function getactiveusers()
{
global $pref;
$r_user = thwb_query("SELECT count(userid) AS usercount FROM " . $pref . "user WHERE userlastpost > " . (time() - 60 * 60 * 24 * 31));
$user = mysql_fetch_array($r_user);
return $user['usercount'];
}
function is_firstpost($threadid, $postid)
{
global $pref;
$r_post = thwb_query("SELECT postid FROM {$pref}" . "post WHERE threadid='{$threadid}' ORDER BY posttime ASC");
$post = mysql_fetch_array($r_post);
if ($post['postid'] == $postid) {
return 1;
} else {
return 0;
}
}
function prevent_pm_flood()
{
global $g_user, $P, $pref, $config;
if ($P->has_permission(P_NOFLOODPROT)) {
return;
}
$r_lastpm = thwb_query("SELECT pmtime FROM " . $pref . "pm WHERE pmfromid='{$g_user['userid']}' ORDER BY pmtime DESC LIMIT 1");
if (!mysql_num_rows($r_lastpm)) {
return;
}
$a_lastpm = mysql_fetch_array($r_lastpm);
if ($a_lastpm['pmtime'] >= time() - $config['postdelay']) {
message("Fehler", "Sie können nur alle {$config['postdelay']} Sekunden eine PM verschicken.");
}
return;
}
$i++;
}
for (; $i <= 9; $i++) {
$name[$i] = 'n/a';
$value[$i] = 'n/a';
}
mysql_free_result($r_postthreads);
eval($TRow->GetTemplate("stats_top10_row"));
$stats_top10_row .= "<br>";
/** top 10 threads (by views) **/
$data['title'] = 'Top 10 Threads (nach Views)';
$name = array();
$value = array();
$a_viewthreads = array();
$i = 0;
$r_viewthreads = thwb_query("SELECT t.threadviews, t.threadtopic, t.threadid, t.boardid, b.boardname FROM {$pref}" . "thread AS t LEFT OUTER JOIN {$pref}" . "board AS b ON t.boardid = b.boardid ORDER BY threadviews DESC LIMIT 10");
while ($a_viewthreads = mysql_fetch_array($r_viewthreads)) {
$P->set_boardid($a_viewthreads['boardid']);
if (!$P->has_permission(P_VIEW)) {
continue;
}
$name[$i] = '<a href="' . build_link('showtopic.php?threadid=' . $a_viewthreads['threadid']) . '">' . parse_code($a_viewthreads['threadtopic']) . '</a> (Board: <a href="' . build_link('board.php?boardid=' . $a_viewthreads['boardid']) . '">' . $a_viewthreads['boardname'] . '</a>)';
$value[$i] = $a_viewthreads['threadviews'];
$i++;
}
for (; $i <= 9; $i++) {
$name[$i] = 'n/a';
$value[$i] = 'n/a';
}
mysql_free_result($r_viewthreads);
eval($TRow->GetTemplate("stats_top10_row"));
message('Fehler', 'Ränge wurden vom Administrator deaktiviert.');
}
$r_user = thwb_query("SELECT COUNT(userid) FROM {$pref}" . "user");
list($usercount) = mysql_fetch_row($r_user);
$RANKROWS = '';
while (list($i, $rank) = each($a_rank)) {
// users for this rank
if (isset($a_rank[$i - 1])) {
$r_user = thwb_query("SELECT COUNT(userid) FROM {$pref}" . "user WHERE\n userposts >= " . $rank['rankposts'] . " AND userposts < " . $a_rank[$i - 1]['rankposts']);
list($rankusers) = mysql_fetch_row($r_user);
$r_user = thwb_query("SELECT userid, username FROM {$pref}" . "user WHERE\n userposts >= " . $rank['rankposts'] . " AND userposts < " . $a_rank[$i - 1]['rankposts'] . " ORDER BY userposts DESC LIMIT 1");
$user = mysql_fetch_array($r_user);
} else {
$r_user = thwb_query("SELECT COUNT(userid) FROM {$pref}" . "user WHERE\n userposts >= " . $rank['rankposts']);
list($rankusers) = mysql_fetch_row($r_user);
$r_user = thwb_query("SELECT userid, username FROM {$pref}" . "user WHERE\n userposts >= " . $rank['rankposts'] . " ORDER BY userposts DESC LIMIT 1");
$user = mysql_fetch_array($r_user);
}
if ($rank['rankimage']) {
$rank['rankimage'] = '<img src="' . $rank['rankimage'] . '">';
} else {
$rank['rankimage'] = ' ';
}
$prozent = intval($rankusers / $usercount * 100);
$width = intval($rankusers / $usercount * 120);
if (!$width) {
$width = 1;
}
$invwidth = 120 - $width;
eval($Trankrow->GetTemplate('RANKROWS'));
}
function log_action($action)
{
global $g_user, $post, $REMOTE_ADDR, $PHP_SELF, $pref;
thwb_query("INSERT INTO " . $pref . "adminlog (logtype, logtime, loguser, logip, logscript,\n logaction, lognotes) VALUES ('LOG_MOD',\n " . time() . ",\n '{$g_user['username']}',\n '{$REMOTE_ADDR}',\n '" . basename($PHP_SELF) . "',\n '" . addslashes($action) . "',\n 'post id: {$post['postid']}')");
}
check_username($post['postguestname']);
// override notify
$post['postemailnotify'] = 0;
$g_user['username'] = $config['guestprefix'] . $post['postguestname'];
$post['postguestname'] = $config['guestprefix'] . addslashes($post['postguestname']);
} else {
$post['postguestname'] = '';
}
if ($config['uppercase_prot']) {
$thread['threadtopic'] = killshout($thread['threadtopic']);
}
// Autoclose & delete
if (isset($config['auto_close']) && $config['auto_close'] > 0) {
thwb_query("UPDATE " . $pref . "thread SET threadclosed = '1' WHERE threadtime < '" . (time() - ($config['auto_close'] + 1) * 86400) . "'");
}
if (isset($config['auto_delete']) && $config['auto_delete'] > 0) {
thwb_query("DELETE FROM " . $pref . "thread WHERE threadtime < " . (time() - $config['auto_delete'] * 86400) . "");
}
// die neue nachricht abspeichern in dem topics table
thwb_query("INSERT INTO " . $pref . "thread (threadtime, threadtopic, threadauthor, boardid,\n threadlastreplyby, threadiconid, threadcreationtime)\n VALUES('{$time}',\n '" . addslashes(preparse_code($thread['threadtopic'])) . "',\n '" . addslashes($g_user['username']) . "',\n '{$board['boardid']}',\n '" . addslashes($g_user['username']) . "',\n '" . intval($thread['threadiconid']) . "',\n '{$time}')");
