function guestbook_insert($entry)
{
if ($entry['is_mass_gb'] !== true) {
if ($_SESSION['login']['id'] == $entry['sender']) {
if ($_SESSION['last_gb_entry'] > time() - 5) {
return false;
}
}
if (strlen($entry['message']) == 0) {
return false;
}
if ($entry['recipient'] == 2348 && $entry['sender'] != 2348) {
$_SESSION['posted_gb_to_webmaster'] = true;
}
}
$entry['is_private'] = $entry['is_private'] == 1 ? 1 : 0;
$query = 'INSERT INTO traffa_guestbooks(timestamp, recipient, sender, message, is_private)';
$query .= ' VALUES("' . time() . '", "' . $entry['recipient'] . '", "' . $entry['sender'] . '", "' . $entry['message'] . '", "' . $entry['is_private'] . '")';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$entry['id'] = mysql_insert_id();
$query = 'UPDATE userinfo SET gb_entries = gb_entries + 1 WHERE userid = "' . $entry['recipient'] . '" LIMIT 1';
if (!mysql_query($query)) {
report_sql_error($query, __FILE__, __LINE__);
return false;
}
if (isset($entry['reply-to'])) {
$query = 'UPDATE traffa_guestbooks SET answered = "Y", `read` = 1 WHERE id = "' . $entry['reply-to'] . '" AND recipient = "' . $entry['sender'] . '" LIMIT 1';
if (!mysql_query($query)) {
report_sql_error($query, __FILE__, __LINE__);
return false;
}
}
if ($entry['is_mass_gb'] !== true) {
$query = 'SELECT session_id FROM login WHERE id = "' . $entry['recipient'] . '" LIMIT 1';
$result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$data = mysql_fetch_assoc($result);
if (strlen($data['session_id']) > 5) {
$remote_session = session_load($data['session_id']);
$remote_session['notices']['unread_gb_entries'] += 1;
$entry['image'] = $_SESSION['userinfo']['image'];
$entry['timestamp'] = time();
$entry['message'] = stripslashes($entry['message']);
$entry['username'] = $_SESSION['login']['username'];
$remote_session['unread_gb_entries'][] = $entry;
session_save($data['session_id'], $remote_session);
}
}
$_SESSION['last_gb_entry'] = time();
return true;
}
function block_user($userid)
{
mysql_query('UPDATE userinfo SET image = 0, image_ban_expire = "' . (time() + 86400 * 7) . '" WHERE userid = "' . $userid . '" LIMIT 1') or die('<script language="javascript">alert("FATALT FEL! IGNORERA FÖLJANDE MEDDELANDE OM ATT UPPDATERINGEN LYCKADES. MYSQL FELINFORMATION: (vidarebefodra till Tritone)\\n\\n' . mysql_error() . '")</script>');
/* We need to load and modify the remote users session */
$sessid_sql = 'SELECT session_id FROM login WHERE id = "' . $userid . '" LIMIT 1';
$sessid_result = mysql_query($sessid_sql) or die(report_sql_error($sessid_sql));
$sessid_data = mysql_fetch_assoc($sessid_result);
if (strlen($sessid_data['session_id']) > 5) {
$remote_session = session_load($sessid_data['session_id']);
$remote_session['userinfo']['image_ban_expire'] = time() + 86400 * 7;
session_save($sessid_data['session_id'], $remote_session);
}
if (unlink(PATHS_IMAGES . 'users/full/' . $userid . '.jpg') && unlink(PATHS_IMAGES . 'users/thumb/' . $userid . '.jpg')) {
echo '<script language="javascript">alert("Användar-ID ' . $userid . ' har blockerats från framtida uppladdning av bilder.");</script>';
log_admin_event('user blocked image upload', '', $_SESSION['login']['id'], $userid, $userid);
} else {
echo '<script language="javascript">alert("Ett fel uppstod när ' . $userid . '.jpg skulle tas bort!");</script>';
}
}
function new_entry($recipient, $sender, $message, $private = 0, $answereid = null, $post_id = 0)
{
//$message = htmlspecialchars($message);
$private = $private == 1 ? 1 : 0;
$insert_sql = 'INSERT INTO traffa_guestbooks(timestamp, recipient, sender, message, is_private, forum_post) ';
$insert_sql .= 'VALUES(UNIX_TIMESTAMP(), ' . $recipient . ', ' . $sender . ', \'' . $message . '\', ' . $private . ', ' . $post_id . ')';
mysql_query($insert_sql) or die(report_sql_error($insert_sql));
$update_sql = 'UPDATE traffa SET guestbook_entries = guestbook_entries + 1 WHERE userid = ' . $recipient . ' LIMIT 1';
mysql_query($update_sql) or die('Ett kritiskt fel uppstod! Felet uppstod i new_entry(). Felet uppstod när data uppdaterades.<br />Felinfo:<br />' . mysql_error());
$sessid_sql = 'SELECT session_id FROM login WHERE id = "' . $recipient . '" LIMIT 1';
$sessid_result = mysql_query($sessid_sql) or die(report_sql_error($sessid_sql));
$sessid_data = mysql_fetch_assoc($sessid_result);
if (strlen($sessid_data['session_id']) > 5) {
$remote_session = session_load($sessid_data['session_id']);
$remote_session['notices']['unread_gb_entries'] += 1;
session_save($sessid_data['session_id'], $remote_session);
}
if (isset($answereid)) {
$query = 'UPDATE traffa_guestbooks SET answered = "Y" WHERE id = "' . $answereid . '" AND recipient = "' . $_SESSION['login']['id'] . '" LIMIT 1';
mysql_query($query) or die('Ett kritiskt fel uppstod! Felet uppstod i new_entry(). Felet uppstod när data uppdaterades.<br />Felinfo:<br />' . mysql_error());
}
}
}
// Note: $current is a pointer!
