$redirect = "edit_wordfilter.php?webtag={$webtag}&addfilter=true";
header_redirect($redirect);
exit;
}
}
}
}
}
if (isset($_GET['addfilter']) || isset($_POST['addfilter'])) {
html_draw_top(sprintf('title=%s', gettext("My Controls - Edit Word Filter")), 'class=window_title');
echo "<h1>", gettext("Edit Word Filter"), "</h1>\n";
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
html_display_error_array($error_msg_array, '600', 'left');
} else {
if (user_get_word_filter_count() > 19) {
html_display_error_msg(gettext("You cannot add any more word filters. Remove some unused ones or edit the existing ones first."), '600', 'left');
}
}
echo "<br />\n";
echo "<form accept-charset=\"utf-8\" name=\"startpage\" method=\"post\" action=\"edit_wordfilter.php\">\n";
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " ", form_input_hidden('addfilter', 'true'), "\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"600\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " <table class=\"box\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"posthead\">\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"subhead\">", gettext("Add New Word Filter"), "</td>\n";
$admin_user_array = admin_user_get_all($sort_by, $sort_dir, $filter, $page);
}
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
html_display_error_array($error_msg_array, '86%', 'center');
} else {
if (isset($_GET['kicked'])) {
html_display_success_msg(gettext("Successfully ended sessions for selected users"), '86%', 'center');
} else {
if (isset($_GET['approved'])) {
html_display_success_msg(gettext("Successfully approved selected users"), '86%', 'center');
} else {
if (sizeof($admin_user_array['user_array']) < 1) {
if (isset($user_search) && strlen($user_search) > 0) {
html_display_error_msg(gettext("Your search did not return any matches. Try simplifying your search parameters and try again."), '86%', 'center');
} else {
html_display_error_msg(gettext("No user accounts matching filter"), '86%', 'center');
}
} else {
html_display_warning_msg(sprintf(gettext("This list shows a selection of users who have logged on to your forum, sorted by %s. To alter a user's permissions click their name."), htmlentities_array($sort_by_array[$sort_by])), '86%', 'center');
}
}
}
}
echo "<br />\n";
echo "<div align=\"center\">\n";
echo "<form accept-charset=\"utf-8\" action=\"admin_users.php\" method=\"post\">\n";
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " ", form_input_hidden('user_search', htmlentities_array($user_search)), "\n";
echo " ", form_input_hidden("sort_by", htmlentities_array($sort_by)), "\n";
echo " ", form_input_hidden("sort_dir", htmlentities_array($sort_dir)), "\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"86%\">\n";
html_draw_error(gettext("The requested thread could not be found or access was denied."));
}
if (!thread_is_poll($tid) || $pid != 1) {
$uri = "discussion.php?webtag={$webtag}";
if (isset($_GET['msg']) && validate_msg($_GET['msg'])) {
$uri .= "&msg=" . $_GET['msg'];
} else {
if (isset($_POST['msg']) && validate_msg($_POST['msg'])) {
$uri .= "&msg=" . $_POST['msg'];
}
}
header_redirect($uri);
}
if (!($edit_message = messages_get($tid, 1, 1))) {
html_draw_top(sprintf("title=%s", gettext("Error")));
html_display_error_msg(gettext("That post does not exist in this thread!"));
html_draw_bottom();
exit;
}
$post_edit_time = forum_get_setting('post_edit_time', null, 0);
$uid = session::get_value('UID');
if ((forum_get_setting('allow_post_editing', 'N') || $uid != $edit_message['FROM_UID'] && !(perm_get_user_permissions($edit_message['FROM_UID']) & USER_PERM_PILLORIED) || session::check_perm(USER_PERM_PILLORIED, 0) || $post_edit_time > 0 && time() - $edit_message['CREATED'] >= $post_edit_time * HOUR_IN_SECONDS) && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) {
html_draw_error(gettext("You are not permitted to edit this message."), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $edit_message));
}
if (forum_get_setting('require_post_approval', 'Y') && isset($edit_message['APPROVED']) && $edit_message['APPROVED'] == 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) {
