commit 80b07ae41e18182da327ee6997a4e3158b6c30cd Author: Josh Sherman Date: Sun Feb 14 11:40:14 2010 -0500 Added version 0.6.3 to the repository diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..ab9d4d9 --- /dev/null +++ b/COPYING @@ -0,0 +1,15 @@ + * Copyright (C) 2002 B Squared (b^2) by Josh Sherman + * + * This source and program come as is, WITHOUT ANY WARRANTY and/or + * WITHOUT ANY IMPLIED WARRANTY. + * + * B Squared (b^2) is Free Software released under the GNU/GPL license. + * + * The GNU General Public License is available in electronic form in it's + * entirety at http://www.gnu.org/licenses/gpl.html + * + * I can be reached by electronic mail if there are any questions or concerns + * about this software, or any other software that was written and / or + * distributed by Cleancode.org + * + * Software supplied and written by Josh Sherman, http://www.cleancode.org/ diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..774a4c8 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,292 @@ +B Squared (b^2) ChangeLog +~~~~~~~~~~~~~~~~~~~~~~~~~ +19-Oct-2003: 0.6.3 Released Today! + The b^2 project has been suspended indefinately by myself, + although other people have been developing and advancing the + software. On that note, 0.6.3 is a license update. b^2 is now + being distributed under the GNU GPL + (http://www.gnu.org/licenses/gpl.html) to allow any new + development to continue, and be distributed. + +25-Sep-2002: 0.6.1 & 0.6.2 Released Today!!! + Resolved an issue with the profiles that wouldn't allow the use + of double quotes (""), and the Yahoo! Pager name wasn't being + recored in the database either. The installer was broken, so I + fixed it (a couple times) and released another version today. + +24-Sep-2002: It was a bug fixing extravaganza!! Fixed a problem with the + profile images (bad URL resulted in some errors). Fixed a lone + undefined index on the scheme admin. Fixed the post thread and + reply pages to filter HTML differently, and not result in lost + data. Fixed the registration so it won't allow user's to use the +   character in a username. Fixed it so that you can have no + schemes without having it go to a crazy color scheme. Removed + the Message Admin and made the TOS and FAQ flat files (they are + in the ./language directory, so they can be translated later on + when the language pack support is fully complete). + +23-Sep-2002: Was offered $500 bucks for the "rights" to b^2... I declined. + +21-Sep-2002: Changed some of the verbage on the view_forums page, and added a + timestamp on the right side of the page. + +19-Sep-2002: Set the title of the pages to reflect the board name, and which + version of b^2 it is running, instead of just "[ Forum ]". + +18-Sep-2002: Added a function to email the admin with an error. At the moment + it only emails the admin on MySQL errors, and the options aren't + built into the installer yet. + +17-Sep-2002: Started implementing language packs to the board. This will allow + people to run the board in languages other than English. The + first thing to be migrated over is the installer, which is almost + complete. + +16-Sep-2002: 0.6.0 Released Today!!! + Fixed a problem when there are no moderators for a forum, it was + displaying errors instead of "--". + +15-Sep-2002: Fixed up the installer so it will let you download the config.php + file with E_ALL on in the php.ini file. + +14-Sep-2002: Tweaked out some more issues with b^2 generating notices, and + errors. + +13-Sep-2002: Fixed a boat load of issues when running b^2 on Windows 2000. The + issue turns out to be more of a PHP issue than anything. If you + have PHP set to issues all warnings and notices, then b^2 was + having a lot of issues. Now most (if not all) of those issues + have been fixed. Added a function to allow the easy retrieval of + values from the super globals. + +12-Sep-2002: Same ol', same ol'. Got the optimization done (well the portion + I was working on), alond with the documentation audit. Discovered + some problems with installing b^2 on a Windows system (of course). + More specifically, Windows NT/2000, running IIS, with the latest + versions of PHP and MySQL. I hope to have that resolved by the + time 0.6.0 is ready to release. + +11-Sep-2002: Continued to do housecleaning on the existing code, and re- + commenting parts of it. Should be ready to go by tomorrow. + +09-Sep-2002: Started optimizing my over-use of the echo command. And the + people rejoiced! Also, have been skimming the comments and + making sure they are accurate, and all that good stuff. And the + people rejoiced, again. + +06-Sep-2002: BETA-0.6.0 Released Today!!! + Added table prefixes when installing, along with a few other new + fields on the installation screen. There is form validation when + installing, and errors will be more descriptive (admin errors, not + generic user error messages). Quite a few miscellaneous bug fixes + on top of everything else. All the database calls have been + optimized, along with the error trapping (unless I overlooked + something). The installer now prompts the user to download the + config.php file if the script doesn't have permission to write to + the file. I was a bit disappointed with the original installer + from 0.5.0, hence the early beta release of 0.6.0. I felt the + amount of code changes warrented the beta release, as opposed to + version 0.5.1. + +05-Sep-2002: Continued my blitzkreig of code changes, most specifically, + optimizing the database calls, and adding secure error trapping. + +04-Sep-2002: Figured out the permissions problem when installing, the entire + folder needs to have public write permission. chmod 777 dir, then + attempt to install, and everything works perfectly. Started to + optimize / lock down the code for b^2. I'm going through and + adding error trapping, so the users will never interact with any + technical error messages (which can pose a security risk). Also + added a function for doing database queries, and have been adding + the static database variables to constants, instead of strings. + +03-Sep-2002: 0.5.0 Released Today!!! + Fixed a problem with the schemes, now if there are no active + schemes, the first scheme in the database will be set as the + active one (typically default). Built the installer, which is + about 90% functional. This means you can install the board, but + you have to make sure that the install.php file has the proper + permissions (chmod 666 install.php). The script is lacking form + validation, and advanced error checking, which will allow a user + to download the config file if the script doesn't have the right + permissions. Development (unstable) version 0.5.0 is being + packed up and shipped off to Freshmeat.net for it's initial + release. + +02-Sep-2002: Completed the scheme admin, with form checking and the like. + Added the General Admin section for updating the name of the + board, and the title image. Fixed some bugs, and planned out the + installation process. Now there is a config.php file that holds + the MySQL variables, along with the 'INSTALLED' global variable + which tells the script if it needs to run the installed or not. + +28-Aug-2002: Added the scheme admin. Changed the database slightly to include + a new table for board properties (title, title image, et cetera). + This is now a separate section from the schemes, which are fully + operational now. Was advised this evening, by one of the people + stress testing the board, that their attempted buffer overruns + resulted in lagging on their end. + +27-Aug-2002: Finished implementing changes to use customizable values for the + overall look and feel of the board. + +26-Aug-2002: Added more board properties to the database, 10 in all. The board + is pulling some of the properties from the database to generate + the page. Ended up killing the properties table, and creating a + schemes table which holds all of the customizable information. + Started implementing system wide changes to accomodate. + +24-Aug-2002: Administrators now have the ability to add / remove moderators + and administrators, along with editting "messages" which is a new + table in the database as well. There are currently two messages, + Terms of Service, and FAQ, both of which can be customized by the + board owner. Fixed a problem with the KeepSafe function for + securing the board. + +23-Aug-2002: Added tag and escape character stripping on the forum admin. + Added a confirmation script for use with such things as the delete + function on the forum admin. Changed up the logo slightly as + well. Fixed an error on the registration page that was + prohibiting new users to sign up. Added user administration tools + that allow administrators to edit all the user's profiles. + +22-Aug-2002: Changed the title logo again. The new logo, IMHO, is the best + one thus far. Fully implemented the forum admin, allowing for the + addition, removal, and modification of forums. The forum admin + is lacking input parsing which at the moment is leaving it a bit + insecure, and messy, since it still posts \' and \". + +21-Aug-2002: Fixed a hole in the profile system, for editting and viewing. + Added folder icons for the thread listing, four in all. New + threads, old threads, hot threads, and today's hot threads. + Fixed a problem with the page id's, should be the last time + anyone gets to see the internal path. Added a bit more + differentiation between the overlapping moderator and admin + tools. Now if a moderator / admin removed a thread, they will + redirected to the thread, and not the forum list. Deleting an + entire thread redirects to the forum the thread was in, and not + the forum list. Finished adding the add signature by default + options. New users will be able to specify if they want to + include their signature on new posts or not. This can be updated + any time via the profile editor. Began adding administrative + links across the top menu, which resulted in a problem with the + login script, which was correct (user's weren't being verified + correctly upon login). Implemented the forum order column in the + database, hence the new order. Began adding the forum editor for + administrators, allowing them to add new forums, delete and + modify existing ones. Fixed a bug that caused the view replies + page to freak out if a user was an administrator, but not a + moderator. + +20-Aug-2002: Fixed some holes in the user verification portion of the code + would allow any user to circumvent passworded areas and do things + like post messages without having accounts, and possibly pose as + existing users. Added IP logging on all posts, which are only + visible by the moderators for that particular forum. Also began + implementing moderator tools. Right now, a moderator can delete + an entire thread, or just certain replies to that thread. Added + the administrators table to the database, and functionality so + that an admin can delete threads / replies on any forum, + regardless of their moderator status for that forum. + +19-Aug-2002: There were a couple of random fixes over the weekend, but nothing + too important. Today the user's table was modified to include + a column that signifies if the user wants to add their signature + to new messages by default. There is currently no functionality + to set this value when registering a new account, or via the + profile editor. Also modified the date format on replies. + +16-Aug-2002: Changed up the view threads page a bit, made the location and + new thread links on the same line. Tweaked some of the table + attributes, and fixed some bugs with the moderator list, and the + last post for a forum. Shortened the max length for thread titles + from 128 characters, down to 64. Added more signature + functionality; now you get the choice weather or not you want the + signature to be added to the end of your message, but you will + only get the option if you have a prexisting signature in the + database (might end up giving people without signatures the + opportunity to set one up, without loosing the message they were + about to post). Fixed the double signature problem as well. + +15-Aug-2002: New logo / header / banner / image added today. Again, nothing + too fancy, I was a bit tired of the last image. Now the main page + displays the latest post time and user for each forum, and links + all of the usernames to the profiles. Fixed a problem with the + signatures, it was pulling the newest user's signature, instead of + the correct signature for the user. Now when previewing a new + post, you are shown your signature along with your message. + +14-Aug-2002: Added more functionality when editting a profile when an image + is involved. Also added a view profiles page that will display + a user's profile, if they are real users, users not in the + database will generate an error and alert the user. + +13-Aug-2002: Patched the bug in the view thread and reply pages that allowed + a user to crash the script and reveal the path. Added signatures + to the user's profile, that auto-populate when the user posts a + new thread or reply. Corrected a flaw when editting the + submitted information when registering, it wasn't carrying over + the "AOL Instant Messenger" field. Users can now access their + profile, and edit the information in it. + +12-Aug-2002: Updated the registration and login code to support encrypted + passwords. The passwords are encrypted via the crypt() function + with a random salt. Added more checking to posting messages and + registering a new account. Justin pointed out that you can post + empty messages just by putting a space in the field. When posting + a new thread, or a reply, the HTML special characters are + converted, which in turn eliminates the sight of \" and the like. + All HTML is ignored with the exception of
, only because the + board supports people posting line breaks in their messages. + Adding support for when there aren't any threads in a selected + forum and added a moderator listing on the view forums page, even + though there aren't any moderator functions yet. + +11-Aug-2002: Updated the database schemas (wiped all the existing data and + started fresh), this included tweaking some of the tables, and + adding a moderators table, for when I implement forum moderators. + When registering, users are prompted for more information, which + is shown when they post. The registration form needs some work to + ensure that people aren't trying to feed false information via the + querystring. Fixed a problem with the determining the total + number of posts. + +10-Aug-2002: Updated a lot of the variable calls to comply with the new PHP + setting of register_globals being off. Added some new code to the + post thread and post reply pages to make sure the user isn't + feeding bad information via the querystring. When someone + registers a new account, they will be forwarded back to the main + page (forum list) and have the option to automatically log in from + that page (thanks Matt!). When registering, the password is no + longer shown in plain text, and it must be at least 6 characters + long. + +09-Aug-2002: Added some directory security to the system. Now if a user tries + to call any of the directories in the structure, other than root, + it will redirect them to the main page. If the user attempts to + call any of the files directly, other than index.php they will be + redirected home as well. JavaScript form validation has been + added to the post thread and reply forms, as well as code to make + sure someone isn't trying to feed the form data via the + querystring. + +08-Aug-2002: Not only can user's sign up for an account, they can log in now + too! The login is working, but will need to be tweaked for + security purposes, plus most of the code built into the index.php + will be added into the include file as a function. Users can now + post new threads to the forums, as well as reply to existing + threads. Fixed the problem with the forum list reporting the + wrong number of posts. + +07-Aug-2002: Threw together a quick little banner / logo. Built out the page + to allow a user to sign up for an account. The page checks the + input from the user and all that good stuff, detecting malformed + requests (i.e. hack attempts) and blocks them. Registration only + requires minimal information (username, password, email address) + but will be expanded to support a full profile. Users can now set + up an account, but there are no actions for them yet. + +06-Aug-2002: Built out the database tables for the users, forums, threads, and + replies. Set up the directory structure. Built the index page, + along with the content pages to show the forum list, thread list, + and replies. diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000..4bf2924 --- /dev/null +++ b/INSTALL @@ -0,0 +1 @@ +Information on installing b^2 is contained in the README file. diff --git a/README b/README new file mode 100644 index 0000000..540e988 --- /dev/null +++ b/README @@ -0,0 +1,108 @@ +THANKS FOR DOWNLOADING b^2: + +The software is fairly new to the internet, so if you have any questions, email +me directly at josh@cleancode.org, that way I can compile a list of commonly +asked questions, and make this file a bit more robust. + +Also, if you are running Windows... sorry, the instructions are geared towards +the Linux OS, which b^2 was developed on. The steps you need to take are about +the same, but the syntax is a bit different, hopefully you'll be able to cope +with it. If anyone wants to write up some Windows directions, maybe I'll +include them with the next release. + + +INSTALLTION: + +Installation is pretty simple, first you will need to set up a database for b^2 +to use, that can be done with the following commands: + + bash$ mysql -u username -p + +Put your MySQL username in place of 'username' and type your password when +prompted. Now that you are logged into the MySQL server, you will need to +create your database, like so: + + mysql> CREATE DATABASE db_name; + +The db_name should be the name you want to call the database, I typically use +'b2' for my database name. + +Then put the b2-version.tar.gz file on your web server, and extract it like so: + + bash$ tar -xzvf b2-version.tar.gz + +where 'version' is the version you have (i.e. b2-0.6.0.tar.gz) + +Next, you need to (optionally) change the permissions of the folder you are +installing b^2 to. Do so like this: + + bash$ chmod 777 b2-version + +This step is now optional, but doing it this way is recommended, and a bit +easier in the long run. Once the permissions are set appropriately, move +into the directory: + + bash$ cd b2-version + +Now that we have the installation script ready to rock, all you will need to do +is go to the URL for the bulletin board (i.e. http://yoursite.com/b2-version/), +and you should be immediately presented with the installation script. Simply +fill out the form (in it's entirety) and click the install button. + +The script should install correctly (assuming you gave it the right information +for your MySQL database) and you will be ready to go! + +If you didn't give the script directory the right permissions, you will be +given the opportunity to download the 'config.php' file which will need to be +placed in the directory you installed b^2. + +If you did give the directory the right permissions, then I recommend changing +them back once the installation is complete: + + bash$ chmod 775 b2-version + +The last step is to check the permissions on the 'config.php' file. If you +downloaded the file and placed it in the directory, then it probably doesn't +have the right permissions, it will need to have read access on it. Just to +make sure, run the following: + + bash$ chmod 644 config.php + bash$ chown nobody config.php + +Change 'nobody' to whatever username you need the files to be owned by, some +boxes are different than others, just make sure all the files are owned by the +same username. + +That's it, if you'd like (I'd appreciate it as well), email me once you get +the board up and running. It's always makes my day to see something I wrote +in action. On top of that, I'd like to compile a list of sites using the +script to post on the b^2 site (http://www.cleancode.org/b2/) + +Enjoy! + + +FREQUENTLY ASKED QUESTIONS: + +Q: How do I add moderators to my forums? + +A: Moderator and administrator privileges are added via the "User Admin" + section of the site. Find the user you want to make a moderator, and + proceed to edit their profile. At the bottom you will see check boxes + that correspond with your forums, and one for admin rights. Check the + ones that apply, then submit (remember, you have to confirm it first) + the profile. The user should now be listed as a moderator for the + selected forums. + +Q: What can a moderator do? + +A: Moderators have the ability to delete threads and posts from a forum, + and see the poster's IP address. This will change over time, as new + abilities are coded in. Eventually, moderators will be able to edit + posts (so will the person who posted it), and ban certain users from + posting to a forum. + +Q: Can I redistribute my hax0red version of b^2? + +A: Yes, yes you can. If you have any other questions concerning + distribution and such, visit the GNU Genereal Public License site: + http://www.gnu.org/licenses/gpl.html diff --git a/SQL b/SQL new file mode 100644 index 0000000..3c32888 --- /dev/null +++ b/SQL @@ -0,0 +1,108 @@ +This file contains the SQL code to build out the databases, you really don't +need to be looking in there ya know! + + +create table forums + ( + forum_id int(10) not null auto_increment, + forum_order int(10) null, + forum_name varchar(64) not null, + forum_desc varchar(255) not null, + primary key(forum_id) + ); + +create table threads + ( + thread_id int(10) not null auto_increment, + thread_title varchar(64) not null, + thread_body text not null, + thread_time timestamp(14) not null, + user_id int(10) not null, + user_ip varchar(15) not null, + forum_id int(10) not null, + primary key(thread_id) + ); + +create table users + ( + user_id int(10) not null auto_increment, + user_name varchar(64) not null, + user_email varchar(128) not null, + user_pass varchar(64) not null, + user_location varchar(128) null, + user_occupation varchar(64) null, + user_homepage varchar(128) null, + user_picture varchar(128) null, + user_interests varchar(255) null, + user_aim varchar(16) null, + user_icq varchar(16) null, + user_yahoo varchar(32) null, + user_signature varchar(255) null, + user_usesig int(1) null default '0', + primary key(user_id) + ); + +create table replies + ( + reply_id int(10) not null auto_increment, + reply_body text not null, + reply_time timestamp(14) not null, + user_id int(10) not null, + user_ip varchar(15) not null, + thread_id int(10) not null, + forum_id int(10) not null, + primary key(reply_id) + ); + +create table moderators + ( + moderator_id int(10) not null auto_increment, + user_id int(10) not null, + forum_id int(10) not null, + primary key(moderator_id) + ); + +create table administrators + ( + admin_id int(10) not null auto_increment, + user_id int(10) not null, + primary key(admin_id) + ); + +create table messages + ( + message_id int(10) not null auto_increment, + message_name varchar(64) not null, + message_body text not null, + primary key(message_id) + ); + +create table schemes + ( + scheme_id int(10) not null auto_increment, + scheme_name varchar(64) not null, + scheme_desc varchar(255) not null default 'No description provided.', + background_color varchar(7) not null default '#FFFFFF', + table_border_color varchar(7) not null default '#000000', + table_border_size int(1) not null default '1', + header_background varchar(7) not null default '#FFFFFF', + menu_background varchar(7) not null default '#EEEEEE', + text_color varchar(7) not null default '#000000', + text_font varchar(64) not null default 'Verdana', + text_small int(2) not null default '10', + text_regular int(2) not null default '12', + link_color varchar(7) not null default '#000000', + table_header_background varchar(7) not null default '#000000', + table_header_text_color varchar(7) not null default '#FFFFFF', + table_color_1 varchar(7) not null default '#EEEEEE', + table_color_2 varchar(7) not null default '#CCCCCC', + error_message varchar(7) not null default '#FF0000', + active_scheme varchar(1) not null default '0', + primary key(scheme_id) + ); + +create table properties + ( + board_name varchar(64) not null default 'Forums', + title_image varchar(128) not null default './images/title.png' + ); diff --git a/THANKS b/THANKS new file mode 100644 index 0000000..b7c9646 --- /dev/null +++ b/THANKS @@ -0,0 +1,24 @@ +B Squared (b^2) Thank yous... + +Matt "Phone Zone" Naso This is the guy I have to blame for this + project. I guess it's my own fault for saying I + was bored and in need of a new project. Matt + proposed that I build a bulletin board (I was + going to at one time, but never did), and has + helped with testing the damn thing. + +Justin Justin's always been there to beta test, and + find all my little screw ups (ass). He's done + good, and is part of the reason the board is + deemed secure. + +Dean (Geekoid) This mofro is my partner in crime for the most + part. He will eventually be a developer on the + project, but for right now, he's just some guy + who makes my life a bit more complicated, but + he knows I love him ;) + +Me Well, the code didn't write itself... I've + invested a month of my life into this project + and I'm a couple more months building upon it, + I tend to think I deserve a thank you, too ;) \ No newline at end of file diff --git a/TODO b/TODO new file mode 100644 index 0000000..794b01a --- /dev/null +++ b/TODO @@ -0,0 +1,20 @@ +B Squared (b^2) TODO - Last Updated October 19th, 2003 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +add multi language support +emoticons! +add code to email the admin if there's a problem. + +add number of posts in the forum admin +add javascript form validation on the admin sections +update the email validation to allow emails with weird TLDs +Password recovery utility +Search +Add post options to the bottom of the pages +add forum jumped to the bottom of the pages +create a post nuke module for b^2 +support for PostgreSQL, MSSQL and flatfiles + +If you have any suggestions, please don't email me, as I am no longer tending to +this project. You are more than welcome to integrate your own features, and +possibly resolve the issues already on this list. Cheers! + diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..2a7b87b --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +Survey says... 0.6.3 diff --git a/content/edit_profile.php b/content/edit_profile.php new file mode 100644 index 0000000..25629a4 --- /dev/null +++ b/content/edit_profile.php @@ -0,0 +1,619 @@ + * + * * + * This script displays the contents for the 'Edit Profile' page. Don't * + * forget the 12 space indent for all content pages. * + * * + * Last modified : September 25th, 2002 (JJS) * +\******************************************************************************/ + +/* Make sure no one is calling this file directly */ +$file_name = "edit_profile.php"; + +/* Get the negative length of $file_name */ +$file_name_length = -(strlen($file_name)); + +/* Check if the values match, if so, redirect */ +if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name) + header("Location: ../index.php"); + +/* Grab the veriables submitted by the form */ +$email = GetVars("email"); +$old_email = GetVars("old_email"); +$location = GetVars("location"); +$occupation = GetVars("occupation"); +$homepage = GetVars("homepage"); +$picture = GetVars("picture"); +$interests = GetVars("interests"); +$aim = GetVars("aim"); +$icq = GetVars("icq"); +$yahoo = GetVars("yahoo"); +$signature = GetVars("signature"); +$include_sig = GetVars("include_sig"); +$action = GetVars("action"); +$step = GetVars("step"); + +/* Parse any user input */ +CheckVars(&$step, 1); +CheckVars(&$username, 64); +CheckVars(&$password, 64); +CheckVars(&$confirm_password, 64); +CheckVars(&$email, 128); +CheckVars(&$old_email, 128); +CheckVars(&$location, 128); +CheckVars(&$occupation, 64); +CheckVars(&$homepage, 128); +CheckVars(&$picture, 128); +CheckVars(&$interests, 255); +CheckVars(&$aim, 16); +CheckVars(&$icq, 16); +CheckVars(&$yahoo, 32); +CheckVars(&$signature, 255); +CheckVars(&$include_sig, 1); + +/* Check that the user isn't trying to mess with the $step variable */ +if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 && $step != 4 ) ) + $step = 1; + +/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */ +if ( ( ( $username == "" || $email == "" ) && ( $step == 3 || $step == 4 ) ) || + ( ( ( $step == 1 && ( $QUERY_STRING != "pid=edit_profile" && $QUERY_STRING != "pid=login" ) ) ) || + ( $step == 2 && $QUERY_STRING != "pid=edit_profile" ) || + ( $step == 3 && $QUERY_STRING != "pid=edit_profile&step=3" ) || + ( $step == 4 && $QUERY_STRING != "pid=edit_profile" ) ) || + ( ( $step != 1 && $step != 2 ) && + ( strlen(trim($username)) == 0 || strlen(trim($email)) == 0 ) ) ) + + { + echo "
Malformed request detected!