$current['timestamp'] = time();
}
}
if ($increase_profile_visitors == true) {
$query = 'UPDATE userinfo SET profile_visitors = profile_visitors + 1 WHERE userid = ' . $user_id;
mysql_query($query) or die(report_sql_error($query));
}
$querys = array();
$querys['insert'] = 'INSERT INTO user_visits(user_id, item_id, type, count, timestamp) VALUES(' . $user_id . ', ' . $_SESSION['login']['id'] . ', "profile_visit", 1, unix_timestamp())';
$querys['update'] = 'UPDATE user_visits SET count = count + 1, timestamp = unix_timestamp() WHERE user_id=' . $user_id . ' AND item_id=' . $_SESSION['login']['id'] . ' AND type="profile_visit"';
@mysql_query($querys['insert']) or @mysql_query($querys['update']);
unset($querys);
/* Read remote session and log this visit */
$remote_session = session_load($userinfo['login']['session_id']);
if ($_SESSION['userinfo']['image'] == 1 || $_SESSION['userinfo']['image'] == 2) {
$visited = false;
foreach ($remote_session['visitors_with_image'] as $visitor) {
$visited = $visitor['id'] == $_SESSION['login']['id'] ? true : $visited;
}
if ($visited == false) {
while (count($remote_session['visitors_with_image']) >= 8) {
array_pop($remote_session['visitors_with_image']);
}
array_unshift($remote_session['visitors_with_image'], array('id' => $_SESSION['login']['id'], 'timestamp' => time(), 'username' => $_SESSION['login']['username']));
}
}
$remote_session['notice_message'] = 'Hey där, <a href="/traffa/profile.php?id=' . $_SESSION['login']['id'] . '">' . $_SESSION['login']['username'] . '</a> sladdade just in på din profil! - <a href="/traffa/my_visitors.php">Visa alla dina besökare!</a>';
session_save($userinfo['login']['session_id'], $remote_session);
}
function age_guess_result()
{
global $AGE_GUESS_COMMENTS;
$return .= '<img src="http://images.hamsterpaj.net/images/users/thumb/' . $_SESSION['age_guess']['current_user'] . '" />' . "\n";
$age_diff = $_GET['guessed_age'] == 'skip' ? 1 : $_GET['guessed_age'] - $_SESSION['age_guess']['current_age'];
switch (abs($age_diff)) {
case 0:
$score = 5;
$score_class = 'positive';
break;
case 1:
$score = 0;
$score_class = 'unchanged';
break;
default:
$score = abs($age_diff) * -1 + 1;
$score = $score < -5 ? -5 : $score;
$score_class = 'negative';
}
$return .= '<h2 class="age_guess_score_' . $score_class . '">' . $score . 'p</h2>' . "\n";
foreach ($AGE_GUESS_COMMENTS as $comment => $differences) {
foreach ($differences as $difference) {
$comments_by_diff[$difference][] = $comment;
}
}
$comment = $_GET['guessed_age'] == 'skip' ? 'Hoppade över' : $comments_by_diff[$age_diff][rand(0, count($comments_by_diff[$age_diff]) - 1)];
$return .= '<h2>' . $comment . '</h2>' . "\n";
$return .= '<p class="age_guess_answer_text"><a href="/traffa/profile.php?id=' . $_SESSION['age_guess']['current_user'] . '">' . $_SESSION['age_guess']['current_username'] . '</a>' . "\n";
$return .= ' är ' . $_SESSION['age_guess']['current_age'] . ' år</p>';
$return .= '<button onclick="window.open(\'/traffa/profile.php?id=' . $_SESSION['age_guess']['current_user'] . '\');">Besök i nytt fönster</button>' . "\n";
if (is_numeric($_GET['guessed_age'])) {
event_log_log('age_guess_guess');
/* Log answer to database */
$insertquery = 'INSERT INTO age_guess_logs (user, age_' . $_GET['guessed_age'] . ') VALUES("' . $_SESSION['age_guess']['current_user'] . '", 1)';
$updatequery = 'UPDATE age_guess_logs SET age_' . $_GET['guessed_age'] . ' = age_' . $_GET['guessed_age'] . ' + 1 WHERE user = "******" LIMIT 1';
mysql_query($insertquery) or mysql_query($updatequery);
if (login_checklogin()) {
$correct = $age_diff == 0 ? 1 : 0;
$insertquery = 'INSERT INTO age_guess_scoring (user, week, score, viewed_images, correct_guesses, correct_ratio)';
$insertquery .= ' VALUES("' . $_SESSION['login']['id'] . '", "' . date('YW') . '", "' . $score . '", 1, ' . $correct . ', correct_guesses/viewed_images)';
$updatequery = 'UPDATE age_guess_scoring SET score = score + ' . $score . ', viewed_images = viewed_images + 1, correct_guesses = correct_guesses + ' . $correct . ', correct_ratio = correct_guesses/viewed_images';
$updatequery .= ' WHERE user = "******" AND week = "' . date('YW') . '" LIMIT 1';
