<?php
$availableStyles = array('global' => 'Default', 'dark' => 'Dark');
if ($_POST['form_sent']) {
$style = $_POST['style'];
if (!array_key_exists($style, $availableStyles)) {
Output::HardError($style . ' isn\'t a valid style.');
}
$_SESSION['atbbs_style'] = $style;
}
?>
<form action="" method="post">
<div class="row">
<label class="common" for="memorable_name">Memorable name</label>
<input type="text" id="memorable_name" name="memorable_name" class="inline" value="<?php
echo htmlspecialchars($User->UserName);
?>
" maxlength="100" />
</div>
<div class="row">
<label class="common" for="memorable_password">Memorable password</label>
<input type="password" class="inline" id="memorable_password" name="memorable_password" maxlength="100" />
<input type="password" class="inline" id="memorable_password2" name="memorable_password2" maxlength="100" />
<p class="caption">This information can be used to more easily <a href="<?php
echo THISURL;
?>
/restore_ID">restore your ID</a>. Password is optional, but recommended.</p>
</div>
<div class="row">
function Check4Filtered($headline, $body, $returnbool = false)
{
global $ANTIRANDOM, $User;
$hl_df = defuck_comment($headline);
$b_df = defuck_comment($body);
$res = DB::Execute("SELECT filText,filReason,filPunishType,filPunishDuration,filReplacement FROM {P}Filters");
$dbg = '';
while (list($fText, $fReason, $fPunishment, $fPunishTime, $fReplacement) = $res->FetchRow()) {
// Fastest string search method.
$idx = strpos($hl_df . ' ' . $b_df, $fText);
if ($idx === false) {
continue;
}
if ($returnbool === true) {
return true;
}
switch ($fPunishment) {
case 0:
// Just replace
$headline = str_ireplace($fText, $fReplacement, $headline);
$body = str_ireplace($fText, $fReplacement, $body);
break;
case 1:
// 403
header('HTTP/1.1 403 Forbidden');
Output::HardError("<b>ATBBS has denied your post, as it contains "" . htmlentities($fText) . "", which is banned for the following reason:</b><br />{$fReason}");
break;
case 2:
// Ban
AddBan($User->ID, $_SERVER['REMOTE_ADDR'], $fPunishTime, '<span class="tag filter">Filter</span>' . $fReason, 0);
break;
default:
// Ignore.
break;
}
}
$score = GetRandomScore($headline . ' ' . $body);
if ($score >= ANTIRANDOM_MAX_SCORE) {
if ($returnbool === true) {
return true;
}
header('HTTP/1.1 403 Forbidden');
Output::HardError("Your post contains random data (Score: {$score}, Max score: " . ANTIRANDOM_MAX_SCORE . "). Knock it the f**k off.");
exit;
}
Check4Ban(true);
if ($returnbool === true) {
return false;
}
return array($headline, $body);
}
static function GetEString($index, $allownull = false)
{
$r = GET::FetchIndex($index);
if (!$r && !$allownull) {
Output::HardError(sprintf('Index %s unavailable.', $index));
}
Output::CheckBuffer();
return Input::ToString($r);
}
if($to==$User->ID) $to='<a href="#">yourself</a>';
$title=htmlentities($title);
$date=calculate_age($date);
$url=THISURL.'/private_messages.php/thread/'.(($thread==0)?$id:$thread).'/#pm'.$id;
$body=parse($body);
echo "
<h3>$from sent $to "$title" $date ago.<span class=\"reply_id\"><a name=\"pm{$id}\" href=\"{$url}\">#{$id}</a></span></h3>
<div class=\"body\">
{$body}
</div>
";
}
if(!in_array($User->ID,$participants)) Output::HardError('You\'re not invited.');
?>
<form action="" method="post">
<h3><b>Reply to Private Thread:</b></h3>
<div class="body">
<input type="hidden" name="thread" value="<?=$view?>" />
<label for="to" class="common">To:<label><input type="text" name="to" value="<?=htmlentities($OP)?>" />
<label for="title" class="common">Title:<label><input type="text" name="title" value="<?=htmlentities('RE: '.$page_title)?>" />
<?=csrf_token()?>
<label for="body">Body:<label>
<textarea name="body"></textarea>
<input type="submit" value="Send" name="act" />
</div>
</form>
<?
