function forgotpassword()
{
global $handler;
global $mailer;
global $mail;
global $emptyerror;
global $catcherror;
global $notactive;
global $emailDoesNotExist;
global $website_url;
global $error;
global $contactemail;
if (!empty($_POST['email'])) {
$email = $_POST['email'];
$checkuser = $handler->prepare("SELECT * FROM users WHERE email = :email");
$checkuser->execute([':email' => $email]);
if ($checkuser->rowCount()) {
$fetch = $checkuser->fetch(PDO::FETCH_ASSOC);
$password = randString(10);
if ($mailer === '0') {
mail($email, 'Password reset', "You requested a new password for your account on {$website_url}:<br />\r\n\n Your username is: {$fetch['username']}<br />\n Your new password is: {$password}<br /><br />\n It is safer if your password when you login.", "From: {$contactemail}");
} elseif ($mailer === '1') {
$mail->setFrom($contactemail);
$mail->addAddress($email);
// Add a recipient
$mail->isHTML(true);
// Set email format to HTML
$mail->Subject = 'Password reset';
$mail->Body = "You requested a new password for your account on {$website_url}:<br />\r\n\n Your username is: {$fetch['username']}<br />\n Your new password is: {$password}<br /><br />\n It is safer if your password when you login.";
if (!$mail->send()) {
echo $error;
}
}
$options = ['cost' => 11];
$password = password_hash($password, PASSWORD_BCRYPT, $options);
perry('UPDATE users SET password = :password WHERE email = :email', [':password' => $password, ':email' => $fetch['email']]);
setcookie('newpassword', 'newpassword', time() + 10);
header("refresh:0;url={$website_url}p/login");
} else {
echo $emailDoesNotExist;
}
}
}
}
} else {
echo $notAWebsite;
}
} else {
echo $imageTooBig;
}
} else {
echo $error;
}
} else {
echo $imageNotAllowed;
}
} else {
if (urlCheck($website)) {
echo perry('UPDATE users SET website = :website, signature = :signature WHERE u_id =' . $fetchUser['u_id'], [':website' => $website, ':signature' => $signature]);
header('Location: ' . $website_url . 'p/editprofile');
} else {
echo $notAWebsite;
}
}
}
?>
</div>
</div>
<?php
}
?>
</div>
</div>
<?php
if (isset($_GET['p'])) {
if (isset($_GET['id'])) {
$id = (int) $_GET['id'];
if ($_GET['p'] == 'del') {
$query = $handler->prepare('SELECT * FROM category WHERE c_id = :id');
$query->execute([':id' => $id]);
$mquery = $handler->query('SELECT * FROM category');
if ($query->rowCount()) {
if ($mquery->rowCount() == 1) {
echo '<div class="message">' . $lastCategory . '</div>';
} else {
if ($_GET['p'] == 'del') {
echo perry('DELETE FROM category WHERE c_id = :id', [':id' => $id], true);
}
}
} else {
echo '<div class="message">' . $doesnotexist . '</div>';
}
}
}
} elseif ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['order'])) {
foreach ($_POST as $data => $value) {
if ($data != 'order') {
$corder = (int) $value;
echo perry('UPDATE category SET corder = :corder WHERE c_id = :id', [':corder' => $corder, ':id' => $data], true);
}
}
}
}
$checkMessage = $handler->query('SELECT * FROM messages WHERE u_id_sender =' . $fetchUser['u_id'] . ' ORDER BY messageDate DESC LIMIT 1');
$fetchMessageDate = $checkMessage->fetch(PDO::FETCH_ASSOC);
$postDate = strtotime($fetchMessageDate['messageDate']);
$currentDate = strtotime(date("Y-m-d H:i:s"));
if ($currentDate - $postDate >= $fetchPermissions['postTime']) {
if (!empty($_POST['messageReply'])) {
$recipient = htmlentities($_POST['recipient'], ENT_QUOTES);
$checkRecipient = $handler->prepare('SELECT * FROM users WHERE username = :username');
$checkRecipient->execute([':username' => $recipient]);
$fetchRecipient = $checkRecipient->fetch(PDO::FETCH_ASSOC);