html_draw_error(gettext("You are not permitted to edit this message."), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $edit_message));
}
if ($preview_message = messages_get($tid, $pid, 1)) {
$preview_message['CONTENT'] = message_get_content($tid, $pid);
if (strlen(trim($preview_message['CONTENT'])) < 1 && !thread_is_poll($tid)) {
html_draw_top(sprintf("title=%s", gettext("Error")));
$user_search = trim($_POST['user_search']);
} else {
if (isset($_GET['user_search']) && strlen(trim($_GET['user_search'])) > 0) {
$user_search = trim($_GET['user_search']);
} else {
$user_search = "";
}
}
if (isset($_POST['clear_search'])) {
$user_search = "";
}
html_draw_top(array('title' => gettext("Visitor Log"), 'class' => 'window_title'));
echo "<h1>", gettext("Visitor Log"), "</h1>\n";
$user_profile_array = visitor_log_browse_items($user_search, $profile_items_selected_array, $page, $sort_by, $sort_dir, $hide_empty == 'Y', $hide_guests == 'Y');
if (sizeof($user_profile_array['user_array']) < 1) {
html_display_error_msg(gettext("Your search did not return any matches. Try simplifying your search parameters and try again."), '85%', 'center');
} else {
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
html_display_error_array($error_msg_array, '85%', 'center');
}
}
echo "<br />\n";
echo "<div align=\"center\">\n";
echo "<form accept-charset=\"utf-8\" name=\"f_visitor_log\" action=\"visitor_log.php\" method=\"post\">\n";
echo " ", form_csrf_token_field(), "\n";
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " ", form_input_hidden('page', htmlentities_array($page)), "\n";
echo " ", form_input_hidden('sort_by', htmlentities_array($sort_by)), "\n";
echo " ", form_input_hidden('sort_dir', htmlentities_array($sort_dir)), "\n";
echo " ", form_input_hidden('user_search', htmlentities_array($user_search)), "\n";
echo " ", form_input_hidden('hide_empty', htmlentities_array($hide_empty)), "\n";
}
}
}
html_draw_top(sprintf('title=%s', gettext("Attachments")), 'attachments.js', 'pm_popup_disabled', 'class=window_title');
echo "<h1>", gettext("Attachments"), "</h1>\n";
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
html_display_error_array($error_msg_array, '600', 'center');
} else {
if (isset($upload_success) && is_array($upload_success) && sizeof($upload_success) > 0) {
html_display_success_msg(sprintf(gettext("Successfully Uploaded: %s"), htmlentities_array(implode(", ", $upload_success))), '600', 'left');
}
if (isset($upload_failure) && is_array($upload_failure) && sizeof($upload_failure) > 0) {
html_display_error_msg(sprintf(gettext("Failed to upload: %s. Check free attachment space!"), htmlentities_array(implode(", ", $upload_failure))), '600', 'left');
}
if (isset($upload_not_allowed) && is_array($upload_not_allowed) && sizeof($upload_not_allowed) > 0) {
html_display_error_msg(sprintf(gettext("Failed to upload: %s. File type is not allowed!"), htmlentities_array(implode(", ", $upload_not_allowed))), '600', 'left');
}
}
echo "<br />\n";
echo "<form accept-charset=\"utf-8\" name=\"attachments\" enctype=\"multipart/form-data\" method=\"post\" action=\"attachments.php\">\n";
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " " . form_input_hidden('aid', htmlentities_array($aid)), "\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"600\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " <table class=\"box\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"posthead\">\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" colspan=\"3\" class=\"subhead\">", gettext("Upload a file for attachment to the message"), "</td>\n";
function logon_draw_form($logon_options)
{
$webtag = get_webtag();
forum_check_webtag_available($webtag);
// Make sure logon form argument is valid.
if (!is_numeric($logon_options)) {
$logon_options = LOGON_FORM_DEFAULT;
}
// Check for previously failed logon.
if (isset($_GET['logout_success']) && $_GET['logout_success'] == 'true') {
html_display_success_msg(gettext("You have successfully logged out."), '500', 'center');
} else {
if (isset($_GET['logon_failed']) && !($logon_options & LOGON_FORM_SESSION_EXPIRED)) {
html_display_error_msg(gettext("The username or password you supplied is not valid."), '500', 'center');
}
}
// Get the original requested page url.
