<?php
if (!$user->valid() || !isset($forum)) {
header("Location: " . $page);
exit;
}
$tid = $_REQUEST['tid'];
$page = $_REQUEST['page'];
if (!$user->is_valid_token($_REQUEST['token'])) {
err_not_found("invalid token");
}
if (isset($_REQUEST['time']) && is_numeric($_REQUEST['time'])) {
$time = $_REQUEST['time'];
} else {
$time = time();
}
/* Unix time (seconds since epoch) */
/* Convert it to MySQL format */
/* TZ: strftime is local time of SQL server -> used for tstamp */
$time = strftime("%Y%m%d%H%M%S", $time);
if ($tid == "all") {
require_once "thread.inc";
/* for is_thread_bumped() */
foreach ($tthreads as $tthread) {
$iid = tid_to_iid($tthread['tid']);
if (!isset($iid)) {
continue;
}
/* TZ: unixtime is seconds since epoch */
$thread = db_query_first("select *, UNIX_TIMESTAMP(tstamp) as unixtime from f_threads{$iid} where tid = ?", array($tthread['tid']));
if (is_thread_bumped($thread)) {
<?php
require_once 'thread.inc';
if (!isset($forum)) {
echo "Invalid forum\n";
exit;
}
$page = $_REQUEST['page'];
$tid = $_REQUEST['tid'];
$time = $_REQUEST['time'];
if (!$user->valid() || !is_numeric($tid)) {
header("Location: {$page}");
exit;
}
$iid = tid_to_iid($tid);
if (!isset($iid)) {
echo "Invalid thread!\n";
exit;
}
if (!$user->is_valid_token($_REQUEST['token'])) {
err_not_found("Invalid token");
}
if (!is_numeric($time)) {
err_not_found("Invalid timestamp");
}
track_thread($forum['fid'], $tid, '', $time);
Header("Location: {$page}");
// vim: sw=2
$new[] = "url: " . $nmsg['url'];
}
if (!empty($nmsg['imageurl'])) {
$new[] = "imageurl: " . $nmsg['imageurl'];
}
if (!empty($nmsg['video'])) {
$new[] = "video: " . $nmsg['video'];
}
$diff .= diff($old, $new);
/* IMAGEURL HACK - prepend before insert */
/* for diffing and for entry into the db */
$nmsg = image_url_hack_insert($nmsg);
/* Add it into the database */
$iid = mid_to_iid($mid);
if (!isset($iid)) {
err_not_found("message {$mid} has no iid");
exit;
}
$sql = "update f_messages{$iid} set name = ?, email = ?, flags = ?, subject = ?, " . "message = ?, url = ?, urltext = ?, video = ?, state = ?, " . "changes = CONCAT(changes, 'Edited by ', ?, '/', ?, ' at ', NOW(), ' from ', ?, '\n', ?, '\n') " . "where mid = ?";
db_exec($sql, array($nmsg['name'], $nmsg['email'], $nmsg['flags'], $nmsg['subject'], $nmsg['message'], $nmsg['url'], $nmsg['urltext'], $nmsg['video'], $nmsg['state'], $user->name, $user->aid, $remote_addr, $diff, $mid));
$sql = "replace into f_updates ( fid, mid ) values ( ?, ? )";
db_exec($sql, array($forum['fid'], $mid));
/* update user post counts and f_indexes */
if ($state_changed) {
msg_state_changed($forum['fid'], $msg, $nmsg['state']);
}
if ($track_thread) {
track_thread($forum['fid'], $nmsg['tid'], $send_email ? "SendEmail" : "");
} else {
untrack_thread($forum['fid'], $nmsg['tid']);
}
$yatt->set("forum_header", $hdr->parse("FORUM_HEADER", "forum_header"));
$yatt->set("user_token", $user->token());
$yatt->set("page", $tpl->get_var("PAGE"));
$yatt->set("forum", $forum);
$yatt->set("time", time());
if (!isset($curpage)) {
$curpage = 1;
}
$tpp = $user->threadsperpage;
if ($tpp <= 0) {
$tpp = 20;
}
$out = process_tthreads();
$numpages = ceil($out['numshown'] / $tpp);
if ($numpages && $curpage > $numpages) {
err_not_found("Page out of range");
exit;
}
$yatt->set('shown', $out['numshown']);
$yatt->set('numpages', $numpages);
/* calc start/end thread points */
