function LoadGroups()
{
global $usergroups, $loguserid, $loguser, $loguserGroup, $loguserPermset;
global $guestPerms, $guestGroup, $guestPermset;
$guestGroup = $usergroups[Settings::get('defaultGroup')];
$res = Query("SELECT *, 1 ord FROM {permissions} WHERE applyto=0 AND id={0} AND perm IN ({1c})", $guestGroup['id'], $guestPerms);
$guestPermset = LoadPermset($res);
if (!$loguserid) {
$loguserGroup = $guestGroup;
$loguserPermset = $guestPermset;
$loguser['banned'] = false;
$loguser['root'] = false;
return;
}
$secgroups = array();
$loguserGroup = $usergroups[$loguser['primarygroup']];
$res = Query("SELECT groupid FROM {secondarygroups} WHERE userid={0}", $loguserid);
while ($sg = Fetch($res)) {
$secgroups[] = $sg['groupid'];
}
$res = Query("\tSELECT *, 1 ord FROM {permissions} WHERE applyto=0 AND id={0}\n\t\t\t\t\tUNION SELECT *, 2 ord FROM {permissions} WHERE applyto=0 AND id IN ({1c})\n\t\t\t\t\tUNION SELECT *, 3 ord FROM {permissions} WHERE applyto=1 AND id={2}\n\t\t\t\t\tORDER BY ord", $loguserGroup['id'], $secgroups, $loguserid);
$loguserPermset = LoadPermset($res);
$maxrank = FetchResult("SELECT MAX(rank) FROM {usergroups}");
$loguser['banned'] = $loguserGroup['id'] == Settings::get('bannedGroup');
$loguser['root'] = $loguserGroup['id'] == Settings::get('rootGroup');
}
function getActivity($id)
{
global $activityCache;
if (!isset($activityCache[$id])) {
$activityCache[$id] = FetchResult("select count(*) from {posts} where user = {0} and date > {1}", $id, time() - 86400);
}
return $activityCache[$id];
}
function recursionCheck($fid, $cid)
{
if ($cid >= 0) {
return;
}
$check = array();
for (;;) {
$check[] = -$cid;
if ($check[0] == $fid) {
dieAjax('Endless recursion detected; choose another parent for this forum.');
}
$cid = FetchResult("SELECT catid FROM {forums} WHERE id={0}", $cid);
if ($cid >= 0) {
break;
}
}
}
function uploadFile($file, $cattype, $cat)
{
global $loguserid, $uploaddirs, $goodfiles, $badfiles, $userquota, $maxSize;
$targetdir = $uploaddirs[$cattype];
$totalsize = foldersize($targetdir);
$filedata = $_FILES[$file];
$c = FetchResult("SELECT COUNT(*) FROM {uploader} WHERE filename={0} AND cattype={1} AND user={2} AND deldate=0", $filedata['name'], $cattype, $loguserid);
if ($c > 0) {
return "You already have a file with this name. Please delete the old copy before uploading a new one.";
}
if ($filedata['size'] == 0) {
if ($filedata['tmp_name'] == '') {
return 'No file given.';
} else {
return 'File is empty.';
}
}
if ($filedata['size'] > $maxSize) {
return 'File is too large. Maximum size allowed is ' . BytesToSize($maxSize) . '.';
}
$randomid = Shake();
$pname = $randomid . '_' . Shake();
$fname = $_FILES['newfile']['name'];
$temp = $_FILES['newfile']['tmp_name'];
$size = $_FILES['size']['size'];
$parts = explode(".", $fname);
$extension = end($parts);
if ($totalsize + $size > $quot) {
Alert(format(__("Uploading \"{0}\" would break the quota."), $fname));
} else {
if (in_array(strtolower($extension), $badfiles) || is_array($goodfiles) && !in_array(strtolower($extension), $goodfiles)) {
return 'Forbidden file type.';
} else {
$description = $_POST['description'];
$big_descr = $cat['showindownloads'] ? $_POST['big_description'] : '';
Query("insert into {uploader} (id, filename, description, big_description, date, user, private, category, deldate, physicalname) values ({7}, {0}, {1}, {6}, {2}, {3}, {4}, {5}, 0, {8})", $fname, $description, time(), $loguserid, $privateFlag, $_POST['cat'], $big_descr, $randomid, $pname);
copy($temp, $targetdir . "/" . $pname);
Report("[b]" . $loguser['name'] . "[/] uploaded file \"[b]" . $fname . "[/]\"" . ($privateFlag ? " (privately)" : ""), $privateFlag);
die(header("Location: " . actionLink("uploaderlist", "", "cat=" . $_POST["cat"])));
}
}
}
function OnlineUsers($forum = 0, $update = true)
{
global $loguserid;
$forumClause = "";
$browseLocation = __("online");
if ($update) {
if ($loguserid) {
Query("UPDATE {users} SET lastforum={0} WHERE id={1}", $forum, $loguserid);
} else {
Query("UPDATE {guests} SET lastforum={0} WHERE ip={1}", $forum, $_SERVER['REMOTE_ADDR']);
}
}
if ($forum) {
$forumClause = " and lastforum={1}";
$forumName = FetchResult("SELECT title FROM {forums} WHERE id={0}", $forum);
$browseLocation = format(__("browsing {0}"), $forumName);
}
$rOnlineUsers = Query("select u.(_userfields) from {users} u where (lastactivity > {0} or lastposttime > {0}) and loggedin = 1 " . $forumClause . " order by name", time() - 300, $forum);
$onlineUserCt = 0;
$onlineUsers = "";
while ($user = Fetch($rOnlineUsers)) {
$user = getDataPrefix($user, "u_");
$userLink = UserLink($user, true);
$onlineUsers .= ($onlineUserCt ? ", " : "") . $userLink;
$onlineUserCt++;
}
//$onlineUsers = $onlineUserCt." "user".(($onlineUserCt > 1 || $onlineUserCt == 0) ? "s" : "")." ".$browseLocation.($onlineUserCt ? ": " : ".").$onlineUsers;
