joshtronic/b2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added version 0.6.3 to the repository

Browse source
This commit is contained in:
Josh Sherman 2010-02-14 11:40:14 -05:00
commit 80b07ae41e
42 changed files with 7550 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

619
content/edit_profile.php Normal file
View file

@ -0,0 +1,619 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'Edit Profile' page. Don't *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 25th, 2002 (JJS) *
\******************************************************************************/
/* Make sure no one is calling this file directly */
$file_name = "edit_profile.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Grab the veriables submitted by the form */
$email = GetVars("email");
$old_email = GetVars("old_email");
$location = GetVars("location");
$occupation = GetVars("occupation");
$homepage = GetVars("homepage");
$picture = GetVars("picture");
$interests = GetVars("interests");
$aim = GetVars("aim");
$icq = GetVars("icq");
$yahoo = GetVars("yahoo");
$signature = GetVars("signature");
$include_sig = GetVars("include_sig");
$action = GetVars("action");
$step = GetVars("step");
/* Parse any user input */
CheckVars(&$step, 1);
CheckVars(&$username, 64);
CheckVars(&$password, 64);
CheckVars(&$confirm_password, 64);
CheckVars(&$email, 128);
CheckVars(&$old_email, 128);
CheckVars(&$location, 128);
CheckVars(&$occupation, 64);
CheckVars(&$homepage, 128);
CheckVars(&$picture, 128);
CheckVars(&$interests, 255);
CheckVars(&$aim, 16);
CheckVars(&$icq, 16);
CheckVars(&$yahoo, 32);
CheckVars(&$signature, 255);
CheckVars(&$include_sig, 1);
/* Check that the user isn't trying to mess with the $step variable */
if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 && $step != 4 ) )
$step = 1;
/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */
if ( ( ( $username == "" || $email == "" ) && ( $step == 3 || $step == 4 ) ) ||
( ( ( $step == 1 && ( $QUERY_STRING != "pid=edit_profile" && $QUERY_STRING != "pid=login" ) ) ) ||
( $step == 2 && $QUERY_STRING != "pid=edit_profile" ) ||
( $step == 3 && $QUERY_STRING != "pid=edit_profile&step=3" ) ||
( $step == 4 && $QUERY_STRING != "pid=edit_profile" ) ) ||
( ( $step != 1 && $step != 2 ) &&
( strlen(trim($username)) == 0 || strlen(trim($email)) == 0 ) ) )
{
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
$step = 1;
}
/* On step 3 we have two choices, determine which step to go to based on the button the user clicks on */
if ($action == "Edit Profile")
$step = 2;
else if ($action == "Submit Profile")
$step = 4;
/* Parse some of the variables to ensure accurate values */
if ( $step == 2 && $homepage == "" )
$homepage = "http://";
if ( $step == 2 && $picture == "" )
$picture = "http://";
/* Strip out html and slashes on step 2 */
if ($step == 2)
{
$username = stripslashes(strip_tags($username));
$password = stripslashes(strip_tags($password));
$email = stripslashes(strip_tags($email));
$location = stripslashes(strip_tags($location));
$occupation = stripslashes(strip_tags($occupation));
$homepage = stripslashes(strip_tags($homepage));
$picture = stripslashes(strip_tags($picture));
$interests = stripslashes(strip_tags($interests));
$aim = stripslashes(strip_tags($aim));
$icq = stripslashes(strip_tags($icq));
$yahoo = stripslashes(strip_tags($yahoo));
$signature = stripslashes(strip_tags($signature));
}
/* Step 3 too ... */
if ($step == 3)
{
$username = stripslashes(strip_tags($username));
$password = stripslashes(strip_tags($password));
$email = stripslashes(strip_tags($email));
$location = stripslashes(strip_tags($location));
$occupation = stripslashes(htmlspecialchars($occupation));
$homepage = stripslashes(strip_tags($homepage));
$picture = stripslashes(strip_tags($picture));
$interests = stripslashes(strip_tags($interests));
$aim = stripslashes(strip_tags($aim));
$icq = stripslashes(strip_tags($icq));
$yahoo = stripslashes(strip_tags($yahoo));
/* Allowing CRs creates issues, this code should resolve them :) */
$signature = stripslashes(htmlspecialchars($signature));
$signature = nl2br($signature);
$signature = str_replace("<br />", "<BR>", $signature);
}
/* On step 4, clean up the signature */
if ($step == 4)
{
$occupation = htmlspecialchars($occupation);
$signature = htmlspecialchars($signature);
$signature = str_replace("&lt;BR&gt;", "<BR>", $signature);
}
/* Display the current step */
switch ($step)
{
/* Display the current profile */
default:
case 1:
/* Pull the number of accounts with the same username */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_name='$username';";
$results = ExeSQL($SQL);
/* Grab the data and assign it to variables */
while ($row = mysql_fetch_array($results))
{
$username = $row["user_name"];
$password = "";
$email = $row["user_email"];
$location = $row["user_location"];
$occupation = $row["user_occupation"];
$homepage = $row["user_homepage"];
$picture = $row["user_picture"];
$interests = $row["user_interests"];
$aim = $row["user_aim"];
$icq = $row["user_icq"];
$yahoo = $row["user_yahoo"];
$signature = $row["user_signature"];
$include_sig = $row["user_usesig"];
}
/* Display the HTML for the beginning of the form and table */
echo " <FORM action=\"?pid=edit_profile\" method=\"POST\" name=\"profile\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">$username's Profile</TD>\n"
. " </TR>\n";
/* Assign the active color to the inactive value */
$the_color = TABLE_COLOR_2;
/* Preview the mandatory fields ... */
PreviewSection ( $password, "Password", &$the_color );
PreviewSection ( $email, "Email", &$the_color );
/* ... and the optional ones */
if ( $location != "" )
PreviewSection( $location, "Location", &$the_color );
if ( $occupation != "" )
PreviewSection( $occupation, "Occupation", &$the_color );
if ( $homepage != "" && $homepage != "http://" )
PreviewSection( $homepage, "Homepage", &$the_color );
if ( $picture != "" && $picture != "http://" )
PreviewSection ( $picture, "Picture", &$the_color );
if ( $interests != "" )
PreviewSection ( $interests, "Interests", &$the_color );
if ( $aim != "" )
PreviewSection ( $aim, "AOL Instant Messenger", &$the_color );
if ( $icq != "" )
PreviewSection ( $icq, "ICQ", &$the_color );
if ( $yahoo != "" )
PreviewSection ( $yahoo, "Yahoo Pager", &$the_color );
/* The signature is a different kind of field, so we handle it differently */
if ( $signature != "" )
{
/* Change to the other color */
if ($the_color == TABLE_COLOR_1)
$the_color = TABLE_COLOR_2;
else
$the_color = TABLE_COLOR_1;
/* Determine if the user is including the signature or not */
if ($include_sig == 1)
$show_include = "You have chosen to include this signature on new posts.";
else
$show_include = "You have chosen to not include this signature on new posts.";
/* Display the signature section of the form */
echo " <TR bgcolor=\"$the_color\">\n"
. " <TD width=\"25%\" valign=\"top\" class=\"regular_text\"><B>Signature:</B></TD>\n"
. " <TD width=\"50%\" class=\"regular_text\">\n"
. " $signature<BR><BR>\n"
. " <I>$show_include</I>\n"
. " <INPUT type=\"hidden\" name=\"signature\" value=\"$signature\">\n"
. " <INPUT type=\"hidden\" name=\"include_sig\" value=\"$include_sig\">\n"
. " </TD>\n"
. " </TR>\n";
}
/* Finish off the HTML */
echo " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"old_email\" value=\"$email\">\n"
. " <CENTER><BR><INPUT type=\"submit\" value=\"Edit Profile\" name=\"action\"></CENTER>\n"
. " </FORM>\n";
break;
/* Display the form for the user to fill out */
case 2:
ShowProfileForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig );
break;
/* Display the info the user supplied and prompt them to continue or edit */
case 3:
/* Display the HTML */
echo " <FORM action=\"?pid=edit_profile\" method=\"POST\" name=\"profile\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">Profile Preview</TD>\n"
. " </TR>\n";
/* Assign second color as the active one */
$the_color = TABLE_COLOR_2;
/* Preview the mandatory sections */
PreviewSection ( $username, "Username", &$the_color );
PreviewSection ( $password, "Password", &$the_color );
PreviewSection ( $email, "Email", &$the_color );
/* Along with the optional sections */
if ( $location != "" )
PreviewSection( $location, "Location", &$the_color );
if ( $occupation != "" )
PreviewSection( $occupation, "Occupation", &$the_color );
if ( $homepage != "" && $homepage != "http://" )
PreviewSection( $homepage, "Homepage", &$the_color );
if ( $picture != "" && $picture != "http://" )
PreviewSection ( $picture, "Picture", &$the_color );
if ( $interests != "" )
PreviewSection ( $interests, "Interests", &$the_color );
if ( $aim != "" )
PreviewSection ( $aim, "AOL Instant Messenger", &$the_color );
if ( $icq != "" )
PreviewSection ( $icq, "ICQ", &$the_color );
if ( $yahoo != "" )
PreviewSection ( $yahoo, "Yahoo Pager", &$the_color );
/* The signature is a more complex section, hence more code */
if ( $signature != "" )
{
/* Swap out the colors */
if ($the_color == TABLE_COLOR_1)
$the_color = TABLE_COLOR_2;
else
$the_color = TABLE_COLOR_1;
/* Determine is the user is including the signatures or not */
if ($include_sig == 1)
$show_include = "You have chosen to include this signature on new posts.";
else
$show_include = "You have chosen to not include this signature on new posts.";
/* Display the HTML for the signautre section */
echo " <TR bgcolor=\"$the_color\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Signature:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $signature<BR><BR>\n"
. " <I>$show_include</I>\n"
. " <INPUT type=\"hidden\" name=\"signature\" value=\"$signature\">\n"
. " <INPUT type=\"hidden\" name=\"include_sig\" value=\"$include_sig\">\n"
. " </TD>\n"
. " </TR>\n";
}
/* And close off the page */
echo " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"old_email\" value=\"$old_email\">\n"
. " <CENTER>\n"
. " <BR>\n"
. " <INPUT type=\"Submit\" value=\"Edit Profile\" name=\"action\">\n"
. " &nbsp;\n"
. " <INPUT type=\"Submit\" value=\"Submit Profile\" name=\"action\">\n"
. " </CENTER>\n"
. " </FORM>\n";
break;
/* Check the user's input, add the user to the database, and display the results */
case 4:
/* If the page was POSTed to, then continue */
if ( $REQUEST_METHOD == "POST" )
{
/* Start off with 0 errors */
$no_err = 0;
/* If the new and old email's don't match then ... */
if ($email != $old_email)
{
/* ... then pull the number of email's that match */
$SQL = "SELECT COUNT(*) as email_exists FROM " . TABLE_PREFIX . "users WHERE user_email='$email';";
$results = ExeSQL($SQL);
/* Grab the data */
while ($row = mysql_fetch_array($results))
{
/* If there are accounts with the same email ... */
if ($row["email_exists"] != 0)
{
/* ... then let the user know */
echo " <CENTER class=\"error_message\"><B>Someone has already registered using that email address!</B></FONT></CENTER><BR>\n";
$no_err++;
}
}
}
/* No errors means we continue with out plans */
if ($no_err == 0)
{
/* Clear out the URL variables if they still contain 'http://' */
if ($homepage == "http://") { $homepage = ""; }
if ($picture == "http://") { $picture = ""; }
/* Crypt the password to a random salt */
if ($password != "")
$password = crypt($password);
/* If it doesn't equal 1, then set it equal to 0 */
if ($include_sig != 1)
$include_sig = 0;
/* If the password is blank, then don't update the password, if it isn't then do it! */
if ($password != "")
$SQL = "UPDATE " . TABLE_PREFIX . "users SET user_email='$email', user_pass='$password', user_location='$location', user_occupation='$occupation', user_homepage='$homepage', user_picture='$picture', user_interests='$interests', user_aim='$aim', user_icq='$icq', user_yahoo='$yahoo', user_signature='$signature', user_usesig='$include_sig' WHERE user_name='$username';";
else
$SQL = "UPDATE " . TABLE_PREFIX . "users SET user_email='$email', user_location='$location', user_occupation='$occupation', user_homepage='$homepage', user_picture='$picture', user_interests='$interests', user_aim='$aim', user_icq='$icq', user_yahoo='$yahoo', user_signature='$signature', user_usesig='$include_sig' WHERE user_name='$username';";
/* Execute the SQL query */
$results = ExeSQL($SQL);
/* Log the user in with their new password if they set one */
if ($password != "")
{
SetCookie("user_name", $username, time() + 86400, '', $_SERVER['HTTP_HOST']);
SetCookie("user_pass", $password, time() + 86400, '', $_SERVER['HTTP_HOST']);
}
/* Set the logged in variable to active */
$logged_in = 1;
/* Let the user know everything is cool */
echo " <CENTER class=\"normal_message\">\n"
. " Your profile has been updated!<BR>\n"
. " </CENTER>\n"
. " <BR>\n";
/* Display the forum list */
require("./content/view_forums.php");
return;
}
else
{
/* If there's an error, then display the form again */
ShowProfileForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig );
}
}
else
{
/* This means someone way trying to feed the script false info, just let them know and show the form again */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR><BR>\n";
ShowProfileForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig );
}
break;
}
/*
*
*/
function
ShowProfileForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig )
{
echo " <SCRIPT language=\"JavaScript\">\n";
echo " function\n";
echo " CheckForm()\n";
echo " {\n";
echo " if (document.profile.password.value != document.profile.confirm_password.value)\n";
echo " {\n";
echo " alert('The \'Password\' and \'Confirm Password\' fields must be the same!');\n";
echo " document.profile.password.focus();\n";
echo " document.profile.password.select();\n";
echo " return false;\n";
echo " }\n";
echo " if ( document.profile.password.value.length < 6 && document.profile.password.value != '' )\n";
echo " {\n";
echo " alert('The \'Password\' field must be at least 6 characters!');\n";
echo " document.profile.password.focus();\n";
echo " document.profile.password.select();\n";
echo " return false;\n";
echo " }\n";
echo " if (document.profile.email.value == '')\n";
echo " {\n";
echo " alert('The \'Email\' field is mandatory!');\n";
echo " document.profile.email.focus();\n";
echo " return false;\n";
echo " }\n";
echo " if (!ValidateEmail(document.profile.email.value))\n";
echo " {\n";
echo " alert('You must supply a valid email address.');\n";
echo " document.profile.email.focus();\n";
echo " document.profile.email.select();\n";
echo " return false;\n";
echo " }\n";
echo " if (document.profile.signature.value.length > 255)\n";
echo " {\n";
echo " alert('The \'Signature\' field cannot exceed 255 characters!');\n";
echo " document.profile.signature.focus();\n";
echo " document.profile.signature.select();\n";
echo " return false;\n";
echo " }\n";
echo " return true;\n";
echo " }\n";
echo " function\n";
echo " ValidateEmail(address)\n";
echo " {\n";
echo " if (/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/.test(address))\n";
echo " {\n";
echo " return true;\n";
echo " }\n";
echo " return false;\n";
echo " }\n";
echo " </SCRIPT>\n";
echo " <FORM action=\"?pid=edit_profile&step=3\" method=\"POST\" name=\"profile\">\n";
echo " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n";
echo " <TR class=\"table_header\">\n";
echo " <TD colspan=\"2\"><B>Required Information</B>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<I>Leave the password fields blank if you wish to keep your current password.</I></TD>\n";
echo " </TR>\n";
$username = str_replace("\"", "&quot;", $username);
echo " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Username:</B></TD>\n";
echo " <TD width=\"50%\" nowrap>$username</TD>\n";
echo " </TR>\n";
$password = str_replace("\"", "&quot;", $password);
echo " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Password:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"password\" name=\"password\" value=\"$password\" maxlength=\"64\" size=\"50\"> <FONT class=\"small_text\">Min 6 characters - Max: 64 characters</FONT></TD>\n";
echo " </TR>\n";
$password = str_replace("\"", "&quot;", $password);
echo " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Confirm Password:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"password\" name=\"confirm_password\" value=\"$password\" maxlength=\"64\" size=\"50\"> <FONT class=\"small_text\">Min: 6 characters - Max: 64 characters</FONT></TD>\n";
echo " </TR>\n";
$email = str_replace("\"", "&quot;", $email);
echo " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Email:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"email\" value=\"$email\" maxlength=\"128\" size=\"50\"> <FONT class=\"small_text\">Max: 128 characters</FONT></TD>\n";
echo " </TR>\n";
echo " <TR>\n";
echo " <TD class=\"table_header\" colspan=\"2\">Optional Information</TD>\n";
echo " </TR>\n";
$location = str_replace("\"", "&quot;", $location);
echo " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Location:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"location\" value=\"$location\" maxlength=\"128\" size=\"50\"> <FONT class=\"small_text\">Max: 128 characters</FONT></TD>\n";
echo " </TR>\n";
$occupation = str_replace("\"", "&quot;", $occupation);
echo " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Occupation:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"occupation\" value=\"$occupation\" maxlength=\"64\" size=\"50\"> <FONT class=\"small_text\">Max: 64 characters</FONT></TD>\n";
echo " </TR>\n";
$homepage = str_replace("\"", "&quot;", $homepage);
echo " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Homepage:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"homepage\" value=\"$homepage\" maxlength=\"128\" size=\"50\"> <FONT class=\"small_text\">Max: 128 characters</FONT></TD>\n";
echo " </TR>\n";
$picture = str_replace("\"", "&quot;", $picture);
echo " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Picture:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"picture\" value=\"$picture\" maxlength=\"128\" size=\"50\"> <FONT class=\"small_text\">Max: 128 characters</FONT></TD>\n";
echo " </TR>\n";
$interests = str_replace("\"", "&quot;", $interests);
echo " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Interests:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"interests\" value=\"$interests\" maxlength=\"255\" size=\"50\"> <FONT class=\"small_text\">Max: 255 characters</FONT></TD>\n";
echo " </TR>\n";
$aim = str_replace("\"", "&quot;", $aim);
echo " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>AOL Instant Messenger:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"aim\" value=\"$aim\" maxlength=\"16\" size=\"50\"> <FONT class=\"small_text\">Max: 16 characters</FONT></TD>\n";
echo " </TR>\n";
$icq = str_replace("\"", "&quot;", $icq);
echo " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>ICQ:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"icq\" value=\"$icq\" maxlength=\"16\" size=\"50\"> <FONT class=\"small_text\">Max: 16 characters</FONT></TD>\n";
echo " </TR>\n";
$yahoo = str_replace("\"", "&quot;", $yahoo);
echo " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Yahoo Pager:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"yahoo\" value=\"$yahoo\" maxlength=\"32\" size=\"50\"> <FONT class=\"small_text\">Max: 32 characters</FONT></TD>\n";
echo " </TR>\n";
echo " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" valign=\"top\" nowrap><B>Signature:</B></TD>\n";
echo " <TD width=\"50%\" valign=\"top\" nowrap>\n";
echo " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\">\n";
echo " <TR>\n";
echo " <TD><TEXTAREA name=\"signature\" rows=\"5\" cols=\"40\" maxlength=\"255\">$signature</TEXTAREA></TD><TD valign=\"top\" nowrap>&nbsp;<FONT class=\"small_text\">Max: 255 characters</FONT></TD>\n";
echo " </TR>\n";
if ($include_sig == 1)
$checked = " checked";
else
$checked = "";
echo " <TR>\n";
echo " <TD colspan=\"2\" class=\"regular_text\"><INPUT type=\"checkbox\" name=\"include_sig\" value=\"1\"$checked> Include signature on new posts?</TD>\n";
echo " </TR>\n";
echo " </TABLE>\n";
echo " </TD>\n";
echo " </TR>\n";
echo " </TABLE>\n";
echo " <INPUT type=\"hidden\" name=\"old_email\" value=\"$email\">\n";
echo " <CENTER><BR><INPUT type=\"Submit\" value=\"Preview Information\" onClick=\"return CheckForm();\"></CENTER>\n";
echo " </FORM>\n";
}
function
PreviewSection ( $section_value, $section_title, $the_color )
{
if ($the_color == TABLE_COLOR_1)
$the_color = TABLE_COLOR_2;
else
$the_color = TABLE_COLOR_1;
echo " <TR bgcolor=\"$the_color\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" valign=\"top\"><B>$section_title:</B></TD>\n";
echo " <TD width=\"50%\">\n";
if ($section_title == "Password")
echo " <I>Password is hidden for security purposes.</I>\n";
else
echo " $section_value\n";
if ($section_title == "Picture")
{
$profile_img = @getimagesize($section_value);
$image_caption = "Image size";
if ($profile_img[0] > 320)
{
$profile_img[0] = 320;
$image_caption = "Scaled image size";
}
if ($profile_img[1] > 240)
{
$profile_img[1] = 240;
$image_caption = "Scaled image size";
}
if ($profile_img[0] > $profile_img[1])
$scale_img = "height=\"$profile_img[1]\"";
else
$scale_img = "width=\"$profile_img[0]\"";
echo " <BR><BR>\n";
echo " $image_caption: {$profile_img[0]}x{$profile_img[1]}\n";
echo " <TABLE border class=\"table_border\" cellspacing=\"0\" cellpadding=\"0\"><TR><TD><A href=\"$section_value\" target=\"_blank\"><IMG src=\"$section_value\" $scale_img border=\"0\"></A></TD></TR></TABLE>\n";
}
if ($section_title == "AOL Instant Messenger")
$section_title = "aim";
else
$section_title = strtolower($section_title);
if ($section_title == "yahoo pager")
$section_title = "yahoo";
/* URL encode the double quotes */
$section_value = str_replace("\"", "&quot;", $section_value);
echo " <INPUT type=\"hidden\" name=\"$section_title\" value=\"$section_value\">\n";
echo " </TD>\n";
echo " </TR>\n";
}
?>

