Exemple #1
0
function guestbook_insert($entry)
{
    if ($entry['is_mass_gb'] !== true) {
        if ($_SESSION['login']['id'] == $entry['sender']) {
            if ($_SESSION['last_gb_entry'] > time() - 5) {
                return false;
            }
        }
        if (strlen($entry['message']) == 0) {
            return false;
        }
        if ($entry['recipient'] == 2348 && $entry['sender'] != 2348) {
            $_SESSION['posted_gb_to_webmaster'] = true;
        }
    }
    $entry['is_private'] = $entry['is_private'] == 1 ? 1 : 0;
    $query = 'INSERT INTO traffa_guestbooks(timestamp, recipient, sender, message, is_private)';
    $query .= ' VALUES("' . time() . '", "' . $entry['recipient'] . '", "' . $entry['sender'] . '", "' . $entry['message'] . '", "' . $entry['is_private'] . '")';
    mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
    $entry['id'] = mysql_insert_id();
    $query = 'UPDATE userinfo SET gb_entries = gb_entries + 1 WHERE userid = "' . $entry['recipient'] . '" LIMIT 1';
    if (!mysql_query($query)) {
        report_sql_error($query, __FILE__, __LINE__);
        return false;
    }
    if (isset($entry['reply-to'])) {
        $query = 'UPDATE traffa_guestbooks SET answered = "Y", `read` =  1 WHERE id = "' . $entry['reply-to'] . '" AND recipient = "' . $entry['sender'] . '" LIMIT 1';
        if (!mysql_query($query)) {
            report_sql_error($query, __FILE__, __LINE__);
            return false;
        }
    }
    if ($entry['is_mass_gb'] !== true) {
        $query = 'SELECT session_id FROM login WHERE id = "' . $entry['recipient'] . '" LIMIT 1';
        $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
        $data = mysql_fetch_assoc($result);
        if (strlen($data['session_id']) > 5) {
            $remote_session = session_load($data['session_id']);
            $remote_session['notices']['unread_gb_entries'] += 1;
            $entry['image'] = $_SESSION['userinfo']['image'];
            $entry['timestamp'] = time();
            $entry['message'] = stripslashes($entry['message']);
            $entry['username'] = $_SESSION['login']['username'];
            $remote_session['unread_gb_entries'][] = $entry;
            session_save($data['session_id'], $remote_session);
        }
    }
    $_SESSION['last_gb_entry'] = time();
    return true;
}
Exemple #2
0
function block_user($userid)
{
    mysql_query('UPDATE userinfo SET image = 0, image_ban_expire = "' . (time() + 86400 * 7) . '" WHERE userid = "' . $userid . '" LIMIT 1') or die('<script language="javascript">alert("FATALT FEL! IGNORERA FÖLJANDE MEDDELANDE OM ATT UPPDATERINGEN LYCKADES. MYSQL FELINFORMATION: (vidarebefodra till Tritone)\\n\\n' . mysql_error() . '")</script>');
    /* We need to load and modify the remote users session */
    $sessid_sql = 'SELECT session_id FROM login WHERE id = "' . $userid . '" LIMIT 1';
    $sessid_result = mysql_query($sessid_sql) or die(report_sql_error($sessid_sql));
    $sessid_data = mysql_fetch_assoc($sessid_result);
    if (strlen($sessid_data['session_id']) > 5) {
        $remote_session = session_load($sessid_data['session_id']);
        $remote_session['userinfo']['image_ban_expire'] = time() + 86400 * 7;
        session_save($sessid_data['session_id'], $remote_session);
    }
    if (unlink(PATHS_IMAGES . 'users/full/' . $userid . '.jpg') && unlink(PATHS_IMAGES . 'users/thumb/' . $userid . '.jpg')) {
        echo '<script language="javascript">alert("Användar-ID ' . $userid . ' har blockerats från framtida uppladdning av bilder.");</script>';
        log_admin_event('user blocked image upload', '', $_SESSION['login']['id'], $userid, $userid);
    } else {
        echo '<script language="javascript">alert("Ett fel uppstod när ' . $userid . '.jpg skulle tas bort!");</script>';
    }
}
function new_entry($recipient, $sender, $message, $private = 0, $answereid = null, $post_id = 0)
{
    //$message = htmlspecialchars($message);
    $private = $private == 1 ? 1 : 0;
    $insert_sql = 'INSERT INTO traffa_guestbooks(timestamp, recipient, sender, message, is_private, forum_post)  ';
    $insert_sql .= 'VALUES(UNIX_TIMESTAMP(), ' . $recipient . ', ' . $sender . ', \'' . $message . '\', ' . $private . ', ' . $post_id . ')';
    mysql_query($insert_sql) or die(report_sql_error($insert_sql));
    $update_sql = 'UPDATE traffa SET guestbook_entries = guestbook_entries + 1 WHERE userid = ' . $recipient . ' LIMIT 1';
    mysql_query($update_sql) or die('Ett kritiskt fel uppstod! Felet uppstod i new_entry(). Felet uppstod när data uppdaterades.<br />Felinfo:<br />' . mysql_error());
    $sessid_sql = 'SELECT session_id FROM login WHERE id = "' . $recipient . '" LIMIT 1';
    $sessid_result = mysql_query($sessid_sql) or die(report_sql_error($sessid_sql));
    $sessid_data = mysql_fetch_assoc($sessid_result);
    if (strlen($sessid_data['session_id']) > 5) {
        $remote_session = session_load($sessid_data['session_id']);
        $remote_session['notices']['unread_gb_entries'] += 1;
        session_save($sessid_data['session_id'], $remote_session);
    }
    if (isset($answereid)) {
        $query = 'UPDATE traffa_guestbooks SET answered = "Y" WHERE id = "' . $answereid . '" AND recipient = "' . $_SESSION['login']['id'] . '" LIMIT 1';
        mysql_query($query) or die('Ett kritiskt fel uppstod! Felet uppstod i new_entry(). Felet uppstod när data uppdaterades.<br />Felinfo:<br />' . mysql_error());
    }
}
Exemple #4
0
            }
            // Note: $current is a pointer!
