die; } } else { $pass = $userinfo['user_password']; if (strcmp($pass, sha1(md5($_POST['current_password'])))) { notification($_LANG['wrong_password'], $_SERVER['HTTP_REFERER'], 3); die; } if (strcmp($_POST['new_password'], $_POST['repeat_password'])) { notification($_LANG['not_matching_passwords'], $_SERVER['HTTP_REFERER'], 3); die; } } $db = new nullBB_Database($_CONF, $_LANG); if ($edit_pass) { $db->query('update ' . $_CONF['dbprefix'] . "users set user_password='******'new_password'])) . "' where user_id=" . $userinfo['user_id']); } if (strcmp($_POST['website'], $userinfo['user_website'])) { $db->query('update ' . $_CONF['dbprefix'] . "users set user_website='" . sanitizeQuery($_POST['website']) . "' where user_id=" . $userinfo['user_id']); } if (strcmp($_POST['msn'], $userinfo['user_msn'])) { $db->query('update ' . $_CONF['dbprefix'] . "users set user_msn='" . sanitizeQuery($_POST['msn']) . "' where user_id=" . $userinfo['user_id']); } if (strcmp($_POST['signature'], $userinfo['user_signature'])) { if (strlen($_POST['signature']) > $_CONF['signature_max_len']) { notification($_LANG['signature_too_long'] . '(max: ' . $_CONF['signature_max_len'] . ' bytes)', $_SERVER['HTTP_REFERER'], 3); die; } $db->query('update ' . $_CONF['dbprefix'] . "users set user_signature='" . sanitizeQuery($_POST['signature']) . "' where user_id=" . $userinfo['user_id']); } if (strcmp($_POST['theme'], $userinfo['user_theme'])) {
* GNU General Public License as published by the Free Software Foundation, either version 3 of * * the License, or (at your option) any later version. This program is distributed in the hope * * that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. You should have received a copy of the GNU General Public License along with * * this program. If not, see <http://www.gnu.org/licenses/>. * **************************************************************************************************/ require_once '../config.ini'; require_once 'admin_head.' . PHPEXT; if (!$_REQUEST['uid']) { die; } $uid = getInt($_REQUEST['uid']); $db = new nullBB_Database($_CONF, $_LANG); $db->freeResult(); $results = $db->query('select * from ' . $_CONF['dbprefix'] . 'users where user_id=' . $uid); $results = $results[0]; if (!$_POST['change']) { ?> <form enctype="multipart/form-data" action="<?php print $_SERVER['PHP_SELF'] . '?uid=' . $uid; ?> " method="POST"> <table style="padding: 10px"> <tr> <td class="registerfield">> <?php print $_LANG['new_password']; ?> *</td>
} if (!isset($_POST['topic_id']) || !is_numeric($_POST['topic_id'])) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['invalid_topic'], $_SERVER['HTTP_REFERER'], 3); die; } if (!$_POST['content'] || empty($_POST['content'])) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['empty_post'], $_SERVER['HTTP_REFERER'], 3); die; } $topic_id = getInt($_POST['topic_id']); $user_id = getInt($session->user_id); $db = new nullBB_Database($_CONF, $_LANG); $content = sanitizeQuery($_POST['content']); $forum = $db->query('select forum_id from ' . $_CONF['dbprefix'] . 'topics where ' . 'topic_id = ' . $topic_id); $db->freeResult(); if (empty($forum)) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['invalid_topic'], $_SERVER['HTTP_REFERER'], 3); die; } $forum_id = getInt($forum[0]['forum_id']); $ip = sanitizeQuery($_SERVER['REMOTE_ADDR']); $so = sanitizeQuery(getSO($_SERVER['HTTP_USER_AGENT'])); $browser = sanitizeQuery(getBrowser($_SERVER['HTTP_USER_AGENT'])); $res = $db->query('select forum_postgroup from ' . $_CONF['dbprefix'] . 'forums where ' . "forum_id='" . $forum_id . "'"); $db->freeResult(); $forum_postgroup = getInt($res[0]['forum_postgroup']); unset($res); if ($userinfo['user_group'] > $forum_postgroup) {
case 'move_up': case 'move_down': case 'view_privs': break; default: die; break; } $fid = getInt($_REQUEST['fid']); $db = new nullBB_Database($_CONF, $_LANG); switch ($action) { case 'delete': if (!$fid) { die; } $db->query('delete from ' . $_CONF['dbprefix'] . 'posts where forum_id=' . $fid); $db->query('delete from ' . $_CONF['dbprefix'] . 'topics where forum_id=' . $fid); $db->query('delete from ' . $_CONF['dbprefix'] . 'forums where forum_id=' . $fid); break; case 'new': $name = sanitizeQuery($_REQUEST['forum_name']); $desc = sanitizeQuery($_REQUEST['forum_desc']); if (!$name || !$desc) { die; } $res = $db->query('select forum_id from ' . $_CONF['dbprefix'] . 'forums where forum_id >= all(' . 'select forum_id from ' . $_CONF['dbprefix'] . 'forums)'); $vieworder = empty($res) ? 1 : getInt($res[0]['forum_id']) + 1; $db->query('insert into ' . $_CONF['dbprefix'] . 'forums(forum_name, forum_desc, forum_vieworder) values(' . "'{$name}','{$desc}',{$vieworder})"); $db->close(); header('Location: ' . $_SERVER['HTTP_REFERER']); break;
* more details. You should have received a copy of the GNU General Public License along with * * this program. If not, see <http://www.gnu.org/licenses/>. * **************************************************************************************************/ require_once './config.ini'; require_once ABSOLUTE_BASEPATH . '/languages/' . BOARD_LANGUAGE . '.lang'; require_once ABSOLUTE_BASEPATH . '/utils.' . PHPEXT; require_once ABSOLUTE_BASEPATH . '/db.' . PHPEXT; if (!($_POST['username'] && $_POST['password'])) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['wrong_user_pass'], $_SERVER['HTTP_REFERER'], 3); die; } else { $user = addslashes(strtolower($_POST['username'])); $pass = sha1(md5($_POST['password'])); $db = new nullBB_Database($_CONF, $_LANG); $res = $db->query('select * from ' . $_CONF['dbprefix'] . "users where username='******' and user_password='******'"); $db->freeResult(); $db->close(); if (empty($res)) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['wrong_user_pass'], $_SERVER['HTTP_REFERER'], 3); die; } else { unset($res); require_once ABSOLUTE_BASEPATH . '/session.' . PHPEXT; $session = new nullBB_Session(array('username' => $user), $_CONF, $_LANG); require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['login_ok'] . ' ' . sanitizeHTML($user), $_SERVER['HTTP_REFERER'], 3); die; } }
