function topicReplies()
{
global $themedir, $l;
global $globals, $mysql, $theme, $done, $errors;
global $user;
global $qu;
global $board;
$theme['name'] = 'board';
$theme['call_theme_func'] = 'topicReplies';
// This is creating some funny problem of $l first character being something else
//loadlang($l = 'board');
loadlang('board');
fheader("Topic Replies to {$_GET['topic']}");
//printrr( $user );
//printrr( debug_backtrace() );
// $q = "select * from `topics` where `tid` = $_GET[topic]";
//$q = "select * from `topics` where `tid` = $_GET[topic] LIMIT 1";
$q = "select * from `topics` `t` RIGHT JOIN `users` `u` ON `t`.`tcreatedbyuid`=`u`.`uid` WHERE `t`.`tid` = {$_GET['topic']} LIMIT 1";
$qu[1] = db_query($q);
// to show ip addresses in human readable format
///while($my = mysql_fetch_assoc($q2_2 ) )
///printrr( inet_ntop ($my['tcreatedbyuid_IPv4'] ) );
$q = "SELECT * FROM `replies` WHERE `topic_tid` = {$_GET['topic']}";
$qu[2] = db_query($q);
//echo date("g:i a d-F-Y");
// input time as (int) in DB,
// and when pulling, read it & convert it into date string
//echo time();
//printrr($_SERVER);
}
function listUsers()
{
global $themedir;
global $globals, $mysql, $theme, $done, $errors;
global $l;
global $time;
global $user, $reqPrivs;
global $q;
$theme['name'] = 'list';
$theme['call_theme_func'] = 'listUsers';
loadlang();
// fheader($title = 'View Profile');
fheader("List Users");
// if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
// if from Admin Board Settings table, loginReq column is 1, then, login is required to view
// so redirect him to login page
if ($reqPrivs['board']['loginReq']) {
if (!userUidSet()) {
redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
}
}
// Base64encode for everything coming from URL
// Checking input, checking everything coming from $_GET url,
// sanitizing it, and casting it into an (int) datatype
//$uid = ( isset($_GET["uid"] ) ? (int) check_input( $_GET["uid"] ) : $user["uid"] );
// Add if $user['uid'] != $_GET['uid'] , then, see if he is Admin or Editor
// Else, Not allowed to access this area, permission denied & return false
// ---Permission stuff here---
// or probably uid=$_GET[id] to see other's profile
// $q = "SELECT * FROM `users` `u` RIGHT JOIN `profile` `p` ON u.uid=p.users_uid WHERE `users_uid`=$uid";
//$q = "SELECT * FROM `users` `u` RIGHT JOIN `profile` `p` ON u.uid=p.users_uid WHERE `u`.`uid`=$uid";
$q = "SELECT * FROM `users`";
$q = db_query($q);
}
function permissions()
{
global $globals, $mysql, $theme, $done, $error;
global $user;
global $l;
$theme['name'] = 'permissions';
$theme['call_theme_func'] = 'permissions';
loadlang();
fheader($title = 'Permissions');
include "{$globals['rootdir']}" . "/classes/User.php";
$actions = array('view', 'edit', 'publish', 'delete');
$users = array('a1u', 'a2u', 'a3u', 'a4u');
$action = isset($_GET['action']) && in_array($_GET['action'], $actions) ? $_GET['action'] : 'view';
$user = isset($_GET['user']) && in_array($_GET['user'], $users) ? $_GET['user'] : '******';
$q1 = "SELECT `groups`.`priv`, `groups`.`name` FROM `users` \n\tJOIN \n\t`groups` ON `users`.`group` = `groups`.`id` \n\tWHERE `users`.`uname` = '%s' \n\t'LIMIT 1'\n\t";
$qq1 = db_query(sprintf($q1, $user));
if (!$qq1) {
error_reporting('Cud not select from DB');
}
$temp = mysql_fetch_object($qq1);
$userClass = new User();
$userClass->setGroup($temp->name);
$userClass->setPriv($temp->priv);
$q1 = "SELECT `priv` FROM `actions` WHERE `name` = '%s' ";
$qq1 = db_query(sprintf($q1, $action));
if (!$qq1) {
error_reporting('Cud not select frm DB');
}
$temp = mysql_fetch_object($qq1);
}
function register()
{
global $globals, $mysql, $theme, $done, $error;
global $user;
global $l;
$theme['name'] = 'register';
$theme['call_theme_func'] = 'register';
loadlang();
fheader($title = 'Registration');
if (isset($_POST['sub_register'])) {
// special characters, etc not allowed
// only AlphaNumeric and _ (underscore) charachters allowed
$username = mandff($_POST['username'], $l['user_req']);
$password = mandff($_POST['password'], $l['pass_req']);
$email = mandff($_POST['email'], $l['email_req']);
$url = $_POST['url'];
if ($error) {
return false;
}
// cleanup of $_POST not happening.
