if ($_POST['current_password'] || $_POST['new_password'] || $_POST['repeat_password']) {
notification($_LANG['cannot_modify_password'], $_SERVER['HTTP_REFERER'], 3);
die;
}
} else {
$pass = $userinfo['user_password'];
if (strcmp($pass, sha1(md5($_POST['current_password'])))) {
notification($_LANG['wrong_password'], $_SERVER['HTTP_REFERER'], 3);
die;
}
if (strcmp($_POST['new_password'], $_POST['repeat_password'])) {
notification($_LANG['not_matching_passwords'], $_SERVER['HTTP_REFERER'], 3);
die;
}
}
$db = new nullBB_Database($_CONF, $_LANG);
if ($edit_pass) {
$db->query('update ' . $_CONF['dbprefix'] . "users set user_password='******'new_password'])) . "' where user_id=" . $userinfo['user_id']);
}
if (strcmp($_POST['website'], $userinfo['user_website'])) {
$db->query('update ' . $_CONF['dbprefix'] . "users set user_website='" . sanitizeQuery($_POST['website']) . "' where user_id=" . $userinfo['user_id']);
}
if (strcmp($_POST['msn'], $userinfo['user_msn'])) {
$db->query('update ' . $_CONF['dbprefix'] . "users set user_msn='" . sanitizeQuery($_POST['msn']) . "' where user_id=" . $userinfo['user_id']);
}
if (strcmp($_POST['signature'], $userinfo['user_signature'])) {
if (strlen($_POST['signature']) > $_CONF['signature_max_len']) {
notification($_LANG['signature_too_long'] . '(max: ' . $_CONF['signature_max_len'] . ' bytes)', $_SERVER['HTTP_REFERER'], 3);
die;
}
$db->query('update ' . $_CONF['dbprefix'] . "users set user_signature='" . sanitizeQuery($_POST['signature']) . "' where user_id=" . $userinfo['user_id']);
* *
* This program is free software: you can redistribute it and/or modify it under the terms of the *
* GNU General Public License as published by the Free Software Foundation, either version 3 of *
* the License, or (at your option) any later version. This program is distributed in the hope *
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
**************************************************************************************************/
require_once '../config.ini';
require_once 'admin_head.' . PHPEXT;
if (!$_REQUEST['uid']) {
die;
}
$uid = getInt($_REQUEST['uid']);
$db = new nullBB_Database($_CONF, $_LANG);
$db->freeResult();
$results = $db->query('select * from ' . $_CONF['dbprefix'] . 'users where user_id=' . $uid);
$results = $results[0];
if (!$_POST['change']) {
?>
<form enctype="multipart/form-data" action="<?php
print $_SERVER['PHP_SELF'] . '?uid=' . $uid;
?>
" method="POST">
<table style="padding: 10px">
<tr>
<td class="registerfield">> <?php
print $_LANG['new_password'];
notification($_LANG['disabled_user'], $_SERVER['HTTP_REFERER'], 3);
die;
}
if (!isset($_POST['topic_id']) || !is_numeric($_POST['topic_id'])) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['invalid_topic'], $_SERVER['HTTP_REFERER'], 3);
die;
}
if (!$_POST['content'] || empty($_POST['content'])) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['empty_post'], $_SERVER['HTTP_REFERER'], 3);
die;
}
$topic_id = getInt($_POST['topic_id']);
$user_id = getInt($session->user_id);
$db = new nullBB_Database($_CONF, $_LANG);
$content = sanitizeQuery($_POST['content']);
$forum = $db->query('select forum_id from ' . $_CONF['dbprefix'] . 'topics where ' . 'topic_id = ' . $topic_id);
$db->freeResult();
if (empty($forum)) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['invalid_topic'], $_SERVER['HTTP_REFERER'], 3);
die;
}
$forum_id = getInt($forum[0]['forum_id']);
$ip = sanitizeQuery($_SERVER['REMOTE_ADDR']);
$so = sanitizeQuery(getSO($_SERVER['HTTP_USER_AGENT']));
$browser = sanitizeQuery(getBrowser($_SERVER['HTTP_USER_AGENT']));
$res = $db->query('select forum_postgroup from ' . $_CONF['dbprefix'] . 'forums where ' . "forum_id='" . $forum_id . "'");
$db->freeResult();
$forum_postgroup = getInt($res[0]['forum_postgroup']);
switch ($action) {
case 'new':
case 'delete':
case 'edit_name':
case 'edit_desc':
case 'edit_privs':
case 'move_up':
case 'move_down':
case 'view_privs':
break;
default:
die;
break;
}
$fid = getInt($_REQUEST['fid']);
$db = new nullBB_Database($_CONF, $_LANG);
switch ($action) {
case 'delete':
if (!$fid) {
die;
}
$db->query('delete from ' . $_CONF['dbprefix'] . 'posts where forum_id=' . $fid);
$db->query('delete from ' . $_CONF['dbprefix'] . 'topics where forum_id=' . $fid);
$db->query('delete from ' . $_CONF['dbprefix'] . 'forums where forum_id=' . $fid);
break;
case 'new':
$name = sanitizeQuery($_REQUEST['forum_name']);
$desc = sanitizeQuery($_REQUEST['forum_desc']);
if (!$name || !$desc) {
die;
}
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
**************************************************************************************************/
require_once './config.ini';
require_once ABSOLUTE_BASEPATH . '/languages/' . BOARD_LANGUAGE . '.lang';
require_once ABSOLUTE_BASEPATH . '/utils.' . PHPEXT;
require_once ABSOLUTE_BASEPATH . '/db.' . PHPEXT;
if (!($_POST['username'] && $_POST['password'])) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['wrong_user_pass'], $_SERVER['HTTP_REFERER'], 3);
die;
} else {
$user = addslashes(strtolower($_POST['username']));
$pass = sha1(md5($_POST['password']));
$db = new nullBB_Database($_CONF, $_LANG);
$res = $db->query('select * from ' . $_CONF['dbprefix'] . "users where username='******' and user_password='******'");
$db->freeResult();
$db->close();
if (empty($res)) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['wrong_user_pass'], $_SERVER['HTTP_REFERER'], 3);
die;
} else {
unset($res);
require_once ABSOLUTE_BASEPATH . '/session.' . PHPEXT;
$session = new nullBB_Session(array('username' => $user), $_CONF, $_LANG);
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['login_ok'] . ' ' . sanitizeHTML($user), $_SERVER['HTTP_REFERER'], 3);
die;
}
* *
* This program is free software: you can redistribute it and/or modify it under the terms of the *
