function games_game_save($options)
{
// Make handle from title
$handle = isset($_POST['handle']) ? $_POST['handle'] : url_secure_string($_POST['title']);
// Make array of controls
$controls = array();
for ($i = 0; $i < 8; $i++) {
$controls[$i]['combination'] = $_POST['key_' . $i];
$controls[$i]['description'] = $_POST['action_' . $i];
}
$release = isset($_POST['release_now']) ? time() : strtotime($_POST['release']);
$query_insert = 'INSERT INTO games (handle, title, description, controls, `release`, highscore_gname)';
$query_insert .= ' VALUES ("' . $handle . '", "' . $_POST['title'] . '", "' . $_POST['description'] . '", "' . mysql_real_escape_string(serialize($controls)) . '", ' . $release . ', "' . $_POST['highscore_gname'] . '")';
$query_update = 'UPDATE games SET title = "' . $_POST['title'] . '"';
$query_update .= ', description = "' . $_POST['description'] . '", controls = "' . mysql_real_escape_string(serialize($controls)) . '"';
$query_update .= ', `release` = "' . $release . '"';
$query_update .= ', highscore_gname = "' . $_POST['highscore_gname'] . '"';
$query_update .= ' WHERE handle = "' . $handle . '"';
log_to_file('games', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'query_insert: ' . $query_insert);
if (!mysql_query($query_insert)) {
log_to_file('games', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'query_update: ' . $query_update);
mysql_query($query_update) or die(report_sql_error($query_update));
} else {
jscript_alert('Scheduling release');
$schedule['item_id'] = mysql_insert_id();
$schedule['type'] = 'new_game';
$schedule['data'] = serialize($_POST);
$schedule['release'] = $release;
schedule_event_add($schedule);
}
$query = 'SELECT id, handle FROM games WHERE handle = "' . $handle . '"';
$result = mysql_query($query) or die(report_sql_error($query));
if ($data = mysql_fetch_assoc($result)) {
$game_id = $data['id'];
$game_handle = $data['handle'];
}
//save tags
global $game_tags;
foreach ($game_tags as $handle) {
if (isset($_POST['chk_tag_' . $handle])) {
$save['tag_handle'][] = $handle;
}
}
$save['item_id'] = $game_id;
$save['object_type'] = 'game';
tag_set_wrap($save);
unset($save);
$save['item_id'] = $game_id;
$save['object_type'] = 'game';
$save['add'] = true;
foreach (explode(',', $_POST['tags']) as $keyword) {
$keyword = trim($keyword);
$save['tag_label'][] = $keyword;
}
tag_set_wrap($save);
/* Resize, convert and save the uploaded thumbnail */
if (strlen($_FILES['thumbnail']['tmp_name']) > 1) {
system('convert ' . $_FILES['thumbnail']['tmp_name'] . ' -resize 120x90! /mnt/images/games/' . $game_handle . '.png');
echo 'Running: convert ' . $_FILES['thumbnail']['tmp_name'] . ' -resize 120x90! /mnt/images/games/' . $game_handle . '.png';
}
echo '<p>Nu är spelet sparat och spelets handle är: ' . $game_handle . '</p>' . "\n";
echo 'game_id = ' . $game_id . '<br />' . "\n";
return $game_handle;
}
$out .= '</form>';
$avatar_full_filename = $avatar_path_full . $_SESSION['login']['id'] . '.jpg';
if (is_file($avatar_full_filename)) {
$out .= '<h2 style="margin: 0px; ">Din nuvarande bild:</h2>';
$out .= insert_avatar($_SESSION['login']['id'], 'style="border: 1px solid #333333;"');
$out .= '<br /><b><a href="' . $_SERVER['PHP_SELF'] . '?action=delete">» Ta bort bilden</a></b>';
}
} elseif ($_GET['step'] == '2') {
if (!is_file($avatar_tmp_orginal_filename)) {
jscript_alert('Någonting blev fel vid uppladdningen av bilden, försök igen!');
jscript_go_back();
die;
}
$copy_data = read_copy_protection($avatar_tmp_orginal_filename);
if ($copy_data['copyright'] == 1 && $_SESSION['login']['id'] != $copy_data['userid']) {
jscript_alert('Den gubben gick inte');
jscript_go_back();
die;
}
$avatar_height = intval(exec('identify ' . $avatar_tmp_orginal_filename . ' | cut -f3 -d" " | cut -f2 -d"x" | cut -f1 -d"+"'));
$flash_height = $avatar_height + 70;
//$crop_width = $avatar_height * 0.75;
$crop_width = intval($avatar_height * 0.75);
$out .= '<h1 style="margin: 0px; ">Skala och beskär ditt foto (steg 2)</h1>';
$out .= 'Här kan du beskära och klippa ut valt område från ditt foto. Alla foton kommer klippas ut med ration 3:4.<br /><br />';
$out .= '» Vill du ladda upp en annan bild så gå tillbaka till <a href="avatar-settings.php';
if (isset($_GET['registerproccess'])) {
$out .= '?registerproccess=1';
}
$out .= '">uppladdningen</a>.<br/>';
$swfurl = 'cropper.swf?cropheight=' . $avatar_height . '&cropwidth=' . $crop_width . '&imageFile=' . $avatar_tmp_orginal_url . '&postFile=avatar-settings.php?action=crop';
<?php
require 'include/core/common.php';
//session_start();
require_once PATHS_LIBRARIES . 'admin.lib.php';
$_GET['id'] = intval($_GET['id']);
if (!is_numeric($_GET['id']) && isset($_GET['id'])) {
die('FISK ' . $_GET['id']);
}
if (isset($_GET['refuse']) && is_numeric($_GET['refuse']) && login_checklogin() && is_privilegied('avatar_admin')) {
refuse_image($_GET['refuse'], $_SESSION['login']['username']);
jscript_alert('Borttaget!');
jscript_selfclose();
die;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Visningsbild på Hamsterpaj</title>
<link rel="icon" href="http://images.hamsterpaj.net/favicon.png" type="image/x-icon" />
<link rel="shortcut icon" href="http://images.hamsterpaj.net/favicon.png" type="image/x-icon" />
<style type="text/css">
@import url('/stylesheets/avatar.css');
@import url('/stylesheets/shared.css');
</style>
<script type="text/javascript" language="javascript" src="/javascripts/avatar.js"></script>
</head>
}
echo '<a href="?page=' . ($page + 1) . '" class="ascii_art_next">Nästa sida »</a>' . "\n";
echo '<br style="clear: both;" />' . "\n";
if (is_privilegied('ascii_art_admin')) {
if (isset($_GET['delete']) && is_numeric($_GET['delete']) && (int) $_GET['delete'] > 0) {
$query = 'DELETE FROM ascii_art WHERE id = ' . $_GET['delete'] . ' LIMIT 1';
mysql_query($query) or report_sql_error($query);
jscript_alert('Go, went och... GONE!');
jscript_location('ascii_art.php');
}
}
if (is_privilegied('ascii_art_admin')) {
if (isset($_POST['title'], $_POST['the_art'])) {
$query = 'INSERT INTO ascii_art (title, the_art) VALUES ("' . $_POST['title'] . '", "' . $_POST['the_art'] . '")';
mysql_query($query) or report_sql_error($query);
jscript_alert('Vi har nu lagt till ASCII-arten i databasen. Det kan dröja upp till 60 sekunder innan den dyker upp bland de andra ASCII-artsen!');
jscript_location('ascii_art.php');
}
echo rounded_corners_top(array('color' => 'white'));
?>
<form method="post" action="<?php
echo $_SERVER['PHP_SELF'];
?>
">
<input type="text" name="title" /> (titel)<br />
<textarea name="the_art" style="width: 100%; height: 300px"></textarea><br />
<input type="submit" value="Skapa" class="button_80" />
</form>
<?php
echo rounded_corners_bottom();
}
<?php
try {
require '../include/core/common.php';
if (!is_privilegied('gb_autoreport')) {
jscript_alert('Denna sida kräver privilegiet: gb_autoreport');
jscript_location('/');
die('inte för dig...');
}
if (isset($_GET['action'])) {
$action = $_GET['action'];
} else {
throw new Exception('No action in get data recieved');
}
switch ($action) {
case 'post_validate':
if (!is_numeric($_GET['id'])) {
throw new Exception('ID not numeric');
}
$query = 'UPDATE gb_autoreport_posts SET checked = 1 WHERE id = ' . $_GET['id'];
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
if ($_GET['return'] == true) {
header('Location: /admin/gb_autoreport.php');
}
break;
default:
throw new Exception('Action not found');
break;