// now cleanup of POST happening
foreach ($_POST as $k => $v) {
$v = check_input($v);
}
$username = $username;
$password = $password;
$email = $email;
$url = $url;
$salt = 'abc';
// by default the level of user & privileges are minimum, level=1
$group = 1;
// Password & Salt getting md5()'d
$password = md5($password . $salt);
$q1 = "SELECT `email` FROM `users` WHERE `email` = '{$email}'";
$qq1 = mysql_query($q1);
if (mysql_num_rows($qq1) > 0) {
$error['email_exists'] = $l['email_exists'];
return false;
}
// $q = "INSERT INTO `users`(`username`, `password`, `email`, `url`, `salt`) VALUES('$username', '$password', '$email', '$url', '$salt') ";
$q[1] = "INSERT INTO `users`(`username`, `password`, `email`, `url`, `salt`, `group`) VALUES('{$username}', '{$password}', '{$email}', '{$url}', '{$salt}', '{$group}')";
$qu[1] = mysql_query($q[1]);
//$ins_id = mysql_insert_id($qu[1]);
$ins_id = mysql_insert_id();
//echo "ins_id = " . $ins_id;
// an insert id goes in here, which becomes the user[uid]
$q[2] = "INSERT INTO `profile` (`users_uid`) VALUES('{$ins_id}')";
$qu[2] = mysql_query($q[2]);
$q[3] = "INSERT INTO `ai_actions_taken` (`users_uid`) VALUES('{$ins_id}')";
$qu[3] = mysql_query($q[3]);
if ($qu[1]) {
$done = true;
} else {
$errors = 'faltugiri';
}
}
}
function the_endpage()
{
global $themedir;
global $globals, $mysql, $theme, $done, $error, $errors;
global $l;
global $time;
global $user;
global $endpage_msg;
$theme['name'] = "the_endpage";
$theme['call_theme_func'] = "the_endpage";
loadlang();
fheader($title = "the EndPage :P");
}
function logout()
{
global $globals, $mysql, $theme, $done, $error;
global $user;
global $l;
//$theme['name'] = 'logout';
//$theme['call_theme_func'] = 'logout';
loadlang();
fheader($title = 'Logout');
if (isset($_GET["action"]) && $_GET["action"] == "logout") {
session_destroy();
// foreach( $user as $k => $v )
// unset( $user["$k"] );
// printrr( $user );
}
header("Location:index.php");
}
function permissions()
{
global $globals, $mysql, $theme, $done, $error;
global $user;
global $l;
$theme['name'] = 'permissions';
$theme['call_theme_func'] = 'permissions';
loadlang();
fheader($title = 'Permissions');
if (isset($_POST['sub_register'])) {
$email = mandff($_POST['email'], $l['user_email_req']);
$password = mandff($_POST['password'], $l['pass_req']);
if ($error) {
return false;
}
// cleanup of $_POST not happening.
