Пример #1
0
function listUsers()
{
    global $themedir;
    global $globals, $mysql, $theme, $done, $errors;
    global $l;
    global $time;
    global $user, $reqPrivs;
    global $q;
    $theme['name'] = 'list';
    $theme['call_theme_func'] = 'listUsers';
    loadlang();
    // fheader($title = 'View Profile');
    fheader("List Users");
    // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
    // if from Admin Board Settings table, loginReq column is 1, then, login is required to view
    // so redirect him to login page
    if ($reqPrivs['board']['loginReq']) {
        if (!userUidSet()) {
            redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
        }
    }
    // Base64encode for everything coming from URL
    // Checking input, checking everything coming from $_GET url,
    // sanitizing it, and casting it into an (int) datatype
    //$uid = ( isset($_GET["uid"] ) ? (int) check_input( $_GET["uid"] ) : $user["uid"] );
    // Add if $user['uid'] != $_GET['uid'] , then, see if he is Admin or Editor
    // Else, Not allowed to access this area, permission denied & return false
    // ---Permission stuff here---
    // or probably uid=$_GET[id] to see other's profile
    // $q  = "SELECT * FROM `users` `u` RIGHT JOIN `profile` `p` ON u.uid=p.users_uid WHERE `users_uid`=$uid";
    //$q  = "SELECT * FROM `users` `u` RIGHT JOIN `profile` `p` ON u.uid=p.users_uid WHERE `u`.`uid`=$uid";
    $q = "SELECT * FROM `users`";
    $q = db_query($q);
}
Пример #2
0
function bannedList()
{
    global $themedir, $l;
    global $globals, $mysql, $theme, $done, $errors;
    global $user, $notice, $reqPrivs;
    global $qu;
    $theme['name'] = 'bannedList';
    $theme['call_theme_func'] = 'bannedList';
    loadlang();
    //printrr( $reqPrivs );
    fheader('Banned List');
    //if ( $notLogged )
    if (!userUidSet()) {
        $notice['login'] = "******";
        return false;
    }
    $q = "SELECT * FROM `banned` b left join `users` u on b.ban_uid = u.uid";
    $qu = mysql_query($q);
}
Пример #3
0
function adminMain()
{
    global $themedir;
    global $globals, $mysql, $theme, $done, $errors;
    global $l;
    global $time;
    global $user;
    global $q;
    global $reqPrivs;
    $theme['name'] = 'admin';
    $theme['call_theme_func'] = 'adminMain';
    loadlang('admin');
    fheader($title = 'Admin Section');
    // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
    // if from Admin Board Settings table, loginReq column is 1, then, login is required to view
    // so redirect him to login page
    if ($reqPrivs['board']['loginReq']) {
        if (!userUidSet()) {
            redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
        }
    }
    //printrr( $user );
    //echo 1;
    //printrr( $reqPrivs );
    //if( !($user['priv'] & $reqPrivs['priv'] ) || $user['level'] != $reqPrivs['level'] )
    if (isset($user['g_name']) && $user['g_name'] != 'administrator') {
        $errors['permission_denied'] = $l['permission_denied'];
        return false;
    }
    /*
    	if( isset($_GET['area'] ) )
    	{
    		switch $_GET['area']
    		{
    			case: 
    		}
    		
    	}
    */
}
Пример #4
0
function addReply()
{
    global $globals, $mysql, $theme, $done, $errors, $error, $notice, $db;
    global $themedir, $l, $user;
    global $qu, $board;
    global $time, $reqPrivs;
    global $row;
    global $ai;
    $theme['name'] = 'addReply';
    $theme['call_theme_func'] = 'addReply';
    //loadlang();
    loadlang('allFunc', __FUNCTION__);
    fheader($title = 'Add Reply');
    // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
    // if from Admin Board Settings table, loginReq column is 1, then, login is required to view
    // so redirect him to login page
    if ($reqPrivs['board']['loginReq']) {
        if (!userUidSet()) {
            redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
        }
    }
    // Will have to see
    // how reply table works in SMF
    // replies table takes
    // topic id replied to
    // id of user
    // log IP of user
    // time/date (microtime() , less than 5(or other, variable factor) seconds, post cant be made by same IP) that post made
