirs, $goodfiles, $badfiles, $userquota, $maxSize; $targetdir = $uploaddirs[$cattype]; $totalsize = foldersize($targetdir); $filedata = $_FILES[$file]; $c = FetchResult("SELECT COUNT(*) FROM {uploader} WHERE filename={0} AND cattype={1} AND user={2} AND deldate=0", $filedata['name'], $cattype, $loguserid); if ($c > 0) { return "You already have a file with this name. Please delete the old copy before uploading a new one."; } if ($filedata['size'] == 0) { if ($filedata['tmp_name'] == '') { return 'No file given.'; } else { return 'File is empty.'; } } if ($filedata['size'] > $maxSize) { return 'File is too large. Maximum size allowed is ' . BytesToSize($maxSize) . '.'; } $randomid = Shake(); $pname = $randomid . '_' . Shake(); $fname = $_FILES['newfile']['name']; $temp = $_FILES['newfile']['tmp_name']; $size = $_FILES['size']['size']; $parts = explode(".", $fname); $extension = end($parts); if ($totalsize + $size > $quot) { Alert(format(__("Uploading \"{0}\" would break the quota."), $fname)); } else { if (in_array(strtolower($extension), $badfiles) || is_array($goodfiles) && !in_array(strtolower($extension), $goodfiles)) { return 'Forbidden file type.'; } else { $description = $_POST['description']; $big_descr = $cat['showindownloads'] ? $_POST['big_description'] : ''; Query("insert into {uploader} (id, filename, description, big_description, date, user, private, category, deldate, physicalname) values ({7}, {0}, {1}, {6}, {2}, {3}, {4}, {5}, 0, {8})", $fname, $description, time(), $loguserid, $privateFlag, $_POST['cat'], $big_descr, $randomid, $pname); copy($temp, $targetdir . "/" . $pname); Report("[b]" . $loguser['name'] . "[/] uploaded file \"[b]" . $fname . "[/]\"" . ($privateFlag ? " (privately)" : ""), $privateFlag); die(header("Location: " . actionLink("uploaderlist", "", "cat=" . $_POST["cat"]))); } } }
function OnlineUsers($forum = 0, $update = true) { global $loguserid; $forumClause = ""; $browseLocation = __("online"); if ($update) { if ($loguserid) { Query("UPDATE {users} SET lastforum={0} WHERE id={1}", $forum, $loguserid); } else { Query("UPDATE {guests} SET lastforum={0} WHERE ip={1}", $forum, $_SERVER['REMOTE_ADDR']); } } if ($forum) { $forumClause = " and lastforum={1}"; $forumName = FetchResult("SELECT title FROM {forums} WHERE id={0}", $forum); $browseLocation = format(__("browsing {0}"), $forumName); } $rOnlineUsers = Query("select u.(_userfields) from {users} u where (lastactivity > {0} or lastposttime > {0}) and loggedin = 1 " . $forumClause . " order by name", time() - 300, $forum); $onlineUserCt = 0; $onlineUsers = ""; while ($user = Fetch($rOnlineUsers)) { $user = getDataPrefix($user, "u_"); $userLink = UserLink($user, true); $onlineUsers .= ($onlineUserCt ? ", " : "") . $userLink; $onlineUserCt++; } //$onlineUsers = $onlineUserCt." "user".(($onlineUserCt > 1 || $onlineUserCt == 0) ? "s" : "")." ".$browseLocation.($onlineUserCt ? ": " : ".").$onlineUsers; $onlineUsers = Plural($onlineUserCt, __("user")) . " " . $browseLocation . ($onlineUserCt ? ": " : ".") . $onlineUsers; $data = Fetch(Query("select \n\t\t(select count(*) from {guests} where bot=0 and date > {0} {$forumClause}) as guests,\n\t\t(select count(*) from {guests} where bot=1 and date > {0} {$forumClause}) as bots\n\t\t", time() - 300, $forum)); $guests = $data["guests"]; $bots = $data["bots"]; if ($guests) { $onlineUsers .= " | " . Plural($guests, __("guest")); } if ($bots) { $onlineUsers .= " | " . Plural($bots, __("bot")); } // $onlineUsers = "<div style=\"display: inline-block; height: 16px; overflow: hidden; padding: 0px; line-height: 16px;\">".$onlineUsers."</div>"; return $onlineUsers; }
function DoPrivateMessageBar() { global $loguserid, $loguser; if ($loguserid) { $unread = FetchResult("select count(*) from {pmsgs} where userto = {0} and msgread=0 and drafting=0", $loguserid); $content = ""; if ($unread) { $pmNotice = $loguser['usebanners'] ? "id=\"pmNotice\" " : ""; $rLast = Query("select * from {pmsgs} where userto = {0} and msgread=0 order by date desc limit 0,1", $loguserid); $last = Fetch($rLast); $rUser = Query("select * from {users} where id = {0}", $last['userfrom']); $user = Fetch($rUser); $content .= format("\n\t\t" . __("You have {0}{1}. {2}Last message{1} from {3} on {4}."), Plural($unread, format(__("new {0}private message"), "<a href=\"" . actionLink("private") . "\">")), "</a>", "<a href=\"" . actionLink("showprivate", $last['id']) . "\">", UserLink($user), formatdate($last['date'])); } if ($loguser['newcomments']) { $content .= format("\n\t\t" . __("You {0} have new comments in your {1}profile{2}."), $content != "" ? "also" : "", "<a href=\"" . actionLink("profile", $loguserid) . "\">", "</a>"); } if ($content) { write("\n\t<div {0} class=\"outline margin header0 cell0 smallFonts\">\n\t\t{1}\n\t</div>\n", $pmNotice, $content); } } }