\n"; + $step = 1; + } + +/* On step 3 we have two choices, determine which step to go to based on the button the user clicks on */ +if ($action == "Edit Profile") + $step = 2; +else if ($action == "Submit Profile") + $step = 4; + +/* Parse some of the variables to ensure accurate values */ +if ( $step == 2 && $homepage == "" ) + $homepage = "http://"; + +if ( $step == 2 && $picture == "" ) + $picture = "http://"; + +/* Strip out html and slashes on step 2 */ +if ($step == 2) + { + $username = stripslashes(strip_tags($username)); + $password = stripslashes(strip_tags($password)); + $email = stripslashes(strip_tags($email)); + $location = stripslashes(strip_tags($location)); + $occupation = stripslashes(strip_tags($occupation)); + $homepage = stripslashes(strip_tags($homepage)); + $picture = stripslashes(strip_tags($picture)); + $interests = stripslashes(strip_tags($interests)); + $aim = stripslashes(strip_tags($aim)); + $icq = stripslashes(strip_tags($icq)); + $yahoo = stripslashes(strip_tags($yahoo)); + $signature = stripslashes(strip_tags($signature)); + } + +/* Step 3 too ... */ +if ($step == 3) + { + $username = stripslashes(strip_tags($username)); + $password = stripslashes(strip_tags($password)); + $email = stripslashes(strip_tags($email)); + $location = stripslashes(strip_tags($location)); + $occupation = stripslashes(htmlspecialchars($occupation)); + $homepage = stripslashes(strip_tags($homepage)); + $picture = stripslashes(strip_tags($picture)); + $interests = stripslashes(strip_tags($interests)); + $aim = stripslashes(strip_tags($aim)); + $icq = stripslashes(strip_tags($icq)); + $yahoo = stripslashes(strip_tags($yahoo)); + + /* Allowing CRs creates issues, this code should resolve them :) */ + $signature = stripslashes(htmlspecialchars($signature)); + $signature = nl2br($signature); + $signature = str_replace("
", "
", $signature); + } + +/* On step 4, clean up the signature */ +if ($step == 4) + { + $occupation = htmlspecialchars($occupation); + + $signature = htmlspecialchars($signature); + $signature = str_replace("<BR>", "
", $signature); + } + +/* Display the current step */ +switch ($step) + { + /* Display the current profile */ + default: + case 1: + /* Pull the number of accounts with the same username */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_name='$username';"; + $results = ExeSQL($SQL); + + /* Grab the data and assign it to variables */ + while ($row = mysql_fetch_array($results)) + { + $username = $row["user_name"]; + $password = ""; + $email = $row["user_email"]; + $location = $row["user_location"]; + $occupation = $row["user_occupation"]; + $homepage = $row["user_homepage"]; + $picture = $row["user_picture"]; + $interests = $row["user_interests"]; + $aim = $row["user_aim"]; + $icq = $row["user_icq"]; + $yahoo = $row["user_yahoo"]; + $signature = $row["user_signature"]; + $include_sig = $row["user_usesig"]; + } + + /* Display the HTML for the beginning of the form and table */ + echo "
\n" + . " \n" + . " \n" + . " \n" + . " \n"; + + /* Assign the active color to the inactive value */ + $the_color = TABLE_COLOR_2; + + /* Preview the mandatory fields ... */ + PreviewSection ( $password, "Password", &$the_color ); + PreviewSection ( $email, "Email", &$the_color ); + + /* ... and the optional ones */ + if ( $location != "" ) + PreviewSection( $location, "Location", &$the_color ); + + if ( $occupation != "" ) + PreviewSection( $occupation, "Occupation", &$the_color ); + + if ( $homepage != "" && $homepage != "http://" ) + PreviewSection( $homepage, "Homepage", &$the_color ); + + if ( $picture != "" && $picture != "http://" ) + PreviewSection ( $picture, "Picture", &$the_color ); + + if ( $interests != "" ) + PreviewSection ( $interests, "Interests", &$the_color ); + + if ( $aim != "" ) + PreviewSection ( $aim, "AOL Instant Messenger", &$the_color ); + + if ( $icq != "" ) + PreviewSection ( $icq, "ICQ", &$the_color ); + + if ( $yahoo != "" ) + PreviewSection ( $yahoo, "Yahoo Pager", &$the_color ); + + /* The signature is a different kind of field, so we handle it differently */ + if ( $signature != "" ) + { + /* Change to the other color */ + if ($the_color == TABLE_COLOR_1) + $the_color = TABLE_COLOR_2; + else + $the_color = TABLE_COLOR_1; + + /* Determine if the user is including the signature or not */ + if ($include_sig == 1) + $show_include = "You have chosen to include this signature on new posts."; + else + $show_include = "You have chosen to not include this signature on new posts."; + + /* Display the signature section of the form */ + echo " \n" + . " \n" + . " \n" + . " \n"; + } + + /* Finish off the HTML */ + echo "
$username's Profile
Signature:\n" + . " $signature

\n" + . " $show_include\n" + . " \n" + . " \n" + . "
\n" + . " \n" + . "

\n" + . "
\n"; + break; + + /* Display the form for the user to fill out */ + case 2: + ShowProfileForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig ); + break; + + /* Display the info the user supplied and prompt them to continue or edit */ + case 3: + /* Display the HTML */ + echo "
\n" + . " \n" + . " \n" + . " \n" + . " \n"; + + /* Assign second color as the active one */ + $the_color = TABLE_COLOR_2; + + /* Preview the mandatory sections */ + PreviewSection ( $username, "Username", &$the_color ); + PreviewSection ( $password, "Password", &$the_color ); + PreviewSection ( $email, "Email", &$the_color ); + + /* Along with the optional sections */ + if ( $location != "" ) + PreviewSection( $location, "Location", &$the_color ); + + if ( $occupation != "" ) + PreviewSection( $occupation, "Occupation", &$the_color ); + + if ( $homepage != "" && $homepage != "http://" ) + PreviewSection( $homepage, "Homepage", &$the_color ); + + if ( $picture != "" && $picture != "http://" ) + PreviewSection ( $picture, "Picture", &$the_color ); + + if ( $interests != "" ) + PreviewSection ( $interests, "Interests", &$the_color ); + + if ( $aim != "" ) + PreviewSection ( $aim, "AOL Instant Messenger", &$the_color ); + + if ( $icq != "" ) + PreviewSection ( $icq, "ICQ", &$the_color ); + + if ( $yahoo != "" ) + PreviewSection ( $yahoo, "Yahoo Pager", &$the_color ); + + /* The signature is a more complex section, hence more code */ + if ( $signature != "" ) + { + /* Swap out the colors */ + if ($the_color == TABLE_COLOR_1) + $the_color = TABLE_COLOR_2; + else + $the_color = TABLE_COLOR_1; + + /* Determine is the user is including the signatures or not */ + if ($include_sig == 1) + $show_include = "You have chosen to include this signature on new posts."; + else + $show_include = "You have chosen to not include this signature on new posts."; + + /* Display the HTML for the signautre section */ + echo " \n" + . " \n" + . " \n" + . " \n"; + } + + /* And close off the page */ + echo "
Profile Preview
Signature:\n" + . " $signature

\n" + . " $show_include\n" + . " \n" + . " \n" + . "
\n" + . " \n" + . "
\n" + . "
\n" + . " \n" + . "  \n" + . " \n" + . "
\n" + . "
\n"; + break; + + /* Check the user's input, add the user to the database, and display the results */ + case 4: + /* If the page was POSTed to, then continue */ + if ( $REQUEST_METHOD == "POST" ) + { + /* Start off with 0 errors */ + $no_err = 0; + + /* If the new and old email's don't match then ... */ + if ($email != $old_email) + { + /* ... then pull the number of email's that match */ + $SQL = "SELECT COUNT(*) as email_exists FROM " . TABLE_PREFIX . "users WHERE user_email='$email';"; + $results = ExeSQL($SQL); + + /* Grab the data */ + while ($row = mysql_fetch_array($results)) + { + /* If there are accounts with the same email ... */ + if ($row["email_exists"] != 0) + { + /* ... then let the user know */ + echo "
Someone has already registered using that email address!

\n"; + $no_err++; + } + } + } + + /* No errors means we continue with out plans */ + if ($no_err == 0) + { + /* Clear out the URL variables if they still contain 'http://' */ + if ($homepage == "http://") { $homepage = ""; } + if ($picture == "http://") { $picture = ""; } + + /* Crypt the password to a random salt */ + if ($password != "") + $password = crypt($password); + + /* If it doesn't equal 1, then set it equal to 0 */ + if ($include_sig != 1) + $include_sig = 0; + + /* If the password is blank, then don't update the password, if it isn't then do it! */ + if ($password != "") + $SQL = "UPDATE " . TABLE_PREFIX . "users SET user_email='$email', user_pass='$password', user_location='$location', user_occupation='$occupation', user_homepage='$homepage', user_picture='$picture', user_interests='$interests', user_aim='$aim', user_icq='$icq', user_yahoo='$yahoo', user_signature='$signature', user_usesig='$include_sig' WHERE user_name='$username';"; + else + $SQL = "UPDATE " . TABLE_PREFIX . "users SET user_email='$email', user_location='$location', user_occupation='$occupation', user_homepage='$homepage', user_picture='$picture', user_interests='$interests', user_aim='$aim', user_icq='$icq', user_yahoo='$yahoo', user_signature='$signature', user_usesig='$include_sig' WHERE user_name='$username';"; + + /* Execute the SQL query */ + $results = ExeSQL($SQL); + + /* Log the user in with their new password if they set one */ + if ($password != "") + { + SetCookie("user_name", $username, time() + 86400, '', $_SERVER['HTTP_HOST']); + SetCookie("user_pass", $password, time() + 86400, '', $_SERVER['HTTP_HOST']); + } + + /* Set the logged in variable to active */ + $logged_in = 1; + + /* Let the user know everything is cool */ + echo "
\n" + . " Your profile has been updated!
\n" + . "
\n" + . "
\n"; + + /* Display the forum list */ + require("./content/view_forums.php"); + + return; + } + else + { + /* If there's an error, then display the form again */ + ShowProfileForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig ); + } + } + else + { + /* This means someone way trying to feed the script false info, just let them know and show the form again */ + echo "
Malformed request detected!


\n"; + ShowProfileForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig ); + } + break; + } + +/* + * + */ + +function +ShowProfileForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig ) +{ + echo " \n"; + echo "
\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + $username = str_replace("\"", """, $username); + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + $password = str_replace("\"", """, $password); + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + $password = str_replace("\"", """, $password); + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + $email = str_replace("\"", """, $email); + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + $location = str_replace("\"", """, $location); + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + $occupation = str_replace("\"", """, $occupation); + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + $homepage = str_replace("\"", """, $homepage); + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + $picture = str_replace("\"", """, $picture); + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + $interests = str_replace("\"", """, $interests); + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + $aim = str_replace("\"", """, $aim); + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + $icq = str_replace("\"", """, $icq); + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + $yahoo = str_replace("\"", """, $yahoo); + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "
Required Information     Leave the password fields blank if you wish to keep your current password.
Username:$username
Password: Min 6 characters - Max: 64 characters
Confirm Password: Min: 6 characters - Max: 64 characters
Email: Max: 128 characters
Optional Information
Location: Max: 128 characters
Occupation: Max: 64 characters
Homepage: Max: 128 characters
Picture: Max: 128 characters
Interests: Max: 255 characters
AOL Instant Messenger: Max: 16 characters
ICQ: Max: 16 characters
Yahoo Pager: Max: 32 characters
Signature:\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + + if ($include_sig == 1) + $checked = " checked"; + else + $checked = ""; + + echo " \n"; + echo " \n"; + echo " \n"; + echo "
 Max: 255 characters
Include signature on new posts?
\n"; + echo "
\n"; + echo " \n"; + echo "

\n"; + echo "
\n"; +} + +function +PreviewSection ( $section_value, $section_title, $the_color ) +{ + if ($the_color == TABLE_COLOR_1) + $the_color = TABLE_COLOR_2; + else + $the_color = TABLE_COLOR_1; + + echo " \n"; + echo " $section_title:\n"; + echo " \n"; + + if ($section_title == "Password") + echo " Password is hidden for security purposes.\n"; + else + echo " $section_value\n"; + + if ($section_title == "Picture") + { + $profile_img = @getimagesize($section_value); + + $image_caption = "Image size"; + + if ($profile_img[0] > 320) + { + $profile_img[0] = 320; + $image_caption = "Scaled image size"; + } + if ($profile_img[1] > 240) + { + $profile_img[1] = 240; + $image_caption = "Scaled image size"; + } + + if ($profile_img[0] > $profile_img[1]) + $scale_img = "height=\"$profile_img[1]\""; + else + $scale_img = "width=\"$profile_img[0]\""; + + echo "

\n"; + echo " $image_caption: {$profile_img[0]}x{$profile_img[1]}\n"; + echo "
\n"; + } + + if ($section_title == "AOL Instant Messenger") + $section_title = "aim"; + else + $section_title = strtolower($section_title); + + if ($section_title == "yahoo pager") + $section_title = "yahoo"; + + /* URL encode the double quotes */ + $section_value = str_replace("\"", """, $section_value); + + echo " \n"; + echo " \n"; + echo " \n"; +} + +?> diff --git a/content/forum_admin.php b/content/forum_admin.php new file mode 100644 index 0000000..a66d297 --- /dev/null +++ b/content/forum_admin.php @@ -0,0 +1,364 @@ + * + * * + * This script displays the contents for the 'Forum Administration' page. * + * Don't forget the 12 space indent for all content pages. * + * * + * Last modified : September 13th, 2002 (JJS) * +\******************************************************************************/ + +/* Don't let people call this file directly */ +$file_name = "forum_admin.php"; + +/* Get the negative length of $file_name */ +$file_name_length = -(strlen($file_name)); + +/* Check if the values match, if so, redirect */ +if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name) + header("Location: ../index.php"); + +/* Grab the veriables held by superglobals */ +$forum_name = GetVars("forum_name"); +$forum_desc = GetVars("forum_desc"); +$forum_order = GetVars("forum_order"); +$old_name = GetVars("old_name"); +$type = GetVars("type"); +$action = GetVars("action"); +$step = GetVars("step"); + +/* Parse any user input */ +CheckVars(&$step, 1); +CheckVars(&$forum_name, 64); +CheckVars(&$forum_desc, 255); +CheckVars(&$forum_order, 10); +CheckVars(&$old_name, 64); + +/* Check that the user isn't trying to mess with the $step variable */ +if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 && $step != 4 && $step != 5 && $step != 6 ) ) + $step = 1; + +/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */ +if ( ( ( $forum_name == "" || $forum_desc == "" ) && ( $step == 3 || $step == 4 ) ) || + ( ( $step == 1 && $QUERY_STRING != "pid=forum_admin" ) || + ( $step == 2 && $QUERY_STRING != "pid=forum_admin&step=2" ) || + ( $step == 3 && $QUERY_STRING != "pid=forum_admin&step=3" ) || + ( $step == 4 && $QUERY_STRING != "pid=forum_admin" ) || + ( $step == 5 && $QUERY_STRING != "pid=forum_admin" ) ) || + ( ( $step != 1 && $step != 2 ) && + ( strlen(trim($forum_name)) == 0 || strlen(trim($forum_desc)) == 0 ) ) ) + + { + /* Give them an error if they are, and send them back to step 1 */ + echo "
Malformed request detected!

\n"; + $step = 1; + } + +/* There are different actions that can be performed, figure out which one */ +if ($action == "Edit Forum") + $step = 2; +else if ($action == "Edit") + { + $step = 2; + $type = "existing"; + } +else if ($action == "Submit Forum") + $step = 4; +else if ($action == "Delete") + $step = 6; + +/* If the user is submitting an existing forum for editting, then do to step 5 */ +if ( $step == 4 && $type != "" ) + $step = 5; + +/* Strip out all escape characters */ +if ( $step == 2 || $step == 3 ) + { + $forum_name = stripslashes(strip_tags($forum_name)); + $forum_desc = stripslashes(strip_tags($forum_desc)); + $old_name = stripslashes(strip_tags($old_name)); + } + +/* Execute the requested step */ +switch ($step) + { + /* Show the forum list */ + default: + case 1: + ShowForums(); + break; + + /* Display the new forum page */ + case 2: + ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type ); + break; + + /* Show preview */ + case 3: + echo "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
Forum Preview
Forum Name:\n" + . " $forum_name\n" + . " \n" + . "
Forum Description:\n" + . " $forum_desc\n" + . " \n" + . "
Forum Order:\n" + . " $forum_order\n" + . " \n" + . "
\n" + . " \n" + . " \n" + . " \n" + . "
\n" + . "
\n" + . " \n" + . "  \n" + . " \n" + . "
\n" + . "
\n"; + break; + + /* Add the new forum to the database */ + case 4: + /* If the form was posted, then analyze it and add it */ + if ( $REQUEST_METHOD == "POST" ) + { + /* Set the error to zero */ + $no_err = 0; + + /* Pull the number of forums with the same name */ + $SQL = "SELECT COUNT(*) as forum_exists FROM " . TABLE_PREFIX . "forums WHERE forum_name='$forum_name';"; + $results = ExeSQL($SQL); + + /* Grab the data, and tell the user if the forum already exists */ + while ($row = mysql_fetch_array($results)) + { + if ($row["forum_exists"] != 0) + { + echo "
A forum by that name already exists!

\n"; + $no_err++; + } + } + + /* If there were no errors */ + if ($no_err == 0) + { + /* Add the new forum to the database */ + $SQL = "INSERT INTO " . TABLE_PREFIX . "forums (forum_name, forum_desc, forum_order) VALUES ('$forum_name', '$forum_desc', '$forum_order');"; + $results = ExeSQL($SQL); + + /* Let the user know everything went fine, and show the forum list */ + echo "
The new forum has successfully been added!

\n"; + ShowForums(); + return; + } + else + ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type ); + } + else + { + /* If it wasn't posted, then give the user an error, and send them back */ + echo "
Malformed request detected!

\n"; + ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type ); + } + break; + + /* Update an existing forum */ + case 5: + /* Check if the form is posted */ + if ( $REQUEST_METHOD == "POST" ) + { + /* Set the errors to zero */ + $no_err = 0; + + /* If the old name and new name don't match then ... */ + if ($forum_name != $old_name) + { + /* Pull the number of forums with the same name */ + $SQL = "SELECT COUNT(*) as forum_exists FROM " . TABLE_PREFIX . "forums WHERE forum_name='$forum_name';"; + $results = ExeSQL($SQL); + + /* Grab the data and sit an error if the forum exists */ + while ($row = mysql_fetch_array($results)) + { + if ($row["forum_exists"] != 0) + { + echo "
A forum by that name already exists!

\n"; + $no_err++; + } + } + } + + /* If there were no errors */ + if ($no_err == 0) + { + /* Add the new forum to the database */ + $SQL = "UPDATE " . TABLE_PREFIX . "forums SET forum_name='$forum_name', forum_desc='$forum_desc', forum_order='$forum_order' WHERE forum_id='$forum_id';"; + $results = ExeSQL($SQL); + + /* Let the user know it went fine, and default to the forum list */ + echo "
The forum has successfully been updated!

\n"; + ShowForums(); + return; + } + else + ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type ); + } + else + { + /* If it wasn't posted, then give an error, and show the forum form */ + echo "
Malformed request detected!

\n"; + ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type ); + } + break; + + /* Delete the forum, and all it's associated threads and replies */ + case 6: + /* The forum from the database */ + $SQL = "DELETE FROM " . TABLE_PREFIX . "forums WHERE forum_id='$forum_id';"; + $results = ExeSQL($SQL); + + /* Delete the threads associated with the forum */ + $SQL = "DELETE FROM " . TABLE_PREFIX . "threads WHERE forum_id='$forum_id';"; + $results = ExeSQL($SQL); + + /* Delete the replies associated with the forum */ + $SQL = "DELETE FROM " . TABLE_PREFIX . "replies WHERE forum_id='$forum_id';"; + $results = ExeSQL($SQL); + + /* Give the user feedback */ + echo "
The forum has successfully been removed!

\n"; + ShowForums(); + return; + break; + } + +/* + * Show the current functions + */ + +function +ShowForums() +{ + echo " \n" + . " \n" + . " \n" + . " \n"; + + /* Set the active color */ + $the_color = TABLE_COLOR_2; + + /* Pull the forums */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "forums ORDER BY forum_order, forum_name;"; + $results = ExeSQL($SQL); + + /* Grab the data, and display the stuff */ + while ($row = mysql_fetch_array($results)) + { + /* Grab the specific columns */ + $forum_id = $row["forum_id"]; + $forum_name = $row["forum_name"]; + $forum_order = $row["forum_order"]; + $forum_desc = $row["forum_desc"]; + + /* Swap the color */ + if ($the_color == TABLE_COLOR_2) + $the_color = TABLE_COLOR_1; + else + $the_color = TABLE_COLOR_2; + + /* Display the data */ + echo " \n" + . " \n" + . " \n"; + } + + /* Close off the table */ + echo "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . " Forum Administration \n" + . " \n" + . " [ Add New Forum ]\n" + . "
\n" + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . " $forum_order. $forum_name
\n" + . " $forum_desc\n" + . " 		\n" + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . "
\n" + . "
\n"; +} + +/* + * Display the form to add a forum + */ + +function +ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type ) +{ + /* Display the stuff in the form! */ + echo "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
Forum Administration
Forum Name:\n" + . " \n" + . "
Forum Description:\n" + . " \n" + . "
Forum Order:\n" + . " \n" + . "
\n" + . " \n" + . " \n" + . " \n" + . "

\n" + . "
\n"; +} + +?> diff --git a/content/general_admin.php b/content/general_admin.php new file mode 100644 index 0000000..fcb733c --- /dev/null +++ b/content/general_admin.php @@ -0,0 +1,236 @@ + * + * * + * This script displays the contents for the 'General Administration' page. * + * Don't forget the 12 space indent for all content pages. * + * * + * Last modified : September 13th, 2002 (JJS) * +\******************************************************************************/ + +/* As always, don't let them access the file directly */ +$file_name = "general_admin.php"; + +/* Get the negative length of $file_name */ +$file_name_length = -(strlen($file_name)); + +/* Check if the values match, if so, redirect */ +if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name) + header("Location: ../index.php"); + +/* Grab the veriables held by superglobals */ +$board_name = GetVars("board_name"); +$title_image = GetVars("title_image"); +$action = GetVars("action"); + +/* Parse any user input */ +CheckVars(&$step, 1); +CheckVars(&$board_name, 64); +CheckVars(&$title_image, 128); + +/* Make sure someone isn't trying to feed the step number via the querystring */ +if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 && $step != 4 ) ) + $step = 1; + +/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */ +if ( ( ( $board_name == "" || $title_image == "" ) && ( $step == 3 || $step == 4 ) ) || + ( ( $step == 1 && $QUERY_STRING != "pid=general_admin" ) || + ( $step == 2 && $QUERY_STRING != "pid=general_admin" ) || + ( $step == 3 && $QUERY_STRING != "pid=general_admin" ) || + ( $step == 4 && $QUERY_STRING != "pid=general_admin" ) ) || + ( ( $step != 1 && $step != 2 ) && + ( strlen(trim($board_name)) == 0 || strlen(trim($title_image)) == 0 ) ) ) + + { + /* Give them an error if they are */ + echo "
Malformed request detected!

\n"; + $step = 1; + } + +/* Determine which step to use */ +if ($action == "Edit Properties") + $step = 2; +else if ($action == "Preview Properties") + $step = 3; +else if ($action == "Submit Properties") + $step = 4; + +/* Strip out all escape characters */ +if ( $step == 3 || $step == 4 ) + $board_name = stripslashes(strip_tags($board_name)); + +/* Display the desired step */ +switch ($step) + { + /* Show the forum list */ + default: + case 1: + ShowProperties(); + break; + + /* Show edit form */ + case 2: + ShowPropertyForm( $board_name, $title_image ); + break; + + /* Show preview */ + case 3: + echo "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
Properties Preview
Board Name:\n" + . " $board_name\n" + . " \n" + . "
Title Image:\n" + . " $title_image

\n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . " \n" + . "
\n" + . "
\n" + . "
\n" + . " \n" + . "  \n" + . " \n" + . "
\n" + . "
\n"; + break; + + /* Add the new forum to the database */ + case 4: + /* Check if the page was POSTed */ + if ( $REQUEST_METHOD == "POST" ) + { + /* Set the error to zero */ + $no_err = 0; + + /* Delete the existing properties */ + $SQL = "DELETE FROM " . TABLE_PREFIX . "properties;"; + $results = ExeSQL($SQL); + + /* Add the new ones in */ + $SQL = "INSERT INTO " . TABLE_PREFIX . "properties (board_name, title_image) VALUES ('$board_name', '$title_image');"; + $results = ExeSQL($SQL); + + /* Let the user know what's up, then show the properties */ + echo "
The properties have successfully been modified!

