stderr("Error", "Access denied."); } if ($_SERVER["REQUEST_METHOD"] == "POST") { if ($_POST["username"] == "" || $_POST["password"] == "" || $_POST["email"] == "") { stderr("Error", "Missing form data."); } if ($_POST["password"] != $_POST["password2"]) { stderr("Error", "Passwords mismatch."); } $email = htmlspecialchars(trim($_POST["email"])); $email = safe_email($email); if (!check_email($email)) { stderr("Error", "Invalid email address!"); } $username = $_POST["username"]; if (!validusername($username)) { stderr("Error", "Invalid username."); } $username = sqlesc($username); $res = sql_query("SELECT id FROM users WHERE username={$username}"); $arr = mysql_fetch_row($res); if ($arr) { stderr("Error", "Username already exists!"); } $password = $_POST["password"]; $email = sqlesc($_POST["email"]); $res = sql_query("SELECT id FROM users WHERE email={$email}"); $arr = mysql_fetch_row($res); if ($arr) { stderr("Error", "The e-mail address is already in use."); }
$ycharge['setall2up_half_down'] = 3500 * $discount; //50%下载&2X上传 $ycharge['top'] = 4000 * $discount * 10; //置顶 if (!$action) { print_r("<script type=\"text/javascript\" >alert(\"参数错误, 返回前一个页面\");window.history.back(-1);</script>"); echo "参数错误"; } $userid = $CURUSER['id']; $userbouns = (int) $CURUSER['seedbonus']; // changename if ($action == "changename") { $charge = -1; $newname = htmlspecialchars($_POST['newname']); $oldname = $CURUSER['username']; if (utf8_strlen($newname) > 14 || utf8_strlen($newname) < 4 || !validusername($newname)) { echo "名字不符合要求"; die; } if ($newname == $oldname) { echo "新旧用户名一样,无需更改"; die; } if ($res = sql_query("SELECT namecharge from bonusapp where userid ='" . $userid . "'") or sqlerr(__FILE__, __LINE__)) { $row = mysql_fetch_array($res); $charge = $row['namecharge']; } if ($charge <= 0) { $charge = $changenamecharge; if (preg_match("/^[\\d][\\d]*[\\d]\$/", $oldname)) { $charge = $charge / 2;
if ($wantpassword != $passagain) bark("Lykilorð passa ekki saman! Eflaust gert innsláttarvillu. Reyndu aftur."); if (strlen($wantpassword) < 6) bark("Lykilorð er of stutt (minnst má hafa 6 stafi)"); if (strlen($wantpassword) > 40) bark("Lykilorð er of langt (mest má hafa 40 stafi)"); if ($wantpassword == $wantusername) bark("Lykilorð má ekki vera sama og notandanafn."); if (!validemail($email)) bark("Þetta lítur út fyrir að vera ógilt netfang."); if (!validusername($wantusername)) bark("Ógilt notandanafn."); // make sure user agrees to everything... if ($HTTP_POST_VARS["rulesverify"] != "yes" || $HTTP_POST_VARS["faqverify"] != "yes" || $HTTP_POST_VARS["ageverify"] != "yes") stderr("Skráning mistókst", "Því miður þá verðuru að staðfesta að þú hafir lesið reglurnar, munir lesa SOS áður en þú spyrð spurninga og sért 13 ára eða eldri."); // check if email addy is already in use $a = (@mysql_fetch_row(@mysql_query("select count(*) from users where email='$email'"))) or die(mysql_error()); if ($a[0] != 0) bark("Netfangið $email er nú þegar skráð á listann hjá okkur."); $invid = $_POST['invite']; if(!$invid) bark("Nauðsynlegt að skrá inn boðslykilinn"); $verifystring = verifystring($invid,'md5');
