function writeDB_private_message($to_userid, $image, $subject, $from_userid, $message, $copie) { global $NPDS_Prefix; $res = sql_query("SELECT uid, user_langue FROM " . $NPDS_Prefix . "users WHERE uname='{$to_userid}'"); list($to_useridx, $user_languex) = sql_fetch_row($res); if ($to_useridx == "") { forumerror('0016'); } else { global $gmt; $time = date(translate("dateinternal"), time() + $gmt * 3600); include_once "language/lang-multi.php"; $subject = removeHack($subject); $message = str_replace("\n", "<br />", $message); $message = addslashes(removeHack($message)); $sql = "INSERT INTO " . $NPDS_Prefix . "priv_msgs (msg_image, subject, from_userid, to_userid, msg_time, msg_text) "; $sql .= "VALUES ('{$image}', '{$subject}', '{$from_userid}', '{$to_useridx}', '{$time}', '{$message}')"; if (!($result = sql_query($sql))) { forumerror('0020'); } if ($copie) { $sql = "INSERT INTO " . $NPDS_Prefix . "priv_msgs (msg_image, subject, from_userid, to_userid, msg_time, msg_text, type_msg, read_msg) "; $sql .= "VALUES ('{$image}', '{$subject}', '{$from_userid}', '{$to_useridx}', '{$time}', '{$message}', '1', '1')"; if (!($result = sql_query($sql))) { forumerror('0020'); } } global $subscribe, $nuke_url; if ($subscribe) { $sujet = translate_ml($user_languex, "Vous avez un nouveau message."); $message = translate_ml($user_languex, "Bonjour") . ",<br /><br /><a href=\"{$nuke_url}/viewpmsg.php\">" . translate_ml($user_languex, "Cliquez ici pour lire votre nouveau message.") . "</a><br /><br />"; include "signat.php"; copy_to_email($to_useridx, $sujet, $message); } } }
function ancre($forum_id, $topic_id, $post_id, $posts_per_page) { global $NPDS_Prefix; $rowQ1 = Q_Select("SELECT post_id FROM " . $NPDS_Prefix . "posts WHERE forum_id='{$forum_id}' AND topic_id='{$topic_id}' ORDER BY post_id ASC", 600); if (!$rowQ1) { forumerror('0015'); } $i = 0; while (list(, $row) = each($rowQ1)) { if ($row['post_id'] == $post_id) { break; } $i++; } $start = $i - $i % $posts_per_page; return "&ancre=1&start={$start}#" . $forum_id . $topic_id . $post_id; }
echo '<img class="img-fluid d-block mx-auto" src="' . $site_logo . '" alt="website logo" />'; } else { echo '<img class="img-fluid d-block mx-auto" src="images/' . $site_logo . '" alt="website logo" />'; } echo '<p class="mt-2">' . translate("Forum Index") . ' » » '; echo stripslashes($forum_name); echo '</p>'; echo "\n <table border=\"0\" >\n <tr>\n <td width=\"15%\"><hr />" . translate("Author") . "</td>\n <td><hr />{$topic_subject}</td>\n </tr>"; if ($Mmod) { $post_aff = ' '; } else { $post_aff = " AND post_aff='1' "; } $sql = "SELECT * FROM " . $NPDS_Prefix . "posts WHERE topic_id='{$topic}' and post_id='{$post_id}'" . $post_aff; if (!($result = sql_query($sql))) { forumerror(01); } $myrow = sql_fetch_assoc($result); if ($allow_upload_forum) { $visible = ''; if (!$Mmod) { $visible = ' AND visible = 1'; } $sql = "SELECT att_id FROM {$upload_table} WHERE apli='forum_npds' && topic_id = '{$topic}' {$visible}"; $att = sql_num_rows(sql_query($sql)); if ($att > 0) { include "modules/upload/include_forum/upload.func.forum.php"; } } echo "<tr align=\"left\">"; $posterdata = get_userdata_from_id($myrow['poster_id']);
