Exemple #1
0
 function actionLink($action, $id = "", $args = "", $urlname = "")
 {
     global $boardroot, $mainPage;
     if ($boardroot == "") {
         $boardroot = "./";
     }
     $bucket = "linkMangler";
     include 'lib/pluginloader.php';
     $res = "";
     if ($action != $mainPage) {
         $res .= "&page={$action}";
     }
     if ($id != "") {
         $res .= "&id=" . urlencode($id);
     }
     if ($args) {
         $res .= "&{$args}";
     }
     if (strpos($res, "&amp")) {
         debug_print_backtrace();
         Kill("Found & in link");
     }
     if ($res == "") {
         return $boardroot;
     } else {
         return $boardroot . "?" . substr($res, 1);
     }
 }
Exemple #2
0
function AssertForbidden($to, $specifically = 0)
{
    global $loguser, $forbidden;
    if (!isset($forbidden)) {
        $forbidden = explode(" ", $loguser['forbiddens']);
    }
    $caught = 0;
    if (in_array($to, $forbidden)) {
        $caught = 1;
    } else {
        $specific = $to . "[" . $specifically . "]";
        if (in_array($specific, $forbidden)) {
            $caught = 2;
        }
    }
    if ($caught) {
        $not = __("You are not allowed to {0}.");
        $messages = array("addRanks" => __("add new ranks"), "blockLayouts" => __("block layouts"), "deleteComments" => __("delete usercomments"), "editCats" => __("edit the forum categories"), "editForum" => __("edit the forum list"), "editIPBans" => __("edit the IP ban list"), "editMods" => __("edit Local Moderator assignments"), "editMoods" => __("edit your mood avatars"), "editPoRA" => __("edit the PoRA box"), "editPost" => __("edit posts"), "editProfile" => __("edit your profile"), "editSettings" => __("edit the board settings"), "editSmilies" => __("edit the smiley list"), "editThread" => __("edit threads"), "editUser" => __("edit users"), "haveCookie" => __("have a cookie"), "listPosts" => __("see all posts by a given user"), "makeComments" => __("post usercomments"), "makeReply" => __("reply to threads"), "makeThread" => __("start new threads"), "optimize" => __("optimize the tables"), "purgeRevs" => __("purge old revisions"), "recalculate" => __("recalculate the board counters"), "search" => __("use the search function"), "sendPM" => __("send private messages"), "snoopPM" => __("view other users' private messages"), "useUploader" => __("upload files"), "viewAdminRoom" => __("see the admin room"), "viewAvatars" => __("see the avatar library"), "viewCalendar" => __("see the calendar"), "viewForum" => __("view fora"), "viewLKB" => __("see the Last Known Browser table"), "viewMembers" => __("see the memberlist"), "viewOnline" => __("see who's online"), "viewPM" => __("view private messages"), "viewProfile" => __("view user profiles"), "viewRanks" => __("see the rank lists"), "viewRecords" => __("see the top scores and DB usage"), "viewThread" => __("read threads"), "viewUploader" => __("see the uploader"), "vote" => __("vote"));
        $messages2 = array("viewForum" => __("see this forum"), "viewThread" => __("read this thread"), "makeReply" => __("reply in this thread"), "editUser" => __("edit this user"));
        $bucket = "forbiddens";
        include "./lib/pluginloader.php";
        if ($caught == 2 && array_key_exists($to, $messages2)) {
            Kill(format($not, $messages2[$to]), __("Permission denied."));
        }
        Kill(format($not, $messages[$to]), __("Permission denied."));
    }
}
Exemple #3
0
function actionLink($action, $id = "", $args = "", $urlname = "")
{
    global $boardroot, $mainPage, $urlNameCache;
    if ($urlname == "_") {
        $urlname = "";
    } else {
        if (isset($urlNameCache[$action . "_" . $id]) && $urlname == "") {
            $urlname = $urlNameCache[$action . "_" . $id];
        }
    }
    $bucket = "linkMangler";
    include 'lib/pluginloader.php';
    $res = $boardroot;
    if ($action != $mainPage) {
        $res .= "{$action}/";
    }
    if ($id != "") {
        $res .= $id;
        if ($urlname) {
            $res .= "-" . urlNamify($urlname);
        }
        $res .= "/";
    }
    if ($args) {
        $res .= "?{$args}";
    }
    if (strpos($res, "&amp")) {
        debug_print_backtrace();
        Kill("Found & in link");
    }
    return $res;
    //Possible URL Rewriting :D
    //	return "$boardroot/$action/$id?$args";
}
MakeCrumbs(array("Main" => "./", "Private messages" => "private.php", $pmtitle => ""), $links);
$pm['num'] = "preview";
$pm['posts'] = $user['posts'];
$pm['id'] = "???";
$pm['uid'] = $user['id'];
$copies = explode(",", "title,name,displayname,picture,sex,powerlevel,avatar,postheader,signature,signsep,regdate,lastactivity,lastposttime");
foreach ($copies as $toCopy) {
    $pm[$toCopy] = $user[$toCopy];
}
if ($draftEditor) {
    write("\n\t<script type=\"text/javascript\">\n\t\t\twindow.addEventListener(\"load\",  hookUpControls, false);\n\t</script>\n");
    $qUser = "******" . $pm['userto'];
    $rUser = Query($qUser);
    if (!NumRows($rUser)) {
        if ($_POST['action'] == __("Send")) {
            Kill(__("Unknown user."));
        }
    }
    $user = Fetch($rUser);
    if ($_POST['action'] == __("Preview")) {
        $pm['text'] = $_POST['text'];
        $pmtitle = $_POST['title'];
    }
    if ($_POST['action'] == __("Discard Draft")) {
        Query("delete from pmsgs where id = " . $pmid);
        Query("delete from pmsgs_text where pid = " . $pmid);
        Redirect(__("PM draft discarded."), "private.php", __("your PM box"));
        exit;
    }
    if (substr($pm['text'], 0, 17) == "<!-- ###MULTIREP:") {