}
} catch (Exception $error) {
echo '<div class="form_notice_error">';
function delete_entry($entry_id, $recipient)
{
$delete_sql = 'UPDATE traffa_guestbooks SET deleted = 1 WHERE id = ' . $entry_id . ' AND recipient = ' . $recipient . ' AND `read` = 1 LIMIT 1';
mysql_query($delete_sql) or die('Ett kritiskt fel har uppstått! Felet uppstod i delete_entry().<br />Felinfo:<br />' . mysql_error());
if (mysql_affected_rows() != 1) {
jscript_alert('Ett fel har uppstått! Det verkar som om du försökt att ta bort någon annans inlägg!');
return 0;
}
$update_sql = 'UPDATE traffa SET guestbook_entries = guestbook_entries - 1 WHERE userid = ' . $recipient . ' LIMIT 1';
mysql_query($update_sql) or die('Ett kritiskt fel har inträffat! Felet uppstod i delete_entry() när inläggsräknaren skulle uppdateras.<br />Felinfo:<br />' . mysql_error());
return 1;
}
<?php
require '../include/core/common.php';
require $hp_includepath . 'admin-functions.php';
$ui_options['current_menu'] = 'admin';
ui_top($ui_options);
if (!is_privilegied('logout_user')) {
die;
}
if (!isset($_GET['action'])) {
echo 'vad görru!!!';
} elseif ($_GET['action'] == 'logout') {
$query = 'SELECT id, session_id FROM login WHERE username = "******"';
$result = mysql_query($query) or report_sql_error($query);
if (mysql_num_rows($result) > 0) {
$data = mysql_fetch_assoc($result);
$user_to_sess = $data['session_id'];
$userid = $data['id'];
unlink('/var/lib/php/session2/sess_' . $user_to_sess);
$query = 'UPDATE login SET lastaction = "0" WHERE id = "' . $userid . '"';
mysql_query($query) or report_sql_error($query);
log_admin_event('user kicked', $_GET['username'] . ' was loged out by ' . $_SESSION['login']['username'], $_SESSION['login']['id'], $userid, $userid);
jscript_alert('Personen är nu utloggad');
} else {
jscript_alert('Hittade inte användaren...');
}
jscript_go_back();
}
ui_bottom();
<?php
require '../include/core/common.php';
$ui_options['menu_path'] = array('admin', 'ov_watch');
$ui_options['stylesheets'][] = 'forms.css';
$ui_options['stylesheets'][] = 'ov_watch.css';
if (!is_privilegied('use_statistic_tools')) {
jscript_alert('Denna sida kräver privilegiet: use_statistic_tools');
jscript_location('/');
die('inte för dig...');
}
// action types
$action_types = array('post removed' => array('name' => 'Borttagna inlägg', 'privilegie' => 'discussion_forum_remove_posts'), 'avatar validated' => array('name' => 'Validerade avatarer', 'privilegie' => 'avatar_admin'), 'ghost' => array('name' => 'Ghostade användare', 'privilegie' => 'use_ghosting_tools'), 'guestbook_hack' => array('name' => 'GB-hackade användare', 'privilegie' => 'use_ghosting_tools'), 'ip banned' => array('name' => 'IP-bannade användare', 'privilegie' => 'ip_ban_admin'), 'user blocked image upload' => array('name' => 'Avataruppladdningsblockeringar', 'privilegie' => 'avatar_admin'), 'user kicked' => array('name' => 'Utloggningar av användare', 'privilegie' => 'logout_user'), 'user recovered' => array('name' => 'Återskapande av användare', 'privilegie' => 'recover_user'), 'user warned' => array('name' => 'Varnade användare', 'privilegie' => 'warnings_admin'), 'user removed' => array('name' => 'Borttagna användare', 'privilegie' => 'remove_user'));
$out .= '<fieldset>' . "\n";
$out .= '<legend>Visa statistik från</legend>' . "\n";
$out .= '<form method="get">' . "\n";
$out .= '<table class="form">' . "\n";
$out .= '<tr>' . "\n";
$out .= '<td><label for="action">Typ av åtgärd:</label></td>' . "\n";
$out .= '<td>' . "\n";
$out .= '<select name="action">' . "\n";
foreach ($action_types as $action => $option) {
$out .= '<option value="' . $action . '">' . $option['name'] . '</option>' . "\n";
}
$out .= '</select>' . "\n";
$out .= '</td>' . "\n";
$out .= '<td><label for="days">Antal dagar:</label></td>' . "\n";
$out .= '<td><input type="text" name="days" /></td>' . "\n";
$out .= '</tr>' . "\n";
$out .= '</table>' . "\n";
$out .= '<input type="submit" value="Filtrera" />' . "\n";
jscript_go_back();
break;
case 'read':
traffa_draw_user_div($_SESSION['login']['id'], $_SESSION);
if (!messages_view($_GET['message_id'], $_SESSION['login']['id']) || !is_numeric($_GET['message_id'])) {
jscript_alert('Ett problem uppstod när meddelandet skulle visas. Du kanske inte kan läsa detta meddelande.');
jscript_location($_SERVER['PHP_SELF']);
}
break;
case 'conversation':
$options = array('mode' => 'conversation', 'user' => $_GET['user'], 'order' => $_GET['order'], 'direction' => $_GET['direction'], 'offset' => $_GET['offset']);
messages_list($_SESSION['login']['id'], $options);
break;
case 'list_sent':
traffa_draw_user_div($_SESSION['login']['id'], $_SESSION);
$options = array('order' => $_GET['order'], 'mode' => 'sent', 'direction' => $_GET['direction'], 'offset' => $_GET['offset']);
messages_list($_SESSION['login']['id'], $options);
break;
case 'inbox':
traffa_draw_user_div($_SESSION['login']['id'], $_SESSION);
$options = array('order' => $_GET['order'], 'mode' => 'recieved', 'direction' => $_GET['direction'], 'offset' => $_GET['offset']);
messages_list($_SESSION['login']['id'], $options);
messages_pre_compose();
break;
default:
jscript_alert('Ett okänt action-värde skickades! Dödar scriptet.');
die;
break;
}
echo '</div>';
ui_bottom();
echo '<form action="' . $_SERVER['PHP_SELF'] . '?action=update" method="post">' . "\n";
echo '<input type="hidden" name="id" value="' . $data['id'] . '" />' . "\n";
echo '<h5>Förkortning</h5>' . "\n";
echo '<input type="text" name="acronym" value="' . $data['acronym'] . '" />' . "\n";
echo '<h5>Betydelse</h5>' . "\n";
echo '<input type="text" class="inp_meaning" name="meaning" value="' . $data['meaning'] . '" />' . "\n";
echo '<h5>Förklaring</h5>' . "\n";
echo '<textarea name="explanation" class="txt_explanation">' . $data['explanation'] . '</textarea>' . "\n";
echo '<input type="submit" class="button" value="Spara ändringar" />' . "\n";
echo '</form>' . "\n";
echo '</div>' . "\n";
}
if (isset($_GET['report']) && is_numeric($_GET['report']) && is_privilegied('abbr_admin')) {
$query = 'UPDATE acronyms SET reports = reports + 1 WHERE id = ' . $_GET['report'] . ' LIMIT 1';
mysql_query($query) or die(report_sql_error($query));
jscript_alert('Tackar, en ordningsvakt kommer att kika på din rapport');
}
if ($_GET['action'] == 'verify' && is_numeric($_GET['id']) && is_privilegied('abbr_admin')) {
$query = 'UPDATE acronyms SET verified = 1, reports = 0 WHERE id = ' . $_GET['id'] . ' LIMIT 1';
mysql_query($query) or die(report_sql_error($query));
}
if ($_GET['action'] == 'update' && is_privilegied('abbr_admin')) {
$query = 'UPDATE acronyms SET acronym = "' . $_POST['acronym'] . '", meaning = "' . $_POST['meaning'] . '", explanation = "';
$query .= $_POST['explanation'] . '", reports = 0, verified = 1 WHERE id = ' . $_POST['id'] . ' LIMIT 1';
mysql_query($query) or die(report_sql_error());
$_GET['id'] = $_POST['id'];
}
function acro_fetch($letter = 'a')
{
$query = 'SELECT id, acronym, meaning, explanation, reports, verified FROM acronyms';
$query .= ' WHERE acronym LIKE "' . $letter . '%"';
<?php
require '../include/core/common.php';
$ui_options['menu_path'] = array('traeffa', 'grupper');
$ui_options['title'] = 'Gruppnotiser - Hamsterpaj.net';
ui_top($ui_options);
if (login_checklogin() != 1) {
jscript_alert('Du måste vara inloggad för att komma åt denna sidan!');
jscript_location('index.php');
}
$output .= rounded_corners_top(array('color' => 'blue'));