// now cleanup of POST happening
foreach ($_POST as $k => $v) {
$v = check_input($v);
}
$email = $email;
$password = $password;
$salt = 'abc';
// Password & Salt getting md5()'d
$password = md5($password . $salt);
/*
* Select only 1 column from email or username
$q1 = "SELECT * FROM `users` WHERE
(
( `email` = '$email' OR username = '******' )
AND
`password` = '$password'
) ";
*/
$q1 = "SELECT * FROM `users` WHERE \n\t\t`email` = '{$email}' AND `password` = '{$password}' \n\t\tOR \n\t\tusername = '******' AND `password` = '{$password}' \n\t\t";
$qq1 = db_query($q1);
if (mysql_num_rows($qq1) > 0) {
$done = true;
// if successful login, redirect to index.php
header("Location: index.php");
} else {
$error[] = 'Username/Email not valid';
}
}
}
function adminMain()
{
global $themedir;
global $globals, $mysql, $theme, $done, $errors;
global $l;
global $time;
global $user;
global $q;
global $reqPrivs;
$theme['name'] = 'admin';
$theme['call_theme_func'] = 'adminMain';
loadlang('admin');
fheader($title = 'Admin Section');
// if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
// if from Admin Board Settings table, loginReq column is 1, then, login is required to view
// so redirect him to login page
if ($reqPrivs['board']['loginReq']) {
if (!userUidSet()) {
redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
}
}
//printrr( $user );
//echo 1;
//printrr( $reqPrivs );
//if( !($user['priv'] & $reqPrivs['priv'] ) || $user['level'] != $reqPrivs['level'] )
if (isset($user['g_name']) && $user['g_name'] != 'administrator') {
$errors['permission_denied'] = $l['permission_denied'];
return false;
}
/*
if( isset($_GET['area'] ) )
{
switch $_GET['area']
{
case:
}
}
*/
}
function topics()
{
global $themedir;
global $globals, $mysql, $theme, $done, $errors;
global $user;
$theme['name'] = 'board';
$theme['call_theme_func'] = 'board_theme';
fheader($title = 'Start Board');
$q = "SELECT * FROM `board` ";
$qu = mysql_query($q);
/*
*
for($i =0; $i = mysql_fetch_assoc($qu); $i++)
{
echo 'this: ii: ';
printrr($i);
}
*/
printrr($_POST);
if (isset($_POST)) {
}
}
function friendsList()
{
global $themedir;
global $globals, $mysql, $theme, $done, $error, $errors, $notice;
global $l;
global $time;
global $user;
global $par;
global $db, $qu, $show;
$theme["name"] = "friends";
$theme["call_theme_func"] = "friendsList";
loadlang();
fheader("Friends List");
$fl = 'friends_list';
// getting friendsList of a user
$uid = isset($_GET["uid"]) ? (int) check_input($_GET["uid"]) : $user["uid"];
$q1 = "SELECT * FROM `users` WHERE `uid` IN ({$user[$fl]}) ";
$qu = db_query($q1);
if (is_resource($qu)) {
$show = 1;
} else {
$notice['no_friends'] = 'No friends to show.';
}
}
function modifyprofile()
{
global $themedir;
global $globals, $mysql, $theme, $done, $error, $errors;
global $l, $row;
global $time;
global $user, $reqPrivs;
$theme['name'] = 'modifyprofile';
$theme['call_theme_func'] = 'modifyprofile';
loadlang();
fheader($title = 'Modify Profile');
// if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
// if from Admin Board Settings table, loginReq column is 1, then, login is required to view
// so redirect him to login page
if ($reqPrivs['board']['loginReq']) {
if (!userUidSet()) {
redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
}
}
//printrr( $user);
//printrr( $reqPrivs );
$uid = (int) (isset($_GET['uid']) && !empty($_GET['uid']) ? check_input($_GET['uid']) : $user['uid']);
// if( $user['g_priv'] & $privs['guest']['g_priv'] )
// if( $_GET['id'] != $user['uid'] && !($user['uid']) )
if ($uid != $user['uid'] && !((int) $user['g_priv'] & (int) $reqPrivs['edit']['a_priv'])) {
$errors['access_denied'] = "Not allowed to access this area.";
return false;
}
//echo round ($time->scriptTime() );
if (isset($_POST['modprof'])) {
/*
// Creating Variable Names dynamically with the array keys;
foreach( $_POST as $k => $v )
{
"$" .$k = check_input($_POST[$v]);
"$" . $k = $v;
echo "k: " . "$k" . ", ";
}
echo "<br />s: " . $sex;
*/
$url = check_input($_POST['url']);
$display_name = check_input($_POST['display_name']);
$about = check_input($_POST['about']);
$dob = check_input($_POST['dob']);
$sex = check_input($_POST['sex']);
$display_pic_url = check_input($_POST['display_pic_url']);
$perfume = check_input($_POST['perfume']);
