function FriendSend($sid) { global $user, $cookie, $prefix, $db, $user_prefix, $module_name; $sid = intval($sid); if (!isset($sid)) { fdie(); } include "header.php"; $row = $db->sql_fetchrow($db->sql_query("SELECT title FROM " . $prefix . "_stories WHERE sid='{$sid}'")); $title = filter($row['title'], "nohtml"); title("" . _FRIEND . ""); OpenTable(); echo "<center><font class=\"content\"><b>" . _FRIEND . "</b></font></center><br><br>" . "" . _YOUSENDSTORY . " <b>{$title}</b> " . _TOAFRIEND . "<br><br>" . "<form action=\"modules.php?name={$module_name}&file=friend\" method=\"post\">" . "<input type=\"hidden\" name=\"sid\" value=\"{$sid}\">"; if (is_user($user)) { $row2 = $db->sql_fetchrow($db->sql_query("SELECT name, username, user_email FROM " . $user_prefix . "_users WHERE user_id = '" . intval($cookie[0]) . "'")); if (empty($row['name'])) { $yn = filter($row2['username'], "nohtml"); } else { $yn = filter($row2['name'], "nohtml"); } $ye = filter($row2['user_email'], "nohtml"); } echo "<b>" . _FYOURNAME . " </b> {$yn} <input type=\"hidden\" name=\"yname\" value=\"{$yn}\"><br><br>\n" . "<b>" . _FYOUREMAIL . " </b> {$ye} <input type=\"hidden\" name=\"ymail\" value=\"{$ye}\"><br><br><br>\n" . "<b>" . _FFRIENDNAME . " </b> <input type=\"text\" name=\"fname\"><br><br>\n" . "<b>" . _FFRIENDEMAIL . " </b> <input type=\"text\" name=\"fmail\"><br><br>\n" . "<input type=\"hidden\" name=\"op\" value=\"SendStory\">\n" . "<input type=\"submit\" value=" . _SEND . ">\n" . "</form>\n"; CloseTable(); include 'footer.php'; }
function PrintPage($sid) { global $site_logo, $nukeurl, $sitename, $datetime, $prefix, $db, $module_name; $sid = intval($sid); $row = $db->sql_fetchrow($db->sql_query("SELECT title, time, hometext, bodytext, topic, notes FROM " . $prefix . "_stories WHERE sid='{$sid}'")); $title = filter($row['title'], nohtml); $time = $row['time']; $hometext = filter($row['hometext']); $bodytext = filter($row['bodytext']); $topic = intval($row['topic']); $notes = filter($row['notes']); $row2 = $db->sql_fetchrow($db->sql_query("SELECT topictext FROM " . $prefix . "_topics WHERE topicid='{$topic}'")); $topictext = filter($row2['topictext'], nohtml); formatTimestamp($time); echo "<html>\n\t <head><title>{$sitename} - {$title}</title></head>\n\t <body bgcolor=\"#ffffff\" text=\"#000000\">\n\t <table border=\"0\" align=\"center\"><tr><td>\n\t\n\t <table border=\"0\" width=\"640\" cellpadding=\"0\" cellspacing=\"1\" bgcolor=\"#000000\"><tr><td>\n\t <table border=\"0\" width=\"640\" cellpadding=\"20\" cellspacing=\"1\" bgcolor=\"#ffffff\"><tr><td>\n\t <center>\n\t <img src=\"images/{$site_logo}\" border=\"0\" alt=\"\"><br><br>\n\t <font class=\"content\">\n\t <b>{$title}</b></font><br>\n\t <font class=tiny><b>" . _PDATE . "</b> {$datetime}<br><b>" . _PTOPIC . "</b> {$topictext}</font><br><br>\n\t </center>\n\t <font class=\"content\">\n\t {$hometext}<br><br>\n\t {$bodytext}<br><br>\n\t {$notes}<br><br>\n\t </font>\n\t </td></tr></table></td></tr></table>\n\t <br><br><center>\n\t <font class=\"content\">\n\t " . _COMESFROM . " {$sitename}<br>\n\t <a href=\"{$nukeurl}\">{$nukeurl}</a><br><br>\n\t " . _THEURL . "<br>\n\t <a href=\"{$nukeurl}/modules.php?name={$module_name}&file=article&sid={$sid}\">{$nukeurl}/modules.php?name={$module_name}&file=article&sid={$sid}</a>\n\t </font>\n\t </td></tr></table>\n\t </body>\n\t </html>"; fdie(); }