echo '<h2 style="margin-top: 0px;">Nya inlägg i dina grupper</h2>';
foreach ($_SESSION['groups_members'] as $key => $value) {
$query = 'SELECT groups_list.message_count, groups_members.read_msg, groups_list.name, groups_members.notices FROM groups_members, groups_list ';
$query .= 'WHERE groups_members.groupid = ' . $value . ' AND groups_list.groupid = ' . $value;
$query .= ' AND groups_members.userid =' . $_SESSION['login']['id'];
$result = mysql_query($query) or die(report_sql_error($query));
$data = mysql_fetch_assoc($result);
if ($data['notices'] == "Y") {
$new_posts = $data['message_count'] - $data['read_msg'];
if ($new_posts > 0) {
echo '<strong>';
}
}
echo '<a href="groups.php?action=goto&groupid=' . $value . '">' . $data['name'] . '</a>';
if ($data['notices'] == "Y") {
echo ' - ' . $new_posts . ' nya inlägg.';
if ($new_posts > 0) {
echo '</strong>';
}
} else {
$ui_options['javascripts'][] = 'codepress.js';
$ui_options['javascripts'][] = 'rank.js';
$ui_options['stylesheets'][] = 'photos.css';
$ui_options['javascripts'][] = 'photos.js';
if (is_privilegied('articles_admin')) {
$display_successful_message = false;
for ($i = 0; $i < PHOTOS_MAX_UPLOADS; $i++) {
if (is_uploaded_file($_FILES['photo_' . $i]['tmp_name'])) {
$options['file'] = $_FILES['photo_' . $i]['tmp_name'];
$options['user'] = 2348;
$options['description'] = $_POST['description_' . $i];
$options['category'] = $_POST['category_' . $i];
$category = photos_get_categories(array('user' => $options['user'], 'name' => $options['category'], 'create_if_not_found' => true));
$category = array_pop($category);
$query = 'UPDATE articles SET photo_category_id = "' . $category['id'] . '" WHERE id = "' . $_GET['article_id'] . '" LIMIT 1';
jscript_alert($query);
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$photo_id = photos_upload($options);
$display_successful_message = true;
}
}
if ($display_successful_message) {
$upload_form .= rounded_corners_top(array('color' => 'blue_deluxe'), true);
$upload_form .= 'Bilderna är uppladdade!';
$upload_form .= rounded_corners_bottom(array('color' => 'blue_deluxe'), true);
}
$upload_form .= photos_upload_form(array('user' => 2348));
}
ui_top($ui_options);
echo $upload_form;
echo $_POST['category_' . $i];
</script></form>
<?php
break;
case 'organize':
if ($_GET['perform'] == 'true') {
$explosion = explode(',', $_POST['order']);
for ($i = 0; $i < count($explosion); $i++) {
$positions[$explosion[$i]] = $i + 1;
}
foreach ($_POST as $input => $value) {
print_r($_POST);
if (is_numeric($input)) {
if (strlen(trim($value)) < 2) {
echo jscript_alert('Kunde inte byta namn på kategori ' . $categories[$input]['title'] . ', det nya namnet är för kort.');
} else {
$query = 'UPDATE photo_albums SET title = "' . $value . '", position = "' . $positions[$input] . '" WHERE owner = "' . $_SESSION['login']['id'] . '" AND id ="' . $input . '" LIMIT 1';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
}
}
}
jscript_location('/traffa/profile.php?id=' . $_SESSION['login']['id']);
}
echo '<h2>Flytta och byt namn på dina fotoalbum</h2>';
echo '<form name="form" action="' . $_SERVER['PHP_SELF'] . '?id=' . $_GET['id'] . '&action=organize&perform=true" method="post"';
echo ' onSubmit="inspect(\'testlist\');">';
?>
<script src="/include/jsdragdrop/prototype.js" type="text/javascript"></script>
<script src="/include/jsdragdrop/scriptaculous.js" type="text/javascript"></script>
<style>
break;
case 'update':
$query = 'SELECT author FROM suggestions WHERE id = "' . $_POST['id'] . '" LIMIT 1';
$result = mysql_query($query);
if (mysql_num_rows($result) == 1) {
$data = mysql_fetch_assoc($result);
$message['recipient'] = $data['author'];
$message['sender'] = 2348;
$message['message'] = 'Hej, ditt förslag har uppdaterats, ny status för ditt förslag är: ' . $SUGGESTIONS['classifications'][$_POST['classification']]['label'] . '!' . "\n";
$message['message'] .= strlen($_POST['responsible_username']) > 1 ? 'Ansvarig för ditt förslag är: ' . $_POST['responsible_username'] : '';
$message['message'] .= "\n" . 'Texten i det berörda förslaget lyder: ' . "\n" . $_POST['text'];
$message['message'] .= "\n\n" . 'Svaret på ditt förslag lyder: ' . "\n" . $_POST['reply'];
guestbook_insert($message);
}
suggestion_update($_POST);
jscript_alert('Fixat och donat!');
jscript_location('/hamsterpaj/suggestions.php?action=view_waiting');
break;
case 'delete':
$options['id'] = $_GET['id'];
$options['display_level'] = 'removed';
suggestion_update($options);
break;
case 'view_waiting':
echo '<h1>Förslag som väntar på att granskas</h1>';
$fetch['classification'] = array('waiting');
$suggestions = suggestion_fetch($fetch);
suggestion_list($suggestions);
break;
case 'processed':
echo '<h1>Förslag som vi granskat</h1>' . "\n";
} else {
event_log_log('classic_reg_form_sign_up');
/* Input from user is OK, create rows in required tables */
$query = 'INSERT INTO login(username, password, regtimestamp, regip, lastlogon) ';
$query .= 'VALUES ("' . $_POST['username'] . '", "' . md5(utf8_decode($_POST['password'])) . '", "';
$query .= time() . '", "' . $_SERVER['REMOTE_ADDR'] . '", "")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
$user_id = mysql_insert_id();
$query = 'INSERT INTO userinfo (userid) VALUES ("' . $user_id . '")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
$query = 'INSERT INTO traffa (userid) VALUES ("' . $user_id . '")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
$query = 'INSERT INTO preferences (userid) VALUES ("' . $user_id . '")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
/* Rows created, log on the user */
login_dologin($_POST['username'], $_POST['password']);
/* Redirect to welcome page asking the user for more information */
jscript_alert('Du kan numera känna dig som en riktig Hamsterpajare!\\nVi loggar in dig på ditt konto nu.');
jscript_location('/registered.php');
}
} else {
regform_header_p13();
regform_header_welcome();
register_form();
event_log_log('classic_reg_form_load');
}
ui_bottom();
?>
$out .= '<h2>Senast besvarade frågan</h2>' . "\n";
$out .= sex_sense_render_posts($questions);
$category = array_pop(sex_sense_fetch_categories(array('parent_category' => 0)));
$out .= '<h2>Välj en kategori att kika runt i</h2>' . "\n";
$out .= sex_sense_render_category($category);
break;
case 'new_question':
$ui_options['menu_path'] = array('sex_sense', 'question');
if (login_checklogin()) {
$out .= sex_sense_new_question_form();
}
break;
case 'save_new_question':
if (login_checklogin()) {
sex_sense_new_question_create(array('user_id' => $_SESSION['login']['id'], 'question' => $_POST['question']));
jscript_alert('Tack för din fråga! Du kommer att få ett privat gästboksinlägg så fort din fråga är besvarad :)');
jscript_location('/sex_och_sinne/');
exit;
} else {
$out .= '<h2>Din fråga kunde inte skapas!</h2><pre>' . $_POST['question'] . '</pre>';
throw new Exception('Du måste vara inloggad för att skapa nya frågor.');
}
break;
case 'latest':
$ui_options['menu_path'] = array('sex_sense', 'latest');
$category = array_pop(sex_sense_fetch_categories(array('parent_category' => 0)));
$out .= sex_sense_render_category($category);
$out .= '<h2>Senast besvarade frågorna</h2>';
$options['order'] = 'DESC';
$options['order_by'] = 'last_answer';
$options['is_answered'] = 1;
function ui_top($options = array())
{
/* Den här raden skapades när nya ui_top skapades. Låt den vara kvar, så kommer man ha något att le åt av nostalgiska syften. 2008-08-15, Joel.