// Base64encode for everything coming from URL
// Checking input, checking everything coming from $_GET url,
// sanitizing it, and casting it into an (int) datatype
$uid = isset($_GET["uid"]) ? (int) check_input($_GET["uid"]) : $user["uid"];
if ($errors) {
return false;
}
// update users & profile table with new data
$q[1] = "UPDATE `users` `u` JOIN `profile` `p` \n\t\t\tSET \n\t\t\t`u`.`url`='{$url}', \n\t\t\t`p`.`display_name`='{$display_name}', \n\t\t\t`p`.`about`='{$about}', \n\t\t\t`p`.`dob`='{$dob}', \n\t\t\t`p`.`sex`='{$sex}',\n\t\t\t`p`.`display_pic_url`='{$display_pic_url}',\n\t\t\t`p`.`perfume`='{$perfume}' \n\t\t\tWHERE `u`.`uid`={$uid} AND `p`.`users_uid`={$uid}";
$qe[1] = db_query($q[1]);
//insert_and_id();
}
// was taking the $_GET[uid] directly
// $q = "SELECT * FROM `users` `u` JOIN `profile` `p` ON `u`.`uid`=`p`.`users_uid` WHERE `u`.`uid`= $_GET[uid]";
// now taking $uid which is either a $_GET['uid'] if it is set, or else it is the set $user[uid]
$q[2] = "SELECT * FROM `users` `u` JOIN `profile` `p` ON `u`.`uid`=`p`.`users_uid` WHERE `u`.`uid`= {$uid}";
$qe[2] = db_query($q[2]);
$row = mysql_fetch_assoc($qe[2]);
}
function dealdata($data)
{
global $current_size, $tablearr, $writefile_data, $_POST;
$current_size += strlen($data);
$writefile_data .= $data;
if ($current_size >= intval($_POST["filesize"]) * 1024) {
$current_size = 0;
$writefile_data .= "\r\n?" . ">";
writefile($writefile_data, "w");
$_POST[page] = intval($_POST[page]) + 1;
fheader();
echo tablestart("正在从数据库'{$_POST['db_dbname']}'中导出数据……", 500);
$str1 = "<br>-= 以下数据表处理完成 =- <div class='borderdiv' style='width:150px;height:100px;overflow:auto;' align=left>";
$finishByte = 0;
for (reset($tablearr); list($key, $val) = each($tablearr);) {
if ($key < $_POST[tabledumping]) {
$str1 .= "√ {$val}<BR>\r\n";
$finishByte += $_POST[fsqltable][$val];
} else {
if ($key == $_POST[tabledumping]) {
$str1 .= "<a href='#' id='finisheditem'> </a></div>\n\t\t\t\t\t\t<br>-= 以下数据表正待处理 =-\n\t\t\t\t\t\t<div class='borderdiv' style='width:150px;height:100px;overflow:auto;' align=left>\n\t\t\t\t\t\t<font style='color:#FF0000'>→ {$val}</font><br>\r\n";
$finishByte += $_POST[lastinsert] * substr(strstr($_POST[fsqltable][$val], ','), 1);
$finish = intval($finishByte / $_POST[totalsize] * 100);
} else {
$str1 .= "・ {$val}<br>\r\n";
}
}
}
$str1 .= "</div><BR>";
$str2 = tablestart("导出状态", 300);
$str2 .= tabledata("共有数据:|" . num_bitunit($_POST[totalsize]) . "", "100|200");
$str2 .= tabledata("现已导出:|" . num_bitunit($finishByte) . "");
$str2 .= tabledata("每页导出:|" . num_bitunit(intval($finishByte / $_POST[page])) . "");
$str2 .= tabledata("导出时间间隔:|{$_POST['nextpgtimeout']} 秒");
$str2 .= tabledata("每页生成数据文件|≥ " . num_bitunit($_POST["filesize"] * 1024) . "");
$str2 .= tabledata("已生成数据文件:|" . ($_POST[page] - 1) . " 个");
$str2 .= tabledata("正在自动进入:|<a href='javascript:myform.submit();'>第 {$_POST['page']} 页</a>");
$str2 .= tabledata("已用时:|" . timeformat(time() - $_POST["StartTime"]) . "");
$str2 .= tabledata("已完成:|{$finish}% ");
$str2 .= tabledata("完成进度:|<table width=100% height=12 border=0 cellspacing=1 cellpadding=0 class='tabletitle' align=center><tr><td width='{$finish}%'><div></div></td><td width='" . (100 - $finish) . "%' class='tabledata'><div></div></td></tr></table>");
$str2 .= tableend();
$str2 .= "<B><div id='postingTag'></div></B>";
echo tabledata("{$str1}|{$str2}");
echo tableend();
ffooter();
eval(auto_submit_script());
exit;
}
}
function topics()
{
global $themedir, $l;
global $globals, $mysql, $theme, $done, $errors;
global $user;
global $qu;
global $board;
$theme['name'] = 'board';
$theme['call_theme_func'] = 'topics';
loadlang($l = 'board');
//$q1 = "SELECT `bname` FROM `board` WHERE `bid` = $_GET[board]";
$q1 = "SELECT * FROM `board` WHERE `bid` = {$_GET['board']} LIMIT 1";
$qu1 = mysql_query($q1);
$board = mysql_fetch_assoc($qu1);
//printrr($board);
// want to display the title as, General Discussion,
// so fetching it from the DB, so made the previous query
fheader($board['bname']);
// actual query to get users
$q = "SELECT * FROM `topics` WHERE `board_bid` = '{$_GET['board']}' ";
// $q = "SELECT * FROM `topics` WHERE `board_bid` = '$_GET[board]'";
// echo $q;
// firing another mysql_query, bcoz,
// otherwise, mysql_fetch_array takes up 1st row of the query.
