function session_hash(database $database, base $base, $username)
{
//generate new hash
$session_hash = $base->randomString(35);
//update old hash to new one (after checking the hahs doesn't exist)
$database->processQuery("SELECT * FROM `users` WHERE `cookie` = ?", array($session_hash), false);
if ($database->getRowCount() == 0) {
$database->processQuery("UPDATE `users` SET `cookie` = ? WHERE `username` = ? LIMIT 1", array($session_hash, $username), false);
return $session_hash;
} else {
session_hash();
}
}
</div>
</div>
<img class="widescroll-top" src="../img/scroll/backdrop_765_top.gif" alt="" width="765" height="50" />
<div class="widescroll">
<div class="widescroll-bgimg">
<div class="widescroll-content">
<div id="black_fields">
There is a total of <?php
echo $base->userCount();
?>
registered users.
<?php
//get the # of users
$database->processQuery("SELECT * FROM `users`", array(), false);
//pagination
$per_page = 25;
$pages = ceil($database->getRowCount() / $per_page);
//current page
$page = $_GET['page'] < 1 || $_GET['page'] > $pages || !ctype_digit($_GET['page']) ? 1 : $_GET['page'];
//where to start at when extracting
$start = ($page - 1) * $per_page;
//query to draw user list
$users = $database->processQuery("SELECT `username` FROM `users` ORDER BY `username` ASC LIMIT {$start},{$per_page}", array(), true);
?>
<table cellspacing="4" cellpadding="3">
<?php
//place holder
$ph = 0;
} else {
//unban the user
$user->unban($selected_user);
echo '<b>' . $selected_user . '</b> has successfully been unbanned.';
}
} else {
if (!$banned) {
//carry out all the operations
?>
<ul> <?php
$user->ban($selected_user, isset($_POST['banip']) ? true : false);
$base->appendToFile('../forums/logs.txt', array($username . ' banned the user' . $selected_user));
echo '<li><b>' . $selected_user . '</b> has been banned.</li>';
//delete all posts and thread
if (isset($_POST['d_posts'])) {
$database->processQuery("DELETE FROM `posts` WHERE `username` = ?", array($selected_user), false);
echo '<li>Posts deleted.</li>';
//delete their threads and all posts in that thread
$threads = $database->processQuery("SELECT `id` FROM `threads` WHERE `username` = ?", array($selected_user), true);
//delete all posts in the threads the user mades
foreach ($threads as $thread) {
$database->processQuery("DELETE FROM `posts` WHERE `thread` = ?", array($thread['id']), false);
}
//delete the thread now
$database->processQuery("DELETE FROM `threads` WHERE `username` = ?", array($selected_user), false);
echo '<li>Threads deleted.</li>';
}
//delete all messages created by them
if (isset($_POST['d_messages'])) {
$database->processQuery("DELETE FROM `messages` WHERE `creator` = ?", array($selected_user), false);
echo '<li>Messaged deleted.</li>';
if (!$user->isLoggedIn() || !ctype_digit($_REQUEST['forum']) || !ctype_digit($_REQUEST['id']) || !ctype_digit($_REQUEST['type']) || !ctype_digit($_REQUEST['pid']) && $_REQUEST['type'] == 1) {
$base->redirect('index.php');
}
//set some variables that are used a lot throughout the page
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
$f = $_REQUEST['forum'];
$thread = $_REQUEST['id'];
//instead of typing it a million times, we're going to set our redirect url
$redirect = 'viewthread.php?forum=' . $f . '&id=' . $thread;
//make sure they are posting in a forum where they have permission
if ($user->checkMute($username) || !$thread_obj->canView($thread, $username, $rank) || !$thread_obj->canReply($thread, $rank)) {
$base->redirect($redirect);
}
//extract content for the set type
$data = $_REQUEST['type'] == 1 ? $database->processQuery("SELECT `content`,`username`,`status` FROM `posts` WHERE `id` = ?", array($_REQUEST['pid']), true) : $database->processQuery("SELECT `username`,`content`,`status`,`title` FROM `threads` WHERE `id` = ?", array($thread), true);
//check if they have permission to edit the thread/post
if ($rank < 3 && ($data[0]['username'] != $username || $data[0]['status'] == 1)) {
