Exemplo n.º 1
0
function topicReplies()
{
    global $themedir, $l;
    global $globals, $mysql, $theme, $done, $errors;
    global $user;
    global $qu;
    global $board;
    $theme['name'] = 'board';
    $theme['call_theme_func'] = 'topicReplies';
    // This is creating some funny problem of $l first character being something else
    //loadlang($l = 'board');
    loadlang('board');
    fheader("Topic Replies to {$_GET['topic']}");
    //printrr( $user );
    //printrr( debug_backtrace() );
    // $q = "select * from `topics` where `tid` = $_GET[topic]";
    //$q = "select * from `topics` where `tid` = $_GET[topic] LIMIT 1";
    $q = "select * from `topics` `t` RIGHT JOIN `users` `u` ON `t`.`tcreatedbyuid`=`u`.`uid` WHERE `t`.`tid` = {$_GET['topic']} LIMIT 1";
    $qu[1] = db_query($q);
    // to show ip addresses in human readable format
    ///while($my = mysql_fetch_assoc($q2_2 ) )
    ///printrr( inet_ntop ($my['tcreatedbyuid_IPv4'] ) );
    $q = "SELECT * FROM `replies` WHERE `topic_tid` = {$_GET['topic']}";
    $qu[2] = db_query($q);
    //echo date("g:i a d-F-Y");
    // input time as (int) in DB,
    // and when pulling, read it & convert it into date string
    //echo time();
    //printrr($_SERVER);
}
Exemplo n.º 2
0
function listUsers()
{
    global $themedir;
    global $globals, $mysql, $theme, $done, $errors;
    global $l;
    global $time;
    global $user, $reqPrivs;
    global $q;
    $theme['name'] = 'list';
    $theme['call_theme_func'] = 'listUsers';
    loadlang();
    // fheader($title = 'View Profile');
    fheader("List Users");
    // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
    // if from Admin Board Settings table, loginReq column is 1, then, login is required to view
    // so redirect him to login page
    if ($reqPrivs['board']['loginReq']) {
        if (!userUidSet()) {
            redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
        }
    }
    // Base64encode for everything coming from URL
    // Checking input, checking everything coming from $_GET url,
    // sanitizing it, and casting it into an (int) datatype
    //$uid = ( isset($_GET["uid"] ) ? (int) check_input( $_GET["uid"] ) : $user["uid"] );
    // Add if $user['uid'] != $_GET['uid'] , then, see if he is Admin or Editor
    // Else, Not allowed to access this area, permission denied & return false
    // ---Permission stuff here---
    // or probably uid=$_GET[id] to see other's profile
    // $q  = "SELECT * FROM `users` `u` RIGHT JOIN `profile` `p` ON u.uid=p.users_uid WHERE `users_uid`=$uid";
    //$q  = "SELECT * FROM `users` `u` RIGHT JOIN `profile` `p` ON u.uid=p.users_uid WHERE `u`.`uid`=$uid";
    $q = "SELECT * FROM `users`";
    $q = db_query($q);
}
Exemplo n.º 3
0
function permissions()
{
    global $globals, $mysql, $theme, $done, $error;
    global $user;
    global $l;
    $theme['name'] = 'permissions';
    $theme['call_theme_func'] = 'permissions';
    loadlang();
    fheader($title = 'Permissions');
    include "{$globals['rootdir']}" . "/classes/User.php";
    $actions = array('view', 'edit', 'publish', 'delete');
    $users = array('a1u', 'a2u', 'a3u', 'a4u');
    $action = isset($_GET['action']) && in_array($_GET['action'], $actions) ? $_GET['action'] : 'view';
    $user = isset($_GET['user']) && in_array($_GET['user'], $users) ? $_GET['user'] : '******';
    $q1 = "SELECT `groups`.`priv`, `groups`.`name` FROM `users` \n\tJOIN \n\t`groups` ON `users`.`group` = `groups`.`id` \n\tWHERE `users`.`uname` = '%s' \n\t'LIMIT 1'\n\t";
    $qq1 = db_query(sprintf($q1, $user));
    if (!$qq1) {
        error_reporting('Cud not select from DB');
    }
    $temp = mysql_fetch_object($qq1);
    $userClass = new User();
    $userClass->setGroup($temp->name);
    $userClass->setPriv($temp->priv);
    $q1 = "SELECT `priv` FROM `actions` WHERE `name` = '%s' ";
    $qq1 = db_query(sprintf($q1, $action));
    if (!$qq1) {
        error_reporting('Cud not select frm DB');
    }
    $temp = mysql_fetch_object($qq1);
}
Exemplo n.º 4
0
function register()
{
    global $globals, $mysql, $theme, $done, $error;
    global $user;
    global $l;
    $theme['name'] = 'register';
    $theme['call_theme_func'] = 'register';
    loadlang();
    fheader($title = 'Registration');
    if (isset($_POST['sub_register'])) {
        // special characters, etc not allowed
        // only AlphaNumeric and _ (underscore) charachters allowed
        $username = mandff($_POST['username'], $l['user_req']);
        $password = mandff($_POST['password'], $l['pass_req']);
        $email = mandff($_POST['email'], $l['email_req']);
        $url = $_POST['url'];
        if ($error) {
            return false;
        }
        // cleanup of $_POST not happening.
