}
$db->sql_freeresult($ipresult);
}
//do name test then error if on list
if ($shoutconf['nameblock']) {
$nameresult = $db->sql_query("SELECT name FROM " . $prefix . "_shoutblock_nameblock WHERE name = '" . Fix_Quotes($username, true) . "' LIMIT 0,1");
while ($badname = $db->sql_fetchrow($nameresult)) {
if ($username == $badname[0]) {
$error = _SHOUTUSERBAN;
}
}
$db->sql_freeresult($nameresult);
}
//look for bad words, then censor them.
if ($shoutconf['censor']) {
$comment = check_words($comment);
}
//if error just reload page, else add posting.
if ($error) {
cpg_error($error);
} else {
$db->sql_query("INSERT INTO " . $prefix . "_shoutblock VALUES (NULL, '" . Fix_Quotes($username) . "', '" . Fix_Quotes($comment) . "', '" . gmtime() . "')");
url_redirect($CPG_SESS['user']['uri']);
}
}
function nav_shouts()
{
global $prefix, $db, $offset, $number, $shoutconf, $userinfo;
$offset = intval($offset);
$result = $db->sql_query("SELECT * FROM " . $prefix . "_shoutblock ORDER BY id DESC LIMIT {$offset},25");
$loop = $db->sql_numrows($result);
function CreateTopic($xanonpost, $subject, $comment, $pid, $pollID, $host_name, $mode, $order, $thold, $posttype)
{
global $user, $userinfo, $EditedMessage, $cookie, $prefix, $pollcomm, $anonpost, $db, $module_name;
$author = FixQuotes($author);
$subject = FixQuotes(filter_text($subject, "nohtml"));
$comment = format_url($comment);
if ($posttype == "exttrans") {
$comment = FixQuotes(nl2br(htmlspecialchars(check_words($comment))));
} elseif ($posttype == "plaintext") {
$comment = FixQuotes(nl2br(filter_text($comment)));
} else {
$comment = FixQuotes(filter_text($comment));
}
if (is_user($user)) {
getusrinfo($user);
}
if (is_user($user) && !$xanonpost) {
getusrinfo($user);
$name = $userinfo[username];
$email = $userinfo[femail];
$url = $userinfo[user_website];
$score = 1;
} else {
$name = "";
$email = "";
$url = "";
$score = 0;
}
$ip = $_SERVER["REMOTE_HOST"];
if (empty($ip)) {
$ip = $_SERVER["REMOTE_ADDR"];
}
$pollID = intval($pollID);
$result = $db->sql_query("select count(*) from " . $prefix . "_poll_desc where pollID='{$pollID}'");
$fake = $db->sql_numrows($result);
if ($fake == 1) {
if ($anonpost == 0 and is_user($user) or $anonpost == 1) {
$db->sql_query("insert into " . $prefix . "_pollcomments values (NULL, '{$pid}', '{$pollID}', now(), '{$name}', '{$email}', '{$url}', '{$ip}', '{$subject}', '{$comment}', '{$score}', '0')");
update_points(9);
} else {
echo "Nice try...";
die;
}
} else {
include "header.php";
echo "According to my records, the topic you are trying " . "to reply to does not exist. If you're just trying to be " . "annoying, well then too bad.";
include "footer.php";
die;
}
if ($pollcomm == 1) {
if (isset($cookie[4])) {
$options .= "&mode={$cookie['4']}";
} else {
$options .= "&mode=thread";
}
if (isset($cookie[5])) {
$options .= "&order={$cookie['5']}";
} else {
$options .= "&order=0";
}
if (isset($cookie[6])) {
$options .= "&thold={$cookie['6']}";
} else {
$options .= "&thold=0";
}
} else {
$options = "";
}
Header("Location: modules.php?name={$module_name}&op=results&pollID={$pollID}{$options}");
}
function filter($what, $strip = "", $save = "", $type = "")
{
if ($strip == "nohtml") {
$what = check_html($what, $strip);
$what = htmlentities(trim($what), ENT_QUOTES);
// If the variable $what doesn't comes from a preview screen should be converted
if ($type != "preview" and $save != 1) {
$what = html_entity_decode($what, ENT_QUOTES);
}
}
if ($save == 1) {
$what = check_words($what);
$what = check_html($what, $strip);
$what = addslashes($what);
} else {
$what = stripslashes(FixQuotes($what));
$what = check_words($what);