*/
if (rand(0, 73) == 50) {
$query = 'UPDATE pageviews SET views = views + 73 WHERE date = "' . date('Y-m-d') . '" LIMIT 1';
mysql_query($query);
if (mysql_affected_rows() == 0) {
$query = 'INSERT INTO pageviews (views, date) VALUES(73, "' . date('Y-m-d') . '")';
mysql_query($query);
}
}
if (login_checklogin() && rand(1, 5) == 2) {
$query = 'UPDATE login SET lastrealaction="' . time() . '" WHERE id="' . $_SESSION['login']['id'] . '"';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
}
if (isset($_SERVER['HTTP_REFERER']) && preg_match('/hamsterpaj\\.eu/', $_SERVER['HTTP_REFERER'])) {
header('Location: http://child-abuse-trap.telia.se/');
}
$options['adtoma_category'] = isset($options['adtoma_category']) ? $options['adtoma_category'] : 'other';
define('ADTOMA_CATEGORY', $options['adtoma_category']);
$output = '';
$output .= '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"' . "\n";
$output .= ' "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">' . "\n";
$output .= '<html xmlns="http://www.w3.org/1999/xhtml">' . "\n";
$output .= ' <head>' . "\n";
$options['meta_description'] = isset($options['meta_description']) ? $options['meta_description'] : '';
$options['meta_keywords'] = isset($options['meta_keywords']) ? $options['meta_keywords'] : '';
$output .= '<meta name="description" content="' . $options['meta_description'] . '" />' . "\n";
$output .= '<meta name="keywords" content="' . $options['meta_keywords'] . '" />' . "\n";
$output .= '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />' . "\n";
$output .= '<meta http-equiv="X-UA-Compatible" content="IE=8" />' . "\n";
$options['title'] = isset($options['title']) ? $options['title'] : 'Hamsterpaj.net - Onlinespel, community, forum och annat kul ;)';
$output .= ' <title>' . $options['title'] . '</title>' . "\n";
$output .= ' <link rel="icon" href="http://images.hamsterpaj.net/favicon.png" type="image/x-icon" />' . "\n";
$output .= ' <link rel="shortcut icon" href="http://images.hamsterpaj.net/favicon.png" type="image/x-icon" />' . "\n";
$options['stylesheets'] = isset($options['stylesheets']) && is_array($options['stylesheets']) ? $options['stylesheets'] : array();
// Stylesheets
array_unshift($options['stylesheets'], 'ui.css');
$options['stylesheets'][] = 'shared.css';
$options['stylesheets'][] = 'new_guestbook.css';
$options['stylesheets'][] = 'poll.css';
$options['stylesheets'][] = 'ui_modules.css';
$today_day = date('j');
if (date('m') == 12 && $today_day >= 1 && $today_day <= 24) {
$options['stylesheets'][] = 'ui_christmas.css';
}
// Remove duplicates
$options['stylesheets'] = array_unique($options['stylesheets']);
$output .= '<style type="text/css">' . "\n";
foreach ($options['stylesheets'] as $stylesheet) {
$output .= '@import url(\'/stylesheets/' . $stylesheet . '?version=' . filemtime(PATHS_WEBROOT . 'stylesheets/' . $stylesheet) . '\');' . "\n";
}
$output .= '</style>' . "\n";
$options['adtoma_category'] = isset($options['adtoma_category']) ? $options['adtoma_category'] : 'other';
define('ADTOMA_CATEGORY', $options['adtoma_category']);
// Create HP namespace...
$output .= '<script type="text/javascript" language="javascript">var hp = new Object();</script>' . "\n";
$output .= '<script type="text/javascript" language="javascript">' . 'hp.login_checklogin = function(){ return ' . (login_checklogin() ? 'true' : 'false') . '; }' . '</script>' . "\n";
$options['javascripts'] = isset($options['javascripts']) && is_array($options['javascripts']) ? $options['javascripts'] : array();
$javascripts_path = PATHS_WEBROOT . 'javascripts/';
global $js_compress_important_files;
// standard_javascripts.conf.php
if (ENVIRONMENT == 'development') {
foreach ($js_compress_important_files as $javascript) {
$output .= '<script type="text/javascript" language="javascript" src="/javascripts/' . $javascript . '?version=' . filemtime(PATHS_WEBROOT . 'javascripts/' . $javascript) . '"></script>' . "\n";
}
foreach ($options['javascripts'] as $javascript) {
$output .= '<script type="text/javascript" language="javascript" src="/javascripts/' . $javascript . '"></script>' . "\n";
}
} else {
$output .= '<script type="text/javascript" language="javascript" src="/javascripts/merge_' . filemtime(PATHS_STATIC . 'javascripts/merged.js') . '.js"></script>' . "\n";
$options['javascripts'] = array_unique($options['javascripts']);
foreach ($options['javascripts'] as $javascript) {
$internal_path = PATHS_STATIC . 'javascripts/specified/' . $javascript;
if (!in_array($javascript, $js_compress_important_files) && file_exists($internal_path)) {
$output .= '<script type="text/javascript" language="javascript" src="/javascripts/compressed_' . preg_replace('/\\.js$/i', '', $javascript) . '_' . filemtime($internal_path) . '.js"></script>' . "\n";
}
}
}
$output .= isset($options['header_extra']) ? $options['header_extra'] : '';
$output .= '<script type="text/javascript" src="http://nyheter24.se/template/1-0-1/javascript/ads.js?20090605"></script>';
$output .= '<script type="text/javascript">Ads.init(\'http://ads.nyheter24.se/\', false);</script>';
$output .= '</head> ' . "\n";
$output .= '<body' . (isset($options['body_extra']) ? ' ' . $options['body_extra'] : '') . '>' . "\n";
$output .= '<script type="text/javascript">' . "\n";
$adtoma_gender = in_array($_SESSION['userinfo']['gender'], array('P', 'F')) ? $_SESSION['userinfo']['gender'] : 'xx';
$adtoma_age = $_SESSION['userinfo']['birthday'] != '0000-00-00' ? date_get_age($_SESSION['userinfo']['birthday']) : 'xx';
$adtoma_birthyear = $_SESSION['userinfo']['birthday'] != '0000-00-00' ? substr($_SESSION['userinfo']['birthday'], 0, 4) : 'xx';
$output .= "\t" . 'var CM8Server = "ad.adtoma.com";' . "\n";
$output .= "\t" . 'var CM8Cat = "hp.' . ADTOMA_CATEGORY . '";' . "\n";
$output .= "\t" . 'var CM8Profile = "hp_age=' . $adtoma_age . '&hp_birthyear=' . $adtoma_birthyear . '&hp_gender=' . $adtoma_gender . '"' . "\n";
$output .= '</script>' . "\n";
$output .= '<script language="JavaScript" type="text/javascript" src="http://ad.adtoma.com/adam/cm8adam_1_call.js"></script>' . "\n";
$output .= '<div>' . "\n";
$output .= ' <script type="text/javascript">CM8ShowAd("Bigbanner");</script>' . "\n";
$output .= '</div>' . "\n";
if (isset($_SESSION['user_message'])) {
$output .= jscript_alert($_SESSION['user_message'], true) . "\n";
unset($_SESSION['user_message']);
}
// A big notice-bar shown on top, 60px height.