            $current['timestamp'] = time();
        }
    }
    if ($increase_profile_visitors == true) {
        $query = 'UPDATE userinfo SET profile_visitors = profile_visitors + 1 WHERE userid = ' . $user_id;
        mysql_query($query) or die(report_sql_error($query));
    }
    $querys = array();
    $querys['insert'] = 'INSERT INTO user_visits(user_id, item_id, type, count, timestamp) VALUES(' . $user_id . ', ' . $_SESSION['login']['id'] . ', "profile_visit", 1, unix_timestamp())';
    $querys['update'] = 'UPDATE user_visits SET count = count + 1, timestamp = unix_timestamp() WHERE user_id=' . $user_id . ' AND item_id=' . $_SESSION['login']['id'] . ' AND type="profile_visit"';
    @mysql_query($querys['insert']) or @mysql_query($querys['update']);
    unset($querys);
    /* Read remote session and log this visit */
    $remote_session = session_load($userinfo['login']['session_id']);
    if ($_SESSION['userinfo']['image'] == 1 || $_SESSION['userinfo']['image'] == 2) {
        $visited = false;
        foreach ($remote_session['visitors_with_image'] as $visitor) {
            $visited = $visitor['id'] == $_SESSION['login']['id'] ? true : $visited;
        }
        if ($visited == false) {
            while (count($remote_session['visitors_with_image']) >= 8) {
                array_pop($remote_session['visitors_with_image']);
            }
            array_unshift($remote_session['visitors_with_image'], array('id' => $_SESSION['login']['id'], 'timestamp' => time(), 'username' => $_SESSION['login']['username']));
        }
    }
    $remote_session['notice_message'] = 'Hey där, <a href="/traffa/profile.php?id=' . $_SESSION['login']['id'] . '">' . $_SESSION['login']['username'] . '</a> sladdade just in på din profil! - <a href="/traffa/my_visitors.php">Visa alla dina besökare!</a>';
    session_save($userinfo['login']['session_id'], $remote_session);
}
Exemple #5
0
function age_guess_result()
{
    global $AGE_GUESS_COMMENTS;
    $return .= '<img src="http://images.hamsterpaj.net/images/users/thumb/' . $_SESSION['age_guess']['current_user'] . '" />' . "\n";
    $age_diff = $_GET['guessed_age'] == 'skip' ? 1 : $_GET['guessed_age'] - $_SESSION['age_guess']['current_age'];
    switch (abs($age_diff)) {
        case 0:
            $score = 5;
            $score_class = 'positive';
            break;
        case 1:
            $score = 0;
            $score_class = 'unchanged';
            break;
        default:
            $score = abs($age_diff) * -1 + 1;
            $score = $score < -5 ? -5 : $score;
            $score_class = 'negative';
    }
    $return .= '<h2 class="age_guess_score_' . $score_class . '">' . $score . 'p</h2>' . "\n";
    foreach ($AGE_GUESS_COMMENTS as $comment => $differences) {
        foreach ($differences as $difference) {
            $comments_by_diff[$difference][] = $comment;
        }
    }
    $comment = $_GET['guessed_age'] == 'skip' ? 'Hoppade över' : $comments_by_diff[$age_diff][rand(0, count($comments_by_diff[$age_diff]) - 1)];
    $return .= '<h2>' . $comment . '</h2>' . "\n";
    $return .= '<p class="age_guess_answer_text"><a href="/traffa/profile.php?id=' . $_SESSION['age_guess']['current_user'] . '">' . $_SESSION['age_guess']['current_username'] . '</a>' . "\n";
    $return .= ' är ' . $_SESSION['age_guess']['current_age'] . ' år</p>';
    $return .= '<button onclick="window.open(\'/traffa/profile.php?id=' . $_SESSION['age_guess']['current_user'] . '\');">Besök i nytt fönster</button>' . "\n";
    if (is_numeric($_GET['guessed_age'])) {
        event_log_log('age_guess_guess');
        /* Log answer to database */
        $insertquery = 'INSERT INTO age_guess_logs (user, age_' . $_GET['guessed_age'] . ') VALUES("' . $_SESSION['age_guess']['current_user'] . '", 1)';
        $updatequery = 'UPDATE age_guess_logs SET age_' . $_GET['guessed_age'] . ' = age_' . $_GET['guessed_age'] . ' + 1 WHERE user = "******" LIMIT 1';
        mysql_query($insertquery) or mysql_query($updatequery);
        if (login_checklogin()) {
            $correct = $age_diff == 0 ? 1 : 0;
            $insertquery = 'INSERT INTO age_guess_scoring (user, week, score, viewed_images, correct_guesses, correct_ratio)';
            $insertquery .= ' VALUES("' . $_SESSION['login']['id'] . '", "' . date('YW') . '", "' . $score . '", 1, ' . $correct . ', correct_guesses/viewed_images)';
            $updatequery = 'UPDATE age_guess_scoring SET score = score + ' . $score . ', viewed_images = viewed_images + 1, correct_guesses = correct_guesses + ' . $correct . ', correct_ratio = correct_guesses/viewed_images';
            $updatequery .= ' WHERE user = "******" AND week = "' . date('YW') . '" LIMIT 1';
            mysql_query($insertquery) or mysql_query($updatequery);
            $_SESSION['age_guess']['score'] += $score;
            $_SESSION['age_guess']['correct_guesses'] += $correct;