$onlineUsers = Plural($onlineUserCt, __("user")) . " " . $browseLocation . ($onlineUserCt ? ": " : ".") . $onlineUsers;
$data = Fetch(Query("select \n\t\t(select count(*) from {guests} where bot=0 and date > {0} {$forumClause}) as guests,\n\t\t(select count(*) from {guests} where bot=1 and date > {0} {$forumClause}) as bots\n\t\t", time() - 300, $forum));
$guests = $data["guests"];
$bots = $data["bots"];
if ($guests) {
$onlineUsers .= " | " . Plural($guests, __("guest"));
}
if ($bots) {
$onlineUsers .= " | " . Plural($bots, __("bot"));
}
// $onlineUsers = "<div style=\"display: inline-block; height: 16px; overflow: hidden; padding: 0px; line-height: 16px;\">".$onlineUsers."</div>";
return $onlineUsers;
}
function DoPrivateMessageBar()
{
global $loguserid, $loguser;
if ($loguserid) {
$unread = FetchResult("select count(*) from {pmsgs} where userto = {0} and msgread=0 and drafting=0", $loguserid);
$content = "";
if ($unread) {
$pmNotice = $loguser['usebanners'] ? "id=\"pmNotice\" " : "";
$rLast = Query("select * from {pmsgs} where userto = {0} and msgread=0 order by date desc limit 0,1", $loguserid);
$last = Fetch($rLast);
$rUser = Query("select * from {users} where id = {0}", $last['userfrom']);
$user = Fetch($rUser);
$content .= format("\n\t\t" . __("You have {0}{1}. {2}Last message{1} from {3} on {4}."), Plural($unread, format(__("new {0}private message"), "<a href=\"" . actionLink("private") . "\">")), "</a>", "<a href=\"" . actionLink("showprivate", $last['id']) . "\">", UserLink($user), formatdate($last['date']));
}
if ($loguser['newcomments']) {
$content .= format("\n\t\t" . __("You {0} have new comments in your {1}profile{2}."), $content != "" ? "also" : "", "<a href=\"" . actionLink("profile", $loguserid) . "\">", "</a>");
}
if ($content) {
write("\n\t<div {0} class=\"outline margin header0 cell0 smallFonts\">\n\t\t{1}\n\t</div>\n", $pmNotice, $content);
}
}
}
function HandlePostAttachments($postid, $final)
{
$targetdir = DATA_DIR . 'uploads';
if (!Settings::get('postAttach')) {
return array();
}
$attachs = array();
if (isset($_POST['files']) && !empty($_POST['files'])) {
foreach ($_POST['files'] as $fileid => $blarg) {
if (isset($_POST['deletefile']) && $_POST['deletefile'][$fileid]) {
$todelete = Query("SELECT physicalname, user FROM {uploadedfiles} WHERE id={0}", $fileid);
DeleteUpload($targetdir . '/' . $entry['physicalname'], $entry['user']);
Query("DELETE FROM {uploadedfiles} WHERE id={0}", $fileid);
} else {
if ($final) {
Query("UPDATE {uploadedfiles} SET parentid={0}, deldate=0 WHERE id={1}", $postid, $fileid);
}
$attachs[$fileid] = FetchResult("SELECT filename FROM {uploadedfiles} WHERE id={0}", $fileid);
}
}
}
foreach ($_FILES as $file => $data) {
if (in_array($data['name'], $attachs)) {
continue;
}
$res = UploadFile($file, 'post_attachment', $postid, POST_ATTACHMENT_CAP, '', !$final);
if ($res === false) {
return $res;
}
if ($res === true) {
continue;
}
$attachs[$res] = $data['name'];
}
return $attachs;
}
if (isset($_POST[$name]) && $_POST[$name]) {
return "checked=\"checked\"";
} else {
return "";
}
}
$moodSelects = array();
if ($_POST['mood']) {
$moodSelects[(int) $_POST['mood']] = "selected=\"selected\" ";
}
$moodOptions = "<option " . $moodSelects[0] . "value=\"0\">" . __("[Default avatar]") . "</option>\n";
$rMoods = Query("select mid, name from {moodavatars} where uid={0} order by mid asc", $loguserid);
while ($mood = Fetch($rMoods)) {
$moodOptions .= format("\n\t<option {0} value=\"{1}\">{2}</option>\n", $moodSelects[$mood['mid']], $mood['mid'], htmlspecialchars($mood['name']));
}
$ninja = FetchResult("select id from {posts} where thread={0} order by date desc limit 0, 1", $tid);
$mod_lock = '';
if (HasPermission('mod.closethreads', $fid)) {
if (!$thread['closed']) {
$mod_lock = "<label><input type=\"checkbox\" " . getCheck("lock") . " name=\"lock\"> " . __("Close thread", 1) . "</label>\n";
} else {
$mod_lock = "<label><input type=\"checkbox\" " . getCheck("unlock") . " name=\"unlock\"> " . __("Open thread", 1) . "</label>\n";
}
}
$mod_stick = '';
if (HasPermission('mod.stickthreads', $fid)) {
if (!$thread['sticky']) {
$mod_stick = "<label><input type=\"checkbox\" " . getCheck("stick") . " name=\"stick\"> " . __("Sticky", 1) . "</label>\n";
} else {
$mod_stick = "<label><input type=\"checkbox\" " . getCheck("unstick") . " name=\"unstick\"> " . __("Unstick", 1) . "</label>\n";
}
}
if (isset($_POST['name'])) {
$name = trim($_POST['name']);
$cname = str_replace(" ", "", strtolower($name));
$rUsers = Query("select name, displayname from {users}");
while ($user = Fetch($rUsers)) {
$uname = trim(str_replace(" ", "", strtolower($user['name'])));
if ($uname == $cname) {
break;
}
$uname = trim(str_replace(" ", "", strtolower($user['displayname'])));
if ($uname == $cname) {
break;
}
}
$ipKnown = FetchResult("select COUNT(*) from {users} where lastip={0}", $_SERVER['REMOTE_ADDR']);
//This makes testing faster.