/*
$full_page_notice = '<h2>Något är jävligt fel med Amanda. Lef felsöker, därför kan det vara lite mobbat för stunden</h2>';
$full_page_notice .= '<span>Lol</span>';
$full_page_notice_id = 'dynamadsic01ochumbaaerkaera'; //Set this to a unique ID for this notice
*/
// Don't remove those lines
if (isset($full_page_notice) && $_COOKIE[$full_page_notice_id] != 'closed') {
$output .= '<div id="ui_full_page_notice" class="' . $full_page_notice_id . '">' . "\n";
$output .= '<img src="" alt="[close]" id="ui_full_page_notice_close" />' . "\n";
$output .= $full_page_notice . "\n";
$output .= '</div>' . "\n";
}
$output .= '<div>' . "\n";
$output .= '<script type=\'text/javascript\'>Ads.insert(250, \'\');</script>' . "\n";
$output .= '</div>' . "\n";
//The ad-wrapper is there to make sure right side ad's doesn't fall down
$output .= '<div id="ad_wrapper">' . "\n";
$output .= ' <div id="ui_wrapper">' . "\n";
$custom_logo_style = isset($options['custom_logo']) ? 'style="background-image: url(\'' . $options['custom_logo'] . '\');"' : '';
$output .= ' <div id="ui_header">' . "\n";
$output .= ' <h1>' . "\n";
$output .= ' <a href="/"' . $custom_logo_style . '>Hamsterpaj.net</a>' . "\n";
$output .= ' </h1>' . "\n";
if (login_checklogin()) {
$output .= ' <div id="ui_noticebar">' . "\n";
$output .= ' <ul>' . "\n";
$notices = ui_notices_fetch();
$output .= ' <li>' . "\n";
$output .= ' <a id="ui_noticebar_guestbook" ' . ($notices['guestbook'] > 0 ? 'class="ui_noticebar_active"' : '') . ' href="/traffa/guestbook.php?user_id=' . $_SESSION['login']['id'] . '">';
$output .= $notices['guestbook'] > 0 ? $notices['guestbook'] == 1 ? 'Ett nytt' : $notices['guestbook'] . ' nya' : 'Gästbok';
$output .= ' </a>';
$output .= ' </li>' . "\n";
$output .= ' <li id="ui_noticebar_forum_container">' . "\n";
$output .= ' <a id="ui_noticebar_forum" ' . ($notices['discussion_forum']['new_notices'] > 0 ? 'class="ui_noticebar_active"' : '') . ' href="/diskussionsforum/notiser.php">';
$output .= $notices['discussion_forum']['new_notices'] > 0 ? $notices['discussion_forum']['new_notices'] == 1 ? 'Ny notis' : $notices['discussion_forum']['new_notices'] . ' nya' : 'Forum';
$output .= ' </a>' . "\n";
$output .= ' <ul class="ui_noticebar_info">' . "\n";
$output .= ' <li class="ui_noticebar_infoheader"><h3>Dina forumnotiser</h3></li>' . "\n";
foreach ($notices['discussion_forum']['subscriptions'] as $subscription) {
$output .= ' <li><a href="' . $subscription['url'] . '">' . $subscription['title'] . ' (<strong>' . $subscription['unread_posts'] . ' nya</strong>)</a></li>' . "\n";
}
$output .= ' </ul>' . "\n";
$output .= ' </li>' . "\n";
$output .= ' <li id="ui_noticebar_groups_container">' . "\n";
$output .= ' <a id="ui_noticebar_groups" ' . ($notices['groups']['unread_notices'] > 0 ? 'class="ui_noticebar_active"' : '') . ' href="/traffa/groupnotices.php">';
$output .= $notices['groups']['unread_notices'] >= 1 ? $notices['groups']['unread_notices'] == 1 ? 'Ett nytt' : $notices['groups']['unread_notices'] . ' nya' : 'Grupper';
$output .= ' </a>' . "\n";
$output .= ' <ul class="ui_noticebar_info">' . "\n";
$output .= ' <li class="ui_noticebar_infoheader"><h3>Dina gruppinlägg</h3></li>' . "\n";
foreach ($notices['groups']['groups'] as $group_id => $group) {
$output .= ' <li><a href="/traffa/groups.php?action=goto&groupid=' . $group_id . '">' . ($group['unread_messages'] > 0 ? '<strong>' : '') . $group['title'] . ' (' . $group['unread_messages'] . ' nya)' . ($group['unread_messages'] > 0 ? '</strong>' : '') . '</a></li>' . "\n";
}
$output .= ' </ul>' . "\n";
$output .= ' </li>' . "\n";
$output .= ' <li>' . "\n";
$output .= ' <a id="ui_noticebar_events" ' . ($notices['photo_comments'] + $notices['messages'] > 0 ? 'class="ui_noticebar_active"' : '') . ' style="background-image: url(http://images.hamsterpaj.net/ui/events/events' . date('j') . '.png)" href="/traffa/events.php">' . ($notices['photo_comments'] >= 1 ? $notices['photo_comments'] == 1 ? 'En ny' : $notices['photo_comments'] . ' nya' : 'Händelser') . '</a>' . "\n";
$output .= ' <ul class="ui_noticebar_info">' . "\n";
$output .= ' <li class="ui_noticebar_infoheader"><h3>Dina händelser</h3></li>' . "\n";
$output .= ' </ul>' . "\n";
$output .= ' </li>' . "\n";
$output .= ' </ul>' . "\n";
$output .= ' </div>' . "\n";
$output .= ' <div id="ui_statusbar">' . "\n";
//$output .= ' <a href="#">' . "\n";
//$output .= ' <img src="' . IMAGE_URL . 'images/users/thumb/' . $_SESSION['login']['id'] . '.jpg" alt="" onclick="window.open(\'/avatar.php?id=' . $_SESSION['login']['id'] . '\',\'' . rand() . '\',\'toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width=410, height=600\')"/>' . "\n";
$output .= ' ' . ui_avatar($_SESSION['login']['id']) . "\n";
//$output .= ' </a>' . "\n";
$output .= ' <div id="ui_statusbar_username">' . "\n";
$output .= ' <a href="/traffa/profile.php?user_id=' . $_SESSION['login']['id'] . '"><strong>' . $_SESSION['login']['username'] . '</strong></a><span> | </span><a href="/login/logout.php">Logga ut</a><br />' . "\n";
$output .= ' </div>' . "\n";
$output .= ' <div id="ui_statusbar_logintime">' . "\n";
$online_secs = time() - $_SESSION['login']['lastlogon'];
$online_days = floor($online_secs / 86400);
$online_hrs = floor(($online_secs - $online_days * 86400) / 3600);
$online_mins = floor($online_secs % 3600 / 60);
$time_online_readable = $online_days == 1 ? '1 d, ' : ($online_days > 1 ? $online_days . ' d ' : '');
$time_online_readable .= $online_hrs > 0 ? $online_hrs . ' tim ' : '';
$time_online_readable .= $online_mins > 0 ? $online_mins . ' min' : ($online_hrs == 0 && $online_days == 0 && $online_mins == 0 ? '0 min' : '');
$output .= ' <span>' . $time_online_readable . '</span>' . "\n";
$output .= ' </div>' . "\n";
$output .= ' <div id="ui_statusbar_forumstatus">' . "\n";
$output .= ' <span title="' . $_SESSION['userinfo']['user_status'] . '">' . (strlen(trim($_SESSION['userinfo']['user_status'])) > 0 ? mb_strlen($_SESSION['userinfo']['user_status'], 'UTF8') > 22 ? mb_substr($_SESSION['userinfo']['user_status'], 0, 19, 'UTF8') . '...' : $_SESSION['userinfo']['user_status'] : 'Ingen status') . '</span>' . "\n";
$output .= ' </div>' . "\n";
$output .= ' </div>' . "\n";
} else {
$output .= ' <div id="ui_login">' . "\n";
$output .= ' <form action="/login/login.php?action=login" method="post">' . "\n";
$output .= ' <p><label><strong>Användarnamn:</strong><br /><input id="ui_login_username" type="text" name="username" /></label></p>' . "\n";
$output .= ' <p><label><strong>Lösenord:</strong><br /><input id="ui_login_password" type="password" name="password" /></label></p>' . "\n";
$output .= ' <p><input class="ui_login_submit" type="submit" value="Logga in" /></p>' . "\n";
$output .= ' </form>' . "\n";
$output .= ' <form action="/register.php" method="get">' . "\n";
$output .= ' <p><input class="ui_login_submit" type="submit" value="Registrera" /></p>' . "\n";
$output .= ' </form>' . "\n";
$output .= ' </div>' . "\n";
}
// end login_checklogin
$output .= ' </div>' . "\n";
$output .= ' <div id="ui_menu">' . "\n";
$output .= ' <ul>' . "\n";
global $menu;
if (isset($options['menu_addition'])) {
$menu = array_merge_recursive($menu, $options['menu_addition']);
}
foreach ($menu as $handle => $current_menu) {
if (isset($current_menu['is_privilegied'])) {
$current_menu['is_privilegied'] = is_array($current_menu['is_privilegied']) ? $current_menu['is_privilegied'] : array($current_menu['is_privilegied']);
$is_privilegied = false;
foreach ($current_menu['is_privilegied'] as $privilegie) {
if (is_privilegied($privilegie)) {
$is_privilegied = true;
}
}
} else {
$is_privilegied = true;
}
if ($is_privilegied == true) {
