<?php include "lib/common.php"; AssertForbidden("optimize"); $rStats = Query("show table status"); while ($stat = Fetch($rStats)) { $tables[$stat['Name']] = $stat; } $tablelist = ""; $total = 0; foreach ($tables as $table) { $cellClass = ($cellClass + 1) % 2; $overhead = $table['Data_free']; $total += $overhead; $status = __("OK"); if ($overhead > 0) { Query("OPTIMIZE TABLE `" . $table['Name'] . "`"); $status = "<strong>" . __("Optimized") . "</strong>"; } $tablelist .= format("\n\t<tr class=\"cell{0}\">\n\t\t<td class=\"cell2\">{1}</td>\n\t\t<td>\n\t\t\t{2}\n\t\t</td>\n\t\t<td>\n\t\t\t{3}\n\t\t</td>\n\t\t<td>\n\t\t\t{4}\n\t\t</td>\n\t</tr>\n", $cellClass, $table['Name'], $table['Rows'], $overhead, $status); } write("\n<table class=\"outline margin\">\n\t<tr class=\"header0\">\n\t\t<th colspan=\"7\">\n\t\t\t" . __("Table Status") . "\n\t\t</th>\n\t</tr>\n\t<tr class=\"header1\">\n\t\t<th>\n\t\t\t" . __("Name") . "\n\t\t</th>\n\t\t<th>\n\t\t\t" . __("Rows") . "\n\t\t</th>\n\t\t<th>\n\t\t\t" . __("Overhead") . "\n\t\t</th>\n\t\t<th>\n\t\t\t" . __("Final Status") . "\n\t\t</th>\n\t</tr>\n\t{0}\n\t<tr class=\"header0\">\n\t\t<th colspan=\"7\" style=\"font-size: 130%;\">\n\t\t\t" . __("Excess trimmed: {1} bytes") . "\n\t\t</th>\n\t</tr>\n</table>\n\n", $tablelist, $total);
<?php $title = __("Mood avatars"); $crumbs = new PipeMenu(); $crumbs->add(new PipeMenuLinkEntry(__("Mood avatars"), "editavatars")); makeBreadcrumbs($crumbs); AssertForbidden("editMoods"); if (!$loguserid) { Kill(__("You must be logged in to edit your avatars.")); } if (isset($_POST['action'])) { $mid = (int) $_POST['mid']; if ($_POST['action'] == __("Rename")) { Query("update {moodavatars} set name={0} where mid={1} and uid={2}", $_POST['name'], $mid, $loguserid); Alert(__("Avatar renamed."), __("Okay")); } else { if ($_POST['action'] == __("Delete")) { Query("delete from {moodavatars} where uid={0} and mid={1}", $loguserid, $mid); Query("update {posts} set mood=0 where user={0} and mood={1}", $loguserid, $mid); if (file_exists("{$dataDir}avatars/" . $loguserid . "_" . $mid)) { unlink("{$dataDir}avatars/" . $loguserid . "_" . $mid); } Alert(__("Avatar deleted."), __("Okay")); } else { if ($_POST['action'] == __("Add")) { $highest = FetchResult("select mid from {moodavatars} where uid={0} order by mid desc limit 1", $loguserid); if ($highest < 1) { $highest = 1; } $mid = $highest + 1; //Begin copypasta from edituser/editprofile_avatar...
$cat = getCategory($_GET["cat"]); if (!is_numeric($_GET["cat"])) { Kill('Invalid category'); } $cat = getCategory($_GET["cat"]); $crumbs = new PipeMenu(); $crumbs->add(new PipeMenuLinkEntry(__("Uploader"), "uploader")); $crumbs->add(new PipeMenuLinkEntry($cat["name"], "uploaderlist", "", "cat=" . $cat["id"])); $crumbs->add(new PipeMenuTextEntry(__("Upload file"))); makeBreadcrumbs($crumbs); if ($loguserid && IsAllowed("useUploader")) { print format("\n\t\t<script type=\"text/javascript\">\n\t\t\twindow.addEventListener(\"load\", function() { hookUploadCheck(\"newfile\", 1, {1}) }, false);\n\t\t</script>\n\t\t<form action=\"" . actionLink("uploader") . "\" method=\"post\" enctype=\"multipart/form-data\">\n\t\t\t<input type='hidden' name='cat' value='{$_GET["cat"]}'>\n\t\t\t<table class=\"outline margin\">\n\t\t\t\t<tr class=\"header0\">\n\t\t\t\t\t<th colspan=\"4\">" . __("Upload") . "</th>\n\t\t\t\t</tr>\n\t\t\t\t<tr class=\"cell0\">\n\t\t\t\t\t<td>File</td><td>\n\t\t\t\t\t\t<input type=\"file\" id=\"newfile\" name=\"newfile\" style=\"width: 80%;\" />\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr class=\"cell1\">\n\t\t\t\t\t<td>Description</td><td>\n\t\t\t\t\t\t<input type=\"text\" name=\"description\" style=\"width: 80%;\" />\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr class=\"cell0\">\n\t\t\t\t\t<td></td><td>\n\t\t\t\t\t\t<input type=\"submit\" id=\"submit\" name=\"action\" value=\"" . __("Upload") . "\" disabled=\"disabled\" />\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr class=\"cell1 smallFonts\">\n\t\t\t\t\t<td colspan=\"3\">\n\t\t\t\t\t\t" . __("The maximum upload size is {0} per file. You can upload the following types: {2}.") . "\n\t\t\t\t\t\t<div id=\"sizeWarning\" style=\"display: none; font-weight: bold\">" . __("File is too large.") . "</div>\n\t\t\t\t\t\t<div id=\"typeWarning\" style=\"display: none; font-weight: bold\">" . __("File is not an allowed type.") . "</div>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t</table>\n\t\t</form>\n\t\t", BytesToSize($maxSizeMult), $maxSizeMult, Settings::pluginGet('uploaderWhitelist')); } } else { if ($_GET['action'] == __("Upload")) { AssertForbidden("useUploader"); if ($loguserid) { $cat = getCategory($_POST["cat"]); $targetdir = $rootdir; $quot = $quota; $privateFlag = 0; if ($_POST['cat'] == -1) { $quot = $pQuota; $targetdir = $rootdir . "/" . $loguserid; $privateFlag = 1; } $totalsize = foldersize($targetdir); mkdir($targetdir); $files = scandir($targetdir); if (in_array($_FILES['newfile']['name'], $files)) { Alert(format(__("The file \"{0}\" already exists. Please delete the old copy before uploading a new one."), $_FILES['newfile']['name']));
