function login() { global $logged, $permissions; if ($logged['username']) { if (!isset($_POST['submit'])) { echo ' <form method="post" action=""> <table width="100%" class="forum" cellspacing="1" cellpadding="0"> <tr> <td class="category" colspan="2"><div class="cat_title">Please Login</div></td> </tr> <tr> <td width="100%" class="small_title" colspan="2" align="center"><span>Login in order to be able to manage the admin control panel.</span></td> </tr> <tr> <td width="20%" class="common">Username</td> <td width="80%" class="common"><input type="text" name="username" /></td> </tr> <tr> <td width="20%" class="common">Password</td> <td width="80%" class="common"><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" align="center" class="common"><input type="submit" name="submit" value="Login" /></td> </tr> </table> </form> '; } else { if (!empty($_POST['username']) and !empty($_POST['password'])) { $username = htmlspecialchars($_POST['username']); $password = htmlspecialchars($_POST['password']); $info = mysql_query("SELECT `salt`,`password`,`level` FROM `users` WHERE `username` = '" . $username . "'") or die(pageerror("SQL Error", "There was an error selecting information from database.", "Sorry there was an error trying to select user hash and user password from the Database.")); $info_ = mysql_fetch_array($info); if (md5($info_['salt'] . $password) == $info_['password']) { if ($permissions['admin'] == 't') { $_SESSION['admin'] = true; finished("Login Successful", "Your now logged in as an administrator", "You have successfully logged in as admin", "acp.php"); } else { pageerror("Login Error", "Error logging into the admin panel.", "Sorry, you are not an administrator!"); } } else { pageerror("Login Error", "Error logging into the admin panel.", "Sorry, the password was incorrect for this account."); } } else { pageerror("Login Error", "There was an error logging in.", "Sorry, but you left a field blank please go back and try again."); } } } else { finished("Login Error", "Session not found.", "In order to login to the administration you will need to login to the forums first for security reasons.", "index.php"); } }
$query = "INSERT INTO `{$GLOBALS['mysql_prefix']}facilities` (\n\t\t\t`name`, `street`, `city`, `state`, `handle`, `icon_str`, `boundary`, `description`, `capab`, `status_id`, `contact_name`, `contact_email`, `contact_phone`, `security_contact`, `security_email`, `security_phone`, `opening_hours`, `access_rules`, `security_reqs`, `pager_p`, `pager_s`, `lat`, `lng`, `type`, `user_id`, `updated` )\n\t\t\tVALUES (" . quote_smart(trim($_POST['frm_name'])) . "," . quote_smart(trim($_POST['frm_street'])) . "," . quote_smart(trim($_POST['frm_city'])) . "," . quote_smart(trim($_POST['frm_state'])) . "," . quote_smart(trim($_POST['frm_handle'])) . "," . quote_smart(trim($_POST['frm_icon_str'])) . "," . quote_smart(trim($_POST['frm_boundary'])) . "," . quote_smart(trim($_POST['frm_descr'])) . "," . quote_smart(trim($_POST['frm_capab'])) . "," . quote_smart(trim($_POST['frm_status_id'])) . "," . quote_smart(trim($_POST['frm_contact_name'])) . "," . quote_smart(trim($_POST['frm_contact_email'])) . "," . quote_smart(trim($_POST['frm_contact_phone'])) . "," . quote_smart(trim($_POST['frm_security_contact'])) . "," . quote_smart(trim($_POST['frm_security_email'])) . "," . quote_smart(trim($_POST['frm_security_phone'])) . "," . quote_smart(trim($_POST['frm_opening_hours'])) . "," . quote_smart(trim($_POST['frm_access_rules'])) . "," . quote_smart(trim($_POST['frm_security_reqs'])) . "," . quote_smart(trim($_POST['frm_pager_p'])) . "," . quote_smart(trim($_POST['frm_pager_s'])) . "," . $frm_lat . "," . $frm_lng . "," . quote_smart(trim($_POST['frm_type'])) . "," . quote_smart(trim($_SESSION['user_id'])) . "," . quote_smart(trim($now)) . ");"; $result = mysql_query($query) or do_error($query, 'mysql_query() failed', mysql_error(), __FILE__, __LINE__); $new_id = mysql_insert_id(); $status_id = $_POST['frm_status_id']; //4/14/11 foreach ($_POST['frm_group'] as $grp_val) { // 6/10/11 if (test_allocates($new_id, $grp_val, 3)) { $query_a = "INSERT INTO `{$GLOBALS['mysql_prefix']}allocates` (`group` , `type`, `al_as_of` , `al_status` , `resource_id` , `sys_comments` , `user_id`) VALUES \n\t\t\t\t\t({$grp_val}, 3, '{$now}', {$status_id}, {$new_id}, 'Allocated to Group' , {$by})"; $result_a = mysql_query($query_a) or do_error($query_a, 'mysql query failed', mysql_error(), basename(__FILE__), __LINE__); } } do_log($GLOBALS['LOG_FACILITY_ADD'], 0, mysql_insert_id(), $_POST['frm_status_id']); // 2/17/11 $caption = "<B>Facility <i>" . stripslashes_deep($_POST['frm_name']) . "</i> data has been updated.</B><BR /><BR />"; finished($caption); // wrap it up } // end if ($_getgoadd == 'true') // add =========================================================================================================================== // add =========================================================================================================================== // add =========================================================================================================================== if ($_getadd == 'true') { print do_calls(); // call signs to JS array for validation ?> </HEAD> <BODY onLoad = "ck_frames();" onUnload="GUnload()"> <A NAME='top'> <!-- 11/11/09 --> <?php require_once './incs/links.inc.php';
function do_register_2($TOS) { global $logged; if (!$logged['username']) { if (!isset($_POST['register'])) { $Temp = new Template(); $Temp->dir = $logged['dskin']; $Temp->file = 'register.tpl'; $Temp->tp(); $Temp->tr(array("TOS" => $TOS)); echo $Temp->html; } else { $captcha_value = $_POST['verify']; $captcha = $_SESSION['captchastr']; $email = htmlspecialchars($_POST['email']); $email2 = htmlspecialchars($_POST['email2']); $pass = htmlspecialchars($_POST['password']); $pass2 = $_POST['password2']; $username = htmlspecialchars($_POST['name']); $user = mysql_query("SELECT * FROM `users` WHERE `username` = '" . $username . "' "); $user = mysql_num_rows($user); $TOSz = $_POST['TOS']; if ($user != 0) { die(pageerror("Registration Error", "There was an error in registering!", "User name already exists please try a new name!")); } elseif ($captcha_value != $captcha) { die(pageerror("Registration Error", "There was an error in registering!", "Your verification characters were incorrect. Please go back and try again. If you can't see the characters, refresh else contact the administrator.")); } elseif (empty($username) || empty($pass) || empty($pass2) || empty($email) || empty($email2)) { die(pageerror("Registration Error", "There was an error in registering!", "There was a input left empty please go back and try again!")); } elseif (!isset($TOSz)) { die(pageerror("Registration Error", "There was an error in registering!", "In order to register on this site you must agree to TOS!")); } $ip = $_SERVER["REMOTE_ADDR"]; $salt = substr(md5(uniqid(rand(), true)), 0, 5); $hash = md5($salt . $pass); $online = time(); $timezone = intval(htmlspecialchars($_POST['timezone'])); $new_user = mysql_query("INSERT INTO `users` (`username`,`password`,`email`,`ip`,`salt`,`online`,`timezone`) VALUES('" . $username . "','" . $hash . "','" . $email . "','" . $ip . "','" . $salt . "','" . $online . "','" . $timezone . "') ") or die(pageerror("Registration Error", "There was an error in registering!", "Something went wrong in the database please contact administrator!")); $users = mysql_query("SELECT `id` FROM `users` ORDER BY `id` DESC LIMIT 1"); $users = mysql_fetch_array($users); $_SESSION['uid'] = $users['id']; $_SESSION['upass'] = htmlspecialchars($hash); finished("Registered Sucessfully!", $username . " now Logged in!", "Thank you now you are now logged in and Registered!", "index.php"); } } else { finished("Register Error", "Error registering in.", "Sorry, but you are already logged in. Please logout before you can reregister.", "index.php"); } }
