示例#1
0
文件: login.php 项目: exts/nab145
function login()
{
    global $logged, $permissions;
    if ($logged['username']) {
        if (!isset($_POST['submit'])) {
            echo '
					<form method="post" action="">
						<table width="100%" class="forum" cellspacing="1" cellpadding="0">
							<tr>
								<td class="category" colspan="2"><div class="cat_title">Please Login</div></td>
							</tr>
							<tr>
								<td width="100%" class="small_title" colspan="2" align="center"><span>Login in order to be able to manage the admin control panel.</span></td>
							</tr>
							<tr>
								<td width="20%" class="common">Username</td>
								<td width="80%" class="common"><input type="text" name="username" /></td>
							</tr>
							<tr>
								<td width="20%" class="common">Password</td>
								<td width="80%" class="common"><input type="password" name="password" /></td>
							</tr>
							<tr>
								<td colspan="2" align="center" class="common"><input type="submit" name="submit" value="Login" /></td>
							</tr>
						</table>
					</form>
				';
        } else {
            if (!empty($_POST['username']) and !empty($_POST['password'])) {
                $username = htmlspecialchars($_POST['username']);
                $password = htmlspecialchars($_POST['password']);
                $info = mysql_query("SELECT `salt`,`password`,`level` FROM `users` WHERE `username` = '" . $username . "'") or die(pageerror("SQL Error", "There was an error selecting information from database.", "Sorry there was an error trying to select user hash and user password from the Database."));
                $info_ = mysql_fetch_array($info);
                if (md5($info_['salt'] . $password) == $info_['password']) {
                    if ($permissions['admin'] == 't') {
                        $_SESSION['admin'] = true;
                        finished("Login Successful", "Your now logged in as an administrator", "You have successfully logged in as admin", "acp.php");
                    } else {
                        pageerror("Login Error", "Error logging into the admin panel.", "Sorry, you are not an administrator!");
                    }
                } else {
                    pageerror("Login Error", "Error logging into the admin panel.", "Sorry, the password was incorrect for this account.");
                }
            } else {
                pageerror("Login Error", "There was an error logging in.", "Sorry, but you left a field blank please go back and try again.");
            }
        }
    } else {
        finished("Login Error", "Session not found.", "In order to login to the administration you will need to login to the forums first for security reasons.", "index.php");
    }
}
    $query = "INSERT INTO `{$GLOBALS['mysql_prefix']}facilities` (\n\t\t\t`name`, `street`, `city`, `state`, `handle`, `icon_str`, `boundary`, `description`, `capab`, `status_id`, `contact_name`, `contact_email`, `contact_phone`, `security_contact`, `security_email`, `security_phone`, `opening_hours`, `access_rules`, `security_reqs`, `pager_p`, `pager_s`, `lat`, `lng`, `type`, `user_id`, `updated` )\n\t\t\tVALUES (" . quote_smart(trim($_POST['frm_name'])) . "," . quote_smart(trim($_POST['frm_street'])) . "," . quote_smart(trim($_POST['frm_city'])) . "," . quote_smart(trim($_POST['frm_state'])) . "," . quote_smart(trim($_POST['frm_handle'])) . "," . quote_smart(trim($_POST['frm_icon_str'])) . "," . quote_smart(trim($_POST['frm_boundary'])) . "," . quote_smart(trim($_POST['frm_descr'])) . "," . quote_smart(trim($_POST['frm_capab'])) . "," . quote_smart(trim($_POST['frm_status_id'])) . "," . quote_smart(trim($_POST['frm_contact_name'])) . "," . quote_smart(trim($_POST['frm_contact_email'])) . "," . quote_smart(trim($_POST['frm_contact_phone'])) . "," . quote_smart(trim($_POST['frm_security_contact'])) . "," . quote_smart(trim($_POST['frm_security_email'])) . "," . quote_smart(trim($_POST['frm_security_phone'])) . "," . quote_smart(trim($_POST['frm_opening_hours'])) . "," . quote_smart(trim($_POST['frm_access_rules'])) . "," . quote_smart(trim($_POST['frm_security_reqs'])) . "," . quote_smart(trim($_POST['frm_pager_p'])) . "," . quote_smart(trim($_POST['frm_pager_s'])) . "," . $frm_lat . "," . $frm_lng . "," . quote_smart(trim($_POST['frm_type'])) . "," . quote_smart(trim($_SESSION['user_id'])) . "," . quote_smart(trim($now)) . ");";
    $result = mysql_query($query) or do_error($query, 'mysql_query() failed', mysql_error(), __FILE__, __LINE__);
    $new_id = mysql_insert_id();
    $status_id = $_POST['frm_status_id'];
    //4/14/11
    foreach ($_POST['frm_group'] as $grp_val) {
        // 6/10/11
        if (test_allocates($new_id, $grp_val, 3)) {
