function SendSystemPM($to, $message, $title)
{
global $systemUser;
//Don't send system PMs if no System user was set
if ($systemUser == 0) {
return;
}
$qPM = "insert into pmsgs (userto, userfrom, date, ip, msgread) values (" . $to . ", " . $systemUser . ", " . time() . ", '127.0.0.1', 0)";
$rPM = Query($qPM);
$pid = mysql_insert_id();
$qPM = "insert into pmsgs_text (pid, text, title) values (" . $pid . ", '" . justEscape($message) . "', '" . justEscape($title) . "')";
$rPM = Query($qPM);
//print "PM sent.";
}
if (isset($_GET['error'])) {
die("Please use get.php");
}
$noAutoHeader = TRUE;
$noViewCount = TRUE;
$noOnlineUsers = TRUE;
$noFooter = TRUE;
$ajax = TRUE;
include "lib/common.php";
$full = GetFullURL();
$here = substr($full, 0, strrpos($full, "/")) . "/";
if (isset($_GET['id'])) {
$entry = Query("select * from uploader where id = " . (int) $_GET['id']);
} else {
if (isset($_GET['file'])) {
$entry = Query("select * from uploader where filename = '" . justEscape($_GET['file']) . "'");
} else {
die("Nothing specified.");
}
}
if (NumRows($entry)) {
$entry = Fetch($entry);
if ($entry['private']) {
$path = "uploader/" . $entry['user'] . "/" . $entry['filename'];
} else {
$path = "uploader/" . $entry['filename'];
}
if (!file_exists($path)) {
die("No such file.");
}
$fsize = filesize($path);
// AcmlmBoard XD - IP ban management tool
// Access: administrators only
include "lib/common.php";
$title = __("IP bans");
AssertForbidden("editIPBans");
if ($loguser['powerlevel'] < 3) {
Kill(__("Only administrators get to manage IP bans."));
}
MakeCrumbs(array(__("Main") => "./", __("IP ban manager") => ""), "");
if ($_POST['action'] == __("Add")) {
$qIPBan = "insert into ipbans (ip, reason, date) values ('" . justEscape($_POST['ip']) . "', '" . justEscape($_POST['reason']) . "', " . ((int) $_POST['days'] > 0 ? time() + (int) $_POST['days'] * 86400 : 0) . ")";
$rIPBan = Query($qIPBan);
Alert(__("Added."), __("Notice"));
} elseif ($_GET['action'] == "delete") {
$qIPBan = "delete from ipbans where ip='" . justEscape($_GET['ip']) . "' limit 1";
$rIPBan = Query($qIPBan);
Alert(__("Removed."), __("Notice"));
}
$qIPBan = "select * from ipbans order by date desc";
$rIPBan = Query($qIPBan);
$banList = "";
while ($ipban = Fetch($rIPBan)) {
$cellClass = ($cellClass + 1) % 2;
if ($ipban['date']) {
$date = gmdate($dateformat, $ipban['date']) . " (" . TimeUnits($ipban['date'] - time()) . " left)";
} else {
$date = __("Permanent");
}
$banList .= format("\n\t<tr class=\"cell{0}\">\n\t\t<td>\n\t\t\t{1}\n\t\t</td>\n\t\t<td>\n\t\t\t{2}\n\t\t</td>\n\t\t<td>\n\t\t\t{3}\n\t\t</td>\n\t\t<td>\n\t\t\t<a href=\"ipbans.php?ip={1}&action=delete\">✘</a>\n\t\t</td>\n\t</tr>\n", $cellClass, $ipban['ip'], $ipban['reason'], $date);
}
$iconurl = justEscape($_POST['iconurl']);
}
}
$qThreads = "update threads set title='" . justEscape($_POST['title']) . "', icon='" . $iconurl . "', closed=" . $isClosed . ", sticky=" . $isSticky . " where id=" . $tid . " limit 1";
$rThreads = Query($qThreads);
Report("[b]" . $loguser['name'] . "[/] edited thread [b]" . $thread['title'] . "[/] -> [g]#HERE#?tid=" . $tid, $isHidden);
Redirect(__("Edited!"), "thread.php?id=" . $tid, __("the thread"));
exit;
} else {
Alert(__("Your thread title is empty. Enter a message and try again."));
}
}
} else {
if ($_POST['action'] == __("Edit")) {
if ($_POST['title']) {
$qThreads = "update threads set title='" . justEscape($_POST['title']) . "' where id=" . $tid . " limit 1";
$rThreads = Query($qThreads);
Report("[b]" . $loguser['name'] . "[/] renamed thread [b]" . $thread['title'] . "[/] -> [g]#HERE#?tid=" . $tid, $isHidden);
