$query = "SELECT * FROM press WHERE `Deleted`='0' AND `Approved`='1' ORDER BY `Posted` DESC LIMIT 6";
$section = "press";
} elseif ($_GET['q'] == "ext_top_7days") {
$query = "SELECT * FROM ext WHERE `Deleted`='0' AND `Visible`='1' AND `Posted` >= DATE_SUB(CURRENT_DATE(), INTERVAL {$recent_days} DAY) ORDER BY `Rank` DESC LIMIT 4";
$section = "external-news";
} elseif ($_GET['q'] == "ext_top_all") {
$query = "SELECT * FROM ext WHERE `Deleted`='0' AND `Visible`='1' ORDER BY `Rank` DESC LIMIT 4";
$section = "external-news";
} elseif ($_GET['q'] == "ext_bottom_7days") {
$query = "SELECT * FROM ext WHERE `Deleted`='0' AND `Visible`='1' AND `Posted` >= DATE_SUB(CURRENT_DATE(), INTERVAL {$recent_days} DAY) ORDER BY `Rank` ASC LIMIT 4";
$section = "external-news";
} elseif ($_GET['q'] == "ext_bottom_all") {
$query = "SELECT * FROM ext WHERE `Deleted`='0' AND `Visible`='1' ORDER BY `Rank` ASC LIMIT 4";
$section = "external-news";
}
if ($result = mysql_query_cached($query)) {
foreach ($result->data as $item) {
$name = utf8entities(stripslashes($item['Name']));
$id = $item['Id'];
$comments = $item['CommentCount'];
$rank = $section == "external-news" ? $item['Rank'] : 0;
$upvotes = $section == "press" ? $item['Upvotes'] : 0;
echo template_item($name, $section, $id, $comments, false, $upvotes, $rank);
}
}
}
} else {
die("Error: No valid query was passed on.");
}
/*
if(!isset($_GET['s']) || !isset($_GET['f']) || !isset($_GET['o']) || !isset($_GET['p']))
if (!isset($_ANONNEWS)) {
die;
}
/* Protect from direct requests */
/* This module handles the thread listing. */
$post_id = is_numeric($var_id) ? $var_id : 0;
if ($result = mysql_query_cached("SELECT * FROM forum_posts WHERE `Id`='{$var_id}' AND `ParentId`='0'", 5)) {
$post = $result->data[0];
$query = "SELECT * FROM forum_categories WHERE `Id`='{$post['CategoryId']}'";
if ($category = mysql_query_cached($query)->data[0]) {
$topic = utf8entities(stripslashes($post['Topic']));
$caturlname = utf8entities(stripslashes($category['UrlName']));
$catname = utf8entities(stripslashes($category['Name']));
echo "<h2><a href=\"/forum\">Forum</a> > <a href=\"/forum/category/{$caturlname}/\">{$catname}</a> > {$topic}</h2>";
echo template_post($post);
$query = "SELECT * FROM forum_posts WHERE `ParentId`='{$post['Id']}'";
if ($children = mysql_query_cached($query, 5)) {
foreach ($children->data as $child) {
echo template_post($child);
}
}
echo "<div class=\"forum-reply\">\n\t\t\t<h3>Post a reply</h3>\n\t\t\t<form class=\"forum\" method=\"post\" action=\"/forum/post/{$var_id}/reply\">\n\t\t\t\t<input type=\"text\" name=\"name\" value=\"Anonymous\">\n\t\t\t\t<textarea name=\"body\"></textarea>\n\t\t\t\t<div class=\"forum-reply-button\">\n\t\t\t\t\t<button type=\"submit\" name=\"submit\">Post reply >></button>\n\t\t\t\t\t" . template_captcha() . "\n\t\t\t\t</div>\n\t\t\t</form>\n\t\t</div>";
} else {
$var_code = ANONNEWS_ERROR_NOT_FOUND;
require "module.error.php";
}
} else {
$var_code = ANONNEWS_ERROR_NOT_FOUND;
require "module.error.php";
}
<?php
if (!isset($_ANONNEWS)) {
die;
}
/* Protect from direct requests */
if (isset($_POST['submit'])) {
// Process login.
