function FriendSend($sid)
{
global $user, $cookie, $prefix, $db, $user_prefix, $module_name;
$sid = intval($sid);
if (!isset($sid)) {
fdie();
}
include "header.php";
$row = $db->sql_fetchrow($db->sql_query("SELECT title FROM " . $prefix . "_stories WHERE sid='{$sid}'"));
$title = filter($row['title'], "nohtml");
title("" . _FRIEND . "");
OpenTable();
echo "<center><font class=\"content\"><b>" . _FRIEND . "</b></font></center><br><br>" . "" . _YOUSENDSTORY . " <b>{$title}</b> " . _TOAFRIEND . "<br><br>" . "<form action=\"modules.php?name={$module_name}&file=friend\" method=\"post\">" . "<input type=\"hidden\" name=\"sid\" value=\"{$sid}\">";
if (is_user($user)) {
$row2 = $db->sql_fetchrow($db->sql_query("SELECT name, username, user_email FROM " . $user_prefix . "_users WHERE user_id = '" . intval($cookie[0]) . "'"));
if (empty($row['name'])) {
$yn = filter($row2['username'], "nohtml");
} else {
$yn = filter($row2['name'], "nohtml");
}
$ye = filter($row2['user_email'], "nohtml");
}
echo "<b>" . _FYOURNAME . " </b> {$yn} <input type=\"hidden\" name=\"yname\" value=\"{$yn}\"><br><br>\n" . "<b>" . _FYOUREMAIL . " </b> {$ye} <input type=\"hidden\" name=\"ymail\" value=\"{$ye}\"><br><br><br>\n" . "<b>" . _FFRIENDNAME . " </b> <input type=\"text\" name=\"fname\"><br><br>\n" . "<b>" . _FFRIENDEMAIL . " </b> <input type=\"text\" name=\"fmail\"><br><br>\n" . "<input type=\"hidden\" name=\"op\" value=\"SendStory\">\n" . "<input type=\"submit\" value=" . _SEND . ">\n" . "</form>\n";
CloseTable();
include 'footer.php';
}
function PrintPage($sid)
{
global $site_logo, $nukeurl, $sitename, $datetime, $prefix, $db, $module_name;
$sid = intval($sid);
$row = $db->sql_fetchrow($db->sql_query("SELECT title, time, hometext, bodytext, topic, notes FROM " . $prefix . "_stories WHERE sid='{$sid}'"));
$title = filter($row['title'], nohtml);
$time = $row['time'];
$hometext = filter($row['hometext']);
$bodytext = filter($row['bodytext']);
$topic = intval($row['topic']);
$notes = filter($row['notes']);
$row2 = $db->sql_fetchrow($db->sql_query("SELECT topictext FROM " . $prefix . "_topics WHERE topicid='{$topic}'"));
$topictext = filter($row2['topictext'], nohtml);
formatTimestamp($time);
echo "<html>\n\t <head><title>{$sitename} - {$title}</title></head>\n\t <body bgcolor=\"#ffffff\" text=\"#000000\">\n\t <table border=\"0\" align=\"center\"><tr><td>\n\t\n\t <table border=\"0\" width=\"640\" cellpadding=\"0\" cellspacing=\"1\" bgcolor=\"#000000\"><tr><td>\n\t <table border=\"0\" width=\"640\" cellpadding=\"20\" cellspacing=\"1\" bgcolor=\"#ffffff\"><tr><td>\n\t <center>\n\t <img src=\"images/{$site_logo}\" border=\"0\" alt=\"\"><br><br>\n\t <font class=\"content\">\n\t <b>{$title}</b></font><br>\n\t <font class=tiny><b>" . _PDATE . "</b> {$datetime}<br><b>" . _PTOPIC . "</b> {$topictext}</font><br><br>\n\t </center>\n\t <font class=\"content\">\n\t {$hometext}<br><br>\n\t {$bodytext}<br><br>\n\t {$notes}<br><br>\n\t </font>\n\t </td></tr></table></td></tr></table>\n\t <br><br><center>\n\t <font class=\"content\">\n\t " . _COMESFROM . " {$sitename}<br>\n\t <a href=\"{$nukeurl}\">{$nukeurl}</a><br><br>\n\t " . _THEURL . "<br>\n\t <a href=\"{$nukeurl}/modules.php?name={$module_name}&file=article&sid={$sid}\">{$nukeurl}/modules.php?name={$module_name}&file=article&sid={$sid}</a>\n\t </font>\n\t </td></tr></table>\n\t </body>\n\t </html>";
fdie();
}
<?php
/************************************************************************/
/* PHP-NUKE: Web Portal System */
/* =========================== */
/* */
/* Copyright (c) 2007 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
if (!defined('BLOCK_FILE')) {
Header("Location: ../index.php");
fdie();
}
global $prefix, $db, $admin, $language, $currentlang;
