Exemple #1
0
function createTopic()
{
    global $themedir, $l;
    global $globals, $mysql, $theme, $done, $errors, $error;
    global $user, $notice;
    global $qu;
    global $board;
    global $time, $reqPrivs;
    $theme['name'] = 'addReply';
    $theme['call_theme_func'] = 'createTopic';
    //loadlang("createTopic");
    //loadlang(__FUNCTION__);
    loadlang('allFuncLang', __FUNCTION__);
    fheader($title = 'Create Topic');
    // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
    // if from Admin Board Settings table, loginReq column is 1, then, login is required to view
    // so redirect him to login page
    if ($reqPrivs['board']['loginReq']) {
        if (!userUidSet()) {
            redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
        }
    }
    // Will have to see
    // how reply table works in SMF
    // replies table takes
    // topic id replied to
    // id of user
    // log IP of user
    // time/date (microtime() , less than 5(or other, variable factor) seconds,
    // post cant be made by same IP) that made the post
    //
    /*
    echo 111;
    printrr( $user);
    exit();
    */
    if (isset($_POST["reply_sub"])) {
        $tname = mandff(check_input($_POST["subject"]), "Subject Empty");
        $tdesc = optff(check_input($_POST["desc"]));
        //$reply = mandff(check_input($_POST["reply"] ) , "Reply field empty");
        // into binary
        $pton = inet_pton($user['ip']);
        //$pton = inet_pton( $user['REMOTE_ADDR'] );
        $t = round($time->scriptTime());
        $ipField = isset($user['ipv6']) ? 'tcreatedbyuid_IPv6' : 'tcreatedbyuid_IPv4';
        $q1 = "INSERT INTO `topics` (`tname`, `tdesc`, `tdate`, `tcreatedby`, `tcreatedbyuid`, `{$ipField}`, `board_bid`) \n\t\tVALUES( '{$tname}', '{$tdesc}', {$t}, '{$user['username']}', '{$user['uid']}', '{$pton}', '{$_GET['board']}' )";
        $q1_1 = db_query($q1);
        $tid = mysql_insert_id();
        //
        if ($q1_1 && $tid) {
            $notice['topic_created'] = "Topic created, please go <a href='index.php?action=topic&topic={$tid}'>here</a>, and check out your topic.";
        } else {
            $error['topic_not_created'] = 'Unable to create topic, please try again.';
        }
        //header("Location: index.php?action=board&board={$_GET['board']}");
    }
}
Exemple #2
0
    $s .= '<br />';
    $s .= 'Error: ' . mysql_error();
    $s .= '<br />';
    echo $s;
    die;
}
if (!isset($_GET['step'])) {
    echo '
	<input type="button" value="Start Install" onClick="javascript:location.href=\'install.php?step=1\'">
	';
}
//echo "<br />";
if (isset($_POST['dbinstall'])) {
    $host = mandff($_POST['host'], 'Invalid Host');
    $dbuser = mandff($_POST['dbuser'], 'Invalid DB User');
    $dbpass = optff($_POST['dbpass']);
    $dbname = mandff($_POST['dbname'], 'Invalid Database');
    if (!empty($error)) {
        echo "Errors: <br />";
        foreach ($error as $err) {
            echo $err . "<br />";
        }
        die;
    }
    $dbname = un_sql_inj($dbname);
    $dbconn = mysql_connect($host, $dbuser, $dbpass) or mysql_dead('Could not establish connection to the Database.');
    $select_db = mysql_select_db($dbname, $dbconn) or mysql_dead('Could not select DB, please check if DB exists.');
    if (!empty($error)) {
        echo "Errors: <br />";
        foreach ($error as $err) {
            echo $err . "<br />";
Exemple #3
0
function sendMessage()
{
    global $themedir;
    global $globals, $mysql, $theme, $done, $error, $errors;
    global $l;
    global $time;
    global $user;
    global $par;
    global $db;
    $theme['name'] = 'messages';
    $theme['call_theme_func'] = 'sendMessage';
    loadlang();
    fheader($title = 'Send Message');
    //$con = array();
    //$con['dbname'] = 'myforum_3_testing';
    //dbconn( $con );
    if (isset($_POST['sendMess'])) {
        $mess = array();
        $mess['to'] = check_input(mandff($_POST['to'], "{$l['to_emp']}"));
        $mess['body'] = check_input(mandff($_POST['body'], "{$l['body_emp']}"));
        $mess['subject'] = check_input(optff($_POST['subject']));
        if ($errors || $error) {
            return false;
        }
        $q = "INSERT INTO `pm`(`pm_from_uid`, `pm_deleted_by_sender`, `pm_from_name`, `pm_sent_time`, `pm_subject`, `pm_body`) \n\t\t\t\t\t\t\t\t\tVALUES('{$user['uid']}', 0, '{$user['username']}', '{$timeNow}', '{$mess['subject']}', '{$mess['body']}') ";
        $q1 = db_query($q);
        $id = db_insert_id();
        //$q2 = "SELECT `uid`, `username` FROM `users`";
        //$q2 = db_query($q2);
        $toArr = array();
        $toArr = explode(",", $mess['to']);
        $str = '';
        foreach ($toArr as $k => $v) {
            $toArr[$k] = $v = trim($v);
            $str .= "'" . $v . "',";
        }
        $str = rtrim($str, ",");
        $q2 = "SELECT `uid`, `username` FROM `users` WHERE `username` IN ( {$str} )";
        $q22 = db_query($q2);
        $userGot = array();
        $userNotGot = array();
        while ($row = mysql_fetch_assoc($q22)) {
            $userGot[$row['uid']] = $row['username'];
        }
        $userNotGot = array();
        $userNotGot = array_diff($toArr, $userGot);
        if (!empty($userNotGot)) {
            $error[] = 'Users not done: ' . implode(", ", $userNotGot) . "";
        }
        foreach ($userGot as $k => $v) {
            $q3 = "INSERT INTO `pm_recepients`(`pm_id`, `pm_sent_to_uid`, `pm_is_read`, `pm_is_new`, `pm_is_deleted`) \n\t\t\t\t\t\t\t\t\t\tVALUES('{$id}', '{$k}', '0', '1', '0') ";
            $q33 = db_query($q3);
        }
    }
    /*
    	 * Profile table 
    	 * CREATE TABLE `profile` (
    `users_uid` foreign key references users(`uid`) INDEX KEY, 
    * `about` ,
    * `displaypic_url` ,
    `dob` INT default 0, 
    `sex` varchar(10) default 'na', 
    `perfume` varchar(255) default 'none',
    * `website_url`,
    `profile_id` INT NOT NULL AUTO INCREMENT,
    );
    
    alter table `users` 
    add column (
    `about` longtext, 
    `dob` timestamp,
    `sex` char(1), 
    `displaypic_url` varchar(255),
    `website_url` varchar(255), 
    `perfume` varchar(255)
    )
    */
}