* GNU General Public License as published by the Free Software Foundation, either version 3 of *
* the License, or (at your option) any later version. This program is distributed in the hope *
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
**************************************************************************************************/
require_once './config.ini';
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
if (!$session->logged) {
notification($_LANG['not_logged_in'], $_SERVER['HTTP_REFERER'], 3);
die;
}
$db = new nullBB_Database($_CONF, $_LANG);
if ($_POST['postMsg']) {
if (!$_POST['subject'] || !$_POST['content'] || !$_POST['recv_id']) {
notification($_LANG['no_info_specified'], $_SERVER['HTTP_REFERER'], 3);
die;
}
if (preg_match('/^\\s+$/', $_POST['subject']) || preg_match('/^\\s+/', $_POST['content'])) {
notification($_LANG['no_info_specified'], $_SERVER['HTTP_REFERER'], 3);
die;
}
$subject = sanitizeQuery($_POST['subject']);
$content = sanitizeQuery($_POST['content']);
$recv_id = getInt($_POST['recv_id']);
$send_id = getInt($userinfo['user_id']);
$db->query('insert into ' . $_CONF['dbprefix'] . 'privmsgs(privmsg_subject, ' . 'privmsg_from, privmsg_to, privmsg_date, privmsg_ip, privmsg_seen, privmsg_content) values(' . "'" . $subject . "', " . $send_id . ", " . $recv_id . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', 0, '" . $content . "')");
$db->freeResult();
* the License, or (at your option) any later version. This program is distributed in the hope *
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
**************************************************************************************************/
require_once './config.ini';
require_once ABSOLUTE_BASEPATH . '/languages/' . BOARD_LANGUAGE . '.lang';
require_once ABSOLUTE_BASEPATH . '/db.' . PHPEXT;
require_once ABSOLUTE_BASEPATH . '/utils.' . PHPEXT;
require_once ABSOLUTE_BASEPATH . '/session.' . PHPEXT;
if (empty($_REQUEST['post_id']) || !$session->logged) {
notification("Invalid request", $_SERVER['HTTP_REFERER'], 3);
die;
}
$db = new nullBB_Database($_CONF, $_LANG);
$post_id = getInt($_REQUEST['post_id']);
$res = $db->query('select * from ' . $_CONF['dbprefix'] . 'posts where post_id=' . $post_id);
$db->freeResult();
if (empty($res)) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['no_posts'], $_SERVER['HTTP_REFERER'], 3);
die;
}
$topic_id = getInt($res[0]['topic_id']);
$poster_id = getInt($res[0]['poster_id']);
$post_time = getInt($res[0]['post_time']);
unset($res);
if ($_GET['delete']) {
if (!$session->logged) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
/**************************************************************************************************
* nullBB - Light CMS forum *
* Copyright (C) 2009, BlackLight *
* *
* This program is free software: you can redistribute it and/or modify it under the terms of the *
* GNU General Public License as published by the Free Software Foundation, either version 3 of *
* the License, or (at your option) any later version. This program is distributed in the hope *
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
**************************************************************************************************/
require_once '../config.ini';
require_once 'admin_head.' . PHPEXT;
header('Content-type: text/sql');
$db = new nullBB_Database($_CONF, $_LANG);
$tables = $db->query('SHOW TABLES');
$views = array();
foreach ($tables as $td) {
$table = $td[key($td)];
$r = $db->query("SHOW CREATE TABLE `{$table}`");
if (!empty($r)) {
$insert_sql = "";
if (!strcasecmp(key($r[0]), 'View')) {
array_push($views, $r[0][key($r[0])]);
} else {
$SQL .= "DROP TABLE IF EXISTS `{$table}`;\n";
next($r[0]);
$d = $r[0][key($r[0])] . ";";
$SQL .= str_replace("\n", "", $d) . "\n";
$table_query = $db->query("SELECT * FROM `{$table}`");
if (!$session->logged) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['insufficient_privileges'], $_SERVER['HTTP_REFERER'], 3);
die;
}
$db = new nullBB_Database($_CONF, $_LANG);
$post_id = getInt($_GET['post_id']);
$res = $db->query('select poster_id from ' . $_CONF['dbprefix'] . 'posts where post_id=' . $post_id);
$db->freeResult();
$poster_id = getInt($res[0]['poster_id']);
if ($userinfo['user_group'] > USERLEV_MOD && $userinfo['user_id'] != $poster_id) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['insufficient_privileges'], $_SERVER['HTTP_REFERER'], 3);
die;
}
$res = $db->query('select poster_ip from ' . $_CONF['dbprefix'] . 'posts where post_id=' . $post_id);
$db->freeResult();
$addr = sanitizeHTML($res[0]['poster_ip']);
print $addr;
unset($res);
exit(0);
}
$db = new nullBB_Database($_CONF, $_LANG);
$res = $db->query('select post_content from ' . $_CONF['dbprefix'] . 'posts ' . "where post_id='" . getInt($_GET['post_id']) . "'");
$db->freeResult();
print htmlspecialchars($res[0]['post_content']);
unset($res);
$db->close();
?>
function destroy()
{
if (!$this->session_id) {
return;
}
setcookie('sid', '', time(), BASEDIR);
setcookie('lasttime', time(), time() + 60 * 60 * 24 * 365, BASEDIR);
$this->logged = false;
$db = new nullBB_Database($this->_CONF, $this->_LANG);
$db->query('delete from ' . $this->_CONF['dbprefix'] . "sessions where session_id='" . addslashes($this->session_id) . "'");
$db->freeResult();
$db->close();
}
}
if ($_GET['del']) {
$db = new nullBB_Database($_CONF, $_LANG);
$res = $db->query('select * from ' . $_CONF['dbprefix'] . 'privmsgs ' . "where privmsg_id=" . getInt($_GET['msg_id']) . " and privmsg_to=" . getInt($userinfo['user_id']));
$db->freeResult();
if (empty($res)) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['privmsg_not_found'], $_SERVER['HTTP_REFERER'], 3);
die;
}
$db->query('delete from ' . $_CONF['dbprefix'] . 'privmsgs where privmsg_id=' . getInt($_GET['msg_id']) . ' ' . 'and privmsg_to=' . getInt($userinfo['user_id']));