$thread['threadid'] = mysql_insert_id();
// die neue nachricht abspeichern in dem messages table
thwb_query("INSERT INTO " . $pref . "post (posttime, posttext, userid, threadid, postemailnotify, postip, postsmilies,\n postcode, postguestname)\n VALUES('{$time}',\n '" . addslashes(preparse_code($post['posttext'])) . "',\n '{$g_user['userid']}',\n '{$thread['threadid']}',\n '{$post['postemailnotify']}',\n '" . addslashes($REMOTE_ADDR) . "',\n '" . ($post['postsmilies'] ? 1 : 0) . "',\n '" . ($post['postcode'] ? 1 : 0) . "',\n '" . addslashes($post['postguestname']) . "')");
// Den topics-count-wert des board erhöhen
thwb_query("UPDATE " . $pref . "board SET\n boardthreads=boardthreads+1,\n boardlastpost='{$time}',\n boardposts=boardposts+1,\n boardlastpostby='" . addslashes($g_user['username']) . "',\n boardthreadtopic='" . addslashes(preparse_code($thread['threadtopic'])) . "',\n boardthreadid={$thread['threadid']}\n WHERE boardid='{$board['boardid']}'");
if ($g_user['userid']) {
// Den postings wert des postenden users erhöhen
thwb_query("UPDATE " . $pref . "user SET userlastpost={$time}, userposts=userposts+1 WHERE userid='{$g_user['userid']}'");
}
header("Location: " . build_link("showtopic.php?threadid={$thread['threadid']}", true));
}
$user['useravatar'] = "";
}
// check signature length.
if ($config['sig_restrict']) {
if (!check_siglen(preparse_code($user['usersignature']))) {
$err_msg .= 'Ihre Signatur enthält zuviele Zeichen (max. ' . $config['sig_maxlen'] . ') oder besteht aus zu vielen Zeilen (max. ' . $config['sig_maxlines'] . ').';
}
}
if (!$user['userpassword']) {
$err_msg .= 'Bitte geben Sie ein Passwort an';
}
if (strlen($err_msg) > 0) {
message("Fehler", "Es sind leider folgende Fehler aufgetreten:<br><br><font color='{$style['color_err']}'>{$err_msg}</font>");
} else {
if ($user['userhomepage'] == 'http://') {
$user['userhomepage'] = '';
}
if ($user['userbday_day'] == 0 || $user['userbday_month'] == 0 || $user['userbday_year'] == 0) {
$user['userbday'] = '0000-00-00';
} else {
$user['userbday'] = sprintf('%04d-%02d-%02d', $user['userbday_year'], $user['userbday_month'], $user['userbday_day']);
}
if (!thwb_query("UPDATE " . $pref . "user SET\n userpassword='******'userpassword']) . "',\n userhomepage='" . addslashes($user['userhomepage']) . "',\n userlocation='" . addslashes($user['userlocation']) . "',\n usericq='" . addslashes($user['usericq']) . "',\n useraim='" . addslashes($user['useraim']) . "',\n usermsn='" . addslashes($user['usermsn']) . "',\n userbday='" . addslashes($user['userbday']) . "',\n useroccupation='" . addslashes($user['useroccupation']) . "',\n useravatar='" . addslashes($user['useravatar']) . "',\n userinterests='" . addslashes($user['userinterests']) . "',\n usersignature='" . addslashes(preparse_code($user['usersignature'])) . "',\n userhideemail='" . intval($user['userhideemail']) . "',\n userinvisible='" . intval($user['userinvisible']) . "',\n usernoding='" . intval($user['usernoding']) . "',\n styleid='" . intval($user['styleid']) . "',\n userhidesig='" . intval($user['userhidesig']) . "' WHERE userid='{$g_user['userid']}'")) {
message("Fehler", "Interner Fehler!");
}
}
// *try* to reset password
if ($user['usernewpassword'] || $user['usernewpassword2']) {
setcookie("thwb_cookie", $user['userpassword'] . $g_user['userid'], time() + 60 * 60 * 24 * 365);
}
message("Update erfolgreich!", "Das Update war erfolgreich!");
message("Nur für Mitglieder", "Diese Funktion ist nur für Mitglieder. Sie können sich <a href=\"register.php\">hier</a> kostenlos registrieren.");
}
if (!$config['use_email']) {
message('Funktion nicht verfügbar', 'Diese Funktion wurde vom Administrator deaktiviert.');
}
$Tframe = new Template("templates/" . $style['styletemplate'] . "/frame.html");
$TTopics = new Template("templates/" . $style['styletemplate'] . "/markedlist.html");
$TTopicrow = new Template("templates/" . $style['styletemplate'] . "/markedrow.html");
if (!empty($do_delthreads) && $do_delthreads) {
if (empty($delthreads) || !count($delthreads)) {
message('Fehler', 'Sie müssen ein Thema auswählen.');
}
thwb_query("UPDATE " . $pref . "post SET postemailnotify='0' WHERE userid='" . $g_user['userid'] . "' AND threadid IN (" . join(',', $delthreads) . ")");
message('Themen abbestellt', 'Die markierten Themen wurden abbestellt.');
}
$r_usermarkedthreads = thwb_query("SELECT DISTINCT threadid FROM " . $pref . "post WHERE postemailnotify = '1' AND userid = '" . $g_user['userid'] . "' GROUP BY threadid");
$i = 0;
$TOPICROWS = '';
if (!mysql_num_rows($r_usermarkedthreads)) {
$TTopicrow = new Template('./templates/' . $style['styletemplate'] . '/board_nothreads.html');
eval($TTopicrow->GetTemplate("TOPICROWS"));
} else {
while ($a_thread = mysql_fetch_assoc($r_usermarkedthreads)) {
$i % 2 > 0 ? $thisrowbg = $style['CellB'] : ($thisrowbg = $style['CellA']);
$i++;
$r_thread = mysql_query("SELECT threadid, threadauthor, threadtopic, threadviews, threadreplies, threadtime, boardid, threadlastreplyby FROM " . $pref . "thread WHERE threadid = '" . $a_thread['threadid'] . "'");
if (mysql_num_rows($r_thread) != 0) {
$thread = mysql_fetch_array($r_thread);
$r_board = mysql_query("SELECT boardname FROM " . $pref . "board WHERE boardid = '" . $thread['boardid'] . "'");