364
content/forum_admin.php Normal file
View file

@ -0,0 +1,364 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'Forum Administration' page. *
* Don't forget the 12 space indent for all content pages. *
* *
* Last modified : September 13th, 2002 (JJS) *
\******************************************************************************/
/* Don't let people call this file directly */
$file_name = "forum_admin.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Grab the veriables held by superglobals */
$forum_name = GetVars("forum_name");
$forum_desc = GetVars("forum_desc");
$forum_order = GetVars("forum_order");
$old_name = GetVars("old_name");
$type = GetVars("type");
$action = GetVars("action");
$step = GetVars("step");
/* Parse any user input */
CheckVars(&$step, 1);
CheckVars(&$forum_name, 64);
CheckVars(&$forum_desc, 255);
CheckVars(&$forum_order, 10);
CheckVars(&$old_name, 64);
/* Check that the user isn't trying to mess with the $step variable */
if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 && $step != 4 && $step != 5 && $step != 6 ) )
$step = 1;
/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */
if ( ( ( $forum_name == "" || $forum_desc == "" ) && ( $step == 3 || $step == 4 ) ) ||
( ( $step == 1 && $QUERY_STRING != "pid=forum_admin" ) ||
( $step == 2 && $QUERY_STRING != "pid=forum_admin&step=2" ) ||
( $step == 3 && $QUERY_STRING != "pid=forum_admin&step=3" ) ||
( $step == 4 && $QUERY_STRING != "pid=forum_admin" ) ||
( $step == 5 && $QUERY_STRING != "pid=forum_admin" ) ) ||
( ( $step != 1 && $step != 2 ) &&
( strlen(trim($forum_name)) == 0 || strlen(trim($forum_desc)) == 0 ) ) )
{
/* Give them an error if they are, and send them back to step 1 */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
$step = 1;
}
/* There are different actions that can be performed, figure out which one */
if ($action == "Edit Forum")
$step = 2;
else if ($action == "Edit")
{
$step = 2;
$type = "existing";
}
else if ($action == "Submit Forum")
$step = 4;
else if ($action == "Delete")
$step = 6;
/* If the user is submitting an existing forum for editting, then do to step 5 */
if ( $step == 4 && $type != "" )
$step = 5;
/* Strip out all escape characters */
if ( $step == 2 || $step == 3 )
{
$forum_name = stripslashes(strip_tags($forum_name));
$forum_desc = stripslashes(strip_tags($forum_desc));
$old_name = stripslashes(strip_tags($old_name));
}
/* Execute the requested step */
switch ($step)
{
/* Show the forum list */
default:
case 1:
ShowForums();
break;
/* Display the new forum page */
case 2:
ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type );
break;
/* Show preview */
case 3:
echo " <FORM action=\"?pid=forum_admin\" method=\"POST\" name=\"forum_admin\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR>\n"
. " <TD class=\"table_header\" colspan=\"2\">Forum Preview</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Forum Name:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $forum_name\n"
. " <INPUT type=\"hidden\" name=\"forum_name\" value=\"$forum_name\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Forum Description:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $forum_desc\n"
. " <INPUT type=\"hidden\" name=\"forum_desc\" value=\"$forum_desc\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Forum Order:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $forum_order\n"
. " <INPUT type=\"hidden\" name=\"forum_order\" value=\"$forum_order\">\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n"
. " <INPUT type=\"hidden\" name=\"type\" value=\"$type\">\n"
. " <INPUT type=\"hidden\" name=\"old_name\" value=\"$old_name\">\n"
. " <CENTER>\n"
. " <BR>\n"
. " <INPUT type=\"submit\" value=\"Edit Forum\" name=\"action\">\n"
. " &nbsp;\n"
. " <INPUT type=\"submit\" value=\"Submit Forum\" name=\"action\">\n"
. " </CENTER>\n"
. " </FORM>\n";
break;
/* Add the new forum to the database */
case 4:
/* If the form was posted, then analyze it and add it */
if ( $REQUEST_METHOD == "POST" )
{
/* Set the error to zero */
$no_err = 0;
/* Pull the number of forums with the same name */
$SQL = "SELECT COUNT(*) as forum_exists FROM " . TABLE_PREFIX . "forums WHERE forum_name='$forum_name';";
$results = ExeSQL($SQL);
/* Grab the data, and tell the user if the forum already exists */
while ($row = mysql_fetch_array($results))
{
if ($row["forum_exists"] != 0)
{
echo " <CENTER class=\"error_message\">A forum by that name already exists!</CENTER><BR>\n";
$no_err++;
}
}
/* If there were no errors */
if ($no_err == 0)
{
/* Add the new forum to the database */
$SQL = "INSERT INTO " . TABLE_PREFIX . "forums (forum_name, forum_desc, forum_order) VALUES ('$forum_name', '$forum_desc', '$forum_order');";
$results = ExeSQL($SQL);
/* Let the user know everything went fine, and show the forum list */
echo " <CENTER class=\"normal_message\">The new forum has successfully been added!</CENTER><BR>\n";
ShowForums();
return;
}
else
ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type );
}
else
{
/* If it wasn't posted, then give the user an error, and send them back */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type );
}
break;
/* Update an existing forum */
case 5:
/* Check if the form is posted */
if ( $REQUEST_METHOD == "POST" )
{
/* Set the errors to zero */
$no_err = 0;
/* If the old name and new name don't match then ... */
if ($forum_name != $old_name)
{
/* Pull the number of forums with the same name */
$SQL = "SELECT COUNT(*) as forum_exists FROM " . TABLE_PREFIX . "forums WHERE forum_name='$forum_name';";
$results = ExeSQL($SQL);
/* Grab the data and sit an error if the forum exists */
while ($row = mysql_fetch_array($results))
{
if ($row["forum_exists"] != 0)
{
echo " <CENTER class=\"error_message\">A forum by that name already exists!</CENTER><BR>\n";
$no_err++;
}
}
}
/* If there were no errors */
if ($no_err == 0)
{
/* Add the new forum to the database */
$SQL = "UPDATE " . TABLE_PREFIX . "forums SET forum_name='$forum_name', forum_desc='$forum_desc', forum_order='$forum_order' WHERE forum_id='$forum_id';";
$results = ExeSQL($SQL);
/* Let the user know it went fine, and default to the forum list */
echo " <CENTER class=\"normal_message\">The forum has successfully been updated!</CENTER><BR>\n";
ShowForums();
return;
}
else
ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type );
}
else
{
/* If it wasn't posted, then give an error, and show the forum form */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type );
}
break;
/* Delete the forum, and all it's associated threads and replies */
case 6:
/* The forum from the database */
$SQL = "DELETE FROM " . TABLE_PREFIX . "forums WHERE forum_id='$forum_id';";
$results = ExeSQL($SQL);
/* Delete the threads associated with the forum */
$SQL = "DELETE FROM " . TABLE_PREFIX . "threads WHERE forum_id='$forum_id';";
$results = ExeSQL($SQL);
/* Delete the replies associated with the forum */
$SQL = "DELETE FROM " . TABLE_PREFIX . "replies WHERE forum_id='$forum_id';";
$results = ExeSQL($SQL);
/* Give the user feedback */
echo " <CENTER class=\"normal_message\">The forum has successfully been removed!</CENTER><BR>\n";
ShowForums();
return;
break;
}
/*
* Show the current functions
*/
function
ShowForums()
{
echo " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">\n"
. " <TABLE cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\" class=\"table_header\">\n"
. " <TR>\n"
. " <TD>\n"
. " Forum Administration&nbsp;\n"
. " </TD>\n"
. " <TD align=\"right\">\n"
. " [ <A href=\"?pid=forum_admin&step=2\" class=\"table_header\">Add New Forum</A> ]\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n"
. " </TR>\n";
/* Set the active color */
$the_color = TABLE_COLOR_2;
/* Pull the forums */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "forums ORDER BY forum_order, forum_name;";
$results = ExeSQL($SQL);
/* Grab the data, and display the stuff */
while ($row = mysql_fetch_array($results))
{
/* Grab the specific columns */
$forum_id = $row["forum_id"];
$forum_name = $row["forum_name"];
$forum_order = $row["forum_order"];
$forum_desc = $row["forum_desc"];
/* Swap the color */
if ($the_color == TABLE_COLOR_2)
$the_color = TABLE_COLOR_1;
else
$the_color = TABLE_COLOR_2;
/* Display the data */
echo " <TR bgcolor=\"$the_color\">\n"
. " <TD>\n"
. " <TABLE cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n"
. " <TR>\n"
. " <TD>\n"
. " <FONT class=\"regular_text\">$forum_order. $forum_name</FONT><BR>\n"
. " <FONT class=\"small_text\">$forum_desc</FONT>\n"
. " </TD>\n"
. " <TD align=\"right\">\n"
. " <FORM action=\"?pid=forum_admin\" method=\"POST\">\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n"
. " <INPUT type=\"hidden\" name=\"forum_name\" value=\"$forum_name\">\n"
. " <INPUT type=\"hidden\" name=\"forum_desc\" value=\"$forum_desc\">\n"
. " <INPUT type=\"hidden\" name=\"forum_order\" value=\"$forum_order\">\n"
. " <INPUT type=\"submit\" name=\"action\" value=\"Edit\">\n"
. " <INPUT type=\"submit\" name=\"action\" value=\"Delete\" onClick=\"return Confirm('Are you sure you want to delete this forum, and all of it\'s associated posts?');\">\n"
. " </FORM>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n"
. " </TR>\n";
}
/* Close off the table */
echo " </TABLE>\n";
}
/*
* Display the form to add a forum
*/
function
ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type )
{
/* Display the stuff in the form! */
echo " <FORM action=\"?pid=forum_admin&step=3\" method=\"POST\" name=\"forum_admin\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\"><TD colspan=\"2\">Forum Administration</TD></TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Forum Name:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"forum_name\" value=\"$forum_name\" size=\"50\" max=\"64\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Forum Description:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TEXTAREA name=\"forum_desc\" rows=\"5\" cols=\"40\">$forum_desc</TEXTAREA>\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Forum Order:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"forum_order\" value=\"$forum_order\" size=\"50\" max=\"64\">\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n"
. " <INPUT type=\"hidden\" name=\"type\" value=\"$type\">\n"
. " <INPUT type=\"hidden\" name=\"old_name\" value=\"$forum_name\">\n"
. " <CENTER><BR><INPUT type=\"submit\" value=\"Preview Information\" name=\"action\"></CENTER>\n"
. " </FORM>\n";
}
?>

