/**
* Session Error
*
* filter to catch a submitted resource in case of error
*
* @author Brian Hendrickson <*****@*****.**>
* @access public
* @param object $req
* @param string $errstr
* @todo re-implement
*/
function session_error(&$req, $errstr)
{
global $db;
if (array_key_exists($req->resource, $db->models)) {
$model =& $db->models[$req->resource];
if (isset($req->action) && in_array($req->action, array('put', 'post'))) {
session_save($req, $model);
}
}
}
function guestbook_insert($entry)
{
if ($entry['is_mass_gb'] !== true) {
if ($_SESSION['login']['id'] == $entry['sender']) {
if ($_SESSION['last_gb_entry'] > time() - 5) {
return false;
}
}
if (strlen($entry['message']) == 0) {
return false;
}
if ($entry['recipient'] == 2348 && $entry['sender'] != 2348) {
$_SESSION['posted_gb_to_webmaster'] = true;
}
}
$entry['is_private'] = $entry['is_private'] == 1 ? 1 : 0;
$query = 'INSERT INTO traffa_guestbooks(timestamp, recipient, sender, message, is_private)';
$query .= ' VALUES("' . time() . '", "' . $entry['recipient'] . '", "' . $entry['sender'] . '", "' . $entry['message'] . '", "' . $entry['is_private'] . '")';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$entry['id'] = mysql_insert_id();
$query = 'UPDATE userinfo SET gb_entries = gb_entries + 1 WHERE userid = "' . $entry['recipient'] . '" LIMIT 1';
if (!mysql_query($query)) {
report_sql_error($query, __FILE__, __LINE__);
return false;
}
if (isset($entry['reply-to'])) {
$query = 'UPDATE traffa_guestbooks SET answered = "Y", `read` = 1 WHERE id = "' . $entry['reply-to'] . '" AND recipient = "' . $entry['sender'] . '" LIMIT 1';
if (!mysql_query($query)) {
report_sql_error($query, __FILE__, __LINE__);
return false;
}
}
if ($entry['is_mass_gb'] !== true) {
$query = 'SELECT session_id FROM login WHERE id = "' . $entry['recipient'] . '" LIMIT 1';
$result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$data = mysql_fetch_assoc($result);
if (strlen($data['session_id']) > 5) {
$remote_session = session_load($data['session_id']);
$remote_session['notices']['unread_gb_entries'] += 1;
$entry['image'] = $_SESSION['userinfo']['image'];
$entry['timestamp'] = time();
$entry['message'] = stripslashes($entry['message']);
$entry['username'] = $_SESSION['login']['username'];
$remote_session['unread_gb_entries'][] = $entry;
session_save($data['session_id'], $remote_session);
}
}
$_SESSION['last_gb_entry'] = time();
return true;
}
function block_user($userid)
{
mysql_query('UPDATE userinfo SET image = 0, image_ban_expire = "' . (time() + 86400 * 7) . '" WHERE userid = "' . $userid . '" LIMIT 1') or die('<script language="javascript">alert("FATALT FEL! IGNORERA FÖLJANDE MEDDELANDE OM ATT UPPDATERINGEN LYCKADES. MYSQL FELINFORMATION: (vidarebefodra till Tritone)\\n\\n' . mysql_error() . '")</script>');
/* We need to load and modify the remote users session */
$sessid_sql = 'SELECT session_id FROM login WHERE id = "' . $userid . '" LIMIT 1';
$sessid_result = mysql_query($sessid_sql) or die(report_sql_error($sessid_sql));
$sessid_data = mysql_fetch_assoc($sessid_result);
if (strlen($sessid_data['session_id']) > 5) {
$remote_session = session_load($sessid_data['session_id']);
$remote_session['userinfo']['image_ban_expire'] = time() + 86400 * 7;
session_save($sessid_data['session_id'], $remote_session);
}
if (unlink(PATHS_IMAGES . 'users/full/' . $userid . '.jpg') && unlink(PATHS_IMAGES . 'users/thumb/' . $userid . '.jpg')) {