$base->redirect($redirect);
}
$type = $_POST['type'];
if ($user->getRank($data[0]['username']) > 3 && $rank < 4) {
$content = '<div class="frame e">You can\'t edit an administrator\'s post.</div>';
} elseif (isset($_POST['message'])) {
//send them to their newly editted post
$url = $type == 1 ? 'viewthread.php?forum=' . $f . '&id=' . $thread . '&goto=' . $_POST['pid'] : 'viewthread.php?forum=' . $f . '&id=' . $thread . '&goto=start';
if (isset($_POST['cancel'])) {
$base->redirect($url);
}
if (strlen($_POST['message']) > 2000 && $rank < 3) {
$content = '<div class="frame e">Your post can\'t be larger than 2000 characters.</div>';
require '../../structure/forum.php';
require '../../structure/forum.thread.php';
require '../../structure/base.php';
require '../../structure/user.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$thread = new thread($database);
$base = new base($database);
$user = new user($database);
$user->updateLastActive();
//useful variables
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
$id = $_GET['id'];
//take action then log it
if ($thread->checkExistence($id) && $thread->canView($id, $username, $rank) && $rank > 2) {
$thread_info = $database->processQuery("SELECT `autohiding` FROM `threads` WHERE `id` = ?", array($id), true);
$database->processQuery("UPDATE `threads` SET `autohiding` = ? WHERE `id` = ?", array($thread_info[0]['autohiding'] == 1 ? 0 : 1, $id), false);
$base->appendToFile('../logs.txt', array($username . ' toggled the auto-hide of the thread ' . $id));
} else {
$base->redirect('../viewthread.php?forum=' . $_GET['forum'] . '&id=' . $id . '&goto=start');
}
$redirect = 'http://' . $domain . '/forums/viewthread.php?forum=' . $_GET['forum'] . '&id=' . $id . '&goto=start';
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:IE>
<!-- LeeStrong Runescape Website Source --!>
<!-- Added by HTTrack --><meta http-equiv="content-type" content="text/html;charset=ISO-8859-1"><!-- /Added by HTTrack -->
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
echo $x;
?>
:</td><td><input type="text" name="options[]"> Leave blank to delete</td></tr>
<?php
}
?>
<tr><td><input type="submit" value="Submit"></td></tr>
</table>
</form>
<?php
} elseif (strlen($_POST['title']) > 35 && strlen($_POST['question']) > 250) {
echo 'Please don\'t bypass the character limit. <input type="button" value="Back" onclick="goBack()" />';
} else {
//insert poll
$database->processQuery("INSERT INTO `polls` VALUES (null, ?, ?, ?, 0)", array($_POST['title'], $_POST['question'], date('M-d-Y')), false);
$id = $database->getInsertId();
//insert all the poll options
foreach ($_POST['options'] as $option) {
if (strlen($option) > 1) {
$database->processQuery("INSERT INTO `poll_options` VALUES (null, ?, ?)", array($id, $option), false);
}
}
echo 'Your poll has successfully been created. View it <a href="../polls/poll.php?id=' . $id . '">here</a> or <a href="index.php">return to ACP home</a>.';
}
?>
</div>
</div>
</div>
<img class="widescroll-bottom" src="../img/scroll/backdrop_765_bottom.gif" alt="" width="765" height="50" />
<?php
require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base();
if (isset($_POST['qfc'])) {
$thread = $database->processQuery("SELECT `id`,`parent` FROM `threads` WHERE `qfc` = ? LIMIT 1", array($_POST['qfc']), true);
if ($database->getRowCount() >= 1) {
$base->redirect('viewthread.php?forum=' . $thread[0]['parent'] . '&id=' . $thread[0]['id']);
}
}
$base->redirect('index.php');
$rank = $user->getRank($username);
$f = $_GET['forum'];
$i = $_GET['id'];
//preform basic checks
if (!ctype_digit($f) || !ctype_digit($i) || !$thread->checkExistence($i) || !$thread->canView($i, $username, $rank)) {
$base->redirect('index.php');
}
//if the GOTO field is set, let's skip to the selected post
if (ctype_digit($_GET['goto'])) {
$getPageNum = $thread->getPageNum($_GET['goto'], $i);
if ($getPageNum) {