<?php /************************************************************************/ /* PHP-NUKE: Web Portal System */ /* =========================== */ /* */ /* Copyright (c) 2007 by Francisco Burzi */ /* http://phpnuke.org */ /* */ /* This program is free software. You can redistribute it and/or modify */ /* it under the terms of the GNU General Public License as published by */ /* the Free Software Foundation; either version 2 of the License. */ /************************************************************************/ if (!defined('BLOCK_FILE')) { Header("Location: ../index.php"); fdie(); } global $prefix, $db, $admin, $language, $currentlang; $ThemeSel = get_theme(); if (file_exists("themes/{$ThemeSel}/module.php")) { include "themes/" . $ThemeSel . "/module.php"; if (is_active($default_module) and file_exists("modules/{$default_module}/index.php")) { $def_module = $default_module; } else { $def_module = ""; } } $row = $db->sql_fetchrow($db->sql_query("SELECT main_module FROM " . $prefix . "_main")); $main_module = filter($row['main_module'], "nohtml"); /* If the module doesn't exist, it will be removed from the database automaticaly */ $result2 = $db->sql_query("SELECT title FROM " . $prefix . "_modules");
function rate_article($sid, $score, $random_num = "0", $gfx_check) { global $prefix, $db, $ratecookie, $sitename, $r_options, $sitekey, $gfx_chk, $module_name; if (isset($random_num)) { $datekey = date("F j"); $rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $random_num . $datekey)); $code = substr($rcode, 2, 3); if (extension_loaded("gd") and $code != $gfx_check and $gfx_chk != 0) { mt_srand((double) microtime() * 1000000); $maxran = 1000000; $random_num = mt_rand(0, $maxran); include "header.php"; title("{$sitename}: " . _ARTICLERATING . ""); OpenTable(); $row = $db->sql_fetchrow($db->sql_query("SELECT title FROM " . $prefix . "_stories WHERE sid='{$sid}'")); $row['title'] = filter($row['title'], "nohtml"); echo "<center><a href=\"modules.php?name={$module_name}&file=article&sid={$sid}{$r_options}\"><b>" . $row['title'] . "</b></a><br>" . _ARTICLERATING . ": <img src=\"images/articles/stars-{$score}.gif\" border=\"0\" alt=\"{$score}/5\" title=\"{$score}/5\"> ({$score}/5)<br><br>"; echo "" . _TOFINISHRATINGERROR . "<br><br>"; echo "<form action=\"modules.php?name={$module_name}\" method=\"post\">"; echo "" . _SECURITYCODE . ":<br><img src='?gfx=gfx_little&random_num={$random_num}' border='1' alt='" . _SECURITYCODE . "' title='" . _SECURITYCODE . "'><br><br>\n"; echo "" . _TYPESECCODE . ":<br><input type=\"text\" NAME=\"gfx_check\" SIZE=\"3\" MAXLENGTH=\"3\"><br>\n"; echo "<input type=\"hidden\" name=\"random_num\" value=\"{$random_num}\"><br>\n"; echo "<input type=\"hidden\" name=\"score\" value=\"{$score}\"><br>\n"; echo "<input type=\"hidden\" name=\"sid\" value=\"{$sid}\">\n"; echo "<input type=\"hidden\" name=\"op\" value=\"rate_article\">"; echo "<input type=\"submit\" value=\"" . _CASTMYVOTE . "\"></font></center></form>"; CloseTable(); include "footer.php"; fdie(); } else { $score = intval($score); $sid = intval($sid); if ($score) { if ($score > 5) { $score = 5; } if ($score < 1) { $score = 1; } if ($score != 1 and $score != 2 and $score != 3 and $score != 4 and $score != 5) { Header("Location: index.php"); fdie(); } $ip = $_SERVER['REMOTE_ADDR']; $num = $db->sql_numrows($db->sql_query("SELECT * FROM " . $prefix . "_stories WHERE sid='{$sid}' AND rating_ip='{$ip}'")); if ($num != 0) { Header("Location: modules.php?name=News&op=rate_complete&sid={$sid}&rated=1"); fdie(); } if (isset($ratecookie)) { $rcookie = base64_decode($ratecookie); $rcookie = addslashes($rcookie); $r_cookie = explode(":", $rcookie); } for ($i = 0; $i < sizeof($r_cookie); $i++) { if ($r_cookie[$i] == $sid) { $a = 1; } } if ($a == 1) { Header("Location: modules.php?name=News&op=rate_complete&sid={$sid}&rated=1"); fdie(); } else { $ip = $_SERVER['REMOTE_ADDR']; $result = $db->sql_query("update " . $prefix . "_stories set score=score+{$score}, ratings=ratings+1, rating_ip='{$ip}' where sid='{$sid}'"); $info = base64_encode("{$rcookie}{$sid}:"); setcookie("ratecookie", "{$info}", time() + 86400); update_points(7); Header("Location: modules.php?name=News&op=rate_complete&sid={$sid}&score={$score}"); } } else { include "header.php"; title("{$sitename}: " . _ARTICLERATING . ""); OpenTable(); echo "<center>" . _DIDNTRATE . "<br><br>" . "" . _GOBACK . "</center>"; CloseTable(); include "footer.php"; } } } else { mt_srand((double) microtime() * 1000000); $maxran = 1000000; $random_num = mt_rand(0, $maxran); if (extension_loaded("gd") and $gfx_chk != 0) { include "header.php"; title("{$sitename}: " . _ARTICLERATING . ""); OpenTable(); $row = $db->sql_fetchrow($db->sql_query("SELECT title FROM " . $prefix . "_stories WHERE sid='{$sid}'")); echo "<center><a href=\"modules.php?name={$module_name}&file=article&sid={$sid}{$r_options}\"><b>" . $row['title'] . "</b></a><br>" . _ARTICLERATING . ": <img src=\"images/articles/stars-{$score}.gif\" border=\"0\" alt=\"{$score}/5\" title=\"{$score}/5\"> ({$score}/5)<br><br>"; echo "" . _TOFINISHRATING . "<br><br>"; echo "<form action=\"modules.php?name={$module_name}\" method=\"post\">"; echo "" . _SECURITYCODE . ":<br><img src='?gfx=gfx_little&random_num={$random_num}' border='1' alt='" . _SECURITYCODE . "' title='" . _SECURITYCODE . "'><br><br>\n"; echo "" . _TYPESECCODE . ":<br><input type=\"text\" NAME=\"gfx_check\" SIZE=\"3\" MAXLENGTH=\"3\"><br>\n"; echo "<input type=\"hidden\" name=\"random_num\" value=\"{$random_num}\"><br>\n"; echo "<input type=\"hidden\" name=\"score\" value=\"{$score}\"><br>\n"; echo "<input type=\"hidden\" name=\"sid\" value=\"{$sid}\">\n"; echo "<input type=\"hidden\" name=\"op\" value=\"rate_article\">"; echo "<input type=\"submit\" value=\"" . _CASTMYVOTE . "\"></font></center></form>"; CloseTable(); include "footer.php"; } else { $random_num = "{$random_num}"; $gfx_check = "{$code}"; Header("Location: modules.php?name={$module_name}&op=rate_article&sid={$sid}&score={$score}&random_num={$random_num}"); } } }
function postAdminStory($automated, $year, $day, $month, $hour, $min, $subject, $hometext, $bodytext, $topic, $catid, $ihome, $alanguage, $acomm, $pollTitle, $optionText, $assotop) { global $ultramode, $aid, $prefix, $db, $admin_file; for ($i = 0; $i < sizeof($assotop); $i++) { $associated .= "{$assotop[$i]}-"; } if ($automated == 1) { if ($day < 10) { $day = "0{$day}"; } if ($month < 10) { $month = "0{$month}"; } $sec = "00"; $date = "{$year}-{$month}-{$day} {$hour}:{$min}:{$sec}"; $notes = ""; $author = $aid; $subject = filter($subject, "nohtml", 1); $hometext = filter($hometext, "", 1); $bodytext = filter($bodytext, "", 1); $result = $db->sql_query("insert into " . $prefix . "_autonews values (NULL, '{$catid}', '{$aid}', '{$subject}', '{$date}', '{$hometext}', '{$bodytext}', '{$topic}', '{$author}', '{$notes}', '{$ihome}', '{$alanguage}', '{$acomm}', '{$associated}')"); if (!$result) { fdie(); } $result = $db->sql_query("update " . $prefix . "_authors set counter=counter+1 where aid='{$aid}'"); if ($ultramode) { ultramode(); } Header("Location: " . $admin_file . ".php?op=adminMain"); } else { $subject = filter($subject, "nohtml", 1); $hometext = filter($hometext, "", 1); $bodytext = filter($bodytext, "", 1); if ($pollTitle != "" and $optionText[1] != "" and $optionText[2] != "") { $haspoll = 1; $timeStamp = time(); $pollTitle = filter($pollTitle, "nohtml", 1); if (!$db->sql_query("INSERT INTO " . $prefix . "_poll_desc VALUES (NULL, '{$pollTitle}', '{$timeStamp}', '0', '{$alanguage}', '0', '0')")) { return; } $object = $db->sql_fetchrow($db->sql_query("SELECT pollID FROM " . $prefix . "_poll_desc WHERE pollTitle='{$pollTitle}'")); $id = $object['pollID']; $id = intval($id); for ($i = 1; $i <= sizeof($optionText); $i++) { if (!empty($optionText[$i])) { $optionText[$i] = filter($optionText[$i], "nohtml", 1); } if (!