        // now cleanup of POST happening
        foreach ($_POST as $k => $v) {
            $v = check_input($v);
        }
        $username = $username;
        $password = $password;
        $email = $email;
        $url = $url;
        $salt = 'abc';
        // by default the level of user & privileges are minimum, level=1
        $group = 1;
        // Password & Salt getting md5()'d
        $password = md5($password . $salt);
        $q1 = "SELECT `email` FROM `users` WHERE `email` = '{$email}'";
        $qq1 = mysql_query($q1);
        if (mysql_num_rows($qq1) > 0) {
            $error['email_exists'] = $l['email_exists'];
            return false;
        }
        // $q = "INSERT INTO `users`(`username`, `password`, `email`, `url`, `salt`) VALUES('$username', '$password', '$email', '$url', '$salt') ";
        $q[1] = "INSERT INTO `users`(`username`, `password`, `email`, `url`, `salt`, `group`) VALUES('{$username}', '{$password}', '{$email}', '{$url}', '{$salt}', '{$group}')";
        $qu[1] = mysql_query($q[1]);
        //$ins_id = mysql_insert_id($qu[1]);
        $ins_id = mysql_insert_id();
        //echo "ins_id = " . $ins_id;
        // an insert id goes in here, which becomes the user[uid]
        $q[2] = "INSERT INTO `profile` (`users_uid`) VALUES('{$ins_id}')";
        $qu[2] = mysql_query($q[2]);
        $q[3] = "INSERT INTO `ai_actions_taken` (`users_uid`) VALUES('{$ins_id}')";
        $qu[3] = mysql_query($q[3]);
        if ($qu[1]) {
            $done = true;
        } else {
            $errors = 'faltugiri';
        }
    }
}
Exemplo n.º 5
0
function the_endpage()
{
    global $themedir;
    global $globals, $mysql, $theme, $done, $error, $errors;
    global $l;
    global $time;
    global $user;
    global $endpage_msg;
    $theme['name'] = "the_endpage";
    $theme['call_theme_func'] = "the_endpage";
    loadlang();
    fheader($title = "the EndPage :P");
}
Exemplo n.º 6
0
function logout()
{
    global $globals, $mysql, $theme, $done, $error;
    global $user;
    global $l;
    //$theme['name'] = 'logout';
    //$theme['call_theme_func'] = 'logout';
    loadlang();
    fheader($title = 'Logout');
    if (isset($_GET["action"]) && $_GET["action"] == "logout") {
        session_destroy();
        //		foreach( $user as $k => $v )
        //			unset( $user["$k"] );
        //		printrr( $user );
    }
    header("Location:index.php");
}
Exemplo n.º 7
0
function permissions()
{
    global $globals, $mysql, $theme, $done, $error;
    global $user;
    global $l;
    $theme['name'] = 'permissions';
    $theme['call_theme_func'] = 'permissions';
    loadlang();
    fheader($title = 'Permissions');
    if (isset($_POST['sub_register'])) {
        $email = mandff($_POST['email'], $l['user_email_req']);
        $password = mandff($_POST['password'], $l['pass_req']);
        if ($error) {
            return false;
        }
        // cleanup of $_POST not happening.