} $db = new nullBB_Database($_CONF, $_LANG); if ($_POST['postMsg']) { if (!$_POST['subject'] || !$_POST['content'] || !$_POST['recv_id']) { notification($_LANG['no_info_specified'], $_SERVER['HTTP_REFERER'], 3); die; } if (preg_match('/^\\s+$/', $_POST['subject']) || preg_match('/^\\s+/', $_POST['content'])) { notification($_LANG['no_info_specified'], $_SERVER['HTTP_REFERER'], 3); die; } $subject = sanitizeQuery($_POST['subject']); $content = sanitizeQuery($_POST['content']); $recv_id = getInt($_POST['recv_id']); $send_id = getInt($userinfo['user_id']); $db->query('insert into ' . $_CONF['dbprefix'] . 'privmsgs(privmsg_subject, ' . 'privmsg_from, privmsg_to, privmsg_date, privmsg_ip, privmsg_seen, privmsg_content) values(' . "'" . $subject . "', " . $send_id . ", " . $recv_id . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', 0, '" . $content . "')"); $db->freeResult(); $db->close(); notification($_LANG['message_ok'], $_SERVER['HTTP_REFERER'], 3); die; } else { $user_id = getInt($userinfo['user_id']); ?> <center> > <a class="topicHead" href="<?php print BASEDIR; ?> "><?php print $_CONF['title']; ?>
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. You should have received a copy of the GNU General Public License along with * * this program. If not, see <http://www.gnu.org/licenses/>. * **************************************************************************************************/ require_once './config.ini'; require_once ABSOLUTE_BASEPATH . '/languages/' . BOARD_LANGUAGE . '.lang'; require_once ABSOLUTE_BASEPATH . '/db.' . PHPEXT; require_once ABSOLUTE_BASEPATH . '/utils.' . PHPEXT; require_once ABSOLUTE_BASEPATH . '/session.' . PHPEXT; if (empty($_REQUEST['post_id']) || !$session->logged) { notification("Invalid request", $_SERVER['HTTP_REFERER'], 3); die; } $db = new nullBB_Database($_CONF, $_LANG); $post_id = getInt($_REQUEST['post_id']); $res = $db->query('select * from ' . $_CONF['dbprefix'] . 'posts where post_id=' . $post_id); $db->freeResult(); if (empty($res)) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['no_posts'], $_SERVER['HTTP_REFERER'], 3); die; } $topic_id = getInt($res[0]['topic_id']); $poster_id = getInt($res[0]['poster_id']); $post_time = getInt($res[0]['post_time']); unset($res); if ($_GET['delete']) { if (!$session->logged) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['cannot_delete_post'], $_SERVER['HTTP_REFERER'], 3); die;
* nullBB - Light CMS forum * * Copyright (C) 2009, BlackLight * * * * This program is free software: you can redistribute it and/or modify it under the terms of the * * GNU General Public License as published by the Free Software Foundation, either version 3 of * * the License, or (at your option) any later version. This program is distributed in the hope * * that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. You should have received a copy of the GNU General Public License along with * * this program. If not, see <http://www.gnu.org/licenses/>. * **************************************************************************************************/ require_once '../config.ini'; require_once 'admin_head.' . PHPEXT; header('Content-type: text/sql'); $db = new nullBB_Database($_CONF, $_LANG); $tables = $db->query('SHOW TABLES'); $views = array(); foreach ($tables as $td) { $table = $td[key($td)]; $r = $db->query("SHOW CREATE TABLE `{$table}`"); if (!empty($r)) { $insert_sql = ""; if (!strcasecmp(key($r[0]), 'View')) { array_push($views, $r[0][key($r[0])]); } else { $SQL .= "DROP TABLE IF EXISTS `{$table}`;\n"; next($r[0]); $d = $r[0][key($r[0])] . ";"; $SQL .= str_replace("\n", "", $d) . "\n"; $table_query = $db->query("SELECT * FROM `{$table}`"); foreach ($table_query as $row) {
if (!$session->logged) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['insufficient_privileges'], $_SERVER['HTTP_REFERER'], 3); die; } $db = new nullBB_Database($_CONF, $_LANG); $post_id = getInt($_GET['post_id']); $res = $db->query('select poster_id from ' . $_CONF['dbprefix'] . 'posts where post_id=' . $post_id); $db->freeResult(); $poster_id = getInt($res[0]['poster_id']); if ($userinfo['user_group'] > USERLEV_MOD && $userinfo['user_id'] != $poster_id) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['insufficient_privileges'], $_SERVER['HTTP_REFERER'], 3); die; } $res = $db->query('select poster_ip from ' . $_CONF['dbprefix'] . 'posts where post_id=' . $post_id); $db->freeResult(); $addr = sanitizeHTML($res[0]['poster_ip']); print $addr; unset($res); exit(0); } $db = new nullBB_Database($_CONF, $_LANG); $res = $db->query('select post_content from ' . $_CONF['dbprefix'] . 'posts ' . "where post_id='" . getInt($_GET['post_id']) . "'"); $db->freeResult(); print htmlspecialchars($res[0]['post_content']); unset($res); $db->close(); ?>
function destroy() { if (!$this->session_id) { return; } setcookie('sid', '', time(), BASEDIR); setcookie('lasttime', time(), time() + 60 * 60 * 24 * 365, BASEDIR); $this->logged = false; $db = new nullBB_Database($this->_CONF, $this->_LANG); $db->query('delete from ' . $this->_CONF['dbprefix'] . "sessions where session_id='" . addslashes($this->session_id) . "'"); $db->freeResult(); $db->close(); }
if ($_GET['del']) { $db = new nullBB_Database($_CONF, $_LANG); $res = $db->query('select * from ' . $_CONF['dbprefix'] . 'privmsgs ' . "where privmsg_id=" . getInt($_GET['msg_id']) . " and privmsg_to=" . getInt($userinfo['user_id'])); $db->freeResult(); if (empty($res)) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['privmsg_not_found'], $_SERVER['HTTP_REFERER'], 3); die; } $db->query('delete from ' . $_CONF['dbprefix'] . 'privmsgs where privmsg_id=' . getInt($_GET['msg_id']) . ' ' . 'and privmsg_to=' . getInt($userinfo['user_id'])); require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['delete_privmsg_ok'], $_SERVER['HTTP_REFERER'], 3); die; } $db = new nullBB_Database($_CONF, $_LANG); $res = $db->query('select * from ' . $_CONF['dbprefix'] . 'privmsgs ' . "where privmsg_id=" . getInt($_GET['msg_id']) . " and privmsg_to=" . getInt($userinfo['user_id'])); $db->freeResult(); if (empty($res)) { print $_LANG['privmsg_not_found']; die; } $res = $res[0]; if ($res['privmsg_seen'] == false) { $db->query('update ' . $_CONF['dbprefix'] . 'privmsgs set privmsg_seen=1 ' . 'where privmsg_id=' . getInt($_GET['msg_id']) . ' and privmsg_to=' . getInt($userinfo['user_id'])); } $from = $db->query('select username from ' . $_CONF['dbprefix'] . 'users where user_id=' . getInt($res['privmsg_from'])); $db->freeResult(); $from = sanitizeHTML($from[0]['username']); $to = sanitizeHTML($userinfo['username']); $content = bb2html($res['privmsg_content']); print '<li class="privmsgHead">' . $_LANG['from'] . ': ' . '<a href="' . BASEDIR . 'user/' . getInt($res['privmsg_from']) . '">' . $from . "</a></li>\n";
