function refuse_image($userid, $validator)
{
if ($userid == 17505 || $userid == 573633 || $userid == 625747 || $userid == 68767) {
die('Man kan inte ta bort denna bild...');
exit;
}
global $hp_path;
$query = 'UPDATE userinfo SET image = "3", image_validator = "' . $validator . '" ';
$query .= ' WHERE userid = "' . $userid . '" LIMIT 1';
mysql_query($query) or die;
if (unlink(PATHS_IMAGES . 'users/full/' . $userid . '.jpg') && unlink(PATHS_IMAGES . 'users/thumb/' . $userid . '.jpg')) {
guestbook_insert(array('sender' => 2348, 'recipient' => $userid, 'is_private' => 1, 'message' => mysql_real_escape_string('OBS! Detta meddelande har skickats automatiskt. Det är ingen idé att svara på meddelandet, kontakta någon ordningsvakt eller fråga i forumet.
Din bild har nekats, acceptera det.
Välj en ny bild som följer vår policy:
1) Bilden föreställer dig och ansiktet syns tydligt
2) Det är bara du på bilden
3) Ingen alkohol, ingen porr och inga nazistiska symboler
4) Inget som bryter mot Svensk lag, är upphovsrättskyddat eller är kränkande för någon person förekommer
5) Det är en skarp och ljus bild på dig
6) Bilden är inte taggad från någon annan sida ex. snyggast
7) Du har inte angett rätt ålder/kön så att det överensstämmer med personen på bilden')));
} else {
echo '<script language="javascript">alert("Ett fel uppstod när ' . $userid . '.jpg skulle tas bort!");</script>';
}
admin_report_event($_SESSION['login']['username'], 'Refused avatar', $userid);
log_admin_event('avatar validated', 'denied', $validator, $userid, 0);
//image id not available here
admin_action_count($_SESSION['login']['id'], 'avatar_denied');
}
function comment_answer($id, $reply)
{
$query = 'SELECT up.user, up.description, up.id, uc.user_id, uc.comment, l.username FROM user_photos AS up, user_comments AS uc, login AS l WHERE l.id = ' . $_SESSION['login']['id'] . ' AND uc.item_id = up.id AND up.user = '******'login']['id'] . ' AND uc.id = ' . $id . '';
$result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$data = mysql_fetch_assoc($result);
if ($data['user'] == $_SESSION['login']['id']) {
$query = 'UPDATE user_comments SET answer = "' . $reply . '", answerer_id = ' . $_SESSION['login']['id'] . ' WHERE id = ' . $id . ' LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$entry['sender'] = $_SESSION['login']['id'];
$message = $data['username'] . ' svarade precis på din kommentar till fotot: <br /><a href="/traffa/photos.php?id=' . $data['id'] . '#photo">' . (strlen($data['description']) > 1 ? $data['description'] : 'namnlös') . '</a>' . "\n\n";
$message .= '<strong>Din kommentar:</strong>' . "\n";
$message .= $data['comment'] . "\n\n";
$message .= '<strong>' . $data['username'] . '\'s svar:</strong>' . "\n";
$message .= $reply . "\n";
$entry['message'] = mysql_real_escape_string($message);
$entry['recipient'] = $data['user_id'];
guestbook_insert($entry);
} else {
jscript_alert('Nehejdu, den gick inte!');
}
}
function sex_sense_answer_distribute($options)
{
$options['id'] = $options['post_id'];
$options['ignore_no_posts_found_error'] = true;
$posts = sex_sense_fetch_posts($options);
if (count($posts) < 1) {
$options['is_answered'] = 0;
$posts = sex_sense_fetch_posts($options);
}
$post = array_pop($posts);
if ($post['forum_post_id'] == 0) {
return false;
}
foreach ($post['answers'] as $answer) {
if (isset($options['answer_id']) && $answer['id'] == $options['answer_id'] || !isset($options['answer_id'])) {
$forum_post['forum_id'] = '102';
$forum_post['author'] = $answer['user_id'];
$forum_post['parent_post'] = $post['forum_post_id'];
$forum_post['content'] = $answer['answer'];
discussion_forum_post_create($forum_post);
$direct_link = '/sex_och_sinne/';
$categories = sex_sense_fetch_categories(array('category_id' => $post['category_id']));