//=== end of takesendmessage script //=== basic page :D $receiver = isset($_GET['receiver']) ? intval($_GET['receiver']) : (isset($_POST['receiver']) ? intval($_POST['receiver']) : 0); $replyto = isset($_GET['replyto']) ? intval($_GET['replyto']) : (isset($_POST['replyto']) ? intval($_POST['replyto']) : 0); $returnto = htmlsafechars(isset($_POST['returnto']) ? $_POST['returnto'] : ''); if ($receiver === 0) { stderr('Error', 'you can\'t PM Sys-Bot... It won\'t write you back!'); } if (!is_valid_id($receiver)) { stderr('Error', 'No member with that ID!'); } $res_member = sql_query('SELECT username FROM users WHERE id = ' . sqlesc($receiver)) or sqlerr(__FILE__, __LINE__); $arr_member = mysqli_fetch_row($res_member); //=== if reply if ($replyto != 0) { if (!validusername($arr_member[0])) { stderr('Error', 'No member with that ID!'); } //=== make sure they should be replying to this PM... $res_old_message = sql_query('SELECT receiver, sender, subject, msg FROM messages WHERE id = ' . sqlesc($replyto)) or sqlerr(__FILE__, __LINE__); $arr_old_message = mysqli_fetch_assoc($res_old_message); //print $arr_old_message['sender']; //exit(); if ($arr_old_message['sender'] == $CURUSER['id']) { stderr('Error', 'Slander, whose edge is sharper than the sword, whose tongue out venoms all the worms of Nile'); } $body .= "\n\n\n-------- {$arr_member['0']} wrote: --------\n{$arr_old_message['msg']}\n"; $subject = 'Re: ' . htmlsafechars($arr_old_message['subject']); } //=== if preview or not replying if ($_SERVER['REQUEST_METHOD'] == 'POST') {
dbconn(); maxcoder(); if (!logged_in()) { header("HTTP/1.0 404 Not Found"); // moddifed logginorreturn by retro//Remember to change the following line to match your server print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n"; die; } if (get_user_class() < UC_ADMINISTRATOR) { stderr("Smartass!", "What the hell are you doing here?"); } if ($_SERVER["REQUEST_METHOD"] == "POST") { if ($_POST["username"] == "" || $_POST["password"] == "" || $_POST["email"] == "" || $_POST["class"] == "" || $_POST["seedbonus"] == "" || $_POST["modcomment"] == "") { stderr("Error", "Missing form data."); } if (!validusername($_POST["username"])) { stderr("Error", "Invalid username."); } if ($_POST["password"] != $_POST["password2"]) { stderr("Error", "Passwords mismatch."); } if (!validemail($_POST['email'])) { stderr("Error", "Not valid email"); } $class = 0 + $_POST["class"]; $country = 0 + $_POST["country"]; $seedbonus = 0 + $_POST["seedbonus"]; $modcomment = $_POST["modcomment"]; $username = $_POST["username"]; $password = $_POST["password"]; // //// email stuff \\\\\\\\
if ($namelength < 3 or $namelength > 32) { $HTMLOUT = ""; $HTMLOUT .= "<font color='#cc0000'>{$lang['takesignup_username_length']}</font>"; print $HTMLOUT; exit; } // The following characters are allowed in user names $allowedchars = $lang['takesignup_allowed_chars']; for ($i = 0; $i < $namelength; ++$i) { if (strpos($allowedchars, $username[$i]) === false) { return false; } } return true; } if (!validusername($_GET["wantusername"])) { $HTMLOUT .= "<font color='#cc0000'>{$lang['takesignup_allowed_chars']}</font>"; print $HTMLOUT; exit; } if (strlen($_GET["wantusername"]) > 12) { $HTMLOUT .= "<font color='#cc0000'>{$lang['takesignup_username_length']}</font>"; print $HTMLOUT; exit; } $checkname = sqlesc($_GET["wantusername"]); $sql = "SELECT username FROM users WHERE username = {$checkname}"; $result = sql_query($sql); $numbers = mysql_num_rows($result); if ($numbers > 0) { while ($namecheck = mysql_fetch_assoc($result)) {