mysql_query($insertquery) or mysql_query($updatequery);
$_SESSION['age_guess']['score'] += $score;
$_SESSION['age_guess']['correct_guesses'] += $correct;
if ($_SESSION['age_guess']['score'] < -10) {
$_SESSION['age_guess']['score'] = -10;
$query = 'UPDATE age_guess_scoring SET score = -10 WHERE user = "******" AND week = "' . date('YW') . '" LIMIT 1';
mysql_query($query);
}
/* Find out if the remote user is online, if so, open the session and send a quicknote about the vote */
if ($score != 5) {
$query = 'SELECT session_id, lastaction FROM login WHERE id = "' . $_SESSION['age_guess']['current_user'] . '" LIMIT 1';
$result = mysql_query($query);
if ($data = mysql_fetch_assoc($result)) {
if ($data['lastaction'] > time() - 600) {
$remote_session = session_load($data['session_id']);
$remote_session['notice_message'] = 'Du, <a href="/traffa/profile.php?id=' . $_SESSION['login']['id'] . '">' . $_SESSION['login']['username'] . '</a> gissade nyss att du är ' . $_GET['guessed_age'] . ' år gammal i <a href="/traffa/age_guess.php">Gissa Åldern</a>!';
session_save($data['session_id'], $remote_session);
}
}
}
}
}
return $return;
}
die('Not authorized');
}
ui_top($ui_options);
$out = '<h1 style="margin-top: 0px;">User management</h1>' . "\n";
$out .= '<form method="get">' . "\n";
$out .= '<h2>Load user</h2>' . "\n";
$out .= '<input type="text" name="username" />' . "\n";
$out .= '<input type="submit" value="Load" />' . "\n";
$out .= '</form>' . "\n";
echo rounded_corners($out, array('color' => 'green'), true);
if (isset($_GET['username'])) {
$query = 'SELECT l.*, u.* FROM login AS l, userinfo AS u WHERE l.username = "******" AND u.userid = l.id';
$result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
if (mysql_num_rows($result) == 1) {
$user = mysql_fetch_assoc($result);
$user_session = session_load($user['session_id']);
if (isset($_POST['action'])) {
switch ($_POST['action']) {
case 'quality_level':
if (is_privilegied('read_only_admin')) {
$query = 'UPDATE login SET quality_level = "' . $_POST['quality_level'] . '", quality_level_expire = "' . $_POST['expire'] . '" WHERE id = "' . $user['id'] . '" LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
// trace('user_management_error', 'Query: ' . $query . ', Error: ' . mysql_error());
$user_session['login']['quality_level'] = $_POST['quality_level'];
$user_session['login']['quality_level_expire'] = $_POST['expire'];
echo '<p>User quality level updated</p>' . "\n";
preint_r($_POST);
} else {
echo 'Du har inte privilegier för att sätta RO\'s' . "\n";
}
break;
amuse_draw_small_item($data, 'table');
}
echo '</table>';
}
listPhotos($userid, $userdata['traffa']['photos']);
if (login_checklogin() == 1 && $_SESSION['login']['id'] != $userid) {
$query = 'INSERT INTO traffa_visits(profileid, userid, tstamp) VALUES(' . $userid . ', ';
$query .= $_SESSION['login']['id'] . ', UNIX_TIMESTAMP())';
mysql_query($query) or die(report_sql_error($query));
$view = $userid;
/* This is for the bubblemessage-stuff */
if (strlen($userdata['login']['session_id']) > 5) {
if ($_SESSION['visited_profiles'][$view] != 1 && $userdata['preferences']['bubblemessage_visitors'] == 'Y') {
$_SESSION['visited_profiles'][$view] = 1;
$bubblemessage = '<a href="/traffa/profile.php?id=' . $_SESSION['login']['id'] . '">' . $_SESSION['login']['username'] . '</a> surfade nyss in på din presentation ;)';
$remote_session = session_load($userdata['login']['session_id']);
$remote_session['bubblemessage'] = $bubblemessage;
session_save($userdata['login']['session_id'], $remote_session);
}
}
/* Add the visit to thevisitors left panel */
if (count($_SESSION['profile_visits']) == 10) {
array_pop($_SESSION['profile_visits']);
}
if (!isset($_SESSION['profile_visits'])) {
$_SESSION['profile_visits'][] = array('id' => $view, 'username' => $userdata['login']['username']);
} else {
array_unshift($_SESSION['profile_visits'], array('id' => $view, 'username' => $userdata['login']['username']));
}
}
ui_bottom();
function posts_create($post, $options)
{
/*
Required info:
content
discussion_id
author
Optional info:
timestamp
*/
/*
$post['content'] = str_replace('(</p><p>)+', '</p><p>', $post['content']);