if ($_SERVER['REMOTE_ADDR'] == "127.0.0.1") {
$ipKnown = 0;
}
if ($uname == $cname) {
$err = __("This user name is already taken. Please choose another.");
} else {
if ($name == "" || $cname == "") {
$err = __("The user name must not be empty. Please choose one.");
} else {
if (strpos($name, ";") !== false) {
$err = __("The user name cannot contain semicolons.");
} elseif ($ipKnown >= 3) {
$err = __("Another user is already using this IP address.");
} else {
//</autolock>
$isIgnored = FetchResult("select count(*) from ignoredforums where uid=" . $loguserid . " and fid=" . $fid, 0, 0) == 1;
if (isset($_GET['ignore'])) {
if (!$isIgnored) {
Query("insert into ignoredforums values (" . $loguserid . ", " . $fid . ")");
Alert(__("Forum ignored. You will no longer see any \"New\" markers for this forum."));
}
} else {
if (isset($_GET['unignore'])) {
if ($isIgnored) {
Query("delete from ignoredforums where uid=" . $loguserid . " and fid=" . $fid);
Alert(__("Forum unignored."));
}
}
}
$isIgnored = FetchResult("select count(*) from ignoredforums where uid=" . $loguserid . " and fid=" . $fid, 0, 0) == 1;
if ($loguserid && $forum['minpowerthread'] <= $loguser['powerlevel']) {
if ($isIgnored) {
$links .= "<li><a href=\"forum.php?id=" . $fid . "&unignore\">" . __("Unignore Forum") . "</a></li>";
} else {
$links .= "<li><a href=\"forum.php?id=" . $fid . "&ignore\">" . __("Ignore Forum") . "</a></li>";
}
$links .= "<li><a href=\"newthread.php?id=" . $fid . "\">" . __("Post Thread") . "</a></li>";
$links .= "<li><a href=\"newthread.php?id=" . $fid . "&poll=1\">" . __("Post Poll") . "</a></li>";
}
DoPrivateMessageBar();
$bucket = "userBar";
include "./lib/pluginloader.php";
$onlineUsers = OnlineUsers($fid);
if (!$noAjax) {
write("\n\t<script type=\"text/javascript\">\n\t\tonlineFID = {0};\n\t\twindow.addEventListener(\"load\", startOnlineUsers, false);\n\t</script>\n", $fid, $onlineUsers);
$extra = "";
if ($urlRewriting) {
$link = getServerURLNoSlash() . actionLink("profile", $user["id"], "", "_");
} else {
$link = getServerURL() . "?uid=" . $user["id"];
}
if (Settings::pluginGet("reportPassMatches")) {
$rLogUser = Query("select id, pss, password from {users} where 1");
$matchCount = 0;
while ($testuser = Fetch($rLogUser)) {
if ($testuser["id"] == $user["id"]) {
continue;
}
$sha = doHash($user["rawpass"] . $salt . $testuser['pss']);
if ($testuser['password'] == $sha) {
$matchCount++;
}
}
if ($matchCount) {
$extra .= "-- " . Plural($matchCount, "password match") . " ";
}
}
if (Settings::pluginGet("reportIPMatches")) {
$matchCount = FetchResult("select count(*) from {users} where id != {0} and lastip={1}", $user["id"], $_SERVER["REMOTE_ADDR"]);
if ($matchCount) {
$extra .= "-- " . Plural($matchCount, "IP match") . " ";
}
}
if ($forum['minpower'] <= 0) {
ircReport("" . $c2 . "New user: {$c1}" . ircUserColor($user["name"], $user['sex'], $user['powerlevel']) . "{$c2} {$extra}-- " . $link);
}
$rMisc = Query("select * from {misc}");
$misc = Fetch($rMisc);
$rOnlineUsers = Query("select id from {users} where lastactivity > {0} or lastposttime > {0} order by name", time() - 300);
$_qRecords = "";
$onlineUsers = "";
$onlineUserCt = 0;
while ($onlineUser = Fetch($rOnlineUsers)) {
$onlineUsers .= ":" . $onlineUser["id"];
$onlineUserCt++;
}
if ($onlineUserCt > $misc['maxusers']) {
$_qRecords = "maxusers = {0}, maxusersdate = {1}, maxuserstext = {2}";
}
//Check the amount of posts for the record
$newToday = FetchResult("select count(*) from {posts} where date > {0}", time() - 86400);
$newLastHour = FetchResult("select count(*) from {posts} where date > {0}", time() - 3600);
if ($newToday > $misc['maxpostsday']) {
if ($_qRecords) {
$_qRecords .= ", ";
}
$_qRecords .= "maxpostsday = {3}, maxpostsdaydate = {1}";
}
if ($newLastHour > $misc['maxpostshour']) {
if ($_qRecords) {
$_qRecords .= ", ";
}
$_qRecords .= "maxpostshour = {4}, maxpostshourdate = {1}";
}
if ($_qRecords) {
$_qRecords = "update {misc} set " . $_qRecords;
$rRecords = Query($_qRecords, $onlineUserCt, time(), $onlineUsers, $newToday, $newLastHour);
} else {
if (isset($_GET['tid']) && isset($_GET['time'])) {
$rPost = Query("select id,date,thread from {posts} where thread={0} AND date>{1} ORDER BY date LIMIT 1", $_GET['tid'], $_GET['time']);
} else {
Kill('blarg');
}
}
if (NumRows($rPost)) {
$post = Fetch($rPost);
} else {
Kill(__("Unknown post ID."));
}
$pid = $post['id'];
$tid = $post['thread'];