$start = $tpp * ($curpage - 1);
$end = $tpp * $curpage;
$fmt = "/" . $forum['shortname'] . "/tracking/%d.phtml";
$yatt->set("pages", gen_pagenav($fmt, $curpage, $numpages));
if (isset($user->pref['SimpleHTML'])) {
$block = "simple";
} else {
$block = "normal";
}
$new = false;
<?php
$aid = $user->aid;
$user = new AccountUser();
$user->find_by_aid((int) $aid);
if (!$user->unsetcookie()) {
err_not_found('unsetcookie() failed');
}
if (isset($_GET['url'])) {
$url = "url=" . $_GET['url'] . "&";
}
header("Location: login.phtml?{$url}" . "message=" . urlencode("You have been logged out"));
function process_request($tpl, $arg)
{
global $user;
if (!count($arg)) {
return;
}
dump($arg);
$args = '';
if (isset($arg['gid']) && is_numeric($arg['gid'])) {
$gid = $arg['gid'];
if ($gid < 0 || $gid > 31) {
err_not_found("GID out of range");
}
}
if (isset($gid)) {
$sqls = array();
$sargs = array();
$name = $user->name;
if (isset($arg['submit']) && $arg['submit'] == "Update Slot {$gid}") {
global $subject_tags;
$subject = stripcrap($arg['subject'], $subject_tags);
$url = stripcrapurl($arg['url']);
$sqls[] = "update f_global_messages set " . "subject = ?, url = ?, " . "name = ?, date = NOW() " . "where gid = ?";
$sargs[] = array($subject, $url, $name, $gid);
/* resend edit so we get the form back */
$args = "?gid={$gid}&edit";
}
if (isset($arg['add'])) {
$sqls[] = "insert into f_global_messages " . "(gid, name, date) values " . "(?, ?, NOW())";
$sargs[] = array($gid, $name);
}
if (isset($arg['take'])) {
$sqls[] = "update f_global_messages set " . "name = ?, date = NOW() " . "where gid = ?";
$sargs[] = array($name, $gid);
}
if (isset($arg['touch'])) {
$sqls[] = "update f_global_messages set " . "date = NOW() " . "where gid = ?";
$sargs[] = array($gid);
}
if (isset($arg['unhide'])) {
$sqls[] = "update u_users set " . "gmsgfilter = gmsgfilter & ~(1<<{$gid}) where gmsgfilter & (1<<{$gid})";
$sargs[] = array();
}
if (count($sqls)) {
/* don't allow any sql updates unless we have a valid token */
if (!$user->is_valid_token($arg['token'])) {
err_not_found("invalid token");
}
for ($i = 0; $i < count($sqls); $i++) {
$sql = $sqls[$i];
$sarg = $sargs[$i];
debug($sql . "\narray(" . implode(",", $sarg) . ")\n");
db_exec($sql, $sarg);
}
}
if (isset($arg['edit'])) {
/* on edit and add, we will send Location: but with "edit" again,
stripping add and the token */
if (isset($arg['add'])) {
$args = "?gid={$gid}&edit";
} else {
generate_edit_form($tpl, $gid);
}
}
if (count($sqls)) {
header("Location: /admin/gmessage.phtml{$args}");
}
}
}
$tpl->set_block("success", "create");
$tpl->set_block("success", "email");
$tpl->set_block("success", "forgot_password");
$errors = array("unknown", "invalid_aid", "activate_failed", "dup_email");
$successes = array("create", "email", "forgot_password");
if (!isset($_REQUEST['cookie'])) {
err_not_found('No cookie');
}
$cookie = $_REQUEST['cookie'];
$pending = db_query_first("select * from u_pending where cookie = ?", array($cookie));
if (!$pending) {
if (isset($cookie) && !empty($cookie)) {
$error = "unknown";
$tpl->set_var("COOKIE", $cookie);
} else {
err_not_found('No cookie');
}
} else {
$user = new AccountUser();
$user->find_by_aid((int) $pending['aid']);
if (!$user->valid()) {
$error = "invalid_aid";
} else {
db_exec("update u_pending set status = 'Done' where tid = ?", array($pending['tid']));