$post['content'] = str_replace('(<br />)+', '<br />', $post['content']);
*/
if (forum_read_only_get($post['author'])) {
echo 'Error: Användaren avstängd från forumet' . "\n";
return false;
}
$post['content'] = trim($post['content']);
$content = mysql_real_escape_string($post['content']);
$quality_rank = text_quality_rank($post['content']);
$spelling_grammar = text_quality_rank($post['content']);
$post['timestamp'] = isset($post['timestamp']) ? $post['timestamp'] : time();
$query = 'INSERT INTO posts (author, length, content, discussion_id, quality_rank, spelling_grammar, timestamp, no_smilies)';
$query .= ' VALUES("' . $post['author'] . '", "' . strlen($post['content']) . '", "' . $post['content'] . '", "' . $post['discussion_id'];
$query .= '", "' . $quality_rank . '", "' . $spelling_grammar . '", "' . $post['timestamp'] . '", "';
$query .= (isset($post['no_smilies']) ? '1' : '0') . '")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
$post_id = mysql_insert_id();
/* Increase the post counter */
$query = 'UPDATE discussions SET posts = posts + 1, last_post = "' . $post_id . '" WHERE id = "' . $post['discussion_id'] . '" LIMIT 1';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
if (isset($options['gb_recipient'])) {
/* Update the "unread entries" in the remote users session */
$query = 'SELECT session_id FROM login WHERE id = "' . $options['gb_recipient'] . '" LIMIT 1';
$result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
if (mysql_num_rows($result) == 1) {
$data = mysql_fetch_assoc($result);
if (strlen($data['session_id']) > 1) {
$remote_session = session_load($data['session_id']);
$remote_session['notices']['unread_gb_entries'] += 1;
session_save($sessid_data['session_id'], $remote_session);
}
}
/* If a private entry has been sent, set the appropriate flag */
if ($options['private_gb'] == true) {
$query = 'INSERT INTO flags (object_id, object_type, flag) VALUES("' . $post_id . '", "post", "private_gb")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
}
}
//Parse to find answer tags
foreach (preg_split('/\\n/', $content) as $line) {
// find tags like: [svar:AmarsoLove=3245]
// eller: [svar:Henrik]
if (preg_match('/\\[svar:(\\w+)(=\\d+)?\\]/', $line, $matches)) {
//Fetch user_id
if (strtolower($matches[1]) != 'borttagen') {
$query = 'SELECT id FROM login WHERE username = "******"';
$result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
if (mysql_num_rows($result) == 1) {
$data = mysql_fetch_assoc($result);
$receiver_id = $data['id'];
//Insert response notice
$query = 'INSERT INTO notices (user_id, post_id, type) VALUES ("' . $receiver_id . '", "' . $post_id . '", "response")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
}
}
}
}
//Send notices to all users listed in $options['notices']
if (isset($options['notices'])) {
foreach ($options['notices'] as $receiver) {
if (strtolower($matches[1]) != 'borttagen') {
//Fetch user_id
$query = 'SELECT id FROM login WHERE username = "******"';
$result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
if (mysql_num_rows($result) == 1) {
$data = mysql_fetch_assoc($result);
$receiver_id = $data['id'];
//Insert response notice
$query = 'INSERT INTO notices (user_id, post_id, type) VALUES ("' . $receiver_id . '", "' . $post_id . '", "notice")';
log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'notiser', $query);
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
}
}
}
}
//Update users quality rank
//todo! This will require some thinking and adjustments in the future
if (login_checklogin()) {
$user_quality_rank = ($_SESSION['userinfo']['forum_quality_rank'] * 9 + $quality_rank) / 10;
unset($data);
$data['userinfo']['forum_quality_rank'] = $user_quality_rank;
login_save_user_data($_SESSION['login']['id'], $data);
session_merge($data);
//Update discussion quality rank
$query = 'SELECT quality_rank FROM posts WHERE discussion_id ="' . $post['discussion_id'] . '" ORDER BY id DESC LIMIT 30';
$result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
while ($data = mysql_fetch_assoc($result)) {
$quality_ranks[] = $data['quality_rank'];
}
sort($quality_ranks);