            if ($_SESSION['age_guess']['score'] < -10) {
                $_SESSION['age_guess']['score'] = -10;
                $query = 'UPDATE age_guess_scoring SET score = -10 WHERE user = "******" AND week = "' . date('YW') . '" LIMIT 1';
                mysql_query($query);
            }
            /* Find out if the remote user is online, if so, open the session and send a quicknote about the vote */
            if ($score != 5) {
                $query = 'SELECT session_id, lastaction FROM login WHERE id = "' . $_SESSION['age_guess']['current_user'] . '" LIMIT 1';
                $result = mysql_query($query);
                if ($data = mysql_fetch_assoc($result)) {
                    if ($data['lastaction'] > time() - 600) {
                        $remote_session = session_load($data['session_id']);
                        $remote_session['notice_message'] = 'Du, <a href="/traffa/profile.php?id=' . $_SESSION['login']['id'] . '">' . $_SESSION['login']['username'] . '</a> gissade nyss att du är ' . $_GET['guessed_age'] . ' år gammal i <a href="/traffa/age_guess.php">Gissa Åldern</a>!';
                        session_save($data['session_id'], $remote_session);
                    }
                }
            }
        }
    }
    return $return;
}
Exemple #6
0
    die('Not authorized');
}
ui_top($ui_options);
$out = '<h1 style="margin-top: 0px;">User management</h1>' . "\n";
$out .= '<form method="get">' . "\n";
$out .= '<h2>Load user</h2>' . "\n";
$out .= '<input type="text" name="username" />' . "\n";
$out .= '<input type="submit" value="Load" />' . "\n";
$out .= '</form>' . "\n";
echo rounded_corners($out, array('color' => 'green'), true);
if (isset($_GET['username'])) {
    $query = 'SELECT l.*, u.* FROM login AS l, userinfo AS u WHERE l.username = "******" AND u.userid = l.id';
    $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
    if (mysql_num_rows($result) == 1) {
        $user = mysql_fetch_assoc($result);
        $user_session = session_load($user['session_id']);
        if (isset($_POST['action'])) {
            switch ($_POST['action']) {
                case 'quality_level':
                    if (is_privilegied('read_only_admin')) {
                        $query = 'UPDATE login SET quality_level = "' . $_POST['quality_level'] . '", quality_level_expire = "' . $_POST['expire'] . '" WHERE id = "' . $user['id'] . '" LIMIT 1';
                        mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
                        // trace('user_management_error', 'Query: ' . $query . ', Error: ' . mysql_error());
                        $user_session['login']['quality_level'] = $_POST['quality_level'];
                        $user_session['login']['quality_level_expire'] = $_POST['expire'];
                        echo '<p>User quality level updated</p>' . "\n";
                        preint_r($_POST);
                    } else {
                        echo 'Du har inte privilegier för att sätta RO\'s' . "\n";
                    }
                    break;
Exemple #7
0
        amuse_draw_small_item($data, 'table');
    }
    echo '</table>';
}
listPhotos($userid, $userdata['traffa']['photos']);
if (login_checklogin() == 1 && $_SESSION['login']['id'] != $userid) {
    $query = 'INSERT INTO traffa_visits(profileid, userid, tstamp) VALUES(' . $userid . ', ';
    $query .= $_SESSION['login']['id'] . ', UNIX_TIMESTAMP())';
    mysql_query($query) or die(report_sql_error($query));
    $view = $userid;
    /* This is for the bubblemessage-stuff */
    if (strlen($userdata['login']['session_id']) > 5) {
        if ($_SESSION['visited_profiles'][$view] != 1 && $userdata['preferences']['bubblemessage_visitors'] == 'Y') {
            $_SESSION['visited_profiles'][$view] = 1;
            $bubblemessage = '<a href="/traffa/profile.php?id=' . $_SESSION['login']['id'] . '">' . $_SESSION['login']['username'] . '</a> surfade nyss in på din presentation ;)';
            $remote_session = session_load($userdata['login']['session_id']);
            $remote_session['bubblemessage'] = $bubblemessage;
            session_save($userdata['login']['session_id'], $remote_session);
        }
    }
    /* Add the visit to thevisitors left panel */
    if (count($_SESSION['profile_visits']) == 10) {
        array_pop($_SESSION['profile_visits']);
    }
    if (!isset($_SESSION['profile_visits'])) {
        $_SESSION['profile_visits'][] = array('id' => $view, 'username' => $userdata['login']['username']);
    } else {
        array_unshift($_SESSION['profile_visits'], array('id' => $view, 'username' => $userdata['login']['username']));
    }
}
ui_bottom();
Exemple #8
0
function posts_create($post, $options)
{
    /*
    		Required info: 
    			content
    			discussion_id
    			author
    		
    		Optional info:
    			timestamp
    */
    /*
    	$post['content'] = str_replace('(</p><p>)+', '</p><p>', $post['content']);
    	$post['content'] = str_replace('(<br />)+', '<br />', $post['content']);
    */
    if (forum_read_only_get($post['author'])) {
        echo 'Error: Användaren avstängd från forumet' . "\n";
        return false;
    }
    $post['content'] = trim($post['content']);
    $content = mysql_real_escape_string($post['content']);
    $quality_rank = text_quality_rank($post['content']);
    $spelling_grammar = text_quality_rank($post['content']);
    $post['timestamp'] = isset($post['timestamp']) ? $post['timestamp'] : time();
    $query = 'INSERT INTO posts (author, length, content, discussion_id, quality_rank, spelling_grammar, timestamp, no_smilies)';
    $query .= ' VALUES("' . $post['author'] . '", "' . strlen($post['content']) . '", "' . $post['content'] . '", "' . $post['discussion_id'];
    $query .= '", "' . $quality_rank . '", "' . $spelling_grammar . '", "' . $post['timestamp'] . '", "';
    $query .= (isset($post['no_smilies']) ? '1' : '0') . '")';
    mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
    $post_id = mysql_insert_id();
    /* Increase the post counter */
    $query = 'UPDATE discussions SET posts = posts + 1, last_post = "' . $post_id . '" WHERE id = "' . $post['discussion_id'] . '" LIMIT 1';
    mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
    if (isset($options['gb_recipient'])) {
        /* Update the "unread entries" in the remote users session */
        $query = 'SELECT session_id FROM login WHERE id = "' . $options['gb_recipient'] . '" LIMIT 1';
        $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
        if (mysql_num_rows($result) == 1) {
            $data = mysql_fetch_assoc($result);
            if (strlen($data['session_id']) > 1) {
                $remote_session = session_load($data['session_id']);
                $remote_session['notices']['unread_gb_entries'] += 1;
                session_save($sessid_data['session_id'], $remote_session);
            }
        }
        /* If a private entry has been sent, set the appropriate flag */
        if ($options['private_gb'] == true) {
            $query = 'INSERT INTO flags (object_id, object_type, flag) VALUES("' . $post_id . '", "post", "private_gb")';
            mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
        }
    }
    //Parse to find answer tags
    foreach (preg_split('/\\n/', $content) as $line) {
        // find tags like: [svar:AmarsoLove=3245]
        // 					eller: [svar:Henrik]
        if (preg_match('/\\[svar:(\\w+)(=\\d+)?\\]/', $line, $matches)) {
            //Fetch user_id
            if (strtolower($matches[1]) != 'borttagen') {
                $query = 'SELECT id FROM login WHERE username = "******"';
                $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
                if (mysql_num_rows($result) == 1) {
                    $data = mysql_fetch_assoc($result);
                    $receiver_id = $data['id'];
                    //Insert response notice
                    $query = 'INSERT INTO notices (user_id, post_id, type) VALUES ("' . $receiver_id . '", "' . $post_id . '", "response")';
                    mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
                }
            }
        }
    }
    //Send notices to all users listed in $options['notices']
    if (isset($options['notices'])) {
        foreach ($options['notices'] as $receiver) {
            if (strtolower($matches[1]) != 'borttagen') {
                //Fetch user_id
                $query = 'SELECT id FROM login WHERE username = "******"';
                $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
                if (mysql_num_rows($result) == 1) {
                    $data = mysql_fetch_assoc($result);
                    $receiver_id = $data['id'];
                    //Insert response notice
                    $query = 'INSERT INTO notices (user_id, post_id, type) VALUES ("' . $receiver_id . '", "' . $post_id . '", "notice")';
                    log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'notiser', $query);
                    mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
                }
            }
        }
    }
    //Update users quality rank
    //todo! This will require some thinking and adjustments in the future
    if (login_checklogin()) {
        $user_quality_rank = ($_SESSION['userinfo']['forum_quality_rank'] * 9 + $quality_rank) / 10;
        unset($data);
        $data['userinfo']['forum_quality_rank'] = $user_quality_rank;
        login_save_user_data($_SESSION['login']['id'], $data);
        session_merge($data);
        //Update discussion quality rank
        $query = 'SELECT quality_rank FROM posts WHERE discussion_id ="' . $post['discussion_id'] . '" ORDER BY id DESC LIMIT 30';