function HandlePostAttachments($postid, $final) { $targetdir = DATA_DIR . 'uploads'; if (!Settings::get('postAttach')) { return array(); } $attachs = array(); if (isset($_POST['files']) && !empty($_POST['files'])) { foreach ($_POST['files'] as $fileid => $blarg) { if (isset($_POST['deletefile']) && $_POST['deletefile'][$fileid]) { $todelete = Query("SELECT physicalname, user FROM {uploadedfiles} WHERE id={0}", $fileid); DeleteUpload($targetdir . '/' . $entry['physicalname'], $entry['user']); Query("DELETE FROM {uploadedfiles} WHERE id={0}", $fileid); } else { if ($final) { Query("UPDATE {uploadedfiles} SET parentid={0}, deldate=0 WHERE id={1}", $postid, $fileid); } $attachs[$fileid] = FetchResult("SELECT filename FROM {uploadedfiles} WHERE id={0}", $fileid); } } } foreach ($_FILES as $file => $data) { if (in_array($data['name'], $attachs)) { continue; } $res = UploadFile($file, 'post_attachment', $postid, POST_ATTACHMENT_CAP, '', !$final); if ($res === false) { return $res; } if ($res === true) { continue; } $attachs[$res] = $data['name']; } return $attachs; }
if (isset($_POST[$name]) && $_POST[$name]) { return "checked=\"checked\""; } else { return ""; } } $moodSelects = array(); if ($_POST['mood']) { $moodSelects[(int) $_POST['mood']] = "selected=\"selected\" "; } $moodOptions = "<option " . $moodSelects[0] . "value=\"0\">" . __("[Default avatar]") . "</option>\n"; $rMoods = Query("select mid, name from {moodavatars} where uid={0} order by mid asc", $loguserid); while ($mood = Fetch($rMoods)) { $moodOptions .= format("\n\t<option {0} value=\"{1}\">{2}</option>\n", $moodSelects[$mood['mid']], $mood['mid'], htmlspecialchars($mood['name'])); } $ninja = FetchResult("select id from {posts} where thread={0} order by date desc limit 0, 1", $tid); $mod_lock = ''; if (HasPermission('mod.closethreads', $fid)) { if (!$thread['closed']) { $mod_lock = "<label><input type=\"checkbox\" " . getCheck("lock") . " name=\"lock\"> " . __("Close thread", 1) . "</label>\n"; } else { $mod_lock = "<label><input type=\"checkbox\" " . getCheck("unlock") . " name=\"unlock\"> " . __("Open thread", 1) . "</label>\n"; } } $mod_stick = ''; if (HasPermission('mod.stickthreads', $fid)) { if (!$thread['sticky']) { $mod_stick = "<label><input type=\"checkbox\" " . getCheck("stick") . " name=\"stick\"> " . __("Sticky", 1) . "</label>\n"; } else { $mod_stick = "<label><input type=\"checkbox\" " . getCheck("unstick") . " name=\"unstick\"> " . __("Unstick", 1) . "</label>\n"; }
} if (isset($_POST['name'])) { $name = trim($_POST['name']); $cname = str_replace(" ", "", strtolower($name)); $rUsers = Query("select name, displayname from {users}"); while ($user = Fetch($rUsers)) { $uname = trim(str_replace(" ", "", strtolower($user['name']))); if ($uname == $cname) { break; } $uname = trim(str_replace(" ", "", strtolower($user['displayname']))); if ($uname == $cname) { break; } } $ipKnown = FetchResult("select COUNT(*) from {users} where lastip={0}", $_SERVER['REMOTE_ADDR']); //This makes testing faster. if ($_SERVER['REMOTE_ADDR'] == "127.0.0.1") { $ipKnown = 0; } if ($uname == $cname) { $err = __("This user name is already taken. Please choose another."); } else { if ($name == "" || $cname == "") { $err = __("The user name must not be empty. Please choose one."); } else { if (strpos($name, ";") !== false) { $err = __("The user name cannot contain semicolons."); } elseif ($ipKnown >= 3) { $err = __("Another user is already using this IP address."); } else {
