function fma_filter($type, $filename, $Extension) { $autorise = false; $error = ""; if ($type == "f") { $filename = removeHack($filename); } $filename = preg_replace('#[/\\\\:\\*\\?"<>|]#i', '', rawurldecode($filename)); $filename = str_replace("..", "", $filename); // Liste des extensions autorisées $suffix = strtoLower(substr(strrchr($filename, '.'), 1)); if ($suffix != "" or $type == "d") { if (in_array($suffix, $Extension) or $Extension[0] == "*" or $type == "d") { // Fichiers interdits en fonction de qui est connecté if (fma_autorise($type, $filename)) { $autorise = true; } else { $error = fma_translate("Fichier interdit"); } } else { $error = fma_translate("Type de fichier interdit"); } } else { $error = fma_translate("Fichier interdit"); } $tab[] = $autorise; $tab[] = $error; $tab[] = $filename; return $tab; }
function AddImgs($imgscat, $newcard1, $newdesc1, $newcard2, $newdesc2, $newcard3, $newdesc3, $newcard4, $newdesc4, $newcard5, $newdesc5, $user_connecte) { global $language, $MaxSizeImg, $MaxSizeThumb, $ModPath, $ModStart, $NPDS_Prefix, $ThisFile, $adminmail, $nuke_url, $notif_admin; include_once "modules/upload/lang/upload.lang-{$language}.php"; include_once "modules/upload/clsUpload.php"; $newdesc1 = $newdesc1 . gal_trans(" proposé par ") . $user_connecte; $newdesc2 = $newdesc2 . gal_trans(" proposé par ") . $user_connecte; $newdesc3 = $newdesc3 . gal_trans(" proposé par ") . $user_connecte; $newdesc4 = $newdesc4 . gal_trans(" proposé par ") . $user_connecte; $newdesc5 = $newdesc5 . gal_trans(" proposé par ") . $user_connecte; $year = date("Y"); $month = date("m"); $day = date("d"); $hour = date("H"); $min = date("i"); $sec = date("s"); echo '<h4 class="breadcrumb"><a href="' . $ThisFile . '">' . gal_trans("Accueil") . '</a></h4>'; echo '<p>' . gal_trans("Proposer des images") . '</p>'; echo "<ul>"; $soumission = false; $i = 1; while ($i <= 5) { $img = "newcard{$i}"; $tit = "newdesc{$i}"; if (!empty(${$img})) { $newimg = stripslashes(removeHack(${$img})); if (!empty(${$tit})) { $newtit = addslashes(removeHack(${$tit})); } else { $newtit = ""; } $upload = new Upload(); $upload->maxupload_size = 200000 * 100; $origin_filename = trim($upload->getFileName("newcard" . $i)); $filename_ext = strtolower(substr(strrchr($origin_filename, "."), 1)); if ($filename_ext == "jpg" or $filename_ext == "gif") { $newfilename = $year . $month . $day . $hour . $min . $sec . "-" . $i . "." . $filename_ext; if ($upload->saveAs($newfilename, "modules/{$ModPath}/imgs/", "newcard" . $i, true)) { if (function_exists('gd_info') or extension_loaded('gd')) { @CreateThumb($newfilename, "modules/{$ModPath}/imgs/", "modules/{$ModPath}/imgs/", $MaxSizeImg, $filename_ext); @CreateThumb($newfilename, "modules/{$ModPath}/imgs/", "modules/{$ModPath}/mini/", $MaxSizeThumb, $filename_ext); } if (sql_query("INSERT INTO " . $NPDS_Prefix . "tdgal_img VALUES ('','{$imgscat}','{$newfilename}','{$newtit}','','0','1')")) { echo "<li>" . gal_trans("Photo envoyée avec succès, elle sera traitée par le webmaster") . " : {$origin_filename}</li>"; $soumission = true; } else { echo "<li><span class=\"text-danger\">" . gal_trans("Impossible d'ajouter l'image en BDD") . " : {$origin_filename}</span></li>"; @unlink("modules/{$ModPath}/imgs/{$newfilename}"); @unlink("modules/{$ModPath}/mini/{$newfilename}"); } } else { echo "<li><span class=\"text-danger\">" . $upload->errors . "</span></li>"; } } else { if ($filename_ext != "") { echo "<li><span class=\"text-danger\">" . gal_trans("Ce fichier n'est pas un fichier jpg ou gif") . " : {$origin_filename}</span></li>"; } } } $i++; } echo "</ul>"; if ($notif_admin and $soumission) { $subject = gal_trans("Nouvelle soumission de Photos"); $message = gal_trans("Des photos viennent d'être proposées dans la galerie photo du site ") . $nuke_url . gal_trans(" par ") . $user_connecte; send_email($adminmail, $subject, $message, "", true, "html"); } }
function links_search($query, $topicL, $min, $max, $offset) { global $ModPath, $ModStart, $links_DB; include "header.php"; mainheader(); $filen = "modules/{$ModPath}/links.ban_02.php"; if (file_exists($filen)) { include $filen; } $query = removeHack(stripslashes(htmlspecialchars($query, ENT_QUOTES, cur_charset))); // Romano et NoSP if ($topicL != '') { $result = sql_query("SELECT lid, url, title, description, date, hits, topicid_card, cid, sid from " . $links_DB . "links_links WHERE topicid_card='{$topicL}' AND (title LIKE '%{$query}%' OR description LIKE '%{$query}%') ORDER BY lid ASC LIMIT {$min},{$offset}"); } else { $result = sql_query("SELECT lid, url, title, description, date, hits, topicid_card, cid, sid from " . $links_DB . "links_links WHERE title LIKE '%{$query}%' OR description LIKE '%{$query}%' ORDER BY lid ASC LIMIT {$min},{$offset}"); } if ($result) { $link_fiche_detail = ''; include_once "modules/{$ModPath}/links-view.php"; $prev = $min - $offset; if ($prev >= 0) { echo "{$min} <a href=\"modules.php?ModPath={$ModPath}&ModStart={$ModStart}&op=search&min={$prev}&query={$query}&topicL={$topicL}\" class=\"noir\">"; echo translate("previous matches") . "</a> "; } if ($x >= $offset - 1) { echo "<a href=\"modules.php?ModPath={$ModPath}&ModStart={$ModStart}&op=search&min={$max}&query={$query}&topicL={$topicL}\" class=\"noir\">"; echo translate("next matches") . "</a>"; } } include "footer.php"; }