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['delete_privmsg_ok'], $_SERVER['HTTP_REFERER'], 3);
die;
}
$db = new nullBB_Database($_CONF, $_LANG);
$res = $db->query('select * from ' . $_CONF['dbprefix'] . 'privmsgs ' . "where privmsg_id=" . getInt($_GET['msg_id']) . " and privmsg_to=" . getInt($userinfo['user_id']));
$db->freeResult();
if (empty($res)) {
print $_LANG['privmsg_not_found'];
die;
}
$res = $res[0];
if ($res['privmsg_seen'] == false) {
$db->query('update ' . $_CONF['dbprefix'] . 'privmsgs set privmsg_seen=1 ' . 'where privmsg_id=' . getInt($_GET['msg_id']) . ' and privmsg_to=' . getInt($userinfo['user_id']));
}
$from = $db->query('select username from ' . $_CONF['dbprefix'] . 'users where user_id=' . getInt($res['privmsg_from']));
$db->freeResult();
$from = sanitizeHTML($from[0]['username']);
$to = sanitizeHTML($userinfo['username']);
$content = bb2html($res['privmsg_content']);
* the License, or (at your option) any later version. This program is distributed in the hope *
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
**************************************************************************************************/
if ($_REQUEST['admin_username'] && $_REQUEST['admin_password'] && $_REQUEST['admin_password_again'] && $_REQUEST['admin_email']) {
$user = sanitizeQuery($_REQUEST['admin_username']);
$pass = $_REQUEST['admin_password'];
$passagain = $_REQUEST['admin_password_again'];
$email = sanitizeQuery($_REQUEST['admin_email']);
if ($pass != $passagain) {
die($_LANG['not_matching_passwords']);
}
$sql = "drop table if exists " . $_CONF["dbprefix"] . "forums;\n" . "drop table if exists " . $_CONF["dbprefix"] . "topics;\n" . "drop table if exists " . $_CONF["dbprefix"] . "posts;\n" . "drop table if exists " . $_CONF["dbprefix"] . "privmsgs;\n" . "drop table if exists " . $_CONF["dbprefix"] . "users;\n" . "drop table if exists " . $_CONF["dbprefix"] . "sessions;\n" . "drop table if exists " . $_CONF["dbprefix"] . "karma;\n" . "drop table if exists " . $_CONF["dbprefix"] . "groups;\n" . "drop table if exists " . $_CONF["dbprefix"] . "viewtopics;\n" . "\n" . "drop view if exists " . $_CONF["dbprefix"] . "newtopics;\n" . "\n" . "drop trigger if exists insTopic;\n" . "drop trigger if exists insPost;\n" . "drop trigger if exists delPost;\n" . "drop trigger if exists delUser;\n" . "drop trigger if exists delTopic;\n" . "\n" . "create table " . $_CONF["dbprefix"] . "forums(\n" . "forum_id \t\t\tinteger unsigned not null auto_increment,\n" . "forum_name \t\tvarchar(150),\n" . "forum_desc \t\ttext,\n" . "forum_posts \t\tinteger unsigned default 0,\n" . "forum_topics \t\tinteger unsigned default 0,\n" . "forum_lasttopic \tinteger unsigned not null default 0,\n" . "forum_lastpost \tinteger unsigned not null default 0,\n" . "forum_lasttime \tinteger unsigned not null default 0,\n" . "forum_viewgroup \tsmallint default 20 not null,\n" . "forum_postgroup \tsmallint default 10 not null,\n" . "forum_vieworder \tinteger unsigned not null default 0,\n" . "\n" . "primary key(forum_id),\n" . "foreign key(forum_lasttopic) \treferences " . $_CONF["dbprefix"] . "topics(topic_id),\n" . "foreign key(forum_lastpost) \treferences " . $_CONF["dbprefix"] . "posts(post_id),\n" . "foreign key(forum_lasttime) \treferences " . $_CONF["dbprefix"] . "posts(post_time),\n" . "foreign key(forum_viewgroup) \treferences " . $_CONF["dbprefix"] . "groups(group_id),\n" . "foreign key(forum_postgroup) \treferences " . $_CONF["dbprefix"] . "groups(group_id)\n" . ");\n" . "\n" . "create table " . $_CONF["dbprefix"] . "topics(\n" . "topic_id \t\t\tinteger unsigned not null auto_increment,\n" . "forum_id \t\t\tinteger unsigned not null,\n" . "topic_title \t\tvarchar(128),\n" . "topic_poster \t\tinteger unsigned not null,\n" . "topic_time \t\tinteger unsigned default 0,\n" . "topic_replies \t\tinteger unsigned default 0,\n" . "topic_lastreply \tinteger unsigned not null default 0,\n" . "topic_disabled \tboolean default 0 not null,\n" . "topic_sticked \t\tboolean default 0 not null,\n" . "\n" . "primary key(topic_id),\n" . "foreign key(forum_id) \t\treferences " . $_CONF["dbprefix"] . "forums(forum_id),\n" . "foreign key(topic_poster) \treferences " . $_CONF["dbprefix"] . "users(user_id),\n" . "foreign key(topic_lastreply) \treferences " . $_CONF["dbprefix"] . "posts(post_id)\n" . ");\n" . "\n" . "create table " . $_CONF["dbprefix"] . "posts(\n" . "post_id \t\t\tinteger unsigned not null auto_increment,\n" . "topic_id \t\t\tinteger unsigned not null,\n" . "forum_id \t\t\tinteger unsigned not null,\n" . "poster_id \t\tinteger unsigned not null,\n" . "poster_ip \t\tvarchar(40) not null,\n" . "poster_so \t\tvarchar(64),\n" . "poster_browser \tvarchar(64),\n" . "post_time \t\tinteger unsigned default 0,\n" . "post_content \t\ttext,\n" . "post_lastedit_date \tinteger unsigned default null,\n" . "post_lastedit_user \tinteger unsigned default null,\n" . "\n" . "primary key(post_id),\n" . "foreign key(topic_id) \t\treferences " . $_CONF["dbprefix"] . "topics(topic_id),\n" . "foreign key(forum_id) \t\treferences " . $_CONF["dbprefix"] . "forums(forum_id),\n" . "foreign key(poster_id) \t\treferences " . $_CONF["dbprefix"] . "useres(user_id)\n" . ");\n" . "\n" . "create table " . $_CONF["dbprefix"] . "privmsgs(\n" . "privmsg_id \t\tinteger unsigned not null auto_increment,\n" . "privmsg_subject \tvarchar(255),\n" . "privmsg_from \t\tinteger unsigned not null,\n" . "privmsg_to \t\tinteger unsigned not null,\n" . "privmsg_date \t\tinteger unsigned not null,\n" . "privmsg_ip \t\tvarchar(40) not null,\n" . "privmsg_seen \t\tboolean default 0,\n" . "privmsg_content \ttext,\n" . "\n" . "primary key(privmsg_id),\n" . "foreign key(privmsg_from) \treferences " . $_CONF["dbprefix"] . "users(user_id),\n" . "foreign key(privmsg_to) \treferences " . $_CONF["dbprefix"] . "users(user_id)\n" . ");\n" . "\n" . "create table " . $_CONF["dbprefix"] . "users(\n" . "user_id \t\t\tinteger unsigned not null auto_increment,\n" . "username \t\t\tvarchar(25) unique not null,\n" . "user_password \t\tvarchar(60) not null,\n" . "user_posts \t\tinteger unsigned default 0 not null,\n" . "user_email \t\tvarchar(60) unique not null,\n" . "user_website \t\tvarchar(60),\n" . "user_msn \t\t\tvarchar(60),\n" . "user_karma \t\tinteger default 0 not null,\n" . "user_regtime \t\tinteger unsigned default 0 not null,\n" . "user_disabled \t\tboolean default false not null,\n" . "user_group \t\tsmallint default 10 not null,\n" . "user_signature \ttext,\n" . "user_avatar \t\ttext,\n" . "user_viewavatars \tboolean default 0,\n" . "user_theme \t\tvarchar(60) default '" . $_CONF['theme'] . "',\n" . "user_language \tvarchar(50) default '" . BOARD_LANGUAGE . "',\n" . "\n" . "primary key(user_id),\n" . "foreign key(user_group) references " . $_CONF["dbprefix"] . "groups(group_id)\n" . ");\n" . "\n" . "create table " . $_CONF["dbprefix"] . "sessions(\n" . "session_id \t\tvarchar(60) not null,\n" . "user_id \t\t\tinteger unsigned not null,\n" . "session_time \t\tinteger unsigned default 0 not null,\n" . "session_lasttime \tinteger unsigned default 0 not null,\n" . "\n" . "primary key(session_id),\n" . "foreign key(user_id) \t\treferences " . $_CONF["dbprefix"] . "users(user_id)\n" . ");\n" . "\n" . "create table " . $_CONF["dbprefix"] . "karma(\n" . "user_id \t\t\tinteger unsigned default 0 not null,\n" . "voter \t\t\tinteger unsigned default 0 not null,\n" . "vote \t\t\tinteger default 0,\n" . "\n" . "primary key(user_id, voter),\n" . "foreign key(user_id) \t\treferences " . $_CONF["dbprefix"] . "karma(user_id),\n" . "foreign key(voter) \t\t\treferences " . $_CONF["dbprefix"] . "karma(voter)\n" . ");\n" . "\n" . "create table " . $_CONF["dbprefix"] . "groups(\n" . "group_id \t\t\tsmallint not null,\n" . "group_name \t\tvarchar(20),\n" . "primary key(group_id)\n" . ");\n" . "\n" . "create table " . $_CONF["dbprefix"] . "viewtopics(\n" . "user_id \t\t\tinteger unsigned not null,\n" . "topic_id \t\t\tinteger unsigned not null,\n" . "viewtime \t\t\tinteger unsigned not null,\n" . "\n" . "primary key(user_id, topic_id),\n" . "foreign key(user_id) references " . $_CONF["dbprefix"] . "users(user_id),\n" . "foreign key(topic_id) references " . $_CONF["dbprefix"] . "topics(topic_id)\n" . ");\n" . "\n" . "create view " . $_CONF["dbprefix"] . "newtopics\n" . "as\n" . "select f.forum_id, f.forum_name, t.topic_id, t.topic_title, t.topic_lastreply,\n" . "p.poster_id, u.username as last_poster, p.post_time\n" . "from " . $_CONF["dbprefix"] . "forums f join " . $_CONF["dbprefix"] . "topics t join " . $_CONF["dbprefix"] . "posts p join " . $_CONF["dbprefix"] . "users u\n" . "on f.forum_id=t.forum_id\n" . "and f.forum_id=p.forum_id\n" . "and p.topic_id=t.topic_id\n" . "and t.topic_lastreply=p.post_id\n" . "and p.poster_id=u.user_id\n" . "where p.post_id=t.topic_lastreply\n" . "order by p.post_time desc;\n" . "insert into " . $_CONF["dbprefix"] . "groups(group_id, group_name) values(" . USERLEV_GOD . ", 'God');\n" . "insert into " . $_CONF["dbprefix"] . "groups(group_id, group_name) values(" . USERLEV_ADMIN . ", 'Admin');\n" . "insert into " . $_CONF["dbprefix"] . "groups(group_id, group_name) values(" . USERLEV_GLOBALMOD . ", 'Global mod');\n" . "insert into " . $_CONF["dbprefix"] . "groups(group_id, group_name) values(" . USERLEV_MOD . ", 'Mod');\n" . "insert into " . $_CONF["dbprefix"] . "groups(group_id, group_name) values(" . USERLEV_USER . ", 'User');\n" . "insert into " . $_CONF["dbprefix"] . "groups(group_id, group_name) values(" . USERLEV_ANY . ", 'Any');\n" . "insert into " . $_CONF["dbprefix"] . "groups(group_id, group_name) values(" . USERLEV_BANNED . ", 'Banned');\n" . "insert into " . $_CONF["dbprefix"] . "users(user_id, username, user_password, user_group, user_regtime, user_email) values(1,'" . $user . "', '" . sha1(md5($pass)) . "', '" . USERLEV_GOD . "', '" . time() . "', '{$email}')\n";
$db = new nullBB_Database($_CONF, $_LANG);
foreach (explode(';', $sql) as $query) {
$db->query(trim($query));
}
$sql = "create trigger insTopic\n" . "after insert\n" . "on " . $_CONF["dbprefix"] . "topics\n" . "for each row\n" . "begin\n" . "select forum_topics into @num from " . $_CONF["dbprefix"] . "forums where forum_id = new.forum_id;\n" . "update " . $_CONF["dbprefix"] . "forums set forum_topics = @num + 1 where forum_id = new.forum_id;\n" . "update " . $_CONF["dbprefix"] . "forums set forum_lasttopic = new.topic_id where forum_id = new.forum_id;\n" . "end;";
$db->query($sql);
$sql = "create trigger insPost\n" . "after insert\n" . "on " . $_CONF["dbprefix"] . "posts\n" . "for each row\n" . "begin\n" . "select forum_posts into @num from " . $_CONF["dbprefix"] . "forums where forum_id = new.forum_id;\n" . "update " . $_CONF["dbprefix"] . "forums set forum_posts = @num + 1 where forum_id = new.forum_id;\n" . "select topic_replies into @num from " . $_CONF["dbprefix"] . "topics where topic_id = new.topic_id;\n" . "update " . $_CONF["dbprefix"] . "topics set topic_replies = @num + 1 where topic_id = new.topic_id;\n" . "select user_posts into @num from " . $_CONF["dbprefix"] . "users where user_id = new.poster_id;\n" . "update " . $_CONF["dbprefix"] . "users set user_posts = @num + 1 where user_id = new.poster_id;\n" . "update " . $_CONF["dbprefix"] . "topics set topic_lastreply = new.post_id where topic_id = new.topic_id;\n" . "update " . $_CONF["dbprefix"] . "forums set forum_lastpost = new.post_id where forum_id = new.forum_id;\n" . "update " . $_CONF["dbprefix"] . "forums set forum_lasttime = new.post_time where forum_id = new.forum_id;\n" . "end;";