$ThemeSel = get_theme();
if (file_exists("themes/{$ThemeSel}/module.php")) {
include "themes/" . $ThemeSel . "/module.php";
if (is_active($default_module) and file_exists("modules/{$default_module}/index.php")) {
$def_module = $default_module;
} else {
$def_module = "";
}
}
$row = $db->sql_fetchrow($db->sql_query("SELECT main_module FROM " . $prefix . "_main"));
$main_module = filter($row['main_module'], "nohtml");
/* If the module doesn't exist, it will be removed from the database automaticaly */
$result2 = $db->sql_query("SELECT title FROM " . $prefix . "_modules");
function rate_article($sid, $score, $random_num = "0", $gfx_check)
{
global $prefix, $db, $ratecookie, $sitename, $r_options, $sitekey, $gfx_chk, $module_name;
if (isset($random_num)) {
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 3);
if (extension_loaded("gd") and $code != $gfx_check and $gfx_chk != 0) {
mt_srand((double) microtime() * 1000000);
$maxran = 1000000;
$random_num = mt_rand(0, $maxran);
include "header.php";
title("{$sitename}: " . _ARTICLERATING . "");
OpenTable();
$row = $db->sql_fetchrow($db->sql_query("SELECT title FROM " . $prefix . "_stories WHERE sid='{$sid}'"));
$row['title'] = filter($row['title'], "nohtml");
echo "<center><a href=\"modules.php?name={$module_name}&file=article&sid={$sid}{$r_options}\"><b>" . $row['title'] . "</b></a><br>" . _ARTICLERATING . ": <img src=\"images/articles/stars-{$score}.gif\" border=\"0\" alt=\"{$score}/5\" title=\"{$score}/5\"> ({$score}/5)<br><br>";
echo "" . _TOFINISHRATINGERROR . "<br><br>";
echo "<form action=\"modules.php?name={$module_name}\" method=\"post\">";
echo "" . _SECURITYCODE . ":<br><img src='?gfx=gfx_little&random_num={$random_num}' border='1' alt='" . _SECURITYCODE . "' title='" . _SECURITYCODE . "'><br><br>\n";
echo "" . _TYPESECCODE . ":<br><input type=\"text\" NAME=\"gfx_check\" SIZE=\"3\" MAXLENGTH=\"3\"><br>\n";
echo "<input type=\"hidden\" name=\"random_num\" value=\"{$random_num}\"><br>\n";
echo "<input type=\"hidden\" name=\"score\" value=\"{$score}\"><br>\n";
echo "<input type=\"hidden\" name=\"sid\" value=\"{$sid}\">\n";
echo "<input type=\"hidden\" name=\"op\" value=\"rate_article\">";
echo "<input type=\"submit\" value=\"" . _CASTMYVOTE . "\"></font></center></form>";
CloseTable();
include "footer.php";
fdie();
} else {
$score = intval($score);
$sid = intval($sid);
if ($score) {
if ($score > 5) {
$score = 5;
}
if ($score < 1) {
$score = 1;
}
if ($score != 1 and $score != 2 and $score != 3 and $score != 4 and $score != 5) {
Header("Location: index.php");
fdie();
}
$ip = $_SERVER['REMOTE_ADDR'];
$num = $db->sql_numrows($db->sql_query("SELECT * FROM " . $prefix . "_stories WHERE sid='{$sid}' AND rating_ip='{$ip}'"));
if ($num != 0) {
Header("Location: modules.php?name=News&op=rate_complete&sid={$sid}&rated=1");
fdie();
}
if (isset($ratecookie)) {
$rcookie = base64_decode($ratecookie);
$rcookie = addslashes($rcookie);
$r_cookie = explode(":", $rcookie);
}
for ($i = 0; $i < sizeof($r_cookie); $i++) {
if ($r_cookie[$i] == $sid) {
$a = 1;
}
}
if ($a == 1) {
Header("Location: modules.php?name=News&op=rate_complete&sid={$sid}&rated=1");
fdie();
} else {
$ip = $_SERVER['REMOTE_ADDR'];
$result = $db->sql_query("update " . $prefix . "_stories set score=score+{$score}, ratings=ratings+1, rating_ip='{$ip}' where sid='{$sid}'");
$info = base64_encode("{$rcookie}{$sid}:");
setcookie("ratecookie", "{$info}", time() + 86400);
update_points(7);
Header("Location: modules.php?name=News&op=rate_complete&sid={$sid}&score={$score}");
}
} else {
include "header.php";
title("{$sitename}: " . _ARTICLERATING . "");
OpenTable();
echo "<center>" . _DIDNTRATE . "<br><br>" . "" . _GOBACK . "</center>";
