function deletetheme($themeid, $reset) { global $user, $FUNCTIONS_LANG, $error, $error_die; if (!$user['admin_panel']) { # No one should be able to actually use this function except an admin, # its there just to be safe ;) $error_die[] = $FUNCTIONS_LANG["e_permissions"]; return false; } if (empty($themeid)) { # tut tut, dont mess around with the URLs $error[] = $FUNCTIONS_LANG["e_th_specify_delete"]; return false; } # tut tut, dont mess around with the URLs if (empty($reset)) { $error[] = $FUNCTIONS_LANG["e_th_specify_everyone"]; return false; } if (!errors()) { $themes = call('sql_query', "SELECT * FROM themes WHERE theme_id = '{$themeid}'"); $r = call('sql_fetch_array', $themes); $query = call('sql_query', "DELETE FROM themes WHERE theme_id = '{$themeid}'"); $sql = call('sql_query', "DELETE FROM theme_settings WHERE theme_id = '{$themeid}'"); $sql = call('sql_query', "UPDATE users SET theme = '{$reset}' WHERE theme = '" . $r['theme_name'] . "'"); if ($sql) { return true; } } }
function editarticle($subject, $summary, $full_article, $cat, $rating, $comment, $id) { global $user, $error, $error_die; if (!$user['admin_panel']) { $error_die[] = 'You do not have permission to do this'; //No one should be able to actually use this function except an admin, its there just to be safe ;) return false; } if (empty($subject)) { $error[] = 'You must specify a subject'; return false; } if (empty($summary)) { $error[] = 'You must specify a summary for your article'; return false; } $comment = !isset($comment) ? 0 : 1; $rating = !isset($rating) ? 0 : 1; if (!errors()) { $query = call('sql_query', "UPDATE articles SET subject = '{$subject}', summary = '{$summary}', full_article = '{$full_article}', cat = '{$cat}', ratings = '{$rating}', comments = '{$comment}' WHERE id = '{$id}'"); if ($query) { return true; } } }
function output_maintenance($title = '', $body = '', $head = '') { global $error, $error_die; if (theme('output_error') != false) { $body = theme('output_error'); $title = 'Error'; unset($error_die); } if (errors()) { $error = theme('title', 'Error') . theme('start_content') . '<div class="errors"><ul>'; foreach ($error as $errors) { $error .= '<li>' . $errors . '</li>'; } $error .= '</ul></div>' . theme('end_content'); unset($error); } else { $error = ''; } $output = theme('head', stripslashes($title), $head) . ' <body class="thrColLiqHdr"> <div id="maintenance-container">' . theme('start_content') . stripslashes($body) . theme('end_content') . '</div> </body> </html>'; die($output); }
function addemoticon($code, $image, $text) { global $user, $error, $error_die; if (!$user['admin_panel']) { $error_die[] = 'You do not have permission to do this'; //No one should be able to actually use this function except an admin, its there just to be safe ;) return false; } if (empty($code)) { $error[] = 'You must specify the code'; return false; } if (empty($image)) { $error[] = 'You must specify an image'; return false; } if (empty($text)) { $error[] = 'You must specify text'; return false; } $code = str_replace(array("\"", "'"), '', $code); if (!errors()) { $query = call('sql_query', "INSERT INTO emoticons (code, image, alt) VALUES ('{$code}', '{$image}', '{$text}')"); if ($query) { return true; } } }
function addcomment($id, $type, $message, $token) { global $user, $error, $error_die; call('checktoken', $token); if (!$user['post_comment']) { $error[] = 'You do not have permission to post a comment'; return false; } $existcheck = call('sql_query', "SELECT id, comments FROM {$type} WHERE id = '{$id}'"); $fetch = call('sql_fetch_array', $existcheck); if (call('sql_num_rows', $existcheck) == 0) { $error_die[] = 'This ' . $type . ' no longer exists so adding a comment was not possible'; return false; } if ($fetch['comments'] != '1') { $error_die[] = 'Posting of comments on this ' . $type . ' is disabled'; return false; } if (empty($message)) { $error[] = 'Please enter a message'; return false; } if (!errors()) { $sql = call('sql_query', "INSERT INTO comments (comment_type, type_id, message, author, author_id, ip, post_time) VALUES ('{$type}', '{$id}', '{$message}', '" . $user['user'] . "', '" . $user['id'] . "', '" . call('visitor_ip') . "', '" . time() . "' ) "); if ($sql) { return true; } } }
function editpage($name, $content, $id, $comment, $rating) { global $user, $error, $error_die; if (!$user['admin_panel']) { $error_die[] = 'You do not have permission to do this'; //No one should be able to actually use this function except an admin, its there just to be safe ;) return false; } $sql = call('sql_query', "SELECT * FROM pages WHERE id = '{$id}'"); if (call('sql_num_rows', $sql) == 0) { $error[] = 'This page no longer exists'; return false; } if (empty($content)) { $error[] = 'You must specify content for the page'; return false; } if (empty($name)) { $error[] = 'You must specify a name for the page'; return false; } if (!errors()) { $comment = !isset($comment) ? 0 : 1; $rating = !isset($rating) ? 0 : 1; $query = call('sql_query', "UPDATE pages SET pagename = '{$name}', content = '{$content}', comments = '{$comment}', ratings = '{$rating}' WHERE id = '{$id}'"); if ($query) { return true; } } }
