function guestbook_insert($entry) { if ($entry['is_mass_gb'] !== true) { if ($_SESSION['login']['id'] == $entry['sender']) { if ($_SESSION['last_gb_entry'] > time() - 5) { return false; } } if (strlen($entry['message']) == 0) { return false; } if ($entry['recipient'] == 2348 && $entry['sender'] != 2348) { $_SESSION['posted_gb_to_webmaster'] = true; } } $entry['is_private'] = $entry['is_private'] == 1 ? 1 : 0; $query = 'INSERT INTO traffa_guestbooks(timestamp, recipient, sender, message, is_private)'; $query .= ' VALUES("' . time() . '", "' . $entry['recipient'] . '", "' . $entry['sender'] . '", "' . $entry['message'] . '", "' . $entry['is_private'] . '")'; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); $entry['id'] = mysql_insert_id(); $query = 'UPDATE userinfo SET gb_entries = gb_entries + 1 WHERE userid = "' . $entry['recipient'] . '" LIMIT 1'; if (!mysql_query($query)) { report_sql_error($query, __FILE__, __LINE__); return false; } if (isset($entry['reply-to'])) { $query = 'UPDATE traffa_guestbooks SET answered = "Y", `read` = 1 WHERE id = "' . $entry['reply-to'] . '" AND recipient = "' . $entry['sender'] . '" LIMIT 1'; if (!mysql_query($query)) { report_sql_error($query, __FILE__, __LINE__); return false; } } if ($entry['is_mass_gb'] !== true) { $query = 'SELECT session_id FROM login WHERE id = "' . $entry['recipient'] . '" LIMIT 1'; $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); $data = mysql_fetch_assoc($result); if (strlen($data['session_id']) > 5) { $remote_session = session_load($data['session_id']); $remote_session['notices']['unread_gb_entries'] += 1; $entry['image'] = $_SESSION['userinfo']['image']; $entry['timestamp'] = time(); $entry['message'] = stripslashes($entry['message']); $entry['username'] = $_SESSION['login']['username']; $remote_session['unread_gb_entries'][] = $entry; session_save($data['session_id'], $remote_session); } } $_SESSION['last_gb_entry'] = time(); return true; }
function block_user($userid) { mysql_query('UPDATE userinfo SET image = 0, image_ban_expire = "' . (time() + 86400 * 7) . '" WHERE userid = "' . $userid . '" LIMIT 1') or die('<script language="javascript">alert("FATALT FEL! IGNORERA FÖLJANDE MEDDELANDE OM ATT UPPDATERINGEN LYCKADES. MYSQL FELINFORMATION: (vidarebefodra till Tritone)\\n\\n' . mysql_error() . '")</script>'); /* We need to load and modify the remote users session */ $sessid_sql = 'SELECT session_id FROM login WHERE id = "' . $userid . '" LIMIT 1'; $sessid_result = mysql_query($sessid_sql) or die(report_sql_error($sessid_sql)); $sessid_data = mysql_fetch_assoc($sessid_result); if (strlen($sessid_data['session_id']) > 5) { $remote_session = session_load($sessid_data['session_id']); $remote_session['userinfo']['image_ban_expire'] = time() + 86400 * 7; session_save($sessid_data['session_id'], $remote_session); } if (unlink(PATHS_IMAGES . 'users/full/' . $userid . '.jpg') && unlink(PATHS_IMAGES . 'users/thumb/' . $userid . '.jpg')) { echo '<script language="javascript">alert("Användar-ID ' . $userid . ' har blockerats från framtida uppladdning av bilder.");</script>'; log_admin_event('user blocked image upload', '', $_SESSION['login']['id'], $userid, $userid); } else { echo '<script language="javascript">alert("Ett fel uppstod när ' . $userid . '.jpg skulle tas bort!");</script>'; } }
function new_entry($recipient, $sender, $message, $private = 0, $answereid = null, $post_id = 0) { //$message = htmlspecialchars($message); $private = $private == 1 ? 1 : 0; $insert_sql = 'INSERT INTO traffa_guestbooks(timestamp, recipient, sender, message, is_private, forum_post) '; $insert_sql .= 'VALUES(UNIX_TIMESTAMP(), ' . $recipient . ', ' . $sender . ', \'' . $message . '\', ' . $private . ', ' . $post_id . ')'; mysql_query($insert_sql) or die(report_sql_error($insert_sql)); $update_sql = 'UPDATE traffa SET guestbook_entries = guestbook_entries + 1 WHERE userid = ' . $recipient . ' LIMIT 1'; mysql_query($update_sql) or die('Ett kritiskt fel uppstod! Felet uppstod i new_entry(). Felet uppstod när data uppdaterades.<br />Felinfo:<br />' . mysql_error()); $sessid_sql = 'SELECT session_id FROM login WHERE id = "' . $recipient . '" LIMIT 1'; $sessid_result = mysql_query($sessid_sql) or die(report_sql_error($sessid_sql)); $sessid_data = mysql_fetch_assoc($sessid_result); if (strlen($sessid_data['session_id']) > 5) { $remote_session = session_load($sessid_data['session_id']); $remote_session['notices']['unread_gb_entries'] += 1; session_save($sessid_data['session_id'], $remote_session); } if (isset($answereid)) { $query = 'UPDATE traffa_guestbooks SET answered = "Y" WHERE id = "' . $answereid . '" AND recipient = "' . $_SESSION['login']['id'] . '" LIMIT 1'; mysql_query($query) or die('Ett kritiskt fel uppstod! Felet uppstod i new_entry(). Felet uppstod när data uppdaterades.<br />Felinfo:<br />' . mysql_error()); } }