$base->redirect('viewthread.php?forum=' . $f . '&id=' . $i . '&page=' . $getPageNum . '&highlight=' . $_GET['goto'] . '#' . $_GET['goto']);
}
}
//extract thread details
$detail_query = $database->processQuery("SELECT `id`,`lock`,`sticky`,`title`,`username`,`status`,`content`,`date`,`lastedit`,`qfc`,`moved`,`hidden`,`autohiding` FROM `threads` WHERE `id` = ? LIMIT 1", array($i), true);
//assign data to details[] array
$details['lock'] = $detail_query[0]['lock'];
$details['sticky'] = $detail_query[0]['sticky'];
$details['title'] = stripslashes(htmlentities($detail_query[0]['title']));
$details['username'] = $detail_query[0]['username'];
$details['status'] = $detail_query[0]['status'];
$details['content'] = $detail_query[0]['content'];
$details['date'] = $detail_query[0]['date'];
$details['lastedit'] = $detail_query[0]['lastedit'];
$details['qfc'] = $detail_query[0]['qfc'];
$details['moved'] = $detail_query[0]['moved'];
$details['hidden'] = $detail_query[0]['hidden'];
$details['autohiding'] = $detail_query[0]['autohiding'];
//apply word filter if it's a user thread
if ($user->getRank($details['username']) < 3) {
</title>
<link href="css/basic-3.css" rel="stylesheet" type="text/css" media="all">
<link href="css/main/title-5.css" rel="stylesheet" type="text/css" media="all">
<link rel="shortcut icon" href="img/favicon.ico" />
<?php
include 'includes/google_analytics.html';
?>
</head>
<body>
<div id="body">
<div>
<div style="text-align: center; margin-bottom: 10px; position:relative;">
<img src="img/title2/rslogo3.gif" alt="RuneScape"><br>
<?php
$database->processQuery("SELECT * FROM `users`", array(), false);
echo 'There are currently ' . number_format($database->getRowCount()) . ' people registered!';
?>
</div>
</div>
<div class="left">
<fieldset class="menu rs">
<legend><?php
echo $data['wb_abbr'];
?>
</legend>
<ul>
<?php
if ($user->isLoggedIn()) {
?>
<li class="i-create"><a href="logout.php">Logout</a></li>
<select name="id" class="button">';
foreach ($forum_index->retrieveCategories($rank) as $cat) {
foreach ($forum_index->retrieveSubForums($cat['id']) as $forum) {
$content .= '<option value="' . $forum['id'] . '">' . $forum['title'] . '</option>';
}
}
$content .= '</select>
<input type="submit" value="Select" class="button">
</form>
</div>
';
} else {
if ($forum->forumExists($_GET['id']) || $forum->forumExists($_POST['id'])) {
if (!isset($_POST['id'])) {
//forum details
$f = $database->processQuery("SELECT `icon`,`title`,`type`,`description`,`parent`,`double_posting`,`pos` FROM `forums` WHERE `id` = ? LIMIT 1", array($_GET['id']), true);
//save time
$type = $f[0]['type'];
$content = '
<form action="editforum.php" method="POST">
<table>
<input type="hidden" name="id" value="' . $_GET['id'] . '">
<tr><td>Current Icon</td><td>' . $forum->getIcon($f[0]['icon']) . '</td></tr>
<tr>
<td>Icon <br/><b>(must re-choose)</b></td><td>
<input type="radio" name="icon" value="1" /> <img src="../img/forum/icons/bug.gif" width="20" height="20">
<input type="radio" name="icon" value="2" /> <img src="../img/forum/icons/clan.gif" width="20" height="20">
<input type="radio" name="icon" value="3" /> <img src="../img/forum/icons/clan_recruitment.gif" width="20" height="20">
<input type="radio" name="icon" value="4" /> <img src="../img/forum/icons/compliments.gif" width="20" height="20">
<input type="radio" name="icon" value="5" /> <img src="../img/forum/icons/events.gif" width="20" height="20">
<input type="radio" name="icon" value="6" /> <img src="../img/forum/icons/forum_feedback.gif" width="20" height="20">
$rank = $user->getRank($username);
$f = $_GET['forum'];
//let's also make sure they have the right permissions to view the forum
if ($forum->canView($f, $rank) == false) {
$base->redirect('index.php');
}
//check if a moderator is taking action against threads
if (isset($_POST['action']) && isset($_POST['selection']) && $rank > 2) {
//get all the threads we're going to update