function insertChat($username, $message, $dbname, $id) { global $NPDS_Prefix; if ($message != '') { $username = removeHack(stripslashes(FixQuotes(strip_tags(trim($username))))); $message = removeHack(stripslashes(FixQuotes(strip_tags(trim($message))))); $ip = getip(); settype($id, 'integer'); settype($dbname, 'integer'); $result = sql_query("INSERT INTO " . $NPDS_Prefix . "chatbox VALUES ('" . $username . "', '" . $ip . "', '" . $message . "', '" . time() . "', '{$id}', " . $dbname . ")"); } }
} if (user_is_moderator($userdata[0], $userdata[2], $forum_access) < 2) { forumerror('0036'); } } $userdata = get_userdata($userdata[1]); if ($allow_html == 0 || isset($html)) { $message = htmlspecialchars($message, ENT_COMPAT | ENT_HTML401, cur_charset); } if ($allow_bbcode == 1 and $forum_type != "6" and $forum_type != "5") { $message = smile($message); } if ($forum_type != 6 and $forum_type != 5) { $message = make_clickable($message); $message = aff_code($message); $message = str_replace("\n", "<br />", removeHack($message)); $message .= '<div class="text-muted text-xs-right small"><i class="fa fa-edit"></i> ' . translate("This message was edited by") . " : " . $userdata['uname'] . " / " . post_convertdate(time() + $gmt * 3600) . "</div>"; } else { $message .= "\n\n" . translate("This message was edited by") . " : " . $userdata['uname'] . " / " . post_convertdate(time() + $gmt * 3600); } $message = addslashes($message); if ($subject == "") { $subject = translate("Untitled"); } // Forum ARBRE if ($arbre) { $hrefX = "viewtopicH.php"; } else { $hrefX = "viewtopic.php"; } if (!isset($delete)) {
function SaveSetReseaux($ModPath, $ModStart) { global $cookie; $li_rs = ''; foreach ($_POST['rs'] as $v1) { if ($v1['uid'] !== '') { $li_rs .= $v1['id'] . '|' . $v1['uid'] . ';'; } } $li_rs = rtrim($li_rs, ';'); $li_rs = removeHack(stripslashes(FixQuotes($li_rs))); sql_query("UPDATE " . $NPDS_Prefix . "users_extend SET M2='{$li_rs}' WHERE uid='{$cookie['0']}'"); Header("Location: modules.php?&ModPath={$ModPath}&ModStart={$ModStart}"); }
@unlink("modules/{$ModPath}/locks/{$page}-vgp-{$groupe}.txt"); $mess = wspad_trans("révision") . " " . ($row['ranq'] + 1) . " " . wspad_trans("sauvegardée"); break; case "supp": $auteur = removeHack(stripslashes(FixQuotes($auteur))); $result = sql_query("DELETE FROM " . $NPDS_Prefix . "wspad WHERE page='{$page}' AND member='{$groupe}' AND ranq='{$ranq}'"); sql_query("UPDATE " . $NPDS_Prefix . "wspad SET verrou='' WHERE verrou='{$auteur}'"); break; case "suppdoc": settype($member, 'integer'); $result = sql_query("DELETE FROM " . $NPDS_Prefix . "wspad WHERE page='{$page}' AND member='{$member}'"); @unlink("modules/{$ModPath}/locks/{$page}-vgp-{$groupe}.txt"); break; case "renomer": // Filtre les caractères interdits dans les noms de pages $newpage = preg_replace('#[^a-zA-Z0-9\\s\\_\\.\\-]#i', '_', removeHack(stripslashes(urldecode($newpage)))); settype($member, 'integer'); $result = sql_query("UPDATE " . $NPDS_Prefix . "wspad SET page='{$newpage}', verrou='' WHERE page='{$page}' AND member='{$member}'"); @unlink("modules/{$ModPath}/locks/{$page}-vgp-{$groupe}.txt"); break; case "conv_new": $row = sql_fetch_assoc(sql_query("SELECT content FROM " . $NPDS_Prefix . "wspad WHERE page='{$page}' AND member='{$groupe}' AND ranq='{$ranq}'")); $date_debval = date("Y-d-m H:i:s", time()); $deb_year = substr($date_debval, 0, 4); $date_finval = $deb_year + 99 . "-01-01 00:00:00"; $result = sql_query("INSERT INTO " . $NPDS_Prefix . "queue VALUES (NULL, {$cookie['0']}, '{$auteur}', '{$page}', '" . FixQuotes($row['content']) . "', '', now(), '','{$date_debval}','{$date_finval}','0')"); break; } // For IE ---------------------- header("X-UA-Compatible: IE=8"); // For IE ----------------------
function SendSite($yname, $ymail, $fname, $fmail, $asb_question, $asb_reponse) { global $user; if (!$user) { //anti_spambot if (!R_spambot($asb_question, $asb_reponse, "")) { Ecr_Log('security', "Friend Anti-Spam : name=" . $yname . " / mail=" . $ymail, ''); redirect_url("index.php"); die; } } global $sitename, $nuke_url; $subject = translate("Interesting Site:") . " {$sitename}"; $fname = removeHack($fname); $message = translate("Hello") . " {$fname} :\n\n" . translate("Your Friend") . " {$yname} " . translate("considered our site") . " {$sitename} " . translate("interesting and wanted to send it to you.") . "\n\n{$sitename} : <a href=\"{$nuke_url}\">{$nuke_url}</a>\n\n"; include "signat.php"; $fmail = removeHack($fmail); $subject = removeHack($subject); $message = removeHack($message); $yname = removeHack($yname); $ymail = removeHack($ymail); $stop = false; if (!$fmail || $fmail == '' || !preg_match('#^[_\\.0-9a-z-]+@[0-9a-z-\\.]+\\.+[a-z]{2,4}$#i', $fmail)) { $stop = true; } if (!$ymail || $ymail == '' || !preg_match('#^[_\\.0-9a-z-]+@[0-9a-z-\\.]+\\.+[a-z]{2,4}$#i', $ymail)) { $stop = true; } if (!$stop) { send_email($fmail, $subject, $message, $ymail, false, 'html'); } else { $fname = ''; } Header("Location: friend.php?op=SiteSent&fname={$fname}"); }
