function user_info($_id = 0) { $id = $_id; if ($_id == 0 && is_authed()) { $id = $_SESSION['id']; } if (!is_authed() && $id == 0) { return null; } $uinfq = getsql()->query("SELECT * FROM `users` WHERE `id`=" . $id); // Make sure to destroy our session if this user doesn't exist anymore. if ($uinfq->num_rows == 0 && $id == $_SESSION['id']) { Header("Location: /logout?accdel"); } return $uinfq->fetch_object(); }
function display_wad_table($limit = 0) { echo "\n<table>\n\t<tr>\n\t\t<th></th>\n\t\t<th>File</th>\n\t\t<th>Size</th>\n\t\t<th>Uploaded by</th>\n\t\t<th>Date and time</th>\n\t\t<th>MD5</th>\n\t</tr>\n"; $db = getsql(); $limitstring = ''; if ($limit > 0) { $limitstring = " LIMIT {$limit}"; } $q = $db->query("SELECT * FROM `wads` ORDER BY `time` DESC {$limitstring}"); if ($q->num_rows < 1) { echo "\n<div id='serversbox'>\n\t<div style='width: 100%; text-align: center'>\n\t\tThere are no WADs uploaded yet.\n\t\t"; if (is_authed()) { echo "\n\t\t<br />\n\t\tFeel free to upload one from the main WADs page.\n\t\t"; } echo "\n\t</div>\n</div>\n\t\t\t\t\t"; } elseif ($q->num_rows > 0) { while ($o = $q->fetch_object()) { $id = $o->id; $size = human_filesize(filesize(disciple_json()->serverdata . '/wads/' . $o->filename)); $filename = $o->filename; $uploader = $o->uploader; $uploader_name = user_info($uploader)->username; $time = date('Y-m-d \\a\\t H:i:s', $o->time); echo "\n<tr id='wadrow-{$id}'>\n\t<td>\n"; if (is_authed()) { if (user_info()->userlevel >= UL_ADMINISTRATOR || $uploader == $_SESSION['id']) { echo "<a href='javascript:deleteWad({$id});' title='Delete'><i class='material-icons'>delete</i></a>"; } if (user_info()->userlevel >= UL_ADMINISTRATOR) { if ($db->query("SELECT * FROM `wadbans` WHERE `md5`='" . $o->md5 . "'")->num_rows == 0) { echo "<a href='javascript:banWad({$id});' title='Ban'><i class='material-icons'>not_interested</i></a>"; } else { echo "<a href='javascript:unbanWad({$id});' title='Unban'><i class='material-icons'>done</i></a>"; } } } echo "\n</td>\n<td><a href='/wads/{$filename}'>{$filename}</a></td>\n<td>{$size}</td>\n<td>{$uploader_name}</td>\n<td>{$time}</td>\n<td id='wadmd5-{$id}'><a href='javascript:wadMd5({$id});'>Show</a></td>\n</tr>\n"; } echo "</table>"; } }
<?php include dirname(dirname(dirname(__FILE__))) . '/common/config.php'; include dirname(dirname(dirname(__FILE__))) . '/common/session.php'; include 'apishared.php'; // A list of MD5s for all known commercial // IWADs. $iwadmd5 = array('740901119ba2953e3c7f3764eca6e128', 'b6afa12a8b22e2726a8ff5bd249223de', '9c877480b8ef33b7074f1f0c07ed6487', '049e32f18d9c9529630366cfc72726ea', '981b03e6d1dc033301aa3095acc437ce', '792fd1fea023d61210857089a7c1e351', '54978d12de87f162b9bcc011676cb3c0', '11e1cd216801ea2657723abc86ecb01f', '1cd63c5ddff1bf8ce844237f580e9cf3', 'c4fe9fd920207691a9f493668e0a2083', 'e4f120eab6fb410a5b6e11c947832357', '0c8758f102ccafe26a3040bee8ba5021', '72286ddc680d47b9138053dd944b2a3d', 'fb35c4a5a9fd49ec29ab6e900572c524', '7912931e44c7d56e021084a256659800', '3e410ecd27f61437d53fa5c279536e88', '30e3c2d0350b67bfbf47271970b74b2f', 'd9153ced9fd5b898b36cc5844e35b520', 'ea74a47a791fdef2e9f2ea8b8a9da13b', 'd7a07e5d3f4625074312bc299d7ed33f', 'c236745bb01d89bbb866c8fed81b6f8c', '3cb02349b3df649c86290907eed64e7b', '25e1459ca71d321525f84628f45ca8cd', 'a793ebcdd790afad4a1f39cc39a893bd', '43c2df32dc6c740cb11f34dc5ab693fa', 'c3bea40570c23e511a7ed3ebcd9865f7', 