if ($checkRecipient->rowCount()) {
$subject = htmlentities($_POST['subject'], ENT_QUOTES);
$messageReply = $_POST['messageReply'];
$messageReply = $purifier->purify($messageReply);
if (strlen($messageReply)) {
echo perry('INSERT INTO messages (u_id_sender, u_id_recipient, subject, content, messageDate)
VALUES (:uidsender, :uidrecipient, :subject, :content, :messagedate)', [':uidsender' => $fetchUser['u_id'], ':uidrecipient' => $fetchRecipient['u_id'], ':subject' => $subject, ':content' => $messageReply, ':messagedate' => date("Y-m-d H:i:s")]);
header("Refresh:0;url={$website_url}p/messages");
} else {
echo $messageTooShort;
}
} else {
echo $userDoesNotExist;
}
} else {
echo $emptyerror;
}
} else {
echo '
<div class="alert alert-danger fade in">
<a href="#" class="close" data-dismiss="alert" aria-label="close">×</a>
' . $pleaseWait . '
<input class="form-control" type="text" name="description" placeholder="Short description" />
</div>
<div class="input-group pull-right" style="margin-bottom: 5px;">
<input class="btn btn-success" type="submit" name="addsec" value="Submit" />
</div>
</form>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['addsec'])) {
if (!empty($_POST['name'])) {
$name = $_POST['name'];
$desc = !empty($_POST['description']) ? $_POST['description'] : '';
$check = $handler->prepare('SELECT * FROM section WHERE secname = :secname');
$check->execute([':secname' => $name]);
$fetch = $handler->query('SELECT * FROM section ORDER BY sc_id desc');
$fetch = $fetch->fetch(PDO::FETCH_ASSOC);
if (!$check->rowCount()) {
$corder = $fetch['sc_id'] + 1;
$cid = $_POST['category'];
echo perry('INSERT INTO section (secname, secdesc, c_id, sorder) VALUES (:name, :desc, :c_id, :corder)', [':name' => $name, ':desc' => $desc, ':c_id' => $cid, ':corder' => $corder], true);
} else {
echo '<div class="message">' . $categoryExists . '</div>';
}
} else {
echo $emptyerror;
}
}
}
?>
</div>
$id = (int) $_GET['id'];
if ($_GET['p'] == 'del') {
$query = $handler->prepare('SELECT * FROM section WHERE sc_id = :id');
$query->execute([':id' => $id]);
if ($query->rowCount()) {
if ($_GET['p'] == 'del') {
echo perry('DELETE FROM section WHERE sc_id = :id', [':id' => $id], true);
}
} else {
echo '<div class="message">' . $doesnotexist . '</div>';
header('refresh:2;url=index.php');
}
}
}
} elseif ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['section'])) {
foreach ($_POST as $data => $value) {
$id = trim(str_replace(range(0, 9), '', $data));
if ($data != 'section') {
if ((int) $data) {
echo perry('UPDATE section SET sorder = :sorder WHERE sc_id = :id', [':sorder' => $value, ':id' => $data], false);
}
if (trim(str_replace(range(0, 9), '', $data)) == 'category') {
$data = trim(str_replace(range('a', 'z'), '', $data));
echo perry('UPDATE section SET c_id = :cid WHERE sc_id = :id', [':id' => $data, ':cid' => $value], false);
}
}
}
header('Location: index.php');
}
}
</tr>
<tr>
<td>
<?php
echo $fetchMessage['content'];
if (!empty($fetchSender['signature'])) {
echo '<hr />';
echo $fetchSender['signature'];
}
?>
</td>
</tr>
<tr>
<td>
<?php
echo '<a href="' . $website_url . 'p/messages?mid=' . $fetchMessage['m_id'] . '&viewoutbox&delete" class="btn btn-danger pull-right">Delete</a>';
?>
</td>
</tr>
</table>
<?php
if (isset($_GET['delete'])) {
perry('UPDATE messages SET sender_archived = :archived WHERE m_id = :mid', [':archived' => 1, ':mid' => $fetchMessage['m_id']]);
header("Refresh:0;url={$website_url}p/messages?outbox");
}
} else {
echo $messageDoesNotExist;
}
} else {
echo $messageDoesNotExist;
}
</div>
</form>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['postToThread'])) {
