function listUsers() { global $themedir; global $globals, $mysql, $theme, $done, $errors; global $l; global $time; global $user, $reqPrivs; global $q; $theme['name'] = 'list'; $theme['call_theme_func'] = 'listUsers'; loadlang(); // fheader($title = 'View Profile'); fheader("List Users"); // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment // if from Admin Board Settings table, loginReq column is 1, then, login is required to view // so redirect him to login page if ($reqPrivs['board']['loginReq']) { if (!userUidSet()) { redirect("{$globals['boardurl']}{$globals['only_ind']}action=login"); } } // Base64encode for everything coming from URL // Checking input, checking everything coming from $_GET url, // sanitizing it, and casting it into an (int) datatype //$uid = ( isset($_GET["uid"] ) ? (int) check_input( $_GET["uid"] ) : $user["uid"] ); // Add if $user['uid'] != $_GET['uid'] , then, see if he is Admin or Editor // Else, Not allowed to access this area, permission denied & return false // ---Permission stuff here--- // or probably uid=$_GET[id] to see other's profile // $q = "SELECT * FROM `users` `u` RIGHT JOIN `profile` `p` ON u.uid=p.users_uid WHERE `users_uid`=$uid"; //$q = "SELECT * FROM `users` `u` RIGHT JOIN `profile` `p` ON u.uid=p.users_uid WHERE `u`.`uid`=$uid"; $q = "SELECT * FROM `users`"; $q = db_query($q); }
function bannedList() { global $themedir, $l; global $globals, $mysql, $theme, $done, $errors; global $user, $notice, $reqPrivs; global $qu; $theme['name'] = 'bannedList'; $theme['call_theme_func'] = 'bannedList'; loadlang(); //printrr( $reqPrivs ); fheader('Banned List'); //if ( $notLogged ) if (!userUidSet()) { $notice['login'] = "******"; return false; } $q = "SELECT * FROM `banned` b left join `users` u on b.ban_uid = u.uid"; $qu = mysql_query($q); }
function adminMain() { global $themedir; global $globals, $mysql, $theme, $done, $errors; global $l; global $time; global $user; global $q; global $reqPrivs; $theme['name'] = 'admin'; $theme['call_theme_func'] = 'adminMain'; loadlang('admin'); fheader($title = 'Admin Section'); // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment // if from Admin Board Settings table, loginReq column is 1, then, login is required to view // so redirect him to login page if ($reqPrivs['board']['loginReq']) { if (!userUidSet()) { redirect("{$globals['boardurl']}{$globals['only_ind']}action=login"); } } //printrr( $user ); //echo 1; //printrr( $reqPrivs ); //if( !($user['priv'] & $reqPrivs['priv'] ) || $user['level'] != $reqPrivs['level'] ) if (isset($user['g_name']) && $user['g_name'] != 'administrator') { $errors['permission_denied'] = $l['permission_denied']; return false; } /* if( isset($_GET['area'] ) ) { switch $_GET['area'] { case: } } */ }
function addReply() { global $globals, $mysql, $theme, $done, $errors, $error, $notice, $db; global $themedir, $l, $user; global $qu, $board; global $time, $reqPrivs; global $row; global $ai; $theme['name'] = 'addReply'; $theme['call_theme_func'] = 'addReply'; //loadlang(); loadlang('allFunc', __FUNCTION__); fheader($title = 'Add Reply'); // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment // if from Admin Board Settings table, loginReq column is 1, then, login is required to view // so redirect him to login page if ($reqPrivs['board']['loginReq']) { if (!userUidSet()) { redirect("{$globals['boardurl']}{$globals['only_ind']}action=login"); } } // Will have to see // how reply table works in SMF // replies table takes // topic id replied to // id of user // log IP of user // time/date (microtime() , less than 5(or other, variable factor) seconds, post cant be made by same IP) that post made // // if not isset $_GET[post], that means it is not a createTopic, it only an addReply // if isset $_GET[post], that means it is a createTopic event if (!isset($_GET['post'])) { // adding limit 1, as the topic will always be only 1 $q = "SELECT * FROM `topics` WHERE `tid` = {$_GET['topic']} LIMIT 1"; $qu[0] = db_query($q); $row = mysql_fetch_assoc($qu[0]); $q = null; } if (isset($_POST['reply_sub']) && !empty($_POST['reply'])) { $subject = ''; if (!isset($_GET['post'])) { $subject = trim(mandff(check_input($_POST["subject"]), "Subject Empty")); } $reply = trim(mandff(check_input($_POST["reply"]), "Reply field empty")); //echo "reply: "; //printrr($reply); //ai /* // the AI(ai) object from the AI_Execute class if( $ai && is_object($ai ) ) { // CHECKING FOR SPAM WORDS (Some AI Foo) // $ai execute class for spam words in reply if ($ai->spam_words($reply) ) // if true, then log the activity into the AI_Logs table, for reason "is_spam" & userid & username, date(unix epoch) etc { // corresponds to the ai_logs table, logggin the ai activity // sending user uid, reason like cause, effect or action etc, type: spam_words, any_definition and time ai_logs($users['uid'], $reason, $type, $definition, $time ); // now select the, number of times, logs present in the ai_logs table, // check the severity, that becomes the severity, // now goto, the effects table & see what corresponds to is_spam with given severity. // now goto the Action table for that reason with given severity, // and see which action is listed, // include the file, take the action // passing $_POST[reply] print_r($ai->spam_words_e($reply) ); } } */ // the AI(ai) object from the AI_Execute class if ($ai && is_object($ai)) { // CHECKING FOR SPAM WORDS (Some AI Foo) // $ai execute class for spam words in reply $ai->spam_words_e($reply); } //ai- /* $arr = array( "keys" => array( "rbody", "topic_id", "poster_users_id", "date", "user_ip") , "values" => array( array( "$reply", "$_GET[topic]", "$user[uid]", round( $time->scriptTime() ), "$_SERVER[REMOTE_ADDR]" ) ) ); */ $t = round($time->scriptTime()); // -> insert_arr($arr); // if, its a reply to a topic // if( !isset( $_GET['post'] ) ) if (isset($_GET['topic'])) { // for the moment just putting $_SERVER[REMOTE_ADDR] in the query, // instead of $user[REMOTE_ADDR] $q1I = "INSERT INTO `replies`(\n\t\t\t`rsubject`, `rbody`, `topic_tid`, `poster_users_uid`, `date`, `user_ip`\n\t\t\t) \n\t\t\tVALUES( \n\t\t\t'{$subject}', '{$reply}', {$_GET['topic']}, {$user['uid']}, {$t}, '{$_SERVER['REMOTE_ADDR']}' \n\t\t\t)"; $q1E = db_query($q1I); $id = mysql_insert_id(); } else { // temporary this line of $user[uid], remove it later // $user['uid'] = 1; // $q1I = "INSERT INTO `wall_post_reply`(\n\t\t\t`wpr_content`, `wpr_by_uid`, `wpr_date`, `wp_id`\n\t\t\t) \n\t\t\tVALUES(\n\t\t\t'{$reply}', {$user['uid']}, {$t}, {$_GET['post']}\n\t\t\t)"; // These 2 lines of code is also written above in the // if condition, so this is code repetition, // though i cud have just written the 2 lines of code only once, // and written the below 2 procedures $qS2 & $qU1, // in another if condition corresponding to this else condition // as in, if( isset( $_GET[post]) ), but then, that wud have meant, // an if() condition check for every time the script gets executed, // for not repeting 2 lines of code(for saving 2 lines of space) // it seemed a bad trade-of // whereas