list($catid) = sql_fetch_row($result); // vérifie que le Topic existe : sinon met le Topic générique $topic = decryptK(removeHack($Xtopic), $tmp['KEY']); $result = sql_query("select topicid from " . $NPDS_Prefix . "topics where topictext='" . addslashes($topic) . "'"); list($topicid) = sql_fetch_row($result); // OK on fait la mise à jour if ($pasfinA and $pasfinB) { $subject = decryptK(removeHack($Xsubject), $tmp['KEY']); $hometext = decryptK(removeHack($Xhometext), $tmp['KEY']); $bodytext = decryptK(removeHack($Xbodytext), $tmp['KEY']); $notes = decryptK(removeHack($Xnotes), $tmp['KEY']); $ihome = decryptK(removeHack($Xihome), $tmp['KEY']); $date_finval = decryptK(removeHack($Xdate_finval), $tmp['KEY']); $epur = decryptK(removeHack($Xepur), $tmp['KEY']); // autonews ou pas ? $date_debval = decryptK(removeHack($Xdate_debval), $tmp['KEY']); if ($date_debval == "") { $result = sql_query("insert into " . $NPDS_Prefix . "stories values (NULL, '{$catid}', '{$aid}', '{$subject}', now(), '{$hometext}', '{$bodytext}', '0', '0', '{$topicid}', '{$author}', '{$notes}', '{$ihome}', '0', '{$date_finval}','{$epur}')"); Ecr_Log("security", "Cluster Paradise : insert_stories ({$subject} - {$date_finval}) by AID : {$aid}", ""); // Réseaux sociaux if (file_exists('modules/npds_twi/npds_to_twi.php')) { include 'modules/npds_twi/npds_to_twi.php'; } if (file_exists('modules/npds_fbk/npds_to_fbk.php')) { include 'modules/npds_twi/npds_to_fbk.php'; } // Réseaux sociaux } else { $result = sql_query("insert into " . $NPDS_Prefix . "autonews values (NULL, '{$catid}', '{$aid}', '{$subject}', now(), '{$hometext}', '{$bodytext}', '{$topicid}', '{$author}', '{$notes}', '{$ihome}','{$date_debval}','{$date_finval}','{$epur}')"); Ecr_Log("security", "Cluster Paradise : insert_autonews ({$subject} - {$date_debval} - {$date_finval}) by AID : {$aid}", ""); }
function submitStory($subject, $story, $bodytext, $topic, $date_debval, $date_finval, $epur, $asb_question, $asb_reponse) { global $user, $EditedMessage, $anonymous, $notify, $NPDS_Prefix; if ($user) { global $cookie; $uid = $cookie[0]; $name = $cookie[1]; } else { $uid = -1; $name = $anonymous; //anti_spambot if (!R_spambot($asb_question, $asb_reponse, "")) { Ecr_Log("security", "Submit Anti-Spam : name=" . $yname . " / mail=" . $ymail, ""); redirect_url("index.php"); die; } } $subject = removeHack(stripslashes(FixQuotes(str_replace("\"", """, strip_tags($subject))))); $story = removeHack(stripslashes(FixQuotes($story))); $bodytext = removeHack(stripslashes(FixQuotes($bodytext))); $result = sql_query("INSERT INTO " . $NPDS_Prefix . "queue VALUES (NULL, '{$uid}', '{$name}', '{$subject}', '{$story}', '{$bodytext}', now(), '{$topic}','{$date_debval}','{$date_finval}','{$epur}')"); if (sql_last_id()) { if ($notify) { global $notify_email, $notify_subject, $notify_message, $notify_from; send_email($notify_email, $notify_subject, $notify_message, $notify_from, false, "text"); } include 'header.php'; echo '<h2>' . translate("Submit News") . '</h2>'; echo '<p class="lead text-info">' . translate("Thanks for your submission.") . '</p>'; include 'footer.php'; } else { include 'header.php'; echo sql_error(); include 'footer.php'; } }
if ($message == '') { forumerror('0019'); } if ($allow_html == 0 || isset($html)) { $message = htmlspecialchars($message, ENT_COMPAT | ENT_HTML401, cur_charset); } if ($sig) { $message .= '<br /><br />' . $userdata['user_sig']; } $message = aff_code($message); $message = str_replace('\\n', '<br />', $message); if ($allow_bbcode) { $message = smile($message); } $message = make_clickable($message); $message = removeHack(addslashes($message)); $time = date(translate("dateinternal"), time() + $gmt * 3600); include_once "language/lang-multi.php"; if (strstr($to_user, ',')) { $tempo = explode(',', $to_user); while (list(, $to_user) = each($tempo)) { $res = sql_query("SELECT uid, user_langue FROM " . $NPDS_Prefix . "users WHERE uname='{$to_user}'"); list($to_userid, $user_langue) = sql_fetch_row($res); if ($to_userid != "" and $to_userid != 1) { $sql = "INSERT INTO " . $NPDS_Prefix . "priv_msgs (msg_image, subject, from_userid, to_userid, msg_time, msg_text) "; $sql .= "VALUES ('{$image}', '{$subject}', '" . $userdata['uid'] . "', '{$to_userid}', '{$time}', '{$message}')"; if (!($result = sql_query($sql))) { forumerror('0020'); } if ($copie) { $sql = "INSERT INTO " . $NPDS_Prefix . "priv_msgs (msg_image, subject, from_userid, to_userid, msg_time, msg_text, type_msg, read_msg) ";
<a href="#" class="list-group-item disabled"> <h3>' . translate("Categories") . '<span class="label label-default label-pill pull-xs-right">' . sql_num_rows($result) . '</span></h3></a>'; while (list($id_cat, $categories) = sql_fetch_row($result)) { $catname = urlencode(aff_langue($categories)); echo '<a class="list-group-item" href="faq.php?id_cat=' . $id_cat . '&myfaq=yes&categories=' . $catname . '"><h4 class="list-group-item-heading">' . aff_langue($categories) . '</h4></a>'; } echo '</div>'; } if ($SuperCache) { $cache_obj->endCachingPage(); } include "footer.php"; } else { $title = "FAQ : " . removeHack(StripSlashes($categories)); include "header.php"; // Include cache manager if ($SuperCache) { $cache_obj = new cacheManager(); $cache_obj->startCachingPage(); } else { $cache_obj = new SuperCacheEmpty(); } if ($cache_obj->genereting_output == 1 or $cache_obj->genereting_output == -1 or !$SuperCache) { ShowFaq($id_cat, removeHack($categories)); ShowFaqAll($id_cat); } if ($SuperCache) { $cache_obj->endCachingPage(); } include "footer.php"; }