$page_title="PM Thread: ".$page_title;
$flag_ostrich = POST::GetInt('ostrich_mode') == 1;
$flag_spoiler = POST::GetInt('spoiler_mode') == 1;
$snippet_len = POST::GetInt('snippet_length');
// Make some specific validations ...
if (!empty($_POST['form']['memorable_name']) && $_POST['form']['memorable_name'] != $user_config['memorable_name']) {
// Check if the name is already being used.
$res = DB::Execute('SELECT 1 FROM {P}UserSettings WHERE LOWER(usrName) = LOWER(' . DB::Q($_POST['form']['memorable_name']) . ')');
if ($res->RecordCount() > 0) {
add_error('The memorable name "' . htmlspecialchars($_POST['memorable_name']) . '" is already being used.');
}
}
if ($pass != $pass2) {
add_error(' Both password fields must match.');
}
if (!array_key_exists($theme, getAvailableThemes())) {
Output::HardError($theme . ' isn\'t a valid theme.');
}
if (!$erred) {
$User->UserName = $name;
$User->Email = $email;
$User->Flags = 0;
if ($flag_topics) {
$User->Flags |= FLAG_TOPICS;
}
if ($flag_ostrich) {
$User->Flags |= FLAG_OSTRICH;
}
if ($flag_spoiler) {
$User->Flags |= FLAG_SPOILER;
}
$User->SnippetLength = $snippet_len;
function check_length($text, $name, $min_length, $max_length)
{
$text_length = strlen($text);
if ($min_length > 0 && empty($text)) {
Output::HardError('The ' . $name . ' cannot be blank.');
} else {
if ($text_length > $max_length) {
Output::HardError('The ' . $name . ' was ' . number_format($text_length - $max_length) . ' characters over the limit (' . number_format($max_length) . ').');
} else {
if ($text_length < $min_length) {
Output::HardError('The ' . $name . ' was too short.');
}
}
}
}
if($User->isAdmin())
{
if($_POST['form_sent'])
{
if($_POST['post'])
{
//Determine author
if(isset($_POST['admin']) && $User->isAdmin())
{
$author = '<b><u>Sysop</u></b>';
} else {
$author = "?";
}
if(!isset($_POST['body']))
{
Output::HardError("It appears you did not actually type anything. Stopping here...");
} else {
$body = $_POST['body'];
}
//Actually do the posting... pretty messy but I don't really care
// I DO. PRETTIFIED.
DB::Execute('INSERT INTO {P}Bulletins (time, author, body) VALUES (UNIX_TIMESTAMP(),'.DB::Q($author).','.DB::Q($body).')');
redirect("Bulletin posted.");
}
} else {
?>
<form action="" method="post">
<h3>Add new bulletin</h3>
<div class="body">
<div class="noscreen">
// exit;
$congratulation = 'Reply edited.';
}
} else {
// or a topic...
check_length($headline, 'headline', MIN_LENGTH_HEADLINE, MAX_LENGTH_HEADLINE);
if (!$editing) {
//Lurk more?
if ($_SERVER['REQUEST_TIME'] - $_SESSION['first_seen'] < REQUIRED_LURK_TIME_TOPIC) {
Output::HardError('Lurk for at least ' . REQUIRED_LURK_TIME_TOPIC . ' seconds before posting your first topic.');
}
// Flood control.
$too_early = $_SERVER['REQUEST_TIME'] - FLOOD_CONTROL_TOPIC;
$res = DB::Execute(sprintf('SELECT 1 FROM {P}Topics WHERE author_ip = \'%s\' AND time > %d', $_SERVER['REMOTE_ADDR'], $too_early));
if ($res->RecordCount() > 0) {
Output::HardError('Wait at least ' . FLOOD_CONTROL_TOPIC . ' seconds before creating another topic. ');
}
// Prepare our query...
DB::Execute(sprintf('INSERT INTO {P}Topics (author, name, author_ip, headline, body, last_post, time) VALUES (\'%s\', \'%s\',\'%s\', \'%s\', %s, UNIX_TIMESTAMP(), UNIX_TIMESTAMP())', $author, $authorname, $_SERVER['REMOTE_ADDR'], $headline, DB::Q($body)));
$congratulation = 'Topic created.';
} else {
$sql = sprintf('UPDATE {P}Topics SET headline = \'%s\', name=\'%s\', body = %s, flags = %d, edit_time = UNIX_TIMESTAMP() WHERE id = %d', $headline, $authorname, DB::Q($body), 0 | 1 * $edit_mod, $_GET['edit']);
DB::Execute($sql);
$congratulation = 'Topic edited.';
}
}
// If all is well, execute!