$board = mysql_fetch_array($r_board);
$thread['threadtopic'] .= "<BR><span style=\"color:" . $style['color1'] . "\">" . $style['smallfont'] . "Forum: " . $board['boardname'] . $style['smallfontend'] . "</span>";
function Permission($groupids, $boardid = -1)
{
global $pref;
if ($groupids === '') {
$groupids = '-1';
}
$this->a_group = array();
$r_group = thwb_query("SELECT groupid, accessmask FROM {$pref}" . "group WHERE groupid IN(" . $groupids . ")");
while ($group = mysql_fetch_array($r_group)) {
$this->a_group[$group['groupid']] = $group['accessmask'];
}
mysql_free_result($r_group);
$this->a_groupboard = array();
if ($boardid == -1) {
$r_groupboard = thwb_query("SELECT groupid, boardid, accessmask FROM {$pref}" . "groupboard WHERE groupid IN (" . $groupids . ")");
} else {
$r_groupboard = thwb_query("SELECT groupid, boardid, accessmask FROM {$pref}" . "groupboard WHERE boardid='{$boardid}' AND groupid IN (" . $groupids . ")");
}
while ($groupboard = mysql_fetch_array($r_groupboard)) {
$this->a_groupboard[$groupboard['boardid']][$groupboard['groupid']] = $groupboard['accessmask'];
}
mysql_free_result($r_groupboard);
$this->set_boardid($boardid);
}
if ($user['userinvisible'] == 1) {
$invisibleyes = ' checked';
$invisibleno = '';
} else {
$invisibleyes = '';
$invisibleno = ' checked';
}
if ($user['usernoding'] == 1) {
$nodingno = '';
$nodingyes = ' checked';
} else {
$nodingno = ' checked';
$nodingyes = '';
}
$styleoptions = '';
$r_style = thwb_query("SELECT styleid, stylename FROM " . $pref . "style WHERE styleispublic=1");
if (mysql_num_rows($r_style) > 0) {
$styleoptions = '<option value="0">-----------------------------</option>';
while ($tstyle = mysql_fetch_array($r_style)) {
$styleoptions .= "<option value=\"{$tstyle['styleid']}\"" . ($tstyle['styleid'] == $user['styleid'] ? " selected" : "") . ">{$tstyle['stylename']}</option>\n";
}
}
// birthday stuff
$a_month = array(1 => 'Januar', 2 => 'Februar', 3 => 'März', 4 => 'April', 5 => 'Mai', 6 => 'Juni', 7 => 'Juli', 8 => 'August', 9 => 'September', 10 => 'Oktober', 11 => 'November', 12 => 'Dezember');
$bdayform = '';
$user['userbday_year'] = (int) substr($user['userbday'], 0, 4);
$user['userbday_month'] = (int) substr($user['userbday'], 5, 2);
$user['userbday_day'] = (int) substr($user['userbday'], 8, 2);
// day
$bdayform .= '<select name="user[userbday_day]" class="tbselect"><option value="0"></option>';
for ($i = 1; $i <= 31; $i++) {
if ($bm) {
message('Ungültige E-Mailadresse', 'Die von Ihnen gewählte E-Mailadresse ist leider nicht erlaubt.');
}
}
if (isset($errmsg) && strlen($errmsg) > 0) {
message("Fehler", "Es sind leider folgende Fehler aufgetreten:<br><br><font color='{$style['color_err']}'>{$errmsg}</font>");
}
// ready to register
if ($register['userpassword'] != $register['userpassword2']) {
message('Fehler', 'Das Passwort und die Passwortwiederholung unterscheiden sich, bitte überprüfen Sie ihre Angaben.');
}
if (!$register['userpassword']) {
message('Fehler', 'Bitte geben Sie ein Passwort an');
}
$time = time();
$register['hash'] = md5($time);
thwb_query("INSERT INTO " . $pref . "user (username, userjoin, useremail, userpassword, groupids, useractivate)\n VALUES('" . addslashes($register['username']) . "', '" . $time . "',\n '" . addslashes($register['useremail']) . "', '" . md5($register['userpassword']) . "', ',{$config['default_groupid']},', " . ($config['use_email'] ? 1 : 0) . ")");
$register['userid'] = mysql_insert_id();
possible_flood(FLOOD_REGISTER, $register['userid']);
if ($config['use_email']) {
$email = '';
$TRegistermail = new Template("./templates/mail/register.mail");
eval($TRegistermail->GetTemplate("email"));
@mail($register['useremail'], $config['board_name'] . " - Registrierung", $email, "From: {$config['board_admin']}");
message("Registrierung erfolgreich!", "Der neue User wurde angelegt.<br>Sie erhalten in Kürze eine Email mit einem Bestätigungslink zur Aktivierung ihres Accounts.<br><strong>Achtung: Bei AOL ist davon auszugehen, dass die Email vom Spamfilter abgefangen wird.</strong>");
} else {
$s = new_session();
$g_user['have_cookie'] = false;
setcookie("thwb_cookie", md5($register['userpassword']) . $register['userid'], time() + 60 * 60 * 24 * 365);
message('Registrierung erfolgreich!', 'Sie wurden soeben erfolgreich registriert und eingeloggt. Viel Spaß!');
}
} else {
$replytext = '';
}
if ($config['smilies']) {
$smilies_on_off = "AN";
} else {
$smilies_on_off = "AUS";
}
if ($config['use_email']) {
$notifyavailable = '';
} else {
$notifyavailable = ' (Derzeit nicht verfügbar)';
}
if ($g_user['userid']) {
$replyusername = "******"" . build_link('logout.php?uid=' . $g_user['userid']) . "\">Logout</a> ]{$style['smallfontend']}";
} else {
if ($g_user['userid'] == 0 && $P->has_permission(P_REPLY)) {
$replyusername = '******' . $style['smallfont'] . ' (Minimal ' . $config['min_usernamelength'] . ', maximal ' . $config['max_usernamelength'] . ' Zeichen, keine Sonderzeichen) <b>Das Forum speichert ihre IP-Addresse!</b>' . $style['smallfontend'];
} else {
$replyusername = '';
}
}
$Treply = new Template("./templates/" . $style['styletemplate'] . "/replyform.html");
eval($Treply->GetTemplate("REPLYFORM"));
}
thwb_query("UPDATE " . $pref . "thread SET threadviews=threadviews+1 WHERE threadid='{$thread['threadid']}'");