\n"; + ShowProperties(); + return; + } + else + ShowMessageForm( $message_name, $message_body, $message_id ); + break; + } + +/* + * Show the existing properties and values + */ + +function +ShowProperties() +{ + /* Spit out the top part of the HTML */ + echo "
\n" + . " \n" + . " \n" + . " \n" + . " \n"; + + /* Set the color */ + $the_color = TABLE_COLOR_2; + + /* Pull the properties */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "properties;"; + $results = ExeSQL($SQL); + + /* Grab the data, and assign it to variables */ + while ($row = mysql_fetch_array($results)) + { + $board_name = $row["board_name"]; + $title_image = $row["title_image"]; + } + + /* Display the properties */ + echo " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . " General Administration \n" + . "
\n" + . "
\n" + . " Board Name:
\n" + . " 		\n" + . " $board_name
\n" + . "
\n" + . " Title Image:
\n" + . " 		\n" + . " $title_image

\n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . "
\n" + . "

\n" + . " \n" + . " \n" + . " \n" + . "
\n" + . "
\n"; +} + +/* + * Show the form to edit the properties + */ + +function +ShowPropertyForm( $board_name, $title_image ) +{ + /* What are you waiting for, show it already! */ + echo "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
General Administration
Board Name:\n" + . " \n" + . "
Title Image:\n" + . " \n" + . "
\n" + . "

\n" + . "
\n"; +} + +?> diff --git a/content/index.php b/content/index.php new file mode 100644 index 0000000..4507a7b --- /dev/null +++ b/content/index.php @@ -0,0 +1 @@ + diff --git a/content/login.php b/content/login.php new file mode 100644 index 0000000..bb16697 --- /dev/null +++ b/content/login.php @@ -0,0 +1,80 @@ + * + * * + * This script displays the contents for the 'Login' page. Don't forget the * + * forget the 12 space indent for all content pages. * + * * + * Last modified : September 13th, 2002 (JJS) * +\******************************************************************************/ + +/* Run this stuff so people can't call this file directly */ +$file_name = "login.php"; + +/* Get the negative length of $file_name */ +$file_name_length = -(strlen($file_name)); + +/* Check if the values match, if so, redirect */ +if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name) + header("Location: ../index.php"); + +/* If the user performed a bad login, then tell them */ +if ($login == "failed") + echo "
Bad login credentials, try again.

"; + +/* Display the top part of the form */ +echo "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
Login
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . " Username: \n" + . " \n" + . " \n" + . "
\n" + . " Password: \n" + . " \n" + . " \n" + . "
\n" + . " \n" + . "
\n" + . " Forgot Password?\n" + . "
\n"; + +/* If $destination isn't NULL, then put it on the form */ +if ($destination != "") + echo " \n"; + +/* Same with the $forum_id */ +if ($forum_id != "") + echo " \n"; + +/* Same with the $thread_id */ +if ($thread_id != "") + echo " \n"; + +/* Let's close off the form */ +echo "
\n" + . "
\n"; + +?> diff --git a/content/post_reply.php b/content/post_reply.php new file mode 100644 index 0000000..bf6d803 --- /dev/null +++ b/content/post_reply.php @@ -0,0 +1,273 @@ + * + * * + * This script displays the contents for the 'Post Reply' page. Don't forget * + * the 12 space indent for all content pages. * + * * + * Last modified : September 24th, 2002 (JJS) * +\******************************************************************************/ + +/* Stop lame hacker kiddies */ +$file_name = "post_reply.php"; + +/* Get the negative length of $file_name */ +$file_name_length = -(strlen($file_name)); + +/* Check if the values match, if so, redirect */ +if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name) + header("Location: ../index.php"); + +/* Grab the user's IP address from the super global */ +$user_ip = $_SERVER['REMOTE_ADDR']; +$step = GetVars("step"); +$action = GetVars("action"); +$email = GetVars("email"); +$include_sig = GetVars("include_sig"); + +/* Parse any user input */ +CheckVars(&$step, 1); +CheckVars(&$user_ip, 15); + +/* Determine which step to use */ +if ($action == "Edit Reply") + $step = 1; +else if ($action == "Post Reply") + $step = 3; + +/* Strip out all escape characters */ +if ($step == 1) + { + $message = str_replace("
", "", $message); + $message = stripslashes(htmlspecialchars($message)); + } + +/* And again, along with adding line breaks */ +if ($step == 2) + { + $message = stripslashes(htmlspecialchars($message)); + $message = nl2br($message); + $message = str_replace("
", "
", $message); + } + +/* One more time, but add
's */ +if ($step == 3) + { + $message = htmlspecialchars($message); + $message = str_replace("<BR>", "
", $message); + } + +/* Pull the thread list */ +$SQL = "SELECT * FROM " . TABLE_PREFIX . "threads;"; +$results = ExeSQL($SQL); + +/* Grab the data, and load it in array's */ +while ($row = mysql_fetch_array($results)) + { + $thread_list[] = $row["thread_id"]; + $forum_list[] = $row["forum_id"]; + } + +/* Check to see if the thread the user is requesting is real */ +if (!(in_array($thread_id, $thread_list))) + { + /* If not, let them know, and redirect them */ + echo "
Malformed request detected!

\n"; + require ("./content/view_forums.php"); + return; + } + +/* Assign values to use later - yes, I did forget what these do */ +$thread_forum = array_search($thread_id, $thread_list); +$correct_forum = $forum_list[$thread_forum]; + +/* Check to see if the forum the user is requesting is the right one */ +if ($correct_forum != $forum_id) + { + /* If not, then tell them off */ + echo "
Malformed request detected!

\n"; + require ("./content/view_forums.php"); + return; + } + +/* Check that the user isn't trying to mess with the $step variable */ +if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 ) ) + $step = 1; + +/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */ +if ( ( ( $message == "" ) && ( $step == 3 ) ) || strlen($QUERY_STRING) >= 50 || + ( ( $step == 2 && $QUERY_STRING != "pid=post_reply&step=2" ) || + ( $step == 3 && $QUERY_STRING != "pid=post_reply" ) ) || + ( $step != 1 && strlen(trim($message)) == 0 ) ) + { + /* And if they are, tell them off! */ + echo "
Malformed request detected!

\n"; + $step = 1; + } + +/* Which step do we want to run? */ +switch ($step) + { + /* Display the post reply form */ + default: + case 1: + ShowPostReplyForm( $username, $password, $email, $message, $include_sig, $user_id, $thread_id, $forum_id ); + break; + + /* Display the reply for the user to preview */ + case 2: + /* Show the top of the form */ + echo "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
New Reply Preview
Message:\n"; + + /* Pull the user's signature */ + $SQL = "SELECT user_signature FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';"; + $results = ExeSQL($SQL); + + /* Grab the data, and load it in a variable */ + while ($row = mysql_fetch_array($results)) + $signature = $row["user_signature"]; + + /* If the user has a signature and wants to use it, then show it */ + if ($signature != "" && $include_sig == "yes") + $display_message = $message . "

" . $signature; + else + $display_message = $message; + + /* Show the bottom of the form */ + echo " $display_message\n" + . " \n" + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . "
\n" + . " \n" + . "  \n" + . " \n" + . "
\n" + . "
\n"; + break; + + /* Check the user's input, add the reply to the database, and display the reply */ + case 3: + /* Make sure they POSTed the form */ + if ( $REQUEST_METHOD == "POST" ) + { + /* Pull the user's signature */ + $SQL = "SELECT user_signature FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';"; + $results = ExeSQL($SQL); + + /* Grab the data and load it in a variable */ + while ($row = mysql_fetch_array($results)) + $signature = $row["user_signature"]; + + /* If they have a sig, and want to include it, then include it! */ + if ($signature != "" && $include_sig == "yes") + $message = $message . "

" . $signature; + + /* Insert the reply into the database */ + $SQL = "INSERT INTO " . TABLE_PREFIX . "replies (reply_body, user_id, user_ip, thread_id, forum_id) VALUES ('$message', '$user_id', '$user_ip', '$thread_id', '$forum_id');"; + $results = ExeSQL($SQL); + + /* Now be a good forum, and thank the kind user */ + echo "
Thanks for posting!

\n"; + + /* Show the reply list */ + require ("./content/view_replies.php"); + } + else + { + /* If they didn't POST it, then error out */ + echo "
Malformed request detected!

\n"; + ShowPostReplyForm( $username, $password, $email, $message, $include_sig, $user_id, $thread_id, $forum_id, $db_name, $connection ); + } + break; + } + +/* + * Show the form for the user to fill out + */ + +function +ShowPostReplyForm( $username, $password, $email, $message, $include_sig, $user_id, $thread_id, $forum_id ) +{ + /* Show the beginning of the form */ + echo " \n" + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
Post New Reply
Message:\n" + . " \n" + . " \n" + . " \n" + . " \n"; + + /* Pull the user's signature */ + $SQL = "SELECT user_signature, user_usesig FROM " . TABLE_PREFIX . "users WHERE user_name='$username';"; + $results = ExeSQL($SQL); + + /* Grab the data, and load it into variables */ + while ($row = mysql_fetch_array($results)) + { + /* Grab the actual signature */ + $signature = $row["user_signature"]; + + /* Determine if they use it by default */ + if ($row["user_usesig"] == 1) + $use_sig = " checked"; + else + $use_sig = ""; + } + + /* If there is a signature, then display the option to use it */ + if ($signature != "") + { + echo " \n" + . " \n" + . " \n"; + } + + /* Now spit out the rest of the HTML so we can get the heck outta this file! */ + echo "
\n" + . "
\n" + . "
\n" + . " Include Signature?\n" + . "
\n" + . "
\n" + . " \n" + . " \n" + . " \n" + . "

\n" + . "
\n"; +} + +?> diff --git a/content/post_thread.php b/content/post_thread.php new file mode 100644 index 0000000..c40d8fd --- /dev/null +++ b/content/post_thread.php @@ -0,0 +1,273 @@ + * + * * + * This script displays the contents for the 'Post Thread' page. Don't * + * forget the 12 space indent for all content pages. * + * * + * Last modified : September 24th, 2002 (JJS) * +\******************************************************************************/ + +/* Disallow direct access to this file */ +$file_name = "post_thread.php"; + +/* Get the negative length of $file_name */ +$file_name_length = -(strlen($file_name)); + +/* Check if the values match, if so, redirect */ +if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name) + header("Location: ../index.php"); + +/* Get the variables we need */ +$user_ip = GetVars("REMOTE_ADDR"); +$action = GetVars("action"); +$email = GetVars("email"); +$include_sig = GetVars("include_sig"); +$step = GetVars("step"); + +/* Parse any user input */ +CheckVars(&$step, 1); +CheckVars(&$user_ip, 15); + +/* Determine which step to use */ +if ($action == "Edit Thread") + $step = 1; +else if ($action == "Post Thread") + $step = 3; + +/* Strip out all escape characters */ +if ($step == 1) + { + $title = stripslashes(htmlspecialchars($title)); + $message = str_replace("
", "", $message); + $message = stripslashes(htmlspecialchars($message)); + } + +/* Along with replacing the 's */ +if ($step == 2) + { + $title = stripslashes(htmlspecialchars($title)); + $message = stripslashes(htmlspecialchars($message)); + $message = nl2br($message); + $message = str_replace("
", "
", $message); + } + +/* And also adding
's */ +if ($step == 3) + { + $title = htmlspecialchars($title); + $message = htmlspecialchars($message); + $message = str_replace("<BR>", "
", $message); + } + +/* Pull the forum list */ +$SQL = "SELECT * FROM " . TABLE_PREFIX . "forums;"; +$results = ExeSQL($SQL); + +/* Grab the data, and load it in an array */ +while ($row = mysql_fetch_array($results)) + $forum_list[] = $row["forum_id"]; + +/* Check to see if the forum the user is requesting is real */ +if (!(in_array($forum_id, $forum_list))) + { + /* If not, let them know */ + echo "
Malformed request detected!

\n"; + require ("./content/view_forums.php"); + return; + } + +/* Check that the user isn't trying to mess with the $step variable */ +if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 ) ) + $step = 1; + +/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */ +if ( ( ( $title == "" || $message == "" ) && ( $step == 3 ) ) || strlen($QUERY_STRING) >= 50 || + ( ( $step == 2 && $QUERY_STRING != "pid=post_thread&step=2" ) || + ( $step == 3 && $QUERY_STRING != "pid=post_thread" ) ) || + ( $step != 1 && ( strlen(trim($title)) == 0 || strlen(trim($message)) == 0 ) ) ) + { + /* If so, bitch at them */ + echo "
Malformed request detected!

\n"; + $step = 1; + } + +/* Display the desired step */ +switch ($step) + { + /* Display the post thread form */ + default: + case 1: + ShowPostThreadForm( $username, $password, $email, $title, $message, $include_sig, $user_id, $forum_id ); + break; + + /* Display the thread for the user to preview */ + case 2: + /* Display the top part */ + echo "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
New Thread Preview
Title:\n" + . " $title\n" + . " \n" + . "
Message:\n"; + + /* Pull the user's signature */ + $SQL = "SELECT user_signature FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';"; + $results = ExeSQL($SQL); + + /* Grab the data, and load it in a variable */ + while ($row = mysql_fetch_array($results)) + $signature = $row["user_signature"]; + + /* If we have a signature, then include it */ + if ($signature != "" && $include_sig == "yes") + $display_message = $message . "

" . $signature; + else + $display_message = $message; + + /* Display the rest of the page */ + echo " $display_message\n" + . " \n" + . "
\n" + . " \n" + . " \n" + . " \n" + . "
\n" + . "
\n" + . " \n" + . "  \n" + . " \n" + . "
\n" + . "
\n"; + break; + + /* Check the user's input, add the thread to the database, and display the thread */ + case 3: + /* Make sure the form was POSTed */ + if ( $REQUEST_METHOD == "POST" ) + { + /* Pull the user's signature */ + $SQL = "SELECT user_signature FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';"; + $results = ExeSQL($SQL); + + /* Grab the data, and load it in a variable */ + while ($row = mysql_fetch_array($results)) + $signature = $row["user_signature"]; + + /* Include the signature if they want it to be */ + if ($signature != "" && $include_sig == "yes") + $message = $message . "

" . $signature; + + /* Insert the thread into the database */ + $SQL = "INSERT INTO " . TABLE_PREFIX . "threads (thread_title, thread_body, user_id, user_ip, forum_id) VALUES ('$title', '$message', '$user_id', '$user_ip', '$forum_id');"; + $results = ExeSQL($SQL); + + /* Give 'em props */ + echo "
Thanks for posting!

\n"; + + /* Show the thread list */ + require ("./content/view_threads.php"); + } + else + { + /* If not POSTed, then error out */ + echo "
Malformed request detected!

\n"; + ShowPostThreadForm( $username, $password, $email, $title, $message, $include_sig, $user_id, $forum_id ); + } + break; + } + +/* + * Show the form the user needs to fill out to post + */ + +function +ShowPostThreadForm( $username, $password, $email, $title, $message, $include_sig, $user_id, $forum_id ) +{ + /* Start with the JavaScript header, and then some */ + echo " \n" + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
Post New Thread
Title: Max: 128 characters
Message:\n" + . " \n" + . " \n" + . " \n" + . " \n"; + + /* Pull the user's signature */ + $SQL = "SELECT user_signature, user_usesig FROM " . TABLE_PREFIX . "users WHERE user_name='$username';"; + $results = ExeSQL($SQL); + + /* Grab the data, and figure out if we want to include the signature or not */ + while ($row = mysql_fetch_array($results)) + { + $signature = $row["user_signature"]; + if ($row["user_usesig"] == 1) + $use_sig = " checked"; + else + $use_sig = ""; + } + + /* If the user has a signature, then give them the option to use it */ + if ($signature != "") + { + echo " \n" + . " \n" + . " \n"; + } + + /* Finish it off */ + echo "
\n" + . "
\n" + . "
\n" + . " Include Signature?\n" + . "
\n" + . "
\n" + . " \n" + . " \n" + . "

\n" + . "
\n"; +} + +?> diff --git a/content/register.php b/content/register.php new file mode 100644 index 0000000..8d39251 --- /dev/null +++ b/content/register.php @@ -0,0 +1,532 @@ + * + * * + * This script displays the contents for the 'Registation' page. Don't * + * forget the 12 space indent for all content pages. * + * * + * Last modified : September 14th, 2002 (JJS) * +\******************************************************************************/ + +/* Call this file directly, get sent back */ +$file_name = "register.php"; + +/* Get the negative length of $file_name */ +$file_name_length = -(strlen($file_name)); + +/* Check if the values match, if so, redirect */ +if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name) + header("Location: ../index.php"); + +/* Grab the veriables held by super globals */ +$username = GetVars("username"); +$password = GetVars("password"); +$email = GetVars("email"); +$location = GetVars("location"); +$occupation = GetVars("occupation"); +$homepage = GetVars("homepage"); +$picture = GetVars("picture"); +$interests = GetVars("interests"); +$aim = GetVars("aim"); +$icq = GetVars("icq"); +$yahoo = GetVars("yahoo"); +$signature = GetVars("signature"); +$include_sig = GetVars("include_sig"); +$action = GetVars("action"); +$step = GetVars("step"); + +/* Parse any user input */ +CheckVars(&$step, 1); +CheckVars(&$username, 64); +CheckVars(&$password, 64); +CheckVars(&$confirm_password, 64); +CheckVars(&$email, 128); +CheckVars(&$location, 128); +CheckVars(&$occupation, 64); +CheckVars(&$homepage, 128); +CheckVars(&$picture, 128); +CheckVars(&$interests, 255); +CheckVars(&$aim, 16); +CheckVars(&$icq, 16); +CheckVars(&$yahoo, 32); +CheckVars(&$signature, 255); +CheckVars(&$include_sig, 1); + +/* Strip   from the username */ +$username = str_replace(" ", "", $username); + +/* Check that the user isn't trying to mess with the $step variable */ +if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 && $step != 4 ) ) + $step = 1; + +/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */ +if ( ( ( $username == "" || $password == "" || $email == "" ) && ( $step == 3 || $step == 4 ) ) || + ( ( $step == 1 && $QUERY_STRING != "pid=register" ) || + ( $step == 2 && $QUERY_STRING != "pid=register&step=2" ) || + ( $step == 3 && $QUERY_STRING != "pid=register&step=3" ) || + ( $step == 4 && $QUERY_STRING != "pid=register" ) ) || + ( ( $step != 1 && $step != 2 ) && + ( strlen(trim($username)) == 0 || strlen(trim($password)) == 0 || strlen(trim($email)) == 0 ) ) ) + + { + /* If so, give them an error */ + echo "
Malformed request detected!

\n"; + $step = 1; + } + +/* Determine which step to go to */ +if ($action == "Edit Information") + $step = 2; +else if ($action == "Submit Information") + $step = 4; + +/* Parse some of the variables to ensure accurate values */ +if ( $step == 2 && $homepage == "" ) + $homepage = "http://"; + +if ( $step == 2 && $picture == "" ) + $picture = "http://"; + +/* Strip out all escape characters */ +if ($step == 2) + { + $username = stripslashes(strip_tags($username)); + $password = stripslashes(strip_tags($password)); + $email = stripslashes(strip_tags($email)); + $location = stripslashes(strip_tags($location)); + $occupation = stripslashes(strip_tags($occupation)); + $homepage = stripslashes(strip_tags($homepage)); + $picture = stripslashes(strip_tags($picture)); + $interests = stripslashes(strip_tags($interests)); + $aim = stripslashes(strip_tags($aim)); + $icq = stripslashes(strip_tags($icq)); + $yahoo = stripslashes(strip_tags($yahoo)); + $signature = stripslashes(strip_tags($signature)); + } + +/* Again, with some sig clean up */ +if ($step == 3) + { + $username = stripslashes(strip_tags($username)); + $password = stripslashes(strip_tags($password)); + $email = stripslashes(strip_tags($email)); + $location = stripslashes(strip_tags($location)); + $occupation = stripslashes(strip_tags($occupation)); + $homepage = stripslashes(strip_tags($homepage)); + $picture = stripslashes(strip_tags($picture)); + $interests = stripslashes(strip_tags($interests)); + $aim = stripslashes(strip_tags($aim)); + $icq = stripslashes(strip_tags($icq)); + $yahoo = stripslashes(strip_tags($yahoo)); + + $signature = stripslashes(htmlspecialchars($signature)); + $signature = nl2br($signature); + $signature = str_replace("
", "
", $signature); + } + +/* This time, just signature clean up */ +if ($step == 4) + { + $signature = htmlspecialchars($signature); + $signature = str_replace("<BR>", "
", $signature); + } + +/* To step, or not to step! */ +switch ($step) + { + /* Display the TOS */ + default: + case 1: + /* Start displaying the TOS */ + echo " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
Usage Policy
\n" + . " Registration for our community is 100% free! If you agree to abide by our rules below, you should press the \"Agree\" button, which will enable you to register. If you do not agree, press the \"Cancel\" button.\n" + . "
\n"; + + /* Grab the TOS */ + require("language/tos.php"); + + /* Display the TOS */ + echo " " . TERMS_OF_SERVICE . "\n"; + + /* Finish off the page */ + echo "
\n" + . "
\n" + . " Agree | Cancel\n" + . "
\n"; + break; + + /* Display the form for the user to fill out */ + case 2: + ShowRegistrationForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig ); + break; + + /* Display the info the user supplied and prompt them to continue or edit */ + case 3: + /* Line starts here, no cutting [or pasting ;)] */ + echo "
\n" + . " \n" + . " \n" + . " \n" + . " \n"; + + /* Set the active color */ + $the_color = TABLE_COLOR_2; + + /* Display the mandatory fields */ + PreviewSection ( $username, "Username", &$the_color ); + PreviewSection ( $password, "Password", &$the_color ); + PreviewSection ( $email, "Email", &$the_color ); + + /* Display the optional fields, if they were filled in */ + if ( $location != "" ) + PreviewSection( $location, "Location", &$the_color ); + + if ( $occupation != "" ) + PreviewSection( $occupation, "Occupation", &$the_color ); + + if ( $homepage != "" && $homepage != "http://" ) + PreviewSection( $homepage, "Homepage", &$the_color ); + + if ( $picture != "" && $picture != "http://" ) + PreviewSection ( $picture, "Picture", &$the_color ); + + if ( $interests != "" ) + PreviewSection ( $interests, "Interests", &$the_color ); + + if ( $aim != "" ) + PreviewSection ( $aim, "AOL Instant Messenger", &$the_color ); + + if ( $icq != "" ) + PreviewSection ( $icq, "ICQ", &$the_color ); + + if ( $yahoo != "" ) + PreviewSection ( $yahoo, "Yahoo Pager", &$the_color ); + + if ( $signature != "" ) + { + /* Swap the colors */ + if ($the_color == TABLE_COLOR_1) + $the_color = TABLE_COLOR_2; + else + $the_color = TABLE_COLOR_1; + + /* Start the section */ + echo " \n" + . " \n" + . " \n" + . " \n"; + } + + /* And then we finish off the form */ + echo "
Registration Preview
Signature:\n" + . " $signature

\n" + . " \n"; + + /* Display if the signature will be added by default */ + if ($include_sig == 1) + echo " You have chosen to include this signature on new posts.\n"; + else + echo " You have chosen to not include this signature on new posts.\n"; + + /* Finish off the section */ + echo " \n" + . " \n" + . " \n" + . "
\n" + . "

\n" + . "
\n"; + break; + + /* Check the user's input, add the user to the database, and display the results */ + case 4: + /* Make sure it was POSTed, if it wasn't they are trying to be slick */ + if ( $REQUEST_METHOD == "POST" ) + { + /* No errors... yet */ + $no_err = 0; + + /* Pull the number of accounts with the same username */ + $SQL = "SELECT COUNT(*) as user_exists FROM " . TABLE_PREFIX . "users WHERE user_name='$username';"; + $results = ExeSQL($SQL); + + /* Grab the data, parse the results */ + while ($row = mysql_fetch_array($results)) + { + /* If the username exists, error out */ + if ($row["user_exists"] != 0) + { + echo "
That username already exists!

\n"; + $no_err++; + } + } + + /* Pull the number of accounts with the same email */ + $SQL = "SELECT COUNT(*) as email_exists FROM " . TABLE_PREFIX . "users WHERE user_email='$email';"; + $results = ExeSQL($SQL); + + /* Grab the data, parse the results */ + while ($row = mysql_fetch_array($results)) + { + /* If the email exists, then error out */ + if ($row["email_exists"] != 0) + { + echo "
Someone has already registered using that email address!

