stderr("Error", "Access denied.");
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($_POST["username"] == "" || $_POST["password"] == "" || $_POST["email"] == "") {
stderr("Error", "Missing form data.");
}
if ($_POST["password"] != $_POST["password2"]) {
stderr("Error", "Passwords mismatch.");
}
$email = htmlspecialchars(trim($_POST["email"]));
$email = safe_email($email);
if (!check_email($email)) {
stderr("Error", "Invalid email address!");
}
$username = $_POST["username"];
if (!validusername($username)) {
stderr("Error", "Invalid username.");
}
$username = sqlesc($username);
$res = sql_query("SELECT id FROM users WHERE username={$username}");
$arr = mysql_fetch_row($res);
if ($arr) {
stderr("Error", "Username already exists!");
}
$password = $_POST["password"];
$email = sqlesc($_POST["email"]);
$res = sql_query("SELECT id FROM users WHERE email={$email}");
$arr = mysql_fetch_row($res);
if ($arr) {
stderr("Error", "The e-mail address is already in use.");
}
$ycharge['setall2up_half_down'] = 3500 * $discount;
//50%下载&2X上传
$ycharge['top'] = 4000 * $discount * 10;
//置顶
if (!$action) {
print_r("<script type=\"text/javascript\" >alert(\"参数错误, 返回前一个页面\");window.history.back(-1);</script>");
echo "参数错误";
}
$userid = $CURUSER['id'];
$userbouns = (int) $CURUSER['seedbonus'];
// changename
if ($action == "changename") {
$charge = -1;
$newname = htmlspecialchars($_POST['newname']);
$oldname = $CURUSER['username'];
if (utf8_strlen($newname) > 14 || utf8_strlen($newname) < 4 || !validusername($newname)) {
echo "名字不符合要求";
die;
}
if ($newname == $oldname) {
echo "新旧用户名一样,无需更改";
die;
}
if ($res = sql_query("SELECT namecharge from bonusapp where userid ='" . $userid . "'") or sqlerr(__FILE__, __LINE__)) {
$row = mysql_fetch_array($res);
$charge = $row['namecharge'];
}
if ($charge <= 0) {
$charge = $changenamecharge;
if (preg_match("/^[\\d][\\d]*[\\d]\$/", $oldname)) {
$charge = $charge / 2;
if ($wantpassword != $passagain)
bark("Lykilorð passa ekki saman! Eflaust gert innsláttarvillu. Reyndu aftur.");
if (strlen($wantpassword) < 6)
bark("Lykilorð er of stutt (minnst má hafa 6 stafi)");
if (strlen($wantpassword) > 40)
bark("Lykilorð er of langt (mest má hafa 40 stafi)");
if ($wantpassword == $wantusername)
bark("Lykilorð má ekki vera sama og notandanafn.");
if (!validemail($email))
bark("Þetta lítur út fyrir að vera ógilt netfang.");
if (!validusername($wantusername))
bark("Ógilt notandanafn.");
// make sure user agrees to everything...
if ($HTTP_POST_VARS["rulesverify"] != "yes" || $HTTP_POST_VARS["faqverify"] != "yes" || $HTTP_POST_VARS["ageverify"] != "yes")
stderr("Skráning mistókst", "Því miður þá verðuru að staðfesta að þú hafir lesið reglurnar, munir lesa SOS áður en þú spyrð spurninga og sért 13 ára eða eldri.");
// check if email addy is already in use
$a = (@mysql_fetch_row(@mysql_query("select count(*) from users where email='$email'"))) or die(mysql_error());
if ($a[0] != 0)
bark("Netfangið $email er nú þegar skráð á listann hjá okkur.");
$invid = $_POST['invite'];
if(!$invid)
bark("Nauðsynlegt að skrá inn boðslykilinn");
$verifystring = verifystring($invid,'md5');
//=== end of takesendmessage script
//=== basic page :D
$receiver = isset($_GET['receiver']) ? intval($_GET['receiver']) : (isset($_POST['receiver']) ? intval($_POST['receiver']) : 0);
$replyto = isset($_GET['replyto']) ? intval($_GET['replyto']) : (isset($_POST['replyto']) ? intval($_POST['replyto']) : 0);
$returnto = htmlsafechars(isset($_POST['returnto']) ? $_POST['returnto'] : '');
if ($receiver === 0) {
stderr('Error', 'you can\'t PM Sys-Bot... It won\'t write you back!');
}
if (!is_valid_id($receiver)) {
stderr('Error', 'No member with that ID!');
}
$res_member = sql_query('SELECT username FROM users WHERE id = ' . sqlesc($receiver)) or sqlerr(__FILE__, __LINE__);
$arr_member = mysqli_fetch_row($res_member);
//=== if reply
if ($replyto != 0) {
if (!validusername($arr_member[0])) {
stderr('Error', 'No member with that ID!');
}
//=== make sure they should be replying to this PM...