$JUMP_MENU = jumpmenu($board['boardid']);
$navpath .= 'Threadansicht';
$titleprepend = htmlspecialchars($thread['threadtopic']) . ' - ';
eval($Tpostings->GetTemplate("CONTENT"));
eval($Tframe->GetTemplate());
$TChangeemail = new Template('./templates/' . $style['styletemplate'] . '/changeemail.html');
$t_changewarning = '';
if ($config['use_email']) {
$TChangeemail_warning = new Template('./templates/' . $style['styletemplate'] . '/changeemail_warning.html');
eval($TChangeemail_warning->GetTemplate('t_changewarning'));
}
eval($TChangeemail->GetTemplate("CONTENT"));
eval($TFrame->GetTemplate());
} else {
$r_user = thwb_query("SELECT userpassword, username FROM " . $pref . "user WHERE userid='{$g_user['userid']}'");
$dbuser = mysql_fetch_array($r_user);
if (!$user['useroldpassword'] || $dbuser['userpassword'] != md5($user['useroldpassword'])) {
message('Fehler', 'Das Passwort ist leider nicht korrekt.');
} else {
if (!check_email($user['usernewemail'])) {
message('Fehler', 'Sie haben keine gültige E-Mailadresse angegeben!<br>Eine gültige E-Mailadresse hat das Format <b>name@example.com</b> .');
} else {
if ($config['use_email']) {
$email = '';
$TRegistermail = new Template("./templates/mail/change_mail.mail");
eval($TRegistermail->GetTemplate("email"));
@mail($user['usernewemail'], $config['board_name'] . " - Email-Adressenaenderung", $email, "From: {$config['board_admin']}");
message("Änderung erfolgreich!", "Sie erhalten in Kürze eine Email mit einem Bestätigungslink zur Änderung ihrer Email-Adresse.");
} else {
thwb_query("UPDATE " . $pref . "user SET useremail='{$user['usernewemail']}'\n WHERE userid={$g_user['userid']}");
message('Hinweis', 'Ihre Email-Adresse wurde erfolgreich geändert.');
}
}
}
}
}
$resultcount = '</b>Es wurden sehr viele Suchergebnisse gefunden, bitte versuchen Sie, die Suche weiter einzuschränken.<br><b>' . $resultcount;
}
eval($searchresult->GetTemplate("CONTENT"));
eval($frame->GetTemplate());
} else {
// select boards
$a_board = array();
$r_board = thwb_query("SELECT boardname, boardid, categoryid FROM {$pref}" . "board WHERE boarddisabled='0' ORDER BY boardorder ASC");
while ($board = mysql_fetch_array($r_board)) {
$P->set_boardid($board['boardid']);
if ($P->has_permission(P_VIEW)) {
$a_board[$board['categoryid']][] = $board;
}
}
$boards = '';
$r_category = thwb_query("SELECT categoryname, categoryid FROM " . $pref . "category ORDER BY categoryorder ASC");
while ($category = mysql_fetch_array($r_category)) {
if (isset($a_board[$category['categoryid']])) {
$boards .= '<option value="-' . $category['categoryid'] . '">' . $category['categoryname'] . '</option>';
while (list(, $board) = @each($a_board[$category['categoryid']])) {
$boards .= '<option value="' . $board['boardid'] . '">- ' . $board['boardname'] . '</option>';
}
}
}
$getdate = getdate(time());
$Tframe = new Template("templates/" . $style['styletemplate'] . "/frame.html");
$Tsearchform = new Template("templates/" . $style['styletemplate'] . "/searchform.html");
$navpath .= ' » Sucheinstellungen';
eval($Tsearchform->GetTemplate("CONTENT"));
eval($Tframe->GetTemplate());
}
function getcachedstats($s, $e, $u)
{
global $pref;
$r_query = thwb_query("SELECT stat_month as month, stat_auser as auser, stat_nuser as nuser, stat_nthread as nthread, stat_npost as npost FROM " . $pref . "statcache WHERE stat_stime = {$s} AND stat_etime = {$e} AND stat_uid = {$u} DESC LIMIT 1");
return mysql_fetch_array($r_query);
}
}
$r_user = thwb_query("SELECT userjoin, useractivate FROM " . $pref . "user WHERE userid='" . intval($userid) . "'");
if (!mysql_num_rows($r_user)) {
message("Fehler", "Der angegebene Benutzer existiert nicht.");
}
$a_user = mysql_fetch_array($r_user);
if (!$a_user['useractivate']) {
message("Fehler", "Der angegebene Benutzer ist bereits aktiviert.");
}
if ($hash != md5($a_user['userjoin'])) {
message("Fehler", "Die angegebene Aktivierungs-ID stimmt nicht.");
}
thwb_query("UPDATE " . $pref . "user SET useractivate='0' WHERE userid='" . intval($userid) . "'");
message("Registrierung erfolgreich!", "Ihre Registrierung ist nun abgeschlossen. Sie können sich <a href=\"login.php\">hier</a> einloggen. Viel Spaß!");
} else {
if ($action == 'change_email') {
$r_user = thwb_query("SELECT userid, userpassword FROM " . $pref . "user WHERE userid='" . intval($userid) . "'");
if (!mysql_num_rows($r_user)) {
message("Fehler", "Der angegebene Benutzer existiert nicht.");
}
$a_user = mysql_fetch_array($r_user);
if ($a_user['userpassword'] != $hash) {
message("Fehler", "Die Prüfsumme ist nicht korrekt.");
}
if (!check_email($email)) {
message("Fehler", "Die Email-Adresse ist ungültig.");
}
thwb_query("UPDATE " . $pref . "user SET useremail='" . addslashes($email) . "' WHERE userid='" . intval($userid) . "'");
message("A¨nderung abgeschlossen!", "Ihre Email-Adresse wurde erfolgreich geändert.");
}
}
==============================================
(c) 2000-2004 by ThWboard Development Group
download the latest version:
http://www.thwboard.de
This program is free software; you can
redistribute it and/or modify it under the
terms of the GNU General Public License as
published by the Free Software Foundation;
either version 2 of the License, or (at
your option) any later version.