    //
    // if not isset $_GET[post], that means it is not a createTopic, it only an addReply
    // if isset $_GET[post], that means it is a createTopic event
    if (!isset($_GET['post'])) {
        // adding limit 1, as the topic will always be only 1
        $q = "SELECT * FROM `topics` WHERE `tid` = {$_GET['topic']} LIMIT 1";
        $qu[0] = db_query($q);
        $row = mysql_fetch_assoc($qu[0]);
        $q = null;
    }
    if (isset($_POST['reply_sub']) && !empty($_POST['reply'])) {
        $subject = '';
        if (!isset($_GET['post'])) {
            $subject = trim(mandff(check_input($_POST["subject"]), "Subject Empty"));
        }
        $reply = trim(mandff(check_input($_POST["reply"]), "Reply field empty"));
        //echo "reply: ";
        //printrr($reply);
        //ai
        /*
        // the AI(ai) object from the AI_Execute class
        if( $ai &&  is_object($ai ) )
        {
        	// CHECKING FOR SPAM WORDS (Some AI Foo)
        	// $ai execute class for spam words in reply
        	if ($ai->spam_words($reply) ) // if true, then log the activity into the AI_Logs table, for reason "is_spam" & userid & username, date(unix epoch) etc 
        	{
        		// corresponds to the ai_logs table, logggin the ai activity
        		// sending user uid, reason like cause, effect or action etc, type: spam_words, any_definition and time
        		ai_logs($users['uid'], $reason, $type, $definition, $time );
        		
        		// now select the, number of times, logs present in the ai_logs table,
        		// check the severity, that becomes the severity,
        		// now goto, the effects table & see what corresponds to is_spam with given severity.
        		// now goto the Action table for that reason with given severity, 
        		// and see which action is listed, 
        		// include the file, take the action
        		
        		// passing $_POST[reply]
        		print_r($ai->spam_words_e($reply) );
        		
        	}
        	
        }
        */
        // the AI(ai) object from the AI_Execute class
        if ($ai && is_object($ai)) {
            // CHECKING FOR SPAM WORDS (Some AI Foo)
            // $ai execute class for spam words in reply
            $ai->spam_words_e($reply);
        }
        //ai-
        /*
        $arr = array(
        				"keys" => array( "rbody", "topic_id", "poster_users_id", "date", "user_ip") , 
        				"values" => array( 
        										array( "$reply", "$_GET[topic]", "$user[uid]", round( $time->scriptTime() ), "$_SERVER[REMOTE_ADDR]"
        												)
        											)
        					);
        */
        $t = round($time->scriptTime());
        // -> insert_arr($arr);
        // if, its a reply to a topic
        // if( !isset( $_GET['post'] ) )
        if (isset($_GET['topic'])) {
            // for the moment just putting $_SERVER[REMOTE_ADDR] in the query,
            // instead of $user[REMOTE_ADDR]
            $q1I = "INSERT INTO `replies`(\n\t\t\t`rsubject`, `rbody`, `topic_tid`, `poster_users_uid`, `date`, `user_ip`\n\t\t\t) \n\t\t\tVALUES( \n\t\t\t'{$subject}', '{$reply}', {$_GET['topic']}, {$user['uid']}, {$t}, '{$_SERVER['REMOTE_ADDR']}' \n\t\t\t)";
            $q1E = db_query($q1I);
            $id = mysql_insert_id();
        } else {
            // temporary this line of $user[uid], remove it later
            // $user['uid'] = 1;
            //
            $q1I = "INSERT INTO `wall_post_reply`(\n\t\t\t`wpr_content`, `wpr_by_uid`, `wpr_date`, `wp_id`\n\t\t\t) \n\t\t\tVALUES(\n\t\t\t'{$reply}', {$user['uid']}, {$t}, {$_GET['post']}\n\t\t\t)";
            // These 2 lines  of code is also written above in the
            // if condition, so this is code repetition,
            // though i cud have just written the 2 lines of code only once,
            // and written the below 2 procedures $qS2 & $qU1,
            // in another if condition corresponding to this else condition
            // as in, if( isset( $_GET[post]) ), but then, that wud have meant,
            // an if() condition check for every time the script gets executed,
            // for not repeting 2 lines of code(for saving 2 lines of space)