<?php // AcmlmBoard XD - Member list page // Access: all include "lib/common.php"; $title = __("Member list"); AssertForbidden("viewMembers"); $tpp = $loguser['threadsperpage']; if ($tpp < 1) { $tpp = 50; } if (isset($_GET['from'])) { $from = (int) $_GET['from']; } else { $from = 0; } if (isset($dir)) { unset($dir); } if (isset($_GET['dir'])) { $dir = $_GET['dir']; if ($dir != "asc" && $dir != "desc") { unset($dir); } } $sort = $_GET['sort']; $sex = $_GET['sex']; if (isset($_GET['pow']) && $_GET['pow'] != "") { $pow = (int) $_GET['pow']; } if (isset($_GET['letter']) && is_string($_GET['letter'])) {
} } else { Kill(__("Unknown forum ID.")); } setUrlName("newreply", $tid, $thread["title"]); setUrlName("editthread", $tid, $thread["title"]); $threadtags = ParseThreadTags($thread['title']); $title = $threadtags[0]; Query("update {threads} set views=views+1 where id={0} limit 1", $tid); if (isset($_GET['from'])) { $fromstring = "from=" . (int) $_GET["from"]; } else { $fromstring = ""; } if (isset($_GET['vote'])) { AssertForbidden("vote"); if (!$loguserid) { Kill(__("You can't vote without logging in.")); } if ($thread['closed']) { Kill(__("Poll's closed!")); } if (!$thread['poll']) { Kill(__("This is not a poll.")); } if ($loguser["token"] != $_GET['token']) { Kill(__("Invalid token.")); } $vote = (int) $_GET['vote']; $doublevote = FetchResult("select doublevote from {poll} where id={0}", $thread['poll']); $existing = FetchResult("select count(*) from {pollvotes} where poll={0} and choiceid={1} and user={2}", $thread['poll'], $vote, $loguserid);
<?php // AcmlmBoard XD - Board Settings editing page // Access: administrators include "lib/common.php"; $title = __("Edit settings"); AssertForbidden("editSettings"); if ($loguser['powerlevel'] < 3) { Kill(__("You must be an administrator to edit the board settings.")); } $key = hash('sha256', "{$loguserid},{$loguser['pss']},{$salt}"); if (isset($_POST['action']) && $key != $_POST['key']) { Kill(__("No.")); } if ($_POST['action'] == __("Edit")) { if ((double) $_POST['uploaderCap'] <= 0) { $_POST['uploaderCap'] = "0.25"; } if ((double) $_POST['personalCap'] <= 0) { $_POST['personalCap'] = "0.25"; } if ((double) ($_POST['uploaderMaxFileSize'] * 1024 * 1024) > IniValToBytes(ini_get("upload_max_filesize")) || (double) $_POST['uploaderMaxFileSize'] <= 0) { $_POST['uploaderMaxFileSize'] = floor(IniValToBytes(ini_get("upload_max_filesize")) / 1024 / 1024); } $hax = fopen("lib/settings.php", "w"); fputs($hax, "<?php\n"); fputs($hax, "//Generated and parsed by the Board Settings admin panel.\n"); fputs($hax, "\n"); fputs($hax, "//Settings\n"); fputs($hax, "\$boardname = " . var_export($_POST['boardname'], true) . ";\n"); fputs($hax, "\$logoalt = " . var_export($_POST['logoalt'], true) . ";\n");
<?php // AcmlmBoard XD - The Records // Access: all include "lib/common.php"; $title = __("Records"); AssertForbidden("viewRecords"); $df = "l, F jS Y, G:i:s"; write("\n<table class=\"outline margin width75\">\n\t<tr class=\"header0\">\n\t\t<th colspan=\"2\">\n\t\t\t" . __("Highest Numbers") . "\n\t\t</th>\n\t</tr>\n\t<tr class=\"cell0\">\n\t\t<td>\n\t\t\t" . __("Highest number of posts in 24 hours") . "\n\t\t</td>\n\t\t<td>\n\t\t\t" . __("<strong>{0}</strong>, on {1} GMT") . "\n\t\t</td>\n\t</tr>\n\t<tr class=\"cell1\">\n\t\t<td>\n\t\t\t" . __("Highest number of posts in one hour") . "\n\t\t</td>\n\t\t<td>\n\t\t\t" . __("<strong>{2}</strong>, on {3} GMT") . "\n\t\t</td>\n\t</tr>\n\t<tr class=\"cell0\">\n\t\t<td>\n\t\t\t" . __("Highest number of users in five minutes") . "\n\t\t</td>\n\t\t<td>\n\t\t\t" . __("<strong>{4}</strong>, on {5} GMT") . "\n\t\t</td>\n\t</tr>\n\t<tr class=\"cell1\">\n\t\t<td></td>\n\t\t<td>\n\t\t\t{6}\n\t\t</td>\n\t</tr>\n</table>\n", $misc['maxpostsday'], gmdate($df, $misc['maxpostsdaydate']), $misc['maxpostshour'], gmdate($df, $misc['maxpostshourdate']), $misc['maxusers'], gmdate($df, $misc['maxusersdate']), $misc['maxuserstext']); $rStats = Query("show table status"); while ($stat = Fetch($rStats)) { $tables[$stat['Name']] = $stat; } $tablelist = ""; $rows = $avg = $datlen = $idx = $datfree = 0; foreach ($tables as $table) { $cellClass = ($cellClass + 1) % 2; $tablelist .