$error_msg = array(); //inizializzo l'array di errori if (@$_GET['login'] == 1) { $username = clear($_POST['username']); $password = $_POST['password']; if (empty($username) && empty($password)) { $error_msg[] = "<font color=red><p><i>Inserire i dati per il Login!</i><p></font>"; } elseif (login($username, md5($password)) == FALSE) { $error_msg[] = "<font color=red><p><i>Dati inseriti Errati!</i><p></font>"; } elseif (check_maintenance(2) == 1 && level($username) == 'user') { $error_msg[] = "<font color=red><p><i>Login Impossibile (Forum in Modalità Manutenzione)</i><p></font>"; } elseif (login($username, md5($password)) == TRUE && empty($error_msg)) { setcookie("0xBB_user", $username); setcookie("0xBB_pass", md5($password)); //aggiorno l'IP dell'utente nel ban_ip mysql_query("UPDATE " . __PREFIX__ . "ban_ip \n\t\t\t\t\t\tSET ip = '" . $_SERVER['REMOTE_ADDR'] . "' \n\t\t\t\t\t WHERE user_id = '" . nick2uid($username) . "'") or _err(mysql_error()); header("Location: index.php"); exit; } else { $error_msg[] = "<font color=red><p><i>Errore di Login! Riprova</i><p></font>"; } } if ($error_msg) { print '<div class="error_msg"> <h3 align="center">ERRORI nella fase di LOGIN!</h2><br /> <br />'; foreach ($error_msg as $error_message) { print $error_message . "<br />\n"; } print "<br />\n<center><a href='javascript:history.back()'>Torna Indietro</a>\n</center>\n</div>\n"; } else {
case '13': if (@$_GET['reset'] == 1) { mysql_query("UPDATE " . __PREFIX__ . "users SET theme = 'default.css'") or _err(mysql_error()); print "\n<script>alert(\"Reset Completato\"); window.location=\"admin.php\";</script>"; } print "<script>" . "\n\tif(confirm('Sei sicuro di voler procedere al reset del tema per tutti gli utenti?.') == true) {" . "\n\t\tlocation.href = 'admin.php?mode=13&reset=1'" . "\n\t}else{" . "\n\t\tlocation.href = 'admin.php'" . "\n\t}" . "\n</script>"; break; case '14': @($username = clear($_POST['username'])); if ($username) { $query = "SELECT id, level FROM " . __PREFIX__ . "users WHERE username = '******'"; $row = mysql_fetch_row(mysql_query($query)); if (!$row[0]) { _err("Errore! L'Username Specificato non esiste!"); } if ($row[0] == nick2uid($usr)) { _err("Errore! L'utente selezionato è già VIP!"); } if ($row[1] == 'vip') { $query = "UPDATE " . __PREFIX__ . "users SET level = 'user' WHERE id = '" . $row[0] . "'"; } else { $query = "UPDATE " . __PREFIX__ . "users SET level = 'vip' WHERE id = '" . $row[0] . "'"; } mysql_query($query) or _err(mysql_error()); header("Location: admin.php?mode=14"); } else { ?> <form action = 'admin.php?mode=14' method = 'POST'> <br /><b>Gestione dei permessi per Utenti VIP:</b> <p>Aggiungi/Rimuovi un' utente VIP(Basta scrivere l'username): <input name = 'username'><br /> <input type = 'submit' value = 'Invia'>
$result = mysql_query($query_2) or _err(mysql_error()); while ($row = mysql_fetch_row($result)) { $query = "SELECT id FROM " . __PREFIX__ . "topic WHERE replyof = '" . $row[0] . "'"; $res2 = mysql_query($query); $replies = 0; while (mysql_fetch_row($res2)) { $replies++; } ?> <tr> <td class="forums"><a href = 'viewtopic.php?id=<?php print $row[0] . "'>" . $row[4] . "</a> " . check_graphic_block_topic($row[0]); ?> </td> <td class="forums"><a href = 'profile.php?id=<?php print nick2uid($row[3]) . "'>" . $row[3]; ?> </a></td> <td class="forums"><?php print $replies; ?> </td> </tr> <tr> <td colspan="3"><hr style="margin:1px;height:1px;border:none;background-color:white;"></td> </tr> <?php } // end while write topics print "</table>\n"; footer();
<input type = 'hidden' name = 'topic_id' value = '<?php print $id; ?> ' > <input type = 'hidden' name = 'user_id' value = '<?php print nick2uid($row[3]); ?> '> <input class='karma_più' type = 'submit' value = '+1' name = 'vote' > <input class='karma_meno' type = 'submit' value = '-1' name = 'vote'> </form> </div> <div style="float: right;"><a href="pm.php?mode=3&to=<?php print $row[3]; ?> ">PM</a> <a href = 'profile.php?id=<?php print nick2uid($row[3]); ?> '>Profile</a></div> </div> </div> <div id="topic"> <b>Titolo: </b><?php print $row[4] . check_graphic_block_topic($row[0]) . check_graphic_important_topic($row[0]) . check_graphic_announcement_topic($row[0]) . "<br />\n<font size=1> @<i>Scritto il " . $row[9] . " alle ore " . $row[8] . "</i></font>\n"; ?> <br /> <?php if (login($username, $password) && ($row[2] == $username || level($username) == 'admin') || level($username) == 'mod') { print "\n<a href = 'manage.php?id=" . $row[0] . "&t_id=" . $id . "'>[Edita]</a>" . "\n<a href='manage.php?id=" . $row[0] . "&t_id=" . $id . "&delete=1'>[Elimina]</a>"; } ?>
