Пример #1
0
    print "";
    if ($log) {
        $username = $loguser['name'];
        $passhint = 'Alternate Login:'******'altlogin').style.cssText=''; this.style.cssText='display:none'\">Use an alternate login</a>\n\t\t\t\t<span id=\"altlogin\" style=\"display:none\">";
    } else {
        $username = '';
        $passhint = 'Login Info:';
        $altloginjs = "<span>";
    }
    $quotemsg = "";
    if (filter_int($postid)) {
        $post = $sql->fetchq("SELECT user,text,thread FROM posts,posts_text WHERE id={$postid} AND id=pid");
        $post['text'] = str_replace('<br>', $br, $post['text']);
        $u = $post['user'];
        $users[$u] = loaduser($u, 1);
        if ($post['thread'] == $id) {
            $quotemsg = "[quote={$users[$u]['name']}]{$post['text']}[/quote]\r\n";
        }
    }
    print "\n\t\t\t<body>\n\t\t\t{$tccellh} width=150>&nbsp</td>{$tccellh} colspan=2>&nbsp<tr>\n\t\t\t{$tccell1}><b>{$passhint}</td> {$tccell2l} colspan=2>\n\t\t\t{$altloginjs}\n\t\t\t<b>Username:</b> {$inpt}=username VALUE=\"" . htmlspecialchars($username) . "\" SIZE=25 MAXLENGTH=25 autocomplete=\"off\">\n\n\t\t\t<!-- Hack around autocomplete, fake inputs (don't use these in the file) -->\n\t\t\t<input style=\"display:none;\" type=\"text\"     name=\"__f__usernm__\">\n\t\t\t<input style=\"display:none;\" type=\"password\" name=\"__f__passwd__\">\n\n\t\t\t<b>Password:</b> {$inpp}=password SIZE=13 MAXLENGTH=64 autocomplete=\"off\">\n\t\t\t</span><tr>\n\t\t\t{$tccell1}><b>Reply:</td>\n\t\t\t{$tccell2l} width=800px valign=top>\n\t\t\t{$txta}=message ROWS=21 COLS={$numcols} style=\"width: 100%; max-width: 800px; resize:vertical;\">" . htmlspecialchars($quotemsg, ENT_QUOTES) . "</TEXTAREA></td>\n\t\t{$tccell2l} width=*>" . moodlist(filter_int($moodid)) . "</td><tr>\n\t\t<tr>\n\t\t\t{$tccell1}>&nbsp</td>{$tccell2l} colspan=2>\n\t\t\t{$inph}=action VALUE=postreply>\n\t\t\t{$inph}=id VALUE={$id}>\n\t\t\t{$inph}=valid value=\"" . md5($_SERVER['REMOTE_ADDR'] . $id . "sillysaltstring") . "\">\n\t\t\t{$inps}=submit VALUE=\"Submit reply\">\n\t\t\t{$inps}=preview VALUE=\"Preview reply\"></td>\n\t\t<tr>{$tccell1}><b>Options:</b></td>{$tccell2l} colspan=2>\n\t\t\t{$inpc}=\"nosmilies\" id=\"nosmilies\" value=\"1\"><label for=\"nosmilies\">Disable Smilies</label> -\n\t\t\t{$inpc}=\"nolayout\" id=\"nolayout\" value=\"1\"><label for=\"nolayout\">Disable Layout</label> -\n\t\t\t{$inpc}=\"nohtml\" id=\"nohtml\" value=\"1\"><label for=\"nohtml\">Disable HTML</label></td></tr>\n\t\t\t{$modoptions}\n\t\t\t{$tblend}\n\t\t\t<br>\n\t\t\t{$tblstart}{$postlist}{$tblend}\n\t\t</table>\n\t\t\t</form>\n\t\t{$fonttag}<a href=index.php>{$boardname}</a> - <a href=forum.php?id={$forumid}>{$forum['title']}</a> - {$thread['title']}";
} elseif (!$_POST['action']) {
    print $header;
    print "{$tccell1}>You are not allowed to post in this thread.\n\t\t<br>" . redirect("index.php", 'return to the index page', 0) . "</table>";
}
if ($_POST['action'] == 'postreply' && !($banned && $log) && $id > 0) {
    if ($log && !$password) {
        $userid = $loguserid;
    } else {
        $userid = checkuser($username, $password);
    }
Пример #2
0
    }
}
print "{$header}{$fonttag}<a href=index.php>{$boardname}</a> - <a href=private.php>Private messages</a>{$tblstart}";
if (!$action) {
    print '<body onload=window.document.REPLIER.message.focus()><FORM ACTION=sendprivate.php NAME=REPLIER METHOD=POST>';
    if ($log && $id) {
        $user = loaduser($msg['userfrom'], 1);
        $quotemsg = "[quote={$user['name']}]{$msg['text']}[/quote]\r\n";
        $subject = "Re: {$msg['title']}";
        $tcellbg = "{$tccell1l} valign=top";
        $postlist = "\n\t\t\t\t{$tccellh} width=150>User</td>\n\t\t\t\t{$tccellh}>Message<tr>\n\t\t\t\t{$tcellbg}><a href=profile.php?id={$user['id']}>{$user['name']}</a>{$smallfont}<br>\n\t\t\t\tPosts: {$postnum}{$user['posts']}</td>\n\t\t\t\t{$tcellbg}>" . doreplace2($msg[text]) . "<tr>\n\t\t\t";
    } else {
        $postlist = '';
    }
    if ($userid) {
        $user = loaduser($userid, 1);
    }
    $user['name'] = htmlspecialchars($user['name']);
    $subject = htmlspecialchars($subject);
    print "\n\t\t\t{$tccellh} width=150>&nbsp</td>\n\t\t\t{$tccellh}>&nbsp<tr>\n\t\t\t{$tccell1}><b>Send to:</td>\t {$tccell2l}>{$inpt}=username value=\"{$user['name']}\" size=25 maxlength=25><tr>\n\t\t\t{$tccell1}><b>Subject:</td>\t {$tccell2l}>{$inpt}=subject value=\"{$subject}\" size=60 maxlength=100><tr>\n\t\t\t{$tccell1}><b>Message:</td>\t {$tccell2l}>{$txta}='message' rows=20 cols={$numcols}>{$quotemsg}</textarea><tr>\n\t\t\t{$tccell1}>&nbsp</td>\t\t {$tccell2l}>\n\t\t\t{$inph}=action VALUE=sendmsg>\n\t\t\t{$inps}=submit VALUE='Send message'>\n\t\t\t{$inps}=preview VALUE='Preview message'></td>\n\n\t\t\t{$tblend}\n\t\t\t</FORM>\n\t\t\t<br>{$tblstart}{$postlist}{$tblend}\n\t\t\t{$fonttag}<a href=index.php>{$boardname}</a> - <a href=private.php>Private messages</a>\n\t\t";
}
if ($action == 'sendmsg') {
    $username = stripslashes($_POST['username']);
    $userid = checkusername($username);
    if ($userid == -1) {
        print "{$tccell1}>Couldn't send the message. You didn't enter an existing username to send the message to.\n\t\t\t\t<br>" . redirect('private.php', 'your private message box', 2);
    } elseif (!$subject) {
        print "{$tccell1}>Couldn't send the message. You didn't enter a subject.\n\t\t\t\t<br>" . redirect('private.php', 'your private message box', 2);
    } else {
        $subject = str_replace('<', '&lt;', $subject);
        $sign = $loguser['signature'];