$db->query($sql);
$sql = "create trigger delUser\n" . "after delete\n" . "on " . $_CONF["dbprefix"] . "users\n" . "for each row\n" . "begin\n" . "update " . $_CONF["dbprefix"] . "topics set topic_poster=0 where topic_poster=old.user_id;\n" . "update " . $_CONF["dbprefix"] . "posts set poster_id=0 where poster_id=old.user_id;\n" . "end;\n";
$db->query($sql);
/* DUMP, STUPID, ASSHOLE MySQL
* The delTopic trigger is not accepted if executed via MySQL query, while it is if you
* dump it to an SQL file and just pass it to your database. This is the MySQL error
* message I get on my system if I try to uncomment these lines:
* "This version of MySQL doesn't yet support 'multiple triggers with the same action time and event for one table'"
* That's just meaningless, and a big big bug in MySQL. If your MySQL version is not prone
* nullBB - Light CMS forum *
* Copyright (C) 2009, BlackLight *
* *
* This program is free software: you can redistribute it and/or modify it under the terms of the *
* GNU General Public License as published by the Free Software Foundation, either version 3 of *
* the License, or (at your option) any later version. This program is distributed in the hope *
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
**************************************************************************************************/
require_once './config.ini';
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
$page = $_GET['page'] ? getInt($_GET['page']) : 1;
$start = ($page - 1) * 10;
$db = new nullBB_Database($_CONF, $_LANG);
$res = $db->query('select * from ' . $_CONF['dbprefix'] . "users order by user_regtime limit {$start},10");
$db->freeResult();
$num = $db->query('select count(*) as num from ' . $_CONF['dbprefix'] . 'users');
$db->freeResult();
$num = getInt($num[0]['num']);
?>
<center>
> <a class="topicHead" href="<?php
print BASEDIR;
?>
"><?php
print $_CONF['title'];
?>
home</a>
* this program. If not, see <http://www.gnu.org/licenses/>. *
**************************************************************************************************/
require_once './config.ini';
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
?>
<table class="main">
<?php
if (!isset($_GET['id'])) {
print '<tr class="forums"><td class="forums">' . $_LANG['invalid_forum'] . '</td></tr>';
print '</table></body></html>';
exit(0);
}
$id = getInt($_GET['id']);
$db = new nullBB_Database($_CONF, $_LANG);
$res = $db->query('select forum_viewgroup from ' . $_CONF['dbprefix'] . 'forums where ' . "forum_id='" . $id . "'");
$db->freeResult();
$forum_viewgroup = getInt($res[0]['forum_viewgroup']);
unset($res);
if ($forum_viewgroup < USERLEV_ANY) {
if (!$session->logged) {
notification($_LANG['insufficient_privileges'], $_SERVER['HTTP_REFERER'], 3);
die;
}
if ($userinfo['user_group'] > $forum_viewgroup) {
notification($_LANG['insufficient_privileges'], $_SERVER['HTTP_REFERER'], 3);
die;
}
}
$res = $db->query("select forum_name from " . $_CONF['dbprefix'] . "forums where forum_id='{$id}'");
onMouseUp="disableContextMenu()">
<div class="container">
<?php
?>
<h1 class="maintitle" align="center"><a class="maintitle" href="/"><?php
print $_CONF['headname'];
?>
</a></h1><br>
<center><span style="font-size: 9px"><?php
print $_LANG['right_click_menu'];
?>
</span></center>
<br><br>
<?php
if ($session->logged) {
$db = new nullBB_Database($_CONF, $_LANG);
$res = $db->query('select count(*) as num from ' . $_CONF['dbprefix'] . 'privmsgs where privmsg_to=' . getInt($userinfo['user_id']) . ' and ' . 'privmsg_seen=0');
$db->freeResult();
$num = getInt($res[0]['num']);
if ($num > 0) {
print '<script language="javascript" type="text/javascript">alert(' . "'You have " . $num . " unread messages');</script>";
}
$db->close();
}
?>
* the License, or (at your option) any later version. This program is distributed in the hope *
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
**************************************************************************************************/
require_once './config.ini';
require_once ABSOLUTE_BASEPATH . '/languages/' . BOARD_LANGUAGE . '.lang';
require_once ABSOLUTE_BASEPATH . '/utils.' . PHPEXT;
require_once ABSOLUTE_BASEPATH . '/session.' . PHPEXT;
if ($_POST['username']) {
if (!($_POST['password'] && $_POST['repeat_password'] && $_POST['email'] && $_POST['input_captcha'] && $_POST['captcha'])) {
notification($_LANG['no_mandatory_fields'], $_SERVER['HTTP_REFERER'], 3);
die;
}
$db = new nullBB_Database($_CONF, $_LANG);
$user = sanitizeQuery(strtolower($_POST['username']));
$pass = $_POST['password'];
$repeat_pass = $_POST['repeat_password'];
if (strlen($user) > 25) {
notification($_LANG['username_too_long'], $_SERVER['HTTP_REFERER'], 3);
die;
}
if (strstr($user, "'")) {
notification($_LANG['username_invalid_character'], $_SERVER['HTTP_REFERER'], 3);
die;
}
if (strcmp($pass, $repeat_pass)) {
notification($_LANG['not_matching_passwords'], $_SERVER['HTTP_REFERER'], 3);
die;
}
**************************************************************************************************/
require_once '../config.ini';
require_once 'admin_head.' . PHPEXT;
$action = $_REQUEST['action'];
switch ($action) {
case 'new':
case 'delete':
case 'edit_name':
break;
default:
die;
break;
}
$defaultGroups = array(USERLEV_GOD, USERLEV_ADMIN, USERLEV_GLOBALMOD, USERLEV_MOD, USERLEV_USER, USERLEV_ANY, USERLEV_BANNED);
$gid = getInt($_REQUEST['gid']);
$db = new nullBB_Database($_CONF, $_LANG);
switch ($action) {
case 'delete':
if (in_array($gid, $default_groups)) {
print '<script>alert("' . $_LANG['no_delete_default_group'] . '")</script>' . '<meta http-equiv="Refresh" value="0;url=' . $_SERVER['HTTP_REFERER'] . '">';
die;
}
$db->query('update ' . $_CONF['dbprefix'] . 'users set user_group=' . USERLEV_USER . ' where user_group=' . $gid);