$res_old_message = sql_query('SELECT receiver, sender, subject, msg FROM messages WHERE id = ' . sqlesc($replyto)) or sqlerr(__FILE__, __LINE__);
$arr_old_message = mysqli_fetch_assoc($res_old_message);
//print $arr_old_message['sender'];
//exit();
if ($arr_old_message['sender'] == $CURUSER['id']) {
stderr('Error', 'Slander, whose edge is sharper than the sword, whose tongue out venoms all the worms of Nile');
}
$body .= "\n\n\n-------- {$arr_member['0']} wrote: --------\n{$arr_old_message['msg']}\n";
$subject = 'Re: ' . htmlsafechars($arr_old_message['subject']);
}
//=== if preview or not replying
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
dbconn();
maxcoder();
if (!logged_in()) {
header("HTTP/1.0 404 Not Found");
// moddifed logginorreturn by retro//Remember to change the following line to match your server
print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n";
die;
}
if (get_user_class() < UC_ADMINISTRATOR) {
stderr("Smartass!", "What the hell are you doing here?");
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($_POST["username"] == "" || $_POST["password"] == "" || $_POST["email"] == "" || $_POST["class"] == "" || $_POST["seedbonus"] == "" || $_POST["modcomment"] == "") {
stderr("Error", "Missing form data.");
}
if (!validusername($_POST["username"])) {
stderr("Error", "Invalid username.");
}
if ($_POST["password"] != $_POST["password2"]) {
stderr("Error", "Passwords mismatch.");
}
if (!validemail($_POST['email'])) {
stderr("Error", "Not valid email");
}
$class = 0 + $_POST["class"];
$country = 0 + $_POST["country"];
$seedbonus = 0 + $_POST["seedbonus"];
$modcomment = $_POST["modcomment"];
$username = $_POST["username"];
$password = $_POST["password"];
// //// email stuff \\\\\\\\
if ($namelength < 3 or $namelength > 32) {
$HTMLOUT = "";
$HTMLOUT .= "<font color='#cc0000'>{$lang['takesignup_username_length']}</font>";
print $HTMLOUT;
exit;
}
// The following characters are allowed in user names
$allowedchars = $lang['takesignup_allowed_chars'];
for ($i = 0; $i < $namelength; ++$i) {
if (strpos($allowedchars, $username[$i]) === false) {
return false;
}
}
return true;
}
if (!validusername($_GET["wantusername"])) {
$HTMLOUT .= "<font color='#cc0000'>{$lang['takesignup_allowed_chars']}</font>";
print $HTMLOUT;
exit;
}
if (strlen($_GET["wantusername"]) > 12) {
$HTMLOUT .= "<font color='#cc0000'>{$lang['takesignup_username_length']}</font>";
print $HTMLOUT;
exit;
}
$checkname = sqlesc($_GET["wantusername"]);
$sql = "SELECT username FROM users WHERE username = {$checkname}";
$result = sql_query($sql);
$numbers = mysql_num_rows($result);
if ($numbers > 0) {
while ($namecheck = mysql_fetch_assoc($result)) {
//=== if this member has blocked the sender
$res2 = sql_query('SELECT id FROM blocks WHERE userid=' . sqlesc($to_username['id']) . ' AND blockid=' . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($res2) === 1) {
stderr('Refused', 'This member has blocked PMs from you.');
}
//=== finally if they only allow PMs from friends
if ($to_username['acceptpms'] === 'friends') {
$res2 = sql_query('SELECT * FROM friends WHERE userid=' . sqlesc($to_username['id']) . ' AND friendid=' . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($res2) != 1) {
stderr('Refused', 'This member only accepts PMs from members on their friends list.');