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. You should have received a copy of the GNU General Public License along with * * this program. If not, see <http://www.gnu.org/licenses/>. * **************************************************************************************************/ if ($_REQUEST['admin_username'] && $_REQUEST['admin_password'] && $_REQUEST['admin_password_again'] && $_REQUEST['admin_email']) { $user = sanitizeQuery($_REQUEST['admin_username']); $pass = $_REQUEST['admin_password']; $passagain = $_REQUEST['admin_password_again']; $email = sanitizeQuery($_REQUEST['admin_email']); if ($pass != $passagain) { die($_LANG['not_matching_passwords']); } $sql = "drop table if exists " . $_CONF["dbprefix"] . "forums;\n" . "drop table if exists " . $_CONF["dbprefix"] . "topics;\n" . "drop table if exists " . $_CONF["dbprefix"] . "posts;\n" . "drop table if exists " . $_CONF["dbprefix"] . "privmsgs;\n" . "drop table if exists " . $_CONF["dbprefix"] . "users;\n" . "drop table if exists " . $_CONF["dbprefix"] . "sessions;\n" . "drop table if exists " . $_CONF["dbprefix"] . "karma;\n" . "drop table if exists " . $_CONF["dbprefix"] . "groups;\n" . "drop table if exists " . $_CONF["dbprefix"] . "viewtopics;\n" . "\n" . "drop view if exists " . $_CONF["dbprefix"] . "newtopics;\n" . "\n" . "drop trigger if exists insTopic;\n" . "drop trigger if exists insPost;\n" . "drop trigger if exists delPost;\n" . "drop trigger if exists delUser;\n" . "drop trigger if exists delTopic;\n" . "\n" . "create table " . $_CONF["dbprefix"] . "forums(\n" . "forum_id \t\t\tinteger unsigned not null auto_increment,\n" . "forum_name \t\tvarchar(150),\n" . "forum_desc \t\ttext,\n" . "forum_posts \t\tinteger unsigned default 0,\n" . "forum_topics \t\tinteger unsigned default 0,\n" . "forum_lasttopic \tinteger unsigned not null default 0,\n" . "forum_lastpost \tinteger unsigned not null default 0,\n" . "forum_lasttime \tinteger unsigned not null default 0,\n" . "forum_viewgroup \tsmallint default 20 not null,\n" . "forum_postgroup \tsmallint default 10 not null,\n" . "forum_vieworder \tinteger unsigned not null default 0,\n" . "\n" . "primary key(forum_id),\n" . "foreign key(forum_lasttopic) \treferences " . $_CONF["dbprefix"] . "topics(topic_id),\n" . "foreign key(forum_lastpost) \treferences " . $_CONF["dbprefix"] . "posts(post_id),\n" . "foreign key(forum_lasttime) \treferences " . $_CONF["dbprefix"] . "posts(post_time),\n" . "foreign key(forum_viewgroup) \treferences " . $_CONF["dbprefix"] . "groups(group_id),\n" . "foreign key(forum_postgroup) \treferences " . $_CONF["dbprefix"] . "groups(group_id)\n" . ");\n" . "\n" . "create table " . $_CONF["dbprefix"] . "topics(\n" . "topic_id \t\t\tinteger unsigned not null auto_increment,\n" . "forum_id \t\t\tinteger unsigned not null,\n" . "topic_title \t\tvarchar(128),\n" . "topic_poster \t\tinteger unsigned not null,\n" . "topic_time \t\tinteger unsigned default 0,\n" . "topic_replies \t\tinteger unsigned default 0,\n" . "topic_lastreply \tinteger unsigned not null default 0,\n" . "topic_disabled \tboolean default 0 not null,\n" . "topic_sticked \t\tboolean default 0 not null,\n" . "\n" . "primary key(topic_id),\n" . "foreign key(forum_id) \t\treferences " . $_CONF["dbprefix"] . "forums(forum_id),\n" . "foreign key(topic_poster) \treferences " . $_CONF["dbprefix"] . "users(user_id),\n" . "foreign key(topic_lastreply) \treferences " . $_CONF["dbprefix"] . "posts(post_id)\n" . ");\n" . "\n" . "create table " . $_CONF["dbprefix"] . "posts(\n" . "post_id \t\t\tinteger unsigned not null auto_increment,\n" . "topic_id \t\t\tinteger unsigned not null,\n" . "forum_id \t\t\tinteger unsigned not null,\n" . "poster_id \t\tinteger unsigned not null,\n" . "poster_ip \t\tvarchar(40) not null,\n" . "poster_so \t\tvarchar(64),\n" . "poster_browser \tvarchar(64),\n" . "post_time \t\tinteger unsigned default 0,\n" . "post_content \t\ttext,\n" . "post_lastedit_date \tinteger unsigned default null,\n" . "post_lastedit_user \tinteger unsigned default null,\n" . "\n" . "primary key(post_id),\n" . "foreign key(topic_id) \t\treferences " . $_CONF["dbprefix"] . "topics(topic_id),\n" . "foreign key(forum_id) \t\treferences " . $_CONF["dbprefix"] . "forums(forum_id),\n" . "foreign key(poster_id) \t\treferences " . $_CONF["dbprefix"] . "useres(user_id)\n" . ");\n" . "\n" . "create table " . $_CONF["dbprefix"] . "privmsgs(\n" . "privmsg_id \t\tinteger unsigned not null auto_increment,\n" . "privmsg_subject \tvarchar(255),\n" . "privmsg_from \t\tinteger unsigned not null,\n" . "privmsg_to \t\tinteger unsigned not null,\n" . "privmsg_date \t\tinteger unsigned not null,\n" . "privmsg_ip \t\tvarchar(40) not null,\n" . "privmsg_seen \t\tboolean default 0,\n" . "privmsg_content \ttext,\n" . "\n" . "primary key(privmsg_id),\n" . "foreign key(privmsg_from) \treferences " . $_CONF["dbprefix"] . "users(user_id),\n" . "foreign key(privmsg_to) \treferences " . $_CONF["dbprefix"] . "users(user_id)\n" . ");\n" . "\n" . "create table " . $_CONF["dbprefix"] . "users(\n" . "user_id \t\t\tinteger unsigned not null auto_increment,\n" . "username \t\t\tvarchar(25) unique not null,\n" . "user_password \t\tvarchar(60) not null,\n" . "user_posts \t\tinteger unsigned default 0 not null,\n" . "user_email \t\tvarchar(60) unique not null,\n" . "user_website \t\tvarchar(60),\n" . "user_msn \t\t\tvarchar(60),\n" . "user_karma \t\tinteger default 0 not null,\n" . "user_regtime \t\tinteger unsigned default 0 not null,\n" . "user_disabled \t\tboolean default false not null,\n" . "user_group \t\tsmallint default 10 not null,\n" . "user_signature \ttext,\n" . "user_avatar \t\ttext,\n" . "user_viewavatars \tboolean default 0,\n" . "user_theme \t\tvarchar(60) default '" . $_CONF['theme'] . "',\n" . "user_language \tvarchar(50) default '" . BOARD_LANGUAGE . "',\n" . "\n" . "primary key(user_id),\n" . "foreign key(user_group) references " . $_CONF["dbprefix"] . "groups(group_id)\n" . ");\n" . "\n" . "create