CloseTable();
include "footer.php";
}
}
} else {
mt_srand((double) microtime() * 1000000);
$maxran = 1000000;
$random_num = mt_rand(0, $maxran);
if (extension_loaded("gd") and $gfx_chk != 0) {
include "header.php";
title("{$sitename}: " . _ARTICLERATING . "");
OpenTable();
$row = $db->sql_fetchrow($db->sql_query("SELECT title FROM " . $prefix . "_stories WHERE sid='{$sid}'"));
echo "<center><a href=\"modules.php?name={$module_name}&file=article&sid={$sid}{$r_options}\"><b>" . $row['title'] . "</b></a><br>" . _ARTICLERATING . ": <img src=\"images/articles/stars-{$score}.gif\" border=\"0\" alt=\"{$score}/5\" title=\"{$score}/5\"> ({$score}/5)<br><br>";
echo "" . _TOFINISHRATING . "<br><br>";
echo "<form action=\"modules.php?name={$module_name}\" method=\"post\">";
echo "" . _SECURITYCODE . ":<br><img src='?gfx=gfx_little&random_num={$random_num}' border='1' alt='" . _SECURITYCODE . "' title='" . _SECURITYCODE . "'><br><br>\n";
echo "" . _TYPESECCODE . ":<br><input type=\"text\" NAME=\"gfx_check\" SIZE=\"3\" MAXLENGTH=\"3\"><br>\n";
echo "<input type=\"hidden\" name=\"random_num\" value=\"{$random_num}\"><br>\n";
echo "<input type=\"hidden\" name=\"score\" value=\"{$score}\"><br>\n";
echo "<input type=\"hidden\" name=\"sid\" value=\"{$sid}\">\n";
echo "<input type=\"hidden\" name=\"op\" value=\"rate_article\">";
echo "<input type=\"submit\" value=\"" . _CASTMYVOTE . "\"></font></center></form>";
CloseTable();
include "footer.php";
} else {
$random_num = "{$random_num}";
$gfx_check = "{$code}";
Header("Location: modules.php?name={$module_name}&op=rate_article&sid={$sid}&score={$score}&random_num={$random_num}");
}
}
}
function postAdminStory($automated, $year, $day, $month, $hour, $min, $subject, $hometext, $bodytext, $topic, $catid, $ihome, $alanguage, $acomm, $pollTitle, $optionText, $assotop)
{
global $ultramode, $aid, $prefix, $db, $admin_file;
for ($i = 0; $i < sizeof($assotop); $i++) {
$associated .= "{$assotop[$i]}-";
}
if ($automated == 1) {
if ($day < 10) {
$day = "0{$day}";
}
if ($month < 10) {
$month = "0{$month}";
}
$sec = "00";
$date = "{$year}-{$month}-{$day} {$hour}:{$min}:{$sec}";
$notes = "";
$author = $aid;
$subject = filter($subject, "nohtml", 1);
$hometext = filter($hometext, "", 1);
$bodytext = filter($bodytext, "", 1);
$result = $db->sql_query("insert into " . $prefix . "_autonews values (NULL, '{$catid}', '{$aid}', '{$subject}', '{$date}', '{$hometext}', '{$bodytext}', '{$topic}', '{$author}', '{$notes}', '{$ihome}', '{$alanguage}', '{$acomm}', '{$associated}')");
if (!$result) {
fdie();
}
$result = $db->sql_query("update " . $prefix . "_authors set counter=counter+1 where aid='{$aid}'");
if ($ultramode) {
ultramode();
}
Header("Location: " . $admin_file . ".php?op=adminMain");
} else {
$subject = filter($subject, "nohtml", 1);
$hometext = filter($hometext, "", 1);
$bodytext = filter($bodytext, "", 1);
if ($pollTitle != "" and $optionText[1] != "" and $optionText[2] != "") {
$haspoll = 1;
$timeStamp = time();
$pollTitle = filter($pollTitle, "nohtml", 1);
if (!$db->sql_query("INSERT INTO " . $prefix . "_poll_desc VALUES (NULL, '{$pollTitle}', '{$timeStamp}', '0', '{$alanguage}', '0', '0')")) {
return;
}
$object = $db->sql_fetchrow($db->sql_query("SELECT pollID FROM " . $prefix . "_poll_desc WHERE pollTitle='{$pollTitle}'"));
$id = $object['pollID'];
$id = intval($id);
for ($i = 1; $i <= sizeof($optionText); $i++) {
if (!empty($optionText[$i])) {
$optionText[$i] = filter($optionText[$i], "nohtml", 1);
}
if (!$db->sql_query("INSERT INTO " . $prefix . "_poll_data (pollID, optionText, optionCount, voteID) VALUES ('{$id}', '{$optionText[$i]}', '0', '{$i}')")) {
return;
}
}
} else {
$haspoll = 0;
$id = 0;
}