            $query_a = "INSERT INTO `{$GLOBALS['mysql_prefix']}allocates` (`group` , `type`, `al_as_of` , `al_status` , `resource_id` , `sys_comments` , `user_id`) VALUES \n\t\t\t\t\t({$grp_val}, 3, '{$now}', {$status_id}, {$new_id}, 'Allocated to Group' , {$by})";
            $result_a = mysql_query($query_a) or do_error($query_a, 'mysql query failed', mysql_error(), basename(__FILE__), __LINE__);
        }
    }
    do_log($GLOBALS['LOG_FACILITY_ADD'], 0, mysql_insert_id(), $_POST['frm_status_id']);
    //	2/17/11
    $caption = "<B>Facility  <i>" . stripslashes_deep($_POST['frm_name']) . "</i> data has been updated.</B><BR /><BR />";
    finished($caption);
    // wrap it up
}
// end if ($_getgoadd == 'true')
// add ===========================================================================================================================
// add ===========================================================================================================================
// add ===========================================================================================================================
if ($_getadd == 'true') {
    print do_calls();
    // call signs to JS array for validation
    ?>
		</HEAD>
		<BODY onLoad = "ck_frames();" onUnload="GUnload()">
		<A NAME='top'>		<!-- 11/11/09 -->
<?php 
    require_once './incs/links.inc.php';
示例#3
0
文件: logreg.php 项目: exts/nab145
function do_register_2($TOS)
{
    global $logged;
    if (!$logged['username']) {
        if (!isset($_POST['register'])) {
            $Temp = new Template();
            $Temp->dir = $logged['dskin'];
            $Temp->file = 'register.tpl';
            $Temp->tp();
            $Temp->tr(array("TOS" => $TOS));
            echo $Temp->html;
        } else {
            $captcha_value = $_POST['verify'];
            $captcha = $_SESSION['captchastr'];
            $email = htmlspecialchars($_POST['email']);
            $email2 = htmlspecialchars($_POST['email2']);
            $pass = htmlspecialchars($_POST['password']);
            $pass2 = $_POST['password2'];
            $username = htmlspecialchars($_POST['name']);
            $user = mysql_query("SELECT * FROM `users` WHERE `username` = '" . $username . "' ");
            $user = mysql_num_rows($user);
            $TOSz = $_POST['TOS'];
            if ($user != 0) {
                die(pageerror("Registration Error", "There was an error in registering!", "User name already exists please try a new name!"));
            } elseif ($captcha_value != $captcha) {
                die(pageerror("Registration Error", "There was an error in registering!", "Your verification characters were incorrect.  Please go back and try again.  If you can't see the characters, refresh else contact the administrator."));
            } elseif (empty($username) || empty($pass) || empty($pass2) || empty($email) || empty($email2)) {
                die(pageerror("Registration Error", "There was an error in registering!", "There was a input left empty please go back and try again!"));
            } elseif (!isset($TOSz)) {
                die(pageerror("Registration Error", "There was an error in registering!", "In order to register on this site you must agree to TOS!"));
            }
            $ip = $_SERVER["REMOTE_ADDR"];
            $salt = substr(md5(uniqid(rand(), true)), 0, 5);
            $hash = md5($salt . $pass);
            $online = time();
            $timezone = intval(htmlspecialchars($_POST['timezone']));
            $new_user = mysql_query("INSERT INTO `users` (`username`,`password`,`email`,`ip`,`salt`,`online`,`timezone`) VALUES('" . $username . "','" . $hash . "','" . $email . "','" . $ip . "','" . $salt . "','" . $online . "','" . $timezone . "') ") or die(pageerror("Registration Error", "There was an error in registering!", "Something went wrong in the database please contact administrator!"));
            $users = mysql_query("SELECT `id` FROM `users` ORDER BY `id` DESC LIMIT 1");
            $users = mysql_fetch_array($users);
            $_SESSION['uid'] = $users['id'];
            $_SESSION['upass'] = htmlspecialchars($hash);
            finished("Registered Sucessfully!", $username . " now Logged in!", "Thank you now you are now logged in and Registered!", "index.php");
        }
    } else {
        finished("Register Error", "Error registering in.", "Sorry, but you are already logged in.  Please logout before you can reregister.", "index.php");
    }
}
示例#4
0
文件: modes.php 项目: exts/nab145
function moderator()
{
    //global vars
    global $logged, $permissions;
    //set up permissions id's and type id's
    $id = intval(htmlspecialchars(trim(strip_tags($_GET['id']))));
    $type = htmlspecialchars(trim(strip_tags($_GET['type'])));