table " . $_CONF["dbprefix"] . "sessions(\n" . "session_id \t\tvarchar(60) not null,\n" . "user_id \t\t\tinteger unsigned not null,\n" . "session_time \t\tinteger unsigned default 0 not null,\n" . "session_lasttime \tinteger unsigned default 0 not null,\n" . "\n" . "primary key(session_id),\n" . "foreign key(user_id) \t\treferences " . $_CONF["dbprefix"] . "users(user_id)\n" . ");\n" . "\n" . "create table " . $_CONF["dbprefix"] . "karma(\n" . "user_id \t\t\tinteger unsigned default 0 not null,\n" . "voter \t\t\tinteger unsigned default 0 not null,\n" . "vote \t\t\tinteger default 0,\n" . "\n" . "primary key(user_id, voter),\n" . "foreign key(user_id) \t\treferences " . $_CONF["dbprefix"] . "karma(user_id),\n" . "foreign key(voter) \t\t\treferences " . $_CONF["dbprefix"] . "karma(voter)\n" . ");\n" . "\n" . "create table " . $_CONF["dbprefix"] . "groups(\n" . "group_id \t\t\tsmallint not null,\n" . "group_name \t\tvarchar(20),\n" . "primary key(group_id)\n" . ");\n" . "\n" . "create table " . $_CONF["dbprefix"] . "viewtopics(\n" . "user_id \t\t\tinteger unsigned not null,\n" . "topic_id \t\t\tinteger unsigned not null,\n" . "viewtime \t\t\tinteger unsigned not null,\n" . "\n" . "primary key(user_id, topic_id),\n" . "foreign key(user_id) references " . $_CONF["dbprefix"] . "users(user_id),\n" . "foreign key(topic_id) references " . $_CONF["dbprefix"] . "topics(topic_id)\n" . ");\n" . "\n" . "create view " . $_CONF["dbprefix"] . "newtopics\n" . "as\n" . "select f.forum_id, f.forum_name, t.topic_id, t.topic_title, t.topic_lastreply,\n" . "p.poster_id, u.username as last_poster, p.post_time\n" . "from " . $_CONF["dbprefix"] . "forums f join " . $_CONF["dbprefix"] . "topics t join " . $_CONF["dbprefix"] . "posts p join " . $_CONF["dbprefix"] . "users u\n" . "on f.forum_id=t.forum_id\n" . "and f.forum_id=p.forum_id\n" . "and p.topic_id=t.topic_id\n" . "and t.topic_lastreply=p.post_id\n" . "and p.poster_id=u.user_id\n" . "where p.post_id=t.topic_lastreply\n" . "order by p.post_time desc;\n" . "insert into " . $_CONF["dbprefix"] . "groups(group_id, group_name) values(" . USERLEV_GOD . ", 'God');\n" . "insert into " . $_CONF["dbprefix"] . "groups(group_id, group_name) values(" . USERLEV_ADMIN . ", 'Admin');\n" . "insert into " . $_CONF["dbprefix"] . "groups(group_id, group_name) values(" . USERLEV_GLOBALMOD . ", 'Global mod');\n" . "insert into " . $_CONF["dbprefix"] . "groups(group_id, group_name) values(" . USERLEV_MOD . ", 'Mod');\n" . "insert into " . $_CONF["dbprefix"] . "groups(group_id, group_name) values(" . USERLEV_USER . ", 'User');\n" . "insert into " . $_CONF["dbprefix"] . "groups(group_id, group_name) values(" . USERLEV_ANY . ", 'Any');\n" . "insert into " . $_CONF["dbprefix"] . "groups(group_id, group_name) values(" . USERLEV_BANNED . ", 'Banned');\n" . "insert into " . $_CONF["dbprefix"] . "users(user_id, username, user_password, user_group, user_regtime, user_email) values(1,'" . $user . "', '" . sha1(md5($pass)) . "', '" . USERLEV_GOD . "', '" . time() . "', '{$email}')\n"; $db = new nullBB_Database($_CONF, $_LANG); foreach (explode(';', $sql) as $query) { $db->query(trim($query)); } $sql = "create trigger insTopic\n" . "after insert\n" . "on " . $_CONF["dbprefix"] . "topics\n" . "for each row\n" . "begin\n" . "select forum_topics into @num from " . $_CONF["dbprefix"] . "forums where forum_id = new.forum_id;\n" . "update " . $_CONF["dbprefix"] . "forums set forum_topics = @num + 1 where forum_id = new.forum_id;\n" . "update " . $_CONF["dbprefix"] . "forums set forum_lasttopic = new.topic_id where forum_id = new.forum_id;\n" . "end;"; $db->query($sql); $sql = "create trigger insPost\n" . "after insert\n" . "on " . $_CONF["dbprefix"] . "posts\n" . "for each row\n" . "begin\n" . "select forum_posts into @num from " . $_CONF["dbprefix"] . "forums where forum_id = new.forum_id;\n" . "update " . $_CONF["dbprefix"] . "forums set forum_posts = @num + 1 where forum_id = new.forum_id;\n" . "select topic_replies into @num from " . $_CONF["dbprefix"] . "topics where topic_id = new.topic_id;\n" . "update " . $_CONF["dbprefix"] . "topics set topic_replies = @num + 1 where topic_id = new.topic_id;\n" . "select user_posts into @num from " . $_CONF["dbprefix"] . "users where user_id = new.poster_id;\n" . "update " . $_CONF["dbprefix"] . "users set user_posts = @num + 1 where user_id = new.poster_id;\n" . "update " . $_CONF["dbprefix"] . "topics set topic_lastreply = new.post_id where topic_id = new.topic_id;\n" . "update " . $_CONF["dbprefix"] . "forums set forum_lastpost = new.post_id where forum_id = new.forum_id;\n" . "update " . $_CONF["dbprefix"] . "forums set forum_lasttime = new.post_time where forum_id = new.forum_id;\n" . "end;"; $db->query($sql); $sql = "create trigger delUser\n" . "after delete\n" . "on " . $_CONF["dbprefix"] . "users\n" . "for each row\n" . "begin\n" . "update " . $_CONF["dbprefix"] . "topics set topic_poster=0 where topic_poster=old.user_id;\n" . "update " . $_CONF["dbprefix"] . "posts set poster_id=0 where poster_id=old.user_id;\n" . "end;\n"; $db->query($sql); /* DUMP, STUPID, ASSHOLE MySQL * The delTopic trigger is not accepted if executed via MySQL query, while it is if you * dump it to an SQL file and just pass it to your database. This is the MySQL error * message I get on my system if I try to uncomment these lines: * "This version of MySQL doesn't yet support 'multiple triggers with the same action time and event for one table'" * That's just meaningless, and a big big bug in MySQL. If your MySQL version is not prone * to this stupid bug, just copy the commented lines below and execute them as a query * on your MySQL database
* Copyright (C) 2009, BlackLight * * * * This program is free software: you can redistribute it and/or modify it under the terms of the * * GNU General Public License as published by the Free Software Foundation, either version 3 of * * the License, or (at your option) any later version. This program is distributed in the hope * * that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. You should have received a copy of the GNU General Public License along with * * this program. If not, see <http://www.gnu.org/licenses/>. * **************************************************************************************************/ require_once './config.ini'; require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; $page = $_GET['page'] ? getInt($_GET['page']) : 1; $start = ($page - 1) * 10; $db = new nullBB_Database($_CONF, $_LANG); $res = $db->query('select * from ' . $_CONF['dbprefix'] . "users order by user_regtime limit {$start},10"); $db->freeResult(); $num = $db->query('select count(*) as num from ' . $_CONF['dbprefix'] . 'users'); $db->freeResult(); $num = getInt($num[0]['num']); ?> <center> > <a class="topicHead" href="<?php print BASEDIR; ?> "><?php print $_CONF['title']; ?> home</a> > <?php