        $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
        while ($data = mysql_fetch_assoc($result)) {
            $quality_ranks[] = $data['quality_rank'];
        }
        sort($quality_ranks);
        $discussion_quality_rank = $quality_ranks[floor(count($quality_ranks) / 2)];
        $query = 'UPDATE discussions SET quality_rank="' . $discussion_quality_rank . '" WHERE id = "' . $post['discussion_id'] . '"';
        mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
    }
    //Update discussion popularity
    $slot = floor(date('G') / 3);
    $slot_pre = $slot - 1;
    $date_pre = date('Y-m-d');
    if ($slot_pre < 0) {
        $slot_pre = 7;
        $date_pre = date('Y-m-d', strtotime('yesterday'));
    }
    $query_update = 'UPDATE discussion_statistics SET posts = posts + 1 WHERE discussion_id = "' . $post['discussion_id'] . '" AND date = "' . date('Y-m-d') . '" AND slot = "' . $slot . '"';
    $query_posts_pre = 'SELECT posts FROM discussion_statistics WHERE discussion_id = "' . $post['discussion_id'] . '" AND date = "' . $date_pre . '" AND slot = "' . $slot_pre . '" LIMIT 1';
    //	log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, $post['discussion_id'] . ' ' . $slot . ' ' . $slot_pre, $query_posts_pre);
    // Update the popularity for the tags that the discussion has been tagged with.
    $tags = tag_get_by_item('discussion', $post['discussion_id']);
    foreach ($tags as $tag) {
        $query = 'UPDATE tags SET popularity = IF(popularity IS NULL, 0.05, popularity + 0.05) WHERE id = "' . $tag['tag_id'] . '" LIMIT 1';
        mysql_query($query) or die(report_sql_error($query));
    }
    $result = mysql_query($query_posts_pre);
    if ($data = mysql_fetch_assoc($result)) {
        //		log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, $data['posts'], $query_posts_pre);
        $posts_pre = $data['posts'];
    }
    $query_insert = 'INSERT INTO discussion_statistics (discussion_id, date, slot, posts, posts_pre) VALUES ("' . $post['discussion_id'] . '", "' . date('Y-m-d') . '", "' . $slot . '", "1",' . ' "' . $posts_pre . '")';
    //	log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'insert', $query_insert);
    if (mysql_query($query_insert)) {
        log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'Vi körde insert!', $query_insert);
    } elseif (mysql_query($query_update)) {
        log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'Vi körde update!', $query_update);
    } else {
        log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, $query_update, $query_insert);
        exit;
    }
    $_SESSION['posts']['latest'][] = array('timestamp' => $time, 'hash' => md5($post['content']));
    return $post_id;
}
Exemple #9
0
function login_dologin($username, $password, $options = array())
{
    $ghost = isset($options['ghost']) && $options['ghost'] == true;
    if (strtolower($username) == 'borttagen') {
        header('Location: http://disneyworld.disney.go.com/wdw/index?bhcp=1');
        exit;
    }
    if ($ghost) {
        $query = 'SELECT id, lastaction, lastlogon, session_id FROM login WHERE username = "******" LIMIT 1';
        $loginquery = mysql_query($query) or report_sql_error($query);
    } elseif ($username && $password) {
        $password = utf8_decode($password);
        // Test for SHA1 with hash
        $query = 'SELECT id, lastaction, lastlogon, session_id FROM login WHERE username = "******" AND password_hash = "' . sha1($password . PASSWORD_SALT) . '" LIMIT 1';
        $loginquery = mysql_query($query) or report_sql_error($query);
        if (mysql_num_rows($loginquery) == 0) {
            // SHA1 not found, try the old MD5
            $md5_query = 'SELECT id FROM login WHERE username = "******" AND password = "******" LIMIT 1';
            $md5_result = mysql_query($md5_query) or report_sql_error($md5_query);
            if (mysql_num_rows($md5_result) == 1) {
                // MD5 found, update to SHA1
                $data = mysql_fetch_assoc($md5_result);
                $md5_to_sha1_query = 'UPDATE login SET password = "", password_hash = "' . sha1($password . PASSWORD_SALT) . '" WHERE id = "' . $data['id'] . '" LIMIT 1';
                mysql_query($md5_to_sha1_query);
                // Load data using the SHA1-hash
                $query = 'SELECT id, lastaction, lastlogon, session_id FROM login WHERE username = "******" AND password_hash = "' . sha1($password . PASSWORD_SALT) . '" LIMIT 1';
                $loginquery = mysql_query($query) or die('Query failed: ' . mysql_error());
            }
        }
    } else {
        return 2;
    }
    if (mysql_num_rows($loginquery) > 0) {
        $tempdata = mysql_fetch_assoc($loginquery);
        if ($tempdata['lastlogon'] < strtotime(date('Y-m-d'))) {
            event_log_log('user_unique_log_on');
