function login()
{
global $logged, $permissions;
if ($logged['username']) {
if (!isset($_POST['submit'])) {
echo '
<form method="post" action="">
<table width="100%" class="forum" cellspacing="1" cellpadding="0">
<tr>
<td class="category" colspan="2"><div class="cat_title">Please Login</div></td>
</tr>
<tr>
<td width="100%" class="small_title" colspan="2" align="center"><span>Login in order to be able to manage the admin control panel.</span></td>
</tr>
<tr>
<td width="20%" class="common">Username</td>
<td width="80%" class="common"><input type="text" name="username" /></td>
</tr>
<tr>
<td width="20%" class="common">Password</td>
<td width="80%" class="common"><input type="password" name="password" /></td>
</tr>
<tr>
<td colspan="2" align="center" class="common"><input type="submit" name="submit" value="Login" /></td>
</tr>
</table>
</form>
';
} else {
if (!empty($_POST['username']) and !empty($_POST['password'])) {
$username = htmlspecialchars($_POST['username']);
$password = htmlspecialchars($_POST['password']);
$info = mysql_query("SELECT `salt`,`password`,`level` FROM `users` WHERE `username` = '" . $username . "'") or die(pageerror("SQL Error", "There was an error selecting information from database.", "Sorry there was an error trying to select user hash and user password from the Database."));
$info_ = mysql_fetch_array($info);
if (md5($info_['salt'] . $password) == $info_['password']) {
if ($permissions['admin'] == 't') {
$_SESSION['admin'] = true;
finished("Login Successful", "Your now logged in as an administrator", "You have successfully logged in as admin", "acp.php");
} else {
pageerror("Login Error", "Error logging into the admin panel.", "Sorry, you are not an administrator!");
}
} else {
pageerror("Login Error", "Error logging into the admin panel.", "Sorry, the password was incorrect for this account.");
}
} else {
pageerror("Login Error", "There was an error logging in.", "Sorry, but you left a field blank please go back and try again.");
}
}
} else {
finished("Login Error", "Session not found.", "In order to login to the administration you will need to login to the forums first for security reasons.", "index.php");
}
}
$query = "INSERT INTO `{$GLOBALS['mysql_prefix']}facilities` (\n\t\t\t`name`, `street`, `city`, `state`, `handle`, `icon_str`, `boundary`, `description`, `capab`, `status_id`, `contact_name`, `contact_email`, `contact_phone`, `security_contact`, `security_email`, `security_phone`, `opening_hours`, `access_rules`, `security_reqs`, `pager_p`, `pager_s`, `lat`, `lng`, `type`, `user_id`, `updated` )\n\t\t\tVALUES (" . quote_smart(trim($_POST['frm_name'])) . "," . quote_smart(trim($_POST['frm_street'])) . "," . quote_smart(trim($_POST['frm_city'])) . "," . quote_smart(trim($_POST['frm_state'])) . "," . quote_smart(trim($_POST['frm_handle'])) . "," . quote_smart(trim($_POST['frm_icon_str'])) . "," . quote_smart(trim($_POST['frm_boundary'])) . "," . quote_smart(trim($_POST['frm_descr'])) . "," . quote_smart(trim($_POST['frm_capab'])) . "," . quote_smart(trim($_POST['frm_status_id'])) . "," . quote_smart(trim($_POST['frm_contact_name'])) . "," . quote_smart(trim($_POST['frm_contact_email'])) . "," . quote_smart(trim($_POST['frm_contact_phone'])) . "," . quote_smart(trim($_POST['frm_security_contact'])) . "," . quote_smart(trim($_POST['frm_security_email'])) . "," . quote_smart(trim($_POST['frm_security_phone'])) . "," . quote_smart(trim($_POST['frm_opening_hours'])) . "," . quote_smart(trim($_POST['frm_access_rules'])) . "," . quote_smart(trim($_POST['frm_security_reqs'])) . "," . quote_smart(trim($_POST['frm_pager_p'])) . "," . quote_smart(trim($_POST['frm_pager_s'])) . "," . $frm_lat . "," . $frm_lng . "," . quote_smart(trim($_POST['frm_type'])) . "," . quote_smart(trim($_SESSION['user_id'])) . "," . quote_smart(trim($now)) . ");";