        $to = substr($pm['text'], 17, strpos($pm['text'], "### -->") - 18);
function getCategory($cat)
{
    if (!is_numeric($cat)) {
        Kill('Invalid category');
    }
    if ($cat >= 0) {
        $rCategory = Query("select * from {uploader_categories} where id={0}", $cat);
        if (NumRows($rCategory) == 0) {
            Kill("Invalid category");
        }
        $rcat = Fetch($rCategory);
    } else {
        if ($cat == -1) {
            $rcat = array("id" => -1, "name" => "Private files");
        } else {
            if ($cat == -2) {
                $rcat = array("id" => -2, "name" => "All private files");
            } else {
                Kill('Invalid category');
            }
        }
    }
    return $rcat;
}
<?php

if (!$loguser['root']) {
    Kill(__("You're not an administrator. There is nothing for you here."));
}
MakeCrumbs(array(actionLink("admin") => __("Admin"), actionLink("optimize") => __("Optimize tables")));
$rStats = Query("show table status");
while ($stat = Fetch($rStats)) {
    $tables[$stat['Name']] = $stat;
}
$tablelist = "";
$total = 0;
foreach ($tables as $table) {
    $cellClass = ($cellClass + 1) % 2;
    $overhead = $table['Data_free'];
    $total += $overhead;
    $status = __("OK");
    if ($overhead > 0) {
        Query("OPTIMIZE TABLE `{" . $table['Name'] . "}`");
        $status = "<strong>" . __("Optimized") . "</strong>";
    }
    $tablelist .= format("\n\t<tr class=\"cell{0}\">\n\t\t<td class=\"cell2\">{1}</td>\n\t\t<td>\n\t\t\t{2}\n\t\t</td>\n\t\t<td>\n\t\t\t{3}\n\t\t</td>\n\t\t<td>\n\t\t\t{4}\n\t\t</td>\n\t</tr>\n", $cellClass, $table['Name'], $table['Rows'], $overhead, $status);
}
write("\n<table class=\"outline margin\">\n\t<tr class=\"header0\">\n\t\t<th colspan=\"7\">\n\t\t\t" . __("Table Status") . "\n\t\t</th>\n\t</tr>\n\t<tr class=\"header1\">\n\t\t<th>\n\t\t\t" . __("Name") . "\n\t\t</th>\n\t\t<th>\n\t\t\t" . __("Rows") . "\n\t\t</th>\n\t\t<th>\n\t\t\t" . __("Overhead") . "\n\t\t</th>\n\t\t<th>\n\t\t\t" . __("Final Status") . "\n\t\t</th>\n\t</tr>\n\t{0}\n\t<tr class=\"header0\">\n\t\t<th colspan=\"7\" style=\"font-size: 130%;\">\n\t\t\t" . __("Excess trimmed: {1} bytes") . "\n\t\t</th>\n\t</tr>\n</table>\n\n", $tablelist, $total);
    $filename = $_FILES['file']['name'];
    $tmpfile = $_FILES['file']['tmp_name'];
    if (!file_exists($tmpfile)) {
        Kill("File upload failed.");
    }
    $ext = substr($filename, strlen($filename) - 3);
    $allowed_ext = array('zip', 'rar');
    if (!in_array($ext, $allowed_ext)) {
        Kill("Invalid filetype.");
    }
    $file = fopen($tmpfile, 'rb');
    $tag = fread($file, 4);
    fclose($file);
    $allowed_tag = array("PK", "Rar!");
    if (!in_array($tag, $allowed_tag)) {
        Kill("Invalid filetype.");
    }
    copy($tmpfile, 'downloads/' . $filename);
    $thedl = array('file' => 'downloads/' . $filename, 'name' => $_POST['name'], 'desc' => $_POST['desc']);
    $downloads = array_merge(array($thedl), $downloads);
    file_put_contents('downloads/listing.dat', serialize($downloads));
    Alert("Upload successful.", "Notice");
}
$c = 0;
$hl = ' highlightedPost';
foreach ($downloads as $dl) {
    echo "\n\t<table class=\"outline margin width100{$hl}\">\n\t\t<tr class=\"cell{$c}\">\n\t\t\t<td>\n\t\t\t\t<span style=\"font-size: 120%; text-decoration: underline;\"><a href=\"{$dl['file']}\">" . htmlspecialchars($dl['name']) . "</a></span><br>\n\t\t\t\tFile size: " . ceil(filesize($dl['file']) / 1024) . " KB<br>\n\t\t\t\tMD5: " . md5_file($dl['file']) . "\n\t\t\t\t" . ($dl['desc'] ? '<br><br>' . nl2br(htmlspecialchars($dl['desc'])) : '') . "\n\t\t\t</td>\n\t\t</tr>\n\t</table>\n";
    $c = !$c ? 1 : 0;
    $hl = '';
}
if ($loguser['powerlevel'] > 2) {
    }
    $bb .= ']';
    if ($bbcode['text'] != BB_NULL) {
        $bb .= "{$examples[$bbcode['text']]}[/{$bbcode['name']}]";
    }
    return $bb;
}
$cell = 1;
if (isset($_GET['delete'])) {
    unset($bbcodes[(int) $_GET['id']]);
    Alert(__('BBCode was removed correctly'));
    file_put_contents(BB_FILE, serialize($bbcodes));
}
if (isset($_POST['name'])) {
    if (in_array($_POST['name'], $hardcodedbb)) {
        Kill(__('This BBCode is hardcoded into board. Sorry...'));
    }
    $prepare = array('name' => $_POST['name'], 'value' => $_POST['value'], 'text' => $_POST['text'], 'category' => $_POST['category'], 'description' => $_POST['description'], 'html' => $_POST['html']);
    if ($_GET['id']) {
        $bbcodes[$_GET['id'] - 1] = $prepare;
    } else {
        $bbcodes[] = $prepare;
    }
    file_put_contents(BB_FILE, serialize($bbcodes));
}
?>
<script>
$(document).ready(function(){
	function makeDisabled(){
		$('#description').attr('disabled', !$('#category').val())
	}
Exemple #9
0
function WriteCategoryEditContents($cid)
{
    global $loguser, $forumBoards;
    $boardlist = '';
    if ($cid != -1) {
        $rCategory = Query("SELECT * FROM {categories} WHERE id={0}", $cid);
        if (!NumRows($rCategory)) {
            Kill("Category not found.");
        }
        $cat = Fetch($rCategory);
        $candelete = FetchResult("SELECT COUNT(*) FROM {forums} WHERE catid={0}", $cid) == 0;
        $name = htmlspecialchars($cat['name']);
        $corder = $cat['corder'];
        if (count($forumBoards) > 1) {
            foreach ($forumBoards as $bid => $bname) {
                $boardlist .= '<label><input type="radio" name="board" value="' . htmlspecialchars($bid) . '"' . ($cat['board'] == $bid ? ' checked="checked"' : '') . '> ' . htmlspecialchars($bname) . '</label>';
            }
        }