$checkThread = $handler->query('SELECT * FROM threadpost WHERE u_id =' . $fetchUser['u_id'] . ' ORDER BY postdate DESC LIMIT 1');
$fetchPostDate = $checkThread->fetch(PDO::FETCH_ASSOC);
$postDate = strtotime($fetchPostDate['postdate']);
$currentDate = strtotime(date("Y-m-d H:i:s"));
if ($currentDate - $postDate >= $fetchPermissions['postTime']) {
if (!empty($_POST['threadpost'])) {
$threadpost = $_POST['threadpost'];
$threadpost = $purifier->purify($threadpost);
//$thread = strip_tags($thread, '<h1><h2><h3><h4><h5><h6><pre><blockquote><p><b><i><u><font><span><ul><li><table><tr><td><a><img><hr><br>');
if (strlen($threadpost)) {
echo perry('INSERT INTO threadpost (t_id, u_id, content) VALUES (:t_id, :u_id, :content)', [':t_id' => $_GET['thread'], ':u_id' => $fetchUser['u_id'], ':content' => $threadpost]);
header('Location:' . $website_url . 'thread/' . $_GET['thread']);
} else {
echo $messageTooShort;
}
} else {
echo $emptyerror;
}
} else {
echo '
<div class="alert alert-danger fade in">
<a href="#" class="close" data-dismiss="alert" aria-label="close">×</a>
' . $pleaseWait . '
</div>';
}
}
<div class="input-group" style="margin-bottom: 5px;">
<span class="input-group-addon"><i class="fa fa-envelope-o fa-fw"></i></span>
<input class="form-control" type="text" name="name" placeholder="Category name" />
</div>
<div class="input-group pull-right" style="margin-bottom: 5px;">
<input class="btn btn-success" type="submit" name="addthread" value="Submit" />
</div>
</form>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['addthread'])) {
if (!empty($_POST['name'])) {
$name = $_POST['name'];
$check = $handler->prepare('SELECT * FROM category WHERE categoryname = :categoryname');
$check->execute([':categoryname' => $name]);
$fetch = $handler->query('SELECT * FROM category ORDER BY c_id desc');
$fetch = $fetch->fetch(PDO::FETCH_ASSOC);
if (!$check->rowCount()) {
$corder = $fetch['c_id'] + 1;
echo perry('INSERT INTO category (categoryname, corder) VALUES (:name, :corder)', [':name' => $name, ':corder' => $corder], true);
} else {
echo '<div class="message">' . $categoryExists . '</div>';
}
} else {
echo $emptyerror;
}
}
}
?>
</div>
</form>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['giveReputation'])) {
$repAmount = (int) $_POST['repAmount'];
$repDesc = $_POST['repDesc'];
if (filter_var($repAmount, FILTER_VALIDATE_INT, ['options' => ['min_range' => $fetchPermissions['minRep'], 'max_range' => $fetchPermissions['maxRep']]])) {
$queryRepCheck = $handler->query('SELECT * FROM reputation WHERE u_id_recipient =' . $fetch['u_id'] . ' AND u_id_sender =' . $fetchUser['u_id']);
if ($fetch['u_id'] == $fetchUser['u_id']) {
echo $addRepToSelf;
} else {
if ($queryRepCheck->rowCount()) {
echo perry('UPDATE reputation SET u_id_recipient = :u_id_r, u_id_sender = :u_id_s, repAmount = :repAmount, repDesc = :repDesc WHERE u_id_recipient =' . $fetch['u_id'] . ' AND u_id_sender =' . $fetchUser['u_id'], [':u_id_r' => $fetch['u_id'], ':u_id_s' => $fetchUser['u_id'], ':repAmount' => $repAmount, ':repDesc' => $repDesc]);
echo $repUpdated;
} else {
echo perry('INSERT INTO reputation (u_id_recipient, u_id_sender, repAmount, repDesc) VALUES (:u_id_r, :u_id_s, :repAmount, :repDesc)', [':u_id_r' => $fetch['u_id'], ':u_id_s' => $fetchUser['u_id'], ':repAmount' => $repAmount, ':repDesc' => $repDesc]);
echo $repAdded;
}
}
} else {
echo $repError;
}
}
}
?>
</div>
</div>
<?php
} else {
echo $pagedoesnotexist;
}
<td>Warnings</td>
<td>Warn/Ban</td>
</tr>
<?php
if ($querypage->rowCount()) {
$x = 0;
while ($fetch = $querypage->fetch(PDO::FETCH_ASSOC)) {