$result = mysql_query($query) or do_error($query, 'mysql_query() failed', mysql_error(), __FILE__, __LINE__);
$new_id = mysql_insert_id();
$status_id = $_POST['frm_status_id'];
//4/14/11
foreach ($_POST['frm_group'] as $grp_val) {
// 6/10/11
if (test_allocates($new_id, $grp_val, 3)) {
$query_a = "INSERT INTO `{$GLOBALS['mysql_prefix']}allocates` (`group` , `type`, `al_as_of` , `al_status` , `resource_id` , `sys_comments` , `user_id`) VALUES \n\t\t\t\t\t({$grp_val}, 3, '{$now}', {$status_id}, {$new_id}, 'Allocated to Group' , {$by})";
$result_a = mysql_query($query_a) or do_error($query_a, 'mysql query failed', mysql_error(), basename(__FILE__), __LINE__);
}
}
do_log($GLOBALS['LOG_FACILITY_ADD'], 0, mysql_insert_id(), $_POST['frm_status_id']);
// 2/17/11
$caption = "<B>Facility <i>" . stripslashes_deep($_POST['frm_name']) . "</i> data has been updated.</B><BR /><BR />";
finished($caption);
// wrap it up
}
// end if ($_getgoadd == 'true')
// add ===========================================================================================================================
// add ===========================================================================================================================
// add ===========================================================================================================================
if ($_getadd == 'true') {
print do_calls();
// call signs to JS array for validation
?>
</HEAD>
<BODY onLoad = "ck_frames();" onUnload="GUnload()">
<A NAME='top'> <!-- 11/11/09 -->
<?php
require_once './incs/links.inc.php';
function do_register_2($TOS)
{
global $logged;
if (!$logged['username']) {
if (!isset($_POST['register'])) {
$Temp = new Template();
$Temp->dir = $logged['dskin'];
$Temp->file = 'register.tpl';
$Temp->tp();
$Temp->tr(array("TOS" => $TOS));
echo $Temp->html;
} else {
$captcha_value = $_POST['verify'];
$captcha = $_SESSION['captchastr'];
$email = htmlspecialchars($_POST['email']);
$email2 = htmlspecialchars($_POST['email2']);
$pass = htmlspecialchars($_POST['password']);
$pass2 = $_POST['password2'];
$username = htmlspecialchars($_POST['name']);
$user = mysql_query("SELECT * FROM `users` WHERE `username` = '" . $username . "' ");
$user = mysql_num_rows($user);
$TOSz = $_POST['TOS'];
if ($user != 0) {
die(pageerror("Registration Error", "There was an error in registering!", "User name already exists please try a new name!"));
} elseif ($captcha_value != $captcha) {
die(pageerror("Registration Error", "There was an error in registering!", "Your verification characters were incorrect. Please go back and try again. If you can't see the characters, refresh else contact the administrator."));
} elseif (empty($username) || empty($pass) || empty($pass2) || empty($email) || empty($email2)) {
die(pageerror("Registration Error", "There was an error in registering!", "There was a input left empty please go back and try again!"));
} elseif (!isset($TOSz)) {
die(pageerror("Registration Error", "There was an error in registering!", "In order to register on this site you must agree to TOS!"));
}
$ip = $_SERVER["REMOTE_ADDR"];
$salt = substr(md5(uniqid(rand(), true)), 0, 5);
$hash = md5($salt . $pass);
$online = time();
$timezone = intval(htmlspecialchars($_POST['timezone']));
$new_user = mysql_query("INSERT INTO `users` (`username`,`password`,`email`,`ip`,`salt`,`online`,`timezone`) VALUES('" . $username . "','" . $hash . "','" . $email . "','" . $ip . "','" . $salt . "','" . $online . "','" . $timezone . "') ") or die(pageerror("Registration Error", "There was an error in registering!", "Something went wrong in the database please contact administrator!"));