        }
        if ($tempdata['lastaction'] > time() - 600 && false) {
            $old_session = session_load($tempdata['session_id']);
            session_destroy();
            session_id($tempdata['session_id']);
            session_start();
            $_SESSION = $old_session;
            if (isset($_SESSION['login']['id'])) {
                if ($ghost) {
                    $_SESSION['ghost'] = true;
                }
                return true;
            }
        }
        if ($ghost) {
            $_SESSION['ghost'] = true;
        }
        $uid = $tempdata['id'];
        $ip = $_SERVER['REMOTE_ADDR'];
        $_SESSION['cache']['lastupdate'] = 0;
        $_SESSION['userid'] = $uid;
        $_SESSION['login']['id'] = $uid;
        $guestbook_sql = 'SELECT COUNT(id) AS unread FROM traffa_guestbooks WHERE recipient = ' . $_SESSION['login']['id'] . ' AND `read` =  0 AND deleted = 0';
        $guestbook_result = mysql_query($guestbook_sql) or die('Ett fel inträffade!' . mysql_error() . $guestbook_sql);
        $guestbook_data = mysql_fetch_assoc($guestbook_result);
        $_SESSION['notices']['unread_gb_entries'] = $guestbook_data['unread'];
        require_once $hp_includepath . 'message-functions.php';
        $message_status = messages_count_unread($_SESSION['login']['id']);
        $_SESSION['notices']['unread_messages'] = $message_status;
        $fetch['login'] = array('id', 'lastlogon', 'username', 'password_hash', 'userlevel', 'regtimestamp', 'lastusernamechange', 'session_id', 'lastaction', 'lastip', 'regip', 'quality_level', 'quality_level_expire');
        $fetch['preferences'] = array('bubblemessage_visitors', 'allow_hotmessages', 'activate_current_action', 'enable_hetluft', 'randomizer', 'left_login_module', 'enable_shoutbox', 'module_states', 'module_order', 'forum_enable_smilies', 'forum_subscribe_on_create', 'forum_subscribe_on_post');
        $fetch['traffa'] = array('firstname', 'profile_modules');
        $fetch['userinfo'] = array('contact1', 'contact2', 'gender', 'birthday', 'image', 'image_ban_expire', 'forum_signature', 'zip_code', 'forum_quality_rank', 'parlino_activated', 'cell_phone', 'firstname', 'surname', 'email', 'streetaddress', 'msn', 'visible_level', 'phone_ov', 'user_status', 'gbrss');
        $userinfo = login_load_user_data($uid, $fetch, __FILE__, __LINE__);
        $_SESSION = array_merge($_SESSION, $userinfo);
        //				$_SESSION['preferences']['forum_favourite_categories'] = unserialize($_SESSION['preferences']['forum_favourite_categories']);
        $_SESSION['module_states'] = unserialize($_SESSION['preferences']['module_states']);
        $_SESSION['module_order'] = explode('|', $_SESSION['preferences']['module_order']);
        /* Notes in the note-module */
        $query = 'SELECT text FROM notes WHERE id = "' . $_SESSION['login']['id'] . '" LIMIT 1';
        $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
        $data = mysql_fetch_assoc($result);
        $_SESSION['note'] = $data['text'];
        /* groups-start-here */
        $group_data['groups_members'] = array('groupid');
        $groups = login_load_group_data($uid, $group_data);
        $_SESSION = array_merge($_SESSION, $groups);
        if (!$ghost) {
            $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
        }
        /* Friends start here */
        $options['user_id'] = $_SESSION['login']['id'];
        $_SESSION['friends'] = friends_fetch_online_smart($options);
        $query = 'SELECT DISTINCT(uel.remote_user_id) AS id, uel.timestamp, l.username ';
        $query .= 'FROM user_event_log AS uel, login AS l, userinfo AS u';
        $query .= ' WHERE uel.action = "profile_visit" AND uel.user = "******" AND l.id = uel.remote_user_id AND (u.image = 1 OR u.image = 2) AND u.userid = uel.remote_user_id';
        $query .= ' GROUP BY uel.remote_user_id ORDER BY timestamp DESC LIMIT 8';
        $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
        while ($data = mysql_fetch_assoc($result)) {
            $_SESSION['visitors_with_image'][] = $data;
        }
        /* Fetch the latest posts, the posts antiflood system will use this */
        $query = 'SELECT MD5(content), timestamp FROM posts WHERE author = "' . $_SESSION['login']['id'] . '" ORDER BY id DESC LIMIT 50';
        $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
        while ($data = mysql_fetch_assoc($result)) {
            $_SESSION['posts']['latest'][] = $data;
        }
        /* Fetch privilegies */
        $query = 'SELECT privilegie, value FROM privilegies WHERE user = "******"';
        $result = mysql_query($query);
        while ($data = mysql_fetch_assoc($result)) {
            $_SESSION['privilegies'][$data['privilegie']][is_numeric($data['value']) ? intval($data['value']) : $data['value']] = true;
        }
