function postmessage($ar)
{
$cn = connect_db();
$sql = "insert into `message` (touserid,fromuserid,subject,message,name) values ('" . $ar['touserid'] . "','" . $ar['fromuserid'] . "','" . magicquotes(htmlspecialchars($ar['subject'])) . "','" . formattext(htmlspecialchars(magicquotes($ar['message']))) . "','" . htmlspecialchars($ar['name']) . "')";
$result = mysql_query($sql, $cn) or die("ERROR :" . mysql_error());
disconnect_db($cn);
}
$result = do_mysql_query($query);
while ($row = mysql_fetch_array($result)) {
echo "\n<tr bgcolor={$table_bgcolour}><td><font ";
if ($row["event_date"] == date("Y-m-d", time())) {
echo "color=red";
} else {
echo "color=black";
}
echo ">";
if ($username == "staff" and getVAR("edit") == "on") {
//add edit/del buttons
$id = $row["ID"];
echo "\n<a href=\"{$PHP_SELF}?action=edit_event&display_date={$display_date}&id={$id}&username={$username}&password={$password}\"><img border=0 align=right src=\"images/edit.gif\"> </a> ";
echo "\n<a href=\"{$PHP_SELF}?action=del_event&display_date={$display_date}&id={$id}&username={$username}&password={$password}\"><img border=0 align=right src=\"images/delete.gif\"></a>";
}
echo "\n<small><b>" . strftime("%d/%m/%Y", strtotime($row["event_date"])) . " - " . $row["event"] . "</b><br>" . formattext($row["details"]) . "</small>";
echo "\n</font></td></tr>";
}
if (!mysql_num_rows($result)) {
echo "\n<tr bgcolor={$table_bgcolour}><td>No events could be found.<br>Click <i>Add Event</i> to create an event.</td></tr>";
}
echo "\n</table>";
}
echo "\n</td></tr>";
echo "\n</table>";
if (authenticate($username, $password)) {
sendNavBar(array("previous", "logout", "home", "create_notice", "add_event", "edit", "next"), $username, $password, $display_date);
}
if ($username == "admin") {
sendNavBar(array("manage_users"), $username, $password, $display_date);
}
}
/* ------------------------------------- */
/* Kommentarübersicht anzeigen */
$tpl->parse("HEADER", "COMMENTSHEADER", true);
$tpl->set_var(array("commentscount" => $commentscount));
/* --------------------------- */
/* Kommentare anzeigen */
$cf = 'news/inc/pn_comments.dat';
$zeile = file($cf);
$zeilen = sizeof($zeile);
$commentnr = 0;
for ($i = 0; $i < $zeilen; $i++) {
$eintrag = explode("§", $zeile[$i]);
if ($eintrag[1] == $_GET['id']) {
$datum = formatdate($eintrag[5], $dateformat);
$eintrag[2] = formattext($eintrag[2], $smilies, $smiliespath, $myBoardCodeTags, $commenthtml);
$author = '<a href="mailto:' . $eintrag[4] . '">' . $eintrag[3] . '</a>';
$commentnr++;
$tpl->set_var(array("datum" => $datum, "comment" => $eintrag[2], "autor" => $author, "commentnr" => '#' . $commentnr));
$tpl->parse("COMMENTSECTION", "COMMENTS", true);
}
}
/* ------------------- */
/* Kommentarform anzeigen */
$saveurl = $newsoutput . '?pn_go=savecomment' . $params;
$tpl->parse("FORM", "COMMENTFORM", true);
$tpl->set_var(array('saveurl' => $saveurl, 'commentid' => $_GET['id'], 'backurl' => $_SERVER['HTTP_REFERER']));
}
#########################################
#########################################
# SAVECOMMENT #
function image_update($id, $date, $title, $description, $rotate)
{
$cn = connect_db();
if ($title == "") {
$title = "No Title";
}
if ($description == "") {
$description = "No Description";
}
$sql = "SELECT * FROM `photo` WHERE id='" . $id . "'";
$link = mysql_query($sql, $cn) or die("Error : " . mysql_error());
$data = mysql_fetch_assoc($link);
$path1 = get_full_domain_path() . str_replace(get_domain_path(), "", $data['original_url']);
$path2 = get_full_domain_path() . str_replace(get_domain_path(), "", $data['medium_url']);
