function theme_nameList($names) { foreach ($names as &$name) { $name = '<b' . (isMod($name) ? ' class="nnf_mod"' : '') . '>' . safeHTML($name) . '</b>'; } return implode(', ', $names); }
function send_mail($from_id, $to_id, $subject, $message) { $orkTime = $GLOBALS['orkTime']; $objSrcUser = new clsUser($from_id); $objTrgUser = new clsUser($to_id); $arrSrcStats = $objSrcUser->get_stats(); $arrTrgStats = $objTrgUser->get_stats(); // we should check for the blocking system around here if (is_blocked_mail($from_id, $to_id)) { echo "<br /><br />You cannot mail {$arrTrgStats['tribe']} because you have been blocked from doing so."; include_game_down(); exit; } $subject = safeHTML($subject); $message = safeHTML($message); $message = "{$message}<br /><br /><i>~{$arrSrcStats['tribe']}(#{$arrSrcStats['kingdom']})"; if (!$subject) { $subject = "No Subject"; } mysql_query("INSERT INTO messages (for_user, from_user, date, subject, text, new, action) VALUES ('{$to_id}', '{$from_id}', '{$orkTime}', '{$subject}', '{$message}', 'new', 'received')"); mysql_query("INSERT INTO messages (for_user, from_user, date, subject, text, new, action) VALUES ('{$to_id}', '{$from_id}', '{$orkTime}', '{$subject}', '{$message}', 'new', 'sent')"); echo "<h3>Message sent to {$arrTrgStats['tribe']}(#{$arrTrgStats['kingdom']})</h3><br />"; mysql_query("UPDATE preferences SET last_m ='{$orkTime}' WHERE id = {$to_id}"); }
function include_message_text() { //======================================================================== // Note that if someone presses the report button, $tribe has not been // set, I'll fix that for now, but the line below does not only rely // on that, but also on register_globals being on, UGLY! - AI 22/10/06 //======================================================================== global $Host, $tribe, $type, $userid, $action, $submit, $alliance, $message, $inputBody, $subject, $orkTime, $connection, $report, $ip, $resortforum; // mysql_grab($userid, 'local', 'stats'); $objSrcUser =& $GLOBALS['objSrcUser']; $reporttype = @$_GET['reporttype']; $arrStats = $objSrcUser->get_stats(); if ($alliance < 11 && $reporttype != 'personal' && !$submit) { $strMenu = '<div class="center">' . "| <a href=\"main.php?cat=game&page=mail&set=compose\">Compose Mail</a> " . "| <a href=\"main.php?cat=game&page=mail&set=view\">View Inbox</a> " . "| <a href=\"main.php?cat=game&page=mail&set=outbox\">View Outbox</a> " . "| <a href=\"main.php?cat=game&page=message&tribe=1&alliance=1\" >Send a Report</a> " . "| <a href=\"main.php?cat=game&page=mail&set=block\">Block Mail</a> "; if ($arrStats['type'] == 'elder') { "| <a href=\"main.php?cat=game&page=mail&set=eldermail\" >Alliance Mail</a> "; } $strMenu .= "|</div><br />"; echo $strMenu; echo "<div id=\"textBig\"><h2>Send a report</h2>"; // new stuff starting here switch ($reporttype) { case 'cheatident': echo "<p>:: <a href=\"main.php?cat=game&page=message&reporttype=cheating&alliance={$alliance}\">Back to report cheating page</a> ::</p>"; echo "<h3>Report Identity Cheating</h3>"; echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=cheatident\"><p>List the tribe name(s) and alliance(s) you wish to report<br /><textarea name=\"tribes\" rows=\"5\" cols=\"20\"></textarea><br />Describe the offence to be investigated plus all applicable information<br /><textarea name=\"offence\" rows=\"10\" cols=\"60\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send Report\" /></p></form>"; break; case 'cheatcont': echo "<p>:: <a href=\"main.php?cat=game&page=message&reporttype=cheating&alliance={$alliance}\">Back to report cheating page</a> ::</p>"; echo "<h3>Report Content</h3>"; echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=cheatcont\"><p>List the tribe name(s) and alliance(s) you wish to report<br /><textarea name=\"tribes\" rows=\"5\" cols=\"20\"></textarea><br />Paste the complete offensive messages/other things below<br /><textarea name=\"offence\" rows=\"10\" cols=\"60\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send Report\" /></p></form>"; break; case 'cheatphys': echo "<p>:: <a href=\"main.php?cat=game&page=message&reporttype=cheating&alliance={$alliance}\">Back to report cheating page</a> ::</p>"; echo "<h3>Report Physical Cheating</h3>"; echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=cheatphys\"><p>List the tribe name(s) and alliance(s) you wish to report<br /><textarea name=\"tribes\" rows=\"5\" cols=\"20\"></textarea><br />Describe the offence to be investigated plus all applicable information<br /><textarea name=\"offence\" rows=\"10\" cols=\"60\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send Report\" /></p></form>"; break; case 'cheatcoop': echo "<p>:: <a href=\"main.php?cat=game&page=message&reporttype=cheating&alliance={$alliance}\">Back to report cheating page</a> ::</p>"; echo "<h3>Report Cooperation</h3>"; echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=cheatcoop\"><p>List the tribe name(s) and alliance(s) you wish to report<br /><textarea name=\"tribes\" rows=\"5\" cols=\"20\"></textarea><br />Describe the offence to be investigated plus all applicable information<br /><textarea name=\"offence\" rows=\"10\" cols=\"60\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send Report\" /></p></form>"; break; case 'cheataccount': echo "<p>:: <a href=\"main.php?cat=game&page=message&reporttype=cheating&alliance={$alliance}\">Back to report cheating page</a> ::</p>"; echo "<h3>Report Account Cheating</h3>"; echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=cheataccount\"><p>List the tribe name(s) and alliance(s) you wish to report<br /><textarea name=\"tribes\" rows=\"5\" cols=\"20\"></textarea><br />Describe the offence to be investigated plus all applicable information<br /><textarea name=\"offence\" rows=\"10\" cols=\"60\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send Report\" /></p></form>"; break; case 'cheatabuse': echo "<p>:: <a href=\"main.php?cat=game&page=message&reporttype=cheating&alliance={$alliance}\">Back to report cheating page</a> ::</p>"; echo "<h3>Report Abuse</h3>"; echo "**Please don't report bugs here, but rather use this as a report to alert us to any player you suspect abusing a bug.**<br />"; echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=cheatabuse\"><p>List the tribe name(s) and alliance(s) you wish to report<br /><textarea name=\"tribes\" rows=\"5\" cols=\"20\"></textarea><br />Describe the offence to be investigated plus all applicable information<br /><textarea name=\"offence\" rows=\"10\" cols=\"60\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send Report\" /></p></form>"; break; case 'cheatwar': echo "<p>:: <a href=\"main.php?cat=game&page=message&reporttype=cheating&alliance={$alliance}\">Back to report cheating page</a> ::</p>"; echo "<h3>Report War Cheating</h3>"; echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=cheatwar\"><p>List the alliance(s) you wish to report<br /><textarea name=\"allis\" rows=\"5\" cols=\"20\"></textarea><br />Describe the offence to be investigated plus all applicable information<textarea name=\"offence\" rows=\"10\" cols=\"60\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send Report\" /></p></form>"; break; case 'cheatfarm': echo "<p>:: <a href=\"main.php?cat=game&page=message&reporttype=cheating&alliance={$alliance}\">Back to report cheating page</a> ::</p>"; echo "<h3>Report Farming</h3>"; echo "***Landfarmers must be reported. Any acres gained from a little or undefended tribe may be expropriated in the absence of a report.***<br />"; echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=cheatfarm\"><p>List the tribe name(s) and alliance(s) you wish to report<br /><textarea name=\"tribes\" rows=\"5\" cols=\"20\"></textarea><br />Paste your attack details here<br /><textarea name=\"attack\" rows=\"10\" cols=\"60\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send Report\" /></p></form>"; break; case 'cheatmisc': echo "<p>:: <a href=\"main.php?cat=game&page=message&reporttype=cheating&alliance={$alliance}\">Back to report cheating page</a> ::</p>"; echo "<h3>Report Miscellaneous Cheating</h3>"; echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=cheatmisc\"><p>List the tribe name(s) and alliance(s) you wish to report<br /><textarea name=\"tribes\" rows=\"5\" cols=\"20\"></textarea><br />Describe the offence to be investigated plus all applicable information<textarea name=\"offence\" rows=\"10\" cols=\"60\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send Report\" /></p></form>"; break; case 'cheating': echo "<p>:: <a href=\"main.php?cat=game&page=message&alliance={$alliance}\">Back to reporting page</a> ::</p>"; echo "<h3>Report Cheating</h3>"; echo "<p>Please select the type of cheating you wish to report:</p>"; echo "<ul>"; echo "<li><a href=\"main.php?cat=game&page=message&reporttype=cheatident&alliance=2\">Identities (stealing)</a></li>"; echo "<li><a href=\"main.php?cat=game&page=message&reporttype=cheatcont&alliance=2\">Content (PMs, forum)</a></li>"; echo "<li><a href=\"main.php?cat=game&page=message&reporttype=cheatphys&alliance=2\">Physical</a></li>"; echo "<li><a href=\"main.php?cat=game&page=message&reporttype=cheatcoop&alliance=2\">Cooperation</a></li>"; echo "<li><a href=\"main.php?cat=game&page=message&reporttype=cheataccount&alliance=2\">Account (crosslogging, multiple, babysitting)</a></li>"; echo "<li><a href=\"main.php?cat=game&page=message&reporttype=cheatabuse&alliance=2\">Abuse</a></li>"; echo "<li><a href=\"main.php?cat=game&page=message&reporttype=cheatwar&alliance=2\">War</a></li>"; echo "<li><a href=\"main.php?cat=game&page=message&reporttype=cheatfarm&alliance=2\">Farming</a></li>"; echo "<li><a href=\"main.php?cat=game&page=message&reporttype=cheatmisc&alliance=2\">Miscellaneous</a></li></ul>"; break; case 'sharing': echo "<p>:: <a href=\"main.php?cat=game&page=message&alliance={$alliance}\">Back to reporting page</a> ::</p>"; echo "<h3>Report Sharing Computers</h3>"; echo "<p>Your tribe name and alliance number: {$arrStats['tribe']}(#{$arrStats['kingdom']})</p>"; echo "<p>List the tribe name(s) and alliance(s) you share IP's with: <br /></p>"; echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=sharing\"><textarea name=\"tribes\" rows=\"5\" cols=\"20\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send Computer Sharing Report\" /></form>"; break; case 'cf': echo "<p>:: <a href=\"main.php?cat=game&page=message&alliance={$alliance}\">Back to reporting page</a> ::</p>"; echo "<h3>Report Cease Fire</h3>"; echo "<p>A reported temporary stoppage of aggressive activity, where both alliances agree to suspend all ops and attacks for a MAXIMUM of 12 hours following an undeclared war - (or 24 hours in the case of declared war)</p><p>A 12 hour 'cool down' period is permitted following an unofficial war. To be valid these agreements must be reported to L&O with associated times. L&O is not responsible for policing any CF agreements.