    $tid = intval(htmlspecialchars($_GET['tid']));
    $posts = htmlspecialchars($_GET['post']);
    //check what type and modes where in
    switch ($type) {
        case "edit":
            switch ($posts) {
                case "topic":
                    echo "TOPIC";
                    //gets topic data from database
                    $tdata_ = mysql_query("SELECT * FROM `topics` WHERE `id` = '" . $id . "' ");
                    $tdata = mysql_fetch_array($tdata_);
                    //if they don't have permission
                    if (($permissions['e_topic'] != 't' and $logged['username'] != $tdata['username']) || $permissions['admin'] != 't') {
                        logs("Invalid User", "1");
                        pageerror("Topic Error", "There was an error editing topic.", "You don't have permissions to edit this topic!");
                    }
                    if (!isset($_POST['newtopic'])) {
                        $Temp = new Template();
                        $Temp->dir = $logged['dskin'];
                        $Temp->file = "newtopic.tpl";
                        $Temp->tp();
                        $Temp->tr(array('TOPIC_NAME' => 'Edit Topic', 'TITLE' => $tdata['title'], 'DESC' => $tdata['description'], 'POST' => '', '<<HIDE>>' => '<!--', '<<HIDE_2>>' => '-->'));
                        echo $Temp->html;
                    } else {
                        if (empty($_POST['title'])) {
                            pageerror("Topic Error", "There was an error editing topic", "Please check your post because you left the topic post or topic title blank!");
                        } else {
                            $ttitle = htmlspecialchars($_POST['title']);
                            $description = htmlspecialchars($_POST['tdesc']);
                            $ndata = @mysql_query("UPDATE `topics` SET `description` = '" . $description . "', `title` = '" . $ttitle . "' WHERE `id` = '" . $id . "' ");
                            if (!$ndata) {
                                pageerror("Topic Error", "There was an error editing topic", "There was an error updating sql: " . mysql_error());
                            }
                            finished("Topic Updated!", "Current Topic was Updated!", "Thank you now your topic was sucessfully updated.", "index.php?act=topicshow&id=" . $id);
                        }
                    }
                    break;
                case "reply":
                    //Selects reply data from db
                    $pdata_ = mysql_query("SELECT * FROM `replies` WHERE `id` = '" . $id . "' ");
                    $pdata = mysql_fetch_array($pdata_);
                    if ($permissions['e_post'] != 't' and $logged['username'] != $pdata['username'] or $permissions['admin'] != 't') {
                        logs("Invalid User", "1");
                        pageerror("Reply Error", "There was an error editing reply.", "You don't have permissions to edit this post!");
                    }
                    if (!isset($_POST['newreply'])) {
                        $Temp = new Template();
                        $Temp->dir = $logged['dskin'];
                        $Temp->file = "newreply.tpl";
                        $Temp->tp();
                        $Temp->tr(array('POST' => $pdata['post'], 'NAME' => "Edit Reply"));
                        echo $Temp->html;
                    } else {
                        $rpost = htmlspecialchars($_POST['post']);
                        if (empty($_POST['post'])) {
                            pageerror("Reply Error", "There was an error editing reply.", "You left the post field blank please go back and check again!");
                        } else {
                            $pdata = @mysql_query("UPDATE `replies` SET `post` = '" . $rpost . "' WHERE `id` = '" . $id . "' ");
                            if (!$pdata) {
                                pageerror("Reply Error", "There was an error editing reply.", "There was an sql error: " . mysql_error());
                            }
                            finished("Reply Updated!", "Current Post was Updated!", "Thank you now your reply was sucessfully updated.", "index.php?act=topicshow&id=" . $tid);
                        }
                    }
                    break;
            }
            break;
        case "delete":
            //Checks if user has permissiosn
            if ($permissions['d_post'] != 't') {
                logs("Invalid User", "1");
                pageerror("Topic Error", "There was an error opening topic.", "You don't have permissions to open this topic!");
            }
            switch ($posts) {
                case "reply":