$db->query('delete from ' . $_CONF['dbprefix'] . 'groups where group_id=' . $gid);
header('Location: ' . $_SERVER['HTTP_REFERER']);
break;
case 'new':
$name = sanitizeQuery($_REQUEST['group_name']);
if (!$name) {
die;
}
</table><br>
<center>
<input type="submit" name="search" value="<?php
print $_LANG['search'];
?>
">
</center><br></div>
<?php
} else {
if (!$_POST['search_string'] && !$_POST['search_author']) {
notification($_LANG['insufficient_search_parameters'], $_SERVER['HTTP_REFERER'], 3);
die;
}
$db = new nullBB_Database($_CONF, $_LANG);
if ($_POST['search_string']) {
$string = sanitizeQuery($_POST['search_string']);
}
if ($_POST['search_author']) {
if ($_POST['search_author'] == '*') {
$_POST['search_author'] = null;
} else {
$author = sanitizeQuery($_POST['search_author']);
$author = str_replace('*', '%', $author);
}
}
if ($string && $author) {
$res = $db->query('select f.forum_id, t.topic_id, p.post_id, u_topic.user_id as topic_user_id, u_post.user_id as post_user_id, p.post_time, forum_name, topic_title, u_topic.username as topic_author, u_post.username as post_author, topic_replies from ' . $_CONF['dbprefix'] . 'users u_topic join ' . $_CONF['dbprefix'] . 'forums f join ' . $_CONF['dbprefix'] . 'posts p join ' . $_CONF['dbprefix'] . 'topics t join ' . $_CONF['dbprefix'] . 'users u_post on f.forum_id=t.forum_id and p.topic_id=t.topic_id and p.forum_id=f.forum_id ' . "and p.poster_id=u_post.user_id and t.topic_poster=u_topic.user_id where post_content like '%" . $string . "%' " . "and u_post.username like '" . $author . "' order by p.post_time desc");
} else {
if (!$author) {
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
**************************************************************************************************/
require_once './config.ini';
require_once ABSOLUTE_BASEPATH . '/languages/' . BOARD_LANGUAGE . '.lang';
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
?>
<?php
if (!isset($_GET['user'])) {
notification($_LANG['no_user'], $_SERVER['HTTP_REFERER'], 3);
die;
}
$user = getInt($_GET['user']);
$db = new nullBB_Database($_CONF, $_LANG);
if (isset($_GET['vote'])) {
if ($_GET['vote'] == 'plus') {
$vote = 1;
} else {
if ($_GET['vote'] == 'minus') {
$vote = -1;
} else {
notification($_LANG['invalid_vote'], $_SERVER['HTTP_REFERER'], 3);
die;
}
}
if (!$session->logged) {
notification($_LANG['not_logged_in'], $_SERVER['HTTP_REFERER'], 3);
die;
}
break;
case 'forum':
require_once ABSOLUTE_BASEPATH . '/db.' . PHPEXT;
$db = new nullBB_Database($_CONF, $_LANG);
$res = $db->query('select forum_id, forum_name, forum_desc from ' . $_CONF['dbprefix'] . 'forums ' . 'order by forum_vieworder');
$db->freeResult();
print '<a href="javascript:newForum()" style="padding-left: 10px">' . $_LANG['new_forum'] . '</a><br>' . '<form action="editforum.' . PHPEXT . '?action=new" method="POST">' . '<div id="newforum" style="padding-left: 10px"></div><br>' . '</form>' . '<table class="forumlist">' . "\n";
foreach ($res as $row) {
print '<tr class="forumlist">' . '<td class="forumlist">' . '<span id="name' . getInt($row['forum_id']) . '">' . '<a href="/forum/' . getInt($row['forum_id']) . '">' . sanitizeHTML($row['forum_name']) . '</a></span><br>' . '<span id="desc' . getInt($row['forum_id']) . '">' . sanitizeHTML($row['forum_desc']) . '</span></td>' . '<td class="forumlist" style="text-align: right">' . '<select id="' . $row['forum_id'] . '" name="forumaction" value="none" onChange="editForum(this)">' . '<option value="none">-- ' . $_LANG['choose_action'] . '</option>' . '<option value="delete">' . $_LANG['remove_forum'] . '</option>' . '<option value="move_up">' . $_LANG['move_up'] . '</option>' . '<option value="move_down">' . $_LANG['move_down'] . '</option>' . '<option value="edit_name">' . $_LANG['edit_name'] . '</option>' . '<option value="edit_desc">' . $_LANG['edit_desc'] . '</option>' . '<option value="edit_priv">' . $_LANG['edit_priv'] . '</option>' . '</select></td>' . '</tr>';
}
print '</table>';
$db->close();
break;
case 'group':
require_once ABSOLUTE_BASEPATH . '/db.' . PHPEXT;
$db = new nullBB_Database($_CONF, $_LANG);
$res = $db->query('select * from ' . $_CONF['dbprefix'] . 'groups ' . 'order by group_id');
$db->freeResult();
$defaultGroups = array(USERLEV_GOD, USERLEV_ADMIN, USERLEV_GLOBALMOD, USERLEV_MOD, USERLEV_USER, USERLEV_ANY, USERLEV_BANNED);
print '<a href="javascript:newGroup()" style="padding-left: 10px">' . $_LANG['new_group'] . '</a><br>' . '<form action="editgroup.' . PHPEXT . '?action=new" method="POST">' . '<div id="newgroup" style="padding-left: 10px"></div><br>' . '</form>' . '<table class="forumlist">' . "\n";
foreach ($res as $row) {
print '<tr class="forumlist">' . '<td class="forumlist">' . '<span id="name' . getInt($row['group_id']) . '"';
if (!in_array($row['group_id'], $defaultGroups)) {
print ' style="color: #990000"';
}
print '>' . sanitizeHTML($row['group_name']) . '</span><br>' . '</td>' . '<td class="forumlist" style="text-align: right">' . '<select id="' . $row['group_id'] . '" name="groupaction" value="none" onChange="editGroup(this)">' . '<option value="none">-- ' . $_LANG['choose_action'] . '</option>';
if (!in_array($row['group_id'], $defaultGroups)) {
print '<option value="delete">' . $_LANG['remove_group'] . '</option>';
}
print '<option value="edit_name">' . $_LANG['edit_name'] . '</option>' . '</select></td>' . '</tr>';
}
?>
<table class="main">
<?php
if (!isset($_GET['id'])) {
die($_LANG['invalid_topic']);
}
$id = getInt($_GET['id']);
if (!isset($_GET['page'])) {
$page = 1;
} else {
$page = getInt($_GET['page']);
}
$start = intval(($page - 1) * 10);
$db = new nullBB_Database($_CONF, $_LANG);
$res = $db->query("select * from " . $_CONF['dbprefix'] . "topics where topic_id='{$id}'");
$db->freeResult();