function moderator() { //global vars global $logged, $permissions; //set up permissions id's and type id's $id = intval(htmlspecialchars(trim(strip_tags($_GET['id'])))); $type = htmlspecialchars(trim(strip_tags($_GET['type']))); $tid = intval(htmlspecialchars($_GET['tid'])); $posts = htmlspecialchars($_GET['post']); //check what type and modes where in switch ($type) { case "edit": switch ($posts) { case "topic": echo "TOPIC"; //gets topic data from database $tdata_ = mysql_query("SELECT * FROM `topics` WHERE `id` = '" . $id . "' "); $tdata = mysql_fetch_array($tdata_); //if they don't have permission if (($permissions['e_topic'] != 't' and $logged['username'] != $tdata['username']) || $permissions['admin'] != 't') { logs("Invalid User", "1"); pageerror("Topic Error", "There was an error editing topic.", "You don't have permissions to edit this topic!"); } if (!isset($_POST['newtopic'])) { $Temp = new Template(); $Temp->dir = $logged['dskin']; $Temp->file = "newtopic.tpl"; $Temp->tp(); $Temp->tr(array('TOPIC_NAME' => 'Edit Topic', 'TITLE' => $tdata['title'], 'DESC' => $tdata['description'], 'POST' => '', '<<HIDE>>' => '<!--', '<<HIDE_2>>' => '-->')); echo $Temp->html; } else { if (empty($_POST['title'])) { pageerror("Topic Error", "There was an error editing topic", "Please check your post because you left the topic post or topic title blank!"); } else { $ttitle = htmlspecialchars($_POST['title']); $description = htmlspecialchars($_POST['tdesc']); $ndata = @mysql_query("UPDATE `topics` SET `description` = '" . $description . "', `title` = '" . $ttitle . "' WHERE `id` = '" . $id . "' "); if (!$ndata) { pageerror("Topic Error", "There was an error editing topic", "There was an error updating sql: " . mysql_error()); } finished("Topic Updated!", "Current Topic was Updated!", "Thank you now your topic was sucessfully updated.", "index.php?act=topicshow&id=" . $id); } } break; case "reply": //Selects reply data from db $pdata_ = mysql_query("SELECT * FROM `replies` WHERE `id` = '" . $id . "' "); $pdata = mysql_fetch_array($pdata_); if ($permissions['e_post'] != 't' and $logged['username'] != $pdata['username'] or $permissions['admin'] != 't') { logs("Invalid User", "1"); pageerror("Reply Error", "There was an error editing reply.", "You don't have permissions to edit this post!"); } if (!isset($_POST['newreply'])) { $Temp = new Template(); $Temp->dir = $logged['dskin']; $Temp->file = "newreply.tpl"; $Temp->tp(); $Temp->tr(array('POST' => $pdata['post'], 'NAME' => "Edit Reply")); echo $Temp->html; } else { $rpost = htmlspecialchars($_POST['post']); if (empty($_POST['post'])) { pageerror("Reply Error", "There was an error editing reply.", "You left the post field blank please go back and check again!"); } else { $pdata = @mysql_query("UPDATE `replies` SET `post` = '" . $rpost . "' WHERE `id` = '" . $id . "' "); if (!