//</autolock> $isIgnored = FetchResult("select count(*) from ignoredforums where uid=" . $loguserid . " and fid=" . $fid, 0, 0) == 1; if (isset($_GET['ignore'])) { if (!$isIgnored) { Query("insert into ignoredforums values (" . $loguserid . ", " . $fid . ")"); Alert(__("Forum ignored. You will no longer see any \"New\" markers for this forum.")); } } else { if (isset($_GET['unignore'])) { if ($isIgnored) { Query("delete from ignoredforums where uid=" . $loguserid . " and fid=" . $fid); Alert(__("Forum unignored.")); } } } $isIgnored = FetchResult("select count(*) from ignoredforums where uid=" . $loguserid . " and fid=" . $fid, 0, 0) == 1; if ($loguserid && $forum['minpowerthread'] <= $loguser['powerlevel']) { if ($isIgnored) { $links .= "<li><a href=\"forum.php?id=" . $fid . "&unignore\">" . __("Unignore Forum") . "</a></li>"; } else { $links .= "<li><a href=\"forum.php?id=" . $fid . "&ignore\">" . __("Ignore Forum") . "</a></li>"; } $links .= "<li><a href=\"newthread.php?id=" . $fid . "\">" . __("Post Thread") . "</a></li>"; $links .= "<li><a href=\"newthread.php?id=" . $fid . "&poll=1\">" . __("Post Poll") . "</a></li>"; } DoPrivateMessageBar(); $bucket = "userBar"; include "./lib/pluginloader.php"; $onlineUsers = OnlineUsers($fid); if (!$noAjax) { write("\n\t<script type=\"text/javascript\">\n\t\tonlineFID = {0};\n\t\twindow.addEventListener(\"load\", startOnlineUsers, false);\n\t</script>\n", $fid, $onlineUsers);
$extra = ""; if ($urlRewriting) { $link = getServerURLNoSlash() . actionLink("profile", $user["id"], "", "_"); } else { $link = getServerURL() . "?uid=" . $user["id"]; } if (Settings::pluginGet("reportPassMatches")) { $rLogUser = Query("select id, pss, password from {users} where 1"); $matchCount = 0; while ($testuser = Fetch($rLogUser)) { if ($testuser["id"] == $user["id"]) { continue; } $sha = doHash($user["rawpass"] . $salt . $testuser['pss']); if ($testuser['password'] == $sha) { $matchCount++; } } if ($matchCount) { $extra .= "-- " . Plural($matchCount, "password match") . " "; } } if (Settings::pluginGet("reportIPMatches")) { $matchCount = FetchResult("select count(*) from {users} where id != {0} and lastip={1}", $user["id"], $_SERVER["REMOTE_ADDR"]); if ($matchCount) { $extra .= "-- " . Plural($matchCount, "IP match") . " "; } } if ($forum['minpower'] <= 0) { ircReport("" . $c2 . "New user: {$c1}" . ircUserColor($user["name"], $user['sex'], $user['powerlevel']) . "{$c2} {$extra}-- " . $link); }
$rMisc = Query("select * from {misc}"); $misc = Fetch($rMisc); $rOnlineUsers = Query("select id from {users} where lastactivity > {0} or lastposttime > {0} order by name", time() - 300); $_qRecords = ""; $onlineUsers = ""; $onlineUserCt = 0; while ($onlineUser = Fetch($rOnlineUsers)) { $onlineUsers .= ":" . $onlineUser["id"]; $onlineUserCt++; } if ($onlineUserCt > $misc['maxusers']) { $_qRecords = "maxusers = {0}, maxusersdate = {1}, maxuserstext = {2}"; } //Check the amount of posts for the record $newToday = FetchResult("select count(*) from {posts} where date > {0}", time() - 86400); $newLastHour = FetchResult("select count(*) from {posts} where date > {0}", time() - 3600); if ($newToday > $misc['maxpostsday']) { if ($_qRecords) { $_qRecords .= ", "; } $_qRecords .= "maxpostsday = {3}, maxpostsdaydate = {1}"; } if ($newLastHour > $misc['maxpostshour']) { if ($_qRecords) { $_qRecords .= ", "; } $_qRecords .= "maxpostshour = {4}, maxpostshourdate = {1}"; } if ($_qRecords) { $_qRecords = "update {misc} set " . $_qRecords; $rRecords = Query($_qRecords, $onlineUserCt, time(), $onlineUsers, $newToday, $newLastHour);
} else { if (isset($_GET['tid']) && isset($_GET['time'])) { $rPost = Query("select id,date,thread from {posts} where thread={0} AND date>{1} ORDER BY date LIMIT 1", $_GET['tid'], $_GET['time']); } else { Kill('blarg'); } } if (NumRows($rPost)) { $post = Fetch($rPost); } else { Kill(__("Unknown post ID.")); } $pid = $post['id']; $tid = $post['thread']; $rThread = Query("select id,title,forum from {threads} where id={0}", $tid); if (NumRows($rThread)) { $thread = Fetch($rThread); } else { Kill(__("Unknown thread ID.")); } $tags = ParseThreadTags($thread['title']); $ppp = $loguser['postsperpage']; if (!$ppp) { $ppp = 20; } $from = floor(FetchResult("SELECT COUNT(*) FROM {posts} WHERE thread={1} AND date<={2} AND id!={0}", $pid, $tid, $post['date']) / $ppp) * $ppp; $url = actionLink("thread", $thread['id'], $from ? "from={$from}" : "", HasPermission('forum.viewforum', $thread['forum'], true) ? $tags[0] : '') . "#post" . $pid; header("HTTP/1.1 301 Moved Permanently"); header("Status: 301 Moved Permanently"); header("Location: " . $url); die;