echo '<script language="javascript">alert("Användar-ID ' . $userid . ' har blockerats från framtida uppladdning av bilder.");</script>';
log_admin_event('user blocked image upload', '', $_SESSION['login']['id'], $userid, $userid);
} else {
echo '<script language="javascript">alert("Ett fel uppstod när ' . $userid . '.jpg skulle tas bort!");</script>';
}
}
function new_entry($recipient, $sender, $message, $private = 0, $answereid = null, $post_id = 0)
{
//$message = htmlspecialchars($message);
$private = $private == 1 ? 1 : 0;
$insert_sql = 'INSERT INTO traffa_guestbooks(timestamp, recipient, sender, message, is_private, forum_post) ';
$insert_sql .= 'VALUES(UNIX_TIMESTAMP(), ' . $recipient . ', ' . $sender . ', \'' . $message . '\', ' . $private . ', ' . $post_id . ')';
mysql_query($insert_sql) or die(report_sql_error($insert_sql));
$update_sql = 'UPDATE traffa SET guestbook_entries = guestbook_entries + 1 WHERE userid = ' . $recipient . ' LIMIT 1';
mysql_query($update_sql) or die('Ett kritiskt fel uppstod! Felet uppstod i new_entry(). Felet uppstod när data uppdaterades.<br />Felinfo:<br />' . mysql_error());
$sessid_sql = 'SELECT session_id FROM login WHERE id = "' . $recipient . '" LIMIT 1';
$sessid_result = mysql_query($sessid_sql) or die(report_sql_error($sessid_sql));
$sessid_data = mysql_fetch_assoc($sessid_result);
if (strlen($sessid_data['session_id']) > 5) {
$remote_session = session_load($sessid_data['session_id']);
$remote_session['notices']['unread_gb_entries'] += 1;
session_save($sessid_data['session_id'], $remote_session);
}
if (isset($answereid)) {
$query = 'UPDATE traffa_guestbooks SET answered = "Y" WHERE id = "' . $answereid . '" AND recipient = "' . $_SESSION['login']['id'] . '" LIMIT 1';
mysql_query($query) or die('Ett kritiskt fel uppstod! Felet uppstod i new_entry(). Felet uppstod när data uppdaterades.<br />Felinfo:<br />' . mysql_error());
}
}
if ($increase_profile_visitors == true) {
$query = 'UPDATE userinfo SET profile_visitors = profile_visitors + 1 WHERE userid = ' . $user_id;
mysql_query($query) or die(report_sql_error($query));
}
$querys = array();
$querys['insert'] = 'INSERT INTO user_visits(user_id, item_id, type, count, timestamp) VALUES(' . $user_id . ', ' . $_SESSION['login']['id'] . ', "profile_visit", 1, unix_timestamp())';
$querys['update'] = 'UPDATE user_visits SET count = count + 1, timestamp = unix_timestamp() WHERE user_id=' . $user_id . ' AND item_id=' . $_SESSION['login']['id'] . ' AND type="profile_visit"';
@mysql_query($querys['insert']) or @mysql_query($querys['update']);
unset($querys);
/* Read remote session and log this visit */
$remote_session = session_load($userinfo['login']['session_id']);
if ($_SESSION['userinfo']['image'] == 1 || $_SESSION['userinfo']['image'] == 2) {
$visited = false;
foreach ($remote_session['visitors_with_image'] as $visitor) {
$visited = $visitor['id'] == $_SESSION['login']['id'] ? true : $visited;
}
if ($visited == false) {
while (count($remote_session['visitors_with_image']) >= 8) {
array_pop($remote_session['visitors_with_image']);
}
array_unshift($remote_session['visitors_with_image'], array('id' => $_SESSION['login']['id'], 'timestamp' => time(), 'username' => $_SESSION['login']['username']));
}
}
$remote_session['notice_message'] = 'Hey där, <a href="/traffa/profile.php?id=' . $_SESSION['login']['id'] . '">' . $_SESSION['login']['username'] . '</a> sladdade just in på din profil! - <a href="/traffa/my_visitors.php">Visa alla dina besökare!</a>';