==============================================
*/
include "./inc/header.inc.php";
if (!$P->has_permission(P_CEVENT)) {
message('Fehlende Berechtigung', 'Fehler: Sie haben nicht die benötigte Berechtigung, um diese Seite zu benützen.');
}
$a_errmsg = array();
if (!strlen(trim($event['subject']))) {
$a_errmsg[] = 'Sie haben kein Subject angegeben.';
}
if (!strlen(trim($event['text']))) {
$a_errmsg[] = 'Sie haben keinen Text definiert.';
}
if (!checkdate($event['month'], $event['day'], $event['year'])) {
$a_errmsg[] = 'Sie haben ein ungültiges Datum angegeben.';
}
if (array_count_values($a_errmsg)) {
message('Fehler bei der Eingabe', $style['stdfont'] . 'Folgende Fehler sind bei der Eingabe aufgetreten:<br>' . implode($a_errmsg, '<br>') . '<br>Gehen Sie mit dem Zurück-Button Ihres Browsers zur vorherigen Seite, um die Angaben zu korrigieren.' . $style['stdfontend']);
}
thwb_query("INSERT INTO " . $pref . "calendar (eventtime,eventsubject,eventtext,eventactive,userid) VALUES ('{$event['year']}-{$event['month']}-{$event['day']}','" . addslashes($event['subject']) . "','" . addslashes($event['text']) . "','1',{$g_user['userid']});");
message_redirect("Eintrag erfolgreich", "calendar.php?month={$event['month']}&year={$event['year']}");
<?php
/*
ThWboard - PHP/MySQL Bulletin Board System
==============================================
(c) 2000-2004 by ThWboard Development Group
download the latest version:
http://www.thwboard.de
This program is free software; you can
redistribute it and/or modify it under the
terms of the GNU General Public License as
published by the Free Software Foundation;
either version 2 of the License, or (at
your option) any later version.
==============================================
*/
require './inc/header.inc.php';
if ($g_user['userid'] && (empty($uid) || $uid != $g_user['userid'])) {
message('Fehler', 'Die User-ID ist ungültig.');
}
setcookie("thwb_cookie");
setcookie("thwb_session");
unset($s);
$g_user['issession'] = false;
$g_user['have_cookie'] = false;
!empty($g_user['userid']) && thwb_query("DELETE FROM {$pref}" . "online WHERE userid='{$g_user['userid']}'");
header("Location: index.php");
//message_redirect('Sie wurden erfolgreich ausgeloggt, bitte warten ...', 'index.php');
}
if ($config["usebwordprot"] >= BWORD_POST) {
$post["posttext"] = check_banned($post["posttext"]);
}
if (isset($config['auto_close']) && $config['auto_close'] > 0) {
thwb_query("UPDATE " . $pref . "thread SET threadclosed = '1' WHERE threadtime < '" . (time() - ($config['auto_close'] + 1) * 86400) . "'");
}
if (isset($config['auto_delete']) && $config['auto_delete'] > 0) {
thwb_query("DELETE FROM " . $pref . "thread WHERE threadtime < " . (time() - $config['auto_delete'] * 86400) . "");
}
// neue nachricht posten
thwb_query("INSERT INTO " . $pref . "post (posttime, posttext, userid, threadid, postemailnotify, postsmilies, postcode, postip, postguestname)\n VALUES('{$ctime}',\n '" . addslashes(preparse_code($post['posttext'])) . "',\n '{$g_user['userid']}',\n '{$thread['threadid']}',\n '" . ($post['postemailnotify'] ? 1 : 0) . "',\n '" . ($post['postsmilies'] ? 1 : 0) . "',\n '" . ($post['postcode'] ? 1 : 0) . "',\n '" . addslashes($REMOTE_ADDR) . "',\n '" . $post['postguestname'] . "')");
// Replys um 1 erhöhen in der board datenbank
thwb_query("UPDATE " . $pref . "board SET\n boardlastpost='{$ctime}',\n boardposts=boardposts+1,\n boardlastpostby='" . addslashes($g_user['username']) . "',\n boardthreadtopic='" . addslashes($thread['threadtopic']) . "',\n boardthreadid={$thread['threadid']} WHERE boardid='{$board['boardid']}'");
if ($g_user['userid']) {
// Den postings wert des postenden users erhöhen
thwb_query("UPDATE " . $pref . "user SET userlastpost={$ctime}, userposts=userposts+1 WHERE userid='{$g_user['userid']}'");
}
// Replys um 1 erhöhen in der topic datenbank + time aktualisieren
thwb_query("UPDATE " . $pref . "thread SET threadtime='{$ctime}', threadreplies=threadreplies+1,\n threadlastreplyby='" . addslashes($g_user['username']) . "' WHERE threadid='{$thread['threadid']}'");
// email zeug
if ($config['use_email']) {
$TRegmail = new Template("./templates/mail/newreply.mail");