236
content/general_admin.php Normal file
View file

@ -0,0 +1,236 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'General Administration' page. *
* Don't forget the 12 space indent for all content pages. *
* *
* Last modified : September 13th, 2002 (JJS) *
\******************************************************************************/
/* As always, don't let them access the file directly */
$file_name = "general_admin.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Grab the veriables held by superglobals */
$board_name = GetVars("board_name");
$title_image = GetVars("title_image");
$action = GetVars("action");
/* Parse any user input */
CheckVars(&$step, 1);
CheckVars(&$board_name, 64);
CheckVars(&$title_image, 128);
/* Make sure someone isn't trying to feed the step number via the querystring */
if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 && $step != 4 ) )
$step = 1;
/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */
if ( ( ( $board_name == "" || $title_image == "" ) && ( $step == 3 || $step == 4 ) ) ||
( ( $step == 1 && $QUERY_STRING != "pid=general_admin" ) ||
( $step == 2 && $QUERY_STRING != "pid=general_admin" ) ||
( $step == 3 && $QUERY_STRING != "pid=general_admin" ) ||
( $step == 4 && $QUERY_STRING != "pid=general_admin" ) ) ||
( ( $step != 1 && $step != 2 ) &&
( strlen(trim($board_name)) == 0 || strlen(trim($title_image)) == 0 ) ) )
{
/* Give them an error if they are */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
$step = 1;
}
/* Determine which step to use */
if ($action == "Edit Properties")
$step = 2;
else if ($action == "Preview Properties")
$step = 3;
else if ($action == "Submit Properties")
$step = 4;
/* Strip out all escape characters */
if ( $step == 3 || $step == 4 )
$board_name = stripslashes(strip_tags($board_name));
/* Display the desired step */
switch ($step)
{
/* Show the forum list */
default:
case 1:
ShowProperties();
break;
/* Show edit form */
case 2:
ShowPropertyForm( $board_name, $title_image );
break;
/* Show preview */
case 3:
echo " <FORM action=\"index.php?pid=general_admin\" method=\"POST\" name=\"general_admin\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">Properties Preview</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Board Name:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $board_name\n"
. " <INPUT type=\"hidden\" name=\"board_name\" value=\"$board_name\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Title Image:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $title_image<BR><BR>\n"
. " <TABLE border class=\"table_border\" cellspacing=\"0\" cellpadding=\"0\">\n"
. " <TR>\n"
. " <TD><IMG src=\"$title_image\" border=\"0\"></TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"title_image\" value=\"$title_image\">\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <CENTER>\n"
. " <BR>\n"
. " <INPUT type=\"submit\" value=\"Edit Properties\" name=\"action\">\n"
. " &nbsp;\n"
. " <INPUT type=\"submit\" value=\"Submit Properties\" name=\"action\">\n"
. " </CENTER>\n"
. " </FORM>\n";
break;
/* Add the new forum to the database */
case 4:
/* Check if the page was POSTed */
if ( $REQUEST_METHOD == "POST" )
{
/* Set the error to zero */
$no_err = 0;
/* Delete the existing properties */
$SQL = "DELETE FROM " . TABLE_PREFIX . "properties;";
$results = ExeSQL($SQL);
/* Add the new ones in */
$SQL = "INSERT INTO " . TABLE_PREFIX . "properties (board_name, title_image) VALUES ('$board_name', '$title_image');";
$results = ExeSQL($SQL);
/* Let the user know what's up, then show the properties */
echo " <CENTER class=\"normal_message\">The properties have successfully been modified!</CENTER><BR>\n";
ShowProperties();
return;
}
else
ShowMessageForm( $message_name, $message_body, $message_id );
break;
}
/*
* Show the existing properties and values
*/
function
ShowProperties()
{
/* Spit out the top part of the HTML */
echo " <FORM action=\"?pid=general_admin\" method=\"POST\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">\n"
. " <TABLE cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n"
. " <TR>\n"
. " <TD class=\"table_header\">\n"
. " General Administration</B>&nbsp;\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n"
. " </TR>\n";
/* Set the color */
$the_color = TABLE_COLOR_2;
/* Pull the properties */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "properties;";
$results = ExeSQL($SQL);
/* Grab the data, and assign it to variables */
while ($row = mysql_fetch_array($results))
{
$board_name = $row["board_name"];
$title_image = $row["title_image"];
}
/* Display the properties */
echo " <TR bgcolor=\"" . TABLE_COLOR_1 . "\">\n"
. " <TD class=\"regular_text\" width=\"25%\">\n"
. " <B>Board Name:</B><BR>\n"
. " </TD>\n"
. " <TD class=\"regular_text\" width=\"50%\">\n"
. " $board_name<BR>\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\">\n"
. " <TD class=\"regular_text\" width=\"25%\" valign=\"top\">\n"
. " <B>Title Image:</B><BR>\n"
. " </TD>\n"
. " <TD class=\"regular_text\" width=\"50%\">\n"
. " $title_image<BR><BR>\n"
. " <TABLE border class=\"table_border\" cellspacing=\"0\" cellpadding=\"0\">\n"
. " <TR>\n"
. " <TD><IMG src=\"$title_image\" border=\"0\"></TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <CENTER><BR>\n"
. " <INPUT type=\"hidden\" name=\"board_name\" value=\"$board_name\">\n"
. " <INPUT type=\"hidden\" name=\"title_image\" value=\"$title_image\">\n"
. " <INPUT type=\"submit\" name=\"action\" value=\"Edit Properties\">\n"
. " </CENTER>\n"
. " </FORM>\n";
}
/*
* Show the form to edit the properties
*/
function
ShowPropertyForm( $board_name, $title_image )
{
/* What are you waiting for, show it already! */
echo " <FORM action=\"index.php?pid=general_admin\" method=\"POST\" name=\"general_admin\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">General Administration</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Board Name:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"board_name\" value=\"$board_name\" size=\"50\" maxlength=\"64\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Title Image:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"title_image\" value=\"$title_image\" size=\"50\" maxlength=\"128\">\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <CENTER><BR><INPUT type=\"submit\" value=\"Preview Properties\" name=\"action\"></CENTER>\n"
. " </FORM>\n";
}
?>

1
content/index.php Normal file
View file

@ -0,0 +1 @@
<? header("Location: ../index.php"); ?>

80
content/login.php Normal file
View file

@ -0,0 +1,80 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'Login' page. Don't forget the *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 13th, 2002 (JJS) *
\******************************************************************************/
/* Run this stuff so people can't call this file directly */
$file_name = "login.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* If the user performed a bad login, then tell them */
if ($login == "failed")
echo " <CENTER class=\"error_message\">Bad login credentials, try again.</CENTER><BR>";
/* Display the top part of the form */
echo " <FORM method=\"POST\" action=\"index.php?pid=login\">\n"
. " <TABLE width=\"100%\" cellspacing=\"0\" cellpadding=\"5\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD>Login</TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD align=\"center\" bgcolor=\"" . TABLE_COLOR_1 . "\">\n"
. " <TABLE align=\"center\">\n"
. " <TR class=\"regular_text\">\n"
. " <TD align=\"right\">\n"
. " Username:&nbsp;\n"
. " </TD>\n"
. " <TD>\n"
. " <INPUT type=\"text\" name=\"username\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR class=\"regular_text\">\n"
. " <TD align=\"right\">\n"
. " Password:&nbsp;\n"
. " </TD>\n"
. " <TD>\n"
. " <INPUT type=\"password\" name=\"password\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD align=\"center\" colspan=\"2\">\n"
. " <INPUT type=\"submit\" value=\"Login\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD align=\"center\" colspan=\"2\" class=\"small_text\">\n"
. " <A href=\"?pid=forgot_password\">Forgot Password?</A>\n"
. " </TD>\n"
. " </TABLE>\n";
/* If $destination isn't NULL, then put it on the form */
if ($destination != "")
echo " <INPUT type=\"hidden\" name=\"destination\" value=\"$destination\">\n";
/* Same with the $forum_id */
if ($forum_id != "")
echo " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n";
/* Same with the $thread_id */
if ($thread_id != "")
echo " <INPUT type=\"hidden\" name=\"thread_id\" value=\"$thread_id\">\n";
/* Let's close off the form */
echo " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </FORM>\n";
?>

273
content/post_reply.php Normal file
View file

@ -0,0 +1,273 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'Post Reply' page. Don't forget *
* the 12 space indent for all content pages. *
* *
* Last modified : September 24th, 2002 (JJS) *
\******************************************************************************/
/* Stop lame hacker kiddies */
$file_name = "post_reply.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Grab the user's IP address from the super global */
$user_ip = $_SERVER['REMOTE_ADDR'];
$step = GetVars("step");
$action = GetVars("action");
$email = GetVars("email");
$include_sig = GetVars("include_sig");
/* Parse any user input */
CheckVars(&$step, 1);
CheckVars(&$user_ip, 15);
/* Determine which step to use */
if ($action == "Edit Reply")
$step = 1;
else if ($action == "Post Reply")
$step = 3;
/* Strip out all escape characters */
if ($step == 1)
{
$message = str_replace("<BR>", "", $message);
$message = stripslashes(htmlspecialchars($message));
}
/* And again, along with adding line breaks */
if ($step == 2)
{
$message = stripslashes(htmlspecialchars($message));
$message = nl2br($message);
$message = str_replace("<br />", "<BR>", $message);
}
/* One more time, but add <BR>'s */
if ($step == 3)
{
$message = htmlspecialchars($message);
$message = str_replace("&lt;BR&gt;", "<BR>", $message);
}
/* Pull the thread list */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "threads;";
$results = ExeSQL($SQL);
/* Grab the data, and load it in array's */
while ($row = mysql_fetch_array($results))
{
$thread_list[] = $row["thread_id"];
$forum_list[] = $row["forum_id"];
}
/* Check to see if the thread the user is requesting is real */
if (!(in_array($thread_id, $thread_list)))
{
/* If not, let them know, and redirect them */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
require ("./content/view_forums.php");
return;
}
/* Assign values to use later - yes, I did forget what these do */
$thread_forum = array_search($thread_id, $thread_list);
$correct_forum = $forum_list[$thread_forum];
/* Check to see if the forum the user is requesting is the right one */
if ($correct_forum != $forum_id)
{
/* If not, then tell them off */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
require ("./content/view_forums.php");
return;
}
/* Check that the user isn't trying to mess with the $step variable */
if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 ) )
$step = 1;
/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */
if ( ( ( $message == "" ) && ( $step == 3 ) ) || strlen($QUERY_STRING) >= 50 ||
( ( $step == 2 && $QUERY_STRING != "pid=post_reply&step=2" ) ||
( $step == 3 && $QUERY_STRING != "pid=post_reply" ) ) ||
( $step != 1 && strlen(trim($message)) == 0 ) )
{
/* And if they are, tell them off! */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
$step = 1;
}
/* Which step do we want to run? */
switch ($step)
{
/* Display the post reply form */
default:
case 1:
ShowPostReplyForm( $username, $password, $email, $message, $include_sig, $user_id, $thread_id, $forum_id );
break;
/* Display the reply for the user to preview */
case 2:
/* Show the top of the form */
echo " <FORM action=\"?pid=post_reply\" method=\"POST\" name=\"post_reply\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">New Reply Preview</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Message:</B></TD>\n"
. " <TD width=\"50%\">\n";
/* Pull the user's signature */
$SQL = "SELECT user_signature FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';";
$results = ExeSQL($SQL);
/* Grab the data, and load it in a variable */
while ($row = mysql_fetch_array($results))
$signature = $row["user_signature"];
/* If the user has a signature and wants to use it, then show it */
if ($signature != "" && $include_sig == "yes")
$display_message = $message . "<BR><BR>" . $signature;
else
$display_message = $message;
/* Show the bottom of the form */
echo " $display_message\n"
. " <INPUT type=\"hidden\" name=\"message\" value=\"$message\">\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"include_sig\" value=\"$include_sig\">\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n"
. " <INPUT type=\"hidden\" name=\"thread_id\" value=\"$thread_id\">\n"
. " <INPUT type=\"hidden\" name=\"user_id\" value=\"$user_id\">\n"
. " <CENTER>\n"
. " <BR>\n"
. " <INPUT type=\"Submit\" value=\"Edit Reply\" name=\"action\">\n"
. " &nbsp;\n"
. " <INPUT type=\"Submit\" value=\"Post Reply\" name=\"action\">\n"
. " </CENTER>\n"
. " </FORM>\n";
break;
/* Check the user's input, add the reply to the database, and display the reply */
case 3:
/* Make sure they POSTed the form */
if ( $REQUEST_METHOD == "POST" )
{
/* Pull the user's signature */
$SQL = "SELECT user_signature FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';";
$results = ExeSQL($SQL);
/* Grab the data and load it in a variable */
while ($row = mysql_fetch_array($results))
$signature = $row["user_signature"];
/* If they have a sig, and want to include it, then include it! */
if ($signature != "" && $include_sig == "yes")
$message = $message . "<BR><BR>" . $signature;
/* Insert the reply into the database */
$SQL = "INSERT INTO " . TABLE_PREFIX . "replies (reply_body, user_id, user_ip, thread_id, forum_id) VALUES ('$message', '$user_id', '$user_ip', '$thread_id', '$forum_id');";
$results = ExeSQL($SQL);
/* Now be a good forum, and thank the kind user */
echo " <CENTER class=\"normal_message\">Thanks for posting!</CENTER><BR>\n";
/* Show the reply list */
require ("./content/view_replies.php");
}
else
{
/* If they didn't POST it, then error out */
echo " <CENTER class=\"error_message\"><B>Malformed request detected!</CENTER><BR>\n";
ShowPostReplyForm( $username, $password, $email, $message, $include_sig, $user_id, $thread_id, $forum_id, $db_name, $connection );
}
break;
}
/*
* Show the form for the user to fill out
*/
function
ShowPostReplyForm( $username, $password, $email, $message, $include_sig, $user_id, $thread_id, $forum_id )
{
/* Show the beginning of the form */
echo " <SCRIPT language=\"JavaScript\">\n"
. " function\n"
. " CheckForm()\n"
. " {\n"
. " if (document.post_reply.message.value == '')\n"
. " {\n"
. " alert('The \'Message\' field is mandatory!');\n"
. " document.post_reply.message.focus(1);\n"
. " return false;\n"
. " }\n"
. " }\n"
. " </SCRIPT>\n"
. " <FORM action=\"?pid=post_reply&step=2\" method=\"POST\" name=\"post_reply\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">Post New Reply</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\" nowrap><B>Message:</B></TD>\n"
. " <TD width=\"50%\" nowrap>\n"
. " <TABLE border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n"
. " <TR>\n"
. " <TD>\n"
. " <TEXTAREA name=\"message\" cols=\"65\" rows=\"10\">$message</TEXTAREA><BR>\n"
. " </TD>\n"
. " </TR>\n";
/* Pull the user's signature */
$SQL = "SELECT user_signature, user_usesig FROM " . TABLE_PREFIX . "users WHERE user_name='$username';";
$results = ExeSQL($SQL);
/* Grab the data, and load it into variables */
while ($row = mysql_fetch_array($results))
{
/* Grab the actual signature */
$signature = $row["user_signature"];
/* Determine if they use it by default */
if ($row["user_usesig"] == 1)
$use_sig = " checked";
else
$use_sig = "";
}
/* If there is a signature, then display the option to use it */
if ($signature != "")
{
echo " <TR class=\"regular_text\">\n"
. " <TD align=\"right\">\n"
. " <INPUT type=\"checkbox\" name=\"include_sig\" value=\"yes\"$use_sig> Include Signature?</A>\n"
. " </TD>\n"
. " </TR>\n";
}
/* Now spit out the rest of the HTML so we can get the heck outta this file! */
echo " </TABLE>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"user_id\" value=\"$user_id\">\n"
. " <INPUT type=\"hidden\" name=\"thread_id\" value=\"$thread_id\">\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n"
. " <CENTER><BR><INPUT type=\"Submit\" value=\"Preview Reply\" onClick=\"return CheckForm();\"></CENTER>\n"
. " </FORM>\n";
}
?>