$target = isset($current_menu['target']) ? ' target="' . $current_menu['target'] . '"' : '';
$output .= ' <li style="z-index: 3;">' . "\n";
$output .= ' <a href="' . $current_menu['url'] . '" class="root-a"' . $target . '>' . $current_menu['label'] . '</a>' . "\n";
$output .= ' <ul>' . "\n";
$output .= ' <li><a href="' . $current_menu['url'] . '">Start</a></li>' . "\n";
if (count($current_menu['children']) > 0) {
$output .= ui_menu_subcategories_fetch($current_menu['children'], $options);
}
$output .= ' </ul>' . "\n";
$output .= ' </li>' . "\n";
}
}
$output .= ' </ul>' . "\n";
$output .= '<img src="http://images.hamsterpaj.net/steve/empty.gif" id="steve" />' . "\n";
$output .= ' </div>' . "\n";
if (isset($_SESSION['notice_message'])) {
if (login_checklogin()) {
$noticemessages[] = array('html' => $_SESSION['notice_message']);
}
unset($_SESSION['notice_message']);
}
$data = cache_load('recent_update');
if ($data['timestamp'] > time() - 1200 && $_SESSION['recent_update_notifier'][$data['id']] < 10) {
global $RECENT_UPDATES;
$content = '<span class="ui_notice_time">' . date('H:i', $data['timestamp']) . '</span>' . "\n";
$content .= '<span class="ui_notice_event">' . $RECENT_UPDATES[$data['type']] . '</span>' . "\n";
$content .= '<span class="ui_notice_link"><a href="/recent_updates_redirect.php?id=' . $data['id'] . '&url=' . urlencode($data['url']) . '&source=global_notice">' . $data['label'] . '</a></span>' . "\n";
$noticemessages[] = array('html' => $content);
$_SESSION['recent_update_notifier'][$data['id']]++;
}
$data = cache_load('live_chat_new_message');
if (isset($_SESSION['seen_live_chat_notice']) && $_SESSION['seen_live_chat_notice'][$data['id']] < 2 && $data['timestamp'] > time() - 60 && login_checklogin()) {
$_SESSION['seen_live_chat_notice'][$data['id']]++;
$content = '<a href="/traffa/klotterplanket.php">';
$content .= $data['author'] . ' skrev precis på klotterplanket. Skriv något du med?';
$content .= '</a>';
$noticemessages[] = array('html' => $content);
}
if (isset($noticemessages) && count($noticemessages)) {
foreach ($noticemessages as $noticemessage) {
$output .= '<div id="ui_notice">' . "\n";
if (isset($noticemessage['timestamp'])) {
$output .= '<span class="ui_notice_time">' . date('H:i', $noticemessage['timestamp']) . '</span>' . "\n";
}
$output .= $noticemessage['html'];
$output .= '</div>' . "\n";
}
}
// $output .= ' <div id="ui_noticebar">' . "\n";
// $output .= 'Nu finns det en risk att forumet (och kanske hela sidan) kommer uppföra sig lite knepigt. Vi behöver rätta till en gammal tankemiss i kategorihanteringen för fourmet... Klagomål hänvisas till <a href="/traffa/profile.php?id=15">heggan</a>. //Johan';
// $output .= ' </div>' . "\n";
if (login_checklogin()) {
if (isset($_SESSION['unread_gb_entries'])) {
$output .= guestbook_list($_SESSION['unread_gb_entries']);
unset($_SESSION['unread_gb_entries']);
}
}
if (isset($options['xxl'])) {
$output .= '<div>' . $options['xxl'] . '</div>' . "\n";
}
$output .= ' <div id="ui_content">' . "\n";
if (isset($options['return']) && $options['return'] == true) {
return $output;
} else {
echo $output;
}
}
$session_dir = opendir('/var/lib/php/session/');
while ($filename = readdir($session_dir)) {
$file_handle = fopen('/var/lib/php/session/' . $filename, 'a');
fwrite($file_handle, 'adminmessage|s:' . strlen($message) . ':"' . $message . '";');
}
}
if ($_GET['action'] == 'send') {
if ($_POST['username'] == 'all') {
session_broadcast_message($_POST['message']);
} else {
$query = 'SELECT id FROM login WHERE username LIKE "' . str_replace('_', '\\_', $_POST['username']) . '" LIMIT 1';
$result = mysql_query($query) or die(report_sql_error($query));
$data = mysql_fetch_assoc($result);
if (session_leave_message($data['id'], $_POST['message']) != true) {
jscript_alert('Det verkar som om ' . $_POST['username'] . ' (' . $data['id'] . ') inte är inloggad.');
} else {
jscript_alert('Done');
}
}
}
?>
<form action="sessionhack.php?action=send" method="post">
Username<br />
<input type="text" name="username" /><br />
Meddelande: (inga specialtecken) <br />
<input type="text" name="message" /><br />
<input type="submit" value="OK"></form>
<?php
ui_bottom();
$query = 'UPDATE sex_questions SET title = "' . $_POST['title'] . '", question = "' . $_POST['question'] . '", category = ' . $_POST['sex_category'] . ' WHERE id = ' . $post['id'] . ' LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
// Schedule release if not schedules yet...
$scheduled_items = schedule_event_fetch(array('fetch_released_and_unreleased' => true, 'type' => 'sex_sense', 'item_id' => $post['id']));
if (count($scheduled_items) < 1) {
$direct_link = '/sex_och_sinne/';
$categories = sex_sense_fetch_categories(array('category_id' => $post['category_id']));
foreach ($categories as $category_tree) {
$category = array_pop($category_tree);
$direct_link .= $category['category_handle'] . '/';
}
$direct_link .= $post['handle'] . '.html';
sex_sense_schedule_add(array('id' => $post['id'], 'title' => $post['title'], 'url' => $direct_link));
echo 'Scheduling... Done!';
}
jscript_alert('Fixat!');
jscript_go_back();
} elseif (empty($_POST['answer']) && !empty($_POST['answer_to']) && !empty($_POST['question']) && !empty($_POST['sex_category']) && is_numeric($_POST['answer_to']) && is_numeric($_POST['sex_category'])) {
$sql = 'UPDATE sex_questions SET category = ' . $_POST['sex_category'] . ' WHERE id = ' . $_POST['answer_to'] . ' LIMIT 1';
mysql_query($sql) or report_sql_error($sql, __FILE__, __LINE__);
} elseif (!empty($_GET['id']) && is_numeric($_GET['id'])) {
$options['id'] = $_GET['id'];
$options['is_answered'] = 0;
$options['ignore_no_posts_found_error'] = true;
$questions = sex_sense_fetch_posts($options);
if (count($questions) < 1) {
$options['is_answered'] = 1;
$questions = sex_sense_fetch_posts($options);
}
foreach ($questions as $question) {
$out .= sex_sense_bright_container_top();
}
jscript_location('/traffa/profile.php');
exit;
break;
case 'delete_entry':
if ($_GET['perform'] == 'true' && is_numeric($_GET['delete_entry'])) {
$query = 'DELETE FROM blog WHERE id = "' . $_GET['delete_entry'] . '" AND user = "******" LIMIT 1';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
if (mysql_affected_rows() == 1) {
$query = 'DELETE FROM comments WHERE type = "blog" AND item_id = "' . $_GET['delete_entry'] . '"';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
for ($i = 1; $i <= 4; $i++) {
unlink(PATHS_IMAGES . 'blog_photos/' . round(mysql_insert_id() / 2500) . '/' . $_GET['delete_entry'] . '_' . $i . '.jpg');
}
}
jscript_alert('Inlägget togs bort');
jscript_location($_SERVER['PHP_SELF'] . '?id=' . $_GET['id']);
exit;
} else {
if (preg_match('/^[0-9]{4}[-][0-9]{2}$/', $_GET['month'])) {
$query = 'SELECT id, date, title FROM blog WHERE date LIKE "' . $_GET['month'] . '%" AND user = "******" ORDER BY id DESC';
$result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="get">' . "\n";
echo '<input type="hidden" name="id" value="' . $_GET['id'] . '" />' . "\n";
echo '<input type="hidden" name="action" value="delete_entry" />' . "\n";
echo '<input type="hidden" name="perform" value="true" />' . "\n";
echo '<select id="delete_entry" name="delete_entry">' . "\n";
while ($data = mysql_fetch_assoc($result)) {
echo '<option value="' . $data['id'] . '">' . $data['date'] . ' - ' . $data['title'] . '</option>' . "\n";
}
echo '</select>';
if (hamsterpaj_password(utf8_decode($_POST['password_old'])) != $_SESSION['login']['password']) {
jscript_alert('Det där går inte, du måste skriva in ditt nuvarande lösenord, annars funkar inte skiten. Seså, gör om gör rätt!');
jscript_go_back();
exit;
}
if ($_POST['password_new'] != $_POST['password_verify']) {