$rThread = Query("select id,title,forum from {threads} where id={0}", $tid);
if (NumRows($rThread)) {
$thread = Fetch($rThread);
} else {
Kill(__("Unknown thread ID."));
}
$tags = ParseThreadTags($thread['title']);
$ppp = $loguser['postsperpage'];
if (!$ppp) {
$ppp = 20;
}
$from = floor(FetchResult("SELECT COUNT(*) FROM {posts} WHERE thread={1} AND date<={2} AND id!={0}", $pid, $tid, $post['date']) / $ppp) * $ppp;
$url = actionLink("thread", $thread['id'], $from ? "from={$from}" : "", HasPermission('forum.viewforum', $thread['forum'], true) ? $tags[0] : '') . "#post" . $pid;
header("HTTP/1.1 301 Moved Permanently");
header("Status: 301 Moved Permanently");
header("Location: " . $url);
die;
if (!HasPermission('forum.viewforum', $thread['forum'])) {
Kill(__("Nice try, hacker kid, but no."));
}
if ($_GET['action'] == 'add') {
Query("INSERT IGNORE INTO {favorites} (user,thread) VALUES ({0},{1})", $loguserid, $tid);
} else {
Query("DELETE FROM {favorites} WHERE user={0} AND thread={1}", $loguserid, $tid);
}
die(header('Location: ' . $_SERVER['HTTP_REFERER']));
}
}
$title = 'Favorites';
$links = array(actionLinkTag(__("Mark threads read"), 'favorites', 0, 'action=markasread'));
MakeCrumbs(array(actionLink('favorites') => 'Favorites'), $links);
$viewableforums = ForumsWithPermission('forum.viewforum');
$total = FetchResult("SELECT COUNT(*) FROM {threads} t INNER JOIN {favorites} fav ON fav.user={0} AND fav.thread=t.id WHERE t.forum IN ({1c})", $loguserid, $viewableforums);
$tpp = $loguser['threadsperpage'];
if (isset($_GET['from'])) {
$from = (int) $_GET['from'];
} else {
$from = 0;
}
if (!$tpp) {
$tpp = 50;
}
$rThreads = Query("\tSELECT\n\t\t\t\t\t\tt.*,\n\t\t\t\t\t\ttr.date readdate,\n\t\t\t\t\t\tsu.(_userfields),\n\t\t\t\t\t\tlu.(_userfields),\n\t\t\t\t\t\tf.(id,title)\n\t\t\t\t\tFROM\n\t\t\t\t\t\t{threads} t\n\t\t\t\t\t\tINNER JOIN {favorites} fav ON fav.user={0} AND fav.thread=t.id\n\t\t\t\t\t\tLEFT JOIN {threadsread} tr ON tr.thread=t.id AND tr.id={0}\n\t\t\t\t\t\tLEFT JOIN {users} su ON su.id=t.user\n\t\t\t\t\t\tLEFT JOIN {users} lu ON lu.id=t.lastposter\n\t\t\t\t\t\tLEFT JOIN {forums} f ON f.id=t.forum\n\t\t\t\t\tWHERE f.id IN ({3c})\n\t\t\t\t\tORDER BY sticky DESC, lastpostdate DESC LIMIT {1u}, {2u}", $loguserid, $from, $tpp, $viewableforums);
$numonpage = NumRows($rThreads);
$pagelinks = PageLinks(actionLink('favorites', '', 'from='), $tpp, $from, $total);
if (NumRows($rThreads)) {
makeThreadListing($rThreads, $pagelinks, true, true);
} else {
$hideTricks = " <a href=\"javascript:void(0)\" onclick=\"showRevision(" . $id . "," . $post["currentrevision"] . "); hideTricks(" . $id . ")\">" . __("Back") . "</a>";
$reply .= $hideTricks;
die($reply);
} elseif ($action == "sr") {
$rPost = Query("\n\t\t\tSELECT\n\t\t\t\tp.*,\n\t\t\t\tpt.text, pt.revision, pt.user AS revuser, pt.date AS revdate,\n\t\t\t\tu.(_userfields), u.(rankset,title,picture,posts,postheader,signature,signsep,lastposttime,lastactivity,regdate,globalblock),\n\t\t\t\tru.(_userfields),\n\t\t\t\tdu.(_userfields),\n\t\t\t\tt.forum fid\n\t\t\tFROM\n\t\t\t\t{posts} p\n\t\t\t\tLEFT JOIN {posts_text} pt ON pt.pid = p.id AND pt.revision = {1}\n\t\t\t\tLEFT JOIN {threads} t ON t.id=p.thread\n\t\t\t\tLEFT JOIN {users} u ON u.id = p.user\n\t\t\t\tLEFT JOIN {users} ru ON ru.id=pt.user\n\t\t\t\tLEFT JOIN {users} du ON du.id=p.deletedby\n\t\t\tWHERE p.id={0} AND t.forum IN ({2c})", $id, (int) $_GET['rev'], ForumsWithPermission('forum.viewforum'));
if (NumRows($rPost)) {
$post = Fetch($rPost);
} else {
die(format(__("Unknown post ID #{0} or revision missing."), $id));
}
if (!HasPermission('mod.editposts', $post['fid'])) {
die('No.');
}
die(makePostText($post, getDataPrefix($post, 'u_')));
} elseif ($action == "em") {
$privacy = HasPermission('admin.editusers') ? '' : ' and showemail=1';
$blah = FetchResult("select email from {users} where id={0}{$privacy}", $id);
die(htmlspecialchars($blah));
} elseif ($action == "vc") {
$blah = FetchResult("select views from {misc}");
die(number_format($blah));
} else {
if ($action == 'no') {
$notif = getNotifications();
die(json_encode($notif));
}
}
}
}
}
die(__("Unknown action."));
// AcmlmBoard XD - Posts by user viewer
// Access: all
AssertForbidden("listPosts");
if (!isset($_GET['id'])) {
Kill(__("User ID unspecified."));
}
$id = (int) $_GET['id'];
$rUser = Query("select * from {users} where id={0}", $id);
if (NumRows($rUser)) {
$user = Fetch($rUser);
} else {
Kill(__("Unknown user ID."));
}
$title = __("Post list");