</p>"; echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=cf\"><p>Your alliance number: {$arrStats['kingdom']}<br />CeaseFire with (Alliance number): <input type=\"text\" name=\"with\" size=\"4\" maxlength=\"4\" /><br /><input type=\"submit\" name=\"submit\" value=\"Send Cease Fire Report\" /></p></form>"; break; case 'error': echo "<p>:: <a href=\"main.php?cat=game&page=message&alliance={$alliance}\">Back to reporting page</a> ::</p>"; echo "<h3>Report Error</h3>"; echo "<p>Please explain the error and also send all applicable information</p>"; echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=error\"><textarea name=\"error\" rows=\"10\" cols=\"60\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send Error Report\" /></form>"; break; case 'sugg': echo "<p>:: <a href=\"main.php?cat=game&page=message&alliance={$alliance}\">Back to reporting page</a> ::</p>"; echo "<h3>Report Game Suggestion</h3>"; echo "<p>Please fully explain your suggestion</p>"; echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=sugg\"><textarea name=\"suggestion\" rows=\"10\" cols=\"60\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send Suggestion\" /></form>"; break; case 'comp': echo "<p>:: <a href=\"main.php?cat=game&page=message&alliance={$alliance}\">Back to reporting page</a> ::</p>"; echo "<h3>Report Complaint</h3>"; echo "<p>Please fully explain the problem</p>"; echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=comp\"><textarea name=\"complaint\" rows=\"10\" cols=\"60\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send Complaint\" /></form>"; break; case 'mergename': echo "<p>:: <a href=\"main.php?cat=game&page=message&alliance={$alliance}\">Back to reporting page</a> ::</p>"; echo "<h3>Report Merge/Namechange issues</h3>"; echo "<p>Please fully explain the problem</p>"; echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=mergename\"><textarea name=\"message\" rows=\"10\" cols=\"60\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send Report\" /></form>"; break; // case 'advertsugg': // echo "<p>:: <a href=\"main.php?cat=game&page=message&alliance=$alliance\">Back to reporting page</a> ::</p>"; // echo "<h2>Report Advertising Suggestion</h2>"; // echo "<p>Please fully explain your suggestion</p>"; // echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=advertsugg\"><textarea name=\"suggestion\" rows=\"10\" cols=\"60\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send Suggestion\" /></form>"; // break; // case '4crap': // echo "<p>:: <a href=\"main.php?cat=game&page=message&alliance=$alliance\">Back to reporting page</a> ::</p>"; // echo "<h2>Send crap to #4</h2>"; // echo "<p>Please enter the crap you want to send to #4 here</p>"; // echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=4crap\"><textarea name=\"crap\" rows=\"10\" cols=\"60\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send crap\" /></form>"; // break; // case 'advertsugg': // echo "<p>:: <a href=\"main.php?cat=game&page=message&alliance=$alliance\">Back to reporting page</a> ::</p>"; // echo "<h2>Report Advertising Suggestion</h2>"; // echo "<p>Please fully explain your suggestion</p>"; // echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=advertsugg\"><textarea name=\"suggestion\" rows=\"10\" cols=\"60\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send Suggestion\" /></form>"; // break; // case '4crap': // echo "<p>:: <a href=\"main.php?cat=game&page=message&alliance=$alliance\">Back to reporting page</a> ::</p>"; // echo "<h2>Send crap to #4</h2>"; // echo "<p>Please enter the crap you want to send to #4 here</p>"; // echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=4crap\"><textarea name=\"crap\" rows=\"10\" cols=\"60\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send crap\" /></form>"; // break; case 'qgen': echo "<p>:: <a href=\"main.php?cat=game&page=message&alliance={$alliance}\">Back to reporting page</a> ::</p>"; echo "<h3>Question / General</h3>"; echo "<p><p><p>Enter your question below</p>"; echo "<form method=\"post\" action=\"main.php?cat=game&page=message&reporttype=qgen\"><textarea name=\"question\" rows=\"10\" cols=\"60\"></textarea><br /><input type=\"submit\" name=\"submit\" value=\"Send Report\" /></form>"; break; default: echo "<p>Welcome! This will allow you to contact the ORKFiA Staff Team.</p>"; echo "<ul><li><a href=\"main.php?cat=game&page=message&reporttype=cheating&alliance=2\">Report Cheating</a> (report to #2)</li>"; echo "<li><a href=\"main.php?cat=game&page=message&reporttype=sharing&alliance=2\">Report Sharing Computers</a> (report to #2)</li>"; echo "<li><a href=\"main.php?cat=game&page=message&reporttype=cf&alliance=2\">Report Cease Fire</a> (report to #2)</li>"; echo "<li><a href=\"main.php?cat=game&page=message&reporttype=error&alliance=3\">Report Game Error</a> (report to #3)</li>"; echo "<li><a href=\"main.php?cat=game&page=message&reporttype=sugg&alliance=3\">Report Game Suggestion</a> (report to #3)</li>"; echo "<li><a href=\"main.php?cat=game&page=message&reporttype=comp&alliance=3\">Report Complaint</a> (report to #3)</li>"; echo "<li><a href=\"main.php?cat=game&page=message&reporttype=mergename&alliance=3\">Report Merge/Namechange issues</a> (report to #3)</li>"; // echo "<li><a href=\"main.php?cat=game&page=message&reporttype=advertsugg&alliance=4\">Report Advertising Suggestion</a> (report to #4)</li>"; // echo "<li><a href=\"main.php?cat=game&page=message&reporttype=4crap&alliance=4\">Send crap to #4</a> (report to #4)</li>"; echo "<li><a href=\"main.php?cat=game&page=message&reporttype=qgen&alliance=3\">Question / General</a> (report to #3)</li>"; echo "<li><a href=\"main.php?cat=game&page=mail&set=compose&aid={$alliance}&tribe={$tribe}\">Orkfia Mail</a></li></ul>"; } echo "</div>"; } if ($type == "ingame" && $submit && $message) { //changed to use send_mail function - AI 10/12/2006 send_mail($userid, $tribe, $subject, $message); } if ($type == "ingame" && $alliance > 10) { echo "<p>Message Center</p>"; echo "<form method=\"post\" action=\"main.php?cat=game&page=message&type=ingame&action=post&tribe={$tribe}&alliance={$alliance}\">"; echo "<br />Subject: <input type=text name=subject size=30><br /><textarea name=message rows=20 cols=70 wrap=on></textarea><br />"; echo "<input type=hidden name=submit value='yes'>"; echo "<input type='submit' value='Send Message'>"; echo "</form>"; } if ($submit && $reporttype) { $error = false; $alliance = 0; $resortforum = 0; $title = false; $post = false; switch ($reporttype) { case 'cheatident': $alliance = 2; $resortforum = 4; $title = 'Report: Identity Cheating'; $post = "Reporting these tribes:\r\n" . $_POST['tribes'] . "\r\n\r\nAccusing them of the following:\r\n" . $_POST['offence']; break; case 'cheatcont': $alliance = 2; $resortforum = 4; $title = 'Report: Content'; $post = "Reporting these tribes:\r\n" . $_POST['tribes'] . "\r\n\r\nAccusing them of the following:\r\n" . $_POST['offence']; break; case 'cheatphys': $alliance = 2; $resortforum = 4; $title = 'Report: Physical Cheating'; $post = "Reporting these tribes:\r\n" . $_POST['tribes'] . "\r\n\r\nAccusing them of the following:\r\n" . $_POST['offence']; break; case 'cheatcoop': $alliance = 2; $resortforum = 4; $title = 'Report: Cooperation'; $post = "Reporting these tribes:\r\n" . $_POST['tribes'] . "\r\n\r\nAccusing them of the following:\r\n" . $_POST['offence']; break; case 'cheataccount': $alliance = 2; $resortforum = 4; $title = 'Report: Account Cheating'; $post = "Reporting these tribes:\r\n" . $_POST['tribes'] . "\r\n\r\nAccusing them of the following:\r\n" . $_POST['offence']; break; case 'cheatabuse': $alliance = 2; $resortforum = 4; $title = 'Report: Abuse'; $post = "Reporting these tribes:\r\n" . $_POST['tribes'] . "\r\n\r\nAccusing them of the following:\r\n" . $_POST['offence']; break; case 'cheatwar': $alliance = 2; $resortforum = 4; $title = 'Report: War Cheating'; $post = "Reporting these alliances:\r\n" . $_POST['allis'] . "\r\n\r\nAccusing them of the following:\r\n" . $_POST['offence']; break; case 'cheatfarm': $alliance = 2; $resortforum = 4; $title = 'Report: Farming'; $post = "Reporting these tribes:\r\n" . $_POST['tribes'] . "\r\n\r\nDetails of the attack:\r\n" . $_POST['attack']; break; case 'cheatmisc': $alliance = 2; $resortforum = 4; $title = 'Report: Miscellaneous Cheating'; $post = "Reporting these tribes:\r\n" . $_POST['tribes'] . "\r\n\r\nAccusing them of the following:\r\n" . $_POST['offence']; break; case 'sharing': $alliance = 2; $resortforum = 4; $title = 'Report: Sharing Computers'; $post = "Declaring to share IP(s) with:\r\n" . $_POST['tribes']; break; case 'cf': $alliance = 2; $resortforum = 4; $title = 'Report: CeaseFire'; $post = "Declaring a CeaseFire with: " . $_POST['with']; break; case 'error': $alliance = 3; $resortforum = 5; $title = 'Report: Game Error'; $post = $_POST['error']; break; case 'sugg': $alliance = 3; $resortforum = 5; $title = 'Report: Game Suggestion'; $post = $_POST['suggestion']; break; case 'comp': $alliance = 3; $resortforum = 5; $title = 'Report: Complaint'; $post = $_POST['complaint']; break; case 'mergename': $alliance = 3; $resortforum = 5; $title = 'Report: Merge/Namechange issues'; $post = $_POST['message']; break; // case 'advertsugg': // $alliance = 4; // $title = 'Report: Advertising Suggestion'; // $post = $_POST['suggestion']; // break; // case '4crap': // $alliance = 4; // $title = 'Crap for #4'; // $post = $_POST['crap']; // break; // case 'advertsugg': // $alliance = 4; // $title = 'Report: Advertising Suggestion'; // $post = $_POST['suggestion']; // break; // case '4crap': // $alliance = 4; // $title = 'Crap for #4'; // $post = $_POST['crap']; // break; case 'qgen': $alliance = 3; $resortforum = 5; $title = 'Question / General'; $post = $_POST['question']; break; case 'n00b': $alliance = 1; $resortforum = 2; $title = 'I am a n00b'; $post = $_POST['n00bieness']; break; default: $error .= "The report was of a type that cannot be handled, " . "you're either messing around or the report system " . "isn't finished yet.<br />"; } if ($resortforum > 5 || $resortforum < 2) { $error .= "There was no valid recipient for your report, poke " . "someone in Development.<br />"; } if (!$error && $title && $resortforum && $post) { $post .