273
content/post_thread.php Normal file
View file

@ -0,0 +1,273 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'Post Thread' page. Don't *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 24th, 2002 (JJS) *
\******************************************************************************/
/* Disallow direct access to this file */
$file_name = "post_thread.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Get the variables we need */
$user_ip = GetVars("REMOTE_ADDR");
$action = GetVars("action");
$email = GetVars("email");
$include_sig = GetVars("include_sig");
$step = GetVars("step");
/* Parse any user input */
CheckVars(&$step, 1);
CheckVars(&$user_ip, 15);
/* Determine which step to use */
if ($action == "Edit Thread")
$step = 1;
else if ($action == "Post Thread")
$step = 3;
/* Strip out all escape characters */
if ($step == 1)
{
$title = stripslashes(htmlspecialchars($title));
$message = str_replace("<BR>", "", $message);
$message = stripslashes(htmlspecialchars($message));
}
/* Along with replacing the </ br>'s */
if ($step == 2)
{
$title = stripslashes(htmlspecialchars($title));
$message = stripslashes(htmlspecialchars($message));
$message = nl2br($message);
$message = str_replace("<br />", "<BR>", $message);
}
/* And also adding <BR>'s */
if ($step == 3)
{
$title = htmlspecialchars($title);
$message = htmlspecialchars($message);
$message = str_replace("&lt;BR&gt;", "<BR>", $message);
}
/* Pull the forum list */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "forums;";
$results = ExeSQL($SQL);
/* Grab the data, and load it in an array */
while ($row = mysql_fetch_array($results))
$forum_list[] = $row["forum_id"];
/* Check to see if the forum the user is requesting is real */
if (!(in_array($forum_id, $forum_list)))
{
/* If not, let them know */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
require ("./content/view_forums.php");
return;
}
/* Check that the user isn't trying to mess with the $step variable */
if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 ) )
$step = 1;
/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */
if ( ( ( $title == "" || $message == "" ) && ( $step == 3 ) ) || strlen($QUERY_STRING) >= 50 ||
( ( $step == 2 && $QUERY_STRING != "pid=post_thread&step=2" ) ||
( $step == 3 && $QUERY_STRING != "pid=post_thread" ) ) ||
( $step != 1 && ( strlen(trim($title)) == 0 || strlen(trim($message)) == 0 ) ) )
{
/* If so, bitch at them */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
$step = 1;
}
/* Display the desired step */
switch ($step)
{
/* Display the post thread form */
default:
case 1:
ShowPostThreadForm( $username, $password, $email, $title, $message, $include_sig, $user_id, $forum_id );
break;
/* Display the thread for the user to preview */
case 2:
/* Display the top part */
echo " <FORM action=\"?pid=post_thread\" method=\"POST\" name=\"post_thread\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">New Thread Preview</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\"><B>Title:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $title\n"
. " <INPUT type=\"hidden\" name=\"title\" value=\"$title\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Message:</B></TD>\n"
. " <TD width=\"50%\">\n";
/* Pull the user's signature */
$SQL = "SELECT user_signature FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';";
$results = ExeSQL($SQL);
/* Grab the data, and load it in a variable */
while ($row = mysql_fetch_array($results))
$signature = $row["user_signature"];
/* If we have a signature, then include it */
if ($signature != "" && $include_sig == "yes")
$display_message = $message . "<BR><BR>" . $signature;
else
$display_message = $message;
/* Display the rest of the page */
echo " $display_message\n"
. " <INPUT type=\"hidden\" name=\"message\" value=\"$message\">\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"include_sig\" value=\"$include_sig\">\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n"
. " <INPUT type=\"hidden\" name=\"user_id\" value=\"$user_id\">\n"
. " <CENTER>\n"
. " <BR>\n"
. " <INPUT type=\"Submit\" value=\"Edit Thread\" name=\"action\">\n"
. " &nbsp;\n"
. " <INPUT type=\"Submit\" value=\"Post Thread\" name=\"action\">\n"
. " </CENTER>\n"
. " </FORM>\n";
break;
/* Check the user's input, add the thread to the database, and display the thread */
case 3:
/* Make sure the form was POSTed */
if ( $REQUEST_METHOD == "POST" )
{
/* Pull the user's signature */
$SQL = "SELECT user_signature FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';";
$results = ExeSQL($SQL);
/* Grab the data, and load it in a variable */
while ($row = mysql_fetch_array($results))
$signature = $row["user_signature"];
/* Include the signature if they want it to be */
if ($signature != "" && $include_sig == "yes")
$message = $message . "<BR><BR>" . $signature;
/* Insert the thread into the database */
$SQL = "INSERT INTO " . TABLE_PREFIX . "threads (thread_title, thread_body, user_id, user_ip, forum_id) VALUES ('$title', '$message', '$user_id', '$user_ip', '$forum_id');";
$results = ExeSQL($SQL);
/* Give 'em props */
echo " <CENTER class=\"normal_message\">Thanks for posting!</CENTER><BR>\n";
/* Show the thread list */
require ("./content/view_threads.php");
}
else
{
/* If not POSTed, then error out */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
ShowPostThreadForm( $username, $password, $email, $title, $message, $include_sig, $user_id, $forum_id );
}
break;
}
/*
* Show the form the user needs to fill out to post
*/
function
ShowPostThreadForm( $username, $password, $email, $title, $message, $include_sig, $user_id, $forum_id )
{
/* Start with the JavaScript header, and then some */
echo " <SCRIPT language=\"JavaScript\">\n"
. " function\n"
. " CheckForm()\n"
. " {\n"
. " if (document.post_thread.title.value == '')\n"
. " {\n"
. " alert('The \'Title\' field is mandatory!');\n"
. " document.post_thread.title.focus(1);\n"
. " return false;\n"
. " }\n"
. " if (document.post_thread.message.value == '')\n"
. " {\n"
. " alert('The \'Message\' field is mandatory!');\n"
. " document.post_thread.message.focus(1);\n"
. " return false;\n"
. " }\n"
. " return true;\n"
. " }\n"
. " </SCRIPT>\n"
. " <FORM action=\"?pid=post_thread&step=2\" method=\"POST\" name=\"post_thread\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">Post New Thread</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Title:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"title\" value=\"$title\" maxlength=\"64\" size=\"50\"> <FONT class=\"small_text\">Max: 128 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\" nowrap><B>Message:</B></TD>\n"
. " <TD width=\"50%\" nowrap>\n"
. " <TABLE border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n"
. " <TR>\n"
. " <TD>\n"
. " <TEXTAREA name=\"message\" cols=\"65\" rows=\"10\">$message</TEXTAREA><BR>\n"
. " </TD>\n"
. " </TR>\n";
/* Pull the user's signature */
$SQL = "SELECT user_signature, user_usesig FROM " . TABLE_PREFIX . "users WHERE user_name='$username';";
$results = ExeSQL($SQL);
/* Grab the data, and figure out if we want to include the signature or not */
while ($row = mysql_fetch_array($results))
{
$signature = $row["user_signature"];
if ($row["user_usesig"] == 1)
$use_sig = " checked";
else
$use_sig = "";
}
/* If the user has a signature, then give them the option to use it */
if ($signature != "")
{
echo " <TR class=\"regular_text\">\n"
. " <TD align=\"right\">\n"
. " <INPUT type=\"checkbox\" name=\"include_sig\" value=\"yes\"$use_sig> Include Signature?</A>\n"
. " </TD>\n"
. " </TR>\n";
}
/* Finish it off */
echo " </TABLE>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"user_id\" value=\"$user_id\">\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n"
. " <CENTER><BR><INPUT type=\"Submit\" value=\"Preview Thread\" onClick=\"return CheckForm();\"></CENTER>\n"
. " </FORM>\n";
}
?>

532
content/register.php Normal file
View file

@ -0,0 +1,532 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'Registation' page. Don't *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 14th, 2002 (JJS) *
\******************************************************************************/
/* Call this file directly, get sent back */
$file_name = "register.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Grab the veriables held by super globals */
$username = GetVars("username");
$password = GetVars("password");
$email = GetVars("email");
$location = GetVars("location");
$occupation = GetVars("occupation");
$homepage = GetVars("homepage");
$picture = GetVars("picture");
$interests = GetVars("interests");
$aim = GetVars("aim");
$icq = GetVars("icq");
$yahoo = GetVars("yahoo");
$signature = GetVars("signature");
$include_sig = GetVars("include_sig");
$action = GetVars("action");
$step = GetVars("step");
/* Parse any user input */
CheckVars(&$step, 1);
CheckVars(&$username, 64);
CheckVars(&$password, 64);
CheckVars(&$confirm_password, 64);
CheckVars(&$email, 128);
CheckVars(&$location, 128);
CheckVars(&$occupation, 64);
CheckVars(&$homepage, 128);
CheckVars(&$picture, 128);
CheckVars(&$interests, 255);
CheckVars(&$aim, 16);
CheckVars(&$icq, 16);
CheckVars(&$yahoo, 32);
CheckVars(&$signature, 255);
CheckVars(&$include_sig, 1);
/* Strip &nbsp; from the username */
$username = str_replace("&nbsp;", "", $username);
/* Check that the user isn't trying to mess with the $step variable */
if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 && $step != 4 ) )
$step = 1;
/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */
if ( ( ( $username == "" || $password == "" || $email == "" ) && ( $step == 3 || $step == 4 ) ) ||
( ( $step == 1 && $QUERY_STRING != "pid=register" ) ||
( $step == 2 && $QUERY_STRING != "pid=register&step=2" ) ||
( $step == 3 && $QUERY_STRING != "pid=register&step=3" ) ||
( $step == 4 && $QUERY_STRING != "pid=register" ) ) ||
( ( $step != 1 && $step != 2 ) &&
( strlen(trim($username)) == 0 || strlen(trim($password)) == 0 || strlen(trim($email)) == 0 ) ) )
{
/* If so, give them an error */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
$step = 1;
}
/* Determine which step to go to */
if ($action == "Edit Information")
$step = 2;
else if ($action == "Submit Information")
$step = 4;
/* Parse some of the variables to ensure accurate values */
if ( $step == 2 && $homepage == "" )
$homepage = "http://";
if ( $step == 2 && $picture == "" )
$picture = "http://";
/* Strip out all escape characters */
if ($step == 2)
{
$username = stripslashes(strip_tags($username));
$password = stripslashes(strip_tags($password));
$email = stripslashes(strip_tags($email));
$location = stripslashes(strip_tags($location));
$occupation = stripslashes(strip_tags($occupation));
$homepage = stripslashes(strip_tags($homepage));
$picture = stripslashes(strip_tags($picture));
$interests = stripslashes(strip_tags($interests));
$aim = stripslashes(strip_tags($aim));
$icq = stripslashes(strip_tags($icq));
$yahoo = stripslashes(strip_tags($yahoo));
$signature = stripslashes(strip_tags($signature));
}
/* Again, with some sig clean up */
if ($step == 3)
{
$username = stripslashes(strip_tags($username));
$password = stripslashes(strip_tags($password));
$email = stripslashes(strip_tags($email));
$location = stripslashes(strip_tags($location));
$occupation = stripslashes(strip_tags($occupation));
$homepage = stripslashes(strip_tags($homepage));
$picture = stripslashes(strip_tags($picture));
$interests = stripslashes(strip_tags($interests));
$aim = stripslashes(strip_tags($aim));
$icq = stripslashes(strip_tags($icq));
$yahoo = stripslashes(strip_tags($yahoo));
$signature = stripslashes(htmlspecialchars($signature));
$signature = nl2br($signature);
$signature = str_replace("<br />", "<BR>", $signature);
}
/* This time, just signature clean up */
if ($step == 4)
{
$signature = htmlspecialchars($signature);
$signature = str_replace("&lt;BR&gt;", "<BR>", $signature);
}
/* To step, or not to step! */
switch ($step)
{
/* Display the TOS */
default:
case 1:
/* Start displaying the TOS */
echo " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD>Usage Policy</TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " Registration for our community is 100% free! If you agree to abide by our rules below, you should press the \"Agree\" button, which will enable you to register. If you do not agree, press the \"Cancel\" button.\n"
. " </TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n";
/* Grab the TOS */
require("language/tos.php");
/* Display the TOS */
echo " " . TERMS_OF_SERVICE . "\n";
/* Finish off the page */
echo " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <CENTER class=\"regular_text\">\n"
. " <B><A href=\"?pid=register&step=2\">Agree</A> | <A href=\"?pid=view_forums\">Cancel</A></B>\n"
. " </CENTER>\n";
break;
/* Display the form for the user to fill out */
case 2:
ShowRegistrationForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig );
break;
/* Display the info the user supplied and prompt them to continue or edit */
case 3:
/* Line starts here, no cutting [or pasting ;)] */
echo " <FORM action=\"index.php?pid=register\" method=\"POST\" name=\"registration\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">Registration Preview</TD>\n"
. " </TR>\n";
/* Set the active color */
$the_color = TABLE_COLOR_2;
/* Display the mandatory fields */
PreviewSection ( $username, "Username", &$the_color );
PreviewSection ( $password, "Password", &$the_color );
PreviewSection ( $email, "Email", &$the_color );
/* Display the optional fields, if they were filled in */
if ( $location != "" )
PreviewSection( $location, "Location", &$the_color );
if ( $occupation != "" )
PreviewSection( $occupation, "Occupation", &$the_color );
if ( $homepage != "" && $homepage != "http://" )
PreviewSection( $homepage, "Homepage", &$the_color );
if ( $picture != "" && $picture != "http://" )
PreviewSection ( $picture, "Picture", &$the_color );
if ( $interests != "" )
PreviewSection ( $interests, "Interests", &$the_color );
if ( $aim != "" )
PreviewSection ( $aim, "AOL Instant Messenger", &$the_color );
if ( $icq != "" )
PreviewSection ( $icq, "ICQ", &$the_color );
if ( $yahoo != "" )
PreviewSection ( $yahoo, "Yahoo Pager", &$the_color );
if ( $signature != "" )
{
/* Swap the colors */
if ($the_color == TABLE_COLOR_1)
$the_color = TABLE_COLOR_2;
else
$the_color = TABLE_COLOR_1;
/* Start the section */
echo " <TR bgcolor=\"$the_color\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Signature:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $signature<BR><BR>\n"
. " <I>\n";
/* Display if the signature will be added by default */
if ($include_sig == 1)
echo " You have chosen to include this signature on new posts.\n";
else
echo " You have chosen to not include this signature on new posts.\n";
/* Finish off the section */
echo " </I>\n"
. " <INPUT type=\"hidden\" name=\"signature\" value=\"$signature\">\n"
. " <INPUT type=\"hidden\" name=\"include_sig\" value=\"$include_sig\">\n"
. " </TD>\n"
. " </TR>\n";
}
/* And then we finish off the form */
echo " </TABLE>\n"
. " <CENTER><BR><INPUT type=\"Submit\" value=\"Edit Information\" name=\"action\"> <INPUT type=\"Submit\" value=\"Submit Information\" name=\"action\"></CENTER>\n"
. " </FORM>\n";
break;
/* Check the user's input, add the user to the database, and display the results */
case 4:
/* Make sure it was POSTed, if it wasn't they are trying to be slick */
if ( $REQUEST_METHOD == "POST" )
{
/* No errors... yet */
$no_err = 0;
/* Pull the number of accounts with the same username */
$SQL = "SELECT COUNT(*) as user_exists FROM " . TABLE_PREFIX . "users WHERE user_name='$username';";
$results = ExeSQL($SQL);
/* Grab the data, parse the results */
while ($row = mysql_fetch_array($results))
{
/* If the username exists, error out */
if ($row["user_exists"] != 0)
{
echo " <CENTER class=\"error_message\">That username already exists!</CENTER><BR>\n";
$no_err++;
}
}
/* Pull the number of accounts with the same email */
$SQL = "SELECT COUNT(*) as email_exists FROM " . TABLE_PREFIX . "users WHERE user_email='$email';";
$results = ExeSQL($SQL);
/* Grab the data, parse the results */
while ($row = mysql_fetch_array($results))
{
/* If the email exists, then error out */
if ($row["email_exists"] != 0)
{
echo " <CENTER class=\"error_message\">Someone has already registered using that email address!</CENTER><BR>\n";
$no_err++;
}
}
/* If there are no errors, then proceed with the registration */
if ($no_err == 0)
{
/* Clear out the URL variables if they still contain 'http://' */
if ($homepage == "http://") { $homepage = ""; }
if ($picture == "http://") { $picture = ""; }
/* Crypt the password to a random salt */
$password = crypt($password);
/* Determine if the sig will be added by default */
if ($include_sig != 1)
$include_sig == 0;
/* Insert the user into the database */
$SQL = "INSERT INTO " . TABLE_PREFIX . "users (user_name, user_email, user_pass, user_location, user_occupation, user_homepage, user_picture, user_interests, user_aim, user_icq, user_yahoo, user_signature, user_usesig) VALUES ('$username', '$email', '$password', '$location', '$occupation', '$homepage', '$picture', '$interests', '$aim', '$icq', '$yahoo', '$signature', '$include_sig');";
$results = ExeSQL($SQL);
/* Log the new user in */
SetCookie("user_name", $username, time() + 86400, '', $_SERVER['HTTP_HOST']);
SetCookie("user_pass", $password, time() + 86400, '', $_SERVER['HTTP_HOST']);
/* Set their login status */
$logged_in = 1;
/* Finish off the registration */
echo " <CENTER class=\"regular_text\">\n"
. " <B>Thanks for registering!</B><BR>\n"
. " <A href=\"index.php\">Click here to log in!</A>\n"
. " </CENTER>\n"
. " <BR>\n";
require("./content/view_forums.php");
return;
}
else
ShowRegistrationForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig );
}
else
{
/* If they didn't POST it, then error out */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
ShowRegistrationForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig );
}
break;
}
/*
* Show the registration form
*/
function
ShowRegistrationForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig )
{
/* Start displaying the damned thing */
echo " <SCRIPT language=\"JavaScript\">\n"
. " function\n"
. " CheckForm()\n"
. " {\n"
. " if (document.registration.username.value == '')\n"
. " {\n"
. " alert('The \'Username\' field is mandatory!');\n"
. " document.registration.username.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.registration.password.value == '')\n"
. " {\n"
. " alert('The \'Password\' field is mandatory!');\n"
. " document.registration.password.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.registration.confirm_password.value == '')\n"
. " {\n"
. " alert('The \'Confirm Password\' field is mandatory!');\n"
. " document.registration.confirm_password.focus(1);\n"
. " return false;\n"
. " }\n"
. " if (document.registration.password.value != document.registration.confirm_password.value)\n"
. " {\n"
. " alert('The \'Password\' and \'Confirm Password\' fields must be the same!');\n"
. " document.registration.password.focus();\n"
. " document.registration.password.select();\n"
. " return false;\n"
. " }\n"
. " if (document.registration.password.value.length < 6)\n"
. " {\n"
. " alert('The \'Password\' field must be at least 6 characters!');\n"
. " document.registration.password.focus();\n"
. " document.registration.password.select();\n"
. " return false;\n"
. " }\n"
. " if (document.registration.email.value == '')\n"
. " {\n"
. " alert('The \'Email\' field is mandatory!');\n"
. " document.registration.email.focus();\n"
. " return false;\n"
. " }\n"
. " if (!ValidateEmail(document.registration.email.value))\n"
. " {\n"
. " alert('You must supply a valid email address.');\n"
. " document.registration.email.focus();\n"
. " document.registration.email.select();\n"
. " return false;\n"
. " }\n"
. " if (document.registration.signature.value.length > 255)\n"
. " {\n"
. " alert('The \'Signature\' field cannot exceed 255 characters!');\n"
. " document.registration.signature.focus();\n"
. " document.registration.signature.select();\n"
. " return false;\n"
. " }\n"
. " return true;\n"
. " }\n"
. " function\n"
. " ValidateEmail(address)\n"
. " {\n"
. " if (/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/.test(address))\n"
. " {\n"
. " return true;\n"
. " }\n"
. " return false;\n"
. " }\n"
. " </SCRIPT>\n"
. " <FORM action=\"index.php?pid=register&step=3\" method=\"POST\" name=\"registration\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">Required Information</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Username:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"username\" value=\"$username\" maxlength=\"64\" size=\"50\"> <FONT class=\"small_text\">Max: 64 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Password:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"password\" name=\"password\" value=\"$password\" maxlength=\"64\" size=\"50\"> <FONT class=\"small_text\">Min 6 characters - Max: 64 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Confirm Password:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"password\" name=\"confirm_password\" value=\"$password\" maxlength=\"64\" size=\"50\"> <FONT class=\"small_text\">Min: 6 characters - Max: 64 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Email:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"email\" value=\"$email\" maxlength=\"128\" size=\"50\"> <FONT class=\"small_text\">Max: 128 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">Optional Information</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Location:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"location\" value=\"$location\" maxlength=\"128\" size=\"50\"> <FONT class=\"small_text\">Max: 128 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Occupation:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"occupation\" value=\"$occupation\" maxlength=\"64\" size=\"50\"> <FONT class=\"small_text\">Max: 64 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Homepage:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"homepage\" value=\"$homepage\" maxlength=\"128\" size=\"50\"> <FONT class=\"small_text\">Max: 128 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Picture:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"picture\" value=\"$picture\" maxlength=\"128\" size=\"50\"> <FONT class=\"small_text\">Max: 128 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Interests:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"interests\" value=\"$interests\" maxlength=\"255\" size=\"50\"> <FONT class=\"small_text\">Max: 255 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>AOL Instant Messenger:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"aim\" value=\"$aim\" maxlength=\"16\" size=\"50\"> <FONT class=\"small_text\">Max: 16 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>ICQ:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"icq\" value=\"$icq\" maxlength=\"16\" size=\"50\"> <FONT class=\"small_text\" size=\"1\">Max: 16 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Yahoo Pager:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"yahoo\" value=\"$yahoo\" maxlength=\"32\" size=\"50\"> <FONT class=\"small_text\">Max: 32 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\" nowrap><B>Signature:</B></TD>\n"
. " <TD width=\"50%\" valign=\"top\" nowrap>\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\">\n"
. " <TR>\n"
. " <TD><TEXTAREA name=\"signature\" rows=\"5\" cols=\"40\" maxlength=\"255\">$signature</TEXTAREA></TD>\n"
. " <TD valign=\"top\" nowrap>&nbsp;<FONT class=\"small_text\">Max: 255 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD colspan=\"2\" class=\"regular_text\">\n";
/* Check the box if the signature is to be included */
if ($include_sig == 1)
$checked = " checked";
else
$checked = "";
/* Display the rest of the form */
echo " <INPUT type=\"checkbox\" name=\"include_sig\" value=\"1\"$checked> Include Signature on New Posts?\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <CENTER><BR><INPUT type=\"Submit\" value=\"Preview Information\" onClick=\"return CheckForm();\"></CENTER>\n"
. " </FORM>\n";
}
/*
* Display the portion that is being previewed
*/
function
PreviewSection ( $section_value, $section_title, $the_color )
{
/* Swap the colors */
if ($the_color == TABLE_COLOR_1)
$the_color = TABLE_COLOR_2;
else
$the_color = TABLE_COLOR_1;
/* Display the start of the section */
echo " <TR bgcolor=\"$the_color\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>$section_title:</B></FONT></TD>\n"
. " <TD width=\"50%\">\n";
/* Don't display the password, for security reasons and all */
if ($section_title == "Password")
echo " <I>Password is hidden for security purposes.</I>\n";
else
echo " $section_value\n";
/* If it's the AIM section, then swap out the variables to make sure everything is okay */
if ($section_title == "AOL Instant Messenger")
$section_title = "aim";
else
$section_title = strtolower($section_title);
/* And, we're out */
echo " <INPUT type=\"hidden\" name=\"$section_title\" value=\"$section_value\">\n"
. " </TD>\n"
. " </TR>\n";
}
?>

