joshtronic/b2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added version 0.6.3 to the repository

Browse source
This commit is contained in:
Josh Sherman 2010-02-14 11:40:14 -05:00
commit 80b07ae41e
42 changed files with 7550 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

15
COPYING Normal file
View file

@ -0,0 +1,15 @@
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org>
*
* This source and program come as is, WITHOUT ANY WARRANTY and/or
* WITHOUT ANY IMPLIED WARRANTY.
*
* B Squared (b^2) is Free Software released under the GNU/GPL license.
*
* The GNU General Public License is available in electronic form in it's
* entirety at http://www.gnu.org/licenses/gpl.html
*
* I can be reached by electronic mail if there are any questions or concerns
* about this software, or any other software that was written and / or
* distributed by Cleancode.org <josh@cleancode.org>
*
* Software supplied and written by Josh Sherman, http://www.cleancode.org/

292
ChangeLog Normal file
View file

@ -0,0 +1,292 @@
B Squared (b^2) ChangeLog
~~~~~~~~~~~~~~~~~~~~~~~~~
19-Oct-2003: 0.6.3 Released Today!
The b^2 project has been suspended indefinately by myself,
although other people have been developing and advancing the
software. On that note, 0.6.3 is a license update. b^2 is now
being distributed under the GNU GPL
(http://www.gnu.org/licenses/gpl.html) to allow any new
development to continue, and be distributed.
25-Sep-2002: 0.6.1 & 0.6.2 Released Today!!!
Resolved an issue with the profiles that wouldn't allow the use
of double quotes (""), and the Yahoo! Pager name wasn't being
recored in the database either. The installer was broken, so I
fixed it (a couple times) and released another version today.
24-Sep-2002: It was a bug fixing extravaganza!! Fixed a problem with the
profile images (bad URL resulted in some errors). Fixed a lone
undefined index on the scheme admin. Fixed the post thread and
reply pages to filter HTML differently, and not result in lost
data. Fixed the registration so it won't allow user's to use the
&nbsp; character in a username. Fixed it so that you can have no
schemes without having it go to a crazy color scheme. Removed
the Message Admin and made the TOS and FAQ flat files (they are
in the ./language directory, so they can be translated later on
when the language pack support is fully complete).
23-Sep-2002: Was offered $500 bucks for the "rights" to b^2... I declined.
21-Sep-2002: Changed some of the verbage on the view_forums page, and added a
timestamp on the right side of the page.
19-Sep-2002: Set the title of the pages to reflect the board name, and which
version of b^2 it is running, instead of just "[ Forum ]".
18-Sep-2002: Added a function to email the admin with an error. At the moment
it only emails the admin on MySQL errors, and the options aren't
built into the installer yet.
17-Sep-2002: Started implementing language packs to the board. This will allow
people to run the board in languages other than English. The
first thing to be migrated over is the installer, which is almost
complete.
16-Sep-2002: 0.6.0 Released Today!!!
Fixed a problem when there are no moderators for a forum, it was
displaying errors instead of "--".
15-Sep-2002: Fixed up the installer so it will let you download the config.php
file with E_ALL on in the php.ini file.
14-Sep-2002: Tweaked out some more issues with b^2 generating notices, and
errors.
13-Sep-2002: Fixed a boat load of issues when running b^2 on Windows 2000. The
issue turns out to be more of a PHP issue than anything. If you
have PHP set to issues all warnings and notices, then b^2 was
having a lot of issues. Now most (if not all) of those issues
have been fixed. Added a function to allow the easy retrieval of
values from the super globals.
12-Sep-2002: Same ol', same ol'. Got the optimization done (well the portion
I was working on), alond with the documentation audit. Discovered
some problems with installing b^2 on a Windows system (of course).
More specifically, Windows NT/2000, running IIS, with the latest
versions of PHP and MySQL. I hope to have that resolved by the
time 0.6.0 is ready to release.
11-Sep-2002: Continued to do housecleaning on the existing code, and re-
commenting parts of it. Should be ready to go by tomorrow.
09-Sep-2002: Started optimizing my over-use of the echo command. And the
people rejoiced! Also, have been skimming the comments and
making sure they are accurate, and all that good stuff. And the
people rejoiced, again.
06-Sep-2002: BETA-0.6.0 Released Today!!!
Added table prefixes when installing, along with a few other new
fields on the installation screen. There is form validation when
installing, and errors will be more descriptive (admin errors, not
generic user error messages). Quite a few miscellaneous bug fixes
on top of everything else. All the database calls have been
optimized, along with the error trapping (unless I overlooked
something). The installer now prompts the user to download the
config.php file if the script doesn't have permission to write to
the file. I was a bit disappointed with the original installer
from 0.5.0, hence the early beta release of 0.6.0. I felt the
amount of code changes warrented the beta release, as opposed to
version 0.5.1.
05-Sep-2002: Continued my blitzkreig of code changes, most specifically,
optimizing the database calls, and adding secure error trapping.
04-Sep-2002: Figured out the permissions problem when installing, the entire
folder needs to have public write permission. chmod 777 dir, then
attempt to install, and everything works perfectly. Started to
optimize / lock down the code for b^2. I'm going through and
adding error trapping, so the users will never interact with any
technical error messages (which can pose a security risk). Also
added a function for doing database queries, and have been adding
the static database variables to constants, instead of strings.
03-Sep-2002: 0.5.0 Released Today!!!
Fixed a problem with the schemes, now if there are no active
schemes, the first scheme in the database will be set as the
active one (typically default). Built the installer, which is
about 90% functional. This means you can install the board, but
you have to make sure that the install.php file has the proper
permissions (chmod 666 install.php). The script is lacking form
validation, and advanced error checking, which will allow a user
to download the config file if the script doesn't have the right
permissions. Development (unstable) version 0.5.0 is being
packed up and shipped off to Freshmeat.net for it's initial
release.
02-Sep-2002: Completed the scheme admin, with form checking and the like.
Added the General Admin section for updating the name of the
board, and the title image. Fixed some bugs, and planned out the
installation process. Now there is a config.php file that holds
the MySQL variables, along with the 'INSTALLED' global variable
which tells the script if it needs to run the installed or not.
28-Aug-2002: Added the scheme admin. Changed the database slightly to include
a new table for board properties (title, title image, et cetera).
This is now a separate section from the schemes, which are fully
operational now. Was advised this evening, by one of the people
stress testing the board, that their attempted buffer overruns
resulted in lagging on their end.
27-Aug-2002: Finished implementing changes to use customizable values for the
overall look and feel of the board.
26-Aug-2002: Added more board properties to the database, 10 in all. The board
is pulling some of the properties from the database to generate
the page. Ended up killing the properties table, and creating a
schemes table which holds all of the customizable information.
Started implementing system wide changes to accomodate.
24-Aug-2002: Administrators now have the ability to add / remove moderators
and administrators, along with editting "messages" which is a new
table in the database as well. There are currently two messages,
Terms of Service, and FAQ, both of which can be customized by the
board owner. Fixed a problem with the KeepSafe function for
securing the board.
23-Aug-2002: Added tag and escape character stripping on the forum admin.
Added a confirmation script for use with such things as the delete
function on the forum admin. Changed up the logo slightly as
well. Fixed an error on the registration page that was
prohibiting new users to sign up. Added user administration tools
that allow administrators to edit all the user's profiles.
22-Aug-2002: Changed the title logo again. The new logo, IMHO, is the best
one thus far. Fully implemented the forum admin, allowing for the
addition, removal, and modification of forums. The forum admin
is lacking input parsing which at the moment is leaving it a bit
insecure, and messy, since it still posts \' and \".
21-Aug-2002: Fixed a hole in the profile system, for editting and viewing.
Added folder icons for the thread listing, four in all. New
threads, old threads, hot threads, and today's hot threads.
Fixed a problem with the page id's, should be the last time
anyone gets to see the internal path. Added a bit more
differentiation between the overlapping moderator and admin
tools. Now if a moderator / admin removed a thread, they will
redirected to the thread, and not the forum list. Deleting an
entire thread redirects to the forum the thread was in, and not
the forum list. Finished adding the add signature by default
options. New users will be able to specify if they want to
include their signature on new posts or not. This can be updated
any time via the profile editor. Began adding administrative
links across the top menu, which resulted in a problem with the
login script, which was correct (user's weren't being verified
correctly upon login). Implemented the forum order column in the
database, hence the new order. Began adding the forum editor for
administrators, allowing them to add new forums, delete and
modify existing ones. Fixed a bug that caused the view replies
page to freak out if a user was an administrator, but not a
moderator.
20-Aug-2002: Fixed some holes in the user verification portion of the code
would allow any user to circumvent passworded areas and do things
like post messages without having accounts, and possibly pose as
existing users. Added IP logging on all posts, which are only
visible by the moderators for that particular forum. Also began
implementing moderator tools. Right now, a moderator can delete
an entire thread, or just certain replies to that thread. Added
the administrators table to the database, and functionality so
that an admin can delete threads / replies on any forum,
regardless of their moderator status for that forum.
19-Aug-2002: There were a couple of random fixes over the weekend, but nothing
too important. Today the user's table was modified to include
a column that signifies if the user wants to add their signature
to new messages by default. There is currently no functionality
to set this value when registering a new account, or via the
profile editor. Also modified the date format on replies.
16-Aug-2002: Changed up the view threads page a bit, made the location and
new thread links on the same line. Tweaked some of the table
attributes, and fixed some bugs with the moderator list, and the
last post for a forum. Shortened the max length for thread titles
from 128 characters, down to 64. Added more signature
functionality; now you get the choice weather or not you want the
signature to be added to the end of your message, but you will
only get the option if you have a prexisting signature in the
database (might end up giving people without signatures the
opportunity to set one up, without loosing the message they were
about to post). Fixed the double signature problem as well.
15-Aug-2002: New logo / header / banner / image added today. Again, nothing
too fancy, I was a bit tired of the last image. Now the main page
displays the latest post time and user for each forum, and links
all of the usernames to the profiles. Fixed a problem with the
signatures, it was pulling the newest user's signature, instead of
the correct signature for the user. Now when previewing a new
post, you are shown your signature along with your message.
14-Aug-2002: Added more functionality when editting a profile when an image
is involved. Also added a view profiles page that will display
a user's profile, if they are real users, users not in the
database will generate an error and alert the user.
13-Aug-2002: Patched the bug in the view thread and reply pages that allowed
a user to crash the script and reveal the path. Added signatures
to the user's profile, that auto-populate when the user posts a
new thread or reply. Corrected a flaw when editting the
submitted information when registering, it wasn't carrying over
the "AOL Instant Messenger" field. Users can now access their
profile, and edit the information in it.
12-Aug-2002: Updated the registration and login code to support encrypted
passwords. The passwords are encrypted via the crypt() function
with a random salt. Added more checking to posting messages and
registering a new account. Justin pointed out that you can post
empty messages just by putting a space in the field. When posting
a new thread, or a reply, the HTML special characters are
converted, which in turn eliminates the sight of \" and the like.
All HTML is ignored with the exception of <BR>, only because the
board supports people posting line breaks in their messages.
Adding support for when there aren't any threads in a selected
forum and added a moderator listing on the view forums page, even
though there aren't any moderator functions yet.
11-Aug-2002: Updated the database schemas (wiped all the existing data and
started fresh), this included tweaking some of the tables, and
adding a moderators table, for when I implement forum moderators.
When registering, users are prompted for more information, which
is shown when they post. The registration form needs some work to
ensure that people aren't trying to feed false information via the
querystring. Fixed a problem with the determining the total
number of posts.
10-Aug-2002: Updated a lot of the variable calls to comply with the new PHP
setting of register_globals being off. Added some new code to the
post thread and post reply pages to make sure the user isn't
feeding bad information via the querystring. When someone
registers a new account, they will be forwarded back to the main
page (forum list) and have the option to automatically log in from
that page (thanks Matt!). When registering, the password is no
longer shown in plain text, and it must be at least 6 characters
long.
09-Aug-2002: Added some directory security to the system. Now if a user tries
to call any of the directories in the structure, other than root,
it will redirect them to the main page. If the user attempts to
call any of the files directly, other than index.php they will be
redirected home as well. JavaScript form validation has been
added to the post thread and reply forms, as well as code to make
sure someone isn't trying to feed the form data via the
querystring.