$what = check_html($what, $strip);
}
return $what;
}
/**
* Spell check all available records
* If there is a spelling error, DO NOT add an item to the work_unit table
* so it can be manually assigned to operators
*
* @param string $data The string to space
* @param int $cell_id The cell id
* @param int $work_id The work id
* @param int $process_id The process id
* @return int Return 1 if there is a spelling error, otherwise return 0
*
*/
function spelling($data, $cell_id, $work_id, $process_id, $row_id)
{
if (check_words($data) == 1) {
//If there is a spelling error, do not create a work_unit record
return 1;
}
return 0;
}
function replyPost($sid)
{
global $db, $prefix, $MAIN_CFG, $userinfo;
if (!$MAIN_CFG['global']['anonpost'] && !is_user()) {
cpg_error(_NOANONCOMMENTS);
}
$pid = intval($_POST['pid']);
$subject = Fix_Quotes(check_words($_POST['subject']), 1);
$comment = Fix_Quotes(encode_bbcode(htmlprepare(check_words($_POST['comment']))), 1);
if (is_user()) {
$name = $userinfo['username'];
$email = $userinfo['femail'];
$url = $userinfo['user_website'];
$score = 1;
} else {
$name = $email = $url = '';
$score = 0;
}
$ip = $userinfo['user_ip'];
list($fake) = $db->sql_ufetchrow("SELECT COUNT(*) FROM " . $prefix . "_stories WHERE sid='{$sid}'", SQL_NUM);
if ($fake) {
$db->sql_query("INSERT INTO " . $prefix . "_comments (tid, pid, sid, date, name, email, url, host_name, subject, comment, score, reason) VALUES (DEFAULT, '{$pid}', '{$sid}', " . time() . ", '{$name}', '{$email}', '{$url}', '{$ip}', '{$subject}', '{$comment}', '{$score}', '0')");
$db->sql_query("UPDATE " . $prefix . "_stories SET comments=comments+1 WHERE sid='{$sid}'");
URL::redirect(URL::index('&file=article&sid=' . $sid));
} else {
cpg_error("According to our records, the article you are trying to reply to does not exist. If you're just trying to be annoying, well then too bad.");
}
}
output_html5_header('Register', array("bootstrap/css/bootstrap.css", "css/style.css"), array("js/jquery.min.js", "bootstrap/js/bootstrap.min.js"));
if (count($_POST) == 4 && array_key_exists('email', $_POST) && array_key_exists('pass', $_POST) && array_key_exists('firstName', $_POST) && array_key_exists('lastName', $_POST)) {
$email = htmlspecialchars(trim($_POST['email']));
$password = htmlspecialchars(trim($_POST['pass']));
$firstName = htmlspecialchars(trim($_POST['firstName']));
$lastName = htmlspecialchars(trim($_POST['lastName']));
$errorE = false;
$errorFN = false;
$errorLN = false;
if (!check_email($email)) {
$errorE = true;
}
if (!check_words($firstName)) {
$errorFN = true;
}
if (!check_words($lastName)) {
$errorLN = true;
}
if (!$errorE && !$errorFN && !$errorLN) {
db_connect();
if (db_check_email($email)) {
message("bad", " User already registred. Try again.<a onclick='history.go(-1);'> Go back. </a>");
} else {
db_add_new_user($email, $password, $firstName, $lastName);
message("good", " Successfully registered! <a href=\"my_page.php\">Continue</a>");
$_SESSION['loggedin'] = $email;
}
} else {
unset($_SESSION['loggedin']);
$problemCode = 0;
if ($errorE) {
trigger_error('<br />' . sprintf(ERR_IMGSIZE_TOO_LARGE, $_POST['MAX_FILE_SIZE']), E_USER_ERROR);
}
$title = isset($_POST['title']) && !empty($_POST['title']) ? Fix_Quotes($_POST['title'], true) : '';
check_words($title);
$caption = isset($_POST['caption']) && !empty($_POST['caption']) ? Fix_Quotes(html2bb($_POST['caption'], 1)) : '';
check_words($caption);
$keywords = isset($_POST['keywords']) && !empty($_POST['keywords']) ? Fix_Quotes($_POST['keywords'], 1) : '';
check_words($keywords);
$user1 = isset($_POST['user1']) && !empty($_POST['user1']) ? Fix_Quotes($_POST['user1'], 1) : '';