= format("\n\t<tr class=\"cell{0}\">\n\t\t<td class=\"cell2\">{1}</td>\n\t\t<td>\n\t\t\t{2}\n\t\t</td>\n\t\t<td>\n\t\t\t{3}\n\t\t</td>\n\t\t<td>\n\t\t\t{4}\n\t\t</td>\n\t\t<td>\n\t\t\t{5}\n\t\t</td>\n\t\t<td>\n\t\t\t{6}\n\t\t</td>\n\t\t<td>\n\t\t\t{7}\n\t\t</td>\n\t</tr>\n", $cellClass, $table['Name'], $table['Rows'], sp($table['Avg_row_length']), sp($table['Data_length']), sp($table['Index_length']), sp($table['Data_free']), sp($table['Data_length'] + $table['Index_length'])); $rows += $table['Rows']; $avg += $table['Avg_row_length']; $datlen += $table['Data_length']; $idx += $table['Index_length']; $datfree += $table['Data_free']; } write("\n<table class=\"outline margin\">\n\t<tr class=\"header0\">\n\t\t<th colspan=\"7\">\n\t\t\t" . __("Table Status") . "\n\t\t</th>\n\t</tr>\n\t<tr class=\"header1\">\n\t\t<th>\n\t\t\t" . __("Name") . "\n\t\t</th>\n\t\t<th>\n\t\t\t" . __("Rows") . "\n\t\t</th>\n\t\t<th>\n\t\t\t" . __("Avg. data/row") . "\n\t\t</th>\n\t\t<th>\n\t\t\t" . __("Data size") . "\n\t\t</th>\n\t\t<th>\n\t\t\t" . __("Index size") . "\n\t\t</th>\n\t\t<th>\n\t\t\t" . __("Unused data") . "\n\t\t</th>\n\t\t<th>\n\t\t\t" . __("Total size") . "\n\t\t</th>\n\t</tr>\n\t{0}\n\t<tr class=\"header1\">\n\t\t<th colspan=\"7\" style=\"height: 8px;\"></th>\n\t</tr>\n\t<tr class=\"cell2\">\n\t\t<td style=\"font-weight: bold;\">\n\t\t\t" . __("Total") . "\n\t\t</td>\n\t\t<td>\n\t\t\t{1}\n\t\t</td>\n\t\t<td>\n\t\t\t{2}\n\t\t</td>\n\t\t<td>\n\t\t\t{3}\n\t\t</td>\n\t\t<td>\n\t\t\t{4}\n\t\t</td>\n\t\t<td>\n\t\t\t{5}\n\t\t</td>\n\t\t<td>\n\t\t\t{6}\n\t\t</td>\n\t</tr>\n</table>\n", $tablelist, $rows, sp($avg), sp($datlen), sp($idx), sp($datfree), sp($datlen + $idx)); function sp($sz) { return number_format($sz, 0, '.', ','); }
<?php // AcmlmBoard XD - Forum list editing tool // Access: administrators include "lib/common.php"; AssertForbidden("editForum"); if ($loguser['powerlevel'] < 3) { Kill(__("You must be an administrator to edit the forum list.")); } if ($_POST['action'] == __("Move")) { $qForum = "update forums set forder=" . (int) $_POST['order'] . ", catid=" . (int) $_POST['category'] . " where id=" . (int) $_POST['fid'] . " limit 1"; $rForum = Query($qForum); Alert(__("Forum moved."), __("Notice")); } elseif ($_POST['action'] == "Add") { $qForum = "insert into forums (title, description, catid, forder) values ('" . justEscape($_POST['title']) . "', '" . justEscape($_POST['description']) . "', " . (int) $_POST['category'] . ", " . (int) $_POST['order'] . ")"; $rForum = Query($qForum); Alert(__("Forum added."), __("Notice")); } elseif ($_POST['action'] == __("Remove")) { $qForum = "select * from forums where id=" . (int) $_POST['fid']; $rForum = Query($qForum); $forum = Fetch($rForum); write("\n\t<div class=\"outline margin center width50\" style=\"margin: 0px auto 16px;\">\n\t\t<div class=\"errort\"><strong>" . __("Confirm deletion of \"{0}\"") . "</strong></div>\n\t\t<div class=\"errorc cell2\">\n\t\t\t<form action=\"editfora.php\" method=\"post\">\n\t\t\t\t<input type=\"submit\" name=\"action\" value=\"" . __("Yes, do as I say.") . "\" />\n\t\t\t\t<input type=\"hidden\" name=\"fid\" value=\"{1}\" />\n\t\t\t</form>\n\t\t</div>\n\t</div>\n", $forum['title'], (int) $forum['id']); } elseif ($_POST['action'] == __("Yes, do as I say.")) { $qForum = "delete from forums where id=" . (int) $_POST['fid']; $rForum = Query($qForum); Alert(__("Forum removed."), __("Notice")); } elseif ($_POST['action'] == __("Edit")) { $qForum = "update forums set title='" . justEscape($_POST['title']) . "', description='" . justEscape($_POST['description']) . "' where id=" . (int) $_POST['fid'] . " limit 1"; $rForum = Query($qForum); Alert(__("Forum edited."), __("Notice")); }
<?php $title = __("Ranks"); $crumbs = new PipeMenu(); $crumbs->add(new PipeMenuLinkEntry(__("Ranks"), "ranks")); makeBreadcrumbs($crumbs); AssertForbidden("viewRanks"); loadRanksets(); if (count($ranksetData) == 0) { Kill(__("No ranksets have been defined.")); } if (!isset($_GET["id"])) { $rankset = $loguser['rankset']; if (!$rankset || !isset($ranksetData[$rankset])) { $rankset = array_keys($ranksetData); $rankset = $rankset[0]; } die(header("Location: " . actionLink("ranks", $rankset))); } $rankset = $_GET['id']; if (!isset($ranksetData[$rankset])) { Kill(__("Rankset not found.")); } if (count($ranksetNames) > 1) { $ranksets = new PipeMenu(); foreach ($ranksetNames as $name => $title) { if ($name == $rankset) { $ranksets->add(new PipeMenuTextEntry($title)); } else { $ranksets->add(new PipeMenuLinkEntry($title, "ranks", $name)); }
<?php // AcmlmBoard XD - Rankset import tool // Access: administrators include "lib/common.php"; AssertForbidden("addRanks"); if ($loguser['powerlevel'] < 3) { Kill(__("You must be an administrator to import ranksets.")); } Query("truncate table ranks"); Query("truncate table ranksets"); include "ranksets.php"; $bads = array(" ", "-", ".", ",", "'", '"'); write("\n\t<table class=\"outline margin width25\">\n\t\t<tr class=\"header1\">\n\t\t\t<th>\n\t\t\t\t" . __("Postcount") . "\n\t\t\t</th>\n\t\t\t<th>\n\t\t\t\t" . __("Rank") . "\n\t\t\t</th>\n\t\t</tr>\n"); foreach ($ranks as $rankset) { write("\n\t\t<tr class=\"header0\">\n\t\t\t<th colspan=\"2\">\n\t\t\t\t{0}\n\t\t\t</th>\n\t\t</tr>\n", $rankset['name']); if (!$rankset['directory']) { $rankset['directory'] = strtolower($rankset['name']); } $index++; $description = format(__("Set index is {0}. Base directory is {1}."), $index, "<a href=\"img/ranks/" . $rankset['directory'] . "/\"><code>" . $rankset['directory'] . "</code></a>"); if ($rankset['notolower']) { $description .= " " . __("Set does not use lowercase filenames."); } if ($rankset['noimages']) { $description .= " " . __("Set is text-only."); } write("\n\t\t<tr class=\"cell1\">\n\t\t\t<td colspan=\"2\">\n\t\t\t\t{0}\n\t\t\t</td>\n\t\t</tr>\n", $description); Query("insert into ranksets (name) values ('" . $rankset['name'] . "')"); foreach ($rankset['ranks'] as $val => $text) { $img = "<img src=\"img/ranks/" . $rankset['directory'] . "/" . str_replace($bads, "", !$rankset['notolower'] ? strtolower($text) : $text) . ".png\" alt=\"" . $text . "\" /> " . ($rankset['splitlines'] ? "<br />" : "") . $text;