        // now cleanup of POST happening
        foreach ($_POST as $k => $v) {
            $v = check_input($v);
        }
        $email = $email;
        $password = $password;
        $salt = 'abc';
        // Password & Salt getting md5()'d
        $password = md5($password . $salt);
        /*
         * Select only 1 column from email or username
        $q1 = "SELECT * FROM `users` WHERE 
        ( 
        ( `email` = '$email' OR username = '******' ) 
        AND 
        `password` = '$password' 
        ) ";
        */
        $q1 = "SELECT * FROM `users` WHERE \n\t\t`email` = '{$email}' AND `password` = '{$password}' \n\t\tOR \n\t\tusername = '******' AND `password` = '{$password}' \n\t\t";
        $qq1 = db_query($q1);
        if (mysql_num_rows($qq1) > 0) {
            $done = true;
            // if successful login, redirect to index.php
            header("Location: index.php");
        } else {
            $error[] = 'Username/Email not valid';
        }
    }
}
Exemplo n.º 8
0
function adminMain()
{
    global $themedir;
    global $globals, $mysql, $theme, $done, $errors;
    global $l;
    global $time;
    global $user;
    global $q;
    global $reqPrivs;
    $theme['name'] = 'admin';
    $theme['call_theme_func'] = 'adminMain';
    loadlang('admin');
    fheader($title = 'Admin Section');
    // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
    // if from Admin Board Settings table, loginReq column is 1, then, login is required to view
    // so redirect him to login page
    if ($reqPrivs['board']['loginReq']) {
        if (!userUidSet()) {
            redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
        }
    }
    //printrr( $user );
    //echo 1;
    //printrr( $reqPrivs );
    //if( !($user['priv'] & $reqPrivs['priv'] ) || $user['level'] != $reqPrivs['level'] )
    if (isset($user['g_name']) && $user['g_name'] != 'administrator') {
        $errors['permission_denied'] = $l['permission_denied'];
        return false;
    }
    /*
    	if( isset($_GET['area'] ) )
    	{
    		switch $_GET['area']
    		{
    			case: 
    		}
    		
    	}
    */
}
Exemplo n.º 9
0
function topics()
{
    global $themedir;
    global $globals, $mysql, $theme, $done, $errors;
    global $user;
    $theme['name'] = 'board';
    $theme['call_theme_func'] = 'board_theme';
    fheader($title = 'Start Board');
    $q = "SELECT * FROM `board` ";
    $qu = mysql_query($q);
    /*
     * 
    for($i =0; $i = mysql_fetch_assoc($qu); $i++)
    {
    	echo 'this: ii: ';
    	printrr($i);
    }
    */
    printrr($_POST);
    if (isset($_POST)) {
    }
}
Exemplo n.º 10
0
function friendsList()
{
    global $themedir;
    global $globals, $mysql, $theme, $done, $error, $errors, $notice;
    global $l;
    global $time;
    global $user;
    global $par;
    global $db, $qu, $show;
    $theme["name"] = "friends";
    $theme["call_theme_func"] = "friendsList";
    loadlang();
    fheader("Friends List");
    $fl = 'friends_list';
    // getting friendsList of a user
    $uid = isset($_GET["uid"]) ? (int) check_input($_GET["uid"]) : $user["uid"];
    $q1 = "SELECT * FROM `users` WHERE `uid` IN ({$user[$fl]}) ";
    $qu = db_query($q1);
    if (is_resource($qu)) {
        $show = 1;
    } else {
        $notice['no_friends'] = 'No friends to show.';
    }
}
Exemplo n.º 11
0
function modifyprofile()
{
    global $themedir;
    global $globals, $mysql, $theme, $done, $error, $errors;
    global $l, $row;
    global $time;
    global $user, $reqPrivs;
    $theme['name'] = 'modifyprofile';
    $theme['call_theme_func'] = 'modifyprofile';
    loadlang();
    fheader($title = 'Modify Profile');
    // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
    // if from Admin Board Settings table, loginReq column is 1, then, login is required to view
    // so redirect him to login page
    if ($reqPrivs['board']['loginReq']) {
        if (!userUidSet()) {
            redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
        }
    }
    //printrr( $user);
    //printrr( $reqPrivs );
    $uid = (int) (isset($_GET['uid']) && !empty($_GET['uid']) ? check_input($_GET['uid']) : $user['uid']);
    // if( $user['g_priv'] & $privs['guest']['g_priv'] )
    // if( $_GET['id'] != $user['uid'] && !($user['uid']) )
    if ($uid != $user['uid'] && !((int) $user['g_priv'] & (int) $reqPrivs['edit']['a_priv'])) {
        $errors['access_denied'] = "Not allowed to access this area.";
        return false;
    }
    //echo round ($time->scriptTime() );
    if (isset($_POST['modprof'])) {
        /*
        // Creating Variable Names dynamically with the array keys;
        foreach( $_POST as $k => $v )
        {
        	"$" .$k = check_input($_POST[$v]);
        	"$" . $k  = $v;
        	echo "k: " . "$k" . ", ";
        }
        echo "<br />s: " . $sex;
        */
        $url = check_input($_POST['url']);
        $display_name = check_input($_POST['display_name']);
        $about = check_input($_POST['about']);
        $dob = check_input($_POST['dob']);
        $sex = check_input($_POST['sex']);
        $display_pic_url = check_input($_POST['display_pic_url']);