function deleteuser($id) { global $user, $error, $error_die; if (!$user['admin_panel']) { $error_die[] = 'You do not have permission to do this'; //No one should be able to actually use this function except an admin, its there just to be safe ;) return false; } if ($user['id'] == $id) { $error_die[] = 'You can not delete your own account'; //why would you want to delete your own account in the admin panel? Makes no sense return false; } $sql = call('sql_query', "SELECT * FROM users WHERE id = '{$id}'"); if (call('sql_num_rows', $sql) == 0) { $error[] = 'This user no longer exists'; return false; } if (!errors()) { $query = call('sql_query', "DELETE FROM users WHERE id = '{$id}'"); if ($query) { return true; } } }
function editemoticon($code, $image, $text, $id) { global $user, $error, $error_die; if (!$user['admin_panel']) { $error_die[] = 'You do not have permission to do this'; //No one should be able to actually use this function except an admin, its there just to be safe ;) return false; } if (empty($code)) { $error[] = 'You must specify the code'; return false; } if (empty($image)) { $error[] = 'You must specify an image'; return false; } if (empty($text)) { $error[] = 'You must specify text'; return false; } if (!errors()) { $query = call('sql_query', "UPDATE emoticons SET code='{$code}', image='{$image}', alt='{$text}' WHERE id='{$id}'"); if ($query) { return true; } } }
function action() { router(); if (empty($_GET[0]) || $_GET[0] == 'index.php') { $_GET[0] = SCRIPT_NAME; } if (empty($_GET[1])) { $_GET[1] = 'main'; } //$_GET = array_map('strtolower', $_GET); // $file = CONTROLLERS_PATH . $_GET[0] . '.php'; $file = CONTROLLERS_PATH . $_GET[0] . '.php'; // var_dump($file ,__FILE__);exit; if (!file_exists($file)) { errors(); exit; //die('The server is busy, please try again later.'); } // echo $_GET[1];eixt; $c = new index(); // if( !method_exists( $c, $_GET[1] ) ) // { // errors(); // exit(); // //die('The server is busy, please try again later.'); // } $c->{$_GET}[1](); // $c->display($c->tpl); }
function addban($ip, $reason, $type) { global $user, $error, $error_die; if (!$user['admin_panel']) { $error_die[] = 'You do not have permission to do this'; //No one should be able to actually use this function except an admin, its there just to be safe ;) return false; } if (empty($ip)) { $error[] = 'You must specify an ip address to ban'; return false; } if ($type == 'ip' && !preg_match('^([1]?\\d{1,2}|2[0-4]{1}\\d{1}|25[0-5]{1})(\\.([1]?\\d{1,2}|2[0-4]{1}\\d{1}|25[0-5]{1})){3}$^', $ip)) { $error[] = 'Invalid IP'; return false; } $visitor_range = substr(call('visitor_ip'), 0, strlen(call('visitor_ip')) - strlen(strrchr(call('visitor_ip'), "."))); $visitor_range = substr($visitor_range, 0, strlen($visitor_range) - strlen(strrchr($visitor_range, "."))); if (call('visitor_ip') == $ip || $visitor_range == $ip) { $error[] = 'You can not ban your own IP'; return false; } if (!errors()) { if ($type == 'ip') { $query = call('sql_query', "INSERT INTO bans (ip, reason, time_created, created_by) VALUES ('{$ip}', '{$reason}', '" . time() . "', '" . $user['id'] . "')"); } elseif ($type == 'range') { $query = call('sql_query', "INSERT INTO bans (ip_range, reason, time_created, created_by) VALUES ('{$ip}', '{$reason}', '" . time() . "', '" . $user['id'] . "')"); } if ($query) { return true; } } }
function sitesettings($registration, $reg_approval, $email, $mail, $host, $username, $password, $mode, $message, $captcha, $topics, $posts, $name, $tos) { global $user, $error_die; if (!$user['admin_panel']) { $error_die[] = 'You do not have permission to do this'; //No one should be able to actually use this function except an admin, its there just to be safe ;) return false; } if (!errors()) { $reg = call('sql_query', "UPDATE settings SET value = '{$registration}' WHERE variable = 'registration'"); $register_approval = call('sql_query', "UPDATE settings SET value = '{$reg_approval}' WHERE variable = 'register_approval'"); $emailq = call('sql_query', "UPDATE settings SET value = '{$email}' WHERE variable = 'email'"); $mail_type = call('sql_query', "UPDATE settings SET value = '{$mail}' WHERE variable = 'mail'"); $smtp_host = call('sql_query', "UPDATE settings SET value = '{$host}' WHERE variable = 'smtp_host'"); $smtp_username = call('sql_query', "UPDATE settings SET value = '{$username}' WHERE variable = 'smtp_username'"); $smtp_password = call('sql_query', "UPDATE settings SET value = '{$password}' WHERE variable = 'smtp_password'"); $maintenance_mode = call('sql_query', "UPDATE settings SET value = '{$mode}' WHERE variable = 'maintenance_mode'"); $maintenance_message = call('sql_query', "UPDATE settings SET value = '{$message}' WHERE variable = 'maintenance_message'"); $register_captcha = call('sql_query', "UPDATE settings SET value = '{$captcha}' WHERE variable = 'register_captcha'"); $topic_page = call('sql_query', "UPDATE settings SET value = '{$topics}' WHERE variable = 'topics_page'"); $posts_topic = call('sql_query', "UPDATE settings SET value = '{$posts}' WHERE variable = 'posts_topic'"); $site_name = call('sql_query', "UPDATE settings SET value = '{$name}' WHERE variable = 'site_name'"); $terms = call('sql_query', "UPDATE settings SET value = '{$tos}' WHERE variable = 'tos'"); if ($reg && $register_approval && $emailq && $mail_type && $smtp_host && $smtp_username && $smtp_password && $maintenance_mode && $maintenance_message && $register_captcha && $topic_page && $posts_topic && $site_name && $terms) { return true; } } }
function unstickytopic($topicid) { global $user, $error, $error_die; if (empty($topicid)) { $error_die[] = 'The id of the topic to be made a sticky was not entered'; return false; } $checktopic = call('sql_query', "SELECT thread_author FROM forum_topics WHERE topic_id = '{$topicid}'"); $fetch = call('sql_fetch_array', $checktopic); if (call('sql_num_rows', $checktopic) == 0) { $error_die[] = 'This topic does not exist'; return false; } if ($fetch['thread_author'] == $user['user'] && $user['sticky_own_topic'] || $user['sticky_any_topic']) { if (!errors()) { $query = call('sql_query', "UPDATE forum_topics SET sticky = '0' WHERE topic_id = '{$topicid}'"); if ($query) { return true; } } else { $error_die[] = 'You do not have permission to perform this action'; return false; } } }
function editarticlecat($name, $description, $visible, $id) { global $user, $error, $error_die; if (!$user['admin_panel']) { $error_die[] = 'You do not have permission to do this'; //No one should be able to actually use this function except an admin, its there just to be safe ;) return false; } if (empty($name)) { $error[] = 'You must specify a name'; return false; } if (empty($description)) { $error[] = 'You must specify a description'; return false; } if (empty($visible)) { $error[] = 'You must state who this category is visible to'; } else { foreach ($visible as $key => $value) { $visible .= $value . ','; } $visible = str_replace('Array', '', $visible); $count = strlen($visible); $visible = substr($visible, 0, $count - 1); } if (!errors()) { $query = call('sql_query', "UPDATE article_categories SET name = '{$name}', description = '{$description}', visible = '{$visible}' WHERE id = '{$id}'"); if ($query) { return true; } } }
function updatethemes($footer, $logo, $left, $right, $upper, $lower, $visible, $id) { global $user, $FUNCTIONS_LANG; if (!$user['admin_panel']) { # No one should be able to actually use this function except an admin, # its there just to be safe ;) $error_die[] = $FUNCTIONS_LANG["e_permissions"]; return false; } if (empty($visible)) { $error[] = $FUNCTIONS_LANG["e_th_use_theme"]; return false; } else { foreach ($visible as $key => $value) { $visible .= $value . ','; } $visible = str_replace('Array', '', $visible); $count = strlen($visible); $visible = substr($visible, 0, $count - 1); } if (!errors()) { $site_footer = call('sql_query', "UPDATE theme_settings SET value = '{$footer}' WHERE variable = 'footer' AND theme_id = '{$id}'"); $site_logo = call('sql_query', "UPDATE theme_settings SET value = '{$logo}' WHERE variable = 'logo'AND theme_id = '{$id}'"); $exclude_left = call('sql_query', "UPDATE theme_settings SET value = '{$left}' WHERE variable = 'exclude_left'AND theme_id = '{$id}'"); $exclude_right = call('sql_query', "UPDATE theme_settings SET value = '{$right}' WHERE variable = 'exclude_right'AND theme_id = '{$id}'"); $exclude_upper = call('sql_query', "UPDATE theme_settings SET value = '{$upper}' WHERE variable = 'exclude_upper'AND theme_id = '{$id}'"); $exclude_lower = call('sql_query', "UPDATE theme_settings SET value = '{$lower}' WHERE variable = 'exclude_lower'AND theme_id = '{$id}'"); $theme_perms = call('sql_query', "UPDATE themes SET theme_visibility = '{$visible}' WHERE theme_id = '{$id}'"); if ($site_footer && $site_logo && $exclude_left && $exclude_right && $exclude_upper && $exclude_lower && $theme_perms) { return true; } } }