foreach ($_POST['selection'] as $object) {
$threads .= $object . '-';
}
//now send them off to action.php to update all the threads selected
$base->redirect('action.php?forum=' . $f . '&action=' . $_POST['action'] . '&threads=' . $threads);
}
$forum_details = $database->processQuery("SELECT `icon`,`title`,`type` FROM `forums` WHERE `id` = ? LIMIT 1", array($f), true);
//Check existence of the specified forum
if ($database->getRowCount() == 0) {
$base->redirect('index.php');
}
//pagination
$per_page = 20;
//get # of pages
$database->processQuery("SELECT * FROM `threads` WHERE `parent` = ?", array($f), false);
$pages = ceil($database->getRowCount() / $per_page);
//get current page
!ctype_digit($_GET['page']) || $_GET['page'] > $pages ? $page = 1 : ($page = $_GET['page']);
//get next link
$page < $pages ? $next = $page + 1 : ($next = $page);
//get prev link
$page - 1 >= 1 ? $prev = $page - 1 : ($prev = $page);
?>
</head>
<div id="body">
<div style="text-align: center; background: none;">
<div class="titleframe e">
<b>Daily Screenshot</b><br />
<a href="index.php">Main Menu</a>
</div>
</div>
<br/>
<br/>
<div class="titleframe e" style="text-align:left; color:white; width:750px; margin-left:auto; margin-right:auto;">
<?php
//pagination for daily screenshots - newest to oldest
$database->processQuery("SELECT * FROM `dailyscreenshots`", array(), false);
$pages = $database->getRowCount();
if ($pages == 0) {
echo 'No screenshots to display.';
} else {
//set basic variables
$page = $_GET['page'] > $pages || $_GET['page'] == 0 || !isset($_GET['page']) ? 1 : $_GET['page'];
$start = ($page - 1) * 1;
if ($page < $pages) {
?>
<div style="float:right;"><a href="?page=<?php
echo $page + 1;
?>
">Older Screenshot ></a> <a href="?page=<?php
echo $pages;
?>
</tr>
</table>
</form>
';
} else {
//add forum
if (strlen($_POST['forum']) > 50) {
$content = 'The forum cannot have name larger than fifty characters.';
} elseif (strlen($_POST['description']) < 3) {
$content = 'The description must be at least 3 characters.';
} elseif (!$forum->catExists($_POST['category'])) {
$content = 'The chosen category doesn\'t exist.';
} elseif (!ctype_digit($_POST['pos'])) {
$content = 'The position must be a number.';
} else {
$database->processQuery("INSERT INTO `forums` VALUES (null, ?, ?, ?, ?, ?, ?, ?)", array($_POST['category'], $_POST['pos'], $_POST['forum'], $_POST['description'], $_POST['icon'], $_POST['type'], isset($_POST['double_posting']) ? 1 : 0), false);
//forum addition successful
$content = 'You have successfully added the forum <b>' . $_POST['forum'] . '</b>. <a href="addforum.php">Add another!</a>';
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:IE>
<head>
<meta http-equiv="Expires" content="0">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
<meta name="MSSmartTagsPreventParsing" content="TRUE">
<title><?php
echo $data['wb_title'];
?>
<div class="widescroll-content">
<center>
<?php
if (!isset($_GET['tracking_id'])) {
?>
<fieldset class="question">
<legend>Track</legend>
Please enter in the the tracking ID you were given.
</fieldset>
<form action="track.php" method="GET">
<input type="text" name="tracking_id" maxlength="12"><input type="submit" value="Track">
</form>
<?php
} else {
$info = $database->processQuery("SELECT `status`,`ip`,`account` FROM `tracking` WHERE `tracking_id` = ?", array($_GET['tracking_id']), true);
if ($database->getRowCount() == 0) {
echo 'No recovery request exists with this tracking ID. <input type="button" value="Back" onclick="goBack()" />';
} elseif ($_SERVER['REMOTE_ADDR'] != $info[0]['ip']) {
echo 'This isn\'t yours to check. <input type="button" value="Back" onclick="goBack()" />';
} elseif ($info[0]['status'] == 1) {
if (!isset($_POST['password']) || !isset($_POST['confirm'])) {
?>
<fieldset class="question">
<legend>Accepted</legend>
Your recovery was accepted. Please enter in the new details of your account.
