| [Top level directory] [Classes] [Functions] [Constants] [Variables] |
XMB Open Source Forum Software - PHP Cross Reference |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * eXtreme Message Board 4 * XMB 1.9.11 5 * 6 * Developed And Maintained By The XMB Group 7 * Copyright (c) 2001-2010, The XMB Group 8 * http://www.xmbforum.com 9 * 10 * Sponsored By iEntry, Inc. 11 * http://www.ientry.com 12 * 13 * This program is free software; you can redistribute it and/or 14 * modify it under the terms of the GNU General Public License 15 * as published by the Free Software Foundation; either version 2 16 * of the License, or (at your option) any later version. 17 * 18 * This program is distributed in the hope that it will be useful, 19 * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 * GNU General Public License for more details. 22 * 23 * You should have received a copy of the GNU General Public License 24 * along with this program. If not, see <http://www.gnu.org/licenses/>. 25 * 26 **/ 27 28 define('X_SCRIPT', 'misc.php'); 29 30 require 'header.php'; 31 32 loadtemplates( 33 'functions_smilieinsert', 34 'functions_smilieinsert_smilie', 35 'misc_feature_not_while_loggedin', 36 'misc_feature_notavailable', 37 'misc_login_incorrectdetails', 38 'misc_login', 39 'misc_lostpw', 40 'misc_mlist', 41 'misc_mlist_admin', 42 'misc_mlist_multipage', 43 'misc_mlist_results_none', 44 'misc_mlist_row', 45 'misc_mlist_row_email', 46 'misc_mlist_row_site', 47 'misc_mlist_separator', 48 'misc_online', 49 'misc_online_admin', 50 'misc_online_multipage', 51 'misc_online_multipage_admin', 52 'misc_online_row', 53 'misc_online_row_admin', 54 'misc_online_today', 55 'misc_smilies', 56 'popup_footer', 57 'popup_header' 58 ); 59 60 smcwcache(); 61 eval('$css = "'.template('css').'";'); 62 63 $action = postedVar('action', '', FALSE, FALSE, FALSE, 'g'); 64 switch($action) { 65 case 'login': 66 nav($lang['textlogin']); 67 break; 68 case 'logout': 69 nav($lang['textlogout']); 70 break; 71 case 'search': 72 break; 73 case 'lostpw': 74 nav($lang['textlostpw']); 75 break; 76 case 'online': 77 nav($lang['whosonline']); 78 break; 79 case 'list': 80 nav($lang['textmemberlist']); 81 break; 82 case 'onlinetoday': 83 nav($lang['whosonlinetoday']); 84 break; 85 case 'captchaimage': 86 nav($lang['textregister']); 87 break; 88 case 'smilies': 89 nav($lang['smilies']); 90 break; 91 default: 92 header('HTTP/1.0 404 Not Found'); 93 error($lang['textnoaction']); 94 break; 95 } 96 97 $misc = $multipage = $nextlink = ''; 98 99 switch($action) { 100 case 'login': 101 $password = ''; 102 $invisible = formInt('hide'); 103 if ($invisible == 2) { // '2' may be set explicitly when we want to ignore this input. 104 $invisible = NULL; 105 } else { 106 $invisible = ($invisible == 1); 107 } 108 if (X_MEMBER) { 109 eval('$misc = "'.template('misc_feature_not_while_loggedin').'";'); 110 } elseif (noSubmit('loginsubmit')) { 111 eval('$misc = "'.template('misc_login').'";'); 112 } elseif (loginUser(postedVar('username'), md5($_POST['password']), $invisible, (formYesNo('secure') == 'yes'))) { 113 if ($server == 'Mic') { 114 $misc = message($lang['onlinelogin'], FALSE, '', '', $full_url, FALSE, TRUE, FALSE); 115 } else { 116 redirect($full_url, 0); 117 } 118 } else { 119 if ($self['status'] == "Banned") { 120 error($lang['bannedmessage']); 121 } else { 122 eval('$misc = "'.template('misc_login_incorrectdetails').'";'); 123 eval('$misc .