default: // Just print out a smilie. ?> <td align="center" bgcolor="<?php echo $CFG['style']['table']['cella']; ?> " class="small"> <div class="medium"><?php echo htmlsanitize($strTitle); ?> </div> <div style="padding: 5px;"><table cellpadding="2" cellspacing="0" border="0" height="35" style="vertical-align: middle"><tr><td style="vertical-align: middle"><img src="<?php echo "{$CFG['paths']['smilies']}{$strFilename}"; ?> " alt="" /></td><td style="vertical-align: middle"><b><?php echo htmlsanitize($strCode); ?> </b></td></tr></table></div> [<a href="admincp.php?section=smilies&action=edit&smilieid=<?php echo $iSmilieID; ?> ">Edit</a>] [<a href="admincp.php?section=smilies&action=remove&smilieid=<?php echo $iSmilieID; ?> ">Remove</a>] </td> <?php break; } // Update the position. if ($i != $iRowLength) {
<tr> <td bgcolor="<?php echo $CFG['style']['table']['cella']; ?> " class="medium"><b>Usergroup</b></td> <td bgcolor="<?php echo $CFG['style']['table']['cella']; ?> "> <select name="usergroupid"> <?php foreach ($aGroup as $iGroupID => $temp) { if ($iGroupID == $iUsergroupID) { $strSelected = ' selected="selected"'; } $strUsergroup = htmlsanitize($aGroup[$iGroupID]['groupname']); echo "\t\t\t<option value=\"{$iGroupID}\"{$strSelected}>{$strUsergroup}</option>\n"; unset($strSelected); } ?> </select> </td> </tr> </table> <div style="text-align: center;"><br /><input type="submit" name="submit" value="Add User" accesskey="s" /></div> </form> <?php // Footer
<td bgcolor="<?php echo $CFG['style']['table']['cella']; ?> " class="medium"><b>Parent Forum</b></td> <td bgcolor="<?php echo $CFG['style']['table']['cella']; ?> "> <select name="parent"> <option value="0">None (new category)</option> <?php foreach ($aForums as $iForumID => $strForumName) { if ($aForum['parent'] == $iForumID) { $strSelected = 'selected="selected"'; } $strForumName = htmlsanitize($strForumName); echo "\t\t\t<option value=\"{$iForumID}\"{$strSelected}>{$strForumName}</option>\n"; } ?> </select> </td> </tr> </table> <div style="text-align: center;"><br /><input type="submit" name="submit" value="Add Forum" accesskey="s" /></div> </form> <?php // Footer require "./skins/{$CFG['skin']}/footer.tpl.php";
" onchange="javascript:update(this);" /> <input id="link_a_preview" style="border: black solid 1px; background-color: <?php echo $aStyles['link_a']; ?> ;" type="text" size="10" disabled="disabled" /></td> </tr> <tr> <td bgcolor="<?php echo $CFG['style']['table']['cella']; ?> " class="medium"><b>Hover Link Color</b></td> <td bgcolor="<?php echo $CFG['style']['table']['cella']; ?> " class="medium"><input type="text" name="link_h" size="10" value="<?php echo htmlsanitize($aStyles['link_h']); ?> " onchange="javascript:update(this);" /> <input id="link_h_preview" style="border: black solid 1px; background-color: <?php echo $aStyles['link_h']; ?> ;" type="text" size="10" disabled="disabled" /></td> </tr> </table> <div style="text-align: center;"><br /><input type="submit" name="submit" value="Save Changes" accesskey="s" /></div> </form> <?php // Footer require "./skins/{$CFG['skin']}/footer.tpl.php";
<?php // Header $strPageTitle = ' :: Admin Control Panel :. Remove Smilie'; require "./skins/{$CFG['skin']}/header.tpl.php"; ?> <table width="100%" cellspacing="0" cellpadding="2" border="0" align="center"> <tr> <td align="left" valign="top"><a href="index.php"><img src="images/ovbb.png" align="middle" border="0" alt="<?php echo htmlsanitize($CFG['general']['name']); ?> :: Powered by OvBB" /></a></td> <td width="100%" align="left" valign="top" class="medium"><b><a href="index.php"><?php echo htmlsanitize($CFG['general']['name']); ?> </a> > <a href="admincp.php">Admin Control Panel</a> > <a href="admincp.php?section=smilies">Smilies</a> > Remove Smilie</b></td> </tr> </table><br /> <?php // Admin CP menu. PrintCPMenu(); ?> <br /> <form action="admincp.php" method="post"> <input type="hidden" name="section" value="smilies" /> <input type="hidden" name="action" value="remove" /> <input type="hidden" name="smilieid" value="<?php
"><input type="text" name="title" size="35" maxlength="255" value="<?php echo htmlsanitize($aSkin['title']); ?> " /></td> </tr> <tr> <td bgcolor="<?php echo $CFG['style']['table']['cella']; ?> " class="medium"> <b>Skin Folder</b> <div class="smaller">This is the folder containing the skin/template files (located in "<b>skins/</b>").</div> </td> <td bgcolor="<?php echo $CFG['style']['table']['cella']; ?> "><input type="text" name="folder" size="35" maxlength="255" value="<?php echo htmlsanitize($aSkin['folder']); ?> " /></td> </tr> </table> <div style="text-align: center;"><br /><input type="submit" name="submit" value="Add Skin" accesskey="s" /></div> </form> <?php // Footer require "./skins/{$CFG['skin']}/footer.tpl.php";
<td valign="top" bgcolor="<?php echo $CFG['style']['table']['cella']; ?> " class="medium" nowrap="nowrap"> <b>Message</b> <div class="smaller"><br /> Note by using this form,<br /> your e-mail address will<br /> become available to the<br /> person you are contacting. </div> </td> <td bgcolor="<?php echo $CFG['style']['table']['cella']; ?> "> <textarea name="body" cols="50" rows="10"><?php echo htmlsanitize($aMessageInfo[BODY]); ?> </textarea> </td> </tr> </table><br /> <div style="text-align: center;"><input type="submit" name="submit" value="Send E-Mail" accesskey="s" /></div> </form><br /> <?php // Footer. require "./skins/{$CFG['skin']}/footer.tpl.php";