function uninstallplugin($id) { global $user, $error, $error_die; if (!$user['admin_panel']) { $error_die[] = 'You do not have permission to do this'; //No one should be able to actually use this function except an admin, its there just to be safe ;) return false; } if (empty($id)) { $error[] = 'No Plugin was selected'; return false; } $sql = call('sql_query', "SELECT folder FROM plugins WHERE id = '{$id}'"); if (call('sql_num_rows', $sql) == 0) { $error[] = 'This Plugin does not exist'; return false; } if (!errors()) { $fetch = call('sql_fetch_array', $sql); include './Plugins/' . $fetch['folder'] . '/plugin-info.php'; $delete = call('sql_query', "DELETE FROM plugins WHERE id = '{$id}'"); if (isset($plugin['uninstall']) && is_array($plugin['uninstall'])) { foreach ($plugin['uninstall'] as $uninstall) { call('sql_query', $uninstall); } } if ($delete) { return true; } } }
function trackip($ip) { global $settings; // how many rows to show per page $rowsPerPage = $settings['topics_page']; // by default we show first page $pageNum = 1; // if $_GET['page'] defined, use it as page number if (isset($_GET['page'])) { $pageNum = $_GET['page']; } // counting the offset $offset = ($pageNum - 1) * $rowsPerPage; $fetch = array(); if (!errors()) { $sql = call('sql_query', "SELECT id, topic_id, author_id, post_time, subject, ip FROM forum_posts WHERE ip LIKE '%{$ip}%' ORDER BY post_time DESC LIMIT {$offset}, {$rowsPerPage}"); if (call('sql_num_rows', $sql) != 0) { while ($r = call('sql_fetch_array', $sql)) { $fetch[] = array('post_id' => $r['id'], 'topic_id' => $r['topic_id'], 'author' => call('userprofilelink', $r['author_id']), 'post_time' => call('dateformat', $r['post_time']), 'subject' => '<a href="' . $settings['site_url'] . '/index.php?act=viewtopic&id=' . $r['topic_id'] . '&page=' . ceil($r['id'] / $settings['posts_topic']) . '#' . $r['id'] . '" target="_blank">' . $r['subject'] . '</a>', 'ip' => $r['ip'], 'type' => 'post'); } } else { $fetch[] = array('ip' => 'The search returned zero results', 'type' => 'post'); } $sql = call('sql_query', "SELECT id, ip FROM users WHERE ip LIKE '%{$ip}%'"); if (call('sql_num_rows', $sql) != 0) { while ($r = call('sql_fetch_array', $sql)) { $fetch[] = array('user' => call('userprofilelink', $r['id']), 'ip' => $r['ip'], 'type' => 'user'); } } else { $fetch[] = array('ip' => 'The search returned zero results', 'type' => 'user'); } } return $fetch; }
function buildError($error, $num) { if ($GLOBALS['useDebug'] == false) { log_error($error, $num); } else { errors($error, $num); } }
function editboard($name, $description, $postgroup, $visible, $id, $moderators, $category, $sticky, $lock) { global $user, $error, $error_die; if (empty($visible)) { $error[] = 'You must state who this board is visible to'; return false; } else { foreach ($visible as $key => $value) { $visible .= $value . ','; } $visible = str_replace('Array', '', $visible); $count = strlen($visible); $visible = substr($visible, 0, $count - 1); } if (empty($postgroup)) { $error[] = 'You must state who may post in this board'; return false; } else { foreach ($postgroup as $key => $value) { $postgroup .= $value . ','; } $postgroup = str_replace('Array', '', $postgroup); $count2 = strlen($postgroup); $postgroup = substr($postgroup, 0, $count2 - 1); } if (!$user['admin_panel']) { $error_die[] = 'You do not have permission to do this'; //No one should be able to actually use this function except an admin, its there just to be safe ;) return false; } if (empty($description)) { $error[] = 'You must specify a description'; return false; } if (empty($name)) { $error[] = 'You must specify a name for the board'; //silly, but seriously why make a board without naming it, how are people meant to know what it is! return false; } $sql = call('sql_query', "SELECT * FROM forum_boards WHERE id = '{$id}'"); if (call('sql_num_rows', $sql) == 0) { $error[] = 'This board no longer exists'; return false; } $sticky = empty($sticky) || !$sticky ? 0 : 1; $lock = empty($lock) || !$lock ? 0 : 1; if (!errors()) { $query = call('sql_query', "UPDATE forum_boards SET board_name = '{$name}', board_description = '{$description}', visible = '{$visible}', post_group = '{$postgroup}', cat = '{$category}', creation_sticky = '{$sticky}', creation_lock = '{$lock}' WHERE id = '{$id}'"); $username = explode(", ", $moderators); foreach ($username as $recipient) { $sql_2 = call('sql_query', "INSERT INTO forum_moderators (user_id, board_id) VALUES ('{$recipient}', '{$id}')"); } if ($query) { return true; } } }