$discussion_quality_rank = $quality_ranks[floor(count($quality_ranks) / 2)];
$query = 'UPDATE discussions SET quality_rank="' . $discussion_quality_rank . '" WHERE id = "' . $post['discussion_id'] . '"';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
}
//Update discussion popularity
$slot = floor(date('G') / 3);
$slot_pre = $slot - 1;
$date_pre = date('Y-m-d');
if ($slot_pre < 0) {
$slot_pre = 7;
$date_pre = date('Y-m-d', strtotime('yesterday'));
}
$query_update = 'UPDATE discussion_statistics SET posts = posts + 1 WHERE discussion_id = "' . $post['discussion_id'] . '" AND date = "' . date('Y-m-d') . '" AND slot = "' . $slot . '"';
$query_posts_pre = 'SELECT posts FROM discussion_statistics WHERE discussion_id = "' . $post['discussion_id'] . '" AND date = "' . $date_pre . '" AND slot = "' . $slot_pre . '" LIMIT 1';
// log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, $post['discussion_id'] . ' ' . $slot . ' ' . $slot_pre, $query_posts_pre);
// Update the popularity for the tags that the discussion has been tagged with.
$tags = tag_get_by_item('discussion', $post['discussion_id']);
foreach ($tags as $tag) {
$query = 'UPDATE tags SET popularity = IF(popularity IS NULL, 0.05, popularity + 0.05) WHERE id = "' . $tag['tag_id'] . '" LIMIT 1';
mysql_query($query) or die(report_sql_error($query));
}
$result = mysql_query($query_posts_pre);
if ($data = mysql_fetch_assoc($result)) {
// log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, $data['posts'], $query_posts_pre);
$posts_pre = $data['posts'];
}
$query_insert = 'INSERT INTO discussion_statistics (discussion_id, date, slot, posts, posts_pre) VALUES ("' . $post['discussion_id'] . '", "' . date('Y-m-d') . '", "' . $slot . '", "1",' . ' "' . $posts_pre . '")';
// log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'insert', $query_insert);
if (mysql_query($query_insert)) {
log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'Vi körde insert!', $query_insert);
} elseif (mysql_query($query_update)) {
log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'Vi körde update!', $query_update);
} else {
log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, $query_update, $query_insert);
exit;
}
$_SESSION['posts']['latest'][] = array('timestamp' => $time, 'hash' => md5($post['content']));
return $post_id;
}
function login_dologin($username, $password, $options = array())
{
$ghost = isset($options['ghost']) && $options['ghost'] == true;
if (strtolower($username) == 'borttagen') {
header('Location: http://disneyworld.disney.go.com/wdw/index?bhcp=1');
exit;
}
if ($ghost) {
$query = 'SELECT id, lastaction, lastlogon, session_id FROM login WHERE username = "******" LIMIT 1';
$loginquery = mysql_query($query) or report_sql_error($query);
} elseif ($username && $password) {
$password = utf8_decode($password);
// Test for SHA1 with hash
$query = 'SELECT id, lastaction, lastlogon, session_id FROM login WHERE username = "******" AND password_hash = "' . sha1($password . PASSWORD_SALT) . '" LIMIT 1';
$loginquery = mysql_query($query) or report_sql_error($query);
if (mysql_num_rows($loginquery) == 0) {
// SHA1 not found, try the old MD5
$md5_query = 'SELECT id FROM login WHERE username = "******" AND password = "******" LIMIT 1';
$md5_result = mysql_query($md5_query) or report_sql_error($md5_query);
if (mysql_num_rows($md5_result) == 1) {
// MD5 found, update to SHA1
$data = mysql_fetch_assoc($md5_result);
$md5_to_sha1_query = 'UPDATE login SET password = "", password_hash = "' . sha1($password . PASSWORD_SALT) . '" WHERE id = "' . $data['id'] . '" LIMIT 1';
mysql_query($md5_to_sha1_query);
// Load data using the SHA1-hash
$query = 'SELECT id, lastaction, lastlogon, session_id FROM login WHERE username = "******" AND password_hash = "' . sha1($password . PASSWORD_SALT) . '" LIMIT 1';
$loginquery = mysql_query($query) or die('Query failed: ' . mysql_error());
}
}
} else {
return 2;
}
if (mysql_num_rows($loginquery) > 0) {
$tempdata = mysql_fetch_assoc($loginquery);
if ($tempdata['lastlogon'] < strtotime(date('Y-m-d'))) {
event_log_log('user_unique_log_on');
}
if ($tempdata['lastaction'] > time() - 600 && false) {