switch ($pending['type']) {
case "NewAccount":
if ($user->status == 'Create') {
$user->status("Active");
if (!$user->update()) {
$error = "activate_failed";
} else {
function find_msg_index($mid)
{
global $indexes;
reset($indexes);
while (list($key) = each($indexes)) {
if ($indexes[$key]['minmid'] <= $mid && $indexes[$key]['maxmid'] >= $mid) {
return $indexes[$key]['iid'];
}
}
return -1;
}
function find_thread_index($tid)
{
global $indexes;
reset($indexes);
while (list($key) = each($indexes)) {
if ($indexes[$key]['mintid'] <= $tid && $indexes[$key]['maxtid'] >= $tid) {
return $indexes[$key]['iid'];
}
}
return -1;
}
if (preg_match("#^/[a-z]*/([a-z\\.]*)\$#", $script_name . $path_info, $regs)) {
if (isset($scripts[$regs[1] . ""])) {
include $scripts[$regs[1] . ""];
} else {
err_not_found("no script for '{$regs['1']}'");
}
} else {
err_not_found("preg_match '{$script_name}{$path_info}' failed");
}
} else {
$email = "";
}
if (isset($_POST['password1'])) {
$password1 = $_POST['password1'];
} else {
$password1 = "";
}
if (isset($_POST['password2'])) {
$password2 = $_POST['password2'];
} else {
$password2 = "";
}
if (isset($_POST['submit'])) {
if (!$user->is_valid_token($_POST['token'])) {
err_not_found('Invalid token');
}
if (!empty($name)) {
$name = striptag($name, $no_tags);
$name = trim($name);
/* Filter out bad characters. Do the & first to catch SGML entities */
$name = preg_replace("/&/", "&#" . ord('&') . ";", $name);
$name = preg_replace("/</", "<", $name);
$name = preg_replace("/>/", ">", $name);
if (!empty($name)) {
$user->name($name);
}
}
if (!empty($email)) {
$email = trim($email);
if (is_valid_email($email)) {
<?php
$user->req("ForumAdmin");
if (is_valid_integer($_REQUEST['aid'])) {
$aid = $_REQUEST['aid'];
} else {
err_not_found("Invalid FID or AID");
}
/* If submit is set, shove the data into the database (well, after some */
/* error checking) */
if (isset($_POST['submit'])) {
$opts = $_POST['opts'];
for ($i = 0; $i < count($opts); $i++) {
$capabilities = array();
if (is_valid_signed_integer($opts[$i]['fid'])) {
$fid = $opts[$i]['fid'];
if (isset($opts[$i]['Lock'])) {
$capabilities[] = "Lock";
}
if (isset($opts[$i]['Moderate'])) {
$capabilities[] = "Moderate";
}
if (isset($opts[$i]['Delete'])) {
$capabilities[] = "Delete";
}
if (isset($opts[$i]['OffTopic'])) {
$capabilities[] = "OffTopic";
}
if (isset($opts[$i]['Advertise'])) {
$capabilities[] = "Advertise";
}
<?php
$user->req("ForumAdmin");
if (!$user->is_valid_token($_REQUEST['token'])) {
err_not_found('Invalid token');
}
if ($_GET['clean'] == 1) {
$sql = "delete from u_pending where status = 'Done'";
db_exec($sql);
$sql = "delete from u_pending where TO_DAYS(NOW()) - TO_DAYS(tstamp) > 30";
db_exec($sql);
Header("Location: pending.phtml?message=" . urlencode("Cleaned up completed requests"));
} else {
if (is_valid_integer($_GET['aid']) && is_valid_integer($_GET['tid'])) {
$aid = $_GET['aid'];
$tid = $_GET['tid'];
} else {
err_not_found('Invalid aid/tid');
}
$sql = "delete from u_pending where aid = ? and tid = ?";
db_exec($sql, array($aid, $tid));
Header("Location: pending.phtml?message=" . urlencode("Request Deleted"));
}
<?php
$user->req("ForumAdmin");
/* If submit is set, shove the data into the database (well, after some */
/* error checking) */
if (isset($_POST['submit'])) {
if (!is_valid_integer($_POST['fid'])) {
err_not_found("Invalid fid");