= "\r\n\r\n***User id:" . $objSrcUser->get_userid() . "***\r\n" . $arrStats['tribe'] . '(#' . $arrStats['kingdom'] . ')'; $thread = mysql_query("SELECT post_id FROM forum WHERE poster_kd = 1 AND parent_id = 0 AND title = '{$title}' AND type = {$resortforum}") or die('mysql error: ' . mysql_error()); if (mysql_num_rows($thread) == 0) { mysql_query("INSERT INTO forum (type,poster_kd,title,post,date_time,updated,poster_name,poster_tribe) VALUES ({$resortforum},1,'{$title}','Automated report thread','{$orkTime}','{$orkTime}','Reporter','Reporter')") or die('mysql error: ' . mysql_error()); $thread = mysql_query("SELECT post_id FROM forum WHERE poster_kd = 1 AND parent_id = 0 AND title = '{$title}' AND type = {$resortforum}") or die('mysql error: ' . mysql_error()); } $thread = mysql_fetch_assoc($thread); $thread = $thread['post_id']; make_post($objSrcUser->get_userid(), $thread, 0, $resortforum, $post); } if ($error) { echo "The following problem(s) was/were encountered while " . "processing your report:<br />{$error}"; } else { $staffmap = array(1 => "The Orkfian Gods / Development", 2 => "Law and Order", 3 => "Operations", 4 => "Marketing"); echo "Thank you for your time, " . $staffmap[$alliance] . " has received your report."; echo "<br /><a href=\"main.php?cat=game&page=message&alliance=1\">Back to Reporting</a>"; } } if ($submit && $type == "forums" && $resortforum < 11 && $alliance < 11 && $report) { $message = safeHTML($message); echo "<p>{$report}, has been received, If you have any more information " . "regarding <br />your report that can be entered, we would be " . "pleased to receive it also.</p>"; if ($report == 'Report: Sharing Computers') { echo '<p>Please take special notice of the CoC rules applying ' . 'specifically to sharing IPs. Violation of these rules ' . 'results in account suspension and more commonly deletion. ' . 'Ignornance of the law is no excuse.<br /><br />' . 'Here is the link to the CoC:<br />' . '<a href="main.php?cat=game&page=CoC">Code of Conduct</a>' . '<br /><br />' . 'Section 6, and especially 6.5.1 apply to users sharing IPs.' . '<br /><br />' . 'Enjoy the game =)'; $search = mysql_query("select * from forum where poster_kd = 1 and parent_id = 0 and title = '{$report}' and type = {$resortforum}"); $search = @mysql_fetch_array($search); if ($search['type'] != $resortforum) { // There's no topic yet $insert = mysql_query("INSERT INTO forum VALUES ('', '0', {$resortforum}, 1, '0', '{$report}','Automated report thread', '{$orkTime}', '{$orkTime}','Reporter', 'Reporter','0', '0', '0', '0')") or die("insert:" . mysql_error()); } $search = mysql_query("Select * from forum where poster_kd = 1 and parent_id = 0 and title = '{$report}' and type = {$resortforum}"); $search = mysql_fetch_array($search); $insert = mysql_query("INSERT INTO forum\n VALUES ('', '{$arrStats['id']}', {$resortforum},\n 1, '{$search['post_id']}', '',\n '{$message}<br /><br />***User id: {$userid}***<br />{$arrStats['tribe']} (# {$arrStats['kingdom']} )', '{$orkTime}', '{$orkTime}',\n '{$arrStats['name']}', '{$arrStats['tribe']}',\n '0', '{$ip}', '0', '0')\n "); } elseif ($report == 'Report: Cheating') { $search = mysql_query("select * from forum where poster_kd = 1 and parent_id = 0 and title = '{$report}' and type = {$resortforum}"); $search = @mysql_fetch_array($search); if ($search['type'] != $resortforum) { // There's no topic yet $insert = mysql_query("INSERT INTO forum VALUES ('', '0', {$resortforum}, 1, '0', '{$report}','Automated report thread', '{$orkTime}', '{$orkTime}','Reporter', 'Reporter','0', '0', '0', '0')") or die("insert:" . mysql_error()); } $search = mysql_query("Select * from forum where poster_kd = 1 and parent_id = 0 and title = '{$report}' and type = {$resortforum}"); $search = mysql_fetch_array($search); $insert = mysql_query("INSERT INTO forum\n VALUES ('', '{$arrStats['id']}', {$resortforum},\n 1, '{$search['post_id']}', '',\n '{$message}<br /><br />***User id: {$userid}***<br />{$arrStats['tribe']} (# {$arrStats['kingdom']} )', '{$orkTime}', '{$orkTime}',\n '{$arrStats['name']}', '{$arrStats['tribe']}',\n '0', '{$ip}', '0', '0')\n "); } elseif ($report == 'Report: CeaseFire') { $search = mysql_query("select * from forum where poster_kd = 1 and parent_id = 0 and title = '{$report}' and type = {$resortforum}"); $search = @mysql_fetch_array($search); if ($search['type'] != $resortforum) { // There's no topic yet $insert = mysql_query("INSERT INTO forum VALUES ('', '0', '{$resortforum}, 1, '0', '{$report}','Automated report thread', '{$orkTime}', '{$orkTime}','Reporter', 'Reporter','0', '0', '0', '0')") or die("insert:" . mysql_error()); } $search = mysql_query("Select * from forum where poster_kd = 1 and parent_id = 0 and title = '{$report}' and type = {$resortforum}"); $search = mysql_fetch_array($search); $insert = mysql_query("INSERT INTO forum\n VALUES ('', '{$arrStats['id']}', {$resortforum},\n 1, '{$search['post_id']}', '',\n '{$message}<br /><br />***User id: {$userid}***<br />{$arrStats['tribe']} (# {$arrStats['kingdom']} )', '{$orkTime}', '{$orkTime}',\n '{$arrStats['name']}', '{$arrStats['tribe']}',\n '0', '{$ip}', '0', '0')\n "); } elseif ($report == 'Report: Game Error') { $search = mysql_query("select * from forum where poster_kd = 1 and parent_id = 0 and title = '{$report}' and type = {$resortforum}"); $search = @mysql_fetch_array($search); if ($search['type'] != $resortforum) { // There's no topic yet $insert = mysql_query("INSERT INTO forum VALUES ('', '0', '{$resortforum}, 1, '0', '{$report}','Automated report thread', '{$orkTime}', '{$orkTime}','Reporter', 'Reporter','0', '0', '0', '0')") or die("insert:" . mysql_error()); } $search = mysql_query("Select * from forum where poster_kd = 1 and parent_id = 0 and title = '{$report}' and type = {$resortforum}"); $search = mysql_fetch_array($search); $insert = mysql_query("INSERT INTO forum\n VALUES ('', '{$arrStats['id']}', {$resortforum},\n 1, '{$search['post_id']}', '',\n '{$message}<br /><br />***User id: {$userid}***<br />{$arrStats['tribe']} (# {$arrStats['kingdom']} )', '{$orkTime}', '{$orkTime}',\n '{$arrStats['name']}', '{$arrStats['tribe']}',\n '0', '{$ip}', '0', '0')\n "); } elseif ($report == 'Report: Game Suggestion') { $search = mysql_query("select * from forum where poster_kd = 1 and parent_id = 0 and title = '{$report}' and type = {$resortforum}"); $search = @mysql_fetch_array($search); if ($search['type'] != $resortforum) { // There's no topic yet $insert = mysql_query("INSERT INTO forum VALUES ('', '0', '{$resortforum}, 1, '0', '{$report}','Automated report thread', '{$orkTime}', '{$orkTime}','Reporter', 'Reporter','0', '0', '0', '0')") or die("insert:" . mysql_error()); } $search = mysql_query("Select * from forum where poster_kd = 1 and parent_id = 0 and title = '{$report}' and type = {$resortforum}"); $search = mysql_fetch_array($search); $insert = mysql_query("INSERT INTO forum\n VALUES ('', '{$arrStats['id']}', {$resortforum},\n 1, '{$search['post_id']}', '',\n '{$message}<br /><br />***User id: {$userid}***<br />{$arrStats['tribe']} (# {$arrStats['kingdom']} )', '{$orkTime}', '{$orkTime}',\n '{$arrStats['name']}', '{$arrStats['tribe']}',\n '0', '{$ip}', '0', '0')\n "); } elseif ($report == 'Personal Message') { send_mail($userid, $tribe, "Personal Message from {$arrStats['tribe']}(#{$arrStats['kingdom']})", $message); } else { $search = mysql_query("select * from forum where poster_kd = 1 and parent_id = 0 and title = '{$report}' and type = {$resortforum}"); $search = @mysql_fetch_array($search); if ($search['type'] != $resortforum) { // There's no topic yet $insert = mysql_query("INSERT INTO forum VALUES ('', '0', '{$resortforum}, 1, '0', '{$report}','Automated report thread', '{$orkTime}', '{$orkTime}','Reporter', 'Reporter','0', '0', '0', '0')") or die("insert:" . mysql_error()); } $search = mysql_query("Select * from forum where poster_kd = 1 and parent_id = 0 and title = '{$report}' and type = {$resortforum}"); $search = mysql_fetch_array($search); $insert = mysql_query("INSERT INTO forum\n VALUES ('', '{$arrStats['id']}', {$resortforum},\n 1, '{$search['post_id']}', '',\n '{$message}<br /><br />***User id: {$userid}***<br />{$arrStats['tribe']} (# {$arrStats['kingdom']} )', '{$orkTime}', '{$orkTime}',\n '{$arrStats['name']}', '{$arrStats['tribe']}',\n '0', '{$ip}', '0', '0')\n "); } if ($report != 'Personal Message') { // M: Highlight forum users November 01, 2007 $alliance = 1; notify_forum_users($objSrcUser, $resortforum); } } }
function display() { include_once JPATH_BASE . DS . "components" . DS . "com_rsmonials" . DS . "includes" . DS . "admin.rsheader.php"; ############### global $app; $limit1 = 0; $limit2 = 0; $pa = 0; if ($_REQUEST['limit'] > 0) { $limit2 = $_REQUEST['limit']; } else { $limit2 = $app->getCfg('list_limit'); } if ($_REQUEST['page'] > 0) { $pa = $_REQUEST['page']; } else { $pa = 1; } $limit1 = $limit2 * ($pa - 1); $database =& JFactory::getDBO(); $database->setQuery("select count(*) as tot from `#__" . RSWEBSOLS_TABLE_PREFIX . "_param` where `ordering` > 0"); $cnt = $database->loadObject(); $total_page = ceil($cnt->tot / $limit2); $database->setQuery("select * from `#__" . RSWEBSOLS_TABLE_PREFIX . "_param` where `ordering` > 0 order by `ordering` limit " . $limit1 . "," . $limit2 . ""); $items = $database->loadObjectList(); ?> <div> <div> </div> <table width="100%" cellpadding="0" cellspacing="0"><tr><td><h1>Manage Settings</h1></td><td align="right"><a href="index.php?option=<?php echo $_REQUEST['option']; ?> &task=<?php echo $_REQUEST['task']; ?> &action=editall&page=<?php echo $_REQUEST['page']; ?> &limit=<?php echo $_REQUEST['limit']; ?> " title="Edit All Item"><img src="components/com_rsmonials/images/edit_f2.png" border="0" alt="Edit All" /></a></td></tr></table> <div> </div> </div> <div id="editcell"> <table class="adminlist"> <thead> <tr> <th>#</th> <th class="title" style="text-align:left;" nowrap="nowrap">Parameter Name</th> <th class="title" style="text-align:left;">Parameter Description</th> <th class="title" style="text-align:left;" nowrap="nowrap">Parameter Value</th> <th nowrap="nowrap">ID</th> <th class="title">Edit</th> </tr> </thead> <tfoot> <tr> <td colspan="9"> <script type="text/JavaScript"> <!-- function MM_jumpMenu(targ,selObj,restore){ //v3.0 eval(targ+".location='"+selObj.options[selObj.selectedIndex].value+"'"); if (restore) selObj.selectedIndex=0; } //--> </script> <del class="container"><div class="pagination"> <div class="limit">Display #: <select name="limit" id="limit" class="inputbox" size="1" onchange="MM_jumpMenu('parent',this,0)"> <option value="index.php?option=<?php echo $_REQUEST['option']; ?> &task=<?php echo $_REQUEST['task']; ?> &page=1&limit=5" <?php if ($limit2 == '5') { ?> selected="selected"<?php } ?> >5</option> <option value="index.php?option=<?php echo $_REQUEST['option']; ?> &task=<?php echo $_REQUEST['task']; ?> &page=1&limit=10" <?php if ($limit2 == '10') { ?> selected="selected"<?php } ?> >10</option> <option value="index.php?option=<?php echo $_REQUEST['option']; ?> &task=<?php echo $_REQUEST['task']; ?> &page=1&limit=15" <?php if ($limit2 == '15') { ?> selected="selected"<?php } ?> >15</option> <option value="index.php?option=<?php echo $_REQUEST['option']; ?> &task=<?php echo $_REQUEST['task']; ?> &page=1&limit=20" <?php if ($limit2 == '20') { ?> selected="selected"<?php } ?> >20</option> <option value="index.php?option=<?php echo $_REQUEST['option']; ?> &task=<?php echo $_REQUEST['task']; ?> &page=1&limit=25" <?php if ($limit2 == '25') { ?> selected="selected"<?php } ?