</fieldset>
<form action="track.php?tracking_id=<?php
echo $_GET['tracking_id'];
<?php
require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
require '../structure/user.php';
require '../structure/msgcenter.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
$msgcenter = new msgcenter($database);
$user->updateLastActive();
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
if ($rank < 4 || !$msgcenter->canView($_GET['id'], $username, $rank)) {
$base->redirect('viewmessage.php?id=' . $_GET['id']);
} else {
$database->processQuery("DELETE FROM `replies` WHERE `conversation` = ?", array($_GET['id']), false);
$database->processQuery("DELETE FROM `messages` WHERE `id` = ?", array($_GET['id']), false);
$base->redirect('index.php');
}
require '../structure/user.php';
require '../structure/user.register.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
$register = new user_register($database);
//preform basic checks before loading page
if ($user->isLoggedIn()) {
$base->redirect('../index.php');
}
if (!isset($_SESSION['age']) || !isset($_SESSION['country']) || !isset($_SESSION['username']) || !isset($_SESSION['terms']) || !isset($_SESSION['salt']) || !isset($_SESSION['password'])) {
$base->redirect('index.php');
}
$cookie = $register->generateCookie();
//create new account
$database->processQuery("INSERT INTO `users` VALUES (null, ?, ?, ?, ?, 'nope.avi', ?, 1, ?, '', '', ?, 0, 0, 1, 0, 0, 0)", array($_SESSION['username'], $_SESSION['password'], $_SESSION['age'], $_SESSION['country'], date('M-d-Y'), $_SERVER['REMOTE_ADDR'], $cookie), false);
$username = $_SESSION['username'];
$register->clear();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<meta http-equiv="Expires" content="0">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
<meta name="MSSmartTagsPreventParsing" content="TRUE">
<link rel="shortcut icon" href="../img/favicon.ico" />
<title><?php
echo $data['wb_title'];
?>
$user = new user($database);
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
$id = $_GET['id'];
if (!$user->isLoggedIn()) {
$base->redirect('../index.php');
}
if ($rank < 4) {
$base->redirect('viewmessage.php?id=' . $id);
}
$user->updateLastActive();
if (!$msgcenter->canView($id, $username, $rank)) {
$content = 'You can\'t edit a non-existent message. <input type="button" class="button" value="Back" onclick="goBack()" />';
} elseif (!isset($_POST['message']) || !isset($_POST['title']) || !isset($_POST['receiver'])) {
//get current data
$data = $database->processQuery("SELECT `title`,`message`,`receiver` FROM `messages` WHERE `id` = ? LIMIT 1", array($id), true);
$content = '
<form action="editmessage.php?id=' . $id . '" method="POST">
<table>
<tr><td>Title</td><td align="left"><input type="text" class="button" name="title" maxlength="50" value="' . stripslashes($data[0]['title']) . '"></td></tr>
<tr><td>Receiver</td><td align="left"><input type="text" class="button" name="receiver" maxlength="12" value="' . stripslashes($data[0]['receiver']) . '"></td></tr>
<tr><td>Message</td><td><textarea name="message" cols="45" rows="20" class="button" maxlength="2000">' . htmlentities($base->remBr(stripslashes($data[0]['message']))) . '</textarea><br/></td></tr>
<tr><td>Done?</td><td><input type="submit" class="button" value="Update Message"></td></tr>
</table>
</form>';
} elseif (!$user->doesExist($_POST['receiver']) && $_POST['receiver'] != '!') {
$content = 'The user you chose to send the message to doesn\'t exist! <input type="button" class="button" value="Back" onclick="goBack()" />';
} elseif (strlen($_POST['message']) > 2000 || strlen($_POST['title']) > 50) {
$content = 'Your reply cannot be greater than 2000 characters; your title cannot be greater than 50 characters.';
} else {
//update message
</table>
</form>
<?php
} elseif (file_exists('../img/dailyscreenshots/' . $_FILES['file']['name'])) {
echo 'This screenshot already exists! <input type="button" value="Back" onclick="goBack()" />';
} elseif (strlen($details[0]) > 50) {
echo 'The file cannot have a name that is greater than fifty characters.';
} else {
if (!in_array($details[1], array('png'))) {
echo 'You can\'t upload that file type. Only PNG allowed. <input type="button" value="Back" onclick="goBack()" />';
} else {
//move new file
move_uploaded_file($_FILES['file']['tmp_name'], '../img/dailyscreenshots/' . $_FILES['file']['name']);
//replace old caption with the new
$database->processQuery("INSERT INTO `dailyscreenshots` VALUES (null, ?, ?)", array($_FILES['file']['name'], nl2br($_POST['caption'])), false);
echo 'The picture has been uploaded along with the caption! <a href="../screenshots.php">View here</a>';
}
}
?>
</div>
</div>