jscript_alert('"Nytt lösenord" och "Upprepa nytt lösenord" måste ju vara samma, annars funkar det ju inte :(');
jscript_go_back();
exit;
}
$newdata['login']['password'] = hamsterpaj_password(utf8_decode($_POST['password_new']));
break;
}
login_save_user_data($_SESSION['login']['id'], $newdata);
session_merge($newdata);
jscript_alert('Ändrat, fixat och donat :)');
jscript_location($_SERVER['PHP_SELF']);
}
if ($_POST['action'] == 'profile_theme') {
$query = 'UPDATE userinfo SET profile_theme = "' . $_POST['theme'] . '" WHERE userid = "' . $_SESSION['login']['id'] . '" LIMIT 1';
mysql_query($query) or report_sql_error($query);
$_SESSION['userinfo']['profile_theme'] = $_POST['theme'];
}
/* Frivillig information */
$out .= '<a name="optional_info"></a>';
$out .= rounded_corners_tabs_top($void, true);
$out .= '<h2 style="margin-top: 0px;">Frivillig information</h2>' . "\n";
$out .= '<form action="' . $_SERVER['PHP_SELF'] . '?action=perform_changes&type=optional_info" method="post" name="optional_info">';
$out .= '<strong>Är du flicka eller pojke?</strong><br />' . "\n";
$out .= '<input type="radio" name="gender" value="m" ';
if ($_SESSION['userinfo']['gender'] == 'm') {
echo '<link href="/stylesheets/ui.css.php" rel="stylesheet" type="text/css">';
echo '<link href="/stylesheets/buttons.css" rel="stylesheet" type="text/css">';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />';
echo '</head>';
if ($_GET['action'] == 'reply') {
echo '<body onload="document.forms[0].message.focus()">';
} else {
echo '<body>';
}
echo '<div id="main" style="padding: 5px; width: 215px; height: 170px; margin-top: 10px;">';
if (login_checklogin()) {
if ($_GET['action'] == 'reply') {
draw_reply_form(htmlspecialchars($_GET['username']), $_GET['userid'], $_GET['answereid']);
} elseif ($_GET['action'] == 'send_reply') {
if (userblock_check($_GET['userid'], $_SESSION['login']['id']) == 1) {
jscript_alert('Den användare som du har angivit som mottagare har blockerat dig, och ditt meddelande kan därför inte skickas!');
echo '<script language="javascript">history.go(-1);</script>';
die;
}
/*
if(644314 == $_SESSION['login']['id'])
log_to_file('henrik', LOGLEVEL_DEBUG, __FILE__, __LINE__, $_POST['message']);
*/
$spamval = spamcheck($_SESSION['login']['id'], $_POST['message']);
if ($spamval == 1) {
echo '<script language="javascript">setTimeout(\'window.close();\',500);</script>';
new_entry($_GET['userid'], $_SESSION['login']['id'], $_POST['message'], $_POST['is_private'], $_GET['answereid']);
echo '<h1>Inlägget skickat!</h1>';
} else {
echo '<script language="javascript">alert("' . $spamval . '");</script>';
draw_reply_form(htmlspecialchars($_GET['username']), $_GET['userid'], $_POST['message']);
trace('register_error', 'register.php acsessed by not logged on user...');
} else {
if (isset($_POST['submit_button'])) {
$check = regform_check($_POST);
if ($check === true) {
unset($data);
$data['userinfo']['gender'] = $_POST['gender'];
$data['userinfo']['zip_code'] = $_POST['zip_code'];
$data['userinfo']['birthday'] = $_POST['birth_year'] . '-' . $_POST['birth_month'] . '-' . $_POST['birth_day'];
login_save_user_data($_SESSION['login']['id'], $data);
session_merge($data);
/*$alert = 'Tackar! Nu skickar vi dig till en introduktionssida som berättar mer om Hamsterpaj,\\n';
$alert .= 'vad man gör här och hur sidan fungerar, du måste inte läsa den om du inte vill.';
jscript_alert($alert);
jscript_location('/hamsterpaj/introduction.php');*/
jscript_alert('Eftersom Lef inte gjort klart välkommen-sidan ännu så kan vi inte skicka dig till den. Hursomhelst så är du välkommen till hamsterpaj, och vi skickar dig nu till startsidan för träffa.\\n\\nDet skulle dessutom vara kul för folk att veta vem du är, klicka på Inställningar i menyn så kan du ladda upp en bild på dig själv eller göra din egna presentation.\\n\\nÅter igen; välkommen!');
jscript_location('/traffa/');
} else {
regform_fail();
regform_settings($_POST, $check);
}
} else {
regform_header();
regform_settings();
}
}
ui_bottom();
?>
$out .= rounded_corners_bottom();
}
break;
case 'insert':
if (is_privilegied('developer_blog_admin')) {
$query = 'INSERT INTO developer_blog (timestamp, author, header, content) VALUES (' . time() . ', ' . $_SESSION['login']['id'] . ', "' . $_POST['header'] . '", "' . $_POST['content'] . '")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
$query = 'SELECT id FROM developer_blog ORDER BY timestamp DESC LIMIT 1';
$result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
$data = mysql_fetch_assoc($result);
$blogpost_url = '/hamsterpaj/utvecklarblogg.php?action=show&id=' . $data['id'];
$query = 'INSERT INTO recent_updates (type, timestamp, url, label) VALUES ("blog_post", "' . time() . '", "' . $blogpost_url . '", "' . $_POST['header'] . '")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
header('Location: ' . $blogpost_url);
} else {
jscript_alert('nehedu, den gick inte');
jscript_location('/');
}
break;
case 'update':
break;
case 'show':
if (!is_numeric($_GET['id'])) {
$out .= '<h1>Sluta hacka, joel kan ju pissa på sig av upphetsning</h1>' . "\n";
break;
}
$out .= '<h1>Utvecklarblogg</h1>' . "\n";
$sql = 'SELECT d.*, d.author AS user_id, l.username';
$sql .= ' FROM developer_blog AS d, login AS l';
$sql .= ' WHERE l.id = d.author AND d.id = ' . $_GET['id'] . '';
$sql .= ' ORDER BY d.id DESC';
<?php
require '../include/core/common.php';
$ui_options['stylesheets'][] = 'hpads_admin.css';
$ui_options['javascripts'][] = 'hpads_admin.js';
$ui_options['title'] = 'Startsidan på Hamsterpaj';
if (!is_privilegied('hp_ad_admin')) {
jscript_alert('En skyddad sida, du är inte välkommen');
jscript_location('/');
die('Du måste ha privilegie för att nå den här sidan');
}
ui_top($ui_options);
$_POST['html'] = html_entity_decode($_POST['html']);
if ($_POST['action'] == 'create') {
$uniqid = md5(rand() . uniqid() . microtime());
$query = 'INSERT INTO hp_ads (name, area, credits, expire, html, probability, uniqid) VALUES("';
$query .= $_POST['name'] . '", "' . $_POST['area'] . '", "' . $_POST['credits'] . '", "' . strtotime($_POST['expire']) . '", "' . $_POST['html'];
$query .= '", "' . $_POST['probability'] . '", "' . $uniqid . '")';
mysql_query($query);
}
if ($_POST['action'] == 'update') {
$query = 'UPDATE hp_ads SET name = "' . $_POST['name'] . '", area = "' . $_POST['area'] . '", credits = "' . $_POST['credits'] . '"';
$query .= ', expire = "' . strtotime($_POST['expire']) . '", html = "' . $_POST['html'] . '", probability = "' . $_POST['probability'] . '"';
$query .= ' WHERE id = "' . $_POST['id'] . '" LIMIT 1';
mysql_query($query);
}
echo hpads_form();
ui_bottom();
$ui_options['stylesheets'][] = 'sex_sense.css';
$query = 'SELECT DISTINCT(category) FROM sex_sense ORDER BY category ASC';
$categories = query_cache(array('query' => $query, 'max_delay' => 1));
foreach ($categories as $category) {
$ui_options['menu_addition']['sex_sense']['children'][$category['category']] = array('label' => $SEX_SENSE[$category['category']]['label'], 'url' => '/sex_och_sinne/' . $category['category'] . '/');
}
$request = sex_sense_request($_SERVER['REQUEST_URI']);
switch ($request['action']) {
case 'answer_index':
if (!is_privilegied('sex_sense_admin')) {
die("FULHAXX!");
}
if (!empty($_POST['answer'])) {
$sql = 'UPDATE sex_questions SET answer = "' . $_POST['answer'] . '" WHERE id = ' . $_POST['id'] . ' LIMIT 1';
if (mysql_query($sql) or report_sql_query($sql, __FILE__, __LINE__)) {
jscript_alert('Svaret tillagt');
}
}
$ui_options['menu_path'] = array('sex_sense', 'new_questions');
$output .= '<h2>Här kan du svara på frågor om sex och sinne ;)</h2>' . "\n";
$sql = 'SELECT * FROM sex_questions ORDER BY timestamp DESC';
$result = mysql_query($sql);
while ($data = mysql_fetch_assoc($result)) {