                    if (!isset($_POST['submit'])) {
                        $Temp = new Template();
                        $Temp->dir = $logged['dskin'];
                        $Temp->file = "mode_delete.tpl";
                        $Temp->tp();
                        echo $Temp->html;
                    } else {
                        if (isset($_POST['del'])) {
                            if (mysql_query("DELETE FROM `replies` WHERE `id` = '" . $id . "'")) {
                                finished("Post deleted Successfully", "", "Your post was deleted successfully, please wait while your being redirected.", "index.php?act=topicshow&id=" . $tid);
                            } else {
                                pageerror("Deletion Error", "", "There was a problem deleting post, please contact the NevuxAB Support Tech.");
                            }
                        } else {
                            finished("Post Message", "", "No action was taken, please wait while your being redirected.", "index.php?act=topicshow&id=" . $tid);
                        }
                    }
                    break;
            }
            break;
        case "opentopic":
            if ($permissions['o_topic'] != 't') {
                logs("Invalid User", "1");
                pageerror("Topic Error", "There was an error opening topic.", "You don't have permissions to open this topic!");
            }
            $otopic = mysql_query("SELECT `closed` FROM `topics` WHERE `id` = '" . $tid . "' ");
            $otopic = mysql_fetch_array($otopic);
            if ($otopic['closed'] == 1) {
                pageerror("Topic Error", "", "Topic is already Opened!");
            } else {
                $topic_update = mysql_query("UPDATE `topics` SET `closed` = '1' WHERE `id` = '" . $tid . "' ");
                if (!$topic_update) {
                    pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error());
                }
                finished("Topic Updated!", "Current Topic was Pinned!", "Thank you now your topic was sucessfully opened.", "index.php?act=topicshow&id=" . $tid);
            }
            break;
        case "closetopic":
            if ($permissions['c_topic'] != 't') {
                logs("Invalid User", "1");
                pageerror("Topic Error", "There was an error closing topic.", "You don't have permissions to close this topic!");
            }
            $ctopic = mysql_query("SELECT `closed` FROM `topics` WHERE `id` = '" . $tid . "' ");
            $ctopic = mysql_fetch_array($ctopic);
            if ($ctopic['closed'] == 0) {
                pageerror("Topic Error", "", "Topic is already closed!");
            } else {
                $topic_update = mysql_query("UPDATE `topics` SET `closed` = '0' WHERE `id` = '" . $tid . "' ");
                if (!$topic_update) {
                    pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error());
                }
                finished("Topic Updated!", "Current Topic was Closed!", "Thank you now your topic was sucessfully Closed.", "index.php?act=topicshow&id=" . $tid);
            }
            break;
        case "sticktopic":
            if ($permissions['topic_pin'] != 't') {
                logs("Invalid User", "1");
                pageerror("Topic Error", "There was an error Pinning topic.", "You don't have permissions to Pin this topic!");
            }
            $stopic = mysql_query("SELECT `sticky` FROM `topics` WHERE `id` = '" . $tid . "' ");
            $stopic = mysql_fetch_array($stopic);
            if ($stopic['sticky'] == 0) {
                pageerror("Topic Error", "", "Topic is already Pinned!");
            } else {
                $topic_update = mysql_query("UPDATE `topics` SET `sticky` = '0' WHERE `id` = '" . $tid . "' ");
                if (!$topic_update) {
                    pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error());
                }
                finished("Topic Updated!", "Current Topic was Pinned!", "Thank you now your topic was sucessfully Pinned.", "index.php?act=topicshow&id=" . $tid);
            }
            break;
        case "unsticktopic":
            if ($permissions['topic_pin'] != 't') {
                logs("Invalid User", "1");
                pageerror("Topic Error", "There was an error Un-Pinning topic.", "You don't have permissions to Un-Pin this topic!");
            }
            $ustopic = mysql_query("SELECT `sticky` FROM `topics` WHERE `id` = '" . $tid . "' ");
            $ustopic = mysql_fetch_array($ustopic);
            if ($ustopic['sticky'] == 1) {
                pageerror("Topic Error", "", "Topic is already Un-Pinned!");
            } else {