foreach ($categories as $category_tree) {
$category = array_pop($category_tree);
$direct_link .= $category['category_handle'] . '/';
}
$direct_link .= $post['handle'] . '.html';
$entry['recipient'] = $post['user_id'];
$entry['sender'] = 2348;
$entry['is_private'] = 1;
$message = 'En av dina frågor i Sex och sinne är besvarad.' . "\n";
$message .= 'Klicka här för att komma till frågan :) ' . "\n";
$message .= '<a href="' . $direct_link . '">http://hamsterpaj.net' . $direct_link . '</a>' . "\n";
$entry['message'] = mysql_real_escape_string($message);
guestbook_insert($entry);
}
}
}
} else {
$output .= '<h2>Du får inte starta diskussioner här</h2>' . "\n";
$output .= 'I den här kategorin får du inte starta några diskussioner, men kanske finns det några underkategorier du får det i?';
}
forum_update_category_session(array('category' => $category, 'threads' => $threads));
break;
case 'move_thread':
if (forum_security(array('action' => 'move_thread', 'thread' => $request['thread']))) {
$query = 'UPDATE forum_posts SET forum_id = "' . $request['new_category']['id'] . '" WHERE id = "' . $request['thread']['id'] . '" LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$message = 'Hej, din tråd i forumet med titeln "%TITLE%" har flyttats till %NEW_CATEGORY%.' . "\n";
$message .= 'Har du några frågor om varför tråden flyttades så kan du ta dem med %MOVERS_USERNAME%';
$message .= 'eller med någon annan ordningsvakt, du hittar sådana i modulen "Inloggade Ordningsvakter" till höger.' . "\n";
$message .= '/Webmaster';
$guestbook_message = array('sender' => 2348, 'recipient' => intval($request['thread']['author']), 'message' => mysql_real_escape_string(str_replace(array('%TITLE%', '%NEW_CATEGORY%', '%MOVERS_USERNAME%'), array($request['thread']['title'], $request['new_category']['title'], $_SESSION['login']['username']), $message)));
guestbook_insert($guestbook_message);
header('Location: ' . $request['new_category']['url']);
exit;
}
break;
case 'latest_threads':
$output .= '<h2>De 50 senaste trådarna i forumet</h2>' . "\n";
$post_options['threads_only'] = true;
$post_options['order-by'] = 'p.id';
$post_options['order-direction'] = 'DESC';
$post_options['limit'] = 50;
$post_options['max_userlevel'] = login_checklogin() ? $_SESSION['login']['userlevel'] : 0;
$threads = discussion_forum_post_fetch($post_options);
$output .= discussion_forum_thread_list($threads);
break;
case 'view_thread':
switch ($_POST['action']) {
case 'quality_level':
if (is_privilegied('read_only_admin')) {
$query = 'UPDATE login SET quality_level = "' . $_POST['quality_level'] . '", quality_level_expire = "' . $_POST['expire'] . '" WHERE id = "' . $user['id'] . '" LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
// trace('user_management_error', 'Query: ' . $query . ', Error: ' . mysql_error());
$user_session['login']['quality_level'] = $_POST['quality_level'];
$user_session['login']['quality_level_expire'] = $_POST['expire'];
echo '<p>User quality level updated</p>' . "\n";
preint_r($_POST);
} else {
echo 'Du har inte privilegier för att sätta RO\'s' . "\n";
}
break;
case 'gb_warning':
guestbook_insert(array('sender' => 2348, 'recipient' => $user['id'], 'is_private' => 1, 'message' => $_POST['message']));
echo '<p>Guestbook message sent</p>' . "\n";
break;
case 'user_abuse':
$query = 'INSERT INTO user_abuse (user, timestamp, admin, freetext) VALUES("' . $user['id'] . '", "' . time() . '", "' . $_SESSION['login']['id'] . '", "' . $_POST['freetext'] . '")';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
break;
}
if ($user['id'] != $_SESSION['login']['id']) {
session_save($user['session_id'], $user_session);
}
}
echo '<hr />' . "\n";
$out = '<h1 style="margin-top: 0px;"><a href="/traffa/profile.php?id=' . $user['id'] . '">' . $user['username'] . '</a>, member since ' . date('Y-m-d H:i', $user['regtimestamp']) . '</h1>' . "\n";