function SendMessage() { global $CFG, $dbConn; // Get the values from the user. $strRecipient = $dbConn->sanitize($_REQUEST['recipient']); $strSubject = $_REQUEST['subject']; $iPostIcon = (int) $_REQUEST['icon']; $strMessage = $_REQUEST['message']; $bDisableSmilies = (int) (bool) $_REQUEST['dsmilies']; $bTracking = (int) (bool) $_REQUEST['track']; // Recipient $dbConn->query("SELECT id, enablepms, rejectpms, ignorelist FROM citizen WHERE username='******'"); list($iRecipientID, $bEnablePMs, $bRejectPMs, $aIgnoreList) = $dbConn->getresult(); $aIgnoreList = (array) explode(',', $aIgnoreList); // Does the user exist? if ($iRecipientID === NULL) { $aError[] = 'The user you specified does not exist.'; } else { if ($iRecipientID == $_SESSION['userid']) { $aError[] = 'You cannot send private messages to yourself.'; } else { if (!$bEnablePMs) { $aError[] = htmlsanitize("The message cannot be sent because {$strRecipient} has private messages disabled."); } else { if ($bRejectPMs && in_array($_SESSION['userid'], $aIgnoreList)) { $aError[] = 'The user you specified does not accept private messages from members on their Ignore list.'; } } } } // Subject if (trim($strSubject) == '') { // They either put in only whitespace or nothing at all. $aError[] = 'You must specify a subject.'; } else { if (strlen($strSubject) > $CFG['maxlen']['subject']) { // The subject they specified is too long. $aError[] = "The subject you specified is longer than {$CFG['maxlen']['subject']} characters."; } } $strSubject = $dbConn->sanitize($strSubject); // Icon if ($iPostIcon < 0 || $iPostIcon > 14) { // They don't know what icon they want. We'll give them none. $iPostIcon = 0; } // Message if (trim($strMessage) == '') { // They either put in only whitespace or nothing at all. $aError[] = 'You must specify a message.'; } else { if (strlen($strMessage) > $CFG['maxlen']['messagebody']) { // The message they specified is too long. $aError[] = "The message you specified is longer than {$CFG['maxlen']['messagebody']} characters."; } } if ($_REQUEST['parseemails']) { $strMessage = ParseEMails($strMessage); } $strMessage = $dbConn->sanitize($strMessage); // If there was an error, let's return it. if (is_array($aError)) { return $aError; } // Add the message to the database. $dbConn->query("INSERT INTO pm(ownerid, datetime, author, recipient, subject, body, parent, ipaddress, icon, dsmilies, beenread, tracking) VALUES({$iRecipientID}, {$CFG['globaltime']}, {$_SESSION['userid']}, {$iRecipientID}, '{$strSubject}', '{$strMessage}', 0, {$_SESSION['userip']}, {$iPostIcon}, {$bDisableSmilies}, 0, {$bTracking})"); // Did they want to save a copy? if ($_REQUEST['savecopy']) { // Yes, so do so. $dbConn->query("INSERT INTO pm(ownerid, datetime, author, recipient, subject, body, parent, ipaddress, icon, dsmilies, beenread) VALUES({$_SESSION['userid']}, {$CFG['globaltime']}, {$_SESSION['userid']}, {$iRecipientID}, '{$strSubject}', '{$strMessage}', 1, {$_SESSION['userip']}, {$iPostIcon}, {$bDisableSmilies}, 0)"); } // Was this message a reply to another one? if ($_REQUEST['action'] == 'reply') { // Yes, mark the original message as been replied. $iMessageID = (int) $_REQUEST['id']; $dbConn->query("UPDATE pm SET replied=1 WHERE id={$iMessageID} AND ownerid={$_SESSION['userid']}"); } // Render the page. Msg("<b>Your message has been successfully sent.</b><br /><br /><span class=\"smaller\">You should be redirected momentarily. Click <a href=\"private.php\">here</a> if you do not want to wait any longer or if you are not redirected.</span>", 'private.php'); }
echo ' <img src="images/sort_asc.png" style="vertical-align: middle;" alt="Ascending" />'; } else { echo ' <img src="images/sort_desc.png" style="vertical-align: middle;" alt="Descending" />'; } } ?> </td> </tr></table> </td> </tr> <?php // Display the members. foreach ($aMembers as $iMemberID => $aMember) { // Do some value preparation. $aMember[USERNAME] = htmlsanitize($aMember[USERNAME]); $aMember[WEBSITE] = htmlsanitize($aMember[WEBSITE]); $aMember[ONLINE] = $aMember[ONLINE] ? 'online' : 'offline'; // Set the color. $strColor = $strColor == $CFG['style']['table']['cella'] ? $CFG['style']['table']['cellb'] : $CFG['style']['table']['cella']; ?> <tr> <td bgcolor="<?php echo $strColor; ?> " width="40%" align="left" valign="middle" colspan="2"> <table cellspacing="0" cellpadding="0" border="0"> <tr> <td align="center" valign="middle"><img src="images/<?php if ($aMember[ONLINE] == 'offline') { echo 'in'; }
echo $CFG['style']['table']['cellb']; ?> " class="small" style="border-width: 1px; border-style: inset"><b>Smilies</b></td> </tr> <?php // Display the Smilie table. SmilieTable($aSmilies); ?> </table> </td> <td bgcolor="<?php echo $CFG['style']['table']['cellb']; ?> "> <textarea name="message" cols="70" rows="20"><?php echo htmlsanitize($aEventInfo['body']); ?> </textarea> <div class="smaller">[<a href="#" onclick="javascript:alert('The maximum permitted length is <?php echo $CFG['maxlen']['messagebody']; ?> characters.\n\nYour event information is '+document.theform.message.value.length+' characters long.');">Check length.</a>]</div> </td> </tr> <tr> <td bgcolor="<?php echo $CFG['style']['table']['cella']; ?> " class="medium" nowrap="nowrap"><b>Options</b></td> <td bgcolor="<?php
echo $CFG['style']['table']['cellb']; ?> " class="small" style="border-width: 1px; border-style: inset"><b>Smilies</b></td> </tr> <?php // Display the Smilie table. SmilieTable($aSmilies); ?> </table> </td> <td bgcolor="<?php echo $CFG['style']['table']['cellb']; ?> "> <textarea name="message" cols="70" rows="20"><?php echo htmlsanitize($strMessage); ?> </textarea> <div class="smaller">[<a href="#" onclick="javascript:alert('The maximum permitted length is <?php echo $CFG['maxlen']['messagebody']; ?> characters.\n\nYour message is '+document.theform.message.value.length+' characters long.');">Check message length.</a>]</div> </td> </tr> <tr> <td valign="top" bgcolor="<?php echo $CFG['style']['table']['cella']; ?> " class="medium" nowrap="nowrap"><b>Options</b></td> <td bgcolor="<?php