$users = mysql_query("SELECT `id` FROM `users` ORDER BY `id` DESC LIMIT 1");
$users = mysql_fetch_array($users);
$_SESSION['uid'] = $users['id'];
$_SESSION['upass'] = htmlspecialchars($hash);
finished("Registered Sucessfully!", $username . " now Logged in!", "Thank you now you are now logged in and Registered!", "index.php");
}
} else {
finished("Register Error", "Error registering in.", "Sorry, but you are already logged in. Please logout before you can reregister.", "index.php");
}
}
function moderator()
{
//global vars
global $logged, $permissions;
//set up permissions id's and type id's
$id = intval(htmlspecialchars(trim(strip_tags($_GET['id']))));
$type = htmlspecialchars(trim(strip_tags($_GET['type'])));
$tid = intval(htmlspecialchars($_GET['tid']));
$posts = htmlspecialchars($_GET['post']);
//check what type and modes where in
switch ($type) {
case "edit":
switch ($posts) {
case "topic":
echo "TOPIC";
//gets topic data from database
$tdata_ = mysql_query("SELECT * FROM `topics` WHERE `id` = '" . $id . "' ");
$tdata = mysql_fetch_array($tdata_);
//if they don't have permission
if (($permissions['e_topic'] != 't' and $logged['username'] != $tdata['username']) || $permissions['admin'] != 't') {
logs("Invalid User", "1");
pageerror("Topic Error", "There was an error editing topic.", "You don't have permissions to edit this topic!");
}
if (!isset($_POST['newtopic'])) {
$Temp = new Template();
$Temp->dir = $logged['dskin'];
$Temp->file = "newtopic.tpl";
$Temp->tp();
$Temp->tr(array('TOPIC_NAME' => 'Edit Topic', 'TITLE' => $tdata['title'], 'DESC' => $tdata['description'], 'POST' => '', '<<HIDE>>' => '<!--', '<<HIDE_2>>' => '-->'));
echo $Temp->html;
} else {
if (empty($_POST['title'])) {
pageerror("Topic Error", "There was an error editing topic", "Please check your post because you left the topic post or topic title blank!");
} else {
$ttitle = htmlspecialchars($_POST['title']);
$description = htmlspecialchars($_POST['tdesc']);
$ndata = @mysql_query("UPDATE `topics` SET `description` = '" . $description . "', `title` = '" . $ttitle . "' WHERE `id` = '" . $id . "' ");
if (!$ndata) {
pageerror("Topic Error", "There was an error editing topic", "There was an error updating sql: " . mysql_error());
}
finished("Topic Updated!", "Current Topic was Updated!", "Thank you now your topic was sucessfully updated.", "index.php?act=topicshow&id=" . $id);
}
}
break;
case "reply":
//Selects reply data from db
$pdata_ = mysql_query("SELECT * FROM `replies` WHERE `id` = '" . $id . "' ");
$pdata = mysql_fetch_array($pdata_);
if ($permissions['e_post'] != 't' and $logged['username'] != $pdata['username'] or $permissions['admin'] != 't') {
logs("Invalid User", "1");
pageerror("Reply Error", "There was an error editing reply.", "You don't have permissions to edit this post!");
}
if (!isset($_POST['newreply'])) {
$Temp = new Template();
$Temp->dir = $logged['dskin'];
$Temp->file = "newreply.tpl";
$Temp->tp();
$Temp->tr(array('POST' => $pdata['post'], 'NAME' => "Edit Reply"));
echo $Temp->html;
} else {
$rpost = htmlspecialchars($_POST['post']);
if (empty($_POST['post'])) {
pageerror("Reply Error", "There was an error editing reply.", "You left the post field blank please go back and check again!");
} else {
$pdata = @mysql_query("UPDATE `replies` SET `post` = '" . $rpost . "' WHERE `id` = '" . $id . "' ");
if (!$pdata) {
pageerror("Reply Error", "There was an error editing reply.", "There was an sql error: " . mysql_error());
}
finished("Reply Updated!", "Current Post was Updated!", "Thank you now your reply was sucessfully updated.", "index.php?act=topicshow&id=" . $tid);
}
}
break;
}
break;
case "delete":
