<?php $availableStyles = array('global' => 'Default', 'dark' => 'Dark'); if ($_POST['form_sent']) { $style = $_POST['style']; if (!array_key_exists($style, $availableStyles)) { Output::HardError($style . ' isn\'t a valid style.'); } $_SESSION['atbbs_style'] = $style; } ?> <form action="" method="post"> <div class="row"> <label class="common" for="memorable_name">Memorable name</label> <input type="text" id="memorable_name" name="memorable_name" class="inline" value="<?php echo htmlspecialchars($User->UserName); ?> " maxlength="100" /> </div> <div class="row"> <label class="common" for="memorable_password">Memorable password</label> <input type="password" class="inline" id="memorable_password" name="memorable_password" maxlength="100" /> <input type="password" class="inline" id="memorable_password2" name="memorable_password2" maxlength="100" /> <p class="caption">This information can be used to more easily <a href="<?php echo THISURL; ?> /restore_ID">restore your ID</a>. Password is optional, but recommended.</p> </div> <div class="row">
function Check4Filtered($headline, $body, $returnbool = false) { global $ANTIRANDOM, $User; $hl_df = defuck_comment($headline); $b_df = defuck_comment($body); $res = DB::Execute("SELECT filText,filReason,filPunishType,filPunishDuration,filReplacement FROM {P}Filters"); $dbg = ''; while (list($fText, $fReason, $fPunishment, $fPunishTime, $fReplacement) = $res->FetchRow()) { // Fastest string search method. $idx = strpos($hl_df . ' ' . $b_df, $fText); if ($idx === false) { continue; } if ($returnbool === true) { return true; } switch ($fPunishment) { case 0: // Just replace $headline = str_ireplace($fText, $fReplacement, $headline); $body = str_ireplace($fText, $fReplacement, $body); break; case 1: // 403 header('HTTP/1.1 403 Forbidden'); Output::HardError("<b>ATBBS has denied your post, as it contains "" . htmlentities($fText) . "", which is banned for the following reason:</b><br />{$fReason}"); break; case 2: // Ban AddBan($User->ID, $_SERVER['REMOTE_ADDR'], $fPunishTime, '<span class="tag filter">Filter</span>' . $fReason, 0); break; default: // Ignore. break; } } $score = GetRandomScore($headline . ' ' . $body); if ($score >= ANTIRANDOM_MAX_SCORE) { if ($returnbool === true) { return true; } header('HTTP/1.1 403 Forbidden'); Output::HardError("Your post contains random data (Score: {$score}, Max score: " . ANTIRANDOM_MAX_SCORE . "). Knock it the f**k off."); exit; } Check4Ban(true); if ($returnbool === true) { return false; } return array($headline, $body); }
static function GetEString($index, $allownull = false) { $r = GET::FetchIndex($index); if (!$r && !$allownull) { Output::HardError(sprintf('Index %s unavailable.', $index)); } Output::CheckBuffer(); return Input::ToString($r); }
if($to==$User->ID) $to='<a href="#">yourself</a>'; $title=htmlentities($title); $date=calculate_age($date); $url=THISURL.'/private_messages.php/thread/'.(($thread==0)?$id:$thread).'/#pm'.$id; $body=parse($body); echo " <h3>$from sent $to "$title" $date ago.<span class=\"reply_id\"><a name=\"pm{$id}\" href=\"{$url}\">#{$id}</a></span></h3> <div class=\"body\"> {$body} </div> "; } if(!in_array($User->ID,$participants)) Output::HardError('You\'re not invited.'); ?> <form action="" method="post"> <h3><b>Reply to Private Thread:</b></h3> <div class="body"> <input type="hidden" name="thread" value="<?=$view?>" /> <label for="to" class="common">To:<label><input type="text" name="to" value="<?=htmlentities($OP)?>" /> <label for="title" class="common">Title:<label><input type="text" name="title" value="<?=htmlentities('RE: '.$page_title)?>" /> <?=csrf_token()?> <label for="body">Body:<label> <textarea name="body"></textarea> <input type="submit" value="Send" name="act" /> </div> </form> <? $page_title="PM Thread: ".$page_title;