$request_uri = get_request_uri();
// If the request is for logon.php then we are performing
// a normal login, otherwise potentially a failed session.
if (stristr($request_uri, 'logon.php')) {
echo " <form accept-charset=\"utf-8\" name=\"logonform\" method=\"post\" action=\"{$request_uri}\" target=\"", html_get_top_frame_name(), "\">\n";
echo " ", form_csrf_token_field(), "\n";
} else {
echo " <form accept-charset=\"utf-8\" name=\"logonform\" method=\"post\" action=\"{$request_uri}\" target=\"_self\">\n";
echo " ", form_csrf_token_field(), "\n";
}
// Check for any post data that we need to include in the form.
unset($_POST['user_logon'], $_POST['user_password'], $_POST['logon'], $_POST['webtag'], $_POST['register']);
// Add any post data into the form.
if (isset($_POST) && is_array($_POST) && sizeof($_POST) > 0) {
echo form_input_hidden_array($_POST);
}
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " <br />\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"325\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " <table class=\"box\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"posthead\">\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"subhead\">", gettext("Logon"), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"center\">\n";
echo " <table class=\"posthead\" width=\"95%\">\n";
echo " <tr>\n";
echo " <td align=\"right\" width=\"90\">", gettext("Username"), ":</td>\n";
echo " <td align=\"left\">", form_input_text('user_logon', null, 24, 32, null, 'bhinputlogon'), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"right\" width=\"90\">", gettext("Password"), ":</td>\n";
echo " <td align=\"left\">", form_input_password('user_password', null, 24, 32, null, 'bhinputlogon'), "</td>\n";
echo " </tr>\n";
if (!($logon_options & LOGON_FORM_HIDE_TICKBOX) && !($logon_options & LOGON_FORM_SESSION_EXPIRED)) {
echo " <tr>\n";
echo " <td align=\"left\" colspan=\"2\"><hr class=\"bhseparatorlogon\" /></td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " <table class=\"posthead\" width=\"95%\">\n";
echo " <tr>\n";
echo " <td align=\"right\" width=\"90\">", form_checkbox('user_remember', 'Y', null, html_get_cookie('user_logon') && html_get_cookie('user_token')), "</td>\n";
echo " <td align=\"left\"><label for=\"user_remember\">", gettext("Remember me"), "</label></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " <td align=\"left\"><span class=\"bhinputlogon_warning\">", gettext("Not recommended for shared computers"), "</span></td>\n";
echo " </tr>\n";
}
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\" colspan=\"2\">", form_submit('logon', gettext("Logon")), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo "</form>\n";
echo "<br />\n";
if (!($logon_options & LOGON_FORM_HIDE_LINKS)) {
echo "<hr class=\"bhlogonseparator\" />\n";
if (user_guest_enabled()) {
echo "<form accept-charset=\"utf-8\" name=\"guest\" action=\"logon.php?webtag={$webtag}\" method=\"post\" target=\"", html_get_top_frame_name(), "\">\n";
echo " ", form_csrf_token_field(), "\n";
echo " <p>", sprintf(gettext("Enter as a %s"), form_submit('guest_logon', gettext("Guest"))), "</p>\n";
echo "</form>\n";
}
if (isset($_GET['final_uri']) && strlen(trim($_GET['final_uri'])) > 0) {
$available_files_preg = implode("|^", array_map('preg_quote_callback', get_available_files()));
if (preg_match("/^{$available_files_preg}/u", trim($_GET['final_uri'])) > 0) {
$final_uri = href_cleanup_query_keys($_GET['final_uri']);
}
}
if (isset($final_uri)) {
$final_uri = rawurlencode($final_uri);
$register_link = rawurlencode("register.php?webtag={$webtag}&final_uri={$final_uri}");
$forgot_pw_link = rawurlencode("forgot_pw.php?webtag={$webtag}&final_uri={$final_uri}");
echo "<p>", sprintf(gettext("Don't have an account? %s"), "<a href=\"index.php?webtag={$webtag}&final_uri={$register_link}\" target=\"" . html_get_top_frame_name() . "\">" . gettext("Register now") . "</a>") . "</p>\n";
echo "<hr class=\"bhlogonseparator\" />\n";
echo "<h2>", gettext("Problems logging on?"), "</h2>\n";
echo "<p><a href=\"logon.php?webtag={$webtag}&delete_cookie=yes&final_uri={$final_uri}\" target=\"", html_get_top_frame_name(), "\">", gettext("Delete Cookies"), "</a></p>\n";