} if ($Titlesitename == "") { $Titlesitename = $sitename; } // globalisation de la variable title pour marquetapage mais protection pour la zone admin if ($pages_ref != "admin.php") { global $title; } if (!$title) { if ($fin_title == "+" or $fin_title == "-") { $title = $TitlesitenameX; } else { $title = aff_langue(substr($PAGES[$pages_ref]['title'], 0, strlen($PAGES[$pages_ref]['title']))); } } else { $title = removeHack($title); } // meta description settype($m_description, 'string'); if (array_key_exists('meta-description', $PAGES[$pages_ref]) and $m_description == '') { $m_description = aff_langue($PAGES[$pages_ref]['meta-description']); } // meta keywords settype($m_keywords, 'string'); if (array_key_exists('meta-keywords', $PAGES[$pages_ref]) and $m_keywords == '') { $m_keywords = aff_langue($PAGES[$pages_ref]['meta-keywords']); } } // Initialisation de TinyMce global $tiny_mce, $tiny_mce_theme, $tiny_mce_relurl; if ($tiny_mce) {
function PrintPage($oper, $DB, $nl, $sid) { global $user, $cookie, $theme, $Default_Theme, $language, $site_logo, $sitename, $datetime, $nuke_url, $site_font, $Titlesitename; global $NPDS_Prefix; $aff = true; if ($oper == 'news') { $xtab = news_aff('libre', "where sid='{$sid}'", 1, 1); list($sid, $catid, $aid, $title, $time, $hometext, $bodytext, $comments, $counter, $topic, $informant, $notes) = $xtab[0]; if ($topic != '') { $result2 = sql_query("SELECT topictext FROM " . $NPDS_Prefix . "topics WHERE topicid='{$topic}'"); list($topictext) = sql_fetch_row($result2); } else { $aff = false; } } if ($oper == 'archive') { $xtab = news_aff('archive', "WHERE sid='{$sid}'", 1, 1); list($sid, $catid, $aid, $title, $time, $hometext, $bodytext, $comments, $counter, $topic, $informant, $notes) = $xtab[0]; if ($topic != '') { $result2 = sql_query("SELECT topictext FROM " . $NPDS_Prefix . "topics WHERE topicid='{$topic}'"); list($topictext) = sql_fetch_row($result2); } else { $aff = false; } } if ($oper == 'links') { $DB = removeHack(stripslashes(htmlentities(urldecode($DB), ENT_NOQUOTES, cur_charset))); $result = sql_query("SELECT url, title, description, date FROM " . $DB . "links_links WHERE lid='{$sid}'"); list($url, $title, $description, $time) = sql_fetch_row($result); $title = stripslashes($title); $description = stripslashes($description); } if ($oper == 'static') { if (preg_match('#^[a-z0-9_\\.-]#i', $sid) and !stristr($sid, ".*://") and !stristr($sid, "..") and !stristr($sid, "../") and !stristr($sid, 'script') and !stristr($sid, "cookie") and !stristr($sid, 'iframe') and !stristr($sid, 'applet') and !stristr($sid, 'object') and !stristr($sid, 'meta')) { if (file_exists("static/{$sid}")) { ob_start(); include "static/{$sid}"; $remp = ob_get_contents(); ob_end_clean(); if ($DB) { $remp = meta_lang(aff_code(aff_langue($remp))); } if ($nl) { $remp = nl2br(str_replace(' ', ' ', htmlentities($remp, ENT_QUOTES, cur_charset))); } $title = $sid; } else { $aff = false; } } else { $remp = '<div class="alert alert-danger">' . translate("Please enter information according to the specifications") . '</div>'; $aff = false; } } if ($aff == true) { $Titlesitename = 'NPDS - ' . translate("Printer Friendly Page") . ' / ' . $title; if (isset($time)) { formatTimestamp($time); } include "meta/meta.php"; if (isset($user)) { if ($cookie[9] == '') { $cookie[9] = $Default_Theme; } if (isset($theme)) { $cookie[9] = $theme; } $tmp_theme = $cookie[9]; if (!($file = @opendir("themes/{$cookie['9']}"))) { $tmp_theme = $Default_Theme; } } else { $tmp_theme = $Default_Theme; } echo ' <link rel="stylesheet" href="lib/bootstrap/dist/css/bootstrap.min.css" />'; echo import_css($tmp_theme, $language, $site_font, '', ''); echo ' </head> <body> <div max-width="640" class="container p-1 n-hyphenate"> <div>'; $pos = strpos($site_logo, '/'); if ($pos) { echo '<img class="img-fluid d-block mx-auto" src="' . $site_logo . '" alt="website logo" />'; } else { echo '<img class="img-fluid d-block mx-auto" src="images/' . $site_logo . '" alt="website logo" />'; } echo ' <h1 class="d-block text-xs-center my-2">' . aff_langue($title) . '</h1>'; if ($oper == 'news' or $oper == 'archive') { $hometext = meta_lang(aff_code(aff_langue($hometext))); $bodytext = meta_lang(aff_code(aff_langue($bodytext))); echo ' <span class="float-xs-right text-capitalize" style="font-size: .8rem;"> ' . $datetime . '</span><br /> <hr /> <h2 class="mb-1">' . translate("Topic:") . ' ' . aff_langue($topictext) . '</h2> </div> <div>' . $hometext . '<br /><br />'; if ($bodytext != '') { echo $bodytext . '<br /><br />'; } echo meta_lang(aff_code(aff_langue($notes))); echo ' </div>'; if ($oper == 'news') { echo ' <hr /> <p class="text-xs-center">' . translate("This article comes from") . ' ' . $sitename . '<br /> ' . translate("The URL for this story is:") . ' <a href="' . $nuke_url . '/article.php?sid=' . $sid . '">' . $nuke_url . '/article.php?sid=' . $sid . '</a> </p>'; } else { echo ' <hr /> <p class="text-xs-center">' . translate("This article comes from") . ' ' . $sitename . '<br /> ' . translate("The URL for this story is:") . ' <a href="' . $nuke_url . '/article.php?sid=' . $sid . '&archive=1">' . $nuke_url . '/article.php?sid=' . $sid . '&archive=1</a> </p>'; } } if ($oper == 'links') { echo '<span class="float-xs-right text-capitalize" style="font-size: .8rem;">' . $datetime . '</span><br /><hr />'; if ($url != '') { echo '<h2 class="mb-1">' . translate("Links") . ' : ' . $url . '</h2>'; } echo ' <div>' . aff_langue($description) . '</div> <hr /> <p class="text-xs-center">' . translate("This article comes from") . ' ' . $sitename . '<br /> <a href="' . $nuke_url . '">' . $nuke_url . '</a></p>'; } if ($oper == 'static') { echo ' <div> ' . $remp . ' </div> <hr /> <p class="text-xs-center">' . translate("This article comes from") . ' ' . $sitename . '<br /> <a href="' . $nuke_url . '/static.php?op=' . $sid . '&npds=1">' . $nuke_url . '/static.php?op=' . $sid . '&npds=1</a></p>'; } echo ' </div> </body> </html>'; } else { header("location: index.php"); } }