        /* Log the logon to database */
        $query = 'INSERT INTO login_log (user_id, logon_time, impressions, ip, ghost) VALUES(' . $_SESSION['login']['id'] . ', ' . time();
        $query .= ', 0, ' . ip2long($_SERVER['REMOTE_ADDR']) . ', "' . ($ghost ? 'YES' : 'NO') . '")';
        mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
        if (!$ghost) {
            $sql = 'UPDATE login SET lastlogon = ' . time() . ', lastip = "' . $ip . '", session_id = "' . session_id() . '" WHERE id = "' . $uid . '" LIMIT 1';
            mysql_query($sql) or die('Query failed: ' . mysql_error());
            $_SESSION['login']['lastlogon'] = time();
        }
        /* Cache some info about the users visits to categories. This is used to calculate new threads and category-subscriptions */
        $query = 'SELECT * FROM forum_category_visits WHERE user_id = "' . $_SESSION['login']['id'] . '"';
        $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
        while ($data = mysql_fetch_assoc($result)) {
            $_SESSION['forum']['categories'][$data['category_id']] = $data;
        }
        return 1;
    } else {
        return 0;
    }
}
Exemple #10
0
<?php

require '../include/core/common.php';
try {
    $ui_options['stylesheets'][] = 'forms.css';
    if (!is_privilegied('user_message')) {
        throw new Exception('Du har inte privilegier för den här sidan');
    }
    if (isset($_POST['username']) && isset($_POST['message'])) {
        $query = 'SELECT session_id FROM login WHERE username = "******" LIMIT 1';
        $result = mysql_query($query) or report_sql_error($query);
        if (mysql_num_rows($result) == 1) {
            $data = mysql_fetch_assoc($result);
            if (strlen($data['session_id']) > 0) {
                $remote_session = session_load($data['session_id']);
                $remote_session['user_message'] = $_POST['message'];
                session_save($data['session_id'], $remote_session);
                $out .= '<div class="form_notice_success">Meddelande skickat!</div>' . "\n";
            } else {
                $out .= '<div class="form_notice_error">Den användaren verkar inte ha en aktiv session.</div>' . "\n";
            }
        } else {
            $out .= '<div class="form_notice_error">Användaren hittades inte.</div>' . "\n";
        }
    }
    // form
    $out .= '<fieldset>' . "\n";
    $out .= '<legend>Användarmeddelande!</legend>' . "\n";
    $out .= '<p>Den här funktionen ger användaren en javascriptruta med ditt meddelande. Detta kräver dock att användaren är inloggad.</p>' . "\n";
    $out .= '<form action="?action=submit" method="post">';
    $out .= '<table class="form">' . "\n";
function messages_send($sender, $recipient, $title, $message, $allowhtml = 0, $mass_message_id = 0)
{
    if (!is_array($recipient)) {
        $recipient = array($recipient);
    }
    $discussion = fetch_new_discussion_id($sender, $recipient);
    if ($allowhtml != '1') {
        $message = $message;
    } else {
        $message = addslashes($message);
    }
    $message = nl2br($message);
    $title = htmlspecialchars($title);
    foreach ($recipient as $this_recipient) {
        $query = 'INSERT INTO messages_new(sender, recipient, title, message, timestamp, discussion, mass_message_id) ';
        $query .= 'VALUES("' . $sender . '", "' . $this_recipient . '", "' . $title . '", "' . $message . '", UNIX_TIMESTAMP(), ' . $discussion . ', ' . $mass_message_id . ')';
        mysql_query($query) or die(report_sql_error($query));
        $message_id = mysql_insert_id();
        $query = 'UPDATE userinfo SET messages_recieved = messages_recieved + 1 WHERE userid = ' . $this_recipient . ' LIMIT 1';
        mysql_query($query) or die(report_sql_error($query));
        $query = 'UPDATE userinfo SET messages_sent = messages_sent + 1 WHERE userid = ' . $sender . ' LIMIT 1';
        mysql_query($query) or die(report_sql_error($query));
        $query = 'SELECT session_id FROM login WHERE id = "' . $this_recipient . '" LIMIT 1';
        $result = mysql_query($query) or die(report_sql_error($query));
        $sessid_data = mysql_fetch_assoc($result);
        if (strlen($sessid_data['session_id']) > 1) {
            if ($_SESSION['login']['id'] == $sender) {
                $bubblemessage = '"Så var det dags igen... ' . $_SESSION['login']['username'] . ' skickade nyss ett <b>nytt meddelande</b> till dig. Du kan <a href="/traffa/messages.php?action=read&message_id=' . $message_id . '">klicka här</a> om du vill läsa meddelandet."';
            } else {
                $bubblemessage = '"Tjena kompis! Du har nyss fått ett nytt <b>meddelande!</>! <a href="/traffa/messages.php">Till dina meddelanden &raquo;</a>"';
            }
            $remote_session = session_load($sessid_data['session_id']);
            $remote_session['bubblemessage'][] = $bubblemessage;