08-Aug-2002: Not only can user's sign up for an account, they can log in now
too! The login is working, but will need to be tweaked for
security purposes, plus most of the code built into the index.php
will be added into the include file as a function. Users can now
post new threads to the forums, as well as reply to existing
threads. Fixed the problem with the forum list reporting the
wrong number of posts.
07-Aug-2002: Threw together a quick little banner / logo. Built out the page
to allow a user to sign up for an account. The page checks the
input from the user and all that good stuff, detecting malformed
requests (i.e. hack attempts) and blocks them. Registration only
requires minimal information (username, password, email address)
but will be expanded to support a full profile. Users can now set
up an account, but there are no actions for them yet.
06-Aug-2002: Built out the database tables for the users, forums, threads, and
replies. Set up the directory structure. Built the index page,
along with the content pages to show the forum list, thread list,
and replies.

1
INSTALL Normal file
View file

@ -0,0 +1 @@
Information on installing b^2 is contained in the README file.

108
README Normal file
View file

@ -0,0 +1,108 @@
THANKS FOR DOWNLOADING b^2:
The software is fairly new to the internet, so if you have any questions, email
me directly at josh@cleancode.org, that way I can compile a list of commonly
asked questions, and make this file a bit more robust.
Also, if you are running Windows... sorry, the instructions are geared towards
the Linux OS, which b^2 was developed on. The steps you need to take are about
the same, but the syntax is a bit different, hopefully you'll be able to cope
with it. If anyone wants to write up some Windows directions, maybe I'll
include them with the next release.
INSTALLTION:
Installation is pretty simple, first you will need to set up a database for b^2
to use, that can be done with the following commands:
bash$ mysql -u username -p
Put your MySQL username in place of 'username' and type your password when
prompted. Now that you are logged into the MySQL server, you will need to
create your database, like so:
mysql> CREATE DATABASE db_name;
The db_name should be the name you want to call the database, I typically use
'b2' for my database name.
Then put the b2-version.tar.gz file on your web server, and extract it like so:
bash$ tar -xzvf b2-version.tar.gz
where 'version' is the version you have (i.e. b2-0.6.0.tar.gz)
Next, you need to (optionally) change the permissions of the folder you are
installing b^2 to. Do so like this:
bash$ chmod 777 b2-version
This step is now optional, but doing it this way is recommended, and a bit
easier in the long run. Once the permissions are set appropriately, move
into the directory:
bash$ cd b2-version
Now that we have the installation script ready to rock, all you will need to do
is go to the URL for the bulletin board (i.e. http://yoursite.com/b2-version/),
and you should be immediately presented with the installation script. Simply
fill out the form (in it's entirety) and click the install button.
The script should install correctly (assuming you gave it the right information
for your MySQL database) and you will be ready to go!
If you didn't give the script directory the right permissions, you will be
given the opportunity to download the 'config.php' file which will need to be
placed in the directory you installed b^2.
If you did give the directory the right permissions, then I recommend changing
them back once the installation is complete:
bash$ chmod 775 b2-version
The last step is to check the permissions on the 'config.php' file. If you
downloaded the file and placed it in the directory, then it probably doesn't
have the right permissions, it will need to have read access on it. Just to
make sure, run the following:
bash$ chmod 644 config.php
bash$ chown nobody config.php
Change 'nobody' to whatever username you need the files to be owned by, some
boxes are different than others, just make sure all the files are owned by the
same username.
That's it, if you'd like (I'd appreciate it as well), email me once you get
the board up and running. It's always makes my day to see something I wrote
in action. On top of that, I'd like to compile a list of sites using the
script to post on the b^2 site (http://www.cleancode.org/b2/)
Enjoy!
FREQUENTLY ASKED QUESTIONS:
Q: How do I add moderators to my forums?
A: Moderator and administrator privileges are added via the "User Admin"
section of the site. Find the user you want to make a moderator, and
proceed to edit their profile. At the bottom you will see check boxes
that correspond with your forums, and one for admin rights. Check the
ones that apply, then submit (remember, you have to confirm it first)
the profile. The user should now be listed as a moderator for the
selected forums.
Q: What can a moderator do?
A: Moderators have the ability to delete threads and posts from a forum,
and see the poster's IP address. This will change over time, as new
abilities are coded in. Eventually, moderators will be able to edit
posts (so will the person who posted it), and ban certain users from
posting to a forum.
Q: Can I redistribute my hax0red version of b^2?
A: Yes, yes you can. If you have any other questions concerning
distribution and such, visit the GNU Genereal Public License site:
http://www.gnu.org/licenses/gpl.html

108
SQL Normal file
View file

@ -0,0 +1,108 @@
This file contains the SQL code to build out the databases, you really don't
need to be looking in there ya know!
create table forums
(
forum_id int(10) not null auto_increment,
forum_order int(10) null,
forum_name varchar(64) not null,
forum_desc varchar(255) not null,
primary key(forum_id)
);
create table threads
(
thread_id int(10) not null auto_increment,
thread_title varchar(64) not null,
thread_body text not null,
thread_time timestamp(14) not null,
user_id int(10) not null,
user_ip varchar(15) not null,
forum_id int(10) not null,
primary key(thread_id)
);
create table users
(
user_id int(10) not null auto_increment,
user_name varchar(64) not null,
user_email varchar(128) not null,
user_pass varchar(64) not null,
user_location varchar(128) null,
user_occupation varchar(64) null,
user_homepage varchar(128) null,
user_picture varchar(128) null,
user_interests varchar(255) null,
user_aim varchar(16) null,
user_icq varchar(16) null,
user_yahoo varchar(32) null,
user_signature varchar(255) null,
user_usesig int(1) null default '0',
primary key(user_id)
);
create table replies
(
reply_id int(10) not null auto_increment,
reply_body text not null,
reply_time timestamp(14) not null,
user_id int(10) not null,
user_ip varchar(15) not null,
thread_id int(10) not null,
forum_id int(10) not null,
primary key(reply_id)
);
create table moderators
(
moderator_id int(10) not null auto_increment,
user_id int(10) not null,
forum_id int(10) not null,
primary key(moderator_id)
);
create table administrators
(
admin_id int(10) not null auto_increment,
user_id int(10) not null,
primary key(admin_id)
);
create table messages
(
message_id int(10) not null auto_increment,
message_name varchar(64) not null,
message_body text not null,
primary key(message_id)
);
create table schemes
(
scheme_id int(10) not null auto_increment,
scheme_name varchar(64) not null,
scheme_desc varchar(255) not null default 'No description provided.',
background_color varchar(7) not null default '#FFFFFF',
table_border_color varchar(7) not null default '#000000',
table_border_size int(1) not null default '1',
header_background varchar(7) not null default '#FFFFFF',
menu_background varchar(7) not null default '#EEEEEE',
text_color varchar(7) not null default '#000000',
text_font varchar(64) not null default 'Verdana',
text_small int(2) not null default '10',
text_regular int(2) not null default '12',
link_color varchar(7) not null default '#000000',
table_header_background varchar(7) not null default '#000000',
table_header_text_color varchar(7) not null default '#FFFFFF',
table_color_1 varchar(7) not null default '#EEEEEE',
table_color_2 varchar(7) not null default '#CCCCCC',
error_message varchar(7) not null default '#FF0000',
active_scheme varchar(1) not null default '0',
primary key(scheme_id)
);
create table properties
(
board_name varchar(64) not null default 'Forums',
title_image varchar(128) not null default './images/title.png'
);

24
THANKS Normal file
View file

@ -0,0 +1,24 @@
B Squared (b^2) Thank yous...
Matt "Phone Zone" Naso This is the guy I have to blame for this
<mnaso@tampabay.rr.com> project. I guess it's my own fault for saying I
was bored and in need of a new project. Matt
proposed that I build a bulletin board (I was
going to at one time, but never did), and has
helped with testing the damn thing.
Justin Justin's always been there to beta test, and
<fanderatm@hotmail.com> find all my little screw ups (ass). He's done
good, and is part of the reason the board is
deemed secure.
Dean (Geekoid) This mofro is my partner in crime for the most
<dean@cleancode.org> part. He will eventually be a developer on the
project, but for right now, he's just some guy
who makes my life a bit more complicated, but
he knows I love him ;)
Me Well, the code didn't write itself... I've
<josh@cleancode.org> invested a month of my life into this project
and I'm a couple more months building upon it,
I tend to think I deserve a thank you, too ;)

20
TODO Normal file
View file

@ -0,0 +1,20 @@
B Squared (b^2) TODO - Last Updated October 19th, 2003
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
add multi language support
emoticons!
add code to email the admin if there's a problem.
add number of posts in the forum admin
add javascript form validation on the admin sections
update the email validation to allow emails with weird TLDs
Password recovery utility
Search
Add post options to the bottom of the pages
add forum jumped to the bottom of the pages
create a post nuke module for b^2
support for PostgreSQL, MSSQL and flatfiles
If you have any suggestions, please don't email me, as I am no longer tending to
this project. You are more than welcome to integrate your own features, and
possibly resolve the issues already on this list. Cheers!