$result = $db->sql_query("insert into " . $prefix . "_stories values (NULL, '{$catid}', '{$aid}', '{$subject}', now(), '{$hometext}', '{$bodytext}', '0', '0', '{$topic}', '{$aid}', '{$notes}', '{$ihome}', '{$alanguage}', '{$acomm}', '{$haspoll}', '{$id}', '0', '0', '0', '{$associated}')");
$result = $db->sql_query("select sid from " . $prefix . "_stories WHERE title='{$subject}' order by time DESC limit 0,1");
list($artid) = $result->fetch_row();
$artid = intval($artid);
$db->sql_query("UPDATE " . $prefix . "_poll_desc SET artid='{$artid}' WHERE pollID='{$id}'");
if (!$result) {
fdie();
}
$result = $db->sql_query("update " . $prefix . "_authors set counter=counter+1 where aid='{$aid}'");
if ($ultramode) {
ultramode();
}
Header("Location: " . $admin_file . ".php?op=adminMain");
}
}
function CreateTopic($xanonpost, $subject, $comment, $pid, $sid, $host_name, $mode, $order, $thold)
{
global $module_name, $user, $userinfo, $EditedMessage, $cookie, $AllowableHTML, $ultramode, $user_prefix, $prefix, $anonpost, $articlecomm, $db, $sitename;
cookiedecode($user);
getusrinfo($user);
$sid = intval($sid);
$pid = intval($pid);
$author = filter($author, "nohtml", 1);
$subject = filter($subject, "nohtml", 1);
$comment = format_url($comment);
$comment = filter($comment, "", 1);
if (empty($subject) or empty($comment)) {
include "header.php";
title("{$sitename} - " . _COMMENTSSYSTEM . "");
OpenTable();
echo "<center>" . _COMMENTPOSTERROR . "<br><br>" . _GOBACK . "</center>";
CloseTable();
include "footer.php";
fdie();
}
//$comment = filter($comment);
if (is_user($user) and !$xanonpost) {
$name = $userinfo['username'];
$email = $userinfo['femail'];
$url = $userinfo['user_website'];
$score = 1;
} else {
$name = "";
$email = "";
$url = "";
$score = 0;
}
if (!isset($ip)) {
$ip = $_SERVER['REMOTE_ADDR'];
}
$fake = $db->sql_numrows($db->sql_query("SELECT * FROM " . $prefix . "_stories WHERE sid='{$sid}'"));
$comment = trim($comment);
$comment = filter($comment, "", 1);
if ($fake == 1 and $articlecomm == 1) {
if ($anonpost == 0 and is_user($user) or $anonpost == 1) {
if (is_user($user)) {
$krow = $db->sql_fetchrow($db->sql_query("SELECT karma FROM " . $user_prefix . "_users WHERE username='******'"));
$koptions = "";
$koptions .= "&mode=" . $mode;
$koptions .= "&order=" . $order;
$koptions .= "&thold=" . $thold;
if ($krow['karma'] == 2) {
$db->sql_query("INSERT INTO " . $prefix . "_comments_moderated VALUES (NULL, '{$pid}', '{$sid}', now(), '{$name}', '{$email}', '{$url}', '{$ip}', '{$subject}', '{$comment}', '{$score}', '0', '0')");
include "header.php";
title(_MODERATEDTITLE);
OpenTable();
echo "<center>" . _COMMENTMODERATED . "";
echo "<br><br><a href=\"modules.php?name={$module_name}&file=article&sid={$sid}{$koptions}\">" . _MODERATEDRETURN . "</a>";
CloseTable();
include "footer.php";
fdie();
} elseif ($krow['karma'] == 3) {
Header("Location: modules.php?name={$module_name}&file=article&sid={$sid}{$koptions}");
fdie();
}
}
$db->sql_query("INSERT INTO " . $prefix . "_comments VALUES (NULL, '{$pid}', '{$sid}', now(), '{$name}', '{$email}', '{$url}', '{$ip}', '{$subject}', '{$comment}', '{$score}', '0', '0')");
$db->sql_query("UPDATE " . $prefix . "_stories SET comments=comments+1 WHERE sid='{$sid}'");
update_points(5);
if ($ultramode) {
ultramode();
}
} else {
die("Nice try..");
}
} else {
include "header.php";
echo "According to my records, the topic you are trying " . "to reply to does not exist. If you're just trying to be " . "annoying, well then too bad.";
include "footer.php";
fdie();
}
$options = "";
$options .= "&mode=" . $mode;
$options .= "&order=" . $order;
$options .= "&thold=" . $thold;
Header("Location: modules.php?name={$module_name}&file=article&sid={$sid}{$options}");
}