            // it seemed a bad trade-of
            // whereas in this case, though 2 lines will be extra,
            // but, 2 times if condition checking will be saved,
            // only once it will check, in this if() condition block,
            // and decide what to do
            $q1E = db_query($q1I);
            $id = mysql_insert_id();
            // First select all ids from wall_post table
            // then execute this select query, then
            // Run Update query on the the wall post id, with
            // the new wall_post_reply id that you received by inserting
            // new reply
            $qS2 = "SELECT * from `wall_post` WHERE `wp_id`={$_GET['post']}";
            $res = db_query($qS2);
            $row = mysql_fetch_assoc($res);
            // Dont need  this line, the 2 lines below it lines will suffice
            // $string = ( empty( $row['wpr_id'] ) ? $id :  ( $row['wpr_id'] . "," . $id ) );
            $string = $row['wpr_id'] . "," . $id;
            $string = trim($string, ',');
            $qU1 = "UPDATE `wall_post` set `wpr_id`='{$string}' WHERE `wp_id`={$_GET['post']}";
            $res2 = db_query($qU1);
        }
        //		header("Location: ");
        //		header("Location:{$globals['boardurl']}{$globals['ind']}action=topic&topic={$_GET['topic']}");
        //		header("Location: index.php?action=topic&topic={$_GET['topic']}");
        if (is_bool($q1E)) {
            if (isset($_GET['topic'])) {
                $notice['success'] = "Muaah :x, Reply posted successfully. You can go <a href='{$globals['ind']}action=topic&topic={$_GET['topic']}'>HERE</a> to check your reply.";
            } else {
                // $_GET['post'] is set
                $notice['success'] = "Muaah :x, Reply posted successfully. You can go <a href='{$globals['ind']}action=wall&uid={$_GET['uid']}&post={$_GET['post']}'>HERE</a> to check your post.";
            }
            //$notice['success'] = $l['success_wall'];
        } else {
            $error['no_success'] = "Could not post the reply.";
        }
        //$error['no_success'] = $l['no_success'];
    }
}
Пример #5
0
function modifyprofile()
{
    global $themedir;
    global $globals, $mysql, $theme, $done, $error, $errors;
    global $l, $row;
    global $time;
    global $user, $reqPrivs;
    $theme['name'] = 'modifyprofile';
    $theme['call_theme_func'] = 'modifyprofile';
    loadlang();
    fheader($title = 'Modify Profile');
    // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
    // if from Admin Board Settings table, loginReq column is 1, then, login is required to view
    // so redirect him to login page
    if ($reqPrivs['board']['loginReq']) {
        if (!userUidSet()) {
            redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
        }
    }
    //printrr( $user);
    //printrr( $reqPrivs );
    $uid = (int) (isset($_GET['uid']) && !empty($_GET['uid']) ? check_input($_GET['uid']) : $user['uid']);
    // if( $user['g_priv'] & $privs['guest']['g_priv'] )
    // if( $_GET['id'] != $user['uid'] && !($user['uid']) )
    if ($uid != $user['uid'] && !((int) $user['g_priv'] & (int) $reqPrivs['edit']['a_priv'])) {
        $errors['access_denied'] = "Not allowed to access this area.";
        return false;
    }
    //echo round ($time->scriptTime() );
    if (isset($_POST['modprof'])) {
        /*
        // Creating Variable Names dynamically with the array keys;
        foreach( $_POST as $k => $v )
        {
        	"$" .$k = check_input($_POST[$v]);
        	"$" . $k  = $v;
        	echo "k: " . "$k" . ", ";
        }
        echo "<br />s: " . $sex;
        */
        $url = check_input($_POST['url']);
        $display_name = check_input($_POST['display_name']);
        $about = check_input($_POST['about']);
        $dob = check_input($_POST['dob']);
        $sex = check_input($_POST['sex']);
        $display_pic_url = check_input($_POST['display_pic_url']);
        $perfume = check_input($_POST['perfume']);
        // Base64encode for everything coming from URL
        // Checking input, checking everything coming from $_GET url,
        // sanitizing it, and casting it into an (int) datatype