session_save($userinfo['login']['session_id'], $remote_session);
}
//End of Lef
$output .= profile_bottom($profile);
ui_top($ui_options);
echo $output;
ui_bottom();
function age_guess_result()
{
global $AGE_GUESS_COMMENTS;
$return .= '<img src="http://images.hamsterpaj.net/images/users/thumb/' . $_SESSION['age_guess']['current_user'] . '" />' . "\n";
$age_diff = $_GET['guessed_age'] == 'skip' ? 1 : $_GET['guessed_age'] - $_SESSION['age_guess']['current_age'];
switch (abs($age_diff)) {
case 0:
$score = 5;
$score_class = 'positive';
break;
case 1:
$score = 0;
$score_class = 'unchanged';
break;
default:
$score = abs($age_diff) * -1 + 1;
$score = $score < -5 ? -5 : $score;
$score_class = 'negative';
}
$return .= '<h2 class="age_guess_score_' . $score_class . '">' . $score . 'p</h2>' . "\n";
foreach ($AGE_GUESS_COMMENTS as $comment => $differences) {
foreach ($differences as $difference) {
$comments_by_diff[$difference][] = $comment;
}
}
$comment = $_GET['guessed_age'] == 'skip' ? 'Hoppade över' : $comments_by_diff[$age_diff][rand(0, count($comments_by_diff[$age_diff]) - 1)];
$return .= '<h2>' . $comment . '</h2>' . "\n";
$return .= '<p class="age_guess_answer_text"><a href="/traffa/profile.php?id=' . $_SESSION['age_guess']['current_user'] . '">' . $_SESSION['age_guess']['current_username'] . '</a>' . "\n";
$return .= ' är ' . $_SESSION['age_guess']['current_age'] . ' år</p>';
$return .= '<button onclick="window.open(\'/traffa/profile.php?id=' . $_SESSION['age_guess']['current_user'] . '\');">Besök i nytt fönster</button>' . "\n";
if (is_numeric($_GET['guessed_age'])) {
event_log_log('age_guess_guess');
/* Log answer to database */
$insertquery = 'INSERT INTO age_guess_logs (user, age_' . $_GET['guessed_age'] . ') VALUES("' . $_SESSION['age_guess']['current_user'] . '", 1)';
$updatequery = 'UPDATE age_guess_logs SET age_' . $_GET['guessed_age'] . ' = age_' . $_GET['guessed_age'] . ' + 1 WHERE user = "******" LIMIT 1';
mysql_query($insertquery) or mysql_query($updatequery);
if (login_checklogin()) {
$correct = $age_diff == 0 ? 1 : 0;
$insertquery = 'INSERT INTO age_guess_scoring (user, week, score, viewed_images, correct_guesses, correct_ratio)';
$insertquery .= ' VALUES("' . $_SESSION['login']['id'] . '", "' . date('YW') . '", "' . $score . '", 1, ' . $correct . ', correct_guesses/viewed_images)';
$updatequery = 'UPDATE age_guess_scoring SET score = score + ' . $score . ', viewed_images = viewed_images + 1, correct_guesses = correct_guesses + ' . $correct . ', correct_ratio = correct_guesses/viewed_images';
$updatequery .= ' WHERE user = "******" AND week = "' . date('YW') . '" LIMIT 1';
mysql_query($insertquery) or mysql_query($updatequery);
$_SESSION['age_guess']['score'] += $score;
$_SESSION['age_guess']['correct_guesses'] += $correct;
if ($_SESSION['age_guess']['score'] < -10) {
$_SESSION['age_guess']['score'] = -10;
$query = 'UPDATE age_guess_scoring SET score = -10 WHERE user = "******" AND week = "' . date('YW') . '" LIMIT 1';
mysql_query($query);
}
/* Find out if the remote user is online, if so, open the session and send a quicknote about the vote */
if ($score != 5) {
$query = 'SELECT session_id, lastaction FROM login WHERE id = "' . $_SESSION['age_guess']['current_user'] . '" LIMIT 1';
$result = mysql_query($query);
if ($data = mysql_fetch_assoc($result)) {
if ($data['lastaction'] > time() - 600) {