\n"; + $no_err++; + } + } + + /* If there are no errors, then proceed with the registration */ + if ($no_err == 0) + { + /* Clear out the URL variables if they still contain 'http://' */ + if ($homepage == "http://") { $homepage = ""; } + if ($picture == "http://") { $picture = ""; } + + /* Crypt the password to a random salt */ + $password = crypt($password); + + /* Determine if the sig will be added by default */ + if ($include_sig != 1) + $include_sig == 0; + + /* Insert the user into the database */ + $SQL = "INSERT INTO " . TABLE_PREFIX . "users (user_name, user_email, user_pass, user_location, user_occupation, user_homepage, user_picture, user_interests, user_aim, user_icq, user_yahoo, user_signature, user_usesig) VALUES ('$username', '$email', '$password', '$location', '$occupation', '$homepage', '$picture', '$interests', '$aim', '$icq', '$yahoo', '$signature', '$include_sig');"; + $results = ExeSQL($SQL); + + /* Log the new user in */ + SetCookie("user_name", $username, time() + 86400, '', $_SERVER['HTTP_HOST']); + SetCookie("user_pass", $password, time() + 86400, '', $_SERVER['HTTP_HOST']); + + /* Set their login status */ + $logged_in = 1; + + /* Finish off the registration */ + echo "
\n" + . " Thanks for registering!
\n" + . " Click here to log in!\n" + . "
\n" + . "
\n"; + require("./content/view_forums.php"); + return; + } + else + ShowRegistrationForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig ); + } + else + { + /* If they didn't POST it, then error out */ + echo "
Malformed request detected!

\n"; + ShowRegistrationForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig ); + } + break; + } + +/* + * Show the registration form + */ + +function +ShowRegistrationForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig ) +{ + /* Start displaying the damned thing */ + echo " \n" + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
Required Information
Username: Max: 64 characters
Password: Min 6 characters - Max: 64 characters
Confirm Password: Min: 6 characters - Max: 64 characters
Email: Max: 128 characters
Optional Information
Location: Max: 128 characters
Occupation: Max: 64 characters
Homepage: Max: 128 characters
Picture: Max: 128 characters
Interests: Max: 255 characters
AOL Instant Messenger: Max: 16 characters
ICQ: Max: 16 characters
Yahoo Pager: Max: 32 characters
Signature:\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
 Max: 255 characters
\n"; + + /* Check the box if the signature is to be included */ + if ($include_sig == 1) + $checked = " checked"; + else + $checked = ""; + + /* Display the rest of the form */ + echo " Include Signature on New Posts?\n" + . "
\n" + . "
\n" + . "

\n" + . "
\n"; +} + +/* + * Display the portion that is being previewed + */ + +function +PreviewSection ( $section_value, $section_title, $the_color ) +{ + /* Swap the colors */ + if ($the_color == TABLE_COLOR_1) + $the_color = TABLE_COLOR_2; + else + $the_color = TABLE_COLOR_1; + + /* Display the start of the section */ + echo " \n" + . " $section_title:\n" + . " \n"; + + /* Don't display the password, for security reasons and all */ + if ($section_title == "Password") + echo " Password is hidden for security purposes.\n"; + else + echo " $section_value\n"; + + /* If it's the AIM section, then swap out the variables to make sure everything is okay */ + if ($section_title == "AOL Instant Messenger") + $section_title = "aim"; + else + $section_title = strtolower($section_title); + + /* And, we're out */ + echo " \n" + . " \n" + . " \n"; +} + +?> diff --git a/content/scheme_admin.php b/content/scheme_admin.php new file mode 100644 index 0000000..a4e989a --- /dev/null +++ b/content/scheme_admin.php @@ -0,0 +1,871 @@ + * + * * + * This script displays the contents for the 'Scheme Administration' page. * + * Don't forget the 12 space indent for all content pages. * + * * + * Last modified : September 24th, 2002 (JJS) * +\******************************************************************************/ + +/* Redirect possible hack attempts */ +$file_name = "scheme_admin.php"; + +/* Get the negative length of $file_name */ +$file_name_length = -(strlen($file_name)); + +/* Check if the values match, if so, redirect */ +if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name) + header("Location: ../index.php"); + +/* Grab the variables held by superglobals */ +$old_name = GetVars("old_name"); +$scheme_id = GetVars("scheme_id"); +$scheme_name = GetVars("scheme_name"); +$scheme_desc = GetVars("scheme_desc"); +$background_color = GetVars("background_color"); +$table_border_size = GetVars("table_border_size"); +$table_border_color = GetVars("table_border_color"); +$table_header_background = GetVars("table_header_background"); +$table_header_text_color = GetVars("table_header_text_color"); +$text_color = GetVars("text_color"); +$text_font = GetVars("text_font"); +$text_regular = GetVars("text_regular"); +$text_small = GetVars("text_small"); +$table_color_1 = GetVars("table_color_1"); +$table_color_2 = GetVars("table_color_2"); +$link_color = GetVars("link_color"); +$error_message = GetVars("error_message"); +$header_background = GetVars("header_background"); +$menu_background = GetVars("menu_background"); +$active_scheme = GetVars("active_scheme"); +$forum_exists = GetVars("forum_exists"); +$action = GetVars("action"); +$step = GetVars("step"); +$type = GetVars("type"); + +/* Parse any user input */ +CheckVars(&$step, 1); +CheckVars(&$old_name, 64); +CheckVars(&$scheme_id, 10); +CheckVars(&$scheme_name, 64); +CheckVars(&$scheme_desc, 255); +CheckVars(&$background_color, 7); +CheckVars(&$table_border_size, 2); +CheckVars(&$table_border_color, 7); +CheckVars(&$table_header_background, 7); +CheckVars(&$table_header_text_color, 7); +CheckVars(&$text_color, 7); +CheckVars(&$text_font, 64); +CheckVars(&$text_regular, 2); +CheckVars(&$text_small, 2); +CheckVars(&$table_color_1, 7); +CheckVars(&$table_color_2, 7); +CheckVars(&$link_color, 7); +CheckVars(&$error_message, 7); +CheckVars(&$header_background, 7); +CheckVars(&$menu_background, 7); +CheckVars(&$active_scheme, 2); + +/* Check that the user isn't trying to mess with the $step variable */ +if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 && $step != 4 && $step != 5 && $step != 6 ) ) + $step = 1; + +/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */ +if ( ( ( $scheme_name == "" ) && ( $step == 3 || $step == 4 ) ) || + ( ( $step == 1 && $QUERY_STRING != "pid=scheme_admin" ) || + ( $step == 2 && $QUERY_STRING != "pid=scheme_admin&step=2" ) || + ( $step == 3 && $QUERY_STRING != "pid=scheme_admin" ) || + ( $step == 4 && $QUERY_STRING != "pid=scheme_admin" ) || + ( $step == 5 && $QUERY_STRING != "pid=scheme_admin" ) || + ( $step == 6 && $QUERY_STRING != "pid=scheme_admin" ) ) || + ( ( $step != 1 && $step != 2 ) && ( strlen(trim($forum_name)) == 0 || strlen(trim($forum_desc)) == 0 ) ) ) + { + echo "
Malformed request detected!

\n"; + $step = 1; + } + +/* Determine which step to use */ +if ($action == "Edit Scheme") + $step = 2; +else if ($action == "Edit") + { + $step = 2; + $type = "existing"; + } +else if ($action == "Preview Information") + $step = 3; +else if ($action == "Submit Scheme") + $step = 4; +else if ($action == "Delete") + $step = 6; + +/* If the user is submitting an existing forum for editting, then go to step 5 */ +if ( $step == 4 && $type != "" ) + $step = 5; + +/* Strip out all escape characters */ + +/* + +I'll unREM this eventually + +if ($step == 2) + { + $forum_name = stripslashes(strip_tags($forum_name)); + $forum_desc = stripslashes(strip_tags($forum_desc)); + $old_name = stripslashes(strip_tags($old_name)); + } + +if ($step == 3) + { + + $forum_name = stripslashes(strip_tags($forum_name)); + $forum_desc = stripslashes(strip_tags($forum_desc)); + $old_name = stripslashes(strip_tags($old_name)); + } +*/ + +/* What to do, oh what to do ... */ +switch ($step) + { + /* Show the forum list */ + default: + case 1: + ShowSchemes(); + break; + + /* Display the new forum page */ + case 2: + ShowSchemeForm( $scheme_id, $scheme_name, $scheme_desc, $background_color, $table_border_size, $table_border_color, $table_header_background, $table_header_text_color, $text_color, $text_font, $text_regular, $text_small, $table_color_1, $table_color_2, $link_color, $error_message, $header_background, $menu_background, $active_scheme, $type ); + break; + + /* Show preview */ + case 3: + echo "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n"; + echo " \n" + . "
Forum Preview
Scheme Name:\n" + . " $scheme_name\n" + . " \n" + . "
Scheme Description:\n" + . " $scheme_desc\n" + . " \n" + . "
Background Color:\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
 $background_color
\n" + . " \n" + . "
Table Border Color:\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
 $table_border_color
\n" + . " \n" + . "
Table Border Size:\n" + . " $table_border_size\n" + . " \n" + . "
Header Background Color:\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
 $header_background
\n" + . " \n" + . "
Menu Background Color:\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
 $menu_background
\n" + . " \n" + . "
Text Color:\n" + . "
 $text_color
\n" + . " \n" + . "
Font Face:\n" + . " $text_font\n" + . " \n" + . "
Small Font Size:\n" + . " $text_small\n" + . " \n" + . "
Regular Font Size:\n" + . " $text_regular\n" + . " \n" + . "
Link Color:\n" + . "
 $link_color
\n" + . " \n" + . "
Table Header Background Color:\n" + . "
 $table_header_background
\n" + . " \n" + . "
Table Header Text Color:\n" + . "
 $table_header_text_color
\n" + . " \n" + . "
Alternating Table Color #1:\n" + . "
 $table_color_1
\n" + . " \n" + . "
Alternating Table Color #2:\n" + . "
 $table_color_2
\n" + . " \n" + . "
Error Message Color:\n" + . "
 $error_message
\n" + . " \n" + . "
Active Scheme:"; + + /* Will this be the active scheme? */ + if ($active_scheme == 1) + echo "This will be the active scheme."; + else + echo "This will not be the active scheme."; + + /* Finish off the preview */ + echo "\n" + . "
\n" + . " \n" + . " \n" + . " \n" + . "

\n" + . " \n" + . "
\n"; + break; + + /* Add the new scheme to the database */ + case 4: + /* Make sure it was POSTed */ + if ( $REQUEST_METHOD == "POST" ) + { + /* No errors... yet */ + $no_err = 0; + + /* Pull the number of schemes with the same name */ + $SQL = "SELECT COUNT(*) as scheme_exists FROM " . TABLE_PREFIX . "schemes WHERE scheme_name='$scheme_name';"; + $results = ExeSQL($SQL); + + /* Grab the data, and analyze it */ + while ($row = mysql_fetch_array($results)) + { + /* If the forum already exists ... */ + if ($row["scheme_exists"] != 0) + { + /* Let the user know */ + echo "
A forum by that name already exists!

\n"; + $no_err++; + } + } + + /* If there were no errors, then keep going */ + if ($no_err == 0) + { + /* Add the new scheme to the database */ + $SQL = "INSERT INTO " . TABLE_PREFIX . "schemes (scheme_name, scheme_desc, background_color, table_border_color, table_border_size, header_background, menu_background, text_color, text_font, text_small, text_regular, link_color, table_header_background, table_header_text_color, table_color_1, table_color_2, error_message, active_scheme) VALUES ('$scheme_name', '$scheme_desc', '$background_color', '$table_border_color', '$table_border_size', '$header_background', '$menu_background', '$text_color', '$text_font', '$text_small', '$text_regular', '$link_color', '$table_header_background', '$table_header_text_color', '$table_color_1', '$table_color_2', '$error_message', '$active_scheme');"; + $results = ExeSQL($SQL); + + /* If this is supposed to be the active scheme ... */ + if ($active_scheme == 1) + { + /* Set all the other schemes to inactive */ + $SQL = "UPDATE " . TABLE_PREFIX . "schemes SET active_scheme='0' WHERE scheme_name!='$scheme_name';"; + $results = ExeSQL($SQL); + } + + /* Let the user know it went off w/o a hitch */ + echo "
\n" + . " The new scheme has successfully been added!
\n" + . " If you changed the active scheme, click here to update the page\n" + . "

\n"; + ShowSchemes(); + return; + } + else + { + /* If there was a problem, then display the form again */ + ShowSchemeForm( $scheme_id, $scheme_name, $scheme_desc, $background_color, $table_border_size, $table_border_color, $table_header_background, $table_header_text_color, $text_color, $text_font, $text_regular, $text_small, $table_color_1, $table_color_2, $link_color, $error_message, $header_background, $menu_background, $active_scheme, $type ); + } + } + else + { + /* Same deal */ + echo "
Malformed request detected!

\n"; + ShowSchemeForm( $scheme_id, $scheme_name, $scheme_desc, $background_color, $table_border_size, $table_border_color, $table_header_background, $table_header_text_color, $text_color, $text_font, $text_regular, $text_small, $table_color_1, $table_color_2, $link_color, $error_message, $header_background, $menu_background, $active_scheme, $type ); + } + break; + + /* Update an existing scheme */ + case 5: + /* Make sure the form is POSTed */ + if ( $REQUEST_METHOD == "POST" ) + { + /* No errors */ + $no_err = 0; + + /* If the old and new names don't match */ + if ($scheme_name != $old_name) + { + /* Pull the number of schemes with the same name */ + $SQL = "SELECT COUNT(*) as scheme_exists FROM " . TABLE_PREFIX . "schemes WHERE scheme_name='$scheme_name';"; + $results = ExeSQL($SQL); + + /* Grab the data, parse the results */ + while ($row = mysql_fetch_array($results)) + { + /* If the scheme name exists, then error out */ + if ($row["scheme_exists"] != 0) + { + echo "
A scheme by that name already exists!

\n"; + $no_err++; + } + } + } + + /* If there were no errors ... */ + if ($no_err == 0) + { + /* Update the scheme in the database */ + $SQL = "UPDATE " . TABLE_PREFIX . "schemes SET scheme_name='$scheme_name', scheme_desc='$scheme_desc', background_color='$background_color', table_border_color='$table_border_color', table_border_size='$table_border_size', header_background='$header_background', menu_background='$menu_background', text_color='$text_color', text_font='$text_font', text_small='$text_small', text_regular='$text_regular', link_color='$link_color', table_header_background='$table_header_background', table_header_text_color='$table_header_text_color', table_color_1='$table_color_1', table_color_2='$table_color_2', error_message='$error_message', active_scheme='$active_scheme' WHERE scheme_id='$scheme_id';"; + $results = ExeSQL($SQL); + + /* If this is supposed to be the active scheme */ + if ($active_scheme == 1) + { + /* Then set the other schemes to inactive */ + $SQL = "UPDATE " . TABLE_PREFIX . "schemes SET active_scheme='0' WHERE scheme_id!='$scheme_id';"; + $results = ExeSQL($SQL); + } + + /* Count how many active schemes there are */ + $SQL = "SELECT COUNT(*) AS any_active FROM " . TABLE_PREFIX . "schemes WHERE active_scheme='1';"; + $results = ExeSQL($SQL); + + /* Grab the data and load it in a variable */ + while ($row = mysql_fetch_array($results)) + $any_active = $row["any_active"]; + + /* If there are no active schemes */ + if ($any_active == 0) + { + /* Set the oldest scheme as active */ + $SQL = "UPDATE " . TABLE_PREFIX . "schemes SET active_scheme='1' LIMIT 1;"; + $results = ExeSQL($SQL); + } + + /* Let the user know everything went well */ + echo "
\n" + . " The forum has successfully been updated!
\n" + . " If you changed the active scheme, click here to update the page\n" + . "

\n"; + ShowSchemes(); + return; + } + else + ShowSchemeForm( $scheme_id, $scheme_name, $scheme_desc, $background_color, $table_border_size, $table_border_color, $table_header_background, $table_header_text_color, $text_color, $text_font, $text_regular, $text_small, $table_color_1, $table_color_2, $link_color, $error_message, $header_background, $menu_background, $active_scheme, $type ); + } + else + { + /* If it wasn't POSTed, then error out */ + echo "
Malformed request detected!

\n"; + ShowSchemeForm( $scheme_id, $scheme_name, $scheme_desc, $background_color, $table_border_size, $table_border_color, $table_header_background, $table_header_text_color, $text_color, $text_font, $text_regular, $text_small, $table_color_1, $table_color_2, $link_color, $error_message, $header_background, $menu_background, $active_scheme, $type ); + } + break; + + /* Delete the selected scheme */ + case 6: + /* Delete the scheme */ + $SQL = "DELETE FROM " . TABLE_PREFIX . "schemes WHERE scheme_id='$scheme_id';"; + $results = ExeSQL($SQL); + + /* Check for active schemes */ + $SQL = "SELECT COUNT(*) AS any_active FROM " . TABLE_PREFIX . "schemes WHERE active_scheme='1';"; + $results = ExeSQL($SQL); + + /* Grab the data, and load it in a variable */ + while ($row = mysql_fetch_array($results)) + $any_active = $row["any_active"]; + + /* If there are no active schemes ... */ + if ($any_active == 0) + { + /* Set the oldest scheme as active */ + $SQL = "UPDATE " . TABLE_PREFIX . "schemes SET active_scheme='1' WHERE scheme_name='default';"; + $results = ExeSQL($SQL); + } + + /* Let the user know what's up */ + echo "
\n" + . " The scheme has successfully been removed!
\n" + . " If you changed the active scheme, click here to update the page\n" + . "

\n"; + ShowSchemes(); + return; + break; + } + +/* + * Show the schemes that are currently in the database + */ + +function +ShowSchemes() +{ + /* Stop your yappin' and start showing the schemes */ + echo " \n" + . " \n" + . " \n" + . " \n"; + + /* Set the active color */ + $the_color = TABLE_COLOR_2; + + /* Pull the schemes */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "schemes ORDER BY scheme_id;"; + $results = ExeSQL($SQL); + + /* Grab the data, parse the results */ + while ($row = mysql_fetch_array($results)) + { + /* Load up all the variables */ + $scheme_id = $row["scheme_id"]; + $scheme_name = $row["scheme_name"]; + $scheme_desc = $row["scheme_desc"]; + $background_color = $row["background_color"]; + $table_border_size = $row["table_border_size"]; + $table_border_color = $row["table_border_color"]; + $table_header_background = $row["table_header_background"]; + $table_header_text_color = $row["table_header_text_color"]; + $text_color = $row["text_color"]; + $text_font = $row["text_font"]; + $text_regular = $row["text_regular"]; + $text_small = $row["text_small"]; + $table_color_1 = $row["table_color_1"]; + $table_color_2 = $row["table_color_2"]; + $link_color = $row["link_color"]; + $error_message = $row["error_message"]; + $header_background = $row["header_background"]; + $menu_background = $row["menu_background"]; + $active_scheme = $row["active_scheme"]; + + /* Swap the colors */ + if ($the_color == TABLE_COLOR_2) + $the_color = TABLE_COLOR_1; + else + $the_color = TABLE_COLOR_2; + + /* Keep showing the data */ + echo " \n" + . " \n" + . " \n"; + } + + /* Close off the table */ + echo "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . " Scheme Administration \n" + . " \n" + . " [ Add New Scheme ]\n" + . "
\n" + . "
\n" + . " \n" + . " \n" + . " \n"; + +/* + +I couldn't get this shit to look right, so it's been replaced... I think this code might get resurrected someday, hence why it's still here!! + + echo " \n"; +*/ + + /* Throw all the properties into hidden fields */ + echo " \n" + . " \n" + . "
\n" + . " "; + + /* If the current scheme is active, then bold the name */ + if ($active_scheme != 1) + echo "$scheme_name"; + else + echo "$scheme_name"; + + /* Finish displaying */ + echo "
\n" + . " $scheme_desc
\n" + . " 		\n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . " error message\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
table header
regular text...
\n" + . " linkage...\n" + . "
\n" + . " normal message\n" + . "
\n" + . " 		\n" + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . "
\n" + . "
\n"; +} + +/* + * Show the form to edit the scheme + */ + +function +ShowSchemeForm( $scheme_id, $scheme_name, $scheme_desc, $background_color, $table_border_size, $table_border_color, $table_header_background, $table_header_text_color, $text_color, $text_font, $text_regular, $text_small, $table_color_1, $table_color_2, $link_color, $error_message, $header_background, $menu_background, $active_scheme, $type ) +{ + echo " \n" + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
Scheme Administration
Scheme Name:\n" + . " \n" + . "
Scheme Description:\n" + . " \n" + . "
Background Color:\n" + . " \n" + . "
Table Border Color:\n" + . " \n" + . "
Table Border Size:\n" + . " \n" + . "
Header Background Color:\n" + . " \n" + . "
Menu Background Color:\n" + . " \n" + . "
Text Color:\n" + . " \n" + . "
Font Face:\n" + . " \n" + . "
Small Font Size:\n" + . " \n" + . "
Regular Font Size:\n" + . " \n" + . "
Link Color:\n" + . " \n" + . "
Table Header Background Color:\n" + . " \n" + . "
Table Header Text Color:\n" + . " \n" + . "
Alternating Table Color #1:\n" + . " \n" + . "
Alternating Table Color #2:\n" + . " \n" + . "
Error Message Color:\n" + . " \n" + . "
Active Scheme:\n"; + + /* If it's the active scheme, then put a check in the box */ + if ($active_scheme == 1) + $checked = " checked"; + else + $checked = ""; + + /* An finish off displaying the page */ + echo " Scheme is active?\n" + . "
\n" + . " \n" + . " \n" + . " \n" + . "

\n" + . "
\n"; +} + +?> diff --git a/content/user_admin.php b/content/user_admin.php new file mode 100644 index 0000000..52f1e48 --- /dev/null +++ b/content/user_admin.php @@ -0,0 +1,1090 @@ + * + * * + * This script displays the contents for the 'User Administration' page. * + * Don't forget the 12 space indent for all content pages. * + * * + * Last modified : September 13th, 2002 (JJS) * +\******************************************************************************/ + +/* Redirect the would-be haX0rz */ +$file_name = "user_admin.php"; + +/* Get the negative length of $file_name */ +$file_name_length = -(strlen($file_name)); + +/* Check if the values match, if so, redirect */ +if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name) + header("Location: ../index.php"); + +/* Grab the veriables held by superglobals */ +$user_id = GetVars("user_id"); +$old_name = GetVars("old_name"); +$email = GetVars("email"); +$old_email = GetVars("old_email"); +$acct_name = GetVars("acct_name"); +$acct_pass = GetVars("acct_pass"); +$confirm_password = GetVars("confirm_password"); +$location = GetVars("location"); +$occupation = GetVars("occupation"); +$homepage = GetVars("homepage"); +$picture = GetVars("picture"); +$interests = GetVars("interests"); +$aim = GetVars("aim"); +$icq = GetVars("icq"); +$yahoo = GetVars("yahoo"); +$signature = GetVars("signature"); +$include_sig = GetVars("include_sig"); +$query = GetVars("query"); +$moderated = GetVars("moderated"); +$moderated_forums = GetVars("moderated_forums"); +$admin_acct = GetVars("admin_acct"); +$action = GetVars("action"); +$step = GetVars("step"); +$forum_index = GetVars("forum_index"); + +/* Start off the array */ +//$mod_array[] = ""; + +/* Loop through the forums and grab the variables */ +for ($i = 0; $i < $forum_index; $i++) + { + $this = "mod_" . $i; + $mod_array[] = GetVars($this); + } + + +/* Parse any user input */ +CheckVars(&$step, 1); +CheckVars(&$user_id, 10); +CheckVars(&$acct_name, 64); +CheckVars(&$old_name, 64); +CheckVars(&$acct_pass, 64); +CheckVars(&$acct_confirm_pass, 64); +CheckVars(&$email, 128); +CheckVars(&$old_email, 128); +CheckVars(&$location, 128); +CheckVars(&$occupation, 64); +CheckVars(&$homepage, 128); +CheckVars(&$picture, 128); +CheckVars(&$interests, 255); +CheckVars(&$aim, 16); +CheckVars(&$icq, 16); +CheckVars(&$yahoo, 32); +CheckVars(&$signature, 255); +CheckVars(&$include_sig, 1); +CheckVars(&$admin_acct, 1); + +/* Check that the user isn't trying to mess with the $step variable */ +if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 && $step != 4 && $step != 5 && $step != 6 && $step != 7 ) ) + $step = 1; + +/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */ +if ( ( ( $acct_name == "" || $email == "" || $user_id == "" ) && ( $step == 4 || $step == 5 ) ) || + ( ( $step == 1 && $QUERY_STRING != "pid=user_admin" ) || + ( $step == 2 && $QUERY_STRING != "pid=user_admin" ) || + ( $step == 3 && $QUERY_STRING != "pid=user_admin" ) || + ( $step == 4 && $QUERY_STRING != "pid=user_admin" ) || + ( $step == 5 && $QUERY_STRING != "pid=user_admin&step=5" ) || + ( $step == 6 && $QUERY_STRING != "pid=user_admin" ) || + ( $step == 7 && $QUERY_STRING != "pid=user_admin" ) ) || + ( ( $step != 1 && $step != 2 ) && + ( strlen(trim($acct_name)) == 0 || strlen(trim($email)) == 0 ) ) ) + { + /* Bitch them out if they are f-ing around */ + echo "
Malformed request detected!