$r_email = thwb_query("SELECT DISTINCT\n user.useremail as useremail, thread.threadtopic as threadtopic\n FROM\n " . $pref . "post as post, " . $pref . "user as user, " . $pref . "thread as thread\n WHERE\n thread.threadid={$thread['threadid']} AND\n post.threadid={$thread['threadid']} AND\n post.userid=user.userid AND\n post.postemailnotify=1 AND\n user.userid<>{$g_user['userid']}");
while ($email = mysql_fetch_array($r_email)) {
$text = '';
eval($TRegmail->GetTemplate("text"));
@mail($email['useremail'], $config['board_name'] . " - Neue Antwort", $text, "From: {$config['board_admin']}");
}
}
header("Location: " . build_link("showtopic.php?threadid={$thread['threadid']}&time={$time}&pagenum=lastpage#bottom", true));
$pagenum = 1;
}
if (!empty($time)) {
$lastvisited = $time;
}
if (!empty($lastvisited)) {
$lastvisited = intval($lastvisited);
$TIME_STRING = "&time=" . $lastvisited;
} else {
$TIME_STRING = '';
}
$r_thread = thwb_query("SELECT threadid, threadtopic, threadtime, threadauthor,\n threadreplies, threadclosed, threadtop, threadlastreplyby, threadiconid, threadlink,\n threadviews FROM " . $pref . "thread WHERE\n boardid='" . intval($board['boardid']) . "'\n ORDER BY threadtop DESC, threadtime DESC LIMIT\n " . intval(($pagenum - 1) * $config['vars_t_amount']) . ", {$config['vars_t_amount']}");
$i = 0;
$topicicon[0] = 'fullalpha';
$TOPICROWS = '';
$r_news = thwb_query("SELECT newsid, newstopic, newstime FROM " . $pref . "news WHERE boardid LIKE '%;" . intval($board['boardid']) . ";%' ORDER BY newstime DESC LIMIT 1");
if (mysql_num_rows($r_news) > 0) {
$TNewsrow = new Template('./templates/' . $style['styletemplate'] . '/newstopicrow.html');
$news = mysql_fetch_array($r_news);
$news['newstopic'] = parse_code($news['newstopic']);
$news['newstime'] = form_date($news['newstime'], 0);
eval($TNewsrow->GetTemplate("TOPICROWS"));
}
if (mysql_num_rows($r_thread) < 1) {
$TTopicrow = new Template('./templates/' . $style['styletemplate'] . '/board_nothreads.html');
eval($TTopicrow->GetTemplate("TOPICROWS"));
}
while ($thread = mysql_fetch_array($r_thread)) {
$i % 2 > 0 ? $thisrowbg = $style['CellB'] : ($thisrowbg = $style['CellA']);
$thread['threadauthor'] = parse_code($thread['threadauthor']);
$thread['threadlastreplyby'] = parse_code($thread['threadlastreplyby']);
$style = mysql_fetch_array($r_style);
$style['smallfont'] = '<span class="smallfont">';
$style['smallfontend'] = '</span>';
$style['font'] = $style['stdfont'];
$style['stdfont'] = '<span class="stdfont">';
$style['stdfontend'] = '</span>';
/*
################################################################################
Quicklinks[hack] By Morpheus
################################################################################
*/
$quicklinks = '';
$t_quicklinks = '';
if ($config['enable_quicklinks']) {
$TQuicklinks = new Template('./templates/' . $style['styletemplate'] . '/quicklinks.html');
$r_qlink = thwb_query("SELECT linkid, linkalt, linkcaption FROM " . $pref . "qlink");
while ($qlink = mysql_fetch_array($r_qlink)) {
$quicklinks .= "<A HREF=\"qlinks.php?id={$qlink['linkid']}\" title=\"{$qlink['linkalt']}\" target=_blank>[ {$qlink['linkcaption']} ]</a> ";
}
eval($TQuicklinks->GetTemplate("t_quicklinks"));
}
/*
################################################################################
permissions
################################################################################
*/
global $P;
if (isset($board['boardid'])) {
$P = new Permission($g_user['groupids'], $board['boardid']);
requires_permission(P_VIEW);
} else {
}
if (!isset($login_cookie)) {
$login_cookie = 0;
}
$msg = '';
if (!isset($login_password)) {
$login_password = '';
}
$navpath .= "Login";
if (!$login_name) {
$msg .= "Sie haben vergessen einen Usernamen anzugeben.<br>";
}
if (!$login_password) {
$msg .= "Sie haben vergessen ein Passwort anzugeben.<br>";
}
$r_user = thwb_query("SELECT userid, userpassword, useractivate FROM " . $pref . "user WHERE username='******'");
if (mysql_num_rows($r_user) < 1) {
$msg .= "Der Angegebene Benutzername existiert nicht.<br>";
}
$user = mysql_fetch_array($r_user);
if ($user['userpassword'] != md5($login_password)) {