Redirect(__("Edited!"), "thread.php?id=" . $tid, __("the thread"));
exit;
} else {
Alert(__("Your thread title is empty. Enter a message and try again."));
}
}
}
if (!$_POST['title']) {
$_POST['title'] = $thread['title'];
}
$match = array();
if (preg_match("@^img/icons/icon(\\d+)\\..{3,}\$@si", $thread['icon'], $match)) {
$_POST['iconid'] = $match[1];
$newID = 1;
}
$qCategory = "insert into categories (id, name, corder, minpower) values (" . $newID . ", '" . justEscape($_POST['name']) . "', " . (int) $_POST['corder'] . ", " . (int) $_POST['minpower'] . ")";
$rCategory = Query($qCategory);
Alert("Category added.", "Notice");
} elseif ($_POST['action'] == "Remove") {
$qCategory = "select * from categories where id=" . (int) $_POST['cid'];
$rCategory = Query($qCategory);
$category = Fetch($rCategory);
write("\n\t<div class=\"errort\">\n\t\t<strong>Confirm deletion of \"{0}\"</strong>\n\t</div>\n\t<div class=\"errorc cell2\">\n\t\t<form action=\"editcats.php\" method=\"post\">\n\t\t\t<input type=\"submit\" name=\"action\" value=\"Yes, do as I say.\" />\n\t\t\t<input type=\"hidden\" name=\"cid\" value=\"{1}\" />\n\t\t\t<input type=\"hidden\" name=\"key\" value=\"{2}\" />\n\t\t</form>\n\t</div>\n", $category['name'], (int) $category['id'], $key);
} elseif ($_POST['action'] == "Yes, do as I say.") {
$qCategory = "delete from categories where id=" . (int) $_POST['cid'];
$rCategory = Query($qCategory);
Alert("Category removed.", "Notice");
} elseif ($_POST['action'] == "Edit") {
$qCategory = "update categories set name='" . justEscape($_POST['name']) . "', corder=" . (int) $_POST['corder'] . ", minpower=" . (int) $_POST['minpower'] . " where id=" . (int) $_POST['cid'] . " limit 1";
$rCategory = Query($qCategory);
Alert("Category edited.", "Notice");
}
$levels = array(-1 => "-1 - Banned", 0 => "0 - Normal user", 1 => "1 - Local Mod", 2 => "2 - Full Mod", 3 => "3 - Admin");
$cats = "";
$qCategories = "select * from categories";
$rCategories = Query($qCategories);
if (NumRows($rCategories)) {
while ($category = Fetch($rCategories)) {
$cats .= format("\n\t\t<div class=\"errorc left cell0\" style=\"clear: both; overflow: auto;\">\n\t\t\t<form action=\"editcats.php\" method=\"post\">\n\t\t\t\t<input type=\"text\" name=\"name\" class=\"width50\" value=\"{0}\" />\n\t\t\t\t{1}\n\t\t\t\t<input type=\"text\" name=\"corder\" size=\"2\" value=\"{3}\" />\n\t\t\t\t<input type=\"submit\" name=\"action\" value=\"Edit\" />\n\t\t\t\t<input type=\"submit\" name=\"action\" value=\"Remove\" />\n\t\t\t\t<input type=\"hidden\" name=\"cid\" value=\"{2}\" />\n\t\t\t\t<input type=\"hidden\" name=\"key\" value=\"{4}\" />\n\t\t\t</form>\n\t\t</div>\n", htmlval($category['name']), MakeSelect("minpower", $category['minpower'], $levels), $category['id'], $category['corder'], $key);
}
}
write("\n\t<div class=\"outline margin width50\">\n\t\t<div class=\"errort center\"><strong>Category list</strong></div>\n\t\t{0}\n\t</div>\n\t<form action=\"editcats.php\" method=\"post\">\n\t\t<div class=\"outline margin width50\">\n\t\t\t<div class=\"errort center\"><strong>Add a Category</strong></div>\n\t\t\t<div class=\"errorc left cell1\" style=\"clear: both; overflow: auto;\">\n\t\t\t\t<input type=\"text\" name=\"name\" class=\"width50\" />\n\t\t\t\t{1}\n\t\t\t\t<input type=\"text\" name=\"corder\" size=\"2\" value=\"0\" />\n\t\t\t\t<input type=\"submit\" name=\"action\" value=\"Add\" />\n\t\t\t\t<input type=\"hidden\" name=\"key\" value=\"{2}\" />\n\t\t\t</div>\n\t\t</div>\n\t</form>\n\t<p>\n\t\t" . __("For more complex things, try PMA. This is just a toy-like quick access.") . "\n\t</p>\n", $cats, MakeSelect("minpower", 0, $levels), $key);