//Checks if user has permissiosn
if ($permissions['d_post'] != 't') {
logs("Invalid User", "1");
pageerror("Topic Error", "There was an error opening topic.", "You don't have permissions to open this topic!");
}
switch ($posts) {
case "reply":
if (!isset($_POST['submit'])) {
$Temp = new Template();
$Temp->dir = $logged['dskin'];
$Temp->file = "mode_delete.tpl";
$Temp->tp();
echo $Temp->html;
} else {
if (isset($_POST['del'])) {
if (mysql_query("DELETE FROM `replies` WHERE `id` = '" . $id . "'")) {
finished("Post deleted Successfully", "", "Your post was deleted successfully, please wait while your being redirected.", "index.php?act=topicshow&id=" . $tid);
} else {
pageerror("Deletion Error", "", "There was a problem deleting post, please contact the NevuxAB Support Tech.");
}
} else {
finished("Post Message", "", "No action was taken, please wait while your being redirected.", "index.php?act=topicshow&id=" . $tid);
}
}
break;
}
break;
case "opentopic":
if ($permissions['o_topic'] != 't') {
logs("Invalid User", "1");
pageerror("Topic Error", "There was an error opening topic.", "You don't have permissions to open this topic!");
}
$otopic = mysql_query("SELECT `closed` FROM `topics` WHERE `id` = '" . $tid . "' ");
$otopic = mysql_fetch_array($otopic);
if ($otopic['closed'] == 1) {
pageerror("Topic Error", "", "Topic is already Opened!");
} else {
$topic_update = mysql_query("UPDATE `topics` SET `closed` = '1' WHERE `id` = '" . $tid . "' ");
if (!$topic_update) {
pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error());
}
finished("Topic Updated!", "Current Topic was Pinned!", "Thank you now your topic was sucessfully opened.", "index.php?act=topicshow&id=" . $tid);
}
break;
case "closetopic":
if ($permissions['c_topic'] != 't') {
logs("Invalid User", "1");
pageerror("Topic Error", "There was an error closing topic.", "You don't have permissions to close this topic!");
}
$ctopic = mysql_query("SELECT `closed` FROM `topics` WHERE `id` = '" . $tid . "' ");
$ctopic = mysql_fetch_array($ctopic);
if ($ctopic['closed'] == 0) {
pageerror("Topic Error", "", "Topic is already closed!");
} else {
$topic_update = mysql_query("UPDATE `topics` SET `closed` = '0' WHERE `id` = '" . $tid . "' ");
if (!$topic_update) {
pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error());
}
finished("Topic Updated!", "Current Topic was Closed!", "Thank you now your topic was sucessfully Closed.", "index.php?act=topicshow&id=" . $tid);
}
break;
case "sticktopic":
if ($permissions['topic_pin'] != 't') {
logs("Invalid User", "1");
pageerror("Topic Error", "There was an error Pinning topic.", "You don't have permissions to Pin this topic!");
}
$stopic = mysql_query("SELECT `sticky` FROM `topics` WHERE `id` = '" . $tid . "' ");
$stopic = mysql_fetch_array($stopic);
if ($stopic['sticky'] == 0) {
pageerror("Topic Error", "", "Topic is already Pinned!");
} else {
$topic_update = mysql_query("UPDATE `topics` SET `sticky` = '0' WHERE `id` = '" . $tid . "' ");
if (!$topic_update) {
pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error());
}
finished("Topic Updated!", "Current Topic was Pinned!", "Thank you now your topic was sucessfully Pinned.", "index.php?act=topicshow&id=" . $tid);
}
break;
case "unsticktopic":
if ($permissions['topic_pin'] != 't') {
logs("Invalid User", "1");
pageerror("Topic Error", "There was an error Un-Pinning topic.", "You don't have permissions to Un-Pin this topic!");
}
$ustopic = mysql_query("SELECT `sticky` FROM `topics` WHERE `id` = '" . $tid . "' ");
$ustopic = mysql_fetch_array($ustopic);
if ($ustopic['sticky'] == 1) {
pageerror("Topic Error", "", "Topic is already Un-Pinned!");
} else {
$topic_update = mysql_query("UPDATE topics SET sticky = '1' WHERE `id` = '" . $tid . "' ");