echo "<p><a href=\"index.php?webtag={$webtag}&final_uri={$forgot_pw_link}\" target=\"", html_get_top_frame_name(), "\">", gettext("Forgotten your password?"), "</a></p>\n";
} else {
echo "<p>", sprintf(gettext("Don't have an account? %s"), "<a href=\"index.php?webtag={$webtag}&final_uri=register.php%3Fwebtag%3D{$webtag}\" target=\"" . html_get_top_frame_name() . "\">" . gettext("Register now") . "</a>"), "</p>\n";
echo "<hr class=\"bhlogonseparator\" />\n";
echo "<h2>", gettext("Problems logging on?"), "</h2>\n";
echo "<p><a href=\"logon.php?webtag={$webtag}&delete_cookie=yes\" target=\"", html_get_top_frame_name(), "\">", gettext("Delete Cookies"), "</a></p>\n";
echo "<p><a href=\"index.php?webtag={$webtag}&final_uri=forgot_pw.php%3Fwebtag%3D{$webtag}\" target=\"", html_get_top_frame_name(), "\">", gettext("Forgotten your password?"), "</a></p>\n";
}
echo "<hr class=\"bhlogonseparator\" />\n";
echo "<h2>", gettext("Using a mobile device?"), "</h2>\n";
echo "<p><a href=\"index.php?webtag={$webtag}&view=mobile\" target=\"", html_get_top_frame_name(), "\">", gettext("Mobile version"), "</a></p>\n";
}
}
function html_display_error_array($error_list_array, $width = '600', $align = 'center', $id = false)
{
if (!preg_match('/^[0-9]+%?$/u', $width)) {
$width = '600';
}
$error_list_array = array_filter($error_list_array, 'is_string');
if (sizeof($error_list_array) == 0) {
return;
}
if (sizeof($error_list_array) == 1) {
html_display_error_msg(array_shift($error_list_array), $width, $align, $id);
return;
}
$available_alignments = array('left', 'center', 'right');
if (!in_array($align, $available_alignments)) {
$align = 'left';
}
echo "<div align=\"{$align}\"", !is_bool($id) ? " id=\"{$id}\"" : "", ">\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"{$width}\" class=\"error_msg\">\n";
echo " <tr>\n";
echo " <td rowspan=\"2\" valign=\"top\" width=\"25\" class=\"error_msg_icon\"><img src=\"", html_style_image('error.png'), "\" alt=\"", gettext("Error"), "\" title=\"", gettext("Error"), "\" /></td>\n";
echo " <td class=\"error_msg_text\">", gettext("The following errors were encountered:"), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td>\n";
echo " <ul>\n";
echo " <li>", implode("</li>\n <li>", $error_list_array), "</li>\n";
echo " </ul>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo "</div>\n";
}
function admin_check_credentials()
{
$webtag = get_webtag();
if (($admin_timeout = session::get_value('ADMIN_TIMEOUT')) && $admin_timeout > time()) {
session::set_value('ADMIN_TIMEOUT', time() + HOUR_IN_SECONDS);
return true;
}
if (isset($_POST['admin_logon']) && isset($_POST['admin_password'])) {
$admin_logon = $_POST['admin_logon'];
$admin_password = $_POST['admin_password'];
if (($admin_uid = user_logon($admin_logon, $admin_password)) && $admin_uid == session::get_value('UID')) {
session::set_value('ADMIN_TIMEOUT', time() + HOUR_IN_SECONDS);
return true;
} else {
html_display_error_msg(gettext("The username or password you supplied are not valid."), '500', 'center');
}
}
html_draw_top();
if (isset($error_message) && strlen(trim($error_message)) > 0) {
html_display_error_msg($error_message, '500', 'center');
}
if (isset($_POST) && is_array($_POST) && sizeof($_POST) > 0) {
html_display_warning_msg(gettext('To save any changes you must re-authenticate yourself'), '500', 'center');
} else {
html_display_warning_msg(gettext('To access the Admin area you must re-authenticate yourself'), '500', 'center');
}
echo "<div align=\"center\">\n";
echo " <form accept-charset=\"utf-8\" name=\"logonform\" method=\"post\" action=\"", get_request_uri(), "\" target=\"_self\" autocomplete=\"off\">\n";
if (isset($_POST) && is_array($_POST) && sizeof($_POST) > 0) {
echo form_input_hidden_array($_POST);
}
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " <br />\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"325\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " <table class=\"box\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"posthead\">\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"subhead\">", gettext("Please enter your password"), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"center\">\n";
echo " <table class=\"posthead\" width=\"95%\">\n";
echo " <tr>\n";