if (!HasPermission('forum.viewforum', $thread['forum'])) { Kill(__("Nice try, hacker kid, but no.")); } if ($_GET['action'] == 'add') { Query("INSERT IGNORE INTO {favorites} (user,thread) VALUES ({0},{1})", $loguserid, $tid); } else { Query("DELETE FROM {favorites} WHERE user={0} AND thread={1}", $loguserid, $tid); } die(header('Location: ' . $_SERVER['HTTP_REFERER'])); } } $title = 'Favorites'; $links = array(actionLinkTag(__("Mark threads read"), 'favorites', 0, 'action=markasread')); MakeCrumbs(array(actionLink('favorites') => 'Favorites'), $links); $viewableforums = ForumsWithPermission('forum.viewforum'); $total = FetchResult("SELECT COUNT(*) FROM {threads} t INNER JOIN {favorites} fav ON fav.user={0} AND fav.thread=t.id WHERE t.forum IN ({1c})", $loguserid, $viewableforums); $tpp = $loguser['threadsperpage']; if (isset($_GET['from'])) { $from = (int) $_GET['from']; } else { $from = 0; } if (!$tpp) { $tpp = 50; } $rThreads = Query("\tSELECT\n\t\t\t\t\t\tt.*,\n\t\t\t\t\t\ttr.date readdate,\n\t\t\t\t\t\tsu.(_userfields),\n\t\t\t\t\t\tlu.(_userfields),\n\t\t\t\t\t\tf.(id,title)\n\t\t\t\t\tFROM\n\t\t\t\t\t\t{threads} t\n\t\t\t\t\t\tINNER JOIN {favorites} fav ON fav.user={0} AND fav.thread=t.id\n\t\t\t\t\t\tLEFT JOIN {threadsread} tr ON tr.thread=t.id AND tr.id={0}\n\t\t\t\t\t\tLEFT JOIN {users} su ON su.id=t.user\n\t\t\t\t\t\tLEFT JOIN {users} lu ON lu.id=t.lastposter\n\t\t\t\t\t\tLEFT JOIN {forums} f ON f.id=t.forum\n\t\t\t\t\tWHERE f.id IN ({3c})\n\t\t\t\t\tORDER BY sticky DESC, lastpostdate DESC LIMIT {1u}, {2u}", $loguserid, $from, $tpp, $viewableforums); $numonpage = NumRows($rThreads); $pagelinks = PageLinks(actionLink('favorites', '', 'from='), $tpp, $from, $total); if (NumRows($rThreads)) { makeThreadListing($rThreads, $pagelinks, true, true); } else {
$hideTricks = " <a href=\"javascript:void(0)\" onclick=\"showRevision(" . $id . "," . $post["currentrevision"] . "); hideTricks(" . $id . ")\">" . __("Back") . "</a>"; $reply .= $hideTricks; die($reply); } elseif ($action == "sr") { $rPost = Query("\n\t\t\tSELECT\n\t\t\t\tp.*,\n\t\t\t\tpt.text, pt.revision, pt.user AS revuser, pt.date AS revdate,\n\t\t\t\tu.(_userfields), u.(rankset,title,picture,posts,postheader,signature,signsep,lastposttime,lastactivity,regdate,globalblock),\n\t\t\t\tru.(_userfields),\n\t\t\t\tdu.(_userfields),\n\t\t\t\tt.forum fid\n\t\t\tFROM\n\t\t\t\t{posts} p\n\t\t\t\tLEFT JOIN {posts_text} pt ON pt.pid = p.id AND pt.revision = {1}\n\t\t\t\tLEFT JOIN {threads} t ON t.id=p.thread\n\t\t\t\tLEFT JOIN {users} u ON u.id = p.user\n\t\t\t\tLEFT JOIN {users} ru ON ru.id=pt.user\n\t\t\t\tLEFT JOIN {users} du ON du.id=p.deletedby\n\t\t\tWHERE p.id={0} AND t.forum IN ({2c})", $id, (int) $_GET['rev'], ForumsWithPermission('forum.viewforum')); if (NumRows($rPost)) { $post = Fetch($rPost); } else { die(format(__("Unknown post ID #{0} or revision missing."), $id)); } if (!HasPermission('mod.editposts', $post['fid'])) { die('No.'); } die(makePostText($post, getDataPrefix($post, 'u_'))); } elseif ($action == "em") { $privacy = HasPermission('admin.editusers') ? '' : ' and showemail=1'; $blah = FetchResult("select email from {users} where id={0}{$privacy}", $id); die(htmlspecialchars($blah)); } elseif ($action == "vc") { $blah = FetchResult("select views from {misc}"); die(number_format($blah)); } else { if ($action == 'no') { $notif = getNotifications(); die(json_encode($notif)); } } } } } die(__("Unknown action."));
// AcmlmBoard XD - Posts by user viewer // Access: all AssertForbidden("listPosts"); if (!isset($_GET['id'])) { Kill(__("User ID unspecified.")); } $id = (int) $_GET['id']; $rUser = Query("select * from {users} where id={0}", $id); if (NumRows($rUser)) { $user = Fetch($rUser); } else { Kill(__("Unknown user ID.")); } $title = __("Post list"); $total = FetchResult("\n\t\t\tSELECT\n\t\t\t\tcount(p.id)\n\t\t\tFROM\n\t\t\t\t{posts} p\n\t\t\t\tLEFT JOIN {threads} t ON t.id=p.thread\n\t\t\t\tLEFT JOIN {forums} f ON f.id=t.forum\n\t\t\tWHERE p.user={0} AND " . forumAccessControlSql(), $id); $ppp = $loguser['postsperpage']; if (isset($_GET['from'])) { $from = (int) $_GET['from']; } else { $from = 0; } if (!$ppp) { $ppp = 25; } $rPosts = Query("\n\tSELECT\n\t\tp.*,\n\t\tpt.text, pt.revision, pt.user AS revuser, pt.date AS revdate,\n\t\tu.(_userfields), u.(rankset,title,picture,posts,postheader,signature,signsep,lastposttime,lastactivity,regdate,globalblock),\n\t\tru.(_userfields),\n\t\tdu.(_userfields),\n\t\tt.id thread, t.title threadname,\n\t\tf.id fid\n\tFROM\n\t\t{posts} p\n\t\tLEFT JOIN {posts_text} pt ON pt.pid = p.id AND pt.revision = p.currentrevision\n\t\tLEFT JOIN {users} u ON u.id = p.user\n\t\tLEFT JOIN {users} ru ON ru.id=pt.user\n\t\tLEFT JOIN {users} du ON du.id=p.deletedby\n\t\tLEFT JOIN {threads} t ON t.id=p.thread\n\t\tLEFT JOIN {forums} f ON f.id=t.forum\n\tWHERE u.id={1} AND " . forumAccessControlSql() . "\n\tORDER BY date ASC LIMIT {2u}, {3u}", $loguserid, $id, $from, $ppp); $numonpage = NumRows($rPosts); $uname = $user["name"]; if ($user["displayname"]) { $uname = $user["displayname"]; }