$pdata) { pageerror("Reply Error", "There was an error editing reply.", "There was an sql error: " . mysql_error()); } finished("Reply Updated!", "Current Post was Updated!", "Thank you now your reply was sucessfully updated.", "index.php?act=topicshow&id=" . $tid); } } break; } break; case "delete": //Checks if user has permissiosn if ($permissions['d_post'] != 't') { logs("Invalid User", "1"); pageerror("Topic Error", "There was an error opening topic.", "You don't have permissions to open this topic!"); } switch ($posts) { case "reply": if (!isset($_POST['submit'])) { $Temp = new Template(); $Temp->dir = $logged['dskin']; $Temp->file = "mode_delete.tpl"; $Temp->tp(); echo $Temp->html; } else { if (isset($_POST['del'])) { if (mysql_query("DELETE FROM `replies` WHERE `id` = '" . $id . "'")) { finished("Post deleted Successfully", "", "Your post was deleted successfully, please wait while your being redirected.", "index.php?act=topicshow&id=" . $tid); } else { pageerror("Deletion Error", "", "There was a problem deleting post, please contact the NevuxAB Support Tech."); } } else { finished("Post Message", "", "No action was taken, please wait while your being redirected.", "index.php?act=topicshow&id=" . $tid); } } break; } break; case "opentopic": if ($permissions['o_topic'] != 't') { logs("Invalid User", "1"); pageerror("Topic Error", "There was an error opening topic.", "You don't have permissions to open this topic!"); } $otopic = mysql_query("SELECT `closed` FROM `topics` WHERE `id` = '" . $tid . "' "); $otopic = mysql_fetch_array($otopic); if ($otopic['closed'] == 1) { pageerror("Topic Error", "", "Topic is already Opened!"); } else { $topic_update = mysql_query("UPDATE `topics` SET `closed` = '1' WHERE `id` = '" . $tid . "' "); if (!$topic_update) { pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error()); } finished("Topic Updated!", "Current Topic was Pinned!", "Thank you now your topic was sucessfully opened.", "index.php?act=topicshow&id=" . $tid); } break; case "closetopic": if ($permissions['c_topic'] != 't') { logs("Invalid User", "1"); pageerror("Topic Error", "There was an error closing topic.", "You don't have permissions to close this topic!"); } $ctopic = mysql_query("SELECT `closed` FROM `topics` WHERE `id` = '" . $tid . "' "); $ctopic = mysql_fetch_array($ctopic); if ($ctopic['closed'] == 0) { pageerror("Topic Error", "", "Topic is already closed!"); } else { $topic_update = mysql_query("UPDATE `topics` SET `closed` = '0' WHERE `id` = '" . $tid . "' "); if (!$topic_update) { pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error()); } finished("Topic Updated!", "Current Topic was Closed!", "Thank you now your topic was sucessfully Closed.", "index.php?act=topicshow&id=" . $tid); } break; case "sticktopic": if ($permissions['topic_pin'] != 't') { logs("Invalid User", "1"); pageerror("Topic Error", "There was an error Pinning topic.", "You don't have permissions to Pin this topic!"); } $stopic = mysql_query("SELECT `sticky` FROM `topics` WHERE `id` = '" . $tid . "' "); $stopic = mysql_fetch_array($stopic); if ($stopic['sticky'] == 0) { pageerror("Topic Error", "", "Topic is already Pinned!"); } else { $topic_update = mysql_query("UPDATE `topics` SET `sticky` = '0' WHERE `id` = '" . $tid . "' "); if (!$topic_update) { pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error()); } finished("Topic Updated!", "Current Topic was Pinned!", "Thank you now your topic was sucessfully Pinned.", "index.php?act=topicshow&id=" . $tid); } break; case "unsticktopic": if ($permissions['topic_pin'] != 't') { logs("Invalid User", "1"); pageerror("Topic Error", "There was an error Un-Pinning topic.", "You don't have permissions to Un-Pin this topic!"); } $ustopic = mysql_query("SELECT `sticky` FROM `topics` WHERE `id` = '" . $tid . "' "); $ustopic = mysql_fetch_array($ustopic); if ($ustopic['sticky'] == 1) { pageerror("Topic Error", "", "Topic is already Un-Pinned!"); } else { $topic_update = mysql_query("UPDATE topics SET sticky = '1' WHERE `id` = '" . $tid . "' "); if (!