$total = FetchResult("\n\t\t\tSELECT\n\t\t\t\tcount(p.id)\n\t\t\tFROM\n\t\t\t\t{posts} p\n\t\t\t\tLEFT JOIN {threads} t ON t.id=p.thread\n\t\t\t\tLEFT JOIN {forums} f ON f.id=t.forum\n\t\t\tWHERE p.user={0} AND " . forumAccessControlSql(), $id);
$ppp = $loguser['postsperpage'];
if (isset($_GET['from'])) {
$from = (int) $_GET['from'];
} else {
$from = 0;
}
if (!$ppp) {
$ppp = 25;
}
$rPosts = Query("\n\tSELECT\n\t\tp.*,\n\t\tpt.text, pt.revision, pt.user AS revuser, pt.date AS revdate,\n\t\tu.(_userfields), u.(rankset,title,picture,posts,postheader,signature,signsep,lastposttime,lastactivity,regdate,globalblock),\n\t\tru.(_userfields),\n\t\tdu.(_userfields),\n\t\tt.id thread, t.title threadname,\n\t\tf.id fid\n\tFROM\n\t\t{posts} p\n\t\tLEFT JOIN {posts_text} pt ON pt.pid = p.id AND pt.revision = p.currentrevision\n\t\tLEFT JOIN {users} u ON u.id = p.user\n\t\tLEFT JOIN {users} ru ON ru.id=pt.user\n\t\tLEFT JOIN {users} du ON du.id=p.deletedby\n\t\tLEFT JOIN {threads} t ON t.id=p.thread\n\t\tLEFT JOIN {forums} f ON f.id=t.forum\n\tWHERE u.id={1} AND " . forumAccessControlSql() . "\n\tORDER BY date ASC LIMIT {2u}, {3u}", $loguserid, $id, $from, $ppp);
$numonpage = NumRows($rPosts);
$uname = $user["name"];
if ($user["displayname"]) {
$uname = $user["displayname"];
}
if (isset($_POST['actionpost']) && IsReallyEmpty($_POST['text']) && $canComment) {
AssertForbidden("makeComments");
$rComment = Query("insert into {usercomments} (uid, cid, date, text) values ({0}, {1}, {2}, {3})", $id, $loguserid, time(), $_POST['text']);
if ($loguserid != $id) {
Query("update {users} set newcomments = 1 where id={0}", $id);
}
logAction('usercomment', array('user2' => $id));
if ($mobileLayout) {
die(header("Location: " . actionLink("usercomments", $id)));
} else {
die(header("Location: " . actionLink("profile", $id)));
}
}
}
$cpp = 15;
$total = FetchResult("SELECT\n\t\t\t\t\t\tcount(*)\n\t\t\t\t\tFROM {usercomments}\n\t\t\t\t\tWHERE uid={0}", $id);
$from = (int) $_GET["from"];
if (!isset($_GET["from"])) {
$from = 0;
}
$realFrom = $total - $from - $cpp;
$realLen = $cpp;
if ($realFrom < 0) {
$realLen += $realFrom;
$realFrom = 0;
}
$rComments = Query("SELECT\n\t\tu.(_userfields),\n\t\t{usercomments}.id, {usercomments}.cid, {usercomments}.text\n\t\tFROM {usercomments}\n\t\tLEFT JOIN {users} u ON u.id = {usercomments}.cid\n\t\tWHERE uid={0}\n\t\tORDER BY {usercomments}.date ASC LIMIT {1u},{2u}", $id, $realFrom, $realLen);
$pagelinks = PageLinksInverted(actionLink($mobileLayout ? "usercomments" : "profile", $id, "from="), $cpp, $from, $total);
$commentList = "";
$commentField = "";
if (NumRows($rComments)) {
$drafting = 0;
$deleted = 2;
if (isset($_GET['show'])) {
$show = "&show=" . (int) $_GET['show'];
if ($_GET['show'] == 1) {
$deleted = 1;
} else {
if ($_GET['show'] == 2) {
$drafting = 1;
}
}
} else {
$whereFrom = "userto = {0}";
}
$whereFrom .= " and drafting = " . $drafting;
$total = FetchResult("select count(*) from {pmsgs} where {$whereFrom} and deleted != {1}", $user, $deleted);
$ppp = $loguser['postsperpage'];
if (isset($_GET['from'])) {
$from = (int) $_GET['from'];
} else {
$from = 0;
}
$links = new PipeMenu();
$links->add(new PipeMenuLinkEntry(__("Show received"), "private", $userGet, "", "download-alt"));
$links->add(new PipeMenuLinkEntry(__("Show sent"), "private", $userGet, "show=1", "upload-alt"));
$links->add(new PipeMenuLinkEntry(__("Show drafts"), "private", $userGet, "show=2", "save"));
$links->add(new PipeMenuLinkEntry(__("Send new PM"), "sendprivate", "", "", "plus"));
makeLinks($links);
$crumbs = new PipeMenu();
$crumbs->add(new PipeMenuLinkEntry(__("Member list"), "memberlist"));
$crumbs->add(new PipeMenuHtmlEntry(userLinkById($user)));
}
if (!$_GET['inposts']) {
$nres = FetchResult("\n\t\t\tSELECT COUNT(*)\n\t\t\tFROM {threads} t\n\t\t\tWHERE t.id IN ({0c}) AND t.forum IN ({1c})", $results, $viewableforums);
$search = Query("\n\t\t\tSELECT\n\t\t\t\tt.id, t.title, t.user, t.lastpostdate, t.forum, \n\t\t\t\tu.(_userfields)\n\t\t\tFROM {threads} t\n\t\t\t\tLEFT JOIN {users} u ON u.id=t.user\n\t\t\tWHERE t.id IN ({0c}) AND t.forum IN ({1c})\n\t\t\tORDER BY t.lastpostdate DESC\n\t\t\tLIMIT {2u},{3u}", $results, $viewableforums, $from, $tpp);
if (NumRows($search)) {
while ($result = Fetch($search)) {
$r = array();
$r['link'] = makeThreadLink($result);
$r['description'] = '';
$r['user'] = UserLink(getDataPrefix($result, "u_"));
$r['formattedDate'] = formatdate($result['lastpostdate']);