**************************************************************************************************/ require_once './config.ini'; require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; ?> <table class="main"> <?php if (!isset($_GET['id'])) { print '<tr class="forums"><td class="forums">' . $_LANG['invalid_forum'] . '</td></tr>'; print '</table></body></html>'; exit(0); } $id = getInt($_GET['id']); $db = new nullBB_Database($_CONF, $_LANG); $res = $db->query('select forum_viewgroup from ' . $_CONF['dbprefix'] . 'forums where ' . "forum_id='" . $id . "'"); $db->freeResult(); $forum_viewgroup = getInt($res[0]['forum_viewgroup']); unset($res); if ($forum_viewgroup < USERLEV_ANY) { if (!$session->logged) { notification($_LANG['insufficient_privileges'], $_SERVER['HTTP_REFERER'], 3); die; } if ($userinfo['user_group'] > $forum_viewgroup) { notification($_LANG['insufficient_privileges'], $_SERVER['HTTP_REFERER'], 3); die; } } $res = $db->query("select forum_name from " . $_CONF['dbprefix'] . "forums where forum_id='{$id}'"); $db->freeResult();
onMouseUp="disableContextMenu()"> <div class="container"> <?php ?> <h1 class="maintitle" align="center"><a class="maintitle" href="/"><?php print $_CONF['headname']; ?> </a></h1><br> <center><span style="font-size: 9px"><?php print $_LANG['right_click_menu']; ?> </span></center> <br><br> <?php if ($session->logged) { $db = new nullBB_Database($_CONF, $_LANG); $res = $db->query('select count(*) as num from ' . $_CONF['dbprefix'] . 'privmsgs where privmsg_to=' . getInt($userinfo['user_id']) . ' and ' . 'privmsg_seen=0'); $db->freeResult(); $num = getInt($res[0]['num']); if ($num > 0) { print '<script language="javascript" type="text/javascript">alert(' . "'You have " . $num . " unread messages');</script>"; } $db->close(); } ?>
notification($_LANG['username_too_long'], $_SERVER['HTTP_REFERER'], 3); die; } if (strstr($user, "'")) { notification($_LANG['username_invalid_character'], $_SERVER['HTTP_REFERER'], 3); die; } if (strcmp($pass, $repeat_pass)) { notification($_LANG['not_matching_passwords'], $_SERVER['HTTP_REFERER'], 3); die; } if (!preg_match('/^[a-zA-Z0-9_\\.-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-\\.]+$/', $_POST['email'])) { notification($_LANG['invalid_email_address'], $_SERVER['HTTP_REFERER'], 3); die; } $res = $db->query('select user_email from ' . $_CONF['dbprefix'] . "users where user_email='" . $_POST['email'] . "'"); $db->freeResult(); if (!empty($res)) { notification($_LANG['email_already_assigned'], $_SERVER['HTTP_REFERER'], 3); die; } $pass = sha1(md5($pass)); $email = $_POST['email']; $captcha = $_POST['captcha']; $input_captcha = md5(md5($_POST['input_captcha'])); if ($captcha != $input_captcha) { notification($_LANG['wrong_captcha'], $_SERVER['HTTP_REFERER'], 3); die; } $res = $db->query('select user_id from ' . $_CONF['dbprefix'] . "users where username='******'"); if (!empty($res)) {
case 'edit_name': break; default: die; break; } $defaultGroups = array(USERLEV_GOD, USERLEV_ADMIN, USERLEV_GLOBALMOD, USERLEV_MOD, USERLEV_USER, USERLEV_ANY, USERLEV_BANNED); $gid = getInt($_REQUEST['gid']); $db = new nullBB_Database($_CONF, $_LANG); switch ($action) { case 'delete': if (in_array($gid, $default_groups)) { print '<script>alert("' . $_LANG['no_delete_default_group'] . '")</script>' . '<meta http-equiv="Refresh" value="0;url=' . $_SERVER['HTTP_REFERER'] . '">'; die; } $db->query('update ' . $_CONF['dbprefix'] . 'users set user_group=' . USERLEV_USER . ' where user_group=' . $gid); $db->query('delete from ' . $_CONF['dbprefix'] . 'groups where group_id=' . $gid); header('Location: ' . $_SERVER['HTTP_REFERER']); break; case 'new': $name = sanitizeQuery($_REQUEST['group_name']); if (!$name) { die; } $res = $db->query('select group_id, group_name from ' . $_CONF['dbprefix'] . 'groups where group_id = ' . $gid); if (!empty($res)) { print '<script>alert("' . $_LANG['group_id_already_exists'] . ': ' . sanitizeHTML($res[0]['group_name']) . '")</script>' . '<meta http-equiv="Refresh" value="0;url=' . $_SERVER['HTTP_REFERER'] . '">'; die; } $db->query('insert into ' . $_CONF['dbprefix'] . 'groups(group_id, group_name) values(' . $gid . ", '" . $name . "')"); header('Location: ' . $_SERVER['HTTP_REFERER']);
die; } $db = new nullBB_Database($_CONF, $_LANG); if ($_POST['search_string']) { $string = sanitizeQuery($_POST['search_string']); } if ($_POST['search_author']) { if ($_POST['search_author'] == '*') { $_POST['search_author'] = null; } else { $author = sanitizeQuery($_POST['search_author']); $author = str_replace('*', '%', $author); } } if ($string && $author) { $res = $db->query('select f.forum_id, t.topic_id, p.post_id, u_topic.user_id as topic_user_id, u_post.user_id as post_user_id, p.post_time, forum_name, topic_title, u_topic.username as topic_author, u_post.username as post_author, topic_replies from ' . $_CONF['dbprefix'] . 'users u_topic join ' . $_CONF['dbprefix'] . 'forums f join ' . $_CONF['dbprefix'] . 'posts p join ' . $_CONF['dbprefix'] . 'topics t join ' . $_CONF['dbprefix'] . 'users u_post on f.forum_id=t.forum_id and p.topic_id=t.topic_id and p.forum_id=f.forum_id ' . "and p.poster_id=u_post.user_id and t.topic_poster=u_topic.user_id where post_content like '%" . $string . "%' " . "and u_post.username like '" . $author . "' order by p.post_time desc"); } else { if (!$author) { $res = $db->query('select f.forum_id, t.topic_id, p.post_id, u_topic.user_id as topic_user_id, u_post.user_id as post_user_id, p.post_time, forum_name, topic_title, u_topic.username as topic_author, u_post.username as post_author, topic_replies from ' . $_CONF['dbprefix'] . 'users u_topic join ' . $_CONF['dbprefix'] . 