$topic_update) { pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error()); } finished("Topic Updated!", "Current Topic was Un-Pinned!", "Thank you now your topic was sucessfully Un-Pinned.", "index.php?act=topicshow&id={$tid}"); } break; case "move": if ($permissions['m_topic'] != 't') { logs("Invalid User", "1"); pageerror("Topic Error", "There was an error moving topic.", "You don't have permissions to move this topic!"); } $nparent = htmlspecialchars($_POST['to']); if (isset($_POST['update'])) { $topic_update = mysql_query("UPDATE `topics` SET `fid` = '" . $nparent . "' WHERE `id` = '" . $id . "'"); if (!$topic_update) { pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error()); } finished("Topic Updated!", "Current Topic was Pinned!", "Thank you now your topic was moved sucessfully.", "index.php?act=topicshow&id=" . $id); } else { $gettopics = mysql_query("SELECT * FROM `forums` ORDER BY `id` ASC"); $values = ""; while ($showtopics = MySQL_Fetch_Array($gettopics)) { $values .= "<option value='" . $showtopics['id'] . "'>" . $showtopics['title'] . "</option>"; } $Temp = new Template(); $Temp->dir = $logged['dskin']; $Temp->file = "mode_move.tpl"; $Temp->tp(); $Temp->tr(array('OPTIONS' => $values)); echo $Temp->html; } break; } }
function RUN_Newtopic() { global $logged, $permissions; if (is_numeric($_GET['id']) and !empty($_GET['id'])) { $id = intval(htmlspecialchars($_GET['id'])); } else { pageerror("Topic Error", "", "Sorry, but there wasn't a forum id present."); } if (!getFP($id, 3)) { pageerror("Permission Error", "", "Sorry, but you don't have permissions to post a new topic."); } if (check_forum_lock($id) and $permissions['admin'] != 't') { pageerror("Forum Locked", "", "Sorry, you can't post a topic in here because this forum is locked"); } else { $post = htmlspecialchars($_POST['post']); $ttitle = htmlspecialchars($_POST['title']); $tdesc = htmlspecialchars($_POST['tdesc']); $time = time(); if (!isset($_POST['newtopic'])) { $Temp = new Template(); $Temp->dir = $logged['dskin']; $Temp->file = "newtopic.tpl"; $Temp->tp(); $Temp->tr(array('TOPIC_NAME' => 'New Topic', 'TITLE' => '', 'DESC' => '', 'POST' => '', '<<HIDE>>' => '', '<<HIDE_2>>' => '')); echo $Temp->html; } else { if (!$logged['username']) { pageerror("Topic Error", "There was an error creating topic", "You don't have permissions to post a new topic!"); } if (empty($post)) { pageerror("Topic Error", "There was an error creating topic", "Please check your post because you left the topic post blank!"); } elseif (empty($ttitle)) { pageerror("Topic Error", "There was an error creating topic", "Please check your post because you left the topic title blank!"); } else { update_post_count(); $newtopic = mysql_query("INSERT INTO `topics`(`fid`,`date`,`timestamp`,`title`,`username`,`description`) VALUES('" . $id . "','" . $time . "','" . $time . "','" . $ttitle . "','" . $logged['username'] . "','" . $tdesc . "')") or die(pageerror("Topic Error", "Something went wrong in SQL", "Sorry, but your topic couldn't be created please contact the administrator with this error")); $nreply = mysql_query("SELECT `id` FROM `topics` ORDER BY `id` DESC LIMIT 1") or die("ERROR"); $nreply = mysql_fetch_array($nreply); finished("Topic Created!", "New Topic was Created!", "Thank you now your topic was sucessfully created.", "index.php?act=topicshow&id=" . $nreply['id']); $new_reply = mysql_query("INSERT INTO `replies` (`tid`,`post`,`username`,`date`) VALUES('" . $nreply['id'] . "','" . $post . "','" . $logged['username'] . "','" . $time . "')") or die(pageerror("Reply Error", "There was a problem adding reply", "Something went wrong adding new reply")); } } } }