        $perfume = check_input($_POST['perfume']);
        // Base64encode for everything coming from URL
        // Checking input, checking everything coming from $_GET url,
        // sanitizing it, and casting it into an (int) datatype
        $uid = isset($_GET["uid"]) ? (int) check_input($_GET["uid"]) : $user["uid"];
        if ($errors) {
            return false;
        }
        // update users & profile table with new data
        $q[1] = "UPDATE `users` `u` JOIN `profile` `p` \n\t\t\tSET \n\t\t\t`u`.`url`='{$url}', \n\t\t\t`p`.`display_name`='{$display_name}', \n\t\t\t`p`.`about`='{$about}', \n\t\t\t`p`.`dob`='{$dob}', \n\t\t\t`p`.`sex`='{$sex}',\n\t\t\t`p`.`display_pic_url`='{$display_pic_url}',\n\t\t\t`p`.`perfume`='{$perfume}' \n\t\t\tWHERE `u`.`uid`={$uid} AND `p`.`users_uid`={$uid}";
        $qe[1] = db_query($q[1]);
        //insert_and_id();
    }
    // was taking the $_GET[uid] directly
    // $q = "SELECT * FROM `users` `u` JOIN `profile` `p` ON `u`.`uid`=`p`.`users_uid` WHERE `u`.`uid`= $_GET[uid]";
    // now taking $uid which is either a $_GET['uid'] if it is set, or else it is the set $user[uid]
    $q[2] = "SELECT * FROM `users` `u` JOIN `profile` `p` ON `u`.`uid`=`p`.`users_uid` WHERE `u`.`uid`= {$uid}";
    $qe[2] = db_query($q[2]);
    $row = mysql_fetch_assoc($qe[2]);
}
Exemplo n.º 12
0
 function dealdata($data)
 {
     global $current_size, $tablearr, $writefile_data, $_POST;
     $current_size += strlen($data);
     $writefile_data .= $data;
     if ($current_size >= intval($_POST["filesize"]) * 1024) {
         $current_size = 0;
         $writefile_data .= "\r\n?" . ">";
         writefile($writefile_data, "w");
         $_POST[page] = intval($_POST[page]) + 1;
         fheader();
         echo tablestart("正在从数据库'{$_POST['db_dbname']}'中导出数据……", 500);
         $str1 = "<br>-= 以下数据表处理完成 =- <div class='borderdiv' style='width:150px;height:100px;overflow:auto;' align=left>";
         $finishByte = 0;
         for (reset($tablearr); list($key, $val) = each($tablearr);) {
             if ($key < $_POST[tabledumping]) {
                 $str1 .= "√ {$val}<BR>\r\n";
                 $finishByte += $_POST[fsqltable][$val];
             } else {
                 if ($key == $_POST[tabledumping]) {
                     $str1 .= "<a href='#' id='finisheditem'> </a></div>\n\t\t\t\t\t\t<br>-= 以下数据表正待处理 =-\n\t\t\t\t\t\t<div class='borderdiv' style='width:150px;height:100px;overflow:auto;' align=left>\n\t\t\t\t\t\t<font style='color:#FF0000'>→ {$val}</font><br>\r\n";
                     $finishByte += $_POST[lastinsert] * substr(strstr($_POST[fsqltable][$val], ','), 1);
                     $finish = intval($finishByte / $_POST[totalsize] * 100);
                 } else {
                     $str1 .= "・ {$val}<br>\r\n";
                 }
             }
         }
         $str1 .= "</div><BR>";
         $str2 = tablestart("导出状态", 300);
         $str2 .= tabledata("共有数据:|" . num_bitunit($_POST[totalsize]) . "", "100|200");
         $str2 .= tabledata("现已导出:|" . num_bitunit($finishByte) . "");
         $str2 .= tabledata("每页导出:|" . num_bitunit(intval($finishByte / $_POST[page])) . "");
         $str2 .= tabledata("导出时间间隔:|{$_POST['nextpgtimeout']} 秒");
         $str2 .= tabledata("每页生成数据文件|≥ " . num_bitunit($_POST["filesize"] * 1024) . "");
         $str2 .= tabledata("已生成数据文件:|" . ($_POST[page] - 1) . " 个");
         $str2 .= tabledata("正在自动进入:|<a href='javascript:myform.submit();'>第 {$_POST['page']} 页</a>");
         $str2 .= tabledata("已用时:|" . timeformat(time() - $_POST["StartTime"]) . "");
         $str2 .= tabledata("已完成:|{$finish}% ");
         $str2 .= tabledata("完成进度:|<table width=100% height=12  border=0 cellspacing=1 cellpadding=0 class='tabletitle' align=center><tr><td width='{$finish}%'><div></div></td><td width='" . (100 - $finish) . "%'  class='tabledata'><div></div></td></tr></table>");
         $str2 .= tableend();
         $str2 .= "<B><div id='postingTag'></div></B>";
         echo tabledata("{$str1}|{$str2}");
         echo tableend();
         ffooter();
         eval(auto_submit_script());
         exit;
     }
 }
Exemplo n.º 13
0
function topics()
{
    global $themedir, $l;
    global $globals, $mysql, $theme, $done, $errors;
    global $user;
    global $qu;
    global $board;
    $theme['name'] = 'board';
    $theme['call_theme_func'] = 'topics';
    loadlang($l = 'board');
    //$q1 = "SELECT `bname` FROM `board` WHERE `bid` = $_GET[board]";
    $q1 = "SELECT * FROM `board` WHERE `bid` = {$_GET['board']} LIMIT 1";
    $qu1 = mysql_query($q1);
    $board = mysql_fetch_assoc($qu1);
    //printrr($board);
    // want to display the title as, General Discussion,
    // so fetching it from the DB, so made the previous query
    fheader($board['bname']);
    // actual query to get users
    $q = "SELECT * FROM `topics` WHERE `board_bid` = '{$_GET['board']}' ";
    // $q = "SELECT * FROM `topics` WHERE `board_bid` = '$_GET[board]'";
    // echo $q;
    // firing another mysql_query, bcoz,
    // otherwise, mysql_fetch_array takes up 1st row of the query.