function SavePost($aPostInfo) { global $CFG, $dbConn, $iRootID, $aAttachments, $aPostIcons; $iPostID = $aPostInfo['id']; $iThreadID = $aPostInfo['parent']; // Initiate some variables. $aToDelete = array(); $iAddedAttachments = 0; $iRemovedAttachments = 0; // Grab the info. specified by the user. $strSubject = $_REQUEST['subject']; $strThreadDesc = $_REQUEST['description']; $iPostIcon = (int) $_REQUEST['icon']; $strBody = $_REQUEST['message']; $bParseURLs = (bool) $_REQUEST['parseurls']; $bParseEMails = (bool) $_REQUEST['parseemails']; $bDisableSmilies = (int) (bool) $_REQUEST['dsmilies']; $aDeleteAttachments = $_REQUEST['deleteattach']; // Subject if (trim($strSubject) == '' && $iPostID == $iRootID) { // This post is the thread root, and they either put in only whitespace or nothing at all. $aError[] = 'You must specify a subject.'; } else { if (strlen($strSubject) > $CFG['maxlen']['subject']) { // The subject they specified is too long. $aError[] = "The subject you specified is longer than {$CFG['maxlen']['subject']} characters."; } } $strCleanSubject = $dbConn->sanitize($strSubject); // Description if (strlen($strThreadDesc) > $CFG['maxlen']['desc']) { // The description they specified is too long. $aError[] = "The description you specified is longer than {$CFG['maxlen']['desc']} characters."; } $strThreadDesc = $dbConn->sanitize($strThreadDesc); // Icon if ($iPostIcon < 0 || $iPostIcon > count($aPostIcons) - 1) { // They don't know what icon they want. We'll give them none. $iPostIcon = 0; } // Body if (trim($strBody) == '') { // They either put in only whitespace or nothing at all. $aError[] = 'You must specify a message.'; } else { if (strlen($strBody) > $CFG['maxlen']['messagebody']) { // The body they specified is too long. $aError[] = "The message you specified is longer than {$CFG['maxlen']['messagebody']} characters."; } } $strCleanBody = $dbConn->sanitize($strBody); // Attachment if (isset($_FILES['attachment']) && $_FILES['attachment']['error'] != UPLOAD_ERR_NO_FILE) { // What is the problem? switch ($_FILES['attachment']['error']) { // Upload was successful? case UPLOAD_ERR_OK: // Is it bigger than the allowable maximum? if ($_FILES['attachment']['size'] > $CFG['uploads']['maxsize']) { $aError[] = "The attachment you uploaded is too large. The maximum allowable filesize is {$CFG['uploads']['maxsize']} bytes."; } // Is it an invalid filetype? if (!isset($CFG['uploads']['oktypes'][strtolower(substr(strrchr($_FILES['attachment']['name'], '.'), 1))])) { $aError[] = 'The file you uploaded is an invalid type of attachment. Valid types are: ' . htmlsanitize(implode(', ', array_keys($CFG['uploads']['oktypes']))) . '.'; } // If there are no errors, grab the data from the temporary file. if (!is_array($aError)) { $strAttachmentName = $dbConn->sanitize($_FILES['attachment']['name']); if ($fileUploaded = fopen($_FILES['attachment']['tmp_name'], 'rb')) { $blobAttachment = $dbConn->sanitize(fread($fileUploaded, 65536), TRUE); } else { $aError[] = 'There was a problem while reading the attachment. If this problem persists, please contact the Webmaster.'; } } break; // File is too big? // File is too big? case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $aError[] = "The attachment you uploaded is too large. The maximum allowable filesize is {$CFG['uploads']['maxsize']} bytes."; break; // File was partially uploaded? // File was partially uploaded? case UPLOAD_ERR_PARTIAL: $aError[] = 'The attachment was only partially uploaded.'; break; // WTF happened? // WTF happened? default: $aError[] = 'There was an error while uploading the attachment.'; break; } } // If there was an error, let's return it. if ($aError) { return $aError; } // Update the post's record. $dbConn->query("UPDATE post SET datetime_edited={$CFG['globaltime']}, title='{$strCleanSubject}', body='{$strCleanBody}', icon={$iPostIcon}, dsmilies={$bDisableSmilies} WHERE id={$iPostID}"); // Was this post the thread root? if ($iPostID == $iRootID) { // Yes, update the thread description. $dbConn->query("UPDATE thread SET title='{$strCleanSubject}', icon={$iPostIcon}, description='{$strThreadDesc}' WHERE id={$iThreadID}"); } // Store the attachment, if there is one. if ($fileUploaded) { // Insert the first chunk of the file. $dbConn->query("INSERT INTO attachment(filename, filedata, viewcount, parent) VALUES('{$strAttachmentName}', '{$blobAttachment}', 0, {$iPostID})"); // Get the ID of the attachment we just created. $iAttachmentID = $dbConn->getinsertid('attachment'); // Insert the rest of the file, if any, into the database. while (!feof($fileUploaded)) { $blobAttachment = $dbConn->sanitize(fread($fileUploaded, 65536), TRUE); $dbConn->squery(CONCAT_ATTACHMENT, $blobAttachment, $iAttachmentID); } // Close the temporary file. fclose($fileUploaded); // Increment the added attachment count. $iAddedAttachments++; } // Are there any attachments to delete? if (is_array($aDeleteAttachments) && is_array($aAttachments)) { // Yes, so remove the ones that don't belong to this post. foreach ($aDeleteAttachments as $iAttachmentID => $null) { // Is the attachment in this post? if (array_key_exists($iAttachmentID, $aAttachments) && !array_search($iAttachmentID, $aToDelete)) { // Yes, so add the attachment to the list to delete. $aToDelete[] = $iAttachmentID; } } // Are there still attachments to delete? if (is_array($aToDelete)) { // Yes, so delete them. $strToDelete = implode(', ', $aToDelete); $dbConn->query("DELETE FROM attachment WHERE id IN ({$strToDelete})"); // Set the removed attachments counter. $iRemovedAttachments = count($aToDelete); } } // Are there any changes to the number of attachments in this post (and therefore the parent thread)? $iAttachmentCount = $iAddedAttachments - $iRemovedAttachments; if ($iAttachmentCount != 0) { // Yes, so update the thread's record. $dbConn->query("UPDATE thread SET attachcount=attachcount+({$iAttachmentCount}) WHERE id={$iThreadID}"); } // Remove all searchindexes for this post. $dbConn->query("DELETE FROM searchindex WHERE postid={$iPostID}"); // Now let's re-add the message into the search engine index. AddSearchIndex($iPostID, $strSubject, $strBody); // Update the user. Msg("<b>Your changes have been successfully saved.