\n"; + $step = 1; + } + +/* Determine the active step */ +if ($action == "Search") + $step = 2; +else if ($action == "Edit") + $step = 3; +else if ($action == "Edit Account") + $step = 4; +else if ($action == "Preview Information") + $step = 5; +else if ($action == "Submit Account") + $step = 6; +else if ($action == "Delete") + $step = 7; + +/* Parse some of the variables to ensure accurate values */ +if ( $step == 4 && $homepage == "" ) + $homepage = "http://"; + +if ( $step == 4 && $picture == "" ) + $picture = "http://"; + +/* Strip out all escape characters */ +if ($step == 4) + { + $acct_name = stripslashes(strip_tags($acct_name)); + $acct_pass = stripslashes(strip_tags($acct_pass)); + $email = stripslashes(strip_tags($email)); + $location = stripslashes(strip_tags($location)); + $occupation = stripslashes(strip_tags($occupation)); + $homepage = stripslashes(strip_tags($homepage)); + $picture = stripslashes(strip_tags($picture)); + $interests = stripslashes(strip_tags($interests)); + $aim = stripslashes(strip_tags($aim)); + $icq = stripslashes(strip_tags($icq)); + $yahoo = stripslashes(strip_tags($yahoo)); + $signature = stripslashes(strip_tags($signature)); + } + +/* Do it again, and clean up the signature */ +if ($step == 5) + { + $acct_name = stripslashes(strip_tags($acct_name)); + $acct_pass = stripslashes(strip_tags($acct_pass)); + $email = stripslashes(strip_tags($email)); + $location = stripslashes(strip_tags($location)); + $occupation = stripslashes(strip_tags($occupation)); + $homepage = stripslashes(strip_tags($homepage)); + $picture = stripslashes(strip_tags($picture)); + $interests = stripslashes(strip_tags($interests)); + $aim = stripslashes(strip_tags($aim)); + $icq = stripslashes(strip_tags($icq)); + $yahoo = stripslashes(strip_tags($yahoo)); + + $signature = stripslashes(htmlspecialchars($signature)); + $signature = nl2br($signature); + $signature = str_replace("
", "
", $signature); + } + +/* This time, just clean up the signature */ +if ($step == 6) + { + $signature = htmlspecialchars($signature); + $signature = str_replace("<BR>", "
", $signature); + } + +/* Mirror, mirror, on the wall... which step do we want? */ +switch ($step) + { + /* Show the search page */ + default: + case 1: + ShowUserSearch(); + break; + + /* Display the search results */ + case 2: + ShowSearchResults( $query ); + echo "
\n"; + ShowUserSearch(); + break; + + /* Show the user's existing profile */ + case 3: + /* Pull the number of accounts with the same userid */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';"; + $results = ExeSQL($SQL); + + /* Grab the data, and load it into variables */ + while ($row = mysql_fetch_array($results)) + { + $user_id = $row["user_id"]; + $acct_name = $row["user_name"]; + $acct_pass = ""; + $email = $row["user_email"]; + $location = $row["user_location"]; + $occupation = $row["user_occupation"]; + $homepage = $row["user_homepage"]; + $picture = $row["user_picture"]; + $interests = $row["user_interests"]; + $aim = $row["user_aim"]; + $icq = $row["user_icq"]; + $yahoo = $row["user_yahoo"]; + $signature = $row["user_signature"]; + $include_sig = $row["user_usesig"]; + } + + /* Start showing the form */ + echo "
\n" + . " \n" + . " \n" + . " \n" + . " \n"; + + /* Set the active color */ + $the_color = TABLE_COLOR_2; + + /* Display the mandatory info */ + PreviewSection ( $acct_name, "Username", &$the_color ); + PreviewSection ( $acct_pass, "Password", &$the_color ); + PreviewSection ( $email, "Email", &$the_color ); + + /* Then display the optional info, assuming it has a value */ + if ( $location != "" ) + PreviewSection( $location, "Location", &$the_color ); + + if ( $occupation != "" ) + PreviewSection( $occupation, "Occupation", &$the_color ); + + if ( $homepage != "" && $homepage != "http://" ) + PreviewSection( $homepage, "Homepage", &$the_color ); + + if ( $picture != "" && $picture != "http://" ) + PreviewSection ( $picture, "Picture", &$the_color ); + + if ( $interests != "" ) + PreviewSection ( $interests, "Interests", &$the_color ); + + if ( $aim != "" ) + PreviewSection ( $aim, "AOL Instant Messenger", &$the_color ); + + if ( $icq != "" ) + PreviewSection ( $icq, "ICQ", &$the_color ); + + if ( $yahoo != "" ) + PreviewSection ( $yahoo, "Yahoo Pager", &$the_color ); + + if ( $signature != "" ) + { + /* Swap out the colors */ + if ($the_color == TABLE_COLOR_1) + $the_color = TABLE_COLOR_2; + else + $the_color = TABLE_COLOR_1; + + /* Start showing this part of the preview page */ + echo " \n" + . " \n" + . " \n" + . " \n"; + } + + /* Swap out the colors */ + if ($the_color == TABLE_COLOR_1) + $the_color = TABLE_COLOR_2; + else + $the_color = TABLE_COLOR_1; + + /* Start displaying the moderator section */ + echo " \n" + . " \n" + . " \n" + . " \n"; + + /* Swap the colors */ + if ($the_color == TABLE_COLOR_1) + $the_color = TABLE_COLOR_2; + else + $the_color = TABLE_COLOR_1; + + /* Show the Admin section */ + echo " \n" + . " \n" + . " \n" + . " \n" + . "
Account Information
Signature:\n" + . " $signature

\n" + . " \n"; + + /* Display if the signature will / will not be included */ + if ($include_sig == 1) + echo " Signatures will be included on new posts.\n"; + else + echo " Signatures will not be included on new posts.\n"; + + /* Finish it off */ + echo " \n" + . " \n" + . " \n" + . "
Moderator:\n" + . " "; + + /* Pull the forum names that the user is a moderator for */ + $SQL = "SELECT " . TABLE_PREFIX . "forums.* FROM " . TABLE_PREFIX . "forums LEFT JOIN " . TABLE_PREFIX . "moderators ON " . TABLE_PREFIX . "forums.forum_id=" . TABLE_PREFIX . "moderators.forum_id WHERE user_id='$user_id' ORDER BY forum_name;"; + $results = ExeSQL($SQL); + + /* Grab the data, load the values in an array */ + while ($row = mysql_fetch_array($results)) + $moderated_forums[] = $row["forum_name"]; + + /* Set this variable to NULL */ + $moderated = ""; + + /* If the array is empty, then display "none" */ + if (sizeof($moderated_forums) == 0) + $moderated = "none"; + else + { + /* Look through the array */ + for ( $i = 0; $i < sizeof($moderated_forums); $i++ ) + { + /* Add the forum names to the variable */ + $moderated = $moderated . $moderated_forums[$i]; + + /* Add a comma if it's not the last value */ + if ( $i != (sizeof($moderated_forums) - 1 ) ) + $moderated = $moderated . ", "; + } + } + + /* Display the forums the user is a moderator for */ + echo " $moderated\n" + . "
Administrator:\n"; + + /* Check to see if the user is an admin or not */ + $SQL = "SELECT COUNT(*) AS is_admin FROM " . TABLE_PREFIX . "administrators WHERE user_id='$user_id';"; + $results = ExeSQL($SQL); + + /* Grab the data, and load it in a variable */ + while ($row = mysql_fetch_array($results)) + $admin_acct = $row["is_admin"]; + + /* If the user is an admin say so, if not, ditto */ + if ($admin_acct != 1) + { + $admin = "User is not an administrator."; + $admin_acct = ""; + } + else + { + $admin = "User is an administrator."; + $admin_acct = "1"; + } + + /* Display if the user is an admin, and finish off the form */ + echo " $admin\n" + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "

\n" + . "
\n"; + break; + + /* Show the profile edit screen */ + case 4: + ShowProfileForm( $user_id, $acct_name, $acct_pass, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig, $moderated_forums, $admin_acct ); + break; + + /* Preview the updated information for the profile */ + case 5: + /* Start the form */ + echo "
\n" + . " \n" + . " \n" + . " \n" + . " \n"; + + /* Set the active color */ + $the_color = TABLE_COLOR_2; + + /* Preview the mandatory sections */ + PreviewSection ( $acct_name, "Username", &$the_color ); + PreviewSection ( $acct_pass, "Password", &$the_color ); + PreviewSection ( $email, "Email", &$the_color ); + + /* Preview the optional fields if they aren't blank */ + if ( $location != "" ) + PreviewSection( $location, "Location", &$the_color ); + + if ( $occupation != "" ) + PreviewSection( $occupation, "Occupation", &$the_color ); + + if ( $homepage != "" && $homepage != "http://" ) + PreviewSection( $homepage, "Homepage", &$the_color ); + + if ( $picture != "" && $picture != "http://" ) + PreviewSection ( $picture, "Picture", &$the_color ); + + if ( $interests != "" ) + PreviewSection ( $interests, "Interests", &$the_color ); + + if ( $aim != "" ) + PreviewSection ( $aim, "AOL Instant Messenger", &$the_color ); + + if ( $icq != "" ) + PreviewSection ( $icq, "ICQ", &$the_color ); + + if ( $yahoo != "" ) + PreviewSection ( $yahoo, "Yahoo Pager", &$the_color ); + + /* Let's play the signature game, kids! */ + if ( $signature != "" ) + { + /* Swap out the colors */ + if ($the_color == TABLE_COLOR_1) + $the_color = TABLE_COLOR_2; + else + $the_color = TABLE_COLOR_1; + + /* Display the section header and signature */ + echo " \n" + . " \n" + . " \n" + . " \n"; + } + + /* Swap out the colors */ + if ($the_color == TABLE_COLOR_1) + $the_color = TABLE_COLOR_2; + else + $the_color = TABLE_COLOR_1; + + /* Start the moderator section */ + echo " \n" + . " \n" + . " \n" + . " \n"; + + /* Swap the colors */ + if ($the_color == TABLE_COLOR_1) + $the_color = TABLE_COLOR_2; + else + $the_color = TABLE_COLOR_1; + + /* Start off the Admin section */ + echo " \n" + . " \n" + . " \n" + . " \n" + . "
Account Preview
Signature:\n" + . " $signature

\n" + . " \n"; + + /* State if the signature is added by default or not */ + if ($include_sig == 1) + echo " Signatures will be included on new posts.\n"; + else + echo " Signatures will not be included on new posts.\n"; + + /* Finish off the section */ + echo " \n" + . " \n" + . " \n" + . "
\n" + . " Moderator:\n" + . " \n"; + + /* Set variable to NULL */ + $moderated = ""; + + /* Now it's time to get our look on */ + for ( $i = 0; $i < sizeof($mod_array); $i++ ) + { + /* If the array value isn't NULL */ + if ($mod_array[$i] != "") + { + /* Pull the form names */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "forums WHERE forum_id='" . $mod_array[$i] . "' ORDER BY forum_name;"; + $results = ExeSQL($SQL); + + /* Grab the data, and throw it in an array */ + while ($row = mysql_fetch_array($results)) + $forum_name = $row["forum_name"]; + + /* Add the values from the array */ + $moderated = $moderated . $forum_name; + + /* And comma separate them if they aren't the last value */ + if ( $i != (sizeof($mod_array) - 1 ) ) + $moderated = $moderated . ", "; + } + } + + if ($moderated == "") + $moderated = "none"; + + /* Finish off the section */ + echo " $moderated\n" + . "
\n" + . " Administrator:\n" + . " \n"; + + /* Let us know if the user is an admin or not */ + if ($admin_acct != 1) + { + $admin = "User is not an administrator."; + $admin_acct = ""; + } + else + { + $admin = "User is an administrator."; + $admin_acct = "1"; + } + + /* Finish off this form */ + echo " $admin\n" + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "

\n" + . "
\n"; + break; + + /* Update an existing account */ + case 6: + /* Make sure the page was POSTed */ + if ( $REQUEST_METHOD == "POST" ) + { + /* No errors */ + $no_err = 0; + + /* If the old and new accounts don't have the same name then ... */ + if ($acct_name != $old_name) + { + /* Pull the number of accounts with the same name */ + $SQL = "SELECT COUNT(*) AS name_exists FROM " . TABLE_PREFIX . "users WHERE user_name='$acct_name';"; + $results = ExeSQL($SQL); + + /* Grab the data, and parse the results */ + while ($row = mysql_fetch_array($results)) + { + /* Username exists? Error out */ + if ($row["name_exists"] != 0) + { + echo "
That username is already taken by another user!

\n"; + $no_err++; + } + } + } + + /* Let's do the same stuff, but for the email addy */ + if ($email != $old_email) + { + /* Pull the number of forums with the same email */ + $SQL = "SELECT COUNT(*) AS email_exists FROM " . TABLE_PREFIX . "users WHERE user_email='$email';"; + $results = ExeSQL($SQL); + + /* Grab the data, parse the results */ + while ($row = mysql_fetch_array($results)) + { + /* Email exists? Error out */ + if ($row["email_exists"] != 0) + { + echo "
An account has already been registered using that email address!

\n"; + $no_err++; + } + } + } + + /* If there are no errors ... */ + if ($no_err == 0) + { + /* Clear out the URL variables if they still contain 'http://' */ + if ($homepage == "http://") { $homepage = ""; } + if ($picture == "http://") { $picture = ""; } + + /* Crypt the password to a random salt */ + if ($acct_pass != "") + $acct_pass = crypt($acct_pass); + + /* Set the include_sig variable */ + if ($include_sig != 1) + $include_sig = 0; + + /* Update the user in the database */ + if ($acct_pass != "") + $SQL = "UPDATE " . TABLE_PREFIX . "users SET user_name='$acct_name', user_email='$email', user_pass='$acct_pass', user_location='$location', user_occupation='$occupation', user_homepage='$homepage', user_picture='$picture', user_interests='$interests', user_aim='$aim', user_icq='$icq', user_yahoo='$yahoo', user_signature='$signature', user_usesig='$include_sig' WHERE user_id='$user_id';"; + else + $SQL = "UPDATE " . TABLE_PREFIX . "users SET user_name='$acct_name', user_email='$email', user_location='$location', user_occupation='$occupation', user_homepage='$homepage', user_picture='$picture', user_interests='$interests', user_aim='$aim', user_icq='$icq', user_yahoo='$yahoo', user_signature='$signature', user_usesig='$include_sig' WHERE user_id='$user_id';"; + + $results = ExeSQL($SQL); + + /* Update the moderater table, kill all associated entries, first.. */ + $SQL = "DELETE FROM " . TABLE_PREFIX . "moderators WHERE user_id='$user_id';"; + $results = ExeSQL($SQL); + + /* Then readd them */ + if ($moderated_forums != "none") + { + /* Blow the variable up into an array */ + $forums = explode(", ", $moderated_forums); + + /* Loop the array */ + for ( $i = 0; $i < sizeof($forums); $i++ ) + { + /* Select the forum id */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "forums WHERE forum_name='" . $forums[$i] . "';"; + $results = ExeSQL($SQL); + + /* Grab it and throw it in a variable */ + while ($row = mysql_fetch_array($results)) + $forum_id = $row["forum_id"]; + + /* Insert the data into the moderators table */ + $SQL = "INSERT INTO " . TABLE_PREFIX . "moderators (forum_id, user_id) VALUES ('$forum_id', '$user_id');"; + $results = ExeSQL($SQL); + } + } + + /* Update the administrator table, kill all associated entries, first.. */ + $SQL = "DELETE FROM " . TABLE_PREFIX . "administrators WHERE user_id='$user_id';"; + $results = ExeSQL($SQL); + + /* Then readd them */ + if ($admin_acct == 1) + { + $SQL = "INSERT INTO " . TABLE_PREFIX . "administrators (user_id) VALUES ('$user_id');"; + $results = ExeSQL($SQL); + } + + /* Let the user know the update is complete */ + echo "
The account has been updated!

\n"; + ShowUserSearch(); + return; + } + else + ShowProfileForm( $user_id, $acct_name, $acct_pass, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig, $moderated_forums, $admin_acct ); + } + else + { + /* If it wasn't POSTed, then error out */ + echo "
Malformed request detected!

\n"; + ShowProfileForm( $user_id, $acct_name, $acct_pass, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig, $moderated_forums, $admin_acct ); + } + break; + + /* Delete the user, and all his/her's associated threads and replies */ + case 7: + /* The user from the database */ + $SQL = "DELETE FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';"; + $results = ExeSQL($SQL); + + /* Delete the threads associated with the user */ + $SQL = "DELETE FROM " . TABLE_PREFIX . "threads WHERE user_id='$user_id';"; + $results = ExeSQL($SQL); + + /* Delete the replies associated with the user */ + $SQL = "DELETE FROM " . TABLE_PREFIX . "replies WHERE user_id='$user_id';"; + $results = ExeSQL($SQL); + + /* Delete the user from the moderators list */ + $SQL = "DELETE FROM " . TABLE_PREFIX . "moderators WHERE user_id='$user_id';"; + $results = ExeSQL($SQL); + + /* Delete the use from the administrator list */ + $SQL = "DELETE FROM " . TABLE_PREFIX . "administrators WHERE user_id='$user_id';"; + $results = ExeSQL($SQL); + + /* Tell the user all is good */ + echo "
The user has successfully been removed!

\n"; + ShowUserSearch(); + return; + break; + } + +/* + * Show the user search box + */ + +function +ShowUserSearch() +{ + /* Well show it already!! */ + echo "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
User Search
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . " \n" + . " \n" + . " \n" + . "
\n" + . " User * as a wildcard for partial matches\n" + . "
\n" + . "
\n" + . "
\n"; +} + +/* + * Parse the query and display the results + */ + +function +ShowSearchResults( $query ) +{ + /* If the query is NULL, then set it to pull all the users */ + if (trim($query) == "") + $query = "*"; + + /* Start the table for the results */ + echo " \n" + . " \n" + . " \n" + . " \n"; + + /* If there's a * in the query, then change it to % */ + if (strstr ($query, "*") != "" ) + { + $query = str_replace("*", "%", $query); + $sql_where = "user_name LIKE '$query'"; + } + else + $sql_where = "user_name='$query'"; + + /* Set the active color */ + $the_color = TABLE_COLOR_2; + + /* And the number of results */ + $how_many = 0; + + /* Pull the data based on the query */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE $sql_where ORDER BY user_name;"; + $results = ExeSQL($SQL); + + /* Grab the data, display the results */ + while ($row = mysql_fetch_array($results)) + { + /* Swap colors */ + if ($the_color == TABLE_COLOR_1) + $the_color = TABLE_COLOR_2; + else + $the_color = TABLE_COLOR_1; + + /* Let the output begin! */ + echo " \n" + . " \n" + . " \n"; + + /* Increment the total number of results */ + $how_many++; + } + + /* If no results were foind, let the user know... same with if 1 or more results were found */ + if ($how_many == 0) + { + echo " \n" + . " \n" + . " \n"; + } + else if ($how_many == 1) + { + echo " \n" + . " \n" + . " \n"; + } + else + { + echo " \n" + . " \n" + . " \n"; + } + + echo "
Search Results for '$query'
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . " " . $row["user_name"] . "\n" + . " \n" + . "
\n" + . " \n" + . " \n" + . " \n" + . "
\n" + . "
\n" + . "
Your search did not return any matches!
Your search returned 1 match!
Your search returned $how_many matches!
\n"; +} + +/* + * Show the edit form + */ + +function +ShowProfileForm( $user_id, $acct_name, $acct_pass, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig, $moderated_forums, $admin_acct ) +{ + echo " \n" + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
Required Information     Leave the password fields blank if you wish to keep the current password.
Username: Max 64 characters
Password: Min 6 characters - Max: 64 characters
Confirm Password: Min: 6 characters - Max: 64 characters
Email: Max: 128 characters
Optional Information
Location: Max: 128 characters
Occupation: Max: 64 characters
Homepage: Max: 128 characters
Picture: Max: 128 characters
Interests: Max: 255 characters
AOL Instant Messenger: Max: 16 characters
ICQ: Max: 16 characters
Yahoo Pager: Max: 32 characters
Signature:\n" + . " \n" + . " \n" + . " \n" + . " \n"; + + /* Check the include signature box if they want to include the signature */ + if ($include_sig == 1) + $checked = " checked"; + else + $checked = ""; + + /* Spit out some more of the form */ + echo " \n" + . " \n" + . " \n" + . "
 Max: 255 characters
Include signature on new posts?
\n" + . "
Account Privileges
Moderator:\n"; + + /* NULL out these .. */ + $forums[] = " "; + $forum_index = 0; + + /* Blow up the variable into an array */ + $moderated_split = explode(", ", $moderated_forums); + + /* Pull the moderators */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "moderators;"; + $results = ExeSQL($SQL); + + /* Grab the data, add the values to an array */ + while ($row = mysql_fetch_array($results)) + $forums_ids[] = $row["forum_id"]; + + /* Pull the forum names */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "forums ORDER BY forum_name;"; + $results = ExeSQL($SQL); + + /* Grab the data, parse the results */ + while ($row = mysql_fetch_array($results)) + { + /* If the user is a moderator, then check the box */ + if (in_array($row["forum_name"], $moderated_split)) + $checked = " checked"; + else + $checked = ""; + + /* Display the check box */ + //echo " " . $row["forum_name"] . "
\n"; + echo " " . $row["forum_name"] . "
\n"; + + /* Increment the file */ + $forum_index++; + } + + /* Finish the moderator section, and move to the admin section */ + echo " \n" + . "
Administrator:\n"; + + /* If the user is an admin, then check the box */ + if ($admin_acct == 1) + $checked = " checked"; + else + $checked = ""; + + /* Finish off this God forsaken form */ + echo " User is an administrator?\n" + . "
\n" + . " \n" + . " \n" + . " \n" + . "

\n" + . "
\n"; +} + +/* + * This section cuts down repetative code, and lets us preview sections + */ + +function +PreviewSection ( $section_value, $section_title, $the_color ) +{ + /* Swap out the colors */ + if ($the_color == TABLE_COLOR_1) + $the_color = TABLE_COLOR_2; + else + $the_color = TABLE_COLOR_1; + + /* Show the top part */ + echo " \n" + . " $section_title:\n" + . " \n"; + + /* There are different types of sections, depending which one we're on, is what we'll display */ + if ($section_title == "Password") + echo " Password is hidden for security purposes.\n"; + else + echo " $section_value\n"; + + if ($section_title == "Picture") + { + /* Grab the image size */ + $profile_img = getimagesize($section_value); + + /* Set the caption */ + $image_caption = "Image size"; + + /* If the image is larger than 320x240, then resize */ + if ($profile_img[0] > 320) + { + $profile_img[0] = 320; + $image_caption = "Scaled image size"; + } + if ($profile_img[1] > 240) + { + $profile_img[1] = 240; + $image_caption = "Scaled image size"; + } + + /* Show the [re]sized image */ + if ($profile_img[0] > $profile_img[1]) + $scale_img = "height=\"$profile_img[1]\""; + else + $scale_img = "width=\"$profile_img[0]\""; + + /* Display the image */ + echo "

\n" + . " $image_caption: {$profile_img[0]}x{$profile_img[1]}\n" + . "
\n"; + } + + /* Show wht needs to be shown */ + if ($section_title == "AOL Instant Messenger") + $section_title = "aim"; + else if ($section_title == "Username") + $section_title = "acct_name"; + else if ($section_title == "Password") + $section_title = "acct_pass"; + else + $section_title = strtolower($section_title); + + /* Finish up the section */ + echo " \n" + . " \n" + . " \n"; +} + +?> diff --git a/content/view_forums.php b/content/view_forums.php new file mode 100644 index 0000000..c4c9ca9 --- /dev/null +++ b/content/view_forums.php @@ -0,0 +1,267 @@ + * + * * + * This script displays the contents for the 'View Forums' page. Don't * + * forget the 12 space indent for all content pages. * + * * + * Last modified : September 21st, 2002 (JJS) * +\******************************************************************************/ + +/* Deter hackers */ +$file_name = "view_forums.php"; + +/* Get the negative length of $file_name */ +$file_name_length = -(strlen($file_name)); + +/* Check if the values match, if so, redirect */ +if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name) + header("Location: ../index.php"); + +/* Pull the total number of users */ +$SQL = "SELECT COUNT(*) as total_users FROM " . TABLE_PREFIX . "users;"; +$results = ExeSQL($SQL); + +/* Start off the table to divide everything */ +echo " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n"; + +/* Grab the data, and display it */ +while ($row = mysql_fetch_array($results)) + echo " Registered Members: " . $row["total_users"] . "
\n"; + +/* Start the number of posts at zero */ +$total_posts = 0; + +/* Pull the total number of threads */ +$SQL = "SELECT COUNT(*) AS total_posts FROM " . TABLE_PREFIX . "threads;"; +$results = ExeSQL($SQL); + +/* Grab the data and load it in a variable */ +while ($row = mysql_fetch_array($results)) + $total_posts = $row["total_posts"]; + +/* Pull the total number of replies */ +$SQL = "SELECT COUNT(*) AS total_posts FROM " . TABLE_PREFIX . "replies;"; +$results = ExeSQL($SQL); + +/* Grab the data, and load it in a variable */ +while ($row = mysql_fetch_array($results)) + $total_posts = $total_posts + $row["total_posts"]; + +/* Display the total number of posts */ +echo " Total Posts: $total_posts
\n"; + +/* Pull the most recent user added to the database */ +$SQL = "SELECT * FROM " . TABLE_PREFIX . "users ORDER BY user_id DESC LIMIT 1;"; +$results = ExeSQL($SQL); + +/* Grab the data, and throw it on the screen */ +while ($row = mysql_fetch_array($results)) + echo " Welcome to our newest member, " . $row["user_name"] . ".