$msg .= "Das Passwort ist leider falsch.<br>";
possible_flood(FLOOD_LOGIN);
}
if ($user['useractivate']) {
$msg .= "Sie haben ihren Account noch nicht aktiviert.";
}
if (isset($msg) && strlen($msg) > 0) {
message("Fehler", "Es sind leider Fehler aufgetreten:<font color='{$style['color_err']}'><br><br>{$msg}</font>");
}
global $g_user, $s;
$a_stats['admin_board_text'] = $a_stats['admin_kategorien_text'] = $a_stats['admin_themen_text'] = $a_stats['admin_views_text'] = $a_stats['admin_beitrag_text'] = '';
}
// create $a_stats['admins']
$r_stats = thwb_query("SELECT userid, username FROM " . $pref . "user WHERE userisadmin = 1 AND usernodelete = 0 ORDER BY username ASC");
$a_stats['admins'] = '';
while ($datarow = mysql_fetch_array($r_stats)) {
$a_stats['admins'] .= '<a href="v_profile.php?userid=' . $datarow['userid'] . '" target="_blank">' . $datarow['username'] . '</a>, ';
}
$a_stats['admins'] = substr($a_stats['admins'], 0, -2);
mysql_free_result($r_stats);
unset($datarow);
// create $a_stats['uradmins']
$r_stats = thwb_query("SELECT userid, username FROM " . $pref . "user WHERE userisadmin = 1 AND usernodelete = 1 ORDER BY username ASC");
$a_stats['uradmins'] = '';
while ($datarow = mysql_fetch_array($r_stats)) {
$a_stats['uradmins'] .= '<a href="' . build_link('v_profile.php?userid=' . $datarow['userid']) . '" target="_blank">' . $datarow['username'] . '</a>, ';
}
$a_stats['uradmins'] = substr($a_stats['uradmins'], 0, -2);
mysql_free_result($r_stats);
unset($datarow);
// create $a_stats['newmember']
$r_stats = thwb_query("SELECT userid, username FROM " . $pref . "user ORDER BY userjoin DESC LIMIT 5");
$a_stats['newmember'] = '';
while ($datarow = mysql_fetch_array($r_stats)) {
$a_stats['newmember'] .= '<a href="' . build_link('v_profile.php?userid=' . $datarow['userid']) . '" target="_blank">' . $datarow['username'] . '</a>, ';
}
$a_stats['newmember'] = substr($a_stats['newmember'], 0, -2);
mysql_free_result($r_stats);
unset($datarow);
eval($t_stats->GetTemplate('stats'));
}
if ($imax > $pages) {
$imax = $pages;
}
for ($i; $i <= $imax; $i++) {
if ($i == $page) {
$pagesstring .= ">" . $i . "< ";
} else {
$pagesstring .= "[<a class=\"hefo\" href=\"" . build_link("memberlist.php?orderby={$orderby}&ordertype={$ordertype}&search=" . urlencode($search) . "&char={$char}&page={$i}") . "\">" . $i . "</a>] ";
}
}
// letzte seite
if ($page + PADDING < $pages) {
$pagesstring .= '... [<a class="hefo" href="' . build_link('memberlist.php?orderby=' . $orderby . '&char=' . $char . '&ordertype=' . $ordertype . '&search=' . urlencode($search) . '&page=' . $pages) . '">Letzte Seite</a>]';
}
$MEMBER_ROWS = '';
$r_user = thwb_query("SELECT userid, username, useremail, usericq, userhomepage, userjoin, userposts, userlocation,\n userhideemail, userlastpost FROM " . $pref . "user " . $where . " ORDER BY {$orderby} {$ordertype} LIMIT " . intval($page - 1) * $config['userperpage'] . ", " . $config['userperpage']);
if (!mysql_num_rows($r_user)) {
$MEMBER_ROWS = '<tr bgcolor="' . $style['CellA'] . '">
<td align="center" class="stdfont" colspan="8">Keine User gefunden!</td>
</tr>';
$pages = 1;
$pagesstring = ">1<";
} else {
while ($user = mysql_fetch_array($r_user)) {
$i % 2 == 0 ? $user['bgcolor'] = $style['CellA'] : ($user['bgcolor'] = $style['CellB']);
$user['userjoin'] = form_date($user['userjoin']);
$user['userlastpost'] = form_date($user['userlastpost']);
$user['userlocation'] = chopstring(parse_code($user['userlocation']), 50);
if ($user['userhomepage'] == "http://") {
$user['userhomepage'] = '';
}
$lastyear = $year - 1;
} else {
$lastyear = $year;
}
// Fetching all user bdays...
$a_birthdays = array();
$r_user = thwb_query("SELECT username, userid, userbday FROM " . $pref . "user\n WHERE SUBSTRING(userbday,6,2)=LPAD('{$month}',2,'0') AND userbday<>'00-00-0000'\n ORDER BY userbday, username");
while ($user = mysql_fetch_array($r_user)) {
$bday_year = $year - substr($user['userbday'], 0, 4);
if ($bday_year > 0) {
$a_birthdays[intval(substr($user['userbday'], 8, 2)) - 1][] = "<a href=\"" . build_link("v_profile.php?userid={$user['userid']}") . "\">{$user['username']}</a> ({$bday_year})";
}
}
// Fetching all events...