> >25</option> <option value="index.php?option=<?php echo $_REQUEST['option']; ?> &task=<?php echo $_REQUEST['task']; ?> &page=1&limit=30" <?php if ($limit2 == '30') { ?> selected="selected"<?php } ?> >30</option> <option value="index.php?option=<?php echo $_REQUEST['option']; ?> &task=<?php echo $_REQUEST['task']; ?> &page=1&limit=50" <?php if ($limit2 == '50') { ?> selected="selected"<?php } ?> >50</option> <option value="index.php?option=<?php echo $_REQUEST['option']; ?> &task=<?php echo $_REQUEST['task']; ?> &page=1&limit=100" <?php if ($limit2 == '100') { ?> selected="selected"<?php } ?> >100</option> <option value="index.php?option=<?php echo $_REQUEST['option']; ?> &task=<?php echo $_REQUEST['task']; ?> &page=1&limit=999999" <?php if ($limit2 == '999999') { ?> selected="selected"<?php } ?> >all</option> </select> | Page: <select name="page" id="page" class="inputbox" size="1" onchange="MM_jumpMenu('parent',this,0)"> <?php for ($i = 1; $i <= $total_page; $i++) { ?> <option value="index.php?option=<?php echo $_REQUEST['option']; ?> &task=<?php echo $_REQUEST['task']; ?> &page=<?php echo $i; ?> &limit=<?php echo $limit2; ?> " <?php if ($i == $pa) { ?> selected="selected"<?php } ?> ><?php echo $i; ?> </option> <?php } ?> </select> </div> </div></del> </td> </tr> </tfoot> <tbody> <?php if (count($items) > 0) { $cnt = 1; foreach ($items as $item) { ?> <tr class="row<?php echo $cnt % 2; ?> "> <td align="center"><?php echo $cnt; ?> </td> <td nowrap="nowrap"><?php echo $item->param_name; ?> </td> <td><?php echo nl2br($item->param_description); ?> </td> <td nowrap="nowrap"><?php echo safeHTML($item->param_value); ?> </td> <td align="center"><?php echo $item->id; ?> </td> <td align="center"><a href="index.php?option=<?php echo $_REQUEST['option']; ?> &task=<?php echo $_REQUEST['task']; ?> &action=edit&id=<?php echo $item->id; ?> &page=<?php echo $_REQUEST['page']; ?> &limit=<?php echo $_REQUEST['limit']; ?> " title="Edit Item"><img src="components/com_rsmonials/images/edit_f2.png" border="0" alt="Edit" width="20" /></a></td> </tr> <?php $cnt++; } } else { ?> <tr><td colspan="9">No Item Found.</td></tr> <?php } ?> </tbody> </table> </div> <?php ############### include_once JPATH_BASE . DS . "components" . DS . "com_rsmonials" . DS . "includes" . DS . "admin.rsfooter.php"; }
function include_mail_text() { global $Host, $d_stats, $tribe, $mid, $subject, $set, $type, $action, $userid, $submit, $kingdom, $userid, $message, $inputBody, $orkTime, $local_stats, $connection, $posts, $replyid; include_once 'inc/functions/forums.php'; require_once 'inc/functions/mail.php'; $objSrcUser =& $GLOBALS['objSrcUser']; $local_stats = $objSrcUser->get_stats(); if (!$set) { $set = "view"; } if (!$kingdom) { $kingdom = $local_stats['kingdom']; } $count = '0'; $topLinks = '<div class="center">' . "| " . "<a href=\"main.php?cat=game&page=mail&set=compose\">" . "Compose Mail" . "</a>" . " | " . "<a href=\"main.php?cat=game&page=mail&set=view\">" . "View Inbox" . "</a>" . " | " . "<a href=\"main.php?cat=game&page=mail&set=outbox\">" . "View Outbox" . "</a>" . " | " . "<a href=\"main.php?cat=game&page=message&tribe=1&alliance=1\">" . "Send a Report" . "</a>" . " | " . "<a href=\"main.php?cat=game&page=mail&set=block\">" . "Block Mail" . "</a>"; if ($local_stats['type'] == 'elder') { $topLinks .= " | " . "<a href=\"main.php?cat=game&page=mail&set=eldermail\">" . "Alliance Mail" . "</a>"; } $topLinks .= " |</div>"; echo $topLinks; if ($set == "sendmail") { send_mail($userid, $tribe, $subject, $message); //changed to use send_mail function - AI 10/12/2006 } if ($set == "eldermailsend") { $message = safeHTML($message); $subject = safeHTML($subject); $message = "{$message}<br /><br />Your elder: " . $local_stats['name']; if (!$subject) { $subject = "No Subject"; } $query = mysql_query("SELECT id FROM stats WHERE kingdom = {$local_stats['kingdom']}"); while ($datas = mysql_fetch_array($query)) { if ($datas["id"] != $userid) { $create['message'] = mysql_query("INSERT INTO messages (id, for_user, from_user, date, subject, text, new, action) VALUES ('', '" . $datas['id'] . "', '" . $userid . "', '" . $orkTime . "', '" . $subject . "', '" . $message . "', 'new', 'received')"); $update['timestamp'] = mysql_query("UPDATE preferences SET last_m ='{$orkTime}' WHERE id= {$tribe}"); } } $create['message'] = mysql_query("INSERT INTO messages (id, for_user, from_user, date, subject, text, new, action) VALUES ('', '0', '" . $userid . "', '" . $orkTime . "', '" . $subject . "', '" . $message . "', 'old', 'sent')"); $set = "eldermail"; echo '<div class="center">' . "<h3>Message sent to all your alliance members.</h3></div>"; } if ($set == "eldermail") { $eldermail = '<div id="textBig">' . "<h2>Mail your alliance</h2>" . "<form action=\"main.php?cat=game&page=mail&set=eldermailsend\" method=\"post\">" . "<br />" . "Subject: <input type=\"text\" name=\"subject\" size=\"30\" />" . "<br />" . "<textarea name=\"message\" rows=\"10\" cols=\"70\" wrap=\"on\"></textarea>" . "<br />" . "<input type=\"submit\" value=\"Send Message\" />" . "</form>" . "</div>"; echo $eldermail; } if ($set == "compose") { $sendMailTargets = "<option value=\"spacer\">"; if (isset($_GET['aid']) && !empty($_GET['aid'])) { $kingdom = intval($_GET['aid']); } if (isset($_GET['tribe']) && !empty($_GET['tribe'])) { $replyid = intval($_GET['tribe']); } $result = mysql_query("SELECT * FROM stats WHERE kingdom = {$kingdom} ORDER BY tribe"); while ($kdstats = mysql_fetch_array($result, MYSQL_ASSOC)) { $kdstats["tribe"] = stripslashes($kdstats["tribe"]); if ($kdstats["id"] == $replyid) { $sendMailTargets .= "<option value=\"" . $kdstats['id'] . "\" selected>" . $kdstats['tribe']; } else { $sendMailTargets .= "<option value=\"" . $kdstats['id'] . "\">" . $kdstats['tribe']; } } $compose = "<br />" . "<table cellspacing=\"0\" cellpadding=\"0\" class=\"small\">" . "<tr class=\"header\">" . "<th colspan=\"2\">" . "Compose Mail" . "</th>" . "</tr>" . "<tr class=\"subheader\">" . "<th colspan=\"2\" class=\"center\">" . "Select Target" . "</th>" . "</tr>" . "<tr class=\"data\">" . "<form action=\"main.php?cat=game&page=mail&set=compose\" method=\"post\">" . "<th>" . "Alliance:" . "</th>" . "<td>" . "<input maxlength=\"4\" size=\"3\" name=\"kingdom\" value=\"{$kingdom}\" />" . "<input type=\"submit\" value=\"Change\" />" . "</td>" . "</form>" . "</tr>" . "<form id=\"center\" action=\"main.php?cat=game&page=mail&set=sendmail\" method=\"post\">" . "<tr class=\"data\">" . "<th>" . "Tribe:" . "</th>" . "<td>" . "<select name=\"tribe\">" . $sendMailTargets . "</select>" . "</td>" . "</tr>" . "</table>" . "<br />" . '<div class="center">' . "Subject: <input type=\"text\" name=\"subject\" size=\"30\" />" . "<br />" . "<textarea name=\"message\" rows=\"10\" cols=\"70\" wrap=\"on\"></textarea>" . "<br />" . "<input type=\"submit\" value=\"Send Message\" />" . "</form>" . "</div>"; echo $compose; } if ($set == "view") { $result = mysql_query("SELECT * from messages WHERE for_user ='******' AND action = 'received' AND new != 'deleted' ORDER BY date DESC") or die(mysql_error()); $num_mail = mysql_num_rows($result); if ($num_mail <= "0") { echo "You have no mail in your inbox.<br />"; include_game_down(); exit; } $update['timestamp'] = mysql_query("UPDATE preferences SET last_m_check ='{$orkTime}' WHERE id= {$userid}"); $updated['timestamp'] = mysql_query($update['timestamp'], $connection); $inbox = "<form id=\"center\" name=\"mail\" method=\"post\" action=\"main.php?cat=game&page=mail&set=delete2\">" . "<table cellpadding=\"0\" cellspacing=\"0\" class=\"big\">" . "<tr class=\"header\">" . "<th colspan=\"5\">" . "Inbox" . "</th>" . "</tr>" . "<tr class=\"subheader\">" . "<th>" . "Subject" . "</th>" . "<td class=\"left\">" . "From" . "</td>" . "<td class=\"left\">" . "Date" . "</td>" . "<td class=\"left\">" . "Status" . "</td>" . "<td class=\"center\">" . "Delete" . "</td>" . "</tr>"; while ($mail = mysql_fetch_array($result)) { $count++; if ($count == '1') { $class = ""; } else { $class = "bsup"; } mysql_grab($mail['from_user'], 'd', 'stats'); if (empty($mail['subject'])) { $mail['subject'] = 'No Subject'; } $inbox .= "<tr class=\"data\">" . "<th class=\"" . $class . "\">" . "<a href=\"main.php?cat=game&page=mail&set=read&mid=" . $mail['id'] . "\">" . cleanHTML($mail['subject']) . "</a>" . "</th>" . "<td class=\"" . $class . " left\">" . cleanHTML($d_stats['tribe']) . "(#" . $d_stats['kingdom'] . ")</td>" . "<td class=\"" . $class . " left\">" . $mail['date'] . "</td>" . "<td class=\"" . $class . " left\">" . $mail['new'] . "</td>" . "<td class=\"" . $class . " center\">" . "<input name=\"posts[]\" type=\"checkbox\" value=\"" . $mail['id'] . "\" />" . "</td>" . "</tr>"; } $inbox .= "</table>" . '<br /><div class="center">' . "| <a href='#' onclick=\"var posts=document.getElementsByName('mail')[0]['posts[]']; for(var i=0,len=posts.length;i<len;i++) posts[i].checked=true;\">Check All</a>" . " | <a href='#' onclick=\"var posts=document.getElementsByName('mail')[0]['posts[]']; for(var i=0,len=posts.length;i<len;i++) posts[i].checked=false;\">Uncheck All</a> |" . "</div><br />" . "<input type=\"submit\" name=\"submit\" value=\"Delete\" />" . "</form>"; echo $inbox; } if ($set == "outbox") { $result = mysql_query("SELECT * from messages WHERE from_user ='******' AND action = 'sent' AND new != 'deleted' ORDER BY date DESC") or die(mysql_error()); $num_mail = mysql_num_rows($result); if ($num_mail <= "0") { echo "<div class=\"center\">You have no mail in your outbox.</div>"; include_game_down(); exit; } $outbox = "<form id=\"center\" name=\"mail\" method=\"post\" action=\"main.php?cat=game&page=mail&set=deleteout2\">" . "<table cellpadding=\"0\" cellspacing=\"0\" class=\"big\">" . "<tr class=\"header\">" . "<th colspan=\"5\">" . "Outbox" . "</th>" . "</tr>" . "<tr class=\"subheader\">" . "<th>" . "Subject" . "</th>" . "<td class=\"left\">" . "To" . "</td>" . "<td class=\"left\">" . "Date" . "</td>" . "<td class=\"left\">" . "Status" . "</td>" . "<td class=\"center\">" . "Delete" . "</td>" . "</tr>"; while ($mail = mysql_fetch_array($result)) { $count++; if ($count == '1') { $class = ""; } else { $class = "bsup"; } if ($mail['for_user'] == "0") { $receiver = "Your Alliance"; } else { $foruser = mysql_query("SELECT tribe, kingdom FROM stats WHERE id = {$mail['for_user']}"); $foruser = mysql_fetch_array($foruser); $receiver = cleanHTML($foruser['tribe']) . "(#{$foruser['kingdom']})"; } if (empty($mail['subject'])) { $mail['subject'] = 'No Subject'; } $outbox .= "<tr class=\"data\">" . "<th class=\"" . $class . "\">" . "<a href=\"main.php?cat=game&page=mail&set=readout&mid=" . $mail['id'] . "\">" . cleanHTML($mail['subject']) . "</a>" . "</th>" . "<td class=\"" . $class . " left\">" . $receiver . "</td>" . "<td class=\"" . $class . " left\">" . $mail['date'] . "</td>" . "<td class=\"" . $class . " left\">" . $mail['new'] . "</td>" . "<td class=\"" . $class . " center\">" . "<input name=\"posts[]\" type=\"checkbox\" value=\"" . $mail['id'] . "\" />" . "</td>" . "</tr>"; } $outbox .