}
}
}
//=== ok... all is good... let's get the info and send it :D
$subject = htmlsafechars($_POST['subject']);
$first_from = validusername($_POST['first_from']) ? htmlsafechars($_POST['first_from']) : '';
$body = "\n\n" . $_POST['body'] . "\n\n-------- Original Message from [b]" . $first_from . "::[/b] \"" . htmlsafechars($message['subject']) . "\" -------------------------------------\n" . $message['msg'] . "\n";
sql_query('INSERT INTO `messages` (`sender`, `receiver`, `added`, `subject`, `msg`, `unread`, `location`, `saved`, `poster`, `urgent`)
VALUES (' . sqlesc($CURUSER['id']) . ', ' . sqlesc($to_username['id']) . ', ' . TIME_NOW . ', ' . sqlesc($subject) . ', ' . sqlesc($body) . ', \'yes\', 1, ' . sqlesc($save) . ', 0, ' . sqlesc($urgent) . ')') or sqlerr(__FILE__, __LINE__);
$mc1->delete_value('inbox_new_' . $to_username['id']);
$mc1->delete_value('inbox_new_sb_' . $to_username['id']);
//=== Check if message was forwarded
if (mysqli_affected_rows($GLOBALS["___mysqli_ston"]) === 0) {
stderr('Error', 'Message couldn\'t be forwarded!');
}
//=== if they just have to know about it right away... send them an email (if selected if profile)
if (strpos($to_username['notifs'], '[pm]') !== false) {
$username = htmlsafechars($CURUSER['username']);
$body = <<<EOD
You have received a PM from {$username}!
$draft = $message['msg'];
}
//=== print out the page
//echo stdhead('Use Draft');
$HTMLOUT .= '<h1>Use Draft: ' . $subject . '</h1>' . $top_links . $preview . '
<form name="compose" action="pm_system.php" method="post">
<input type="hidden" name="id" value="' . $pm_id . '" />
<input type="hidden" name="' . $save_or_edit . '" value="1" />
<input type="hidden" name="action" value="use_draft" />
<table border="0" cellspacing="0" cellpadding="5" align="center" style="max-width:800px">
<tr>
<td class="colhead" align="left" colspan="2">use draft</td>
</tr>
<tr>
<td align="right" class="one" valign="top"><span style="font-weight: bold;">To:</span></td>
<td align="left" class="one" valign="top"><input type="text" name="to" value="' . (isset($_POST['to']) && validusername($_POST['to'], FALSE) ? htmlsafechars($_POST['to']) : 'Enter Username') . '" class="member" onfocus="this.value=\'\';" />
[ enter the username of the member you would like to send this to ]</td>
</tr>
<tr>
<td class="one" valign="top" align="right"><span style="font-weight: bold;">Subject:</span></td>
<td class="one" valign="top" align="left"><input type="text" class="text_default" name="subject" value="' . $subject . '" /></td>
</tr>
<tr>
<td class="one" valign="top" align="right"><span style="font-weight: bold;">Body:</span></td>
<td class="one" valign="top" align="left">' . BBcode($draft, FALSE) . '</td>
</tr>
<tr>
<td colspan="2" align="center" class="one">' . ($CURUSER['class'] >= UC_STAFF ? '
<input type="checkbox" name="urgent" value="yes" ' . (isset($_POST['urgent']) && $_POST['urgent'] === 'yes' ? ' checked="checked"' : '') . ' />
<span style="font-weight: bold;color:red;">Mark as URGENT!</span>' : '') . '
<input type="submit" class="button" name="buttonval" value="preview" onmouseover="this.className=\'button_hover\'" onmouseout="this.className=\'button\'" />
}
//=== redirect back with messages :P
header('Location: pm_system.php?action=edit_mailboxes' . $worked);
