/** * @return void * @param * @param * @desc A generic function, that can be used by all programs. Does all the basic login stuff. */ function initProgramlib($ctype = null) { global $gbl, $sgbl, $login, $ghtml; // /* // --- solution for some scripts running well in slave // REVERT - back to original if ($sgbl->is_this_slave()) { print "This is a Slave Server. Operate it at the Master server.\n"; exit; } // */ static $var = 0; $var++; $progname = $sgbl->__var_program_name; lfile_put_contents($sgbl->__var_error_file, ""); set_exception_handler("lx_exception_handler"); //xdebug_disable(); set_error_handler("lx_error_handler"); //setcookie("XDEBUG_SESSION", "sess"); if ($var >= 2) { dprint("initProgramlib called twice \n <br> "); } if ($ctype === 'superadmin') { $sgbl->__var_dbf = $sgbl->__path_supernode_db; $sgbl->__path_admin_pass = $sgbl->__path_super_pass; $sgbl->__var_admin_user = $sgbl->__var_super_user; $login = new SuperClient(null, null, 'superadmin', 'login', 'forced'); $login->get(); return; } else { if ($ctype === "guest") { $login = new Client(null, null, "____________", "guest"); $login->get(); return; } else { if ($ctype != "") { $login = new Client(null, null, $ctype, "login", "forced"); $login->get(); return; } } } $sessobj = null; if ($ghtml->frm_consumedlogin === 'true') { $clientname = $_COOKIE["{$progname}-consumed-clientname"]; $classname = $_COOKIE["{$progname}-consumed-classname"]; $session_id = $_COOKIE["{$progname}-consumed-session-id"]; get_login($classname, $clientname); $login->__session_id = $session_id; $sessobj = $login->getObject('ssession'); } else { if (isset($_COOKIE["{$progname}-session-id"])) { $clientname = $_COOKIE["{$progname}-clientname"]; $classname = $_COOKIE["{$progname}-classname"]; $session_id = $_COOKIE["{$progname}-session-id"]; if ($classname === 'superclient') { $sgbl->__var_dbf = $sgbl->__path_supernode_db; $sgbl->__path_admin_pass = $sgbl->__path_super_pass; $sgbl->__var_admin_user = $sgbl->__var_super_user; } if ($classname === 'slave') { $sgbl->__var_dbf = $sgbl->__path_slave_db; } if ($classname) { get_login($classname, $clientname); $login->__session_id = $session_id; $sessobj = $login->getObject('ssession'); } } } if (!$sessobj || $sessobj->dbaction === 'add') { if ($ghtml->frm_ssl) { $ssl = unserialize(base64_decode($ghtml->frm_ssl)); $string = $ssl['string']; $ssl_param = $ssl['ssl_param']; $encrypted_string = base64_decode($ssl['encrypted_string']); if (!$string || !checkPublicKey($string, $encrypted_string)) { print "SSL Connection Failed <br> \n"; exit; } $class = 'client'; $clientname = 'admin'; get_login($class, $clientname); do_login($class, $clientname, $ssl_param); $sessobj = $gbl->c_session; $sessobj->write(); $sessobj->dbaction = 'clean'; } } //get_savedlogin($classname, $clientname); //print_time('login_get', "Login Get"); //dprintr($login); //avoid some php warnings if (isset($login)) { $gbl->client = $login->nname; $gbl->client_ttype = $login->cttype; } //dprintr($login->hpfilter); // This means the session object got created fresh. if (!$sessobj || $sessobj->dbaction === 'add') { dprint("Session id is empty. Clearing cookies and redirect to login."); clear_all_cookie(); $ghtml->print_redirect_self("/login/"); } $gbl->c_session = $sessobj; if ($login->getClName() !== $sessobj->parent_clname) { dprint_r($login->ssession_l); dprint(" <br> {$session_id} <br> <br> <br> "); print "Session error! Login again."; clear_all_cookie(); $ghtml->print_redirect_self("/login/?frm_emessage=sessionname_not_client"); } $gen = $login->getObject('general')->generalmisc_b; if (!$gen->isOn('disableipcheck') && $_SERVER['REMOTE_ADDR'] != $sessobj->ip_address) { $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']); log_message("An attempt to hack from {$hostname} (" . $_SERVER['REMOTE_ADDR'] . ") with sess {$sessobj->nname}, session ip: {$sessobj->ip_address}"); if ($gen->isOn('disableipcheck')) { } else { clear_all_cookie(); if ($gbl->c_session->ssl_param) { $sessobj->delete(); $sessobj->write(); $ghtml->print_redirect("{$gbl->c_session->ssl_param['backurl']}&frm_emessage=ipaddress_changed_amidst_session"); } else { $ghtml->print_redirect_self("/login/?frm_emessage=ipaddress_changed_amidst_session"); } } } if (intval($login->getSpecialObject('sp_specialplay')->ssession_timeout) <= 100) { $login->getSpecialObject('sp_specialplay')->ssession_timeout = 100; $login->setUpdateSubaction(); } $timeout = $sessobj->last_access + $login->getSpecialObject('sp_specialplay')->ssession_timeout; $sessobj->timeout = $timeout; //$timeout = $sessobj->last_access + 4; $sessobj->last_access = time(); $sessobj->setUpdateSubaction(); if ($sessobj->auxiliary_id) { $aux = new Auxiliary(null, null, $sessobj->auxiliary_id); $aux->get(); $login->__auxiliary_object = $aux; } if (time() > $timeout) { $sessobj->delete(); $sessobj->write(); //print("session error timeout"); if ($gbl->c_session->ssl_param) { $ghtml->print_redirect("{$gbl->c_session->ssl_param['backurl']}&frm_emessage=session_timeout"); } else { $ghtml->print_redirect_self("/login/?frm_emessage=session_timeout"); } } addToUtmp($sessobj, 'update'); }
function do_get_new_updates() { include_once MCWD . '/include/login.php'; do_login(); $out = array('pm_notices' => get_pm_unread(), 'sub_notices' => get_sub_thread_updates()); vB_User::processLogout(); return $out; }
public function receive() { global $config, $user; if (request_method() != 'post') { redirect(s_link()); } // Init member $user->init(); if (!$user->is('member')) { do_login(); } $this->ref = request_var('ref', $user->d('session_page'), true); if (preg_match('#([0-9a-z\-]+)\.(.*?)\.([a-z]+){1,3}(/(.*?))?$#i', $this->ref, $part) && ($part[1] != 'www')) { $this->ref = '//' . $part[2] . '.' . $part[3] . '/a/' . $part[1] . $part[4]; } $this->store(); redirect($this->ref); }
function do_logout($return = FALSE) { /* logout - destroy session data */ global $hide_dispatched, $hide_status_groups; @session_start(); $_SESSION['expires'] = 0; if (array_key_exists('user_id', $_SESSION)) { // 7/27/10 - 8/10/10 $query = "DELETE FROM `{$GLOBALS['mysql_prefix']}ticket` WHERE `status` = {$GLOBALS['STATUS_RESERVED']} AND `_by` = {$_SESSION['user_id']};"; //8/10/10 $result = mysql_query($query); } $sid = session_id(); // 1/8/10 $query = "UPDATE `{$GLOBALS['mysql_prefix']}user` SET \n\t\t`sid` = NULL, \n\t\t`expires` = NULL \n\t\tWHERE `{$GLOBALS['mysql_prefix']}user`.`sid` = '{$sid}' LIMIT 1 ;"; // 8/10/10 $result = mysql_query($query); // toss any error $the_id = array_key_exists('user_id', $_SESSION) ? $_SESSION['user_id'] : 0; // possibly already logged out do_log($GLOBALS['LOG_SIGN_OUT'], 0, 0, $the_id); // log this logout if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 42000, '/'); } // 8/25/10 unset($sid); $_SESSION = array(); @session_destroy(); // 2/18/08 if ($return) { return; } do_login('main.php', TRUE); // wait for login }
$sql = sql_query(" SELECT id FROM `users` WHERE email='{$email1}' LIMIT 1 "); if (sql_count($sql) > 0) { notices_set('Email already in use, please use a different email or reset your password', 'error'); $terror = true; } //last error check if ($terror) { //exit script echo notices_get(); return false; } //create password $hash_token = password_hash_create(); //creates a users unique hash $password = password_encrypt($password1, $hash_token); //create account confirm $confirm = confirm_token_create($email1); //add to database sql_query(" INSERT INTO `users` (hash_token, email, password, confirm) VALUES('{$hash_token}', '{$email1}', '{$password}', '{$confirm}') "); //set notices notices_set('Account successfully created!', 'success'); //send email email_send('register', 'Welcome to Planling!', array($email1 => $email1), array('{{%LINK%}}' => 'http://' . MAIN_URL . '/verify?e=' . $email1 . '&t=' . $confirm)); //log the user in if (do_login($email1, $password1)) { $main_data = set_main_data(); } else { return false; } //success return true;
$error_msg = $lang['users_msg_forbidden_chars']; } } else { $error_msg = $lang['users_msg_values_length_short']; } } else { $error_msg = $lang['users_msg_wrong_antispam_num']; } } else { $error_msg = $lang['users_msg_empty_values']; } $var = array('username' => $_POST['username'], 'email' => $_POST['email']); login_screen($lang['login_registration'], $error_msg, 'error'); } elseif (isset($_POST['action']) && $_POST['action'] == 'login') { if (preg_match('/^[_ a-zA-Z0-9\\.\\-]+$/', $_POST['user_login']) && !empty($_POST['user_login']) && !empty($_POST['user_pass'])) { do_login($_POST['user_login'], $_POST['user_pass'], $_POST['perm_login']); if ($_SESSION['mn_logged']) { if (isset($_POST['redir'])) { header('location: ' . $_POST['redir']); exit; } else { header('location: ./'); exit; } } elseif (isset($_SESSION['login_error'])) { login_screen($lang['login_login'], $lang['login_msg_status_' . $_SESSION['login_error']], 'warning'); } else { login_screen($lang['login_login'], $lang['login_msg_login_error'], 'error'); } } else { login_screen($lang['login_login'], $lang['login_msg_login_error'], 'error');
