예제 #1
0
/**
 * Session Error
 * 
 * filter to catch a submitted resource in case of error
 * 
 * @author Brian Hendrickson <*****@*****.**>
 * @access public
 * @param object $req
 * @param string $errstr
 * @todo re-implement
 */
function session_error(&$req, $errstr)
{
    global $db;
    if (array_key_exists($req->resource, $db->models)) {
        $model =& $db->models[$req->resource];
        if (isset($req->action) && in_array($req->action, array('put', 'post'))) {
            session_save($req, $model);
        }
    }
}
예제 #2
0
function guestbook_insert($entry)
{
    if ($entry['is_mass_gb'] !== true) {
        if ($_SESSION['login']['id'] == $entry['sender']) {
            if ($_SESSION['last_gb_entry'] > time() - 5) {
                return false;
            }
        }
        if (strlen($entry['message']) == 0) {
            return false;
        }
        if ($entry['recipient'] == 2348 && $entry['sender'] != 2348) {
            $_SESSION['posted_gb_to_webmaster'] = true;
        }
    }
    $entry['is_private'] = $entry['is_private'] == 1 ? 1 : 0;
    $query = 'INSERT INTO traffa_guestbooks(timestamp, recipient, sender, message, is_private)';
    $query .= ' VALUES("' . time() . '", "' . $entry['recipient'] . '", "' . $entry['sender'] . '", "' . $entry['message'] . '", "' . $entry['is_private'] . '")';
    mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
    $entry['id'] = mysql_insert_id();
    $query = 'UPDATE userinfo SET gb_entries = gb_entries + 1 WHERE userid = "' . $entry['recipient'] . '" LIMIT 1';
    if (!mysql_query($query)) {
        report_sql_error($query, __FILE__, __LINE__);
        return false;
    }
    if (isset($entry['reply-to'])) {
        $query = 'UPDATE traffa_guestbooks SET answered = "Y", `read` =  1 WHERE id = "' . $entry['reply-to'] . '" AND recipient = "' . $entry['sender'] . '" LIMIT 1';
        if (!mysql_query($query)) {
            report_sql_error($query, __FILE__, __LINE__);
            return false;
        }
    }
    if ($entry['is_mass_gb'] !== true) {
        $query = 'SELECT session_id FROM login WHERE id = "' . $entry['recipient'] . '" LIMIT 1';
        $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
        $data = mysql_fetch_assoc($result);
        if (strlen($data['session_id']) > 5) {
            $remote_session = session_load($data['session_id']);
            $remote_session['notices']['unread_gb_entries'] += 1;
            $entry['image'] = $_SESSION['userinfo']['image'];
            $entry['timestamp'] = time();
            $entry['message'] = stripslashes($entry['message']);
            $entry['username'] = $_SESSION['login']['username'];
            $remote_session['unread_gb_entries'][] = $entry;
            session_save($data['session_id'], $remote_session);
        }
    }
    $_SESSION['last_gb_entry'] = time();
    return true;
}
예제 #3
0
function block_user($userid)
{
    mysql_query('UPDATE userinfo SET image = 0, image_ban_expire = "' . (time() + 86400 * 7) . '" WHERE userid = "' . $userid . '" LIMIT 1') or die('<script language="javascript">alert("FATALT FEL! IGNORERA FÖLJANDE MEDDELANDE OM ATT UPPDATERINGEN LYCKADES. MYSQL FELINFORMATION: (vidarebefodra till Tritone)\\n\\n' . mysql_error() . '")</script>');
    /* We need to load and modify the remote users session */
    $sessid_sql = 'SELECT session_id FROM login WHERE id = "' . $userid . '" LIMIT 1';
    $sessid_result = mysql_query($sessid_sql) or die(report_sql_error($sessid_sql));
    $sessid_data = mysql_fetch_assoc($sessid_result);
    if (strlen($sessid_data['session_id']) > 5) {
        $remote_session = session_load($sessid_data['session_id']);
        $remote_session['userinfo']['image_ban_expire'] = time() + 86400 * 7;
        session_save($sessid_data['session_id'], $remote_session);
    }
    if (unlink(PATHS_IMAGES . 'users/full/' . $userid . '.jpg') && unlink(PATHS_IMAGES . 'users/thumb/' . $userid . '.jpg')) {