'f617591a6c5d07037eb716dc4863e26b', '43c2df32dc6c740cb11f34dc5ab693fa', 'a793ebcdd790afad4a1f39cc39a893bd', '4c3db5f23b145fccd24c9b84aba3b7dd', '9640fc4b2c8447bbd28f2080725d5c51', '75c8cf89566741fa9d22447604053bd7', '3493be7e1e2588bc9c8b31eab2587a04', 'b77ca6a809c4fae086162dad8e7a1335', '4e158d9953c79ccf97bd0663244cc6b6', '1d39e405bf6ee3df69a8d2646c8d5c49', 'be626c12b7c9d94b1dfb9c327566b4ff', '3117e399cdb4298eaa3941625f4b2923', '1e4cb4ef075ad344dd63971637307e04', '66d686b1ed6d35ff103f15dbd30e0341', '66d686b1ed6d35ff103f15dbd30e0341', 'c88a2bb3d783e2ad7b599a8e301e099e', 'b2543a03521365261d0a0f74d5dd90f0', 'abb033caf81e26f12a2103e1fa25453f', 'b68140a796f6fd7f3a5d3226a32b93be', '1077432e2690d390c256ac908b5f4efa', '78d5898e99e220e4de64edaa0e479593', '8f2d3a6a289f5d2f2f9c1eec02b47299', '2fed2031a5b03892106e0f117f17901f', '25485721882b050afa96a56e5758dd52'); $call = api_checkarg_post('fn'); if ($call == 'upload') { if (is_authed()) { if (intval($_SERVER['CONTENT_LENGTH']) > 0 && count($_POST) === 0) { Header("Location: /wads?toobig=" . $fn); exit; } if (isset($_POST['doup'])) { $target_dir = data_dir('/wads/'); $fn = basename($_FILES['file']['name']); $ext = pathinfo($fn, PATHINFO_EXTENSION); $fn = preg_replace('/[^a-zA-Z0-9_\\-\\.]+/', '', pathinfo($fn, PATHINFO_FILENAME)) . '.' . $ext; $target_file = $target_dir . $fn; $uploadOk = 1; $tmploc = $_FILES['file']['tmp_name']; $lext = strtolower($ext); if (!($lext == 'wad' || $lext == 'pk3' || $lext == 'pk7')) { Header("Location: /wads?badext={$ext}"); exit; } $md5 = md5_file($tmploc); if (in_array($md5)) { Header("Location: /wads?iwad");
<?php include 'init.php'; if (!is_authed()) { ?> <script type='text/javascript'> window.location = 'index.php'; </script> <?php } if (isset($_GET['f'])) { $f = $_GET["f"]; } $username = $_SESSION['username']; include 'info.php'; ?> <div style="text-align:center;" id="content"> <?php $query = "select * from user where username='******'"; $result = mysql_query($query); $row = mysql_fetch_array($result); $reffered = $row['reffered']; $viewRefPoints = $row['viewRefPoints']; $subRefPoints = $row['subRefPoints']; $likeRefPoints = $row['likeRefPoints']; $commentRefPoints = $row['commentRefPoints']; $watchRefPoints = $row['watchRefPoints']; $refPoints = $row['refPoints'];
function displayOpenForum($pageName = 'discuss', $name1, $deck, $body, $id, $action, $submit, $idFull, $idBase, $reply, $userName) { global $childObject; global $posts; global $currentId; global $currentIdIndex; $currentId = $id; $posts = array(); // Parse $IdFull to get $idPath $idsFull = explode(",", $idFull); if (count($idsFull) > 1) { $idPath = $idsFull[0]; } else { $idPath = '0'; } // Find "Forum" object $sql = "SELECT objects.id AS objectsId FROM wires, objects "; $sql .= "WHERE wires.fromid = '{$idPath}' AND wires.toid = objects.id AND objects.name1 LIKE 'Discussion Forum' "; $sql .= "AND wires.active = 1 AND objects.active = 1 "; $sql .= "ORDER BY objects.created DESC LIMIT 1"; $res = MYSQL_QUERY($sql); $row = MYSQL_FETCH_ARRAY($res); $obj = $row["objectsId"]; // Post a message if ($action == "post") { // Clean up input if (!get_magic_quotes_gpc()) { $name1 = "_" . $name1; $name1 = addslashes($name1); $deck = addslashes($deck); $body = addslashes($body); } // Process variables if (!$name1) { $name1 = "[No Subject]"; } $name1 = textFilter($name1); $deck = textFilter($deck); $body = textFilter($body); echo "new!" . $body; // Add object to database $sql = "INSERT INTO objects (created, modified, name1, deck, body) "; $sql .