function MakeSelect($fieldName, $checkedIndex, $choicesList)
{
Alert(__("Forum moved."), __("Notice"));
} elseif ($_POST['action'] == "Add") {
$qForum = "insert into forums (title, description, catid, forder) values ('" . justEscape($_POST['title']) . "', '" . justEscape($_POST['description']) . "', " . (int) $_POST['category'] . ", " . (int) $_POST['order'] . ")";
$rForum = Query($qForum);
Alert(__("Forum added."), __("Notice"));
} elseif ($_POST['action'] == __("Remove")) {
$qForum = "select * from forums where id=" . (int) $_POST['fid'];
$rForum = Query($qForum);
$forum = Fetch($rForum);
write("\n\t<div class=\"outline margin center width50\" style=\"margin: 0px auto 16px;\">\n\t\t<div class=\"errort\"><strong>" . __("Confirm deletion of \"{0}\"") . "</strong></div>\n\t\t<div class=\"errorc cell2\">\n\t\t\t<form action=\"editfora.php\" method=\"post\">\n\t\t\t\t<input type=\"submit\" name=\"action\" value=\"" . __("Yes, do as I say.") . "\" />\n\t\t\t\t<input type=\"hidden\" name=\"fid\" value=\"{1}\" />\n\t\t\t</form>\n\t\t</div>\n\t</div>\n", $forum['title'], (int) $forum['id']);
} elseif ($_POST['action'] == __("Yes, do as I say.")) {
$qForum = "delete from forums where id=" . (int) $_POST['fid'];
$rForum = Query($qForum);
Alert(__("Forum removed."), __("Notice"));
} elseif ($_POST['action'] == __("Edit")) {
$qForum = "update forums set title='" . justEscape($_POST['title']) . "', description='" . justEscape($_POST['description']) . "' where id=" . (int) $_POST['fid'] . " limit 1";
$rForum = Query($qForum);
Alert(__("Forum edited."), __("Notice"));
}
$thelist = "";
$qCategories = "select * from categories";
$rCategories = Query($qCategories);
if (NumRows($rCategories)) {
while ($category = Fetch($rCategories)) {
$qFora = "select * from forums where catid=" . (int) $category['id'] . " order by forder";
$rFora = Query($qFora);
if (NumRows($rFora)) {
while ($forum = Fetch($rFora)) {
$localMods = "";
$qMods = "select * from forummods where forum=" . (int) $forum['id'];
$rMods = Query($qMods);
foreach ($exts as $ext) {
if ($fext == $ext) {
$validext = true;
}
$extlist .= ($extlist ? ", " : "") . $ext;
}
if (!$validext) {
$error .= "<li>" . __("Invalid file type, must be one of:") . " " . $extlist . "</li>";
}
if (!$error) {
$tmpfile = $_FILES['picture']['tmp_name'];
$file = "img/avatars/" . $loguserid . "_" . $mid;
if ($_POST['name'] == "") {
$_POST['name'] = "#" . $mid;
}
Query("insert into moodavatars (uid, mid, name) values (" . $loguserid . ", " . $mid . ", '" . justEscape($_POST['name']) . "')");
if ($loguser['powerlevel']) {
//Are we at least a local mod?
copy($tmpfile, $file);
} else {
list($width, $height, $type) = getimagesize($tmpfile);
if ($type == 1) {
$img1 = imagecreatefromgif($tmpfile);
}
if ($type == 2) {
$img1 = imagecreatefromjpeg($tmpfile);
}
if ($type == 3) {
$img1 = imagecreatefrompng($tmpfile);
}
if ($width <= $dimx && $height <= $dimy && $type <= 3) {
} else {
$user = Fetch($user);
}
//print_r($user);
if ($user['lostkeytimer'] > time() - 60 * 60) {
//wait an hour between attempts
Kill(__("To prevent abuse, this function can only be used once an hour."), __("Slow down!"));
}
$resetKey = md5($user['id'] . $user['name'] . $user['password'] . $user['email']);
$from = $mailResetFrom;
$to = $user['email'];
$subject = format(__("Password reset for {0}"), $user['name']);
$message = format(__("A password reset was requested for your user account on {0}."), $boardname) . "\n" . __("If you did not submit this request, this message can be ignored.") . "\n\n" . __("To reset your password, visit the following URL:") . "\n\n" . $_SERVER['HTTP_REFERER'] . "?id=" . $user['id'] . "&key=" . $resetKey . "\n\n" . __("This link can be used once.");