        $uid = isset($_GET["uid"]) ? (int) check_input($_GET["uid"]) : $user["uid"];
        if ($errors) {
            return false;
        }
        // update users & profile table with new data
        $q[1] = "UPDATE `users` `u` JOIN `profile` `p` \n\t\t\tSET \n\t\t\t`u`.`url`='{$url}', \n\t\t\t`p`.`display_name`='{$display_name}', \n\t\t\t`p`.`about`='{$about}', \n\t\t\t`p`.`dob`='{$dob}', \n\t\t\t`p`.`sex`='{$sex}',\n\t\t\t`p`.`display_pic_url`='{$display_pic_url}',\n\t\t\t`p`.`perfume`='{$perfume}' \n\t\t\tWHERE `u`.`uid`={$uid} AND `p`.`users_uid`={$uid}";
        $qe[1] = db_query($q[1]);
        //insert_and_id();
    }
    // was taking the $_GET[uid] directly
    // $q = "SELECT * FROM `users` `u` JOIN `profile` `p` ON `u`.`uid`=`p`.`users_uid` WHERE `u`.`uid`= $_GET[uid]";
    // now taking $uid which is either a $_GET['uid'] if it is set, or else it is the set $user[uid]
    $q[2] = "SELECT * FROM `users` `u` JOIN `profile` `p` ON `u`.`uid`=`p`.`users_uid` WHERE `u`.`uid`= {$uid}";
    $qe[2] = db_query($q[2]);
    $row = mysql_fetch_assoc($qe[2]);
}
Пример #6
0
function wall()
{
    global $themedir, $theme, $l;
    global $globals, $mysql, $theme, $done, $error, $errors;
    global $user, $time;
    global $qu, $reqPrivs;
    $theme['name'] = 'wall';
    $theme['call_theme_func'] = 'wall';
    // 	echo ( $qu == 0 ) ? "yes" : "no" ? "under" : "not";
    loadlang();
    fheader('Wall');
    // Base64encode for everything coming from URL
    // Checking input, checking everything coming from $_GET url,
    // sanitizing it, and casting it into an (int) datatype
    // $uid = ( isset($_GET["uid"] ) ? (int) check_input( $_GET["uid"] ) : $user["uid"] );
    // if get uid set, see if user has permission to view this profile, if yes then allow, else error, no permission
    if (isset($_GET['uid'])) {
        // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
        // if from Admin Board Settings table, loginReq column is 1, then, login is required to view
        // so redirect him to login page
        // if( $reqPrivs['board']['loginReq'] )
        if (!userUidSet()) {
            redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
        }
        // if( $user['perms'] & $reqPrivs['view']['a_priv'] )
        if ($user['g_priv'] & $reqPrivs['view']['a_priv']) {
            $uid = $_GET['uid'];
        } else {
            $error['perms_denied'] = 'No permission to view this page.';
            return false;
        }
    } else {
        if (isset($user['uid'])) {
            $uid = $user['uid'];
        } else {
            // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
            // if from Admin Board Settings table, loginReq column is 1, then, login is required to view
            // so redirect him to login page
            // if( $reqPrivs['board']['loginReq'] )
            if (!userUidSet()) {
                redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
            }
        }
    }
    //if( isset($_POST['wall_sub']) && !empty($_POST['post'] ) )
    if (isset($_POST['wall_sub'])) {
        $reply = mandff(check_input($_POST['post']), 'Wall Post Empty');
        if (empty($error) && empty($errors)) {
            $now = round($time->scriptTime());
            /*
            $qI = "INSERT INTO wall_post(`wp_on_uid`, `wp_by_uid`, `wp_post`, `wp_date`) 
            VALUES ( $_GET[uid], $user[uid], '$reply', $now )";
            */
            $qI = "INSERT INTO wall_post(`wp_on_uid`, `wp_by_uid`, `wp_post`, `wp_date`) \n\t\t\tVALUES ( {$uid}, {$user['uid']}, '{$reply}', {$now} )";
            $qI_e = db_query($qI);
        }
    }
    // $_GET[uid] below signifies, that on whose wall all the post are getting made
    //$q = "SELECT * FROM `wall_post` `wp` JOIN `users` `u` ON `wp`.`wp_by_uid` = `u`.`uid` WHERE `wp`.`wp_on_uid`='$_GET[uid]' ORDER BY `wp`.`wp_date` DESC";
    $q = "SELECT * FROM `wall_post` `wp` JOIN `users` `u` ON `wp`.`wp_by_uid` = `u`.`uid` WHERE `wp`.`wp_on_uid`='{$uid}' ORDER BY `wp`.`wp_date` DESC";
    $qu = db_query($q);
    //mail("*****@*****.**", "Hi Ashish", "Message for u buddy");
    // printrr( $GLOBALS );
    // printrr( $_SESSION );
}