'forums f join ' . $_CONF['dbprefix'] . 'posts p join ' . $_CONF['dbprefix'] . 'topics t join ' . $_CONF['dbprefix'] . 'users u_post on f.forum_id=t.forum_id and p.topic_id=t.topic_id and p.forum_id=f.forum_id ' . "and p.poster_id=u_post.user_id and t.topic_poster=u_topic.user_id where post_content like '%" . $string . "%' " . "order by p.post_time desc"); } else { if (!$string) { $res = $db->query('select f.forum_id, t.topic_id, p.post_id, u_topic.user_id as topic_user_id, u_post.user_id as post_user_id, p.post_time, forum_name, topic_title, u_topic.username as topic_author, u_post.username as post_author, topic_replies from ' . $_CONF['dbprefix'] . 'users u_topic join ' . $_CONF['dbprefix'] . 'forums f join ' . $_CONF['dbprefix'] . 'posts p join ' . $_CONF['dbprefix'] . 'topics t join ' . $_CONF['dbprefix'] . 'users u_post on f.forum_id=t.forum_id and p.topic_id=t.topic_id and p.forum_id=f.forum_id ' . "and p.poster_id=u_post.user_id and t.topic_poster=u_topic.user_id " . "where u_post.username like '" . $author . "' order by p.post_time desc"); } } } $db->freeResult(); ?> <center>> <a class="topicHead" href="<?php print BASEDIR; ?>
if ($_GET['vote'] == 'minus') { $vote = -1; } else { notification($_LANG['invalid_vote'], $_SERVER['HTTP_REFERER'], 3); die; } } if (!$session->logged) { notification($_LANG['not_logged_in'], $_SERVER['HTTP_REFERER'], 3); die; } if ($session->user_id == $user) { notification($_LANG['self_vote'], $_SERVER['HTTP_REFERER'], 3); die; } $res = $db->query('select * from ' . $_CONF['dbprefix'] . 'karma where user_id=' . $user . ' and voter=' . $session->user_id); $db->freeResult(); if (!empty($res)) { notification($_LANG['already_voted'], $_SERVER['HTTP_REFERER'], 3); unset($res); die; } $db->query('insert into ' . $_CONF['dbprefix'] . 'karma(user_id, voter, vote) ' . "values('{$user}', '" . $session->user_id . "', '{$vote}')"); $db->query('update ' . $_CONF['dbprefix'] . 'users set user_karma = user_karma + ' . $vote . ' where user_id = ' . $user); notification($_LANG['karma_ok'], $_SERVER['HTTP_REFERER'], 3); } else { $username = $db->query('select username from ' . $_CONF['dbprefix'] . 'users where user_id=' . $user); $db->freeResult(); $username = sanitizeHTML($username[0]['username']); $res = $db->query('select u1.user_id as voted_id, u1.username as username_voted, u2.user_id as voter_id, u2.username as username_voter, k.vote ' . 'from ' . $_CONF['dbprefix'] . 'karma k, ' . $_CONF['dbprefix'] . 'users u1, ' . $_CONF['dbprefix'] . 'users u2 ' . 'where k.user_id=u1.user_id and k.voter=u2.user_id and u1.user_id=' . $user); $db->freeResult();
case 'forum': require_once ABSOLUTE_BASEPATH . '/db.' . PHPEXT; $db = new nullBB_Database($_CONF, $_LANG); $res = $db->query('select forum_id, forum_name, forum_desc from ' . $_CONF['dbprefix'] . 'forums ' . 'order by forum_vieworder'); $db->freeResult(); print '<a href="javascript:newForum()" style="padding-left: 10px">' . $_LANG['new_forum'] . '</a><br>' . '<form action="editforum.' . PHPEXT . '?action=new" method="POST">' . '<div id="newforum" style="padding-left: 10px"></div><br>' . '</form>' . '<table class="forumlist">' . "\n"; foreach ($res as $row) { print '<tr class="forumlist">' . '<td class="forumlist">' . '<span id="name' . getInt($row['forum_id']) . '">' . '<a href="/forum/' . getInt($row['forum_id']) . '">' . sanitizeHTML($row['forum_name']) . '</a></span><br>' . '<span id="desc' . getInt($row['forum_id']) . '">' . sanitizeHTML($row['forum_desc']) . '</span></td>' . '<td class="forumlist" style="text-align: right">' . '<select id="' . $row['forum_id'] . '" name="forumaction" value="none" onChange="editForum(this)">' . '<option value="none">-- ' . $_LANG['choose_action'] . '</option>' . '<option value="delete">' . $_LANG['remove_forum'] . '</option>' . '<option value="move_up">' . $_LANG['move_up'] . '</option>' . '<option value="move_down">' . $_LANG['move_down'] . '</option>' . '<option value="edit_name">' . $_LANG['edit_name'] . '</option>' . '<option value="edit_desc">' . $_LANG['edit_desc'] . '</option>' . '<option value="edit_priv">' . $_LANG['edit_priv'] . '</option>' . '</select></td>' . '</tr>'; } print '</table>'; $db->close(); break; case 'group': require_once ABSOLUTE_BASEPATH . '/db.' . PHPEXT; $db = new nullBB_Database($_CONF, $_LANG); $res = $db->query('select * from ' . $_CONF['dbprefix'] . 'groups ' . 'order by group_id'); $db->freeResult(); $defaultGroups = array(USERLEV_GOD, USERLEV_ADMIN, USERLEV_GLOBALMOD, USERLEV_MOD, USERLEV_USER, USERLEV_ANY, USERLEV_BANNED); print '<a href="javascript:newGroup()" style="padding-left: 10px">' . $_LANG['new_group'] . '</a><br>' . '<form action="editgroup.' . PHPEXT . '?action=new" method="POST">' . '<div id="newgroup" style="padding-left: 10px"></div><br>' . '</form>' . '<table class="forumlist">' . "\n"; foreach ($res as $row) { print '<tr class="forumlist">' . '<td class="forumlist">' . '<span id="name' . getInt($row['group_id']) . '"'; if (!in_array($row['group_id'], $defaultGroups)) { print ' style="color: #990000"'; } print '>' . sanitizeHTML($row['group_name']) . '</span><br>' . '</td>' . '<td class="forumlist" style="text-align: right">' . '<select id="' . $row['group_id'] . '" name="groupaction" value="none" onChange="editGroup(this)">' . '<option value="none">-- ' . $_LANG['choose_action'] . '</option>'; if (!in_array($row['group_id'], $defaultGroups)) { print '<option value="delete">' . $_LANG['remove_group'] . '</option>'; } print '<option value="edit_name">' . $_LANG['edit_name'] . '</option>' . '</select></td>' . '</tr>'; } print '</table>';
<table class="main"> <?php if (!isset($_GET['id'])) { die($_LANG['invalid_topic']); } $id = getInt($_GET['id']); if (!isset($_GET['page'])) { $page = 1; } else { $page = getInt($_GET['page']); } $start = intval(($page - 1) * 10); $db = new nullBB_Database($_CONF, $_LANG); $res = $db->query("select * from " . $_CONF['dbprefix'] . "topics where topic_id='{$id}'"); $db->freeResult(); $numPosts = getInt($res[0]['topic_replies']) - 1; if (empty($res)) { print '<tr class="forums"><td class="forums">' . $_LANG['invalid_topic'] . '</td></tr>'; print '</table></body></html>'; exit(0); } $forum_id = getInt($res[0]['forum_id']); $topic_disabled = getInt($res[0]['topic_disabled']); $res = $db->query('select forum_viewgroup from ' . $_CONF['dbprefix'] . 'forums ' . "where forum_id='" . $forum_id . "'"); $db->freeResult(); $forum_viewgroup = getInt($res[0]['forum_viewgroup']); if ($forum_viewgroup < USERLEV_ANY) { if (!$session->logged) { notification($_LANG['insufficient_privileges'], $_SERVER['HTTP_REFERER'], 3);