        echo '<script language="javascript">alert("Användar-ID ' . $userid . ' har blockerats från framtida uppladdning av bilder.");</script>';
        log_admin_event('user blocked image upload', '', $_SESSION['login']['id'], $userid, $userid);
    } else {
        echo '<script language="javascript">alert("Ett fel uppstod när ' . $userid . '.jpg skulle tas bort!");</script>';
    }
}
예제 #4
0
function new_entry($recipient, $sender, $message, $private = 0, $answereid = null, $post_id = 0)
{
    //$message = htmlspecialchars($message);
    $private = $private == 1 ? 1 : 0;
    $insert_sql = 'INSERT INTO traffa_guestbooks(timestamp, recipient, sender, message, is_private, forum_post)  ';
    $insert_sql .= 'VALUES(UNIX_TIMESTAMP(), ' . $recipient . ', ' . $sender . ', \'' . $message . '\', ' . $private . ', ' . $post_id . ')';
    mysql_query($insert_sql) or die(report_sql_error($insert_sql));
    $update_sql = 'UPDATE traffa SET guestbook_entries = guestbook_entries + 1 WHERE userid = ' . $recipient . ' LIMIT 1';
    mysql_query($update_sql) or die('Ett kritiskt fel uppstod! Felet uppstod i new_entry(). Felet uppstod när data uppdaterades.<br />Felinfo:<br />' . mysql_error());
    $sessid_sql = 'SELECT session_id FROM login WHERE id = "' . $recipient . '" LIMIT 1';
    $sessid_result = mysql_query($sessid_sql) or die(report_sql_error($sessid_sql));
    $sessid_data = mysql_fetch_assoc($sessid_result);
    if (strlen($sessid_data['session_id']) > 5) {
        $remote_session = session_load($sessid_data['session_id']);
        $remote_session['notices']['unread_gb_entries'] += 1;
        session_save($sessid_data['session_id'], $remote_session);
    }
    if (isset($answereid)) {
        $query = 'UPDATE traffa_guestbooks SET answered = "Y" WHERE id = "' . $answereid . '" AND recipient = "' . $_SESSION['login']['id'] . '" LIMIT 1';
        mysql_query($query) or die('Ett kritiskt fel uppstod! Felet uppstod i new_entry(). Felet uppstod när data uppdaterades.<br />Felinfo:<br />' . mysql_error());
    }
}
예제 #5
0
파일: profile.php 프로젝트: Rojk/hamsterpaj
    if ($increase_profile_visitors == true) {
        $query = 'UPDATE userinfo SET profile_visitors = profile_visitors + 1 WHERE userid = ' . $user_id;
        mysql_query($query) or die(report_sql_error($query));
    }
    $querys = array();
    $querys['insert'] = 'INSERT INTO user_visits(user_id, item_id, type, count, timestamp) VALUES(' . $user_id . ', ' . $_SESSION['login']['id'] . ', "profile_visit", 1, unix_timestamp())';
    $querys['update'] = 'UPDATE user_visits SET count = count + 1, timestamp = unix_timestamp() WHERE user_id=' . $user_id . ' AND item_id=' . $_SESSION['login']['id'] . ' AND type="profile_visit"';
    @mysql_query($querys['insert']) or @mysql_query($querys['update']);
    unset($querys);
    /* Read remote session and log this visit */
    $remote_session = session_load($userinfo['login']['session_id']);
    if ($_SESSION['userinfo']['image'] == 1 || $_SESSION['userinfo']['image'] == 2) {
        $visited = false;
        foreach ($remote_session['visitors_with_image'] as $visitor) {
            $visited = $visitor['id'] == $_SESSION['login']['id'] ? true : $visited;
        }
        if ($visited == false) {
            while (count($remote_session['visitors_with_image']) >= 8) {
                array_pop($remote_session['visitors_with_image']);
            }
            array_unshift($remote_session['visitors_with_image'], array('id' => $_SESSION['login']['id'], 'timestamp' => time(), 'username' => $_SESSION['login']['username']));
        }
    }
    $remote_session['notice_message'] = 'Hey där, <a href="/traffa/profile.php?id=' . $_SESSION['login']['id'] . '">' . $_SESSION['login']['username'] . '</a> sladdade just in på din profil! - <a href="/traffa/my_visitors.php">Visa alla dina besökare!</a>';
    session_save($userinfo['login']['session_id'], $remote_session);
}
//End of Lef
$output .= profile_bottom($profile);
ui_top($ui_options);
echo $output;
ui_bottom();
예제 #6