\n"; + +/* Show the current date / time, then close out the table */ +echo "

\n" + . " " . date("l, F jS, Y\<\B\R\>g:i:s A T") . "\n" + . "
\n"; + +/* Pull the forum list */ +$SQL = "SELECT DISTINCT(forum_id) FROM " . TABLE_PREFIX . "forums;"; +$results = ExeSQL($SQL); + +/* Grab the data, and load it in an array */ +while ($row = mysql_fetch_array($results)) + $forum_list[] = $row["forum_id"]; + +/* Loop through the forum list and count the number of threads and replies, loading both into their respective arrays */ +for ( $i = 0; $i < count($forum_list); $i++ ) + { + /* Set the current forum in the loop */ + $current_forum = $forum_list[$i]; + + /* Pull the total number of threads for the forum */ + $SQL = "SELECT COUNT(*) AS total_threads FROM " . TABLE_PREFIX . "threads WHERE forum_id='$current_forum';"; + $results = ExeSQL($SQL); + + /* Grab the data, and load it in an array */ + while ($row = mysql_fetch_array($results)) + $total_threads[] = $row["total_threads"]; + + /* Pull the total number of replies for the forum */ + $SQL = "SELECT COUNT(*) AS total_replies FROM " . TABLE_PREFIX . "replies WHERE forum_id='$current_forum';"; + $results = ExeSQL($SQL); + + /* Grab the data, and load it in an array */ + while ($row = mysql_fetch_array($results)) + $total_replies[] = $row["total_replies"]; + } + +/* Build the HTML table (column headings) */ +echo " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n"; + +/* Pull each forum name in alpabetical order */ +$SQL = "SELECT * FROM " . TABLE_PREFIX . "forums ORDER BY forum_order, forum_name;"; +$results = ExeSQL($SQL); + +/* Grab the data, do crap to it and and display it in the table */ +while ($row = mysql_fetch_array($results)) + { + /* Determine how many posts there are for that forum */ + $forum_key = array_search($row["forum_id"], $forum_list); + $all_threads = $total_threads[$forum_key]; + $all_replies = $total_replies[$forum_key]; + + /* If there are no posts, then just set the value to "--" instead of "0" which I find unpleasant to the eye */ + if ( $all_threads == "" || $all_threads == 0 ) + $all_threads = "--"; + + /* If there are no posts, then just set the value to "--" instead of "0" which I find unpleasant to the eye */ + if ( $all_replies == "" || $all_replies == 0 ) + $all_replies = "--"; + + /* Null out these variables */ + $moderator_id = ""; + $moderators = ""; + + /* Grab the moderators */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "moderators WHERE forum_id=" . $row["forum_id"] . ";"; + $results2 = ExeSQL($SQL); + + /* Give the arrays default values */ + $moderator_id[] = ""; + //$moderators[] = ""; + + /* Grab the data, and add it to an array */ + while ($row2 = mysql_fetch_array($results2)) + $moderator_id[] = $row2["user_id"]; + + /* Loop through the array */ + for ( $i = 0; $i < sizeof($moderator_id); $i++ ) + { + /* Grab the moderators */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_id='" . $moderator_id[$i] . "';"; + $results2 = ExeSQL($SQL); + + /* Grab the data, and add it to an array */ + while ($row2 = mysql_fetch_array($results2)) + $moderators[] = $row2["user_name"]; + } + + /* Clear out the variables before we determine the most recent post for the forum */ + $latest_post = ""; + $latest_user = ""; + $thread_time = ""; + $thread_user = ""; + $reply_time = ""; + $reply_user = ""; + + /* Grab the most recent thread */ + $SQL = "SELECT *, DATE_FORMAT(thread_time, '%W, %M %e, %Y
%r') AS nice_time FROM " . TABLE_PREFIX . "threads WHERE forum_id=" . $row["forum_id"] . " ORDER BY thread_id DESC LIMIT 1 ;"; + $results2 = ExeSQL($SQL); + + /* Grab the data, and add it to variables */ + while ($row2 = mysql_fetch_array($results2)) + { + $thread_time = $row2["nice_time"]; + $thread_user = $row2["user_id"]; + } + + /* Grab the most recent replies */ + $SQL = "SELECT *, DATE_FORMAT(reply_time, '%W, %M %e, %Y
%r') AS nice_time FROM " . TABLE_PREFIX . "replies WHERE forum_id=" . $row["forum_id"] . " ORDER BY reply_id DESC LIMIT 1 ;"; + $results2 = ExeSQL($SQL); + + /* Grab the data, and load it into variables */ + while ($row2 = mysql_fetch_array($results2)) + { + $reply_time = $row2["nice_time"]; + $reply_user = $row2["user_id"]; + } + + /* If the thread is more recent than the reply */ + if ($thread_time > $reply_time) + { + /* Set the thread as the most recent */ + $latest_post = $thread_time; + $latest_user = $thread_user; + } + else + { + /* Set the reply as the most recent */ + $latest_post = $reply_time; + $latest_user = $reply_user; + } + + /* Grab the most recent user */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_id='" . $latest_user . "';"; + $results2 = ExeSQL($SQL); + + /* Grab the data, and load it in a variable */ + while ($row2 = mysql_fetch_array($results2)) + $latest_user = $row2["user_name"]; + + /* Display more stuff on the screen */ + echo " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n"; + } + +echo "
ForumThreadsRepliesLatest PostModerator
" . $row["forum_name"] . "
" . $row["forum_desc"] . "		\n" + . " " . $all_threads . "\n" + . " \n" + . " " . $all_replies . "\n" + . " \n"; + + /* If the latest post exists then display it */ + if ($latest_post != "") + echo " $latest_post by $latest_user
\n"; + else + echo " --\n"; + + /* Finish off this section */ + echo " 		\n" + . " "; + + /* If there are moderators then show them */ + if (@isset($moderators[0])) + { + /* Sort the list in alphabetical order */ + sort($moderators); + + /* Sort through the array */ + for ( $i = 0; $i < sizeof($moderators); $i++ ) + { + /* Display the moderators */ + echo "{$moderators[$i]}"; + + /* Comma deliminate them */ + if ($i != (sizeof($moderators)) - 1) + echo ", "; + } + + /* Throw in a line break for good measure */ + echo "
"; + } + else + echo "--"; + + /* Finish off this page! */ + echo " \n" + . "
\n"; + +?> diff --git a/content/view_message.php b/content/view_message.php new file mode 100644 index 0000000..6f8231b --- /dev/null +++ b/content/view_message.php @@ -0,0 +1,44 @@ + * + * * + * This script displays the contents for the 'View Message' page. Don't * + * forget the 12 space indent for all content pages. * + * * + * Last modified : September 24th, 2002 (JJS) * +\******************************************************************************/ + +/* Redirect the person if they call this file directly */ +$file_name = "view_message.php"; + +/* Get the negative length of $file_name */ +$file_name_length = -(strlen($file_name)); + +/* Check if the values match, if so, redirect */ +if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name) + header("Location: ../index.php"); + +/* Pull the named message */ +if ($message == "faq") + { + require("./language/faq.php"); + $message_name = FAQ_TITLE; + $message_body = FREQUENTLY_ASKED_QUESTIONS; + } +else + header("Location: ../index.php"); + +/* Display the message */ +echo " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
$message_name
\n" + . " $message_body\n" + . "
\n"; + +?> diff --git a/content/view_profile.php b/content/view_profile.php new file mode 100644 index 0000000..f419f8f --- /dev/null +++ b/content/view_profile.php @@ -0,0 +1,191 @@ + * + * * + * This script displays the contents for the 'View Profile' page. Don't * + * forget the 12 space indent for all content pages. * + * * + * Last modified : September 24th, 2002 (JJS) * +\******************************************************************************/ + +/* Stop all direct access to this file!!! */ +$file_name = "view_profile.php"; + +/* Get the negative length of $file_name */ +$file_name_length = -(strlen($file_name)); + +/* Check if the values match, if so, redirect */ +if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name) + header("Location: ../index.php"); + +/* Grab the veriables held by superglobals */ +$user = $_GET['user']; + +/* Parse any user input */ +CheckVars(&$user, 64); + +/* Pull the number of accounts with the specified username */ +$SQL = "SELECT COUNT(*) AS user_exists FROM " . TABLE_PREFIX . "users WHERE user_name='$user';"; +$results = ExeSQL($SQL); + +/* Grab the data and add it to a variable */ +while ($row = mysql_fetch_array($results)) + $user_exists = $row["user_exists"]; + +/* If the user doesn't exist then ... */ +if ($user_exists == 0) + { + /* Let the user know what's up, then redirect to the view forums page */ + echo "
Sorry, there are no users by that name!


\n"; + require("view_forums.php"); + } +else + { + /* Pull the information for the specified username */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_name='$user';"; + $results = ExeSQL($SQL); + + /* Grab the data, and add it to variables */ + while ($row = mysql_fetch_array($results)) + { + $username = $row["user_name"]; + $email = $row["user_email"]; + $location = $row["user_location"]; + $occupation = $row["user_occupation"]; + $homepage = $row["user_homepage"]; + $picture = $row["user_picture"]; + $interests = $row["user_interests"]; + $aim = $row["user_aim"]; + $icq = $row["user_icq"]; + $yahoo = $row["user_yahoo"]; + } + + /* Display the table header */ + echo " \n" + . " \n" + . " \n" + . " \n"; + + /* Set the active color to the second color */ + $the_color = TABLE_COLOR_2; + + /* Preview the email section */ + PreviewSection ( $email, "Email", &$the_color ); + + /* If the location isn't NULL, then preview it */ + if ( $location != "" ) + PreviewSection( $location, "Location", &$the_color ); + + /* same with the occupation */ + if ( $occupation != "" ) + PreviewSection( $occupation, "Occupation", &$the_color ); + + /* and the homepage */ + if ( $homepage != "" && $homepage != "http://" ) + PreviewSection( $homepage, "Homepage", &$the_color ); + + /* AND the picture */ + if ( $picture != "" && $picture != "http://" ) + PreviewSection ( $picture, "Picture", &$the_color ); + + /* Can't forget the interests */ + if ( $interests != "" ) + PreviewSection ( $interests, "Interests", &$the_color ); + + /* And of course, the AIM name */ + if ( $aim != "" ) + PreviewSection ( $aim, "AOL Instant Messenger", &$the_color ); + + /* Along with the ICQ UIN */ + if ( $icq != "" ) + PreviewSection ( $icq, "ICQ", &$the_color ); + + /* And last, and IMHO least, the Yahoo! Pager */ + if ( $yahoo != "" ) + PreviewSection ( $yahoo, "Yahoo Pager", &$the_color ); + + /* Close out the fuggin' table */ + echo "
$username's Profile
\n"; + } + +/* + * This function lets you preview sections, and + * kills a lot of repetative, and messy code + */ +function +PreviewSection ( $section_value, $section_title, $the_color ) +{ + /* Swap the colors */ + if ($the_color == TABLE_COLOR_1) + $the_color = TABLE_COLOR_2; + else + $the_color = TABLE_COLOR_1; + + /* Display the section name */ + echo " \n" + . " $section_title:\n" + . " \n" + . " "; + + /* Jump to the section for the appropriate section */ + switch ($section_title) + { + /* Email section */ + case "Email": + echo "$section_value"; + break; + + /* Homepage section */ + case "Homepage": + echo "$section_value"; + break; + + /* AIM Section*/ + case "AOL Instant Messenger": + echo "$section_value "; + $section_value = str_replace(" ", "", $section_value); + + /* Add the cool links instead of just the AIM name */ + echo "(Add Buddy, Send Message)"; + break; + + /* Picture section */ + case "Picture": + /* Grab the image size */ + $profile_img = @getimagesize($section_value); + + /* Set the caption */ + $image_caption = "Image size"; + + /* If the width is larger than 320, then rectify the situation */ + if ($profile_img[0] > 320) + $profile_img[0] = 320; + + /* Same with the height, but set it to 240 */ + if ($profile_img[1] > 240) + $profile_img[1] = 240; + + /* If height's larger, then use the height, width larger, then use the width */ + if ($profile_img[0] > $profile_img[1]) + $scale_img = "height=\"$profile_img[1]\""; + else + $scale_img = "width=\"$profile_img[0]\""; + + /* Show the image!! */ + echo "
\n"; + break; + + /* Not specified, then just display the value */ + default: + echo "$section_value"; + break; + } + + /* Finish it off */ + echo "\n" + . " \n" + . " \n"; +} + +?> diff --git a/content/view_replies.php b/content/view_replies.php new file mode 100644 index 0000000..59d86ba --- /dev/null +++ b/content/view_replies.php @@ -0,0 +1,300 @@ + * + * * + * This script displays the contents for the 'View Replies' page. Don't * + * forget the 12 space indent for all content pages. * + * * + * Last modified : September 13th, 2002 (JJS) * +\******************************************************************************/ + +/* srekcah eb-dluow yna pu kcuF */ +$file_name = "view_forums.php"; + +/* Get the negative length of $file_name */ +$file_name_length = -(strlen($file_name)); + +/* Check if the values match, if so, redirect */ +if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name) + header("Location: ../index.php"); + +/* Assign a value to the array, so it doesn't freak out is the user is an admin, but not a moderator */ +$moderated_forums[] = "0"; + +/* Pull the list of forums this user is a moderator for */ +$SQL = "SELECT * FROM " . TABLE_PREFIX . "moderators WHERE user_id='$user_id';"; +$results = ExeSQL($SQL); + +/* Grab the data and load it in an array */ +while ($row = mysql_fetch_array($results)) + $moderated_forums[] = $row["forum_id"]; + +/* Pull the forum id list from the database */ +$SQL = "SELECT forum_id FROM " . TABLE_PREFIX . "forums;"; +$results = ExeSQL($SQL); + +/* Grab the data and load it into an array */ +while ($row = mysql_fetch_array($results)) + $forum_list[] = $row["forum_id"]; + +/* Pull the thread id list from the database */ +$SQL = "SELECT thread_id FROM " . TABLE_PREFIX . "threads;"; +$results = ExeSQL($SQL); + +/* Grab the data and load it into an array */ +while ($row = mysql_fetch_array($results)) + $thread_list[] = $row["thread_id"]; + +/* If the forum doesn't exist, then halt */ +if ( !in_array($forum_id, $forum_list) || !in_array($thread_id, $thread_list) ) + { + echo "
Malformed request detected!
+
\n"; + require ("./content/view_forums.php"); + return; + } + +/* Start off the table */ +echo " \n" + . " \n"; + +/* Pull the forum name from the database */ +$SQL = "SELECT * FROM " . TABLE_PREFIX . "forums WHERE forum_id='$forum_id';"; +$results = ExeSQL($SQL); + +/* Grab the data and print it on the screen */ +while ($row = mysql_fetch_array($results)) + echo " \n"; + +/* Add some options for the user */ +echo " \n" + . " \n" + . "
" . BOARD_NAME . " > " . $row["forum_name"] . " > "; + +/* Pull the thread name from the database */ +$SQL = "SELECT * FROM " . TABLE_PREFIX . "threads WHERE thread_id=$thread_id;"; +$results = ExeSQL($SQL); + +/* Grab the data and throw it on the screen */ +while ($row = mysql_fetch_array($results)) + echo " " . $row["thread_title"] . "Post New Thread | Post Reply
\n" + . "
\n"; + +/* Pull each thread name from the database */ +$SQL = "SELECT * FROM " . TABLE_PREFIX . "threads WHERE thread_id='$thread_id';"; +$results = ExeSQL($SQL); + +/* Grab the data and load it into a variable */ +while ($row = mysql_fetch_array($results)) + $thread_topic = $row["thread_title"]; + +/* Build the HTML table (column headings) */ +echo " \n" + . " \n" + . " \n" + . " \n" + . " \n"; + +/* Pull the requested thread */ +$SQL = "SELECT *, DATE_FORMAT(thread_time, '%W, %M %e, %Y %r') AS nice_time FROM " . TABLE_PREFIX . "threads WHERE thread_id='$thread_id' ORDER BY thread_title;"; +$results = ExeSQL($SQL); + +/* Grab the data, and parse it out and do some other shit too! */ +while ($row = mysql_fetch_array($results)) + { + /* Pull each user name from the database */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_id='" . $row["user_id"] . "';"; + $results2 = ExeSQL($SQL); + + /* Grab the data and load it into an array */ + while ($row2 = mysql_fetch_array($results2)) + { + $user_name = $row2["user_name"]; + $user_location = $row2["user_location"]; + } + + /* Pull the total number of threads from the database */ + $SQL = "SELECT COUNT(*) AS total_posts FROM " . TABLE_PREFIX . "threads WHERE user_id='" . $row["user_id"] . "';"; + $results2 = ExeSQL($SQL); + + /* Grab the data and load it into a variable */ + while ($row2 = mysql_fetch_array($results2)) + $total_posts = $row2["total_posts"]; + + /* Pull the total number of replies from the database */ + $SQL = "SELECT COUNT(*) AS total_posts FROM " . TABLE_PREFIX . "replies WHERE user_id='" . $row["user_id"] . "';"; + $results2 = ExeSQL($SQL); + + /* Grab the data and load it into a variable */ + while ($row2 = mysql_fetch_array($results2)) + $total_posts = $total_posts + $row2["total_posts"]; + + echo " \n" + . " \n" + . " \n" + . " \n"; + } + +/* Pull each reply in reverse time order */ +$SQL = "SELECT *, DATE_FORMAT(reply_time, '%W, %M %e, %Y %r') AS nice_time FROM " . TABLE_PREFIX . "replies WHERE thread_id='$thread_id' ORDER BY reply_time;"; +$results = ExeSQL($SQL); + +/* Grab the data, and display it in the table */ +while ($row = mysql_fetch_array($results)) + { + /* Pull each user name from the database */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_id='" . $row["user_id"] . "';"; + $results2 = ExeSQL($SQL); + + /* Grab the data and load it into variables */ + while ($row2 = mysql_fetch_array($results2)) + { + $user_name = $row2["user_name"]; + $user_location = $row2["user_location"]; + } + + /* Pull the total number of posts */ + $SQL = "SELECT COUNT(*) AS total_posts FROM " . TABLE_PREFIX . "threads WHERE user_id='" . $row["user_id"] . "';"; + $results2 = ExeSQL($SQL); + + /* Grab the data and load it into a variable */ + while ($row2 = mysql_fetch_array($results2)) + $total_posts = $row2["total_posts"]; + + /* Pull the total number of replies */ + $SQL = "SELECT COUNT(*) AS total_posts FROM " . TABLE_PREFIX . "replies WHERE user_id='" . $row["user_id"] . "';"; + $results2 = ExeSQL($SQL); + + /* Grab the data and load it into a variable */ + while ($row2 = mysql_fetch_array($results2)) + $total_posts = $total_posts + $row2["total_posts"]; + + /* Display the user info */ + echo " \n" + . " \n" + . " \n" + . " \n"; + } + +/* Let's get the hell out of dodge! */ +echo "
AuthorThread: $thread_topic
\n" + . " $user_name

\n" + . " \n" + . " Total Posts: $total_posts
\n"; + + /* Show the user the tree of where they are located */ + if ($user_location != "") { echo " Location: $user_location
\n"; } + + /* Display more of the table */ + echo " \n" + . " 		\n" + . " Posted " . $row["nice_time"] . "\n" + . "
\n" + . " \n" + . " " . $row["thread_body"] . "\n" + . " \n"; + + /* If the user is a moderator or an admin then ... */ + if ( ( $is_moderator != 0 && in_array($forum_id, $moderated_forums) ) || $is_admin != 0 ) + { + /* Pull each user ip from the database */ + $SQL = "SELECT user_ip FROM " . TABLE_PREFIX . "threads WHERE thread_id=" . $row["thread_id"] . ";"; + $results2 = ExeSQL($SQL); + + /* Grab the data and load it int a variable */ + while ($row2 = mysql_fetch_array($results2)) + $user_ip = $row2["user_ip"]; + + /* Display the start of the mod / admin options */ + echo "
\n" + . " \n" + . " \n"; + + /* Is the user a mod or an admin? */ + if ($is_admin == 0) + $which = "mod"; + else + $which = "admin"; + + /* Display the form */ + echo " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . " \n"; + + /* Check if the value is set */ + if (isset($row["reply_id"])) + echo " \n"; + + /* Keep on truckin' */ + echo " \n" + . " \n" + . " \n" + . " IP: " . $user_ip . "\n" + . "
\n"; + } + + /* Close off the section */ + echo "
\n" + . " $user_name

\n" + . " \n" + . " Total Posts: $total_posts
\n"; + + /* If the user specified their location, then display it */ + if ($user_location != "") { echo " Location: $user_location
\n"; } + + /* Keep going ... */ + echo " \n" + . " 		\n" + . " Posted " . $row["nice_time"] . "\n" + . "
\n" + . " \n" + . " " . $row["reply_body"] . "\n" + . " \n"; + + /* If the user is a mod or an admin, then display the extra options */ + if ( ( $is_moderator != 0 && in_array($forum_id, $moderated_forums) ) || $is_admin != 0 ) + { + /* Pull the user's IP address */ + $SQL = "SELECT user_ip FROM " . TABLE_PREFIX . "replies WHERE reply_id='" . $row["reply_id"] . "';"; + $results2 = ExeSQL($SQL); + + /* Grab the data and load it into a variable */ + while ($row2 = mysql_fetch_array($results2)) + $user_ip = $row2["user_ip"]; + + /* Start displaying the options */ + echo "
\n" + . " \n" + . " \n"; + + /* Is the user an admin or a moderator? */ + if ($is_admin == 0) + $which = "mod"; + else + $which = "admin"; + + /* Display the form */ + echo " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " IP: $user_ip\n" + . "
\n"; + } + + /* Close out the section */ + echo "
\n"; + +?> diff --git a/content/view_threads.php b/content/view_threads.php new file mode 100644 index 0000000..8f09d8c --- /dev/null +++ b/content/view_threads.php @@ -0,0 +1,162 @@ + * + * * + * This script displays the contents for the 'View Threads' page. Don't * + * forget the 12 space indent for all content pages. * + * * + * Last modified : September 13th, 2002 (JJS) * +\******************************************************************************/ + +/* Redirect if this file is called directly */ +$file_name = "view_forums.php"; + +/* Get the negative length of $file_name */ +$file_name_length = -(strlen($file_name)); + +/* Check if the values match, if so, redirect */ +if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name) + header("Location: ../index.php"); + +/* Pull the forum id list from the database */ +$SQL = "SELECT forum_id FROM " . TABLE_PREFIX . "forums;"; +$results = ExeSQL($SQL); + +/* Grab the data and load it into an array */ +while ($row = mysql_fetch_array($results)) + $forum_list[] = $row["forum_id"]; + +/* If the forum doesn't exist, then halt */ +if (!in_array($forum_id, $forum_list)) + { + /* Tell the user what's up */ + echo "
Malformed request detected!