= "'.template('misc_login').'";'); 124 } 125 } 126 break; 127 128 case 'logout': 129 if (X_GUEST) { 130 redirect($full_url, 0); 131 break; 132 } 133 134 $query = $db->query("DELETE FROM ".X_PREFIX."whosonline WHERE username='$xmbuser'"); 135 136 put_cookie("xmbuser", '', 0, $cookiepath, $cookiedomain); 137 put_cookie("xmbpw", '', 0, $cookiepath, $cookiedomain); 138 139 foreach($_COOKIE as $key=>$val) { 140 if (preg_match('#^fidpw([0-9]+)$#', $key)) { 141 put_cookie($key, '', 0, $cookiepath, $cookiedomain); 142 } 143 } 144 145 redirect($full_url, 0); 146 break; 147 148 case 'search': 149 $newurl = preg_replace('/[^\x20-\x7e]/', '', $url); 150 if (substr($newurl, -22) == 'misc.php?action=search') { 151 $newurl = substr($newurl, 0, -22).'search.php'; 152 } else { 153 $newurl = str_replace('misc.php?action=search&', 'search.php?', $newurl); 154 } 155 if ($newurl == $url) { // Unexpected query string. 156 $newurl = str_replace('&action=search', '', $newurl); 157 $newurl = str_replace('/misc', '/search', $newurl); 158 } 159 $newurl = substr($full_url, 0, -strlen($cookiepath)).$newurl; 160 header('HTTP/1.0 301 Moved Permanently'); 161 header('Location: '.$newurl); 162 exit; 163 164 break; 165 166 case 'lostpw': 167 if (X_MEMBER) { 168 eval('echo "'.template('header').'";'); 169 eval('echo "'.template('misc_feature_not_while_loggedin').'";'); 170 end_time(); 171 eval('echo "'.template('footer').'";'); 172 exit(); 173 } 174 175 if (noSubmit('lostpwsubmit')) { 176 eval('$misc = "'.template('misc_lostpw').'";'); 177 } else { 178 $username = postedVar('username'); 179 if (strlen($username) < 3) { 180 error($lang['badinfo']); 181 } 182 $email = postedVar('email'); 183 $query = $db->query("SELECT username, email, pwdate, langfile, status FROM ".X_PREFIX."members WHERE username='$username' AND email='$email'"); 184 if ($db->num_rows($query) != 1) { 185 error($lang['badinfo']); 186 } 187 $member = $db->fetch_array($query); 188 $db->free_result($query); 189 if ($member['status'] == 'Banned') { 190 error($lang['bannedmessage']); 191 } 192 193 $time = $onlinetime - 86400; 194 if ($member['pwdate'] > $time) { 195 error($lang['lostpw_in24hrs']); 196 } 197 198 $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz'; 199 $newpass = ''; 200 mt_srand((double)microtime() * 1000000); 201 $get = strlen($chars) - 1; 202 for($i = 0; $i < 13; $i++) { 203 $newpass .= $chars[mt_rand(0, $get)]; 204 } 205 $newmd5pass = md5($newpass); 206 207 $db->query("UPDATE ".X_PREFIX."members SET password='$newmd5pass', pwdate='".$onlinetime."' WHERE username='$member[username]' AND email='$member[email]'"); 208 209 $lang2 = loadPhrases(array('charset','textyourpw','textyourpwis','textusername','textpassword')); 210 $translate = $lang2[$member['langfile']]; 211 $emailuname = htmlspecialchars_decode($member['username'], ENT_QUOTES); 212 $emailaddy = htmlspecialchars_decode($member['email'], ENT_QUOTES); 213 $rawbbname = htmlspecialchars_decode($bbname, ENT_NOQUOTES); 214 $headers = array(); 215 $headers[] = smtpHeaderFrom($rawbbname, $adminemail); 216 $headers[] = 'X-Mailer: PHP'; 217 $headers[] = 'X-AntiAbuse: Board servername - '.$cookiedomain; 218 $headers[] = 'X-AntiAbuse: Username - '.$emailuname; 219 $headers[] = 'Content-Type: text/plain; charset='.$translate['charset']; 220 $headers = implode("\r\n", $headers); 221 altMail($emailaddy, '['.$rawbbname.'] '.$translate['textyourpw'], "{$translate['textyourpwis']} \n\n{$translate['textusername']} $emailuname\n{$translate['textpassword']} $newpass\n\n$full_url", $headers); 222 223 $misc .= '<span class="mediumtxt"><center>'.$lang['emailpw'].'</span></center><br />'; 224 $misc .