$rdata[] = $r;
}
}
} else {
$nres = FetchResult("\n\t\t\tSELECT COUNT(*)\n\t\t\tFROM {posts_text} pt\n\t\t\t\tLEFT JOIN {posts} p ON pt.pid = p.id\n\t\t\t\tLEFT JOIN {threads} t ON t.id = p.thread\n\t\t\tWHERE pt.pid IN ({0c}) AND t.forum IN ({1c}) AND pt.revision = p.currentrevision", $results, $viewableforums);
$search = Query("\n\t\t\tSELECT\n\t\t\t\tpt.text, pt.pid,\n\t\t\t\tp.date,\n\t\t\t\tt.title, t.id,\n\t\t\t\tu.(_userfields)\n\t\t\tFROM {posts_text} pt\n\t\t\t\tLEFT JOIN {posts} p ON pt.pid = p.id\n\t\t\t\tLEFT JOIN {threads} t ON t.id = p.thread\n\t\t\t\tLEFT JOIN {users} u ON u.id = p.user\n\t\t\tWHERE pt.pid IN ({0c}) AND t.forum IN ({1c}) AND pt.revision = p.currentrevision\n\t\t\tORDER BY p.date DESC\n\t\t\tLIMIT {2u},{3u}", $results, $viewableforums, $from, $tpp);
if (NumRows($search)) {
$results = "";
while ($result = Fetch($search)) {
$r = array();
$tags = ParseThreadTags($result['title']);
// $result['text'] = str_replace("<!--", "~#~", str_replace("-->", "~#~", $result['text']));
$r['description'] = MakeSnippet($result['text'], $terms);
$r['user'] = UserLink(getDataPrefix($result, "u_"));
$r['link'] = actionLinkTag($tags[0], "post", $result['pid']);
$r['formattedDate'] = formatdate($result['date']);
$rdata[] = $r;
}
}
}
$bucket = "amperTags";
include "./lib/pluginloader.php";
$post['posts'] = $rankHax;
if ($post['postheader'] && !$isBlocked) {
$postHeader = str_replace('$theme', $theme, ApplyTags(CleanUpPost($post['postheader']), $tags));
}
$postText = ApplyTags(CleanUpPost($post['text'], $post['name'], $noSmilies), $tags);
$bucket = "postMangler";
include "./lib/pluginloader.php";
if ($post['signature'] && !$isBlocked) {
$postFooter = ApplyTags(CleanUpPost($post['signature']), $tags);
if (!$post['signsep']) {
$separator = "<br />_________________________<br />";
} else {
$separator = "<br />";
}
}
$reply = $postHeader . $postText . $separator . $postFooter;
die($reply);
} elseif ($action == "em") {
$blah = FetchResult("select email from users where id=" . $id . " and showemail=1");
die(htmlspecialchars($blah));
} elseif ($action == "vc") {
$blah = FetchResult("select views from misc");
die(number_format($blah));
}
}
}
}
}
die(__("Unknown action."));
}
if ($letter != "") {
if ($letter == "@") {
//I can't figure it out. Anybody else?
$where .= " and substring(name, 1,1) regexp '[:punct:]' or substring(displayname, 1,1) regexp '[:punct:]'";
}
if ($letter == "#") {
$where .= " and substring(name, 1,1) regexp '[0-9]' or substring(displayname, 1,1) regexp '[0-9]'";
} else {
$where .= " and name like '" . $letter . "%' or displayname like '" . $letter . "%'";
}
}
if (!(isset($pow) && $pow == 5)) {
$where .= " and powerlevel < 5";
}
$numUsers = FetchResult("select count(*) from users where " . $where, 0, 0);
$qUsers = "select * from users where " . $where . " order by " . $order . ", name asc limit " . $from . ", " . $tpp;
$rUsers = Query($qUsers);
$numonpage = NumRows($rUsers);
for ($i = $tpp; $i < $numUsers; $i += $tpp) {
if ($i == $from) {
$pagelinks .= " " . ($i / $tpp + 1);
} else {
$pagelinks .= " " . mlink($sort, $sex, $pow, $tpp, $letter, $dir, $i) . ($i / $tpp + 1) . "</a>";
}
}
if ($pagelinks) {
if ($from == 0) {
$pagelinks = "1" . $pagelinks;
} else {
$pagelinks = mlink($sort, $sex, $pow, $tpp, $letter, $dir, 0) . "1</a>" . $pagelinks;
}
if ($_POST['nosm']) {
$nosm = "checked=\"checked\"";
}
if ($_POST['nobr']) {
$nobr = "checked=\"checked\"";
}
if ($_POST['mood']) {
$moodSelects[(int) $_POST['mood']] = "selected=\"selected\" ";
}
$moodOptions = "<option " . $moodSelects[0] . "value=\"0\">" . __("[Default avatar]") . "</option>\n";
$rMoods = Query("select mid, name from moodavatars where uid=" . $postingAs . " order by mid asc");
while ($mood = Fetch($rMoods)) {
$moodOptions .= format("\n\t<option {0} value=\"{1}\">{2}</option>\n", $moodSelects[$mood['mid']], $mood['mid'], htmlval($mood['name']));
}
$ninja = FetchResult("select id from posts where thread=" . $tid . " order by date desc limit 0, 1", 0, 0);
if (CanMod($loguserid, $fid)) {
$mod = "\n\n<!-- Mod options -->\n";
//print $thread['closed'];
if (!$thread['closed']) {
$mod .= "<label><input type=\"checkbox\" name=\"lock\"> " . __("Close thread", 1) . "</label>\n";
} else {
$mod .= "<label><input type=\"checkbox\" name=\"unlock\"> " . __("Open thread", 1) . "</label>\n";
}
if (!$thread['sticky']) {
$mod .= "<label><input type=\"checkbox\" name=\"stick\"> " . __("Sticky", 1) . "</label>\n";