1
VERSION Normal file
View file

@ -0,0 +1 @@
Survey says... 0.6.3

619
content/edit_profile.php Normal file
View file

@ -0,0 +1,619 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'Edit Profile' page. Don't *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 25th, 2002 (JJS) *
\******************************************************************************/
/* Make sure no one is calling this file directly */
$file_name = "edit_profile.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Grab the veriables submitted by the form */
$email = GetVars("email");
$old_email = GetVars("old_email");
$location = GetVars("location");
$occupation = GetVars("occupation");
$homepage = GetVars("homepage");
$picture = GetVars("picture");
$interests = GetVars("interests");
$aim = GetVars("aim");
$icq = GetVars("icq");
$yahoo = GetVars("yahoo");
$signature = GetVars("signature");
$include_sig = GetVars("include_sig");
$action = GetVars("action");
$step = GetVars("step");
/* Parse any user input */
CheckVars(&$step, 1);
CheckVars(&$username, 64);
CheckVars(&$password, 64);
CheckVars(&$confirm_password, 64);
CheckVars(&$email, 128);
CheckVars(&$old_email, 128);
CheckVars(&$location, 128);
CheckVars(&$occupation, 64);
CheckVars(&$homepage, 128);
CheckVars(&$picture, 128);
CheckVars(&$interests, 255);
CheckVars(&$aim, 16);
CheckVars(&$icq, 16);
CheckVars(&$yahoo, 32);
CheckVars(&$signature, 255);
CheckVars(&$include_sig, 1);
/* Check that the user isn't trying to mess with the $step variable */
if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 && $step != 4 ) )
$step = 1;
/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */
if ( ( ( $username == "" || $email == "" ) && ( $step == 3 || $step == 4 ) ) ||
( ( ( $step == 1 && ( $QUERY_STRING != "pid=edit_profile" && $QUERY_STRING != "pid=login" ) ) ) ||
( $step == 2 && $QUERY_STRING != "pid=edit_profile" ) ||
( $step == 3 && $QUERY_STRING != "pid=edit_profile&step=3" ) ||
( $step == 4 && $QUERY_STRING != "pid=edit_profile" ) ) ||
( ( $step != 1 && $step != 2 ) &&
( strlen(trim($username)) == 0 || strlen(trim($email)) == 0 ) ) )
{
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
$step = 1;
}
/* On step 3 we have two choices, determine which step to go to based on the button the user clicks on */
if ($action == "Edit Profile")
$step = 2;
else if ($action == "Submit Profile")
$step = 4;
/* Parse some of the variables to ensure accurate values */
if ( $step == 2 && $homepage == "" )
$homepage = "http://";
if ( $step == 2 && $picture == "" )
$picture = "http://";
/* Strip out html and slashes on step 2 */
if ($step == 2)
{
$username = stripslashes(strip_tags($username));
$password = stripslashes(strip_tags($password));
$email = stripslashes(strip_tags($email));
$location = stripslashes(strip_tags($location));
$occupation = stripslashes(strip_tags($occupation));
$homepage = stripslashes(strip_tags($homepage));
$picture = stripslashes(strip_tags($picture));
$interests = stripslashes(strip_tags($interests));
$aim = stripslashes(strip_tags($aim));
$icq = stripslashes(strip_tags($icq));
$yahoo = stripslashes(strip_tags($yahoo));
$signature = stripslashes(strip_tags($signature));
}
/* Step 3 too ... */
if ($step == 3)
{
$username = stripslashes(strip_tags($username));
$password = stripslashes(strip_tags($password));
$email = stripslashes(strip_tags($email));
$location = stripslashes(strip_tags($location));
$occupation = stripslashes(htmlspecialchars($occupation));
$homepage = stripslashes(strip_tags($homepage));
$picture = stripslashes(strip_tags($picture));
$interests = stripslashes(strip_tags($interests));
$aim = stripslashes(strip_tags($aim));
$icq = stripslashes(strip_tags($icq));
$yahoo = stripslashes(strip_tags($yahoo));
/* Allowing CRs creates issues, this code should resolve them :) */
$signature = stripslashes(htmlspecialchars($signature));
$signature = nl2br($signature);
$signature = str_replace("<br />", "<BR>", $signature);
}
/* On step 4, clean up the signature */
if ($step == 4)
{
$occupation = htmlspecialchars($occupation);
$signature = htmlspecialchars($signature);
$signature = str_replace("&lt;BR&gt;", "<BR>", $signature);
}
/* Display the current step */
switch ($step)
{
/* Display the current profile */
default:
case 1:
/* Pull the number of accounts with the same username */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_name='$username';";
$results = ExeSQL($SQL);
/* Grab the data and assign it to variables */
while ($row = mysql_fetch_array($results))
{
$username = $row["user_name"];
$password = "";
$email = $row["user_email"];
$location = $row["user_location"];
$occupation = $row["user_occupation"];
$homepage = $row["user_homepage"];
$picture = $row["user_picture"];
$interests = $row["user_interests"];
$aim = $row["user_aim"];
$icq = $row["user_icq"];
$yahoo = $row["user_yahoo"];
$signature = $row["user_signature"];
$include_sig = $row["user_usesig"];
}
/* Display the HTML for the beginning of the form and table */
echo " <FORM action=\"?pid=edit_profile\" method=\"POST\" name=\"profile\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">$username's Profile</TD>\n"
. " </TR>\n";
/* Assign the active color to the inactive value */
$the_color = TABLE_COLOR_2;
/* Preview the mandatory fields ... */
PreviewSection ( $password, "Password", &$the_color );
PreviewSection ( $email, "Email", &$the_color );
/* ... and the optional ones */
if ( $location != "" )
PreviewSection( $location, "Location", &$the_color );
if ( $occupation != "" )
PreviewSection( $occupation, "Occupation", &$the_color );
if ( $homepage != "" && $homepage != "http://" )
PreviewSection( $homepage, "Homepage", &$the_color );
if ( $picture != "" && $picture != "http://" )
PreviewSection ( $picture, "Picture", &$the_color );
if ( $interests != "" )
PreviewSection ( $interests, "Interests", &$the_color );
if ( $aim != "" )
PreviewSection ( $aim, "AOL Instant Messenger", &$the_color );
if ( $icq != "" )
PreviewSection ( $icq, "ICQ", &$the_color );
if ( $yahoo != "" )
PreviewSection ( $yahoo, "Yahoo Pager", &$the_color );
/* The signature is a different kind of field, so we handle it differently */
if ( $signature != "" )
{
/* Change to the other color */
if ($the_color == TABLE_COLOR_1)
$the_color = TABLE_COLOR_2;
else
$the_color = TABLE_COLOR_1;
/* Determine if the user is including the signature or not */
if ($include_sig == 1)
$show_include = "You have chosen to include this signature on new posts.";
else
$show_include = "You have chosen to not include this signature on new posts.";
/* Display the signature section of the form */
echo " <TR bgcolor=\"$the_color\">\n"
. " <TD width=\"25%\" valign=\"top\" class=\"regular_text\"><B>Signature:</B></TD>\n"
. " <TD width=\"50%\" class=\"regular_text\">\n"
. " $signature<BR><BR>\n"
. " <I>$show_include</I>\n"
. " <INPUT type=\"hidden\" name=\"signature\" value=\"$signature\">\n"
. " <INPUT type=\"hidden\" name=\"include_sig\" value=\"$include_sig\">\n"
. " </TD>\n"
. " </TR>\n";
}
/* Finish off the HTML */
echo " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"old_email\" value=\"$email\">\n"
. " <CENTER><BR><INPUT type=\"submit\" value=\"Edit Profile\" name=\"action\"></CENTER>\n"
. " </FORM>\n";
break;
/* Display the form for the user to fill out */
case 2:
ShowProfileForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig );
break;
/* Display the info the user supplied and prompt them to continue or edit */
case 3:
/* Display the HTML */
echo " <FORM action=\"?pid=edit_profile\" method=\"POST\" name=\"profile\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">Profile Preview</TD>\n"
. " </TR>\n";
/* Assign second color as the active one */
$the_color = TABLE_COLOR_2;
/* Preview the mandatory sections */
PreviewSection ( $username, "Username", &$the_color );
PreviewSection ( $password, "Password", &$the_color );
PreviewSection ( $email, "Email", &$the_color );
/* Along with the optional sections */
if ( $location != "" )
PreviewSection( $location, "Location", &$the_color );
if ( $occupation != "" )
PreviewSection( $occupation, "Occupation", &$the_color );
if ( $homepage != "" && $homepage != "http://" )
PreviewSection( $homepage, "Homepage", &$the_color );
if ( $picture != "" && $picture != "http://" )
PreviewSection ( $picture, "Picture", &$the_color );
if ( $interests != "" )
PreviewSection ( $interests, "Interests", &$the_color );
if ( $aim != "" )
PreviewSection ( $aim, "AOL Instant Messenger", &$the_color );
if ( $icq != "" )
PreviewSection ( $icq, "ICQ", &$the_color );
if ( $yahoo != "" )
PreviewSection ( $yahoo, "Yahoo Pager", &$the_color );
/* The signature is a more complex section, hence more code */
if ( $signature != "" )
{
/* Swap out the colors */
if ($the_color == TABLE_COLOR_1)
$the_color = TABLE_COLOR_2;
else
$the_color = TABLE_COLOR_1;
/* Determine is the user is including the signatures or not */
if ($include_sig == 1)
$show_include = "You have chosen to include this signature on new posts.";
else
$show_include = "You have chosen to not include this signature on new posts.";
/* Display the HTML for the signautre section */
echo " <TR bgcolor=\"$the_color\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Signature:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $signature<BR><BR>\n"
. " <I>$show_include</I>\n"
. " <INPUT type=\"hidden\" name=\"signature\" value=\"$signature\">\n"
. " <INPUT type=\"hidden\" name=\"include_sig\" value=\"$include_sig\">\n"
. " </TD>\n"
. " </TR>\n";
}
/* And close off the page */
echo " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"old_email\" value=\"$old_email\">\n"
. " <CENTER>\n"
. " <BR>\n"
. " <INPUT type=\"Submit\" value=\"Edit Profile\" name=\"action\">\n"
. " &nbsp;\n"
. " <INPUT type=\"Submit\" value=\"Submit Profile\" name=\"action\">\n"
. " </CENTER>\n"
. " </FORM>\n";
break;
/* Check the user's input, add the user to the database, and display the results */
case 4:
/* If the page was POSTed to, then continue */
if ( $REQUEST_METHOD == "POST" )
{
/* Start off with 0 errors */
$no_err = 0;
/* If the new and old email's don't match then ... */
if ($email != $old_email)
{
/* ... then pull the number of email's that match */
$SQL = "SELECT COUNT(*) as email_exists FROM " . TABLE_PREFIX . "users WHERE user_email='$email';";
$results = ExeSQL($SQL);
/* Grab the data */
while ($row = mysql_fetch_array($results))
{
/* If there are accounts with the same email ... */
if ($row["email_exists"] != 0)
{
/* ... then let the user know */
echo " <CENTER class=\"error_message\"><B>Someone has already registered using that email address!</B></FONT></CENTER><BR>\n";
$no_err++;
}
}
}
/* No errors means we continue with out plans */
if ($no_err == 0)
{
/* Clear out the URL variables if they still contain 'http://' */
if ($homepage == "http://") { $homepage = ""; }
if ($picture == "http://") { $picture = ""; }
/* Crypt the password to a random salt */
if ($password != "")
$password = crypt($password);
/* If it doesn't equal 1, then set it equal to 0 */
if ($include_sig != 1)
$include_sig = 0;
/* If the password is blank, then don't update the password, if it isn't then do it! */
if ($password != "")
$SQL = "UPDATE " . TABLE_PREFIX . "users SET user_email='$email', user_pass='$password', user_location='$location', user_occupation='$occupation', user_homepage='$homepage', user_picture='$picture', user_interests='$interests', user_aim='$aim', user_icq='$icq', user_yahoo='$yahoo', user_signature='$signature', user_usesig='$include_sig' WHERE user_name='$username';";
else
$SQL = "UPDATE " . TABLE_PREFIX . "users SET user_email='$email', user_location='$location', user_occupation='$occupation', user_homepage='$homepage', user_picture='$picture', user_interests='$interests', user_aim='$aim', user_icq='$icq', user_yahoo='$yahoo', user_signature='$signature', user_usesig='$include_sig' WHERE user_name='$username';";
/* Execute the SQL query */
$results = ExeSQL($SQL);
/* Log the user in with their new password if they set one */
if ($password != "")
{
SetCookie("user_name", $username, time() + 86400, '', $_SERVER['HTTP_HOST']);
SetCookie("user_pass", $password, time() + 86400, '', $_SERVER['HTTP_HOST']);
}
/* Set the logged in variable to active */
$logged_in = 1;
/* Let the user know everything is cool */
echo " <CENTER class=\"normal_message\">\n"
. " Your profile has been updated!<BR>\n"
. " </CENTER>\n"
. " <BR>\n";
/* Display the forum list */
require("./content/view_forums.php");
return;
}
else
{
/* If there's an error, then display the form again */
ShowProfileForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig );
}
}
else
{
/* This means someone way trying to feed the script false info, just let them know and show the form again */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR><BR>\n";
ShowProfileForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig );
}
break;
}
/*
*
*/
function
ShowProfileForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig )
{
