require_once CORE_PATH . 'nbbcode.php';
if (isset($_GET['status'])) {
$statusMsg = intval($_GET['status']);
$result = $db->sql_query("SELECT active FROM " . $prefix . "_message WHERE mid='{$statusMsg}'");
if ($db->sql_numrows($result) > 0) {
list($status) = $db->sql_fetchrow($result);
if (is_numeric($status)) {
$status = intval(!$status);
$db->sql_query("UPDATE " . $prefix . "_message SET active='{$status}' WHERE mid='{$statusMsg}'");
}
}
URL::redirect(URL::admin('messages'));
} elseif (isset($_GET['save']) && isset($_POST['content'])) {
$id = intval($_GET['save']);
$title = Fix_Quotes($_POST['title']);
$content = Fix_Quotes(encode_bbcode($_POST['content']));
$language = Fix_Quotes($_POST['language']);
$expire = intval($_POST['expire']);
$active = intval($_POST['active']);
$view = intval($_POST['view']);
if ($id > 0) {
$newdate = $_POST['chng_date'] ? ', date=' . time() : '';
$result = $db->sql_query("UPDATE " . $prefix . "_message SET title='{$title}', content='{$content}' {$newdate}, expire={$expire}, active={$active}, view={$view}, mlanguage='{$language}' WHERE mid='{$id}'");
} else {
$db->sql_query("INSERT INTO " . $prefix . "_message (mid, title, content, date, expire, active, view, mlanguage) VALUES (DEFAULT, '{$title}', '{$content}', " . time() . ", {$expire}, {$active}, {$view}, '{$language}')");
}
URL::redirect(URL::admin('messages'));
} else {
if (isset($_GET['del']) && isset($_POST['confirm'])) {
$db->sql_query('DELETE FROM ' . $prefix . '_message WHERE mid=' . intval($_GET['del']));
$db->optimize_table($prefix . '_message');
public static function encode($text)
{
# Split all bbcodes.
$text_parts = BBCode::split_bbcodes($text);
# Merge all bbcodes and do special actions depending on the type of code.
$text = '';
while ($part = array_shift($text_parts)) {
if (isset($part['code'])) {
if ($part['code'] == 'list' && $part['text'][5] == '=' && substr($part['text'], -3) != ':o]') {
# [list=x] for ordered lists.
$part['text'] = substr($part['text'], 0, -1) . ':o]';
}
if ($part['code'] != 'code' && $part['code'] != 'php' && $part['subc']) {
$part['text'] = '[' . encode_bbcode(substr($part['text'], 1, -1)) . ']';
}
}
$text .= $part['text'];
}
return trim($text);
}
function replyPost($sid)
{
global $db, $prefix, $MAIN_CFG, $userinfo;
if (!$MAIN_CFG['global']['anonpost'] && !is_user()) {
cpg_error(_NOANONCOMMENTS);
}
$pid = intval($_POST['pid']);
$subject = Fix_Quotes(check_words($_POST['subject']), 1);
$comment = Fix_Quotes(encode_bbcode(htmlprepare(check_words($_POST['comment']))), 1);
if (is_user()) {
$name = $userinfo['username'];
$email = $userinfo['femail'];
$url = $userinfo['user_website'];
$score = 1;
} else {
$name = $email = $url = '';
$score = 0;
}
$ip = $userinfo['user_ip'];
list($fake) = $db->sql_ufetchrow("SELECT COUNT(*) FROM " . $prefix . "_stories WHERE sid='{$sid}'", SQL_NUM);
if ($fake) {
$db->sql_query("INSERT INTO " . $prefix . "_comments (tid, pid, sid, date, name, email, url, host_name, subject, comment, score, reason) VALUES (DEFAULT, '{$pid}', '{$sid}', " . time() . ", '{$name}', '{$email}', '{$url}', '{$ip}', '{$subject}', '{$comment}', '{$score}', '0')");
$db->sql_query("UPDATE " . $prefix . "_stories SET comments=comments+1 WHERE sid='{$sid}'");