if (!$erred) {
if ($unlock_table) {
DB::Execute('UNLOCK TABLE');
}
static function Flush()
{
// Prep Savant3
//
if(!isset(self::$tpl))
Output::PrepSV3();
if(defined('USING_NEW_TEMPLATE_FORMAT'))
{
$mb='';
$head=self::$tpl->fetch('gheader.tpl.php');
if(count(Output::$messages['__'])>0)
{
//echo '<!-- messagebox.tpl.php -->';
$mb=self::$tpl->fetch('messagebox.tpl.php');
}
$out=self::$tpl->fetch('pages/'.Output::$cpage.'.tpl.php');
if(self::$tpl->isError($out))
Output::HardError('Savant3 template error.<br />"'.$out->code.'"<br />Page ID:'.Output::$cpage);
else
echo $head.$mb.$out;
self::$tpl->display('footer.tpl.php');
} else {
self::$tpl->display('gheader.tpl.php');
}
if(defined('USING_PROFILER'))
{
//
}
die('</body></html>');
}
if(!defined('MOD_NAME'))
define('MOD_NAME','Wiseguy');
if(!defined('ROOT_ADMIN'))
$_SESSION['notice']="<b>NOTICE TO ADMINISTRATOR:</b> Please add <code>define('ROOT_ADMIN','(Your UID)');</code> to includes/config.php ASAP.";
Output::PrepSV3();
if(!defined('ADODB_DRIVER'))
die('Please finish <a href="/install">installing</a> ATBBS.');
// Connect to the database.
DB::Connect();
if(DB::NeedsUpgrade() && !defined('UPGRADER'))
Output::HardError('The database engine has determined that the database needs an upgrade. Please visit <a href="/upgrade/">ATBBS Upgrader</a> to remedy the problem.');
$User=new User();
$moderator = $User->isMod();
$administrator = $User->isAdmin();
if(!defined('INSTALLER'))
{
// Start buffering shit for the template.
ob_start();
}
Check4Ban();
// Dashboard sidebar
$sidebar=array(
'User Toolbox' => array(
$sql='UPDATE {P}Bans SET flags=flags|'.BANF_APPEAL_DENIED.' WHERE ';
$i=0;
foreach($_POST['deny_appeal'] as $uid)
{
if($i>0) $sql.=" OR ";
$i++;
$sql.='uid='.DB::Q($uid);
}
DB::Execute($sql);
?>
<p><?=$i?> appeals denied.</p>
<?
}
break;
default:
Output::HardError(htmlentities(Path::FetchIndex(0)).' is an unrecognized method.');
exit;
break;
}
Output::$tpl->display('dashfooter.tpl.php');
require('includes/footer.php');
// 3m2d = 3 months, 2 days from now
// 3000 = 3000s.
function ParseExpiry($str)
{
$tb = 0;
$sb = '';
while(strlen($str)>0)
{
public static function GetAll($sql)
{
self::$queries++;
self::$lastSQL = $sql;
if (!DB::$rdb) {
Output::HardError('<b>Database Connection Failure.</b>');
}
return DB::$rdb->GetAll(str_replace('{P}', ADODB_PREFIX, $sql));
}
<?php
include('include/header.php');
switch($_POST['act'])
{
case 'Send': // Reply
if(!csrf_check()) Output::HardError('Session error. Try again.');
//Lurk more?
if($_SERVER['REQUEST_TIME'] - $_SESSION['first_seen'] < REQUIRED_LURK_TIME_REPLY)
{
add_error('Lurk for at least ' . REQUIRED_LURK_TIME_REPLY . ' seconds before posting your first reply.');
}
// Flood control.
$too_early = $_SERVER['REQUEST_TIME'] - FLOOD_CONTROL_REPLY;
$res=DB::Execute(sprintf('SELECT 1 FROM {P}PMs WHERE pmFrom = \'%s\' AND pmDateSent > %d',$_SERVER['REMOTE_ADDR'], $too_early));
if($res->RecordCount() > 0)
{
add_error('Wait at least ' . FLOOD_CONTROL_REPLY . ' seconds between each reply. ');
}
//Check inputs
list($_POST['title'],$_POST['body'])=Check4Filter($_POST['title'],$_POST['body']);
$reply=new PM();
$reply->To = $_POST['to'];
$reply->From =$User->ID;
$reply->Title = $_POST['title'];
$reply->Body = $_POST['body'];