function print_index() { global $gbl, $sgbl, $ghtml, $login; ob_start(); print_time('index'); $cgi_clientname = $ghtml->frm_clientname; Htmllib::checkForScript($cgi_clientname); $cgi_class = $ghtml->frm_class; if (!$cgi_class) { $cgi_class = getClassFromName($cgi_clientname); } $cgi_password = $ghtml->frm_password; $cgi_forgotpwd = $ghtml->frm_forgotpwd; $cgi_email = $ghtml->frm_email; $cgi_key = $ghtml->frm_login_key; if (!$cgi_password || !$cgi_clientname) { $ghtml->print_redirect("/login/?frm_emessage=login_error"); } $cgi_classname = 'client'; if ($cgi_class) { $cgi_classname = $cgi_class; } if ($cgi_clientname == "" || $cgi_password == "" && $cgi_key == "") { $cgi_forgotpwd = $ghtml->frm_forgotpwd; return; } $ip = $_SERVER['REMOTE_ADDR']; if (!check_login_success($cgi_classname, $cgi_clientname, $cgi_password, $cgi_key)) { return; } log_log("login_success", "Successful Login to {$cgi_clientname} from " . $_SERVER['REMOTE_ADDR']); /* try { $att = $gbl->g->getFromList("loginattempt", $ip); $att->delete(); } catch (Exception $e) { } */ if (check_disable_admin($cgi_clientname)) { $ghtml->print_redirect("/login/?frm_emessage=login_error"); exit; } if (get_login($cgi_classname, $cgi_clientname)) { do_login($cgi_classname, $cgi_clientname); $login->was(); check_blocked_ip(); $ghtml->print_redirect("/"); } else { $ghtml->cgiset("frm_emessage", "login_error"); } $cgi_forgotpwd = $ghtml->frm_forgotpwd; }
public function object() { global $auth, $user, $config, $comments, $upload; $mode = request_var('mode', ''); switch ($mode) { case 'view': case 'fav': case 'rsvp': $download_id = request_var('download_id', 0); if (!$download_id) { redirect(s_link('events', $this->v('event_alias'))); } switch ($mode) { case 'view': $sql = 'SELECT e.*, COUNT(e2.image) AS prev_images FROM _events_images e, _events_images e2 WHERE e.event_id = ? AND e.event_id = e2.event_id AND e.image = ? AND e2.image <= ? GROUP BY e.image ORDER BY e.image ASC'; $sql = sql_filter($sql, $this->v('id'), $download_id, $download_id); break; case 'rsvp': $sql = ''; break; default: $sql = 'SELECT e2.* FROM _events_images e2 LEFT JOIN _events e ON e.id = e2.event_id WHERE e2.event_id = ? AND e2.image = ?'; $sql = sql_filter($sql, $this->v('id'), $download_id); break; } if (!empty($sql)) { if (!$imagedata = sql_fieldrow($sql)) { redirect(s_link('events', $this->v('event_alias'))); } } break; } switch ($mode) { case 'fav': if (!$user->is('member')) { do_login(); } $sql = 'SELECT * FROM _events_fav WHERE event_id = ? AND image_id = ? AND member_id = ?'; if ($row = sql_fieldrow(sql_filter($sql, $this->v('id'), $imagedata['image'], $user->d('user_id')))) { $sql = 'UPDATE _events_fav SET fav_date = ? WHERE event_id = ? AND image_id = ?'; sql_query(sql_filter($sql, time(), $this->v('id'), $imagedata['image'])); } else { $sql_insert = array( 'event_id' => (int) $this->v('id'), 'image_id' => (int) $imagedata['image'], 'member_id' => (int) $user->d('user_id'), 'fav_date' => time() ); sql_insert('events_fav', $sql_insert); } redirect(s_link('events', $this->v('event_alias'), $imagedata['image'], 'view')); break; case 'rsvp': $choice = array_key(array_keys(request_var('choice', array(0 => ''))), 0); $topic_id = $this->v('event_topic'); if (!$topic_id) { fatal_error(); } if (!$choice) { redirect(s_link('events', $this->v('event_alias'))); } if (!$user->is('member')) { do_login(); } $sql = 'SELECT vd.vote_id FROM _poll_options vd, _poll_results vr WHERE vd.topic_id = ? AND vr.vote_id = vd.vote_id AND vr.vote_option_id = ? GROUP BY vd.vote_id'; if (!$vote_id = sql_field(sql_filter($sql, $topic_id, $choice), 'vote_id', 0)) { fatal_error(); } $sql = 'SELECT * FROM _poll_voters WHERE vote_id = ? AND vote_user_id = ?'; if (!sql_fieldrow(sql_filter($sql, $vote_id, $user->d('user_id')))) { $sql = 'UPDATE _poll_results SET vote_result = vote_result + 1 WHERE vote_id = ? AND vote_option_id = ?'; sql_query(sql_filter($sql, $vote_id, $choice)); $insert_vote = array( 'vote_id' => (int) $vote_id, 'vote_user_id' => (int) $user->d('user_id'), 'vote_user_ip' => $user->ip, 'vote_cast' => (int) $choice ); sql_insert('poll_voters', $insert_vote); } redirect(s_link('events', $this->v('event_alias'))); break; case 'view': default: /** * Generate thumbnail for events list. */ if ($user->is('colab') && !$this->v('images') && _button('create_thumbnail')) { $location_large = $config['events_path'] . 'future/' . $this->v('id') . '.jpg'; $location_mini = $config['events_path'] . 'mini/' . $this->v('id') . '.jpg'; $x1 = request_var('x1', 0); $y1 = request_var('y1', 0); $x2 = request_var('x2', 0); $y2 = request_var('y2', 0); $w = request_var('w', 0); $h = request_var('h', 0); //Scale the image to the thumb_width set above $scale = $config['events_thumb_width'] / $w; $cropped = $upload->resizeThumbnailImage($location_mini, $location_large, $w, $h, $x1, $y1, $scale); redirect(s_link('events')); } /** * Normal operations */ $t_offset = request_var('offset', 0); if ($mode == 'view') { $sql = 'UPDATE _events_images SET views = views + 1 WHERE event_id = ? AND image = ?'; sql_query(sql_filter($sql, $this->v('id'), $imagedata['image'])); _style('selected', array( 'IMAGE' => $config['events_url'] . 'gallery/' . $this->v('id') . '/' . $imagedata['image'] . '.jpg', 'WIDTH' => $imagedata['width'], 'HEIGHT' => $imagedata['height'], 'FOOTER' => $imagedata['image_footer']) ); if ($user->is('founder')) { _style('selected.update', array( 'URL' => s_link('async eif'), 'EID' => $this->v('id'), 'PID' => $imagedata['image']) ); } $is_fav = false; if ($user->is('member')) { $sql = 'SELECT member_id FROM _events_fav WHERE event_id = ? AND image_id = ? AND member_id = ?'; if (sql_field(sql_filter($sql, $this->v('id'), $imagedata['image'], $user->d('user_id')), 'member_id', 0)) { $is_fav = true; } } if (!$is_fav || !$user->is('member')) { _style('selected.fav', array( 'URL' => s_link('events', $this->v('id'), $imagedata['image'], 'fav')) ); } } else { if (!$t_offset && $user->is('founder')) { $sql = 'UPDATE _events SET views = views + 1 WHERE id = ?'; sql_query(sql_filter($sql, $this->v('id'))); } } $sql = 'SELECT t.topic_id, t.topic_title, t.topic_locked, t.topic_replies, t.topic_time, t.topic_important, t.topic_vote, t.topic_featured, t.topic_points, t.topic_last_post_id, f.forum_alias, f.forum_name, f.forum_locked, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_announce, f.auth_pollcreate, f.auth_vote FROM _forum_topics t, _forums f WHERE t.topic_id = ? AND f.forum_id = t.forum_id'; if (!$event_topic = sql_fieldrow(sql_filter($sql, $this->v('event_topic')))) { fatal_error(); } $mod_auth = $user->is('mod'); $error = w(); $forum_id = $event_topic['forum_id']; $submit_reply = _button('post'); $reply = request_var('reply', 0); if ($reply) { $post_reply = request_var('p', 0); $sql = 'SELECT p.*, u.user_id, u.username FROM _forum_posts p, _members u WHERE p.post_id = ? AND u.user_id = p.poster_id AND p.post_deleted = 0'; if (!$post_data = sql_fieldrow(sql_filter($sql, $post_reply))) { redirect(s_link('events', $this->v('event_alias'))); } } $is_auth = $auth->forum(AUTH_ALL, $forum_id, $event_topic); $u_event_alias = s_link('events', $this->v('event_alias')); $u_event_publish = ($reply) ? s_link('events', $this->v('event_alias'), $post_reply, 'reply') : $u_event_alias; if ($submit_reply) { $auth_key = 'auth_reply'; if (((!$is_auth['auth_view'] || !$is_auth['auth_read'])) || !$is_auth[$auth_key]) { if (!$user->is('member')) { do_login(); } $can_reply_closed = $auth->option(array('forum', 'topics', 'delete')); if (!$can_reply_closed && ($event_topic['forum_locked'] || $event_topic['topic_locked'])) { $error[] = 'TOPIC_LOCKED'; } if (sizeof($error)) { redirect($u_event_alias); } } $post_message = request_var('message', '', true); if ($reply) { $post_reply_message = request_var('reply_message', '', true); } // Check message if (empty($post_message)) { $error[] = 'EMPTY_MESSAGE'; } if (sizeof($error)) { redirect($u_event_alias); } if (!$mod_auth) { $sql = 'SELECT MAX(post_time) AS last_post_time FROM _forum_posts WHERE poster_id = ?'; if ($last_post_time = sql_field(sql_filter($sql, $user->d('user_id')))) { if (intval($last_post_time) > 0 && ($current_time - intval($last_post_time)) < intval($config['flood_interval'])) { $error[] = 'FLOOD_ERROR'; } } } if (sizeof($error)) { redirect($u_event_alias); } $update_topic = w(); if (strstr($post_message, '-Anuncio-') && $user->is('mod')) { $topic_announce = 1; $post_message = str_replace('-Anuncio-', '', $post_message); $update_topic['topic_announce'] = $topic_announce; } if (strstr($post_message, '-Cerrado-') && $user->is('mod')) { $topic_locked = 1; $post_message = str_replace('-Cerrado-', '', $post_message); $update_topic['topic_locked'] = $topic_locked; } $post_message = $comments->prepare($post_message); if ($reply && $post_reply_message != '') { $post_reply_message = preg_replace('#(^|[\n ]|\()(http|https|ftp)://([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)(gif|jpg|jpeg|png)#ie', '', $post_reply_message); } if ($reply && empty($post_reply_message)) { $post_reply_message = '...'; } if ($reply && $post_reply_message != '') { $post_message = '<blockquote><strong>' . $post_data['username'] . "</strong>" . nr(false, 2) . $post_reply_message . '</blockquote><br /> ' . $post_message; } else { $reply = 0; } $insert_data = array( 'topic_id' => (int) $this->v('event_topic'), 'forum_id' => (int) $forum_id, 'poster_id' => (int) $user->d('user_id'), 'post_time' => time(), 'poster_ip' => $user->ip, 'post_text' => $post_message, 'post_np' => '' ); if ($reply) { $insert_data['post_reply'] = $post_reply; } $post_id = sql_insert('forum_posts', $insert_data); $user->delete_unread(UH_T, $this->v('event_topic')); $user->save_unread(UH_T, $this->v('event_topic')); // $a_list = forum_for_team_list($forum_id); if (count($a_list)) { $sql_delete_unread = 'DELETE FROM _members_unread WHERE element = ? AND item = ? AND user_id NOT IN (??)'; sql_query(sql_filter($sql, 8, $this->v('event_topic'), implode(', ', $a_list))); } $update_topic['topic_last_post_id'] = $post_id; if ($topic_locked) { topic_feature($topic_id, 0); } $sql = 'UPDATE _forums SET forum_posts = forum_posts + 1, forum_last_topic_id = ? WHERE forum_id = ?'; sql_query(sql_filter($sql, $this->v('event_topic'), $forum_id)); $sql = 'UPDATE _forum_topics SET topic_replies = topic_replies + 1, ' . sql_build('UPDATE', $update_topic) . sql_filter(' WHERE topic_id = ?', $this->v('event_topic')); sql_query($sql); $sql = 'UPDATE _members SET user_posts = user_posts + 1 WHERE user_id = ?'; sql_query(sql_filter($sql, $user->d('user_id'))); redirect($u_event_alias); } // Get event thumbnails $t_per_page = 18; if ($mode == 'view' && $download_id) { $val = 1; $sql = 'SELECT MAX(image) AS total FROM _events_images WHERE event_id = ?'; if ($maximage = sql_field(sql_filter($sql, $this->v('id')), 'total', 0)) { $val = ($download_id == $maximage) ? 