$remote_session = session_load($data['session_id']);
$remote_session['notice_message'] = 'Du, <a href="/traffa/profile.php?id=' . $_SESSION['login']['id'] . '">' . $_SESSION['login']['username'] . '</a> gissade nyss att du är ' . $_GET['guessed_age'] . ' år gammal i <a href="/traffa/age_guess.php">Gissa Åldern</a>!';
session_save($data['session_id'], $remote_session);
}
}
}
}
}
return $return;
}
preint_r($_POST);
} else {
echo 'Du har inte privilegier för att sätta RO\'s' . "\n";
}
break;
case 'gb_warning':
guestbook_insert(array('sender' => 2348, 'recipient' => $user['id'], 'is_private' => 1, 'message' => $_POST['message']));
echo '<p>Guestbook message sent</p>' . "\n";
break;
case 'user_abuse':
$query = 'INSERT INTO user_abuse (user, timestamp, admin, freetext) VALUES("' . $user['id'] . '", "' . time() . '", "' . $_SESSION['login']['id'] . '", "' . $_POST['freetext'] . '")';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
break;
}
if ($user['id'] != $_SESSION['login']['id']) {
session_save($user['session_id'], $user_session);
}
}
echo '<hr />' . "\n";
$out = '<h1 style="margin-top: 0px;"><a href="/traffa/profile.php?id=' . $user['id'] . '">' . $user['username'] . '</a>, member since ' . date('Y-m-d H:i', $user['regtimestamp']) . '</h1>' . "\n";
$out .= '<hr />' . "\n";
if (is_privilegied('read_only_admin')) {
$out .= '<h2 style="margin-top: 0px;">Forum quality level</h2>' . "\n";
$out .= '<form method="post">' . "\n";
$out .= '<input type="hidden" name="action" value="quality_level" />' . "\n";
$out .= '<select name="quality_level">' . "\n";
for ($i = 5; $i >= 0; $i--) {
$selected = $user['quality_level'] == $i ? ' selected="selected"' : '';
$out .= '<option value="' . $i . '"' . $selected . '>' . $i . '</option>' . "\n";
}
$out .= '</select>' . "\n";
amuse_draw_small_item($data, 'table');
}
echo '</table>';
}
listPhotos($userid, $userdata['traffa']['photos']);
if (login_checklogin() == 1 && $_SESSION['login']['id'] != $userid) {
$query = 'INSERT INTO traffa_visits(profileid, userid, tstamp) VALUES(' . $userid . ', ';
$query .= $_SESSION['login']['id'] . ', UNIX_TIMESTAMP())';
mysql_query($query) or die(report_sql_error($query));
$view = $userid;
/* This is for the bubblemessage-stuff */
if (strlen($userdata['login']['session_id']) > 5) {
if ($_SESSION['visited_profiles'][$view] != 1 && $userdata['preferences']['bubblemessage_visitors'] == 'Y') {
$_SESSION['visited_profiles'][$view] = 1;
$bubblemessage = '<a href="/traffa/profile.php?id=' . $_SESSION['login']['id'] . '">' . $_SESSION['login']['username'] . '</a> surfade nyss in på din presentation ;)';
$remote_session = session_load($userdata['login']['session_id']);
$remote_session['bubblemessage'] = $bubblemessage;
session_save($userdata['login']['session_id'], $remote_session);
}
}
/* Add the visit to thevisitors left panel */
if (count($_SESSION['profile_visits']) == 10) {
array_pop($_SESSION['profile_visits']);
}
if (!isset($_SESSION['profile_visits'])) {
$_SESSION['profile_visits'][] = array('id' => $view, 'username' => $userdata['login']['username']);
} else {
array_unshift($_SESSION['profile_visits'], array('id' => $view, 'username' => $userdata['login']['username']));
}
}
ui_bottom();
function posts_create($post, $options)
{
/*
Required info:
content
discussion_id
author
Optional info:
timestamp
*/
/*
$post['content'] = str_replace('(</p><p>)+', '</p><p>', $post['content']);