$a_events = array();
$r_events = thwb_query("SELECT * FROM " . $pref . "calendar\n WHERE eventtime>='{$year}-{$month}-01' AND eventtime<='{$year}-{$month}-{$lastday}'\n AND eventactive='1'\n ORDER BY eventtime, eventtext");
while ($event = mysql_fetch_array($r_events)) {
$a_events[intval(substr($event['eventtime'], 8, 2)) - 1][] = $event;
}
// Creating Eventbox
$eventbox = '';
$r_calendar = mysql_query("SELECT eventid, eventtime, eventsubject FROM " . $pref . "calendar WHERE eventtime >= '{$a_current['year']}-{$a_current['month']}-{$a_current['day']}' ORDER BY eventtime LIMIT 1");
if (mysql_num_rows($r_calendar) > 0) {
$calendar = mysql_fetch_array($r_calendar);
$calendar['eventtime'] = make_date($calendar['eventtime']);
$calendar['eventsubject'] = parse_code($calendar['eventsubject']);
eval($Tcaleventbox->GetTemplate('eventbox'));
}
$boxcount = $lastday + $firstday - 1;
if ($boxcount % 7 > 0) {
$boxcount += 7 - $boxcount % 7;
// Hier kann die maximale Anzahl der Avatar-Bilder pro
// Zeile eingestellt werden, einfach die vorgegebene
// Nummer durch die gewünschte Zahl ersetzen:
$maxpics = 5;
// ===================================================
define('THWB_NOSESSION_PAGE', true);
include "./inc/header.inc.php";
$navpath .= 'Alle Avatare auflisten';
$Tframe = new Template("templates/" . $style['styletemplate'] . "/frame.html");
$Tavatar = new Template("templates/" . $style['styletemplate'] . "/listavatar.html");
if (isset($sortbyname) && $sortbyname) {
$avatar_sort = "{$style['stdfont']}<a href=\"" . build_link("listavatar.php") . "\">Nach Avatar-Nummer sortieren</a>{$style['stdfontend']}";
$orderby = "avatarname";
} else {
$avatar_sort = "{$style['stdfont']}<a href=\"" . build_link("listavatar.php?sortbyname=1") . "\">Nach Namen sortieren</a>{$style['stdfontend']}";
$orderby = "avatarid";
}
$start = $e = 0;
$r_avatar = thwb_query("SELECT avatarid, avatarname, avatarurl FROM " . $pref . "avatar ORDER BY {$orderby}");
$avatar_rows = '';
while ($avatar_data = mysql_fetch_array($r_avatar)) {
$start++;
$avatar_rows .= "<td" . ($e % 2 == 0 ? ' bgcolor="' . $style['CellA'] . '"' : ' bgcolor="' . $style['CellB'] . '"') . "><img src=\"{$avatar_data['avatarurl']}\" border=\"0\"><br><b>" . $style['smallfont'] . "{$avatar_data['avatarid']}. {$avatar_data['avatarname']}</font></b></td>\n";
if ($start == $maxpics) {
$avatar_rows .= "</tr><tr>";
$start = 0;
$e++;
}
}
eval($Tavatar->GetTemplate("CONTENT"));
eval($Tframe->GetTemplate());
}
}
mysql_free_result($r_online);
$a_group = array();
$group_ids = '';
$r_group = thwb_query("SELECT\n groupid,\n title\n FROM\n {$pref}" . "group\n WHERE\n SUBSTRING(accessmask, " . (P_INTEAM + 1) . ", 1)\n ORDER BY\n titlepriority DESC");
if (mysql_num_rows($r_group) < 1) {
message('Info', 'Kein Staff vorhanden.');
}
while ($group = mysql_fetch_array($r_group)) {
$a_group[] = $group;
$group_ids .= "OR INSTR(groupids, ',{$group['groupid']},')>0 ";
}
$group_ids = substr($group_ids, 3);
$TEAMROWS = '';
$r_user = thwb_query("SELECT userid, username, useremail, userhideemail, usertitle, userinvisible, groupids FROM {$pref}" . "user WHERE {$group_ids} ORDER BY username ASC");
while ($user = mysql_fetch_array($r_user)) {
$user['username'] = parse_code($user['username']);
if ($user['usertitle']) {
$user['userlevel'] = $user['usertitle'];
} else {
// group titling..
reset($a_group);
while (list(, $group) = each($a_group)) {
if (strstr($user['groupids'], ',' . $group['groupid'] . ',')) {
$user['userlevel'] = $group['title'];
break;
}
}
}
$user['useremail'] = get_email($user, true);
} else {
$user['userage'] = (int) $user['userage'];
}
if ($user['usericq'] == 0) {
$user['usericq'] = "";
}
if ($config['showpostslevel'] == 0) {
$user['userposts'] = "- (Vom Administrator deaktiviert)";
} elseif ($config['showpostslevel'] == 1 && $g_user['userid'] != $user['userid']) {
if ($g_user['userisadmin']) {
$user['userposts'] = '- (Versteckt)' . $style['smallfont'] . ' [Admin: Postcount = ' . $user['userposts'] . ' ]' . $style['smallfontend'];
} else {
$user['userposts'] = '- (Versteckt)';
}
}
$user['useremail'] = get_email($user);
$user['username'] = parse_code($user['username']);
$user['userip'] = '';
if ($g_user['userisadmin']) {
$r_online = thwb_query("SELECT onlineip FROM {$pref}" . "online WHERE userid='{$user['userid']}' AND onlinetime > " . (time() - $config['session_timeout']));
if (mysql_num_rows($r_online) > 0) {
$online = mysql_fetch_array($r_online);
$user['userip'] = $style['smallfont'] . ' [Admin: IP = ' . $online['onlineip'] . ', Hostname = ' . gethostbyaddr($online['onlineip']) . ' ]' . $style['smallfontend'];
}
}
$user['useraim'] = parse_code($user['useraim']);
$user['usermsn'] = parse_code($user['usermsn']);
$userurlname = rawurlencode($user['username']);
$navpath .= 'Profilansicht';
eval($Tprofile->GetTemplate("CONTENT"));
eval($Tframe->GetTemplate());
* do not output anything, simply return the data to the parent page
**/
${$THWB_NEWS_OUTPUT} = parse_code($a_threads, 1);
} else {
if (empty($_GET['type']) || $_GET['type'] == 'html') {
/**
* html output
*
* ... and for that, we need $style set.
**/
if (!ALLOW_HTML) {
print '<pre><strong>Fehler</strong>
HTML-Ausgabe deaktiviert.</pre>';
exit;
}
$r_style = thwb_query("SELECT styleid, styletemplate, colorbg, color1, CellA, CellB, color4, colorbgfont, col_he_fo_font, color_err,\n col_link, col_link_v, col_link_hover, stdfont,\n boardimage, newtopicimage, border_col FROM\n " . $pref . "style WHERE styleisdefault=1");
$style = mysql_fetch_assoc($r_style);
$style['smallfont'] = '<span class="smallfont">';
$style['smallfontend'] = '</span>';
$style['font'] = $style['stdfont'];
$style['stdfont'] = '<span class="stdfont">';
$style['stdfontend'] = '</span>';
$TFrame = new Template($incpref . '/templates/default/thwbnews.html');
$Trow = new Template($incpref . '/templates/default/thwbnewsrow.html');
$CONTENT = '';
foreach ($a_threads as $post) {
$post['posttime'] = form_date($post['posttime']);
$post['posttext'] = parse_code($post['posttext'], 1, 1, 1);
eval($Trow->GetTemplate('CONTENT'));
}
eval($TFrame->GetTemplate());