$headers = "From: " . $from . "\r\n" . "Reply-To: " . $from . "\r\n" . "X-Mailer: PHP/" . phpversion();
mail($to, $subject, wordwrap($message, 70), $headers);
//print "NORMALLY I WOULD SEND MAIL NAO:<pre>".$headers."\n\n".wordwrap($message,70)."</pre>";
Query("update users set lostkey = '" . justEscape($resetKey) . "', lostkeytimer = " . time() . " where id = " . $user['id']);
Kill(__("Check your email in a moment and follow the link found therein."), __("Reset email sent"));
} else {
write("\n\t<form action=\"lostpass.php\" method=\"post\">\n\t\t<table class=\"outline margin width50\">\n\t\t\t<tr class=\"header0\">\n\t\t\t\t<th colspan=\"2\">\n\t\t\t\t\t" . __("Lost password") . "\n\t\t\t\t</th>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class=\"cell2\">\n\t\t\t\t\t<label for=\"un\">" . __("User name") . "</label>\n\t\t\t\t</td>\n\t\t\t\t<td class=\"cell0\">\n\t\t\t\t\t<input type=\"text\" id=\"un\" name=\"name\" style=\"width: 98%;\" maxlength=\"25\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class=\"cell2\">\n\t\t\t\t\t<label for=\"em\">" . __("Email address") . "</label>\n\t\t\t\t</td>\n\t\t\t\t<td class=\"cell1\">\n\t\t\t\t\t<input type=\"email\" id=\"em\" name=\"mail\" style=\"width: 98%;\" maxlength=\"60\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell2\">\n\t\t\t\t<td></td>\n\t\t\t\t<td>\n\t\t\t\t\t<input type=\"submit\" name=\"action\" value=\"" . __("Send reset email") . "\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class=\"cell1 smallFonts\" colspan=\"2\">\n\t\t\t\t\t" . __("If you did not specify an email address in your profile, you are <em>not</em> out of luck. The old method of contacting an administrator from outside the board is still an option.") . "\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t</table>\n\t</form>\n");
}
}
function randomString($len, $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
{
$s = "";
for ($i = 0; $i < $len; $i++) {
$p = rand(0, strlen($chars) - 1);
$s .= $chars[$p];
}
return $s;
}
function HandleDisplayname($field, $item)
{
global $fallToEditor, $user;
if (!IsReallyEmpty($_POST[$field]) || $_POST[$field] == $user['name']) {
// unset the display name if it's really empty or the same as the login name.
$_POST[$field] = "";
} else {
//<MM> Didn't I already say that storing stuff already-escaped is not a good practice?
//$_POST[$field] = htmlspecialchars($_POST[$field]);
$dispCheck = FetchResult("select count(*) from users where id != " . $user['id'] . " and (name = '" . justEscape($_POST[$field]) . "' or displayname = '" . justEscape($_POST[$field]) . "')", 0, 0);
if ($dispCheck) {
$fallToEditor = true;
return format(__("The display name you entered, \"{0}\", is already taken."), justEscape($_POST[$field]));
} else {
if (strpos($_POST[$field], ";") !== false) {
$user['displayname'] = str_replace(";", "", $_POST[$field]);
$fallToEditor = true;
return __("The display name you entered cannot contain semicolons.");
}
}
}
}
if ($newID < 1) {
$newID = 1;
}
$qPollOption = "insert into poll_choices (id, poll, choice, color) values (" . $newID . ", " . $pod . ", '" . justEscape($_POST['pollOption' . $pops]) . "', '" . $pollColor . "')";
$rPollOption = Query($qPollOption);
}
}
} else {
$pod = 0;
}
//Yeah, that was me ^^; -- Kawa
$newID = FetchResult("SELECT id+1 FROM threads WHERE (SELECT COUNT(*) FROM threads t2 WHERE t2.id=threads.id+1)=0 ORDER BY id ASC LIMIT 1");
if ($newID < 1) {
$newID = 1;
}
