$delquery = $db->query_str("DELETE FROM {$tab['news']} WHERE id='{$newsid}'");
$adminaction = "news_select";
}
############################
if ($adminaction_block) {
$block = $db->query("SELECT * FROM {$tab['news']} WHERE id='{$newsid}'");
$block[blocked] ? $block = 0 : ($block = 1);
$savequery = $db->query_str("UPDATE {$tab['news']} SET blocked='{$block}' WHERE id='{$newsid}'");
header("LOCATION: {$HTTP_REFERER}");
}
############################
if ($adminaction_in_activate) {
$news = $db->query("SELECT * FROM {$tab['news']} WHERE id='{$newsid}'");
$news[activated] ? $activ = 0 : ($activ = 1);
if ($activ) {
addpoints($points[news_activate], $news[autid]);
}
$savequery = $db->query_str("UPDATE {$tab['news']} SET activated='{$activ}' WHERE id='{$newsid}'");
header("LOCATION: {$HTTP_REFERER}");
}
############################
###########################
if ($adminaction_edit) {
$form = $db->query("SELECT * FROM {$tab['news']} WHERE id='{$newsid}'");
$user_name = mkuser("user_name", $form[autid], $NULL);
$smilies = getsmiliesbit("news.newsform.smilie.bit");
$thisaction = "news_edit_save";
unset($adminaction);
eval("\$inc[action] = \t\"" . gettemplate("news.admin.newsform") . "\";");
}
############################
} else {
$puplic = "0";
}
$savenewsquery = $db->query_str("INSERT INTO {$tab['news']} (autid,date,title,text,smilies,html,activated) \r\n\t\t\t\t\t\t\tVALUES ('{$login['id']}','{$time}','{$form['title']}','{$form['text']}','{$form['smilies']}','{$form['html']}','{$puplic}')");
eval("\$inc[action] = \"" . gettemplate("news.success.send") . "\";");
}
}
################
if ($action == "new_comment_save") {
if (!$newsid) {
header("LOCATION: index.php?section=news");
}
if ($form[autname] && $form[title] && $form[text] && $newsid) {
$time = time();
$query = $db->query_str("INSERT INTO {$tab['news_comment']} (newsid,autname,title,text,date) \r\n\t\t\t\t\t\tVALUES('{$newsid}','{$form['autname']}','{$form['title']}','{$form['text']}','{$time}')");
addpoints($points[news_com]);
unset($form);
} else {
eval("\$fail_comment = \"" . gettemplate("fail.eingabe") . "\";");
}
$action = "news_comment";
}
################
if ($action == "news_new") {
if (!$login) {
eval("\$inc[action] = \"" . gettemplate("fail.access.notloggedin") . "\";");
} else {
$user = getuser($login[id]);
$smilies = getsmiliesbit("news.newsform.smilie.bit");
$user_name = mkuser("user_name", 0, $login);
$thisaction = "new_new_save";
}
$res = $db->fetchOne("SELECT COUNT(*) AS NUM FROM members WHERE email='" . $email . "'");
if ($res != 0) {
serveranswer(0, $lang['txt']['usernameused']);
}
$res = $db->fetchOne("SELECT COUNT(*) AS NUM FROM members WHERE username='******' and status='Active'");
if ($res == 0) {
$referrer = "0";
} else {
$ref = $db->fetchRow("SELECT id, password, username, type, referrals, myrefs1 FROM members WHERE username='******'");
$newpassword = $input->pc['password'];
$newusername = $input->pc['username'];
require_once SOURCES . "cheater_password.php";
$membership = $db->fetchRow("SELECT point_enable, point_ref, directref_limit FROM membership WHERE id=" . $ref['type']);
if ($membership['point_enable'] == 1) {
addpoints($ref['id'], $membership['point_ref']);
}
$limitref = $membership['directref_limit'];
$addref = "no";
if ($ref['referrals'] < $limitref) {
$addref = "yes";
}
if ($limitref == "-1") {
$addref = "yes";
}
if ($addref == "yes") {
$set = array("referrals" => $ref['referrals'] + 1, "myrefs1" => $ref['myrefs1'] + 1);
$upd = $db->update("members", $set, "id=" . $ref['id']);
$referrer = $ref['id'];
/*here start referal_constant*/
$verificar = $db->fetchOne("SELECT COUNT(*) AS NUM FROM addon WHERE name='referal_constant' ; ");
if (!$login[id]) {
$login[id] = "1";
}
if (!$form[title] || !$form[text]) {
eval("\$fail_thread = \"" . gettemplate("fail.eingabe") . "\";");
} else {
if ($db->query("SELECT * FROM {$tab['forum_post']} WHERE post_title='{$form['title']}' AND post_text='{$form['text']}' AND aut_id='{$login['id']}' AND parent_boardid='{$boardid}'")) {
eval("\$incf[action] = \"" . gettemplate("forum.fail.post.twice") . "\";");
} else {
$boardposts = $thisboard[count_posts] + 1;
$boardthreads = $thisboard[count_threads] + 1;
$insertstring = $db->query_str("INSERT INTO {$tab['forum_post']} (parent_boardid,settime,is_first,aut_id,post_title,post_text,smilies,signatur) \n\t\t\t\t\t\t\t\t\t\tVALUES ('{$boardid}','" . time() . "','1','{$login['id']}','{$form['title']}','{$form['text']}','{$form['smilies']}','{$form['signatur']}')");
$postid = mysql_insert_id();
$id = $db->query_str("UPDATE {$tab['forum_post']} SET \n\t\t\t\t\t\t\t\t\tlast_userid='{$login['id']}',\n\t\t\t\t\t\t\t\t\tparent_postid='{$postid}',\n\t\t\t\t\t\t\t\t\tlast_posttime='" . time() . "'\n\t\t\t\t\t\t\t\t\tWHERE id='{$postid}'");
$updateboard = $db->query_str("UPDATE {$tab['forum_board']} SET \n\t\t\t\t\t\t\t\t\t\tcount_threads=count_threads+1,\n\t\t\t\t\t\t\t\t\t\tcount_posts=count_posts+1,\n\t\t\t\t\t\t\t\t\t\tlast_userid='{$login['id']}',\n\t\t\t\t\t\t\t\t\t\tlast_postid='{$postid}'\n\t\t\t\t\t\t\t\t\t\tWHERE id='{$boardid}'");
addpoints($points[forum_newthread]);
set_forum_notify();
header("LOCATION: index.php?section=forum&swora=" . session_id() . "&boardid={$boardid}&threadid={$postid}&start={$start}");
}
}
}
##########################
if ($action == "save_edit_thread") {
$post = getpost($postid);
if ($post[is_first] && !$form[title]) {
eval("\$fail_edit = \"" . gettemplate("fail.eingabe") . "\";");
} elseif ($post[aut_id] != $login[id] && !is_allowed($sec[forum][id], $boardid)) {
eval("\$inc[action] = \"" . gettemplate("fail.access.noaccess") . "\";");
} else {
if (!$form[text]) {
eval("\$fail_edit = \"" . gettemplate("fail.eingabe") . "\";");