$flag_ostrich = POST::GetInt('ostrich_mode') == 1; $flag_spoiler = POST::GetInt('spoiler_mode') == 1; $snippet_len = POST::GetInt('snippet_length'); // Make some specific validations ... if (!empty($_POST['form']['memorable_name']) && $_POST['form']['memorable_name'] != $user_config['memorable_name']) { // Check if the name is already being used. $res = DB::Execute('SELECT 1 FROM {P}UserSettings WHERE LOWER(usrName) = LOWER(' . DB::Q($_POST['form']['memorable_name']) . ')'); if ($res->RecordCount() > 0) { add_error('The memorable name "' . htmlspecialchars($_POST['memorable_name']) . '" is already being used.'); } } if ($pass != $pass2) { add_error(' Both password fields must match.'); } if (!array_key_exists($theme, getAvailableThemes())) { Output::HardError($theme . ' isn\'t a valid theme.'); } if (!$erred) { $User->UserName = $name; $User->Email = $email; $User->Flags = 0; if ($flag_topics) { $User->Flags |= FLAG_TOPICS; } if ($flag_ostrich) { $User->Flags |= FLAG_OSTRICH; } if ($flag_spoiler) { $User->Flags |= FLAG_SPOILER; } $User->SnippetLength = $snippet_len;
function check_length($text, $name, $min_length, $max_length) { $text_length = strlen($text); if ($min_length > 0 && empty($text)) { Output::HardError('The ' . $name . ' cannot be blank.'); } else { if ($text_length > $max_length) { Output::HardError('The ' . $name . ' was ' . number_format($text_length - $max_length) . ' characters over the limit (' . number_format($max_length) . ').'); } else { if ($text_length < $min_length) { Output::HardError('The ' . $name . ' was too short.'); } } } }
if($User->isAdmin()) { if($_POST['form_sent']) { if($_POST['post']) { //Determine author if(isset($_POST['admin']) && $User->isAdmin()) { $author = '<b><u>Sysop</u></b>'; } else { $author = "?"; } if(!isset($_POST['body'])) { Output::HardError("It appears you did not actually type anything. Stopping here..."); } else { $body = $_POST['body']; } //Actually do the posting... pretty messy but I don't really care // I DO. PRETTIFIED. DB::Execute('INSERT INTO {P}Bulletins (time, author, body) VALUES (UNIX_TIMESTAMP(),'.DB::Q($author).','.DB::Q($body).')'); redirect("Bulletin posted."); } } else { ?> <form action="" method="post"> <h3>Add new bulletin</h3> <div class="body"> <div class="noscreen">
// exit; $congratulation = 'Reply edited.'; } } else { // or a topic... check_length($headline, 'headline', MIN_LENGTH_HEADLINE, MAX_LENGTH_HEADLINE); if (!$editing) { //Lurk more? if ($_SERVER['REQUEST_TIME'] - $_SESSION['first_seen'] < REQUIRED_LURK_TIME_TOPIC) { Output::HardError('Lurk for at least ' . REQUIRED_LURK_TIME_TOPIC . ' seconds before posting your first topic.'); } // Flood control. $too_early = $_SERVER['REQUEST_TIME'] - FLOOD_CONTROL_TOPIC; $res = DB::Execute(sprintf('SELECT 1 FROM {P}Topics WHERE author_ip = \'%s\' AND time > %d', $_SERVER['REMOTE_ADDR'], $too_early)); if ($res->RecordCount() > 0) { Output::HardError('Wait at least ' . FLOOD_CONTROL_TOPIC . ' seconds before creating another topic. '); } // Prepare our query... DB::Execute(sprintf('INSERT INTO {P}Topics (author, name, author_ip, headline, body, last_post, time) VALUES (\'%s\', \'%s\',\'%s\', \'%s\', %s, UNIX_TIMESTAMP(), UNIX_TIMESTAMP())', $author, $authorname, $_SERVER['REMOTE_ADDR'], $headline, DB::Q($body))); $congratulation = 'Topic created.'; } else { $sql = sprintf('UPDATE {P}Topics SET headline = \'%s\', name=\'%s\', body = %s, flags = %d, edit_time = UNIX_TIMESTAMP() WHERE id = %d', $headline, $authorname, DB::Q($body), 0 | 1 * $edit_mod, $_GET['edit']); DB::Execute($sql); $congratulation = 'Topic edited.'; } } // If all is well, execute! if (!$erred) { if ($unlock_table) { DB::Execute('UNLOCK TABLE'); }