$content .= "</tbody>\n</table>\n"; $content .= "\n<script type=\"text/javascript\">\n //<![CDATA[\n tog('lst_fav','show_fav','hide_fav');\n //]]>\n </script>\n"; } global $block_title; $uri = urlencode($REQUEST_URI); if ($post) { $title .= "/" . $post; } if ($title == "") { $title_MTP = basename(urldecode($uri)); } else { $title_MTP = $title; } $boxTitle = "<span><a href=\"modules.php?ModPath=marquetapage&ModStart=marquetapage&op=add&uri={$uri}&topic=" . urlencode($title_MTP) . "\"><img src=\"{$add}\" name=\"image\" onmouseover=\"image.src='{$addj}';\" onmouseout=\"image.src='{$add}';\" border=\"0\" style=\"vertical-align:middle\" alt=\"" . translate("Add") . " " . translate("favourite") . "\" title=\"" . translate("Add") . " " . translate("favourite") . "\" /></a></span>"; if ($block_title == "") { $boxTitle .= " MarqueTaPage " . $tmp_toggle; } else { $boxTitle .= " " . $block_title . " " . $tmp_toggle; } themesidebox($boxTitle, $content); } } if ($op == "add") { marquetapage_add(removeHack($uri), removeHack($topic), "ad_tapage"); } if ($op == "supp") { marquetapage_add(removeHack($uri), "", "sp_tapage"); } if ($op == "supp_all") { marquetapage_add(removeHack($uri), "", "sp_tespages"); }
} if (!isset($max)) { $max = $min + $offset; } if (!isset($member)) { $member = ''; } if (!isset($query)) { $query_title = ''; $query_body = ''; $query = $query_body; $limit = " LIMIT 0, {$limit_full_search}"; } else { $query_title = removeHack(stripslashes(urldecode($query))); // electrobug $query_body = removeHack(stripslashes(htmlentities(urldecode($query), ENT_NOQUOTES, cur_charset))); // electrobug $query = $query_body; $limit = ''; } include "header.php"; if ($topic > 0) { $result = sql_query("SELECT topicimage, topictext FROM " . $NPDS_Prefix . "topics WHERE topicid='{$topic}'"); list($topicimage, $topictext) = sql_fetch_row($result); } else { $topictext = translate("All Topics"); $topicimage = "all-topics.gif"; } settype($type, 'string'); if ($type == "users") { echo '<h2>' . translate("Search in Users Database") . '</h2>';
function savejournal($uid, $journal, $datetime) { global $NPDS_Prefix; global $user; $cookie = cookiedecode($user); $result = sql_query("SELECT uid FROM " . $NPDS_Prefix . "users WHERE uname='{$cookie['1']}'"); list($vuid) = sql_fetch_row($result); if ($uid == $vuid) { $journal = removeHack(stripslashes(FixQuotes($journal))); if ($datetime) { $journalentry = $journal; $journalentry .= "<br /><br />"; global $gmt; $journalentry .= date(translate("dateinternal"), time() + $gmt * 3600); sql_query("UPDATE " . $NPDS_Prefix . "users SET user_journal='{$journalentry}' WHERE uid='{$uid}'"); } else { sql_query("UPDATE " . $NPDS_Prefix . "users SET user_journal='{$journal}' WHERE uid='{$uid}'"); } $userinfo = getusrinfo($user); Header("Location: user.php"); } else { Header("Location: index.php"); } }
} $size = sizeof($terms); for ($i = 1; $i < $size; $i++) { $addquery .= " {$andor} (p.post_text LIKE '%{$terms[$i]}%' OR strcmp(soundex(p.post_text), soundex('{$terms[$i]}'))=0)"; } $addquery .= ")"; } if (isset($forum) && $forum != "all") { if (isset($addquery)) { $addquery .= " AND p.forum_id='{$forum}' AND f.forum_id='{$forum}'"; } else { $addquery .= " p.forum_id='{$forum}' AND f.forum_id='{$forum}'"; } } if (isset($username) && $username != "") { $username = removeHack(stripslashes(htmlspecialchars(urldecode($username), ENT_QUOTES, cur_charset))); // electrobug if (!($result = sql_query("SELECT uid FROM " . $NPDS_Prefix . "users WHERE uname='{$username}'"))) { forumerror(01); } list($userid) = sql_fetch_row($result); if (isset($addquery)) { $addquery .= " AND p.poster_id='{$userid}' AND u.uname='{$username}'"; } else { $addquery = " p.poster_id='{$userid}' AND u.uname='{$username}'"; } } if (!$user) { if (!isset($addquery)) { $addquery = ""; }
} if (isset($sig) && $userdata['uid'] != 1) { $message .= " [addsig]"; } if ($forum_type != "6" and $forum_type != "5") { $message = aff_code($message); $message = str_replace("\n", "<br />", $message); } if ($allow_bbcode == 1 and $forum_type != "6" and $forum_type != "5") { $message = smile($message); } if ($forum_type != "6" and $forum_type != "5") { $message = make_clickable($message); $message = removeHack($message); } $image_subject = removeHack($image_subject); $message = addslashes($message); $time = date("Y-m-d H:i:s", time() + $gmt * 3600); $sql = "INSERT INTO " . $NPDS_Prefix . "posts (post_idH, topic_id, image, forum_id, poster_id, post_text, post_time, poster_ip, poster_dns) VALUES ('0', '{$topic}', '{$image_subject}', '{$forum}', '" . $userdata['uid'] . "', '{$message}', '{$time}', '{$poster_ip}', '{$hostname}')"; if (!($result = sql_query($sql))) { forumerror('0020'); } else { $IdPost = sql_last_id(); } $sql = "UPDATE " . $NPDS_Prefix . "forumtopics SET topic_time = '{$time}', current_poster = '" . $userdata['uid'] . "' WHERE topic_id = '{$topic}'"; if (!($result = sql_query($sql))) { forumerror('0020'); } $sql = "UPDATE " . $NPDS_Prefix . "forum_read SET status='0' where topicid = '{$topic}' and uid <> '" . $userdata['uid'] . "'"; if (!($r = sql_query($sql))) { forumerror('0001');