} // Note: $current is a pointer! $current['timestamp'] = time(); } } if ($increase_profile_visitors == true) { $query = 'UPDATE userinfo SET profile_visitors = profile_visitors + 1 WHERE userid = ' . $user_id; mysql_query($query) or die(report_sql_error($query)); } $querys = array(); $querys['insert'] = 'INSERT INTO user_visits(user_id, item_id, type, count, timestamp) VALUES(' . $user_id . ', ' . $_SESSION['login']['id'] . ', "profile_visit", 1, unix_timestamp())'; $querys['update'] = 'UPDATE user_visits SET count = count + 1, timestamp = unix_timestamp() WHERE user_id=' . $user_id . ' AND item_id=' . $_SESSION['login']['id'] . ' AND type="profile_visit"'; @mysql_query($querys['insert']) or @mysql_query($querys['update']); unset($querys); /* Read remote session and log this visit */ $remote_session = session_load($userinfo['login']['session_id']); if ($_SESSION['userinfo']['image'] == 1 || $_SESSION['userinfo']['image'] == 2) { $visited = false; foreach ($remote_session['visitors_with_image'] as $visitor) { $visited = $visitor['id'] == $_SESSION['login']['id'] ? true : $visited; } if ($visited == false) { while (count($remote_session['visitors_with_image']) >= 8) { array_pop($remote_session['visitors_with_image']); } array_unshift($remote_session['visitors_with_image'], array('id' => $_SESSION['login']['id'], 'timestamp' => time(), 'username' => $_SESSION['login']['username'])); } } $remote_session['notice_message'] = 'Hey där, <a href="/traffa/profile.php?id=' . $_SESSION['login']['id'] . '">' . $_SESSION['login']['username'] . '</a> sladdade just in på din profil! - <a href="/traffa/my_visitors.php">Visa alla dina besökare!</a>'; session_save($userinfo['login']['session_id'], $remote_session); }
function age_guess_result() { global $AGE_GUESS_COMMENTS; $return .= '<img src="http://images.hamsterpaj.net/images/users/thumb/' . $_SESSION['age_guess']['current_user'] . '" />' . "\n"; $age_diff = $_GET['guessed_age'] == 'skip' ? 1 : $_GET['guessed_age'] - $_SESSION['age_guess']['current_age']; switch (abs($age_diff)) { case 0: $score = 5; $score_class = 'positive'; break; case 1: $score = 0; $score_class = 'unchanged'; break; default: $score = abs($age_diff) * -1 + 1; $score = $score < -5 ? -5 : $score; $score_class = 'negative'; } $return .= '<h2 class="age_guess_score_' . $score_class . '">' . $score . 'p</h2>' . "\n"; foreach ($AGE_GUESS_COMMENTS as $comment => $differences) { foreach ($differences as $difference) { $comments_by_diff[$difference][] = $comment; } } $comment = $_GET['guessed_age'] == 'skip' ? 'Hoppade över' : $comments_by_diff[$age_diff][rand(0, count($comments_by_diff[$age_diff]) - 1)]; $return .= '<h2>' . $comment . '</h2>' . "\n"; $return .= '<p class="age_guess_answer_text"><a href="/traffa/profile.php?id=' . $_SESSION['age_guess']['current_user'] . '">' . $_SESSION['age_guess']['current_username'] . '</a>' . "\n"; $return .= ' är ' . $_SESSION['age_guess']['current_age'] . ' år</p>'; $return .= '<button onclick="window.open(\'/traffa/profile.php?id=' . $_SESSION['age_guess']['current_user'] . '\');">Besök i nytt fönster</button>' . "\n"; if (is_numeric($_GET['guessed_age'])) { event_log_log('age_guess_guess'); /* Log answer to database */ $insertquery = 'INSERT INTO age_guess_logs (user, age_' . $_GET['guessed_age'] . ') VALUES("' . $_SESSION['age_guess']['current_user'] . '", 1)'; $updatequery = 'UPDATE age_guess_logs SET age_' . $_GET['guessed_age'] . ' = age_' . $_GET['guessed_age'] . ' + 1 WHERE user = "******" LIMIT 1'; mysql_query($insertquery) or mysql_query($updatequery); if (login_checklogin()) { $correct = $age_diff == 0 ? 