function postreply($topicid, $subject, $message, $token, $smiley, $time) { global $user, $error, $error_die; call('checktoken', $token); if (empty($topicid) || !is_numeric($topicid)) { $error_die[] = 'No topic selected'; return false; } if (empty($message)) { $error[] = 'Your message is empty'; return false; } $sql = call('sql_query', "SELECT * FROM forum_topics WHERE topic_id = '{$topicid}'"); $fetch = call('sql_fetch_array', $sql); if (call('sql_num_rows', $sql) == 0) { $error_die[] = 'Topic does not exist'; return false; } if ($fetch['locked'] == '1') { $error_die[] = 'This topic is locked! You may not post a reply'; return false; } if (empty($subject)) { $subject = 'Re: ' . $fetch['thread_title'] . ''; } $sql_2 = call('sql_query', "SELECT * FROM forum_boards WHERE id = '" . $fetch['board_id'] . "'"); $fetch_2 = call('sql_fetch_array', $sql_2); if (call('sql_num_rows', $sql_2) == 0) { $error_die[] = 'Error this board does not exist'; return false; } if (!call('visiblecheck', $user['membergroup_id'], $fetch_2['post_group'])) { $error_die[] = 'You do not have permission to create a new reply in this board'; return false; } //check to see if someone has posted already in this topic while this user was posting $timecheck = call('sql_query', "SELECT * FROM forum_posts WHERE topic_id = '{$topicid}' AND post_time>{$time}"); if (call('sql_num_rows', $timecheck) != 0) { $error[] = 'Someone has made a reply while you were posting. Please review the post'; unset($_SESSION['post_time']); return false; } if (!errors()) { $smiley = empty($smiley) || !smiley ? 0 : 1; $deleteread = call('sql_query', "DELETE FROM topic_read WHERE topic_id = '{$topicid}' AND user_id!='" . $user['id'] . "'"); $deleteboardread = call('sql_query', "DELETE FROM board_read WHERE board_id = '" . $fetch['board_id'] . "'"); $insertreply = call('sql_query', "INSERT INTO forum_posts (topic_id, board_id, post_time, author_id, name_author, subject, message, ip, disable_smiley) VALUES ('{$topicid}', '" . $fetch['board_id'] . "', '" . time() . "', '" . $user['id'] . "', '" . $user['user'] . "', '{$subject}', '{$message}', '" . call('visitor_ip') . "', '{$smiley}')"); $replyid = call('sql_insert_id'); $updateboardcount = call('sql_query', "UPDATE forum_boards SET posts_count=posts_count+1, last_msg='{$replyid}' WHERE id='" . $fetch['board_id'] . "'"); $updatereplycount = call('sql_query', "UPDATE forum_topics SET replies=replies+1, latest_reply='{$replyid}' WHERE topic_id='{$topicid}'"); $updateuserspost = call('sql_query', "UPDATE users SET posts=posts+1 WHERE id='" . $user['id'] . "'"); if ($insertreply) { return true; } } }
function output_admin($title = '', $body = '', $head = '', $update = '') { global $settings, $authid, $user, $error; if (errors()) { $errors = theme('start_content') . '<p><h2>Error:</h2></p><div class="errors"><ul>'; foreach ($error as $error1) { $errors .= '<li>' . $error1 . '</li>'; } $errors .= '</ul></div>' . theme('end_content'); unset($error); } else { $errors = ''; } if (isset($_SESSION['update'])) { $update = '<div class="content" align="center" id="update" style="display: block;">' . $_SESSION['update'] . '</div>'; unset($_SESSION['update']); } else { $update = '<div align="center" id="update"></div>'; } if (empty($user['admin_menu'])) { $menu = 'left.php'; } else { $menu = $user['admin_menu']; } if (file_exists('themes/' . $settings['site_theme'] . '/Layouts/Admin/Menu/' . $menu)) { include 'themes/' . $settings['site_theme'] . '/Layouts/Admin/Menu/' . $menu; } elseif (file_exists('themes/_Admin/' . $menu . '/theme-info.php')) { $theme_path = 'themes/_Admin/' . $menu . '/'; include $theme_path . 'theme-info.php'; include $theme_path . $theme_default; } else { include 'Layouts/Admin/Menu/' . $menu; } $output = theme('head', $title, $head . '<style type="text/css"> .thrColLiqHdr #mainContent { margin-bottom: 0; margin-left: 1%; margin-top: 0; margin-right: 1%; } </style>') . ' <body class="thrColLiqHdr"> <div id="container"> ' . theme('top') . theme('links') . ' <div id="mainContent">'; if (theme('output_error') == false) { $output .= $menu; } else { $output .= theme('output_error'); } $output .= theme('footer'); die($output); }
function edituser($username, $email, $newpassword, $vpassword, $avatar, $signature, $location, $currentpass, $membergroup, $id) { global $user, $error, $error_die; if ($currentpass != $user['pass']) { $error[] = 'Your password entered is not correct'; return false; } if (strlen($username) > 16) { $error[] = 'The username is too long, it must be below 16 characters'; return false; } if (empty($currentpass)) { $error[] = 'You must enter your current password to update the users profile'; return false; } if (!preg_match("/^([a-z0-9._-](\\+[a-z0-9])*)+@[a-z0-9.-]+\\.