function anti_flood($modoX, $paramAFX, $poster_ipX, $userdataX, $gmtX) { // anti_flood : nd de post dans les 90 puis 30 dernières minutes / les modérateurs echappent à cette règle // security.log est utilisée pour enregistrer les tentatives global $NPDS_Prefix; global $anonymous; if (!array_key_exists('uname', $userdataX)) { $compte = $anonymous; } else { $compte = $userdataX['uname']; } if (!$modoX and $paramAFX > 0) { $sql = "SELECT COUNT(poster_ip) AS total FROM " . $NPDS_Prefix . "posts WHERE post_time>'"; if ($userdataX['uid'] != 1) { $sql2 = "' AND (poster_ip='{$poster_ipX}' OR poster_id='" . $userdataX['uid'] . "')"; } else { $sql2 = "' AND poster_ip='{$poster_ipX}'"; } $timebase = date("Y-m-d H:i", time() + $gmtX * 3600 - 5400); list($time90) = sql_fetch_row(sql_query($sql . $timebase . $sql2)); if ($time90 > $paramAFX * 2) { Ecr_Log("security", "Forum Anti-Flood : " . $compte, ""); forumerror(translate("You are not allowed to post in this forum")); } else { $timebase = date("Y-m-d H:i", time() + $gmtX * 3600 - 1800); list($time30) = sql_fetch_row(sql_query($sql . $timebase . $sql2)); if ($time30 > $paramAFX) { Ecr_Log("security", "Forum Anti-Flood : " . $compte, ""); forumerror(translate("You are not allowed to post in this forum")); } } } }
forumerror('0009'); } // ordre de mise à jour d'un champ externe ? if ($comments_req_raz != '') { sql_query("UPDATE " . $NPDS_Prefix . $comments_req_raz); } redirect_url("{$url_ret}"); break; case 'viewip': include "header.php"; $sql = "SELECT u.uname, p.poster_ip, p.poster_dns FROM " . $NPDS_Prefix . "users u, posts p WHERE p.post_id = '{$post}' AND u.uid = p.poster_id"; if (!($r = sql_query($sql))) { forumerror('0013'); } if (!($m = sql_fetch_assoc($r))) { forumerror('0014'); } echo ' <h3>' . translate("Users IP and Account information") . '</h3> <div class="card card-block"> <strong>' . translate("Nickname: ") . '</strong> ' . $m['uname'] . '<br /> <strong>' . translate("User IP: ") . '</strong> ' . $m['poster_ip'] . '<br /> <strong>' . translate("User DNS: ") . '</strong> ' . $m['poster_dns'] . '<br /> </div> <p><a href="' . rawurldecode($url_ret) . '" class="btn btn-primary">' . translate("Go Back") . '</a></p>'; include "footer.php"; break; case 'aff': $sql = "UPDATE " . $NPDS_Prefix . "posts SET post_aff = '{$ordre}' WHERE post_id = '{$post}'"; sql_query($sql); // ordre de mise à jour d'un champ externe ?
if ($forum_type != 6 and $forum_type != 5) { $messageP = make_clickable($messageP); $messageP = removeHack($messageP); if ($allow_bbcode) { $messageP = aff_video_yt($messageP); } } $messageP = addslashes($messageP); break; case 'editpost': $userdata = get_userdata($userdata[1]); settype($post_id, "integer"); $sql = "SELECT poster_id, topic_id FROM " . $NPDS_Prefix . "posts WHERE (post_id = '{$post_id}')"; $result = sql_query($sql); if (!$result) { forumerror('0022'); } $row2 = sql_fetch_assoc($result); $userdata['uid'] = $row2['poster_id']; // IF we made it this far we are allowed to edit this message settype($forum, "integer"); $myrow2 = sql_fetch_assoc(sql_query("SELECT forum_type FROM " . $NPDS_Prefix . "forums WHERE (forum_id = '{$forum}')")); $forum_type = $myrow2['forum_type']; if ($allow_html == 0 || isset($html)) { $messageP = htmlspecialchars($messageP, ENT_COMPAT | ENT_HTML401, cur_charset); } if ($allow_bbcode and $forum_type != 6 and $forum_type != 5) { $messageP = smile($messageP); } if ($forum_type != 6 and $forum_type != 5) { $messageP = aff_code($messageP);