1 : 0; $insertquery = 'INSERT INTO age_guess_scoring (user, week, score, viewed_images, correct_guesses, correct_ratio)'; $insertquery .= ' VALUES("' . $_SESSION['login']['id'] . '", "' . date('YW') . '", "' . $score . '", 1, ' . $correct . ', correct_guesses/viewed_images)'; $updatequery = 'UPDATE age_guess_scoring SET score = score + ' . $score . ', viewed_images = viewed_images + 1, correct_guesses = correct_guesses + ' . $correct . ', correct_ratio = correct_guesses/viewed_images'; $updatequery .= ' WHERE user = "******" AND week = "' . date('YW') . '" LIMIT 1'; mysql_query($insertquery) or mysql_query($updatequery); $_SESSION['age_guess']['score'] += $score; $_SESSION['age_guess']['correct_guesses'] += $correct; if ($_SESSION['age_guess']['score'] < -10) { $_SESSION['age_guess']['score'] = -10; $query = 'UPDATE age_guess_scoring SET score = -10 WHERE user = "******" AND week = "' . date('YW') . '" LIMIT 1'; mysql_query($query); } /* Find out if the remote user is online, if so, open the session and send a quicknote about the vote */ if ($score != 5) { $query = 'SELECT session_id, lastaction FROM login WHERE id = "' . $_SESSION['age_guess']['current_user'] . '" LIMIT 1'; $result = mysql_query($query); if ($data = mysql_fetch_assoc($result)) { if ($data['lastaction'] > time() - 600) { $remote_session = session_load($data['session_id']); $remote_session['notice_message'] = 'Du, <a href="/traffa/profile.php?id=' . $_SESSION['login']['id'] . '">' . $_SESSION['login']['username'] . '</a> gissade nyss att du är ' . $_GET['guessed_age'] . ' år gammal i <a href="/traffa/age_guess.php">Gissa Åldern</a>!'; session_save($data['session_id'], $remote_session); } } } } } return $return; }
die('Not authorized'); } ui_top($ui_options); $out = '<h1 style="margin-top: 0px;">User management</h1>' . "\n"; $out .= '<form method="get">' . "\n"; $out .= '<h2>Load user</h2>' . "\n"; $out .= '<input type="text" name="username" />' . "\n"; $out .= '<input type="submit" value="Load" />' . "\n"; $out .= '</form>' . "\n"; echo rounded_corners($out, array('color' => 'green'), true); if (isset($_GET['username'])) { $query = 'SELECT l.*, u.* FROM login AS l, userinfo AS u WHERE l.username = "******" AND u.userid = l.id'; $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); if (mysql_num_rows($result) == 1) { $user = mysql_fetch_assoc($result); $user_session = session_load($user['session_id']); if (isset($_POST['action'])) { switch ($_POST['action']) { case 'quality_level': if (is_privilegied('read_only_admin')) { $query = 'UPDATE login SET quality_level = "' . $_POST['quality_level'] . '", quality_level_expire = "' . $_POST['expire'] . '" WHERE id = "' . $user['id'] . '" LIMIT 1'; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); // trace('user_management_error', 'Query: ' . $query . ', Error: ' . mysql_error()); $user_session['login']['quality_level'] = $_POST['quality_level']; $user_session['login']['quality_level_expire'] = $_POST['expire']; echo '<p>User quality level updated</p>' . "\n"; preint_r($_POST); } else { echo 'Du har inte privilegier för att sätta RO\'s' . "\n"; } break;
amuse_draw_small_item($data, 'table'); } echo '</table>'; } listPhotos($userid, $userdata['traffa']['photos']); if (login_checklogin() == 1 && $_SESSION['login']['id'] != $userid) { $query = 'INSERT INTO traffa_visits(profileid, userid, tstamp) VALUES(' . $userid . ', '; $query .= $_SESSION['login']['id'] . ', UNIX_TIMESTAMP())'; mysql_query($query) or die(report_sql_error($query)); $view = $userid; /* This is for the bubblemessage-stuff */ if (strlen($userdata['login']['session_id']) > 5) { if ($_SESSION['visited_profiles'][$view] != 1 && $userdata['preferences']['bubblemessage_visitors'] == 'Y') { $_SESSION['visited_profiles'][$view] = 1; $bubblemessage = '<a href="/traffa/profile.php?id=' . $_SESSION['login']['id'] . '">' . $_SESSION['login']['username'] . '</a> surfade nyss in på din presentation ;)'; $remote_session = session_load($userdata['login']['session_id']); $remote_session['bubblemessage'] = $bubblemessage; session_save($userdata['login']['session_id'], $remote_session); } } /* Add the visit to thevisitors left panel */ if (count($_SESSION['profile_visits']) == 10) { array_pop($_SESSION['profile_visits']); } if (!isset($_SESSION['profile_visits'])) { $_SESSION['profile_visits'][] = array('id' => $view, 'username' => $userdata['login']['username']); } else { array_unshift($_SESSION['profile_visits'], array('id' => $view, 'username' => $userdata['login']['username'])); } } ui_bottom();