$old_session = session_load($tempdata['session_id']);
session_destroy();
session_id($tempdata['session_id']);
session_start();
$_SESSION = $old_session;
if (isset($_SESSION['login']['id'])) {
if ($ghost) {
$_SESSION['ghost'] = true;
}
return true;
}
}
if ($ghost) {
$_SESSION['ghost'] = true;
}
$uid = $tempdata['id'];
$ip = $_SERVER['REMOTE_ADDR'];
$_SESSION['cache']['lastupdate'] = 0;
$_SESSION['userid'] = $uid;
$_SESSION['login']['id'] = $uid;
$guestbook_sql = 'SELECT COUNT(id) AS unread FROM traffa_guestbooks WHERE recipient = ' . $_SESSION['login']['id'] . ' AND `read` = 0 AND deleted = 0';
$guestbook_result = mysql_query($guestbook_sql) or die('Ett fel inträffade!' . mysql_error() . $guestbook_sql);
$guestbook_data = mysql_fetch_assoc($guestbook_result);
$_SESSION['notices']['unread_gb_entries'] = $guestbook_data['unread'];
require_once $hp_includepath . 'message-functions.php';
$message_status = messages_count_unread($_SESSION['login']['id']);
$_SESSION['notices']['unread_messages'] = $message_status;
$fetch['login'] = array('id', 'lastlogon', 'username', 'password_hash', 'userlevel', 'regtimestamp', 'lastusernamechange', 'session_id', 'lastaction', 'lastip', 'regip', 'quality_level', 'quality_level_expire');
$fetch['preferences'] = array('bubblemessage_visitors', 'allow_hotmessages', 'activate_current_action', 'enable_hetluft', 'randomizer', 'left_login_module', 'enable_shoutbox', 'module_states', 'module_order', 'forum_enable_smilies', 'forum_subscribe_on_create', 'forum_subscribe_on_post');
$fetch['traffa'] = array('firstname', 'profile_modules');
$fetch['userinfo'] = array('contact1', 'contact2', 'gender', 'birthday', 'image', 'image_ban_expire', 'forum_signature', 'zip_code', 'forum_quality_rank', 'parlino_activated', 'cell_phone', 'firstname', 'surname', 'email', 'streetaddress', 'msn', 'visible_level', 'phone_ov', 'user_status', 'gbrss');
$userinfo = login_load_user_data($uid, $fetch, __FILE__, __LINE__);
$_SESSION = array_merge($_SESSION, $userinfo);
// $_SESSION['preferences']['forum_favourite_categories'] = unserialize($_SESSION['preferences']['forum_favourite_categories']);
$_SESSION['module_states'] = unserialize($_SESSION['preferences']['module_states']);
$_SESSION['module_order'] = explode('|', $_SESSION['preferences']['module_order']);
/* Notes in the note-module */
$query = 'SELECT text FROM notes WHERE id = "' . $_SESSION['login']['id'] . '" LIMIT 1';
$result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
$data = mysql_fetch_assoc($result);
$_SESSION['note'] = $data['text'];
/* groups-start-here */
$group_data['groups_members'] = array('groupid');
$groups = login_load_group_data($uid, $group_data);
$_SESSION = array_merge($_SESSION, $groups);
if (!$ghost) {
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
}
/* Friends start here */
$options['user_id'] = $_SESSION['login']['id'];
$_SESSION['friends'] = friends_fetch_online_smart($options);
$query = 'SELECT DISTINCT(uel.remote_user_id) AS id, uel.timestamp, l.username ';
$query .= 'FROM user_event_log AS uel, login AS l, userinfo AS u';
$query .= ' WHERE uel.action = "profile_visit" AND uel.user = "******" AND l.id = uel.remote_user_id AND (u.image = 1 OR u.image = 2) AND u.userid = uel.remote_user_id';
$query .= ' GROUP BY uel.remote_user_id ORDER BY timestamp DESC LIMIT 8';
$result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
while ($data = mysql_fetch_assoc($result)) {
$_SESSION['visitors_with_image'][] = $data;
}
/* Fetch the latest posts, the posts antiflood system will use this */
$query = 'SELECT MD5(content), timestamp FROM posts WHERE author = "' . $_SESSION['login']['id'] . '" ORDER BY id DESC LIMIT 50';
$result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
while ($data = mysql_fetch_assoc($result)) {
$_SESSION['posts']['latest'][] = $data;
}
/* Fetch privilegies */
$query = 'SELECT privilegie, value FROM privilegies WHERE user = "******"';
$result = mysql_query($query);
while ($data = mysql_fetch_assoc($result)) {
$_SESSION['privilegies'][$data['privilegie']][is_numeric($data['value']) ? intval($data['value']) : $data['value']] = true;
}
/* Log the logon to database */