if ($Mmod) { echo ' <div class="form-group row"> <div class="col-sm-3"> <label class="form-control-label" for="subject">' . translate("Title") . '</label> </div> <div class="col-sm-9"> <input class="form-control textbox_standard" type="text" name="subject" size="40" maxlength="100" value="' . htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, cur_charset) . '" /> </div> </div>'; } else { echo "<b>" . translate("Editing Post") . "</b> : {$title}</td></tr>"; echo "<input type=\"hidden\" name=\"subject\" value=\"" . htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, cur_charset) . "\" />"; } } else { forumerror('0036'); } if ($smilies) { echo ' <div class="form-group row"> <div class="col-sm-3"> <label class="form-control-label">' . translate("Message Icon: ") . '</label> </div> <div class="col-sm-9"> ' . emotion_add($image_subject) . ' </div> </div>'; } echo ' <div class="form-group row"> <div class="col-sm-3">
} $message = make_clickable($message); $message = removeHack($message); $image_subject = ''; $message = addslashes($message); $time = date("Y-m-d H:i:s", time() + $gmt * 3600); $sql = "INSERT INTO " . $NPDS_Prefix . "posts (post_idH, topic_id, image, forum_id, poster_id, post_text, post_time, poster_ip, poster_dns) VALUES ('0', '{$topic}', '{$image_subject}', '{$forum}', '" . $userdata['uid'] . "', '{$message}', '{$time}', '{$poster_ip}', '{$hostname}')"; if (!($result = sql_query($sql))) { forumerror('0020'); } else { $IdPost = sql_last_id(); } $sql = "UPDATE " . $NPDS_Prefix . "users_status SET posts=posts+1 WHERE (uid = '" . $userdata['uid'] . "')"; $result = sql_query($sql); if (!$result) { forumerror('0029'); } // ordre de mise à jour d'un champ externe ? if ($comments_req_add != "") { sql_query("UPDATE " . $NPDS_Prefix . $comments_req_add); } redirect_url("{$url_ret}"); } else { echo '<p class="text-xs-center">' . translate("You must type a message to post.") . '<br /><br />'; echo "[ <a href=\"javascript:history.go(-1)\" class=\"noir\">" . translate("Go Back") . "</a> ]</p>"; } } else { include 'header.php'; if ($allow_bbcode == 1) { include "lib/formhelp.java.php"; }
} if ($display) { echo ' <tr class="table-danger"> <td colspan="6"><input type="hidden" name="total_messages" value="' . $total_messages . '"><button class="btn btn-danger-outline btn-sm" type="submit" name="delete_messages" value="delete_messages" >' . translate("Delete") . '</button></td> </tr>'; } echo ' <tbody> </table> </form> </div>'; $sql = "SELECT * FROM " . $NPDS_Prefix . "priv_msgs WHERE from_userid = '" . $userdata['uid'] . "' AND type_msg='1' ORDER BY msg_id DESC"; $resultID = sql_query($sql); if (!$resultID) { forumerror(05); } echo ' <div class="card card-block "> <h2><a href="replypmsg.php?send=1" title="' . translate("Write a new Private Message") . '" data-toggle="tooltip" ><i class="fa fa-edit"></i></a> ' . translate("Private Message") . " - " . translate("Outbox") . '</h2> <form id="" name="prvmsgB" method="get" action="replypmsg.php"> <table class="table table-hover table-striped table-sm" > <thead class="thead-default"> <tr> <th data-checkbox="true" ><input name="allbox" onclick="CheckAllB();" type="checkbox" value="Check All" /></th> <th align="center" ><i class="fa fa-long-arrow-down"></i></th>'; if ($smilies) { echo ' <th align="center" > </th>'; } echo '