= "</table>" . "<br /><br />" . "| <a href='#' onclick=\"var posts=document.getElementsByName('mail')[0]['posts[]']; for(var i=0,len=posts.length;i<len;i++) posts[i].checked=true;\">Check All</a>" . " | <a href='#' onclick=\"var posts=document.getElementsByName('mail')[0]['posts[]']; for(var i=0,len=posts.length;i<len;i++) posts[i].checked=false;\">Uncheck All</a> |" . "<br /><br />" . "<input type=\"submit\" name=\"submit\" value=\"Delete\" />" . "</form>"; echo $outbox; } if ($set == "readout") { $result = mysql_query("SELECT * from messages WHERE from_user ='******' AND id = '{$mid}' AND action = 'sent' AND new != 'deleted'"); $read = mysql_fetch_array($result); $read['subject'] = stripslashes(stripslashes($read['subject'])); $read['text'] = stripslashes(stripslashes($read['text'])); if ($read['for_user'] == "0") { $receiver = "Your Alliance"; } else { $foruser = mysql_query("SELECT tribe, kingdom FROM stats WHERE id = {$read['for_user']}"); $foruser = mysql_fetch_array($foruser); $receiver = "{$foruser['tribe']}(#{$foruser['kingdom']})"; } $readout = "<table cellpadding=\"0\" cellspacing=\"0\" class=\"medium\">" . "<tr class=\"header\">" . "<th>" . "Message to: " . $receiver . "</th>" . "</tr>" . "<tr class=\"subheader\">" . "<th>" . "Subject: " . cleanHTML($read['subject']) . "</th>" . "</tr>" . "<tr class=\"message\">" . "<td>" . "<br />" . cleanHTML($read['text']) . "<br />" . "</td>" . "</tr>" . "</table>" . "<br />" . '<div class="center">' . "| <a href=main.php?cat=game&page=mail&set=deleteout&mid={$mid}>Delete</a> | " . "<a href=main.php?cat=game&page=mail&set=outbox>Return To Outbox</a> |</div>"; echo $readout; } if ($set == "read") { $result = mysql_query("SELECT * from messages WHERE for_user ='******' AND id = '{$mid}' AND action = 'received' AND new != 'deleted'"); $read = mysql_fetch_array($result); mysql_grab($read['from_user'], 'd', 'stats'); $read['subject'] = stripslashes(stripslashes($read['subject'])); $read['text'] = stripslashes(stripslashes($read['text'])); $readin = "<br /><table cellpadding=\"0\" cellspacing=\"0\" class=\"medium\">" . "<tr class=\"header\">" . "<th>" . "Message from: " . stripslashes($d_stats['name']) . "</th>" . "</tr>" . "<tr class=\"subheader\">" . "<th>" . "Subject: " . cleanHTML($read['subject']) . "</th>" . "</tr>" . "<tr class=\"message\">" . "<td>" . "<br />" . cleanHTML($read['text']) . "<br />" . "</td>" . "</tr>" . "</table>" . "<br />" . '<div class="center">' . "| <a href=main.php?cat=game&page=mail&set=reply&mid={$mid}>Reply</a> | " . "<a href=main.php?cat=game&page=mail&set=delete&mid={$mid}>Delete</a> | " . "<a href=main.php?cat=game&page=mail&set=view&mid={$d_stats['id']}>Return To Inbox</a> | " . '</div>'; echo $readin; $old = mysql_query("UPDATE messages SET new ='old' WHERE id ='{$mid}'"); $mid2 = $mid + 1; $select = mysql_query("SELECT action FROM messages WHERE id = '{$mid2}'"); $select = mysql_fetch_array($select); if ($select['action'] == 'sent') { $old = mysql_query("UPDATE messages SET new ='old' WHERE id ='{$mid2}'"); } } if ($set == "delete") { $email_name = "UPDATE messages SET new = 'deleted' WHERE id ='{$mid}' AND for_user = '******' AND action = 'received'"; $delete = mysql_query($email_name, $connection); echo '<div id="textMedium"><p>' . "The message has been deleted.<br /><br />"; echo "<a href=main.php?cat=game&page=mail&set=view>Return To Inbox</a></p>" . '</div'; } if ($set == "delete2") { $sql = "UPDATE messages SET new = 'deleted' WHERE for_user = '******' AND action = 'received' "; $sql .= " AND id IN ("; $posts = $_POST["posts"]; $postcount = count($posts); for ($i = 0; $i < $postcount; $i++) { $sql .= "{$posts[$i]}"; if ($i != $postcount - 1) { $sql .= ","; } } $sql .= ")"; $delete = mysql_query($sql, $connection); echo '<div id="textMedium"><p>' . "The selected messages are deleted.<br /><br />"; echo "<a href=main.php?cat=game&page=mail&set=view>Return To Inbox</a></p>" . '</div'; } if ($set == "deleteout") { $email_name = "UPDATE messages SET new = 'deleted' WHERE id ='{$mid}' AND from_user = '******' AND action = 'sent'"; $delete = mysql_query($email_name, $connection); echo '<div id="textMedium"><p>' . "The message has been deleted.<br /><br />"; echo "<a href=main.php?cat=game&page=mail&set=outbox>Return To Outbox</a></p>" . '</div'; } if ($set == "deleteout2") { $sql = "UPDATE messages SET new = 'deleted' WHERE from_user = '******' AND action = 'sent' "; $sql .= " AND id IN ("; $posts = $_POST["posts"]; $postcount = count($posts); for ($i = 0; $i < $postcount; $i++) { $sql .= "{$posts[$i]}"; if ($i != $postcount - 1) { $sql .= ","; } } $sql .= ")"; $delete = mysql_query($sql, $connection); echo '<div id="textMedium"><p>' . "The selected messages are deleted.<br /><br />"; echo "<a href=main.php?cat=game&page=mail&set=outbox>Return To Outbox</a></p>" . '</div'; } if ($set == "reply") { if ($action != "post") { $result = mysql_query("SELECT * from messages WHERE for_user ='******' AND id = '{$mid}' AND action = 'received'"); $reply = mysql_fetch_array($result); $subject = "Re: " . cleanHTML($reply['subject']) . " "; $replyText = "<form action=\"main.php?cat=game&page=mail&set=reply&mid={$mid}&action=post\" method=\"post\">" . "<br />" . "Subject: <input type=\"text\" name=\"subject\" size=\"30\" value=\"" . $subject . "\" />" . "<br />" . "<textarea name=\"message\" rows=\"10\" cols=\"70\" wrap=\"virtual\"></textarea>" . "<br />" . "<input type=\"submit\" name=\"submit\" value=\"Send Message\" />" . "</form>"; echo $replyText; } if ($action == "post") { $result = mysql_query("SELECT * from messages WHERE for_user ='******' AND id = '{$mid}' AND action = 'received'"); $reply = mysql_fetch_array($result); send_mail($userid, $reply['from_user'], $subject, $message); echo "<a href=main.php?cat=game&page=mail>Return To Mailbox</a>"; } } if ($set == "block") { if (isset($_POST['tribe']) && $_POST['tribe'] != 'spacer' && $action == "block") { $blocker_id = $objSrcUser->get_userid(); $blocked_id = quote_smart($_POST['tribe']); $objTrgUser = new clsUser($blocked_id); $blocked_name = $objTrgUser->get_stat(TRIBE); echo '<br /><div class="center">' . "You have blocked {$blocked_name} from sending you any more mail.</div>"; block_mail($blocker_id, $blocked_id); } if (isset($_GET['id']) && $_GET['id'] > 0 && $action == "unblock") { $blocker_id = $objSrcUser->get_userid(); $blocked_id = quote_smart($_GET['id']); $objTrgUser = new clsUser($blocked_id); $blocked_name = $objTrgUser->get_stat(TRIBE); echo '<br /><div class="center">' . "You have unblocked {$blocked_name}, they can send you mail again.</div>"; unblock_mail($blocker_id, $blocked_id); } $tribes = mysql_query("select tribe,id from stats where kingdom = {$kingdom} order by tribe"); $blockTargets = "<option value=\"spacer\"></option"; while ($allistats = mysql_fetch_assoc($tribes)) { $tribe = stripslashes($allistats['tribe']); $id = $allistats['id']; $blockTargets .= "<option value=\"{$id}\">{$tribe}</option>"; } echo "<br /><table cellspacing=\"0\" cellpadding=\"0\" class=\"small\">" . "<tr class=\"header\"><th colspan=\"2\">Block Mail</th></tr>" . "<tr class=\"subheader\"><th colspan=\"2\" class=\"center\">Select spammer</th></tr>" . "<tr class=\"data\"><form action=\"main.php?cat=game&page=mail&set=block\" method=\"post\">" . "<th>Alliance:</th><td><input maxlength=\"4\" size=\"3\" name=\"kingdom\" value=\"{$kingdom}\" />" . "<input type=\"submit\" value=\"Change\" /></td></form></tr>" . "<form action=\"main.php?cat=game&page=mail&set=block&action=block\" method=\"post\">" . "<tr class=\"data\"><th>Tribe:</th><td><select name=\"tribe\">{$blockTargets}</select>" . "<input type=\"submit\" value=\"Block\" name=\"Block\" /></td></tr></form>" . "</table><br /><br />"; $blocked_users = get_blocks_mail($objSrcUser->get_userid()); echo "<table cellspacing=\"0\" cellpadding=\"0\" class=\"small\">" . "<tr class=\"header\"><th colspan=\"2\">Blocked users</th></tr>" . "<tr class=\"subheader\"><th colspan=\"2\" class=\"center\">Remove?</th></tr>"; foreach ($blocked_users as $blocked_user) { echo "<tr class=\"data\"><th>{$blocked_user['tribe']}</th>" . "<td><a href=\"main.php?cat=game&page=mail&set=block&" . "action=unblock&id={$blocked_user['blocked_id']}\">Remove?</td></tr>"; } echo "</table>"; } }
function formatText($text, $permalink = '', $post_id = '', $rss = NULL) { //unify carriage returns between Windows / UNIX, and sanitise HTML against injection $text = safeHTML(preg_replace('/\\r\\n?/', "\n", $text)); //these arrays will hold any portions of text that have to be temporarily removed to avoid interference with the //markup processing, i.e code spans / blocks $pre = array(); $code = array(); /* preformatted text (code blocks): -------------------------------------------------------------------------------------------------------------- */ /* example: or: (latex in particular since it uses % as a comment marker) % title $ title ⋮ ⋮ % $ */ while (preg_match('/^(?-s:(\\h*)([%$])(.*?))\\n(.*?)\\n\\h*\\2(["”»]?)$/msu', $text, $m, PREG_OFFSET_CAPTURE)) { //format the code block $pre[] = "<pre><span class=\"ct\">{$m[2][0]}{$m[3][0]}</span>\n" . (strlen($m[1][0]) ? preg_replace("/^\\s{1," . strlen($m[1][0]) . "}/m", '', $m[4][0]) : $m[4][0]) . "\n<span class=\"cb\">{$m[2][0]}</span></pre>"; //replace the code block with a placeholder: //(we will have to remove the code chunks from the source text to avoid the other markup processing from //munging it and then restore the chunks back later) $text = substr_replace($text, "\n&PRE_" . (count($pre) - 1) . ";\n" . $m[5][0], $m[0][1], strlen($m[0][0])); } /* inline code / teletype text: -------------------------------------------------------------------------------------------------------------- */ // example: `code` or ``code`` while (preg_match('/(?<=[\\s\\p{Z}\\p{P}]|^)(`+)(.*?)(?<!`)\\1(?!`)/m', $text, $m, PREG_OFFSET_CAPTURE)) { //format the code block $code[] = '<code>' . $m[1][0] . $m[2][0] . $m[1][0] . '</code>'; //same as with normal code blocks, replace them with a placeholder $text = substr_replace($text, '&CODE_' . (count($code) - 1) . ';', $m[0][1], strlen($m[0][0])); } /* hyperlinks: -------------------------------------------------------------------------------------------------------------- */ //find full URLs and turn into HTML hyperlinks. we also detect e-mail addresses automatically while (preg_match('/(?: ((?:(?:http|ftp)s?|irc)?:\\/\\/) # $1 = protocol | ([a-z0-9\\._%+\\-]+@) # $2 = email name )( # $3 = friendly URL (no protocol) [-\\.\\p{L}\\p{M}\\p{N}]+ # domain (letters, diacritics, numbers & dash only) (?:\\.[\\p{L}\\p{M}\\p{N}]+)+ # TLDs (also letters, diacritics & numbers only) )(?(2)| # email ends here (\\/)? # $4 = slash is excluded from friendly URL (?(4)( # $5 = folders and filename, relative URL (?> # folders and filename "(?!\\/?>|\\s|$)| # ignore the end of an HTML hyperlink \\)(?![:\\.,"”»]?