$query = 'INSERT INTO login_log (user_id, logon_time, impressions, ip, ghost) VALUES(' . $_SESSION['login']['id'] . ', ' . time();
$query .= ', 0, ' . ip2long($_SERVER['REMOTE_ADDR']) . ', "' . ($ghost ? 'YES' : 'NO') . '")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
if (!$ghost) {
$sql = 'UPDATE login SET lastlogon = ' . time() . ', lastip = "' . $ip . '", session_id = "' . session_id() . '" WHERE id = "' . $uid . '" LIMIT 1';
mysql_query($sql) or die('Query failed: ' . mysql_error());
$_SESSION['login']['lastlogon'] = time();
}
/* Cache some info about the users visits to categories. This is used to calculate new threads and category-subscriptions */
$query = 'SELECT * FROM forum_category_visits WHERE user_id = "' . $_SESSION['login']['id'] . '"';
$result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
while ($data = mysql_fetch_assoc($result)) {
$_SESSION['forum']['categories'][$data['category_id']] = $data;
}
return 1;
} else {
return 0;
}
}
<?php
require '../include/core/common.php';
try {
$ui_options['stylesheets'][] = 'forms.css';
if (!is_privilegied('user_message')) {
throw new Exception('Du har inte privilegier för den här sidan');
}
if (isset($_POST['username']) && isset($_POST['message'])) {
$query = 'SELECT session_id FROM login WHERE username = "******" LIMIT 1';
$result = mysql_query($query) or report_sql_error($query);
if (mysql_num_rows($result) == 1) {
$data = mysql_fetch_assoc($result);
if (strlen($data['session_id']) > 0) {
$remote_session = session_load($data['session_id']);
$remote_session['user_message'] = $_POST['message'];
session_save($data['session_id'], $remote_session);
$out .= '<div class="form_notice_success">Meddelande skickat!</div>' . "\n";
} else {
$out .= '<div class="form_notice_error">Den användaren verkar inte ha en aktiv session.</div>' . "\n";
}
} else {
$out .= '<div class="form_notice_error">Användaren hittades inte.</div>' . "\n";
}
}
// form
$out .= '<fieldset>' . "\n";
$out .= '<legend>Användarmeddelande!</legend>' . "\n";
$out .= '<p>Den här funktionen ger användaren en javascriptruta med ditt meddelande. Detta kräver dock att användaren är inloggad.</p>' . "\n";
$out .= '<form action="?action=submit" method="post">';
$out .= '<table class="form">' . "\n";
function messages_send($sender, $recipient, $title, $message, $allowhtml = 0, $mass_message_id = 0)
{
if (!is_array($recipient)) {
$recipient = array($recipient);
}
$discussion = fetch_new_discussion_id($sender, $recipient);
if ($allowhtml != '1') {
$message = $message;
} else {
$message = addslashes($message);
}
$message = nl2br($message);
$title = htmlspecialchars($title);
foreach ($recipient as $this_recipient) {
$query = 'INSERT INTO messages_new(sender, recipient, title, message, timestamp, discussion, mass_message_id) ';
$query .= 'VALUES("' . $sender . '", "' . $this_recipient . '", "' . $title . '", "' . $message . '", UNIX_TIMESTAMP(), ' . $discussion . ', ' . $mass_message_id . ')';
mysql_query($query) or die(report_sql_error($query));
$message_id = mysql_insert_id();
$query = 'UPDATE userinfo SET messages_recieved = messages_recieved + 1 WHERE userid = ' . $this_recipient . ' LIMIT 1';
mysql_query($query) or die(report_sql_error($query));
$query = 'UPDATE userinfo SET messages_sent = messages_sent + 1 WHERE userid = ' . $sender . ' LIMIT 1';
mysql_query($query) or die(report_sql_error($query));
$query = 'SELECT session_id FROM login WHERE id = "' . $this_recipient . '" LIMIT 1';
$result = mysql_query($query) or die(report_sql_error($query));
$sessid_data = mysql_fetch_assoc($result);
if (strlen($sessid_data['session_id']) > 1) {
if ($_SESSION['login']['id'] == $sender) {
$bubblemessage = '"Så var det dags igen... ' . $_SESSION['login']['username'] . ' skickade nyss ett <b>nytt meddelande</b> till dig. Du kan <a href="/traffa/messages.php?action=read&message_id=' . $message_id . '">klicka här</a> om du vill läsa meddelandet."';
} else {
$bubblemessage = '"Tjena kompis! Du har nyss fått ett nytt <b>meddelande!</>! <a href="/traffa/messages.php">Till dina meddelanden »</a>"';
}
$remote_session = session_load($sessid_data['session_id']);