// firing query to be used in theme page
$qu = mysql_query($q);
// Add new thing $board,
// which will have the details of Board
// Make query for all the threads in the Board
// with pagination,
// and all these details will go in $board
}
function addReply()
{
global $globals, $mysql, $theme, $done, $errors, $error, $notice, $db;
global $themedir, $l, $user;
global $qu, $board;
global $time, $reqPrivs;
global $row;
global $ai;
$theme['name'] = 'addReply';
$theme['call_theme_func'] = 'addReply';
//loadlang();
loadlang('allFunc', __FUNCTION__);
fheader($title = 'Add Reply');
// if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
// if from Admin Board Settings table, loginReq column is 1, then, login is required to view
// so redirect him to login page
if ($reqPrivs['board']['loginReq']) {
if (!userUidSet()) {
redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
}
}
// Will have to see
// how reply table works in SMF
// replies table takes
// topic id replied to
// id of user
// log IP of user
// time/date (microtime() , less than 5(or other, variable factor) seconds, post cant be made by same IP) that post made
//
// if not isset $_GET[post], that means it is not a createTopic, it only an addReply
// if isset $_GET[post], that means it is a createTopic event
if (!isset($_GET['post'])) {
// adding limit 1, as the topic will always be only 1
$q = "SELECT * FROM `topics` WHERE `tid` = {$_GET['topic']} LIMIT 1";
$qu[0] = db_query($q);
$row = mysql_fetch_assoc($qu[0]);
$q = null;
}
if (isset($_POST['reply_sub']) && !empty($_POST['reply'])) {
$subject = '';
if (!isset($_GET['post'])) {
$subject = trim(mandff(check_input($_POST["subject"]), "Subject Empty"));
}
$reply = trim(mandff(check_input($_POST["reply"]), "Reply field empty"));
//echo "reply: ";
//printrr($reply);
//ai
/*
// the AI(ai) object from the AI_Execute class
if( $ai && is_object($ai ) )
{
// CHECKING FOR SPAM WORDS (Some AI Foo)
// $ai execute class for spam words in reply
if ($ai->spam_words($reply) ) // if true, then log the activity into the AI_Logs table, for reason "is_spam" & userid & username, date(unix epoch) etc
{
// corresponds to the ai_logs table, logggin the ai activity
// sending user uid, reason like cause, effect or action etc, type: spam_words, any_definition and time
ai_logs($users['uid'], $reason, $type, $definition, $time );
// now select the, number of times, logs present in the ai_logs table,
// check the severity, that becomes the severity,
// now goto, the effects table & see what corresponds to is_spam with given severity.