//=== if this member has blocked the sender $res2 = sql_query('SELECT id FROM blocks WHERE userid=' . sqlesc($to_username['id']) . ' AND blockid=' . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__); if (mysqli_num_rows($res2) === 1) { stderr('Refused', 'This member has blocked PMs from you.'); } //=== finally if they only allow PMs from friends if ($to_username['acceptpms'] === 'friends') { $res2 = sql_query('SELECT * FROM friends WHERE userid=' . sqlesc($to_username['id']) . ' AND friendid=' . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__); if (mysqli_num_rows($res2) != 1) { stderr('Refused', 'This member only accepts PMs from members on their friends list.'); } } } //=== ok... all is good... let's get the info and send it :D $subject = htmlsafechars($_POST['subject']); $first_from = validusername($_POST['first_from']) ? htmlsafechars($_POST['first_from']) : ''; $body = "\n\n" . $_POST['body'] . "\n\n-------- Original Message from [b]" . $first_from . "::[/b] \"" . htmlsafechars($message['subject']) . "\" -------------------------------------\n" . $message['msg'] . "\n"; sql_query('INSERT INTO `messages` (`sender`, `receiver`, `added`, `subject`, `msg`, `unread`, `location`, `saved`, `poster`, `urgent`) VALUES (' . sqlesc($CURUSER['id']) . ', ' . sqlesc($to_username['id']) . ', ' . TIME_NOW . ', ' . sqlesc($subject) . ', ' . sqlesc($body) . ', \'yes\', 1, ' . sqlesc($save) . ', 0, ' . sqlesc($urgent) . ')') or sqlerr(__FILE__, __LINE__); $mc1->delete_value('inbox_new_' . $to_username['id']); $mc1->delete_value('inbox_new_sb_' . $to_username['id']); //=== Check if message was forwarded if (mysqli_affected_rows($GLOBALS["___mysqli_ston"]) === 0) { stderr('Error', 'Message couldn\'t be forwarded!'); } //=== if they just have to know about it right away... send them an email (if selected if profile) if (strpos($to_username['notifs'], '[pm]') !== false) { $username = htmlsafechars($CURUSER['username']); $body = <<<EOD You have received a PM from {$username}!
$draft = $message['msg']; } //=== print out the page //echo stdhead('Use Draft'); $HTMLOUT .= '<h1>Use Draft: ' . $subject . '</h1>' . $top_links . $preview . ' <form name="compose" action="pm_system.php" method="post"> <input type="hidden" name="id" value="' . $pm_id . '" /> <input type="hidden" name="' . $save_or_edit . '" value="1" /> <input type="hidden" name="action" value="use_draft" /> <table border="0" cellspacing="0" cellpadding="5" align="center" style="max-width:800px"> <tr> <td class="colhead" align="left" colspan="2">use draft</td> </tr> <tr> <td align="right" class="one" valign="top"><span style="font-weight: bold;">To:</span></td> <td align="left" class="one" valign="top"><input type="text" name="to" value="' . (isset($_POST['to']) && validusername($_POST['to'], FALSE) ? htmlsafechars($_POST['to']) : 'Enter Username') . '" class="member" onfocus="this.value=\'\';" /> [ enter the username of the member you would like to send this to ]</td> </tr> <tr> <td class="one" valign="top" align="right"><span style="font-weight: bold;">Subject:</span></td> <td class="one" valign="top" align="left"><input type="text" class="text_default" name="subject" value="' . $subject . '" /></td> </tr> <tr> <td class="one" valign="top" align="right"><span style="font-weight: bold;">Body:</span></td> <td class="one" valign="top" align="left">' . BBcode($draft, FALSE) . '</td> </tr> <tr> <td colspan="2" align="center" class="one">' . ($CURUSER['class'] >= UC_STAFF ? ' <input type="checkbox" name="urgent" value="yes" ' . (isset($_POST['urgent']) && $_POST['urgent'] === 'yes' ? ' checked="checked"' : '') . ' /> <span style="font-weight: bold;color:red;">Mark as URGENT!</span>' : '') . ' <input type="submit" class="button" name="buttonval" value="preview" onmouseover="this.className=\'button_hover\'" onmouseout="this.className=\'button\'" />