check_words($user1);
$user2 = isset($_POST['user2']) && !empty($_POST['user2']) ? Fix_Quotes($_POST['user2'], 1) : '';
check_words($user2);
$user3 = isset($_POST['user3']) && !empty($_POST['user3']) ? Fix_Quotes($_POST['user3'], 1) : '';
check_words($user3);
$user4 = isset($_POST['user4']) && !empty($_POST['user4']) ? Fix_Quotes($_POST['user4'], 1) : '';
check_words($user4);
$album = isset($_POST['album']) && is_numeric($_POST['album']) ? $_POST['album'] : cpg_die(_CRITICAL_ERROR, PARAM_MISSING, __FILE__, __LINE__);
// Check if the album id provided is valid
if (!GALLERY_ADMIN_MODE) {
$alb_cat = "SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}' and (uploads = 1 OR category = '" . (USER_ID + FIRST_USER_CAT) . "')";
} else {
$alb_cat = "SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}'";
}
if (($result = $db->sql_query($alb_cat, true)) && $db->sql_numrows($result)) {
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$category = $row['category'];
} else {
cpg_die(_ERROR, UNKNOWN_ALBUM, __FILE__, __LINE__);
}
$picname = strtolower($_FILES['userpicture']['name']);
cpg_error('<p>' . _MODULEUSERS . ($MAIN_CFG['member']['allowuserreg'] ? _MODULEUSERS2 : '') . '</p>', 401);
} else {
if (isset($_POST['submit'])) {
if (!isset($CPG_SESS['submit_story']) && !$CPG_SESS['submit_story']) {
cpg_error(_SPAMGUARDPROTECTED);
}
$uid = is_user() ? $userinfo['user_id'] : 1;
$name = is_user() ? $userinfo['username'] : _ANONYMOUS;
$subject = isset($_POST['subject']) ? Fix_Quotes($_POST['subject']) : '';
$story = isset($_POST['story']) ? Fix_Quotes(html2bb($_POST['story'])) : '';
$storyext = isset($_POST['storyext']) ? Fix_Quotes(html2bb($_POST['storyext'])) : '';
$topic = isset($_POST['topic']) ? intval($_POST['topic']) : 1;
$alanguage = isset($_POST['alanguage']) ? Fix_Quotes($_POST['alanguage']) : '';
$subject = check_words($subject);
$story = encode_bbcode(check_words($story));
$storyext = encode_bbcode(check_words($storyext));
$db->sql_query('INSERT INTO ' . $prefix . '_queue (qid, uid, uname, subject, story, storyext, timestamp, topic, alanguage) ' . "VALUES (DEFAULT, '{$uid}', '{$name}', '{$subject}', '{$story}', '{$storyext}', " . time() . ", {$topic}, '{$alanguage}')");
if ($MAIN_CFG['global']['notify']) {
$notify_message = "{$MAIN_CFG['global']['notify_message']}\n\n\n========================================================\n{$subject}\n\n\n" . decode_bbcode($story, 1, true) . "\n\n" . decode_bbcode($storyext, 1, true) . "\n\n{$name}";
if (!send_mail($mailer_message, $notify_message, 0, $MAIN_CFG['global']['notify_subject'], $MAIN_CFG['global']['notify_email'], $MAIN_CFG['global']['notify_email'], $MAIN_CFG['global']['notify_from'], $name)) {
echo $mailer_message;
}
}
$CPG_SESS['submit_story'] = false;
unset($CPG_SESS['submit_story']);
list($waiting) = $db->sql_ufetchrow("SELECT COUNT(*) FROM {$prefix}_queue", SQL_NUM);
cpg_error(_SUBTEXT . '<br />' . _WEHAVESUB . ' <strong>' . $waiting . '</strong> ' . _WAITING, _Submit_NewsLANG, URL::index('&file=submit'));
} else {
$CPG_SESS['submit_story'] = true;
$story = isset($_POST['story']) ? $_POST['story'] : false;
$storyext = isset($_POST['storyext']) ? $_POST['storyext'] : false;
function filter_text($Message, $strip = '')
{
depricated_warning();
return check_words($Message);
}
function r_comments($id, $title)
{
global $prefix, $db, $module_name;
$result = $db->sql_query("SELECT cid, userid, date, comments, score FROM " . $prefix . "_reviews_comments \n\tWHERE rid='{$id}' \n\tORDER BY date DESC");
while (list($cid, $uname, $date, $comments, $score) = $db->sql_fetchrow($result)) {