            $remote_session['notices']['unread_messages'] += 1;
            session_save($sessid_data['session_id'], $remote_session);
        }
    }
}
Exemple #12
0
function guestbook_insert($entry)
{
    if ($entry['is_mass_gb'] !== true) {
        if ($_SESSION['login']['id'] == $entry['sender']) {
            if ($_SESSION['last_gb_entry'] > time() - 5) {
                return false;
            }
        }
        if (strlen($entry['message']) == 0) {
            return false;
        }
        if ($entry['recipient'] == 2348 && $entry['sender'] != 2348) {
            $_SESSION['posted_gb_to_webmaster'] = true;
        }
    }
    $entry['is_private'] = $entry['is_private'] == 1 ? 1 : 0;
    $query = 'INSERT INTO traffa_guestbooks(timestamp, recipient, sender, message, is_private)';
    $query .= ' VALUES("' . time() . '", "' . $entry['recipient'] . '", "' . $entry['sender'] . '", "' . $entry['message'] . '", "' . $entry['is_private'] . '")';
    mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
    $entry['id'] = mysql_insert_id();
    $query = 'UPDATE userinfo SET gb_entries = gb_entries + 1 WHERE userid = "' . $entry['recipient'] . '" LIMIT 1';
    if (!mysql_query($query)) {
        report_sql_error($query, __FILE__, __LINE__);
        return false;
    }
    if (isset($entry['reply-to'])) {
        $query = 'UPDATE traffa_guestbooks SET answered = "Y", `read` =  1 WHERE id = "' . $entry['reply-to'] . '" AND recipient = "' . $entry['sender'] . '" LIMIT 1';
        if (!mysql_query($query)) {
            report_sql_error($query, __FILE__, __LINE__);
            return false;
        }
    }
    if ($entry['is_mass_gb'] !== true) {
        $query = 'SELECT session_id FROM login WHERE id = "' . $entry['recipient'] . '" LIMIT 1';
        $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
        $data = mysql_fetch_assoc($result);
        if (strlen($data['session_id']) > 5) {
            $remote_session = session_load($data['session_id']);
            $remote_session['notices']['unread_gb_entries'] += 1;
            $entry['image'] = $_SESSION['userinfo']['image'];
            $entry['timestamp'] = time();
            $entry['message'] = stripslashes($entry['message']);
            $entry['username'] = $_SESSION['login']['username'];
            $remote_session['unread_gb_entries'][] = $entry;
            session_save($data['session_id'], $remote_session);
        }
    }
    $_SESSION['last_gb_entry'] = time();
    // Report message to gb_autoreport if it contains a string which should be reported.
    $query = 'SELECT id, string FROM gb_autoreport_strings';
    $gb_autoreport_strings = query_cache(array('query' => $query));
    $message = strtolower(' ' . $entry['message'] . ' ');
    foreach ($gb_autoreport_strings as $gb_autoreport_string) {
        if (strpos($message, strtolower($gb_autoreport_string['string'])) == true) {
            $report_gb = true;
        }
    }
    if (isset($report_gb) && $report_gb == true) {
        $query = 'INSERT INTO gb_autoreport_posts SET string_id = ' . $gb_autoreport_string['id'] . ', gb_id = ' . $entry['id'];
        mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
    }
    return true;
}
Exemple #13
0
function photoblog_forbid_upload($options)
{
    if (!is_privilegied('photoblog_upload_forbid')) {
        throw new Exception('You need privilegies for this');
    }
    if (!isset($options['user_id']) && !is_numeric($options['user_id'])) {
        throw new Exception('User id must be set');
    }
    if (!isset($options['days']) && !is_numeric($options['days'])) {
        throw new Exception('number of days must be set');
    }
    $query = 'UPDATE photoblog_preferences SET upload_forbidden = ' . strtotime('+' . $options['days'] . ' day', time()) . ' WHERE userid = ' . $options['user_id'] . ' LIMIT 1';
    mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
    if ($_SESSION['login']['id'] == $options['user_id']) {
        $_SESSION['photoblog_preferences']['upload_forbidden'] = strtotime('+' . $options['days'] . ' day', time());
    } else {
        $query = 'SELECT session_id FROM login WHERE id = ' . $options['user_id'] . ' LIMIT 1';
        $result = mysql_query($query) or report_sql_error($query);
        if (mysql_num_rows($result) == 1) {
            $data = mysql_fetch_assoc($result);
            if (strlen($data['session_id']) > 0) {
                $remote_session = session_load($data['session_id']);
                $remote_session['photoblog_preferences']['upload_forbidden'] = strtotime('+' . $options['days'] . ' day', time());
                session_save($data['session_id'], $remote_session);
            }
        }
    }
    log_admin_event('photoblog_upload_forbidden', 'Antal dagar: ' . $options['days'], $_SESSION['login']['id'], $options['user_id'], 0);
}