<?php } $db = new nullBB_Database($_CONF, $_LANG); print '<li class="contestmenu"><a class="contestmenu" href="' . BASEDIR . '">~ Forum home</li>'; print '<li class="contestmenu"><a class="contestmenu" href="' . BASEDIR . 'users.' . PHPEXT . '">~ ' . $_LANG['user_list'] . '</li>'; print '<li class="contestmenu"><a class="contestmenu" href="' . BASEDIR . 'search.' . PHPEXT . '">~ ' . $_LANG['search'] . '</li>'; print '<li class="contestmenu" style="border-bottom: 3px solid #fff"></li>'; if (!$logged) { print '<li class="contestmenu"><a class="contestmenu" href="' . BASEDIR . 'register.' . PHPEXT . '">~ Register</li>'; print '<li class="contestmenu"><a class="contestmenu" href="javascript:popLogin(' . "'" . BASEDIR . "'" . ')">~ Log in</li>'; } else { print '<li class="contestmenu"><a class="contestmenu" href="' . BASEDIR . 'logout.' . PHPEXT . '">~ Logout [' . sanitizeHTML($userinfo['username']) . ']</li>'; $basedir = preg_replace('/\\//', '', BASEDIR); print '<li class="contestmenu"><a class="contestmenu" href="' . BASEDIR . 'newposts.' . PHPEXT . '">~ ' . $_LANG['new_messages'] . '</li>'; print '<li class="contestmenu"><a class="contestmenu" href="' . BASEDIR . 'privmsg.' . PHPEXT . '">~ ' . $_LANG['privmsg']; $res = $db->query('select count(*) as num from ' . $_CONF['dbprefix'] . 'privmsgs where privmsg_to=' . getInt($userinfo['user_id']) . ' and privmsg_seen=0'); $db->freeResult(); $num = getInt($res[0]['num']); if ($num > 0) { print ' <b>(' . $num . '</b> new)'; } print '</li>'; print '<li class="contestmenu"><a class="contestmenu" href="' . BASEDIR . 'profile.' . PHPEXT . '">~ ' . $_LANG['user_panel'] . '</li>'; if (preg_match('/\\/' . $basedir . '\\/([0-9]+)/', $_SERVER['HTTP_REFERER'], $match)) { $forum_id = getInt($match[1]); $res = $db->query('select forum_postgroup from ' . $_CONF['dbprefix'] . 'forums ' . "where forum_id='" . $forum_id . "'"); $db->freeResult(); $forum_postgroup = getInt($res[0]['forum_postgroup']); unset($res); if ($userinfo['user_group'] <= $forum_postgroup) { print '<li class="contestmenu"><a class="contestmenu" href="javascript:newTopic(' . BASEDIR . ',' . $forum_id . ')">~ New topic</a></li>';
print $_CONF['title']; ?> home</a> > <?php print $_LANG['new_messages']; ?> <br><br></center> <table class="main"> <?php if (!$session->logged) { notification($_LANG['not_logged_in'], $_SERVER['HTTP_REFERER'], 3); die; } $db = new nullBB_Database($_CONF, $_LANG); $res = $db->query('select * from ' . $_CONF['dbprefix'] . "newtopics where post_time > " . getInt($session->session_lasttime) . " order by post_time desc"); $res = $db->query('select f.forum_id, f.forum_name, t.topic_id, t.topic_title, t.topic_lastreply, t.topic_disabled, p.poster_id, u.username as last_poster, p.post_time ' . 'from ' . $_CONF['dbprefix'] . 'viewtopics v join ' . $_CONF['dbprefix'] . 'topics t join ' . $_CONF['dbprefix'] . 'posts p join ' . $_CONF['dbprefix'] . 'forums f join ' . $_CONF['dbprefix'] . 'users u ' . 'on v.topic_id=t.topic_id and t.forum_id=f.forum_id ' . 'and p.forum_id=f.forum_id ' . 'and p.topic_id=t.topic_id ' . 'and p.poster_id=u.user_id ' . 'where p.post_time > ' . getInt($session->session_lasttime) . ' ' . 'and p.post_id=t.topic_lastreply ' . 'and ( (v.user_id=' . getInt($userinfo['user_id']) . ' ' . 'and p.post_time > v.viewtime) ' . 'or (t.topic_id not in ' . '(select topic_id from ' . $_CONF['dbprefix'] . 'viewtopics where user_id=' . getInt($userinfo['user_id']) . ')) ) ' . 'group by t.topic_id ' . 'order by post_time desc'); $db->freeResult(); if (empty($res)) { notification($_LANG['no_new_posts'], $_SERVER['HTTP_REFERER'], 3); die; } ?> <table class="newposts"> <tr> <th>Forum</th> <th>Topic</th> <th><?php print $_LANG['latest_post'];
* GNU General Public License as published by the Free Software Foundation, either version 3 of * * the License, or (at your option) any later version. This program is distributed in the hope * * that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. You should have received a copy of the GNU General Public License along with * * this program. If not, see <http://www.gnu.org/licenses/>. * **************************************************************************************************/ require_once './config.ini'; require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; ?> <table class="main"> <?php $db = new nullBB_Database($_CONF, $_LANG); $res = $db->query('select * from ' . $_CONF['dbprefix'] . 'forums order by forum_vieworder'); $db->freeResult(); if (empty($res)) { print '<tr class="forums"><td class="forums">' . $_LANG['no_forums'] . '</td></tr>'; } foreach ($res as $row) { $forum_viewgroup = getInt($row['forum_viewgroup']); if ($forum_viewgroup < USERLEV_ANY) { if (!$session->logged) { continue; } if ($userinfo['user_group'] > $forum_viewgroup) { continue; } } $lasttime = $row['forum_lasttime'] == '0' ? $_LANG['no_posts'] : $row['forum_lasttime'];
* more details. You should have received a copy of the GNU General Public License along with * * this program. If not, see <http://www.gnu.org/licenses/>. * **************************************************************************************************/ require_once './config.ini'; require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; ?> <table class="userinfo"> <?php if (!isset($_GET['id'])) { die($_LANG['invalid_user']); } $id = getInt($_GET['id']); $db = new nullBB_Database($_CONF, $_LANG); $user = $db->query('select u.*, g.group_name from ' . $_CONF['dbprefix'] . 'users u join ' . $_CONF['dbprefix'] . 'groups g on u.user_group=g.group_id ' . 'where user_id=' . $id); $db->freeResult(); if (empty($user)) { die($_LANG['user_not_found']); } ?> <center> > <a class="topicHead" href="<?php print BASEDIR; ?> "><?php print $_CONF['title']; ?> home</a> > <?php