</fieldset> '; } else { echo '' . translate("You are not allowed to reply in this forum") . ''; } echo "\n\t\t</div>\n\t\t</form>"; if ($allow_to_reply) { echo '<h3 class="text-xs-center">' . translate("Topic Review") . '</h3>'; if ($Mmod) { $post_aff = ""; } else { $post_aff = " and post_aff='1' "; } $sql = "SELECT * FROM " . $NPDS_Prefix . "posts WHERE topic_id='{$topic}' and forum_id='{$forum}'" . $post_aff . "ORDER BY post_id DESC limit 0,10"; if (!($result = sql_query($sql))) { forumerror('0001'); } $myrow = sql_fetch_assoc($result); $count = 0; do { echo ' <div class="row"> <div class="col-md-2"> '; $posterdata = get_userdata_from_id($myrow['poster_id']); if ($posterdata['uname'] != $anonymous) { echo '<a href="powerpack.php?op=instant_message&to_userid=' . $posterdata['uname'] . '" class="noir">' . $posterdata['uname'] . '</a>'; } else { echo $posterdata['uname']; } echo '<br />';
function MergeForumAction($oriforum, $destforum) { global $upload_table; global $NPDS_Prefix; $sql = "UPDATE " . $NPDS_Prefix . "forumtopics SET forum_id='{$destforum}' WHERE forum_id='{$oriforum}'"; if (!($r = sql_query($sql))) { forumerror('0010'); } $sql = "UPDATE " . $NPDS_Prefix . "posts SET forum_id='{$destforum}' WHERE forum_id='{$oriforum}'"; if (!($r = sql_query($sql))) { forumerror('0010'); } $sql = "UPDATE " . $NPDS_Prefix . "forum_read SET forum_id='{$destforum}' WHERE forum_id='{$oriforum}'"; if (!($r = sql_query($sql))) { forumerror('0001'); } $sql = "UPDATE {$upload_table} SET forum_id='{$destforum}' WHERE apli='forum_npds' and forum_id='{$oriforum}'"; sql_query($sql); sql_free_result; Q_Clean(); header("location: admin.php?op=MaintForumAdmin"); }
function read_imm($msg_id, $sub_op) { global $cookie, $NPDS_Prefix; if (!$cookie) { Header("Location: user.php"); } else { $sql = "UPDATE " . $NPDS_Prefix . "priv_msgs SET read_msg='1' WHERE msg_id='{$msg_id}' AND to_userid='{$cookie['0']}'"; if (!sql_query($sql)) { forumerror('0021'); } if ($sub_op == 'reply') { echo "<script type=\"text/javascript\">\n //<![CDATA[\n window.location='replypmsg.php?reply=1&msg_id={$msg_id}&userid={$cookie['0']}&full_interface=short';\n //]]>\n </script>"; die; } echo '<script type="text/javascript"> //<![CDATA[ window.location="readpmsg_imm.php?op=new_msg"; //]]> </script>'; die; } }
$sql = "SELECT msg_image, subject, from_userid, to_userid FROM " . $NPDS_Prefix . "priv_msgs WHERE to_userid='" . $userdata['uid'] . "' AND msg_id='{$msg_id}' AND type_msg='0'"; $result = sql_query($sql); if (!$result) { forumerror('0022'); } $row = sql_fetch_assoc($result); if (!$row) { forumerror('0023'); } $fromuserdata = get_userdata_from_id($row['from_userid']); if ($fromuserdata[0] == 1) { forumerror('0101'); } $touserdata = get_userdata_from_id($row['to_userid']); if ($user and $userdata['uid'] != $touserdata['uid']) { forumerror('0024'); } } echo ' <h3>' . translate("Private Message") . '</h3> <hr /> <blockquote class="blockquote">' . translate("About Posting:") . '<br />' . translate("All registered users can post private messages.") . '</blockquote> <form action="replypmsg.php" method="post" name="coolsus">'; if ($submitP) { echo "<hr noshade=\"noshade\" class=\"ongl\" /><p align=\"center\" class=\"header\">" . translate("Preview") . "</p>\n <table border=\"0\" cellpadding=\"2\" cellspacing=\"1\" width=\"100%\">"; echo "<b>" . StripSlashes($subject) . "</b><br /><br />\n"; $Xmessage = $message = StripSlashes($message); if ($allow_html == 0 || isset($html)) { $Xmessage = htmlspecialchars($Xmessage, ENT_COMPAT | ENT_HTML401, cur_charset); } if ($sig) {