$qThreads = "insert into threads (id, forum, user, title, icon, lastpostdate, lastposter, closed, sticky, poll) values (" . $newID . "," . $fid . "," . $loguserid . ",'" . justEscape($_POST['title']) . "','" . $iconurl . "'," . time() . "," . $loguserid . ", " . $mod . ", " . $pod . ")";
$rThreads = Query($qThreads);
$tid = mysql_insert_id();
$qUsers = "update users set posts=" . ($loguser['posts'] + 1) . ", lastposttime=" . time() . " where id=" . $loguserid . " limit 1";
$rUsers = Query($qUsers);
$qPosts = "insert into posts (thread, user, date, ip, num, options, mood) values (" . $tid . "," . $loguserid . "," . time() . ",'" . $_SERVER['REMOTE_ADDR'] . "'," . ($loguser['posts'] + 1) . ", " . $options . ", " . (int) $_POST['mood'] . ")";
$rPosts = Query($qPosts);
$pid = mysql_insert_id();
$qPostsText = "insert into posts_text (pid,text) values (" . $pid . ",'" . $post . "')";
$rPostsText = Query($qPostsText);
$qFora = "update forums set numthreads=" . ($forum['numthreads'] + 1) . ", numposts=" . ($forum['numposts'] + 1) . ", lastpostdate=" . time() . ", lastpostuser="******", lastpostid=" . $pid . " where id=" . $fid . " limit 1";
$rFora = Query($qFora);
Query("update threads set lastpostid = " . $pid . " where id = " . $tid);
Report("New " . ($_POST['poll'] ? "poll" : "thread") . " by [b]" . $loguser['name'] . "[/]: [b]" . $_POST['title'] . "[/] (" . $forum['title'] . ") -> [g]#HERE#?tid=" . $tid, $isHidden);
Redirect(__("Posted!"), "thread.php?id=" . $tid, __("the thread"));
exit;
$loguserbull = $logdata['bull'];
$wantGuest = TRUE;
if ($loguserid) {
//$qLogUser = "******".(int)$loguserid." and password='******'";
$qLogUser = "******" . (int) $loguserid;
$rLogUser = Query($qLogUser);
if (NumRows($rLogUser)) {
$loguser = Fetch($rLogUser);
//Bullcheck
$ourbull = hash('sha256', $loguser['id'] . $loguser['password'] . $salt . $loguser['pss'], FALSE);
if ($loguserbull == $ourbull) {
$rLastView = "update users set lastactivity=" . time() . ", lastip='" . $_SERVER['REMOTE_ADDR'] . "', lasturl='" . justEscape($thisURL) . "', lastknownbrowser='" . justEscape($lastKnownBrowser) . "' where id=" . $loguserid;
if (!$noOnlineUsers) {
$qLastView = Query($rLastView);
}
$dateformat = $loguser['dateformat'] . ", " . $loguser['timeformat'];
$wantGuest = FALSE;
}
}
}
if ($wantGuest) {
$qGuest = "insert into guests (date, ip, lasturl, useragent, bot) values (" . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', '" . justEscape($thisURL) . "', '" . justEscape($_SERVER['HTTP_USER_AGENT']) . "', " . $isBot . ")";
if (!$noOnlineUsers) {
$rGuest = Query($qGuest);
}
$loguser = array("name" => "", "powerlevel" => 0, "threadsperpage" => 50, "postsperpage" => 20, "theme" => "default", "dateformat" => "m-d-y", "timeformat" => "h:i A", "fontsize" => 80, "timezone" => 0, "blocklayouts" => $noGuestLayouts);
$loguserid = 0;
}
if ($hacks['forcetheme'] != "") {
$loguser['theme'] = $hacks['forcetheme'];
}
$temp = $_FILES['newfile']['tmp_name'];
$size = $_FILES['size']['size'];
$parts = explode(".", $fname);
$extension = end($parts);
if ($totalsize + $size > $quot) {
Alert(format(__("Uploading \"{0}\" would break the quota."), $fname));
} else {
if (in_array(strtolower($extension), $badfiles) || is_array($goodfiles) && !in_array(strtolower($extension), $goodfiles)) {
Alert(__("Forbidden file type."));
} else {
$description = strip_tags($_POST['description']);
$newID = FetchResult("SELECT id+1 FROM uploader WHERE (SELECT COUNT(*) FROM uploader u2 WHERE u2.id=uploader.id+1)=0 ORDER BY id ASC LIMIT 1");
if ($newID < 1) {
$newID = 1;
}
Query("insert into uploader (id, filename, description, date, user, private) values (" . $newID . ", '" . justEscape($fname) . "', '" . justEscape($description) . "', " . time() . ", " . $loguserid . "," . $privateFlag . ")");