function posts_create($post, $options) { /* Required info: content discussion_id author Optional info: timestamp */ /* $post['content'] = str_replace('(</p><p>)+', '</p><p>', $post['content']); $post['content'] = str_replace('(<br />)+', '<br />', $post['content']); */ if (forum_read_only_get($post['author'])) { echo 'Error: Användaren avstängd från forumet' . "\n"; return false; } $post['content'] = trim($post['content']); $content = mysql_real_escape_string($post['content']); $quality_rank = text_quality_rank($post['content']); $spelling_grammar = text_quality_rank($post['content']); $post['timestamp'] = isset($post['timestamp']) ? $post['timestamp'] : time(); $query = 'INSERT INTO posts (author, length, content, discussion_id, quality_rank, spelling_grammar, timestamp, no_smilies)'; $query .= ' VALUES("' . $post['author'] . '", "' . strlen($post['content']) . '", "' . $post['content'] . '", "' . $post['discussion_id']; $query .= '", "' . $quality_rank . '", "' . $spelling_grammar . '", "' . $post['timestamp'] . '", "'; $query .= (isset($post['no_smilies']) ? '1' : '0') . '")'; mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); $post_id = mysql_insert_id(); /* Increase the post counter */ $query = 'UPDATE discussions SET posts = posts + 1, last_post = "' . $post_id . '" WHERE id = "' . $post['discussion_id'] . '" LIMIT 1'; mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); if (isset($options['gb_recipient'])) { /* Update the "unread entries" in the remote users session */ $query = 'SELECT session_id FROM login WHERE id = "' . $options['gb_recipient'] . '" LIMIT 1'; $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); if (mysql_num_rows($result) == 1) { $data = mysql_fetch_assoc($result); if (strlen($data['session_id']) > 1) { $remote_session = session_load($data['session_id']); $remote_session['notices']['unread_gb_entries'] += 1; session_save($sessid_data['session_id'], $remote_session); } } /* If a private entry has been sent, set the appropriate flag */ if ($options['private_gb'] == true) { $query = 'INSERT INTO flags (object_id, object_type, flag) VALUES("' . $post_id . '", "post", "private_gb")'; mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); } } //Parse to find answer tags foreach (preg_split('/\\n/', $content) as $line) { // find tags like: [svar:AmarsoLove=3245] // eller: [svar:Henrik] if (preg_match('/\\[svar:(\\w+)(=\\d+)?\\]/', $line, $matches)) { //Fetch user_id if (strtolower($matches[1]) != 'borttagen') { $query = 'SELECT id FROM login WHERE username = "******"'; $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); if (mysql_num_rows($result) == 1) { $data = mysql_fetch_assoc($result); $receiver_id = $data['id']; //Insert response notice $query = 'INSERT INTO notices (user_id, post_id, type) VALUES ("' . $receiver_id . '", "' . $post_id . '", "response")'; mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); } } } } //Send notices to all users listed in $options['notices'] if (isset($options['notices'])) { foreach ($options['notices'] as $receiver) { if (strtolower($matches[1]) != 'borttagen') { //Fetch user_id $query = 'SELECT id FROM login WHERE username = "******"'; $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); if (mysql_num_rows($result) == 1) { $data = mysql_fetch_assoc($result); $receiver_id = $data['id']; //Insert response notice $query = 'INSERT INTO notices (user_id, post_id, type) VALUES ("' . $receiver_id . '", "' . $post_id . '", "notice")'; log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'notiser', $query); mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); } } } } //Update users quality rank //todo! This will require some thinking and adjustments in the future if (login_checklogin()) { $user_quality_rank = ($_SESSION['userinfo']['forum_quality_rank'] * 9 + $quality_rank) / 10; unset($data); $data['userinfo']['forum_quality_rank'] = $user_quality_rank; login_save_user_data($_SESSION['login']['id'], $data); session_merge($data); //Update