</div>
<img class="widescroll-bottom" src="../img/scroll/backdrop_765_bottom.gif" alt="" width="765" height="50" />
<div class="tandc"><?php
echo $data['wb_foot'];
?>
</div>
</body>
</html>
<?php
require '../../includes/config.php';
require '../../structure/database.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
//delete recoveries that have expired
$database->processQuery("DELETE FROM `recoveries` WHERE `cancel` = 1 AND " . time() . " - `canceltime` > 1209600 ORDER BY `canceltime` ASC", array(), false);
echo $data['wb_name'];
?>
, the diaries of bold explorers, and fantastical tales spun in ages past. Please, take some time to peruse the catalogue and I'm sure you will find some tome of interest to you.</p>
<p>Below you will find a list of those books restored or in suitable condition to be read by any passing reader. Some are verifiably accurate histories of <?php
echo $data['wb_name'];
?>
, others are mythologies relating to true people and events whose accuracy cannot be guaranteed, but in the absence of other source material I have included for historical interest.</p>
<p>I hope you enjoy the following documents as much as I have enjoyed compiling them.</p>
<p align="right">-Reldo</p>
</i>
</b>
<p style="text-align: center; margin-top: 20px;"><img src="../../img/kbase/scroll_spacer.gif"></p><br>
<center>
<?php
//show stories
$stories = $database->processQuery("SELECT `id`,`title` FROM `stories` ORDER BY `id` DESC", array(), true);
if ($database->getRowCount() >= 1) {
foreach ($stories as $story) {
echo '<a href="story.php?id=' . $story['id'] . '">' . $story['title'] . '</a><br/><br/>';
}
} else {
echo '<b>There are currently no stories.</b>';
}
?>
</center>
</div>
</div>
</div>
</div>
<img class="widescroll-bottom" src="../../img/scroll/backdrop_765_bottom.gif" alt="" width="765" height="50" />
require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
require '../structure/user.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
$user->updateLastActive();
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
if ($rank < 4) {
$base->redirect('../index.php');
}
if (isset($_GET['id']) && isset($_GET['action'])) {
$database->processQuery("UPDATE `tracking` SET `status` = ? WHERE `id` = ? LIMIT 1", array($_GET['action'] == 1 ? 1 : 2, $_GET['id']), false);
$base->appendToFile('../forums/logs.txt', array($username . ($_GET['action'] == 1) ? 'accepted' : 'denied' . ' a recovery request'));
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:IE>
<head>
<meta http-equiv="Expires" content="0">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
<meta name="MSSmartTagsPreventParsing" content="TRUE">
<title><?php
echo $data['wb_title'];
?>
</title>
<link href="../css/basic-3.css" rel="stylesheet" type="text/css" media="all">
require '../structure/forum.php';
require '../structure/forum.thread.php';
require '../structure/base.php';
require '../structure/user.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$thread = new thread($database);
$base = new base($database);
$user = new user($database);
$user->updateLastActive();
//useful variables
$rank = $user->getRank($user->getUsername($_COOKIE['user'], 2));
if ($rank < 4) {
$base->redirect('../index.php');
}
//toggle the maintenance status of the site
$m = $database->processQuery("SELECT `maintenance` FROM `config`", array(), true);
$database->processQuery("UPDATE `config` SET `maintenance` = ?", array($m[0]['maintenance'] == 0 ? 1 : 0), false);
$redirect = 'http://www.Asgarniax.org/admin/index.php';
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:IE>
<!-- LeeStrong Runescape Website Source --!>
<!-- Added by HTTrack --><meta http-equiv="content-type" content="text/html;charset=ISO-8859-1"><!-- /Added by HTTrack -->
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
<meta name="MSSmartTagsPreventParsing" content="TRUE">
<meta HTTP-EQUIV="REFRESH" content="3; url=<?php
echo $redirect;
?>
if (!isset($_POST['username'])) {
?>
<table>
<form action="userinformation.php" method="POST">
<tr><td>Username:</td><td><input type="text" name="username" maxlength="12"> <input type="submit" value="Lookup"></td></tr>
</form>
</table>
<?php
} elseif (!$user->doesExist($_POST['username'])) {
echo 'Sorry, no user exists with that username. <input type="button" class="button" value="Back" onclick="goBack()" />';
} else {
$s_user = $_POST['username'];
//let's extract the user's information
$info = $database->processQuery("SELECT `id`,`reg_date`,`acc_status`,`ip`,`lastlogin`,`lastpost` FROM `users` WHERE `username` = ?", array($s_user), true);
//retrieve message information
$MandR = $user->getMandR($s_user);
$MandR = explode(':', $MandR);