copy($temp, $targetdir . "/" . $fname);
Alert(format(__("File \"{0}\" has been uploaded."), $fname), __("Okay"));
Report("[b]" . $loguser['name'] . "[/] uploaded file \"[b]" . $fname . "[/]\"" . ($privateFlag ? " (privately)" : ""), $privateFlag);
}
}
}
}
}
} else {
Alert(__("You must be logged in to upload."));
}
} else {
if ($loguserid && $_GET['action'] == "multidel" && $_POST['del']) {
$deleted = 0;
foreach ($_POST['del'] as $fid => $on) {
<?php
// AcmlmBoard XD - Login page
// Access: guests
$noAutoHeader = TRUE;
include "lib/common.php";
if ($_POST['action'] == "logout") {
setcookie("logdata", 0);
include "lib/header.php";
Redirect(__("You are now logged out."), "./", __("the main page"));
} elseif (!$_POST['action']) {
include "lib/header.php";
write("\n\t<form action=\"login.php\" method=\"post\">\n\t\t<table class=\"outline margin width50\">\n\t\t\t<tr class=\"header0\">\n\t\t\t\t<th colspan=\"2\">\n\t\t\t\t\t" . __("Log in") . "\n\t\t\t\t</th>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class=\"cell2\">\n\t\t\t\t\t<label for=\"un\">" . __("User name") . "</label>\n\t\t\t\t</td>\n\t\t\t\t<td class=\"cell0\">\n\t\t\t\t\t<input type=\"text\" id=\"un\" name=\"name\" style=\"width: 98%;\" maxlength=\"25\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class=\"cell2\">\n\t\t\t\t\t<label for=\"pw\">" . __("Password") . "</label>\n\t\t\t\t</td>\n\t\t\t\t<td class=\"cell1\">\n\t\t\t\t\t<input type=\"password\" id=\"pw\" name=\"pass\" size=\"13\" maxlength=\"32\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class=\"cell2\"></td>\n\t\t\t\t<td class=\"cell1\">\n\t\t\t\t\t<label>\n\t\t\t\t\t\t<input type=\"checkbox\" name=\"session\" />\n\t\t\t\t\t\t" . __("This session only") . "\n\t\t\t\t\t</label>\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell2\">\n\t\t\t\t<td></td>\n\t\t\t\t<td>\n\t\t\t\t\t<input type=\"submit\" name=\"action\" value=\"" . __("Log in") . "\" />\n\t\t\t\t\t{0}\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t</table>\n\t</form>\n", $mailResetFrom == "" ? "" : "<button onclick=\"document.location = 'lostpass.php'; return false;\">" . __("Forgot password?") . "</button>");
} elseif ($_POST['action'] == __("Log in")) {
$original = $_POST['pass'];
$escapedName = justEscape($_POST['name']);
$qUser = "******" . $escapedName . "'";
$rUser = Query($qUser);
if (NumRows($rUser)) {
$user = Fetch($rUser);
$sha = hash("sha256", $original . $salt . $user['pss'], FALSE);
if ($user['password'] != $sha) {
include "lib/header.php";
Report("A visitor from [b]" . $_SERVER['REMOTE_ADDR'] . "[/] tried to log in as [b]" . $user['name'] . "[/].", 1);
Kill(__("Invalid user name or password.") . "<br /><a href=\"./\">" . __("Back to main") . "</a> • <a href=\"login.php\">" . __("Try again") . "</a></div>");
}
} else {
include "lib/header.php";
Kill(__("Invalid user name or password.") . "<br /><a href=\"./\">" . __("Back to main") . "</a> • <a href=\"login.php\">" . __("Try again") . "</a></div>");
}
$logdata['loguserid'] = $user['id'];
$_POST['action'] == __("Preview");
Alert(__("You got ninja'd. You might want to review the post made while you were typing before you submit yours."));
}
if ($_POST['text'] && $_POST['action'] == __("Post")) {
$lastPost = time() - $loguser['lastposttime'];
if ($lastPost < $minSeconds) {
$_POST['action'] = "";
Alert(__("You're going too damn fast! Slow down a little."), __("Hold your horses."));
}
}
$postingAs = $loguserid;
$postingAsUser = $loguser;
if ($_POST['username'] != "" && $_POST['password'] != "") {
//Entered another user's name and password. Look it up now.