$sUsername = mysql_real_escape_string($_POST['username']);
$sPassword = sha1($_POST['password']);
if ($result = mysql_query_cached("SELECT * FROM mods WHERE `Username` = '{$sUsername}' AND `Hash` = '{$sPassword}'")) {
$_SESSION['loggedin'] = true;
$_SESSION['userid'] = $result->data[0]['Id'];
$_SESSION['accesslevel'] = $result->data[0]['AccessLevel'];
echo "Successfully logged in! <a href=\"/moderation/\">Continue...</a>";
} else {
echo "The login details you entered are incorrect.";
}
} else {
// Show login form
echo "\n\t\t<form method=\"post\" action=\"/moderation/login/\">\n\t\t\t<strong>Log in to access the moderator panel.</strong><br>\n\t\t\tUsername: <input type=\"text\" name=\"username\"><br>\n\t\t\tPassword: <input type=\"password\" name=\"password\"><br>\n\t\t\t<button type=\"submit\" name=\"submit\" value=\"submit\">Log in</button>\n\t\t</form>\n\t";
}
function spam_score($url, $title = "", $check_ip = true)
{
$score = 0;
if ($check_ip) {
/* Check DNSBLs */
if (check_blacklisted()) {
/* If a user is blacklisted in a DNSBL, his submission will be
* held for manual review. We do not want to assign any further
* spam points to this submission to avoid him accidentally
* getting blocked, so we return with a score of 5. */
return 5;
}
/* Check internal banlist */
if (check_banlist()) {
return 10;
}
}
if (!preg_match("/^https?:\\/\\/([^\\/:]*?\\.[^\\/:]*)(\\/|:[0-9]{1,5}|\$)/", $url, $matches)) {
return 10;
}
$domain = $matches[1];
if (preg_match("/^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\$/", $domain)) {
$localhost = false;
$localhost = $localhost || ip_in_range($domain, "10.0.0.0/8");
$localhost = $localhost || ip_in_range($domain, "127.0.0.1/8");
$localhost = $localhost || ip_in_range($domain, "172.16.0.0/12");
$localhost = $localhost || ip_in_range($domain, "192.168.0.0/16");
if ($localhost) {
// Adding entries that point to localhost is not allowed.
return 10;
}
}
$domain_parts = explode(".", $domain);
$top_domain = $domain_parts[count($domain_parts) - 2] . "." . $domain_parts[count($domain_parts) - 1];
if ($result = mysql_query_cached("SELECT * FROM blacklist")) {
$blacklist = $result->data;
} else {
return $score;
}
$banned_domains = array();
$banned_parts = array();
$banned_ips = array();
$banned_titles = array();
foreach ($blacklist as $element) {
if ($element['Type'] == "0") {
$banned_ips[] = $element['Value'];
} elseif ($element['Type'] == "1") {
$banned_parts[] = $element['Value'];
} elseif ($element['Type'] == "2") {
$banned_domains[] = $element['Value'];
} elseif ($element['Type'] == "3") {
$banned_titles[] = $element['Value'];
}
}
$ipList = explode(",", get_ip());
foreach ($ipList as $ip) {
if (in_array($ip, $banned_ips)) {
$score += 5;
}
}
if (count($domain_parts) >= 3) {
$sub_domain = $domain_parts[count($domain_parts) - 3] . "." . $domain_parts[count($domain_parts) - 2] . "." . $domain_parts[count($domain_parts) - 1];
} else {
$sub_domain = $top_domain;
}
foreach ($banned_domains as $part) {
if (strtolower($part) == strtolower($top_domain) || strtolower($part) == strtolower($sub_domain)) {
$score += 10;
} elseif (strpos($url, $part) !== false) {
$score += 5;
}
}
foreach ($banned_parts as $part) {
if (strpos(strtolower($url), strtolower($part)) !== false) {
$score += 3;
}
}
if (!empty($title)) {
foreach ($banned_titles as $part) {
if (strpos(strtolower($title), strtolower($part)) !== false) {
$score += 3;
}
}
}
return $score;
}
}
} else {
$var_code = ANONNEWS_ERROR_INCORRECT_CAPTCHA;
require "module.error.php";
}
}
}
} elseif ($var_mode == "reply") {
// Post a reply to an existing thread.