(?:\\s|$))| # ignore brackets on end with punctuation [:\\.,”»](?!\\s|$)| # ignore various characters on the end [^\\s:)\\.,"”»] # the rest, including bookmark )* )?) )/xiu', $text, $m, PREG_OFFSET_CAPTURE, @($m[0][1] + strlen($replace)))) { $text = substr_replace($text, $replace = '<a href="' . ($p = @$m[2][0] ? 'mailto:' . $m[2][0] : ($m[1][0] ? $m[1][0] : 'http://')) . htmlspecialchars($m[3][0] . @$m[4][0] . @$m[5][0], ENT_COMPAT, 'UTF-8', false) . '"' . ($p . $m[3][0] !== FORUM_URL ? ' rel="nofollow external"' : '') . '>' . $m[0][0] . '</a>', $m[0][1], strlen($m[0][0])); } /* inline formatting: -------------------------------------------------------------------------------------------------------------- */ $text = preg_replace(array('/(?<=\\s|^)_(?!_)(.*?)(?<!_)_(?=\\s|$)/m', '/(?<![*\\w])\\*(?!\\*)(.*?)(?<!\\*)\\*(?![*\\w])/'), array('<em>_$1_</em>', '<strong>*$1*</strong>'), $text); /* divider: "---" -------------------------------------------------------------------------------------------------------------- */ $text = preg_replace('/(?:\\n|\\A)\\h*(---+)\\h*(?:\\n?$|\\Z)/m', "\n\n<p class=\"hr\">\$1</p>\n", $text); /* blockquotes: -------------------------------------------------------------------------------------------------------------- */ /* example: “this is the first quote level. “this is the second quote level.” back to the first quote level.” */ do { $text = preg_replace(array('/(?:\\n|\\A)\\h*("(?!\\s+)((?>(?1)|.)*?)\\s*")\\h*(?:\\n?$|\\Z)/msu', '/(?:\\n|\\A)\\h*(“(?!\\s+)((?>(?1)|.)*?)\\s*”)\\h*(?:\\n?$|\\Z)/msu', '/(?:\\n|\\A)\\h*(«(?!\\s+)((?>(?1)|.)*?)\\s*»)\\h*(?:\\n?$|\\Z)/msu'), "\n\n<blockquote>\n\n" . "<span class=\"ql\">“</span>\n\$2\n<span class=\"qr\">”</span>\n\n" . "</blockquote>\n", $text, -1, $c); } while ($c); //remove the extra linebreaks addeded between our theme quotes //(required so that extra `<br />`s don’t get added!) $text = preg_replace(array('/“<\\/span>\\n(?!\\n)/', '/\\n<span class="qr">/'), array('“</span>', '<span class="qr">'), $text); /* name references: -------------------------------------------------------------------------------------------------------------- */ //name references (e.g. "@bob") will link back to the last reply in the thread made by that person. //this requires that the whole RSS thread is passed to this function to refer to if (!is_null($rss)) { //first, produce a list of all authors in the thread $names = array(); foreach ($rss->channel->xpath('./item/author') as $name) { $names[] = $name[0]; } $names = array_unique($names); //remove duplicates $names = array_map('strtolower', $names); //set all to lowercase $names = array_map('safeHTML', $names); //HTML encode names as they will be in the source text //sort the list of names Z-A so that longer names and names with spaces occur first, //this is so that we don’t choose "Bob" over "Bob Monkhouse" when matching names rsort($names); //find all possible name references in the text: //(that is, any "@" followed by text up to the end of a line. note that this means that what might be //matched may include additional text that *isn't* part of the name, e.g. "@bob How are you?") $offset = 0; while (preg_match('/(?:^|\\s+)(@.+)/m', $text, $m, PREG_OFFSET_CAPTURE, $offset)) { //check each of the known names in the thread and see if one fits the source text reference //e.g. does "@bob How are you?" begin with "bob" foreach ($names as $name) { if (stripos($m[1][0], $name) === 1) { //locate the last post made by that author in the thread to link to foreach ($rss->channel->item as $item) { if (safeHTML(strtolower($item->author)) == $name) { //replace the reference with the link to the post $text = substr_replace($text, '<a href="' . safeHTML($item->link) . '"' . (isMod($name) ? ' class="nnf_mod"' : '') . '>' . substr($m[1][0], 0, strlen($name) + 1) . '</a>', $m[1][1], strlen($name) + 1); //move on to the next reference, no need to check any further names for this one $offset = $m[1][1] + strlen($name) + strlen($item->link) + 15 + 1; break 2; } } } } //failing any match, continue searching //(avoid getting stuck in an infinite loop) $offset = $m[1][1] + 1; } } /* titles -------------------------------------------------------------------------------------------------------------- */ //example: :: title $replace = ''; $titles = array(); while (preg_match('/(?:\\n|\\A)(::.*)(?:\\n?$|\\Z)/mu', $text, $m, PREG_OFFSET_CAPTURE, @($m[0][1] + strlen($replace)))) { //generate a unique HTML ID for the title: //flatten the title text into a URL-safe string of [a-z0-9_] $translit = safeTransliterate(strip_tags($m[1][0])); //if a title already exsits with that ID, append a number until an available ID is found. $c = 0; do { $id = $translit . ($c++ ? '_' . ($c - 1) : ''); } while (in_array($id, $titles)); //add the current ID to the list of used IDs $titles[] = $id; //remove hyperlinks in the title (since the title will be a hyperlink too) //if a user-link is present, keep the mod class if present $m[1][0] = preg_replace('/<a href="[^"]+"( class="nnf_mod")?>(.*?)<\\/a>/', "<b\$1>\$2</b>", $m[1][0]); //create the replacement HTML, including an anchor link $text = substr_replace($text, $replace = "\n\n<h2 id=\"{$post_id}::{$id}\">" . "<a href=\"" . safeHTML($permalink) . "#{$post_id}::{$id}\">" . $m[1][0] . "</a>" . "</h2>\n", $m[0][1], strlen($m[0][0])); } /* finalise: -------------------------------------------------------------------------------------------------------------- */ //add paragraph tags between blank lines foreach (preg_split('/\\n{2,}/', safeTrim($text), -1, PREG_SPLIT_NO_EMPTY) as $chunk) { //if not a blockquote, title, hr or pre-block, wrap in a paragraph if (!preg_match('/^<\\/?(?:bl|h2|p)|^&PRE_/', $chunk)) { $chunk = "<p>\n" . str_replace("\n", "<br />\n", $chunk) . "\n</p>"; } $text = @($result .= "\n{$chunk}"); } //restore code spans/blocks foreach ($code as $i => $html) { $text = str_replace("&CODE_{$i};", $html, $text); } foreach ($pre as $i => $html) { $text = str_replace("&PRE_{$i};", $html, $text); } return $text; }
$f = fopen("{$FILE}.rss", 'r+'); flock($f, LOCK_EX); $xml = simplexml_load_string(fread($f, filesize("{$FILE}.rss"))) or (require FORUM_LIB . 'error_xml.php'); //find the post using the ID (we need to know the numerical index for later) for ($i = 0; $i < count($xml->channel->item); $i++) { if (strstr($xml->channel->item[$i]->link, '#') == "#{$ID}") { break; } } $post = $xml->channel->item[$i]; /* has the un/pw been submitted to authenticate the append? -------------------------------------------------------------------------------------------------------------- */ if (AUTH && TEXT && CAN_REPLY && (IS_MOD || strtolower(NAME) == strtolower($post->author) && (!FORUM_LOCK || FORUM_LOCK == 'threads' || IS_MEMBER))) { //append the given text to the reply //(see 'theme.config.php' if it exists, otherwise 'theme.config.default.php' for `THEME_APPEND`) $post->description .= "\n" . sprintf(THEME_APPEND, safeHTML(NAME), gmdate('r', time()), date(DATE_FORMAT, time())) . formatText(TEXT, $xml); //commit the data rewind($f); ftruncate($f, 0); fwrite($f, $xml->asXML()); //close the lock / file flock($f, LOCK_UN); fclose($f); //try set the modified date of the file back to the time of the last reply //(appending to a post does not push the thread back to the top of the index) //note: this may fail if the file is not owned by the Apache process @touch("{$FILE}.rss", strtotime($xml->channel->item[0]->pubDate)); //regenerate the folder's RSS file indexRSS(); //return to the appended post header('Location: ' . FORUM_URL . url('thread', PATH_URL, $FILE, $PAGE) . "#{$ID}", true, 303);
function generateComments($id) { global $db, $PMF_LANG; $result = $db->query("SELECT usr, email, comment, datum FROM " . SQLPREFIX . "faqcomments WHERE id = " . $id); $output = ""; if ($db->num_rows($result) > 0) { while ($row = $db->fetch_object($result)) { $output .= "<p class=\"comment\">\n"; $output .= "<strong>" . $PMF_LANG["msgCommentBy"] . "<a href=\"mailto:" . safeEmail($row->email) . "\">" . $row->usr . "</a> (" . date('Y-m-d H:i:s', $row->datum) . "):</strong>\n"; $output .= "<br />" . safeHTML($row->comment) . "\n</p>"; } } return $output; }
function submit() { //unset($_SESSION['RSM_error']); //unset($_SESSION['RSM_post']); $session = JFactory::getSession(); $session->set('RSM_error', ''); $session->set('RSM_post', ''); $session->set('RSM_rc', ''); $isfalse = false; $RSM_error = array(); if (fetchParam('login_to_submit_testimonial') == 'true') { $user =& JFactory::getUser(); $usr_id = $user->get('id'); if ($usr_id > 0) { } else { $isfalse = true; $RSM_error[] = JText::_('RSM_MSG_ERR_LOGIN_FAIL'); } } if (fetchParam('show_single_name_field') != 'false') { if (trim($_POST['fname']) == '') { $isfalse = true; $RSM_error[] = JText::_('RSM_MSG_ERR_NAME'); } } else { if (trim($_POST['fname']) == '') { $isfalse = true; $RSM_error[] = JText::_('RSM_MSG_ERR_FNAME'); } if (trim($_POST['lname']) == '') { $isfalse = true; $RSM_error[] = JText::_('RSM_MSG_ERR_LNAME'); } } if (!eregi("^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$", trim($_POST['email']))) { $isfalse = true; $RSM_error[] = JText::_('RSM_MSG_ERR_EMAIL'); } if (fetchParam('show_image') == 'true') { if (is_uploaded_file($_FILES['testi_pic']['tmp_name'])) { $max_s = fetchParam('image_max_size'); $max_h = fetchParam('image_max_height'); $max_w = fetchParam('image_max_width'); $err = ''; $img_settings = getimagesize($_FILES['testi_pic']['tmp_name']); if ($img_settings[2] != 1 && $img_settings[2] != 2 && $img_settings[2] != 3) { $isfalse = true; $RSM_error[] = JText::_('RSM_MSG_ERR_PICTURE_NOT_SUPPORTED'); } else { if ($_FILES['testi_pic']['size'] > $max_s * 1024) { $isfalse = true; $RSM_error[] = JText::sprintf('RSM_MSG_ERR_PICTURE_IS_OVER_SIZE', $max_w, $max_h, $max_s); } else { if ($img_settings[0] > $max_w) { $isfalse = true; $RSM_error[] = JText::sprintf('RSM_MSG_ERR_PICTURE_IS_OVER_SIZE', $max_w, $max_h, $max_s); } else { if ($img_settings[1] > $max_h) { $isfalse = true; $RSM_error[] = JText::sprintf('RSM_MSG_ERR_PICTURE_IS_OVER_SIZE', $max_w, $max_h, $max_s); } else { } } } } } } if (fetchParam('show_captcha') != 'false') { if (fetchParam('use_recaptcha') == 'true') { require_once JPATH_BASE . DS . 'components' . DS . 'com_rsmonials' . DS . 'includes' . DS . 