    // firing query to be used in theme page
    $qu = mysql_query($q);
    // Add new thing $board,
    // which will have the details of Board
    // Make query for all the threads in the Board
    // with pagination,
    // and all these details will go in $board
}
Exemplo n.º 14
0
function addReply()
{
    global $globals, $mysql, $theme, $done, $errors, $error, $notice, $db;
    global $themedir, $l, $user;
    global $qu, $board;
    global $time, $reqPrivs;
    global $row;
    global $ai;
    $theme['name'] = 'addReply';
    $theme['call_theme_func'] = 'addReply';
    //loadlang();
    loadlang('allFunc', __FUNCTION__);
    fheader($title = 'Add Reply');
    // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
    // if from Admin Board Settings table, loginReq column is 1, then, login is required to view
    // so redirect him to login page
    if ($reqPrivs['board']['loginReq']) {
        if (!userUidSet()) {
            redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
        }
    }
    // Will have to see
    // how reply table works in SMF
    // replies table takes
    // topic id replied to
    // id of user
    // log IP of user
    // time/date (microtime() , less than 5(or other, variable factor) seconds, post cant be made by same IP) that post made
    //
    // if not isset $_GET[post], that means it is not a createTopic, it only an addReply
    // if isset $_GET[post], that means it is a createTopic event
    if (!isset($_GET['post'])) {
        // adding limit 1, as the topic will always be only 1
        $q = "SELECT * FROM `topics` WHERE `tid` = {$_GET['topic']} LIMIT 1";
        $qu[0] = db_query($q);
        $row = mysql_fetch_assoc($qu[0]);
        $q = null;
    }
    if (isset($_POST['reply_sub']) && !empty($_POST['reply'])) {
        $subject = '';
        if (!isset($_GET['post'])) {
            $subject = trim(mandff(check_input($_POST["subject"]), "Subject Empty"));
        }
        $reply = trim(mandff(check_input($_POST["reply"]), "Reply field empty"));
        //echo "reply: ";
        //printrr($reply);
        //ai
        /*
        // the AI(ai) object from the AI_Execute class
        if( $ai &&  is_object($ai ) )
        {
        	// CHECKING FOR SPAM WORDS (Some AI Foo)
        	// $ai execute class for spam words in reply
        	if ($ai->spam_words($reply) ) // if true, then log the activity into the AI_Logs table, for reason "is_spam" & userid & username, date(unix epoch) etc 
        	{
        		// corresponds to the ai_logs table, logggin the ai activity
        		// sending user uid, reason like cause, effect or action etc, type: spam_words, any_definition and time
        		ai_logs($users['uid'], $reason, $type, $definition, $time );
        		
        		// now select the, number of times, logs present in the ai_logs table,
        		// check the severity, that becomes the severity,
        		// now goto, the effects table & see what corresponds to is_spam with given severity.