}
$fid = $_POST['fid'];
$name = $_POST['name'];
$shortname = $_POST['shortname'];
if (isset($_POST['read'])) {
$options[] = "Read";
}
if (isset($_POST['postthread'])) {
$options[] = "PostThread";
}
if (isset($_POST['postreply'])) {
$options[] = "PostReply";
}
if (isset($_POST['postedit'])) {
$options[] = "PostEdit";
}
if (isset($_POST['offtopic'])) {
$options[] = "OffTopic";
}
if (isset($_POST['searchable'])) {
$options[] = "Searchable";
}
if (isset($_POST['logintoread'])) {
function find_thread_index($tid)
{
global $indexes;
if (!isset($indexes) || !count($indexes)) {
err_not_found("indexes cache is empty");
exit;
}
foreach ($indexes as $k => $v) {
if ($v['mintid'] <= $tid && $tid <= $v['maxtid']) {
return $k;
}
}
return null;
}
<?php
$aid = $user->aid;
$user = new AccountUser();
$user->find_by_aid((int) $aid);
if (!$user->unsetcookie()) {
err_not_found();
}
header("Location: login.phtml?message=" . urlencode("You have been logged out"));
<?php
$user->req("ForumAdmin");
if (is_valid_integer($_GET['aid']) && is_valid_signed_integer($_GET['fid'])) {
$aid = $_GET['aid'];
$fid = $_GET['fid'];
} else {
err_not_found("invalid fid or aid");
}
db_exec("delete from f_moderators where aid = ? and fid = ?", array($aid, $fid));
Header("Location: useracl.phtml?message=" . urlencode("User ACL Deleted"));
} else {
if (empty($path_info) || $path_info == "/") {
$uuser = new ForumUser();
/* find by cookie */
if (!$uuser->valid()) {
/* dont go to login page if user is invalid */
err_not_found("Unknown user");
}
Header("Location: /account/{$uuser->aid}.phtml");
exit;
} else {
err_not_found("Unknown path");
}
}
if (!$uuser->valid()) {
err_not_found("Unknown user");
}
$stats = get_stats($uuser);
if (array_key_exists('noob', $_GET)) {
noob($_GET['noob'], $uuser->aid, $stats['active']);
return;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title><?php
echo "{$domain}";
?>
: Account Information for <?php
echo "{$uuser->name}";
<?php
require_once "listthread.inc";
require_once "filter.inc";
require_once "thread.inc";
require_once "message.inc";
require_once "page-yatt.inc.php";
$tpl->set_file(array("showthread" => "showthread.tpl", "forum_header" => array("forum/" . $forum['shortname'] . ".tpl", "forum/generic.tpl")));
$tpl->set_var("FORUM_NAME", $forum['name']);
$tpl->set_var("FORUM_SHORTNAME", $forum['shortname']);
$tpl->parse("FORUM_HEADER", "forum_header");
/* $tid set by main.php for showthread.php */
$thread = get_thread($tid);
if (!isset($thread)) {
err_not_found("No such thread {$tid}");
}
/* Mark the thread as read if need be */
if (is_thread_bumped($thread)) {
$sql = "update f_tracking set tstamp = NOW() where tid = ? and aid = ?";
db_exec($sql, array($tid, $user->aid));
}
/* look for my message and later */
for ($index = find_msg_index($thread['mid']); isset($indexes[$index]); $index++) {
$iid = $indexes[$index]['iid'];
/* TZ: unixtime is seconds since epoch */
$sql = "select " . "mid, tid, pid, aid, state, UNIX_TIMESTAMP(date) as unixtime, ip, subject, " . "message, url, urltext, video, flags, name, email, views, changes " . "from f_messages{$iid} where tid = ? order by mid";
$sth = db_query($sql, array($tid));
while ($message = $sth->fetch()) {
$message['date'] = gen_date($user, $message['unixtime']);
/* FIXME: translate pid -> pmid */
if (!isset($message['pmid']) && isset($message['pid'])) {