function PrintPage($oper, $DB, $nl, $sid) { global $user, $cookie, $theme, $Default_Theme, $language, $site_logo, $sitename, $datetime, $nuke_url, $site_font, $Titlesitename; global $NPDS_Prefix; $aff = true; if ($oper == 'news') { $xtab = news_aff("libre", "where sid='{$sid}'", 1, 1); list($sid, $catid, $aid, $title, $time, $hometext, $bodytext, $comments, $counter, $topic, $informant, $notes) = $xtab[0]; if ($topic != '') { $result2 = sql_query("SELECT topictext FROM " . $NPDS_Prefix . "topics WHERE topicid='{$topic}'"); list($topictext) = sql_fetch_row($result2); } else { $aff = false; } } if ($oper == 'archive') { $xtab = news_aff("archive", "WHERE sid='{$sid}'", 1, 1); list($sid, $catid, $aid, $title, $time, $hometext, $bodytext, $comments, $counter, $topic, $informant, $notes) = $xtab[0]; if ($topic != "") { $result2 = sql_query("SELECT topictext FROM " . $NPDS_Prefix . "topics WHERE topicid='{$topic}'"); list($topictext) = sql_fetch_row($result2); } else { $aff = false; } } if ($oper == "links") { $DB = removeHack(stripslashes(htmlentities(urldecode($DB), ENT_NOQUOTES, cur_charset))); $result = sql_query("SELECT url, title, description, date FROM " . $DB . "links_links WHERE lid='{$sid}'"); list($url, $title, $description, $time) = sql_fetch_row($result); $title = stripslashes($title); $description = stripslashes($description); } if ($oper == "static") { if (preg_match('#^[a-z0-9_\\.-]#i', $sid) and !stristr($sid, ".*://") and !stristr($sid, "..") and !stristr($sid, "../") and !stristr($sid, "script") and !stristr($sid, "cookie") and !stristr($sid, "iframe") and !stristr($sid, "applet") and !stristr($sid, "object") and !stristr($sid, "meta")) { if (file_exists("static/{$sid}")) { ob_start(); include "static/{$sid}"; $remp = ob_get_contents(); ob_end_clean(); if ($DB) { $remp = meta_lang(aff_code(aff_langue($remp))); } if ($nl) { $remp = nl2br(str_replace(" ", " ", htmlentities($remp, ENT_QUOTES, cur_charset))); } $title = $sid; } else { $aff = false; } } else { $remp = "<p align=\"center\" class=\"rouge\">" . translate("Please enter information according to the specifications") . "</p><br />"; $aff = false; } } if ($aff == true) { $Titlesitename = "NPDS - " . translate("Printer Friendly Page") . " / " . $title; if (isset($time)) { formatTimestamp($time); } include "meta/meta.php"; if (isset($user)) { if ($cookie[9] == "") { $cookie[9] = $Default_Theme; } if (isset($theme)) { $cookie[9] = $theme; } $tmp_theme = $cookie[9]; if (!($file = @opendir("themes/{$cookie['9']}"))) { $tmp_theme = $Default_Theme; } } else { $tmp_theme = $Default_Theme; } echo import_css($tmp_theme, $language, $site_font, "", ""); echo "\n </head>\n <body style=\"background-color: #FFFFFF; background-image: none;\">\n <table border=\"0\"><tr><td>\n <table border=\"0\" width=\"640\" cellpadding=\"0\" cellspacing=\"1\" style=\"background-color: #000000;\"><tr><td>\n <table border=\"0\" width=\"640\" cellpadding=\"20\" cellspacing=\"1\" style=\"background-color: #FFFFFF;\"><tr><td>"; echo "<p align=\"center\">"; $pos = strpos($site_logo, "/"); if ($pos) { echo "<img src=\"{$site_logo}\" border=\"0\" alt=\"\" />"; } else { echo "<img src=\"images/{$site_logo}\" border=\"0\" alt=\"\" />"; } echo "<br /><br /><b>" . aff_langue($title) . "</b><br /><br />"; if ($oper == "news" or $oper == "archive") { $hometext = meta_lang(aff_code(aff_langue($hometext))); $bodytext = meta_lang(aff_code(aff_langue($bodytext))); echo "<span style=\"font-size: 10px;\"><b>" . translate("Date:") . "</b> {$datetime} :: <b>" . translate("Topic:") . "</b> " . aff_langue($topictext) . "<br /><br />\n </span></p>{$hometext}<br /><br />"; if ($bodytext != '') { echo "{$bodytext}<br /><br />"; } echo meta_lang(aff_code(aff_langue($notes))); if ($oper == "news") { echo "</td></tr><tr><td><br /><br /><br /><hr noshade=\"noshade\" class=\"ongl\" /><br />\n <p align=\"center\">" . translate("This article comes from") . " {$sitename}<br /><br />\n " . translate("The URL for this story is:") . "\n <a href=\"{$nuke_url}/article.php?sid={$sid}\">{$nuke_url}/article.php?sid={$sid}</a></p>"; } else { echo "</td></tr><tr><td><br /><br /><br /><hr noshade=\"noshade\" class=\"ongl\" /><br />\n <p align=\"center\">" . translate("This article comes from") . " {$sitename}<br /><br />\n " . translate("The URL for this story is:") . "\n <a href=\"{$nuke_url}/article.php?sid={$sid}&archive=1\">{$nuke_url}/article.php?sid={$sid}&archive=1</a></p>"; } } if ($oper == "links") { echo "<span style=\"font-size: 10px;\"><b>" . translate("Date:") . "</b> {$datetime}"; if ($url != "") { echo " :: <b>" . translate("Links") . " : </b> {$url}<br /><br />"; } echo "</span></p>" . aff_langue($description); echo "</td></tr><tr><td><br /><br /><br /><hr noshade=\"noshade\" class=\"ongl\" /><br />\n <p align=\"center\">" . translate("This article comes from") . " {$sitename}<br /><br />\n <a href=\"{$nuke_url}\">{$nuke_url}</a></p>"; } if ($oper == "static") { echo "</p><span style=\"font-size: 10px;\">" . $remp . "</span>"; echo "</td></tr><tr><td><br /><br /><br /><hr noshade=\"noshade\" class=\"ongl\" /><br />\n <p align=\"center\">" . translate("This article comes from") . " {$sitename}<br /><br />\n <a href=\"{$nuke_url}/static.php?op={$sid}&npds=1\">{$nuke_url}/static.php?op={$sid}&npds=1</a></p>"; } echo "</td></tr></table></td></tr></table></td></tr></table></body></html>"; } else { header("location: index.php"); } }