        $boxtitle = __("Editing category ") . $name;
        $fields = array('name' => '<input type="text" name="name" value="' . $name . '" size=64>', 'order' => '<input type="text" name="corder" value="' . $corder . '" size=3>', 'board' => $boardlist, 'btnSave' => '<button onclick="changeCategoryInfo(' . $cid . '); return false;">Save</button>', 'btnDelete' => '<button ' . ($candelete ? 'onclick="deleteCategory(); return false;"' : 'disabled="disabled"') . '>Delete</button>');
        $delMessage = $candelete ? '' : __('Before deleting a category, remove all forums from it.');
    } else {
        if (count($forumBoards) > 1) {
            foreach ($forumBoards as $bid => $bname) {
                $boardlist .= '<label><input type="radio" name="board" value="' . htmlspecialchars($bid) . '"' . ($bid == '' ? ' checked="checked"' : '') . '> ' . htmlspecialchars($bname) . '</label>';
            }
        }
        $boxtitle = __("New category");
        $fields = array('name' => '<input type="text" name="name" value="" size=64>', 'order' => '<input type="text" name="corder" value="0" size=3>', 'board' => $boardlist, 'btnSave' => '<button onclick="addCategory(); return false;">Save</button>', 'btnDelete' => '');
        $delMessage = '';
    }
    echo "\n\t<form method=\"post\" id=\"forumform\" action=\"" . htmlentities(actionLink("editfora")) . "\">\n\t<input type=\"hidden\" name=\"key\" value=\"" . $loguser["token"] . "\">\n\t<input type=\"hidden\" name=\"id\" value=\"{$cid}\">";
    RenderTemplate('form_editcategory', array('formtitle' => $boxtitle, 'fields' => $fields, 'delMessage' => $delMessage));
    echo "\n\t</form>";
}
         $mod .= ", closed = 1";
     } else {
         if ($_POST['unlock']) {
             $mod .= ", closed = 0";
         }
     }
     if ($_POST['stick']) {
         $mod .= ", sticky = 1";
     } else {
         if ($_POST['unstick']) {
             $mod .= ", sticky = 0";
         }
     }
 }
 if ($thread['lastposter'] == $postingAs && $thread['lastpostdate'] >= time() - 86400 && $postingAsUser['powerlevel'] < 3) {
     Kill(__("You can't double post until it's been at least one day."));
 }
 $qUsers = "update users set posts=" . ($postingAsUser['posts'] + 1) . ", lastposttime=" . time() . " where id=" . $postingAs . " limit 1";
 $rUsers = Query($qUsers);
 //$pid = FetchResult("SELECT id+1 FROM posts WHERE (SELECT COUNT(*) FROM posts p2 WHERE p2.id=posts.id+1)=0 ORDER BY id ASC LIMIT 1");
 //if($pid < 1) $pid = 1;
 $qPosts = "insert into posts (thread, user, date, ip, num, options, mood) values (" . $tid . "," . $postingAs . "," . time() . ",'" . $_SERVER['REMOTE_ADDR'] . "'," . ($postingAsUser['posts'] + 1) . ", " . $options . ", " . (int) $_POST['mood'] . ")";
 $rPosts = Query($qPosts);
 $pid = mysql_insert_id();
 $qPostsText = "insert into posts_text (pid,text) values (" . $pid . ",'" . $post . "')";
 $rPostsText = Query($qPostsText);
 $qFora = "update forums set numposts=" . ($forum['numposts'] + 1) . ", lastpostdate=" . time() . ", lastpostuser="******", lastpostid=" . $pid . " where id=" . $fid . " limit 1";
 $rFora = Query($qFora);
 $qThreads = "update threads set lastposter=" . $postingAs . ", lastpostdate=" . time() . ", replies=" . ($thread['replies'] + 1) . ", lastpostid=" . $pid . $mod . " where id=" . $tid . " limit 1";
 $rThreads = Query($qThreads);
 Report("New reply by [b]" . $postingAsUser['name'] . "[/] in [b]" . $thread['title'] . "[/] (" . $forum['title'] . ") -> [g]#HERE#?pid=" . $pid, $isHidden);
Exemple #11
0
                $newVal = $pm['deleted'] | $val;
                if ($newVal == 3) {
                    Query("delete from {pmsgs} where id = {0}", $pid);
                    Query("delete from {pmsgs_text} where pid = {0}", $pid);
                } else {
                    Query("update {pmsgs} set deleted = {0} where id = {1}", $newVal, $pid);
                }
                $deleted++;
            }
        }
        Alert(format(__("{0} deleted."), Plural($deleted, __("private message"))));
    }
}
if (isset($_GET['del'])) {
    if ($_GET['token'] !== $loguser['token']) {
        Kill('No.');
    }
    $pid = (int) $_GET['del'];
    $rPM = Query("select * from {pmsgs} where id = {0} and (userto = {1} or userfrom = {1})", $pid, $loguserid);
    if (NumRows($rPM)) {
        $pm = Fetch($rPM);
        $val = $pm['userto'] == $loguserid ? 2 : 1;
        $newVal = $pm['deleted'] | $val;
        if ($newVal == 3) {
            Query("delete from {pmsgs} where id = {0}", $pid);
            Query("delete from {pmsgs_text} where pid = {0}", $pid);
        } else {
            Query("update {pmsgs} set deleted = {0} where id = {1}", $newVal, $pid);
        }
        Alert(__("Private message deleted."));
    }
Exemple #12
0
} else {
    if (isset($_GET['tid']) && isset($_GET['time'])) {
        $rPost = Query("select id,date,thread from {posts} where thread={0} AND date>{1} ORDER BY date LIMIT 1", $_GET['tid'], $_GET['time']);
    } else {
        Kill('blarg');
    }
}
if (NumRows($rPost)) {
    $post = Fetch($rPost);
} else {
    Kill(__("Unknown post ID."));
}
$pid = $post['id'];
$tid = $post['thread'];
$rThread = Query("select id,title,forum from {threads} where id={0}", $tid);
if (NumRows($rThread)) {
    $thread = Fetch($rThread);
} else {
    Kill(__("Unknown thread ID."));
}
$tags = ParseThreadTags($thread['title']);
$ppp = $loguser['postsperpage'];
if (!$ppp) {
    $ppp = 20;
}
$from = floor(FetchResult("SELECT COUNT(*) FROM {posts} WHERE thread={1} AND date<={2} AND id!={0}", $pid, $tid, $post['date']) / $ppp) * $ppp;