$post['content'] = str_replace('(<br />)+', '<br />', $post['content']);
*/
if (forum_read_only_get($post['author'])) {
echo 'Error: Användaren avstängd från forumet' . "\n";
return false;
}
$post['content'] = trim($post['content']);
$content = mysql_real_escape_string($post['content']);
$quality_rank = text_quality_rank($post['content']);
$spelling_grammar = text_quality_rank($post['content']);
$post['timestamp'] = isset($post['timestamp']) ? $post['timestamp'] : time();
$query = 'INSERT INTO posts (author, length, content, discussion_id, quality_rank, spelling_grammar, timestamp, no_smilies)';
$query .= ' VALUES("' . $post['author'] . '", "' . strlen($post['content']) . '", "' . $post['content'] . '", "' . $post['discussion_id'];
$query .= '", "' . $quality_rank . '", "' . $spelling_grammar . '", "' . $post['timestamp'] . '", "';
$query .= (isset($post['no_smilies']) ? '1' : '0') . '")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
$post_id = mysql_insert_id();
/* Increase the post counter */
$query = 'UPDATE discussions SET posts = posts + 1, last_post = "' . $post_id . '" WHERE id = "' . $post['discussion_id'] . '" LIMIT 1';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
if (isset($options['gb_recipient'])) {
/* Update the "unread entries" in the remote users session */
$query = 'SELECT session_id FROM login WHERE id = "' . $options['gb_recipient'] . '" LIMIT 1';
$result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
if (mysql_num_rows($result) == 1) {
$data = mysql_fetch_assoc($result);
if (strlen($data['session_id']) > 1) {
$remote_session = session_load($data['session_id']);
$remote_session['notices']['unread_gb_entries'] += 1;
session_save($sessid_data['session_id'], $remote_session);
}
}
/* If a private entry has been sent, set the appropriate flag */
if ($options['private_gb'] == true) {
$query = 'INSERT INTO flags (object_id, object_type, flag) VALUES("' . $post_id . '", "post", "private_gb")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
}
}
//Parse to find answer tags
foreach (preg_split('/\\n/', $content) as $line) {
// find tags like: [svar:AmarsoLove=3245]
// eller: [svar:Henrik]
if (preg_match('/\\[svar:(\\w+)(=\\d+)?\\]/', $line, $matches)) {
//Fetch user_id
if (strtolower($matches[1]) != 'borttagen') {
$query = 'SELECT id FROM login WHERE username = "******"';
$result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
if (mysql_num_rows($result) == 1) {
$data = mysql_fetch_assoc($result);
$receiver_id = $data['id'];
//Insert response notice
$query = 'INSERT INTO notices (user_id, post_id, type) VALUES ("' . $receiver_id . '", "' . $post_id . '", "response")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
}
}
}
}
//Send notices to all users listed in $options['notices']
if (isset($options['notices'])) {
foreach ($options['notices'] as $receiver) {
if (strtolower($matches[1]) != 'borttagen') {
//Fetch user_id
$query = 'SELECT id FROM login WHERE username = "******"';
$result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
if (mysql_num_rows($result) == 1) {
$data = mysql_fetch_assoc($result);
$receiver_id = $data['id'];
//Insert response notice
$query = 'INSERT INTO notices (user_id, post_id, type) VALUES ("' . $receiver_id . '", "' . $post_id . '", "notice")';
log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'notiser', $query);
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
}
}
}
}
//Update users quality rank