$out .= '<hr />' . "\n";
if (is_privilegied('read_only_admin')) {
$confirmed_recipients[] = $user_id;
}
break;
default:
die('THERE IS NO DEFAULT!');
break;
}
}
}
foreach ($confirmed_recipients as $recipient) {
$entry['sender'] = $send_from;
$entry['recipient'] = $recipient;
$entry['message'] = $_POST['message'];
$entry['is_private'] = $_POST['is_private'];
$entry['is_mass_gb'] = true;
if (!guestbook_insert($entry)) {
$out .= 'Failade att skicka meddelande till ' . $recipient . '.<br />' . "\n";
} else {
$out .= 'Meddelande skickat till ' . $recipient . '<br />';
}
}
preint_r($confirmed_recipients);
preint_r($entry);
}
$out .= '<fieldset>
<legend>MassGB-SPAM!</legend>
<style>
.recipient_filters li {
list-style-type:none;
}
.mass_gb_left_div {
<?php
require '../include/core/common.php';
if (login_checklogin() && is_privilegied('abuse_report_handler')) {
if (isset($_GET['report_id'], $_GET['reply']) && is_numeric($_GET['report_id'])) {
$query = 'UPDATE abuse SET reply="' . $_GET['reply'] . '", admin_id = ' . $_SESSION['login']['id'] . ', reply_timestamp = ' . time() . ' WHERE id = ' . $_GET['report_id'] . ' LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$query = 'SELECT reporter FROM abuse WHERE id = ' . $_GET['report_id'] . ' LIMIT 1';
$result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$data = mysql_fetch_assoc($result);
$message = 'Hej!' . "\n" . 'Din rapport som du skickade till oss tidigare idag är nu granskad av ' . $_SESSION['login']['username'] . '. Svaret på rapporten är:' . "\n";
$message .= $_GET["extra"] . "\n" . $_GET['reply'];
$message .= "\n\n" . 'Tack för att du hjälper oss att göra Hamsterpaj till ett bättre och mer trivsamt ställe. Keep on rocking!';
$message .= "\n\n" . '/Webmaster (referensnummret på rapporten är ' . $_GET['report_id'] . ')';
guestbook_insert(array('sender' => 2348, 'recipient' => $data['reporter'], 'message' => mysql_real_escape_string(htmlspecialchars($message))));
}
} else {
die("du har inte tillgång hit");
}
require '../include/core/common.php';
require_once PATHS_LIBRARIES . 'guestbook.lib.php';
require_once PATHS_LIBRARIES . 'userblock.lib.php';
if ($_POST['action'] == 'insert' && login_checklogin()) {
if (userblock_checkblock($_POST['recipient'])) {
die('FISK! Du är blockad!');
}
$entry['sender'] = $_SESSION['login']['id'];
$entry['recipient'] = $_POST['recipient'];
$entry['message'] = utf8_encode($_POST['message']);
$entry['is_private'] = $_POST['private'] == 1 ? 1 : 0;
if (isset($_POST['reply-to']) && is_numeric($_POST['reply-to'])) {
$entry['reply-to'] = $_POST['reply-to'];
}
guestbook_insert($entry);
//trace('guestbook', $entry['message']);
}
if ($_GET['action'] == 'delete' && login_checklogin()) {
$query = 'UPDATE traffa_guestbooks SET deleted = 1, `read` = 1 WHERE id = "' . $_GET['entry_id'] . '" AND recipient = "' . $_SESSION['login']['id'] . '" LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
}
if ($_GET['action'] == 'undelete' && login_checklogin()) {
$query = 'UPDATE traffa_guestbooks SET deleted = 0 WHERE id = "' . $_GET['entry_id'] . '" AND recipient = "' . $_SESSION['login']['id'] . '" LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
}
if ($_GET['action'] == 'private' && login_checklogin()) {
$query = 'UPDATE traffa_guestbooks SET is_private = 1 WHERE id = "' . $_GET['entry_id'] . '" AND recipient = "' . $_SESSION['login']['id'] . '" LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
}
if ($_GET['action'] == 'unprivate' && login_checklogin()) {
$suggestions = suggestion_fetch($fetch);
$suggestion = array_pop($suggestions);
suggestion_form($suggestion);
break;
case 'update':
$query = 'SELECT author FROM suggestions WHERE id = "' . $_POST['id'] . '" LIMIT 1';