discussion quality rank $query = 'SELECT quality_rank FROM posts WHERE discussion_id ="' . $post['discussion_id'] . '" ORDER BY id DESC LIMIT 30'; $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); while ($data = mysql_fetch_assoc($result)) { $quality_ranks[] = $data['quality_rank']; } sort($quality_ranks); $discussion_quality_rank = $quality_ranks[floor(count($quality_ranks) / 2)]; $query = 'UPDATE discussions SET quality_rank="' . $discussion_quality_rank . '" WHERE id = "' . $post['discussion_id'] . '"'; mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); } //Update discussion popularity $slot = floor(date('G') / 3); $slot_pre = $slot - 1; $date_pre = date('Y-m-d'); if ($slot_pre < 0) { $slot_pre = 7; $date_pre = date('Y-m-d', strtotime('yesterday')); } $query_update = 'UPDATE discussion_statistics SET posts = posts + 1 WHERE discussion_id = "' . $post['discussion_id'] . '" AND date = "' . date('Y-m-d') . '" AND slot = "' . $slot . '"'; $query_posts_pre = 'SELECT posts FROM discussion_statistics WHERE discussion_id = "' . $post['discussion_id'] . '" AND date = "' . $date_pre . '" AND slot = "' . $slot_pre . '" LIMIT 1'; // log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, $post['discussion_id'] . ' ' . $slot . ' ' . $slot_pre, $query_posts_pre); // Update the popularity for the tags that the discussion has been tagged with. $tags = tag_get_by_item('discussion', $post['discussion_id']); foreach ($tags as $tag) { $query = 'UPDATE tags SET popularity = IF(popularity IS NULL, 0.05, popularity + 0.05) WHERE id = "' . $tag['tag_id'] . '" LIMIT 1'; mysql_query($query) or die(report_sql_error($query)); } $result = mysql_query($query_posts_pre); if ($data = mysql_fetch_assoc($result)) { // log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, $data['posts'], $query_posts_pre); $posts_pre = $data['posts']; } $query_insert = 'INSERT INTO discussion_statistics (discussion_id, date, slot, posts, posts_pre) VALUES ("' . $post['discussion_id'] . '", "' . date('Y-m-d') . '", "' . $slot . '", "1",' . ' "' . $posts_pre . '")'; // log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'insert', $query_insert); if (mysql_query($query_insert)) { log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'Vi körde insert!', $query_insert); } elseif (mysql_query($query_update)) { log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'Vi körde update!', $query_update); } else { log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, $query_update, $query_insert); exit; } $_SESSION['posts']['latest'][] = array('timestamp' => $time, 'hash' => md5($post['content'])); return $post_id; }
function login_dologin($username, $password, $options = array()) { $ghost = isset($options['ghost']) && $options['ghost'] == true; if (strtolower($username) == 'borttagen') { header('Location: http://disneyworld.disney.go.com/wdw/index?bhcp=1'); exit; } if ($ghost) { $query = 'SELECT id, lastaction, lastlogon, session_id FROM login WHERE username = "******" LIMIT 1'; $loginquery = mysql_query($query) or report_sql_error($query); } elseif ($username && $password) { $password = utf8_decode($password); // Test for SHA1 with hash $query = 'SELECT id, lastaction, lastlogon, session_id FROM login WHERE username = "******" AND password_hash = "' . sha1($password . PASSWORD_SALT) . '" LIMIT 1'; $loginquery = mysql_query($query) or report_sql_error($query); if (mysql_num_rows($loginquery) == 0) { // SHA1 not found, try the old MD5 $md5_query = 'SELECT id FROM login WHERE username = "******" AND password = "******" LIMIT 1'; $md5_result = mysql_query($md5_query) or report_sql_error($md5_query); if (mysql_num_rows($md5_result) == 1) { // MD5 found, update to SHA1 $data = mysql_fetch_assoc($md5_result); $md5_to_sha1_query = 'UPDATE login SET password = "", password_hash = "' . sha1($password . PASSWORD_SALT) . '" WHERE id = "' . $data['id'] . '" LIMIT 1'; mysql_query($md5_to_sha1_query); // Load data using the SHA1-hash $query = 'SELECT id, lastaction, lastlogon, session_id FROM login WHERE username = "******" AND password_hash = "' . sha1($password . PASSWORD_SALT) . '" LIMIT 1'; $loginquery = mysql_query($query) or die('Query failed: ' . mysql_error()); } } } else { return 2; } if (mysql_num_rows($loginquery) > 0) { $tempdata = mysql_fetch_assoc($loginquery); if ($tempdata['lastlogon'] < strtotime(date('Y-m-d'))) { event_log_log('user_unique_log_on'); } if ($tempdata['lastaction'] > time() - 600 && false) { $old_session = session_load($tempdata['session_id']); session_destroy(); session_id($tempdata['session_id']); session_start(); $_SESSION = $old_session; if (isset($_SESSION['login']['id'])) { if ($ghost) { $_SESSION['ghost'] = true; } return true; } } if ($ghost) { $_SESSION['ghost'] = true; } $uid = $tempdata['id']; $ip = $_SERVER['REMOTE_ADDR']; $_SESSION['cache']['lastupdate'] = 0; $_SESSION['userid'] = $uid; $_SESSION['login']['id'] = $uid; $guestbook_sql = 'SELECT COUNT(id) AS unread FROM traffa_guestbooks WHERE recipient = ' . $_SESSION['login']['id'] . ' AND `read` = 0 AND deleted = 0'; $guestbook_result = mysql_query($guestbook_sql) or die('Ett fel inträffade!' . mysql_error() . $guestbook_sql); $guestbook_data = mysql_fetch_assoc($guestbook_result); $_SESSION['notices']['unread_gb_entries'] = $guestbook_data['unread']; require_once $hp_includepath . 'message-functions.php'; $message_status = messages_count_unread($_SESSION['login']['id']); $_SESSION['notices']['unread_messages'] = $message_status; $fetch['login'] = array('id', 'lastlogon', 'username', 'password_hash', 'userlevel', 'regtimestamp', 'lastusernamechange', 'session_id', 'lastaction', 'lastip', 'regip', 'quality_level', 'quality_level_expire'); $fetch['preferences'] = array('bubblemessage_visitors', 'allow_hotmessages', 'activate_current_action', 'enable_hetluft', 'randomizer', 'left_login_module', 'enable_shoutbox', 'module_states', 'module_order', 'forum_enable_smilies', 'forum_subscribe_on_create', 'forum_subscribe_on_post'); $fetch['traffa'] = array('firstname', 'profile_modules'); $fetch['userinfo'] = array('contact1', 'contact2', 'gender', 'birthday', 'image', 'image_ban_expire', 'forum_signature', 'zip_code', 'forum_quality_rank', 'parlino_activated', 'cell_phone', 'firstname', 'surname', 'email', 'streetaddress', 'msn', 'visible_level', 'phone_ov', 'user_status', 'gbrss'); $userinfo = login_load_user_data($uid, $fetch, __FILE__, __LINE__); $_SESSION = array_merge($_SESSION, $userinfo); // $_SESSION['preferences']['forum_favourite_categories'] = unserialize($_SESSION['preferences']['forum_favourite_categories']); $_SESSION['module_states'] = unserialize($_SESSION['preferences']['module_states']); $_SESSION['module_order'] = explode('|', $_SESSION['preferences']['module_order']); /* Notes in the note-module */ $query = 'SELECT text FROM notes WHERE id = "' . $_SESSION['login']['id'] . '" LIMIT 1'; $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); $data = mysql_fetch_assoc($result); $_SESSION['note'] = $data['text']; /* groups-start-here */ $group_data['groups_members'] = array('groupid'); $groups = login_load_group_data($uid, $group_data); $_SESSION = array_merge($_SESSION, $groups); if (!$ghost) { $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; } /* Friends start here */ $options['user_id'] = $_SESSION['login']['id']; $_SESSION['friends'] = friends_fetch_online_smart($options); $query = 'SELECT DISTINCT(uel.remote_user_id) AS id, uel.timestamp, l.username '; $query .= 'FROM user_event_log AS uel, login AS l, userinfo AS u'; $query .= ' WHERE uel.action = "profile_visit" AND uel.user = "******" AND l.id = uel.remote_user_id AND (u.image = 1 OR u.image = 2) AND u.userid = uel.remote_user_id'; $query .= ' GROUP BY uel.remote_user_id ORDER BY timestamp DESC LIMIT 8'; $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); while ($data = mysql_fetch_assoc($result)) { $_SESSION['visitors_with_image'][] = $data; } /* Fetch the latest posts, the posts antiflood system will use this */ $query = 'SELECT MD5(content), timestamp FROM posts WHERE author = "' . $_SESSION['login']['id'] . '" ORDER BY id DESC LIMIT 50'; $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); while ($data = mysql_fetch_assoc($result)) { $_SESSION['posts']['latest'][] = $data; } /* Fetch privilegies */ $query = 'SELECT privilegie, value FROM privilegies WHERE user = "******"'; $result = mysql_query($query); while ($data = mysql_fetch_assoc($result)) { $_SESSION['privilegies'][$data['privilegie']][is_numeric($data['value']) ? intval($data['value']) : $data['value']] = true; } /* Log the logon to database */ $query = 'INSERT INTO login_log (user_id, logon_time, impressions, ip, ghost) VALUES(' . $_SESSION['login']['id'] . ', ' . time(); $query .