//todo! This will require some thinking and adjustments in the future
if (login_checklogin()) {
$user_quality_rank = ($_SESSION['userinfo']['forum_quality_rank'] * 9 + $quality_rank) / 10;
unset($data);
$data['userinfo']['forum_quality_rank'] = $user_quality_rank;
login_save_user_data($_SESSION['login']['id'], $data);
session_merge($data);
//Update discussion quality rank
$query = 'SELECT quality_rank FROM posts WHERE discussion_id ="' . $post['discussion_id'] . '" ORDER BY id DESC LIMIT 30';
$result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
while ($data = mysql_fetch_assoc($result)) {
$quality_ranks[] = $data['quality_rank'];
}
sort($quality_ranks);
$discussion_quality_rank = $quality_ranks[floor(count($quality_ranks) / 2)];
$query = 'UPDATE discussions SET quality_rank="' . $discussion_quality_rank . '" WHERE id = "' . $post['discussion_id'] . '"';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
}
//Update discussion popularity
$slot = floor(date('G') / 3);
$slot_pre = $slot - 1;
$date_pre = date('Y-m-d');
if ($slot_pre < 0) {
$slot_pre = 7;
$date_pre = date('Y-m-d', strtotime('yesterday'));
}
$query_update = 'UPDATE discussion_statistics SET posts = posts + 1 WHERE discussion_id = "' . $post['discussion_id'] . '" AND date = "' . date('Y-m-d') . '" AND slot = "' . $slot . '"';
$query_posts_pre = 'SELECT posts FROM discussion_statistics WHERE discussion_id = "' . $post['discussion_id'] . '" AND date = "' . $date_pre . '" AND slot = "' . $slot_pre . '" LIMIT 1';
// log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, $post['discussion_id'] . ' ' . $slot . ' ' . $slot_pre, $query_posts_pre);
// Update the popularity for the tags that the discussion has been tagged with.
$tags = tag_get_by_item('discussion', $post['discussion_id']);
foreach ($tags as $tag) {
$query = 'UPDATE tags SET popularity = IF(popularity IS NULL, 0.05, popularity + 0.05) WHERE id = "' . $tag['tag_id'] . '" LIMIT 1';
mysql_query($query) or die(report_sql_error($query));
}
$result = mysql_query($query_posts_pre);
if ($data = mysql_fetch_assoc($result)) {
// log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, $data['posts'], $query_posts_pre);
$posts_pre = $data['posts'];
}
$query_insert = 'INSERT INTO discussion_statistics (discussion_id, date, slot, posts, posts_pre) VALUES ("' . $post['discussion_id'] . '", "' . date('Y-m-d') . '", "' . $slot . '", "1",' . ' "' . $posts_pre . '")';
// log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'insert', $query_insert);
if (mysql_query($query_insert)) {
log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'Vi körde insert!', $query_insert);
} elseif (mysql_query($query_update)) {
log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'Vi körde update!', $query_update);
} else {
log_to_file('forum', LOGLEVEL_DEBUG, __FILE__, __LINE__, $query_update, $query_insert);
exit;
}
$_SESSION['posts']['latest'][] = array('timestamp' => $time, 'hash' => md5($post['content']));
return $post_id;
}
require '../include/core/common.php';
try {
$ui_options['stylesheets'][] = 'forms.css';
if (!is_privilegied('user_message')) {
throw new Exception('Du har inte privilegier för den här sidan');
}
if (isset($_POST['username']) && isset($_POST['message'])) {
$query = 'SELECT session_id FROM login WHERE username = "******" LIMIT 1';
$result = mysql_query($query) or report_sql_error($query);
if (mysql_num_rows($result) == 1) {
$data = mysql_fetch_assoc($result);