2 : 1; } $t_offset = floor(($imagedata['prev_images'] - $val) / $t_per_page) * $t_per_page; } if ($this->v('images')) { $exception_sql = (isset($download_id) && $download_id) ? sql_filter(' AND g.image <> ? ', $download_id) : ''; $sql = 'SELECT g.* FROM _events e, _events_images g WHERE e.id = ? AND e.id = g.event_id ' . $exception_sql . ' ORDER BY g.image ASC LIMIT ??, ??'; if (!$result = sql_rowset(sql_filter($sql, $this->v('id'), $t_offset, $t_per_page))) { redirect(s_link('events', $this->v('id'))); } build_num_pagination(s_link('events', $this->v('id'), 's%d'), $this->v('images'), $t_per_page, $t_offset, 'IMG_'); _style('thumbnails'); foreach ($result as $row) { _style('thumbnails.item', array( 'URL' => s_link('events', $this->v('event_alias'), $row['image'], 'view'), 'IMAGE' => $config['events_url'] . 'gallery/' . $this->v('id') . '/thumbnails/' . $row['image'] . '.jpg', 'RIMAGE' => $config['events_url'] . 'gallery/' . $this->v('id') . '/' . $row['image'] . '.jpg', 'FOOTER' => $row['image_footer'], 'WIDTH' => $row['width'], 'HEIGHT' => $row['height']) ); } // Credits $sql = 'SELECT * FROM _events_colab c, _members m WHERE c.colab_event = ? AND c.colab_uid = m.user_id ORDER BY m.username'; if ($result = sql_rowset(sql_filter($sql, $this->v('id')))) { _style('collab'); foreach ($result as $row) { _style('collab.row', array( 'PROFILE' => s_link('m', $row['username_base']), 'USERNAME' => $row['username']) ); } } } else { _style('event_flyer', array( 'IMAGE_SRC' => $config['events_url'] . 'future/' . $this->v('id') . '.jpg?u=' . $this->v('event_update')) ); $location_mini = $config['events_path'] . 'mini/' . $this->v('id') . '.jpg'; if ($user->is('colab') && !$this->v('images') && !@file_exists($location_mini)) { $large_filepath = $config['events_path'] . 'future/' . $this->v('id') . '.jpg'; _style('event_flyer.thumbnail', array( 'ACTION' => $u_event_alias, 'SCALE' => ($config['events_thumb_height'] / $config['events_thumb_width']), 'THUMB_WIDTH' => $config['events_thumb_width'], 'THUMB_HEIGHT' => $config['events_thumb_height'], 'LARGE_WIDTH' => $upload->getWidth($large_filepath), 'LARGE_HEIGHT' => $upload->getHeight($large_filepath) )); } } list($d, $m, $y) = explode(' ', gmdate('j n Y', time() + $user->timezone + $user->dst)); $midnight = gmmktime(0, 0, 0, $m, $d, $y) - $user->timezone - $user->dst; $event_date = $user->format_date($this->v('date'), 'j F Y \a \l\a\s H:i') . ' horas.'; if ($this->v('date') >= $midnight) { if ($this->v('date') >= $midnight && $this->v('date') < $midnight + 86400) { $event_date_format = lang('event_today'); } else if ($this->v('date') >= $midnight + 86400 && $this->v('date') < $midnight + (86400 * 2)) { $event_date_format = lang('event_tomorrow'); } else { $event_date_format = sprintf(lang('event_after'), $event_date); } } else { if ($this->v('date') >= ($midnight - 86400)) { $event_date_format = lang('event_yesterday'); } else { $event_date_format = sprintf(lang('event_before'), $event_date); } } v_style(array( 'EVENT_NAME' => $this->v('title'), 'EVENT_DATE' => $event_date_format, 'EVENT_URL' => $u_event_alias, 'EVENT_PUBLISH' => $u_event_publish) ); $posts_offset = request_var('ps', 0); $topic_id = $this->v('event_topic'); // START RSVP if ($topic_id) { $sql = 'SELECT vd.vote_id, vd.vote_text, vd.vote_start, vd.vote_length, vr.vote_option_id, vr.vote_option_text, vr.vote_result FROM _poll_options vd, _poll_results vr WHERE vd.topic_id = ? AND vr.vote_id = vd.vote_id ORDER BY vr.vote_option_order, vr.vote_option_id ASC'; if ($vote_info = sql_rowset(sql_filter($sql, $topic_id))) { $sql = 'SELECT vote_id FROM _poll_voters WHERE vote_id = ? AND vote_user_id = ?'; $user_voted = sql_field(sql_filter($sql, $vote_info[0]['vote_id'], $user->d('user_id')), 'vote_id', 0); $poll_expired = ($vote_info[0]['vote_length']) ? (($vote_info[0]['vote_start'] + $vote_info[0]['vote_length'] < time()) ? true : false) : false; _style('poll', array( 'POLL_TITLE' => $vote_info[0]['vote_text']) ); if ($user_voted || $poll_expired) { _style('poll.results'); foreach ($vote_info as $row) { if ($this->v('date') >= $midnight) { $caption = ($row['vote_result'] == 1) ? lang('rsvp_future_one') : lang('rsvp_future_more'); } else { $caption = ($row['vote_result'] == 1) ? lang('rsvp_past_one') : lang('rsvp_past_more'); } _style('poll.results.item', array( 'CAPTION' => $caption, 'RESULT' => $row['vote_result']) ); break; } } else { _style('poll.options', array( 'S_VOTE_ACTION' => s_link('events', $this->v('event_alias'), 1, 'rsvp')) ); foreach ($vote_info as $row) { $caption = ($this->v('date') >= $midnight) ? lang('rsvp_future') : lang('rsvp_past'); _style('poll.options.item', array( 'ID' => $row['vote_option_id'], 'CAPTION' => $caption) ); break; } } } } // END RSVP $sql = 'SELECT p.*, u.user_id, u.username, u.username_base, u.user_avatar, u.user_posts, u.user_gender, u.user_rank FROM _forum_posts p, _members u WHERE p.topic_id = ? AND u.user_id = p.poster_id AND p.post_deleted = 0 ORDER BY p.post_time DESC LIMIT ??, ??'; if (!$messages = sql_rowset(sql_filter($sql, $topic_id, $posts_offset, $config['posts_per_page']))) { redirect(s_link('events', $this->v('event_alias'))); } if (!$posts_offset) { //unset($messages[0]); } $i = 0; foreach ($messages as $row) { if (!$i) { $controls = w(); $user_profile = w(); $unset_user_profile = array('user_id', 'user_posts', 'user_gender'); _style('messages'); } if ($user->is('member')) { $controls[$row['post_id']]['reply'] = s_link('events', $this->v('event_alias'), $row['post_id'], 'reply'); if ($mod_auth) { $controls[$row['post_id']]['edit'] = s_link('acp', array('forums_post_modify', 'msg_id' => $row['post_id'])); $controls[$row['post_id']]['delete'] = s_link('acp', array('forums_post_delete', 'msg_id' => $row['post_id'])); } } $user_profile[$row['user_id']] = $comments->user_profile($row, '', $unset_user_profile); $data = array( 'POST_ID' => $row['post_id'], 'DATETIME' => $user->format_date($row['post_time']), 'MESSAGE' => $comments->parse_message($row['post_text']), 'PLAYING' => $row['post_np'], 'DELETED' => $row['post_deleted'] ); foreach ($user_profile[$row['user_id']] as $key => $value) { $data[strtoupper($key)] = $value; } _style('messages.row', $data); if (isset($controls[$row['post_id']])) { _style('messages.row.controls'); foreach ($controls[$row['post_id']] as $item => $url) { _style('messages.row.controls.' . $item, array( 'URL' => $url) ); } } $i++; } build_num_pagination(s_link('events', $this->v('event_alias'), 'ps%d'), $event_topic['topic_replies'], $config['posts_per_page'], $posts_offset, 'MSG_'); $publish_ref = ($posts_offset) ? s_link('events', $this->v('event_alias'), 's' . $t_offset) : s_link('events', $this->v('event_alias')); // Posting box if ($user->is('member')) { _style('publish', array( 'REF' => $publish_ref) ); if ($reply) { if (empty($post_reply_message)) { $post_reply_message = $comments->remove_quotes($post_data['post_text']); } if (!empty($post_reply_message)) { $rx = array('#(^|[\n ]|\()(http|https|ftp)://([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)(gif|jpg|jpeg|png)#is', '#\[yt:[0-9a-zA-Z\-\=\_]+\]#is', '#\[sb\]#is', '#\[\/sb\]#is'); $post_reply_message = preg_replace($rx, '', $post_reply_message); } if (empty($post_reply_message)) { $post_reply_message = '...'; } _style('publish.reply', array( 'MESSAGE' => $post_reply_message) ); } } break; } $this->_title = $this->v('title'); $this->_template = 'events.view'; return true; }
public function user_ban() { global $user; if (!$user->is('member')) { do_login(); } if ($user->d('user_id') == $this->data['user_id']) { redirect(s_link('m', $this->data['username_base'])); } if ($epbi) { fatal_error(); } $sql = 'SELECT ban_id FROM _members_ban WHERE user_id = ? AND banned_user = ?'; if ($row = sql_fieldrow(sql_filter($sql, $user->d('user_id'), $this->data['user_id']))) { $sql = 'DELETE FROM _members_ban WHERE ban_id = ?'; sql_query(sql_filter($sql, $row['ban_id'])); redirect(s_link('m', $this->data['username_base'])); } $sql_insert = array( 'user_id' => $user->d('user_id'), 'banned_user' => $this->data['user_id'], 'ban_time' => $user->time ); sql_insert('members_ban', $sql_insert); $sql = 'DELETE FROM _members_friends WHERE user_id = ? AND buddy_id = ?'; sql_query(sql_filter($sql, $user->d('user_id'), $this->data['user_id'])); $sql = 'DELETE FROM _members_friends WHERE user_id = ? AND buddy_id = ?'; sql_query(sql_filter($sql, $this->data['user_id'], $user->d('user_id'))); $sql = 'DELETE FROM _members_viewers WHERE user_id = ? AND viewer_id = ?'; sql_query(sql_filter($sql, $this->data['user_id'], $user->d('user_id'))); redirect(s_link('m', $this->data['username_base'])); }