0
function age_guess_result()
{
    global $AGE_GUESS_COMMENTS;
    $return .= '<img src="http://images.hamsterpaj.net/images/users/thumb/' . $_SESSION['age_guess']['current_user'] . '" />' . "\n";
    $age_diff = $_GET['guessed_age'] == 'skip' ? 1 : $_GET['guessed_age'] - $_SESSION['age_guess']['current_age'];
    switch (abs($age_diff)) {
        case 0:
            $score = 5;
            $score_class = 'positive';
            break;
        case 1:
            $score = 0;
            $score_class = 'unchanged';
            break;
        default:
            $score = abs($age_diff) * -1 + 1;
            $score = $score < -5 ? -5 : $score;
            $score_class = 'negative';
    }
    $return .= '<h2 class="age_guess_score_' . $score_class . '">' . $score . 'p</h2>' . "\n";
    foreach ($AGE_GUESS_COMMENTS as $comment => $differences) {
        foreach ($differences as $difference) {
            $comments_by_diff[$difference][] = $comment;
        }
    }
    $comment = $_GET['guessed_age'] == 'skip' ? 'Hoppade över' : $comments_by_diff[$age_diff][rand(0, count($comments_by_diff[$age_diff]) - 1)];
    $return .= '<h2>' . $comment . '</h2>' . "\n";
    $return .= '<p class="age_guess_answer_text"><a href="/traffa/profile.php?id=' . $_SESSION['age_guess']['current_user'] . '">' . $_SESSION['age_guess']['current_username'] . '</a>' . "\n";
    $return .= ' är ' . $_SESSION['age_guess']['current_age'] . ' år</p>';
    $return .= '<button onclick="window.open(\'/traffa/profile.php?id=' . $_SESSION['age_guess']['current_user'] . '\');">Besök i nytt fönster</button>' . "\n";
    if (is_numeric($_GET['guessed_age'])) {
        event_log_log('age_guess_guess');
        /* Log answer to database */
        $insertquery = 'INSERT INTO age_guess_logs (user, age_' . $_GET['guessed_age'] . ') VALUES("' . $_SESSION['age_guess']['current_user'] . '", 1)';
        $updatequery = 'UPDATE age_guess_logs SET age_' . $_GET['guessed_age'] . ' = age_' . $_GET['guessed_age'] . ' + 1 WHERE user = "******" LIMIT 1';
        mysql_query($insertquery) or mysql_query($updatequery);
        if (login_checklogin()) {
            $correct = $age_diff == 0 ? 1 : 0;
            $insertquery = 'INSERT INTO age_guess_scoring (user, week, score, viewed_images, correct_guesses, correct_ratio)';
            $insertquery .= ' VALUES("' . $_SESSION['login']['id'] . '", "' . date('YW') . '", "' . $score . '", 1, ' . $correct . ', correct_guesses/viewed_images)';
            $updatequery = 'UPDATE age_guess_scoring SET score = score + ' . $score . ', viewed_images = viewed_images + 1, correct_guesses = correct_guesses + ' . $correct . ', correct_ratio = correct_guesses/viewed_images';
            $updatequery .= ' WHERE user = "******" AND week = "' . date('YW') . '" LIMIT 1';
            mysql_query($insertquery) or mysql_query($updatequery);
            $_SESSION['age_guess']['score'] += $score;
            $_SESSION['age_guess']['correct_guesses'] += $correct;
            if ($_SESSION['age_guess']['score'] < -10) {
                $_SESSION['age_guess']['score'] = -10;
                $query = 'UPDATE age_guess_scoring SET score = -10 WHERE user = "******" AND week = "' . date('YW') . '" LIMIT 1';
                mysql_query($query);
            }
            /* Find out if the remote user is online, if so, open the session and send a quicknote about the vote */
            if ($score != 5) {
                $query = 'SELECT session_id, lastaction FROM login WHERE id = "' . $_SESSION['age_guess']['current_user'] . '" LIMIT 1';
                $result = mysql_query($query);
                if ($data = mysql_fetch_assoc($result)) {
                    if ($data['lastaction'] > time() - 600) {
                        $remote_session = session_load($data['session_id']);
                        $remote_session['notice_message'] = 'Du, <a href="/traffa/profile.php?id=' . $_SESSION['login']['id'] . '">' . $_SESSION['login']['username'] . '</a> gissade nyss att du är ' . $_GET['guessed_age'] . ' år gammal i <a href="/traffa/age_guess.php">Gissa Åldern</a>!';