if (!$topic_update) {
pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error());
}
finished("Topic Updated!", "Current Topic was Un-Pinned!", "Thank you now your topic was sucessfully Un-Pinned.", "index.php?act=topicshow&id={$tid}");
}
break;
case "move":
if ($permissions['m_topic'] != 't') {
logs("Invalid User", "1");
pageerror("Topic Error", "There was an error moving topic.", "You don't have permissions to move this topic!");
}
$nparent = htmlspecialchars($_POST['to']);
if (isset($_POST['update'])) {
$topic_update = mysql_query("UPDATE `topics` SET `fid` = '" . $nparent . "' WHERE `id` = '" . $id . "'");
if (!$topic_update) {
pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error());
}
finished("Topic Updated!", "Current Topic was Pinned!", "Thank you now your topic was moved sucessfully.", "index.php?act=topicshow&id=" . $id);
} else {
$gettopics = mysql_query("SELECT * FROM `forums` ORDER BY `id` ASC");
$values = "";
while ($showtopics = MySQL_Fetch_Array($gettopics)) {
$values .= "<option value='" . $showtopics['id'] . "'>" . $showtopics['title'] . "</option>";
}
$Temp = new Template();
$Temp->dir = $logged['dskin'];
$Temp->file = "mode_move.tpl";
$Temp->tp();
$Temp->tr(array('OPTIONS' => $values));
echo $Temp->html;
}
break;
}
}
function RUN_Newtopic()
{
global $logged, $permissions;
if (is_numeric($_GET['id']) and !empty($_GET['id'])) {
$id = intval(htmlspecialchars($_GET['id']));
} else {
pageerror("Topic Error", "", "Sorry, but there wasn't a forum id present.");
}
if (!getFP($id, 3)) {
pageerror("Permission Error", "", "Sorry, but you don't have permissions to post a new topic.");
}
if (check_forum_lock($id) and $permissions['admin'] != 't') {
pageerror("Forum Locked", "", "Sorry, you can't post a topic in here because this forum is locked");
} else {
$post = htmlspecialchars($_POST['post']);
$ttitle = htmlspecialchars($_POST['title']);
$tdesc = htmlspecialchars($_POST['tdesc']);
$time = time();
if (!isset($_POST['newtopic'])) {
$Temp = new Template();
$Temp->dir = $logged['dskin'];
$Temp->file = "newtopic.tpl";
$Temp->tp();
$Temp->tr(array('TOPIC_NAME' => 'New Topic', 'TITLE' => '', 'DESC' => '', 'POST' => '', '<<HIDE>>' => '', '<<HIDE_2>>' => ''));
echo $Temp->html;
} else {
if (!$logged['username']) {
pageerror("Topic Error", "There was an error creating topic", "You don't have permissions to post a new topic!");
}
if (empty($post)) {
pageerror("Topic Error", "There was an error creating topic", "Please check your post because you left the topic post blank!");
} elseif (empty($ttitle)) {
pageerror("Topic Error", "There was an error creating topic", "Please check your post because you left the topic title blank!");
} else {
update_post_count();
$newtopic = mysql_query("INSERT INTO `topics`(`fid`,`date`,`timestamp`,`title`,`username`,`description`) VALUES('" . $id . "','" . $time . "','" . $time . "','" . $ttitle . "','" . $logged['username'] . "','" . $tdesc . "')") or die(pageerror("Topic Error", "Something went wrong in SQL", "Sorry, but your topic couldn't be created please contact the administrator with this error"));
$nreply = mysql_query("SELECT `id` FROM `topics` ORDER BY `id` DESC LIMIT 1") or die("ERROR");
$nreply = mysql_fetch_array($nreply);
finished("Topic Created!", "New Topic was Created!", "Thank you now your topic was sucessfully created.", "index.php?act=topicshow&id=" . $nreply['id']);
$new_reply = mysql_query("INSERT INTO `replies` (`tid`,`post`,`username`,`date`) VALUES('" . $nreply['id'] . "','" . $post . "','" . $logged['username'] . "','" . $time . "')") or die(pageerror("Reply Error", "There was a problem adding reply", "Something went wrong adding new reply"));
}
}
}
}