$url = actionLink("thread", $thread['id'], $from ? "from={$from}" : "", HasPermission('forum.viewforum', $thread['forum'], true) ? $tags[0] : '') . "#post" . $pid;
header("HTTP/1.1 301 Moved Permanently");
header("Status: 301 Moved Permanently");
header("Location: " . $url);
die;
Exemple #13
0
if ($_GET['action'] == "markasread") {
    Query("\tREPLACE INTO \n\t\t\t\t{threadsread} (id,thread,date) \n\t\t\tSELECT \n\t\t\t\t{0}, t.id, {1} \n\t\t\tFROM \n\t\t\t\t{threads} t\n\t\t\t\tINNER JOIN {favorites} fav ON fav.user={0} AND fav.thread=t.id", $loguserid, time());
    die(header("Location: " . actionLink("board")));
} else {
    if ($_GET['action'] == 'add' || $_GET['action'] == 'remove') {
        if ($_GET['token'] !== $loguser['token']) {
            Kill(__('No.'));
        }
        $tid = (int) $_GET['id'];
        $thread = Query("SELECT t.forum FROM {threads} t WHERE t.id={0}", $tid);
        if (!NumRows($thread)) {
            Kill(__("Invalid thread ID."));
        }
        $thread = Fetch($thread);
        if (!HasPermission('forum.viewforum', $thread['forum'])) {
            Kill(__("Nice try, hacker kid, but no."));
        }
        if ($_GET['action'] == 'add') {
            Query("INSERT IGNORE INTO {favorites} (user,thread) VALUES ({0},{1})", $loguserid, $tid);
        } else {
            Query("DELETE FROM {favorites} WHERE user={0} AND thread={1}", $loguserid, $tid);
        }
        die(header('Location: ' . $_SERVER['HTTP_REFERER']));
    }
}
$title = 'Favorites';
$links = array(actionLinkTag(__("Mark threads read"), 'favorites', 0, 'action=markasread'));
MakeCrumbs(array(actionLink('favorites') => 'Favorites'), $links);
$viewableforums = ForumsWithPermission('forum.viewforum');
$total = FetchResult("SELECT COUNT(*) FROM {threads} t INNER JOIN {favorites} fav ON fav.user={0} AND fav.thread=t.id WHERE t.forum IN ({1c})", $loguserid, $viewableforums);
$tpp = $loguser['threadsperpage'];
<?php

$title = "Plugin Manager";
CheckPermission('admin.editsettings');
MakeCrumbs(array(actionLink("admin") => __("Admin"), actionLink("pluginmanager") => __("Plugin Manager")));
if ($_REQUEST['action'] == "enable") {
    if ($_REQUEST['key'] != $loguser['token']) {
        Kill("No.");
    }
    Query("insert into {enabledplugins} values ({0})", $_REQUEST['id']);
    Upgrade();
    die(header("location: " . actionLink("pluginmanager")));
}
if ($_REQUEST['action'] == "disable") {
    if ($_REQUEST['key'] != $loguser['token']) {
        Kill("No.");
    }
    Query("delete from {enabledplugins} where plugin={0}", $_REQUEST['id']);
    die(header("location: " . actionLink("pluginmanager")));
}
$cell = 0;
$pluginsDir = @opendir("plugins");
$enabledplugins = array();
$disabledplugins = array();
$pluginDatas = array();
if ($pluginsDir !== FALSE) {
    while (($plugin = readdir($pluginsDir)) !== FALSE) {
        if ($plugin == "." || $plugin == "..") {
            continue;
        }
        if (is_dir("./plugins/" . $plugin)) {
Exemple #15
0
 $cat = getCategory($_POST["cat"]);
 if ($cat['minpower']) {
     CheckPermission('uploader.uploadrestricted');
 }
 $targetdir = $rootdir;
 $quot = $quota;
 $privateFlag = 0;
 if ($_POST['cat'] == -1) {
     $quot = $pQuota;
     $targetdir = $rootdir . "/" . $loguserid;
     $privateFlag = 1;
 }
 $totalsize = foldersize($targetdir);
 $c = FetchResult("SELECT COUNT(*) FROM {uploader} WHERE filename={0} AND deldate=0", $_FILES['newfile']['name']);
 if ($c > 0) {
     Kill("The file '{$_FILES['newfile']['name']}' already exists. Please delete the old copy before uploading a new one.");
 }
 if ($_FILES['newfile']['size'] == 0) {
     if ($_FILES['newfile']['tmp_name'] == "") {
         Alert(__("No file given."));
     } else {
         Alert(__("File is empty."));
     }
 } else {
     if ($_FILES['newfile']['size'] > Settings::pluginGet('uploaderMaxFileSize') * 1024 * 1024) {
         Alert(format(__("File is too large. Maximum size is {0}."), BytesToSize(Settings::pluginGet('uploaderMaxFileSize') * 1024 * 1024)));
     } else {
         $randomid = Shake();
         $pname = $randomid . '_' . Shake();
         $fname = $_FILES['newfile']['name'];
         $temp = $_FILES['newfile']['tmp_name'];
        } else {
            $user = Fetch($user);
        }
        //print_r($user);
        if ($user['lostkeytimer'] > time() - 60 * 60) {
            //wait an hour between attempts
            Kill(__("To prevent abuse, this function can only be used once an hour."), __("Slow down!"));
        }
        $resetKey = md5($user['id'] . $user['name'] . $user['password'] . $user['email']);
        $from = $mailResetFrom;
        $to = $user['email'];
        $subject = format(__("Password reset for {0}"), $user['name']);
        $message = format(__("A password reset was requested for your user account on {0}."), $boardname) . "\n" . __("If you did not submit this request, this message can be ignored.") . "\n\n" . __("To reset your password, visit the following URL:") . "\n\n" . $_SERVER['HTTP_REFERER'] . "?id=" . $user['id'] . "&key=" . $resetKey . "\n\n" . __("This link can be used once.");
        $headers = "From: " . $from . "\r\n" . "Reply-To: " . $from . "\r\n" . "X-Mailer: PHP/" . phpversion();
        mail($to, $subject, wordwrap($message, 70), $headers);
        //print "NORMALLY I WOULD SEND MAIL NAO:<pre>".$headers."\n\n".wordwrap($message,70)."</pre>";
        Query("update users set lostkey = '" . justEscape($resetKey) . "', lostkeytimer = " . time() . " where id = " . $user['id']);