= '<script>function redirect() {window.location.replace("index.php");}setTimeout("redirect();", 1250);</script>'; 225 } 226 break; 227 228 case 'online': 229 require ROOT.'include/online.inc.php'; 230 231 if ($SETTINGS['whosonlinestatus'] == 'off') { 232 header('HTTP/1.0 403 Forbidden'); 233 eval('echo "'.template('header').'";'); 234 eval('echo "'.template('misc_feature_notavailable').'";'); 235 end_time(); 236 eval('echo "'.template('footer').'";'); 237 exit(); 238 } 239 240 $count = $db->result($db->query("SELECT COUNT(*) FROM ".X_PREFIX."whosonline"), 0); 241 $mpage = multipage($count, $tpp, 'misc.php?action=online'); 242 $multipage =& $mpage['html']; 243 if (strlen($mpage['html']) != 0) { 244 if (X_ADMIN) { 245 eval('$multipage = "'.template('misc_online_multipage_admin').'";'); 246 } else { 247 eval('$multipage = "'.template('misc_online_multipage').'";'); 248 } 249 } 250 251 $where = "WHERE username != 'xguest123'"; 252 if (!X_ADMIN) { 253 $where .= " AND (invisible='0' OR username='$xmbuser')"; 254 } 255 256 // UNION Syntax Reminder: "Use of ORDER BY for individual SELECT statements implies nothing about the order in which the rows appear." 257 $sql = "SELECT username, 1 AS sort_col, MAX(ip) AS ip, MAX(`time`) as `time`, MAX(location) AS location, MAX(invisible) AS invisible " 258 . "FROM ".X_PREFIX."whosonline $where GROUP BY username, sort_col " 259 . "UNION ALL " 260 . "SELECT username, 2 AS sort_col, ip, `time`, location, invisible " 261 . "FROM ".X_PREFIX."whosonline WHERE username = 'xguest123' " 262 . "ORDER BY sort_col, username, `time` DESC " 263 . "LIMIT {$mpage['start']}, $tpp"; 264 $query = $db->query($sql); 265 266 $onlineusers = ''; 267 while($online = $db->fetch_array($query)) { 268 $array = url_to_text($online['location']); 269 $onlinetime = gmdate ($timecode, $online['time'] + ($timeoffset * 3600) + ($addtime * 3600)); 270 $username = str_replace('xguest123', $lang['textguest1'], $online['username']); 271 272 $online['location'] = shortenString($array['text'], 80, X_SHORTEN_SOFT|X_SHORTEN_HARD, '...'); 273 if (X_STAFF) { 274 $online['location'] = '<a href="'.$array['url'].'">'.shortenString($array['text'], 80, X_SHORTEN_SOFT|X_SHORTEN_HARD, '...').'</a>'; 275 $online['location'] = stripslashes($online['location']); 276 } 277 278 if ($online['invisible'] == 1 && (X_ADMIN || $online['username'] == $xmbuser)) { 279 $hidden = ' ('.$lang['hidden'].')'; 280 } else { 281 $hidden = ''; 282 } 283 284 if (X_SADMIN && $online['username'] != 'xguest123' && $online['username'] != $lang['textguest1']) { 285 $online['username'] = '<a href="member.php?action=viewpro&member='.recodeOut($online['username']).'">'.$username.'</a>'.$hidden; 286 } else { 287 $online['username'] = $username; 288 } 289 290 if (X_ADMIN) { 291 eval('$onlineusers .= "'.template('misc_online_row_admin').'";'); 292 } else { 293 $online['invisible'] = ''; 294 $online['ip'] = ''; 295 eval('$onlineusers .= "'.template('misc_online_row').'";'); 296 } 297 } 298 $db->free_result($query); 299 300 if (X_ADMIN) { 301 eval('$misc = "'.template('misc_online_admin').'";'); 302 } else { 303 eval('$misc = "'.template('misc_online').'";'); 304 } 305 306 break; 307 308 case 'onlinetoday': 309 if ($SETTINGS['whosonlinestatus'] == 'off' || $SETTINGS['onlinetoday_status'] == 'off') { 310 header('HTTP/1.0 403 Forbidden'); 311 eval('echo "'.template('header').'";'); 312 eval('echo "'.template('misc_feature_notavailable').'";'); 313 end_time(); 314 eval('echo "'.template('footer').'";'); 315 exit(); 316 } 317 318 $datecut = $onlinetime - (3600 * 24); 319 if (X_ADMIN) { 320 $query = $db->query("SELECT username, status FROM ".X_PREFIX."members WHERE lastvisit >= '$datecut' ORDER BY username ASC"); 321 } else { 322 $query = $db->query("SELECT username, status FROM ".X_PREFIX."members WHERE lastvisit >= '$datecut' AND invisible != '1' ORDER BY username ASC"); 323 } 324 325 $todaymembersnum = 0; 326 $todaymembers = array(); 327 $pre = $suff = ''; 328 while($memberstoday = $db->fetch_array($query)) { 329 $pre = '<span class="status_'.str_replace(' ', '_', $memberstoday['status']).'">'; 330 $suff = '</span>'; 331 $todaymembers[] = '<a href="member.php?action=viewpro&member='.recodeOut($memberstoday['username']).'">'.