function process($user, $msg) { $action = unwrap($msg); say("< " . $action); $request_body = json_decode($action, true); if (empty($request_body)) { say("ERROR: invalid request body"); return; } if (!array_key_exists("method", $request_body) || !array_key_exists("resource", $request_body) || !array_key_exists("msg_id", $request_body)) { say("ERROR: missing mandatory property"); return; } $method = $request_body["method"]; $resource = $request_body["resource"]; $result = NULL; if ($method == "POST" && $resource == "/user") { $result = do_signup($request_body); } else { if ($method == "POST" && $resource == "/contact") { say("process login"); $result = do_login($request_body, $user); } else { if ($method == "GET" && $resource == "/contact") { say("process whoisonline"); $result = do_whoisonline($user); } else { if ($method == "DELETE" && $resource == "/contact") { say("process logout"); $result = do_logout($user); } else { if ($method == "NOTIFY" && $resource == "/contact") { say("process notify"); $result = do_notify($request_body, $user); } else { if ($resource != "/user" && $resource != "/contact") { if ($method == "POST") { $result = do_post_resource($request_body, $user); } else { if ($method == "PUT") { $result = do_put_resource($request_body, $user); } else { if ($method == "GET") { $result = do_get_resource($request_body, $user); } else { if ($method == "DELETE") { $result = do_delete_resource($request_body, $user); } else { if ($method == "SUBSCRIBE") { $result = do_subscribe_resource($request_body, $user); } else { if ($method == "NOTIFY") { $result = do_publish_resource($request_body, $user); } } } } } } } else { // this is an unknown request $result = array("code" => "failed", "reason" => "unknown command " . $method . " " . $resource); } } } } } } $result['msg_id'] = $request_body['msg_id']; header("Content-type: application/json"); $param = json_encode($result); send($user->socket, $param); }
function handleAction() { global $uid, $formhash; $status = -1; $msg = '未登录!'; $data = array('time' => time()); if ($_SERVER['HTTP_USER_AGENT'] != 'Android Client For Tieba Signer') { exit(json_encode(array('status' => -2, 'msg' => '非法操作', 'data' => $data))); } else { if ($_GET['a'] == 'api_info') { $status = 0; $data = array('version' => '1.0.0', 'site' => $_SERVER["HTTP_HOST"]); } elseif ($_GET['a'] == 'do_login') { if (!empty($_POST['username']) && !empty($_POST['password'])) { $username = daddslashes($_POST['username']); $un = strtolower($username); if (strlen($username) > 24) { $msg = '用户名过长,请修改'; $status = 3; } else { $user = DB::fetch_first("SELECT * FROM member WHERE username='******'"); $verified = Widget_Password::verify($user, $_POST['password']); if ($verified) { $login_exp = TIMESTAMP + 3600; do_login($user['uid']); $status = 0; $msg = "欢迎回来,{$user['username']}!"; $data = array('uid' => $user['uid'], 'username' => $user['username'], 'email' => $user['email'], 'formhash' => substr(md5(substr(TIMESTAMP, 0, -7) . $user['username'] . $user['uid'] . ENCRYPT_KEY . ROOT), 8, 8)); } else { $status = 2; $msg = "对不起,您的用户名或密码错误,无法登录"; } } } else { $status = 1; $msg = '用户名或密码不得为空!'; } } elseif ($_GET['a'] == 'check_login') { if ($uid) { $status = 0; } if ($uid) { $msg = '您已登录'; } } elseif ($formhash != $_GET['formhash']) { $status = -2; $msg = '非法操作'; } elseif ($uid) { $status = 0; $msg = ""; require_once ROOT . './plugins/zw_client_api/BaiduUtil.php'; $binded_baidu = true; $cookie = get_cookie($uid); if (empty($cookie)) { $binded_baidu = false; } else { try { $baiduUtil = new BaiduUtil(get_cookie($uid)); } catch (Exception $e) { if ($e->getCode() == -99) { $binded_baidu = false; } } } switch ($_GET['a']) { case 'baidu_info': if ($binded_baidu) { $msg = '百度账号信息'; try { $baidu_account_info = $baiduUtil->fetchClientUserInfo(); $baidu_account_tieba_list = $baiduUtil->fetchClientLikedForumList(); $baidu_account_follow_list = $baiduUtil->fetchFollowList(4); $baidu_account_fans_list = $baiduUtil->fetchFansList(4); $data = array('id' => $baidu_account_info['data']['id'], 'username' => $baidu_account_info['data']['un'], 'avatar' => $baidu_account_info['data']['head_photo_h'], 'sex' => $baidu_account_info['data']['sex'], 'tb_age' => $baidu_account_info['data']['tb_age'], 'fans_num' => $baidu_account_info['data']['fans_num'], 'follow_num' => $baidu_account_info['data']['concern_num'], 'tb_num' => $baidu_account_info['data']['like_forum_num'], 'intro' => $baidu_account_info['data']['intro'] ? $baidu_account_info['data']['intro'] : '这个家伙很懒,什么也没有留下', 'tiebas' => $baidu_account_tieba_list['data'] ? $baidu_account_tieba_list['data'] : array(), 'follow' => $baidu_account_follow_list['data'], 'fans' => $baidu_account_fans_list['data']); } catch (Exception $e) { $status = "3"; $msg = '助手站点错误:' . $e->getMessage(); } } else { $status = 1; $msg = "未绑定百度账号"; } break; case 'unbind_baidu': DB::query("UPDATE member_setting SET cookie='' WHERE uid='{$uid}'"); DB::query("DELETE FROM my_tieba WHERE uid='{$uid}'"); DB::query("DELETE FROM sign_log WHERE uid='{$uid}'"); $msg = "已经解除百度账号绑定,您可以稍后重新进行绑定"; break; case 'sign_log': $msg = '获取成功'; $date = intval($_GET['date']); $data['date'] = $date; $data['log'] = array(); $query = DB::query("SELECT * FROM sign_log l LEFT JOIN my_tieba t ON t.tid=l.tid WHERE l.uid='{$uid}' AND l.date='{$date}'"); while ($result = DB::fetch($query)) { $data['log'][] = $result; } $data['count'] = count($data['log']); $previous_date = DB::result_first("SELECT date FROM sign_log WHERE uid='{$uid}' AND date<'{$date}' ORDER BY date DESC LIMIT 0,1"); $next_date = DB::result_first("SELECT date FROM sign_log WHERE uid='{$uid}' AND date>'{$date}' ORDER BY date ASC LIMIT 0,1"); $data['previous_date'] = $previous_date ? $previous_date : '0'; $data['next_date'] = $next_date ? $next_date : '0'; break; case 'cloud_info': $msg = '获取成功'; $data['sid'] = cloud::id(); break; case 'plugin_info': $msg = '获取成功'; $plugin_info = CACHE::get('plugins'); $data['plugins'] = array(); $plugin_supported = array('zw_custom_page' => array('name' => '自定义页面', 'author' => 'JerryLocke'), 'zw_blockid' => array('name' => '循环封禁', 'author' => 'JerryLocke'), 'x_tdou' => array('name' => 'T豆', 'author' => '星弦雪'), 'xxx_post' => array('name' => '客户端回帖', 'author' => '星弦雪'), 'xxx_meizi' => array('name' => '妹纸认证', 'author' => '星弦雪')); foreach ($plugin_info as $plugin) { if (isset($plugin_supported[$plugin['id']])) { $data['plugins'][] = $plugin + $plugin_supported[$plugin['id']]; } } $data['count'] = count($data['plugins']); break; } } echo json_encode(array('status' => $status, 'msg' => $msg, 'data' => $data)); } }
public function run() { global $config, $auth, $user, $comments; $topic_id = request_var('t', 0); $post_id = request_var('p', 0); if (!$topic_id && !$post_id) { fatal_error(); } // // Get topic data // if ($post_id) { $sql_from = ', _forum_posts p, _forum_posts p2, _members m '; $sql_where = sql_filter('p.post_id = ? AND p.poster_id = m.user_id AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_id <= ?', $post_id, $post_id); $sql_count = ', p.post_text, m.username AS reply_username, COUNT(p2.post_id) AS prev_posts, p.post_deleted'; $sql_order = ' GROUP BY p.post_id, t.topic_id, t.topic_title, t.topic_locked, t.topic_replies, t.topic_time, t.topic_important, t.topic_vote, t.topic_last_post_id, f.forum_name, f.forum_locked, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_announce, f.auth_pollcreate, f.auth_vote ORDER BY p.post_id ASC'; } else { $sql_from = $sql_count = $sql_order = ''; $sql_where = sql_filter('t.topic_id = ?', $topic_id); } $sql = 'SELECT t.*, f.*' . $sql_count . ' FROM _forum_topics t, _forums f' . $sql_from . ' WHERE ' . $sql_where . ' AND f.forum_id = t.forum_id' . $sql_order; if (!$topic_data = sql_fieldrow($sql)) { fatal_error(); } switch ($topic_data['forum_alias']) { case 'events': $sql = 'SELECT event_alias FROM _events WHERE event_topic = ?'; if ($event_alias = sql_field(sql_filter($sql, $topic_data['topic_id']), 'event_alias', '')) { redirect(s_link('events', $event_alias)); } break; } // // Hide deleted posts if (isset($topic_data['post_deleted']) && $topic_data['post_deleted']) { fatal_error(); } // // Check mod auth $mod_auth = $user->is('mod'); // // Init vars // $forum_id = (int) $topic_data['forum_id']; $topic_id = (int) $topic_data['topic_id']; $topic_url = s_link('topic', $topic_id); $reply = request_var('reply', 0); $start = request_var('offset', 0); $submit_reply = _button('post'); $submit_vote = _button('vote'); $post_message = ''; $post_reply_message = ''; $post_np = ''; $current_time = time(); $error = $is_auth = w(); if (!$post_id && $reply) { $reply = 0; } // // Start member auth // $is_auth = $auth->forum(AUTH_ALL, $forum_id, $topic_data); if ($submit_reply || $submit_vote) { $auth_key = ($submit_reply) ? 'auth_reply' : 'auth_vote'; if (((!$is_auth['auth_view'] || !$is_auth['auth_read'])) || !$is_auth[$auth_key]) { if (!$user->is('member')) { do_login(); } $can_reply_closed = $auth->option(w('forum topics delete')); if (!$can_reply_closed && ($topic_data['forum_locked'] || $topic_data['topic_locked'])) { $error[] = 'TOPIC_LOCKED'; if ($submit_vote && !$topic_data['topic_vote']) { $error[] = 'POST_HAS_NO_POLL'; } } if (!sizeof($error)) { redirect($topic_url); } } if (!sizeof($error)) { if ($submit_vote) { $vote_option = request_var('vote_id', 0); if ($vote_option) { $sql = 'SELECT vd.vote_id FROM _poll_options vd, _poll_results vr WHERE vd.topic_id = ? AND vr.vote_id = vd.vote_id AND vr.vote_option_id = ? GROUP BY vd.vote_id'; if ($vote_id = sql_field(sql_filter($sql, $topic_id, $vote_option), 'vote_id', 0)) { $sql = 'SELECT * FROM _poll_voters WHERE vote_id = ? AND vote_user_id = ?'; if (!sql_fieldrow(sql_filter($sql, $vote_id, $user->d('user_id')))) { $sql = 'UPDATE _poll_results SET vote_result = vote_result + 1 WHERE vote_id = ? AND vote_option_id = ?'; sql_query(sql_filter($sql, $vote_id, $vote_option)); $insert_vote = array( 'vote_id' => (int) $vote_id, 'vote_user_id' => (int) $user->d('user_id'), 'vote_user_ip' => $user->ip, 'vote_cast' => (int) $vote_option ); sql_insert('poll_voters', $insert_vote); } } } redirect(s_link('topic', $topic_id)); } else { $post_message = request_var('message', '', true); $post_np = request_var('np', ''); if ($reply) { $post_reply_message = request_var('reply_message', '', true); } // Check message if (empty($post_message)) { $error[] = 'EMPTY_MESSAGE'; } if (!sizeof($error) && !