        Kill(__("Check your email in a moment and follow the link found therein."), __("Reset email sent"));
    } else {
        write("\n\t<form action=\"lostpass.php\" method=\"post\">\n\t\t<table class=\"outline margin width50\">\n\t\t\t<tr class=\"header0\">\n\t\t\t\t<th colspan=\"2\">\n\t\t\t\t\t" . __("Lost password") . "\n\t\t\t\t</th>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class=\"cell2\">\n\t\t\t\t\t<label for=\"un\">" . __("User name") . "</label>\n\t\t\t\t</td>\n\t\t\t\t<td class=\"cell0\">\n\t\t\t\t\t<input type=\"text\" id=\"un\" name=\"name\" style=\"width: 98%;\" maxlength=\"25\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class=\"cell2\">\n\t\t\t\t\t<label for=\"em\">" . __("Email address") . "</label>\n\t\t\t\t</td>\n\t\t\t\t<td class=\"cell1\">\n\t\t\t\t\t<input type=\"email\" id=\"em\" name=\"mail\" style=\"width: 98%;\" maxlength=\"60\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell2\">\n\t\t\t\t<td></td>\n\t\t\t\t<td>\n\t\t\t\t\t<input type=\"submit\" name=\"action\" value=\"" . __("Send reset email") . "\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class=\"cell1 smallFonts\" colspan=\"2\">\n\t\t\t\t\t" . __("If you did not specify an email address in your profile, you are <em>not</em> out of luck. The old method of contacting an administrator from outside the board is still an option.") . "\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t</table>\n\t</form>\n");
    }
}
function randomString($len, $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
{
    $s = "";
    for ($i = 0; $i < $len; $i++) {
        $p = rand(0, strlen($chars) - 1);
        $s .= $chars[$p];
    }
    return $s;
}
<?php

//Layoutmaker.php AJAX backend
$ajaxPage = true;
$loguser['blocklayouts'] = 0;
//force layouts to show up
$base = $_POST['base'];
if (!isset($base) || strpos($base, ".") !== FALSE) {
    Kill("Invalid base layout.");
}
$basefile = "plugins/layoutmaker/bases/" . $base . ".php";
if (is_file($basefile)) {
    include $basefile;
} else {
    Kill("Invalid base layout.");
}
print "<style type=\"text/css\">" . ApplyParameters($cssTemplate) . "</style>";
$previewPost['num'] = "_";
$previewPost['id'] = "_";
foreach ($loguser as $key => $value) {
    $previewPost["u_" . $key] = $value;
}
$previewPost['u_postheader'] = trim(ApplyParameters($markupTemplateA));
$previewPost['text'] = Settings::get("profilePreviewText");
$previewPost['u_signature'] = trim(ApplyParameters($markupTemplateB));
$is_unoriginal = true;
foreach ($parameters as $key => $param) {
    if (isset($param['default']) && $_POST[$key] != $param['default']) {
        $is_unoriginal = false;
    }
}
Exemple #18
0
if ($post['deleted']) {
    Kill(__('This post is deleted.'));
}
$thread = Fetch(Query("SELECT * FROM {threads} WHERE id={0}", $post['thread']));
if (!$thread) {
    Kill(__('Unknown thread.'));
}
$fid = $thread['forum'];
if (!HasPermission('forum.viewforum', $fid)) {
    Kill(__('You may not access this forum.'));
}
$tags = ParseThreadTags($thread['title']);
$isHidden = !HasPermission('forum.viewforum', $fid, true);
if ($_POST['report']) {
    if ($_POST['key'] !== $loguser['token']) {
        Kill(__('No.'));
    }
    // TODO make this use actual notifications or anything better
    Query("INSERT INTO {pmsgs_text} (title,text) VALUES ({0},{1})", "Post report (post #{$pid})", '');
    $pmid = InsertId();
    Query("INSERT INTO {pmsgs} (id,userto,userfrom,date,ip,msgread,deleted,drafting)\n\t\tVALUES ({0},{1},{2},{3},{4},0,0,0)", $pmid, -1, $loguserid, time(), $_SERVER['REMOTE_ADDR']);
    $report = "<strong>Post report</strong>\n\n<strong>Post:</strong> " . actionLinkTag($tags[0], 'post', $pid) . " (post #{$pid})\n\n<strong>Message:</strong>\n{$_POST['message']}\n\n" . actionLinkTag('Mark issue as resolved', 'showprivate', $pmid, 'markread=1');
    Query("UPDATE {pmsgs_text} SET text={0} WHERE pid={1}", $report, $pmid);
    SendNotification('pm', $pmid, -1);
    die(header('Location: ' . actionLink('post', $pid)));
}
MakeCrumbs(forumCrumbs($forum) + array(actionLink("thread", $tid, '', $isHidden ? '' : $tags[0]) => $tags[0], '' => __("Report post")));
$user = Fetch(Query("SELECT * FROM {users} WHERE id={0}", $post['user']));
foreach ($user as $key => $value) {
    $post['u_' . $key] = $value;
}
Exemple #19
0
        if ($thread['user'] == $loguserid) {
            $links->add(new PipeMenuLinkEntry(__("Edit"), "editthread", $tid, "", "pencil"));
        }
    }
}
makeLinks($links);
$crumbs = new PipeMenu();
makeForumCrumbs($crumbs, $forum);
$crumbs->add(new PipeMenuLinkEntry($title, "thread", $tid));
makeBreadcrumbs($crumbs);
$OnlineUsersFid = $fid;
write("\n\t<script type=\"text/javascript\">\n\t\t\twindow.addEventListener(\"load\",  hookUpControls, false);\n\t</script>\n");
if ($thread['poll']) {
    $poll = Fetch(Query("SELECT p.*,\n\t\t\t\t\t\t\t(SELECT COUNT(DISTINCT user) FROM {pollvotes} pv WHERE pv.poll = p.id) as users,\n\t\t\t\t\t\t\t(SELECT COUNT(*) FROM {pollvotes} pv WHERE pv.poll = p.id) as votes\n\t\t\t\t\t\t FROM {poll} p\n\t\t\t\t\t\t WHERE p.id={0}", $thread['poll']));
    if (!$poll) {
        Kill(__("Poll not found"));
    }
    $totalVotes = $poll["users"];
    $rOptions = Query("SELECT pc.*,\n\t\t\t\t\t\t\t(SELECT COUNT(*) FROM {pollvotes} pv WHERE pv.poll = {0} AND pv.choiceid = pc.id) as votes,\n\t\t\t\t\t\t\t(SELECT COUNT(*) FROM {pollvotes} pv WHERE pv.poll = {0} AND pv.choiceid = pc.id AND pv.user = {1}) as myvote\n\t\t\t\t\t   FROM {poll_choices} pc\n\t\t\t\t\t   WHERE poll={0}", $thread['poll'], $loguserid);
    $pops = 0;
    $noColors = 0;