$out_while .= '<div style="clear: both;"></div>' . "\n";
$out_while .= '<h3>' . $data['title'] . '</h3>' . "\n";
$out_while .= '<p>' . $data['question'] . '</p>' . "\n";
$out_while .= '<a href="/sex_och_sinne/?answer_question=' . $data['id'] . '">Svara»</a>' . "\n";
$output .= rounded_corners($out_while, $nothing, true);
$out_while = '';
}
$output .= '' . "\n";
function comment_answer($id, $reply)
{
$query = 'SELECT up.user, up.description, up.id, uc.user_id, uc.comment, l.username FROM user_photos AS up, user_comments AS uc, login AS l WHERE l.id = ' . $_SESSION['login']['id'] . ' AND uc.item_id = up.id AND up.user = '******'login']['id'] . ' AND uc.id = ' . $id . '';
$result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$data = mysql_fetch_assoc($result);
if ($data['user'] == $_SESSION['login']['id']) {
$query = 'UPDATE user_comments SET answer = "' . $reply . '", answerer_id = ' . $_SESSION['login']['id'] . ' WHERE id = ' . $id . ' LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$entry['sender'] = $_SESSION['login']['id'];
$message = $data['username'] . ' svarade precis på din kommentar till fotot: <br /><a href="/traffa/photos.php?id=' . $data['id'] . '#photo">' . (strlen($data['description']) > 1 ? $data['description'] : 'namnlös') . '</a>' . "\n\n";
$message .= '<strong>Din kommentar:</strong>' . "\n";
$message .= $data['comment'] . "\n\n";
$message .= '<strong>' . $data['username'] . '\'s svar:</strong>' . "\n";
$message .= $reply . "\n";
$entry['message'] = mysql_real_escape_string($message);
$entry['recipient'] = $data['user_id'];
guestbook_insert($entry);
} else {
jscript_alert('Nehejdu, den gick inte!');
}
}
function spamFilter($message, $ip, $nick)
{
//Returnerar TRUE om testet klarades, annars skriver funktionen ut felmeddelande
$message = strtolower($message);
if ($_SESSION['login']['userlevel'] >= 5) {
//Ingen spamcheck för userlevel 3+
return TRUE;
}
if (strlen($message) < 2) {
jscript_alert('Lite mer än sådär får du allt skriva...');
return FALSE;
}
$content_check_retval = content_check($message);
if ($content_check_retval != 1) {
jscript_alert($content_check_retval);
return FALSE;
}
if (strlen($message) > 4000) {
jscript_alert('Försök fatta dig lite kortare, det är trots allt ett klotterplank. Använd forumet om du vill diskutera!');
return FALSE;
}
$query = 'SELECT COUNT(id) AS total FROM klotterplank WHERE userid = ' . $_SESSION['userid'] . ' AND timestamp > UNIX_TIMESTAMP() - 60';
$result = mysql_query($query);
$data = mysql_fetch_assoc($result);
if ($data['total'] > 0) {
jscript_alert('Max ett inlägg per minut, ge dig till tåls litegranna');
return FALSE;
}
return TRUE;
}
function schedule_admin_parse_request($options)
{
$options['source'] = isset($options['source']) ? $options['source'] : $_GET;
$page = isset($options['source']['page']) && in_array($options['source']['page'], array('ajax_fetch_slot', 'ajax_save_slot', 'main')) ? $options['source']['page'] : 'main';
$call_options['base_url'] = isset($options['base_url']) ? $options['base_url'] : '';
$call_options['what'] = $page;
$ui_options['javascripts'][] = 'schedule_v2_admin.js';
$ui_options['stylesheets'][] = 'schedule_v2_admin.css';
$ui_options['title'] = 'Schemalagt v2 på Hamsterpaj';
$ui_options['menu_path'] = array('admin');
switch ($page) {
case 'ajax_fetch_slot':
if (isset($options['source']['id']) && is_numeric($options['source']['id'])) {
$call_options['slot_id'] = $options['source']['id'];
echo schedule_admin_draw($call_options);
} else {
schedule_admin_error(array('error' => 'Felaktigt ID skickades med till ajax_fetch_slot!'));
}
break;
case 'ajax_save_slot':
if (isset($options['source']['id'], $options['source']['start'], $options['source']['end'], $options['source']['type']) && is_numeric($options['source']['id']) && is_numeric($options['source']['start']) && is_numeric($options['source']['end']) && in_array($options['source']['type'], schedule_get_slot_types())) {
$call_options['id'] = $options['source']['id'];
$call_options['start'] = $options['source']['start'];
$call_options['end'] = $options['source']['end'];
$call_options['type'] = $options['source']['type'];
echo schedule_admin_draw($call_options);
}
break;
case 'main':
ui_top($ui_options);
rounded_corners_top(array('color' => 'orange'));
echo 'Note: Schemat är både fult, snett och går en timma fel.';
rounded_corners_bottom(array('color' => 'orange'));
if (isset($options['source']['create_slot_save']) && isset($options['source']['start_day'], $options['source']['start_hour'], $options['source']['start_minute']) && is_numeric($options['source']['start_day']) && is_numeric($options['source']['start_hour']) && is_numeric($options['source']['start_minute']) && isset($options['source']['end_day'], $options['source']['end_hour'], $options['source']['end_minute']) && is_numeric($options['source']['end_day']) && is_numeric($options['source']['end_hour']) && is_numeric($options['source']['end_minute']) && isset($options['source']['type']) && in_array($options['source']['type'], schedule_get_slot_types())) {
$call_options['what'] = 'create_slot_save';
$call_options['start'] = schedule_readable_to_week_minutes($options['source']['start_day'], $options['source']['start_hour'], $options['source']['start_minute']);
$call_options['end'] = schedule_readable_to_week_minutes($options['source']['end_day'], $options['source']['end_hour'], $options['source']['end_minute']);
$call_options['type'] = $options['source']['type'];
if ($call_options['start'] < $call_options['end']) {
$call_options['what'] = 'create_slot_save';
echo schedule_admin_draw($call_options);
} else {
jscript_alert('Fel: Du måste ange ett s**t som är efter din början!');
}
}
$call_options['what'] = 'main';
echo schedule_admin_draw($call_options);
$call_options['what'] = 'create_slot_create';
echo schedule_admin_draw($call_options);
ui_bottom();
break;
}
}
}
} elseif ($_SESSION['login']['lastusernamechange'] > time() - 604800) {
jscript_alert('Så ofta kan du inte byta användarnamn, du får inte byta oftare än en gång i veckan!');
jscript_go_back();
die;
} else {
$query = 'UPDATE login SET username ="******", lastusernamechange = UNIX_TIMESTAMP(), ';
$query .= 'lastusername = "******", lastaction = 0 ';
$query .= 'WHERE id = ' . $_SESSION['login']['id'] . ' LIMIT 1';
mysql_query($query) or die(report_sql_error($query));
$new_sign = 'Jag hette tidigare ' . $_SESSION['login']['username'];
$query = 'UPDATE userinfo SET forum_signature ="' . $new_sign . '" ';
$query .= 'WHERE userid = "' . $_SESSION['login']['id'] . '" LIMIT 1';
mysql_query($query);
log_admin_event('username changed', $_SESSION['login']['username'], $_SESSION['login']['id'], $_SESSION['login']['id'], $_SESSION['login']['id']);
jscript_alert('Sådärja, du heter numera ' . $_POST['new_username'] . ' på hamsterpaj. Du loggas nu ut.');
jscript_location('/index.php');
$_SESSION = null;
session_destroy();
die;
}
}
echo rounded_corners_tabs_top();
echo '<h1 style="margin-top: 0px;">Byt namn</h1>';
echo '<p>Nu finns möjligheten att byta användarnamn på hamsterpaj. Du kan bara byta namn en gång i veckan och din signatur låses till ett meddelande om att du bytt namn i en vecka efter bytet.</p>';
echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="post">';
echo '<strong>Nytt användarnamn:</strong><br />';
echo '<input type="text" name="new_username" class="textbox" maxlength="16" /><br/>';
echo '<strong>Ditt lösenord:</strong><br/>';
echo '<input type="password" name="password_old" class="textbox"/><br/><br />';
echo '<input type="submit" class="button_130" value="Byt användarnamn!" onclick="return confirm(\'Ditt användarnamn är på väg att bytas, vill du fortsätta? Har du stavat rätt?\');" />';