die;
break;
//=== edit boxes
//=== edit boxes
case 'edit_boxes':
//=== get info
$res = sql_query('SELECT * FROM pmboxes WHERE userid=' . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($res) === 0) {
stderr($lang['pm_error'], $lang['pm_edmail_err1']);
}
while ($row = mysqli_fetch_assoc($res)) {
//=== if name different AND safe, update it
if (validusername($_POST['edit' . $row['id']]) && $_POST['edit' . $row['id']] !== '' && $_POST['edit' . $row['id']] !== $row['name']) {
$name = htmlsafechars($_POST['edit' . $row['id']]);
sql_query('UPDATE pmboxes SET name=' . sqlesc($name) . ' WHERE id=' . sqlesc($row['id']) . ' LIMIT 1') or sqlerr(__FILE__, __LINE__);
$mc1->delete_value('get_all_boxes' . $CURUSER['id']);
$mc1->delete_value('insertJumpTo' . $CURUSER['id']);
$worked = '&name=1';
}
//=== if name is empty, delete the box(es) and send the PMs back to the inbox..
if ($_POST['edit' . $row['id']] == '') {
//=== get messages to move
$remove_messages_res = sql_query('SELECT id FROM messages WHERE location=' . sqlesc($row['boxnumber']) . ' AND receiver=' . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
//== move the messages to the inbox
while ($remove_messages_arr = mysqli_fetch_assoc($remove_messages_res)) {
sql_query('UPDATE messages SET location=1 WHERE id=' . sqlesc($remove_messages_arr['id'])) or sqlerr(__FILE__, __LINE__);
}
//== delete the box
$draft = $message['msg'];
}
//=== print out the page
//echo stdhead('Use Draft');
$HTMLOUT .= '<h1>' . $lang['pm_usedraft'] . '' . $subject . '</h1>' . $top_links . $preview . '
<form name="compose" action="pm_system.php" method="post">
<input type="hidden" name="id" value="' . $pm_id . '" />
<input type="hidden" name="' . $save_or_edit . '" value="1" />
<input type="hidden" name="action" value="use_draft" />
33333333<table class="table table-striped">
<tr>
<td class="colhead" align="left" colspan="2">' . $lang['pm_usedraft1'] . '</td>
</tr>
<tr>
<td class="text-right" valign="top"><span style="font-weight: bold;">' . $lang['pm_forward_to'] . '</span></td>
<td class="text-left" valign="top"><input type="text" name="to" value="' . (isset($_POST['to']) && validusername($_POST['to'], false) ? htmlsafechars($_POST['to']) : $lang['pm_forward_user']) . '" class="member" onfocus="this.value=\'\';" />
' . $lang['pm_usedraft_usr'] . '</td>
</tr>
<tr>
<td class="text-right" valign="top"><span style="font-weight: bold;">' . $lang['pm_send_subject'] . '</span></td>
<td class="text-left" valign="top"><input type="text" class="text_default" name="subject" value="' . $subject . '" /></td>
</tr>
<tr>
<td class="text-right" valign="top"><span style="font-weight: bold;">' . $lang['pm_send_body'] . '</span></td>
<td class="text-left" valign="top">' . textbbcode('use_draft', 'body', $message['msg']) . '</td>
</tr>
<tr>
<td colspan="2" class="text-center">' . ($CURUSER['class'] >= UC_STAFF ? '
<input type="checkbox" name="urgent" value="yes" ' . (isset($_POST['urgent']) && $_POST['urgent'] === 'yes' ? ' checked="checked"' : '') . ' />
<span style="font-weight: bold;color:red;">' . $lang['pm_send_mark'] . '</span>' : '') . '
<input type="submit" class="button" name="buttonval" value="preview" onmouseover="this.className=\'button_hover\'" onmouseout="this.className=\'button\'" />