$recaptcha = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if ($recaptcha->is_valid) {
$post_id = is_numeric($var_id) ? $var_id : 0;
$name = !empty($_POST['name']) ? mysql_real_escape_string($_POST['name']) : "Anonymous";
$body = mysql_real_escape_string($_POST['body']);
if (!empty($body)) {
if ($result = mysql_query_cached("SELECT * FROM forum_posts WHERE `Id`='{$post_id}'")) {
$parent = $result->data[0];
$query = "INSERT INTO forum_posts (`CategoryId`, `ParentId`, `Name`, `Topic`, `Posted`, `Body`, `Replies`, `LastReplyUser`, `LastReplyTime`)\n\t\t\t\tVALUES ('{$parent['CategoryId']}', '{$post_id}', '{$name}', '', CURRENT_TIMESTAMP, '{$body}', '0', '', CURRENT_TIMESTAMP)";
if (mysql_query($query)) {
$insid = mysql_insert_id();
$topic = mysql_real_escape_string(stripslashes($parent['Topic']));
mysql_query("UPDATE forum_categories SET `Posts`=`Posts`+1 , `LastPostTime`=CURRENT_TIMESTAMP , `LastPostTopic`='{$topic}' WHERE `Id`='{$parent['CategoryId']}'");
mysql_query("UPDATE forum_posts SET `Replies`=`Replies`+1 , `LastReplyUser`='{$name}' , `LastReplyTime`=CURRENT_TIMESTAMP WHERE `Id`='{$post_id}'");
echo "<p><strong>Your post was successful!</strong> It may take a few seconds to appear.</p>\n\t\t\t\t\t<p><a href=\"/forum/post/{$post_id}/#p-{$insid}\" class=\"page-button\"><< back to thread</a></p>";
} else {
$var_code = ANONNEWS_ERROR_DATABASE_ERROR;
require "module.error.php";
}
} else {
$var_code = ANONNEWS_ERROR_NOT_FOUND;
require "module.error.php";
// PRIMARY KEY, safe to assign
echo "<div class=\"mod-item\">\n\t\t\t<a href=\"/press/item/{$sId}/\" target=\"_blank\">{$sTitle}</a>\n\t\t\t<a href=\"/moderation/item/press/{$sId}/approve/\" class=\"mod-approve\">Approve</a>\n\t\t\t<a href=\"/moderation/item/press/{$sId}/reject/\" class=\"mod-reject\">Reject</a>\n\t\t</div>";
}
} else {
echo "No unmoderated press releases.";
}
echo "<div class=\"mod-spacer\"></div><h3>External news sources</h3>";
if ($result = mysql_query_cached("SELECT * FROM ext WHERE `Deleted` = '0' AND `Approved` = '0' ORDER BY `Visible` DESC LIMIT 100", 2)) {
foreach ($result->data as $item) {
$sUrl = htmlspecialchars(stripslashes($item['Url']));
$sTitle = utf8entities(stripslashes($item['Name']));
$sId = $item['Id'];
// PRIMARY KEY, safe to assign
echo "<div class=\"mod-item\">\n\t\t\t<a href=\"{$sUrl}\" target=\"_blank\">{$sTitle}</a> \n\t\t\t<a href=\"/moderation/item/external-news/{$sId}/approve/\" class=\"mod-approve\">Approve</a>\n\t\t\t<a href=\"/moderation/item/external-news/{$sId}/reject/\" class=\"mod-reject\">Reject</a>\n\t\t\t<div class=\"mod-url\">{$sUrl}</div>\n\t\t</div>";
}
} else {
echo "No unmoderated external news sources.";
}
echo "<div class=\"mod-spacer\"></div><h3>Related sites</h3>";
if ($result = mysql_query_cached("SELECT * FROM sites WHERE `Deleted` = '0' AND `Approved` = '0' ORDER BY `Id` ASC LIMIT 100", 2)) {
foreach ($result->data as $item) {
$sUrl = htmlspecialchars(stripslashes($item['Url']));
$sTitle = utf8entities(stripslashes($item['Name']));
$sId = $item['Id'];
// PRIMARY KEY, safe to assign
echo "<div class=\"mod-item\">\n\t\t\t<a href=\"{$sUrl}\" target=\"_blank\">{$sTitle}</a> \n\t\t\t<a href=\"/moderation/item/external-news/{$sId}/approve/\" class=\"mod-approve\">Approve</a>\n\t\t\t<a href=\"/moderation/item/external-news/{$sId}/reject/\" class=\"mod-reject\">Reject</a>\n\t\t\t<div class=\"mod-url\">{$sUrl}</div>\n\t\t</div>";
}
} else {
echo "No unmoderated related sites.";
}
//$result = mysql_query_cached("SELECT * FROM sites WHERE `Approved` = '0'", 2);
if (mysql_num_rows($res) > 0) {
$row = mysql_fetch_array($res);
$total = $row['Upvotes'] + 1;
mysql_query("UPDATE press SET `Upvotes`='{$total}' WHERE `Id`='{$var_id}'");
}
}