<?php $title = "Plugin Manager"; AssertForbidden("managePlugins"); if ($loguser['powerlevel'] < 3) { Kill(__("You must be an administrator to manage plugins.")); } $crumbs = new PipeMenu(); $crumbs->add(new PipeMenuLinkEntry(__("Admin"), "admin")); $crumbs->add(new PipeMenuLinkEntry(__("Plugin manager"), "pluginmanager")); makeBreadcrumbs($crumbs); if ($_GET["action"] == "enable") { if ($_GET["key"] != $loguser['token']) { Kill("No."); } Query("insert into {enabledplugins} values ({0})", $_GET["id"]); logAction("enableplugin", array('text' => $_GET["id"])); Upgrade(); redirectAction("pluginmanager"); } if ($_GET["action"] == "disable") { if ($_GET["key"] != $loguser['token']) { Kill("No."); } Query("delete from {enabledplugins} where plugin={0}", $_GET["id"]); logAction("disableplugin", array('text' => $_GET["id"])); redirectAction("pluginmanager"); } $pluginsDb = array(); $pluginList = query("SELECT * FROM {enabledplugins}"); while ($plugin = fetch($pluginList)) {
<?php // AcmlmBoard XD - Report/content mismatch fixing utility // Access: staff include "lib/common.php"; AssertForbidden("recalculate"); if ($loguser['powerlevel'] < 1) { Kill(__("Staff only, please.")); } print "<table class=\"outline margin width50\">"; print "<tr class=\"header1\"><th>" . __("Name") . "</th><th>" . __("Actual") . "</th><th>" . __("Reported") . "</th><th> </th></tr>"; print "<tr class=\"header0\"><th colspan=\"4\">" . __("Counting user's posts…") . "</th></tr>"; $qUsers = "select * from users"; $rUsers = Query($qUsers); while ($user = Fetch($rUsers)) { $cellClass = ($cellClass + 1) % 2; print "<tr class=\"cell" . $cellClass . "\">"; print "<td>" . htmlspecialchars($user['name']) . "</td>"; $qPosts = "select count(*) from posts where user="******"<td>" . $posts . "</td><td>" . $user['posts'] . "</td>"; print "<td style=\"background: " . ($posts == $user['posts'] ? "green" : "red") . ";\"></td>"; print "</tr>"; $qUser = "******" . $posts . " where id=" . $user['id'] . " limit 1"; $rUser = Query($qUser); RecalculateKarma($user['id']); } print "<tr class=\"header0\"><th colspan=\"4\">" . __("Counting thread replies…") . "</th></tr>"; $qThreads = "select * from threads"; $rThreads = Query($qThreads); while ($thread = Fetch($rThreads)) {
<?php $noAutoHeader = TRUE; include "lib/common.php"; if (isset($_POST['google'])) { $full = GetFullURL(); $here = substr($full, 0, strrpos($full, "/")); header("Location: http://www.google.com/search?q=" . urlencode($_POST['google'] . " site:" . $here)); } include "lib/header.php"; AssertForbidden("search"); write("\n<div style=\"float: left; width: 70%;\">\n\n\t<form action=\"search.php\" method=\"post\">\n\t\t<div class=\"outline PoRT margin width25\" style=\"margin: 16px; width: 100%; float: none;\">\n\t\t\t<div class=\"errort\">\n\t\t\t\t<strong>" . __("Google search") . "</strong>\n\t\t\t</div>\n\t\t\t<div class=\"errorc left cell0\" style=\"padding: 8px; font-size: 150%\">\n\t\t\t\t<input type=\"text\" maxlength=\"1024\" name=\"google\" style=\"width: 80%;\">\n\t\t\t\t \n\t\t\t\t<input type=\"submit\" value=\"" . __("Search") . "\">\n\t\t\t</div>\n\t\t</div>\n\t</form>\n"); if ($loguser['powerlevel'] < 1) { die("</div>"); } write("\n\t<form action=\"search.php\" method=\"get\">\n\t\t<div class=\"outline PoRT margin\" style=\"margin: 16px; width: 100%; float: none;\">\n\t\t\t<div class=\"errort\">\n\t\t\t\t<strong>" . __("Internal search") . "</strong>\n\t\t\t</div>\n\t\t\t<div class=\"errorc left cell0\" style=\"padding: 8px; font-size: 150%\">\n\t\t\t\t<input type=\"text\" maxlength=\"1024\" name=\"q\" style=\"width: 80%;\" value=\"" . htmlspecialchars($_GET['q']) . "\">\n\t\t\t\t \n\t\t\t\t<input type=\"submit\" value=\"" . __("Search") . "\">\n\t\t\t</div>\n\t\t</div>\n\t</form>\n</div>\n\n<div class=\"PoRT margin width25\">\n\t<div class=\"errort\"><strong>" . __("Search help") . "</strong></div>\n\t<div class=\"errorc left cell0\" style=\"padding: 8px 8px;\">\n\t\t" . __("Internal search checks both thread titles and post text, returning results from both.") . "\n\t\t<dl>\n\t\t\t<dt><samp>foo bar</samp></dt>\n\t\t\t<dd>" . __("Find entries with either term") . "</dd>\n\t\t\t<dt><samp>\"foo bar\"</samp></dt>\n\t\t\t<dd>" . __("Find entries with full phrase") . "</dd>\n\t\t\t<dt><samp>+foo -bar</samp></dt>\n\t\t\t<dd>" . __("Find entries with <var>foo</var> but not <var>bar</var>") . "</dd>\n\t\t</dl>\n\t</div>\n</div>\n\n<hr style=\"clear: both; visibility: hidden;\" />\n\n"); if (isset($_GET['q'])) { $totalResults = 0; $bool = htmlspecialchars($_GET['q']); $t = explode(" ", $bool); $terms = array(); foreach ($t as $term) { if ($term[0] == "-") { continue; } if ($term[0] == "+" || $term[0] == "\"") { $terms[] = substr($term, 1); } else { if ($term[strlen($term) - 1] == "*" || $term[strlen($term) - 1] == "\"") { $terms[] = substr($term, 0, strlen($term) - 1); } else {