if (strlen($data['session_id']) > 0) {
$remote_session = session_load($data['session_id']);
$remote_session['user_message'] = $_POST['message'];
session_save($data['session_id'], $remote_session);
$out .= '<div class="form_notice_success">Meddelande skickat!</div>' . "\n";
} else {
$out .= '<div class="form_notice_error">Den användaren verkar inte ha en aktiv session.</div>' . "\n";
}
} else {
$out .= '<div class="form_notice_error">Användaren hittades inte.</div>' . "\n";
}
}
// form
$out .= '<fieldset>' . "\n";
$out .= '<legend>Användarmeddelande!</legend>' . "\n";
$out .= '<p>Den här funktionen ger användaren en javascriptruta med ditt meddelande. Detta kräver dock att användaren är inloggad.</p>' . "\n";
$out .= '<form action="?action=submit" method="post">';
$out .= '<table class="form">' . "\n";
$out .= '<tr>' . "\n";
function messages_send($sender, $recipient, $title, $message, $allowhtml = 0, $mass_message_id = 0)
{
if (!is_array($recipient)) {
$recipient = array($recipient);
}
$discussion = fetch_new_discussion_id($sender, $recipient);
if ($allowhtml != '1') {
$message = $message;
} else {
$message = addslashes($message);
}
$message = nl2br($message);
$title = htmlspecialchars($title);
foreach ($recipient as $this_recipient) {
$query = 'INSERT INTO messages_new(sender, recipient, title, message, timestamp, discussion, mass_message_id) ';
$query .= 'VALUES("' . $sender . '", "' . $this_recipient . '", "' . $title . '", "' . $message . '", UNIX_TIMESTAMP(), ' . $discussion . ', ' . $mass_message_id . ')';
mysql_query($query) or die(report_sql_error($query));
$message_id = mysql_insert_id();
$query = 'UPDATE userinfo SET messages_recieved = messages_recieved + 1 WHERE userid = ' . $this_recipient . ' LIMIT 1';
mysql_query($query) or die(report_sql_error($query));
$query = 'UPDATE userinfo SET messages_sent = messages_sent + 1 WHERE userid = ' . $sender . ' LIMIT 1';
mysql_query($query) or die(report_sql_error($query));
$query = 'SELECT session_id FROM login WHERE id = "' . $this_recipient . '" LIMIT 1';
$result = mysql_query($query) or die(report_sql_error($query));
$sessid_data = mysql_fetch_assoc($result);
if (strlen($sessid_data['session_id']) > 1) {
if ($_SESSION['login']['id'] == $sender) {
$bubblemessage = '"Så var det dags igen... ' . $_SESSION['login']['username'] . ' skickade nyss ett <b>nytt meddelande</b> till dig. Du kan <a href="/traffa/messages.php?action=read&message_id=' . $message_id . '">klicka här</a> om du vill läsa meddelandet."';
} else {
$bubblemessage = '"Tjena kompis! Du har nyss fått ett nytt <b>meddelande!</>! <a href="/traffa/messages.php">Till dina meddelanden »</a>"';
}
$remote_session = session_load($sessid_data['session_id']);
$remote_session['bubblemessage'][] = $bubblemessage;
$remote_session['notices']['unread_messages'] += 1;
session_save($sessid_data['session_id'], $remote_session);
}
}
}
function guestbook_insert($entry)
{
if ($entry['is_mass_gb'] !== true) {
if ($_SESSION['login']['id'] == $entry['sender']) {
if ($_SESSION['last_gb_entry'] > time() - 5) {
return false;
}
}
if (strlen($entry['message']) == 0) {
return false;
}
if ($entry['recipient'] == 2348 && $entry['sender'] != 2348) {
$_SESSION['posted_gb_to_webmaster'] = true;
}
}
$entry['is_private'] = $entry['is_private'] == 1 ? 1 : 0;
$query = 'INSERT INTO traffa_guestbooks(timestamp, recipient, sender, message, is_private)';