} else {
$mod .= "<label><input type=\"checkbox\" name=\"unstick\"> " . __("Unstick", 1) . "</label>\n";
}
$mod .= "\n\n";
}
function WriteCategoryEditContents($cid)
{
global $loguser, $forumBoards;
$boardlist = '';
if ($cid != -1) {
$rCategory = Query("SELECT * FROM {categories} WHERE id={0}", $cid);
if (!NumRows($rCategory)) {
Kill("Category not found.");
}
$cat = Fetch($rCategory);
$candelete = FetchResult("SELECT COUNT(*) FROM {forums} WHERE catid={0}", $cid) == 0;
$name = htmlspecialchars($cat['name']);
$corder = $cat['corder'];
if (count($forumBoards) > 1) {
foreach ($forumBoards as $bid => $bname) {
$boardlist .= '<label><input type="radio" name="board" value="' . htmlspecialchars($bid) . '"' . ($cat['board'] == $bid ? ' checked="checked"' : '') . '> ' . htmlspecialchars($bname) . '</label>';
}
}
$boxtitle = __("Editing category ") . $name;
$fields = array('name' => '<input type="text" name="name" value="' . $name . '" size=64>', 'order' => '<input type="text" name="corder" value="' . $corder . '" size=3>', 'board' => $boardlist, 'btnSave' => '<button onclick="changeCategoryInfo(' . $cid . '); return false;">Save</button>', 'btnDelete' => '<button ' . ($candelete ? 'onclick="deleteCategory(); return false;"' : 'disabled="disabled"') . '>Delete</button>');
$delMessage = $candelete ? '' : __('Before deleting a category, remove all forums from it.');
} else {
if (count($forumBoards) > 1) {
foreach ($forumBoards as $bid => $bname) {
$boardlist .= '<label><input type="radio" name="board" value="' . htmlspecialchars($bid) . '"' . ($bid == '' ? ' checked="checked"' : '') . '> ' . htmlspecialchars($bname) . '</label>';
}
}
$boxtitle = __("New category");
$fields = array('name' => '<input type="text" name="name" value="" size=64>', 'order' => '<input type="text" name="corder" value="0" size=3>', 'board' => $boardlist, 'btnSave' => '<button onclick="addCategory(); return false;">Save</button>', 'btnDelete' => '');
$delMessage = '';
}
echo "\n\t<form method=\"post\" id=\"forumform\" action=\"" . htmlentities(actionLink("editfora")) . "\">\n\t<input type=\"hidden\" name=\"key\" value=\"" . $loguser["token"] . "\">\n\t<input type=\"hidden\" name=\"id\" value=\"{$cid}\">";
RenderTemplate('form_editcategory', array('formtitle' => $boxtitle, 'fields' => $fields, 'delMessage' => $delMessage));
echo "\n\t</form>";
}
}
}
}
}
}
}
}
}
}
}
if ($err) {
Alert($err, __('Error'));
} else {
$newsalt = Shake();
$sha = doHash($_POST['pass'] . SALT . $newsalt);
$uid = FetchResult("SELECT id+1 FROM {users} WHERE (SELECT COUNT(*) FROM {users} u2 WHERE u2.id={users}.id+1)=0 ORDER BY id ASC LIMIT 1");
if ($uid < 1) {
$uid = 1;
}
$rUsers = Query("insert into {users} (id, name, password, pss, primarygroup, regdate, lastactivity, lastip, email, sex, theme) values ({0}, {1}, {2}, {3}, {4}, {5}, {5}, {6}, {7}, {8}, {9})", $uid, $_POST['name'], $sha, $newsalt, Settings::get('defaultGroup'), time(), $_SERVER['REMOTE_ADDR'], $_POST['email'], (int) $_POST['sex'], Settings::get("defaultTheme"));
//if($uid == 1)
// Query("update {users} set primarygroup = {0} where id = 1", Settings::get('rootGroup'));
Report("New user: [b]" . $_POST['name'] . "[/] (#" . $uid . ") -> [g]#HERE#?uid=" . $uid);
$user = Fetch(Query("select * from {users} where id={0}", $uid));
$user['rawpass'] = $_POST['pass'];
$bucket = "newuser";
include "lib/pluginloader.php";
$rLogUser = Query("select id, pss, password from {users} where 1");
$matches = array();
while ($testuser = Fetch($rLogUser)) {
if ($testuser['id'] == $user['id']) {
if (isset($_POST['action'])) {
$mid = (int) $_POST['mid'];
if ($_POST['action'] == __("Rename")) {
Query("update {moodavatars} set name={0} where mid={1} and uid={2}", $_POST['name'], $mid, $loguserid);
Alert(__("Avatar renamed."), __("Okay"));
} else {
if ($_POST['action'] == __("Delete")) {
Query("delete from {moodavatars} where uid={0} and mid={1}", $loguserid, $mid);
Query("update {posts} set mood=0 where user={0} and mood={1}", $loguserid, $mid);
if (file_exists("{$dataDir}avatars/" . $loguserid . "_" . $mid)) {
unlink("{$dataDir}avatars/" . $loguserid . "_" . $mid);
}
Alert(__("Avatar deleted."), __("Okay"));
} else {
if ($_POST['action'] == __("Add")) {
$highest = FetchResult("select mid from {moodavatars} where uid={0} order by mid desc limit 1", $loguserid);
if ($highest < 1) {
$highest = 1;
}
$mid = $highest + 1;
//Begin copypasta from edituser/editprofile_avatar...