</b><br /><br /><span class=\"smaller\">You should be redirected to your post momentarily. Click <a href=\"thread.php?threadid={$iThreadID}&postid={$iPostID}#post{$iPostID}\">here</a> if you do not want to wait any longer or if you are not redirected.</span>", "thread.php?threadid={$iThreadID}&postid={$iPostID}#post{$iPostID}"); }
" cellpadding="5" cellspacing="1" border="0" align="center"> <tr class="section"> <td align="center" class="small">Extension</td> <td align="center" class="small">Icon</td> <td align="center" class="small">MIME Type</td> <td align="center" class="small" colspan="2">Actions</td> </tr> <?php foreach ($CFG['uploads']['oktypes'] as $strExtension => $aType) { // Sanitize the file type's information. $strExtA = htmlsanitize($strExtension); $strExtB = urlencode($strExtension); $strIcon = urlencode($aType[0]); $strMIME = htmlsanitize($aType[1]); // Display the information. echo "<tr>\n"; echo "\t<td align=\"center\" bgcolor=\"{$CFG['style']['table']['cellb']}\">{$strExtA}</td>\n"; echo "\t<td align=\"center\" bgcolor=\"{$CFG['style']['table']['cellb']}\"><img src=\"images/attach/{$strIcon}\" alt=\"\" /></td>\n"; echo "\t<td align=\"center\" bgcolor=\"{$CFG['style']['table']['cellb']}\">{$strMIME}</td>\n"; echo "\t<td bgcolor=\"{$CFG['style']['table']['cellb']}\"><a href=\"admincp.php?section=attachments&action=edit&type={$strExtB}\">Edit</a></td>\n"; echo "\t<td bgcolor=\"{$CFG['style']['table']['cellb']}\"><a href=\"admincp.php?section=attachments&action=remove&type={$strExtB}\">Remove</a></td>\n"; echo "</tr>\n"; } ?> <tr class="section"><td align="center" class="smaller" colspan="5"><a class="section" href="admincp.php?section=attachments&action=add">Add New File Type</a></td></tr> </table> </td></tr>
function SubmitPost() { global $CFG, $dbConn, $aPostIcons, $iThreadID, $iForumID; // Get the values from the user. $strSubject = $_REQUEST['subject']; $iPostIcon = (int) $_REQUEST['icon']; $strMessage = $_REQUEST['message']; $bParseEMails = (int) (bool) $_REQUEST['parseemails']; $bDisableSmilies = (int) (bool) $_REQUEST['dsmilies']; // Floodcheck if (!$_SESSION['permissions']['cbypassflood'] && $_SESSION['lastpost'] + $CFG['floodcheck'] > $CFG['globaltime']) { Msg("Sorry! The administrator has specified that users can only post one message every {$CFG['floodcheck']} seconds.", '', 'justify'); } // Subject if (strlen($strSubject) > $CFG['maxlen']['subject']) { // The subject they specified is too long. $aError[] = "The subject you specified is longer than {$CFG['maxlen']['subject']} characters."; } $strCleanSubject = $dbConn->sanitize($strSubject); // Icon if ($iPostIcon < 0 || $iPostIcon > count($aPostIcons) - 1) { // They don't know what icon they want. We'll give them none. $iPostIcon = 0; } // Message if (trim($strMessage) == '') { // They either put in only whitespace or nothing at all. $aError[] = 'You must specify a message.'; } else { if (strlen($strMessage) > $CFG['maxlen']['messagebody']) { // The message they specified is too long. $aError[] = "The message you specified is longer than {$CFG['maxlen']['messagebody']} characters."; } } if ($bParseEMails) { $strMessage = ParseEMails($strMessage); } $strCleanMessage = $dbConn->sanitize($strMessage); // Attachment if (isset($_FILES['attachment']) && $_FILES['attachment']['error'] != UPLOAD_ERR_NO_FILE) { // What is the problem? switch ($_FILES['attachment']['error']) { // Upload was successful? case UPLOAD_ERR_OK: // Is it bigger than 100KB? if ($_FILES['attachment']['size'] > $CFG['uploads']['maxsize']) { $aError[] = "The attachment you uploaded is too large. The maximum allowable filesize is {$CFG['uploads']['maxsize']} bytes."; } // Is it an invalid filetype? if (!isset($CFG['uploads']['oktypes'][strtolower(substr(strrchr($_FILES['attachment']['name'], '.'), 1))])) { $aError[] = 'The file you uploaded is an invalid type of attachment. Valid types are: ' . htmlsanitize(implode(', ', array_keys($CFG['uploads']['oktypes']))) . '.'; } // If there are no errors, grab the data from the temporary file. if (!is_array($aError)) { $strAttachmentName = $dbConn->sanitize($_FILES['attachment']['name']); if ($fileUploaded = fopen($_FILES['attachment']['tmp_name'], 'rb')) { $blobAttachment = $dbConn->sanitize(fread($fileUploaded, 65536), TRUE); } else { $aError[] = 'There was a problem while reading the attachment. If this problem persists, please contact the Webmaster.'; } } break; // File is too big? // File is too big? case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $aError[] = "The attachment you uploaded is too large. The maximum allowable filesize is {$CFG['uploads']['maxsize']} bytes."; break; // File was partially uploaded? // File was partially uploaded? case UPLOAD_ERR_PARTIAL: $aError[] = 'The attachment was only partially uploaded.'; break; // WTF happened? // WTF happened? default: $aError[] = 'There was an error while uploading the attachment.'; break; } } // If