[a-z]{2,6}\$/i", $email)) { $error[] = 'The email address entered is not valid'; return false; } if (empty($email)) { $error[] = 'You must enter an email address'; return false; } if (!empty($newpassword) && $newpassword != $vpassword) { $error[] = 'The new passwords do not match'; return false; } if (!empty($newpassword) && strlen($newpassword) < 6) { $error[] = 'The Password must be 6 characters or longer'; return false; } if (strlen($signature) > 300 && !empty($signature)) { $error[] = 'The Signature is too long'; return false; } if (!preg_match("/^[a-zA-Z]+[:\\/\\/]+[A-Za-z0-9\\-_]+\\.+[A-Za-z0-9\\.\\/%&=\\?\\-_]+\$/i", $avatar) && !empty($avatar)) { $error[] = 'The avatar url entered is not valid'; return false; } if (!errors()) { if (!empty($newpassword)) { $vpassword = md5($vpassword); $sql = call('sql_query', "UPDATE users SET email = '{$email}', pass = '******', user = '******', avatar = '{$avatar}', signature = '{$signature}', location = '{$location}', membergroup = '{$membergroup}' WHERE id = '{$id}'"); } else { $sql = call('sql_query', "UPDATE users SET email = '{$email}', user = '******', avatar = '{$avatar}', signature = '{$signature}', location = '{$location}', membergroup = '{$membergroup}' WHERE id = '{$id}'"); } if ($sql) { return true; } } }
function addboard($name, $description, $postgroup, $visible, $category, $sticky, $lock) { global $user, $error, $error_die; if (empty($visible)) { $error[] = 'You must state who this board is visible to'; } else { foreach ($visible as $key => $value) { $visible .= $value . ','; } $visible = str_replace('Array', '', $visible); $count = strlen($visible); $visible = substr($visible, 0, $count - 1); } if (empty($postgroup)) { $error[] = 'You must state who may post in this board'; } else { foreach ($postgroup as $key => $value) { $postgroup .= $value . ','; } $postgroup = str_replace('Array', '', $postgroup); $count2 = strlen($postgroup); $postgroup = substr($postgroup, 0, $count2 - 1); } if (!$user['admin_panel']) { $error_die[] = 'You do not have permission to do this'; //No one should be able to actually use this function except an admin, its there just to be safe ;) return false; } if (empty($description)) { $error[] = 'You must specify a description'; return false; } if (empty($name)) { $error[] = 'You must specify a name for the board'; //silly, but seriously why make a board without naming it, how are people meant to know what it is! return false; } if (!errors()) { $sql = call('sql_query', "SELECT * FROM forum_boards WHERE cat = '{$category}' ORDER BY item_order DESC"); $fetch = call('sql_fetch_array', $sql); $order = call('sql_num_rows', $sql) == 0 ? 1 : $fetch['item_order'] + 1; $sticky = empty($sticky) || !$sticky ? 0 : 1; $lock = empty($lock) || !$lock ? 0 : 1; $query = call('sql_query', "INSERT INTO forum_boards (board_name, board_description, post_group, visible, item_order, cat, creation_sticky, creation_lock) VALUES ('{$name}', '{$description}', '{$postgroup}', '{$visible}', '{$order}', '{$category}', '{$sticky}', '{$lock}')"); if ($query) { return true; } } }
function deleteemoticon($id) { global $user, $error, $error_die; if (!$user['admin_panel']) { $error_die[] = 'You do not have permission to do this'; //No one should be able to actually use this function except an admin, its there just to be safe ;) return false; } if (!errors()) { $query = call('sql_query', "DELETE FROM emoticons WHERE id='{$id}'"); if ($query) { return true; } } }
function delete_topic($topicid, $boardid) { global $user, $error, $error_die; if (empty($topicid) || !is_numeric($topicid)) { $error_die[] = 'The id of the topic to be deleted was not entered or not valid'; return false; } if (empty($boardid) || !is_numeric($boardid)) { $error_die[] = 'The id of the board was not entered or not valid'; return false; } $checktopic = call('sql_query', "SELECT * FROM forum_topics WHERE topic_id = '{$topicid}'"); $fetchtopicdata = call('sql_fetch_array', $checktopic); if (call('sql_num_rows', $checktopic) == 0) { $error_die[] = 'This topic does not exist'; return false; } if ($fetchtopicdata['thread_author'] != $user['user'] && !$user['delete_own_topic'] || !$user['delete_any_topic']) { $error_die[] = 'You do not have permission to delete this post'; return false; } if (!errors()) { $result = call('sql_query', "SELECT name_author, COUNT(id) as num_posts FROM forum_posts WHERE topic_id='{$topicid}' GROUP BY name_author"); if (call('sql_num_rows', $result) != 0) { while ($postdata = call('sql_fetch_assoc', $result)) { $result2 = call('sql_query', "UPDATE users SET posts=posts-" . $postdata['num_posts'] . " WHERE user='******'name_author'] . "'"); } } $topicdataquery = call('sql_query', "SELECT topic_id, latest_reply FROM forum_topics WHERE topic_id = '{$topicid}'"); $topicdata = call('sql_fetch_array', $topicdataquery); $topics_count = call('sql_query', "SELECT * FROM forum_topics WHERE board_id ='{$boardid}'"); $result7 = call('sql_query', "DELETE