871
content/scheme_admin.php Normal file
View file

@ -0,0 +1,871 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'Scheme Administration' page. *
* Don't forget the 12 space indent for all content pages. *
* *
* Last modified : September 24th, 2002 (JJS) *
\******************************************************************************/
/* Redirect possible hack attempts */
$file_name = "scheme_admin.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Grab the variables held by superglobals */
$old_name = GetVars("old_name");
$scheme_id = GetVars("scheme_id");
$scheme_name = GetVars("scheme_name");
$scheme_desc = GetVars("scheme_desc");
$background_color = GetVars("background_color");
$table_border_size = GetVars("table_border_size");
$table_border_color = GetVars("table_border_color");
$table_header_background = GetVars("table_header_background");
$table_header_text_color = GetVars("table_header_text_color");
$text_color = GetVars("text_color");
$text_font = GetVars("text_font");
$text_regular = GetVars("text_regular");
$text_small = GetVars("text_small");
$table_color_1 = GetVars("table_color_1");
$table_color_2 = GetVars("table_color_2");
$link_color = GetVars("link_color");
$error_message = GetVars("error_message");
$header_background = GetVars("header_background");
$menu_background = GetVars("menu_background");
$active_scheme = GetVars("active_scheme");
$forum_exists = GetVars("forum_exists");
$action = GetVars("action");
$step = GetVars("step");
$type = GetVars("type");
/* Parse any user input */
CheckVars(&$step, 1);
CheckVars(&$old_name, 64);
CheckVars(&$scheme_id, 10);
CheckVars(&$scheme_name, 64);
CheckVars(&$scheme_desc, 255);
CheckVars(&$background_color, 7);
CheckVars(&$table_border_size, 2);
CheckVars(&$table_border_color, 7);
CheckVars(&$table_header_background, 7);
CheckVars(&$table_header_text_color, 7);
CheckVars(&$text_color, 7);
CheckVars(&$text_font, 64);
CheckVars(&$text_regular, 2);
CheckVars(&$text_small, 2);
CheckVars(&$table_color_1, 7);
CheckVars(&$table_color_2, 7);
CheckVars(&$link_color, 7);
CheckVars(&$error_message, 7);
CheckVars(&$header_background, 7);
CheckVars(&$menu_background, 7);
CheckVars(&$active_scheme, 2);
/* Check that the user isn't trying to mess with the $step variable */
if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 && $step != 4 && $step != 5 && $step != 6 ) )
$step = 1;
/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */
if ( ( ( $scheme_name == "" ) && ( $step == 3 || $step == 4 ) ) ||
( ( $step == 1 && $QUERY_STRING != "pid=scheme_admin" ) ||
( $step == 2 && $QUERY_STRING != "pid=scheme_admin&step=2" ) ||
( $step == 3 && $QUERY_STRING != "pid=scheme_admin" ) ||
( $step == 4 && $QUERY_STRING != "pid=scheme_admin" ) ||
( $step == 5 && $QUERY_STRING != "pid=scheme_admin" ) ||
( $step == 6 && $QUERY_STRING != "pid=scheme_admin" ) ) ||
( ( $step != 1 && $step != 2 ) && ( strlen(trim($forum_name)) == 0 || strlen(trim($forum_desc)) == 0 ) ) )
{
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
$step = 1;
}
/* Determine which step to use */
if ($action == "Edit Scheme")
$step = 2;
else if ($action == "Edit")
{
$step = 2;
$type = "existing";
}
else if ($action == "Preview Information")
$step = 3;
else if ($action == "Submit Scheme")
$step = 4;
else if ($action == "Delete")
$step = 6;
/* If the user is submitting an existing forum for editting, then go to step 5 */
if ( $step == 4 && $type != "" )
$step = 5;
/* Strip out all escape characters */
/*
I'll unREM this eventually
if ($step == 2)
{
$forum_name = stripslashes(strip_tags($forum_name));
$forum_desc = stripslashes(strip_tags($forum_desc));
$old_name = stripslashes(strip_tags($old_name));
}
if ($step == 3)
{
$forum_name = stripslashes(strip_tags($forum_name));
$forum_desc = stripslashes(strip_tags($forum_desc));
$old_name = stripslashes(strip_tags($old_name));
}
*/
/* What to do, oh what to do ... */
switch ($step)
{
/* Show the forum list */
default:
case 1:
ShowSchemes();
break;
/* Display the new forum page */
case 2:
ShowSchemeForm( $scheme_id, $scheme_name, $scheme_desc, $background_color, $table_border_size, $table_border_color, $table_header_background, $table_header_text_color, $text_color, $text_font, $text_regular, $text_small, $table_color_1, $table_color_2, $link_color, $error_message, $header_background, $menu_background, $active_scheme, $type );
break;
/* Show preview */
case 3:
echo " <FORM action=\"?pid=scheme_admin\" method=\"POST\" name=\"scheme_admin\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR>\n"
. " <TD class=\"table_header\" colspan=\"2\">Forum Preview</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Scheme Name:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $scheme_name\n"
. " <INPUT type=\"hidden\" name=\"scheme_name\" value=\"$scheme_name\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Scheme Description:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $scheme_desc\n"
. " <INPUT type=\"hidden\" name=\"scheme_desc\" value=\"$scheme_desc\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Background Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\">\n"
. " <TR>\n"
. " <TD><TABLE bgcolor=\"$background_color\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD>\n"
. " <TD>&nbsp;$background_color</TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"background_color\" value=\"$background_color\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Table Border Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\">\n"
. " <TR>\n"
. " <TD><TABLE bgcolor=\"$table_border_color\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD>\n"
. " <TD>&nbsp;$table_border_color</TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"table_border_color\" value=\"$table_border_color\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Table Border Size:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $table_border_size\n"
. " <INPUT type=\"hidden\" name=\"table_border_size\" value=\"$table_border_size\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Header Background Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\">\n"
. " <TR>\n"
. " <TD><TABLE bgcolor=\"$header_background\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD>\n"
. " <TD>&nbsp;$header_background</TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"header_background\" value=\"$header_background\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Menu Background Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\">\n"
. " <TR>\n"
. " <TD><TABLE bgcolor=\"$menu_background\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD>\n"
. " <TD>&nbsp;$menu_background</TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"menu_background\" value=\"$menu_background\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Text Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\"><TR><TD><TABLE bgcolor=\"$text_color\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD><TD>&nbsp;$text_color</TD></TR></TABLE>\n"
. " <INPUT type=\"hidden\" name=\"text_color\" value=\"$text_color\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Font Face:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $text_font\n"
. " <INPUT type=\"hidden\" name=\"text_font\" value=\"$text_font\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Small Font Size:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $text_small\n"
. " <INPUT type=\"hidden\" name=\"text_small\" value=\"$text_small\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Regular Font Size:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $text_regular\n"
. " <INPUT type=\"hidden\" name=\"text_regular\" value=\"$text_regular\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Link Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\"><TR><TD><TABLE bgcolor=\"$link_color\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD><TD>&nbsp;$link_color</TD></TR></TABLE>\n"
. " <INPUT type=\"hidden\" name=\"link_color\" value=\"$link_color\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Table Header Background Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\"><TR><TD><TABLE bgcolor=\"$table_header_background\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD><TD>&nbsp;$table_header_background</TD></TR></TABLE>\n"
. " <INPUT type=\"hidden\" name=\"table_header_background\" value=\"$table_header_background\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Table Header Text Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\"><TR><TD><TABLE bgcolor=\"$table_header_text_color\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD><TD>&nbsp;$table_header_text_color</TD></TR></TABLE>\n"
. " <INPUT type=\"hidden\" name=\"table_header_text_color\" value=\"$table_header_text_color\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Alternating Table Color #1:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\"><TR><TD><TABLE bgcolor=\"$table_color_1\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD><TD>&nbsp;$table_color_1</TD></TR></TABLE>\n"
. " <INPUT type=\"hidden\" name=\"table_color_1\" value=\"$table_color_1\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Alternating Table Color #2:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\"><TR><TD><TABLE bgcolor=\"$table_color_2\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD><TD>&nbsp;$table_color_2</TD></TR></TABLE>\n"
. " <INPUT type=\"hidden\" name=\"table_color_2\" value=\"$table_color_2\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Error Message Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\"><TR><TD><TABLE bgcolor=\"$error_message\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD><TD>&nbsp;$error_message</TD></TR></TABLE>\n"
. " <INPUT type=\"hidden\" name=\"error_message\" value=\"$error_message\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Active Scheme:</B></TD>\n"
. " <TD width=\"50%\"><I>";
/* Will this be the active scheme? */
if ($active_scheme == 1)
echo "This will be the active scheme.";
else
echo "This will not be the active scheme.";
/* Finish off the preview */
echo "</I><INPUT type=\"hidden\" name=\"active_scheme\" value=\"$active_scheme\">\n"
. " </TD>\n";
echo " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"scheme_id\" value=\"$scheme_id\">\n"
. " <INPUT type=\"hidden\" name=\"type\" value=\"$type\">\n"
. " <INPUT type=\"hidden\" name=\"old_name\" value=\"$old_name\">\n"
. " <CENTER><BR><INPUT type=\"submit\" value=\"Edit Scheme\" name=\"action\"> <INPUT type=\"submit\" value=\"Submit Scheme\" name=\"action\"></CENTER>\n"
. " </CENTER>\n"
. " </FORM>\n";
break;
/* Add the new scheme to the database */
case 4:
/* Make sure it was POSTed */
if ( $REQUEST_METHOD == "POST" )
{
/* No errors... yet */
$no_err = 0;
/* Pull the number of schemes with the same name */
$SQL = "SELECT COUNT(*) as scheme_exists FROM " . TABLE_PREFIX . "schemes WHERE scheme_name='$scheme_name';";
$results = ExeSQL($SQL);
/* Grab the data, and analyze it */
while ($row = mysql_fetch_array($results))
{
/* If the forum already exists ... */
if ($row["scheme_exists"] != 0)
{
/* Let the user know */
echo " <CENTER class=\"error_message\">A forum by that name already exists!</CENTER><BR>\n";
$no_err++;
}
}
/* If there were no errors, then keep going */
if ($no_err == 0)
{
/* Add the new scheme to the database */
$SQL = "INSERT INTO " . TABLE_PREFIX . "schemes (scheme_name, scheme_desc, background_color, table_border_color, table_border_size, header_background, menu_background, text_color, text_font, text_small, text_regular, link_color, table_header_background, table_header_text_color, table_color_1, table_color_2, error_message, active_scheme) VALUES ('$scheme_name', '$scheme_desc', '$background_color', '$table_border_color', '$table_border_size', '$header_background', '$menu_background', '$text_color', '$text_font', '$text_small', '$text_regular', '$link_color', '$table_header_background', '$table_header_text_color', '$table_color_1', '$table_color_2', '$error_message', '$active_scheme');";
$results = ExeSQL($SQL);
/* If this is supposed to be the active scheme ... */
if ($active_scheme == 1)
{
/* Set all the other schemes to inactive */
$SQL = "UPDATE " . TABLE_PREFIX . "schemes SET active_scheme='0' WHERE scheme_name!='$scheme_name';";
$results = ExeSQL($SQL);
}
/* Let the user know it went off w/o a hitch */
echo " <CENTER class=\"regular_text\">\n"
. " <FONT class=\"normal_message\">The new scheme has successfully been added!</FONT><BR>\n"
. " <A href=\"?pid=scheme_admin\">If you changed the active scheme, click here to update the page</A>\n"
. " </CENTER><BR>\n";
ShowSchemes();
return;
}
else
{
/* If there was a problem, then display the form again */
ShowSchemeForm( $scheme_id, $scheme_name, $scheme_desc, $background_color, $table_border_size, $table_border_color, $table_header_background, $table_header_text_color, $text_color, $text_font, $text_regular, $text_small, $table_color_1, $table_color_2, $link_color, $error_message, $header_background, $menu_background, $active_scheme, $type );
}
}
else
{
/* Same deal */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
ShowSchemeForm( $scheme_id, $scheme_name, $scheme_desc, $background_color, $table_border_size, $table_border_color, $table_header_background, $table_header_text_color, $text_color, $text_font, $text_regular, $text_small, $table_color_1, $table_color_2, $link_color, $error_message, $header_background, $menu_background, $active_scheme, $type );
}
break;
/* Update an existing scheme */
case 5:
/* Make sure the form is POSTed */
if ( $REQUEST_METHOD == "POST" )
{
/* No errors */
$no_err = 0;
/* If the old and new names don't match */
if ($scheme_name != $old_name)
{
/* Pull the number of schemes with the same name */
$SQL = "SELECT COUNT(*) as scheme_exists FROM " . TABLE_PREFIX . "schemes WHERE scheme_name='$scheme_name';";
$results = ExeSQL($SQL);
/* Grab the data, parse the results */
while ($row = mysql_fetch_array($results))
{
/* If the scheme name exists, then error out */
if ($row["scheme_exists"] != 0)
{
echo " <CENTER class=\"error_message\">A scheme by that name already exists!</CENTER><BR>\n";
$no_err++;
}
}
}
/* If there were no errors ... */
if ($no_err == 0)
{
/* Update the scheme in the database */
$SQL = "UPDATE " . TABLE_PREFIX . "schemes SET scheme_name='$scheme_name', scheme_desc='$scheme_desc', background_color='$background_color', table_border_color='$table_border_color', table_border_size='$table_border_size', header_background='$header_background', menu_background='$menu_background', text_color='$text_color', text_font='$text_font', text_small='$text_small', text_regular='$text_regular', link_color='$link_color', table_header_background='$table_header_background', table_header_text_color='$table_header_text_color', table_color_1='$table_color_1', table_color_2='$table_color_2', error_message='$error_message', active_scheme='$active_scheme' WHERE scheme_id='$scheme_id';";
$results = ExeSQL($SQL);
/* If this is supposed to be the active scheme */
if ($active_scheme == 1)
{
/* Then set the other schemes to inactive */
$SQL = "UPDATE " . TABLE_PREFIX . "schemes SET active_scheme='0' WHERE scheme_id!='$scheme_id';";
$results = ExeSQL($SQL);
}
/* Count how many active schemes there are */
$SQL = "SELECT COUNT(*) AS any_active FROM " . TABLE_PREFIX . "schemes WHERE active_scheme='1';";
$results = ExeSQL($SQL);
/* Grab the data and load it in a variable */
while ($row = mysql_fetch_array($results))
$any_active = $row["any_active"];
/* If there are no active schemes */
if ($any_active == 0)
{
/* Set the oldest scheme as active */
$SQL = "UPDATE " . TABLE_PREFIX . "schemes SET active_scheme='1' LIMIT 1;";
$results = ExeSQL($SQL);
}
/* Let the user know everything went well */