<?php // AcmlmBoard XD - Thread submission/preview page // Access: users include "lib/common.php"; $title = __("New thread"); AssertForbidden("makeThread"); if (!$loguserid) { //Not logged in? Kill(__("You must be logged in to post.")); } if (isset($_POST['id'])) { $_GET['id'] = $_POST['id']; } if (!isset($_GET['id'])) { Kill(__("Forum ID unspecified.")); } $fid = (int) $_GET['id']; if ($loguser['powerlevel'] < 0) { Kill(__("You're banned.")); } $qFora = "select * from forums where id=" . $fid; $rFora = Query($qFora); if (NumRows($rFora)) { $forum = Fetch($rFora); } else { Kill(__("Unknown forum ID.")); } if ($forum['locked']) { Kill(__("This forum is locked.")); }
<?php $title = __("Uploader"); AssertForbidden("viewUploader"); $rootdir = $dataDir . "uploader"; if ($uploaderWhitelist) { $goodfiles = explode(" ", $uploaderWhitelist); } $badfiles = array("html", "htm", "php", "php2", "php3", "php4", "php5", "php6", "htaccess", "htpasswd", "mht", "js", "asp", "aspx", "cgi", "py", "exe", "com", "bat", "pif", "cmd", "lnk", "wsh", "vbs", "vbe", "jse", "wsf", "msc", "pl", "rb", "shtm", "shtml", "stm", "htc"); function listCategory($cat) { global $loguser, $loguserid, $rootdir, $userSelectUsers, $boardroot; if (isset($_GET['sort']) && $_GET['sort'] == "filename" || $_GET['sort'] == "date") { $skey = $_GET['sort']; } else { $skey = "date"; } $sortOptions = "<div class=\"margin smallFonts\">" . __("Sort order") . ": <ul class=\"pipemenu\">"; $sortOptions .= $skey == "filename" ? "<li>" . __("Name") . "</li>" : actionLinkTagItem(__("Name"), "uploaderlist", "", "cat={$_GET["cat"]}&sort=filename"); $sortOptions .= $skey == "date" ? "<li>" . __("Date") . "</li>" : actionLinkTagItem(__("Date"), "uploaderlist", "", "cat={$_GET["cat"]}&sort=date"); $sortOptions .= "</ul></div>"; $sdir = $skey == "date" ? " desc" : " asc"; print $sortOptions; if ($cat == -1) { $condition = "up.user = "******" and up.private = 1"; } else { if ($cat == -2 && $loguser['powerlevel'] > 2) { $condition = "up.private = 1"; } else { $condition = "up.private = 0 and up.category = {0}"; }
<?php include "lib/common.php"; $title = __("Calendar"); AssertForbidden("viewCalendar"); //$calinfo = cal_info(0); //$months = $calinfo['months']; $now = getdate(time()); $year = $now['year']; $month = $now['mon']; $day = $now['mday']; if ((int) $_GET['month']) { $month = (int) $_GET['month']; $day = 0; } $d = getdate(mktime(0, 0, 0, $month, 1, $year)); $i = 1 - $d['wday']; $d = getdate(mktime(0, 0, 0, $month + 1, 0, $year)); $max = $d['mday']; $users = Query("select birthday, id, name, displayname, sex, powerlevel from users where birthday != 0 order by name"); $cells = array(); while ($user = Fetch($users)) { $bucket = "userMangler"; include "./lib/pluginloader.php"; $d = getdate($user['birthday']); if ($d['mon'] == $month) { $dd = $d['mday']; $age = $year - $d['year']; $cells[$dd] .= "<br />• " . format(__("{0}'s birthday ({1})"), Userlink($user), $age) . "\n"; } }
<?php // AcmlmBoard XD - Smiley editing tool // Access: administrators only include "lib/common.php"; AssertForbidden("editSmilies"); if ($loguser['powerlevel'] < 3) { Kill("You must be an administrator to edit the smiley table."); } $key = hash('sha256', "{$loguserid},{$loguser['pss']},{$salt}"); if (isset($_POST['action']) && $key != $_POST['key']) { Kill(__("No.")); } if ($_POST['action'] == "Apply") { $qSmilies = "select * from smilies"; $rSmilies = Query($qSmilies); $numSmilies = NumRows($rSmilies); for ($i = 0; $i <= $numSmilies; $i++) { if ($_POST['code_' . $i] != $_POST['oldcode_' . $i] || $_POST['image_' . $i] != $_POST['oldimage_' . $i]) { if ($_POST['code_' . $i] == "") { $act = "deleted"; $qSmiley = "delete from smilies where code='" . $_POST['oldcode_' . $i] . "'"; } else { $act = "edited to \"" . $_POST['image_' . $i] . "\""; $qSmiley = "update smilies set code='" . $_POST['code_' . $i] . "', image='" . $_POST['image_' . $i] . "' where code='" . $_POST['oldcode_' . $i] . "'"; } $rSmiley = Query($qSmiley); $log .= "Smiley \"" . $_POST['oldcode_' . $i] . "\" " . $act . ".<br />"; } } if ($_POST['code_add'] && $_POST['image_add']) {