if ($fname = $_FILES['picture']['name']) {
$fext = strtolower(substr($fname, -4));
$error = "";
$exts = array(".png", ".jpg", ".gif");
$dimx = 100;
$dimy = 100;
$dimxs = 60;
$dimys = 60;
$size = 30720;
$validext = false;
// Access: all
if (!defined('BLARG')) {
die;
}
if (!isset($_GET['id'])) {
Kill(__("User ID unspecified."));
}
$id = (int) $_GET['id'];
$rUser = Query("select * from {users} where id={0}", $id);
if (NumRows($rUser)) {
$user = Fetch($rUser);
} else {
Kill(__("Unknown user ID."));
}
$title = __("Post list");
$total = FetchResult("\n\t\t\tSELECT\n\t\t\t\tcount(p.id)\n\t\t\tFROM\n\t\t\t\t{posts} p\n\t\t\t\tLEFT JOIN {threads} t ON t.id=p.thread{$extrashit}\n\t\t\tWHERE p.user={0} AND t.forum IN ({1c})", $id, ForumsWithPermission('forum.viewforum'));
$ppp = $loguser['postsperpage'];
if (isset($_GET['from'])) {
$from = (int) $_GET['from'];
} else {
$from = 0;
}
if (!$ppp) {
$ppp = 25;
}
$rPosts = Query("\tSELECT\n\t\t\t\tp.*,\n\t\t\t\tpt.text, pt.revision, pt.user AS revuser, pt.date AS revdate,\n\t\t\t\tu.(_userfields), u.(rankset,title,picture,posts,postheader,signature,signsep,lastposttime,lastactivity,regdate,globalblock,fulllayout),\n\t\t\t\tru.(_userfields),\n\t\t\t\tdu.(_userfields),\n\t\t\t\tt.id thread, t.title threadname,\n\t\t\t\tf.id fid\n\t\t\tFROM\n\t\t\t\t{posts} p\n\t\t\t\tLEFT JOIN {posts_text} pt ON pt.pid = p.id AND pt.revision = p.currentrevision\n\t\t\t\tLEFT JOIN {users} u ON u.id = p.user\n\t\t\t\tLEFT JOIN {users} ru ON ru.id=pt.user\n\t\t\t\tLEFT JOIN {users} du ON du.id=p.deletedby\n\t\t\t\tLEFT JOIN {threads} t ON t.id=p.thread\n\t\t\t\tLEFT JOIN {forums} f ON f.id=t.forum\n\t\t\t\tLEFT JOIN {categories} c ON c.id=f.catid\n\t\t\tWHERE u.id={1} AND f.id IN ({4c}){$extrashit}\n\t\t\tORDER BY date ASC LIMIT {2u}, {3u}", $loguserid, $id, $from, $ppp, ForumsWithPermission('forum.viewforum'));
$numonpage = NumRows($rPosts);
$uname = $user["name"];
if ($user["displayname"]) {
$uname = $user["displayname"];
}
<?php
if ($user['id'] == $loguserid) {
if (!$GLOBALS["myblockcount"]) {
$GLOBALS["myblockcount"] = 1 + FetchResult("SELECT COUNT(*) FROM blockedlayouts WHERE user={0}", $user["id"]);
}
$profileParts[__('Personal information')][__('Layout blocks')] = $GLOBALS["myblockcount"] - 1 . ($GLOBALS["myblockcount"] == 2 ? ' user has' : ' users have') . " blocked " . ($user['id'] == $loguserid ? "your" : "this user's") . " layout<br />";
}
"[quote=Barack Obama]I am Barack Obama and I approve this preview message.[/quote](sample post)",
);
$previewPost['text'] = $previews[array_rand($previews)];
//</randompreviews>
*/
//Fixed preview
$previewPost['text'] = $profilePreviewText;
//</fixedpreview>
$previewPost['num'] = "preview";
$previewPost['id'] = "preview";
$previewPost['uid'] = $id;
$copies = explode(",", "title,name,displayname,picture,sex,powerlevel,avatar,postheader,rankset,signature,signsep,posts,regdate,lastactivity,lastposttime");
foreach ($copies as $toCopy) {
$previewPost[$toCopy] = $user[$toCopy];
}
$previewPost['activity'] = FetchResult("select count(*) from posts where user = "******" and date > " . (time() - 86400), 0, 0);
MakePost($previewPost, 0, 0);
if ($loguser['powerlevel'] > 2) {
if (IsAllowed("editUser")) {
$links .= "<li><a href=\"editprofile.php?id=" . $id . "\">" . __("Edit user") . "</a></li>";
}
if (IsAllowed("snoopPM")) {
$links .= "<li><a href=\"private.php?user="******"\">" . __("Show PMs") . "</a></li>";
}
}
if ($loguserid && IsAllowed("sendPM")) {
$links .= "<li><a href=\"sendprivate.php?uid=" . $id . "\">" . __("Send PM") . "</a></li>";
}
if (IsAllowed("listPosts")) {
$links .= "<li><a href=\"listposts.php?id=" . $id . "\">" . __("Show posts") . "</a></li>";
}
print "</td></tr>";
$cellClass = ($cellClass + 1) % 2;
}
if ($loguserid) {
$filecount = FetchResult("select count(*) from {uploader} where uploader.user = {0} and uploader.private = 1", $loguserid);
print "<tr class=\"cell{$cellClass}\"><td>";
print actionLinkTag("Private files", "uploaderlist", "", "cat=-1");
print "<br>";
print "Only for you.";
print "<br>";
print $filecount . " files.";
print "<br>";
print "</td></tr>";
$cellClass = ($cellClass + 1) % 2;
if ($loguser['powerlevel'] > 2) {
$filecount = FetchResult("select count(*) from {uploader} where uploader.private = 1");
print "<tr class=\"cell{$cellClass}\"><td>";
print actionLinkTag("All private files", "uploaderlist", "", "cat=-2");
print "<br>";
print $filecount . " files.";
print "<br>";
print "</td></tr>";
}
}
print "</table>";
}
}
}
}
}
}
@unlink($rootdir . "/" . $entry['user'] . "/" . $entry['filename']);
} else {
@unlink($rootdir . "/" . $entry['filename']);
}
Query("delete from {uploader} where id = {0}", $fid);
$deleted++;
}
}
Alert(format(__("{0} deleted."), Plural($deleted, __("file"))));
} else {
if ($_GET['action'] == "delete") {
$fid = (int) $_GET['fid'];
if ($loguser['powerlevel'] > 2) {
$check = FetchResult("select count(*) from {uploader} where id = {0}", $fid);
} else {
$check = FetchResult("select count(*) from {uploader} where user = {0} and id = {1}", $loguserid, $fid);
}
if ($check) {
$entry = Fetch(Query("select * from {uploader} where id = {0}", $fid));
if ($entry['private']) {
@unlink($rootdir . "/" . $entry['user'] . "/" . $entry['filename']);
} else {
@unlink($rootdir . "/" . $entry['filename']);
}
Query("delete from {uploader} where id = {0}", $fid);
Report("[b]" . $loguser['name'] . "[/] deleted \"[b]" . $entry['filename'] . "[/]\".", 1);
Alert(format(__("Deleted \"{0}\"."), $entry['filename']), __("Okay"));
} else {
Alert(__("No such file or not yours to mess with."));
}
}