echo " <CENTER class=\"regular_text\">\n"
. " <FONT class=\"normal_message\">The forum has successfully been updated!</FONT><BR>\n"
. " <A href=\"?pid=scheme_admin\">If you changed the active scheme, click here to update the page</A>\n"
. " </CENTER><BR>\n";
ShowSchemes();
return;
}
else
ShowSchemeForm( $scheme_id, $scheme_name, $scheme_desc, $background_color, $table_border_size, $table_border_color, $table_header_background, $table_header_text_color, $text_color, $text_font, $text_regular, $text_small, $table_color_1, $table_color_2, $link_color, $error_message, $header_background, $menu_background, $active_scheme, $type );
}
else
{
/* If it wasn't POSTed, then error out */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
ShowSchemeForm( $scheme_id, $scheme_name, $scheme_desc, $background_color, $table_border_size, $table_border_color, $table_header_background, $table_header_text_color, $text_color, $text_font, $text_regular, $text_small, $table_color_1, $table_color_2, $link_color, $error_message, $header_background, $menu_background, $active_scheme, $type );
}
break;
/* Delete the selected scheme */
case 6:
/* Delete the scheme */
$SQL = "DELETE FROM " . TABLE_PREFIX . "schemes WHERE scheme_id='$scheme_id';";
$results = ExeSQL($SQL);
/* Check for active schemes */
$SQL = "SELECT COUNT(*) AS any_active FROM " . TABLE_PREFIX . "schemes WHERE active_scheme='1';";
$results = ExeSQL($SQL);
/* Grab the data, and load it in a variable */
while ($row = mysql_fetch_array($results))
$any_active = $row["any_active"];
/* If there are no active schemes ... */
if ($any_active == 0)
{
/* Set the oldest scheme as active */
$SQL = "UPDATE " . TABLE_PREFIX . "schemes SET active_scheme='1' WHERE scheme_name='default';";
$results = ExeSQL($SQL);
}
/* Let the user know what's up */
echo " <CENTER class=\"regular_text\">\n"
. " <FONT class=\"normal_message\">The scheme has successfully been removed!</FONT><BR>\n"
. " <A href=\"?pid=scheme_admin\">If you changed the active scheme, click here to update the page</A>\n"
. " </CENTER><BR>\n";
ShowSchemes();
return;
break;
}
/*
* Show the schemes that are currently in the database
*/
function
ShowSchemes()
{
/* Stop your yappin' and start showing the schemes */
echo " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">\n"
. " <TABLE cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\" class=\"table_header\">\n"
. " <TR>\n"
. " <TD>\n"
. " Scheme Administration&nbsp;\n"
. " </TD>\n"
. " <TD align=\"right\">\n"
. " [ <A href=\"?pid=scheme_admin&step=2\" class=\"table_header\">Add New Scheme</A> ]\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n"
. " </TR>\n";
/* Set the active color */
$the_color = TABLE_COLOR_2;
/* Pull the schemes */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "schemes ORDER BY scheme_id;";
$results = ExeSQL($SQL);
/* Grab the data, parse the results */
while ($row = mysql_fetch_array($results))
{
/* Load up all the variables */
$scheme_id = $row["scheme_id"];
$scheme_name = $row["scheme_name"];
$scheme_desc = $row["scheme_desc"];
$background_color = $row["background_color"];
$table_border_size = $row["table_border_size"];
$table_border_color = $row["table_border_color"];
$table_header_background = $row["table_header_background"];
$table_header_text_color = $row["table_header_text_color"];
$text_color = $row["text_color"];
$text_font = $row["text_font"];
$text_regular = $row["text_regular"];
$text_small = $row["text_small"];
$table_color_1 = $row["table_color_1"];
$table_color_2 = $row["table_color_2"];
$link_color = $row["link_color"];
$error_message = $row["error_message"];
$header_background = $row["header_background"];
$menu_background = $row["menu_background"];
$active_scheme = $row["active_scheme"];
/* Swap the colors */
if ($the_color == TABLE_COLOR_2)
$the_color = TABLE_COLOR_1;
else
$the_color = TABLE_COLOR_2;
/* Keep showing the data */
echo " <TR bgcolor=\"$the_color\">\n"
. " <TD>\n"
. " <TABLE cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n"
. " <TR>\n"
. " <TD valign=\"top\"width=\"400\">\n"
. " <FONT class=\"regular_text\">";
/* If the current scheme is active, then bold the name */
if ($active_scheme != 1)
echo "<A href=\"?preview_scheme=$scheme_id\" target=\"new\">$scheme_name</A>";
else
echo "<B><A href=\"?preview_scheme=$scheme_id\" target=\"new\">$scheme_name</A></B>";
/* Finish displaying */
echo "</FONT><BR>\n"
. " <FONT class=\"small_text\">$scheme_desc</FONT><BR>\n"
. " </TD>\n";
/*
I couldn't get this shit to look right, so it's been replaced... I think this code might get resurrected someday, hence why it's still here!!
echo " <TD align=\"center\" valign=\"top\">\n"
. " <TABLE border class=\"table_border\" bgcolor=\"$background_color\" cellspacing=\"0\" cellpadding=\"10\" width=\"200\" height=\"150\">\n"
. " <TR>\n"
. " <TD align=\"center\" valign=\"middle\">\n"
. " <FONT face=\"$text_font\" color=\"$error_message\" style=\"font-size: $text_regular;\"><B>error message</B></FONT>\n"
. " <TABLE width=\"100%\" border=\"$table_border_size=\" bordercolor=\"$table_border_color\" cellspacing=\"0\" cellpadding=\"5\">\n"
. " <TR bgcolor=\"$table_header_background\">\n"
. " <TD><FONT face=\"$text_font\" style=\"font-size: $text_small; color=\"$table_header_text_color;\"><B>table header</B></FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"$table_color_1\">\n"
. " <TD><FONT face=\"$text_font\" color=\"$text_color\" style=\"font-size: $text_regular;\">regular text...</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"$table_color_2\">\n"
. " <TD>\n"
. " <A href=\"\"><FONT face=\"$text_font\" color=\"$link_color\" style=\"font-size: $text_regular;\">linkage...</FONT></A>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <FONT face=\"$text_font\" color=\"$normal_message\" style=\"font-size: $text_regular;\"><B>normal message</B></FONT>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n";
*/
/* Throw all the properties into hidden fields */
echo " <TD align=\"right\" valign=\"top\" nowrap>\n"
. " <FORM action=\"?pid=scheme_admin\" method=\"POST\">\n"
. " <INPUT type=\"hidden\" name=\"scheme_id\" value=\"$scheme_id\">\n"
. " <INPUT type=\"hidden\" name=\"scheme_name\" value=\"$scheme_name\">\n"
. " <INPUT type=\"hidden\" name=\"scheme_desc\" value=\"$scheme_desc\">\n"
. " <INPUT type=\"hidden\" name=\"background_color\" value=\"$background_color\">\n"
. " <INPUT type=\"hidden\" name=\"table_border_size\" value=\"$table_border_size\">\n"
. " <INPUT type=\"hidden\" name=\"table_border_color\" value=\"$table_border_color\">\n"
. " <INPUT type=\"hidden\" name=\"table_header_background\" value=\"$table_header_background\">\n"
. " <INPUT type=\"hidden\" name=\"table_header_text_color\" value=\"$table_header_text_color\">\n"
. " <INPUT type=\"hidden\" name=\"text_color\" value=\"$text_color\">\n"
. " <INPUT type=\"hidden\" name=\"text_font\" value=\"$text_font\">\n"
. " <INPUT type=\"hidden\" name=\"text_regular\" value=\"$text_regular\">\n"
. " <INPUT type=\"hidden\" name=\"text_small\" value=\"$text_small\">\n"
. " <INPUT type=\"hidden\" name=\"table_color_1\" value=\"$table_color_1\">\n"
. " <INPUT type=\"hidden\" name=\"table_color_2\" value=\"$table_color_2\">\n"
. " <INPUT type=\"hidden\" name=\"link_color\" value=\"$link_color\">\n"
. " <INPUT type=\"hidden\" name=\"error_message\" value=\"$error_message\">\n"
. " <INPUT type=\"hidden\" name=\"header_background\" value=\"$header_background\">\n"
. " <INPUT type=\"hidden\" name=\"menu_background\" value=\"$menu_background\">\n"
. " <INPUT type=\"hidden\" name=\"active_scheme\" value=\"$active_scheme\">\n"
. " <INPUT type=\"submit\" name=\"action\" value=\"Edit\">\n"
. " <INPUT type=\"submit\" name=\"action\" value=\"Delete\" onClick=\"return Confirm('Are you sure you want to delete this scheme?');\">\n"
. " </FORM>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n"
. " </TR>\n";
}
/* Close off the table */
echo " </TABLE>\n";
}
/*
* Show the form to edit the scheme
*/
function
ShowSchemeForm( $scheme_id, $scheme_name, $scheme_desc, $background_color, $table_border_size, $table_border_color, $table_header_background, $table_header_text_color, $text_color, $text_font, $text_regular, $text_small, $table_color_1, $table_color_2, $link_color, $error_message, $header_background, $menu_background, $active_scheme, $type )
{
echo " <SCRIPT language=\"JavaScript\">\n"
. " function\n"
. " CheckForm()\n"
. " {\n"
. " if (document.scheme_admin.scheme_name.value == '')\n"
. " {\n"
. " alert('The \'Scheme Name\' field is mandatory!');\n"
. " document.scheme_admin.scheme_name.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.scheme_desc.value == '')\n"
. " {\n"
. " alert('The \'Scheme Description\' field is mandatory!');\n"
. " document.scheme_admin.scheme_desc.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.background_color.value == '')\n"
. " {\n"
. " alert('The \'Background Color\' field is mandatory!');\n"
. " document.scheme_admin.background_color.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.table_border_color.value == '')\n"
. " {\n"
. " alert('The \'Table Border Color\' field is mandatory!');\n"
. " document.scheme_admin.table_border_color.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.table_border_size.value == '')\n"
. " {\n"
. " alert('The \'Table Border Size\' field is mandatory!');\n"
. " document.scheme_admin.table_border_size.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.header_background.value == '')\n"
. " {\n"
. " alert('The \'Header Background Color\' field is mandatory!');\n"
. " document.scheme_admin.header_background.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.menu_background.value == '')\n"
. " {\n"
. " alert('The \'Menu Background Color\' field is mandatory!');\n"
. " document.scheme_admin.menu_background.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.text_color.value == '')\n"
. " {\n"
. " alert('The \'Text Color\' field is mandatory!');\n"
. " document.scheme_admin.text_color.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.text_font.value == '')\n"
. " {\n"
. " alert('The \'Font Face\' field is mandatory!');\n"
. " document.scheme_admin.text_font.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.text_small.value == '')\n"
. " {\n"
. " alert('The \'Small Font Size\' field is mandatory!');\n"
. " document.scheme_admin.text_small.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.text_regular.value == '')\n"
. " {\n"
. " alert('The \'Regular Font Size\' field is mandatory!');\n"
. " document.scheme_admin.text_regular.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.link_color.value == '')\n"
. " {\n"
. " alert('The \'Link Color\' field is mandatory!');\n"
. " document.scheme_admin.link_color.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.table_header_background.value == '')\n"
. " {\n"
. " alert('The \'Table Header Background Color\' field is mandatory!');\n"
. " document.scheme_admin.table_header_background.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.table_header_text_color.value == '')\n"
. " {\n"
. " alert('The \'Table Header Text Color\' field is mandatory!');\n"
. " document.scheme_admin.table_header_text_color.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.table_color_1.value == '')\n"
. " {\n"
. " alert('The \'Alternating Table Color #1\' field is mandatory!');\n"
. " document.scheme_admin.table_color_1.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.table_color_2.value == '')\n"
. " {\n"
. " alert('The \'Alternating Table Color #2\' field is mandatory!');\n"
. " document.scheme_admin.table_color_2.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.error_message.value == '')\n"
. " {\n"
. " alert('The \'Error Message Color\' field is mandatory!');\n"
. " document.scheme_admin.error_message.focus();\n"
. " return false;\n"
. " }\n"
. " return true;\n"
. " }\n"
. " </SCRIPT>\n"
. " <FORM action=\"?pid=scheme_admin\" method=\"POST\" name=\"scheme_admin\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\"><TD colspan=\"2\">Scheme Administration</TD></TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Scheme Name:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"scheme_name\" value=\"$scheme_name\" size=\"50\" maxlength=\"64\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Scheme Description:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TEXTAREA name=\"scheme_desc\" rows=\"5\" cols=\"40\">$scheme_desc</TEXTAREA>\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Background Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"background_color\" value=\"$background_color\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Table Border Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"table_border_color\" value=\"$table_border_color\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Table Border Size:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"table_border_size\" value=\"$table_border_size\" size=\"4\" maxlength=\"2\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Header Background Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"header_background\" value=\"$header_background\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Menu Background Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"menu_background\" value=\"$menu_background\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Text Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"text_color\" value=\"$text_color\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Font Face:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"text_font\" value=\"$text_font\" size=\"50\" maxlength=\"64\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Small Font Size:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"text_small\" value=\"$text_small\" size=\"4\" maxlength=\"2\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Regular Font Size:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"text_regular\" value=\"$text_regular\" size=\"4\" maxlength=\"2\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Link Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"link_color\" value=\"$link_color\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Table Header Background Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"table_header_background\" value=\"$table_header_background\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Table Header Text Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"table_header_text_color\" value=\"$table_header_text_color\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Alternating Table Color #1:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"table_color_1\" value=\"$table_color_1\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Alternating Table Color #2:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"table_color_2\" value=\"$table_color_2\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Error Message Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"error_message\" value=\"$error_message\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Active Scheme:</B></TD>\n"
. " <TD width=\"50%\">\n";
/* If it's the active scheme, then put a check in the box */
if ($active_scheme == 1)
$checked = " checked";
else
$checked = "";
/* An finish off displaying the page */
echo " <INPUT type=\"checkbox\" name=\"active_scheme\" value=\"1\"$checked> Scheme is active?\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"scheme_id\" value=\"$scheme_id\">\n"
. " <INPUT type=\"hidden\" name=\"type\" value=\"$type\">\n"
. " <INPUT type=\"hidden\" name=\"old_name\" value=\"$scheme_name\">\n"
. " <CENTER><BR><INPUT type=\"submit\" value=\"Preview Information\" name=\"action\" onClick=\"return CheckForm();\"></CENTER>\n"
. " </FORM>\n";
}
?>