echo " <SCRIPT language=\"JavaScript\">\n";
echo " function\n";
echo " CheckForm()\n";
echo " {\n";
echo " if (document.profile.password.value != document.profile.confirm_password.value)\n";
echo " {\n";
echo " alert('The \'Password\' and \'Confirm Password\' fields must be the same!');\n";
echo " document.profile.password.focus();\n";
echo " document.profile.password.select();\n";
echo " return false;\n";
echo " }\n";
echo " if ( document.profile.password.value.length < 6 && document.profile.password.value != '' )\n";
echo " {\n";
echo " alert('The \'Password\' field must be at least 6 characters!');\n";
echo " document.profile.password.focus();\n";
echo " document.profile.password.select();\n";
echo " return false;\n";
echo " }\n";
echo " if (document.profile.email.value == '')\n";
echo " {\n";
echo " alert('The \'Email\' field is mandatory!');\n";
echo " document.profile.email.focus();\n";
echo " return false;\n";
echo " }\n";
echo " if (!ValidateEmail(document.profile.email.value))\n";
echo " {\n";
echo " alert('You must supply a valid email address.');\n";
echo " document.profile.email.focus();\n";
echo " document.profile.email.select();\n";
echo " return false;\n";
echo " }\n";
echo " if (document.profile.signature.value.length > 255)\n";
echo " {\n";
echo " alert('The \'Signature\' field cannot exceed 255 characters!');\n";
echo " document.profile.signature.focus();\n";
echo " document.profile.signature.select();\n";
echo " return false;\n";
echo " }\n";
echo " return true;\n";
echo " }\n";
echo " function\n";
echo " ValidateEmail(address)\n";
echo " {\n";
echo " if (/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/.test(address))\n";
echo " {\n";
echo " return true;\n";
echo " }\n";
echo " return false;\n";
echo " }\n";
echo " </SCRIPT>\n";
echo " <FORM action=\"?pid=edit_profile&step=3\" method=\"POST\" name=\"profile\">\n";
echo " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n";
echo " <TR class=\"table_header\">\n";
echo " <TD colspan=\"2\"><B>Required Information</B>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<I>Leave the password fields blank if you wish to keep your current password.</I></TD>\n";
echo " </TR>\n";
$username = str_replace("\"", "&quot;", $username);
echo " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Username:</B></TD>\n";
echo " <TD width=\"50%\" nowrap>$username</TD>\n";
echo " </TR>\n";
$password = str_replace("\"", "&quot;", $password);
echo " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Password:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"password\" name=\"password\" value=\"$password\" maxlength=\"64\" size=\"50\"> <FONT class=\"small_text\">Min 6 characters - Max: 64 characters</FONT></TD>\n";
echo " </TR>\n";
$password = str_replace("\"", "&quot;", $password);
echo " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Confirm Password:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"password\" name=\"confirm_password\" value=\"$password\" maxlength=\"64\" size=\"50\"> <FONT class=\"small_text\">Min: 6 characters - Max: 64 characters</FONT></TD>\n";
echo " </TR>\n";
$email = str_replace("\"", "&quot;", $email);
echo " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Email:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"email\" value=\"$email\" maxlength=\"128\" size=\"50\"> <FONT class=\"small_text\">Max: 128 characters</FONT></TD>\n";
echo " </TR>\n";
echo " <TR>\n";
echo " <TD class=\"table_header\" colspan=\"2\">Optional Information</TD>\n";
echo " </TR>\n";
$location = str_replace("\"", "&quot;", $location);
echo " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Location:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"location\" value=\"$location\" maxlength=\"128\" size=\"50\"> <FONT class=\"small_text\">Max: 128 characters</FONT></TD>\n";
echo " </TR>\n";
$occupation = str_replace("\"", "&quot;", $occupation);
echo " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Occupation:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"occupation\" value=\"$occupation\" maxlength=\"64\" size=\"50\"> <FONT class=\"small_text\">Max: 64 characters</FONT></TD>\n";
echo " </TR>\n";
$homepage = str_replace("\"", "&quot;", $homepage);
echo " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Homepage:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"homepage\" value=\"$homepage\" maxlength=\"128\" size=\"50\"> <FONT class=\"small_text\">Max: 128 characters</FONT></TD>\n";
echo " </TR>\n";
$picture = str_replace("\"", "&quot;", $picture);
echo " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Picture:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"picture\" value=\"$picture\" maxlength=\"128\" size=\"50\"> <FONT class=\"small_text\">Max: 128 characters</FONT></TD>\n";
echo " </TR>\n";
$interests = str_replace("\"", "&quot;", $interests);
echo " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Interests:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"interests\" value=\"$interests\" maxlength=\"255\" size=\"50\"> <FONT class=\"small_text\">Max: 255 characters</FONT></TD>\n";
echo " </TR>\n";
$aim = str_replace("\"", "&quot;", $aim);
echo " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>AOL Instant Messenger:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"aim\" value=\"$aim\" maxlength=\"16\" size=\"50\"> <FONT class=\"small_text\">Max: 16 characters</FONT></TD>\n";
echo " </TR>\n";
$icq = str_replace("\"", "&quot;", $icq);
echo " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>ICQ:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"icq\" value=\"$icq\" maxlength=\"16\" size=\"50\"> <FONT class=\"small_text\">Max: 16 characters</FONT></TD>\n";
echo " </TR>\n";
$yahoo = str_replace("\"", "&quot;", $yahoo);
echo " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" nowrap><B>Yahoo Pager:</B></TD>\n";
echo " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"yahoo\" value=\"$yahoo\" maxlength=\"32\" size=\"50\"> <FONT class=\"small_text\">Max: 32 characters</FONT></TD>\n";
echo " </TR>\n";
echo " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" valign=\"top\" nowrap><B>Signature:</B></TD>\n";
echo " <TD width=\"50%\" valign=\"top\" nowrap>\n";
echo " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\">\n";
echo " <TR>\n";
echo " <TD><TEXTAREA name=\"signature\" rows=\"5\" cols=\"40\" maxlength=\"255\">$signature</TEXTAREA></TD><TD valign=\"top\" nowrap>&nbsp;<FONT class=\"small_text\">Max: 255 characters</FONT></TD>\n";
echo " </TR>\n";
if ($include_sig == 1)
$checked = " checked";
else
$checked = "";
echo " <TR>\n";
echo " <TD colspan=\"2\" class=\"regular_text\"><INPUT type=\"checkbox\" name=\"include_sig\" value=\"1\"$checked> Include signature on new posts?</TD>\n";
echo " </TR>\n";
echo " </TABLE>\n";
echo " </TD>\n";
echo " </TR>\n";
echo " </TABLE>\n";
echo " <INPUT type=\"hidden\" name=\"old_email\" value=\"$email\">\n";
echo " <CENTER><BR><INPUT type=\"Submit\" value=\"Preview Information\" onClick=\"return CheckForm();\"></CENTER>\n";
echo " </FORM>\n";
}
function
PreviewSection ( $section_value, $section_title, $the_color )
{
if ($the_color == TABLE_COLOR_1)
$the_color = TABLE_COLOR_2;
else
$the_color = TABLE_COLOR_1;
echo " <TR bgcolor=\"$the_color\" class=\"regular_text\">\n";
echo " <TD width=\"25%\" valign=\"top\"><B>$section_title:</B></TD>\n";
echo " <TD width=\"50%\">\n";
if ($section_title == "Password")
echo " <I>Password is hidden for security purposes.</I>\n";
else
echo " $section_value\n";
if ($section_title == "Picture")
{
$profile_img = @getimagesize($section_value);
$image_caption = "Image size";
if ($profile_img[0] > 320)
{
$profile_img[0] = 320;
$image_caption = "Scaled image size";
}
if ($profile_img[1] > 240)
{
$profile_img[1] = 240;
$image_caption = "Scaled image size";
}
if ($profile_img[0] > $profile_img[1])
$scale_img = "height=\"$profile_img[1]\"";
else
$scale_img = "width=\"$profile_img[0]\"";
echo " <BR><BR>\n";
echo " $image_caption: {$profile_img[0]}x{$profile_img[1]}\n";
echo " <TABLE border class=\"table_border\" cellspacing=\"0\" cellpadding=\"0\"><TR><TD><A href=\"$section_value\" target=\"_blank\"><IMG src=\"$section_value\" $scale_img border=\"0\"></A></TD></TR></TABLE>\n";
}
if ($section_title == "AOL Instant Messenger")
$section_title = "aim";
else
$section_title = strtolower($section_title);
if ($section_title == "yahoo pager")
$section_title = "yahoo";
/* URL encode the double quotes */
$section_value = str_replace("\"", "&quot;", $section_value);
echo " <INPUT type=\"hidden\" name=\"$section_title\" value=\"$section_value\">\n";
echo " </TD>\n";
echo " </TR>\n";
}
?>

364
content/forum_admin.php Normal file
View file

@ -0,0 +1,364 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'Forum Administration' page. *
* Don't forget the 12 space indent for all content pages. *
* *
* Last modified : September 13th, 2002 (JJS) *
\******************************************************************************/
/* Don't let people call this file directly */
$file_name = "forum_admin.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Grab the veriables held by superglobals */
$forum_name = GetVars("forum_name");
$forum_desc = GetVars("forum_desc");
$forum_order = GetVars("forum_order");
$old_name = GetVars("old_name");
$type = GetVars("type");
$action = GetVars("action");
$step = GetVars("step");
/* Parse any user input */
CheckVars(&$step, 1);
CheckVars(&$forum_name, 64);
CheckVars(&$forum_desc, 255);
CheckVars(&$forum_order, 10);
CheckVars(&$old_name, 64);
/* Check that the user isn't trying to mess with the $step variable */
if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 && $step != 4 && $step != 5 && $step != 6 ) )
$step = 1;
/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */
if ( ( ( $forum_name == "" || $forum_desc == "" ) && ( $step == 3 || $step == 4 ) ) ||
( ( $step == 1 && $QUERY_STRING != "pid=forum_admin" ) ||
( $step == 2 && $QUERY_STRING != "pid=forum_admin&step=2" ) ||
( $step == 3 && $QUERY_STRING != "pid=forum_admin&step=3" ) ||
( $step == 4 && $QUERY_STRING != "pid=forum_admin" ) ||
( $step == 5 && $QUERY_STRING != "pid=forum_admin" ) ) ||
( ( $step != 1 && $step != 2 ) &&
( strlen(trim($forum_name)) == 0 || strlen(trim($forum_desc)) == 0 ) ) )
{
/* Give them an error if they are, and send them back to step 1 */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
$step = 1;
}
/* There are different actions that can be performed, figure out which one */
if ($action == "Edit Forum")
$step = 2;
else if ($action == "Edit")
{
$step = 2;
$type = "existing";
}
else if ($action == "Submit Forum")
$step = 4;
else if ($action == "Delete")
$step = 6;
/* If the user is submitting an existing forum for editting, then do to step 5 */
if ( $step == 4 && $type != "" )
$step = 5;
/* Strip out all escape characters */
if ( $step == 2 || $step == 3 )
{
$forum_name = stripslashes(strip_tags($forum_name));
$forum_desc = stripslashes(strip_tags($forum_desc));
$old_name = stripslashes(strip_tags($old_name));
}
/* Execute the requested step */
switch ($step)
{
/* Show the forum list */
default:
case 1:
ShowForums();
break;
/* Display the new forum page */
case 2:
ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type );
break;
/* Show preview */
case 3:
echo " <FORM action=\"?pid=forum_admin\" method=\"POST\" name=\"forum_admin\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR>\n"
. " <TD class=\"table_header\" colspan=\"2\">Forum Preview</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Forum Name:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $forum_name\n"
. " <INPUT type=\"hidden\" name=\"forum_name\" value=\"$forum_name\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Forum Description:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $forum_desc\n"
. " <INPUT type=\"hidden\" name=\"forum_desc\" value=\"$forum_desc\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Forum Order:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $forum_order\n"
. " <INPUT type=\"hidden\" name=\"forum_order\" value=\"$forum_order\">\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n"
. " <INPUT type=\"hidden\" name=\"type\" value=\"$type\">\n"
. " <INPUT type=\"hidden\" name=\"old_name\" value=\"$old_name\">\n"
. " <CENTER>\n"
. " <BR>\n"
. " <INPUT type=\"submit\" value=\"Edit Forum\" name=\"action\">\n"
. " &nbsp;\n"
. " <INPUT type=\"submit\" value=\"Submit Forum\" name=\"action\">\n"
. " </CENTER>\n"
. " </FORM>\n";
break;
/* Add the new forum to the database */
case 4:
/* If the form was posted, then analyze it and add it */
if ( $REQUEST_METHOD == "POST" )
{
/* Set the error to zero */
$no_err = 0;
/* Pull the number of forums with the same name */
$SQL = "SELECT COUNT(*) as forum_exists FROM " . TABLE_PREFIX . "forums WHERE forum_name='$forum_name';";
$results = ExeSQL($SQL);
/* Grab the data, and tell the user if the forum already exists */
while ($row = mysql_fetch_array($results))
{