$result = mysql_query($query);
if (mysql_num_rows($result) == 1) {
$data = mysql_fetch_assoc($result);
$message['recipient'] = $data['author'];
$message['sender'] = 2348;
$message['message'] = 'Hej, ditt förslag har uppdaterats, ny status för ditt förslag är: ' . $SUGGESTIONS['classifications'][$_POST['classification']]['label'] . '!' . "\n";
$message['message'] .= strlen($_POST['responsible_username']) > 1 ? 'Ansvarig för ditt förslag är: ' . $_POST['responsible_username'] : '';
$message['message'] .= "\n" . 'Texten i det berörda förslaget lyder: ' . "\n" . $_POST['text'];
$message['message'] .= "\n\n" . 'Svaret på ditt förslag lyder: ' . "\n" . $_POST['reply'];
guestbook_insert($message);
}
suggestion_update($_POST);
jscript_alert('Fixat och donat!');
jscript_location('/hamsterpaj/suggestions.php?action=view_waiting');
break;
case 'delete':
$options['id'] = $_GET['id'];
$options['display_level'] = 'removed';
suggestion_update($options);
break;
case 'view_waiting':
echo '<h1>Förslag som väntar på att granskas</h1>';
$fetch['classification'] = array('waiting');
$suggestions = suggestion_fetch($fetch);
suggestion_list($suggestions);
function group_invite_member($groupid, $username)
{
$query = 'SELECT id FROM login WHERE username = "******" LIMIT 1';
$result = mysql_query($query) or die(report_sql_error($query));
if (mysql_num_rows($result) == 0) {
jscript_alert('Personen du ville bjuda in finns inte');
jscript_location($_SERVER['PHP_SELF'] . '?action=goto&groupid=' . $groupid);
exit;
}
$data = mysql_fetch_assoc($result);
$userid = $data['id'];
$selectquery = 'SELECT COUNT(*) AS added FROM groups_members WHERE userid = ' . $userid . ' AND groupid = ' . $groupid;
$result = mysql_query($selectquery) or die(report_sql_error($query));
$data = mysql_fetch_assoc($result);
if ($data['added'] == 0) {
$query = 'SELECT name, owner FROM groups_list WHERE groupid = ' . $groupid;
$result = mysql_query($query) or die(report_sql_error($query));
$data = mysql_fetch_assoc($result);
$groupname = $data['name'];
$owner = $data['owner'];
$url = '/traffa/groups.php?action=invited_member&groupid=' . $groupid . '&userid=' . $userid;
$title = 'Inbjudan att gå med i gruppen: ' . $groupname;
$message = 'Du har blivit inbjuden till gruppen: ' . $groupname . '<br />';
$message .= 'Om du vill gå med i min grupp trycker du bara på länken här nedanför<br />';
$message .= '<a href="' . $url . '">[Bli medlem i gruppen]</a><br />';
$query = 'INSERT INTO groups_members (groupid, userid, approved) VALUES (' . $groupid . ',' . $userid . ', 3)';
mysql_query($query) or die(report_sql_error($query));
guestbook_insert(array('sender' => $owner, 'recipient' => $userid, 'is_private' => 1, 'message' => mysql_real_escape_string($message)));
} else {
jscript_alert("Du kan inte bjuda in denna person");
}
}
<?php
require '../include/core/common.php';
if (isset($_POST['recipient']) && isset($_POST['message']) && is_numeric($_POST['recipient'])) {
/* I'm not sure about how to do this session-login-thing without login_checklogin()... But i just copy-pasted from traffa/gb-reply.php */
if (login_checklogin()) {
if (userblock_check($_GET['userid'], $_SESSION['login']['id']) == 1) {
die('Fel: Användaren har blockerat dig.');
}
guestbook_insert(array('sender' => $_SESSION['login']['id'], 'recipient' => $_POST['recipient'], 'message' => $_POST['message']));
}
}
function wallpaper_verify_execute($id, $form)
{
if (!isset($id, $form)) {
die('Wrong parameters');
}
if (!is_numeric($id)) {
die('Soet hacker du :P');
}
$wallpapers = wallpaper_verify_fetch(array('id' => intval($id)));
$wallpaper_recipient = $wallpapers[0]['user_id'];
$form['verify_comment'] = $form['verify_comment'] == 'Skriv en kommentar här' ? '' : $form['verify_comment'];
if ($form['approved'] == 1) {