?>
<center><input type="button" class="button" value="Back" onclick="goBack()" /></center>
<table>
<tr><td>Username</td><td><?php
echo $user->dName($s_user, $info[0]['acc_status']);
?>
</td></tr>
<tr><td>ID</td><td><?php
echo $info[0]['id'];
?>
</td></tr>
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
$id = $_GET['id'];
if (!$msgcenter->canReply($id, $username, $rank)) {
$content = 'You can\'t reply to this conversation. Some possible reasons is that you\'re attempting to post a reply when no response has been made, or the conversation has been marked as solved. <input type="button" class="button" value="Back" onclick="goBack()" />';
} elseif (!isset($_POST['reply'])) {
$content = '
<form action="reply.php?id=' . $id . '" method="POST">
<textarea name="reply" cols="45" rows="20" class="button" maxlength="2000"></textarea><br/>
<input type="submit" class="button" value="Reply">
</form>';
} elseif (strlen($_POST['reply']) > 2000) {
$content = 'Your reply cannot be greater than 2000 characters.';
} else {
//retrieve some details
$data = $database->processQuery("SELECT `creator` FROM `messages` WHERE `id` = ?", array($id), true);
$opened = $data[0]['creator'] == $username ? 0 : 1;
//insert reply
$database->processQuery("INSERT INTO `replies` VALUES (null, ?, ?, ?, ?, NOW())", array($username, $id, nl2br($_POST['reply']), $_SERVER['REMOTE_ADDR']), false);
//update lastreply field and opened field
$database->processQuery("UPDATE `messages` SET `lastreply` = ?, `opened` = ? WHERE `id` = ? LIMIT 1", array($username, $opened, $id), false);
$base->redirect('viewmessage.php?id=' . $id);
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:IE>
<head>
<meta http-equiv="Expires" content="0">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
<meta name="MSSmartTagsPreventParsing" content="TRUE">
$user = new user($database);
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
$id = $_GET['id'];
if (!$user->isLoggedIn()) {
$base->redirect('../index.php');
}
if ($rank < 4) {
$base->redirect('viewmessage.php?id=' . $_GET['convo']);
}
$user->updateLastActive();
if (!$msgcenter->canView($_GET['convo'], $username, $rank)) {
$content = 'You can\'t edit a reply to a non-existent message. <input type="button" class="button" value="Back" onclick="goBack()" />';
} elseif (!isset($_POST['content'])) {
//get current data
$data = $database->processQuery("SELECT `content` FROM `replies` WHERE `id` = ? LIMIT 1", array($id), true);
$content = '
<form action="editreply.php?id=' . $id . '&convo=' . $_GET['convo'] . '" method="POST">
<table>
<tr><td>Message</td><td><textarea name="content" cols="45" rows="20" class="button" maxlength="2000">' . htmlentities($base->remBr(stripslashes($data[0]['content']))) . '</textarea></td></tr>
<tr><td>Done?</td><td><input type="submit" class="button" value="Update Message"></td></tr>
</table>
</form>';
} elseif (strlen($_POST['content']) > 2000) {
$content = 'Your reply cannot be greater than 2000 characters.';
} else {
//update message
$database->processQuery("UPDATE `replies` SET `content` = ? WHERE `id` = ? LIMIT 1", array(nl2br($_POST['content']), $id), false);
$base->redirect('viewmessage.php?id=' . $_GET['convo']);
}
?>
if ($s_rank == 0) {
echo 'You can\'t promote/demote a banned user.';
} elseif (!isset($_GET['promote']) && !isset($_GET['demote'])) {
if ($s_rank == 1) {
echo '<a href="userinformation.php?username='******'&change_rank=1&promote=1">Promote</a>';
} elseif ($s_rank == 4) {
echo '<a href="userinformation.php?username='******'&change_rank=1&demote=1">Demote</a>';
} else {
echo '<a href="userinformation.php?username='******'&change_rank=1&promote=1">Promote</a> | <a href="userinformation.php?username='******'&change_rank=1&demote=1">Demote</a>';
}
} elseif (isset($_GET['promote']) && isset($_GET['demote'])) {
echo 'You can\'t promote and demote a user at the same time.';
} else {
$back = '<a href="?username='******'">Back</a>';
if (isset($_GET['promote']) && $s_rank >= 1 && $s_rank < 4) {
$database->processQuery("UPDATE `users` SET `acc_status` = `acc_status` + 1 WHERE `username` = ? LIMIT 1", array($s_user), false);
switch ($s_rank + 1) {
case 2:
echo 'User promoted to player moderator. ' . $back;
break;
case 3:
echo 'User promoted to forum moderator. ' . $back;
break;
case 4:
echo 'User promoted to administrator. ' . $back;
break;
}
} elseif (isset($_GET['demote']) && $s_rank > 1 && $s_rank <= 4) {
$database->processQuery("UPDATE `users` SET `acc_status` = `acc_status` - 1 WHERE `username` = ? LIMIT 1", array($s_user), false);
switch ($s_rank - 1) {
case 1:
<div class="polltitleframe">
<b>Poll</b><br> <a href="../index.php">Main Menu</a> - <a href="index.php">Poll Home</a>