echo " <td align=\"right\" width=\"90\">", gettext("Username"), ":</td>\n";
echo " <td align=\"left\">", form_input_text('admin_logon', '', 24, 32, '', 'bhinputlogon'), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"right\" width=\"90\">", gettext("Password"), ":</td>\n";
echo " <td align=\"left\">", form_input_password('admin_password', '', 24, 32, '', 'bhinputlogon'), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\" colspan=\"2\">", form_submit('logon', gettext("Logon")), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </form>\n";
echo "</div>\n";
html_draw_bottom();
exit;
}
if (isset($_GET['manage_folder'])) {
if (is_numeric($_GET['manage_folder'])) {
$manage_folder = $_GET['manage_folder'];
} else {
html_draw_top(array('title' => gettext("Error")));
html_display_error_msg(gettext("Invalid Folder ID. Check that a folder with this ID exists!"));
html_draw_bottom();
exit;
}
} else {
if (isset($_POST['manage_folder'])) {
if (is_numeric($_POST['manage_folder'])) {
$manage_folder = $_POST['manage_folder'];
} else {
html_draw_top(array('title' => gettext("Error")));
html_display_error_msg(gettext("Invalid Folder ID. Check that a folder with this ID exists!"));
html_draw_bottom();
exit;
}
}
}
if (isset($_POST['save'])) {
if (isset($_POST['folder_name']) && strlen(trim($_POST['folder_name'])) > 0) {
$folder_name = trim($_POST['folder_name']);
if (pm_update_folder_name($manage_folder, $folder_name)) {
header_redirect("pm_folders.php?webtag={$webtag}&manage_folder={$manage_folder}&folder_renamed=true");
exit;
} else {
$error_msg_array[] = gettext("Failed to update folder");
$valid = false;
}
}
if (isset($_POST['bandata']) && strlen(trim($_POST['bandata'])) > 0) {
$ban_data_array['BANDATA'] = trim($_POST['bandata']);
}
if (isset($_POST['bancomment']) && strlen(trim($_POST['bancomment'])) > 0) {
$ban_data_array['COMMENT'] = trim($_POST['bancomment']);
}
if (isset($_POST['banexpiresyear']) && isset($_POST['banexpiresmonth']) && isset($_POST['banexpiresday'])) {
$ban_data_array['EXPIRESYEAR'] = trim($_POST['banexpiresyear']);
$ban_data_array['EXPIRESMONTH'] = trim($_POST['banexpiresmonth']);
$ban_data_array['EXPIRESDAY'] = trim($_POST['banexpiresday']);
if (is_numeric($ban_data_array['EXPIRESMONTH']) && $ban_data_array['EXPIRESMONTH'] > 0 || (is_numeric($ban_data_array['EXPIRESDAY']) && $ban_data_array['EXPIRESDAY'] > 0) | (is_numeric($ban_data_array['EXPIRESYEAR']) && $ban_data_array['EXPIRESYEAR'] > 0)) {
if (@checkdate($ban_data_array['EXPIRESMONTH'], $ban_data_array['EXPIRESDAY'], $ban_data_array['EXPIRESYEAR'])) {
$ban_data_array['EXPIRES'] = mktime(0, 0, 0, $ban_data_array['EXPIRESMONTH'], $ban_data_array['EXPIRESDAY'], $ban_data_array['EXPIRESYEAR']);
} else {
html_display_error_msg(gettext("Expiry date is invalid"), '700', 'center');
$valid = false;
}
} else {
$ban_data_array['EXPIRES'] = 0;
}
} else {
$ban_data_array['EXPIRESYEAR'] = 0;
$ban_data_array['EXPIRESMONTH'] = 0;
$ban_data_array['EXPIRESDAY'] = 0;
$ban_data_array['EXPIRES'] = 0;
}
if ($valid) {
if ($ban_data_array['EXPIRES'] > 0 && $ban_data_array['EXPIRES'] < time()) {
html_display_warning_msg(gettext("Selected date is in the past"), '700', 'center');
} else {
if (isset($_GET['message_saved'])) {
html_display_success_msg(gettext("Message was successfully saved to 'Drafts' folder"), '96%', 'center');
} else {
if (isset($_GET['deleted'])) {
html_display_success_msg(gettext("Successfully deleted selected messages"), '96%', 'center', 'pm_delete_success');
} else {
if (isset($_GET['archived'])) {
html_display_success_msg(gettext("Successfully archived selected messages"), '96%', 'center', 'pm_archive_success');
} else {
if (isset($_GET['search_no_results'])) {
html_display_warning_msg(gettext("Search Returned No Results"), '96%', 'center');
} else {
if (isset($_GET['search_frequency_error'])) {
$search_limit_count = forum_get_setting('search_limit_count', 'is_numeric', 1);
$search_limit_time = forum_get_setting('search_limit_time', 'is_numeric', 30);
html_display_error_msg(sprintf(gettext("You can only perform %d search(es) every %s seconds."), $search_limit_count, $search_limit_time), '96%', 'center');
} else {
if (isset($messages_array['message_array']) && sizeof($messages_array['message_array']) < 1) {