URL::redirect(URL::index('&file=article&sid=' . $sid));
} else {
cpg_error("According to our records, the article you are trying to reply to does not exist. If you're just trying to be annoying, well then too bad.");
}
}
function preview_review()
{
global $multilingual, $module_name;
$date = $_POST['date'];
$title = $_POST['title'];
$text = $_POST['text'];
$reviewer = $_POST['reviewer'];
$email = $_POST['email'];
$score = intval($_POST['score']);
$cover = $_POST['cover'];
$url = $_POST['url'];
$url_title = $_POST['url_title'];
$hits = intval($_POST['hits']);
$id = intval($_POST['id']);
$language = $_POST['language'];
if (eregi('<!--pagebreak-->', $text)) {
$text = ereg_replace('<!--pagebreak-->', '<!--pagebreak-->', $text);
}
if ($title == '') {
cpg_error(_INVALIDTITLE . '1');
}
if ($text == '') {
cpg_error(_INVALIDTEXT);
}
if ($hits < 0 && $id != 0) {
cpg_error(_INVALIDHITS);
}
if ($reviewer == '' || $email == '') {
cpg_error(_CHECKNAME);
}
if (!is_email($email)) {
cpg_error(_INVALIDEMAIL);
}
if (($url_title == '') != ($url == '')) {
cpg_error(_INVALIDLINK);
} elseif ($url != '') {
if (!eregi('(^http[s]*:[/]+)(.*)', $url)) {
// If the user ommited the http, this nifty eregi will add it
$url = 'http://' . $url;
}
}
require_once 'header.php';
OpenTable();
echo '<form method="post" action="' . URL::index() . '">';
if ($date == '') {
$date = date('Y-m-d', time());
}
$year2 = substr($date, 0, 4);
$month = substr($date, 5, 2);
$day = substr($date, 8, 2);
$fdate = date('F jS Y', mktime(0, 0, 0, $month, $day, $year2));
echo '<table border="0" width="100%"><tr><td colspan="2">';
echo '<p class="title"><i><b>' . $title . '</b></i></p><br />';
echo '<blockquote><p>';
if ($cover != '') {
echo '<img src="images/reviews/' . $cover . '" style="float:right; border:1px; padding:0 0 2px 0;" alt="" />';
}
echo decode_bbcode($text, 1);
echo '<p>';
echo '<b>' . _ADDED . "</b> {$fdate}<br />";
if ($multilingual) {
echo '<b>' . _LANGUAGE . "</b> {$language}<br />";
}
echo '<b>' . _REVIEWER . "</b> <a href=\"mailto:{$email}\">{$reviewer}</a><br />";
echo '<b>' . _SCORE . '</b> ';
display_score($score);
if ($url != '') {
echo '<br /><b>' . _RELATEDLINK . ":</b> <a href=\"{$url}\" target=\"new\">{$url_title}</a>";
}
if ($id != 0) {
echo '<br /><b>' . _REVIEWID . ":</b> {$id}<br />";
echo '<b>' . _HITS . ":</b> {$hits}<br />";
}
echo '</p></blockquote>';
echo '</td></tr></table>';
$text = encode_bbcode($text);
echo '<p><i>' . _LOOKSRIGHT . '</i> ';
if (isset($_POST['id'])) {
echo "<input type=\"hidden\" name=\"id\" value=\"{$id}\" />";
}
echo "<input type=\"hidden\" name=\"hits\" value=\"{$hits}\" />\n <input type=\"hidden\" name=\"rop\" value=\"send_review\" />\n <input type=\"hidden\" name=\"date\" value=\"{$date}\" />\n <input type=\"hidden\" name=\"title\" value=\"" . htmlspecialchars($title) . "\" />\n <input type=\"hidden\" name=\"text\" value=\"" . htmlspecialchars($text) . "\" />\n <input type=\"hidden\" name=\"reviewer\" value=\"{$reviewer}\" />\n <input type=\"hidden\" name=\"email\" value=\"{$email}\" />\n <input type=\"hidden\" name=\"score\" value=\"{$score}\" />\n <input type=\"hidden\" name=\"url\" value=\"{$url}\" />\n <input type=\"hidden\" name=\"url_title\" value=\"" . htmlspecialchars($url_title) . "\" />\n <input type=\"hidden\" name=\"cover\" value=\"{$cover}\" />";