//]]> </script>'; } global $block_title; $uri = urlencode($REQUEST_URI); if ($post) { $title .= "/" . $post; } if ($title == '') { $title_MTP = basename(urldecode($uri)); } else { $title_MTP = $title; } $boxTitle = '<span><a href="modules.php?ModPath=marquetapage&ModStart=marquetapage&op=add&uri=' . $uri . '&topic=' . urlencode($title_MTP) . '"><i class="fa fa-bookmark-o " title="' . translate("Add") . ' ' . translate("favourite") . '" data-toggle="tooltip"></i></a></span>'; if ($block_title == '') { $boxTitle .= ' MarqueTaPage'; } else { $boxTitle .= ' ' . $block_title; } themesidebox($boxTitle, $content); } } if ($op == 'add') { marquetapage_add(removeHack($uri), removeHack($topic), 'ad_tapage'); } if ($op == 'supp') { marquetapage_add(removeHack($uri), '', 'sp_tapage'); } if ($op == 'supp_all') { marquetapage_add(removeHack($uri), '', 'sp_tespages'); }
$message .= " [addsig]"; } if ($myrow['forum_type'] != 6 and $myrow['forum_type'] != 5) { $message = aff_code($message); $message = str_replace("\n", "<br />", $message); } if ($allow_bbcode and $myrow['forum_type'] != 6 and $myrow['forum_type'] != 5) { $message = smile($message); } if ($myrow['forum_type'] != 6 and $myrow['forum_type'] != 5) { $message = make_clickable($message); $message = removeHack($message); } $message = addslashes($message); if (!isset($Mmod)) { $subject = removeHack(strip_tags($subject)); } $Msubject = $subject; $time = date("Y-m-d H:i", time() + $gmt * 3600); $sql = "INSERT INTO " . $NPDS_Prefix . "forumtopics (topic_title, topic_poster, current_poster, forum_id, topic_time, topic_notify) VALUES ('{$subject}', '" . $userdata['uid'] . "', '" . $userdata['uid'] . "', '{$forum}', '{$time}'"; if (isset($notify2) && $userdata['uid'] != 1) { $sql .= ", '1'"; } else { $sql .= ", '0'"; } $sql .= ')'; if (!($result = sql_query($sql))) { forumerror('0020'); } $topic_id = sql_last_id(); $sql = "INSERT INTO " . $NPDS_Prefix . "posts (topic_id, image, forum_id, poster_id, post_text, post_time, poster_ip, poster_dns) VALUES ('{$topic_id}', '{$image_subject}', '{$forum}', '" . $userdata['uid'] . "', '{$message}', '{$time}', '{$poster_ip}', '{$hostname}')";
if ($formulaire != '') { include "modules/comments/comments_extender.php"; } if ($allow_html == 0 || isset($html)) { $message = htmlspecialchars($message, ENT_COMPAT | ENT_HTML401, cur_charset); } if (isset($sig) && $userdata['uid'] != 1) { $message .= ' [addsig]'; } $message = aff_code($message); $message = str_replace("\n", "<br />", $message); if ($allow_bbcode) { $message = smile($message); } $message = make_clickable($message); $message = removeHack($message); $image_subject = ''; $message = addslashes($message); $time = date("Y-m-d H:i:s", time() + $gmt * 3600); $sql = "INSERT INTO " . $NPDS_Prefix . "posts (post_idH, topic_id, image, forum_id, poster_id, post_text, post_time, poster_ip, poster_dns) VALUES ('0', '{$topic}', '{$image_subject}', '{$forum}', '" . $userdata['uid'] . "', '{$message}', '{$time}', '{$poster_ip}', '{$hostname}')"; if (!($result = sql_query($sql))) { forumerror('0020'); } else { $IdPost = sql_last_id(); } $sql = "UPDATE " . $NPDS_Prefix . "users_status SET posts=posts+1 WHERE (uid = '" . $userdata['uid'] . "')"; $result = sql_query($sql); if (!$result) { forumerror('0029'); } // ordre de mise à jour d'un champ externe ?
function DoEditImg($id, $imggal, $newdesc) { global $ThisRedo, $NPDS_Prefix; $newtit = addslashes(removeHack($newdesc)); if ($imggal == "") { $imggal = "-1"; } if (sql_query("UPDATE " . $NPDS_Prefix . "tdgal_img SET gal_id='{$imggal}', comment='{$newtit}' WHERE id='{$id}'")) { redirect_url($ThisRedo . "&subop=viewarbo"); } else { echo "<script type=\"text/javascript\">\n//<![CDATA[\nalert('Erreur lors de la modification de l'image');\n//]]>\n</script>"; redirect_url($ThisRedo . "&subop=editimg&imgid={$id}"); } }
while (list($username, $message, $dbname, $date_message) = sql_fetch_row($result)) { $thing .= "<div class='chatmessage'><div class='chatheure'>" . date(translate("Chatdate"), $date_message + $gmt * 3600) . "</div>"; if ($dbname == 1) { if (!$user and $member_list == 1 and !$admin) { $thing .= "<div class='chatnom'>{$username}</div>"; } else { $thing .= "<div class='chatnom'><a href='user.php?op=userinfo&uname={$username}' target='_blank'>{$username}</a></div>"; } } else { $thing .= "<div class='chatnom'>{$username}</div>"; } $message = smilie($message); $chat_forbidden_words = array("'\"'i" => '"', "'OxOA'i" => '', "'OxOD'i" => '', "'\n'i" => '', "'\r'i" => '', "'\t'i" => ''); $message = preg_replace(array_keys($chat_forbidden_words), array_values($chat_forbidden_words), $message); $message = str_replace('"', '\\"', make_clickable($message)); $thing .= "<div class='chattexte'>" . removeHack($message) . "</div></div>"; $repere = $date_message; } $thing = "\"" . $thing . "\""; } if ($aff_entetes == "1") { $meta_op = true; include "meta/meta.php"; $Xthing .= $l_meta; $Xthing .= str_replace("\n", "", import_css_javascript($tmp_theme, $language, $site_font, basename($_SERVER['PHP_SELF']), "")); $Xthing .= "</head><body id='chat'>"; $Xthing = "\"" . str_replace("'", "\\'", $Xthing) . "\""; } $result = sql_query("SELECT DISTINCT ip FROM " . $NPDS_Prefix . "chatbox WHERE id='{$id}' and date >= " . (time() - 60 * 2) . ""); $numofchatters = sql_num_rows($result); $rafraich_connectes = 0;