html_display_warning_msg(sprintf(gettext("Your %s folder is empty"), htmlentities_array($folder_names_array[$current_folder])), '96%', 'center');
}
}
}
}
}
}
}
}
echo "<br />\n";
echo "<div align=\"center\">\n";
echo "<form accept-charset=\"utf-8\" name=\"pm\" action=\"pm_messages.php\" method=\"post\" target=\"_self\">\n";
echo " ", form_csrf_token_field(), "\n";
messages_social_links($tid);
echo " </td>\n";
echo " </tr>\n";
echo "</table>\n";
if (isset($_GET['markasread']) && is_numeric($_GET['markasread'])) {
if ($_GET['markasread'] > 0) {
html_display_success_msg(gettext("Thread Read Status Updated Successfully"), '96%', 'center');
} else {
html_display_error_msg(gettext("Failed to update thread read status"), '96%', 'center');
}
}
if (isset($_GET['setinterest'])) {
if ($_GET['setinterest'] > 0) {
html_display_success_msg(gettext("Thread Interest Status Updated Successfully"), '96%', 'center');
} else {
html_display_error_msg(gettext("Failed to update thread interest"), '96%', 'center');
}
}
if (isset($_GET['relupdated'])) {
html_display_success_msg(gettext("Relationships Updated"), '96%', 'center');
} else {
if (isset($_GET['setstats'])) {
html_display_success_msg(gettext("Stats Display Changed"), '96%', 'center');
} else {
if (isset($_GET['post_success']) && validate_msg($_GET['post_success'])) {
list($return_tid, $return_pid) = explode(".", $_GET['post_success']);
if ($return_tid != $tid || $return_pid > $pid + $posts_per_page) {
message_display_success_msg($return_tid, $return_pid, $pid, gettext("Successfully created post %s"), $posts_per_page);
}
} else {
if (isset($_GET['edit_success']) && validate_msg($_GET['edit_success'])) {
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo "</form>\n";
echo "</div>\n";
echo "<br />\n";
} else {
$forums_array = get_my_forums($view_type, $page, $sort_by, $sort_dir);
echo "<h1>", gettext("My Forums"), "<img src=\"", html_style_image('separator.png'), "\" alt=\"\" border=\"0\" />{$forum_header_array[$view_type]}</h1>\n";
if (isset($_GET['webtag_error'])) {
html_display_error_msg(gettext("Invalid forum or forum is not available"), '70%', 'center');
} else {
if (isset($_GET['added'])) {
html_display_success_msg(gettext("Successfully added forum to Favourites."), '70%', 'center');
} else {
if (isset($_GET['removed'])) {
html_display_success_msg(gettext("Successfully removed forum from Favourites."), '70%', 'center');
} else {
if (isset($_GET['ignored'])) {
html_display_success_msg(gettext("Successfully ignored forum."), '70%', 'center');
} else {
if (isset($_GET['unignored'])) {
html_display_success_msg(gettext("Successfully unignored forum."), '70%', 'center');
} else {
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
html_display_error_array($error_msg_array, '70%', 'center');
echo " <tr>\n";
echo " <td align=\"left\" width=\"270\">", gettext("Attachment space per user"), ":</td>\n";
echo " <td align=\"left\">", form_input_text("attachments_max_user_space", isset($forum_global_settings['attachments_max_user_space']) ? htmlentities_array($forum_global_settings['attachments_max_user_space'] / 1024 / 1024) : "1", 10, 32), " (MB)</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\" width=\"270\">", gettext("Attachment space per post"), ":</td>\n";
echo " <td align=\"left\">", form_input_text("attachments_max_post_space", isset($forum_global_settings['attachments_max_post_space']) ? htmlentities_array($forum_global_settings['attachments_max_post_space'] / 1024 / 1024) : "1", 10, 32), " (MB)</td>\n";
echo " </tr>\n";
if (isset($forum_global_settings['attachments_enabled']) && $forum_global_settings['attachments_enabled'] == "Y") {
if (!attachments_check_dir()) {
echo " <tr>\n";
echo " <td align=\"left\" colspan=\"2\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td colspan=\"2\">\n";
html_display_error_msg(gettext("Attachment directory and system temporary directory / php.ini 'upload_tmp_dir' must be writable by the web server / PHP process!"), '95%', 'center');
echo " </td>\n";
echo " </tr>\n";
}
}
echo " <tr>\n";
echo " <td align=\"left\" colspan=\"2\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\" colspan=\"2\">\n";