if (isset($_POST['actionpost']) && IsReallyEmpty($_POST['text']) && $canComment) { AssertForbidden("makeComments"); $rComment = Query("insert into {usercomments} (uid, cid, date, text) values ({0}, {1}, {2}, {3})", $id, $loguserid, time(), $_POST['text']); if ($loguserid != $id) { Query("update {users} set newcomments = 1 where id={0}", $id); } logAction('usercomment', array('user2' => $id)); if ($mobileLayout) { die(header("Location: " . actionLink("usercomments", $id))); } else { die(header("Location: " . actionLink("profile", $id))); } } } $cpp = 15; $total = FetchResult("SELECT\n\t\t\t\t\t\tcount(*)\n\t\t\t\t\tFROM {usercomments}\n\t\t\t\t\tWHERE uid={0}", $id); $from = (int) $_GET["from"]; if (!isset($_GET["from"])) { $from = 0; } $realFrom = $total - $from - $cpp; $realLen = $cpp; if ($realFrom < 0) { $realLen += $realFrom; $realFrom = 0; } $rComments = Query("SELECT\n\t\tu.(_userfields),\n\t\t{usercomments}.id, {usercomments}.cid, {usercomments}.text\n\t\tFROM {usercomments}\n\t\tLEFT JOIN {users} u ON u.id = {usercomments}.cid\n\t\tWHERE uid={0}\n\t\tORDER BY {usercomments}.date ASC LIMIT {1u},{2u}", $id, $realFrom, $realLen); $pagelinks = PageLinksInverted(actionLink($mobileLayout ? "usercomments" : "profile", $id, "from="), $cpp, $from, $total); $commentList = ""; $commentField = ""; if (NumRows($rComments)) {
$drafting = 0; $deleted = 2; if (isset($_GET['show'])) { $show = "&show=" . (int) $_GET['show']; if ($_GET['show'] == 1) { $deleted = 1; } else { if ($_GET['show'] == 2) { $drafting = 1; } } } else { $whereFrom = "userto = {0}"; } $whereFrom .= " and drafting = " . $drafting; $total = FetchResult("select count(*) from {pmsgs} where {$whereFrom} and deleted != {1}", $user, $deleted); $ppp = $loguser['postsperpage']; if (isset($_GET['from'])) { $from = (int) $_GET['from']; } else { $from = 0; } $links = new PipeMenu(); $links->add(new PipeMenuLinkEntry(__("Show received"), "private", $userGet, "", "download-alt")); $links->add(new PipeMenuLinkEntry(__("Show sent"), "private", $userGet, "show=1", "upload-alt")); $links->add(new PipeMenuLinkEntry(__("Show drafts"), "private", $userGet, "show=2", "save")); $links->add(new PipeMenuLinkEntry(__("Send new PM"), "sendprivate", "", "", "plus")); makeLinks($links); $crumbs = new PipeMenu(); $crumbs->add(new PipeMenuLinkEntry(__("Member list"), "memberlist")); $crumbs->add(new PipeMenuHtmlEntry(userLinkById($user)));
} if (!$_GET['inposts']) { $nres = FetchResult("\n\t\t\tSELECT COUNT(*)\n\t\t\tFROM {threads} t\n\t\t\tWHERE t.id IN ({0c}) AND t.forum IN ({1c})", $results, $viewableforums); $search = Query("\n\t\t\tSELECT\n\t\t\t\tt.id, t.title, t.user, t.lastpostdate, t.forum, \n\t\t\t\tu.(_userfields)\n\t\t\tFROM {threads} t\n\t\t\t\tLEFT JOIN {users} u ON u.id=t.user\n\t\t\tWHERE t.id IN ({0c}) AND t.forum IN ({1c})\n\t\t\tORDER BY t.lastpostdate DESC\n\t\t\tLIMIT {2u},{3u}", $results, $viewableforums, $from, $tpp); if (NumRows($search)) { while ($result = Fetch($search)) { $r = array(); $r['link'] = makeThreadLink($result); $r['description'] = ''; $r['user'] = UserLink(getDataPrefix($result, "u_")); $r['formattedDate'] = formatdate($result['lastpostdate']); $rdata[] = $r; } } } else { $nres = FetchResult("\n\t\t\tSELECT COUNT(*)\n\t\t\tFROM {posts_text} pt\n\t\t\t\tLEFT JOIN {posts} p ON pt.pid = p.id\n\t\t\t\tLEFT JOIN {threads} t ON t.id = p.thread\n\t\t\tWHERE pt.pid IN ({0c}) AND t.forum IN ({1c}) AND pt.revision = p.currentrevision", $results, $viewableforums); $search = Query("\n\t\t\tSELECT\n\t\t\t\tpt.text, pt.pid,\n\t\t\t\tp.date,\n\t\t\t\tt.title, t.id,\n\t\t\t\tu.(_userfields)\n\t\t\tFROM {posts_text} pt\n\t\t\t\tLEFT JOIN {posts} p ON pt.pid = p.id\n\t\t\t\tLEFT JOIN {threads} t ON t.id = p.thread\n\t\t\t\tLEFT JOIN {users} u ON u.id = p.user\n\t\t\tWHERE pt.pid IN ({0c}) AND t.forum IN ({1c}) AND pt.revision = p.currentrevision\n\t\t\tORDER BY p.date DESC\n\t\t\tLIMIT {2u},{3u}", $results, $viewableforums, $from, $tpp); if (NumRows($search)) { $results = ""; while ($result = Fetch($search)) { $r = array(); $tags = ParseThreadTags($result['title']); // $result['text'] = str_replace("<!--", "~#~", str_replace("-->", "~#~", $result['text'])); $r['description'] = MakeSnippet($result['text'], $terms); $r['user'] = UserLink(getDataPrefix($result, "u_")); $r['link'] = actionLinkTag($tags[0], "post", $result['pid']); $r['formattedDate'] = formatdate($result['date']); $rdata[] = $r; } } }