$mod_auth) { $sql = 'SELECT MAX(post_time) AS last_post_time FROM _forum_posts WHERE poster_id = ?'; if ($last_post_time = sql_field(sql_filter($sql, $user->d('user_id')))) { if (intval($last_post_time) > 0 && ($current_time - intval($last_post_time)) < intval($config['flood_interval'])) { $error[] = 'FLOOD_ERROR'; } } } if (!sizeof($error)) { $update_topic = w(); if (strstr($post_message, '-Anuncio-') && $user->is('mod')) { $topic_announce = 1; $post_message = str_replace('-Anuncio-', '', $post_message); $update_topic['topic_announce'] = $topic_announce; } if (strstr($post_message, '-Cerrado-') && $user->is('mod')) { $topic_locked = 1; $post_message = str_replace('-Cerrado-', '', $post_message); $update_topic['topic_locked'] = $topic_locked; } $post_message = $comments->prepare($post_message); if ($reply && $post_reply_message != '') { $post_reply_message = preg_replace('#(^|[\n ]|\()(http|https|ftp)://([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)(gif|jpg|jpeg|png)#ie', '', $post_reply_message); } if ($reply && empty($post_reply_message)) { $post_reply_message = '...'; } if ($reply && $post_reply_message != '') { $post_message = '<blockquote><strong>' . $topic_data['reply_username'] . "</strong>" . nr(false, 2) . $post_reply_message . '</blockquote><br /> ' . $post_message; } else { $reply = 0; } $insert_data = array( 'topic_id' => (int) $topic_id, 'forum_id' => (int) $forum_id, 'poster_id' => (int) $user->d('user_id'), 'post_time' => (int) $current_time, 'poster_ip' => $user->ip, 'post_text' => $post_message, 'post_np' => $post_np ); if ($reply) { $insert_data['post_reply'] = $post_id; } $post_id = sql_insert('forum_posts', $insert_data); $user->delete_unread(UH_T, $topic_id); $user->save_unread(UH_T, $topic_id); if (!in_array($forum_id, forum_for_team_array()) && $topic_data['topic_points']) { //$user->points_add(1); } // $a_list = forum_for_team_list($forum_id); if (count($a_list)) { $sql_delete_unread = 'DELETE FROM _members_unread WHERE element = ? AND item = ? AND user_id NOT IN (??)'; sql_query(sql_filter($sql_delete_unread, 8, $topic_id, implode(', ', $a_list))); } $update_topic['topic_last_post_id'] = $post_id; if ($topic_locked) { topic_feature($topic_id, 0); } $sql = 'UPDATE _forums SET forum_posts = forum_posts + 1, forum_last_topic_id = ? WHERE forum_id = ?'; sql_query(sql_filter($sql, $topic_id, $forum_id)); $sql = 'UPDATE _forum_topics SET topic_replies = topic_replies + 1, ' . sql_build('UPDATE', $update_topic) . sql_filter(' WHERE topic_id = ?', $topic_id); sql_query($sql); $sql = 'UPDATE _members SET user_posts = user_posts + 1 WHERE user_id = ?'; sql_query(sql_filter($sql, $user->d('user_id'))); redirect(s_link('post', $post_id) . '#' . $post_id); } } } } if (!$is_auth['auth_view'] || !$is_auth['auth_read']) { if (!$user->is('member')) { do_login(); } fatal_error(); } if ($post_id) { $start = floor(($topic_data['prev_posts'] - 1) / (int) $config['posts_per_page']) * (int) $config['posts_per_page']; $user->d('user_topic_order', 0); } if ($user->is('member')) { // // Is user watching this topic? // $sql = 'SELECT notify_status FROM _forum_topics_fav WHERE topic_id = ? AND user_id = ?'; if (!sql_field(sql_filter($sql, $topic_id, $user->d('user_id')), 'notify_status')) { if (_button('watch')) { $sql_insert = array( 'user_id' => $user->d('user_id'), 'topic_id' => $topic_id, 'notify_status' => 0 ); sql_insert('forum_topics_fav', $sql_insert); redirect($topic_url . (($start) ? 's' . $start . '/' : '')); } _style('watch_topic'); } } // // Get all data for the topic // $get_post_id = ($reply) ? 'post_id' : 'topic_id'; $get_post_data['p.' . $get_post_id] = ${$get_post_id}; if (!$user->is('founder')) { $get_post_data['p.post_deleted'] = 0; } $sql = 'SELECT p.*, u.user_id, u.username, u.username_base, u.user_avatar, u.user_posts, u.user_gender, u.user_rank, u.user_sig FROM _forum_posts p, _members u WHERE u.user_id = p.poster_id AND p.post_deleted = 0 AND ' . sql_build('SELECT', $get_post_data) . ' ORDER BY p.post_time ' . (($user->d('user_topic_order')) ? 'DESC' : 'ASC') . ((!$reply) ? ' LIMIT ' . (int) $start . ', ' . (int) $config['posts_per_page'] : ''); if (!$messages = sql_rowset($sql)) { if ($topic_data['topic_replies'] + 1) { fatal_error(); } redirect(s_link('topic', $topic_id)); } // // Re-count topic replies // if ($user->is('founder')) { $sql = 'SELECT COUNT(p.post_id) AS total FROM _forum_posts p, _members u WHERE p.topic_id = ? AND u.user_id = p.poster_id'; if ($total = sql_field(sql_filter($sql, $topic_id), 'total')) { $topic_data['topic_replies2'] = $total - 1; } } // // Update the topic views // if (!$start && !$user->is('founder')) { $sql = 'UPDATE _forum_topics SET topic_views = topic_views + 1 WHERE topic_id = ?'; sql_query(sql_filter($sql, $topic_id)); } // // If the topic contains a poll, then process it // if ($topic_data['topic_vote']) { $sql = 'SELECT vd.vote_id, vd.vote_text, vd.vote_start, vd.vote_length, vr.vote_option_id, vr.vote_option_text, vr.vote_result FROM _poll_options vd, _poll_results vr WHERE vd.topic_id = ? AND vr.vote_id = vd.vote_id ORDER BY vr.vote_option_order, vr.vote_option_id ASC'; if ($vote_info = sql_rowset(sql_filter($sql, $topic_id))) { $sql = 'SELECT vote_id FROM _poll_voters WHERE vote_id = ? AND vote_user_id = ?'; $user_voted = sql_field(sql_filter($sql, $vote_info[0]['vote_id'], $user->d('user_id')), 'vote_id', 0); $poll_expired = ($vote_info[0]['vote_length']) ? (($vote_info[0]['vote_start'] + $vote_info[0]['vote_length'] < $current_time) ? true : 0) : 0; _style('poll', array( 'POLL_TITLE' => $vote_info[0]['vote_text']) ); if ($user_voted || $poll_expired || !$is_auth['auth_vote'] || $topic_data['topic_locked']) { $vote_results_sum = 0; foreach ($vote_info as $row) { $vote_results_sum += $row['vote_result']; } _style('poll.results'); foreach ($vote_info as $row) { $vote_percent = ($vote_results_sum > 0) ? $row['vote_result'] / $vote_results_sum : 0; _style('poll.results.item', array( 'CAPTION' => $row['vote_option_text'], 'RESULT' => $row['vote_result'], 'PERCENT' => sprintf("%.1d", ($vote_percent * 100))) ); } } else { _style('poll.options', array( 'S_VOTE_ACTION' => $topic_url) ); foreach ($vote_info as $row) { _style('poll.options.item', array( 'POLL_OPTION_ID' => $row['vote_option_id'], 'POLL_OPTION_CAPTION' => $row['vote_option_text']) ); } } } } // // Advanced auth // $controls = $user_profile = w(); $unset_user_profile = w('user_id user_posts user_gender'); _style('posts'); foreach ($messages as $row) { if ($user->is('member')) { $poster = ($row['user_id'] != GUEST) ? $row['username'] : (($row['post_username'] != '') ? $row['post_username'] : lang('guest')); $controls[$row['post_id']]['reply'] = s_link('post', $row['post_id'], 'reply'); if ($mod_auth) { $controls[$row['post_id']]['edit'] = s_link('acp', array('forums_post_modify', 'msg_id' => $row['post_id'])); $controls[$row['post_id']]['delete'] = s_link('acp', array('forums_post_delete', 'msg_id' => $row['post_id'])); } } $user_profile[$row['user_id']] = $comments->user_profile($row, '', $unset_user_profile); $data = array( 'POST_ID' => $row['post_id'], 'POST_DATE' => $user->format_date($row['post_time']), 'MESSAGE' => $comments->parse_message($row['post_text']), 'PLAYING' => $row['post_np'], 'DELETED' => $row['post_deleted'], 'UNREAD' => 0 ); foreach ($user_profile[$row['user_id']] as $key => $value) { $data[strtoupper($key)] = $value; } _style('posts.item', $data); _style('posts.item.' . (($row['user_id'] != GUEST) ? 'username' : 'guestuser')); if (isset($controls[$row['post_id']])) { _style('posts.item.controls'); foreach ($controls[$row['post_id']] as $item => $url) { _style('posts.item.controls.'.$item, array('URL' => $url)); } } } // // Display Member topic auth // /* if ($mod_auth) { $mod = array((($topic_data['topic_important']) ? 'important' : 'normal'), 'delete', 'move', ((!$topic_data['topic_locked']) ? 'lock' : 'unlock'), 'split', 'merge'); $mod_topic = w(); foreach ($mod as $item) { if ($auth->option(array('forum', 'topics', $item))) { $mod_topic[strtoupper($item)] = s_link('acp', array('topic', topic' => $topic_id, 'mode' => $item)); } } if (sizeof($mod_topic)) { _style('auth'); foreach ($mod_topic as $k => $v) { _style('auth.item', array( 'URL' => $v, 'LANG' => lang($k . '_topic')) ); } } } */ build_num_pagination($topic_url . 's%d/', ($topic_data['topic_replies'] + 1), $config['posts_per_page'], $start, '', 'TOPIC_'); // // Posting box if (sizeof($error)) { _style('post_error', array( 'MESSAGE' => parse_error($error)) ); } $can_reply_closed = $auth->option(array('forum', 'topics', 'delete')); if ((!$topic_data['forum_locked'] && !$topic_data['topic_locked']) || $can_reply_closed) { if ($user->is('member')) { if ($is_auth['auth_reply']) { $s_post_action = (($reply) ? s_link('post', $post_id, 'reply') : $topic_url) . '#e'; _style('post_box', array( 'MESSAGE' => $post_message, 'NP' => $post_np, 'S_POST_ACTION' => $s_post_action) ); if ($reply) { if (empty($post_reply_message)) { $post_reply_message = $comments->remove_quotes($topic_data['post_text']); } if (!empty($post_reply_message)) { $rx = array('#(^|[\n ]|\()(http|https|ftp)://([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)(gif|jpg|jpeg|png)#is', '#\[yt:[0-9a-zA-Z\-\=\_]+\]#is', '#\[sb\]#is', '#\[\/sb\]#is'); $post_reply_message = preg_replace($rx, '', $post_reply_message); } if (empty($post_reply_message)) { $post_reply_message = '...'; } _style('post_box.reply', array( 'MESSAGE' => $post_reply_message) ); } } } } // MOD: Featured topic if ($user->is('mod')) { $v_lang = ($topic_data['topic_featured']) ? 'REM' : 'ADD'; _style('feature', array( 'U_FEAT' => s_link('acp', array('forums_topic_feature', 'msg_id', $topic_data['topic_id'])), 'V_LANG' => lang('topic_featured_' . $v_lang)) ); } // // Send vars to template // v_style(array( 'FORUM_NAME' => $topic_data['forum_name'], 'TOPIC_TITLE' => $topic_data['topic_title'], 'TOPIC_REPLIES' => $topic_data['topic_replies'], 'S_TOPIC_ACTION' => $topic_url . (($start) ? 's' . $start . '/' : ''), 'U_VIEW_FORUM' => s_link('forum', $topic_data['forum_alias'])) ); $layout_file = 'topic'; if (@file_exists('./template/custom/topics_' . $forum_id . '.htm')) { $layout_file = 'custom/topics_' . $forum_id; } if (@file_exists('./template/custom/topic_' . $topic_id . '.htm')) { $layout_file = 'custom/topic_' . $topic_id; } $this->_title = $topic_data['topic_title']; $this->_template = $layout_file; return; }