$original = $_POST['password'];
$qUser = "******" . justEscape($_POST['username']) . "'";
$rUser = Query($qUser);
if (NumRows($rUser)) {
$postingAsUser = Fetch($rUser);
$sha = hash("sha256", $original . $salt . $postingAsUser['pss'], FALSE);
if ($postingAsUser['password'] != $sha) {
Alert(__("Invalid user name or password."));
$_POST['action'] = "";
$_POST['password'] = "";
} else {
$postingAs = $postingAsUser['id'];
$postingAsUser['uid'] = $postingAs;
if ($postingAsUser['powerlevel'] < 0) {
Alert(__("Nope, still banned."));
$_POST['action'] = "";
$_POST['password'] = "";
}
Query("truncate table ranks");
Query("truncate table ranksets");
include "ranksets.php";
$bads = array(" ", "-", ".", ",", "'", '"');
write("\n\t<table class=\"outline margin width25\">\n\t\t<tr class=\"header1\">\n\t\t\t<th>\n\t\t\t\t" . __("Postcount") . "\n\t\t\t</th>\n\t\t\t<th>\n\t\t\t\t" . __("Rank") . "\n\t\t\t</th>\n\t\t</tr>\n");
foreach ($ranks as $rankset) {
write("\n\t\t<tr class=\"header0\">\n\t\t\t<th colspan=\"2\">\n\t\t\t\t{0}\n\t\t\t</th>\n\t\t</tr>\n", $rankset['name']);
if (!$rankset['directory']) {
$rankset['directory'] = strtolower($rankset['name']);
}
$index++;
$description = format(__("Set index is {0}. Base directory is {1}."), $index, "<a href=\"img/ranks/" . $rankset['directory'] . "/\"><code>" . $rankset['directory'] . "</code></a>");
if ($rankset['notolower']) {
$description .= " " . __("Set does not use lowercase filenames.");
}
if ($rankset['noimages']) {
$description .= " " . __("Set is text-only.");
}
write("\n\t\t<tr class=\"cell1\">\n\t\t\t<td colspan=\"2\">\n\t\t\t\t{0}\n\t\t\t</td>\n\t\t</tr>\n", $description);
Query("insert into ranksets (name) values ('" . $rankset['name'] . "')");
foreach ($rankset['ranks'] as $val => $text) {
$img = "<img src=\"img/ranks/" . $rankset['directory'] . "/" . str_replace($bads, "", !$rankset['notolower'] ? strtolower($text) : $text) . ".png\" alt=\"" . $text . "\" /> " . ($rankset['splitlines'] ? "<br />" : "") . $text;
if ($val < 10 || $rankset['noimages']) {
$img = $text;
}
write("\n\t\t<tr class=\"cell0\">\n\t\t\t<td>\n\t\t\t\t{0}\n\t\t\t</td>\n\t\t\t<td>\n\t\t\t\t{1}\n\t\t\t</td>\n\t\t</tr>\n", $val, $img);
Query("insert into ranks (rset, num, text) values (" . $index . ", " . $val . ", '" . justEscape($img) . "')");
}
}
write("\n\t</table>\n\t<div>\n\t\t" . __("The above ranks and sets have been imported.") . "\n\t</div>\n");
if (!isset($lastCID)) {
$lastCID = $comment['cid'];
}
}
} else {
$commentsWasEmpty = true;
$commentList = $thisComment = format("\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td class=\"cell0\" colspan=\"2\">\n\t\t\t\t\t\t\t\t" . __("No comments.") . "\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n");
}
if ($_POST['action'] == __("Post") && IsReallyEmpty(strip_tags($_POST['text'])) && $loguserid && $loguserid != $lastCID) {
AssertForbidden("makeComments");
$_POST['text'] = strip_tags($_POST['text']);
$newID = FetchResult("SELECT id+1 FROM usercomments WHERE (SELECT COUNT(*) FROM usercomments u2 WHERE u2.id=usercomments.id+1)=0 ORDER BY id ASC LIMIT 1");
if ($newID < 1) {
$newID = 1;
}
$qComment = "insert into usercomments (id, uid, cid, date, text) values (" . $newID . ", " . $id . ", " . $loguserid . ", " . time() . ", '" . justEscape($_POST['text']) . "')";
$rComment = Query($qComment);
if ($loguserid != $id) {
Query("update users set newcomments = 1 where id=" . $id);
}
$lastCID = $loguserid;
$thisComment = format("\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td class=\"cell2 width25\">\n\t\t\t\t\t\t\t\t{0}\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t<td class=\"cell{1}\">\n\t\t\t\t\t\t\t\t{2}\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n", UserLink($loguser), 2, PutASmileOnThatFace(htmlspecialchars($_POST['text'])));
if ($commentsWasEmpty) {
$commentList = "";
}
$commentList .= $thisComment;
}
//print "lastCID: ".$lastCID;
if ($loguserid) {
$commentField = format("\n\t\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t\t<form method=\"post\" action=\"profile.php\">\n\t\t\t\t\t\t\t\t\t\t<input type=\"hidden\" name=\"id\" value=\"{0}\" />\n\t\t\t\t\t\t\t\t\t\t<input type=\"text\" name=\"text\" style=\"width: 80%;\" maxlength=\"255\" />\n\t\t\t\t\t\t\t\t\t\t<input type=\"submit\" name=\"action\" value=\"" . __("Post") . "\" />\n\t\t\t\t\t\t\t\t\t</form>\n\t\t\t\t\t\t\t\t</div>\n", $id);