if ($row["forum_exists"] != 0)
{
echo " <CENTER class=\"error_message\">A forum by that name already exists!</CENTER><BR>\n";
$no_err++;
}
}
/* If there were no errors */
if ($no_err == 0)
{
/* Add the new forum to the database */
$SQL = "INSERT INTO " . TABLE_PREFIX . "forums (forum_name, forum_desc, forum_order) VALUES ('$forum_name', '$forum_desc', '$forum_order');";
$results = ExeSQL($SQL);
/* Let the user know everything went fine, and show the forum list */
echo " <CENTER class=\"normal_message\">The new forum has successfully been added!</CENTER><BR>\n";
ShowForums();
return;
}
else
ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type );
}
else
{
/* If it wasn't posted, then give the user an error, and send them back */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type );
}
break;
/* Update an existing forum */
case 5:
/* Check if the form is posted */
if ( $REQUEST_METHOD == "POST" )
{
/* Set the errors to zero */
$no_err = 0;
/* If the old name and new name don't match then ... */
if ($forum_name != $old_name)
{
/* Pull the number of forums with the same name */
$SQL = "SELECT COUNT(*) as forum_exists FROM " . TABLE_PREFIX . "forums WHERE forum_name='$forum_name';";
$results = ExeSQL($SQL);
/* Grab the data and sit an error if the forum exists */
while ($row = mysql_fetch_array($results))
{
if ($row["forum_exists"] != 0)
{
echo " <CENTER class=\"error_message\">A forum by that name already exists!</CENTER><BR>\n";
$no_err++;
}
}
}
/* If there were no errors */
if ($no_err == 0)
{
/* Add the new forum to the database */
$SQL = "UPDATE " . TABLE_PREFIX . "forums SET forum_name='$forum_name', forum_desc='$forum_desc', forum_order='$forum_order' WHERE forum_id='$forum_id';";
$results = ExeSQL($SQL);
/* Let the user know it went fine, and default to the forum list */
echo " <CENTER class=\"normal_message\">The forum has successfully been updated!</CENTER><BR>\n";
ShowForums();
return;
}
else
ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type );
}
else
{
/* If it wasn't posted, then give an error, and show the forum form */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type );
}
break;
/* Delete the forum, and all it's associated threads and replies */
case 6:
/* The forum from the database */
$SQL = "DELETE FROM " . TABLE_PREFIX . "forums WHERE forum_id='$forum_id';";
$results = ExeSQL($SQL);
/* Delete the threads associated with the forum */
$SQL = "DELETE FROM " . TABLE_PREFIX . "threads WHERE forum_id='$forum_id';";
$results = ExeSQL($SQL);
/* Delete the replies associated with the forum */
$SQL = "DELETE FROM " . TABLE_PREFIX . "replies WHERE forum_id='$forum_id';";
$results = ExeSQL($SQL);
/* Give the user feedback */
echo " <CENTER class=\"normal_message\">The forum has successfully been removed!</CENTER><BR>\n";
ShowForums();
return;
break;
}
/*
* Show the current functions
*/
function
ShowForums()
{
echo " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">\n"
. " <TABLE cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\" class=\"table_header\">\n"
. " <TR>\n"
. " <TD>\n"
. " Forum Administration&nbsp;\n"
. " </TD>\n"
. " <TD align=\"right\">\n"
. " [ <A href=\"?pid=forum_admin&step=2\" class=\"table_header\">Add New Forum</A> ]\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n"
. " </TR>\n";
/* Set the active color */
$the_color = TABLE_COLOR_2;
/* Pull the forums */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "forums ORDER BY forum_order, forum_name;";
$results = ExeSQL($SQL);
/* Grab the data, and display the stuff */
while ($row = mysql_fetch_array($results))
{
/* Grab the specific columns */
$forum_id = $row["forum_id"];
$forum_name = $row["forum_name"];
$forum_order = $row["forum_order"];
$forum_desc = $row["forum_desc"];
/* Swap the color */
if ($the_color == TABLE_COLOR_2)
$the_color = TABLE_COLOR_1;
else
$the_color = TABLE_COLOR_2;
/* Display the data */
echo " <TR bgcolor=\"$the_color\">\n"
. " <TD>\n"
. " <TABLE cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n"
. " <TR>\n"
. " <TD>\n"
. " <FONT class=\"regular_text\">$forum_order. $forum_name</FONT><BR>\n"
. " <FONT class=\"small_text\">$forum_desc</FONT>\n"
. " </TD>\n"
. " <TD align=\"right\">\n"
. " <FORM action=\"?pid=forum_admin\" method=\"POST\">\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n"
. " <INPUT type=\"hidden\" name=\"forum_name\" value=\"$forum_name\">\n"
. " <INPUT type=\"hidden\" name=\"forum_desc\" value=\"$forum_desc\">\n"
. " <INPUT type=\"hidden\" name=\"forum_order\" value=\"$forum_order\">\n"
. " <INPUT type=\"submit\" name=\"action\" value=\"Edit\">\n"
. " <INPUT type=\"submit\" name=\"action\" value=\"Delete\" onClick=\"return Confirm('Are you sure you want to delete this forum, and all of it\'s associated posts?');\">\n"
. " </FORM>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n"
. " </TR>\n";
}
/* Close off the table */
echo " </TABLE>\n";
}
/*
* Display the form to add a forum
*/
function
ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type )
{
/* Display the stuff in the form! */
echo " <FORM action=\"?pid=forum_admin&step=3\" method=\"POST\" name=\"forum_admin\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\"><TD colspan=\"2\">Forum Administration</TD></TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Forum Name:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"forum_name\" value=\"$forum_name\" size=\"50\" max=\"64\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Forum Description:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TEXTAREA name=\"forum_desc\" rows=\"5\" cols=\"40\">$forum_desc</TEXTAREA>\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Forum Order:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"forum_order\" value=\"$forum_order\" size=\"50\" max=\"64\">\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n"
. " <INPUT type=\"hidden\" name=\"type\" value=\"$type\">\n"
. " <INPUT type=\"hidden\" name=\"old_name\" value=\"$forum_name\">\n"
. " <CENTER><BR><INPUT type=\"submit\" value=\"Preview Information\" name=\"action\"></CENTER>\n"
. " </FORM>\n";
}
?>

236
content/general_admin.php Normal file
View file

@ -0,0 +1,236 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'General Administration' page. *
* Don't forget the 12 space indent for all content pages. *
* *
* Last modified : September 13th, 2002 (JJS) *
\******************************************************************************/
/* As always, don't let them access the file directly */
$file_name = "general_admin.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Grab the veriables held by superglobals */
$board_name = GetVars("board_name");
$title_image = GetVars("title_image");
$action = GetVars("action");
/* Parse any user input */
CheckVars(&$step, 1);
CheckVars(&$board_name, 64);
CheckVars(&$title_image, 128);
/* Make sure someone isn't trying to feed the step number via the querystring */
if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 && $step != 4 ) )
$step = 1;
/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */
if ( ( ( $board_name == "" || $title_image == "" ) && ( $step == 3 || $step == 4 ) ) ||
( ( $step == 1 && $QUERY_STRING != "pid=general_admin" ) ||
( $step == 2 && $QUERY_STRING != "pid=general_admin" ) ||
( $step == 3 && $QUERY_STRING != "pid=general_admin" ) ||
( $step == 4 && $QUERY_STRING != "pid=general_admin" ) ) ||
( ( $step != 1 && $step != 2 ) &&
( strlen(trim($board_name)) == 0 || strlen(trim($title_image)) == 0 ) ) )
{
/* Give them an error if they are */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
$step = 1;
}
/* Determine which step to use */
if ($action == "Edit Properties")
$step = 2;
else if ($action == "Preview Properties")
$step = 3;
else if ($action == "Submit Properties")
$step = 4;
/* Strip out all escape characters */
if ( $step == 3 || $step == 4 )
$board_name = stripslashes(strip_tags($board_name));
/* Display the desired step */
switch ($step)
{
/* Show the forum list */
default:
case 1:
ShowProperties();
break;
/* Show edit form */
case 2:
ShowPropertyForm( $board_name, $title_image );
break;
/* Show preview */
case 3:
echo " <FORM action=\"index.php?pid=general_admin\" method=\"POST\" name=\"general_admin\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">Properties Preview</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Board Name:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $board_name\n"
. " <INPUT type=\"hidden\" name=\"board_name\" value=\"$board_name\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Title Image:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $title_image<BR><BR>\n"
. " <TABLE border class=\"table_border\" cellspacing=\"0\" cellpadding=\"0\">\n"
. " <TR>\n"
. " <TD><IMG src=\"$title_image\" border=\"0\"></TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"title_image\" value=\"$title_image\">\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <CENTER>\n"
. " <BR>\n"
. " <INPUT type=\"submit\" value=\"Edit Properties\" name=\"action\">\n"
. " &nbsp;\n"
. " <INPUT type=\"submit\" value=\"Submit Properties\" name=\"action\">\n"
. " </CENTER>\n"
. " </FORM>\n";
break;
/* Add the new forum to the database */
case 4:
/* Check if the page was POSTed */
if ( $REQUEST_METHOD == "POST" )
{
/* Set the error to zero */
$no_err = 0;
/* Delete the existing properties */
$SQL = "DELETE FROM " . TABLE_PREFIX . "properties;";
$results = ExeSQL($SQL);
/* Add the new ones in */
$SQL = "INSERT INTO " . TABLE_PREFIX . "properties (board_name, title_image) VALUES ('$board_name', '$title_image');";
$results = ExeSQL($SQL);
/* Let the user know what's up, then show the properties */
echo " <CENTER class=\"normal_message\">The properties have successfully been modified!</CENTER><BR>\n";
ShowProperties();
return;
}
else
ShowMessageForm( $message_name, $message_body, $message_id );
break;
}
/*
* Show the existing properties and values
*/
function
ShowProperties()
{
/* Spit out the top part of the HTML */
echo " <FORM action=\"?pid=general_admin\" method=\"POST\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">\n"
. " <TABLE cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n"
. " <TR>\n"
. " <TD class=\"table_header\">\n"
. " General Administration</B>&nbsp;\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n"
. " </TR>\n";
/* Set the color */
$the_color = TABLE_COLOR_2;
/* Pull the properties */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "properties;";
$results = ExeSQL($SQL);
/* Grab the data, and assign it to variables */
while ($row = mysql_fetch_array($results))
{
$board_name = $row["board_name"];
$title_image = $row["title_image"];
}
/* Display the properties */
echo " <TR bgcolor=\"" . TABLE_COLOR_1 . "\">\n"
. " <TD class=\"regular_text\" width=\"25%\">\n"
. " <B>Board Name:</B><BR>\n"
. " </TD>\n"
. " <TD class=\"regular_text\" width=\"50%\">\n"
. " $board_name<BR>\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\">\n"
. " <TD class=\"regular_text\" width=\"25%\" valign=\"top\">\n"
. " <B>Title Image:</B><BR>\n"
. " </TD>\n"
. " <TD class=\"regular_text\" width=\"50%\">\n"
. " $title_image<BR><BR>\n"
. " <TABLE border class=\"table_border\" cellspacing=\"0\" cellpadding=\"0\">\n"
. " <TR>\n"
. " <TD><IMG src=\"$title_image\" border=\"0\"></TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <CENTER><BR>\n"
. " <INPUT type=\"hidden\" name=\"board_name\" value=\"$board_name\">\n"
. " <INPUT type=\"hidden\" name=\"title_image\" value=\"$title_image\">\n"
. " <INPUT type=\"submit\" name=\"action\" value=\"Edit Properties\">\n"
. " </CENTER>\n"
. " </FORM>\n";
}
/*
* Show the form to edit the properties
*/
function
ShowPropertyForm( $board_name, $title_image )
{
/* What are you waiting for, show it already! */
echo " <FORM action=\"index.php?pid=general_admin\" method=\"POST\" name=\"general_admin\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">General Administration</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Board Name:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"board_name\" value=\"$board_name\" size=\"50\" maxlength=\"64\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Title Image:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"title_image\" value=\"$title_image\" size=\"50\" maxlength=\"128\">\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <CENTER><BR><INPUT type=\"submit\" value=\"Preview Properties\" name=\"action\"></CENTER>\n"
. " </FORM>\n";
}
?>

1
content/index.php Normal file
View file

@ -0,0 +1 @@
<? header("Location: ../index.php"); ?>

80
content/login.php Normal file
View file

@ -0,0 +1,80 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'Login' page. Don't forget the *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 13th, 2002 (JJS) *
\******************************************************************************/
/* Run this stuff so people can't call this file directly */
$file_name = "login.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* If the user performed a bad login, then tell them */