FROM forum_posts WHERE topic_id='{$topicid}'"); $del_posts = call('sql_affected_rows'); $result3 = call('sql_query', "DELETE FROM forum_topics WHERE topic_id='{$topicid}'"); if (call('sql_num_rows', $topics_count) > 0) { $result4 = call('sql_query', "SELECT * FROM forum_boards WHERE id='{$boardid}' AND last_msg='" . $topicdata['latest_reply'] . "'"); if (call('sql_num_rows', $result4) != 0) { $result5 = call('sql_query', "SELECT id, board_id, post_time FROM forum_posts WHERE board_id='{$boardid}' ORDER BY post_time DESC LIMIT 1"); $pdata = call('sql_fetch_assoc', $result5); $result6 = call('sql_query', "UPDATE forum_boards SET last_msg='" . $pdata['id'] . "', posts_count=posts_count-" . $del_posts . ", topics_count=topics_count-1 WHERE id='{$boardid}'"); } } else { $result6 = call('sql_query', "UPDATE forum_boards SET last_msg='0', posts_count=0, topics_count=0 WHERE id='{$boardid}'"); } return true; } }
function editlink($name, $link, $predefined, $rank, $authid, $window, $width = '', $height = '', $id) { global $user, $error, $error_die; if (empty($rank)) { $error[] = 'You must state who this board is visible to'; return false; } else { foreach ($rank as $key => $value) { $rank .= $value . ','; } $rank = str_replace('Array', '', $rank); $count = strlen($rank); $rank = substr($rank, 0, $count - 1); } if (!$user['admin_panel']) { $error_die[] = 'You do not have permission to do this'; //No one should be able to actually use this function except an admin, its there just to be safe ;) return false; } if (empty($name)) { $error[] = 'You must specify a name'; return false; } if (empty($link) && empty($predefined)) { $error[] = 'You must specify a url or a predefined page'; return false; } $sql = call('sql_query', "SELECT * FROM menu WHERE id = '{$id}'"); if (call('sql_num_rows', $sql) == 0) { $error[] = 'This link no longer exists'; return false; } if (!empty($predefined)) { $link = 'index.php?act=page&id=' . $predefined; } $authid = empty($authid) ? 0 : 1; if ($window == 'popup' && (empty($height) || empty($width) || !is_numeric($height) || !is_numeric($width))) { $error[] = 'You must specify the width/height for the popup as a whole number'; return false; } if (!errors()) { $query = call('sql_query', "UPDATE menu SET name = '{$name}', link = '{$link}', rank = '{$rank}', authid = '{$authid}', window='{$window}', width='{$width}', height='{$height}' WHERE id = '{$id}'"); if ($query) { return true; } } }
function login($username, $password, $remember, $token = '') { global $settings, $user, $error, $error_die; $result = call('sql_query', "SELECT * FROM users WHERE user = '******' AND pass = '******'"); $row = call('sql_fetch_array', $result); // Can they login? if (call('sql_num_rows', $result) == 0) { $error[] = 'Wrong Username or Password'; return false; } if ($row['allow_login'] == 0) { $error[] = 'Sorry, You can\'t login'; return false; } if ($username != $row['user']) { $error[] = 'Wrong Username or Password'; return false; } if ($password != $row['pass']) { $error[] = 'Wrong Username or Password'; return false; } if ($row['membergroup'] == 1) { $error[] = 'Sorry, You can\'t login your account needs to be activated'; return false; } if (!errors()) { $key = md5(call('generate_key', 32)); //Update there IP, last login and Session ID $sql = call('sql_query', "UPDATE users SET ssid = '{$key}', lastlogin = '******', ip = '" . call('visitor_ip') . "', agent = '" . $_SERVER['HTTP_USER_AGENT'] . "' WHERE id = '" . $row['id'] . "'"); //remove their IP from the user's online so it does not say they are a guest any more in the users online panel $query = call('sql_query', "DELETE FROM user_online WHERE ip = '" . call('visitor_ip') . "'"); $domain = $_SERVER['HTTP_HOST'] != 'localhost' ? $_SERVER['HTTP_HOST'] : false; //check if they want to be remembered if ($remember == 'on') { $time = time() + 60 * 60 * 24 * 100; } else { $time = time() + 3600; } //Dont want to be remembered so only keep them logged in for an hour setcookie(COOKIE_NAME, $key, $time, '', $domain); if ($sql) { return true; } } }