$query = 'UPDATE ' . WALLPAPERS_TABLE . ' SET is_verified = 1, verify_comment = "' . $form['verify_comment'] . '", verifier_user_id = ' . $_SESSION['login']['id'] . ' WHERE id = ' . intval($id) . ' LIMIT 1';
$wallpaper_status = 'tillagd!';
} elseif ($form['approved'] == 0) {
$query = 'UPDATE ' . WALLPAPERS_TABLE . ' SET is_verified = 1, is_removed = 1, verify_comment = "' . $form['verify_comment'] . '", verifier_user_id = ' . $_SESSION['login']['id'] . ' WHERE id = ' . intval($id) . ' LIMIT 1';
$wallpaper_status = 'nekad!';
} elseif ($form['approved'] == -1) {
$query = 'UPDATE ' . WALLPAPERS_TABLE . ' SET is_verified = 1, is_removed = 1, verify_comment = "' . $form['verify_comment'] . '", verifier_user_id = ' . $_SESSION['login']['id'] . ' WHERE id = ' . intval($id) . ' LIMIT 1';
$query_ban = 'UPDATE userinfo SET wallpapers_ban = ' . (time() + 60 * 60 * 24 * 7) . ' WHERE userid = ' . $wallpaper_recipient;
mysql_query($query_ban) or report_sql_error($query_ban, __FILE__, __LINE__);
$wallpaper_status = 'nekad! Du har även blivit bannad en vecka, se kommentaren nedan varför.';
}
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
//send gb-entry
$message .= 'Hej!' . "\n" . 'Din bakgrundsbild som du laddade upp till oss tidigare är nu granskad av ' . $_SESSION['login']['username'] . '.' . "\n";
$message .= 'Den blev ' . $wallpaper_status . '\\n';
if ($form['verify_comment'] != '') {
$message .= 'Hon eller han även har skivit en kommentar till dig:' . "\n";
$message .= $form['verify_comment'] . "\n";
}
$message .= "\n" . 'Tack för att du hjälper oss att göra Hamsterpaj till ett bättre och mer trivsamt ställe. Keep on rocking!';
$message .= "\n\n" . '/Webmaster (referensnummret till bakgrundsbilden är ' . intval($id) . ')';
guestbook_insert(array('sender' => 2348, 'recipient' => $wallpaper_recipient, 'message' => mysql_real_escape_string(htmlentities(utf8_decode($message), ENT_QUOTES, UTF - 8))));
return 'Fixat';
}
function photoblog_comments_reply($options)
{
if (!isset($options['reply']) || empty($options['reply'])) {
return;
// no need to throw an error, but no need to update the reply either.
}
if (!login_checklogin() || !isset($options['author']) || !is_numeric($options['author'])) {
throw new Exception('Author needs to be set and numeric');
}
if (!isset($options['comment_id']) || !is_numeric($options['comment_id'])) {
throw new Exception('Comment_id needs to set and numeric.');
}
$query = 'SELECT p.id, c.comment, c.author, p.description, l.username FROM user_photos AS p, login AS l, photoblog_comments AS c';
$query .= sprintf(' WHERE c.comment_id = %d AND p.user = %d', $options['comment_id'], $options['author']);
$query .= ' AND l.id = p.user AND p.id = c.photo_id';
$query .= ' LIMIT 1';
$result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$data = mysql_fetch_assoc($result);
if (mysql_num_rows($result) == 0) {
throw new Exception('Cannot reply to a comment that isn\'t yours');
}
$query = 'UPDATE photoblog_comments';
$query .= sprintf(' SET reply = "%s"', $options['reply']);
$query .= sprintf(' WHERE comment_id = %d', $options['comment_id']);
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$entry['sender'] = $_SESSION['login']['id'];
$message = $_SESSION['login']['username'] . ' svarade precis på din kommentar till fotot: <br /><a href="/fotoblogg/' . $data['username'] . '#image-' . $data['id'] . '">' . (strlen($data['description']) > 1 ? $data['description'] : 'namnlös') . '</a>' . "\n\n";
$message .= '<strong>Din kommentar:</strong>' . "\n";
$message .= $data['comment'] . "\n\n";
$message .= '<strong>' . $_SESSION['login']['username'] . '\'s svar:</strong>' . "\n";
$message .= $options['reply'] . "\n";
$entry['message'] = mysql_real_escape_string($message);
$entry['recipient'] = $data['author'];
guestbook_insert($entry);
}