= ', 0, ' . ip2long($_SERVER['REMOTE_ADDR']) . ', "' . ($ghost ? 'YES' : 'NO') . '")'; mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); if (!$ghost) { $sql = 'UPDATE login SET lastlogon = ' . time() . ', lastip = "' . $ip . '", session_id = "' . session_id() . '" WHERE id = "' . $uid . '" LIMIT 1'; mysql_query($sql) or die('Query failed: ' . mysql_error()); $_SESSION['login']['lastlogon'] = time(); } /* Cache some info about the users visits to categories. This is used to calculate new threads and category-subscriptions */ $query = 'SELECT * FROM forum_category_visits WHERE user_id = "' . $_SESSION['login']['id'] . '"'; $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); while ($data = mysql_fetch_assoc($result)) { $_SESSION['forum']['categories'][$data['category_id']] = $data; } return 1; } else { return 0; } }
<?php require '../include/core/common.php'; try { $ui_options['stylesheets'][] = 'forms.css'; if (!is_privilegied('user_message')) { throw new Exception('Du har inte privilegier för den här sidan'); } if (isset($_POST['username']) && isset($_POST['message'])) { $query = 'SELECT session_id FROM login WHERE username = "******" LIMIT 1'; $result = mysql_query($query) or report_sql_error($query); if (mysql_num_rows($result) == 1) { $data = mysql_fetch_assoc($result); if (strlen($data['session_id']) > 0) { $remote_session = session_load($data['session_id']); $remote_session['user_message'] = $_POST['message']; session_save($data['session_id'], $remote_session); $out .= '<div class="form_notice_success">Meddelande skickat!</div>' . "\n"; } else { $out .= '<div class="form_notice_error">Den användaren verkar inte ha en aktiv session.</div>' . "\n"; } } else { $out .= '<div class="form_notice_error">Användaren hittades inte.</div>' . "\n"; } } // form $out .= '<fieldset>' . "\n"; $out .= '<legend>Användarmeddelande!</legend>' . "\n"; $out .= '<p>Den här funktionen ger användaren en javascriptruta med ditt meddelande. Detta kräver dock att användaren är inloggad.</p>' . "\n"; $out .= '<form action="?action=submit" method="post">'; $out .= '<table class="form">' . "\n";
function messages_send($sender, $recipient, $title, $message, $allowhtml = 0, $mass_message_id = 0) { if (!is_array($recipient)) { $recipient = array($recipient); } $discussion = fetch_new_discussion_id($sender, $recipient); if ($allowhtml != '1') { $message = $message; } else { $message = addslashes($message); } $message = nl2br($message); $title = htmlspecialchars($title); foreach ($recipient as $this_recipient) { $query = 'INSERT INTO messages_new(sender, recipient, title, message, timestamp, discussion, mass_message_id) '; $query .= 'VALUES("' . $sender . '", "' . $this_recipient . '", "' . $title . '", "' . $message . '", UNIX_TIMESTAMP(), ' . $discussion . ', ' . $mass_message_id . ')'; mysql_query($query) or die(report_sql_error($query)); $message_id = mysql_insert_id(); $query = 'UPDATE userinfo SET messages_recieved = messages_recieved + 1 WHERE userid = ' . $this_recipient . ' LIMIT 1'; mysql_query($query) or die(report_sql_error($query)); $query = 'UPDATE userinfo SET messages_sent = messages_sent + 1 WHERE userid = ' . $sender . ' LIMIT 1'; mysql_query($query) or die(report_sql_error($query)); $query = 'SELECT session_id FROM login WHERE id = "' . $this_recipient . '" LIMIT 1'; $result = mysql_query($query) or die(report_sql_error($query)); $sessid_data = mysql_fetch_assoc($result); if (strlen($sessid_data['session_id']) > 1) { if ($_SESSION['login']['id'] == $sender) { $bubblemessage = '"Så var det dags igen... ' . $_SESSION['login']['username'] . ' skickade nyss ett <b>nytt meddelande</b> till dig. Du kan <a href="/traffa/messages.php?action=read&message_id=' . $message_id . '">klicka här</a> om du vill läsa meddelandet."'; } else { $bubblemessage = '"Tjena kompis! Du har nyss fått ett nytt <b>meddelande!</>! <a href="/traffa/messages.php">Till dina meddelanden »</a>"'; } $remote_session = session_load($sessid_data['session_id']); $remote_session['bubblemessage'][] = $bubblemessage; $remote_session['notices']['unread_messages'] += 1; session_save($sessid_data['session_id'], $remote_session); } } }