        		// now goto the Action table for that reason with given severity, 
        		// and see which action is listed, 
        		// include the file, take the action
        		
        		// passing $_POST[reply]
        		print_r($ai->spam_words_e($reply) );
        		
        	}
        	
        }
        */
        // the AI(ai) object from the AI_Execute class
        if ($ai && is_object($ai)) {
            // CHECKING FOR SPAM WORDS (Some AI Foo)
            // $ai execute class for spam words in reply
            $ai->spam_words_e($reply);
        }
        //ai-
        /*
        $arr = array(
        				"keys" => array( "rbody", "topic_id", "poster_users_id", "date", "user_ip") , 
        				"values" => array( 
        										array( "$reply", "$_GET[topic]", "$user[uid]", round( $time->scriptTime() ), "$_SERVER[REMOTE_ADDR]"
        												)
        											)
        					);
        */
        $t = round($time->scriptTime());
        // -> insert_arr($arr);
        // if, its a reply to a topic
        // if( !isset( $_GET['post'] ) )
        if (isset($_GET['topic'])) {
            // for the moment just putting $_SERVER[REMOTE_ADDR] in the query,
            // instead of $user[REMOTE_ADDR]
            $q1I = "INSERT INTO `replies`(\n\t\t\t`rsubject`, `rbody`, `topic_tid`, `poster_users_uid`, `date`, `user_ip`\n\t\t\t) \n\t\t\tVALUES( \n\t\t\t'{$subject}', '{$reply}', {$_GET['topic']}, {$user['uid']}, {$t}, '{$_SERVER['REMOTE_ADDR']}' \n\t\t\t)";
            $q1E = db_query($q1I);
            $id = mysql_insert_id();
        } else {
            // temporary this line of $user[uid], remove it later
            // $user['uid'] = 1;
            //
            $q1I = "INSERT INTO `wall_post_reply`(\n\t\t\t`wpr_content`, `wpr_by_uid`, `wpr_date`, `wp_id`\n\t\t\t) \n\t\t\tVALUES(\n\t\t\t'{$reply}', {$user['uid']}, {$t}, {$_GET['post']}\n\t\t\t)";
            // These 2 lines  of code is also written above in the
            // if condition, so this is code repetition,
            // though i cud have just written the 2 lines of code only once,
            // and written the below 2 procedures $qS2 & $qU1,
            // in another if condition corresponding to this else condition
            // as in, if( isset( $_GET[post]) ), but then, that wud have meant,
            // an if() condition check for every time the script gets executed,
            // for not repeting 2 lines of code(for saving 2 lines of space)
            // it seemed a bad trade-of
            // whereas in this case, though 2 lines will be extra,
            // but, 2 times if condition checking will be saved,
            // only once it will check, in this if() condition block,
            // and decide what to do
            $q1E = db_query($q1I);
            $id = mysql_insert_id();
            // First select all ids from wall_post table
            // then execute this select query, then
            // Run Update query on the the wall post id, with
            // the new wall_post_reply id that you received by inserting
            // new reply
            $qS2 = "SELECT * from `wall_post` WHERE `wp_id`={$_GET['post']}";
            $res = db_query($qS2);
            $row = mysql_fetch_assoc($res);
            // Dont need  this line, the 2 lines below it lines will suffice
            // $string = ( empty( $row['wpr_id'] ) ? $id :  ( $row['wpr_id'] . "," . $id ) );
            $string = $row['wpr_id'] . "," . $id;
            $string = trim($string, ',');
            $qU1 = "UPDATE `wall_post` set `wpr_id`='{$string}' WHERE `wp_id`={$_GET['post']}";
            $res2 = db_query($qU1);
        }
        //		header("Location: ");
        //		header("Location:{$globals['boardurl']}{$globals['ind']}action=topic&topic={$_GET['topic']}");
        //		header("Location: index.php?action=topic&topic={$_GET['topic']}");
        if (is_bool($q1E)) {
            if (isset($_GET['topic'])) {
                $notice['success'] = "Muaah :x, Reply posted successfully. You can go <a href='{$globals['ind']}action=topic&topic={$_GET['topic']}'>HERE</a> to check your reply.";
            } else {
                // $_GET['post'] is set
                $notice['success'] = "Muaah :x, Reply posted successfully. You can go <a href='{$globals['ind']}action=wall&uid={$_GET['uid']}&post={$_GET['post']}'>HERE</a> to check your post.";
            }
            //$notice['success'] = $l['success_wall'];
        } else {
            $error['no_success'] = "Could not post the reply.";
        }
        //$error['no_success'] = $l['no_success'];
    }
}
Exemplo n.º 15
0
function login()
{
    global $globals, $mysql, $theme, $done, $error;
    global $user;
    global $l;
    $theme['name'] = 'login';
    $theme['call_theme_func'] = 'login';
    loadlang();
    fheader($title = 'Login');
    if (isset($_POST['sub_register'])) {
        $email = mandff(check_input($_POST['email']), $l['user_email_req']);
        $password = mandff(check_input($_POST['password']), $l['pass_req']);
        if ($error) {
            return false;
        }
        // cleanup of $_POST not happening.