// now goto the Action table for that reason with given severity,
// and see which action is listed,
// include the file, take the action
// passing $_POST[reply]
print_r($ai->spam_words_e($reply) );
}
}
*/
// the AI(ai) object from the AI_Execute class
if ($ai && is_object($ai)) {
// CHECKING FOR SPAM WORDS (Some AI Foo)
// $ai execute class for spam words in reply
$ai->spam_words_e($reply);
}
//ai-
/*
$arr = array(
"keys" => array( "rbody", "topic_id", "poster_users_id", "date", "user_ip") ,
"values" => array(
array( "$reply", "$_GET[topic]", "$user[uid]", round( $time->scriptTime() ), "$_SERVER[REMOTE_ADDR]"
)
)
);
*/
$t = round($time->scriptTime());
// -> insert_arr($arr);
// if, its a reply to a topic
// if( !isset( $_GET['post'] ) )
if (isset($_GET['topic'])) {
// for the moment just putting $_SERVER[REMOTE_ADDR] in the query,
// instead of $user[REMOTE_ADDR]
$q1I = "INSERT INTO `replies`(\n\t\t\t`rsubject`, `rbody`, `topic_tid`, `poster_users_uid`, `date`, `user_ip`\n\t\t\t) \n\t\t\tVALUES( \n\t\t\t'{$subject}', '{$reply}', {$_GET['topic']}, {$user['uid']}, {$t}, '{$_SERVER['REMOTE_ADDR']}' \n\t\t\t)";
$q1E = db_query($q1I);
$id = mysql_insert_id();
} else {
// temporary this line of $user[uid], remove it later
// $user['uid'] = 1;
//
$q1I = "INSERT INTO `wall_post_reply`(\n\t\t\t`wpr_content`, `wpr_by_uid`, `wpr_date`, `wp_id`\n\t\t\t) \n\t\t\tVALUES(\n\t\t\t'{$reply}', {$user['uid']}, {$t}, {$_GET['post']}\n\t\t\t)";
// These 2 lines of code is also written above in the
// if condition, so this is code repetition,
// though i cud have just written the 2 lines of code only once,
// and written the below 2 procedures $qS2 & $qU1,
// in another if condition corresponding to this else condition
// as in, if( isset( $_GET[post]) ), but then, that wud have meant,
// an if() condition check for every time the script gets executed,
// for not repeting 2 lines of code(for saving 2 lines of space)
// it seemed a bad trade-of
// whereas in this case, though 2 lines will be extra,
// but, 2 times if condition checking will be saved,
// only once it will check, in this if() condition block,
// and decide what to do
$q1E = db_query($q1I);
$id = mysql_insert_id();
// First select all ids from wall_post table
// then execute this select query, then
// Run Update query on the the wall post id, with
// the new wall_post_reply id that you received by inserting
// new reply
$qS2 = "SELECT * from `wall_post` WHERE `wp_id`={$_GET['post']}";
$res = db_query($qS2);
$row = mysql_fetch_assoc($res);
// Dont need this line, the 2 lines below it lines will suffice
// $string = ( empty( $row['wpr_id'] ) ? $id : ( $row['wpr_id'] . "," . $id ) );
$string = $row['wpr_id'] . "," . $id;
$string = trim($string, ',');
$qU1 = "UPDATE `wall_post` set `wpr_id`='{$string}' WHERE `wp_id`={$_GET['post']}";
$res2 = db_query($qU1);
}
// header("Location: ");
// header("Location:{$globals['boardurl']}{$globals['ind']}action=topic&topic={$_GET['topic']}");
// header("Location: index.php?action=topic&topic={$_GET['topic']}");
if (is_bool($q1E)) {
if (isset($_GET['topic'])) {
$notice['success'] = "Muaah :x, Reply posted successfully. You can go <a href='{$globals['ind']}action=topic&topic={$_GET['topic']}'>HERE</a> to check your reply.";
} else {
// $_GET['post'] is set
$notice['success'] = "Muaah :x, Reply posted successfully. You can go <a href='{$globals['ind']}action=wall&uid={$_GET['uid']}&post={$_GET['post']}'>HERE</a> to check your post.";
}
//$notice['success'] = $l['success_wall'];
} else {
$error['no_success'] = "Could not post the reply.";
}
//$error['no_success'] = $l['no_success'];
}
}
function login()
{
global $globals, $mysql, $theme, $done, $error;
global $user;
global $l;
$theme['name'] = 'login';
$theme['call_theme_func'] = 'login';
loadlang();
fheader($title = 'Login');
if (isset($_POST['sub_register'])) {
$email = mandff(check_input($_POST['email']), $l['user_email_req']);
$password = mandff(check_input($_POST['password']), $l['pass_req']);
if ($error) {
return false;
}
// cleanup of $_POST not happening.