    $defaultColors = array("#0000B6", "#00B600", "#00B6B6", "#B60000", "#B600B6", "#B66700", "#B6B6B6", "#676767", "#6767FF", "#67FF67", "#67FFFF", "#FF6767", "#FF67FF", "#FFFF67", "#FFFFFF");
    while ($option = Fetch($rOptions)) {
        if ($option['color'] == "") {
            $option['color'] = $defaultColors[($option["id"] + 9) % 15];
        }
        $chosen = $option["myvote"] ? "&#x2714;" : "";
        $cellClass = ($cellClass + 1) % 2;
        if ($loguserid && !$thread['closed'] && IsAllowed("vote")) {
            $label = $chosen . " " . actionLinkTag(htmlspecialchars($option['choice']), "thread", $thread['id'], "vote=" . $option["id"] . "&token=" . $loguser["token"] . "&" . $fromstring);
        } else {
 $kuriseed = intval($kuridata[0]);
 $check = intval($kuridata[1]);
 $kurichallenge = $kuridata[2];
 $kurichallenge = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, md5(KURIKEY . $check, true), base64_decode($kurichallenge), MCRYPT_MODE_ECB, $iv);
 if (!$kurichallenge) {
     Kill('Hack attempt detected');
 }
 $kurichallenge = explode('|', $kurichallenge);
 if (count($kurichallenge) != 3) {
     Kill('Hack attempt detected');
 }
 if ($kurichallenge[0] != $kuridata[0]) {
     Kill('Hack attempt detected');
 }
 if ($kurichallenge[1] != $kuridata[1]) {
     Kill('Hack attempt detected');
 }
 $ngoombas = intval($kurichallenge[2]);
 if ($check < time() - 300) {
     $err = __('The token has expired. Reload the page and try again.');
 } else {
     if ($ngoombas != (int) $_POST['kurichallenge']) {
         $err = __('You failed the challenge. Look harder.');
     } else {
         if (IsProxy()) {
             $adminemail = Settings::get('ownerEmail');
             if ($adminemail) {
                 $halp = '<br><br>If you aren\'t using a proxy, contact the board owner at: ' . $adminemail;
             } else {
                 $halp = '';
             }
Exemple #21
0
                                copy($tmpfile, $file);
                            } elseif ($type <= 3) {
                                $r = imagesx($img1) / imagesy($img1);
                                if ($r > 1) {
                                    $img2 = imagecreatetruecolor($dimx, floor($dimy / $r));
                                    imagecopyresampled($img2, $img1, 0, 0, 0, 0, $dimx, $dimy / $r, imagesx($img1), imagesy($img1));
                                } else {
                                    $img2 = imagecreatetruecolor(floor($dimx * $r), $dimy);
                                    imagecopyresampled($img2, $img1, 0, 0, 0, 0, $dimx * $r, $dimy, imagesx($img1), imagesy($img1));
                                }
                                imagepng($img2, $file);
                            } else {
                                $error .= "<li>Invalid format.</li>";
                            }
                        }
                        $usepic = $file;
                    } else {
                        Kill(__("Could not update your avatar for the following reason(s):") . "<ul>" . $error . "</ul>");
                    }
                }
            }
        }
    }
}
$moodRows = "";
$rMoods = Query("select mid, name from {moodavatars} where uid={0} order by mid asc", $loguserid);
while ($mood = Fetch($rMoods)) {
    $cellClass = ($cellClass + 1) % 2;
    $moodRows .= format("\n\t\t<tr class=\"cell{0}\">\n\t\t\t<td style=\"width: 100px;\">\n\t\t\t\t<img src=\"img/avatars/{1}_{2}\" alt=\"\">\n\t\t\t</td>\n\t\t\t<td>\n\t\t\t\t<form method=\"post\" action=\"" . actionLink("editavatars") . "\">\n\t\t\t\t\t<input type=\"hidden\" name=\"mid\" value=\"{2}\" />\n\t\t\t\t\t<input type=\"text\" id=\"name{2}\" name=\"name\" style=\"width: 60%;\" value=\"{3}\" />\n\t\t\t\t\t<input type=\"submit\" name=\"action\" value=\"" . __("Rename") . "\" />\n\t\t\t\t\t<input type=\"submit\" name=\"action\" value=\"" . __("Delete") . "\" />\n\t\t\t\t</form>\n\t\t\t</td>\n\t\t</tr>\n", $cellClass, $loguserid, $mood['mid'], htmlspecialchars($mood['name']));
}
write("\n\t<table class=\"margin outline width50\">\n\t\t<tr class=\"header1\">\n\t\t\t<th colspan=\"2\">\n\t\t\t\t" . __("Mood avatars") . "\n\t\t\t</th>\n\t\t</tr>\n\t\t{0}\n\t\t<tr class=\"header1\">\n\t\t\t<th colspan=\"2\">\n\t\t\t\t" . __("Add new") . "\n\t\t\t</th>\n\t\t</tr>\n\t\t<tr class=\"cell2\">\n\t\t\t<td>\n\t\t\t</td>\n\t\t\t<td>\n\t\t\t\t<form method=\"post\" action=\"" . actionLink("editavatars") . "\" enctype=\"multipart/form-data\">\n\t\t\t\t\t<label for=\"newName\">" . __("Name:") . "</label>\n\t\t\t\t\t<input type=\"text\" id=\"newName\" name=\"name\" style=\"width: 60%;\" /><br />\n\n\t\t\t\t\t<label for=\"pic\">" . __("Image:") . "</label>\n\t\t\t\t\t<input type=\"file\" id=\"pic\" name=\"picture\"  style=\"width: 75%;\" />\n\n\t\t\t\t\t<input type=\"submit\" name=\"action\" value=\"" . __("Add") . "\" />\n\t\t\t\t</form>\n\t\t\t</td>\n\t</table>\n", $moodRows);
<?php

CheckPermission('admin.ipsearch');
$ip = $_GET["id"];
if (!filter_var($ip, FILTER_VALIDATE_IP)) {
    Kill("Invalid IP");
}
$links = array();
$links[] = "<a href=\"http://dnsquery.org/ipwhois/{$ip}\" target=\"_blank\">Whois Query</a>";
$links[] = "<a onclick=\"if(confirm('Are you sure you want to IP-ban {$ip}?')) {document.getElementById('banform').submit();} return false;\" href=\"#\">IP Ban</a>";
MakeCrumbs(array(actionLink("admin") => __("Admin"), actionLink("ipbans") => __("IP ban manager"), '' => $ip), $links);
$rUsers = Query("select * from {users} where lastip={0}", $ip);
echo "<h3>Users with this IP</h3>";
$userList = "";
$ipBanComment = "";
$i = 1;