if ($lastCID == $loguserid) {
<?php
// AcmlmBoard XD support - View counter support
//Update view counter
if (!$isBot) {
$qViewCounter = "update misc set views = views + 1";
$rViewCounter = Query($qViewCounter);
$misc['views']++;
//Milestone reporting
if ($viewcountInterval > 0 && $misc['views'] > 0 && $misc['views'] % $viewcountInterval == 0) {
if ($loguserid) {
$who = UserLink($loguser);
} else {
$who = "a guest at " . $_SERVER['REMOTE_ADDR'];
}
Query("update misc set milestone = 'View " . $misc['views'] . " reached by " . justEscape($who) . "'");
}
}
//to prevent identity confusion
$post = str_replace("\n", "##TSURUPETTANYOUJO##", $post);
TidyPost($post);
$post = mysql_real_escape_string($post);
$qPMT = "update pmsgs_text set title = '" . justEscape($_POST['title']) . "', text = '" . $post . "' where pid = " . $pmid;
$rPMT = Query($qPMT);
$qPM = "update pmsgs set drafting = 0 where id = " . $pmid;
$rPM = Query($qPM);
foreach ($recipIDs as $recipient) {
if ($recipient == $firstTo) {
continue;
}
$qPM = "insert into pmsgs (userto, userfrom, date, ip, msgread) values (" . $recipient . ", " . $loguserid . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', 0)";
$rPM = Query($qPM);
$pid = mysql_insert_id();
$qPMT = "insert into pmsgs_text (pid,title,text) values (" . $pid . ", '" . justEscape($_POST['title']) . "', '" . $post . "')";
$rPMT = Query($qPMT);
}
Redirect(__("PM sent!"), "private.php?show=1", __("your PM outbox"));
exit;
}
} else {
Alert(__("Enter a message and try again."), __("Your PM is empty."));
}
} else {
Alert(__("Enter a title and try again."), __("Your PM is untitled."));
}
}
//if($_POST['text']) $prefill = htmlval($_POST['text']);
//if($_POST['title']) $trefill = htmlval($_POST['title']);
$prefill = $pm['text'];
<?php
// AcmlmBoard XD - Points of Required Attention editing page
// Access: administrators
include "lib/common.php";
$title = __("Points of Required Attention");
AssertForbidden("editPoRA");
if ($loguser['powerlevel'] < 3) {
Kill(__("You must be an administrator to edit the Points of Required Attention."));
}
$key = hash('sha256', "{$loguserid},{$loguser['pss']},{$salt}");
if (isset($_POST['action']) && $key != $_POST['key']) {
Kill(__("No."));
}
if ($_POST['action'] == __("Edit")) {
//TidyPost($_POST['text']);
$qPora = "update misc set porabox = '" . justEscape($_POST['text']) . "', poratitle = '" . justEscape($_POST['title']) . "'";
$rPora = Query($qPora);
Report("[b]" . $loguser['name'] . "[/] edited the PoRA.", 1);
Redirect(__("Edited!"), "./", __("the main page"));
}
write("\n\t<div class=\"PoRT\">\n\t\t<div class=\"errort\">\n\t\t\t<strong id=\"previewtitle\">\n\t\t\t\t{0}\n\t\t\t</strong>\n\t\t</div>\n\t\t<div class=\"errorc cell2 left\" id=\"previewtext\">\n\t\t\t{1}\n\t\t</div>\n\t</div>\n\n\t<form action=\"editpora.php\" method=\"post\">\n\t\t<table id=\"t\" class=\"outline margin width50\">\n\t\t\t<tr class=\"header1\">\n\t\t\t\t<th colspan=\"2\">\n\t\t\t\t\t" . __("PoRA Editor") . "\n\t\t\t\t</th>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell0\">\n\t\t\t\t<td>\n\t\t\t\t\t" . __("Title (plain)") . "\n\t\t\t\t</td>\n\t\t\t\t<td>\n\t\t\t\t\t<input type=\"text\" name=\"title\" id=\"title\" maxlength=\"256\" style=\"width: 80%;\" value=\"{2}\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell1\">\n\t\t\t\t<td>\n\t\t\t\t\t" . __("Content (HTML)") . "\n\t\t\t\t</td>\n\t\t\t\t<td style=\"width: 80%;\">\n\t\t\t\t\t<textarea name=\"text\" rows=\"16\" style=\"width: 97%;\" id=\"editbox\" onkeyup=\"startPoraUpdate()\">{3}</textarea>\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell2\">\n\t\t\t\t<td></td>\n\t\t\t\t<td>\n\t\t\t\t\t<input type=\"submit\" name=\"action\" value=\"" . __("Edit") . "\" />\n\t\t\t\t\t<input type=\"hidden\" name=\"key\" value=\"{4}\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t</table>\n\t</form>\n", $misc['poratitle'], $misc['porabox'], htmlval($misc['poratitle']), htmlval($misc['porabox']), $key);