1090
content/user_admin.php Normal file
View file

File diff suppressed because it is too large Load diff

267
content/view_forums.php Normal file
View file

@ -0,0 +1,267 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'View Forums' page. Don't *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 21st, 2002 (JJS) *
\******************************************************************************/
/* Deter hackers */
$file_name = "view_forums.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Pull the total number of users */
$SQL = "SELECT COUNT(*) as total_users FROM " . TABLE_PREFIX . "users;";
$results = ExeSQL($SQL);
/* Start off the table to divide everything */
echo " <TABLE border=\"0\" width=\"100%\">\n"
. " <TR class=\"small_text\">\n"
. " <TD>\n";
/* Grab the data, and display it */
while ($row = mysql_fetch_array($results))
echo " Registered Members: <B>" . $row["total_users"] . "</B><BR>\n";
/* Start the number of posts at zero */
$total_posts = 0;
/* Pull the total number of threads */
$SQL = "SELECT COUNT(*) AS total_posts FROM " . TABLE_PREFIX . "threads;";
$results = ExeSQL($SQL);
/* Grab the data and load it in a variable */
while ($row = mysql_fetch_array($results))
$total_posts = $row["total_posts"];
/* Pull the total number of replies */
$SQL = "SELECT COUNT(*) AS total_posts FROM " . TABLE_PREFIX . "replies;";
$results = ExeSQL($SQL);
/* Grab the data, and load it in a variable */
while ($row = mysql_fetch_array($results))
$total_posts = $total_posts + $row["total_posts"];
/* Display the total number of posts */
echo " Total Posts: <B>$total_posts</B><BR>\n";
/* Pull the most recent user added to the database */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "users ORDER BY user_id DESC LIMIT 1;";
$results = ExeSQL($SQL);
/* Grab the data, and throw it on the screen */
while ($row = mysql_fetch_array($results))
echo " Welcome to our newest member, <B><A href=\"?pid=view_profile&user=" . $row["user_name"] . "\">" . $row["user_name"] . "</A></B>.<P>\n";
/* Show the current date / time, then close out the table */
echo " </TD>\n"
. " <TD align=\"right\" valign=\"bottom\">\n"
. " " . date("l, F jS, Y\<\B\R\>g:i:s A T") . "\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n";
/* Pull the forum list */
$SQL = "SELECT DISTINCT(forum_id) FROM " . TABLE_PREFIX . "forums;";
$results = ExeSQL($SQL);
/* Grab the data, and load it in an array */
while ($row = mysql_fetch_array($results))
$forum_list[] = $row["forum_id"];
/* Loop through the forum list and count the number of threads and replies, loading both into their respective arrays */
for ( $i = 0; $i < count($forum_list); $i++ )
{
/* Set the current forum in the loop */
$current_forum = $forum_list[$i];
/* Pull the total number of threads for the forum */
$SQL = "SELECT COUNT(*) AS total_threads FROM " . TABLE_PREFIX . "threads WHERE forum_id='$current_forum';";
$results = ExeSQL($SQL);
/* Grab the data, and load it in an array */
while ($row = mysql_fetch_array($results))
$total_threads[] = $row["total_threads"];
/* Pull the total number of replies for the forum */
$SQL = "SELECT COUNT(*) AS total_replies FROM " . TABLE_PREFIX . "replies WHERE forum_id='$current_forum';";
$results = ExeSQL($SQL);
/* Grab the data, and load it in an array */
while ($row = mysql_fetch_array($results))
$total_replies[] = $row["total_replies"];
}
/* Build the HTML table (column headings) */
echo " <TABLE cellspacing=\"0\" cellpadding=\"5\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD>Forum</TD>\n"
. " <TD align=\"center\" width=\"1\">Threads</TD>\n"
. " <TD align=\"center\" width=\"1\">Replies</TD>\n"
. " <TD align=\"center\" width=\"\" nowrap>Latest Post</TD>\n"
. " <TD align=\"center\" width=\"\">Moderator</TD>\n"
. " </TR>\n";
/* Pull each forum name in alpabetical order */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "forums ORDER BY forum_order, forum_name;";
$results = ExeSQL($SQL);
/* Grab the data, do crap to it and and display it in the table */
while ($row = mysql_fetch_array($results))
{
/* Determine how many posts there are for that forum */
$forum_key = array_search($row["forum_id"], $forum_list);
$all_threads = $total_threads[$forum_key];
$all_replies = $total_replies[$forum_key];
/* If there are no posts, then just set the value to "--" instead of "0" which I find unpleasant to the eye */
if ( $all_threads == "" || $all_threads == 0 )
$all_threads = "--";
/* If there are no posts, then just set the value to "--" instead of "0" which I find unpleasant to the eye */
if ( $all_replies == "" || $all_replies == 0 )
$all_replies = "--";
/* Null out these variables */
$moderator_id = "";
$moderators = "";
/* Grab the moderators */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "moderators WHERE forum_id=" . $row["forum_id"] . ";";
$results2 = ExeSQL($SQL);
/* Give the arrays default values */
$moderator_id[] = "";
//$moderators[] = "";
/* Grab the data, and add it to an array */
while ($row2 = mysql_fetch_array($results2))
$moderator_id[] = $row2["user_id"];
/* Loop through the array */
for ( $i = 0; $i < sizeof($moderator_id); $i++ )
{
/* Grab the moderators */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_id='" . $moderator_id[$i] . "';";
$results2 = ExeSQL($SQL);
/* Grab the data, and add it to an array */
while ($row2 = mysql_fetch_array($results2))
$moderators[] = $row2["user_name"];
}
/* Clear out the variables before we determine the most recent post for the forum */
$latest_post = "";
$latest_user = "";
$thread_time = "";
$thread_user = "";
$reply_time = "";
$reply_user = "";
/* Grab the most recent thread */
$SQL = "SELECT *, DATE_FORMAT(thread_time, '%W, %M %e, %Y<BR>%r') AS nice_time FROM " . TABLE_PREFIX . "threads WHERE forum_id=" . $row["forum_id"] . " ORDER BY thread_id DESC LIMIT 1 ;";
$results2 = ExeSQL($SQL);
/* Grab the data, and add it to variables */
while ($row2 = mysql_fetch_array($results2))
{
$thread_time = $row2["nice_time"];
$thread_user = $row2["user_id"];
}
/* Grab the most recent replies */
$SQL = "SELECT *, DATE_FORMAT(reply_time, '%W, %M %e, %Y<BR>%r') AS nice_time FROM " . TABLE_PREFIX . "replies WHERE forum_id=" . $row["forum_id"] . " ORDER BY reply_id DESC LIMIT 1 ;";
$results2 = ExeSQL($SQL);
/* Grab the data, and load it into variables */
while ($row2 = mysql_fetch_array($results2))
{
$reply_time = $row2["nice_time"];
$reply_user = $row2["user_id"];
}
/* If the thread is more recent than the reply */
if ($thread_time > $reply_time)
{
/* Set the thread as the most recent */
$latest_post = $thread_time;
$latest_user = $thread_user;
}
else
{
/* Set the reply as the most recent */
$latest_post = $reply_time;
$latest_user = $reply_user;
}
/* Grab the most recent user */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_id='" . $latest_user . "';";
$results2 = ExeSQL($SQL);
/* Grab the data, and load it in a variable */
while ($row2 = mysql_fetch_array($results2))
$latest_user = $row2["user_name"];
/* Display more stuff on the screen */
echo " <TR>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_1 . "\"><FONT class=\"regular_text\"><A href=\"?pid=view_threads&forum_id=" . $row["forum_id"] . "\">" . $row["forum_name"] . "</A></FONT><BR><FONT class=\"small_text\">" . $row["forum_desc"] . "</FONT></TD>\n"
. " <TD align=\"center\" valign=\"middle\" bgcolor=\"" . TABLE_COLOR_2 . "\">\n"
. " <FONT class=\"regular_text\">" . $all_threads . "</FONT>\n"
. " </TD>\n"
. " <TD align=\"center\" valign=\"middle\" bgcolor=\"" . TABLE_COLOR_1 . "\">\n"
. " <FONT class=\"regular_text\">" . $all_replies . "</FONT>\n"
. " </TD>\n"
. " <TD valign=\"middle\" align=\"center\" bgcolor=\"" . TABLE_COLOR_2 . "\" nowrap>\n";
/* If the latest post exists then display it */
if ($latest_post != "")
echo " <FONT class=\"small_text\">$latest_post by <B><A href=\"?pid=view_profile&user=$latest_user\">$latest_user</A></B></FONT><BR>\n";
else
echo " <FONT class=\"regular_text\">--</FONT>\n";
/* Finish off this section */
echo " </TD>\n"
. " <TD align=\"center\" valign=\"middle\" bgcolor=\"" . TABLE_COLOR_1 . "\" width=\"150\">\n"
. " <FONT class=\"small_text\">";
/* If there are moderators then show them */
if (@isset($moderators[0]))
{
/* Sort the list in alphabetical order */
sort($moderators);
/* Sort through the array */
for ( $i = 0; $i < sizeof($moderators); $i++ )
{
/* Display the moderators */
echo "<A href=\"?pid=view_profile&user={$moderators[$i]}\">{$moderators[$i]}</A>";
/* Comma deliminate them */
if ($i != (sizeof($moderators)) - 1)
echo ", ";
}
/* Throw in a line break for good measure */
echo "<BR>";
}
else
echo "<FONT class=\"regular_text\">--</FONT>";
/* Finish off this page! */
echo " </FONT>\n"
. " </TD>\n"
. " </TR>\n";
}
echo " </TABLE>\n";
?>

44
content/view_message.php Normal file
View file

@ -0,0 +1,44 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'View Message' page. Don't *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 24th, 2002 (JJS) *
\******************************************************************************/
/* Redirect the person if they call this file directly */
$file_name = "view_message.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Pull the named message */
if ($message == "faq")
{
require("./language/faq.php");
$message_name = FAQ_TITLE;
$message_body = FREQUENTLY_ASKED_QUESTIONS;
}
else
header("Location: ../index.php");
/* Display the message */
echo " <TABLE cellspacing=\"0\" cellpadding=\"5\" width=\"100%\" border class=\"table_border\">\n"
. " <TR>\n"
. " <TD class=\"table_header\">$message_name</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\">\n"
. " <TD class=\"regular_text\">\n"
. " $message_body\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n";
?>

191
content/view_profile.php Normal file
View file

@ -0,0 +1,191 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'View Profile' page. Don't *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 24th, 2002 (JJS) *
\******************************************************************************/
/* Stop all direct access to this file!!! */
$file_name = "view_profile.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Grab the veriables held by superglobals */
$user = $_GET['user'];
/* Parse any user input */
CheckVars(&$user, 64);
/* Pull the number of accounts with the specified username */
$SQL = "SELECT COUNT(*) AS user_exists FROM " . TABLE_PREFIX . "users WHERE user_name='$user';";
$results = ExeSQL($SQL);
/* Grab the data and add it to a variable */
while ($row = mysql_fetch_array($results))
$user_exists = $row["user_exists"];
/* If the user doesn't exist then ... */
if ($user_exists == 0)
{
/* Let the user know what's up, then redirect to the view forums page */
echo " <CENTER class=\"normal_message\">Sorry, there are no users by that name!</CENTER><BR><BR>\n";
require("view_forums.php");
}
else
{
/* Pull the information for the specified username */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_name='$user';";
$results = ExeSQL($SQL);
/* Grab the data, and add it to variables */
while ($row = mysql_fetch_array($results))
{
$username = $row["user_name"];
$email = $row["user_email"];
$location = $row["user_location"];
$occupation = $row["user_occupation"];
$homepage = $row["user_homepage"];
$picture = $row["user_picture"];
$interests = $row["user_interests"];
$aim = $row["user_aim"];
$icq = $row["user_icq"];
$yahoo = $row["user_yahoo"];
}
/* Display the table header */
echo " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">$username's Profile</TD>\n"
. " </TR>\n";
/* Set the active color to the second color */
$the_color = TABLE_COLOR_2;
/* Preview the email section */
PreviewSection ( $email, "Email", &$the_color );
/* If the location isn't NULL, then preview it */
if ( $location != "" )
PreviewSection( $location, "Location", &$the_color );
/* same with the occupation */
if ( $occupation != "" )
PreviewSection( $occupation, "Occupation", &$the_color );
/* and the homepage */
if ( $homepage != "" && $homepage != "http://" )
PreviewSection( $homepage, "Homepage", &$the_color );
/* AND the picture */
if ( $picture != "" && $picture != "http://" )
PreviewSection ( $picture, "Picture", &$the_color );
/* Can't forget the interests */
if ( $interests != "" )
PreviewSection ( $interests, "Interests", &$the_color );
/* And of course, the AIM name */
if ( $aim != "" )
PreviewSection ( $aim, "AOL Instant Messenger", &$the_color );
/* Along with the ICQ UIN */
if ( $icq != "" )
PreviewSection ( $icq, "ICQ", &$the_color );
/* And last, and IMHO least, the Yahoo! Pager */
if ( $yahoo != "" )
PreviewSection ( $yahoo, "Yahoo Pager", &$the_color );
/* Close out the fuggin' table */
echo " </TABLE>\n";
}
/*
* This function lets you preview sections, and
* kills a lot of repetative, and messy code
*/
function
PreviewSection ( $section_value, $section_title, $the_color )
{
/* Swap the colors */
if ($the_color == TABLE_COLOR_1)
$the_color = TABLE_COLOR_2;
else
$the_color = TABLE_COLOR_1;
/* Display the section name */
echo " <TR bgcolor=\"$the_color\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>$section_title:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " ";
/* Jump to the section for the appropriate section */
switch ($section_title)
{
/* Email section */
case "Email":
echo "<A href=\"mailto:$section_value\">$section_value</A>";
break;
/* Homepage section */
case "Homepage":
echo "<A href=\"$section_value\" target=\"_blank\">$section_value</A>";
break;
/* AIM Section*/
case "AOL Instant Messenger":
echo "$section_value ";
$section_value = str_replace(" ", "", $section_value);
/* Add the cool links instead of just the AIM name */
echo "(<A href=\"aim:addbuddy?screenname=$section_value\">Add Buddy</A>, <A href=\"aim:goim?screenname=$section_value&message=\">Send Message</A>)";
break;
/* Picture section */
case "Picture":
/* Grab the image size */
$profile_img = @getimagesize($section_value);
/* Set the caption */
$image_caption = "Image size";
/* If the width is larger than 320, then rectify the situation */
if ($profile_img[0] > 320)
$profile_img[0] = 320;
/* Same with the height, but set it to 240 */
if ($profile_img[1] > 240)
$profile_img[1] = 240;
/* If height's larger, then use the height, width larger, then use the width */
if ($profile_img[0] > $profile_img[1])
$scale_img = "height=\"$profile_img[1]\"";
else
$scale_img = "width=\"$profile_img[0]\"";
/* Show the image!! */
echo " <TABLE cellspacing=\"0\" cellpadding=\"0\" border class=\"table_border\"><TR><TD><A href=\"$section_value\" target=\"_blank\"><IMG src=\"$section_value\" $scale_img border=\"0\"></A></TD></TR></TABLE>\n";
break;
/* Not specified, then just display the value */
default:
echo "$section_value";
break;
}
/* Finish it off */
echo "</FONT>\n"
. " </TD>\n"
. " </TR>\n";
}
?>