                        session_save($data['session_id'], $remote_session);
                    }
                }
            }
        }
    }
    return $return;
}
예제 #7
0
                 preint_r($_POST);
             } else {
                 echo 'Du har inte privilegier för att sätta RO\'s' . "\n";
             }
             break;
         case 'gb_warning':
             guestbook_insert(array('sender' => 2348, 'recipient' => $user['id'], 'is_private' => 1, 'message' => $_POST['message']));
             echo '<p>Guestbook message sent</p>' . "\n";
             break;
         case 'user_abuse':
             $query = 'INSERT INTO user_abuse (user, timestamp, admin, freetext) VALUES("' . $user['id'] . '", "' . time() . '", "' . $_SESSION['login']['id'] . '", "' . $_POST['freetext'] . '")';
             mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
             break;
     }
     if ($user['id'] != $_SESSION['login']['id']) {
         session_save($user['session_id'], $user_session);
     }
 }
 echo '<hr />' . "\n";
 $out = '<h1 style="margin-top: 0px;"><a href="/traffa/profile.php?id=' . $user['id'] . '">' . $user['username'] . '</a>, member since ' . date('Y-m-d H:i', $user['regtimestamp']) . '</h1>' . "\n";
 $out .= '<hr />' . "\n";
 if (is_privilegied('read_only_admin')) {
     $out .= '<h2 style="margin-top: 0px;">Forum quality level</h2>' . "\n";
     $out .= '<form method="post">' . "\n";
     $out .= '<input type="hidden" name="action" value="quality_level" />' . "\n";
     $out .= '<select name="quality_level">' . "\n";
     for ($i = 5; $i >= 0; $i--) {
         $selected = $user['quality_level'] == $i ? ' selected="selected"' : '';
         $out .= '<option value="' . $i . '"' . $selected . '>' . $i . '</option>' . "\n";
     }
     $out .= '</select>' . "\n";
예제 #8
0
        amuse_draw_small_item($data, 'table');
    }
    echo '</table>';
}
listPhotos($userid, $userdata['traffa']['photos']);
if (login_checklogin() == 1 && $_SESSION['login']['id'] != $userid) {
    $query = 'INSERT INTO traffa_visits(profileid, userid, tstamp) VALUES(' . $userid . ', ';
    $query .= $_SESSION['login']['id'] . ', UNIX_TIMESTAMP())';
    mysql_query($query) or die(report_sql_error($query));
    $view = $userid;
    /* This is for the bubblemessage-stuff */
    if (strlen($userdata['login']['session_id']) > 5) {
        if ($_SESSION['visited_profiles'][$view] != 1 && $userdata['preferences']['bubblemessage_visitors'] == 'Y') {
            $_SESSION['visited_profiles'][$view] = 1;
            $bubblemessage = '<a href="/traffa/profile.php?id=' . $_SESSION['login']['id'] . '">' . $_SESSION['login']['username'] . '</a> surfade nyss in på din presentation ;)';
            $remote_session = session_load($userdata['login']['session_id']);
            $remote_session['bubblemessage'] = $bubblemessage;
            session_save($userdata['login']['session_id'], $remote_session);
        }
    }
    /* Add the visit to thevisitors left panel */
    if (count($_SESSION['profile_visits']) == 10) {
        array_pop($_SESSION['profile_visits']);
    }
    if (!isset($_SESSION['profile_visits'])) {
        $_SESSION['profile_visits'][] = array('id' => $view, 'username' => $userdata['login']['username']);
    } else {
        array_unshift($_SESSION['profile_visits'], array('id' => $view, 'username' => $userdata['login']['username']));
    }
}
ui_bottom();
예제 #9
0
파일: posts.php 프로젝트: Razze/hamsterpaj
function posts_create($post, $options)
{
    /*
    		Required info: 
    			content
    			discussion_id
    			author
    		
    		Optional info:
    			timestamp
    */
    /*
    	$post['content'] = str_replace('(</p><p>)+', '</p><p>', $post['content']);
    	$post['content'] = str_replace('(<br />)+', '<br />', $post['content']);
    */
    if (forum_read_only_get($post['author'])) {