$pre.''.$memberstoday['username'].''.$suff. '</a>'; 332 ++$todaymembersnum; 333 } 334 $todaymembers = implode(', ', $todaymembers); 335 $db->free_result($query); 336 337 if ($todaymembersnum == 1) { 338 $memontoday = $todaymembersnum.$lang['textmembertoday']; 339 } else { 340 $memontoday = $todaymembersnum.$lang['textmemberstoday']; 341 } 342 eval('$misc = "'.template('misc_online_today').'";'); 343 break; 344 345 case 'list': 346 if ($SETTINGS['memliststatus'] == 'off') { 347 header('HTTP/1.0 403 Forbidden'); 348 eval('echo "'.template('header').'";'); 349 eval('echo "'.template('misc_feature_notavailable').'";'); 350 end_time(); 351 eval('echo "'.template('footer').'";'); 352 exit(); 353 } 354 355 356 /* Validate All Inputs */ 357 358 $order = postedVar('order', '', FALSE, FALSE, FALSE, 'g'); 359 $desc = postedVar('desc', '', FALSE, FALSE, FALSE, 'g'); 360 $page = getInt('page'); 361 $dblikemem = $db->like_escape(postedVar('srchmem', '', TRUE, FALSE, FALSE, 'g')); 362 $dblikeemail = $db->like_escape(postedVar('srchemail', '', TRUE, FALSE, TRUE, 'g')); 363 $dblikeip = $db->like_escape(postedVar('srchip', '', TRUE, FALSE, TRUE, 'g')); 364 365 if (strtolower($desc) != 'desc') { 366 $desc = 'asc'; 367 } 368 369 if ($order != 'username' && $order != 'postnum' && $order != 'status' && $order != 'location') { 370 $order = ''; 371 $orderby = 'regdate'; 372 } else if ($order == 'status') { 373 $orderby = "if (status='Super Administrator',1, if (status='Administrator', 2, if (status='Super Moderator', 3, if (status='Moderator', 4, if (status='Member', 5, if (status='Banned',6,7))))))"; 374 } else { 375 $orderby = $order; 376 } 377 378 if (!X_ADMIN) { 379 $dblikeip = ''; 380 $dblikeemail = ''; 381 $misc_mlist_template = 'misc_mlist'; 382 } else { 383 $misc_mlist_template = 'misc_mlist_admin'; 384 } 385 386 $where = array(); 387 $ext = array(); 388 389 if ($desc != 'asc') { 390 $ext[] = "desc=$desc"; 391 } 392 393 if ($order != '') { 394 $ext[] = 'order='.$order; 395 } 396 397 if ($dblikeemail != '') { 398 if (!X_SADMIN) { 399 $where[] = " email LIKE '%$dblikeemail%'"; 400 $where[] = " showemail='yes'"; 401 } else { 402 $where[] = " email LIKE '%$dblikeemail%'"; 403 } 404 $ext[] = 'srchemail='.rawurlencode(postedVar('srchemail', '', FALSE, FALSE, FALSE, 'g')); 405 $srchemail = postedVar('srchemail', 'javascript', TRUE, FALSE, TRUE, 'g'); 406 /* Warning: $srchemail is used for template output */ 407 } else { 408 $srchemail = ''; 409 } 410 411 if ($dblikeip != '') { 412 $where[] = " regip LIKE '%$dblikeip%'"; 413 $ext[] = 'srchip='.rawurlencode(postedVar('srchip', '', FALSE, FALSE, FALSE, 'g')); 414 $srchip = postedVar('srchip', 'javascript', TRUE, FALSE, TRUE, 'g'); 415 /* Warning: $srchip is used for template output */ 416 } else { 417 $srchip = ''; 418 } 419 420 if ($dblikemem != '') { 421 $where[] = " username LIKE '%$dblikemem%'"; 422 $ext[] = 'srchmem='.rawurlencode(postedVar('srchmem', '', FALSE, FALSE, FALSE, 'g')); 423 $srchmem = postedVar('srchmem', 'javascript', TRUE, FALSE, TRUE, 'g'); 424 /* Warning: $srchmem is used for template output */ 425 } else { 426 $srchmem = ''; 427 } 428 429 if (count($ext) > 0) { 430 $params = '&'.implode('&', $ext); 431 432 if ($ext[0] == 'desc=desc') { 433 array_shift($ext); 434 $sflip = ''; 435 } else { 436 $sflip = '&desc=desc'; 437 } 438 if (count($ext) > 0) { 439 if (substr($ext[0], 0, 6) == 'order=') { 440 $sflip .