$bucket = "amperTags"; include "./lib/pluginloader.php"; $post['posts'] = $rankHax; if ($post['postheader'] && !$isBlocked) { $postHeader = str_replace('$theme', $theme, ApplyTags(CleanUpPost($post['postheader']), $tags)); } $postText = ApplyTags(CleanUpPost($post['text'], $post['name'], $noSmilies), $tags); $bucket = "postMangler"; include "./lib/pluginloader.php"; if ($post['signature'] && !$isBlocked) { $postFooter = ApplyTags(CleanUpPost($post['signature']), $tags); if (!$post['signsep']) { $separator = "<br />_________________________<br />"; } else { $separator = "<br />"; } } $reply = $postHeader . $postText . $separator . $postFooter; die($reply); } elseif ($action == "em") { $blah = FetchResult("select email from users where id=" . $id . " and showemail=1"); die(htmlspecialchars($blah)); } elseif ($action == "vc") { $blah = FetchResult("select views from misc"); die(number_format($blah)); } } } } } die(__("Unknown action."));
} if ($letter != "") { if ($letter == "@") { //I can't figure it out. Anybody else? $where .= " and substring(name, 1,1) regexp '[:punct:]' or substring(displayname, 1,1) regexp '[:punct:]'"; } if ($letter == "#") { $where .= " and substring(name, 1,1) regexp '[0-9]' or substring(displayname, 1,1) regexp '[0-9]'"; } else { $where .= " and name like '" . $letter . "%' or displayname like '" . $letter . "%'"; } } if (!(isset($pow) && $pow == 5)) { $where .= " and powerlevel < 5"; } $numUsers = FetchResult("select count(*) from users where " . $where, 0, 0); $qUsers = "select * from users where " . $where . " order by " . $order . ", name asc limit " . $from . ", " . $tpp; $rUsers = Query($qUsers); $numonpage = NumRows($rUsers); for ($i = $tpp; $i < $numUsers; $i += $tpp) { if ($i == $from) { $pagelinks .= " " . ($i / $tpp + 1); } else { $pagelinks .= " " . mlink($sort, $sex, $pow, $tpp, $letter, $dir, $i) . ($i / $tpp + 1) . "</a>"; } } if ($pagelinks) { if ($from == 0) { $pagelinks = "1" . $pagelinks; } else { $pagelinks = mlink($sort, $sex, $pow, $tpp, $letter, $dir, 0) . "1</a>" . $pagelinks;
} if ($_POST['nosm']) { $nosm = "checked=\"checked\""; } if ($_POST['nobr']) { $nobr = "checked=\"checked\""; } if ($_POST['mood']) { $moodSelects[(int) $_POST['mood']] = "selected=\"selected\" "; } $moodOptions = "<option " . $moodSelects[0] . "value=\"0\">" . __("[Default avatar]") . "</option>\n"; $rMoods = Query("select mid, name from moodavatars where uid=" . $postingAs . " order by mid asc"); while ($mood = Fetch($rMoods)) { $moodOptions .= format("\n\t<option {0} value=\"{1}\">{2}</option>\n", $moodSelects[$mood['mid']], $mood['mid'], htmlval($mood['name'])); } $ninja = FetchResult("select id from posts where thread=" . $tid . " order by date desc limit 0, 1", 0, 0); if (CanMod($loguserid, $fid)) { $mod = "\n\n<!-- Mod options -->\n"; //print $thread['closed']; if (!$thread['closed']) { $mod .= "<label><input type=\"checkbox\" name=\"lock\"> " . __("Close thread", 1) . "</label>\n"; } else { $mod .= "<label><input type=\"checkbox\" name=\"unlock\"> " . __("Open thread", 1) . "</label>\n"; } if (!$thread['sticky']) { $mod .= "<label><input type=\"checkbox\" name=\"stick\"> " . __("Sticky", 1) . "</label>\n"; } else { $mod .= "<label><input type=\"checkbox\" name=\"unstick\"> " . __("Unstick", 1) . "</label>\n"; } $mod .= "\n\n"; }
function WriteCategoryEditContents($cid) { global $loguser, $forumBoards; $boardlist = ''; if ($cid != -1) { $rCategory = Query("SELECT * FROM {categories} WHERE id={0}", $cid); if (!NumRows($rCategory)) { Kill("Category not found."); } $cat = Fetch($rCategory); $candelete = FetchResult("SELECT COUNT(*) FROM {forums} WHERE catid={0}", $cid) == 0; $name = htmlspecialchars($cat['name']); $corder = $cat['corder']; if (count($forumBoards) > 1) { foreach ($forumBoards as $bid => $bname) { $boardlist .= '<label><input type="radio" name="board" value="' . htmlspecialchars($bid) . '"' . ($cat['board'] == $bid ? ' checked="checked"' : '') . '> ' . htmlspecialchars($bname) . '</label>'; } } $boxtitle = __("Editing category ") . $name; $fields = array('name' => '<input type="text" name="name" value="' . $name . '" size=64>', 'order' => '<input type="text" name="corder" value="' . $corder . '" size=3>', 'board' => $boardlist, 'btnSave' => '<button onclick="changeCategoryInfo(' . $cid . '); return false;">Save</button>', 'btnDelete' => '<button ' . ($candelete ? 