there was an error, let's return it. if (is_array($aError)) { return $aError; } // First we obviously need the post in the post table. $dbConn->query("INSERT INTO post(author, datetime_posted, title, body, parent, ipaddress, icon, dsmilies) VALUES({$_SESSION['userid']}, {$CFG['globaltime']}, '{$strCleanSubject}', '{$strCleanMessage}', {$iThreadID}, {$_SESSION['userip']}, {$iPostIcon}, {$bDisableSmilies})"); // Before we continue, get the ID of the post we just created. $iPostID = $dbConn->getinsertid('post'); // Second, we need to update record of the thread we are posting to. $dbConn->query("UPDATE thread SET lpost={$CFG['globaltime']}, lposter={$_SESSION['userid']}, postcount=postcount+1 WHERE id={$iThreadID}"); // Get the post count of the thread we replied to, so we can figure the last page. $dbConn->query("SELECT postcount FROM thread WHERE id={$iThreadID}"); list($iPostCount) = $dbConn->getresult(); // Third, we need to update the record of the forum that contains the thread we are posting to. $dbConn->query("UPDATE board SET postcount=postcount+1, lpost={$CFG['globaltime']}, lposter={$_SESSION['userid']}, lthread={$iThreadID}, lthreadpcount={$iPostCount} WHERE id={$iForumID}"); // Fourth, we need to update the poster's postcount. $dbConn->query("UPDATE citizen SET postcount=postcount+1 WHERE id={$_SESSION['userid']}"); // And finally, we need to store the attachment, if there is one. if ($fileUploaded) { // Insert the first chunk of the file. $dbConn->query("INSERT INTO attachment(filename, filedata, viewcount, parent) VALUES('{$strAttachmentName}', '{$blobAttachment}', 0, {$iPostID})"); // Get the ID of the attachment we just created. $iAttachmentID = $dbConn->getinsertid('attachment'); // Insert the rest of the file, if any, into the database. while (!feof($fileUploaded)) { $blobAttachment = $dbConn->sanitize(fread($fileUploaded, 65536), TRUE); $dbConn->squery(CONCAT_ATTACHMENT, $blobAttachment, $iAttachmentID); } // Close the temporary file. fclose($fileUploaded); // Update the attachment count for the thread. $dbConn->query("UPDATE thread SET attachcount=attachcount+1 WHERE id={$iThreadID}"); } // Now let's add the message into the search engine index. AddSearchIndex($iPostID, $strSubject, $strMessage); // Update the forum stats. $dbConn->query("UPDATE stats SET content=content+1 WHERE name='postcount'"); // Set user's last post time. $_SESSION['lastpost'] = $CFG['globaltime']; // What page is this new post on (so we can redirect them)? $iPage = ceil($iPostCount / $_SESSION['postsperpage']); // Render the page. Msg("<b>Thank you for posting.</b><br /><br /><span class=\"smaller\">You should be redirected to your post momentarily. Click <a href=\"thread.php?threadid={$iThreadID}&page={$iPage}#post{$iPostID}\">here</a> if you do not want to wait any longer or if you are not redirected.</span>", "thread.php?threadid={$iThreadID}&page={$iPage}#post{$iPostID}"); }
<td align="center" class="small">Order</td> <td align="center" class="small" colspan="2">Actions</td> </tr> <?php foreach ($aCategory as $iCategoryID => $temp) { $aCategory[$iCategoryID][NAME] = htmlsanitize($aCategory[$iCategoryID][NAME]); echo "\t<tr>\n"; echo "\t\t<td bgcolor=\"{$CFG['style']['table']['cellb']}\"><b><a href=\"forumdisplay.php?forumid={$iCategoryID}\">{$aCategory[$iCategoryID][NAME]}</a></b></td>\n"; echo "\t\t<td bgcolor=\"{$CFG['style']['table']['cellb']}\"><input type=\"text\" name=\"forumid[{$iCategoryID}]\" size=\"5\" value=\"{$aCategory[$iCategoryID][DISPORDER]}\" /></td>\n"; echo "\t\t<td bgcolor=\"{$CFG['style']['table']['cellb']}\"><a href=\"admincp.php?section=forums&action=edit&forumid={$iCategoryID}\">Edit</a></td>\n"; echo "\t\t<td bgcolor=\"{$CFG['style']['table']['cellb']}\"><a href=\"admincp.php?section=forums&action=remove&forumid={$iCategoryID}\">Remove</a></td>\n"; echo "\t</tr>\n"; foreach ($aForum as $iForumID => $temp) { if ($aForum[$iForumID][PARENT] == $iCategoryID) { $aForum[$iForumID][NAME] = htmlsanitize($aForum[$iForumID][NAME]); echo "\t<tr>\n"; echo "\t\t<td bgcolor=\"{$CFG['style']['table']['cellb']}\"> -- <b><a href=\"forumdisplay.php?forumid={$iForumID}\">{$aForum[$iForumID][NAME]}</a></b></td>\n"; echo "\t\t<td bgcolor=\"{$CFG['style']['table']['cellb']}\"><input type=\"text\" name=\"forumid[{$iForumID}]\" size=\"5\" value=\"{$aForum[$iForumID][DISPORDER]}\" /></td>\n"; echo "\t\t<td bgcolor=\"{$CFG['style']['table']['cellb']}\"><a href=\"admincp.php?section=forums&action=edit&forumid={$iForumID}\">Edit</a></td>\n"; echo "\t\t<td bgcolor=\"{$CFG['style']['table']['cellb']}\"><a href=\"admincp.php?section=forums&action=remove&forumid={$iForumID}\">Remove</a></td>\n"; echo "\t</tr>\n"; } } } ?> <tr class="section"><td align="center" class="smaller" colspan="4"><a class="section" href="admincp.php?section=forums&action=add">Add New Forum</a></td></tr> </table> </td></tr>
<td align="left" class="smaller" nowrap="nowrap" width="50%"> <form action="forumdisplay.php" method="post"> <b>Forum Jump</b>:<br /> <select name="forumid" onchange="window.location=('forumdisplay.php?forumid='+this.options[this.selectedIndex].value);"> <option>Please select one:</option> <?php // Print out all of the forums. foreach ($aCategories as $iCategoryID => $strCategory) { // Print the category. $strCategory = htmlsanitize($strCategory); echo "\t\t\t<option value=\"{$iCategoryID}\">{$strCategory}</option>\n"; // Print the category's children forums. foreach ($aBoards as $iBoardID => $aBoard) { // Only process if it's a child forum. if ($aBoard[0] == $iCategoryID) { $aBoard[1] = htmlsanitize($aBoard[1]); echo "\t\t\t<option value=\"{$iBoardID}\">-- {$aBoard[1]}</option>\n"; } } } ?> </select> <input style="vertical-align: text-bottom;" name="submit" type="image" src="images/go.png" /> </form> </td> <td align="right" class="smaller" width="50%"> <table border="0" cellpadding="0" cellspacing="0"> <tr><td align="left"><b>Admin Options:</b></td></tr> <tr><td> <form action="mod.php" method="post">