echo "<input type=\"hidden\" name=\"language\" value=\"{$language}\" />";
echo '<input type="submit" value="' . _YES . '" /> <input type="button" onclick="history.go(-1)" value="' . _NO . '" />';
$word = $id != 0 ? _RMODIFIED : _RADDED;
if (can_admin(strtolower($module_name))) {
echo '<br /><br /><b>' . _NOTE . '</b> ' . _ADMINLOGGED . " {$word}.";
}
CloseTable();
}
function welcome_pm()
{
global $db, $MAIN_CFG, $prefix, $sitename, $userinfo, $user_prefix;
$privmsgs_to_userid = $db->sql_nextid('user_id');
$welcome_msg = Fix_Quotes(encode_bbcode($MAIN_CFG['member']['welcomepm_msg']));
$welcome = Fix_Quotes(_WELCOMETO . ' ' . $sitename . '!');
$sql = "INSERT INTO " . $prefix . "_bbprivmsgs (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip, privmsgs_enable_html, privmsgs_enable_bbcode, privmsgs_enable_smilies, privmsgs_attach_sig) VALUES (1, '{$welcome}', 2, '{$privmsgs_to_userid}', " . time() . ", " . $userinfo['user_ip'] . ", 0, 1, 1, 0)";
if (!$db->sql_query($sql)) {
cpg_error('Could not insert private message sent info.');
}
$privmsg_text_id = $db->sql_nextid('privmsgs_id');
$sql = "INSERT INTO " . $prefix . "_bbprivmsgs_text (privmsgs_text_id, privmsgs_text) VALUES ({$privmsg_text_id}, '{$welcome_msg}')";
if (!$db->sql_query($sql)) {
cpg_error('Could not insert private message sent text.');
}
$db->sql_query("UPDATE " . $user_prefix . "_users SET user_new_privmsg=1 WHERE user_id={$privmsgs_to_userid}");
}
} else {
$CPG_SESS['submit_story'] = true;
$story = isset($_POST['story']) ? $_POST['story'] : false;
$storyext = isset($_POST['storyext']) ? $_POST['storyext'] : false;
$subject = isset($_POST['subject']) ? htmlprepare($_POST['subject']) : false;
$topic = isset($_POST['topic']) ? intval($_POST['topic']) : 0;
$alanguage = isset($_POST['alanguage']) ? $_POST['alanguage'] : '';
require_once BASEDIR . 'includes/wysiwyg/wysiwyg.inc';
$story_editor = new Wysiwyg('submitnews', 'story', '100%', '200px', $story);
$storyext_editor = new Wysiwyg('submitnews', 'storyext', '100%', '300px', $storyext);
$story_editor->setHeader();
require_once 'header.php';
OpenTable();
if ($story) {
$f_story = decode_bb_all(encode_bbcode($story), 1, true);
$f_storyext = decode_bb_all(encode_bbcode($storyext), 1, true);
if ($topic < 1) {
$topicimage = 'AllTopics.gif';
$warning = '<div style="text-align:center;" class="option">' . _SELECTTOPIC . '</div>';
} else {
$warning = '';
$result = $db->sql_query('SELECT topicimage, topictext FROM ' . $prefix . "_topics WHERE topicid='{$topic}'");
list($topicimage, $topictext) = $db->sql_fetchrow($result);
}
echo '<div style="text-align:center;" class="gen"><b>' . _NEWSUBPREVIEW . '</b></div><br />
<div style="text-align:center;">' . _CHECKSTORY . '</div><br />
<table class="newsarticle" style="width:70%; margin:auto;"><tr><td>
<img src="images/topics/' . $topicimage . '" style="border:0; float:right;" alt="' . (isset($topictext) ? $topictext : '') . '" title="' . (isset($topictext) ? $topictext : '') . '" />
<span class="gen"><b>' . $subject . '</b></span><br /><br />
<span style="font-size:10px;">' . $f_story;
if ($f_storyext != '') {