notification($_LANG['disabled_user'], $_SERVER['HTTP_REFERER'], 3); die; } if (!isset($_POST['forum_id']) || !is_numeric($_POST['forum_id'])) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['invalid_forum'], $_SERVER['HTTP_REFERER'], 3); die; } if (!$_POST['topic_title'] || empty($_POST['topic_title'])) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['empty_topic_title'], $_SERVER['HTTP_REFERER'], 3); die; } $db = new nullBB_Database($_CONF, $_LANG); $forum_id = getInt($_POST['forum_id']); $forum = $db->query('select forum_id from ' . $_CONF['dbprefix'] . 'forums where ' . 'forum_id = ' . $forum_id); $db->freeResult(); if (empty($forum)) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['invalid_forum'], $_SERVER['HTTP_REFERER'], 3); die; } $res = $db->query('select forum_postgroup from ' . $_CONF['dbprefix'] . 'forums where ' . "forum_id='" . $forum_id . "'"); $db->freeResult(); $forum_postgroup = getInt($res[0]['forum_postgroup']); unset($res); if ($userinfo['user_group'] > $forum_postgroup) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['insufficient_privileges'], $_SERVER['HTTP_REFERER'], 3); die; }
* * * This program is free software: you can redistribute it and/or modify it under the terms of the * * GNU General Public License as published by the Free Software Foundation, either version 3 of * * the License, or (at your option) any later version. This program is distributed in the hope * * that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. You should have received a copy of the GNU General Public License along with * * this program. If not, see <http://www.gnu.org/licenses/>. * **************************************************************************************************/ require_once '../config.ini'; require_once ABSOLUTE_BASEPATH . '/utils.' . PHPEXT; require_once ABSOLUTE_BASEPATH . '/session.' . PHPEXT; if ($_POST['username'] && $_POST['password']) { $db = new nullBB_Database($_CONF, $_LANG); $user = sanitizeQuery($_POST['username']); $res = $db->query('select * from ' . $_CONF['dbprefix'] . "users where username='******' " . "and user_password='******'password'])) . "'"); if (empty($res)) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['wrong_user_pass'], $_SERVER['HTTP_REFERER'], 3); die; } else { if ($res[0]['user_group'] > USERLEV_ADMIN) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['insufficient_privileges'] . ' -> ' . $res[0]['user_group'], $_SERVER['HTTP_REFERER'], 3); die; } setcookie('admin_sid', sha1(md5($res[0]['username'] . $res[0]['user_password']))); $user = sanitizeHTML($user); notification($_LANG['login_ok'] . ' ' . $user, $_SERVER['HTTP_REFERER'], 3); exit(0); }
<?php /************************************************************************************************** * nullBB - Light CMS forum * * Copyright (C) 2009, BlackLight * * * * This program is free software: you can redistribute it and/or modify it under the terms of the * * GNU General Public License as published by the Free Software Foundation, either version 3 of * * the License, or (at your option) any later version. This program is distributed in the hope * * that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. You should have received a copy of the GNU General Public License along with * * this program. If not, see <http://www.gnu.org/licenses/>. * **************************************************************************************************/ require_once './config.ini'; require_once ABSOLUTE_BASEPATH . '/utils.' . PHPEXT; require_once ABSOLUTE_BASEPATH . '/db.' . PHPEXT; $db = new nullBB_Database($_CONF, $_LANG); $users = $db->query('select username from ' . $_CONF['dbprefix'] . 'users'); foreach ($users as $row) { print sanitizeHTML($row['username']) . "\n"; } $db->freeResult(); $db->close(); unset($users);
/************************************************************************************************** * nullBB - Light CMS forum * * Copyright (C) 2009, BlackLight * * * * This program is free software: you can redistribute it and/or modify it under the terms of the * * GNU General Public License as published by the Free Software Foundation, either version 3 of * * the License, or (at your option) any later version. This program is distributed in the hope * * that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. You should have received a copy of the GNU General Public License along with * * this program. If not, see <http://www.gnu.org/licenses/>. * **************************************************************************************************/ require_once '../config.ini'; require_once ABSOLUTE_BASEPATH . '/db.' . PHPEXT; require_once ABSOLUTE_BASEPATH . '/utils.' . PHPEXT; if (!$_GET['user']) { die; } $db = new nullBB_Database($_CONF, $_LANG); $user = sanitizeQuery($_GET['user']); $user = str_replace('*', '%', $user); $res = $db->query("select user_id, username from " . $_CONF['dbprefix'] . 'users ' . "where username like '" . $user . "'"); if (empty($res)) { die; } foreach ($res as $row) { print getInt($row['user_id']) . ' # ' . sanitizeHTML($row['username']) . "\n"; } unset($res); $db->freeResult(); $db->close();
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. You should have received a copy of the GNU General Public License along with * * this program. If not, see <http://www.gnu.org/licenses/>. * **************************************************************************************************/ require_once './config.ini'; require_once ABSOLUTE_BASEPATH . '/languages/' . BOARD_LANGUAGE . '.lang'; require_once ABSOLUTE_BASEPATH . '/db.' . PHPEXT; require_once ABSOLUTE_BASEPATH . '/utils.' . PHPEXT; require_once ABSOLUTE_BASEPATH . '/session.' . PHPEXT; if (empty($_REQUEST['topic_id']) || !$session->logged) { notification("Invalid request", $_SERVER['HTTP_REFERER'], 3); die; } $db = new nullBB_Database($_CONF, $_LANG); $topic_id = getInt($_REQUEST['topic_id']); $res = $db->query('select * from ' . $_CONF['dbprefix'] . 'topics where topic_id=' . $topic_id); $db->freeResult(); if (empty($res)) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['invalid_topic'], $_SERVER['HTTP_REFERER'], 3); die; } $topic_disabled = getInt($res[0]['topic_disabled']); if ($_GET['lock']) { if (!$session->logged || $userinfo['user_group'] > USERLEV_MOD) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['lock_error'], $_SERVER['HTTP_REFERER'], 3); die; } if ($topic_disabled) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;