$dateAuthorLastActive = $aAuthor[LASTACTIVE]; $bInvisible = $aAuthor[INVISIBLE]; $datePosted = $aPost[DT_POSTED]; $dateEdited = $aPost[DT_EDITED]; $strPostTitle = htmlsanitize($aPost[TITLE]); $strPostBody = $aPost[BODY]; $bDisableSmilies = $aPost[DSMILIES]; $bLoggedIP = $aPost[LOGGEDIP]; $strReadStatus = $aPost[DT_POSTED] > $tLastViewed ? 'new.png' : 'old.png'; // Set the status flag. $bIsOnline = $dateAuthorLastActive + 300 >= $CFG['globaltime'] && !$bInvisible && $aAuthor[ONLINE] ? TRUE : FALSE; // For guests. if ($iPostAuthor == 0) { $strAuthorTitle = $aGroup[0]['usertitle']; list($strPostAuthor, $strPostBody) = explode("\n", $strPostBody); $strPostAuthor = htmlsanitize($strPostAuthor); } // Parse the message. $strPostBody = ParseMessage($strPostBody, $bDisableSmilies); // Parse the signature. $strAuthorSignature = ParseMessage($strAuthorSignature, FALSE); ?> <table bgcolor="<?php echo $CFG['style']['table']['bgcolor']; ?> " width="100%" cellspacing="1" cellpadding="4" border="0" align="center"> <tr> <td bgcolor="<?php echo $CFG['style']['table']['cellb']; ?>
"><?php echo htmlsanitize($aCategory[NAME]); ?> </option> <?php // Print the forums under this category. foreach ($aForums as $iBoardID => $aForum) { // Only process this forum if it's under the current category. if ($aForum[PARENT] == $iCategoryID) { // Print the forum. ?> <option value="<?php echo $iBoardID; ?> ">-- <?php echo htmlsanitize($aForum[NAME]); ?> </option> <?php } } } ?> </select> <input style="vertical-align: text-bottom;" name="submit" type="image" src="images/go.png" /> </form> </td> <td align="right" class="smaller" width="50%"> <table border="0" cellpadding="0" cellspacing="0"> <tr><td align="left"><b>Search this forum:</b></td></tr>
" /></td> </tr> <tr> <td bgcolor="<?php echo $CFG['style']['table']['cellb']; ?> " class="medium"> <b>File Name</b> <div class="smaller">This is the name of the smilie image (located in "<b><?php echo $CFG['paths']['smilies']; ?> </b>").</div> </td> <td bgcolor="<?php echo $CFG['style']['table']['cellb']; ?> "><input type="text" name="filename" size="35" maxlength="255" value="<?php echo htmlsanitize($aSmilie['filename']); ?> " /></td> </tr> </table> <div style="text-align: center;"><br /><input type="submit" name="submit" value="Save Changes" accesskey="s" /></div> </form> <?php // Footer require "./skins/{$CFG['skin']}/footer.tpl.php";
?> <a class="heading" style="font-weight: normal;" href="usercp.php?section=ignorelist&action=add&userid=<?php echo $aUserInfo[USERID]; ?> ">Add <b><?php echo htmlsanitize($aUserInfo[USERNAME]); ?> </b> to your Ignore list.</a><?php } else { if ($aUserInfo[IGNORED]) { ?> <a class="heading" style="font-weight: normal;" href="usercp.php?section=ignorelist&action=remove&userid=<?php echo $aUserInfo[USERID]; ?> ">Remove <b><?php echo htmlsanitize($aUserInfo[USERNAME]); ?> </b> from your Ignore list.</a><?php } } ?> </td> </tr> </table> <div class="smaller" align="left"><br /><?php echo TimeInfo(); ?> </div>
function ValidateIgnoreList($aIgnoreList) { global $CFG, $dbConn; // Put the array of ignorant usernames into a plaintext string for use in our SQL query. $strIgnoreList = implode("', '", array_map(array($dbConn, 'sanitize'), $aIgnoreList)); // Swap the keys with the values of the Ignore list array. $aIgnoreList = array_flip($aIgnoreList); // Empty all of the values, leaving only the keys (usernames). foreach ($aIgnoreList as $k => $v) { $aIgnoreList[$k] = NULL; } // Get the usernames of each of the ignorants in our list. $dbConn->query("SELECT id, username FROM citizen WHERE username IN ('{$strIgnoreList}')"); while ($aSQLResult = $dbConn->getresult(TRUE)) { // Store the ID in the Ignore list, corresponding with its username. $aIgnoreList[$aSQLResult['username']] = $aSQLResult['id']; } // Find any invalid usernames in the list. foreach ($aIgnoreList as $strUsername => $iUserID) { if ($iUserID == NULL) { // Return the error. $strUsername = htmlsanitize($strUsername); return array("'{$strUsername}' appears to be an invalid user."); } else { if ($iUserID == $_SESSION['userid']) { return array('You can\'t ignore yourself.'); } } } // Put the Ignore list into a plaintext string for use in our SQL query. $strIgnoreList = implode(',', $aIgnoreList); // Save the new Ignore list to the member's record. $dbConn->query("UPDATE citizen SET ignorelist='{$strIgnoreList}' WHERE id={$_SESSION['userid']}"); // Update the user's live Ignore list. $_SESSION['ignorelist'] = (array) array_values($aIgnoreList); // Get our Buddy list. $dbConn->query("SELECT buddylist FROM citizen WHERE id={$_SESSION['userid']}"); list($strBuddyList) = $dbConn->getresult(); // Remove our ignorants from our Buddy list. if ($strBuddyList) { $aBuddyList = array_diff(explode(',', $strBuddyList), $aIgnoreList); $strBuddyList = implode(',', $aBuddyList); $dbConn->query("UPDATE citizen SET buddylist='{$strBuddyList}'"); } // Show them the success page. ListSuccess('Ignore'); }