if ($login == "failed")
echo " <CENTER class=\"error_message\">Bad login credentials, try again.</CENTER><BR>";
/* Display the top part of the form */
echo " <FORM method=\"POST\" action=\"index.php?pid=login\">\n"
. " <TABLE width=\"100%\" cellspacing=\"0\" cellpadding=\"5\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD>Login</TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD align=\"center\" bgcolor=\"" . TABLE_COLOR_1 . "\">\n"
. " <TABLE align=\"center\">\n"
. " <TR class=\"regular_text\">\n"
. " <TD align=\"right\">\n"
. " Username:&nbsp;\n"
. " </TD>\n"
. " <TD>\n"
. " <INPUT type=\"text\" name=\"username\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR class=\"regular_text\">\n"
. " <TD align=\"right\">\n"
. " Password:&nbsp;\n"
. " </TD>\n"
. " <TD>\n"
. " <INPUT type=\"password\" name=\"password\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD align=\"center\" colspan=\"2\">\n"
. " <INPUT type=\"submit\" value=\"Login\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD align=\"center\" colspan=\"2\" class=\"small_text\">\n"
. " <A href=\"?pid=forgot_password\">Forgot Password?</A>\n"
. " </TD>\n"
. " </TABLE>\n";
/* If $destination isn't NULL, then put it on the form */
if ($destination != "")
echo " <INPUT type=\"hidden\" name=\"destination\" value=\"$destination\">\n";
/* Same with the $forum_id */
if ($forum_id != "")
echo " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n";
/* Same with the $thread_id */
if ($thread_id != "")
echo " <INPUT type=\"hidden\" name=\"thread_id\" value=\"$thread_id\">\n";
/* Let's close off the form */
echo " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </FORM>\n";
?>

273
content/post_reply.php Normal file
View file

@ -0,0 +1,273 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'Post Reply' page. Don't forget *
* the 12 space indent for all content pages. *
* *
* Last modified : September 24th, 2002 (JJS) *
\******************************************************************************/
/* Stop lame hacker kiddies */
$file_name = "post_reply.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Grab the user's IP address from the super global */
$user_ip = $_SERVER['REMOTE_ADDR'];
$step = GetVars("step");
$action = GetVars("action");
$email = GetVars("email");
$include_sig = GetVars("include_sig");
/* Parse any user input */
CheckVars(&$step, 1);
CheckVars(&$user_ip, 15);
/* Determine which step to use */
if ($action == "Edit Reply")
$step = 1;
else if ($action == "Post Reply")
$step = 3;
/* Strip out all escape characters */
if ($step == 1)
{
$message = str_replace("<BR>", "", $message);
$message = stripslashes(htmlspecialchars($message));
}
/* And again, along with adding line breaks */
if ($step == 2)
{
$message = stripslashes(htmlspecialchars($message));
$message = nl2br($message);
$message = str_replace("<br />", "<BR>", $message);
}
/* One more time, but add <BR>'s */
if ($step == 3)
{
$message = htmlspecialchars($message);
$message = str_replace("&lt;BR&gt;", "<BR>", $message);
}
/* Pull the thread list */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "threads;";
$results = ExeSQL($SQL);
/* Grab the data, and load it in array's */
while ($row = mysql_fetch_array($results))
{
$thread_list[] = $row["thread_id"];
$forum_list[] = $row["forum_id"];
}
/* Check to see if the thread the user is requesting is real */
if (!(in_array($thread_id, $thread_list)))
{
/* If not, let them know, and redirect them */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
require ("./content/view_forums.php");
return;
}
/* Assign values to use later - yes, I did forget what these do */
$thread_forum = array_search($thread_id, $thread_list);
$correct_forum = $forum_list[$thread_forum];
/* Check to see if the forum the user is requesting is the right one */
if ($correct_forum != $forum_id)
{
/* If not, then tell them off */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
require ("./content/view_forums.php");
return;
}
/* Check that the user isn't trying to mess with the $step variable */
if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 ) )
$step = 1;
/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */
if ( ( ( $message == "" ) && ( $step == 3 ) ) || strlen($QUERY_STRING) >= 50 ||
( ( $step == 2 && $QUERY_STRING != "pid=post_reply&step=2" ) ||
( $step == 3 && $QUERY_STRING != "pid=post_reply" ) ) ||
( $step != 1 && strlen(trim($message)) == 0 ) )
{
/* And if they are, tell them off! */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
$step = 1;
}
/* Which step do we want to run? */
switch ($step)
{
/* Display the post reply form */
default:
case 1:
ShowPostReplyForm( $username, $password, $email, $message, $include_sig, $user_id, $thread_id, $forum_id );
break;
/* Display the reply for the user to preview */
case 2:
/* Show the top of the form */
echo " <FORM action=\"?pid=post_reply\" method=\"POST\" name=\"post_reply\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">New Reply Preview</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Message:</B></TD>\n"
. " <TD width=\"50%\">\n";
/* Pull the user's signature */
$SQL = "SELECT user_signature FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';";
$results = ExeSQL($SQL);
/* Grab the data, and load it in a variable */
while ($row = mysql_fetch_array($results))
$signature = $row["user_signature"];
/* If the user has a signature and wants to use it, then show it */
if ($signature != "" && $include_sig == "yes")
$display_message = $message . "<BR><BR>" . $signature;
else
$display_message = $message;
/* Show the bottom of the form */
echo " $display_message\n"
. " <INPUT type=\"hidden\" name=\"message\" value=\"$message\">\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"include_sig\" value=\"$include_sig\">\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n"
. " <INPUT type=\"hidden\" name=\"thread_id\" value=\"$thread_id\">\n"
. " <INPUT type=\"hidden\" name=\"user_id\" value=\"$user_id\">\n"
. " <CENTER>\n"
. " <BR>\n"
. " <INPUT type=\"Submit\" value=\"Edit Reply\" name=\"action\">\n"
. " &nbsp;\n"
. " <INPUT type=\"Submit\" value=\"Post Reply\" name=\"action\">\n"
. " </CENTER>\n"
. " </FORM>\n";
break;
/* Check the user's input, add the reply to the database, and display the reply */
case 3:
/* Make sure they POSTed the form */
if ( $REQUEST_METHOD == "POST" )
{
/* Pull the user's signature */
$SQL = "SELECT user_signature FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';";
$results = ExeSQL($SQL);
/* Grab the data and load it in a variable */
while ($row = mysql_fetch_array($results))
$signature = $row["user_signature"];
/* If they have a sig, and want to include it, then include it! */
if ($signature != "" && $include_sig == "yes")
$message = $message . "<BR><BR>" . $signature;
/* Insert the reply into the database */
$SQL = "INSERT INTO " . TABLE_PREFIX . "replies (reply_body, user_id, user_ip, thread_id, forum_id) VALUES ('$message', '$user_id', '$user_ip', '$thread_id', '$forum_id');";
$results = ExeSQL($SQL);
/* Now be a good forum, and thank the kind user */
echo " <CENTER class=\"normal_message\">Thanks for posting!</CENTER><BR>\n";
/* Show the reply list */
require ("./content/view_replies.php");
}
else
{
/* If they didn't POST it, then error out */
echo " <CENTER class=\"error_message\"><B>Malformed request detected!</CENTER><BR>\n";
ShowPostReplyForm( $username, $password, $email, $message, $include_sig, $user_id, $thread_id, $forum_id, $db_name, $connection );
}
break;
}
/*
* Show the form for the user to fill out
*/
function
ShowPostReplyForm( $username, $password, $email, $message, $include_sig, $user_id, $thread_id, $forum_id )
{
/* Show the beginning of the form */
echo " <SCRIPT language=\"JavaScript\">\n"
. " function\n"
. " CheckForm()\n"
. " {\n"
. " if (document.post_reply.message.value == '')\n"
. " {\n"
. " alert('The \'Message\' field is mandatory!');\n"
. " document.post_reply.message.focus(1);\n"
. " return false;\n"
. " }\n"
. " }\n"
. " </SCRIPT>\n"
. " <FORM action=\"?pid=post_reply&step=2\" method=\"POST\" name=\"post_reply\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">Post New Reply</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\" nowrap><B>Message:</B></TD>\n"
. " <TD width=\"50%\" nowrap>\n"
. " <TABLE border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n"
. " <TR>\n"
. " <TD>\n"
. " <TEXTAREA name=\"message\" cols=\"65\" rows=\"10\">$message</TEXTAREA><BR>\n"
. " </TD>\n"
. " </TR>\n";
/* Pull the user's signature */
$SQL = "SELECT user_signature, user_usesig FROM " . TABLE_PREFIX . "users WHERE user_name='$username';";
$results = ExeSQL($SQL);
/* Grab the data, and load it into variables */
while ($row = mysql_fetch_array($results))
{
/* Grab the actual signature */
$signature = $row["user_signature"];
/* Determine if they use it by default */
if ($row["user_usesig"] == 1)
$use_sig = " checked";
else
$use_sig = "";
}
/* If there is a signature, then display the option to use it */
if ($signature != "")
{
echo " <TR class=\"regular_text\">\n"
. " <TD align=\"right\">\n"
. " <INPUT type=\"checkbox\" name=\"include_sig\" value=\"yes\"$use_sig> Include Signature?</A>\n"
. " </TD>\n"
. " </TR>\n";
}
/* Now spit out the rest of the HTML so we can get the heck outta this file! */
echo " </TABLE>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"user_id\" value=\"$user_id\">\n"
. " <INPUT type=\"hidden\" name=\"thread_id\" value=\"$thread_id\">\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n"
. " <CENTER><BR><INPUT type=\"Submit\" value=\"Preview Reply\" onClick=\"return CheckForm();\"></CENTER>\n"
. " </FORM>\n";
}
?>

273
content/post_thread.php Normal file
View file

@ -0,0 +1,273 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'Post Thread' page. Don't *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 24th, 2002 (JJS) *
\******************************************************************************/
/* Disallow direct access to this file */
$file_name = "post_thread.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Get the variables we need */
$user_ip = GetVars("REMOTE_ADDR");
$action = GetVars("action");
$email = GetVars("email");
$include_sig = GetVars("include_sig");
$step = GetVars("step");
/* Parse any user input */
CheckVars(&$step, 1);
CheckVars(&$user_ip, 15);
/* Determine which step to use */
if ($action == "Edit Thread")
$step = 1;
else if ($action == "Post Thread")
$step = 3;
/* Strip out all escape characters */
if ($step == 1)
{
$title = stripslashes(htmlspecialchars($title));
$message = str_replace("<BR>", "", $message);
$message = stripslashes(htmlspecialchars($message));
}
/* Along with replacing the </ br>'s */
if ($step == 2)
{
$title = stripslashes(htmlspecialchars($title));
$message = stripslashes(htmlspecialchars($message));
$message = nl2br($message);
$message = str_replace("<br />", "<BR>", $message);
}
/* And also adding <BR>'s */
if ($step == 3)
{
$title = htmlspecialchars($title);
$message = htmlspecialchars($message);
$message = str_replace("&lt;BR&gt;", "<BR>", $message);
}
/* Pull the forum list */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "forums;";
$results = ExeSQL($SQL);
/* Grab the data, and load it in an array */
while ($row = mysql_fetch_array($results))
$forum_list[] = $row["forum_id"];
/* Check to see if the forum the user is requesting is real */
if (!(in_array($forum_id, $forum_list)))
{
/* If not, let them know */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
require ("./content/view_forums.php");
return;
}
/* Check that the user isn't trying to mess with the $step variable */
if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 ) )
$step = 1;
/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */
if ( ( ( $title == "" || $message == "" ) && ( $step == 3 ) ) || strlen($QUERY_STRING) >= 50 ||
( ( $step == 2 && $QUERY_STRING != "pid=post_thread&step=2" ) ||
( $step == 3 && $QUERY_STRING != "pid=post_thread" ) ) ||
( $step != 1 && ( strlen(trim($title)) == 0 || strlen(trim($message)) == 0 ) ) )
{
/* If so, bitch at them */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
$step = 1;
}
/* Display the desired step */
switch ($step)
{
/* Display the post thread form */
default:
case 1:
ShowPostThreadForm( $username, $password, $email, $title, $message, $include_sig, $user_id, $forum_id );
break;
/* Display the thread for the user to preview */
case 2:
/* Display the top part */
echo " <FORM action=\"?pid=post_thread\" method=\"POST\" name=\"post_thread\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">New Thread Preview</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\"><B>Title:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $title\n"
. " <INPUT type=\"hidden\" name=\"title\" value=\"$title\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Message:</B></TD>\n"
. " <TD width=\"50%\">\n";
/* Pull the user's signature */