300
content/view_replies.php Normal file
View file

@ -0,0 +1,300 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'View Replies' page. Don't *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 13th, 2002 (JJS) *
\******************************************************************************/
/* srekcah eb-dluow yna pu kcuF */
$file_name = "view_forums.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Assign a value to the array, so it doesn't freak out is the user is an admin, but not a moderator */
$moderated_forums[] = "0";
/* Pull the list of forums this user is a moderator for */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "moderators WHERE user_id='$user_id';";
$results = ExeSQL($SQL);
/* Grab the data and load it in an array */
while ($row = mysql_fetch_array($results))
$moderated_forums[] = $row["forum_id"];
/* Pull the forum id list from the database */
$SQL = "SELECT forum_id FROM " . TABLE_PREFIX . "forums;";
$results = ExeSQL($SQL);
/* Grab the data and load it into an array */
while ($row = mysql_fetch_array($results))
$forum_list[] = $row["forum_id"];
/* Pull the thread id list from the database */
$SQL = "SELECT thread_id FROM " . TABLE_PREFIX . "threads;";
$results = ExeSQL($SQL);
/* Grab the data and load it into an array */
while ($row = mysql_fetch_array($results))
$thread_list[] = $row["thread_id"];
/* If the forum doesn't exist, then halt */
if ( !in_array($forum_id, $forum_list) || !in_array($thread_id, $thread_list) )
{
echo " <CENTER class=\"error_message\"><B>Malformed request detected!</CENTER>
<BR>\n";
require ("./content/view_forums.php");
return;
}
/* Start off the table */
echo " <TABLE width=\"100%\" cellpadding=\"0\" cellspacing=\"0\">\n"
. " <TR>\n";
/* Pull the forum name from the database */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "forums WHERE forum_id='$forum_id';";
$results = ExeSQL($SQL);
/* Grab the data and print it on the screen */
while ($row = mysql_fetch_array($results))
echo " <TD class=\"regular_text\"><A href=\"?pid=view_forums\">" . BOARD_NAME . "</A> > <A href=\"?pid=view_threads&forum_id=" . $row["forum_id"] . "\">" . $row["forum_name"] . "</A> > ";
/* Pull the thread name from the database */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "threads WHERE thread_id=$thread_id;";
$results = ExeSQL($SQL);
/* Grab the data and throw it on the screen */
while ($row = mysql_fetch_array($results))
echo " " . $row["thread_title"] . "</TD>\n";
/* Add some options for the user */
echo " <TD align=\"right\" class=\"regular_text\"><A href=\"?pid=post_thread&forum_id=$forum_id\">Post New Thread</A> | <A href=\"?pid=post_reply&thread_id=$thread_id&forum_id=$forum_id\">Post Reply</A></TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <BR>\n";
/* Pull each thread name from the database */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "threads WHERE thread_id='$thread_id';";
$results = ExeSQL($SQL);
/* Grab the data and load it into a variable */
while ($row = mysql_fetch_array($results))
$thread_topic = $row["thread_title"];
/* Build the HTML table (column headings) */
echo " <TABLE cellspacing=\"0\" cellpadding=\"5\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD width=\"150\">Author</TD>\n"
. " <TD width=\"100%\">Thread: $thread_topic</TD>\n"
. " </TR>\n";
/* Pull the requested thread */
$SQL = "SELECT *, DATE_FORMAT(thread_time, '%W, %M %e, %Y %r') AS nice_time FROM " . TABLE_PREFIX . "threads WHERE thread_id='$thread_id' ORDER BY thread_title;";
$results = ExeSQL($SQL);
/* Grab the data, and parse it out and do some other shit too! */
while ($row = mysql_fetch_array($results))
{
/* Pull each user name from the database */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_id='" . $row["user_id"] . "';";
$results2 = ExeSQL($SQL);
/* Grab the data and load it into an array */
while ($row2 = mysql_fetch_array($results2))
{
$user_name = $row2["user_name"];
$user_location = $row2["user_location"];
}
/* Pull the total number of threads from the database */
$SQL = "SELECT COUNT(*) AS total_posts FROM " . TABLE_PREFIX . "threads WHERE user_id='" . $row["user_id"] . "';";
$results2 = ExeSQL($SQL);
/* Grab the data and load it into a variable */
while ($row2 = mysql_fetch_array($results2))
$total_posts = $row2["total_posts"];
/* Pull the total number of replies from the database */
$SQL = "SELECT COUNT(*) AS total_posts FROM " . TABLE_PREFIX . "replies WHERE user_id='" . $row["user_id"] . "';";
$results2 = ExeSQL($SQL);
/* Grab the data and load it into a variable */
while ($row2 = mysql_fetch_array($results2))
$total_posts = $total_posts + $row2["total_posts"];
echo " <TR>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_2 . "\" width=\"200\" valign=\"top\" nowrap>\n"
. " <FONT class=\"regular_text\"><B><A href=\"?pid=view_profile&user=$user_name\">$user_name</A></B></FONT><BR><BR>\n"
. " <FONT class=\"small_text\">\n"
. " Total Posts: $total_posts<BR>\n";
/* Show the user the tree of where they are located */
if ($user_location != "") { echo " Location: $user_location<BR>\n"; }
/* Display more of the table */
echo " </FONT>\n"
. " </TD>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_2 . "\" width=\"100%\" valign=\"top\">\n"
. " <FONT class=\"small_text\">Posted " . $row["nice_time"] . "</FONT>\n"
. " <HR>\n"
. " <FONT class=\"regular_text\">\n"
. " " . $row["thread_body"] . "\n"
. " </FONT>\n";
/* If the user is a moderator or an admin then ... */
if ( ( $is_moderator != 0 && in_array($forum_id, $moderated_forums) ) || $is_admin != 0 )
{
/* Pull each user ip from the database */
$SQL = "SELECT user_ip FROM " . TABLE_PREFIX . "threads WHERE thread_id=" . $row["thread_id"] . ";";
$results2 = ExeSQL($SQL);
/* Grab the data and load it int a variable */
while ($row2 = mysql_fetch_array($results2))
$user_ip = $row2["user_ip"];
/* Display the start of the mod / admin options */
echo " <HR>\n"
. " <TABLE width=\"100%\" cellspacing=\"0\" cellpadding=\"0\">\n"
. " <TR class=\"small_text\">\n";
/* Is the user a mod or an admin? */
if ($is_admin == 0)
$which = "mod";
else
$which = "admin";
/* Display the form */
echo " <FORM action=\"index.php\" method=\"POST\" name=\"" . $which . "_tools\">\n"
. " <TD>\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n";
/* Check if the value is set */
if (isset($row["reply_id"]))
echo " <INPUT type=\"hidden\" name=\"reply_id\" value=\"" . $row["reply_id"] . "\">\n";
/* Keep on truckin' */
echo " <INPUT type=\"hidden\" name=\"thread_id\" value=\"" . $row["thread_id"] . "\">\n"
. " <INPUT type=\"submit\" name=\"" . $which . "_action\" value=\"Delete Entire Thread\" onClick=\"return Confirm('Are you sure you want to delete this thread, and all of the associated replies?');\">\n"
. " </TD>\n"
. " <TD align=\"right\">\n"
. " <B>IP:</B> " . $user_ip . "\n"
. " </TD>\n"
. " </FORM>\n"
. " </TR>\n"
. " </TABLE>\n";
}
/* Close off the section */
echo " </TD>\n"
. " </TR>\n";
}
/* Pull each reply in reverse time order */
$SQL = "SELECT *, DATE_FORMAT(reply_time, '%W, %M %e, %Y %r') AS nice_time FROM " . TABLE_PREFIX . "replies WHERE thread_id='$thread_id' ORDER BY reply_time;";
$results = ExeSQL($SQL);
/* Grab the data, and display it in the table */
while ($row = mysql_fetch_array($results))
{
/* Pull each user name from the database */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_id='" . $row["user_id"] . "';";
$results2 = ExeSQL($SQL);
/* Grab the data and load it into variables */
while ($row2 = mysql_fetch_array($results2))
{
$user_name = $row2["user_name"];
$user_location = $row2["user_location"];
}
/* Pull the total number of posts */
$SQL = "SELECT COUNT(*) AS total_posts FROM " . TABLE_PREFIX . "threads WHERE user_id='" . $row["user_id"] . "';";
$results2 = ExeSQL($SQL);
/* Grab the data and load it into a variable */
while ($row2 = mysql_fetch_array($results2))
$total_posts = $row2["total_posts"];
/* Pull the total number of replies */
$SQL = "SELECT COUNT(*) AS total_posts FROM " . TABLE_PREFIX . "replies WHERE user_id='" . $row["user_id"] . "';";
$results2 = ExeSQL($SQL);
/* Grab the data and load it into a variable */
while ($row2 = mysql_fetch_array($results2))
$total_posts = $total_posts + $row2["total_posts"];
/* Display the user info */
echo " <TR>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_1 . "\" width=\"150\" valign=\"top\" nowrap>\n"
. " <FONT class=\"regular_text\"><B><A href=\"?pid=view_profile&user=$user_name\">$user_name</A></B></FONT><BR><BR>\n"
. " <FONT class=\"small_text\">\n"
. " Total Posts: $total_posts<BR>\n";
/* If the user specified their location, then display it */
if ($user_location != "") { echo " Location: $user_location<BR>\n"; }
/* Keep going ... */
echo " </FONT>\n"
. " </TD>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_1 . "\" width=\"100%\">\n"
. " <FONT class=\"small_text\">Posted " . $row["nice_time"] . "</FONT>\n"
. " <HR>\n"
. " <FONT class=\"regular_text\">\n"
. " " . $row["reply_body"] . "\n"
. " </FONT>\n";
/* If the user is a mod or an admin, then display the extra options */
if ( ( $is_moderator != 0 && in_array($forum_id, $moderated_forums) ) || $is_admin != 0 )
{
/* Pull the user's IP address */
$SQL = "SELECT user_ip FROM " . TABLE_PREFIX . "replies WHERE reply_id='" . $row["reply_id"] . "';";
$results2 = ExeSQL($SQL);
/* Grab the data and load it into a variable */
while ($row2 = mysql_fetch_array($results2))
$user_ip = $row2["user_ip"];
/* Start displaying the options */
echo " <HR>\n"
. " <TABLE width=\"100%\" cellspacing=\"0\" cellpadding=\"0\">\n"
. " <TR class=\"small_text\">\n";
/* Is the user an admin or a moderator? */
if ($is_admin == 0)
$which = "mod";
else
$which = "admin";
/* Display the form */
echo " <FORM action=\"index.php\" method=\"POST\" name=\"" . $which . "_tools\">\n"
. " <TD>\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n"
. " <INPUT type=\"hidden\" name=\"thread_id\" value=\"$thread_id\">\n"
. " <INPUT type=\"hidden\" name=\"reply_id\" value=\"" . $row["reply_id"] . "\">\n"
. " <INPUT type=\"submit\" name=\"" . $which . "_action\" value=\"Delete Reply\" onClick=\"return Confirm('Are you sure you want to delete this reply?');\">\n"
. " </TD>\n"
. " <TD align=\"right\" valign=\"middle\">\n"
. " <B>IP:</B> $user_ip\n"
. " </TD>\n"
. " </FORM>\n"
. " </TR>\n"
. " </TABLE>\n";
}
/* Close out the section */
echo " </TD>\n"
. " </TR>\n";
}
/* Let's get the hell out of dodge! */
echo " </TABLE>\n";
?>

162
content/view_threads.php Normal file
View file

@ -0,0 +1,162 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'View Threads' page. Don't *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 13th, 2002 (JJS) *
\******************************************************************************/
/* Redirect if this file is called directly */
$file_name = "view_forums.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Pull the forum id list from the database */
$SQL = "SELECT forum_id FROM " . TABLE_PREFIX . "forums;";
$results = ExeSQL($SQL);
/* Grab the data and load it into an array */
while ($row = mysql_fetch_array($results))
$forum_list[] = $row["forum_id"];
/* If the forum doesn't exist, then halt */
if (!in_array($forum_id, $forum_list))
{
/* Tell the user what's up */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
require ("./content/view_forums.php");
return;
}
/* Start the table */
echo " <TABLE width=\"100%\" cellpadding=\"0\" cellspacing=\"0\">\n"
. " <TR>\n";
/* Pull the forum name from the database */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "forums WHERE forum_id='$forum_id';";
$results = ExeSQL($SQL);
/* Grab the data and display it */
while ($row = mysql_fetch_array($results))
echo " <TD class=\"regular_text\"><A href=\"?pid=view_forums\">" . BOARD_NAME . "</A> > " . $row["forum_name"]."</TD>\n";
/* Count the number of threads for the named forum */
$SQL = "SELECT COUNT(*) AS any_threads FROM " . TABLE_PREFIX . "threads WHERE forum_id='$forum_id';";
$results = ExeSQL($SQL);
/* Grab the data, and load it in a variable */
while ($row = mysql_fetch_array($results))
$any_threads = $row["any_threads"];
/* If there are threads then display them */
if ($any_threads != 0)
{
/* Display the Post new thread link */
echo " <TD align=\"right\" class=\"regular_text\"><A href=\"?pid=post_thread&forum_id=$forum_id\">Post New Thread</A></TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <BR>\n";
/* Build the HTML table (column headings) */
echo " <TABLE cellspacing=\"0\" cellpadding=\"5\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD width=\"100%\">Thread</TD>\n"
. " <TD align=\"center\" width=\"1\">Author</TD>\n"
. " <TD align=\"center\" width=\"1\">Replies</TD>\n"
. " <TD width=\"\" nowrap>Posted on</TD>\n"
. " </TR>\n";
/* Pull each thread title and date/time in a nice format in time order */
$SQL = "SELECT *, DATE_FORMAT(thread_time, '%W, %M %e, %Y %r') AS nice_time, DATE_FORMAT(thread_time, '%Y-%m-%d') AS post_date FROM " . TABLE_PREFIX . "threads WHERE forum_id='$forum_id' ORDER BY thread_time DESC;";
$results = ExeSQL($SQL);
/* Grab the data, and display it in the table */
while ($row = mysql_fetch_array($results))
{
/* Get the current date */
$current_date = strftime ("%Y-%m-%d", time());
/* Grab the Thread ID and the User ID */
$thread_id = $row["thread_id"];
$user_id = $row["user_id"];
/* Pull the total number of replies for each thread */
$SQL = "SELECT COUNT(*) AS total_items FROM " . TABLE_PREFIX . "replies WHERE thread_id='$thread_id';";
$results2 = ExeSQL($SQL);
/* Grab the data, and load it in an array */
while ($row2 = mysql_fetch_array($results2))
$total_items = $row2["total_items"];
/* Grab the total number of threads */
if ($total_items == "")
$total_replies = "--";
else
$total_replies = $total_items;
/* Pull each user name from the database */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';";
$results2 = ExeSQL($SQL);
/* Grab the data and load it into an array */
while ($row2 = mysql_fetch_array($results2))
$the_user = $row2["user_name"];
/* Set which image to show for the thread */
if ( $row["post_date"] == $current_date && $total_replies >= 25 )
$which_image = "folder-blue-fire";
else if ( $row["post_date"] == $current_date )
$which_image = "folder-blue";
else if ( $total_replies >= 25 )
$which_image = "folder-yellow-fire";
else
$which_image = "folder-yellow";
/* Spit out the rest of the HTML */
echo " <TR>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <IMG src=\"./images/$which_image.png\"> <A href=\"?pid=view_replies&thread_id=" . $row["thread_id"] . "&forum_id=$forum_id\">" . $row["thread_title"] . "</A>\n"
. " </TD>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_2 . "\" align=\"center\" nowrap class=\"small_text\">\n"
. " <A href=\"?pid=view_profile&user=" . $the_user . "\">" . $the_user . "</A>\n"
. " </TD>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_1 . "\" align=\"center\" class=\"regular_text\">\n"
. " " . $total_replies . "\n"
. " </TD>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_2 . "\" nowrap class=\"small_text\">\n"
. " " . $row["nice_time"] . "\n"
. " </TD>\n"
. " </TR>\n";
}
/* Close off the table, and display the key */
echo " </TABLE>\n"
. " <BR>\n"
. " <FONT class=\"small_text\">\n"
. " <IMG src=\"./images/folder-yellow.png\"> = Older threads<BR>\n"
. " <IMG src=\"./images/folder-blue.png\"> = Today's threads<BR>\n"
. " <IMG src=\"./images/folder-yellow-fire.png\"> = Hot thread with 25+ replies<BR>\n"
. " <IMG src=\"./images/folder-blue-fire.png\"> = Hot thread from today<BR>\n"
. " </FONT>\n";
}
else
{
/* If there are no active threads, display this stuff */
echo " </TR>\n"
. " </TABLE>\n"
. " <BR>\n"
. " <CENTER class=\"regular_text\">\n"
. " <B>There are no active threads in this forum.</B><BR>\n"
. " <A href=\"?pid=post_thread&forum_id=$forum_id\">Click here if you'd like to post a new thread.</A>\n"
. " </CENTER>\n";
}
?>