function guestbook_insert($entry) { if ($entry['is_mass_gb'] !== true) { if ($_SESSION['login']['id'] == $entry['sender']) { if ($_SESSION['last_gb_entry'] > time() - 5) { return false; } } if (strlen($entry['message']) == 0) { return false; } if ($entry['recipient'] == 2348 && $entry['sender'] != 2348) { $_SESSION['posted_gb_to_webmaster'] = true; } } $entry['is_private'] = $entry['is_private'] == 1 ? 1 : 0; $query = 'INSERT INTO traffa_guestbooks(timestamp, recipient, sender, message, is_private)'; $query .= ' VALUES("' . time() . '", "' . $entry['recipient'] . '", "' . $entry['sender'] . '", "' . $entry['message'] . '", "' . $entry['is_private'] . '")'; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); $entry['id'] = mysql_insert_id(); $query = 'UPDATE userinfo SET gb_entries = gb_entries + 1 WHERE userid = "' . $entry['recipient'] . '" LIMIT 1'; if (!mysql_query($query)) { report_sql_error($query, __FILE__, __LINE__); return false; } if (isset($entry['reply-to'])) { $query = 'UPDATE traffa_guestbooks SET answered = "Y", `read` = 1 WHERE id = "' . $entry['reply-to'] . '" AND recipient = "' . $entry['sender'] . '" LIMIT 1'; if (!mysql_query($query)) { report_sql_error($query, __FILE__, __LINE__); return false; } } if ($entry['is_mass_gb'] !== true) { $query = 'SELECT session_id FROM login WHERE id = "' . $entry['recipient'] . '" LIMIT 1'; $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); $data = mysql_fetch_assoc($result); if (strlen($data['session_id']) > 5) { $remote_session = session_load($data['session_id']); $remote_session['notices']['unread_gb_entries'] += 1; $entry['image'] = $_SESSION['userinfo']['image']; $entry['timestamp'] = time(); $entry['message'] = stripslashes($entry['message']); $entry['username'] = $_SESSION['login']['username']; $remote_session['unread_gb_entries'][] = $entry; session_save($data['session_id'], $remote_session); } } $_SESSION['last_gb_entry'] = time(); // Report message to gb_autoreport if it contains a string which should be reported. $query = 'SELECT id, string FROM gb_autoreport_strings'; $gb_autoreport_strings = query_cache(array('query' => $query)); $message = strtolower(' ' . $entry['message'] . ' '); foreach ($gb_autoreport_strings as $gb_autoreport_string) { if (strpos($message, strtolower($gb_autoreport_string['string'])) == true) { $report_gb = true; } } if (isset($report_gb) && $report_gb == true) { $query = 'INSERT INTO gb_autoreport_posts SET string_id = ' . $gb_autoreport_string['id'] . ', gb_id = ' . $entry['id']; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); } return true; }
function photoblog_forbid_upload($options) { if (!is_privilegied('photoblog_upload_forbid')) { throw new Exception('You need privilegies for this'); } if (!isset($options['user_id']) && !is_numeric($options['user_id'])) { throw new Exception('User id must be set'); } if (!isset($options['days']) && !is_numeric($options['days'])) { throw new Exception('number of days must be set'); } $query = 'UPDATE photoblog_preferences SET upload_forbidden = ' . strtotime('+' . $options['days'] . ' day', time()) . ' WHERE userid = ' . $options['user_id'] . ' LIMIT 1'; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); if ($_SESSION['login']['id'] == $options['user_id']) { $_SESSION['photoblog_preferences']['upload_forbidden'] = strtotime('+' . $options['days'] . ' day', time()); } else { $query = 'SELECT session_id FROM login WHERE id = ' . $options['user_id'] . ' LIMIT 1'; $result = mysql_query($query) or report_sql_error($query); if (mysql_num_rows($result) == 1) { $data = mysql_fetch_assoc($result); if (strlen($data['session_id']) > 0) { $remote_session = session_load($data['session_id']); $remote_session['photoblog_preferences']['upload_forbidden'] = strtotime('+' . $options['days'] . ' day', time()); session_save($data['session_id'], $remote_session); } } } log_admin_event('photoblog_upload_forbidden', 'Antal dagar: ' . $options['days'], $_SESSION['login']['id'], $options['user_id'], 0); }