= "VALUES ('" . date("Y-m-d H:i:s") . "', '" . date("Y-m-d H:i:s") . "', '{$name1}', '{$deck}', '{$body}')"; $res = MYSQL_QUERY($sql); $insertId = MYSQL_INSERT_ID(); //echo "INSERT ID".$insertId; // Add wire to database // Need to convert id to just get last part for messageId $explodedId = explode(",", $id); $messageId = $explodedId[count($explodedId) - 1]; // echo "messageId = " . $messageId; $sql = "INSERT INTO wires (created, modified, fromid, toid) "; // $sql .= "VALUES('". date("Y-m-d H:i:s") ."', '". date("Y-m-d H:i:s") ."', '$id', '$insertId')"; $sql .= "VALUES('" . date("Y-m-d H:i:s") . "', '" . date("Y-m-d H:i:s") . "', '{$messageId}', '{$insertId}')"; $res = MYSQL_QUERY($sql); $id = null; // THIS $id? } // Write a message if ($action == "write") { if (is_authed()) { $html2 = "You are posting a message to the Discussion Forum.<br />"; $html2 .= "<a href='" . $pageName . ".html?action=viewall'>View All Messages</a><br /><br />"; $html2 .= "<br />"; $html2 .= "<table cellpadding='0' cellspacing='0' border='0'>"; $html2 .= "<form enctype='multipart/form-data' action='" . $pageName . ".html?action=post' method='post' style='margin: 0; padding: 0;'>"; $html2 .= "<tr><td width='90'>Subject </td>"; $html2 .= "<td><textarea name='name1' cols='50' rows='1'>"; // Add Re: if replying. Will need to get the previous object that you are replying to... ** IN PROCESS ** if ($reply) { $html2 .= "\nRe: " . $reply; } $html2 .= "</textarea></td></tr>"; $html2 .= "<tr><td>From </td>"; $html2 .= "<td><textarea name='deck' cols='50' rows='1'>" . $userName . "</textarea></td></tr>"; $html2 .= "<tr><td style='vertical-align: top;'>Message </td>"; $html2 .= "<td><textarea name='body' cols='50' rows='40'></textarea></td></tr>"; $html2 .= "<tr><td><!-- --></td>"; $html2 .= "<td><br />"; $html2 .= "<input name='id' type='hidden' value='" . $id . "' />"; $html2 .= "<input name='action' type='hidden' value='post' />"; $html2 .= "<input name='submit' type='submit' value='Post Message' />"; $html2 .= "</form></td></tr>"; $html2 .= "</table>"; // These are all of the variables which are posted here in this form // These must be passed in from the page that uses this function // $name1, $deck, $body, $id, $action, $submit echo $html2; } else { echo "Please <a href='" . $pageName . ".html?user=login'>LOG IN</a> or <a href='" . $pageName . ".html?user=register'>REGISTER</a> to post messages in the Discussion Forum."; } } // View message selected if ($id != $obj) { // systemForumMapper($idFull, 2, TRUE); // systemForumMapper("3,386,390", 2, TRUE); // systemForumMapper("0,386,390", 2, TRUE); $idBasePad = "0," . $idBase; systemForumMapper($idBasePad, 10, TRUE); $postOlderIndex = $currentIdIndex < 2 ? 1 : $currentIdIndex - 1; $postNewerIndex = $currentIdIndex > count($posts) - 2 ? count($posts) - 1 : $currentIdIndex + 1; $postNewer = $posts[$postNewerIndex]; $postOlder = $posts[$postOlderIndex]; /* // Debug for $ids passing echo "id = " . $id . " / " . "idFull = " . $idFull . " / " . "idBase = " . $idBase . " / " . "idBasePad = " . $idBasePad . "<br />"; echo $postOlderIndex . " / " . $postNewerIndex . "<br />"; echo $postOlder . " / " . $postNewer . "<br />"; */ // Get selected "Forum" object $sql = "SELECT * FROM objects WHERE id = '{$id}' AND objects.active = 1 LIMIT 1"; $res = MYSQL_QUERY($sql); $row = MYSQL_FETCH_ARRAY($res); if (!