echo "<strong>Your comment is now visible.</strong>\n\t\t\t\t\t<p><a href=\"/{$var_section}/item/{$var_id}/comments/#c-{$comment_id}\" class=\"page-button\"><< back to thread</a></p>";
render_comments($var_table, $var_id);
$validated = true;
} else {
echo "<strong>The captcha you entered was incorrect.</strong> Try again.<br><br>";
}
}
} else {
$error = true;
$var_code = ANONNEWS_ERROR_NOT_FOUND;
require "module.error.php";
}
}
if ($error === false && ($posted === true || $validated === false)) {
if ($result = mysql_query_cached("SELECT * FROM comments WHERE `Id`='{$comment_id}'")) {
$linecount = count(explode("\n", $result->data[0]['Body']));
$charcount = strlen($result->data[0]['Body']);
echo "\n\t\t\t<form method=\"post\" action=\"/{$var_section}/item/{$var_id}/comments/post/{$parent}/\">\n\t\t\t\t<input type=\"hidden\" name=\"commentid\" value=\"{$comment_id}\">\n\t\t\t\t<input type=\"hidden\" name=\"validate\" value=\"true\">\n\t\t\t\t" . template_captcha();
if ($var_section == "press" && $linecount >= 2 && $charcount >= 100) {
echo "<br><input type=\"checkbox\" name=\"upvote\" value=\"true\"> Upvote this press release<br><br>";
}
echo "<button type=\"submit\" name=\"submit\">Verify</button>\n\t\t\t</form>\n\t\t\t";
}
}
}
/* Protect from direct requests */
/* This module handles the category overview. */
?>
<h2>Forum</h2>
<div class="forum-header">
Be sure to read the <a href="/static/forumrules">Forum Rules</a>! All posting is anonymous, no registration is necessary and no IPs are kept.
</div>
<table class="forum-table">
<tr>
<th class="forum-header-category-name">Category</th>
<th class="forum-header-category-threads">Threads</th>
<th class="forum-header-category-posts">Posts</th>
</tr>
<?php
$result = mysql_query_cached("SELECT * FROM forum_categories ORDER BY `Name` ASC", 10);
foreach ($result->data as $category) {
if ($category['Posts'] > 0) {
$posttime = date("F j, Y H:i:s", strtotime($category['LastPostTime']));
$lasttopic = utf8entities($category['LastPostTopic']);
$lastpost = "Last post: <strong>{$lasttopic}</strong> @ {$posttime}";
} else {
$lastpost = "There are no posts in this category yet.";
}
echo "<tr>\n\t\t\t<td class=\"forum-item-category-name\">\n\t\t\t\t<a class=\"forum-table-link\" href=\"/forum/category/{$category['UrlName']}\">\n\t\t\t\t\t<div class=\"forum-table-name\">{$category['Name']}</div>\n\t\t\t\t\t<div class=\"forum-table-date\">{$lastpost}</div>\n\t\t\t\t</a>\n\t\t\t</td>\n\t\t\t<td class=\"forum-item-category-threads\">{$category['Threads']}</td>\n\t\t\t<td class=\"forum-item-category-posts\">{$category['Posts']}</td>\n\t\t</tr>";
}
?>
</table>
<div class="forum-buttons">
<a href="/forum/category/<?php
echo $var_id;
?>
/new">Create new thread</a>
<div class="clear"></div>
</div>
<table class="forum-table">
<tr>
<th class="forum-header-threads-name">Thread Title</th>
<th class="forum-header-threads-replies">Replies</th>
</tr>
<?php
if ($result = mysql_query_cached("SELECT * FROM forum_posts WHERE `CategoryId`='{$catid}' AND `ParentId`='0' ORDER BY `LastReplyTime` DESC", 10)) {
foreach ($result->data as $post) {
$teaser = cut_text(utf8entities(stripslashes($post['Body'])), 90);
$topic = utf8entities(stripslashes($post['Topic']));
echo "<tr>\n\t\t\t\t\t<td class=\"forum-item-threads-name\">\n\t\t\t\t\t\t<a class=\"forum-table-link\" href=\"/forum/post/{$post['Id']}\">\n\t\t\t\t\t\t\t<div class=\"forum-table-name\">{$topic}</div>\n\t\t\t\t\t\t\t<div class=\"forum-table-teaser\">{$teaser}</div>\n\t\t\t\t\t\t</a>\n\t\t\t\t\t</td>\n\t\t\t\t\t<td class=\"forum-item-threads-replies\">{$post['Replies']}</td>\n\t\t\t\t</tr>";
}
} else {
echo "<tr>\n\t\t\t\t<td colspan=\"2\">There are no threads in this category yet.</td>\n\t\t\t</tr>";
}
?>
</table>
<?php
} else {
$var_code = ANONNEWS_ERROR_NOT_FOUND;
require "module.error.php";