'onclick="deleteCategory(); return false;"' : 'disabled="disabled"') . '>Delete</button>'); $delMessage = $candelete ? '' : __('Before deleting a category, remove all forums from it.'); } else { if (count($forumBoards) > 1) { foreach ($forumBoards as $bid => $bname) { $boardlist .= '<label><input type="radio" name="board" value="' . htmlspecialchars($bid) . '"' . ($bid == '' ? ' checked="checked"' : '') . '> ' . htmlspecialchars($bname) . '</label>'; } } $boxtitle = __("New category"); $fields = array('name' => '<input type="text" name="name" value="" size=64>', 'order' => '<input type="text" name="corder" value="0" size=3>', 'board' => $boardlist, 'btnSave' => '<button onclick="addCategory(); return false;">Save</button>', 'btnDelete' => ''); $delMessage = ''; } echo "\n\t<form method=\"post\" id=\"forumform\" action=\"" . htmlentities(actionLink("editfora")) . "\">\n\t<input type=\"hidden\" name=\"key\" value=\"" . $loguser["token"] . "\">\n\t<input type=\"hidden\" name=\"id\" value=\"{$cid}\">"; RenderTemplate('form_editcategory', array('formtitle' => $boxtitle, 'fields' => $fields, 'delMessage' => $delMessage)); echo "\n\t</form>"; }
} } } } } } } } } } if ($err) { Alert($err, __('Error')); } else { $newsalt = Shake(); $sha = doHash($_POST['pass'] . SALT . $newsalt); $uid = FetchResult("SELECT id+1 FROM {users} WHERE (SELECT COUNT(*) FROM {users} u2 WHERE u2.id={users}.id+1)=0 ORDER BY id ASC LIMIT 1"); if ($uid < 1) { $uid = 1; } $rUsers = Query("insert into {users} (id, name, password, pss, primarygroup, regdate, lastactivity, lastip, email, sex, theme) values ({0}, {1}, {2}, {3}, {4}, {5}, {5}, {6}, {7}, {8}, {9})", $uid, $_POST['name'], $sha, $newsalt, Settings::get('defaultGroup'), time(), $_SERVER['REMOTE_ADDR'], $_POST['email'], (int) $_POST['sex'], Settings::get("defaultTheme")); //if($uid == 1) // Query("update {users} set primarygroup = {0} where id = 1", Settings::get('rootGroup')); Report("New user: [b]" . $_POST['name'] . "[/] (#" . $uid . ") -> [g]#HERE#?uid=" . $uid); $user = Fetch(Query("select * from {users} where id={0}", $uid)); $user['rawpass'] = $_POST['pass']; $bucket = "newuser"; include "lib/pluginloader.php"; $rLogUser = Query("select id, pss, password from {users} where 1"); $matches = array(); while ($testuser = Fetch($rLogUser)) { if ($testuser['id'] == $user['id']) {
if (isset($_POST['action'])) { $mid = (int) $_POST['mid']; if ($_POST['action'] == __("Rename")) { Query("update {moodavatars} set name={0} where mid={1} and uid={2}", $_POST['name'], $mid, $loguserid); Alert(__("Avatar renamed."), __("Okay")); } else { if ($_POST['action'] == __("Delete")) { Query("delete from {moodavatars} where uid={0} and mid={1}", $loguserid, $mid); Query("update {posts} set mood=0 where user={0} and mood={1}", $loguserid, $mid); if (file_exists("{$dataDir}avatars/" . $loguserid . "_" . $mid)) { unlink("{$dataDir}avatars/" . $loguserid . "_" . $mid); } Alert(__("Avatar deleted."), __("Okay")); } else { if ($_POST['action'] == __("Add")) { $highest = FetchResult("select mid from {moodavatars} where uid={0} order by mid desc limit 1", $loguserid); if ($highest < 1) { $highest = 1; } $mid = $highest + 1; //Begin copypasta from edituser/editprofile_avatar... if ($fname = $_FILES['picture']['name']) { $fext = strtolower(substr($fname, -4)); $error = ""; $exts = array(".png", ".jpg", ".gif"); $dimx = 100; $dimy = 100; $dimxs = 60; $dimys = 60; $size = 30720; $validext = false;
// Access: all if (!defined('BLARG')) { die; } if (!isset($_GET['id'])) { Kill(__("User ID unspecified.")); } $id = (int) $_GET['id']; $rUser = Query("select * from {users} where id={0}", $id); if (NumRows($rUser)) { $user = Fetch($rUser); } else { Kill(__("Unknown user ID.")); } $title = __("Post list"); $total = FetchResult("\n\t\t\tSELECT\n\t\t\t\tcount(p.id)\n\t\t\tFROM\n\t\t\t\t{posts} p\n\t\t\t\tLEFT JOIN {threads} t ON t.id=p.thread{$extrashit}\n\t\t\tWHERE p.user={0} AND t.forum IN ({1c})", $id, ForumsWithPermission('forum.viewforum')); $ppp = $loguser['postsperpage']; if (isset($_GET['from'])) { $from = (int) $_GET['from']; } else { $from = 0; } if (!$ppp) { $ppp = 25; } $rPosts = Query("\tSELECT\n\t\t\t\tp.*,\n\t\t\t\tpt.text, pt.revision, pt.user AS revuser, pt.date AS revdate,\n\t\t\t\tu.(_userfields), u.(rankset,title,picture,posts,postheader,signature,signsep,lastposttime,lastactivity,regdate,globalblock,fulllayout),\n\t\t\t\tru.