/************************************** *** File: main.php ***************** Project: ticket2 (phpTicket New Generation) *************************************** *** Author: Sinner from the Prairy *** *** email: sinnerbofh@gmail.com ***** *** Comment: phpTicket New Generation, based on ticket.sf.net* **************************************/ require_once 'conf.inc'; require_once 'functions01.inc'; require_once 'functions02.inc'; require_once 'functions03.inc'; $page = $GLOBALS['MAIN_PAGE']; // name of this current php page. Use 'index' for 'index.php'. do_login($page . '.php'); $portal_user = $_SESSION['ticket_username']; global $debug; $debug = get_variable("debug_value"); $title = $GLOBALS['ELEMENT']; // String identifying the contents $start_id = "0"; // Field number to start showing on show_data() $linking_field = "ticket_id"; $option_url = $GLOBALS['SECOND_PAGE'] . '.php'; $id = $_GET['id']; if ($id == "" and $_POST['id'] != "") { $id = $_POST['id']; } $aid = $_GET['vid']; $action = $_GET['action'];
define('DEFAULT_LANGUAGE', 'de'); $_SESSION['TABLE_PREFIX'] = TABLE_PREFIX; if (file_exists(BACKEND . "/setup.php")) { $_SESSION['cmt_login'] = false; } require_once BACKEND . 'function/predo.inc.php'; load_cmt_scripts(); if (isset($_GET['setup']) && $_GET['setup'] == 'success') { if (file_exists(BACKEND . "/setup.php")) { unlink(BACKEND . "/setup.php"); } } if (!file_exists(BACKEND . "/setup.php")) { $conn = db_mysql_connect(); load_cmt_text(); $login_alert = do_login(); define_user(); } $_POST = parse_addslashes_array($_POST); $_GET = parse_addslashes_array($_GET); ################################### ################################### ##### ##### ##### $_GET variablen ##### ##### ##### ################################### ################################### if (isset($_GET['modul'])) { $modul = parse($_GET['modul'], 'string'); } if (isset($_GET['id'])) {
public function _vote() { if ($this->make) { return; } if (!$this->auth['user']) { do_login(); } $option_id = request_var('vote_id', 0); $url = s_link('a', $this->data['subdomain']); if ($this->auth['mod'] || !$option_id || !in_array($option_id, $this->voting['ub'])) { redirect($url); } global $user; $sql = 'SELECT user_id FROM _artists_voters WHERE ub = ? AND user_id = ?'; if ($row = sql_fieldrow(sql_filter($sql, $this->data['ub'], $user->d('user_id')))) { redirect($url); } // $sql = 'UPDATE _artists_votes SET vote_result = vote_result + 1 WHERE ub = ? AND option_id = ?'; sql_query(sql_filter($sql, $this->data['ub'], $option_id)); if (!sql_affectedrows()) { $sql_insert = array( 'ub' => $this->data['ub'], 'option_id' => $option_id, 'vote_result' => 1 ); sql_insert('artists_votes', $sql_insert); } $sql_insert = array( 'ub' => $this->data['ub'], 'user_id' => $user->d('user_id'), 'user_option' => $option_id ); sql_insert('artists_voters', $sql_insert); $sql = 'UPDATE _artists SET votes = votes + 1 WHERE ub = ?'; sql_query(sql_filter($sql, $this->data['ub'])); redirect($url); }
if ($Category != "ADVISER") { $query = 'INSERT INTO Clients (User_ID, Client_Type, Title, GivenName, Surname, Street, Suburb, State, PostCode, Email, DOB, COB, Phone, Country, Adviser_ID, Date_Created) VALUES ("' . $User_ID . '", "' . $Category . '", "' . $Title . '", "' . $GivenName . '", "' . $Surname . '", "' . $Street . '", "' . $Suburb . '", "' . $State . '", "' . $PostCode . '", "' . $Email . '", "' . $DOB . '","' . $COB . '", "' . $Phone . '", "' . $Country . '","' . $Adviser_ID . '", NOW())'; } else { $names = explode(" ", $GivenName); $query = 'INSERT INTO Adviser (User_ID, Given_Name, Surname, Email, Date_Created) VALUES (' . $User_ID . ', "' . $names[0] . '", "' . $names[1] . '", "' . $Email . '", NOW())'; } $result = $mysqli->query($query); if (!$result) { getErrorResponse($query); exit; } do_login($User_ID); } } } function do_login($user_id) { global $mysqli; session_start(); $response = ""; $query = "SELECT u.User_ID, u.Facebook_ID, Password, User_Level, Category, Colour,\n\t\t\t\t\tCase \n\t\t\t\t\t\twhen (u.Category = 'CONSUMER' or u.Category = 'SELF-DIRECTED' or u.Category = 'ADVISER-DIRECTED') then concat(c.GivenName, ' ',c.Surname) \n\t\t\t\t\t\twhen Category = 'ADVISER' then concat(a.Given_Name, ' ', a.Surname) \n\t\t\t\t\t\twhen Category = 'GROUP' then ag.Group_Description \n\t\t\t\t\t\twhen Category = 'ISSUER' then i.Name \n\t\t\t\t\t\telse u.User_Name end AS User_Name \n\t\t\t\tFROM Users u \n\t\t\t\tleft join Clients c on c.User_ID = u.id \n\t\t\t\tleft join Adviser a on a.User_ID = u.ID \n\t\t\t\tleft join Adviser_Groups ag on ag.ID = u.Category_ID \n\t\t\t\tleft join Issuer i on i.ID = u.Category_ID \n\t\t\t\twhere u.ID = '" . $user_id . "' and u.Status = 'ACTIVE' "; $result = $mysqli->query($query); if ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { $loginData = array("user_id" => $row["User_ID"], "facebook_id" => $row["Facebook_ID"], "user_name" => $row["User_Name"], "user_level" => $row["User_Level"], "category" => $row["Category"], "colour" => $row["Colour"], "theme" => "bootstrap"); $myDomain = $_SERVER['SERVER_NAME']; if ($myDomain != "www.sunwindwater.com.au") { $myDomain = "inferwise.com.au";
<?php if (is_logged_in()) { redirect(); } if (is_post()) { if (do_login()) { redirect(); } } if (isset($_COOKIE["email"])) { $_POST["email"] = $_COOKIE["email"]; } include_header(array("title" => "login")); ?> <div class="row"> <div class="col-md-4 col-md-offset-4"> <form id="login-form" method="post"> <div class="form-group"> <label for="inputEmail" class="sr-only">email address</label> <input type="email" name="email" id="inputEmail" class="form-control" placeholder="email address" value="<?php echo isset($_POST["email"]) ? plain($_POST["email"]) : ""; ?> " required autofocus> </div> <div class="form-group"> <label for="inputPassword" class="sr-only">password</label> <input type="password" name="password" id="inputPassword" class="form-control" placeholder="password" required>
<?php // Réception des données de formulaire de login/logout //var_dump($_SESSION); $username = null; $password = null; if (array_key_exists('dologin', $_POST) && array_key_exists('username', $_POST) && array_key_exists('password', $_POST)) { // User cherche à se connecter require_once 'db/_user.php'; $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING); $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING); if ($auth = user_authenticate($username, $password)) { //authentifié do_login($username); // Connecté } else { //( ! array_key_exists($_POST['username'] && array_key_exists($_POST['password']))); echo "Vous devez entrer un indentifiant et mot de passe valide"; // TODO Gérer le bla bla de authentification invalide ici } // var_dump($auth);exit(); } elseif (array_key_exists('dologout', $_POST)) { // User cherche à se déconnecter do_logout(); // On le déconnecte header('Location:' . HOME_PAGE); } // ?> <?php
$user->init(); $chat = new _chat(); if ($chat->_setup()) { $mode = request_var('mode', ''); $csid = request_var('csid', ''); $s_process = in_array($mode, array('logout', 'send', 'get')); if (request_method() == 'post' && !$s_process) { redirect(s_link('chat', $chat->data['ch_int_name'])); } if (!$user->data['is_member']) { do_login('LOGIN_TO_CHAT'); } if (!$chat->auth()) { trigger_error('CHAT_NO_ACCESS'); } $user->setup('chat'); if ($s_process && $mode == 'logout') { return $chat->process_data($csid, $mode); } $chat->session($csid); if ($s_process) {
} } header('Location: member.php'); exit; } elseif ($_POST) { if ($_POST['username'] && $_POST['password']) { $username = daddslashes($_POST['username']); $un = strtolower($username); if (strlen($username) > 24) { showmessage('用户名过长,请修改', dreferer(), 5); } $user = DB::fetch_first("SELECT * FROM member WHERE username='******' OR email='{$username}'"); $verified = Widget_Password::verify($user, $_POST['password']); if ($verified) { $login_exp = TIMESTAMP + 3600; do_login($user['uid']); $username = $user['username']; showmessage("欢迎回来,{$username}!", dreferer(), 1); } else { showmessage('对不起,您的用户名或密码错误,无法登录.', 'member.php', 3); } } } $count = DB::result_first('SELECT COUNT(*) FROM member'); $hash = random(6); $time = TIMESTAMP; dsetcookie('key', authcode("{$time}\t{$hash}\t{$count}", 'ENCODE')); $form_username = authcode('username', 'ENCODE', $hash); $form_password = authcode('password', 'ENCODE', $hash); $form_email = authcode('email', 'ENCODE', $hash); include template('member');