echo " <p class=\"smalltext\">", gettext("Beehive allows attachments to be uploaded to messages when posted. If you have limited web space you may which to disable attachments by clearing the box above."), "</p>\n";
echo " <p class=\"smalltext\">", gettext("<b>Attachment Dir</b> is the location Beehive should store attachments in. This directory must exist on your web space and must be writable by the web server / PHP process otherwise uploads will fail."), "</p>\n";
echo " <p class=\"smalltext\">", gettext("<b>Attachment Space Per User / Post</b> is the maximum amount of disk space a user has for attachments. Once this space is used up the user cannot upload any more attachments. Set to zero (0) to allow unlimited space."), "</p>\n";
echo " <p class=\"smalltext\">", gettext("<b>Allow embedding of attachments in messages / signatures</b> allows users to embed attachments in posts. Enabling this option while useful can increase your bandwidth usage drastically under certain configurations of PHP. If you have limited bandwidth it is recommended that you disable this option."), "</p>\n";
echo " <p class=\"smalltext\">", gettext("<b>Use Alternative attachment method</b> Forces Beehive to use an alternative retrieval method for attachments. If you receive 404 error messages when trying to download attachments from messages try enabling this option."), "</p>\n";
echo " <p class=\"smalltext\">", gettext("<b>Allowed attachment mime-types</b> allows you to restrict the mime-types of files that can be uploaded. To specify multiple mime-types, separate them using semi-colons. <b>Note:</b> Beehive doesn't perform strict analysis of the uploaded files uploaded and renamed files may be able to circumvent this restriction."), "</p>\n";
function forum_check_password($forum_fid)
{
$frame_top_target = html_get_top_frame_name();
if (!($db_forum_check_password = db_connect())) {
return false;
}
$webtag = get_webtag($webtag_search);
if (!is_numeric($forum_fid)) {
return false;
}
if ($forum_passhash = forum_get_password($forum_fid)) {
forum_get_saved_password($password, $passhash, $sesshash);
if ($sesshash == $forum_passhash) {
return true;
}
// If we got this far then the password verification failed or
// the user hasn't seen the password dialog before.
$lang = load_language_file();
html_draw_top();
echo "<h1>{$lang['passwdprotectedforum']}</h1>\n";
if (isset($_COOKIE["bh_{$webtag}_sesshash"]) && strlen(trim(_stripslashes($_COOKIE["bh_{$webtag}_sesshash"]))) > 0) {
bh_setcookie("bh_{$webtag}_sesshash", "", time() - YEAR_IN_SECONDS);
html_display_error_msg($lang['usernameorpasswdnotvalid'], '550', 'center');
}
echo "<br />\n";
echo "<div align=\"center\">\n";
echo " <form method=\"post\" action=\"forum_password.php\" target=\"", html_get_top_frame_name(), "\">\n";
echo " ", form_input_hidden('webtag', _htmlentities($webtag)), "\n";
echo " ", form_input_hidden('final_uri', _htmlentities(get_request_uri())), "\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"550\">\n";
if ($password_protected_message = forum_get_setting('password_protected_message', false)) {
echo " <tr>\n";
echo " <td align=\"left\">", fix_html($password_protected_message), "</td>\n";
echo " </tr>\n";
} else {
echo " <tr>\n";
echo " <td align=\"center\">{$lang['passwdprotectedwarning']}</td>\n";
echo " </tr>\n";
}
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\">\n";
echo " <table class=\"box\" width=\"400\">\n";
echo " <tr>\n";
echo " <td class=\"posthead\" align=\"center\">\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"subhead\" colspan=\"2\">{$lang['enterpasswd']}</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " <table class=\"posthead\" width=\"90%\">\n";
echo " <tr>\n";
echo " <td align=\"left\">{$lang['passwd']}:</td>\n";
echo " <td align=\"left\">", form_input_password('forum_password', _htmlentities($password), 40, false, "autocomplete=\"off\""), form_input_hidden("forum_passhash", _htmlentities($passhash)), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " <td align=\"left\">", form_checkbox('remember_password', 'Y', $lang['rememberpassword'], strlen($password) > 0 && strlen($passhash) > 0), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\" colspan=\"2\"> </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\">", form_submit("submit", $lang['logon']), " ", form_submit("cancel", $lang['cancel']), "</td>\n";