function AvatarTable($iAvatar, $aAvatars) { global $CFG; echo "\n\n<table cellpadding=\"10\" cellspacing=\"1\" border=\"0\" bgcolor=\"{$CFG['style']['table']['bgcolor']}\" align=\"center\">\n"; $iRowLength = 4; // Display the Avatars table. $i = 0; foreach ($aAvatars as $iAvatarID => $aAvatar) { // Get the avatar's properties. $strTitle = $aAvatar['title']; $strFilename = $aAvatar['filename']; // Where are we? switch ($i) { // First in row? case 0: // Start a new row AND print out a avatar. ?> <tr> <td align="center" bgcolor="<?php echo $CFG['style']['table']['cella']; ?> " class="medium"> <img src="<?php echo "{$CFG['paths']['avatars']}{$strFilename}"; ?> " alt="" /><br /> <input type="radio" name="avatarid" value="<?php echo $iAvatarID; ?> "<?php if ($iAvatar == $iAvatarID) { echo ' checked="checked"'; } ?> /><?php echo htmlsanitize($strTitle); ?> </td> <?php break; // Last in row? // Last in row? case $iRowLength: // Print out a avatar AND end the row. ?> <td align="center" bgcolor="<?php echo $CFG['style']['table']['cella']; ?> " class="medium"> <img src="<?php echo "{$CFG['paths']['avatars']}{$strFilename}"; ?> " alt="" /><br /> <input type="radio" name="avatarid" value="<?php echo $iAvatarID; ?> "<?php if ($iAvatar == $iAvatarID) { echo ' checked="checked"'; } ?> /><?php echo htmlsanitize($strTitle); ?> </td> </tr> <?php break; // In the middle? // In the middle? default: // Just print out a avatar. ?> <td align="center" bgcolor="<?php echo $CFG['style']['table']['cella']; ?> " class="medium"> <img src="<?php echo "{$CFG['paths']['avatars']}{$strFilename}"; ?> " alt="" /><br /> <input type="radio" name="avatarid" value="<?php echo $iAvatarID; ?> "<?php if ($iAvatar == $iAvatarID) { echo ' checked="checked"'; } ?> /><?php echo htmlsanitize($strTitle); ?> </td> <?php break; } // Update the position. if ($i != $iRowLength) { $i++; } else { $i = 0; } } // Clean-up. if ($i > 0 && $i < ++$iRowLength) { // Last avatar was in the middle, so we need to end the left-over row. for ($x = $i; $x < $iRowLength; $x++) { echo "\t<td align=\"center\" bgcolor=\"{$CFG['style']['table']['cella']}\" class=\"medium\"> </td>\n"; } echo "</tr>\n"; } echo "\n</table>\n\n"; }
" /></td> </tr> <tr> <td bgcolor="<?php echo $CFG['style']['table']['cella']; ?> " class="medium"> <b>File Name</b> <div class="smaller">This is the filename of the avatar image (located in "<b><?php echo $CFG['paths']['avatars']; ?> </b>").</div> </td> <td bgcolor="<?php echo $CFG['style']['table']['cella']; ?> "><input type="text" name="filename" size="35" maxlength="255" value="<?php echo htmlsanitize($aAvatar['filename']); ?> " /></td> </tr> </table> <div style="text-align: center;"><br /><input type="submit" name="submit" value="Add Avatar" accesskey="s" /></div> </form> <?php // Footer require "./skins/{$CFG['skin']}/footer.tpl.php";
<select name="forumid" onchange="window.location=('forumdisplay.php?forumid='+this.options[this.selectedIndex].value);"> <option>Please select one:</option> <?php // Print out all of the forums. reset($aCategory); while (list($iCategoryID) = each($aCategory)) { // Print the category. $aCategory[$iCategoryID] = htmlsanitize($aCategory[$iCategoryID]); echo "\t\t\t<option value=\"{$iCategoryID}\">{$aCategory[$iCategoryID]}</option>\n"; // Print the forums under this category. reset($aForum); while (list($iForumID) = each($aForum)) { // Only process this forum if it's under the current category. if ($aForum[$iForumID][0] == $iCategoryID) { // Print the forum. $aForum[$iForumID][1] = htmlsanitize($aForum[$iForumID][1]); echo "\t\t\t<option value=\"{$iForumID}\">-- {$aForum[$iForumID][1]}</option>\n"; } } } ?> </select> <input style="vertical-align: text-bottom;" name="submit" type="image" src="images/go.png" /> </form> </td> </tr> </table> <br /><br /><br /> <?php
<?php } // Display any events for this day. if (isset($aEvents[$iDay]) && $bInMonth) { ?> <div class="smaller" style="margin: 3px;"> <?php foreach ($aEvents[$iDay] as $iEventID => $aEvent) { // Only display if it's either public or if it's private and the user that created it is logged in. if ($aEvent[ISPRIVATE] == 0 || $aEvent[ISPRIVATE] == 1 && $_SESSION['userid'] == $aEvent[AUTHOR]) { ?> - <a href="calendar.php?action=viewevent&eventid=<?php echo $iEventID; ?> "><?php echo htmlsanitize($aEvent[TITLE]); ?> </a><br /> <?php } } ?> </div> <?php } ?> </td> <?php } // End the week row. echo "</tr>\n";
"><input type="text" name="mime" size="35" maxlength="255" value="<?php echo htmlsanitize($aAttachment['mime']); ?> " /></td> </tr> <tr> <td bgcolor="<?php echo $CFG['style']['table']['cellb']; ?> " class="medium"> <b>File Name</b> <div class="smaller">This is the name of the attachment icon image (located in "<b>images/attach/</b>").</div> </td> <td bgcolor="<?php echo $CFG['style']['table']['cellb']; ?> "><input type="text" name="filename" size="35" maxlength="255" value="<?php echo htmlsanitize($aAttachment['filename']); ?> " /></td> </tr> </table> <div style="text-align: center;"><br /><input type="submit" name="submit" value="Save Changes" accesskey="s" /></div> </form> <?php // Footer require "./skins/{$CFG['skin']}/footer.tpl.php";
">Remove</a>] </td> </tr> <?php break; // In the middle? // In the middle? default: // Just print out an icon. ?> <td align="center" bgcolor="<?php echo $CFG['style']['table']['cella']; ?> " class="small"> <div class="medium"><?php echo htmlsanitize($strTitle); ?> </div> <div><img src="<?php echo "{$CFG['paths']['posticons']}{$strFilename}"; ?> " alt="" /></div> [<a href="admincp.php?section=posticons&action=edit&posticonid=<?php echo $iPostIconID; ?> ">Edit</a>] [<a href="admincp.php?section=posticons&action=remove&posticonid=<?php echo $iPostIconID; ?> ">Remove</a>] </td> <?php
