function createTopic() { global $themedir, $l; global $globals, $mysql, $theme, $done, $errors, $error; global $user, $notice; global $qu; global $board; global $time, $reqPrivs; $theme['name'] = 'addReply'; $theme['call_theme_func'] = 'createTopic'; //loadlang("createTopic"); //loadlang(__FUNCTION__); loadlang('allFuncLang', __FUNCTION__); fheader($title = 'Create Topic'); // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment // if from Admin Board Settings table, loginReq column is 1, then, login is required to view // so redirect him to login page if ($reqPrivs['board']['loginReq']) { if (!userUidSet()) { redirect("{$globals['boardurl']}{$globals['only_ind']}action=login"); } } // Will have to see // how reply table works in SMF // replies table takes // topic id replied to // id of user // log IP of user // time/date (microtime() , less than 5(or other, variable factor) seconds, // post cant be made by same IP) that made the post // /* echo 111; printrr( $user); exit(); */ if (isset($_POST["reply_sub"])) { $tname = mandff(check_input($_POST["subject"]), "Subject Empty"); $tdesc = optff(check_input($_POST["desc"])); //$reply = mandff(check_input($_POST["reply"] ) , "Reply field empty"); // into binary $pton = inet_pton($user['ip']); //$pton = inet_pton( $user['REMOTE_ADDR'] ); $t = round($time->scriptTime()); $ipField = isset($user['ipv6']) ? 'tcreatedbyuid_IPv6' : 'tcreatedbyuid_IPv4'; $q1 = "INSERT INTO `topics` (`tname`, `tdesc`, `tdate`, `tcreatedby`, `tcreatedbyuid`, `{$ipField}`, `board_bid`) \n\t\tVALUES( '{$tname}', '{$tdesc}', {$t}, '{$user['username']}', '{$user['uid']}', '{$pton}', '{$_GET['board']}' )"; $q1_1 = db_query($q1); $tid = mysql_insert_id(); // if ($q1_1 && $tid) { $notice['topic_created'] = "Topic created, please go <a href='index.php?action=topic&topic={$tid}'>here</a>, and check out your topic."; } else { $error['topic_not_created'] = 'Unable to create topic, please try again.'; } //header("Location: index.php?action=board&board={$_GET['board']}"); } }
$s .= '<br />'; $s .= 'Error: ' . mysql_error(); $s .= '<br />'; echo $s; die; } if (!isset($_GET['step'])) { echo ' <input type="button" value="Start Install" onClick="javascript:location.href=\'install.php?step=1\'"> '; } //echo "<br />"; if (isset($_POST['dbinstall'])) { $host = mandff($_POST['host'], 'Invalid Host'); $dbuser = mandff($_POST['dbuser'], 'Invalid DB User'); $dbpass = optff($_POST['dbpass']); $dbname = mandff($_POST['dbname'], 'Invalid Database'); if (!empty($error)) { echo "Errors: <br />"; foreach ($error as $err) { echo $err . "<br />"; } die; } $dbname = un_sql_inj($dbname); $dbconn = mysql_connect($host, $dbuser, $dbpass) or mysql_dead('Could not establish connection to the Database.'); $select_db = mysql_select_db($dbname, $dbconn) or mysql_dead('Could not select DB, please check if DB exists.'); if (!empty($error)) { echo "Errors: <br />"; foreach ($error as $err) { echo $err . "<br />";
function sendMessage() { global $themedir; global $globals, $mysql, $theme, $done, $error, $errors; global $l; global $time; global $user; global $par; global $db; $theme['name'] = 'messages'; $theme['call_theme_func'] = 'sendMessage'; loadlang(); fheader($title = 'Send Message'); //$con = array(); //$con['dbname'] = 'myforum_3_testing'; //dbconn( $con ); if (isset($_POST['sendMess'])) { $mess = array(); $mess['to'] = check_input(mandff($_POST['to'], "{$l['to_emp']}")); $mess['body'] = check_input(mandff($_POST['body'], "{$l['body_emp']}")); $mess['subject'] = check_input(optff($_POST['subject'])); if ($errors || $error) { return false; } $q = "INSERT INTO `pm`(`pm_from_uid`, `pm_deleted_by_sender`, `pm_from_name`, `pm_sent_time`, `pm_subject`, `pm_body`) \n\t\t\t\t\t\t\t\t\tVALUES('{$user['uid']}', 0, '{$user['username']}', '{$timeNow}', '{$mess['subject']}', '{$mess['body']}') "; $q1 = db_query($q); $id = db_insert_id(); //$q2 = "SELECT `uid`, `username` FROM `users`"; //$q2 = db_query($q2); $toArr = array(); $toArr = explode(",", $mess['to']); $str = ''; foreach ($toArr as $k => $v) { $toArr[$k] = $v = trim($v); $str .= "'" . $v . "',"; } $str = rtrim($str, ","); $q2 = "SELECT `uid`, `username` FROM `users` WHERE `username` IN ( {$str} )"; $q22 = db_query($q2); $userGot = array(); $userNotGot = array(); while ($row = mysql_fetch_assoc($q22)) { $userGot[$row['uid']] = $row['username']; } $userNotGot = array(); $userNotGot = array_diff($toArr, $userGot); if (!empty($userNotGot)) { $error[] = 'Users not done: ' . implode(", ", $userNotGot) . ""; } foreach ($userGot as $k => $v) { $q3 = "INSERT INTO `pm_recepients`(`pm_id`, `pm_sent_to_uid`, `pm_is_read`, `pm_is_new`, `pm_is_deleted`) \n\t\t\t\t\t\t\t\t\t\tVALUES('{$id}', '{$k}', '0', '1', '0') "; $q33 = db_query($q3); } } /* * Profile table * CREATE TABLE `profile` ( `users_uid` foreign key references users(`uid`) INDEX KEY, * `about` , * `displaypic_url` , `dob` INT default 0, `sex` varchar(10) default 'na', `perfume` varchar(255) default 'none', * `website_url`, `profile_id` INT NOT NULL AUTO INCREMENT, ); alter table `users` add column ( `about` longtext, `dob` timestamp, `sex` char(1), `displaypic_url` varchar(255), `website_url` varchar(255), `perfume` varchar(255) ) */ }