\n"; + require ("./content/view_forums.php"); + return; + } + +/* Start the table */ +echo " \n" + . " \n"; + +/* Pull the forum name from the database */ +$SQL = "SELECT * FROM " . TABLE_PREFIX . "forums WHERE forum_id='$forum_id';"; +$results = ExeSQL($SQL); + +/* Grab the data and display it */ +while ($row = mysql_fetch_array($results)) + echo " \n"; + +/* Count the number of threads for the named forum */ +$SQL = "SELECT COUNT(*) AS any_threads FROM " . TABLE_PREFIX . "threads WHERE forum_id='$forum_id';"; +$results = ExeSQL($SQL); + +/* Grab the data, and load it in a variable */ +while ($row = mysql_fetch_array($results)) + $any_threads = $row["any_threads"]; + +/* If there are threads then display them */ +if ($any_threads != 0) + { + /* Display the Post new thread link */ + echo " \n" + . " \n" + . "
" . BOARD_NAME . " > " . $row["forum_name"]."Post New Thread
\n" + . "
\n"; + + /* Build the HTML table (column headings) */ + echo " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n"; + + /* Pull each thread title and date/time in a nice format in time order */ + $SQL = "SELECT *, DATE_FORMAT(thread_time, '%W, %M %e, %Y %r') AS nice_time, DATE_FORMAT(thread_time, '%Y-%m-%d') AS post_date FROM " . TABLE_PREFIX . "threads WHERE forum_id='$forum_id' ORDER BY thread_time DESC;"; + $results = ExeSQL($SQL); + + /* Grab the data, and display it in the table */ + while ($row = mysql_fetch_array($results)) + { + /* Get the current date */ + $current_date = strftime ("%Y-%m-%d", time()); + + /* Grab the Thread ID and the User ID */ + $thread_id = $row["thread_id"]; + $user_id = $row["user_id"]; + + /* Pull the total number of replies for each thread */ + $SQL = "SELECT COUNT(*) AS total_items FROM " . TABLE_PREFIX . "replies WHERE thread_id='$thread_id';"; + $results2 = ExeSQL($SQL); + + /* Grab the data, and load it in an array */ + while ($row2 = mysql_fetch_array($results2)) + $total_items = $row2["total_items"]; + + /* Grab the total number of threads */ + if ($total_items == "") + $total_replies = "--"; + else + $total_replies = $total_items; + + /* Pull each user name from the database */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';"; + $results2 = ExeSQL($SQL); + + /* Grab the data and load it into an array */ + while ($row2 = mysql_fetch_array($results2)) + $the_user = $row2["user_name"]; + + /* Set which image to show for the thread */ + if ( $row["post_date"] == $current_date && $total_replies >= 25 ) + $which_image = "folder-blue-fire"; + else if ( $row["post_date"] == $current_date ) + $which_image = "folder-blue"; + else if ( $total_replies >= 25 ) + $which_image = "folder-yellow-fire"; + else + $which_image = "folder-yellow"; + + /* Spit out the rest of the HTML */ + echo " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n"; + } + + /* Close off the table, and display the key */ + echo "
ThreadAuthorRepliesPosted on
\n" + . " " . $row["thread_title"] . "\n" + . " \n" + . " " . $the_user . "\n" + . " \n" + . " " . $total_replies . "\n" + . " \n" + . " " . $row["nice_time"] . "\n" + . "
\n" + . "
\n" + . " \n" + . " = Older threads
\n" + . " = Today's threads
\n" + . " = Hot thread with 25+ replies
\n" + . " = Hot thread from today
\n" + . " \n"; + } +else + { + /* If there are no active threads, display this stuff */ + echo " \n" + . " \n" + . "
\n" + . "
\n" + . " There are no active threads in this forum.
\n" + . " Click here if you'd like to post a new thread.\n" + . "
\n"; + } + +?> diff --git a/images/b2.jpg b/images/b2.jpg new file mode 100644 index 0000000..6b748a7 Binary files /dev/null and b/images/b2.jpg differ diff --git a/images/b2.png b/images/b2.png new file mode 100644 index 0000000..e6b9af8 Binary files /dev/null and b/images/b2.png differ diff --git a/images/folder-blue-fire.png b/images/folder-blue-fire.png new file mode 100644 index 0000000..34102f9 Binary files /dev/null and b/images/folder-blue-fire.png differ diff --git a/images/folder-blue.png b/images/folder-blue.png new file mode 100644 index 0000000..ba2a123 Binary files /dev/null and b/images/folder-blue.png differ diff --git a/images/folder-purple.png b/images/folder-purple.png new file mode 100644 index 0000000..b12c991 Binary files /dev/null and b/images/folder-purple.png differ diff --git a/images/folder-red.png b/images/folder-red.png new file mode 100644 index 0000000..e6cfa15 Binary files /dev/null and b/images/folder-red.png differ diff --git a/images/folder-yellow-fire.png b/images/folder-yellow-fire.png new file mode 100644 index 0000000..9926bb4 Binary files /dev/null and b/images/folder-yellow-fire.png differ diff --git a/images/folder-yellow.png b/images/folder-yellow.png new file mode 100644 index 0000000..723ca23 Binary files /dev/null and b/images/folder-yellow.png differ diff --git a/images/index.php b/images/index.php new file mode 100644 index 0000000..4507a7b --- /dev/null +++ b/images/index.php @@ -0,0 +1 @@ + diff --git a/images/title.png b/images/title.png new file mode 100644 index 0000000..f5ff630 Binary files /dev/null and b/images/title.png differ diff --git a/include/include.php b/include/include.php new file mode 100644 index 0000000..8d39270 --- /dev/null +++ b/include/include.php @@ -0,0 +1,431 @@ + * + * * + * This script contains commonly used functions and variables for the site. * + * * + * Last modified : Septemeber 25th, 2002 (JJS) * +\******************************************************************************/ + +/* B Squared Version Number */ +define("VERSION", "0.6.2"); + +/* B Squared Path */ +$b2_path = "./"; + +/* + * return a trimmed value based on the given value + * and length + * + * @author Dean Jones + * @param string $var + * the variable we want to trim + * + * @param int $size + * the length we want to trim the + * varible to + * + * @return string the variable trimmed to the + * length specified in $size + */ + +function +CheckVars($var, $size) +{ + /* Determine the length of $var */ + $length = strlen($var); + + /* If the length is fine, then exit */ + if ($length <= $size) + return; + + /* else, get your loop on! */ + for ( ; $length >= $size; $length--) + $var[$length] = ""; +} + +/* + * + */ + +function +GetVars($varname, $defval=NULL) +{ + if (array_key_exists($varname, $_SERVER)) + $retval = $_SERVER[$varname]; + elseif (array_key_exists($varname, $_COOKIE)) + $retval = $_COOKIE[$varname]; + elseif (array_key_exists($varname, $_POST)) + $retval = $_POST[$varname]; + elseif (array_key_exists($varname, $_GET)) + $retval = $_GET[$varname]; + elseif (array_key_exists($varname, $_ENV)) + $retval = $_ENV[$varname]; + else + $retval = $defval; + + return $retval; +} + +/* + * + */ + +function +ExeSQL($SQL) +{ + $results = @mysql_db_query(DB_NAME, $SQL, CONNECTION); + + if (!$results) + { + if (ADMIN_ERRORS != "yes") + { + NotifyAdmin("mysql_query"); + exit(ERROR); + } + else + exit("There was an error.

MySQL Error: " . mysql_error() . "\n"); + } + + return($results); +} + +/* + * + */ + +function +AttemptLogin( $pid, $logged_in, $login, $username, $password, $is_moderator, $is_admin ) +{ + /* Attempt to log the user in if they request it */ + if ( $_SERVER['REQUEST_METHOD'] == "POST" && $pid == "login" && $username != "" && $password != "" ) + { + /* Check to see if the provided username exists in the database */ + $SQL = "SELECT COUNT(*) AS user_exists FROM " . TABLE_PREFIX . "users WHERE user_name='$username';"; + $results = ExeSQL($SQL); + + /* Grab the data, and analyze it */ + while ($row = mysql_fetch_array($results)) + $user_exists = $row["user_exists"]; + + /* User provided correct username */ + if ($user_exists == 1) + { + /* Check to see if the provided username exists in the database */ + $SQL = "SELECT user_pass FROM " . TABLE_PREFIX . "users WHERE user_name='$username';"; + $results = ExeSQL($SQL); + + /* Grab the data, and analyze it */ + while ($row = mysql_fetch_array($results)) + $existing_pass = $row["user_pass"]; + + $password = crypt($password, $existing_pass); + $the_host = GetVars("HTTP_HOST"); + + if ($password == $existing_pass) + { + /* Set the cookies */ + SetCookie("user_name", $username, time() + 86400, ''); //, $the_host); + SetCookie("user_pass", $password, time() + 86400, ''); //, $the_host); + + $pid = "view_forums"; + $logged_in = 1; + } + else + { + /* Clear the cookies */ + SetCookie("user_name", "", time() - 3600, ''); //, $the_host); + SetCookie("user_pass", "", time() - 3600, ''); //, $the_host); + + $pid = "login"; + $login = "failed"; + $logged_in = 0; + } + + if ($logged_in == 1) + { + /* Pull the user ID for the user */ + $SQL = "SELECT user_id FROM " . TABLE_PREFIX . "users WHERE user_name='$username';"; + $results = ExeSQL($SQL); + + /* Grab the data */ + while ($row = mysql_fetch_array($results)) + $user_id = $row["user_id"]; + + /* Check to see if the user is a moderator */ + $SQL = "SELECT COUNT(*) AS is_moderator FROM " . TABLE_PREFIX . "moderators WHERE user_id='$user_id';"; + $results = ExeSQL($SQL); + + /* Grab the data */ + while ($row = mysql_fetch_array($results)) + $is_moderator = $row["is_moderator"]; + + /* Check to see if the user is an administrator */ + $SQL = "SELECT COUNT(*) AS is_admin FROM " . TABLE_PREFIX . "administrators WHERE user_id='$user_id';"; + $results = ExeSQL($SQL); + + /* Grab the data */ + while ($row = mysql_fetch_array($results)) + $is_admin = $row["is_admin"]; + + /* If user is admin, grant them moderator privileges */ + if ($is_admin != 0) + $is_moderator = $is_admin; + } + } + /* User provided incorrect username */ + else + { + /* Clear the cookies */ + SetCookie("user_name", "", time() - 3600, ''); //, $the_host); + SetCookie("user_pass", "", time() - 3600, ''); //, $the_host); + + $pid = "login"; + $login = "failed"; + $logged_in = 0; + } + } +} + +/* + * + */ + +function +VerifyLogin( $logged_in, $user_id, $is_moderator, $is_admin ) +{ + $user_name = GetVars("user_name"); + $user_pass = GetVars("user_pass"); + + /* Verify the user's integrity */ + if ( $user_name != "" && $user_pass != "" ) + { + /* Check to see if the provided username exists in the database */ + $SQL = "SELECT COUNT(*) AS user_verification FROM " . TABLE_PREFIX . "users WHERE user_name='" . $_COOKIE["user_name"] . "';"; + $results = ExeSQL($SQL); + + /* Grab the data, and analyze it */ + while ($row = mysql_fetch_array($results)) + $user_verification = $row["user_verification"]; + + if ($user_verification == 1) + { + /* Pull the password for the username we just determine existed */ + $SQL = "SELECT user_name, user_pass FROM " . TABLE_PREFIX . "users WHERE user_name='" . $_COOKIE["user_name"] . "';"; + $results = ExeSQL($SQL); + + /* Grab the data, and analyze it */ + while ($row = mysql_fetch_array($results)) + { + $existing_user = $row["user_name"]; + $existing_pass = $row["user_pass"]; + } + + $cookie_pass = urldecode($_COOKIE['user_pass']); + + if ($existing_pass == $cookie_pass) + { + /* Set the cookies */ + SetCookie("user_name", $existing_user, time() + 86400, '', $_SERVER['HTTP_HOST']); + SetCookie("user_pass", $existing_pass, time() + 86400, '', $_SERVER['HTTP_HOST']); + + $pid = "view_forums"; + $logged_in = 1; + } + else + { + /* Clear the cookies */ + SetCookie("user_name", "", time() - 3600, '', $_SERVER['HTTP_HOST']); + SetCookie("user_pass", "", time() - 3600, '', $_SERVER['HTTP_HOST']); + $pid = "login"; + $login = "failed"; + $logged_in = 0; + } + } + else + { + SetCookie("user_name", "", time() - 3600, '', $_SERVER['HTTP_HOST']); + SetCookie("user_pass", "", time() - 3600, '', $_SERVER['HTTP_HOST']); + $logged_in = 0; + } + + $is_moderator = $logged_in; + $is_admin = $logged_in; + + if ($logged_in == 1) + { + /* Pull the user ID for the user */ + $SQL = "SELECT user_id FROM " . TABLE_PREFIX . "users WHERE user_name='" . $_COOKIE["user_name"] . "';"; + $results = ExeSQL($SQL); + + /* Grab the data */ + while ($row = mysql_fetch_array($results)) + $user_id = $row["user_id"]; + + /* Check to see if the user is a moderator */ + $SQL = "SELECT COUNT(*) AS is_moderator FROM " . TABLE_PREFIX . "moderators WHERE user_id='$user_id';"; + $results = ExeSQL($SQL); + + /* Grab the data */ + while ($row = mysql_fetch_array($results)) + $is_moderator = $row["is_moderator"]; + + /* Check to see if the user is an administrator */ + $SQL = "SELECT COUNT(*) AS is_admin FROM " . TABLE_PREFIX . "administrators WHERE user_id='$user_id';"; + $results = ExeSQL($SQL); + + /* Grab the data */ + while ($row = mysql_fetch_array($results)) + $is_admin = $row["is_admin"]; + + /* If user is admin, grant them moderator privileges */ + if ($is_admin != 0) + $is_moderator = $is_admin; + } + else + { + $is_moderator = 0; + $is_admin = 0; + } + } +} + +/* + * + */ + +function +ModAction ( $is_moderator, $mod_action, $forum_id, $thread_id, $reply_id, $user_id, $hack_attempt, $mod_feedback, $show_thread, $show_forum ) +{ + if ( $is_moderator == 0 && $mod_action != "" ) + { + $hack_attempt = "outside"; + return; + } + + if ($mod_action != "") + { + /* Pull the list of forums this user is a moderator for */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "moderators WHERE user_id='$user_id';"; + $results = ExeSQL($SQL); + + /* Grab the data and load it in an array */ + while ($row = mysql_fetch_array($results)) + $moderated_forums[] = $row["forum_id"]; + + if (!in_array($forum_id, $moderated_forums)) + { + $hack_attempt = "inside"; + return; + } + } + + switch ($mod_action) + { + case "Delete Reply": + /* Delete the specified reply */ + $SQL = "DELETE FROM " . TABLE_PREFIX . "replies WHERE reply_id='$reply_id';"; + $results = ExeSQL($SQL); + + $mod_feedback = "The reply has been removed from the board."; + $show_thread = $thread_id; + break; + + case "Delete Entire Thread": + /* Delete the specified thread */ + $SQL = "DELETE FROM " . TABLE_PREFIX . "threads WHERE thread_id='$thread_id';"; + $results = ExeSQL($SQL); + + /* Delete the replies to the specified thread */ + $SQL = "DELETE FROM " . TABLE_PREFIX . "replies WHERE thread_id='$thread_id';"; + $results = ExeSQL($SQL); + + $mod_feedback = "The thread has been removed from the board."; + $show_forum = $forum_id; + break; + + default: + break; + } +} + +/* + * + */ + +function +AdminAction ( $is_admin, $admin_action, $forum_id, $thread_id, $reply_id, $user_id, $hack_attempt, $admin_feedback, $show_thread, $show_forum ) +{ + if ( $is_admin == 0 && $admin_action != "" ) + { + $hack_attempt = "outside"; + return; + } + + switch ($admin_action) + { + case "Delete Reply": + /* Delete the specified reply */ + $SQL = "DELETE FROM " . TABLE_PREFIX . "replies WHERE reply_id='$reply_id';"; + $results = ExeSQL($SQL); + + $mod_feedback = "The reply has been removed from the board."; + $show_thread = $thread_id; + break; + + case "Delete Entire Thread": + /* Delete the specified thread */ + $SQL = "DELETE FROM " . TABLE_PREFIX . "threads WHERE thread_id='$thread_id';"; + $results = ExeSQL($SQL); + + /* Delete the replies to the specified thread */ + $SQL = "DELETE FROM " . TABLE_PREFIX . "replies WHERE thread_id='$thread_id';"; + $results = ExeSQL($SQL); + + $mod_feedback = "The thread has been removed from the board."; + $show_forum = $forum_id; + break; + + default: + break; + } +} + +/* + * + */ + +function +NotifyAdmin($what_error) +{ + /* If the admin notification is on, then run this */ + if (NOTIFY_ADMIN == "yes") + { + switch ($what_error) + { + /* MySQL Query errors */ + case "mysql_connect": + $subject = "[b^2] MySQL Error"; + $body = "There was an error connecting to MySQL, the error is as follows:\n\n" . mysql_error() . ""; + break; + + /* MySQL Query errors */ + case "mysql_query": + $subject = "[b^2] MySQL Error"; + $body = "There was an error executing a MySQL Query, the error is as follows:\n\n" . mysql_error() . ""; + break; + + /* Default case, this should never be the case */ + default: + $subject = "[b^2] Unknown Error"; + $body = "Something fucked up, you should never get this email!!"; + break; + } + + /* Send the email to the admin */ + mail(ADMIN_EMAIL, $subject, $body); + } +} + +?> diff --git a/include/index.php b/include/index.php new file mode 100644 index 0000000..4507a7b --- /dev/null +++ b/include/index.php @@ -0,0 +1 @@ + diff --git a/include/javascript.js b/include/javascript.js new file mode 100644 index 0000000..643a8f0 --- /dev/null +++ b/include/javascript.js @@ -0,0 +1,13 @@ +function +PopUp(url, height, width) +{ + open(url, "pop-up", "height=" + height + ",width=" + width + ",scrollbars=yes"); +} + +function +Confirm(question) +{ + temp = window.confirm(question); + window.status=(temp)?'confirm: true':'confirm: false'; + return(temp); +} diff --git a/include/stylesheet.css b/include/stylesheet.css new file mode 100644 index 0000000..742958d --- /dev/null +++ b/include/stylesheet.css @@ -0,0 +1,25 @@ +A + { + color: #000000; + } + +A:hover + { + text-decoration: none; + } + +INPUT + { + font-family: Verdana; + font-size: 9pt; + } + +.table_header + { + color: #FFFFFF; + } + +.table_header:hover + { + text-decoration: none; + } diff --git a/index.php b/index.php new file mode 100644 index 0000000..df85de9 --- /dev/null +++ b/index.php @@ -0,0 +1,528 @@ + * + * * + * Just like on Mtv's Cribs, this is where the magic happen. This is the * + * only file that will output anything to the user. Huh? Yeah, all the * + * content pages are called from this file and loaded that way, they had been * + * set up to NOT let you call them directly. * + * * + * Last modified : September 24th, 2002 (JJS) * +\******************************************************************************/ + +/* Grab the time the page started loading */ +$start_time = microtime(); + +/* Define the generic error message */ +define("ERROR", "There was a error.

The administrator has been notified, and the problem will be resolved as soon as he/she feels like it!\n"); + +/* Load the include file, and quit if it messes up */ +if (!@include("./include/include.php")) + exit(ERROR); + +/* Check the current state, and proceed to the installer is appropriate */ + +/* Check to see if config.php is present */ +if ( !@include("config.php") ) + { + /* No config? then call the installer! */ + require("install.php"); + exit; + } +/* If config.php is there, then check the installation status */ +else if (INSTALLED != "yes") + { + /* Not installed? then call the installer! */ + require("install.php"); + exit; + } + +/* Enable output buffering, so we can tweak the headers anytime */ +ob_start(); + +/* Check the super globals and pull the values */ +$destination = GetVars("destination"); +$message = GetVars("message"); +$password = GetVars("password"); +$title = GetVars("title"); +$username = GetVars("username"); +$mod_action = GetVars("mod_action"); +$admin_action = GetVars("admin_action"); +$logout = GetVars("logout"); +$pid = GetVars("pid"); +$HTTP_HOST = GetVars("HTTP_HOST"); +$REQUEST_METHOD = GetVars("REQUEST_METHOD"); +$QUERY_STRING = GetVars("QUERY_STRING"); +$forum_id = GetVars("forum_id"); +$thread_id = GetVars("thread_id"); +$reply_id = GetVars("reply_id"); +$preview_scheme = GetVars("preview_scheme"); +$user_name = GetVars("user_name"); + +/* Assign null values to these variables */ +$logged_in = 0; +$login = ""; +$user_id = ""; +$is_moderator = 0; +$is_admin = 0; +$hack_attempt = ""; +$mod_feedback = ""; +$admin_feedback = ""; +$show_thread = ""; +$show_forum = ""; +$scheme_error = ""; +$scheme_feedback = ""; + +/* Parse the variables and trim them to a specified length */ +CheckVars(&$pid, 16); + +/* Connect to the MySQL database */ +define("CONNECTION", @mysql_connect(DB_HOST, DB_USER, DB_PASS)); +if (!CONNECTION) + { + if (ADMIN_ERRORS != "yes") + { + NotifyAdmin("mysql_connect"); + exit(ERROR); + } + else + exit("There was an error.