        echo 'Error: Användaren avstängd från forumet' . "\n";
        return false;
    }
    $post['content'] = trim($post['content']);
    $content = mysql_real_escape_string($post['content']);
    $quality_rank = text_quality_rank($post['content']);
    $spelling_grammar = text_quality_rank($post['content']);
    $post['timestamp'] = isset($post['timestamp']) ? $post['timestamp'] : time();
    $query = 'INSERT INTO posts (author, length, content, discussion_id, quality_rank, spelling_grammar, timestamp, no_smilies)';
    $query .= ' VALUES("' . $post['author'] . '", "' . strlen($post['content']) . '", "' . $post['content'] . '", "' . $post['discussion_id'];
    $query .= '", "' . $quality_rank . '", "' . $spelling_grammar . '", "' . $post['timestamp'] . '", "';
    $query .= (isset($post['no_smilies']) ? '1' : '0') . '")';
    mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
    $post_id = mysql_insert_id();
    /* Increase the post counter */
    $query = 'UPDATE discussions SET posts = posts + 1, last_post = "' . $post_id . '" WHERE id = "' . $post['discussion_id'] . '" LIMIT 1';
    mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
    if (isset($options['gb_recipient'])) {
        /* Update the "unread entries" in the remote users session */
        $query = 'SELECT session_id FROM login WHERE id = "' . $options['gb_recipient'] . '" LIMIT 1';
        $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
        if (mysql_num_rows($result) == 1) {
            $data = mysql_fetch_assoc($result);
            if (strlen($data['session_id']) > 1) {
                $remote_session = session_load($data['session_id']);
                $remote_session['notices']['unread_gb_entries'] += 1;
                session_save($sessid_data['session_id'], $remote_session);
            }
        }
        /* If a private entry has been sent, set the appropriate flag */
        if ($options['private_gb'] == true) {
            $query = 'INSERT INTO flags (object_id, object_type, flag) VALUES("' . $post_id . '", "post", "private_gb")';
            mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
        }
    }
    //Parse to find answer tags
    foreach (preg_split('/\\n/', $content) as $line) {
        // find tags like: [svar:AmarsoLove=3245]
        // 					eller: [svar:Henrik]
        if (preg_match('/\\[svar:(\\w+)(=\\d+)?\\]/', $line, $matches)) {
            //Fetch user_id
            if (strtolower($matches[1]) != 'borttagen') {
                $query = 'SELECT id FROM login WHERE username = "******"';
                $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
                if (mysql_num_rows($result) == 1) {
                    $data = mysql_fetch_assoc($result);
                    $receiver_id = $data['id'];
                    //Insert response notice
                    $query = 'INSERT INTO notices (user_id, post_id, type) VALUES ("' . $receiver_id . '", "' . $post_id . '", "response")';
                    mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
                }
            }
        }
    }
    //Send notices to all users listed in $options['notices']
    if (isset($options['notices'])) {
        foreach ($options['notices'] as $receiver) {
            if (strtolower($matches[1]) != 'borttagen') {
                //Fetch user_id
                $query = 'SELECT id FROM login WHERE username = "******"';
                $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
                if (mysql_num_rows($result) == 1) {
                    $data = mysql_fetch_assoc($result);
                    $receiver_id = $data['id'];
                    //Insert response notice
                    $query = 'INSERT INTO notices (user_id, post_id, type) VALUES ("' . $receiver_id . '", "' . $post_id . '", "notice")';
                    log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'notiser', $query);
                    mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