if (NumRows($rUsers)) {
    while ($user = Fetch($rUsers)) {
        $ipBanComment .= $user["name"] . " ";
        $cellClass = ($cellClass + 1) % 2;
        if ($user['lasturl']) {
            $lastUrl = "<a href=\"" . $user['lasturl'] . "\">" . $user['lasturl'] . "</a>";
        } else {
            $lastUrl = __("None");
        }
        $userList .= format("\n\t\t<tr class=\"cell{0}\">\n\t\t\t<td>\n\t\t\t\t{1}\n\t\t\t</td>\n\t\t\t<td>\n\t\t\t\t{2}\n\t\t\t</td>\n\t\t\t<td>\n\t\t\t\t{3}\n\t\t\t</td>\n\t\t\t<td>\n\t\t\t\t{4}\n\t\t\t</td>\n\t\t\t<td>\n\t\t\t\t{5}\n\t\t\t</td>\n\t\t\t<td>\n\t\t\t\t{6}\n\t\t\t</td>\n\t\t</tr>\n\t", $cellClass, $i, UserLink($user), cdate("d-m-y G:i:s", $user['lastactivity']), $user['lastposttime'] ? cdate("d-m-y G:i:s", $user['lastposttime']) : __("Never"), $lastUrl, formatIP($user['lastip']));
        $i++;
    }
} else {
    $userList = "<tr class=\"cell0\"><td colspan=\"6\">" . __("No users") . "</td></tr>";
}
}
$fid = (int) $_GET['id'];
if (!HasPermission('forum.viewforum', $fid)) {
    Kill(__('You may not access this forum.'));
}
if (!HasPermission('forum.postthreads', $fid)) {
    Kill($loguser['banned'] ? __('You may not post because you are banned.') : __('You may not post threads in this forum.'));
}
$rFora = Query("select * from {forums} where id={0}", $fid);
if (NumRows($rFora)) {
    $forum = Fetch($rFora);
} else {
    Kill(__("Unknown forum ID."));
}
if ($forum['locked']) {
    Kill(__("This forum is locked."));
}
if (!isset($_POST['poll']) || isset($_GET['poll'])) {
    $_POST['poll'] = $_GET['poll'];
}
$isHidden = !HasPermission('forum.viewforum', $fid, true);
$urlname = $isHidden ? '' : $forum['title'];
$OnlineUsersFid = $fid;
MakeCrumbs(forumCrumbs($forum) + array('' => __("New thread")));
$attachs = array();
if (isset($_POST['saveuploads'])) {
    $attachs = HandlePostAttachments(0, false);
} else {
    if (isset($_POST['actionpreview'])) {
        $attachs = HandlePostAttachments(0, false);
        if ($_POST['poll']) {
Exemple #24
0
    $from = 0;
}
if (!$ppp) {
    $ppp = 25;
}
$rPosts = Query("\n\tSELECT\n\t\tp.*,\n\t\tpt.text, pt.revision, pt.user AS revuser, pt.date AS revdate,\n\t\tu.(_userfields), u.(rankset,title,picture,posts,postheader,signature,signsep,lastposttime,lastactivity,regdate,globalblock),\n\t\tru.(_userfields),\n\t\tdu.(_userfields),\n\t\tt.id thread, t.title threadname,\n\t\tf.id fid\n\tFROM\n\t\t{posts} p\n\t\tLEFT JOIN {posts_text} pt ON pt.pid = p.id AND pt.revision = p.currentrevision\n\t\tLEFT JOIN {users} u ON u.id = p.user\n\t\tLEFT JOIN {users} ru ON ru.id=pt.user\n\t\tLEFT JOIN {users} du ON du.id=p.deletedby\n\t\tLEFT JOIN {threads} t ON t.id=p.thread\n\t\tLEFT JOIN {forums} f ON f.id=t.forum\n\tWHERE u.id={1} AND " . forumAccessControlSql() . "\n\tORDER BY date ASC LIMIT {2u}, {3u}", $loguserid, $id, $from, $ppp);
$numonpage = NumRows($rPosts);
$uname = $user["name"];
if ($user["displayname"]) {
    $uname = $user["displayname"];
}
$crumbs = new PipeMenu();
$crumbs->add(new PipeMenuLinkEntry(__("Member list"), "memberlist"));
$crumbs->add(new PipeMenuHtmlEntry(userLink($user)));
$crumbs->add(new PipeMenuTextEntry(__("Posts")));
makeBreadcrumbs($crumbs);
if ($total == 0) {
    Kill(__("This user hasn't made any posts yet."));
}
$pagelinks = PageLinks(actionLink("listposts", $id, "from="), $ppp, $from, $total);
if ($pagelinks) {
    write("<div class=\"smallFonts pages\">" . __("Pages:") . " {0}</div>", $pagelinks);
}
if (NumRows($rPosts)) {
    while ($post = Fetch($rPosts)) {
        MakePost($post, POST_NORMAL, array('threadlink' => 1, 'tid' => $post['thread'], 'fid' => $post['fid'], 'noreplylinks' => 1));
    }
}
if ($pagelinks) {
    write("<div class=\"smallFonts pages\">" . __("Pages:") . " {0}</div>", $pagelinks);
}
Exemple #25
0
if (!HasPermission('forum.viewforum', $fid)) {
    Kill(__('You may not access this forum.'));
}
if (!HasPermission('forum.postreplies', $fid)) {
    Kill($loguser['banned'] ? __('You may not post because you are banned.') : __('You may not post in this forum.'));
}
$rFora = Query("select * from {forums} where id={0}", $fid);
if (NumRows($rFora)) {
    $forum = Fetch($rFora);
} else {
    Kill("Unknown forum ID.");
}
$fid = $forum['id'];
$isHidden = !HasPermission('forum.viewforum', $fid, true);
if ($thread['closed'] && !HasPermission('mod.closethreads', $fid)) {
    Kill(__("This thread is locked."));
}
$OnlineUsersFid = $fid;
LoadPostToolbar();
$tags = ParseThreadTags($thread['title']);
$urlname = $isHidden ? '' : $tags[0];
MakeCrumbs(forumCrumbs($forum) + array(actionLink("thread", $tid, '', $urlname) => $tags[0], '' => __("New reply")));
if (!$thread['sticky'] && Settings::get("oldThreadThreshold") > 0 && $thread['lastpostdate'] < time() - 2592000 * Settings::get("oldThreadThreshold")) {
    Alert(__("You are about to bump an old thread. This is usually a very bad idea. Please think about what you are about to do before you press the Post button."));
}
$attachs = array();
if (isset($_POST['saveuploads'])) {
    $attachs = HandlePostAttachments(0, false);
} else {
    if (isset($_POST['actionpreview'])) {
        $attachs = HandlePostAttachments(0, false);
Exemple #26
0
    $previewPost['options'] = 0;
    if ($_POST['nopl']) {
        $previewPost['options'] |= 1;
    }
    if ($_POST['nosm']) {
        $previewPost['options'] |= 2;
    }
    $previewPost['mood'] = (int) $_POST['mood'];
    foreach ($user as $key => $value) {
        $previewPost["u_" . $key] = $value;
    }
    MakePost($previewPost, POST_SAMPLE, array('forcepostnum' => 1, 'metatext' => __("Preview")));