        // now cleanup of POST happening
        foreach ($_POST as $k => $v) {
            $v = check_input($v);
        }
        $email = $email;
        $password = $password;
        $salt = 'abc';
        // Password & Salt getting md5()'d
        $password = md5($password . $salt);
        /*
        //--- commented ---
        // Select only 1 column from email or username
        $q1 = "SELECT * FROM `users` WHERE 
        ( 
        ( `email` = '$email' OR username = '******' ) 
        AND 
        `password` = '$password' 
        ) ";
        // AND  `password` = '$password'
        //		$q1 = "SELECT u.uid, u.username, u.email, u.url, u.group, g.g_name, g.g_priv  
        */
        /*
        $q1 = "SELECT * 
        FROM `users` `u` 
        LEFT JOIN 
        `groups` `g` ON `u`.`group` = `g`.`g_id` 
        WHERE 
        ( `u`.`email` = '$email' 
        OR 
        `u`.`username` = '$email' ) AND `u`.`password` = '$password' 
        ";
        */
        $q1 = "SELECT * \n\t\tFROM `users` `u`  \n\t\tWHERE \n\t\t( `u`.`email` = '{$email}' \n\t\tOR \n\t\t`u`.`username` = '{$email}' ) AND `u`.`password` = '{$password}' \n\t\t";
        $qq1 = db_query($q1);
        if (mysql_num_rows($qq1) == 1) {
            $_SESSION['user']['loggedIn'] = 1;
            $data = array();
            $data = mysql_fetch_assoc($qq1);
            $_SESSION['user']['uid'] = $data['uid'];
            /*
            			$done = true;
            			// if successful login, set sessions, redirect to index.php
            			$data = array();
            			while( $data = mysql_fetch_assoc($qq1) )
            			{
            				// set $_SESSION; else set the object $user & its properties
            				// $user->setAttributes();
            				foreach( $data as $k => $v )
            				{
            					$_SESSION["user"]["$k"] = $user["$k"] =  $v;
            					
            					if( $k == "password" || $k == "salt" )
            					{
            						unset( $_SESSION["user"]["$k"] );
            						unset( $user["$k"] );
            						unset( $data["$k"] );
            					}
            					// if $key of $data has been copied into $user,
            					// then, we will not require $data, so unloading php baggage 
            					// by unsetting and emptying the memory with $data
            					if(isset($user["$k"] ) )
            						unset( $data["$k"] );
            				}
            				
            			}
            */
            header("Location: index.php?action=wall");
        } else {
            $error[] = 'Username/Email not valid';
        }
    }
}
Exemplo n.º 16
0
function sendMessage()
{
    global $themedir;
    global $globals, $mysql, $theme, $done, $error, $errors;
    global $l;
    global $time;
    global $user;
    global $par;
    global $db;
    $theme['name'] = 'messages';
    $theme['call_theme_func'] = 'sendMessage';
    loadlang();
    fheader($title = 'Send Message');
    //$con = array();
    //$con['dbname'] = 'myforum_3_testing';
    //dbconn( $con );
    if (isset($_POST['sendMess'])) {
        $mess = array();
        $mess['to'] = check_input(mandff($_POST['to'], "{$l['to_emp']}"));
        $mess['body'] = check_input(mandff($_POST['body'], "{$l['body_emp']}"));
        $mess['subject'] = check_input(optff($_POST['subject']));
        if ($errors || $error) {
            return false;
        }
        $q = "INSERT INTO `pm`(`pm_from_uid`, `pm_deleted_by_sender`, `pm_from_name`, `pm_sent_time`, `pm_subject`, `pm_body`) \n\t\t\t\t\t\t\t\t\tVALUES('{$user['uid']}', 0, '{$user['username']}', '{$timeNow}', '{$mess['subject']}', '{$mess['body']}') ";
        $q1 = db_query($q);
        $id = db_insert_id();
        //$q2 = "SELECT `uid`, `username` FROM `users`";
        //$q2 = db_query($q2);
        $toArr = array();
        $toArr = explode(",", $mess['to']);
        $str = '';
        foreach ($toArr as $k => $v) {
            $toArr[$k] = $v = trim($v);
            $str .= "'" . $v . "',";
        }
        $str = rtrim($str, ",");
        $q2 = "SELECT `uid`, `username` FROM `users` WHERE `username` IN ( {$str} )";
        $q22 = db_query($q2);
        $userGot = array();
        $userNotGot = array();
        while ($row = mysql_fetch_assoc($q22)) {
            $userGot[$row['uid']] = $row['username'];
        }
        $userNotGot = array();
        $userNotGot = array_diff($toArr, $userGot);
        if (!empty($userNotGot)) {
            $error[] = 'Users not done: ' . implode(", ", $userNotGot) . "";
        }
        foreach ($userGot as $k => $v) {
            $q3 = "INSERT INTO `pm_recepients`(`pm_id`, `pm_sent_to_uid`, `pm_is_read`, `pm_is_new`, `pm_is_deleted`) \n\t\t\t\t\t\t\t\t\t\tVALUES('{$id}', '{$k}', '0', '1', '0') ";