                }
            }
        }
    }
    //Update users quality rank
    //todo! This will require some thinking and adjustments in the future
    if (login_checklogin()) {
        $user_quality_rank = ($_SESSION['userinfo']['forum_quality_rank'] * 9 + $quality_rank) / 10;
        unset($data);
        $data['userinfo']['forum_quality_rank'] = $user_quality_rank;
        login_save_user_data($_SESSION['login']['id'], $data);
        session_merge($data);
        //Update discussion quality rank
        $query = 'SELECT quality_rank FROM posts WHERE discussion_id ="' . $post['discussion_id'] . '" ORDER BY id DESC LIMIT 30';
        $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
        while ($data = mysql_fetch_assoc($result)) {
            $quality_ranks[] = $data['quality_rank'];
        }
        sort($quality_ranks);
        $discussion_quality_rank = $quality_ranks[floor(count($quality_ranks) / 2)];
        $query = 'UPDATE discussions SET quality_rank="' . $discussion_quality_rank . '" WHERE id = "' . $post['discussion_id'] . '"';
        mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
    }
    //Update discussion popularity
    $slot = floor(date('G') / 3);
    $slot_pre = $slot - 1;
    $date_pre = date('Y-m-d');
    if ($slot_pre < 0) {
        $slot_pre = 7;
        $date_pre = date('Y-m-d', strtotime('yesterday'));
    }
    $query_update = 'UPDATE discussion_statistics SET posts = posts + 1 WHERE discussion_id = "' . $post['discussion_id'] . '" AND date = "' . date('Y-m-d') . '" AND slot = "' . $slot . '"';
    $query_posts_pre = 'SELECT posts FROM discussion_statistics WHERE discussion_id = "' . $post['discussion_id'] . '" AND date = "' . $date_pre . '" AND slot = "' . $slot_pre . '" LIMIT 1';
    //	log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, $post['discussion_id'] . ' ' . $slot . ' ' . $slot_pre, $query_posts_pre);
    // Update the popularity for the tags that the discussion has been tagged with.
    $tags = tag_get_by_item('discussion', $post['discussion_id']);
    foreach ($tags as $tag) {
        $query = 'UPDATE tags SET popularity = IF(popularity IS NULL, 0.05, popularity + 0.05) WHERE id = "' . $tag['tag_id'] . '" LIMIT 1';
        mysql_query($query) or die(report_sql_error($query));
    }
    $result = mysql_query($query_posts_pre);
    if ($data = mysql_fetch_assoc($result)) {
        //		log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, $data['posts'], $query_posts_pre);
        $posts_pre = $data['posts'];
    }
    $query_insert = 'INSERT INTO discussion_statistics (discussion_id, date, slot, posts, posts_pre) VALUES ("' . $post['discussion_id'] . '", "' . date('Y-m-d') . '", "' . $slot . '", "1",' . ' "' . $posts_pre . '")';
    //	log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'insert', $query_insert);
    if (mysql_query($query_insert)) {
        log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'Vi körde insert!', $query_insert);
    } elseif (mysql_query($query_update)) {
        log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'Vi körde update!', $query_update);
    } else {
        log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, $query_update, $query_insert);
        exit;
    }
    $_SESSION['posts']['latest'][] = array('timestamp' => $time, 'hash' => md5($post['content']));
    return $post_id;
}
예제 #10
0
require '../include/core/common.php';
try {
    $ui_options['stylesheets'][] = 'forms.css';
    if (!is_privilegied('user_message')) {
        throw new Exception('Du har inte privilegier för den här sidan');
    }
    if (isset($_POST['username']) && isset($_POST['message'])) {
        $query = 'SELECT session_id FROM login WHERE username = "******" LIMIT 1';
        $result = mysql_query($query) or report_sql_error($query);
        if (mysql_num_rows($result) == 1) {
            $data = mysql_fetch_assoc($result);
            if (strlen($data['session_id']) > 0) {