} //=== redirect back with messages :P header('Location: pm_system.php?action=edit_mailboxes' . $worked); die; break; //=== edit boxes //=== edit boxes case 'edit_boxes': //=== get info $res = sql_query('SELECT * FROM pmboxes WHERE userid=' . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__); if (mysqli_num_rows($res) === 0) { stderr($lang['pm_error'], $lang['pm_edmail_err1']); } while ($row = mysqli_fetch_assoc($res)) { //=== if name different AND safe, update it if (validusername($_POST['edit' . $row['id']]) && $_POST['edit' . $row['id']] !== '' && $_POST['edit' . $row['id']] !== $row['name']) { $name = htmlsafechars($_POST['edit' . $row['id']]); sql_query('UPDATE pmboxes SET name=' . sqlesc($name) . ' WHERE id=' . sqlesc($row['id']) . ' LIMIT 1') or sqlerr(__FILE__, __LINE__); $mc1->delete_value('get_all_boxes' . $CURUSER['id']); $mc1->delete_value('insertJumpTo' . $CURUSER['id']); $worked = '&name=1'; } //=== if name is empty, delete the box(es) and send the PMs back to the inbox.. if ($_POST['edit' . $row['id']] == '') { //=== get messages to move $remove_messages_res = sql_query('SELECT id FROM messages WHERE location=' . sqlesc($row['boxnumber']) . ' AND receiver=' . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__); //== move the messages to the inbox while ($remove_messages_arr = mysqli_fetch_assoc($remove_messages_res)) { sql_query('UPDATE messages SET location=1 WHERE id=' . sqlesc($remove_messages_arr['id'])) or sqlerr(__FILE__, __LINE__); } //== delete the box
$draft = $message['msg']; } //=== print out the page //echo stdhead('Use Draft'); $HTMLOUT .= '<h1>' . $lang['pm_usedraft'] . '' . $subject . '</h1>' . $top_links . $preview . ' <form name="compose" action="pm_system.php" method="post"> <input type="hidden" name="id" value="' . $pm_id . '" /> <input type="hidden" name="' . $save_or_edit . '" value="1" /> <input type="hidden" name="action" value="use_draft" /> 33333333<table class="table table-striped"> <tr> <td class="colhead" align="left" colspan="2">' . $lang['pm_usedraft1'] . '</td> </tr> <tr> <td class="text-right" valign="top"><span style="font-weight: bold;">' . $lang['pm_forward_to'] . '</span></td> <td class="text-left" valign="top"><input type="text" name="to" value="' . (isset($_POST['to']) && validusername($_POST['to'], false) ? htmlsafechars($_POST['to']) : $lang['pm_forward_user']) . '" class="member" onfocus="this.value=\'\';" /> ' . $lang['pm_usedraft_usr'] . '</td> </tr> <tr> <td class="text-right" valign="top"><span style="font-weight: bold;">' . $lang['pm_send_subject'] . '</span></td> <td class="text-left" valign="top"><input type="text" class="text_default" name="subject" value="' . $subject . '" /></td> </tr> <tr> <td class="text-right" valign="top"><span style="font-weight: bold;">' . $lang['pm_send_body'] . '</span></td> <td class="text-left" valign="top">' . textbbcode('use_draft', 'body', $message['msg']) . '</td> </tr> <tr> <td colspan="2" class="text-center">' . ($CURUSER['class'] >= UC_STAFF ? ' <input type="checkbox" name="urgent" value="yes" ' . (isset($_POST['urgent']) && $_POST['urgent'] === 'yes' ? ' checked="checked"' : '') . ' /> <span style="font-weight: bold;color:red;">' . $lang['pm_send_mark'] . '</span>' : '') . ' <input type="submit" class="button" name="buttonval" value="preview" onmouseover="this.className=\'button_hover\'" onmouseout="this.className=\'button\'" />