'recaptchalib.php'; $rs_rc_privatekey = fetchParam('recaptcha_private_key'); $rs_rc_resp = recaptcha_check_answer($rs_rc_privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if ($rs_rc_resp->is_valid) { } else { $rs_rc_error = $rs_rc_resp->error; $isfalse = true; $RSM_error[] = JText::_('RSM_MSG_ERR_SECURITY_CODE'); } } else { if ($session->get("RSM_code") != $_POST['security_code']) { $isfalse = true; $RSM_error[] = JText::_('RSM_MSG_ERR_SECURITY_CODE'); } } } if (trim($_POST['comments']) == '') { $isfalse = true; $RSM_error[] = JText::_('RSM_MSG_ERR_COMMENTS'); } if ($isfalse == false) { foreach ($_POST as $key => $value) { $_POST[$key] = safeHTML($value); } $database =& JFactory::getDBO(); if (fetchParam('auto_approval') == 'true') { $tesistatus = 1; } else { $tesistatus = 2; } $database->setQuery("insert into `#__" . RSWEBSOLS_TABLE_PREFIX . "`(`id`, `fname`, `lname`, `about`, `location`, `website`, `email`, `comment`, `date`, `status`) values('', '" . $database->getEscaped($_POST['fname']) . "', '" . $database->getEscaped($_POST['lname']) . "', '" . $database->getEscaped($_POST['about']) . "', '" . $database->getEscaped($_POST['location']) . "', '" . $database->getEscaped($_POST['website']) . "', '" . $database->getEscaped($_POST['email']) . "', '" . $database->getEscaped($_POST['comments']) . "', '" . date('Y-m-d') . "', '" . $tesistatus . "')"); $database->query(); if (is_uploaded_file($_FILES['testi_pic']['tmp_name'])) { $new_t_id = $database->insertid(); $upload_dir_path = JPATH_ROOT . DS . 'images' . DS . 'com_rsmonials'; if (!file_exists($upload_dir_path)) { mkdir($upload_dir_path, 0755); } $upload_path = $upload_dir_path . DS . $new_t_id . '.'; $img_settings = getimagesize($_FILES['testi_pic']['tmp_name']); if ($img_settings[2] == 1) { $upload_path .= 'gif'; } else { if ($img_settings[2] == 2) { $upload_path .= 'jpg'; } else { if ($img_settings[2] == 3) { $upload_path .= 'png'; } } } move_uploaded_file($_FILES['testi_pic']['tmp_name'], $upload_path); } if (fetchParam('admin_email_alert') == 'true') { $smFrom = $_POST['email']; $smName = $_POST['fname'] . ' ' . $_POST['lname']; $smSubject = JText::_('RSM_EMAIL_ADMIN_SUBJECT'); $smBody = JText::_('RSM_EMAIL_ADMIN_BODY'); sendMail($smFrom, $smName, $smSubject, $smBody); } header('location:' . JRoute::_("index.php?option=com_rsmonials&Itemid=" . $_REQUEST['Itemid'] . "&saved=true", false) . ''); exit; } else { //$_SESSION['RSM_error'] = $RSM_error; //$_SESSION['RSM_post'] = $_POST; $session->set('RSM_error', $RSM_error); $session->set('RSM_post', $_POST); $session->set('RSM_rc', $rs_rc_error); header('location:' . JRoute::_("index.php?option=com_rsmonials&Itemid=" . $_REQUEST['Itemid'] . "&err=true#submitform", false) . ''); exit; } }
$xml = simplexml_load_string(fread($f, filesize("{$FILE}.rss"))) or die('Malformed XML'); if (!(NAME == $xml->channel->item[0]->author && formatText(TEXT) == $xml->channel->item[0]->description && !$xml->channel->xpath("category[text()='locked']"))) { //where to? //(we won’t use `page=last` here as we are effecitvely handing the user a permalink here) $page = ceil(count($xml->channel->item) / FORUM_POSTS); $url = FORUM_URL . PATH_URL . $FILE . ($page > 1 ? "?page={$page}" : '') . '#' . base_convert(microtime(), 10, 36); //add the comment to the thread $item = $xml->channel->item[0]->insertBefore('item'); //add the "RE:" prefix, and reply number to the title //(see 'theme.config.php' if it exists, otherwise 'theme.config.deafult.php', //in the theme's folder for the definition of `THEME_RE`) $item->addChild('title', safeHTML(sprintf(THEME_RE, count($xml->channel->item) - 1, $xml->channel->title))); $item->addChild('link', $url); $item->addChild('author', safeHTML(NAME)); $item->addChild('pubDate', gmdate('r')); $item->addChild('description', safeHTML(formatText(TEXT))); //write the file: first move the write-head to 0, remove the file's contents, and then write new ones rewind($f); ftruncate($f, 0); fwrite($f, $xml->asXML()); } else { //if a double-post, link back to the previous post $url = $xml->channel->item[0]->link; } //close the lock / file flock($f, LOCK_UN); fclose($f); //regenerate the forum / sub-forums's RSS file indexRSS(); //refresh page to see the new post added header("Location: {$url}", true, 303);
flock($f, LOCK_EX); $xml = simplexml_load_string(fread($f, filesize("{$FILE}.rss"))) or (require FORUM_LIB . 'error_xml.php'); //find the post using the ID (we need to know the numerical index for later) for ($i = 0; $i < count($xml->channel->item); $i++) { if (strstr($xml->channel->item[$i]->link, '#') == "#{$ID}") { break; } } $post = $xml->channel->item[$i]; /* has the un/pw been submitted to authenticate the append? -------------------------------------------------------------------------------------------------------------- */ if (AUTH && TEXT && CAN_REPLY && (IS_MOD || strtolower(NAME) == strtolower($post->author) && (FORUM_LOCK != 'posts' || IS_MEMBER))) { //check for duplicate append: if (substr(unformatText($post->description), -strlen($_ = unformatText(formatText(TEXT)))) !== $_) { //append the given text to the reply $post->description = formatText(unformatText($post->description) . "\n\n" . sprintf(THEME_APPENDED, safeHTML(NAME), date(DATE_FORMAT, time())) . "\n\n" . TEXT, FORUM_URL . url(PATH_URL, $FILE, $PAGE), $ID, $xml); //commit the data rewind($f); ftruncate($f, 0); fwrite($f, $xml->asXML()); //close the lock / file flock($f, LOCK_UN); fclose($f); //try set the modified date of the file back to the time of the last reply //(appending to a post does not push the thread back to the top of the index) //note: this may fail if the file is not owned by the Apache process @touch("{$FILE}.rss", strtotime($xml->channel->item[0]->pubDate)); //regenerate the folder's RSS file indexRSS(); } //return to the appended post
* http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the * License for the specific language governing rights and limitations * under the License. */ if (!defined('IS_VALID_PHPMYFAQ')) { header('Location: http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME'])); exit; } $captcha = new PMF_Captcha($db, $sids, $pmf->language, $_SERVER['HTTP_USER_AGENT'], $_SERVER['REMOTE_ADDR']); if (isset($_POST['user']) && $_POST['user'] != '' && isset($_POST['mail']) && checkEmail($_POST['mail']) && isset($_POST['comment']) && $_POST['comment'] != '' && IPCheck($_SERVER['REMOTE_ADDR']) && checkBannedWord(htmlspecialchars(strip_tags($_POST['comment']))) && checkCaptchaCode()) { $id = isset($_POST["id"]) ? (int) $_POST["id"] : 0; Tracking("save_comment", $id); $helped = ""; // not used in this version - maybe in the future $comment = nl2br($db->escape_string(safeHTML($_POST["comment"]))); $comment_by_user = $db->escape_string(safeHTML($_POST["user"])); $comment_by_mail = $db->escape_string(safeHTML($_POST["mail"])); $result = $db->query("INSERT INTO " . SQLPREFIX . "faqcomments (id_comment, id, usr, email, comment, datum, helped) VALUES (" . $db->nextID(SQLPREFIX . "faqcomments", "id_comment") . ", " . $id . ", '" . $comment_by_user . "', '" . $comment_by_mail . "', '" . $comment . "', " . time() . ", '" . $helped . "')"); $tpl->processTemplate("writeContent", array("msgCommentHeader" => $PMF_LANG["msgWriteComment"], "Message" => $PMF_LANG["msgCommentThanks"])); } else { if (IPCheck($_SERVER["REMOTE_ADDR"]) == FALSE) { $tpl->processTemplate("writeContent", array("msgCommentHeader" => $PMF_LANG["msgWriteComment"], "Message" => $PMF_LANG["err_bannedIP"])); } else { Tracking("error_save_comment", $id); $tpl->processTemplate("writeContent", array("msgCommentHeader" => $PMF_LANG["msgWriteComment"], "Message" => $PMF_LANG["err_SaveComment"])); } } $tpl->includeTemplate("writeContent", "index");
function formatText($text) { //unify carriage returns between Windows / UNIX, and sanitise HTML against injection $text = safeHTML(preg_replace('/\\r\\n?/', "\n", $text)); /* preformatted text (code blocks): -------------------------------------------------------------------------------------------------------------- */ /* example: or: (latex in partiular since it uses % as a comment marker) % title $ title ⋮ ⋮ % $ */ $pre = array(); while (preg_match('/^(?-s:(\\h*)([%$])(.*?))\\n(.*?)\\n\\h*\\2(["”»]?)$/msu', $text, $m, PREG_OFFSET_CAPTURE)) { //format the code block $pre[] = "<pre><span class=\"ct\">{$m[2][0]}{$m[3][0]}</span>\n" . (strlen($m[1][0]) ? preg_replace("/^\\s{1," . strlen($m[1][0]) . "}/m", '', $m[4][0]) : $m[4][0]) . "\n<span class=\"cb\">{$m[2][0]}</span></pre>"; //replace the code block with a placeholder: //(we will have to remove the code chunks from the source text to avoid the other markup processing from //munging it and then restore the chunks back later) $text = substr_replace($text, "\n&__PRE__;" . $m[5][0], $m[0][1], strlen($m[0][0])); } /* inline code / teletype text: -------------------------------------------------------------------------------------------------------------- */ // example: `code` or ``code`` $code = array(); while (preg_match('/(?<=\\s|^)(`+)(.*?)(?<!`)\\1(?!`)/m', $text, $m, PREG_OFFSET_CAPTURE)) { //format the code block $code[] = '<code>' . $m[1][0] . $m[2][0] . $m[1][0] . '</code>'; //same as with normal code blocks, replace them with a placeholder $text = substr_replace($text, "&__CODE__;", $m[0][1], strlen($m[0][0])); } /* hyperlinks: -------------------------------------------------------------------------------------------------------------- */ //find full URLs and turn into HTML hyperlinks. we also detect e-mail addresses automatically $text = preg_replace('/(?: ((?:(?:http|ftp)s?|irc)?:\\/\\/) # $1 = protocol ( # $2 = friendly URL (no protocol) [a-z0-9\\.\\-]{1,}(?:\\.[a-z]{2,6})+ # domain name )(\\/)? # $3 = slash is excluded from friendly URL (?(3)( # $4 = folders and filename, relative URL (?> # folders and filename \\)(?![:\\.,"”»]?(?:\\s|$))| # ignore brackets on end with punctuation [:\\.,"”»](?!\\s|$)| # ignore various characters on the end [^\\s:)\\.,"”»] # the rest, including bookmark )* )?) | ([a-z0-9\\._%+\\-]+@[a-z0-9\\.\\-]{1,}(?:\\.[a-z]{2,6})+) # $5 = e-mail )/exiu', '"<a href=\\"".("$5"?"mailto:$5":("$1"?"$1":"http://")."$2$3$4")."\\" rel=\\"nofollow\\">$0</a>"', $text); /* inline formatting: -------------------------------------------------------------------------------------------------------------- */ $text = preg_replace(array('/(?<!\\w)_(?!_)(.*?)(?<!_)_(?!\\w)/', '/(?<![*\\w])\\*(?!\\*)(.*?)(?<!\\*)\\*(?![*\\w])/'), array('<em>_$1_</em>', '<strong>*$1*</strong>'), $text); /* titles and dividers -------------------------------------------------------------------------------------------------------------- */ /* example: (titles) / (dividers) :: title --- */ $text = preg_replace(array('/(?:\\n|\\A)(::.*)(?:\\n?$|\\Z)/mu', '/(?:\\n|\\A)\\h*(---+)\\h*(?:\\n?$|\\Z)/m'), array("\n\n<h2>\$1</h2>\n", "\n\n<p class=\"hr\">\$1</p>\n"), $text); /* blockquotes: -------------------------------------------------------------------------------------------------------------- */ /* example: “this is the first quote level. “this is the second quote level.” back to the first quote level.” */ do { $text = preg_replace(array('/(?:\\n|\\A)\\h*("(?!\\s+)((?>(?1)|.)*?)\\s*")\\h*(?:\\n?$|\\Z)/msu', '/(?:\\n|\\A)\\h*(“(?!\\s+)((?>(?1)|.)*?)\\s*”)\\h*(?:\\n?$|\\Z)/msu', '/(?:\\n|\\A)\\h*(«(?!\\s+)((?>(?1)|.)*?)\\s*»)\\h*(?:\\n?$|\\Z)/msu'), "\n\n<blockquote>\n\n<span class=\"ql\">“</span>\n\$2\n<span class=\"qr\">”</span>\n\n</blockquote>\n", $text, -1, $c); } while ($c); //remove the extra linebreaks addeded between our theme quotes //(required so that extra `<br />`s don’t get added!) $text = preg_replace(array('/“<\\/span>\\n/', '/\\n<span class="qr">/'), array('“</span>', '<span class="qr">'), $text); /* finalise: -------------------------------------------------------------------------------------------------------------- */ //add paragraph tags between blank lines foreach (preg_split('/\\n{2,}/', trim($text), -1, PREG_SPLIT_NO_EMPTY) as $chunk) { //if not a blockquote, title or hr, wrap in a paragraph if (!preg_match('/^<\\/?(?:bl|h2|p)|^&_/', $chunk)) { $chunk = "<p>\n" . str_replace("\n", "<br />\n", $chunk) . "\n</p>"; } $text = @($result .= "\n{$chunk}"); } //restore code blocks/spans foreach ($pre as $html) { $text = preg_replace('/&__PRE__;/', $html, $text, 1); } foreach ($code as $html) { $text = preg_replace('/&__CODE__;/', $html, $text, 1); } return $text; }