                $remote_session = session_load($data['session_id']);
                $remote_session['user_message'] = $_POST['message'];
                session_save($data['session_id'], $remote_session);
                $out .= '<div class="form_notice_success">Meddelande skickat!</div>' . "\n";
            } else {
                $out .= '<div class="form_notice_error">Den användaren verkar inte ha en aktiv session.</div>' . "\n";
            }
        } else {
            $out .= '<div class="form_notice_error">Användaren hittades inte.</div>' . "\n";
        }
    }
    // form
    $out .= '<fieldset>' . "\n";
    $out .= '<legend>Användarmeddelande!</legend>' . "\n";
    $out .= '<p>Den här funktionen ger användaren en javascriptruta med ditt meddelande. Detta kräver dock att användaren är inloggad.</p>' . "\n";
    $out .= '<form action="?action=submit" method="post">';
    $out .= '<table class="form">' . "\n";
    $out .= '<tr>' . "\n";
예제 #11
0
function messages_send($sender, $recipient, $title, $message, $allowhtml = 0, $mass_message_id = 0)
{
    if (!is_array($recipient)) {
        $recipient = array($recipient);
    }
    $discussion = fetch_new_discussion_id($sender, $recipient);
    if ($allowhtml != '1') {
        $message = $message;
    } else {
        $message = addslashes($message);
    }
    $message = nl2br($message);
    $title = htmlspecialchars($title);
    foreach ($recipient as $this_recipient) {
        $query = 'INSERT INTO messages_new(sender, recipient, title, message, timestamp, discussion, mass_message_id) ';
        $query .= 'VALUES("' . $sender . '", "' . $this_recipient . '", "' . $title . '", "' . $message . '", UNIX_TIMESTAMP(), ' . $discussion . ', ' . $mass_message_id . ')';
        mysql_query($query) or die(report_sql_error($query));
        $message_id = mysql_insert_id();
        $query = 'UPDATE userinfo SET messages_recieved = messages_recieved + 1 WHERE userid = ' . $this_recipient . ' LIMIT 1';
        mysql_query($query) or die(report_sql_error($query));
        $query = 'UPDATE userinfo SET messages_sent = messages_sent + 1 WHERE userid = ' . $sender . ' LIMIT 1';
        mysql_query($query) or die(report_sql_error($query));
        $query = 'SELECT session_id FROM login WHERE id = "' . $this_recipient . '" LIMIT 1';
        $result = mysql_query($query) or die(report_sql_error($query));
        $sessid_data = mysql_fetch_assoc($result);
        if (strlen($sessid_data['session_id']) > 1) {
            if ($_SESSION['login']['id'] == $sender) {
                $bubblemessage = '"Så var det dags igen... ' . $_SESSION['login']['username'] . ' skickade nyss ett <b>nytt meddelande</b> till dig. Du kan <a href="/traffa/messages.php?action=read&message_id=' . $message_id . '">klicka här</a> om du vill läsa meddelandet."';
            } else {
                $bubblemessage = '"Tjena kompis! Du har nyss fått ett nytt <b>meddelande!</>! <a href="/traffa/messages.php">Till dina meddelanden &raquo;</a>"';
            }
            $remote_session = session_load($sessid_data['session_id']);
            $remote_session['bubblemessage'][] = $bubblemessage;
            $remote_session['notices']['unread_messages'] += 1;
            session_save($sessid_data['session_id'], $remote_session);
        }
    }
}
예제 #12
0
function guestbook_insert($entry)
{
    if ($entry['is_mass_gb'] !== true) {
        if ($_SESSION['login']['id'] == $entry['sender']) {
            if ($_SESSION['last_gb_entry'] > time() - 5) {
                return false;
            }
        }
        if (strlen($entry['message']) == 0) {
            return false;
        }
        if ($entry['recipient'] == 2348 && $entry['sender'] != 2348) {
            $_SESSION['posted_gb_to_webmaster'] = true;
        }
    }
    $entry['is_private'] = $entry['is_private'] == 1 ? 1 : 0;
    $query = 'INSERT INTO traffa_guestbooks(timestamp, recipient, sender, message, is_private)';