/* 7/28/10 Initial Release - no maps version of incident popup. 3/15/11 changed stylesheet.php to stylesheet.php */ error_reporting(E_ALL); @session_start(); @session_start(); require_once $_SESSION['fip']; $api_key = get_variable('gmaps_api_key'); // empty($_GET) if (!empty($_GET) && (isset($_GET['logout']) && $_GET['logout'] == 'true')) { do_logout(); exit; } else { // snap(__LINE__, basename(__FILE__)); do_login(basename(__FILE__)); } if ($istest) { print "GET<BR/>\n"; if (!empty($_GET)) { dump($_GET); } print "POST<BR/>\n"; if (!empty($_POST)) { dump($_POST); } } // $remotes = get_current(); // set auto-refresh if any mobile units // $interval = intval(get_variable('auto_poll')); // $refresh = ((($remotes['aprs']) || ($remotes['instam']) || ($remotes['locatea']) || ($remotes['gtrack']) || ($remotes['glat'])) && ($interval>0))? "\t<META HTTP-EQUIV='REFRESH' CONTENT='" . intval($interval*60) . "'>\n": ""; $temp = get_variable('auto_poll');
require "./.include/header.php"; require "./.include/footer.php"; require "./.include/error.php"; ob_start(); // prevent unwanted output require_once "./.include/login.php"; ob_end_clean(); // get rid of cached unwanted output $tmp_msg = $GLOBALS["login_prompt"][$GLOBALS["language"]]; if (isset($tmp_msg)) { $GLOBALS["messages"]["actloginheader"] = $tmp_msg; } ob_end_clean(); // get rid of cached unwanted output //------------------------------------------------------------------------------ do_login(); //------------------------------------------------------------------------------ $abs_dir = get_abs_dir($GLOBALS["dir"]); if (!@file_exists($GLOBALS["home_dir"])) { if ($GLOBALS["require_login"]) { $extra = "<A HREF=\"" . make_link("logout", NULL, NULL) . "\">" . $GLOBALS["messages"]["btnlogout"] . "</A>"; } else { $extra = NULL; } show_error($GLOBALS["error_msg"]["home"], $extra); } if (!down_home($abs_dir)) { show_error($GLOBALS["dir"] . " : " . $GLOBALS["error_msg"]["abovehome"]); } if (!is_dir($abs_dir)) { show_error($GLOBALS["dir"] . " : " . $GLOBALS["error_msg"]["direxist"]);
} $mn_users = load_basic_data('users'); $post = get_post_data($_POST['post_id']); $mn_redir = isset($_POST['redir']) && !empty($_POST['redir']) ? $_POST['redir'] : str_replace('&mn_msg=c_added', '', $_SERVER['HTTP_REFERER']); $conf['comments_antiflood'] = isset($conf['comments_antiflood']) && is_numeric($conf['comments_antiflood']) ? $conf['comments_antiflood'] : '30'; if (isset($_SESSION['mn_logged']) && $_SESSION['mn_logged'] && !check_hash()) { session_destroy(); $url_data = explode('/', $conf['admin_url']); setcookie('mn_user_hash', '', time() - 3600, '/', $_SERVER['SERVER_NAME']); setcookie('mn_logged', '', time() - 3600, '/', $_SERVER['SERVER_NAME']); header('location: ' . $mn_redir . '#mn-comment-form'); exit; } elseif (isset($_SESSION['mn_logged']) && !$_SESSION['mn_logged'] && isset($_COOKIE['mn_user_name']) && isset($_COOKIE['mn_user_hash']) && $conf['users_perm_login']) { permanent_login(); } elseif (in_array(@$_POST['comment_author'], $mn_users) || isset($_POST['comment_pass']) && !empty($_POST['comment_pass'])) { do_login($_POST['comment_author'], $_POST['comment_pass'], false); } if ($post['comments'] == '1' && ($conf['comments'] === true || $conf['comments'] >= 1) && !check_ip_ban($_SERVER['REMOTE_ADDR'], $banned_ips)) { // Check for correct captcha code if ((!isset($_SESSION['mn_logged']) || !$_SESSION['mn_logged']) && isset($conf['comments_captcha']) && $conf['comments_captcha']) { require_once './stuff/inc/recaptchalib.php'; $captcha = recaptcha_check_answer('6LfnaQoAAAAAAPi1X1HiWwEWBnCmJ7jLUc5biRpE', $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']); } if (isset($_POST['preview']) && isset($_POST['comment_text']) && !empty($_POST['comment_text'])) { $preview = true; } elseif ((!isset($_SESSION['mn_logged']) || !$_SESSION['mn_logged']) && in_array($_POST['comment_author'], $mn_users)) { $error_msg = $lang['comm_msg_password']; } elseif (isset($_SESSION['mn_comm_time']) && $_SESSION['mn_comm_time'] + $conf['comments_antiflood'] > time()) { $error_msg = $lang['comm_msg_flood']; } elseif ((!isset($_SESSION['mn_logged']) || !$_SESSION['mn_logged']) && isset($conf['comments_captcha']) && $conf['comments_captcha'] && !$captcha->is_valid) { $error_msg = $lang['comm_msg_captcha'];
$password = set_post('password', ''); //check if ready if (!isset($_POST['user']) && !isset($_POST['password'])) { return false; } //variables not set yet //error checking $terror = false; //if an error occurred if (empty($user)) { notices_set('Please provide an email or username', 'error'); $terror = true; } if (!password_is_valid($password)) { notices_set('Invalid password - Passwords must be at least ' . REQ_PASSWORD_LENGTH, 'error'); $terror = true; } //last error check if ($terror) { //exit script echo notices_get(); //show errors return false; } //login if (do_login($user, $password)) { do_redirect(); } else { echo notices_get(); } //show errors
<?php ini_set("include_path", dirname(__FILE__) . '/../library/'); include "Zend/OpenId/Consumer.php"; include "Zend/OpenId/Extension/Sreg.php"; $logged_in = do_login(); if ($logged_in == true) { if (!isset($_SESSION)) { session_start(); //echo 'starting session'; } header("Location: " . $_SESSION['client_url']); exit; } else { echo "Error! " . $logged_in; } function do_login() { $status = ""; if (!empty($_POST['openid_identifier'])) { $sreg = new Zend_OpenId_Extension_Sreg(array('nickname' => false, 'email' => false, 'fullname' => false), null, 1.1); $consumer = new Zend_OpenId_Consumer(); if (!$consumer->login($_POST['openid_identifier'], '', null, $sreg)) { $status = "FAILED"; } } else { if (isset($_GET['openid_mode'])) { if ($_GET['openid_mode'] == "id_res") { $consumer = new Zend_OpenId_Consumer(); $sreg = new Zend_OpenId_Extension_Sreg(array('nickname' => false, 'email' => false, 'fullname' => false), null, 1.1); if ($consumer->verify($_GET, $id, $sreg)) {
public function __construct() { global $user; if (!$user->is('member')) { do_login(); } if ($arg = request_var('args', '')) { foreach (explode('.', $arg) as $str_pair) { $pair = explode(':', $str_pair); if (isset($pair[0]) && isset($pair[1]) && !empty($pair[0])) { $_REQUEST[$pair[0]] = $pair[1]; } } } return; }
<?php define('DarkCoreCMS', TRUE); include 'header.php'; if (isset($_SESSION['usr'])) { $user_prw = $_SESSION['usr']; } if (isset($_POST['login'])) { do_login($_POST['login_username'], $_POST['login_password']); } if (isset($_GET["errlogin"])) { ?> <div id="notify">There was an error when logging in recheck your account and password corectly acc and pass are case sensitive</div> <?php } ?> <div id='content'> <div id='index-content-left'> <div id='main-tools'> <div class='main-tools-box'> <h1 class="main-tools-head-text">WELCOME TO <?php echo strtoupper($website_title); ?> </h1> <div class="main-tools-description"><?php echo $website_description; ?> </div> <ul> <li class="main-tools-li"><a href="armory">ARMORY</a></li> <li class="main-tools-li"><a href="guides">GUIDES & DOWNLOADS</a></li>
$menus = retrieve_menus(); $user = $_SESSION['user']; $resp = array('result' => 1, 'menu' => $menus, 'user' => $user); echo json_encode($resp); } else { // no user exist in session $resp = array('result' => -1, 'menu' => ''); echo json_encode($resp); } break; case 2: // processing login information if (isset($_POST['username']) and isset($_POST['password'])) { $user = $_POST['username']; $pass = $_POST['password']; if (true == do_login($user, $pass)) { $_SESSION['user'] = $user; // adding session var with current user' kecamatan rights $_SESSION['region'] = get_kecamatan($user); $resp = array('result' => 1, 'menu' => retrieve_menus(), 'user' => $user); echo json_encode($resp); } else { $resp = array('result' => -1, 'menu' => array(), 'user' => ''); echo json_encode($resp); } } else { $resp = array('result' => -1, 'menu' => array(), 'user' => ''); echo json_encode($resp); } break; case 3:
public function dl_fav() { if (!$this->auth['user']) { do_login(); } global $user; $is_fav = false; $sql = 'SELECT dl_id FROM _dl_fav WHERE dl_id = ? AND user_id = ?'; if (sql_field(sql_filter($sql, $this->dl_data['id'], $user->d('user_id')), 'dl_id', 0)) { $is_fav = true; } $url = s_link('a', $this->data['subdomain'], 'downloads', $this->dl_data['id']); if ($is_fav) { redirect($url); } $sql_insert = array( 'dl_id' => $this->dl_data['id'], 'user_id' => $user->d('user_id'), 'favtime' => time() ); sql_insert('dl_fav', $sql_insert); $sql = 'UPDATE _members SET user_dl_favs = user_dl_favs + 1 WHERE user_id = ?'; sql_query(sql_filter($sql, $user->d('user_id'))); return redirect($url); }