static function Flush() { // Prep Savant3 // if(!isset(self::$tpl)) Output::PrepSV3(); if(defined('USING_NEW_TEMPLATE_FORMAT')) { $mb=''; $head=self::$tpl->fetch('gheader.tpl.php'); if(count(Output::$messages['__'])>0) { //echo '<!-- messagebox.tpl.php -->'; $mb=self::$tpl->fetch('messagebox.tpl.php'); } $out=self::$tpl->fetch('pages/'.Output::$cpage.'.tpl.php'); if(self::$tpl->isError($out)) Output::HardError('Savant3 template error.<br />"'.$out->code.'"<br />Page ID:'.Output::$cpage); else echo $head.$mb.$out; self::$tpl->display('footer.tpl.php'); } else { self::$tpl->display('gheader.tpl.php'); } if(defined('USING_PROFILER')) { // } die('</body></html>'); }
if(!defined('MOD_NAME')) define('MOD_NAME','Wiseguy'); if(!defined('ROOT_ADMIN')) $_SESSION['notice']="<b>NOTICE TO ADMINISTRATOR:</b> Please add <code>define('ROOT_ADMIN','(Your UID)');</code> to includes/config.php ASAP."; Output::PrepSV3(); if(!defined('ADODB_DRIVER')) die('Please finish <a href="/install">installing</a> ATBBS.'); // Connect to the database. DB::Connect(); if(DB::NeedsUpgrade() && !defined('UPGRADER')) Output::HardError('The database engine has determined that the database needs an upgrade. Please visit <a href="/upgrade/">ATBBS Upgrader</a> to remedy the problem.'); $User=new User(); $moderator = $User->isMod(); $administrator = $User->isAdmin(); if(!defined('INSTALLER')) { // Start buffering shit for the template. ob_start(); } Check4Ban(); // Dashboard sidebar $sidebar=array( 'User Toolbox' => array(
$sql='UPDATE {P}Bans SET flags=flags|'.BANF_APPEAL_DENIED.' WHERE '; $i=0; foreach($_POST['deny_appeal'] as $uid) { if($i>0) $sql.=" OR "; $i++; $sql.='uid='.DB::Q($uid); } DB::Execute($sql); ?> <p><?=$i?> appeals denied.</p> <? } break; default: Output::HardError(htmlentities(Path::FetchIndex(0)).' is an unrecognized method.'); exit; break; } Output::$tpl->display('dashfooter.tpl.php'); require('includes/footer.php'); // 3m2d = 3 months, 2 days from now // 3000 = 3000s. function ParseExpiry($str) { $tb = 0; $sb = ''; while(strlen($str)>0) {
public static function GetAll($sql) { self::$queries++; self::$lastSQL = $sql; if (!DB::$rdb) { Output::HardError('<b>Database Connection Failure.</b>'); } return DB::$rdb->GetAll(str_replace('{P}', ADODB_PREFIX, $sql)); }
<?php include('include/header.php'); switch($_POST['act']) { case 'Send': // Reply if(!csrf_check()) Output::HardError('Session error. Try again.'); //Lurk more? if($_SERVER['REQUEST_TIME'] - $_SESSION['first_seen'] < REQUIRED_LURK_TIME_REPLY) { add_error('Lurk for at least ' . REQUIRED_LURK_TIME_REPLY . ' seconds before posting your first reply.'); } // Flood control. $too_early = $_SERVER['REQUEST_TIME'] - FLOOD_CONTROL_REPLY; $res=DB::Execute(sprintf('SELECT 1 FROM {P}PMs WHERE pmFrom = \'%s\' AND pmDateSent > %d',$_SERVER['REMOTE_ADDR'], $too_early)); if($res->RecordCount() > 0) { add_error('Wait at least ' . FLOOD_CONTROL_REPLY . ' seconds between each reply. '); } //Check inputs list($_POST['title'],$_POST['body'])=Check4Filter($_POST['title'],$_POST['body']); $reply=new PM(); $reply->To = $_POST['to']; $reply->From =$User->ID; $reply->Title = $_POST['title']; $reply->Body = $_POST['body'];