OpenTable();
$title = urldecode($title);
echo "<b>{$title}</b><br />";
if ($uname == 'Anonymous') {
echo _POSTEDBY . " {$uname} " . _ON . " {$date}<br />";
} else {
echo _POSTEDBY . ' <a href="' . URL::index('Your_Account&profile=' . $uname) . "\">{$uname}</a> " . _ON . " {$date}<br />";
}
echo _MYSCORE . ' ';
display_score($score);
if (can_admin(strtolower($module_name))) {
echo '<br /><b>' . _ADMIN . '</b> [ <a href="' . URL::index("&rop=del_comment&cid={$cid}&id={$id}") . '">' . _DELETE . '</a> ]';
}
$comments = nl2br(check_words($comments));
echo '<hr /><br /><br />' . "\n{$comments}\n";
CloseTable();
echo '<br />';
}
}
cpg_error(sprintf(_ERROR_NOT_SET, 'Comment name'));
}
if (strlen($comment_email) < 3) {
cpg_error(sprintf(_ERROR_NOT_SET, 'Comment email'));
}
if (strlen($comment_text) < 3) {
cpg_error(sprintf(_ERROR_NOT_SET, 'Comment text'));
}
if ($cfg_comment_limit >= 1) {
$comment_text = substr($comment_text, 0, $cfg_comment_limit);
}
$db->sql_query("INSERT INTO " . $prefix . "_blogs_comments VALUES (NULL, '{$comment_blog}', '{$comment_name}', '{$comment_email}', {$comment_ip}, '{$comment_text}', '" . gmtime() . "')");
url_redirect(getlink('&mode=display&id=' . $comment_blog . '&comments=show'));
} elseif (isset($_POST['revise_entry']) && (is_user() || is_admin())) {
$blog_title = Fix_Quotes(check_words($_POST['title']), 1);
$blog_text = Fix_Quotes(check_words($_POST['bodytext']), 1);
$blog_private = intval($_POST['private']);
$blog_id = intval($_POST['blog_id']);
$db->sql_query("UPDATE " . $prefix . "_blogs SET title='{$blog_title}', text='{$blog_text}', private='{$blog_private}' WHERE id='{$blog_id}'");
url_redirect(getlink('&mode=display&id=' . $blog_id));
} elseif ($mode == 'user') {
$lookup_username = isset($_POST['nick']) && !empty($_POST['nick']) ? $_POST['nick'] : (isset($_GET['nick']) ? $_GET['nick'] : cpg_error(sprintf(_ERROR_NOT_SET, _NICKNAME), _SEC_ERROR));
/* This doesn't allow for UTF-8 usernames
if (!ereg("^([a-zA-Z0-9_\-]+)$", $lookup_username)) {
cpg_error(sprintf(_ERROR_BAD_CHAR, strtolower(_B_BLOG)), _SEC_ERROR);
}
*/
$lookup_username = Fix_Quotes($lookup_username);
$priv = $lookup_username == $userinfo['username'] ? '' : "AND private='0'";
//$result = $db->sql_query("SELECT id, title, timestamp FROM ".$prefix."_blogs WHERE aid='".$lookup_username."' $priv ORDER BY timestamp DESC");
$result = $db->sql_query("SELECT * FROM " . $prefix . "_blogs WHERE aid='" . $lookup_username . "' {$priv} ORDER BY timestamp DESC");
function CreateTopic($xanonpost, $subject, $comment, $pid, $sid, $host_name, $mode, $order, $thold, $posttype)
{
global $module_name, $user, $userinfo, $EditedMessage, $cookie, $AllowableHTML, $ultramode, $prefix, $anonpost, $articlecomm, $db;
cookiedecode($user);
$author = FixQuotes($author);
$subject = FixQuotes(filter_text($subject, "nohtml"));
$comment = format_url($comment);
if ($posttype == "exttrans") {
$comment = FixQuotes(nl2br(htmlspecialchars(check_words($comment))));
} elseif ($posttype == "plaintext") {
$comment = FixQuotes(nl2br(filter_text($comment)));
} else {
$comment = FixQuotes(filter_text($comment));
}
if (is_user($user)) {
getusrinfo($user);
}
if (is_user($user) && !$xanonpost) {
getusrinfo($user);
$name = $userinfo[username];
$email = $userinfo[femail];
$url = $userinfo[user_website];
$score = 1;
} else {
$name = "";
$email = "";
$url = "";
$score = 0;
}
$ip = $_SERVER["REMOTE_HOST"];
if (empty($ip)) {
$ip = $_SERVER["REMOTE_ADDR"];
}
$fake = $db->sql_numrows($db->sql_query("SELECT * FROM " . $prefix . "_stories WHERE sid='{$sid}'"));
$comment = trim($comment);
$comment = stripslashes($comment);