$numPosts = getInt($res[0]['topic_replies']) - 1;
if (empty($res)) {
print '<tr class="forums"><td class="forums">' . $_LANG['invalid_topic'] . '</td></tr>';
print '</table></body></html>';
exit(0);
}
$forum_id = getInt($res[0]['forum_id']);
$topic_disabled = getInt($res[0]['topic_disabled']);
$res = $db->query('select forum_viewgroup from ' . $_CONF['dbprefix'] . 'forums ' . "where forum_id='" . $forum_id . "'");
$db->freeResult();
$forum_viewgroup = getInt($res[0]['forum_viewgroup']);
if ($forum_viewgroup < USERLEV_ANY) {
if (!$session->logged) {
print BASEDIR . 'themes/' . $_CONF['theme'];
?>
/style.css" rel="stylesheet" type="text/css">
<?php
} else {
?>
<link href="<?php
print BASEDIR . 'themes/' . $userinfo['user_theme'];
?>
/style.css" rel="stylesheet" type="text/css">
<?php
}
$db = new nullBB_Database($_CONF, $_LANG);
print '<li class="contestmenu"><a class="contestmenu" href="' . BASEDIR . '">~ Forum home</li>';
print '<li class="contestmenu"><a class="contestmenu" href="' . BASEDIR . 'users.' . PHPEXT . '">~ ' . $_LANG['user_list'] . '</li>';
print '<li class="contestmenu"><a class="contestmenu" href="' . BASEDIR . 'search.' . PHPEXT . '">~ ' . $_LANG['search'] . '</li>';
print '<li class="contestmenu" style="border-bottom: 3px solid #fff"></li>';
if (!$logged) {
print '<li class="contestmenu"><a class="contestmenu" href="' . BASEDIR . 'register.' . PHPEXT . '">~ Register</li>';
print '<li class="contestmenu"><a class="contestmenu" href="javascript:popLogin(' . "'" . BASEDIR . "'" . ')">~ Log in</li>';
} else {
print '<li class="contestmenu"><a class="contestmenu" href="' . BASEDIR . 'logout.' . PHPEXT . '">~ Logout [' . sanitizeHTML($userinfo['username']) . ']</li>';
$basedir = preg_replace('/\\//', '', BASEDIR);
print '<li class="contestmenu"><a class="contestmenu" href="' . BASEDIR . 'newposts.' . PHPEXT . '">~ ' . $_LANG['new_messages'] . '</li>';
print '<li class="contestmenu"><a class="contestmenu" href="' . BASEDIR . 'privmsg.' . PHPEXT . '">~ ' . $_LANG['privmsg'];
$res = $db->query('select count(*) as num from ' . $_CONF['dbprefix'] . 'privmsgs where privmsg_to=' . getInt($userinfo['user_id']) . ' and privmsg_seen=0');
$db->freeResult();
$num = getInt($res[0]['num']);
"><?php
print $_CONF['title'];
?>
home</a>
> <?php
print $_LANG['new_messages'];
?>
<br><br></center>
<table class="main">
<?php
if (!$session->logged) {
notification($_LANG['not_logged_in'], $_SERVER['HTTP_REFERER'], 3);
die;
}
$db = new nullBB_Database($_CONF, $_LANG);
$res = $db->query('select * from ' . $_CONF['dbprefix'] . "newtopics where post_time > " . getInt($session->session_lasttime) . " order by post_time desc");
$res = $db->query('select f.forum_id, f.forum_name, t.topic_id, t.topic_title, t.topic_lastreply, t.topic_disabled, p.poster_id, u.username as last_poster, p.post_time ' . 'from ' . $_CONF['dbprefix'] . 'viewtopics v join ' . $_CONF['dbprefix'] . 'topics t join ' . $_CONF['dbprefix'] . 'posts p join ' . $_CONF['dbprefix'] . 'forums f join ' . $_CONF['dbprefix'] . 'users u ' . 'on v.topic_id=t.topic_id and t.forum_id=f.forum_id ' . 'and p.forum_id=f.forum_id ' . 'and p.topic_id=t.topic_id ' . 'and p.poster_id=u.user_id ' . 'where p.post_time > ' . getInt($session->session_lasttime) . ' ' . 'and p.post_id=t.topic_lastreply ' . 'and ( (v.user_id=' . getInt($userinfo['user_id']) . ' ' . 'and p.post_time > v.viewtime) ' . 'or (t.topic_id not in ' . '(select topic_id from ' . $_CONF['dbprefix'] . 'viewtopics where user_id=' . getInt($userinfo['user_id']) . ')) ) ' . 'group by t.topic_id ' . 'order by post_time desc');
$db->freeResult();
if (empty($res)) {
notification($_LANG['no_new_posts'], $_SERVER['HTTP_REFERER'], 3);
die;
}
?>
<table class="newposts">
<tr>
<th>Forum</th>
<th>Topic</th>
<th><?php
* This program is free software: you can redistribute it and/or modify it under the terms of the *
* GNU General Public License as published by the Free Software Foundation, either version 3 of *
* the License, or (at your option) any later version. This program is distributed in the hope *
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
**************************************************************************************************/
require_once './config.ini';
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
?>
<table class="main">
<?php
$db = new nullBB_Database($_CONF, $_LANG);
$res = $db->query('select * from ' . $_CONF['dbprefix'] . 'forums order by forum_vieworder');
$db->freeResult();
if (empty($res)) {
print '<tr class="forums"><td class="forums">' . $_LANG['no_forums'] . '</td></tr>';
}
foreach ($res as $row) {
$forum_viewgroup = getInt($row['forum_viewgroup']);
if ($forum_viewgroup < USERLEV_ANY) {
if (!$session->logged) {
continue;
}
if ($userinfo['user_group'] > $forum_viewgroup) {
continue;
}
}
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
**************************************************************************************************/
require_once './config.ini';
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
?>
<table class="userinfo">
<?php
if (!isset($_GET['id'])) {
die($_LANG['invalid_user']);
}
$id = getInt($_GET['id']);
$db = new nullBB_Database($_CONF, $_LANG);
$user = $db->query('select u.*, g.group_name from ' . $_CONF['dbprefix'] . 'users u join ' . $_CONF['dbprefix'] . 'groups g on u.user_group=g.group_id ' . 'where user_id=' . $id);
$db->freeResult();
if (empty($user)) {
die($_LANG['user_not_found']);
}
?>
<center>
> <a class="topicHead" href="<?php
print BASEDIR;
?>
"><?php
print $_CONF['title'];
?>
home</a>
if ($userinfo['user_disabled']) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['disabled_user'], $_SERVER['HTTP_REFERER'], 3);
die;
}
if (!isset($_POST['forum_id']) || !is_numeric($_POST['forum_id'])) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['invalid_forum'], $_SERVER['HTTP_REFERER'], 3);