$queryW = $handler->query('SELECT *, sum(amount) as total FROM warnings WHERE u_id =' . $fetch['u_id'] . ' AND archived = 0');
$fetchW = $queryW->fetch(PDO::FETCH_ASSOC);
$queryRank = $handler->query('SELECT * FROM ranks WHERE rankValue =' . $fetch['rank']);
$fetchRank = $queryRank->fetch(PDO::FETCH_ASSOC);
$fetchW['total'] = $fetchW['total'] ?? 0;
if ($fetchW['total'] >= 100 && $fetch['rank'] != 999) {
perry('UPDATE users SET rank = 0 WHERE u_id = :uid', [':uid' => $fetch['u_id']]);
} elseif ($fetchW['total'] == 0 && $fetch['rank'] != 999) {
perry('UPDATE users SET rank = 1 WHERE u_id = :uid', [':uid' => $fetch['u_id']]);
}
echo '<tr>
<td>' . $fetch['u_id'] . '</td>
<td>' . $fetch['username'] . '<br />' . $fetchRank["rankName"] . '</td>
<td>' . $fetch['rank'] . '</td>
<td>' . $fetchW['total'] . '%</td>
<td>
<select class="form-control" name="' . $fetch['u_id'] . '">
<option value=""></option>
<option value="10">10%</option>
<option value="20">20%</option>
<option value="30">30%</option>
<option value="40">40%</option>
<option value="50">50%</option>
<option value="60">60%</option>
</form>
</div>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['postThread'])) {
$checkThread = $handler->query('SELECT * FROM thread WHERE u_id =' . $fetchUser['u_id'] . ' ORDER BY postdate DESC LIMIT 1');
$fetchCheckThread = $checkThread->fetch(PDO::FETCH_ASSOC);
$threadDate = strtotime($fetchCheckThread['postdate']);
$currentDate = strtotime(date("Y-m-d H:i:s"));
if ($currentDate - $threadDate >= $fetchPermissions['postTime']) {
if (!empty($_POST['title']) && !empty($_POST['thread'])) {
$title = htmlentities($_POST['title'], ENT_QUOTES);
$thread = $_POST['thread'];
$thread = $purifier->purify($thread);
if (strlen($thread)) {
echo perry('INSERT INTO thread (sc_id, u_id, title, content, postdate) VALUES (:sc_id, :u_id, :title, :content, :postdate)', [':sc_id' => $section, ':u_id' => $fetchUser['u_id'], 'title' => $title, ':content' => $thread, ':postdate' => date("Y-m-d H:i:s")]);
$threadId = $handler->prepare('SELECT * FROM thread WHERE title = :title ORDER BY postdate DESC');
try {
$threadId->execute([':title' => $title]);
} catch (PDOException $e) {
echo $error;
}
$fetchThreadId = $threadId->fetch(PDO::FETCH_ASSOC);
header('Location: ' . $website_url . 'thread/' . $fetchThreadId['t_id']);
} else {
echo $messageTooShort;
}
} else {
echo $emptyerror;
}
} else {
if ((int) $key && $key > 0) {
if (!empty($value)) {
perry('INSERT INTO warnings (u_id, amount, warningDate) VALUES (:uid, :amount, :warningDate)', [':uid' => $key, ':amount' => $value, ':warningDate' => date("Y-m-d H:i:s")]);
header("Refresh:0");
}
}
if ((int) $key && $key < 0) {
if (!empty($value) && !empty($_POST[abs($key)])) {
perry('UPDATE warnings SET reason = :reason WHERE u_id =' . abs($key), [':reason' => $value]);
header("Refresh:0");
}
}
}
}
} elseif (isset($_GET['uid'])) {
if (isset($_GET['reset'])) {
perry('UPDATE warnings SET archived = :archived WHERE u_id = :uid', [':archived' => 1, ':uid' => (int) $_GET['uid']]);
header("Refresh:0;url={$website_url}admin/");
} elseif (isset($_GET['manage'])) {
require_once 'warnings.php';
} elseif (isset($_GET['warning']) && isset($_GET['archive'])) {
$checkWarning = $handler->prepare('SELECT * FROM warnings WHERE w_id =:wid AND archived =0');
$checkWarning->execute([':wid' => (int) $_GET['warning']]);
if ($checkWarning->rowCount()) {
perry('UPDATE warnings SET archived = :archived WHERE w_id =:wid', [':archived' => 1, ':wid' => (int) $_GET['warning']]);
header("Refresh:0;url={$website_url}admin/");
} else {
echo $warningDoesNotExist;
}
}
}