in this case, though 2 lines will be extra, // but, 2 times if condition checking will be saved, // only once it will check, in this if() condition block, // and decide what to do $q1E = db_query($q1I); $id = mysql_insert_id(); // First select all ids from wall_post table // then execute this select query, then // Run Update query on the the wall post id, with // the new wall_post_reply id that you received by inserting // new reply $qS2 = "SELECT * from `wall_post` WHERE `wp_id`={$_GET['post']}"; $res = db_query($qS2); $row = mysql_fetch_assoc($res); // Dont need this line, the 2 lines below it lines will suffice // $string = ( empty( $row['wpr_id'] ) ? $id : ( $row['wpr_id'] . "," . $id ) ); $string = $row['wpr_id'] . "," . $id; $string = trim($string, ','); $qU1 = "UPDATE `wall_post` set `wpr_id`='{$string}' WHERE `wp_id`={$_GET['post']}"; $res2 = db_query($qU1); } // header("Location: "); // header("Location:{$globals['boardurl']}{$globals['ind']}action=topic&topic={$_GET['topic']}"); // header("Location: index.php?action=topic&topic={$_GET['topic']}"); if (is_bool($q1E)) { if (isset($_GET['topic'])) { $notice['success'] = "Muaah :x, Reply posted successfully. You can go <a href='{$globals['ind']}action=topic&topic={$_GET['topic']}'>HERE</a> to check your reply."; } else { // $_GET['post'] is set $notice['success'] = "Muaah :x, Reply posted successfully. You can go <a href='{$globals['ind']}action=wall&uid={$_GET['uid']}&post={$_GET['post']}'>HERE</a> to check your post."; } //$notice['success'] = $l['success_wall']; } else { $error['no_success'] = "Could not post the reply."; } //$error['no_success'] = $l['no_success']; } }
function modifyprofile() { global $themedir; global $globals, $mysql, $theme, $done, $error, $errors; global $l, $row; global $time; global $user, $reqPrivs; $theme['name'] = 'modifyprofile'; $theme['call_theme_func'] = 'modifyprofile'; loadlang(); fheader($title = 'Modify Profile'); // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment // if from Admin Board Settings table, loginReq column is 1, then, login is required to view // so redirect him to login page if ($reqPrivs['board']['loginReq']) { if (!userUidSet()) { redirect("{$globals['boardurl']}{$globals['only_ind']}action=login"); } } //printrr( $user); //printrr( $reqPrivs ); $uid = (int) (isset($_GET['uid']) && !empty($_GET['uid']) ? check_input($_GET['uid']) : $user['uid']); // if( $user['g_priv'] & $privs['guest']['g_priv'] ) // if( $_GET['id'] != $user['uid'] && !($user['uid']) ) if ($uid != $user['uid'] && !((int) $user['g_priv'] & (int) $reqPrivs['edit']['a_priv'])) { $errors['access_denied'] = "Not allowed to access this area."; return false; } //echo round ($time->scriptTime() ); if (isset($_POST['modprof'])) { /* // Creating Variable Names dynamically with the array keys; foreach( $_POST as $k => $v ) { "$" .$k = check_input($_POST[$v]); "$" . $k = $v; echo "k: " . "$k" . ", "; } echo "<br />s: " . $sex; */ $url = check_input($_POST['url']); $display_name = check_input($_POST['display_name']); $about = check_input($_POST['about']); $dob = check_input($_POST['dob']); $sex = check_input($_POST['sex']); $display_pic_url = check_input($_POST['display_pic_url']); $perfume = check_input($_POST['perfume']); // Base64encode for everything coming from URL // Checking input, checking everything coming from $_GET url, // sanitizing it, and casting it into an (int) datatype $uid = isset($_GET["uid"]) ? (int) check_input($_GET["uid"]) : $user["uid"]; if ($errors) { return false; } // update users & profile table with new data $q[1] = "UPDATE `users` `u` JOIN `profile` `p` \n\t\t\tSET \n\t\t\t`u`.