} $id = (int) $_GET['id']; $rUser = Query("select * from {users} where id={0}", $id); if (NumRows($rUser)) { $user = Fetch($rUser); } else { Kill(__("Unknown user ID.")); } if ($id == $loguserid) { Query("update {users} set newcomments = 0 where id={0}", $loguserid); $loguser['newcomments'] = false; } $canVote = $loguserid && ($loguser['powerlevel'] > 0 || (time() - $loguser['regdate']) / 86400 > 9) && IsAllowed("vote") && $loguserid != $id; if ($loguserid && ($_GET['token'] == $loguser['token'] || $_POST['token'] == $loguser['token'])) { if (isset($_GET['block'])) { AssertForbidden("blockLayouts"); $block = (int) $_GET['block']; $rBlock = Query("select * from {blockedlayouts} where user={0} and blockee={1}", $id, $loguserid); $isBlocked = NumRows($rBlock); if ($block && !$isBlocked && $loguserid != $id) { $rBlock = Query("insert into {blockedlayouts} (user, blockee) values ({0}, {1})", $id, $loguserid); } elseif (!$block && $isBlocked) { $rBlock = Query("delete from {blockedlayouts} where user={0} and blockee={1} limit 1", $id, $loguserid); } die(header("Location: " . actionLink("profile", $id))); } if (isset($_GET['vote']) && $canVote) { $vote = (int) $_GET['vote']; if ($vote > 1) { $vote = 1; }
<?php // AcmlmBoard XD - Posts by user viewer // Access: all AssertForbidden("listPosts"); if (!isset($_GET['id'])) { Kill(__("User ID unspecified.")); } $id = (int) $_GET['id']; $rUser = Query("select * from {users} where id={0}", $id); if (NumRows($rUser)) { $user = Fetch($rUser); } else { Kill(__("Unknown user ID.")); } $title = __("Post list"); $total = FetchResult("\n\t\t\tSELECT\n\t\t\t\tcount(p.id)\n\t\t\tFROM\n\t\t\t\t{posts} p\n\t\t\t\tLEFT JOIN {threads} t ON t.id=p.thread\n\t\t\t\tLEFT JOIN {forums} f ON f.id=t.forum\n\t\t\tWHERE p.user={0} AND " . forumAccessControlSql(), $id); $ppp = $loguser['postsperpage']; if (isset($_GET['from'])) { $from = (int) $_GET['from']; } else { $from = 0; } if (!$ppp) { $ppp = 25; } $rPosts = Query("\n\tSELECT\n\t\tp.*,\n\t\tpt.text, pt.revision, pt.user AS revuser, pt.date AS revdate,\n\t\tu.(_userfields), u.(rankset,title,picture,posts,postheader,signature,signsep,lastposttime,lastactivity,regdate,globalblock),\n\t\tru.(_userfields),\n\t\tdu.(_userfields),\n\t\tt.id thread, t.title threadname,\n\t\tf.id fid\n\tFROM\n\t\t{posts} p\n\t\tLEFT JOIN {posts_text} pt ON pt.pid = p.id AND pt.revision = p.currentrevision\n\t\tLEFT JOIN {users} u ON u.id = p.user\n\t\tLEFT JOIN {users} ru ON ru.id=pt.user\n\t\tLEFT JOIN {users} du ON du.id=p.deletedby\n\t\tLEFT JOIN {threads} t ON t.id=p.thread\n\t\tLEFT JOIN {forums} f ON f.id=t.forum\n\tWHERE u.id={1} AND " . forumAccessControlSql() . "\n\tORDER BY date ASC LIMIT {2u}, {3u}", $loguserid, $id, $from, $ppp); $numonpage = NumRows($rPosts); $uname = $user["name"]; if ($user["displayname"]) { $uname = $user["displayname"];
<?php // AcmlmBoard XD - IP ban management tool // Access: administrators only include "lib/common.php"; $title = __("IP bans"); AssertForbidden("editIPBans"); if ($loguser['powerlevel'] < 3) { Kill(__("Only administrators get to manage IP bans.")); } MakeCrumbs(array(__("Main") => "./", __("IP ban manager") => ""), ""); if ($_POST['action'] == __("Add")) { $qIPBan = "insert into ipbans (ip, reason, date) values ('" . justEscape($_POST['ip']) . "', '" . justEscape($_POST['reason']) . "', " . ((int) $_POST['days'] > 0 ? time() + (int) $_POST['days'] * 86400 : 0) . ")"; $rIPBan = Query($qIPBan); Alert(__("Added."), __("Notice")); } elseif ($_GET['action'] == "delete") { $qIPBan = "delete from ipbans where ip='" . justEscape($_GET['ip']) . "' limit 1"; $rIPBan = Query($qIPBan); Alert(__("Removed."), __("Notice")); } $qIPBan = "select * from ipbans order by date desc"; $rIPBan = Query($qIPBan); $banList = ""; while ($ipban = Fetch($rIPBan)) { $cellClass = ($cellClass + 1) % 2; if ($ipban['date']) { $date = gmdate($dateformat, $ipban['date']) . " (" . TimeUnits($ipban['date'] - time()) . " left)"; } else { $date = __("Permanent"); } $banList .= format("\n\t<tr class=\"cell{0}\">\n\t\t<td>\n\t\t\t{1}\n\t\t</td>\n\t\t<td>\n\t\t\t{2}\n\t\t</td>\n\t\t<td>\n\t\t\t{3}\n\t\t</td>\n\t\t<td>\n\t\t\t<a href=\"ipbans.php?ip={1}&action=delete\">✘</a>\n\t\t</td>\n\t</tr>\n", $cellClass, $ipban['ip'], $ipban['reason'], $date);
$crumbs->add(new PipeMenuTextEntry(__("Comments"))); makeBreadcrumbs($crumbs); $canDeleteComments = ($id == $loguserid || $loguser['powerlevel'] > 2) && IsAllowed("deleteComments") && $loguser['powerlevel'] >= 0; $canComment = $loguser['powerlevel'] >= 0; if ($loguserid && ($_GET['token'] == $loguser['token'] || $_POST['token'] == $loguser['token'])) { if ($canDeleteComments && $_GET['action'] == "delete") { AssertForbidden("deleteComments"); Query("delete from {usercomments} where uid={0} and id={1}", $id, (int) $_GET['cid']); if ($mobileLayout) { die(header("Location: " . actionLink("usercomments", $id))); } else { die(header("Location: " . actionLink("profile", $id))); } } if (isset($_POST['actionpost']) && IsReallyEmpty($_POST['text']) && $canComment) { AssertForbidden("makeComments"); $rComment = Query("insert into {usercomments} (uid, cid, date, text) values ({0}, {1}, {2}, {3})", $id, $loguserid, time(), $_POST['text']); if ($loguserid != $id) { Query("update {users} set newcomments = 1 where id={0}", $id); } logAction('usercomment', array('user2' => $id)); if ($mobileLayout) { die(header("Location: " . actionLink("usercomments", $id))); } else { die(header("Location: " . actionLink("profile", $id))); } } } $cpp = 15; $total = FetchResult("SELECT\n\t\t\t\t\t\tcount(*)\n\t\t\t\t\tFROM {usercomments}\n\t\t\t\t\tWHERE uid={0}", $id); $from = (int) $_GET["from"];