if ($fake == 1 and $articlecomm == 1) {
if ($anonpost == 0 and is_user($user) or $anonpost == 1) {
$db->sql_query("INSERT INTO " . $prefix . "_comments VALUES (NULL, '{$pid}', '{$sid}', now(), '{$name}', '{$email}', '{$url}', '{$ip}', '{$subject}', '{$comment}', '{$score}', '0')");
$db->sql_query("UPDATE " . $prefix . "_stories SET comments=comments+1 WHERE sid='{$sid}'");
update_points(5);
if ($ultramode) {
ultramode();
}
} else {
echo "Nice try...";
die;
}
} else {
include "header.php";
echo "According to my records, the topic you are trying " . "to reply to does not exist. If you're just trying to be " . "annoying, well then too bad.";
include "footer.php";
die;
}
if (isset($cookie[4])) {
$options .= "&mode={$cookie['4']}";
} else {
$options .= "&mode=thread";
}
if (isset($cookie[5])) {
$options .= "&order={$cookie['5']}";
} else {
$options .= "&order=0";
}
if (isset($cookie[6])) {
$options .= "&thold={$cookie['6']}";
} else {
$options .= "&thold=0";
}
Header("Location: modules.php?name={$module_name}&file=article&sid={$sid}{$options}");
}
| Dragonfly is released under the terms and conditions of the GNU |
| GPL version 2 or any later version |
+-------------------------------------------------------------------+
*/
if (!defined('ADMIN_PAGES')) {
exit;
}
require_once 'header.php';
require_once CORE_PATH . 'nbbcode.php';
/*
$cpgtpl->set_filenames(array('body' => 'admin/index_body.html'));
$cpgtpl->display('body');
$cpgtpl->destroy();
*/
if (isset($_POST['np_save'])) {
$np_notes = Fix_Quotes(check_words($_POST['np_notes']));
$db->sql_query("UPDATE " . $prefix . "_config_custom SET cfg_value='{$np_notes}' WHERE cfg_field='text' AND cfg_name='notepad'");
Cache::array_delete('MAIN_CFG');
URL::redirect(URL::admin());
}
if (isset($_POST['np_lock']) && can_admin()) {
$db->sql_query("UPDATE " . $prefix . "_config_custom SET cfg_value='1' WHERE cfg_field='lock' AND cfg_name='notepad'");
Cache::array_delete('MAIN_CFG');
URL::redirect(URL::admin());
}
if (isset($_POST['np_unlock']) && can_admin()) {
$db->sql_query("UPDATE " . $prefix . "_config_custom SET cfg_value='0' WHERE cfg_field='lock' AND cfg_name='notepad'");
Cache::array_delete('MAIN_CFG');
URL::redirect(URL::admin());
}
OpenTable();
function filter_text($Message, $strip = "")
{
global $EditedMessage;
check_words($Message);
$EditedMessage = check_html($EditedMessage, $strip);
return $EditedMessage;
}
}
$result = $db->sql_query('SELECT
t.topic_id, t.topic_last_post_id, t.topic_title,
f.forum_name, f.forum_id,
u.username, u.user_id,
p.poster_id, p.post_time
FROM (' . $prefix . '_bbtopics t, ' . $prefix . '_bbforums f)
LEFT JOIN ' . $prefix . '_bbposts p ON (p.post_id = t.topic_last_post_id)
LEFT JOIN ' . $user_prefix . '_users u ON (u.user_id = p.poster_id)
WHERE t.forum_id=f.forum_id ' . $view . '
ORDER BY t.topic_last_post_id DESC
LIMIT 10');
//f.auth_view = 0); // everyone
//f.auth_view = 1); // member
//f.auth_view = 2); // private
//f.auth_view = 3); // moderator
//f.auth_view = 5); // admin
if ($db->sql_numrows($result) < 1) {
$content = 'ERROR';
return trigger_error('There are no forum posts', E_USER_NOTICE);
} else {
$content = '<div style="text-align:center"><b>' . sprintf(_LASTMSGS, 10) . '</b></div><marquee align="center" direction="up" scrollamount="2" scrolldelay="70" onmouseover=\'this.stop()\' onmouseout=\'this.start()\'><br /><div>';
while (list($topic_id, $topic_last_post_id, $topic_title, $forum_name, $forum_id, $username, $user_id, $poster_id, $post_time) = $db->sql_fetchrow($result)) {
$post_time = formatDateTime($post_time, '%b %d, %Y ' . _AT . ' %T');
$topic_title = check_words($topic_title);