// now cleanup of POST happening
foreach ($_POST as $k => $v) {
$v = check_input($v);
}
$email = $email;
$password = $password;
$salt = 'abc';
// Password & Salt getting md5()'d
$password = md5($password . $salt);
/*
//--- commented ---
// Select only 1 column from email or username
$q1 = "SELECT * FROM `users` WHERE
(
( `email` = '$email' OR username = '******' )
AND
`password` = '$password'
) ";
// AND `password` = '$password'
// $q1 = "SELECT u.uid, u.username, u.email, u.url, u.group, g.g_name, g.g_priv
*/
/*
$q1 = "SELECT *
FROM `users` `u`
LEFT JOIN
`groups` `g` ON `u`.`group` = `g`.`g_id`
WHERE
( `u`.`email` = '$email'
OR
`u`.`username` = '$email' ) AND `u`.`password` = '$password'
";
*/
$q1 = "SELECT * \n\t\tFROM `users` `u` \n\t\tWHERE \n\t\t( `u`.`email` = '{$email}' \n\t\tOR \n\t\t`u`.`username` = '{$email}' ) AND `u`.`password` = '{$password}' \n\t\t";
$qq1 = db_query($q1);
if (mysql_num_rows($qq1) == 1) {
$_SESSION['user']['loggedIn'] = 1;
$data = array();
$data = mysql_fetch_assoc($qq1);
$_SESSION['user']['uid'] = $data['uid'];
/*
$done = true;
// if successful login, set sessions, redirect to index.php
$data = array();
while( $data = mysql_fetch_assoc($qq1) )
{
// set $_SESSION; else set the object $user & its properties
// $user->setAttributes();
foreach( $data as $k => $v )
{
$_SESSION["user"]["$k"] = $user["$k"] = $v;
if( $k == "password" || $k == "salt" )
{
unset( $_SESSION["user"]["$k"] );
unset( $user["$k"] );
unset( $data["$k"] );
}
// if $key of $data has been copied into $user,
// then, we will not require $data, so unloading php baggage
// by unsetting and emptying the memory with $data
if(isset($user["$k"] ) )
unset( $data["$k"] );
}
}
*/
header("Location: index.php?action=wall");
} else {
$error[] = 'Username/Email not valid';
}
}
}
function sendMessage()
{
global $themedir;
global $globals, $mysql, $theme, $done, $error, $errors;
global $l;
global $time;
global $user;
global $par;
global $db;
$theme['name'] = 'messages';
$theme['call_theme_func'] = 'sendMessage';
loadlang();
fheader($title = 'Send Message');
//$con = array();
//$con['dbname'] = 'myforum_3_testing';
//dbconn( $con );
if (isset($_POST['sendMess'])) {
$mess = array();
$mess['to'] = check_input(mandff($_POST['to'], "{$l['to_emp']}"));
$mess['body'] = check_input(mandff($_POST['body'], "{$l['body_emp']}"));
$mess['subject'] = check_input(optff($_POST['subject']));
if ($errors || $error) {
return false;
}
$q = "INSERT INTO `pm`(`pm_from_uid`, `pm_deleted_by_sender`, `pm_from_name`, `pm_sent_time`, `pm_subject`, `pm_body`) \n\t\t\t\t\t\t\t\t\tVALUES('{$user['uid']}', 0, '{$user['username']}', '{$timeNow}', '{$mess['subject']}', '{$mess['body']}') ";
$q1 = db_query($q);
$id = db_insert_id();
//$q2 = "SELECT `uid`, `username` FROM `users`";
//$q2 = db_query($q2);
$toArr = array();
$toArr = explode(",", $mess['to']);
$str = '';
foreach ($toArr as $k => $v) {
$toArr[$k] = $v = trim($v);
$str .= "'" . $v . "',";
}
$str = rtrim($str, ",");
$q2 = "SELECT `uid`, `username` FROM `users` WHERE `username` IN ( {$str} )";
$q22 = db_query($q2);
$userGot = array();
$userNotGot = array();
while ($row = mysql_fetch_assoc($q22)) {
$userGot[$row['uid']] = $row['username'];
}
$userNotGot = array();
$userNotGot = array_diff($toArr, $userGot);
if (!empty($userNotGot)) {
$error[] = 'Users not done: ' . implode(", ", $userNotGot) . "";
}
foreach ($userGot as $k => $v) {
$q3 = "INSERT INTO `pm_recepients`(`pm_id`, `pm_sent_to_uid`, `pm_is_read`, `pm_is_new`, `pm_is_deleted`) \n\t\t\t\t\t\t\t\t\t\tVALUES('{$id}', '{$k}', '0', '1', '0') ";
$q33 = db_query($q3);
}
}
/*
* Profile table
* CREATE TABLE `profile` (
`users_uid` foreign key references users(`uid`) INDEX KEY,
* `about` ,
* `displaypic_url` ,
`dob` INT default 0,
`sex` varchar(10) default 'na',
`perfume` varchar(255) default 'none',
* `website_url`,