                $topic_update = mysql_query("UPDATE topics SET sticky = '1' WHERE `id` = '" . $tid . "' ");
                if (!$topic_update) {
                    pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error());
                }
                finished("Topic Updated!", "Current Topic was Un-Pinned!", "Thank you now your topic was sucessfully Un-Pinned.", "index.php?act=topicshow&id={$tid}");
            }
            break;
        case "move":
            if ($permissions['m_topic'] != 't') {
                logs("Invalid User", "1");
                pageerror("Topic Error", "There was an error moving topic.", "You don't have permissions to move this topic!");
            }
            $nparent = htmlspecialchars($_POST['to']);
            if (isset($_POST['update'])) {
                $topic_update = mysql_query("UPDATE `topics` SET `fid` = '" . $nparent . "' WHERE `id` = '" . $id . "'");
                if (!$topic_update) {
                    pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error());
                }
                finished("Topic Updated!", "Current Topic was Pinned!", "Thank you now your topic was moved sucessfully.", "index.php?act=topicshow&id=" . $id);
            } else {
                $gettopics = mysql_query("SELECT * FROM `forums` ORDER BY `id` ASC");
                $values = "";
                while ($showtopics = MySQL_Fetch_Array($gettopics)) {
                    $values .= "<option value='" . $showtopics['id'] . "'>" . $showtopics['title'] . "</option>";
                }
                $Temp = new Template();
                $Temp->dir = $logged['dskin'];
                $Temp->file = "mode_move.tpl";
                $Temp->tp();
                $Temp->tr(array('OPTIONS' => $values));
                echo $Temp->html;
            }
            break;
    }
}
示例#5
0
文件: post.php 项目: exts/nab145
function RUN_Newtopic()
{
    global $logged, $permissions;
    if (is_numeric($_GET['id']) and !empty($_GET['id'])) {
        $id = intval(htmlspecialchars($_GET['id']));
    } else {
        pageerror("Topic Error", "", "Sorry, but there wasn't a forum id present.");
    }
    if (!getFP($id, 3)) {
        pageerror("Permission Error", "", "Sorry, but you don't have permissions to post a new topic.");
    }
    if (check_forum_lock($id) and $permissions['admin'] != 't') {
        pageerror("Forum Locked", "", "Sorry, you can't post a topic in here because this forum is locked");
    } else {
        $post = htmlspecialchars($_POST['post']);
        $ttitle = htmlspecialchars($_POST['title']);
        $tdesc = htmlspecialchars($_POST['tdesc']);
        $time = time();
        if (!isset($_POST['newtopic'])) {
            $Temp = new Template();
            $Temp->dir = $logged['dskin'];
            $Temp->file = "newtopic.tpl";
            $Temp->tp();
            $Temp->tr(array('TOPIC_NAME' => 'New Topic', 'TITLE' => '', 'DESC' => '', 'POST' => '', '<<HIDE>>' => '', '<<HIDE_2>>' => ''));
            echo $Temp->html;
        } else {
            if (!$logged['username']) {
                pageerror("Topic Error", "There was an error creating topic", "You don't have permissions to post a new topic!");
            }
            if (empty($post)) {
                pageerror("Topic Error", "There was an error creating topic", "Please check your post because you left the topic post blank!");
            } elseif (empty($ttitle)) {
                pageerror("Topic Error", "There was an error creating topic", "Please check your post because you left the topic title blank!");
            } else {
                update_post_count();
                $newtopic = mysql_query("INSERT INTO `topics`(`fid`,`date`,`timestamp`,`title`,`username`,`description`) VALUES('" . $id . "','" . $time . "','" . $time . "','" . $ttitle . "','" . $logged['username'] . "','" . $tdesc . "')") or die(pageerror("Topic Error", "Something went wrong in SQL", "Sorry, but your topic couldn't be created please contact the administrator with this error"));
                $nreply = mysql_query("SELECT `id` FROM `topics` ORDER BY `id` DESC LIMIT 1") or die("ERROR");
                $nreply = mysql_fetch_array($nreply);
                finished("Topic Created!", "New Topic was Created!", "Thank you now your topic was sucessfully created.", "index.php?act=topicshow&id=" . $nreply['id']);
                $new_reply = mysql_query("INSERT INTO `replies` (`tid`,`post`,`username`,`date`) VALUES('" . $nreply['id'] . "','" . $post . "','" . $logged['username'] . "','" . $time . "')") or die(pageerror("Reply Error", "There was a problem adding reply", "Something went wrong adding new reply"));
            }
        }
    }
}