function make_post($poster_id, $thread, $alli, $type, $post) { $objTmpUser = new clsUser($poster_id); $arrStats = $objTmpUser->get_stats(); $post = safeHTML($post); $orkTime = $GLOBALS['orkTime']; mysql_query("INSERT INTO forum (poster_id,type,poster_kd,parent_id,post,date_time,updated,poster_name,poster_tribe,level) VALUES ({$poster_id},{$type},{$alli},{$thread},'{$post}','{$orkTime}','{$orkTime}','" . get_coloured_name($poster_id, $type) . "','{$arrStats['tribe']}',{$arrStats['level']})") or die('mysql error: ' . mysql_error()); mysql_query("UPDATE forum SET updated = '{$orkTime}' WHERE post_id = {$thread}") or die('mysql error: ' . mysql_error()); mysql_query("UPDATE user,stats SET allianceforum = allianceforum + 1 WHERE user.id = stats.id AND kingdom = {$alli}") or die('mysql error: ' . mysql_error()); }
function formatText($text, $rss = NULL) { //unify carriage returns between Windows / UNIX, and sanitise HTML against injection $text = safeHTML(preg_replace('/\\r\\n?/', "\n", $text)); /* preformatted text (code blocks): -------------------------------------------------------------------------------------------------------------- */ /* example: or: (latex in partiular since it uses % as a comment marker) % title $ title ⋮ ⋮ % $ */ $pre = array(); while (preg_match('/^(?-s:(\\h*)([%$])(.*?))\\n(.*?)\\n\\h*\\2(["”»]?)$/msu', $text, $m, PREG_OFFSET_CAPTURE)) { //format the code block $pre[] = "<pre><span class=\"ct\">{$m[2][0]}{$m[3][0]}</span>\n" . (strlen($m[1][0]) ? preg_replace("/^\\s{1," . strlen($m[1][0]) . "}/m", '', $m[4][0]) : $m[4][0]) . "\n<span class=\"cb\">{$m[2][0]}</span></pre>"; //replace the code block with a placeholder: //(we will have to remove the code chunks from the source text to avoid the other markup processing from //munging it and then restore the chunks back later) $text = substr_replace($text, "\n&__PRE__;" . $m[5][0], $m[0][1], strlen($m[0][0])); } /* inline code / teletype text: -------------------------------------------------------------------------------------------------------------- */ // example: `code` or ``code`` $code = array(); while (preg_match('/(?<=\\s|^)(`+)(.*?)(?<!`)\\1(?!`)/m', $text, $m, PREG_OFFSET_CAPTURE)) { //format the code block $code[] = '<code>' . $m[1][0] . $m[2][0] . $m[1][0] . '</code>'; //same as with normal code blocks, replace them with a placeholder $text = substr_replace($text, "&__CODE__;", $m[0][1], strlen($m[0][0])); } /* hyperlinks: -------------------------------------------------------------------------------------------------------------- */ //find full URLs and turn into HTML hyperlinks. we also detect e-mail addresses automatically while (preg_match('/(?: ((?:(?:http|ftp)s?|irc)?:\\/\\/) # $1 = protocol | ([a-z0-9\\._%+\\-]+@) # $2 = email name )( # $3 = friendly URL (no protocol) [^\\p{Z}\\p{C}\\.\\/&\\x{23}@"”»]+ # domain name (not "separator", "other" and slash) (?:\\.[^\\p{Z}\\p{C}\\.\\/&\\x{23}@"”»]+)+ # top-level domain )(?(2)| # email ends here (\\/)? # $4 = slash is excluded from friendly URL (?(4)( # $5 = folders and filename, relative URL (?> # folders and filename "(?!\\/?>|\\s|$)| # ignore the end of an HTML hyperlink \\)(?![:\\.,"”»]?(?:\\s|$))| # ignore brackets on end with punctuation [:\\.,”»](?!\\s|$)| # ignore various characters on the end [^\\s:)\\.,"”»] # the rest, including bookmark )* )?) )/xiu', $text, $m, PREG_OFFSET_CAPTURE, @($m[0][1] + strlen($replace)))) { $text = substr_replace($text, $replace = '<a href="' . (@$m[2][0] ? 'mailto:' . $m[2][0] : ($m[1][0] ? $m[1][0] : 'http://')) . htmlspecialchars($m[3][0] . @$m[4][0] . @$m[5][0], ENT_COMPAT, 'UTF-8', false) . '" rel="nofollow">' . $m[0][0] . '</a>', $m[0][1], strlen($m[0][0])); } /* inline formatting: -------------------------------------------------------------------------------------------------------------- */ $text = preg_replace(array('/(?<!\\w)_(?!_)(.*?)(?<!_)_(?!\\w)/', '/(?<![*\\w])\\*(?!\\*)(.*?)(?<!\\*)\\*(?![*\\w])/'), array('<em>_$1_</em>', '<strong>*$1*</strong>'), $text); /* titles and dividers -------------------------------------------------------------------------------------------------------------- */ /* example: (titles) / (dividers) :: title --- */ $text = preg_replace(array('/(?:\\n|\\A)(::.*)(?:\\n?$|\\Z)/mu', '/(?:\\n|\\A)\\h*(---+)\\h*(?:\\n?$|\\Z)/m'), array("\n\n<h2>\$1</h2>\n", "\n\n<p class=\"hr\">\$1</p>\n"), $text); /* blockquotes: -------------------------------------------------------------------------------------------------------------- */ /* example: “this is the first quote level. “this is the second quote level.” back to the first quote level.” */ do { $text = preg_replace(array('/(?:\\n|\\A)\\h*("(?!\\s+)((?>(?1)|.)*?)\\s*")\\h*(?:\\n?$|\\Z)/msu', '/(?:\\n|\\A)\\h*(“(?!\\s+)((?>(?1)|.)*?)\\s*”)\\h*(?:\\n?$|\\Z)/msu', '/(?:\\n|\\A)\\h*(«(?!\\s+)((?>(?1)|.)*?)\\s*»)\\h*(?:\\n?$|\\Z)/msu'), "\n\n<blockquote>\n\n<span class=\"ql\">“</span>\n\$2\n<span class=\"qr\">”</span>\n\n</blockquote>\n", $text, -1, $c); } while ($c); //remove the extra linebreaks addeded between our theme quotes //(required so that extra `<br />`s don’t get added!) $text = preg_replace(array('/“<\\/span>\\n/', '/\\n<span class="qr">/'), array('“</span>', '<span class="qr">'), $text); /* name references: -------------------------------------------------------------------------------------------------------------- */ //name references (e.g. "@bob") will link back to the last reply in the thread made by that person. //this requires that the whole RSS thread is passed to this function to refer to if (!is_null($rss)) { //first, produce a list of all authors in the thread $names = array(); foreach ($rss->channel->xpath('./item/author') as $name) { $names[] = $name[0]; } $names = array_map('strtolower', $names); //set all to lowercase $names = array_map('safeHTML', $names); //HTML encode names as they will be in the source text $names = array_unique($names); //remove duplicates //sort the list of names Z-A so that longer names and names with spaces occur first, //this is so that we don’t choose "Bob" over "Bob Monkhouse" when matching names rsort($names); //find all possible name references in the text: //(that is, any "@" followed by text up to the end of a line. note that this means that what might be //matched may include additional text that *isn't* part of the name, e.g. "@bob How are you?") $offset = 0; while (preg_match('/(?:^|\\s+)(@.+)/m', $text, $m, PREG_OFFSET_CAPTURE, $offset)) { //check each of the known names in the thread and see if one fits the source text reference //e.g. does "@bob How are you?" begin with "bob" foreach ($names as $name) { if (stripos($m[1][0], $name) === 1) { //locate the last post made by that author in the thread to link to foreach ($rss->channel->item as $item) { if (safeHTML(strtolower($item->author)) == $name) { //replace the reference with the link to the post $text = substr_replace($text, '<a href="' . $item->link . '">' . substr($m[1][0], 0, strlen($name) + 1) . '</a>', $m[1][1], strlen($name) + 1); //move on to the next reference, no need to check any further names for this one $offset = $m[1][1] + strlen($name) + strlen($item->link) + 15 + 1; break 2; } } } } //failing any match, continue searching //(avoid getting stuck in an infinite loop) $offset = $m[1][1] + 1; } } /* finalise: -------------------------------------------------------------------------------------------------------------- */ //add paragraph tags between blank lines foreach (preg_split('/\\n{2,}/', trim($text), -1, PREG_SPLIT_NO_EMPTY) as $chunk) { //if not a blockquote, title or hr, wrap in a paragraph if (!preg_match('/^<\\/?(?:bl|h2|p)|^&_/', $chunk)) { $chunk = "<p>\n" . str_replace("\n", "<br />\n", $chunk) . "\n</p>"; } $text = @($result .= "\n{$chunk}"); } //restore code blocks/spans foreach ($pre as $html) { $text = preg_replace('/&__PRE__;/', $html, $text, 1); } foreach ($code as $html) { $text = preg_replace('/&__CODE__;/', $html, $text, 1); } return $text; }
$datum = date("YmdHis"); $content = $db->escape_string(safeHTML(nl2br($_POST["content"]))); $contentlink = $db->escape_string(safeHTML($_POST["contentlink"])); if (substr($contentlink, 7) != "") { $content = $content . "<br />" . $PMF_LANG["msgInfo"] . "<a href=\"http://" . substr($contentlink, 7) . "\" target=\"_blank\">" . $contentlink . "</a>"; } if (isset($_SERVER["HTTP_ACCEPT_LANGUAGE"])) { $lang = trim(strtolower(substr($_SERVER["HTTP_ACCEPT_LANGUAGE"], 0, 2))); } else { $lang = "en"; } $thema = $db->escape_string(safeHTML($_POST["thema"])); $selected_category = $_POST["rubrik"]; $keywords = $db->escape_string(safeHTML($_POST["keywords"])); $author = $db->escape_string(safeHTML($_POST["username"])); $usermail = $IDN->encode($db->escape_string(safeHTML($_POST["usermail"]))); $db->query(sprintf("INSERT INTO %sfaqdata (id, lang, solution_id, revision_id, active, thema, content, keywords, author, email, comment, datum) VALUES (%d, '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", SQLPREFIX, $db->nextID(SQLPREFIX . "faqdata", "id"), $lang, getSolutionId(), 0, 'no', $thema, $content, $keywords, $author, $usermail, 'y', $datum)); foreach ($selected_category as $_category) { $db->query(sprintf("INSERT INTO %sfaqcategoryrelations (category_id, category_lang, record_id, record_lang) VALUES (%d, '%s', %d, '%s')", SQLPREFIX, intval($_category), $lang, $db->insert_id(SQLPREFIX . 'faqdata', 'id'), $lang)); } $db->query(sprintf("INSERT INTO %sfaqvisits (id, lang, visits, last_visit) VALUES (%d, '%s', %d, %d)", SQLPREFIX, $db->insert_id(SQLPREFIX . 'faqdata', 'id'), $lang, 1, time())); $additional_header = array(); $additional_header[] = 'MIME-Version: 1.0'; $additional_header[] = 'Content-Type: text/plain; charset=' . $PMF_LANG['metaCharset']; if (strtolower($PMF_LANG['metaCharset']) == 'utf-8') { $additional_header[] = 'Content-Transfer-Encoding: 8bit'; } $additional_header[] = 'From: ' . $usermail; $subject = unhtmlentities($PMF_CONF["title"]); if (function_exists('mb_encode_mimeheader')) { $subject = mb_encode_mimeheader($subject);