</div>
</div>
</div>
<img class="widescroll-top" src="../img/scroll/backdrop_765_top.gif" alt="" width="765" height="50" />
<div class="widescroll">
<div class="widescroll-bgimg">
<div class="widescroll-content">
<?php
//extract poll informatino
$poll_data = $database->processQuery("SELECT `poll_title`,`poll_question` FROM `polls` WHERE `id` = ? LIMIT 1", array($id), true);
//get the open/close poll option for administrators
if ($rank > 3) {
$manage = $poll->isClosed($id) ? '<a href="togglestatus.php?id=' . $id . '">[ Open ]</a>' : '<a href="togglestatus.php?id=' . $id . '">[ Close ]</a>';
}
?>
<h2 style="font-size: 20px;">
<?php
echo stripslashes($poll_data[0]['poll_title']);
echo ' ' . $manage;
?>
</h2>
<br/>
<font size="2px"><?php
echo stripslashes($poll_data[0]['poll_question']);
$content .= '<input type="submit" value="Edit"></select></form>';
} else {
//make sure it exists
if (!$forum->catExists($_REQUEST['cat'])) {
$content = 'No category exists with the given ID.';
} else {
if (isset($_REQUEST['delete'])) {
if (!isset($_REQUEST['confirm'])) {
$content = 'Are you sure you wish to delete this category and all forums/threads/posts a long with it? <a href="?cat=' . $_REQUEST['cat'] . '&delete=1&confirm=1">Yes!</a> | <a href="?cat=' . $_REQUEST['cat'] . '">Back</a>';
} else {
//delete the forums and all threads/posts within them that belong to this category
foreach ($forum_index->retrieveSubForums($_REQUEST['cat']) as $a_forum) {
$forum->deleteForum($a_forum['id']);
}
//delete the category itself
$database->processQuery("DELETE FROM `cats` WHERE `id` = ?", array($_REQUEST['cat']), false);
$content = 'Delete successful!';
}
} else {
$cat = $database->processQuery("SELECT `title`,`id`,`type`,`pos` FROM `cats` WHERE `id` = ?", array($_REQUEST['cat']), true);
if (!isset($_POST['category'])) {
$content = '
<form action="editcat.php?cat=' . $cat[0]['id'] . '" method="POST">
<table>
<tr>
<td>Category</td>
<td><input type="text" name="category" class="button" value="' . $cat[0]['title'] . '"></td>
</tr>
<tr>
<td>Staff-Only</td>
<td><input type="checkbox" name="staff" value="1"';
<tr><td>Message</td><td><textarea name="reply" class="button" cols="45" rows="20" maxlength="2000"></textarea></td></tr>
<tr><td></td><td align="left"><input type="submit" class="button" value="Create"></td></tr>
</table>
</form>';
} elseif (strlen($_POST['reply']) > 2000 || strlen($_POST['title']) > 50) {
$content = 'Your reply cannot be greater than 2000 characters; your title cannot be greater than 50 characters. <input type="button" class="button" value="Back" onclick="goBack()" />';
} elseif (strlen($_POST['reply']) == 0 || strlen($_POST['title']) == 0) {
$content = 'Either your message contents or title is empty. <input type="button" class="button" value="Back" onclick="goBack()" />';
} else {
if ($rank < 4) {
$receiver = '!';
} else {
$receiver = isset($_POST['mass_message']) ? '*' : $_POST['receiver'];
}
//verify the selected user exists
$database->processQuery("SELECT * FROM `users` WHERE `username` = ?", array($receiver), false);
if ($database->getRowCount() == 0 && $receiver != '!' && $receiver != '*') {
$content = 'The chosen user does not exist. <input type="button" class="button" value="Back" onclick="goBack()" />';
} else {
//create conversation
$database->processQuery("INSERT INTO `messages` VALUES (null, ?, ?, ?, ?, ?, NOW(), '0', '0', ?, ?)", array($username, $receiver, $_POST['title'], nl2br($_POST['reply']), $_SERVER['REMOTE_ADDR'], $username, time()), false);
$base->redirect('viewmessage.php?id=' . $id);
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:IE>
<head>
<meta http-equiv="Expires" content="0">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
<?php
require '../../includes/config.php';
require '../../structure/database.php';
require '../../structure/base.php';
require '../../structure/user.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base();
$user = new user($database);
$user->updateLastActive();
$rank = $user->getRank($user->getUsername($_COOKIE['user'], 2));
//id of the story
$id = $_GET['id'];
//make sure the story exists then extract its content
$story = $database->processQuery("SELECT `id`,`title`,`content` FROM `stories` WHERE `id` = ?", array($id), true);
//doesn't exist, send them to stories index
if ($database->getRowCount() == 0) {
$base->redirect('index.php');
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:IE>
<head>
<meta http-equiv="Expires" content="0">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
<meta name="MSSmartTagsPreventParsing" content="TRUE">
<title><?php
echo $data['wb_title'];
?>
</title>