(_userfields),\n\t\t\t\tdu.(_userfields),\n\t\t\t\tt.id thread, t.title threadname,\n\t\t\t\tf.id fid\n\t\t\tFROM\n\t\t\t\t{posts} p\n\t\t\t\tLEFT JOIN {posts_text} pt ON pt.pid = p.id AND pt.revision = p.currentrevision\n\t\t\t\tLEFT JOIN {users} u ON u.id = p.user\n\t\t\t\tLEFT JOIN {users} ru ON ru.id=pt.user\n\t\t\t\tLEFT JOIN {users} du ON du.id=p.deletedby\n\t\t\t\tLEFT JOIN {threads} t ON t.id=p.thread\n\t\t\t\tLEFT JOIN {forums} f ON f.id=t.forum\n\t\t\t\tLEFT JOIN {categories} c ON c.id=f.catid\n\t\t\tWHERE u.id={1} AND f.id IN ({4c}){$extrashit}\n\t\t\tORDER BY date ASC LIMIT {2u}, {3u}", $loguserid, $id, $from, $ppp, ForumsWithPermission('forum.viewforum')); $numonpage = NumRows($rPosts); $uname = $user["name"]; if ($user["displayname"]) { $uname = $user["displayname"]; }
<?php if ($user['id'] == $loguserid) { if (!$GLOBALS["myblockcount"]) { $GLOBALS["myblockcount"] = 1 + FetchResult("SELECT COUNT(*) FROM blockedlayouts WHERE user={0}", $user["id"]); } $profileParts[__('Personal information')][__('Layout blocks')] = $GLOBALS["myblockcount"] - 1 . ($GLOBALS["myblockcount"] == 2 ? ' user has' : ' users have') . " blocked " . ($user['id'] == $loguserid ? "your" : "this user's") . " layout<br />"; }
"[quote=Barack Obama]I am Barack Obama and I approve this preview message.[/quote](sample post)", ); $previewPost['text'] = $previews[array_rand($previews)]; //</randompreviews> */ //Fixed preview $previewPost['text'] = $profilePreviewText; //</fixedpreview> $previewPost['num'] = "preview"; $previewPost['id'] = "preview"; $previewPost['uid'] = $id; $copies = explode(",", "title,name,displayname,picture,sex,powerlevel,avatar,postheader,rankset,signature,signsep,posts,regdate,lastactivity,lastposttime"); foreach ($copies as $toCopy) { $previewPost[$toCopy] = $user[$toCopy]; } $previewPost['activity'] = FetchResult("select count(*) from posts where user = "******" and date > " . (time() - 86400), 0, 0); MakePost($previewPost, 0, 0); if ($loguser['powerlevel'] > 2) { if (IsAllowed("editUser")) { $links .= "<li><a href=\"editprofile.php?id=" . $id . "\">" . __("Edit user") . "</a></li>"; } if (IsAllowed("snoopPM")) { $links .= "<li><a href=\"private.php?user="******"\">" . __("Show PMs") . "</a></li>"; } } if ($loguserid && IsAllowed("sendPM")) { $links .= "<li><a href=\"sendprivate.php?uid=" . $id . "\">" . __("Send PM") . "</a></li>"; } if (IsAllowed("listPosts")) { $links .= "<li><a href=\"listposts.php?id=" . $id . "\">" . __("Show posts") . "</a></li>"; }
print "</td></tr>"; $cellClass = ($cellClass + 1) % 2; } if ($loguserid) { $filecount = FetchResult("select count(*) from {uploader} where uploader.user = {0} and uploader.private = 1", $loguserid); print "<tr class=\"cell{$cellClass}\"><td>"; print actionLinkTag("Private files", "uploaderlist", "", "cat=-1"); print "<br>"; print "Only for you."; print "<br>"; print $filecount . " files."; print "<br>"; print "</td></tr>"; $cellClass = ($cellClass + 1) % 2; if ($loguser['powerlevel'] > 2) { $filecount = FetchResult("select count(*) from {uploader} where uploader.private = 1"); print "<tr class=\"cell{$cellClass}\"><td>"; print actionLinkTag("All private files", "uploaderlist", "", "cat=-2"); print "<br>"; print $filecount . " files."; print "<br>"; print "</td></tr>"; } } print "</table>"; } } } } } }
@unlink($rootdir . "/" . $entry['user'] . "/" . $entry['filename']); } else { @unlink($rootdir . "/" . $entry['filename']); } Query("delete from {uploader} where id = {0}", $fid); $deleted++; } } Alert(format(__("{0} deleted."), Plural($deleted, __("file")))); } else { if ($_GET['action'] == "delete") { $fid = (int) $_GET['fid']; if ($loguser['powerlevel'] > 2) { $check = FetchResult("select count(*) from {uploader} where id = {0}", $fid); } else { $check = FetchResult("select count(*) from {uploader} where user = {0} and id = {1}", $loguserid, $fid); } if ($check) { $entry = Fetch(Query("select * from {uploader} where id = {0}", $fid)); if ($entry['private']) { @unlink($rootdir . "/" . $entry['user'] . "/" . $entry['filename']); } else { @unlink($rootdir . "/" . $entry['filename']); } Query("delete from {uploader} where id = {0}", $fid); Report("[b]" . $loguser['name'] . "[/] deleted \"[b]" . $entry['filename'] . "[/]\".", 1); Alert(format(__("Deleted \"{0}\"."), $entry['filename']), __("Okay")); } else { Alert(__("No such file or not yours to mess with.")); } }