= '&'.array_shift($ext); 441 } 442 } 443 if (count($ext) > 0) { 444 $ext = '&'.implode('&', $ext); 445 } else { 446 $ext = ''; 447 } 448 } else { 449 $params = ''; 450 $sflip = '&desc=desc'; 451 $ext = ''; 452 } 453 454 $where[] = " lastvisit!=0 "; 455 $q = implode(' AND', $where); 456 $num = $db->result($db->query("SELECT COUNT(uid) FROM ".X_PREFIX."members WHERE $q"), 0); 457 $canonical = 'misc.php?action=list'; 458 $baseurl = $canonical.$params; 459 $mpage = multipage($num, $memberperpage, $baseurl, $canonical); 460 $multipage =& $mpage['html']; 461 if (strlen($mpage['html']) != 0) { 462 eval('$multipage = "'.template('misc_mlist_multipage').'";'); 463 } 464 unset($num, $where); 465 466 467 /* Generate Output */ 468 469 $querymem = $db->query("SELECT * FROM ".X_PREFIX."members WHERE $q ORDER BY $orderby $desc LIMIT {$mpage['start']}, $memberperpage"); 470 471 $adjTime = ($timeoffset * 3600) + ($addtime * 3600); 472 473 $replace = array('http://', 'https://', 'ftp://'); 474 $members = $oldst = ''; 475 if ($db->num_rows($querymem) == 0) { 476 eval('$members = "'.template('misc_mlist_results_none').'";'); 477 } else { 478 while($member = $db->fetch_array($querymem)) { 479 $member['regdate'] = gmdate($dateformat, $member['regdate'] + $adjTime); 480 481 if (X_MEMBER && $member['email'] != '' && $member['showemail'] == 'yes') { 482 eval('$email = "'.template('misc_mlist_row_email').'";'); 483 } else { 484 $email = ''; 485 } 486 487 $member['site'] = str_replace($replace, '', $member['site']); 488 $member['site'] = "http://$member[site]"; 489 490 if ($member['site'] == "http://") { 491 $site = ''; 492 } else { 493 eval('$site = "'.template('misc_mlist_row_site').'";'); 494 } 495 496 if ($member['location'] != '') { 497 $member['location'] = censor($member['location']); 498 } else { 499 $member['location'] = ''; 500 } 501 502 $memurl = recodeOut($member['username']); 503 if ($order == 'status') { 504 if ($oldst != $member['status']) { 505 $oldst = $member['status']; 506 $seperator_text = (trim($member['status']) == '' ? $lang['onlineother'] : $member['status']); 507 eval('$members .= "'.template('misc_mlist_separator').'";'); 508 } 509 } 510 eval('$members .= "'.template('misc_mlist_row').'";'); 511 } 512 $db->free_result($querymem); 513 } 514 515 if (strtolower($desc) == 'desc') { 516 $ascdesc = $lang['asc']; 517 } else { 518 $ascdesc = $lang['desc']; 519 } 520 eval('$memlist = "'.template($misc_mlist_template).'";'); 521 $misc = $memlist; 522 break; 523 524 case 'smilies': 525 $header = ''; 526 eval('$css = "'.template('css').'";'); 527 eval('$header = "'.template('popup_header').'";'); 528 eval('$footer = "'.template('popup_footer').'";'); 529 $smilies = smilieinsert('full'); 530 eval('$misc = "'.template('misc_smilies').'";'); 531 echo $header; 532 echo $misc; 533 echo $footer; 534 exit(); 535 break; 536 537 case 'captchaimage': 538 if ($SETTINGS['captcha_status'] == 'off') { 539 header('HTTP/1.0 403 Forbidden'); 540 eval('echo "'.template('header').'";'); 541 eval('echo "'.template('misc_feature_notavailable').'";'); 542 end_time(); 543 eval('echo "'.template('footer').'";'); 544 exit(); 545 } 546 require ROOT.'include/captcha.inc.php'; 547 header('X-Robots-Tag: noindex'); 548 $oPhpCaptcha = new Captcha(250, 50); 549 $imagehash = postedVar('imagehash', '', FALSE, TRUE, FALSE, 'g'); 550 $oPhpCaptcha->Create($imagehash); 551 exit(); 552 break; 553 554 default: 555 error($lang['textnoaction']); 556 break; 557 } 558 559 eval('$header = "'.template('header').'";'); 560 end_time(); 561 eval('$footer = "'.template('footer').'";'); 562 echo $header, $misc, $footer; 563 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Jan 26 20:11:23 2010 | Home | Forum | Download | SVN | Bug Tracker | Documentation | Cross-referenced by PHPXref 0.7 |