die;
}
if (!$_POST['topic_title'] || empty($_POST['topic_title'])) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['empty_topic_title'], $_SERVER['HTTP_REFERER'], 3);
die;
}
$db = new nullBB_Database($_CONF, $_LANG);
$forum_id = getInt($_POST['forum_id']);
$forum = $db->query('select forum_id from ' . $_CONF['dbprefix'] . 'forums where ' . 'forum_id = ' . $forum_id);
$db->freeResult();
if (empty($forum)) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['invalid_forum'], $_SERVER['HTTP_REFERER'], 3);
die;
}
$res = $db->query('select forum_postgroup from ' . $_CONF['dbprefix'] . 'forums where ' . "forum_id='" . $forum_id . "'");
$db->freeResult();
$forum_postgroup = getInt($res[0]['forum_postgroup']);
unset($res);
if ($userinfo['user_group'] > $forum_postgroup) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['insufficient_privileges'], $_SERVER['HTTP_REFERER'], 3);
* nullBB - Light CMS forum *
* Copyright (C) 2009, BlackLight *
* *
* This program is free software: you can redistribute it and/or modify it under the terms of the *
* GNU General Public License as published by the Free Software Foundation, either version 3 of *
* the License, or (at your option) any later version. This program is distributed in the hope *
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
**************************************************************************************************/
require_once '../config.ini';
require_once ABSOLUTE_BASEPATH . '/utils.' . PHPEXT;
require_once ABSOLUTE_BASEPATH . '/session.' . PHPEXT;
if ($_POST['username'] && $_POST['password']) {
$db = new nullBB_Database($_CONF, $_LANG);
$user = sanitizeQuery($_POST['username']);
$res = $db->query('select * from ' . $_CONF['dbprefix'] . "users where username='******' " . "and user_password='******'password'])) . "'");
if (empty($res)) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['wrong_user_pass'], $_SERVER['HTTP_REFERER'], 3);
die;
} else {
if ($res[0]['user_group'] > USERLEV_ADMIN) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['insufficient_privileges'] . ' -> ' . $res[0]['user_group'], $_SERVER['HTTP_REFERER'], 3);
die;
}
setcookie('admin_sid', sha1(md5($res[0]['username'] . $res[0]['user_password'])));
$user = sanitizeHTML($user);
notification($_LANG['login_ok'] . ' ' . $user, $_SERVER['HTTP_REFERER'], 3);
<?php
/**************************************************************************************************
* nullBB - Light CMS forum *
* Copyright (C) 2009, BlackLight *
* *
* This program is free software: you can redistribute it and/or modify it under the terms of the *
* GNU General Public License as published by the Free Software Foundation, either version 3 of *
* the License, or (at your option) any later version. This program is distributed in the hope *
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
**************************************************************************************************/
require_once './config.ini';
require_once ABSOLUTE_BASEPATH . '/utils.' . PHPEXT;
require_once ABSOLUTE_BASEPATH . '/db.' . PHPEXT;
$db = new nullBB_Database($_CONF, $_LANG);
$users = $db->query('select username from ' . $_CONF['dbprefix'] . 'users');
foreach ($users as $row) {
print sanitizeHTML($row['username']) . "\n";
}
$db->freeResult();
$db->close();
unset($users);
/**************************************************************************************************
* nullBB - Light CMS forum *
* Copyright (C) 2009, BlackLight *
* *
* This program is free software: you can redistribute it and/or modify it under the terms of the *
* GNU General Public License as published by the Free Software Foundation, either version 3 of *
* the License, or (at your option) any later version. This program is distributed in the hope *
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
**************************************************************************************************/
require_once '../config.ini';
require_once ABSOLUTE_BASEPATH . '/db.' . PHPEXT;
require_once ABSOLUTE_BASEPATH . '/utils.' . PHPEXT;
if (!$_GET['user']) {
die;
}
$db = new nullBB_Database($_CONF, $_LANG);
$user = sanitizeQuery($_GET['user']);
$user = str_replace('*', '%', $user);
$res = $db->query("select user_id, username from " . $_CONF['dbprefix'] . 'users ' . "where username like '" . $user . "'");
if (empty($res)) {
die;
}
foreach ($res as $row) {
print getInt($row['user_id']) . ' # ' . sanitizeHTML($row['username']) . "\n";
}
unset($res);
$db->freeResult();
$db->close();
* the License, or (at your option) any later version. This program is distributed in the hope *
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
**************************************************************************************************/
require_once './config.ini';
require_once ABSOLUTE_BASEPATH . '/languages/' . BOARD_LANGUAGE . '.lang';
require_once ABSOLUTE_BASEPATH . '/db.' . PHPEXT;
require_once ABSOLUTE_BASEPATH . '/utils.' . PHPEXT;
require_once ABSOLUTE_BASEPATH . '/session.' . PHPEXT;
if (empty($_REQUEST['topic_id']) || !$session->logged) {
notification("Invalid request", $_SERVER['HTTP_REFERER'], 3);
die;
}
$db = new nullBB_Database($_CONF, $_LANG);
$topic_id = getInt($_REQUEST['topic_id']);
$res = $db->query('select * from ' . $_CONF['dbprefix'] . 'topics where topic_id=' . $topic_id);
$db->freeResult();
if (empty($res)) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['invalid_topic'], $_SERVER['HTTP_REFERER'], 3);
die;
}
$topic_disabled = getInt($res[0]['topic_disabled']);
if ($_GET['lock']) {
if (!$session->logged || $userinfo['user_group'] > USERLEV_MOD) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($_LANG['lock_error'], $_SERVER['HTTP_REFERER'], 3);
die;
}