$content .= '<img src="' . $iconpath . '/icon_mini_message.gif" alt="" />
<a href="' . URL::index('Forums&file=viewtopic&p=' . $topic_last_post_id . '#' . $topic_last_post_id) . '"><strong>' . $topic_title . '</strong></a><br />
<i>' . sprintf(_LASTPOSTBY, '<a href="' . URL::index('Your_Account&profile=' . $username) . '">' . $username . '</a>', '<a href="' . URL::index('Forums&file=viewforum&f=' . $forum_id) . '">' . $forum_name . '</a>', $post_time) . '</i><br /><br />';
}
$content .= '</div></marquee>';
}
require_once 'lib/dblibs.php';
require_once 'lib/lib.php';
output_html5_header('Edit User', array("bootstrap/css/bootstrap.css", "bootstrap/css/bootstrap-theme.css", "css/style.css"), array("js/jquery.min.js", "bootstrap/js/bootstrap.min.js"));
if (array_key_exists('loggedin', $_SESSION)) {
if (count($_POST) == 5 && array_key_exists('firstName', $_POST) && array_key_exists('lastName', $_POST) && array_key_exists('email', $_POST) && array_key_exists('oldpass', $_POST) && array_key_exists('newpass', $_POST)) {
$fName = htmlspecialchars(trim($_POST['firstName']));
$lName = htmlspecialchars(trim($_POST['lastName']));
$email = htmlspecialchars(trim($_POST['email']));
$oldpass = htmlspecialchars(trim($_POST['oldpass']));
$newpass = htmlspecialchars(trim($_POST['newpass']));
$errorFN = false;
$errorLN = false;
if (!check_words($fName)) {
$errorFN = true;
}
if (!check_words($lName)) {
$errorLN = true;
}
if (!$errorFN && !$errorLN) {
$sql = 'UPDATE Users SET email=:email, ';
$user_array = array(':firstName' => $fName, ':lastName' => $lName, ':email' => $email, ':email' => $email);
db_connect();
if (strcmp($oldpass, "") != 0) {
if (strcmp($newpass, "") != 0) {
$newpassA = md5($newpass);
if (db_check_user($email, $oldpass)) {
$sql .= 'password=:password, ';
$user_array[':password'] = $newpassA;
} else {
$problemCode = 0;
$_SESSION['fName'] = $fName;
function submitStory($name, $address, $subject, $story, $storyext, $topic, $alanguage, $posttype)
{
global $user, $EditedMessage, $cookie, $anonymous, $notify, $notify_email, $notify_subject, $notify_message, $notify_from, $prefix, $db;
if (is_user($user)) {
cookiedecode($user);
$uid = $cookie[0];
$name = $cookie[1];
} else {
$uid = 1;
$name = "{$anonymous}";
}
$subject = ereg_replace("\"", "''", $subject);
$subject = FixQuotes(filter_text($subject, "nohtml"));
if ($posttype == "exttrans") {
$story = FixQuotes(nl2br(htmlspecialchars(check_words($story))));
$storyext = FixQuotes(nl2br(htmlspecialchars(check_words($storyext))));
} elseif ($posttype == "plaintext") {
$story = FixQuotes(nl2br(filter_text($story)));
$storyext = FixQuotes(nl2br(filter_text($storyext)));
} else {
$story = FixQuotes(filter_text($story));
$storyext = FixQuotes(filter_text($storyext));
}
$result = $db->sql_query("INSERT INTO " . $prefix . "_queue VALUES (NULL, '{$uid}', '{$name}', '{$subject}', '{$story}', '{$storyext}', now(), '{$topic}', '{$alanguage}')");
if (!$result) {
echo "" . _ERROR . "<br>";
exit;
}
if ($notify) {
$notify_message = "{$notify_message}\n\n\n========================================================\n{$subject}\n\n\n{$story}\n\n{$storyext}\n\n{$name}";
mail($notify_email, $notify_subject, $notify_message, "From: {$notify_from}\nX-Mailer: PHP/" . phpversion());
}
include 'header.php';
OpenTable();
$waiting = $db->sql_numrows($db->sql_query("SELECT * FROM " . $prefix . "_queue"));
echo "<center><font class=\"title\">" . _SUBSENT . "</font><br><br>" . "<font class=\"content\"><b>" . _THANKSSUB . "</b><br><br>" . "" . _SUBTEXT . "" . "<br>" . _WEHAVESUB . " {$waiting} " . _WAITING . "";
CloseTable();
include 'footer.php';
}