$SQL = "SELECT user_signature FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';";
$results = ExeSQL($SQL);
/* Grab the data, and load it in a variable */
while ($row = mysql_fetch_array($results))
$signature = $row["user_signature"];
/* If we have a signature, then include it */
if ($signature != "" && $include_sig == "yes")
$display_message = $message . "<BR><BR>" . $signature;
else
$display_message = $message;
/* Display the rest of the page */
echo " $display_message\n"
. " <INPUT type=\"hidden\" name=\"message\" value=\"$message\">\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"include_sig\" value=\"$include_sig\">\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n"
. " <INPUT type=\"hidden\" name=\"user_id\" value=\"$user_id\">\n"
. " <CENTER>\n"
. " <BR>\n"
. " <INPUT type=\"Submit\" value=\"Edit Thread\" name=\"action\">\n"
. " &nbsp;\n"
. " <INPUT type=\"Submit\" value=\"Post Thread\" name=\"action\">\n"
. " </CENTER>\n"
. " </FORM>\n";
break;
/* Check the user's input, add the thread to the database, and display the thread */
case 3:
/* Make sure the form was POSTed */
if ( $REQUEST_METHOD == "POST" )
{
/* Pull the user's signature */
$SQL = "SELECT user_signature FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';";
$results = ExeSQL($SQL);
/* Grab the data, and load it in a variable */
while ($row = mysql_fetch_array($results))
$signature = $row["user_signature"];
/* Include the signature if they want it to be */
if ($signature != "" && $include_sig == "yes")
$message = $message . "<BR><BR>" . $signature;
/* Insert the thread into the database */
$SQL = "INSERT INTO " . TABLE_PREFIX . "threads (thread_title, thread_body, user_id, user_ip, forum_id) VALUES ('$title', '$message', '$user_id', '$user_ip', '$forum_id');";
$results = ExeSQL($SQL);
/* Give 'em props */
echo " <CENTER class=\"normal_message\">Thanks for posting!</CENTER><BR>\n";
/* Show the thread list */
require ("./content/view_threads.php");
}
else
{
/* If not POSTed, then error out */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
ShowPostThreadForm( $username, $password, $email, $title, $message, $include_sig, $user_id, $forum_id );
}
break;
}
/*
* Show the form the user needs to fill out to post
*/
function
ShowPostThreadForm( $username, $password, $email, $title, $message, $include_sig, $user_id, $forum_id )
{
/* Start with the JavaScript header, and then some */
echo " <SCRIPT language=\"JavaScript\">\n"
. " function\n"
. " CheckForm()\n"
. " {\n"
. " if (document.post_thread.title.value == '')\n"
. " {\n"
. " alert('The \'Title\' field is mandatory!');\n"
. " document.post_thread.title.focus(1);\n"
. " return false;\n"
. " }\n"
. " if (document.post_thread.message.value == '')\n"
. " {\n"
. " alert('The \'Message\' field is mandatory!');\n"
. " document.post_thread.message.focus(1);\n"
. " return false;\n"
. " }\n"
. " return true;\n"
. " }\n"
. " </SCRIPT>\n"
. " <FORM action=\"?pid=post_thread&step=2\" method=\"POST\" name=\"post_thread\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">Post New Thread</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Title:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"title\" value=\"$title\" maxlength=\"64\" size=\"50\"> <FONT class=\"small_text\">Max: 128 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\" nowrap><B>Message:</B></TD>\n"
. " <TD width=\"50%\" nowrap>\n"
. " <TABLE border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n"
. " <TR>\n"
. " <TD>\n"
. " <TEXTAREA name=\"message\" cols=\"65\" rows=\"10\">$message</TEXTAREA><BR>\n"
. " </TD>\n"
. " </TR>\n";
/* Pull the user's signature */
$SQL = "SELECT user_signature, user_usesig FROM " . TABLE_PREFIX . "users WHERE user_name='$username';";
$results = ExeSQL($SQL);
/* Grab the data, and figure out if we want to include the signature or not */
while ($row = mysql_fetch_array($results))
{
$signature = $row["user_signature"];
if ($row["user_usesig"] == 1)
$use_sig = " checked";
else
$use_sig = "";
}
/* If the user has a signature, then give them the option to use it */
if ($signature != "")
{
echo " <TR class=\"regular_text\">\n"
. " <TD align=\"right\">\n"
. " <INPUT type=\"checkbox\" name=\"include_sig\" value=\"yes\"$use_sig> Include Signature?</A>\n"
. " </TD>\n"
. " </TR>\n";
}
/* Finish it off */
echo " </TABLE>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"user_id\" value=\"$user_id\">\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n"
. " <CENTER><BR><INPUT type=\"Submit\" value=\"Preview Thread\" onClick=\"return CheckForm();\"></CENTER>\n"
. " </FORM>\n";
}
?>

532
content/register.php Normal file
View file

@ -0,0 +1,532 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'Registation' page. Don't *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 14th, 2002 (JJS) *
\******************************************************************************/
/* Call this file directly, get sent back */
$file_name = "register.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Grab the veriables held by super globals */
$username = GetVars("username");
$password = GetVars("password");
$email = GetVars("email");
$location = GetVars("location");
$occupation = GetVars("occupation");
$homepage = GetVars("homepage");
$picture = GetVars("picture");
$interests = GetVars("interests");
$aim = GetVars("aim");
$icq = GetVars("icq");
$yahoo = GetVars("yahoo");
$signature = GetVars("signature");
$include_sig = GetVars("include_sig");
$action = GetVars("action");
$step = GetVars("step");
/* Parse any user input */
CheckVars(&$step, 1);
CheckVars(&$username, 64);
CheckVars(&$password, 64);
CheckVars(&$confirm_password, 64);
CheckVars(&$email, 128);
CheckVars(&$location, 128);
CheckVars(&$occupation, 64);
CheckVars(&$homepage, 128);
CheckVars(&$picture, 128);
CheckVars(&$interests, 255);
CheckVars(&$aim, 16);
CheckVars(&$icq, 16);
CheckVars(&$yahoo, 32);
CheckVars(&$signature, 255);
CheckVars(&$include_sig, 1);
/* Strip &nbsp; from the username */
$username = str_replace("&nbsp;", "", $username);
/* Check that the user isn't trying to mess with the $step variable */
if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 && $step != 4 ) )
$step = 1;
/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */
if ( ( ( $username == "" || $password == "" || $email == "" ) && ( $step == 3 || $step == 4 ) ) ||
( ( $step == 1 && $QUERY_STRING != "pid=register" ) ||
( $step == 2 && $QUERY_STRING != "pid=register&step=2" ) ||
( $step == 3 && $QUERY_STRING != "pid=register&step=3" ) ||
( $step == 4 && $QUERY_STRING != "pid=register" ) ) ||
( ( $step != 1 && $step != 2 ) &&
( strlen(trim($username)) == 0 || strlen(trim($password)) == 0 || strlen(trim($email)) == 0 ) ) )
{
/* If so, give them an error */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
$step = 1;
}
/* Determine which step to go to */
if ($action == "Edit Information")
$step = 2;
else if ($action == "Submit Information")
$step = 4;
/* Parse some of the variables to ensure accurate values */
if ( $step == 2 && $homepage == "" )
$homepage = "http://";
if ( $step == 2 && $picture == "" )
$picture = "http://";
/* Strip out all escape characters */
if ($step == 2)
{
$username = stripslashes(strip_tags($username));
$password = stripslashes(strip_tags($password));
$email = stripslashes(strip_tags($email));
$location = stripslashes(strip_tags($location));
$occupation = stripslashes(strip_tags($occupation));
$homepage = stripslashes(strip_tags($homepage));
$picture = stripslashes(strip_tags($picture));
$interests = stripslashes(strip_tags($interests));
$aim = stripslashes(strip_tags($aim));
$icq = stripslashes(strip_tags($icq));
$yahoo = stripslashes(strip_tags($yahoo));
$signature = stripslashes(strip_tags($signature));
}
/* Again, with some sig clean up */
if ($step == 3)
{
$username = stripslashes(strip_tags($username));
$password = stripslashes(strip_tags($password));
$email = stripslashes(strip_tags($email));
$location = stripslashes(strip_tags($location));
$occupation = stripslashes(strip_tags($occupation));
$homepage = stripslashes(strip_tags($homepage));
$picture = stripslashes(strip_tags($picture));
$interests = stripslashes(strip_tags($interests));
$aim = stripslashes(strip_tags($aim));
$icq = stripslashes(strip_tags($icq));
$yahoo = stripslashes(strip_tags($yahoo));
$signature = stripslashes(htmlspecialchars($signature));
$signature = nl2br($signature);
$signature = str_replace("<br />", "<BR>", $signature);
}
/* This time, just signature clean up */
if ($step == 4)
{
$signature = htmlspecialchars($signature);
$signature = str_replace("&lt;BR&gt;", "<BR>", $signature);
}
/* To step, or not to step! */
switch ($step)
{
/* Display the TOS */
default:
case 1:
/* Start displaying the TOS */
echo " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD>Usage Policy</TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " Registration for our community is 100% free! If you agree to abide by our rules below, you should press the \"Agree\" button, which will enable you to register. If you do not agree, press the \"Cancel\" button.\n"
. " </TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n";
/* Grab the TOS */
require("language/tos.php");
/* Display the TOS */
echo " " . TERMS_OF_SERVICE . "\n";
/* Finish off the page */
echo " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <CENTER class=\"regular_text\">\n"
. " <B><A href=\"?pid=register&step=2\">Agree</A> | <A href=\"?pid=view_forums\">Cancel</A></B>\n"
. " </CENTER>\n";
break;
/* Display the form for the user to fill out */
case 2:
ShowRegistrationForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig );
break;
/* Display the info the user supplied and prompt them to continue or edit */
case 3:
/* Line starts here, no cutting [or pasting ;)] */
echo " <FORM action=\"index.php?pid=register\" method=\"POST\" name=\"registration\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">Registration Preview</TD>\n"
. " </TR>\n";
/* Set the active color */
$the_color = TABLE_COLOR_2;
/* Display the mandatory fields */
PreviewSection ( $username, "Username", &$the_color );
PreviewSection ( $password, "Password", &$the_color );
PreviewSection ( $email, "Email", &$the_color );
/* Display the optional fields, if they were filled in */
if ( $location != "" )
PreviewSection( $location, "Location", &$the_color );
if ( $occupation != "" )
PreviewSection( $occupation, "Occupation", &$the_color );
if ( $homepage != "" && $homepage != "http://" )
PreviewSection( $homepage, "Homepage", &$the_color );
if ( $picture != "" && $picture != "http://" )
PreviewSection ( $picture, "Picture", &$the_color );
if ( $interests != "" )
PreviewSection ( $interests, "Interests", &$the_color );
if ( $aim != "" )
PreviewSection ( $aim, "AOL Instant Messenger", &$the_color );
if ( $icq != "" )
PreviewSection ( $icq, "ICQ", &$the_color );
if ( $yahoo != "" )
PreviewSection ( $yahoo, "Yahoo Pager", &$the_color );
if ( $signature != "" )
{
/* Swap the colors */
if ($the_color == TABLE_COLOR_1)
$the_color = TABLE_COLOR_2;
else
$the_color = TABLE_COLOR_1;
/* Start the section */
echo " <TR bgcolor=\"$the_color\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Signature:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $signature<BR><BR>\n"
. " <I>\n";
/* Display if the signature will be added by default */
if ($include_sig == 1)
echo " You have chosen to include this signature on new posts.\n";
else
echo " You have chosen to not include this signature on new posts.\n";
/* Finish off the section */
echo " </I>\n"
. " <INPUT type=\"hidden\" name=\"signature\" value=\"$signature\">\n"
. " <INPUT type=\"hidden\" name=\"include_sig\" value=\"$include_sig\">\n"
. " </TD>\n"
. " </TR>\n";
}
/* And then we finish off the form */
echo " </TABLE>\n"
. " <CENTER><BR><INPUT type=\"Submit\" value=\"Edit Information\" name=\"action\"> <INPUT type=\"Submit\" value=\"Submit Information\" name=\"action\"></CENTER>\n"
. " </FORM>\n";
break;
/* Check the user's input, add the user to the database, and display the results */
case 4:
/* Make sure it was POSTed, if it wasn't they are trying to be slick */
if ( $REQUEST_METHOD == "POST" )
{
/* No errors... yet */
$no_err = 0;
/* Pull the number of accounts with the same username */
$SQL = "SELECT COUNT(*) as user_exists FROM " . TABLE_PREFIX . "users WHERE user_name='$username';";
$results = ExeSQL($SQL);
/* Grab the data, parse the results */
while ($row = mysql_fetch_array($results))
{
/* If the username exists, error out */
if ($row["user_exists"] != 0)
{
echo " <CENTER class=\"error_message\">That username already exists!</CENTER><BR>\n";
$no_err++;
}
}
/* Pull the number of accounts with the same email */
$SQL = "SELECT COUNT(*) as email_exists FROM " . TABLE_PREFIX . "users WHERE user_email='$email';";
$results = ExeSQL($SQL);
/* Grab the data, parse the results */
while ($row = mysql_fetch_array($results))
{
/* If the email exists, then error out */
if ($row["email_exists"] != 0)
{