<?php // AcmlmBoard XD - Thread editing page // Access: moderators include "lib/common.php"; $title = __("Edit thread"); AssertForbidden("editThread"); $key = hash('sha256', "{$loguserid},{$loguser['pss']},{$salt}"); if (isset($_REQUEST['action']) && $key != $_REQUEST['key']) { Kill(__("No.")); } if (!$loguserid) { //Not logged in? Kill(__("You must be logged in to edit threads.")); } if (isset($_POST['id'])) { $_GET['id'] = $_POST['id']; } if (!isset($_GET['id'])) { Kill(__("Thread ID unspecified.")); } $tid = (int) $_GET['id']; $qThread = "select * from threads where id=" . $tid; $rThread = Query($qThread); if (NumRows($rThread)) { $thread = Fetch($rThread); } else { Kill(__("Unknown thread ID.")); } $canMod = CanMod($loguserid, $thread['forum']); if (!$canMod && $thread['user'] != $loguserid) {
} $rThread = Query("select * from {threads} where id={0}", $tid); if (NumRows($rThread)) { $thread = Fetch($rThread); $fid = $thread['forum']; } else { Kill(__("Unknown thread ID.")); } $rFora = Query("select * from {forums} where id={0}", $fid); if (NumRows($rFora)) { $forum = Fetch($rFora); } else { Kill("Unknown forum ID."); } $fid = $forum['id']; AssertForbidden("viewForum", $fid); $isHidden = (int) ($forum['minpower'] > 0); if ($forum['minpowerreply'] > $loguser['powerlevel']) { Kill(__("Your power is not enough.")); } if ($thread['closed'] && $loguser['powerlevel'] < 3) { Kill(__("This thread is locked.")); } $OnlineUsersFid = $fid; write("\n\t<script type=\"text/javascript\">\n\t\t\twindow.addEventListener(\"load\", hookUpControls, false);\n\t</script>\n"); $tags = ParseThreadTags($thread['title']); setUrlName("thread", $thread["id"], $thread["title"]); $crumbs = new PipeMenu(); makeForumCrumbs($crumbs, $forum); $crumbs->add(new PipeMenuHtmlEntry(makeThreadLink($thread))); $crumbs->add(new PipeMenuTextEntry(__("New reply")));
Kill(__("No.")); } if (isset($_POST['editusermode']) && $_POST['editusermode'] != 0) { $_GET['id'] = $_POST['userid']; } if ($loguser['powerlevel'] > 2) { $userid = isset($_GET['id']) ? (int) $_GET['id'] : $loguserid; } else { $userid = $loguserid; } $user = Fetch(Query("select * from {users} where id={0}", $userid)); $editUserMode = isset($_GET['id']) && $loguser['powerlevel'] > 2; if ($editUserMode && $user['powerlevel'] == 4 && $loguser['powerlevel'] != 4 && $loguserid != $userid) { Kill(__("Cannot edit a root user.")); } AssertForbidden($editUserMode ? "editUser" : "editProfile"); //Breadcrumbs $crumbs = new PipeMenu(); $crumbs->add(new PipeMenuLinkEntry(__("Member list"), "memberlist")); $crumbs->add(new PipeMenuHtmlEntry(userLink($user))); $crumbs->add(new PipeMenuTextEntry(__("Edit profile"))); makeBreadcrumbs($crumbs); echo "<script src=\"" . resourceLink('js/zxcvbn.js') . "\"></script>"; echo "<script src=\"" . resourceLink('js/register.js') . "\"></script>"; loadRanksets(); $ranksets = $ranksetNames; $ranksets = array_reverse($ranksets); $ranksets[""] = __("None"); $ranksets = array_reverse($ranksets); foreach ($dateformats as $format) { $datelist[$format] = $format ? $format . ' (' . cdate($format) . ')' : '';
<?php // AcmlmBoard XD - Realtime visitor statistics page // Access: all $title = __("Online users"); $crumbs = new PipeMenu(); $crumbs->add(new PipeMenuLinkEntry(__("Online users"), "online")); makeBreadcrumbs($crumbs); AssertForbidden("viewOnline"); // This can (and will) be turned into a permission. $showIPs = $loguser['powerlevel'] > 0; $time = (int) $_GET['time']; if (!$time) { $time = 300; } $rUsers = Query("select * from {users} where lastactivity > {0} order by lastactivity desc", time() - $time); $rGuests = Query("select * from {guests} where date > {0} and bot = 0 order by date desc", time() - $time); $rBots = Query("select * from {guests} where date > {0} and bot = 1 order by date desc", time() - $time); $spans = array(60, 300, 900, 3600, 86400); $spanList = ""; foreach ($spans as $span) { $spanList .= actionLinkTagItem(timeunits($span), "online", "", "time={$span}"); } write("\n\t<div class=\"smallFonts margin\">\n\t\t" . __("Show visitors from this far back:") . "\n\t\t<ul class=\"pipemenu\">\n\t\t\t{0}\n\t\t</ul>\n\t</div>\n", $spanList); $userList = ""; $i = 1; if (NumRows($rUsers)) { while ($user = Fetch($rUsers)) { $cellClass = ($cellClass + 1) % 2; if ($user['lasturl']) { $lastUrl = "<a href=\"" . FilterURL($user['lasturl']) . "\">" . FilterURL($user['lasturl']) . "</a>";