`url`='{$url}', \n\t\t\t`p`.`display_name`='{$display_name}', \n\t\t\t`p`.`about`='{$about}', \n\t\t\t`p`.`dob`='{$dob}', \n\t\t\t`p`.`sex`='{$sex}',\n\t\t\t`p`.`display_pic_url`='{$display_pic_url}',\n\t\t\t`p`.`perfume`='{$perfume}' \n\t\t\tWHERE `u`.`uid`={$uid} AND `p`.`users_uid`={$uid}"; $qe[1] = db_query($q[1]); //insert_and_id(); } // was taking the $_GET[uid] directly // $q = "SELECT * FROM `users` `u` JOIN `profile` `p` ON `u`.`uid`=`p`.`users_uid` WHERE `u`.`uid`= $_GET[uid]"; // now taking $uid which is either a $_GET['uid'] if it is set, or else it is the set $user[uid] $q[2] = "SELECT * FROM `users` `u` JOIN `profile` `p` ON `u`.`uid`=`p`.`users_uid` WHERE `u`.`uid`= {$uid}"; $qe[2] = db_query($q[2]); $row = mysql_fetch_assoc($qe[2]); }
function wall() { global $themedir, $theme, $l; global $globals, $mysql, $theme, $done, $error, $errors; global $user, $time; global $qu, $reqPrivs; $theme['name'] = 'wall'; $theme['call_theme_func'] = 'wall'; // echo ( $qu == 0 ) ? "yes" : "no" ? "under" : "not"; loadlang(); fheader('Wall'); // Base64encode for everything coming from URL // Checking input, checking everything coming from $_GET url, // sanitizing it, and casting it into an (int) datatype // $uid = ( isset($_GET["uid"] ) ? (int) check_input( $_GET["uid"] ) : $user["uid"] ); // if get uid set, see if user has permission to view this profile, if yes then allow, else error, no permission if (isset($_GET['uid'])) { // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment // if from Admin Board Settings table, loginReq column is 1, then, login is required to view // so redirect him to login page // if( $reqPrivs['board']['loginReq'] ) if (!userUidSet()) { redirect("{$globals['boardurl']}{$globals['only_ind']}action=login"); } // if( $user['perms'] & $reqPrivs['view']['a_priv'] ) if ($user['g_priv'] & $reqPrivs['view']['a_priv']) { $uid = $_GET['uid']; } else { $error['perms_denied'] = 'No permission to view this page.'; return false; } } else { if (isset($user['uid'])) { $uid = $user['uid']; } else { // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment // if from Admin Board Settings table, loginReq column is 1, then, login is required to view // so redirect him to login page // if( $reqPrivs['board']['loginReq'] ) if (!userUidSet()) { redirect("{$globals['boardurl']}{$globals['only_ind']}action=login"); } } } //if( isset($_POST['wall_sub']) && !empty($_POST['post'] ) ) if (isset($_POST['wall_sub'])) { $reply = mandff(check_input($_POST['post']), 'Wall Post Empty'); if (empty($error) && empty($errors)) { $now = round($time->scriptTime()); /* $qI = "INSERT INTO wall_post(`wp_on_uid`, `wp_by_uid`, `wp_post`, `wp_date`) VALUES ( $_GET[uid], $user[uid], '$reply', $now )"; */ $qI = "INSERT INTO wall_post(`wp_on_uid`, `wp_by_uid`, `wp_post`, `wp_date`) \n\t\t\tVALUES ( {$uid}, {$user['uid']}, '{$reply}', {$now} )"; $qI_e = db_query($qI); } } // $_GET[uid] below signifies, that on whose wall all the post are getting made //$q = "SELECT * FROM `wall_post` `wp` JOIN `users` `u` ON `wp`.`wp_by_uid` = `u`.`uid` WHERE `wp`.`wp_on_uid`='$_GET[uid]' ORDER BY `wp`.`wp_date` DESC"; $q = "SELECT * FROM `wall_post` `wp` JOIN `users` `u` ON `wp`.`wp_by_uid` = `u`.`uid` WHERE `wp`.`wp_on_uid`='{$uid}' ORDER BY `wp`.`wp_date` DESC"; $qu = db_query($q); //mail("*****@*****.**", "Hi Ashish", "Message for u buddy"); // printrr( $GLOBALS ); // printrr( $_SESSION ); }