echo " </tr>\n";
if (bh_session_check_perm(USER_PERM_ADMIN_TOOLS, 0) || bh_session_check_perm(USER_PERM_FORUM_TOOLS, 0)) {
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\">{$lang['adminforumclosedtip']}</td>\n";
echo " </tr>\n";
}
echo " </table>\n";
echo " </form>\n";
echo "</div>\n";
html_draw_bottom();
exit;
}
return true;
}
function forum_check_password($forum_fid)
{
if (!is_numeric($forum_fid)) {
return false;
}
$webtag = get_webtag();
if (!($forum_passhash = forum_get_password($forum_fid))) {
return true;
}
$forum_passhash_check = session::get_value("{$webtag}_PASSWORD");
if (isset($_POST['forum_password']) && strlen($_POST['forum_password']) > 0) {
$forum_passhash_check = md5($_POST['forum_password']);
}
if ($forum_passhash == $forum_passhash_check) {
session::set_value("{$webtag}_PASSWORD", $forum_passhash_check);
return true;
}
html_draw_top(sprintf("title=%s", gettext("Password Protected Forum")));
echo "<h1>", gettext("Password Protected Forum"), "</h1>\n";
if (session::get_value("{$webtag}_PASSWORD")) {
html_display_error_msg(gettext("The username or password you supplied is not valid."), '550', 'center');
}
if ($password_protected_message = forum_get_setting('password_protected_message')) {
echo fix_html($password_protected_message);
} else {
html_display_warning_msg(gettext("This forum is password protected. To gain access enter the password below."), '400', 'center');
}
echo "<br />\n";
echo "<div align=\"center\">\n";
echo " <form accept-charset=\"utf-8\" method=\"post\" action=\"", get_request_uri(), "\" target=\"_self\" autocomplete=\"off\">\n";
if (isset($_POST) && is_array($_POST) && sizeof($_POST) > 0) {
echo form_input_hidden_array($_POST);
}
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"400\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " <table class=\"box\" width=\"400\">\n";
echo " <tr>\n";
echo " <td class=\"posthead\" align=\"center\">\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"subhead\" colspan=\"2\">", gettext("Enter Password"), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " <table class=\"posthead\" width=\"90%\">\n";
echo " <tr>\n";
echo " <td align=\"left\">", gettext("Password"), ":</td>\n";
echo " <td align=\"left\">", form_input_password('forum_password', '', 40, false, ''), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\" colspan=\"2\"> </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\">", form_submit("logon", gettext("Logon")), " ", form_submit("cancel", gettext("Cancel")), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
if (session::check_perm(USER_PERM_ADMIN_TOOLS, 0) || session::check_perm(USER_PERM_FORUM_TOOLS, 0)) {
html_display_warning_msg(gettext("If you want to change some settings on your forum click the Admin link in the navigation bar above."), '400', 'center');
}
echo " </form>\n";
echo "</div>\n";
html_draw_bottom();
exit;
}
echo "<div id=\"search_success\">\n";
html_display_success_msg(sprintf(gettext("Search successfully completed. %s"), $results_link), '500', 'center');
echo "</div>\n";
} else {
if (isset($_GET['search_error']) && is_numeric($_GET['search_error'])) {
$search_error = $_GET['search_error'];
switch ($search_error) {
case SEARCH_NO_MATCHES:
html_display_warning_msg(gettext("Search Returned No Results"), '500', 'center');
break;
case SEARCH_USER_NOT_FOUND:
html_display_error_msg(gettext("The username you specified in the to or from field was not found."), '500', 'center');
break;
case SEARCH_FREQUENCY_TOO_GREAT:
$search_frequency = forum_get_setting('search_min_frequency', null, 0);
html_display_error_msg(sprintf(gettext("You can only search once every %s seconds. Please try again later."), $search_frequency));
break;
}
} else {
if (isset($search_no_matches) && $search_no_matches == true) {
html_display_warning_msg(gettext("Search Returned No Results"), '500', 'center');
}
}
}
}
echo "<br />\n";
echo "<div align=\"center\">\n";
echo "<form accept-charset=\"utf-8\" id=\"search_form\" method=\"post\" action=\"search.php\" target=\"_self\">\n";
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"500\">\n";
echo " <tr>\n";