`profile_id` INT NOT NULL AUTO INCREMENT,
);
alter table `users`
add column (
`about` longtext,
`dob` timestamp,
`sex` char(1),
`displaypic_url` varchar(255),
`website_url` varchar(255),
`perfume` varchar(255)
)
*/
}
<?php
// Not many errors show, when 1 is set
// -1 for all errors
error_reporting(-1);
$dir = dirname(__FILE__);
include_once $dir . '/functions/func.php';
include_once $dir . '/themes/default/hnf.php';
$dir = null;
// guess header will go in the if conditions as, the title needs to be changed in each if condition
fheader('Installation', 'themes/default/css/style.css');
echbr(2);
// If somehow user starts the installation, by, renaming the config and .config files,
// and during the installation, in the middle,
// but then this will deny showing the last page of installation,
// which is, 'installation complete, u can now click here to go to index page'
// as over here, it will straightaway redirect
//if(file_exists('config.php') || file_exists('.config.php.bak') )
//header('Location: index.php');
//printrr($_SERVER);
echo '<center>';
//</center>
function mysql_dead($str)
{
$s = '';
$s .= '<br />';
$s .= $str;
$s .= '<br />';
$s .= 'Errorno: ' . mysql_errno();
$s .= '<br />';
$s .= 'Error: ' . mysql_error();
function wall()
{
global $themedir, $theme, $l;
global $globals, $mysql, $theme, $done, $error, $errors;
global $user, $time;
global $qu, $reqPrivs;
$theme['name'] = 'wall';
$theme['call_theme_func'] = 'wall';
// echo ( $qu == 0 ) ? "yes" : "no" ? "under" : "not";
loadlang();
fheader('Wall');
// Base64encode for everything coming from URL
// Checking input, checking everything coming from $_GET url,
// sanitizing it, and casting it into an (int) datatype
// $uid = ( isset($_GET["uid"] ) ? (int) check_input( $_GET["uid"] ) : $user["uid"] );
// if get uid set, see if user has permission to view this profile, if yes then allow, else error, no permission
if (isset($_GET['uid'])) {
// if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
// if from Admin Board Settings table, loginReq column is 1, then, login is required to view
// so redirect him to login page
// if( $reqPrivs['board']['loginReq'] )
if (!userUidSet()) {
redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
}
// if( $user['perms'] & $reqPrivs['view']['a_priv'] )
if ($user['g_priv'] & $reqPrivs['view']['a_priv']) {
$uid = $_GET['uid'];
} else {
$error['perms_denied'] = 'No permission to view this page.';
return false;
}
} else {
if (isset($user['uid'])) {
$uid = $user['uid'];
} else {
// if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
// if from Admin Board Settings table, loginReq column is 1, then, login is required to view
// so redirect him to login page
// if( $reqPrivs['board']['loginReq'] )
if (!userUidSet()) {
redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
}
}
}
//if( isset($_POST['wall_sub']) && !empty($_POST['post'] ) )
if (isset($_POST['wall_sub'])) {
$reply = mandff(check_input($_POST['post']), 'Wall Post Empty');
if (empty($error) && empty($errors)) {
$now = round($time->scriptTime());
/*
$qI = "INSERT INTO wall_post(`wp_on_uid`, `wp_by_uid`, `wp_post`, `wp_date`)
VALUES ( $_GET[uid], $user[uid], '$reply', $now )";
*/
$qI = "INSERT INTO wall_post(`wp_on_uid`, `wp_by_uid`, `wp_post`, `wp_date`) \n\t\t\tVALUES ( {$uid}, {$user['uid']}, '{$reply}', {$now} )";
$qI_e = db_query($qI);
}
}
// $_GET[uid] below signifies, that on whose wall all the post are getting made
//$q = "SELECT * FROM `wall_post` `wp` JOIN `users` `u` ON `wp`.`wp_by_uid` = `u`.`uid` WHERE `wp`.`wp_on_uid`='$_GET[uid]' ORDER BY `wp`.`wp_date` DESC";
$q = "SELECT * FROM `wall_post` `wp` JOIN `users` `u` ON `wp`.`wp_by_uid` = `u`.`uid` WHERE `wp`.`wp_on_uid`='{$uid}' ORDER BY `wp`.`wp_date` DESC";
$qu = db_query($q);
//mail("*****@*****.**", "Hi Ashish", "Message for u buddy");
// printrr( $GLOBALS );
// printrr( $_SESSION );
}