$action) { $html .= "<a href='" . $pageName . ".html?id={$postOlder}'>Previous</a> / "; $html .= "\n<a href='" . $pageName . ".html?action=viewall'>View All Messages</a> / "; $html .= "<a href='" . $pageName . ".html?id={$postNewer}'>Next</a>"; $html .= "\n<br />"; if (count($ids) < 2) { $replySubject .= substr($row['name1'], 1); //$idComplete = $idFull . "," . $id; //echo "<br />" . $id . "<br />" . $idFull . "<br />" . $idComplete; $html .= "\n<a href='" . $pageName . ".html?action=write&id={$idFull}&reply={$replySubject}'>Reply to this message</a>"; } // $html .= "\n<a href='".$pageName.".html?action=write&id=$idBase'>Post a new message</a> / "; // $html .= "\n<a href='".$pageName."Print.html?id=".$idFull."'>Print</a>"; $html .= "<br /><br />"; // Write out the body of the selected message // Account for "_" which is at the beginning of each open record if (substr($row['name1'], 0, 1) == "_") { $nameDisplay = substr($row['name1'], 1); } $html .= "\n<table cellspacing='0' cellpadding='0'>"; //$html .= "\n<tr><td style='padding-right: 12px;'>Subject</td><td>".$row['name1']."</td></tr>"; $html .= "\n<tr><td style='padding-right: 12px;'>Subject</td><td>" . $nameDisplay . "</td></tr>"; $html .= "\n<tr><td style='padding-right: 12px;'>Date</td><td>" . date('j F Y H:i:s', strtotime($row['created'])) . "</td></tr>"; $html .= "\n<tr><td style='padding-right: 12px;'>From</td><td>" . $row['deck'] . "</td></tr>"; $html .= "\n</table><br />"; $html .= "\n" . nl2br($row['body']) . "<br /><br />"; } if (!$action) { $html .= "<a href='" . $pageName . ".html?id={$postOlder}'>Previous</a> / "; $html .= "\n<a href='" . $pageName . ".html?action=viewall'>View All Messages</a> / "; $html .= "<a href='" . $pageName . ".html?id={$postNewer}'>Next</a>"; $html .= "\n<br />"; if (count($ids) < 2) { $replySubject .= substr($row['name1'], 1); $html .= "\n<a href='" . $pageName . ".html?action=write&id={$idFull}&reply={$replySubject}'>Reply to this message</a>"; } // $html .= "\n<a href='".$pageName.".html?action=write&id=$idBase'>Post a new message</a> / "; // $html .= "\n<a href='".$pageName."Print.html?id=".$idFull."'>Print</a>"; } echo $html; } if ($action == 'post') { $html3 = "You are posting to the Discussion Forum.<br />"; $html3 .= "<a href='" . $pageName . ".html?action=viewall'>View All Messages</a><br /><br />"; $html3 .= "Your message has been posted as of " . date('j F Y H:i:s') . "<br />"; $html3 .= "Please <a href='" . $pageName . ".html'>click here to continue</a>..."; echo $html3; } // Show all messages if ($id == $obj && !$action || $id == $obj && $action == 'viewall') { echo "You are viewing all posts in the Discussion Forum.<br /><br />"; systemForumMapper($id, 10); echo "<br /><a href='" . $pageName . ".html?action=write&id={$idFull}'>Post a new response to the essay</a><br/><br/>"; } }
<?php include dirname(dirname(__FILE__)) . '/common/pages.php'; include dirname(dirname(__FILE__)) . '/common/config.php'; if (!isset($_GET['sid']) || !is_authed()) { //Header("Location: /"); exit; } if (empty($_GET['sid'])) { //Header("Location: /"); exit; } $s = $_GET['sid']; $db = getsql(); $q = $db->query(sprintf("SELECT * FROM `servers` WHERE `sid`='%s'", $s)); ?> <?php sn_page_header('Manage Server'); ?> <?php sn_page_start_container(); ?> <h1>Manage Server</h1> <?php sn_page_cfooter(); ?> <?php sn_page_end_container(); sn_page_footer();