function addlink($name, $link, $rank, $predefined, $authid, $window, $width = '', $height = '') { global $user, $error, $error_die, $settings; if (empty($rank)) { $error[] = 'You must state who this board is visible to'; return false; } else { foreach ($rank as $key => $value) { $rank .= $value . ','; } $rank = str_replace('Array', '', $rank); $count = strlen($rank); $rank = substr($rank, 0, $count - 1); } if (!$user['admin_panel']) { $error_die[] = 'You do not have permission to do this'; //No one should be able to actually use this function except an admin, its there just to be safe ;) return false; } if (empty($name)) { $error[] = 'You must specify a name'; return false; } if (empty($link) && empty($predefined)) { $error[] = 'You must specify a url or a predefined page'; return false; } if ($window == 'popup' && (empty($height) || empty($width) || !is_numeric($height) || !is_numeric($width))) { $error[] = 'You must specify the width/height for the popup as a whole number'; return false; } if (!errors()) { if (!empty($predefined)) { $link = $settings['site_url'] . '/index.php?act=page&id=' . $predefined; } $sql = call('sql_query', "SELECT * FROM menu ORDER BY item_order DESC"); $fetch = call('sql_fetch_array', $sql); $order = call('sql_num_rows', $sql) == 0 ? 1 : $fetch['item_order'] + 1; $authid = empty($authid) ? 0 : 1; $query = call('sql_query', "INSERT INTO menu (name, link, rank, item_order, authid, window, height, width) VALUES ('{$name}', '{$link}', '{$rank}', '{$order}', '{$authid}', '{$window}', '{$height}', '{$width}')"); if ($query) { return true; } } }
function installtheme($folder, $visible) { global $user, $settings, $FUNCTIONS_LANG, $error, $error_die; if (empty($visible)) { $error[] = $FUNCTIONS_LANG["e_th_use_theme"]; return false; } else { foreach ($visible as $key => $value) { $visible .= $value . ','; } $visible = str_replace('Array', '', $visible); $count = strlen($visible); $visible = substr($visible, 0, $count - 1); } if (!$user['admin_panel']) { $error_die[] = $FUNCTIONS_LANG["e_permissions"]; //No one should be able to actually use this function except an admin, its there just to be safe ;) return false; } # tut tut, dont mess around with the URLs if (empty($folder)) { $error[] = $FUNCTIONS_LANG["e_th_install_theme"]; return false; } $sql = call('sql_query', "SELECT * FROM themes WHERE folder = '{$folder}'"); # Must have pressed refresh, silly admin if (call('sql_num_rows', $sql) != 0) { $error[] = $FUNCTIONS_LANG["e_th_already_installed"]; return false; } if (!errors()) { include 'themes/' . $folder . '/theme-info.php'; $query = call('sql_query', "INSERT INTO themes (theme_name, theme_author, author_site, author_email, theme_version, folder, theme_visibility, theme_preview) VALUES ('" . $theme['name'] . "', '" . $theme['author'] . "', '" . $theme['site'] . "', '" . $theme['email'] . "', '" . $theme['version'] . "', '{$folder}', '{$visible}', '" . $theme['preview'] . "')"); $theme_id = call('sql_insert_id'); # lets install all the theme settings if (is_array($theme['settings'])) { foreach ($theme['settings'] as $variable => $value) { $sql = call('sql_query', "INSERT INTO theme_settings (theme_id, variable, value) VALUES ('" . $theme_id . "', '" . $variable . "', '" . $value . "')"); } } if ($query) { return true; } } }
function togglepanel($id, $online) { global $user, $error, $error_die; if (!$user['admin_panel']) { $error_die[] = 'You do not have permission to do this'; //No one should be able to actually use this function except an admin, its there just to be safe ;) return false; } if (!errors()) { $query = call('sql_query', "UPDATE panels SET online='{$online}' where id='{$id}'"); if ($query) { return true; } else { $error[] = 'That panels Status could not be toggled, try editing it.'; return false; } } }
function updateprofile2($userid, $currentpass, $avatar, $signature, $token, $location, $bday1, $bday2, $bday3, $msn, $icq, $yim, $aim, $offset, $gender) { global $user, $error, $error_die; if (!empty($currentpass)) { if ($currentpass != $user['pass']) { $error[] = 'The current password entered is not correct'; return false; } } if (empty($currentpass)) { $error[] = 'You must enter your current password to update your profile'; return false; } call('checktoken', $token); $bday = !empty($bday1) ? $bday1 . '/' . $bday2 . '/' . $bday3 : ''; if (!preg_match("/^[a-zA-Z]+[:\\/\\/]+[A-Za-z0-9\\-_]+\\.+[A-Za-z0-9\\.\\/%&=\\?\\-_]+\$/i", $avatar) && !empty($avatar)) { $error[] = 'The avatar url entered is not valid'; return false; } if (!empty($avatar)) { $imagecheck = call('image_info', $avatar); if ($imagecheck == false) { return false; } } else { $imagecheck = true; } //revert the sanitization to get a correct character length reading $signature_decode = htmlspecialchars_decode($signature, ENT_QUOTES); if (strlen($signature_decode) > 300 && !empty($signature)) { $error[] = 'The Signature is too long'; return false; } if ($offset > 24 || $offset < -24) { $error[] = 'The offset entered is not valid'; return false; } if (!errors() && $imagecheck != false) { $sql = call('sql_query', "UPDATE users SET avatar = '{$avatar}', signature= '{$signature}', birthday = '{$bday}', location = '{$location}', msn = '{$msn}', icq = '{$icq}', yim = '{$yim}', aim = '{$aim}', gender = '{$gender}', offset = '{$offset}' WHERE id = '{$userid}'"); if ($sql) { return true; } } }