$query .= ' VALUES("' . time() . '", "' . $entry['recipient'] . '", "' . $entry['sender'] . '", "' . $entry['message'] . '", "' . $entry['is_private'] . '")';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$entry['id'] = mysql_insert_id();
$query = 'UPDATE userinfo SET gb_entries = gb_entries + 1 WHERE userid = "' . $entry['recipient'] . '" LIMIT 1';
if (!mysql_query($query)) {
report_sql_error($query, __FILE__, __LINE__);
return false;
}
if (isset($entry['reply-to'])) {
$query = 'UPDATE traffa_guestbooks SET answered = "Y", `read` = 1 WHERE id = "' . $entry['reply-to'] . '" AND recipient = "' . $entry['sender'] . '" LIMIT 1';
if (!mysql_query($query)) {
report_sql_error($query, __FILE__, __LINE__);
return false;
}
}
if ($entry['is_mass_gb'] !== true) {
$query = 'SELECT session_id FROM login WHERE id = "' . $entry['recipient'] . '" LIMIT 1';
$result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$data = mysql_fetch_assoc($result);
if (strlen($data['session_id']) > 5) {
$remote_session = session_load($data['session_id']);
$remote_session['notices']['unread_gb_entries'] += 1;
$entry['image'] = $_SESSION['userinfo']['image'];
$entry['timestamp'] = time();
$entry['message'] = stripslashes($entry['message']);
$entry['username'] = $_SESSION['login']['username'];
$remote_session['unread_gb_entries'][] = $entry;
session_save($data['session_id'], $remote_session);
}
}
$_SESSION['last_gb_entry'] = time();
// Report message to gb_autoreport if it contains a string which should be reported.
$query = 'SELECT id, string FROM gb_autoreport_strings';
$gb_autoreport_strings = query_cache(array('query' => $query));
$message = strtolower(' ' . $entry['message'] . ' ');
foreach ($gb_autoreport_strings as $gb_autoreport_string) {
if (strpos($message, strtolower($gb_autoreport_string['string'])) == true) {
$report_gb = true;
}
}
if (isset($report_gb) && $report_gb == true) {
$query = 'INSERT INTO gb_autoreport_posts SET string_id = ' . $gb_autoreport_string['id'] . ', gb_id = ' . $entry['id'];
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
}
return true;
}
function photoblog_forbid_upload($options)
{
if (!is_privilegied('photoblog_upload_forbid')) {
throw new Exception('You need privilegies for this');
}
if (!isset($options['user_id']) && !is_numeric($options['user_id'])) {
throw new Exception('User id must be set');
}
if (!isset($options['days']) && !is_numeric($options['days'])) {
throw new Exception('number of days must be set');
}
$query = 'UPDATE photoblog_preferences SET upload_forbidden = ' . strtotime('+' . $options['days'] . ' day', time()) . ' WHERE userid = ' . $options['user_id'] . ' LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
if ($_SESSION['login']['id'] == $options['user_id']) {
$_SESSION['photoblog_preferences']['upload_forbidden'] = strtotime('+' . $options['days'] . ' day', time());
} else {
$query = 'SELECT session_id FROM login WHERE id = ' . $options['user_id'] . ' LIMIT 1';
$result = mysql_query($query) or report_sql_error($query);
if (mysql_num_rows($result) == 1) {
$data = mysql_fetch_assoc($result);
if (strlen($data['session_id']) > 0) {
$remote_session = session_load($data['session_id']);
$remote_session['photoblog_preferences']['upload_forbidden'] = strtotime('+' . $options['days'] . ' day', time());
session_save($data['session_id'], $remote_session);
}
}
}
log_admin_event('photoblog_upload_forbidden', 'Antal dagar: ' . $options['days'], $_SESSION['login']['id'], $options['user_id'], 0);
}