$path3 = get_full_domain_path() . str_replace(get_domain_path(), "", $data['thumb_url']);
if ($rotate == "CW") {
rotateImage($path1, "CW");
rotateImage($path2, "CW");
rotateImage($path3, "CW");
}
if ($rotate == "CCW") {
rotateImage($path1, "CCW");
rotateImage($path2, "CCW");
rotateImage($path3, "CCW");
}
$d1 = date("Y-m-d", strtotime($date));
$d1 .= date(" H:i:s", time());
$sql = "update `photo` set upload_time='" . $d1 . "', title='" . formattext(htmlspecialchars(magicquotes($title))) . "', description='" . formattext(magicquotes(htmlspecialchars($description))) . "' where id='" . $id . "'";
$link = mysql_query($sql, $cn) or die("Error : " . mysql_error());
disconnect_db($cn);
}
if (!$_GET['page']) {
$_GET['page'] = 1;
}
$y = $_GET['page'] * $newsperpage;
$x = $y - $newsperpage;
if ($y > $zeilen) {
$y = $zeilen;
}
/* -------------------------------------------------- */
/* Ausgabe aller Newseinträge */
for ($i = $x; $i < $y; $i++) {
$eintrag = explode('§', $zeile[$i]);
$datum = formatdate($eintrag[6], $dateformat);
$eintrag[1] = getname($eintrag[1], 'news/inc/pn_userdata.php');
$eintrag[2] = formattext($eintrag[2], $smilies, $smiliespath, $myBoardCodeTags, $texthtml);
$eintrag[3] = formattext($eintrag[3], $smilies, $smiliespath, $myBoardCodeTags, $texthtml);
/* Kategorie-System */
if ($showcat == 'yes') {
$eintrag[5] = getcat($eintrag[5], 'news/inc/pn_categories.dat', 'catpics', $catpics);
} else {
$eintrag[5] = '';
}
/* ---------------- */
if ($eintrag[4] != '') {
$readmore = '<a href="' . $_SERVER['PHP_SELF'] . '?pn_go=details&id=' . $eintrag[0] . $params . '">' . $more . '</a>';
} else {
$readmore = '';
}
$newsnr = $zeilen - $i . '. ';
$commentscount = commentscount($eintrag[0]);
$comments = '<a href="' . $_SERVER['PHP_SELF'] . '?pn_go=details&id=' . $eintrag[0] . $params . '">Comments (' . $commentscount . ')</a>';
function update_user($ar)
{
$cn = connect_db();
// print_r($ar);
if ($ar['hidedob'] == "on") {
$hidedob = 1;
} else {
$hidedob = 0;
}
if ($ar['hidegender'] == "on") {
$hidegender = 1;
} else {
$hidegender = 0;
}
$sql = "update `users` set firstname='" . magicquotes($ar['firstname']) . "', lastname='" . magicquotes($ar['lastname']) . "', email='" . magicquotes($ar['email']) . "', photoid='" . $ar['photoid'] . "',title='" . magicquotes($ar['title']) . "', sitetype='" . $ar['sitetype'] . "', themecolor='" . $ar['color'] . "', description='" . formattext(magicquotes(htmlspecialchars($ar['sitedesc']))) . "', allowprint='" . $ar['allowprint'] . "',pictureview='" . $ar['pictureview'] . "',hidegender='" . $hidegender . "',hidedob='" . $hidedob . "' where userid='" . $_SESSION['gallery_userid'] . "'";
$link = mysql_query($sql, $cn) or die("Error : " . mysql_error());
disconnect_db($cn);
}
$rss->description = 'List of newest projects on FOSS Factory.';
$rss->link = $GLOBALS['SITE_URL'] . 'browse.php';
list($rc, $projects) = ff_getnewprojects(30);
if ($rc == 0) {
foreach ($projects as $p) {
$item = new FeedItem();
$item->title = $p['name'];
$item->link = $GLOBALS['SITE_URL'] . projurl($p['id']);
$item->guid = $item->link;
$item->date = (int) $p['created'];
$item->author = $p['creator'];
$item->description = '
<p>
Creator: ' . xmlescape($p['creator']) . '<br>
Requirements:<br><br>
' . formattext($p['reqmts']) . '
</p>
';
$rss->addItem($item);
}
}
} else {
if ($_GET['src'] == 'duties') {
include_once "getduties.php";
include_once "formattext.php";
$user = scrub($_GET['u']);
$rss->title = '[FF] ' . $user . '\'s duties';
$rss->description = $user . '\' duties on FOSS Factory.';
$rss->link = $GLOBALS['SITE_URL'] . 'account.php#tabs';
list($rc, $duties) = getduties($user);
if ($rc == 0) {