$remote_session['bubblemessage'][] = $bubblemessage;
$remote_session['notices']['unread_messages'] += 1;
session_save($sessid_data['session_id'], $remote_session);
}
}
}
function guestbook_insert($entry)
{
if ($entry['is_mass_gb'] !== true) {
if ($_SESSION['login']['id'] == $entry['sender']) {
if ($_SESSION['last_gb_entry'] > time() - 5) {
return false;
}
}
if (strlen($entry['message']) == 0) {
return false;
}
if ($entry['recipient'] == 2348 && $entry['sender'] != 2348) {
$_SESSION['posted_gb_to_webmaster'] = true;
}
}
$entry['is_private'] = $entry['is_private'] == 1 ? 1 : 0;
$query = 'INSERT INTO traffa_guestbooks(timestamp, recipient, sender, message, is_private)';
$query .= ' VALUES("' . time() . '", "' . $entry['recipient'] . '", "' . $entry['sender'] . '", "' . $entry['message'] . '", "' . $entry['is_private'] . '")';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$entry['id'] = mysql_insert_id();
$query = 'UPDATE userinfo SET gb_entries = gb_entries + 1 WHERE userid = "' . $entry['recipient'] . '" LIMIT 1';
if (!mysql_query($query)) {
report_sql_error($query, __FILE__, __LINE__);
return false;
}
if (isset($entry['reply-to'])) {
$query = 'UPDATE traffa_guestbooks SET answered = "Y", `read` = 1 WHERE id = "' . $entry['reply-to'] . '" AND recipient = "' . $entry['sender'] . '" LIMIT 1';
if (!mysql_query($query)) {
report_sql_error($query, __FILE__, __LINE__);
return false;
}
}
if ($entry['is_mass_gb'] !== true) {
$query = 'SELECT session_id FROM login WHERE id = "' . $entry['recipient'] . '" LIMIT 1';
$result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$data = mysql_fetch_assoc($result);
if (strlen($data['session_id']) > 5) {
$remote_session = session_load($data['session_id']);
$remote_session['notices']['unread_gb_entries'] += 1;
$entry['image'] = $_SESSION['userinfo']['image'];
$entry['timestamp'] = time();
$entry['message'] = stripslashes($entry['message']);
$entry['username'] = $_SESSION['login']['username'];
$remote_session['unread_gb_entries'][] = $entry;
session_save($data['session_id'], $remote_session);
}
}
$_SESSION['last_gb_entry'] = time();
// Report message to gb_autoreport if it contains a string which should be reported.
$query = 'SELECT id, string FROM gb_autoreport_strings';
$gb_autoreport_strings = query_cache(array('query' => $query));
$message = strtolower(' ' . $entry['message'] . ' ');
foreach ($gb_autoreport_strings as $gb_autoreport_string) {
if (strpos($message, strtolower($gb_autoreport_string['string'])) == true) {
$report_gb = true;
}
}
if (isset($report_gb) && $report_gb == true) {
$query = 'INSERT INTO gb_autoreport_posts SET string_id = ' . $gb_autoreport_string['id'] . ', gb_id = ' . $entry['id'];
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
}
return true;
}
function photoblog_forbid_upload($options)
{
if (!is_privilegied('photoblog_upload_forbid')) {
throw new Exception('You need privilegies for this');
}
if (!isset($options['user_id']) && !is_numeric($options['user_id'])) {
throw new Exception('User id must be set');
}
if (!isset($options['days']) && !is_numeric($options['days'])) {
throw new Exception('number of days must be set');
}
$query = 'UPDATE photoblog_preferences SET upload_forbidden = ' . strtotime('+' . $options['days'] . ' day', time()) . ' WHERE userid = ' . $options['user_id'] . ' LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
if ($_SESSION['login']['id'] == $options['user_id']) {
$_SESSION['photoblog_preferences']['upload_forbidden'] = strtotime('+' . $options['days'] . ' day', time());
} else {
$query = 'SELECT session_id FROM login WHERE id = ' . $options['user_id'] . ' LIMIT 1';
$result = mysql_query($query) or report_sql_error($query);
if (mysql_num_rows($result) == 1) {
$data = mysql_fetch_assoc($result);
if (strlen($data['session_id']) > 0) {
$remote_session = session_load($data['session_id']);
$remote_session['photoblog_preferences']['upload_forbidden'] = strtotime('+' . $options['days'] . ' day', time());
session_save($data['session_id'], $remote_session);
}
}
}
log_admin_event('photoblog_upload_forbidden', 'Antal dagar: ' . $options['days'], $_SESSION['login']['id'], $options['user_id'], 0);
}