$db->sql_query("INSERT INTO " . $prefix . "_poll_data (pollID, optionText, optionCount, voteID) VALUES ('{$id}', '{$optionText[$i]}', '0', '{$i}')")) { return; } } } else { $haspoll = 0; $id = 0; } $result = $db->sql_query("insert into " . $prefix . "_stories values (NULL, '{$catid}', '{$aid}', '{$subject}', now(), '{$hometext}', '{$bodytext}', '0', '0', '{$topic}', '{$aid}', '{$notes}', '{$ihome}', '{$alanguage}', '{$acomm}', '{$haspoll}', '{$id}', '0', '0', '0', '{$associated}')"); $result = $db->sql_query("select sid from " . $prefix . "_stories WHERE title='{$subject}' order by time DESC limit 0,1"); list($artid) = $result->fetch_row(); $artid = intval($artid); $db->sql_query("UPDATE " . $prefix . "_poll_desc SET artid='{$artid}' WHERE pollID='{$id}'"); if (!$result) { fdie(); } $result = $db->sql_query("update " . $prefix . "_authors set counter=counter+1 where aid='{$aid}'"); if ($ultramode) { ultramode(); } Header("Location: " . $admin_file . ".php?op=adminMain"); } }
function CreateTopic($xanonpost, $subject, $comment, $pid, $sid, $host_name, $mode, $order, $thold) { global $module_name, $user, $userinfo, $EditedMessage, $cookie, $AllowableHTML, $ultramode, $user_prefix, $prefix, $anonpost, $articlecomm, $db, $sitename; cookiedecode($user); getusrinfo($user); $sid = intval($sid); $pid = intval($pid); $author = filter($author, "nohtml", 1); $subject = filter($subject, "nohtml", 1); $comment = format_url($comment); $comment = filter($comment, "", 1); if (empty($subject) or empty($comment)) { include "header.php"; title("{$sitename} - " . _COMMENTSSYSTEM . ""); OpenTable(); echo "<center>" . _COMMENTPOSTERROR . "<br><br>" . _GOBACK . "</center>"; CloseTable(); include "footer.php"; fdie(); } //$comment = filter($comment); if (is_user($user) and !$xanonpost) { $name = $userinfo['username']; $email = $userinfo['femail']; $url = $userinfo['user_website']; $score = 1; } else { $name = ""; $email = ""; $url = ""; $score = 0; } if (!isset($ip)) { $ip = $_SERVER['REMOTE_ADDR']; } $fake = $db->sql_numrows($db->sql_query("SELECT * FROM " . $prefix . "_stories WHERE sid='{$sid}'")); $comment = trim($comment); $comment = filter($comment, "", 1); if ($fake == 1 and $articlecomm == 1) { if ($anonpost == 0 and is_user($user) or $anonpost == 1) { if (is_user($user)) { $krow = $db->sql_fetchrow($db->sql_query("SELECT karma FROM " . $user_prefix . "_users WHERE username='******'")); $koptions = ""; $koptions .= "&mode=" . $mode; $koptions .= "&order=" . $order; $koptions .= "&thold=" . $thold; if ($krow['karma'] == 2) { $db->sql_query("INSERT INTO " . $prefix . "_comments_moderated VALUES (NULL, '{$pid}', '{$sid}', now(), '{$name}', '{$email}', '{$url}', '{$ip}', '{$subject}', '{$comment}', '{$score}', '0', '0')"); include "header.php"; title(_MODERATEDTITLE); OpenTable(); echo "<center>" . _COMMENTMODERATED . ""; echo "<br><br><a href=\"modules.php?name={$module_name}&file=article&sid={$sid}{$koptions}\">" . _MODERATEDRETURN . "</a>"; CloseTable(); include "footer.php"; fdie(); } elseif ($krow['karma'] == 3) { Header("Location: modules.php?name={$module_name}&file=article&sid={$sid}{$koptions}"); fdie(); } } $db->sql_query("INSERT INTO " . $prefix . "_comments VALUES (NULL, '{$pid}', '{$sid}', now(), '{$name}', '{$email}', '{$url}', '{$ip}', '{$subject}', '{$comment}', '{$score}', '0', '0')"); $db->sql_query("UPDATE " . $prefix . "_stories SET comments=comments+1 WHERE sid='{$sid}'"); update_points(5); if ($ultramode) { ultramode(); } } else { die("Nice try.."); } } else { include "header.php"; echo "According to my records, the topic you are trying " . "to reply to does not exist. If you're just trying to be " . "annoying, well then too bad."; include "footer.php"; fdie(); } $options = ""; $options .= "&mode=" . $mode; $options .= "&order=" . $order; $options .= "&thold=" . $thold; Header("Location: modules.php?name={$module_name}&file=article&sid={$sid}{$options}"); }