MySQL Error: " . mysql_error() . "\n"); + } + +/* Pull the general properties from the database */ +$SQL = "SELECT * FROM " . TABLE_PREFIX . "properties;"; +$results = ExeSQL($SQL); + +/* Grab the data and assign the values to constants */ +while ($row = mysql_fetch_array($results)) + { + define("BOARD_NAME", $row["board_name"]); + define("TITLE_IMAGE", $row["title_image"]); + } + +/* Attempt to log the user in, if requested */ +AttemptLogin(&$pid, &$logged_in, &$login, $username, &$password, &$is_moderator, &$is_admin ); + +/* Verify their identity, if they are logged in */ +VerifyLogin( &$logged_in, &$user_id, &$is_moderator, &$is_admin ); + +/* Attempt to perform a moderator action, if requested */ +ModAction( &$is_moderator, &$mod_action, $forum_id, $thread_id, $reply_id, $user_id, &$hack_attempt, &$mod_feedback, &$show_thread, &$show_forum ); + +/* Attempt to perform an admin action, if requested */ +AdminAction( &$is_admin, &$admin_action, $forum_id, $thread_id, $reply_id, $user_id, &$hack_attempt, &$mod_feedback, &$show_thread, &$show_forum ); + +/* Determine if we pull the default scheme, or preview another */ +if ($is_admin != 1) + $SQL = "SELECT * FROM " . TABLE_PREFIX . "schemes WHERE active_scheme='1';"; +else + { + if ($preview_scheme == "") + $SQL = "SELECT * FROM " . TABLE_PREFIX . "schemes WHERE active_scheme='1';"; + else + { + /* Pull the scheme that was requested */ + $SQL = "SELECT COUNT(*) AS scheme_exists FROM " . TABLE_PREFIX . "schemes WHERE scheme_id='$preview_scheme';"; + $results = ExeSQL($SQL); + + /* Grab data and load it in a variable */ + while ($row = mysql_fetch_array($results)) + $scheme_exists = $row["scheme_exists"]; + + /* If the scheme doesn't exist then ... */ + if ($scheme_exists == 0) + { + /* Pull the active scheme anyway! */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "schemes WHERE active_scheme='1';"; + $scheme_error = "The scheme you requested to preview is unknown."; + } + else + { + /* Pull the name of the requested scheme */ + $SQL = "SELECT scheme_name FROM " . TABLE_PREFIX . "schemes WHERE scheme_id='$preview_scheme';"; + $results = ExeSQL($SQL); + + /* Grab the name of the scheme and load it in a variable */ + while ($row = mysql_fetch_array($results)) + $scheme_name = $row["scheme_name"]; + + /* Pull the request scheme's properties */ + $SQL = "SELECT * FROM " . TABLE_PREFIX . "schemes WHERE scheme_id='$preview_scheme';"; + $scheme_feedback = "You are currently previewing the '$scheme_name' scheme."; + } + } + } + +/* Executed the winning scheme query */ +$results = ExeSQL($SQL); + +/* Grab the data and load it into constants */ +while ($row = mysql_fetch_array($results)) + { + define("BACKGROUND_COLOR", $row["background_color"]); + define("TABLE_BORDER_COLOR", $row["table_border_color"]); + define("TABLE_BORDER_SIZE", $row["table_border_size"]); + define("HEADER_BACKGROUND", $row["header_background"]); + define("MENU_BACKGROUND", $row["menu_background"]); + define("TEXT_COLOR", $row["text_color"]); + define("TEXT_FONT", $row["text_font"]); + define("TEXT_SMALL", $row["text_small"]); + define("TEXT_REGULAR", $row["text_regular"]); + define("LINK_COLOR", $row["link_color"]); + define("TABLE_HEADER_BACKGROUND", $row["table_header_background"]); + define("TABLE_HEADER_TEXT_COLOR", $row["table_header_text_color"]); + define("TABLE_COLOR_1", $row["table_color_1"]); + define("TABLE_COLOR_2", $row["table_color_2"]); + define("ERROR_MESSAGE", $row["error_message"]); + } + +/* Attempt to redefine the colors with the defaults (success = there is nothing in the schemes table) */ +define("BACKGROUND_COLOR", "#FFFFFF"); +define("TABLE_BORDER_COLOR", "#000000"); +define("TABLE_BORDER_SIZE", "1"); +define("HEADER_BACKGROUND", "#FFFFFF"); +define("MENU_BACKGROUND", "#EEEEEE"); +define("TEXT_COLOR", "#000000"); +define("TEXT_FONT", "Verdana"); +define("TEXT_SMALL", "10"); +define("TEXT_REGULAR", "12"); +define("LINK_COLOR", "#000000"); +define("TABLE_HEADER_BACKGROUND", "#000000"); +define("TABLE_HEADER_TEXT_COLOR", "#FFFFFF"); +define("TABLE_COLOR_1", "#EEEEEE"); +define("TABLE_COLOR_2", "#CCCCCC"); +define("ERROR_MESSAGE", "#FF0000"); + +/* Log the user out if requested */ +if ($logout == "now") + { + /* Blow out the cookie */ + SetCookie("user_name", "", time() - 3600, ''); //, $HTTP_HOST); + SetCookie("user_pass", "", time() - 3600, ''); //, $HTTP_HOST); + + /* Blow out the variables */ + $logged_in = 0; + $is_admin = 0; + $is_moderator = 0; + } + +/* If the destination is specified, then assign it to the $pid */ +if ($destination != "") + $pid = $destination; + +/* If there's no specified $pid, then default to 'view_forums' */ +if ($pid == "") + $pid = "view_forums"; + +/* If $show_thread isn't 0, then set the $pid and $thread_id */ +if ($show_thread != 0) + { + $pid = "view_replies"; + $thread_id = $show_thread; + } + +/* Same deal as before, except it happens if $show_forum isn't 0 */ +if ($show_forum != 0) + { + $pid = "view_threads"; + $thread_id = $show_forum; + } + +/* Determine which page to load based on the querystring */ +switch ($pid) + { + /* The default page is the 'view forums' page */ + default: + case "view_forums": + $page_title = "View Forums"; + $pid = "view_forums"; + break; + + /* Nothing special */ + case "view_threads": + $page_title = "View Threads"; + break; + + /* Nadda */ + case "view_replies": + $page_title = "View Replies"; + break; + + /* Zippo */ + case "register": + $page_title = "Register"; + break; + + /* Zilch */ + case "login": + $page_title = "Login"; + break; + + /* If the user is trying to post a thread, check if they are logged in */ + case "post_thread": + $page_title = "Post Thread"; + + /* If not, then direct them to the login page */ + if ($logged_in == 0) + { + $destination = $pid; + $pid = "login"; + } + break; + + /* If the user is trying to post a reply, check if they are logged in */ + case "post_reply": + $page_title = "Post Reply"; + + /* If not, then direct them to the login page */ + if ($logged_in == 0) + { + $destination = $pid; + $pid = "login"; + } + break; + + /* If the user is trying to edit a profile, check if they are logged in */ + case "edit_profile": + $page_title = "Edit Profile"; + + /* If not, then direct them to the login page */ + if ($logged_in == 0) + { + $destination = $pid; + $pid = "login"; + } + break; + + /* Do the normal thang */ + case "view_profile": + $page_title = "View Profile"; + break; + + /* These are the admin sections */ + case "forum_admin": + case "user_admin": + case "scheme_admin": + case "general_admin": + + /* If th user isn't logged in, send them there */ + if ($logged_in == 0) + { + $destination = $pid; + $pid = "login"; + } + + /* If the user isn't an admin, assume it's a hack attempt */ + if ($is_admin == 0) + { + $hack_attempt = "outside"; + $pid = "view_forums"; + } + break; + + /* Show the FAQ for the board */ + case "faq": + $page_title = "Frequently Asked Questions"; + $message = $pid; + $pid = "view_message"; + break; + } + +/* Conver the $pid to lower case, and pull that filename */ +$page_file = "./content/" . strtolower($pid) . ".php"; + +/* Display the page header, including CSS stuff */ +echo "\n" + . "\n" + . " \n" + . " " . BOARD_NAME . " [ powered by b^2 " . VERSION . " ]\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n"; + +/* Check if the user is logged in */ +if ($logged_in == 0) + { + /* If not, then display the 'Log In' option */ + $login_status = "Not logged in (Log In)"; + } +else + { + /* If they are logged in, pull the username form the cookie */ + if ($user_name == "") + $username = $username; + else + $username = $user_name; + + /* Tell them they are logged in, and give them the option to log out */ + $login_status = "Logged in as $username (Log Out)"; + } + +/* Display the login status, and start on the menu */ +echo " $login_status\n" + . "
\n" + . "
\n" + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n"; + +/* If not logged in, give the register link */ +if ($logged_in == 0) + { + $show_profile = ""; + $show_register = "Register | "; + } +/* If logged in, then give a link to their profile */ +else + { + $show_profile = "My Profile | "; + $show_register = ""; + } + +/* If the user is an admin, and logged in, display the admin links */ +if ( $is_admin == 1 && $logged_in == 1 ) + $show_admin = "General Admin | Scheme Admin | Forum Admin | User Admin | "; +else + $show_admin = ""; + +/* Display the rest of the menu, and continue to the body of the page */ +echo "  $show_profile$show_register$show_admin FAQ
\n" + . "
\n" + . " \n" + . "
\n" + . "
\n" + . " \n"; + +/* If there is a scheme error, then show it! */ +if ($scheme_error != "") + echo "
$scheme_error

\n"; + +/* If there's scheme feedback, then show it */ +if ($scheme_feedback != "") + echo "
$scheme_feedback

\n"; + +/* If there's a malformed request to the moderator tools, then error out */ +if ($hack_attempt == "outside") + echo "
Malformed request detected!

\n"; +else if ($hack_attempt == "inside") + echo "
Sorry, but your moderator privileges don't extend to this particular forum.

\n"; + +/* If a moderator tool have been executed, give feedback on it, positive or negative */ +if ($mod_feedback != "") + echo "
$mod_feedback

\n"; + +/* Load the content for the page that was requested */ +require($page_file); + +/* It's all downhill from here ... */ +echo " \n" + . "
\n" + . " Powered by b^2 " . VERSION . "
\n"; + +/* Grab the current time, and figure the difference */ +$load_time = round((microtime() - $start_time), 5); + +/* If it's negative, then strip off the '-' */ +if (substr($load_time, 0, 1) == "-") + $load_time = substr($load_time, 1); + +echo " [ Page rendered in $load_time seconds ]\n" + . "
\n" + . " \n" + . "\n"; + +/* Close the MySQL connection like a good code monkey! */ +mysql_close(CONNECTION); + +/* Display the buffer, and stop buffering */ +ob_end_flush(); + +?> diff --git a/install.php b/install.php new file mode 100644 index 0000000..7f0e060 --- /dev/null +++ b/install.php @@ -0,0 +1,525 @@ + * + * * + * This script is for [re]installing b^2 on your server. It cannot be called * + * directly, for security purposes, what you will need to do is delete the * + * config.php file, or set the global variable of INSTALLED to 'no'. The * + * installer will prompt you for information, and build your database, and * + * configuration files. I recommend giving this file write access, if not, * + * you will need to upload the config.php file that is generated to the root * + * directory (the directory that this file is in). * + * * + * Last modified : September 25th, 2002 (JJS) * +\******************************************************************************/ + +/* Load up the language file for the installer */ +require("./language/installer.php"); + +/* This will make sure kid's don't play around with this file */ +$file_name = "install.php"; + +/* Get the negative length of $file_name */ +$file_name_length = -(strlen($file_name)); + +/* Check if the values match, if so, redirect */ +if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name) + header("Location: ../index.php"); + +/* Turn off dummy error messages */ +define("ADMIN_ERRORS", "yes"); + +/* Set the step to NULL */ +$step = ""; + +/* Grab the REQUEST_METHOD */ +$REQUEST_METHOD = $_SERVER['REQUEST_METHOD']; + +/* If the form was POSTed then ... */ +if ( $REQUEST_METHOD == "POST" ) + { + /* Define constants for the MySQL variables */ + define("DB_USER", $_POST['db_user']); + define("DB_PASS", $_POST['db_pass']); + define("DB_NAME", $_POST['db_name']); + define("DB_HOST", $_POST['db_host']); + + $table_prefix = $_POST['table_prefix']; + + /* Grab the step number */ + $step = $_POST['step']; + + /* Grab the rest of the variables from the super global, assuming it's step 3 */ + if ($step != 3) + { + $board_name = $_POST['board_name']; + $title_image = $_POST['title_image']; + + $admin_user = $_POST['admin_user']; + $admin_pass = $_POST['admin_pass']; + $admin_pass2 = $_POST['admin_pass2']; + $admin_email = $_POST['admin_email']; + + $forum_name = $_POST['forum_name']; + $forum_desc = $_POST['forum_desc']; + } + + /* Define the contents of the config.php file */ + $config_file = " * + * * + * This script is generated by b^2 upon installing the sofware. It is * + * recommended that you don't edit the file, but if you must, you must. If * + * you wish to perform a clean install, either delete this file, or set the * + * global variable 'INSTALLED' to equal 'no'. * + * * + * Last modified : September 25th, 2002 (JJS) * +\******************************************************************************/ + +/* Installation status */ +define(\"INSTALLED\", \"yes\"); + +if (INSTALLED == \"yes\") + { + /* Variables used by MySQL */ + define(\"DB_USER\", \"" . DB_USER . "\"); + define(\"DB_PASS\", \"" . DB_PASS . "\"); + define(\"DB_NAME\", \"" . DB_NAME . "\"); + define(\"DB_HOST\", \"" . DB_HOST . "\"); + + /* Prefix for the tables in the database */ + define(\"TABLE_PREFIX\", \"" . $table_prefix . "\"); + + /* Toggle dummy error messages */ + define(\"ADMIN_ERRORS\", \"no\"); + + /* Notify admin on error? */ + define(\"NOTIFY_ADMIN\", \"yes\"); + + /* Administrator's email addy */ + define(\"ADMIN_EMAIL\", \"" . $admin_email . "\"); + + /* Define the language pack to use */ + define(\"LANGUAGE\", \"English\"); + } + +?>"; + } + +/* Jump to the right step */ +switch ($step) + { + /* Default / step 1, display the form for the installer */ + default: + case 1: + /* Show the HTML header */ + ShowHeader(); + + echo " \n" + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
" . GENERAL . ":
" . BOARD_NAME . ":
" . TITLE_IMAGE . ":

" . MYSQL . ":
" . USERNAME . ":
" . PASSWORD . ":
" . DATABASE . ":
" . HOSTNAME . ":
" . TABLE_PREFIX . ":

" . ADMIN . ":
" . USERNAME . ":
" . PASSWORD . ":
" . CONFIRM_PASSWORD . ":
" . EMAIL . ":

" . FORUM . ":
" . NAME . ":
" . DESC . ":

\n" + . " \n" + . "
\n"; + + /* Show the HTML Footer */ + ShowFooter(); + + break; + + /* Now the user put the info in, why don't we check the MySQL variables to make sure it works? */ + case 2: + /* Show the HTML header */ + ShowHeader(); + + /* Connect to the MySQL database */ + define("CONNECTION", @mysql_connect(DB_HOST, DB_USER, DB_PASS)); + + /* If it connects, then proceed to doing the install, if not, tell the user */ + if (!CONNECTION) + exit("
There was a problem connecting to MySQL.

Previous Page
\n"); + else + { + /* Create the 'forums' table */ + $SQL = "create table " . $table_prefix . "forums + ( + forum_id int(10) not null auto_increment, + forum_order int(10) null, + forum_name varchar(64) not null, + forum_desc varchar(255) not null, + primary key(forum_id) + );"; + $results = ExeSQL($SQL); + + /* Create the 'threads' table */ + $SQL = "create table " . $table_prefix . "threads + ( + thread_id int(10) not null auto_increment, + thread_title varchar(64) not null, + thread_body text not null, + thread_time timestamp(14) not null, + user_id int(10) not null, + user_ip varchar(15) not null, + forum_id int(10) not null, + primary key(thread_id) + );"; + $results = ExeSQL($SQL); + + /* Create the 'users' table */ + $SQL = "create table " . $table_prefix . "users + ( + user_id int(10) not null auto_increment, + user_name varchar(64) not null, + user_email varchar(128) not null, + user_pass varchar(64) not null, + user_location varchar(128) null, + user_occupation varchar(64) null, + user_homepage varchar(128) null, + user_picture varchar(128) null, + user_interests varchar(255) null, + user_aim varchar(16) null, + user_icq varchar(16) null, + user_yahoo varchar(32) null, + user_signature varchar(255) null, + user_usesig int(1) null default '0', + primary key(user_id) + );"; + $results = ExeSQL($SQL); + + /* Create the 'replies' table */ + $SQL = "create table " . $table_prefix . "replies + ( + reply_id int(10) not null auto_increment, + reply_body text not null, + reply_time timestamp(14) not null, + user_id int(10) not null, + user_ip varchar(15) not null, + thread_id int(10) not null, + forum_id int(10) not null, + primary key(reply_id) + );"; + $results = ExeSQL($SQL); + + /* Create the 'moderators' table */ + $SQL = "create table " . $table_prefix . "moderators + ( + moderator_id int(10) not null auto_increment, + user_id int(10) not null, + forum_id int(10) not null, + primary key(moderator_id) + );"; + $results = ExeSQL($SQL); + + /* Create the 'administrators' table */ + $SQL = "create table " . $table_prefix . "administrators + ( + admin_id int(10) not null auto_increment, + user_id int(10) not null, + primary key(admin_id) + );"; + $results = ExeSQL($SQL); + + /* Create the 'schemes' table */ + $SQL = "create table " . $table_prefix . "schemes + ( + scheme_id int(10) not null auto_increment, + scheme_name varchar(64) not null, + scheme_desc varchar(255) not null default 'No description provided.', + background_color varchar(7) not null default '#FFFFFF', + table_border_color varchar(7) not null default '#000000', + table_border_size int(1) not null default '1', + header_background varchar(7) not null default '#FFFFFF', + menu_background varchar(7) not null default '#EEEEEE', + text_color varchar(7) not null default '#000000', + text_font varchar(64) not null default 'Verdana', + text_small int(2) not null default '10', + text_regular int(2) not null default '12', + link_color varchar(7) not null default '#000000', + table_header_background varchar(7) not null default '#000000', + table_header_text_color varchar(7) not null default '#FFFFFF', + table_color_1 varchar(7) not null default '#EEEEEE', + table_color_2 varchar(7) not null default '#CCCCCC', + error_message varchar(7) not null default '#FF0000', + active_scheme varchar(1) not null default '0', + primary key(scheme_id) + );"; + $results = ExeSQL($SQL); + + /* Create the 'properties' table */ + $SQL = "create table " . $table_prefix . "properties + ( + board_name varchar(64) not null default 'Forums', + title_image varchar(128) not null default './images/title.png' + );"; + $results = ExeSQL($SQL); + + /* Insert the default schemes into the database */ + $SQL = "INSERT INTO " . $table_prefix . "schemes VALUES (1,'default','Default scheme for b^2. This scheme was the original color scheme used when developing the software.','#FFFFFF','#000000',1,'#FFFFFF','#EEEEEE','#000000','Verdana',10,12,'#000000','#000000','#FFFFFF','#EEEEEE','#CCCCCC','#FF0000','1'),(2,'freshmeat','This scheme is a rip off of the baby blue color scheme that Freshmeat.net uses on their site.','#FFFFFF','#6F6F6F',1,'#FFFFFF','#DDDDDD','#000000','Verdana, Tahoma, Arial, Helvetica',12,14,'#3366CC','#BBDDFF','#000000','#FFFFFF','#EEEEEE','#FF0000','');"; + $results = ExeSQL($SQL); + + /* Insert the inital forum into the table */ + $SQL = "INSERT INTO " . $table_prefix . "forums (forum_order, forum_name, forum_desc) VALUES ('0', '$forum_name', '$forum_desc');"; + $results = ExeSQL($SQL); + + /* If no title image was specified, then use the default */ + if ($title_image == "") + $title_image = "./images/title.png"; + + /* Insert the properties into the table */ + $SQL = "INSERT INTO " . $table_prefix . "properties (board_name, title_image) VALUES ('$board_name', '$title_image');"; + $results = ExeSQL($SQL); + + /* Crypt the admin password to a random salt */ + $admin_pass = crypt($admin_pass); + + /* Insert the administrator user account into the table */ + $SQL = "INSERT INTO " . $table_prefix . "users (user_name, user_pass, user_email) VALUES ('$admin_user', '$admin_pass', '$admin_email');"; + $results = ExeSQL($SQL); + + /* Insert the user as an administrator */ + $SQL = "INSERT INTO " . $table_prefix . "administrators (user_id) VALUES ('1');"; + $results = ExeSQL($SQL); + + /* If the file exists, then rename it */ + if (file_exists("config.php")) + @rename ("config.php", "config.php.bak"); + + /* Open the file to write to it, display any problems */ + if (!$fp = @fopen("config.php", "w")) + ShowConfigProblem(); + else + { + /* If we can't write to it, then display an error */ + if (!fwrite($fp, $config_file)) + ShowConfigProblem(); + else + fclose($fp); + + /* Yay b^2 installed correctly!! */ + echo "
b^2 " . VERSION . " has successfully been installed, click here to view your new board.
\n"; + } + + ShowFooter(); + } + + /* It's probably a good time to close the database connection */ + mysql_close(CONNECTION); + + break; + + /* This is where we output the config.php if the user was wack and didn't chmod 777 the directory */ + case 3: + header("Content-Type: text/x-delimtext; name=\"config.php\""); + header("Content-disposition: attachment; filename=config.php"); + echo $config_file; + exit(); + break; + } + +/* + * This is the HTML header for the page ... + */ + +function +ShowHeader() +{ + echo "\n" + . " \n" + . " " . INSTALL_TITLE . "\n" + . " \n" + . " \n" + . " \n" + . "

" . INSTALL_TITLE . "

\n"; +} + +/* + * ... and this is the HTML footer + */ + +function +ShowFooter() +{ + echo " \n" + . ""; +} + +/* + * Show any problems with the config file. + */ + +function +ShowConfigProblem() +{ + echo " Installation is complete, well almost ;) Seems that the installation script wasn't able to write the 'config.php' file to your system (you didn't remember to chmod 777 the directory, did you?) No big deal, If you click the button below, you'll be able to download the file to your local system. From there, you'll want to upload that bad boy to your server, and place it in the b^2 directory. You will need to upload the 'config.php' file to the directory that b^2 was placed in." + . "
\n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . " \n" + . "
\n" + . "
\n"; +} + +?> diff --git a/language/faq.php b/language/faq.php new file mode 100644 index 0000000..61c8e8f --- /dev/null +++ b/language/faq.php @@ -0,0 +1,25 @@ + * + * * + * Blah blah blah blah * + * * + * Last modified : September 24th, 2002 (JJS) * +\******************************************************************************/ + +/* FAQ Name / Title */ +$FAQ_title = "Frequently Asked Questions"; + +/* Frequently Asked Questions */ +$FAQ = "This is where you'd put in your custom FAQ for visitors to access. If " + . "you are an administrator for this board, you can edit this message by " + . "editting the 'faq.php' file, located in the languages directory."; + +/*************** FYI, you shouldn't need to edit below here ... ***************/ + +/* Define all the stuff as constants, so I can work with it */ +define("FAQ_TITLE", $FAQ_title); +define("FREQUENTLY_ASKED_QUESTIONS", $FAQ); + +?> diff --git a/language/installer.php b/language/installer.php new file mode 100644 index 0000000..fa29169 --- /dev/null +++ b/language/installer.php @@ -0,0 +1,59 @@ + * + * * + * Blah blah blah blah * + * * + * Last modified : September 17th, 2002 (JJS) * +\******************************************************************************/ + +/* Installation page title */ +$title = "b^2 " . VERSION . " Installer"; + +/* Section headings */ +$general = "General Properties"; +$mysql = "MySQL Properties"; +$admin = "Admin Account"; +$forum = "Initial Forum"; + +/* Section field names */ +$board_name = "Board Name"; +$title_image = "Title Image"; +$username = "Username"; +$password = "Password"; +$database = "Database"; +$hostname = "Hostname"; +$table_prefix = "Table Prefix"; +$confirm_pass = "Confirm Password"; +$email = "Email"; +$name = "Name"; +$description = "Description"; +$forum_name = "General Discussion"; +$forum_desc = "This forum is for general discussion"; +$install_button = "Install b^2 " . VERSION; + +/*************** FYI, you shouldn't need to edit below here ... ***************/ + +/* Define all the stuff as constants, so I can work with it */ +define("INSTALL_TITLE", $title); +define("GENERAL", $general); +define("MYSQL", $mysql); +define("ADMIN", $admin); +define("FORUM", $forum); +define("BOARD_NAME", $board_name); +define("TITLE_IMAGE", $title_image); +define("USERNAME", $username); +define("PASSWORD", $password); +define("DATABASE", $database); +define("HOSTNAME", $hostname); +define("TABLE_PREFIX", $table_prefix); +define("CONFIRM_PASSWORD", $confirm_pass); +define("EMAIL", $email); +define("NAME", $name); +define("DESC", $description); +define("FORUM_NAME", $forum_name); +define("FORUM_DESC", $forum_desc); +define("INSTALL_BUTTON", $install_button); + +?> diff --git a/language/tos.php b/language/tos.php new file mode 100644 index 0000000..5742799 --- /dev/null +++ b/language/tos.php @@ -0,0 +1,70 @@ + * + * * + * Blah blah blah blah * + * * + * Last modified : September 24th, 2002 (JJS) * +\******************************************************************************/ + +/* Terms of Service */ +$TOS = "Considering the real-time nature of this bulletin board, it is " + . "impossible for us to review all of the messages or confirm the " + . "validity of information posted. Please remember that we do not " + . "actively monitor the contents of this bulletin board and are not " + . "responsible for any messages posted. We do not vouch for or warrant " + . "the accuracy, completeness or usefulness of any message, and are not " + . "responsible for the contents of any message. The messages express the " + . "views of the author of the message, not necessarily the views of this " + . "bulletin board. Any user who feels that a posted message is " + . "objectionable is encouraged to contact us immediately by email. We " + . "have the ability to remove objectionable messages andConsidering the " + . "real-time nature of this bulletin board, it is impossible for us to " + . "review all of the messages or confirm the validity of information " + . "posted. Please remember that we do not actively monitor the contents " + . "of this bulletin board and are not responsible for any messages " + . "posted. We do not vouch for or warrant the accuracy, completeness " + . "or usefulness of any message, and are not responsible for the contents " + . "of any message. The messages express the views of the author of the " + . "message, not necessarily the views of this bulletin board. Any user " + . "who feels that a posted message is objectionable is encouraged to " + . "contact us immediately by email. We have the ability to remove " + . "objectionable messages and we will make every effort to do so, within " + . "a reasonable time frame, if we determine that removal is necessary. " + . "This is a manual process, however, so please realize that we may not " + . "be able to remove or edit particular messages immediately." + . "

" + . "You agree, through your use of this service, that you will not use " + . "this bulletin board to post any material which is knowingly false " + . "and/or defamatory, inaccurate, abusive, vulgar, hateful, harassing, " + . "obscene, profane, sexually oriented, threatening, invasive of a " + . "person's privacy, or otherwise violative of any law. You agree not to " + . "post any copyrighted material unless the copyright is owned by you or " + . "by this bulletin board." + . "

" + . "Although we do not and cannot review the messages posted and are not " + . "responsible for the content of any of these messages, we reserve the " + . "right to delete any message for any or no reason whatsoever. You " + . "remain solely responsible for the content of your messages, and you " + . "agree to indemnify and hold harmless this bulletin board (and any " + . "owners of this bulletin board) and their agents with respect to any " + . "claim based upon transmission of your message(s)." + . "

" + . "We also reserve the right to reveal your identity (or whatever " + . "information we know about you) in the event of a complaint or legal " + . "action arising from any message posted by you." + . "

" + . "Please note that advertisements, chain letters, pyramid schemes, and " + . "solicitations are inappropriate on this bulletin board. We will make " + . "every effort to remove such posts, within a reasonable time frame, if " + . "we determine that removal is necessary. This is a manual process, " + . "however, so please realize that we may not be able to remove or edit " + . "such messages immediately."; + +/*************** FYI, you shouldn't need to edit below here ... ***************/ + +/* Define all the stuff as constants, so I can work with it */ +define("TERMS_OF_SERVICE", $TOS); + +?>