            $q33 = db_query($q3);
        }
    }
    /*
    	 * Profile table 
    	 * CREATE TABLE `profile` (
    `users_uid` foreign key references users(`uid`) INDEX KEY, 
    * `about` ,
    * `displaypic_url` ,
    `dob` INT default 0, 
    `sex` varchar(10) default 'na', 
    `perfume` varchar(255) default 'none',
    * `website_url`,
    `profile_id` INT NOT NULL AUTO INCREMENT,
    );
    
    alter table `users` 
    add column (
    `about` longtext, 
    `dob` timestamp,
    `sex` char(1), 
    `displaypic_url` varchar(255),
    `website_url` varchar(255), 
    `perfume` varchar(255)
    )
    */
}
Exemplo n.º 17
0
<?php

// Not many errors show, when 1 is set
// -1 for all errors
error_reporting(-1);
$dir = dirname(__FILE__);
include_once $dir . '/functions/func.php';
include_once $dir . '/themes/default/hnf.php';
$dir = null;
// guess header will go in the if conditions as, the title needs to be changed in each if condition
fheader('Installation', 'themes/default/css/style.css');
echbr(2);
// If somehow user starts the installation, by, renaming the config and .config files,
// and during the installation, in the middle,
// but then this will deny showing the last page of installation,
// which is, 'installation complete, u can now click here to go to index page'
// as over here, it will straightaway redirect
//if(file_exists('config.php') || file_exists('.config.php.bak') )
//header('Location: index.php');
//printrr($_SERVER);
echo '<center>';
//</center>
function mysql_dead($str)
{
    $s = '';
    $s .= '<br />';
    $s .= $str;
    $s .= '<br />';
    $s .= 'Errorno: ' . mysql_errno();
    $s .= '<br />';
    $s .= 'Error: ' . mysql_error();
Exemplo n.º 18
0
function wall()
{
    global $themedir, $theme, $l;
    global $globals, $mysql, $theme, $done, $error, $errors;
    global $user, $time;
    global $qu, $reqPrivs;
    $theme['name'] = 'wall';
    $theme['call_theme_func'] = 'wall';
    // 	echo ( $qu == 0 ) ? "yes" : "no" ? "under" : "not";
    loadlang();
    fheader('Wall');
    // Base64encode for everything coming from URL
    // Checking input, checking everything coming from $_GET url,
    // sanitizing it, and casting it into an (int) datatype
    // $uid = ( isset($_GET["uid"] ) ? (int) check_input( $_GET["uid"] ) : $user["uid"] );
    // if get uid set, see if user has permission to view this profile, if yes then allow, else error, no permission
    if (isset($_GET['uid'])) {
        // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
        // if from Admin Board Settings table, loginReq column is 1, then, login is required to view
        // so redirect him to login page
        // if( $reqPrivs['board']['loginReq'] )
        if (!userUidSet()) {
            redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
        }
        // if( $user['perms'] & $reqPrivs['view']['a_priv'] )
        if ($user['g_priv'] & $reqPrivs['view']['a_priv']) {
            $uid = $_GET['uid'];
        } else {
            $error['perms_denied'] = 'No permission to view this page.';
            return false;
        }
    } else {
        if (isset($user['uid'])) {
            $uid = $user['uid'];
        } else {
            // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
            // if from Admin Board Settings table, loginReq column is 1, then, login is required to view
            // so redirect him to login page
            // if( $reqPrivs['board']['loginReq'] )
            if (!userUidSet()) {
                redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
            }
        }
    }
    //if( isset($_POST['wall_sub']) && !empty($_POST['post'] ) )
    if (isset($_POST['wall_sub'])) {
        $reply = mandff(check_input($_POST['post']), 'Wall Post Empty');
        if (empty($error) && empty($errors)) {
            $now = round($time->scriptTime());
            /*
            $qI = "INSERT INTO wall_post(`wp_on_uid`, `wp_by_uid`, `wp_post`, `wp_date`) 
            VALUES ( $_GET[uid], $user[uid], '$reply', $now )";
            */
            $qI = "INSERT INTO wall_post(`wp_on_uid`, `wp_by_uid`, `wp_post`, `wp_date`) \n\t\t\tVALUES ( {$uid}, {$user['uid']}, '{$reply}', {$now} )";
            $qI_e = db_query($qI);
        }
    }
    // $_GET[uid] below signifies, that on whose wall all the post are getting made
    //$q = "SELECT * FROM `wall_post` `wp` JOIN `users` `u` ON `wp`.`wp_by_uid` = `u`.`uid` WHERE `wp`.`wp_on_uid`='$_GET[uid]' ORDER BY `wp`.`wp_date` DESC";
    $q = "SELECT * FROM `wall_post` `wp` JOIN `users` `u` ON `wp`.`wp_by_uid` = `u`.`uid` WHERE `wp`.`wp_on_uid`='{$uid}' ORDER BY `wp`.`wp_date` DESC";
    $qu = db_query($q);
    //mail("*****@*****.**", "Hi Ashish", "Message for u buddy");
    // printrr( $GLOBALS );
    // printrr( $_SESSION );
}