if (!empty($web_site)) { if (check_url($web_site) == FALSE) { $error_msg[] = 'Il Sito Web inserito non è valido'; } } if (strlen($username) > 20) { $error_msg[] = 'L\'username è troppo lungo ( Max. 20 caratteri )'; } if (!$error_msg) { $pass = md5($pass); $query = "INSERT INTO " . __PREFIX__ . "users (\n\t\t\t\t\t\tusername, password, level, email, web_site, msn, theme\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t'" . $username . "', '{$pass}', 'user', '{$email}', '{$web_site}', '{$msn}', 'default.css')"; mysql_query($query) or _err(mysql_error()); $sql = "INSERT INTO " . __PREFIX__ . "karma (\n\t\t\t\t\t\tvote_user_id, vote\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t'" . nick2uid($username) . "', '0')"; mysql_query($sql) or _err(mysql_error()); //ban ip inserimenti IP $ban_ip = "INSERT INTO " . __PREFIX__ . "ban_ip (\n\t\t\t\t\t\tuser_id, ip, banned\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t'" . nick2uid($username) . "', '" . $_SERVER['REMOTE_ADDR'] . "', '0')"; mysql_query($ban_ip) or _err(mysql_error()); $oggetto = "Benvenuto in " . SITE_NAME . "."; $messaggio = "Ciao " . $username . "\n" . "Siamo lieti di darti il benvenuto in " . SITE_NAME . "\n" . "I tuoi dati di accesso sono:\n\n" . "Username: "******"\n" . "Password: "******"\n\n" . "Ti auguriamo una buona permanenza,\n" . "Lo Staff ~ " . SITE_NAME . "."; $check_send_mail = @mail($email, $oggetto, $messaggio, "From: " . $email); if ($check_send_email == TRUE) { die("<div class=\"success_msg\" align=\"center\">\nRegistrazione Avvenuta con Successo!\n<br /><p>E-Mail di Benvenuto Inviata!</p><br />\n<a href=\"login.php\">Vai al Login</a></div>"); } else { die("<div class=\"success_msg\" align=\"center\">\nRegistrazione Avvenuta con Successo!\n<br /><p>E-Mail di Benvenuto non Inviata!</p><br />\n<a href=\"login.php\">Vai al Login</a></div>"); } } else { print "\n<div class=\"error_msg\">" . "\n<h3 align=\"center\">Errori nella form!</h2><br />" . "\n<br /><center>"; foreach ($error_msg as $error_message) { print $error_message . " <br />\n"; } print "<br />\n<a href='javascript:history.back()'>Torna Indietro</a>\n</center>\n</div>\n";
function show_menu() { list($username, $password) = get_data(); if (login($username, $password)) { $not_read = 0; $query = "SELECT level FROM " . __PREFIX__ . "users WHERE username = '******'"; $row = mysql_fetch_row(mysql_query($query)); $query = "SELECT id FROM " . __PREFIX__ . "pm WHERE to_usr = '******' AND new = 1"; $res = mysql_query($query); while (mysql_fetch_row($res)) { $not_read++; } ?> <div class="menu" id="menu" > <ul> <li><b>Benvenuto, <a href="profile.php?id=<?php print nick2uid($username); ?> "><?php print $username; ?> </a>!</b></li> <li><a href = 'settings.php'>[Pannello utente]</a></li> <li><a href = 'users_list.php'>Lista Utenti</a></li> <?php if ($not_read) { print "\t\t\t<li><b><a href = 'pm.php?mode=1'>{$not_read} new PM(s)</a></b></li>\n"; } else { print "\t\t<li><a href = 'pm.php?mode=1'>No new PMs</a></li>\n"; } if ($row[0] == 'admin') { print "\t\t\t\t<li><a href = 'admin.php'>[Amministrazione]</a></li>\n"; } if ($row[0] == 'mod') { print "\t<li><a href = 'modcp.php'>[-Mod Panel-]</a></li>\n"; } ?> <li><a href = 'index.php?logout=1'>Logout</a></li> </ul> </div> <div class = 'main' id = 'main'> <?php } else { //Se non si è loggati allora Guest :P ?> <div class = 'menu' id = 'menu'> <ul> <li><b>Benvenuto, Guest!</b></li> <li><a href = 'users_list.php'>Lista Utenti</a></li> <li><a href = 'login.php'>Login</a></li> <li><a href = 'register.php'>Register</a></li> </ul> </div> <div class = 'main' id = 'main'> <?php } }
} header("Location: modcp.php?mode=2"); } else { ?> <form action = 'modcp.php?mode=2&ban=2' method = 'POST'> <br /><b>Gestione Ban per IP:</b> <p>Banna IP Esterno: <input name = 'ip'><br /> <input type = 'submit' value = 'Banna'></p> </form> <br /><br /> <?php } if (@$_GET['ban'] == 1) { $query = "SELECT * FROM " . __PREFIX__ . "ban_ip WHERE ip = '{$ip}'"; $row = mysql_fetch_row(mysql_query($query)); if ($row[1] == nick2uid($usr)) { _err("Errore! Questo IP da bannare è identico al tuo, ti banni?"); } if ($row[3] == 0) { $query = "UPDATE " . __PREFIX__ . "ban_ip SET banned = '1' WHERE id = '" . $row[0] . "'"; } else { $query = "UPDATE " . __PREFIX__ . "ban_ip SET banned = '0' WHERE id = '" . $row[0] . "'"; } mysql_query($query) or _err(mysql_error()); header("Location: modcp.php?mode=2"); } if (@$_GET['elimina'] == 1 && !empty($_GET['id'])) { $id = (int) $_GET['id']; mysql_query("DELETE FROM " . __PREFIX__ . "ban_ip WHERE id = '" . $id . "'") or _err(mysql_error()); print '<script>alert("IP Cancellato!); window.location="modcp.php?mode=2";</script>'; }