public function run() { global $config, $auth, $user, $comments, $cache; $forum_id = request_var('f', ''); $start = request_var('offset', 0); $submit_topic = _button('post'); if (empty($forum_id)) { fatal_error(); } $is_int_forumid = false; if (preg_match('#^(\d+)$#is', $forum_id)) { $is_int_forumid = true; $forum_id = intval($forum_id); $sql = 'SELECT * FROM _forums WHERE forum_id = ?'; $sql = sql_filter($sql, $forum_id); } else { $sql = 'SELECT * FROM _forums WHERE forum_alias = ?'; $sql = sql_filter($sql, $forum_id); } if (!$forum_row = sql_fieldrow($sql)) { fatal_error(); } if ($is_int_forumid) { redirect(s_link('forum', $forum_row['forum_alias']), true); } $forum_id = $forum_row['forum_id']; // // Start auth check // $is_auth = w(); $is_auth = $auth->forum(AUTH_ALL, $forum_id, $forum_row); if (!$is_auth['auth_view'] || !$is_auth['auth_read']) { if (!$user->is('member')) { do_login(); } fatal_error(); } $error_msg = ''; $post_title = ''; $post_message = ''; $post_np = ''; $poll_title = ''; $poll_options = ''; $poll_length = ''; $current_time = time(); if ($submit_topic) { $topic_important = _button('topictype'); $auth_key = ($topic_important) ? 'auth_announce' : 'auth_post'; if ($forum_row['forum_locked'] && !$is_auth['auth_mod']) { $error_msg .= (($error_msg != '') ? '<br />' : '') . lang('forum_locked'); } if (!$is_auth[$auth_key]) { if (!$user->is('member')) { do_login(); } if (empty($error_msg)) { redirect($topic_url); } } if (empty($error_msg)) { $post_title = request_var('topic_title', ''); $post_message = request_var('message', '', true); $post_np = request_var('np', '', true); $poll_title = ''; $poll_options = ''; $poll_length = 0; if ($is_auth['auth_pollcreate']) { $poll_title = request_var('poll_title', ''); $poll_options = request_var('poll_options', ''); $poll_length = request_var('poll_length', 0); } // Check subject if (empty($post_title)) { $error_msg .= (($error_msg != '') ? '<br />' : '') . lang('empty_subject'); } // Check message if (empty($post_message)) { $error_msg .= (($error_msg != '') ? '<br />' : '') . lang('empty_message'); } if (!empty($poll_options)) { $real_poll_options = w(); $poll_options = explode(nr(), $poll_options); foreach ($poll_options as $option) { if ($option != '') { $real_poll_options[] = $option; } } $sizeof_poll_options = sizeof($real_poll_options); if ($sizeof_poll_options < 2) { $error_msg .= (($error_msg != '') ? '<br />' : '') . lang('few_poll_options'); } else if ($sizeof_poll_options > $config['max_poll_options']) { $error_msg .= (($error_msg != '') ? '<br />' : '') . lang('many_poll_options'); } else if ($poll_title == '') { $error_msg .= (($error_msg != '') ? '<br />' : '') . lang('empty_poll_title'); } } if (empty($error_msg) && !$is_auth['auth_mod']) { $sql = 'SELECT MAX(post_time) AS last_post_time FROM _forum_posts WHERE poster_id = ?'; if ($last_post_time = sql_field(sql_filter($sql, $user->d('user_id')))) { if (intval($last_post_time) > 0 && ($current_time - intval($last_post_time)) < intval($config['flood_interval'])) { $error_msg .= (($error_msg != '') ? '<br />' : '') . lang('flood_error'); } } } if (empty($error_msg)) { $topic_announce = 0; $topic_locked = 0; if ((strstr($post_message, '-Anuncio-') && $user->is('all')) || in_array($forum_id, array(15, 16, 17))) { $topic_announce = 1; $post_message = str_replace('-Anuncio-', '', $post_message); } if (strstr($post_message, '-Cerrado-') && $user->is('mod')) { $topic_locked = 1; $post_message = str_replace('-Cerrado-', '', $post_message); } $post_message = $comments->prepare($post_message); $topic_vote = (!empty($poll_title) && $sizeof_poll_options >= 2) ? 1 : 0; if (!$user->is('founder')) { $post_title = strnoupper($post_title); } $insert_data['TOPIC'] = array( 'topic_title' => $post_title, 'topic_poster' => (int) $user->d('user_id'), 'topic_time' => (int) $current_time, 'forum_id' => (int) $forum_id, 'topic_locked' => $topic_locked, 'topic_announce' => $topic_announce, 'topic_important' => (int) $topic_important, 'topic_vote' => (int) $topic_vote, 'topic_featured' => 1, 'topic_points' => 1 ); $topic_id = sql_insert('forum_topics', $insert_data['TOPIC']); $insert_data['POST'] = array( 'topic_id' => (int) $topic_id, 'forum_id' => (int) $forum_id, 'poster_id' => (int) $user->d('user_id'), 'post_time' => (int) $current_time, 'poster_ip' => $user->ip, 'post_text' => $post_message, 'post_np' => $post_np ); $post_id = sql_insert('forum_posts', $insert_data['POST']); if ($topic_vote) { $insert_data['POLL'] = array( 'topic_id' => (int) $topic_id, 'vote_text' => $poll_title, 'vote_start' => (int) $current_time, 'vote_length' => (int) ($poll_length * 86400) ); $poll_id = sql_insert('poll_options', $insert_data['POLL']); $poll_option_id = 1; foreach ($real_poll_options as $option) { $insert_data['POLLRESULTS'] = array( 'vote_id' => (int) $poll_id, 'vote_option_id' => (int) $poll_option_id, 'vote_option_text' => $option, 'vote_result' => 0 ); sql_insert('poll_results', $insert_data['POLLRESULTS']); $poll_option_id++; } if ($forum_id == $config['main_poll_f']) { $cache->delete('last_poll_id'); } } $user->save_unread(UH_T, $topic_id); if (!in_array($forum_id, forum_for_team_array())) { //$user->points_add(2); } $a_list = forum_for_team_list($forum_id); if (count($a_list)) { $sql_delete_unread = 'DELETE FROM _members_unread WHERE element = ? AND item = ? AND user_id NOT IN (??)'; sql_query(sql_filter($sql_delete_unread, 8, $topic_id, implode(', ', $a_list))); } if (count($a_list) || in_array($forum_id, array(20, 39))) { topic_feature($topic_id, 0); topic_arkane($topic_id, 0); } $sql = 'UPDATE _forums SET forum_posts = forum_posts + 1, forum_last_topic_id = ?, forum_topics = forum_topics + 1 WHERE forum_id = ?'; sql_query(sql_filter($sql, $topic_id, $forum_id)); $sql = 'UPDATE _forum_topics SET topic_first_post_id = ?, topic_last_post_id = ? WHERE topic_id = ?'; sql_query(sql_filter($sql, $post_id, $post_id, $topic_id)); $sql = 'UPDATE _members SET user_posts = user_posts + 1 WHERE user_id = ?'; sql_query(sql_filter($sql, $user->d('user_id'))); redirect(s_link('topic', $topic_id)); } } } // // End Submit // $topics_count = ($forum_row['forum_topics']) ? $forum_row['forum_topics'] : 1; $topics = new stdClass(); $total = new stdClass(); // // All announcement data // $sql = 'SELECT t.*, u.user_id, u.username, u.username_base, u2.user_id as user_id2, u2.username as username2, u2.username_base as username_base2, p.post_time, p.post_username as post_username2 FROM _forum_topics t, _members u, _forum_posts p, _members u2 WHERE t.forum_id = ? AND t.topic_poster = u.user_id AND p.post_id = t.topic_last_post_id AND p.poster_id = u2.user_id AND t.topic_announce = 1 ORDER BY t.topic_last_post_id DESC'; $topics->important = sql_rowset(sql_filter($sql, $forum_id)); $total->important = (is_array($topics->important)) ? count($topics->important) : 0; // // Grab all the topics data for this forum // $sql = 'SELECT t.*, u.user_id, u.username, u.username_base, u2.user_id as user_id2, u2.username as username2, u2.username_base as username_base2, p.post_username, p2.post_username AS post_username2, p2.post_time FROM _forum_topics t, _members u, _forum_posts p, _forum_posts p2, _members u2 WHERE t.forum_id = ? AND t.topic_poster = u.user_id AND p.post_id = t.topic_first_post_id AND p2.post_id = t.topic_last_post_id AND u2.user_id = p2.poster_id AND t.topic_announce = 0 ORDER BY t.topic_important DESC, /*t.topic_last_post_id*/p2.post_time DESC LIMIT ??, ??'; $topics->normal = sql_rowset(sql_filter($sql, $forum_id, $start, $config['topics_per_page'])); $total->normal = (is_array($topics->normal)) ? count($topics->normal) : 0; // // Total topics ... // //$total_topics += $total_announcements; //$total_topics = $total->important + $total->normal; // // Post URL generation for templating vars // if ($is_auth['auth_post'] || $is_auth['auth_mod']) { _style('topic_create', array( 'L_POST_NEW_TOPIC' => ($forum_row['forum_locked']) ? lang('forum_locked') : lang('post_newtopic')) ); } // // Dump out the page header and load viewforum template // v_style(array( 'FORUM_ID' => $forum_id, 'FORUM_NAME' => $forum_row['forum_name'], 'U_VIEW_FORUM' => s_link('forum', $forum_row['forum_alias'])) ); // // End header // // // Let's build the topics // $i = 0; foreach ($topics as $alias => $list) { foreach ($list as $j => $row) { if (!$i) { _style('topics'); $topics_count -= $total->important; build_num_pagination(s_link('forum', $forum_row['forum_alias'], 's%d'), $topics_count, $config['topics_per_page'], $start, '', 'TOPICS_'); } if (!$j) { _style('topics.alias', array( 'NAME' => lang('topic_' . $alias), 'SHOW' => ($total->important && $total->normal > 1)) ); } $row = (object) $row; if ($row->user_id != GUEST) { $row->author = '<a href="' . s_link('m', $row->username_base2) . '">' . $row->username2 . '</a>'; } else { $row->author = '<span>*' . (($row->post_username2 != '') ? $row->post_username2 : lang('guest')) . '</span>'; } if ($row->user_id2 != GUEST) { $row->poster = '<a href="' . s_link('m', $row->username_base2) . '">' . $row->username2 . '</a>'; } else { $row->poster = '<span>*' . (($row->post_username2 != '') ? $row->post_username2 : lang('guest')) . '</span>'; } _style('topics.alias.row', array( 'FORUM_ID' => $forum_id, 'TOPIC_ID' => $row->topic_id, 'TOPIC_AUTHOR' => $row->author, 'REPLIES' => $row->topic_replies, 'VIEWS' => ($user->is('founder')) ? $row->topic_views : '', 'TOPIC_TITLE' => $row->topic_title, 'TOPIC_CREATION_TIME' => $user->format_date($row->topic_time), 'LAST_POST_TIME' => $user->format_date($row->post_time), 'LAST_POST_AUTHOR' => $row->poster, 'U_TOPIC' => s_link('topic', $row->topic_id)) ); $i++; } } if (!$topics_count) { if ($start) { redirect(s_link('forum', $forum_row['forum_alias']), true); } _style('no_topics'); } // // Posting box // if (!empty($error_msg) || (!$is_auth['auth_mod'] && $forum_row['forum_locked']) || (!$is_auth['auth_post'] && $forum_row['auth_post'] == AUTH_REG) || $is_auth['auth_post']) { if ($is_auth['auth_post']) { if (!empty($poll_options)) { $poll_options = implode(nr(), $poll_options); } _style('publish', array( 'S_POST_ACTION' => s_link('forum', $forum_row['forum_alias']), 'TOPIC_TITLE' => $post_title, 'MESSAGE' => $post_message, 'NP' => $post_np, 'POLL_TITLE' => $poll_title, 'POLL_OPTIONS' => $poll_options, 'POLL_LENGTH' => $poll_length) ); if ($is_auth['auth_pollcreate']) { _style('publish.poll'); if (empty($poll_options)) { _style('publish.poll.hide'); } } } if (!empty($error_msg)) { _style('publish.alert', array( 'MESSAGE' => $error_msg) ); } } $layout_file = 'topics'; $use_m_template = 'custom/forum_' . $forum_id; if (@file_exists(ROOT . 'template/' . $use_m_template . '.htm')) { $layout_file = $use_m_template; } $this->_title = $forum_row['forum_name']; $this->_template = $layout_file; return; }