$imgtmp = "images/forum/avatar/blank.gif"; } } } return $imgtmp; } include "header.php"; $pagesize = $show_user; if (!isset($letter) or $letter == '') { $letter = translate("All"); } $letter = removeHack(stripslashes(htmlspecialchars($letter, ENT_QUOTES, cur_charset))); if (!isset($sortby)) { $sortby = 'uid DESC'; } $sortby = removeHack($sortby); if (!isset($page)) { $page = 1; } if (isset($list)) { $tempo = unique(explode(',', $list)); $list = urlencode(implode(',', $tempo)); } $result = sql_query("SELECT uname, user_avatar FROM " . $NPDS_Prefix . "users ORDER BY uid DESC limit 0,1"); list($lastuser, $lastava) = sql_fetch_row($result); echo ' <h2><img src="images/admin/users.png" alt="' . translate("Members List") . '" />' . translate("Members List"); if (isset($uid_from_ws) and $uid_from_ws != '') { echo '<span class="text-muted"> ' . translate("for group") . ' #' . $gr_from_ws . '</span>'; } echo '</h2>
} $row2 = sql_fetch_assoc($result); $userdata['uid'] = $row2['poster_id']; // IF we made it this far we are allowed to edit this message settype($forum, "integer"); $myrow2 = sql_fetch_assoc(sql_query("SELECT forum_type FROM " . $NPDS_Prefix . "forums WHERE (forum_id = '{$forum}')")); $forum_type = $myrow2['forum_type']; if ($allow_html == 0 || isset($html)) { $messageP = htmlspecialchars($messageP, ENT_COMPAT | ENT_HTML401, cur_charset); } if ($allow_bbcode and $forum_type != 6 and $forum_type != 5) { $messageP = smile($messageP); } if ($forum_type != 6 and $forum_type != 5) { $messageP = aff_code($messageP); $messageP = str_replace("\n", '<br />', removeHack($messageP)); $messageP .= "<br /><p>" . translate("This message was edited by") . ' : ' . $userdata['uname'] . "</p>"; if ($allow_bbcode) { $messageP = aff_video_yt($messageP); } } else { $messageP .= "\n\n" . translate("This message was edited by") . ' : ' . $userdata['uname']; } $messageP = addslashes($messageP); break; } $theposterdata = get_userdata_from_id($userdatat[0]); echo ' <h4>' . translate("Preview") . '</h4> <div class="row"> <div class="col-xs-12">
function main() { global $dcategory, $sortby, $sortorder, $sitename; $dcategory = removeHack(stripslashes(htmlspecialchars(urldecode($dcategory), ENT_QUOTES, cur_charset))); // electrobug $dcategory = str_replace("'", "\\'", $dcategory); $sortby = removeHack(stripslashes(htmlspecialchars(urldecode($sortby), ENT_QUOTES, cur_charset))); // electrobug include "header.php"; echo '<h2>' . translate("Download Section") . '</h2>'; tlist(); if ($dcategory != translate("No category")) { listdownloads($dcategory, $sortby, $sortorder); } if (file_exists("static/download.ban.txt")) { include "static/download.ban.txt"; } include "footer.php"; }
function send_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $asb_question, $asb_reponse) { global $admin, $user, $NPDS_Prefix; include 'header.php'; $date = reversedate($date); $title = stripslashes(FixQuotes(strip_tags($title))); $text = stripslashes(Fixquotes(urldecode(removeHack($text)))); if (!$user and !$admin) { //anti_spambot if (!R_spambot($asb_question, $asb_reponse, $text)) { Ecr_Log('security', 'Review Anti-Spam : title=' . $title, ''); redirect_url("index.php"); die; } } echo ' <h2>' . translate("Write a Review") . '</h2> <br /><p class="lead text-danger">' . translate("Thanks for submitting this review") . ''; if ($id != 0) { echo " " . translate("modification") . ""; } else { echo ", {$reviewer}"; } echo '<br /><br />'; if ($admin && $id == 0) { sql_query("INSERT INTO " . $NPDS_Prefix . "reviews VALUES (NULL, '{$date}', '{$title}', '{$text}', '{$reviewer}', '{$email}', '{$score}', '{$cover}', '{$url}', '{$url_title}', '1')"); echo translate("It is now available in the reviews database."); } else { if ($admin && $id != 0) { sql_query("UPDATE " . $NPDS_Prefix . "reviews SET date='{$date}', title='{$title}', text='{$text}', reviewer='{$reviewer}', email='{$email}', score='{$score}', cover='{$cover}', url='{$url}', url_title='{$url_title}', hits='{$hits}' WHERE id='{$id}'"); echo translate("It is now available in the reviews database."); } else { sql_query("INSERT INTO " . $NPDS_Prefix . "reviews_add VALUES (NULL, '{$date}', '{$title}', '{$text}', '{$reviewer}', '{$email}', '{$score}', '{$url}', '{$url_title}')"); echo translate("The editors will look at your submission. It should be available soon!"); } } echo '</p><a class="btn btn-default" role="button" href="reviews.php" title="' . translate("Back to Reviews Index") . '"><i class="fa fa-lg fa-undo"></i> </a>'; include "footer.php"; }
$bnid = md5($nomBlocNote . substr(urldecode($uriBlocNote), 0, strpos(urldecode($uriBlocNote), "&"))); } else { $bnid = md5($nomBlocNote . urldecode($uriBlocNote)); } } else { $bnid = ''; } if ($bnid) { if ($supBlocNote == 'RAZ') { sql_query("DELETE FROM " . $NPDS_Prefix . "blocnotes WHERE bnid='{$bnid}'"); } else { sql_query("LOCK TABLES " . $NPDS_Prefix . "blocnotes WRITE"); $result = sql_query("SELECT texte FROM " . $NPDS_Prefix . "blocnotes WHERE bnid='{$bnid}'"); if (sql_num_rows($result) > 0) { if ($texteBlocNote != "") { sql_query("UPDATE " . $NPDS_Prefix . "blocnotes SET texte='" . removeHack($texteBlocNote) . "' WHERE bnid='{$bnid}'"); } else { sql_query("DELETE FROM " . $NPDS_Prefix . "blocnotes WHERE bnid='{$bnid}'"); } } else { if ($texteBlocNote != "") { sql_query("INSERT INTO " . $NPDS_Prefix . "blocnotes (bnid, texte) VALUES ('{$bnid}', '" . removeHack($texteBlocNote) . "')"); } } sql_query("UNLOCK TABLES"); } } header("location: " . urldecode($uriBlocNote)); } else { header("location: index.php"); }