    $query .= ' VALUES("' . time() . '", "' . $entry['recipient'] . '", "' . $entry['sender'] . '", "' . $entry['message'] . '", "' . $entry['is_private'] . '")';
    mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
    $entry['id'] = mysql_insert_id();
    $query = 'UPDATE userinfo SET gb_entries = gb_entries + 1 WHERE userid = "' . $entry['recipient'] . '" LIMIT 1';
    if (!mysql_query($query)) {
        report_sql_error($query, __FILE__, __LINE__);
        return false;
    }
    if (isset($entry['reply-to'])) {
        $query = 'UPDATE traffa_guestbooks SET answered = "Y", `read` =  1 WHERE id = "' . $entry['reply-to'] . '" AND recipient = "' . $entry['sender'] . '" LIMIT 1';
        if (!mysql_query($query)) {
            report_sql_error($query, __FILE__, __LINE__);
            return false;
        }
    }
    if ($entry['is_mass_gb'] !== true) {
        $query = 'SELECT session_id FROM login WHERE id = "' . $entry['recipient'] . '" LIMIT 1';
        $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
        $data = mysql_fetch_assoc($result);
        if (strlen($data['session_id']) > 5) {
            $remote_session = session_load($data['session_id']);
            $remote_session['notices']['unread_gb_entries'] += 1;
            $entry['image'] = $_SESSION['userinfo']['image'];
            $entry['timestamp'] = time();
            $entry['message'] = stripslashes($entry['message']);
            $entry['username'] = $_SESSION['login']['username'];
            $remote_session['unread_gb_entries'][] = $entry;
            session_save($data['session_id'], $remote_session);
        }
    }
    $_SESSION['last_gb_entry'] = time();
    // Report message to gb_autoreport if it contains a string which should be reported.
    $query = 'SELECT id, string FROM gb_autoreport_strings';
    $gb_autoreport_strings = query_cache(array('query' => $query));
    $message = strtolower(' ' . $entry['message'] . ' ');
    foreach ($gb_autoreport_strings as $gb_autoreport_string) {
        if (strpos($message, strtolower($gb_autoreport_string['string'])) == true) {
            $report_gb = true;
        }
    }
    if (isset($report_gb) && $report_gb == true) {
        $query = 'INSERT INTO gb_autoreport_posts SET string_id = ' . $gb_autoreport_string['id'] . ', gb_id = ' . $entry['id'];
        mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
    }
    return true;
}
예제 #13
0
function photoblog_forbid_upload($options)
{
    if (!is_privilegied('photoblog_upload_forbid')) {
        throw new Exception('You need privilegies for this');
    }
    if (!isset($options['user_id']) && !is_numeric($options['user_id'])) {
        throw new Exception('User id must be set');
    }
    if (!isset($options['days']) && !is_numeric($options['days'])) {
        throw new Exception('number of days must be set');
    }
    $query = 'UPDATE photoblog_preferences SET upload_forbidden = ' . strtotime('+' . $options['days'] . ' day', time()) . ' WHERE userid = ' . $options['user_id'] . ' LIMIT 1';
    mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
    if ($_SESSION['login']['id'] == $options['user_id']) {
        $_SESSION['photoblog_preferences']['upload_forbidden'] = strtotime('+' . $options['days'] . ' day', time());
    } else {
        $query = 'SELECT session_id FROM login WHERE id = ' . $options['user_id'] . ' LIMIT 1';
        $result = mysql_query($query) or report_sql_error($query);
        if (mysql_num_rows($result) == 1) {
            $data = mysql_fetch_assoc($result);
            if (strlen($data['session_id']) > 0) {
                $remote_session = session_load($data['session_id']);
                $remote_session['photoblog_preferences']['upload_forbidden'] = strtotime('+' . $options['days'] . ' day', time());
                session_save($data['session_id'], $remote_session);
            }
        }
    }
    log_admin_event('photoblog_upload_forbidden', 'Antal dagar: ' . $options['days'], $_SESSION['login']['id'], $options['user_id'], 0);
}