} else {
    if (isset($_POST['actionpost'])) {
        if ($_POST['key'] != $loguser['token']) {
            Kill(__("No."));
        }
        $rejected = false;
        if (!$_POST['text']) {
            Alert(__("Enter a message and try again."), __("Your post is empty."));
            $rejected = true;
        }
        if (!$rejected) {
            $bucket = "checkPost";
            include "./lib/pluginloader.php";
        }
        if (!$rejected) {
            $options = 0;
            if ($_POST['nopl']) {
                $options |= 1;
            }
<?php

if ($loguser['powerlevel'] < 2) {
    Kill(__("You're not admin. There is nothing for you here."));
}
$crumbs = new PipeMenu();
$crumbs->add(new PipeMenuLinkEntry(__("Admin"), "admin"));
$crumbs->add(new PipeMenuLinkEntry(__("Update board"), "gitpull"));
makeBreadcrumbs($crumbs);
$output = array();
exec("git pull 2>&1", $output);
echo '<div style="width: 50%; margin-left: auto; margin-right: auto; background: black; border: 1px solid #0f0; color: #0f0; font-family: \'Consolas\', \'Lucida Console\', \'Courier New\', monospace;">';
if (empty($output)) {
    echo '<em>(no output)</em>';
} else {
    foreach ($output as $line) {
        echo htmlspecialchars($line) . '<br>';
    }
}
echo '</div>';
Exemple #28
0
{
    $trimmed = trim(preg_replace("/&.*;/", "", $subject));
    return strlen($trimmed) != 0;
}
if (isset($_POST['id'])) {
    $_GET['id'] = $_POST['id'];
}
if (!isset($_GET['id'])) {
    Kill(__("User ID unspecified."));
}
$id = (int) $_GET['id'];
$rUser = Query("select * from {users} where id={0}", $id);
if (NumRows($rUser)) {
    $user = Fetch($rUser);
} else {
    Kill(__("Unknown user ID."));
}
if ($id == $loguserid) {
    Query("update {users} set newcomments = 0 where id={0}", $loguserid);
    $loguser['newcomments'] = false;
}
$crumbs = new PipeMenu();
$crumbs->add(new PipeMenuLinkEntry(__("Member list"), "memberlist"));
$crumbs->add(new PipeMenuHtmlEntry(userLink($user)));
$crumbs->add(new PipeMenuTextEntry(__("Comments")));
makeBreadcrumbs($crumbs);
$canDeleteComments = ($id == $loguserid || $loguser['powerlevel'] > 2) && IsAllowed("deleteComments") && $loguser['powerlevel'] >= 0;
$canComment = $loguser['powerlevel'] >= 0;
if ($loguserid && ($_GET['token'] == $loguser['token'] || $_POST['token'] == $loguser['token'])) {
    if ($canDeleteComments && $_GET['action'] == "delete") {
        AssertForbidden("deleteComments");
Exemple #29
0
 }
 if ($shakeIt) {
     print "Generating security salt&hellip;<br />";
     $cset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPRQSTUVWXYZ0123456789";
     $salt = "";
     $chct = strlen($cset) - 1;
     while (strlen($salt) < 16) {
         $salt .= $cset[mt_rand(0, $chct)];
     }
     $sltf = @fopen("lib/salt.php", "w+") or Kill(format("Could not open \"lib/{0}.php\" for writing. This has been checked for earlier, so if you see this error now, something very strange is going on.", "salt"), "Mysterious filesystem permission error");
     fwrite($sltf, "<?php \$salt = \"" . $salt . "\" ?>\n");
     fclose($sltf);
 }
 print "Writing board configuration file&hellip;<br />";
 include "lib/settings.php";
 $hax = @fopen("lib/settings.php", "w") or Kill(format("Could not open \"lib/{0}.php\" for writing. This has been checked for earlier, so if you see this error now, something very strange is going on.", "settings"), "Mysterious filesystem permission error");
 fputs($hax, "<?php\n");
 fputs($hax, "//Generated and parsed by the Board Settings admin panel.\n");
 fputs($hax, "\n");
 fputs($hax, "//Settings\n");
 fputs($hax, "\$boardname = " . var_export($boardname, true) . ";\n");
 fputs($hax, "\$logoalt = " . var_export($logoalt, true) . ";\n");
 fputs($hax, "\$logotitle = " . var_export($logotitle, true) . ";\n");
 fputs($hax, "\$dateformat = " . var_export($dateformat, true) . ";\n");
 fputs($hax, "\$autoLockMonths = " . var_export((int) $autoLockMonths, true) . ";\n");
 fputs($hax, "\$warnMonths = " . var_export((int) $warnMonths, true) . ";\n");
 fputs($hax, "\$customTitleThreshold = " . var_export((int) $customTitleThreshold, true) . ";\n");
 fputs($hax, "\$viewcountInterval = " . var_export((int) $viewcountInterval, true) . ";\n");
 fputs($hax, "\$overallTidy = " . var_export((int) $tidy, true) . ";\n");
 fputs($hax, "\$noAjax = " . var_export((int) $noAjax, true) . ";\n");
 fputs($hax, "\$noGuestLayouts = " . var_export((int) $noGuestLayouts, true) . ";\n");
Exemple #30
0
    if ($forum['minpower'] > $pl) {
        Kill(__("You are not allowed to browse this forum."));
    }
} else {
    Kill(__("Unknown forum ID."));
}
$title = $forum['title'];
$qCat = "select * from categories where id=" . $forum['catid'];
$rCat = Query($qCat);
if (NumRows($rCat)) {
    $cat = Fetch($rCat);
    if ($cat['minpower'] > $pl) {
        Kill(__("You are not allowed to see this category."));
    }
} else {
    Kill(__("Unknown category ID."));
}
//Autolock system
if ($autoLockMonths > 0) {
    $locktime = time() - 2592000 * $autoLockMonths;
    Query("UPDATE threads SET closed=1 WHERE forum=" . $fid . " AND closed=0 AND lastpostdate<" . $locktime);
}
//</autolock>
$isIgnored = FetchResult("select count(*) from ignoredforums where uid=" . $loguserid . " and fid=" . $fid, 0, 0) == 1;
if (isset($_GET['ignore'])) {
    if (!$isIgnored) {
        Query("insert into ignoredforums values (" . $loguserid . ", " . $fid . ")");
        Alert(__("Forum ignored. You will no longer see any \"New\" markers for this forum."));
    }
} else {
    if (isset($_GET['unignore'])) {