<?php // AcmlmBoard XD - Administration hub page // Access: administrators AssertForbidden("viewAdminRoom"); if ($loguser['powerlevel'] < 3) { Kill(__("You're not an administrator. There is nothing for you here.")); } $title = __("Administration"); $crumbs = new PipeMenu(); $crumbs->add(new PipeMenuLinkEntry(__("Admin"), "admin")); makeBreadcrumbs($crumbs); $cell2 = 1; function cell2($content) { global $cell2; $cell2 = $cell2 == 1 ? 0 : 1; Write("\n\t\t<tr class=\"cell{0}\">\n\t\t\t<td>\n\t\t\t\t{1}\n\t\t\t</td>\n\t\t</tr>\n\t", $cell2, $content); } Write("\n\t<table class=\"outline margin width50 floatright\">\n\t\t<tr class=\"header1\">\n\t\t\t<th colspan=\"2\">\n\t\t\t\t" . __("Information") . "\n\t\t\t</th>\n\t\t</tr>\n"); cell2(Format("\n\n\t\t\t\t" . __("Last viewcount milestone") . "\n\t\t\t</td>\n\t\t\t<td style=\"width: 60%;\">\n\t\t\t\t{0}\n\t\t\t", $misc['milestone'])); $bucket = "adminright"; include "./lib/pluginloader.php"; write("\n\t</table>\n"); $cell2 = 1; Write("\n\t<table class=\"outline margin width25\">\n\t\t<tr class=\"header1\">\n\t\t\t<th>\n\t\t\t\t" . __("Admin tools") . "\n\t\t\t</th>\n\t\t</tr>\n"); cell2(actionLinkTag(__("Recalculate statistics"), "recalc")); cell2(actionLinkTag(__("Last Known Browsers"), "lastknownbrowsers")); cell2(actionLinkTag(__("Manage IP bans"), "ipbans")); cell2(actionLinkTag(__("Manage forum list"), "editfora")); cell2(actionLinkTag(__("Manage plugins"), "pluginmanager"));
<?php // AcmlmBoard XD - Private message sending/previewing page // Access: user $title = __("Private messages"); $crumbs = new PipeMenu(); $crumbs->add(new PipeMenuLinkEntry(__("Member list"), "memberlist")); $crumbs->add(new PipeMenuHtmlEntry(userLink($loguser))); $crumbs->add(new PipeMenuLinkEntry(__("Private messages"), "private")); $crumbs->add(new PipeMenuLinkEntry(__("New PM"), "sendprivate")); makeBreadcrumbs($crumbs); AssertForbidden("sendPM"); if (!$loguserid) { //Not logged in? Kill(__("You must be logged in to send private messages.")); } $pid = (int) $_GET['pid']; if ($pid) { $rPM = Query("select * from {pmsgs} p left join {pmsgs_text} t on t.pid = p.id where p.userto = {0} and p.id = {1}", $loguserid, $pid); if (NumRows($rPM)) { $sauce = Fetch($rPM); $rUser = Query("select * from {users} where id = {0}", (int) $sauce['userfrom']); if (NumRows($rUser)) { $user = Fetch($rUser); } else { Kill(__("Unknown user.")); } $prefill = "[reply=\"" . $user['name'] . "\"]" . htmlspecialchars($sauce['text']) . "[/reply]"; if (strpos($sauce['title'], "Re: Re: Re: ") !== false) { $trefill = str_replace("Re: Re: Re: ", "Re*4: ", $sauce['title']); } else {
<?php include "lib/common.php"; $title = "Last known browsers"; $isMod = $loguser['powerlevel'] > 0; $sort = "id asc"; $ual = "?"; if (isset($_GET['byua'])) { $sort = "lastknownbrowser asc"; $ual .= "byua&"; } AssertForbidden("viewLKB"); $numUsers = FetchResult("select count(*) from users", 0, 0); $ppp = $loguser['postsperpage']; if ($ppp < 1) { $ppp = 50; } if (isset($_GET['from'])) { $from = (int) $_GET['from']; } else { $from = 0; } $peeps = Query("select id, name, displayname, lastip, lastknownbrowser, sex, powerlevel from users where powerlevel < 5 order by " . $sort . " limit " . $from . ", " . $ppp); $numonpage = NumRows($peeps); for ($i = $ppp; $i < $numUsers; $i += $ppp) { if ($i == $from) { $pagelinks .= " " . ($i / $ppp + 1); } else { $pagelinks .= " <a href=\"lastknownbrowsers.php" . $ual . "from=" . $i . "\">" . ($i / $ppp + 1) . "</a>"; } }
<?php // AcmlmBoard XD - Private message display page // Access: user, specifically the sender or reciever. include "lib/common.php"; $title = __("Private messages"); AssertForbidden("viewPM"); if (!loguserid) { Kill(__("You must be logged in to view your private messages.")); } if (!isset($_GET['id']) && !isset($_POST['id'])) { Kill(__("No PM specified.")); } $id = (int) (isset($_GET['id']) ? $_GET['id'] : $_POST['id']); $pmid = $id; if (isset($_GET['snooping'])) { if ($loguser['powerlevel'] > 2) { $qPM = "select * from pmsgs left join pmsgs_text on pid = pmsgs.id where pmsgs.id = " . $id; } else { Kill(__("No snooping for you.")); } } else { $qPM = "select * from pmsgs left join pmsgs_text on pid = pmsgs.id where (userto = " . $loguserid . " or userfrom = " . $loguserid . ") and pmsgs.id = " . $id; } $rPM = Query($qPM); if (NumRows($rPM)) { $pm = Fetch($rPM); } else { Kill(__("Unknown PM")); } if ($pm['drafting'] && $pm['userfrom'] != $loguserid) {
<?php // AcmlmBoard XD - Avatar library // Access: all include "lib/common.php"; $title = __("Avatar library"); AssertForbidden("viewAvatars"); if (isset($_GET['rebuild'])) { $avalib = array(); //Prepare file tree... $library = @opendir("img/avatars/library"); //in some PHP setups, you get an ugly "invalid argument" message here on fail. if ($library === FALSE) { Kill(__("Could not open avatar library.")); } //Loop through library folders... while (FALSE !== ($folder = readdir($library))) { if ($folder[0] == ".") { continue; } if (substr($folder, -4) == ".txt") { continue; } $fol = opendir("img/avatars/library/" . $folder); $thisFolder = array(); //Loop through folder images... while (FALSE !== ($image = readdir($fol))) { if ($image[0] == ".") { continue; } if (substr($image, -4) != ".png") {