function GetLocation($strLastLocation, $aRequest) { global $CFG; // Sanitize the request array. $aRequest = array_map('urlencode', $aRequest); // Location descriptions $aLocations['admincp.php'][NULL] = 'Administrating...'; $aLocations['attachment.php'][NULL] = 'Viewing Attachment'; $aLocations['calendar.php'][NULL] = 'Viewing <a href="calendar.php">Calendar</a>'; $aLocations['calendar.php']['action=addevent'] = 'Adding Event to the <a href="calendar.php">Calendar</a>'; $aLocations['calendar.php']['action=viewevent'] = 'Viewing a Calendar Event'; $aLocations['editpost.php'][NULL] = 'Editing Post'; $aLocations['forumdisplay.php'][NULL] = 'Viewing <a href="forumdisplay.php?forumid={$aRequest[forumid]}">Forum</a>'; $aLocations['index.php'][NULL] = htmlsanitize($CFG['general']['name']) . ' <a href="index.php">Main Index</a>'; $aLocations['member.php'][NULL] = 'Recovering Member Details'; $aLocations['member.php']['action=getprofile'] = 'Viewing Profile of a Forum Member'; $aLocations['member.php']['action=login'] = '******'; $aLocations['member.php']['action=logout'] = 'Logging Out'; $aLocations['member.php']['action=request'] = 'Recovering Member Details'; $aLocations['member.php']['action=reset'] = 'Resetting Member Details'; $aLocations['member.php']['action=mailuser'] = '******'; $aLocations['memberlist.php'][NULL] = 'Viewing <a href="memberlist.php">Memberlist</a>'; $aLocations['mod.php'][NULL] = 'Moderating'; $aLocations['newreply.php'][NULL] = 'Replying to <a href="thread.php?threadid={$aRequest[threadid]}">Thread</a>'; $aLocations['newthread.php'][NULL] = 'Posting New Thread'; $aLocations['online.php'][NULL] = 'Viewing <a href="online.php">Who\'s Online</a>'; $aLocations['poll.php'][NULL] = 'Using the Polling System'; $aLocations['poll.php']['action=newpoll'] = 'Posting New Poll'; $aLocations['poll.php']['action=vote'] = 'Voting in Poll'; $aLocations['poll.php']['action=showresults'] = 'Viewing Results of <a href="poll.php?action=showresults&pollid={$aRequest[pollid]}">Poll</a>'; $aLocations['posters.php'][NULL] = 'Viewing Who Posted in Thread'; $aLocations['private.php'][NULL] = 'Using the Private Messaging System'; $aLocations['private.php']['action=viewmessage'] = 'Reading a Private Message'; $aLocations['private.php']['action=newmessage'] = 'Sending a Private Message'; $aLocations['private.php']['action=reply'] = 'Replying to a Private Message'; $aLocations['register.php'][NULL] = 'Registering...'; $aLocations['search.php'][NULL] = 'Searching Forums'; $aLocations['thread.php'][NULL] = 'Viewing <a href="thread.php?threadid={$aRequest[threadid]}">Thread</a>'; $aLocations['thread.php']['action=showpost'] = 'Viewing <a href="thread.php?action=showpost&postid={$aRequest[postid]}">Post</a>'; $aLocations['usercp.php'][NULL] = 'Viewing User Control Panel'; $aLocations['usercp.php']['section=profile'] = 'Editing Forum Profile'; $aLocations['usercp.php']['section=options'] = 'Editing Forum Options'; $aLocations['usercp.php']['section=avatar'] = 'Updating User Avatar'; $aLocations['usercp.php']['section=password'] = '******'; $aLocations['usercp.php']['section=buddylist'] = 'Editing Buddy List'; $aLocations['usercp.php']['section=ignorelist'] = 'Editing Ignore List'; // Are they viewing a page that has more than one location description entry? if (count($aLocations[$strLastLocation]) > 1) { // Yes. Look for the entry that has a querystring that matches the user's location. foreach ($aLocations[$strLastLocation] as $strQueryString => $v) { // Extract the querystring. parse_str($strQueryString, $x); // Parse the querystring. foreach ($x as $k => $v) { if ($aRequest[$k] != $v) { $bNoMatch = TRUE; break; } } // Do the querystrings match? if (!$bNoMatch) { // Yes, use that location description. $strLocationDesc = $aLocations[$strLastLocation][$strQueryString]; } else { // Unset the flag. unset($bNoMatch); } } // Did we find a location description? if (!$strLocationDesc) { // No, so they must be viewing the root page. $strLocationDesc = $aLocations[$strLastLocation][NULL]; } } else { // No. $strLocationDesc = $aLocations[$strLastLocation][NULL]; } // Parse the location description. $strLocationDesc = str_replace('"', '\\"', $strLocationDesc); @eval("\$strLocationDesc = \"{$strLocationDesc}\";"); // Return the location description. return $strLocationDesc; }
"><input type="text" name="groupname" size="35" maxlength="255" value="<?php echo htmlsanitize($aUsergroup['groupname']); ?> " /></td> </tr> <tr> <td bgcolor="<?php echo $CFG['style']['table']['cella']; ?> " class="medium"><b>User Status</b></td> <td bgcolor="<?php echo $CFG['style']['table']['cella']; ?> "><input type="text" name="usertitle" size="35" maxlength="255" value="<?php echo htmlsanitize($aUsergroup['usertitle']); ?> " /></td> </tr> <tr class="section"> <td colspan="2" class="medium">User Permissions</td> </tr> <tr> <td bgcolor="<?php echo $CFG['style']['table']['cellb']; ?> " class="medium"><b>Can view attachments?</b></td> <td bgcolor="<?php echo $CFG['style']['table']['cellb'];
<table cellpadding="4" cellspacing="1" border="0" bgcolor="<?php echo $CFG['style']['table']['bgcolor']; ?> " width="100%" align="center"> <tr class="heading"> <td width="10%" align="center" valign="middle" class="smaller">Delete?</td> <td width="90%" align="center" valign="middle" class="smaller">Post</td> </tr> <?php // Display the posts. foreach ($aPosts as $iPostID => $aPost) { // Store the post information temporarily. $iAuthorID = $aPost[AUTHOR]; $strAuthor = htmlsanitize($aUsernames[$aPost[AUTHOR]]); $tPostDate = $aPost[POSTDATE]; $strPost = ParseMessage($aPost[BODY], TRUE, TRUE); // Set the color. $strColor = $strColor == $CFG['style']['table']['cella'] ? $CFG['style']['table']['cellb'] : $CFG['style']['table']['cella']; ?> <tr> <td bgcolor="<?php echo $strColor; ?> " class="smaller" align="center" valign="middle"> <input type="checkbox" name="postid[]" value="<?php echo $iPostID; ?> " checked="checked" />