echo " <CENTER class=\"error_message\">Someone has already registered using that email address!</CENTER><BR>\n";
$no_err++;
}
}
/* If there are no errors, then proceed with the registration */
if ($no_err == 0)
{
/* Clear out the URL variables if they still contain 'http://' */
if ($homepage == "http://") { $homepage = ""; }
if ($picture == "http://") { $picture = ""; }
/* Crypt the password to a random salt */
$password = crypt($password);
/* Determine if the sig will be added by default */
if ($include_sig != 1)
$include_sig == 0;
/* Insert the user into the database */
$SQL = "INSERT INTO " . TABLE_PREFIX . "users (user_name, user_email, user_pass, user_location, user_occupation, user_homepage, user_picture, user_interests, user_aim, user_icq, user_yahoo, user_signature, user_usesig) VALUES ('$username', '$email', '$password', '$location', '$occupation', '$homepage', '$picture', '$interests', '$aim', '$icq', '$yahoo', '$signature', '$include_sig');";
$results = ExeSQL($SQL);
/* Log the new user in */
SetCookie("user_name", $username, time() + 86400, '', $_SERVER['HTTP_HOST']);
SetCookie("user_pass", $password, time() + 86400, '', $_SERVER['HTTP_HOST']);
/* Set their login status */
$logged_in = 1;
/* Finish off the registration */
echo " <CENTER class=\"regular_text\">\n"
. " <B>Thanks for registering!</B><BR>\n"
. " <A href=\"index.php\">Click here to log in!</A>\n"
. " </CENTER>\n"
. " <BR>\n";
require("./content/view_forums.php");
return;
}
else
ShowRegistrationForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig );
}
else
{
/* If they didn't POST it, then error out */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
ShowRegistrationForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig );
}
break;
}
/*
* Show the registration form
*/
function
ShowRegistrationForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig )
{
/* Start displaying the damned thing */
echo " <SCRIPT language=\"JavaScript\">\n"
. " function\n"
. " CheckForm()\n"
. " {\n"
. " if (document.registration.username.value == '')\n"
. " {\n"
. " alert('The \'Username\' field is mandatory!');\n"
. " document.registration.username.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.registration.password.value == '')\n"
. " {\n"
. " alert('The \'Password\' field is mandatory!');\n"
. " document.registration.password.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.registration.confirm_password.value == '')\n"
. " {\n"
. " alert('The \'Confirm Password\' field is mandatory!');\n"
. " document.registration.confirm_password.focus(1);\n"
. " return false;\n"
. " }\n"
. " if (document.registration.password.value != document.registration.confirm_password.value)\n"
. " {\n"
. " alert('The \'Password\' and \'Confirm Password\' fields must be the same!');\n"
. " document.registration.password.focus();\n"
. " document.registration.password.select();\n"
. " return false;\n"
. " }\n"
. " if (document.registration.password.value.length < 6)\n"
. " {\n"
. " alert('The \'Password\' field must be at least 6 characters!');\n"
. " document.registration.password.focus();\n"
. " document.registration.password.select();\n"
. " return false;\n"
. " }\n"
. " if (document.registration.email.value == '')\n"
. " {\n"
. " alert('The \'Email\' field is mandatory!');\n"
. " document.registration.email.focus();\n"
. " return false;\n"
. " }\n"
. " if (!ValidateEmail(document.registration.email.value))\n"
. " {\n"
. " alert('You must supply a valid email address.');\n"
. " document.registration.email.focus();\n"
. " document.registration.email.select();\n"
. " return false;\n"
. " }\n"
. " if (document.registration.signature.value.length > 255)\n"
. " {\n"
. " alert('The \'Signature\' field cannot exceed 255 characters!');\n"
. " document.registration.signature.focus();\n"
. " document.registration.signature.select();\n"
. " return false;\n"
. " }\n"
. " return true;\n"
. " }\n"
. " function\n"
. " ValidateEmail(address)\n"
. " {\n"
. " if (/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/.test(address))\n"
. " {\n"
. " return true;\n"
. " }\n"
. " return false;\n"
. " }\n"
. " </SCRIPT>\n"
. " <FORM action=\"index.php?pid=register&step=3\" method=\"POST\" name=\"registration\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">Required Information</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Username:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"username\" value=\"$username\" maxlength=\"64\" size=\"50\"> <FONT class=\"small_text\">Max: 64 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Password:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"password\" name=\"password\" value=\"$password\" maxlength=\"64\" size=\"50\"> <FONT class=\"small_text\">Min 6 characters - Max: 64 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Confirm Password:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"password\" name=\"confirm_password\" value=\"$password\" maxlength=\"64\" size=\"50\"> <FONT class=\"small_text\">Min: 6 characters - Max: 64 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Email:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"email\" value=\"$email\" maxlength=\"128\" size=\"50\"> <FONT class=\"small_text\">Max: 128 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">Optional Information</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Location:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"location\" value=\"$location\" maxlength=\"128\" size=\"50\"> <FONT class=\"small_text\">Max: 128 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Occupation:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"occupation\" value=\"$occupation\" maxlength=\"64\" size=\"50\"> <FONT class=\"small_text\">Max: 64 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Homepage:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"homepage\" value=\"$homepage\" maxlength=\"128\" size=\"50\"> <FONT class=\"small_text\">Max: 128 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Picture:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"picture\" value=\"$picture\" maxlength=\"128\" size=\"50\"> <FONT class=\"small_text\">Max: 128 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Interests:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"interests\" value=\"$interests\" maxlength=\"255\" size=\"50\"> <FONT class=\"small_text\">Max: 255 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>AOL Instant Messenger:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"aim\" value=\"$aim\" maxlength=\"16\" size=\"50\"> <FONT class=\"small_text\">Max: 16 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>ICQ:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"icq\" value=\"$icq\" maxlength=\"16\" size=\"50\"> <FONT class=\"small_text\" size=\"1\">Max: 16 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" nowrap><B>Yahoo Pager:</B></TD>\n"
. " <TD width=\"50%\" nowrap><INPUT type=\"text\" name=\"yahoo\" value=\"$yahoo\" maxlength=\"32\" size=\"50\"> <FONT class=\"small_text\">Max: 32 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\" nowrap><B>Signature:</B></TD>\n"
. " <TD width=\"50%\" valign=\"top\" nowrap>\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\">\n"
. " <TR>\n"
. " <TD><TEXTAREA name=\"signature\" rows=\"5\" cols=\"40\" maxlength=\"255\">$signature</TEXTAREA></TD>\n"
. " <TD valign=\"top\" nowrap>&nbsp;<FONT class=\"small_text\">Max: 255 characters</FONT></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD colspan=\"2\" class=\"regular_text\">\n";
/* Check the box if the signature is to be included */
if ($include_sig == 1)
$checked = " checked";
else
$checked = "";
/* Display the rest of the form */
echo " <INPUT type=\"checkbox\" name=\"include_sig\" value=\"1\"$checked> Include Signature on New Posts?\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <CENTER><BR><INPUT type=\"Submit\" value=\"Preview Information\" onClick=\"return CheckForm();\"></CENTER>\n"
. " </FORM>\n";
}
/*
* Display the portion that is being previewed
*/
function
PreviewSection ( $section_value, $section_title, $the_color )
{
/* Swap the colors */
if ($the_color == TABLE_COLOR_1)
$the_color = TABLE_COLOR_2;
else
$the_color = TABLE_COLOR_1;
/* Display the start of the section */
echo " <TR bgcolor=\"$the_color\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>$section_title:</B></FONT></TD>\n"
. " <TD width=\"50%\">\n";
/* Don't display the password, for security reasons and all */
if ($section_title == "Password")
echo " <I>Password is hidden for security purposes.</I>\n";
else
echo " $section_value\n";
/* If it's the AIM section, then swap out the variables to make sure everything is okay */
if ($section_title == "AOL Instant Messenger")
$section_title = "aim";
else
$section_title = strtolower($section_title);
/* And, we're out */
echo " <INPUT type=\"hidden\" name=\"$section_title\" value=\"$section_value\">\n"
. " </TD>\n"
. " </TR>\n";
}
?>

871
content/scheme_admin.php Normal file
View file

@ -0,0 +1,871 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'Scheme Administration' page. *
* Don't forget the 12 space indent for all content pages. *
* *
* Last modified : September 24th, 2002 (JJS) *
\******************************************************************************/
/* Redirect possible hack attempts */
$file_name = "scheme_admin.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Grab the variables held by superglobals */
$old_name = GetVars("old_name");
$scheme_id = GetVars("scheme_id");
$scheme_name = GetVars("scheme_name");
$scheme_desc = GetVars("scheme_desc");
$background_color = GetVars("background_color");
$table_border_size = GetVars("table_border_size");
$table_border_color = GetVars("table_border_color");
$table_header_background = GetVars("table_header_background");
$table_header_text_color = GetVars("table_header_text_color");
$text_color = GetVars("text_color");
$text_font = GetVars("text_font");
$text_regular = GetVars("text_regular");
$text_small = GetVars("text_small");
$table_color_1 = GetVars("table_color_1");
$table_color_2 = GetVars("table_color_2");
$link_color = GetVars("link_color");
$error_message = GetVars("error_message");
$header_background = GetVars("header_background");
$menu_background = GetVars("menu_background");
$active_scheme = GetVars("active_scheme");
$forum_exists = GetVars("forum_exists");
$action = GetVars("action");
$step = GetVars("step");
$type = GetVars("type");
/* Parse any user input */
CheckVars(&$step, 1);
CheckVars(&$old_name, 64);
CheckVars(&$scheme_id, 10);
CheckVars(&$scheme_name, 64);
CheckVars(&$scheme_desc, 255);
CheckVars(&$background_color, 7);
CheckVars(&$table_border_size, 2);
CheckVars(&$table_border_color, 7);
CheckVars(&$table_header_background, 7);
CheckVars(&$table_header_text_color, 7);
CheckVars(&$text_color, 7);
CheckVars(&$text_font, 64);
CheckVars(&$text_regular, 2);
CheckVars(&$text_small, 2);
CheckVars(&$table_color_1, 7);
CheckVars(&$table_color_2, 7);
CheckVars(&$link_color, 7);
CheckVars(&$error_message, 7);
CheckVars(&$header_background, 7);
CheckVars(&$menu_background, 7);
CheckVars(&$active_scheme, 2);
/* Check that the user isn't trying to mess with the $step variable */
if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 && $step != 4 && $step != 5 && $step != 6 ) )
$step = 1;
/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */
if ( ( ( $scheme_name == "" ) && ( $step == 3 || $step == 4 ) ) ||
( ( $step == 1 && $QUERY_STRING != "pid=scheme_admin" ) ||
( $step == 2 && $QUERY_STRING != "pid=scheme_admin&step=2" ) ||
( $step == 3 && $QUERY_STRING != "pid=scheme_admin" ) ||
( $step == 4 && $QUERY_STRING != "pid=scheme_admin" ) ||
( $step == 5 && $QUERY_STRING != "pid=scheme_admin" ) ||
( $step == 6 && $QUERY_STRING != "pid=scheme_admin" ) ) ||
( ( $step != 1 && $step != 2 ) && ( strlen(trim($forum_name)) == 0 || strlen(trim($forum_desc)) == 0 ) ) )
{
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
$step = 1;
}
/* Determine which step to use */
if ($action == "Edit Scheme")
$step = 2;
else if ($action == "Edit")
{
$step = 2;
$type = "existing";
}
else if ($action == "Preview Information")
$step = 3;
else if ($action == "Submit Scheme")
$step = 4;
else if ($action == "Delete")
$step = 6;
/* If the user is submitting an existing forum for editting, then go to step 5 */
if ( $step == 4 && $type != "" )
$step = 5;
/* Strip out all escape characters */
/*
I'll unREM this eventually
if ($step == 2)
{
$forum_name = stripslashes(strip_tags($forum_name));
$forum_desc = stripslashes(strip_tags($forum_desc));
$old_name = stripslashes(strip_tags($old_name));
}
if ($step == 3)
{
$forum_name = stripslashes(strip_tags($forum_name));
$forum_desc = stripslashes(strip_tags($forum_desc));
$old_name = stripslashes(strip_tags($old_name));
}
*/
/* What to do, oh what to do ... */
switch ($step)
{
/* Show the forum list */
default:
case 1:
ShowSchemes();
break;
/* Display the new forum page */
case 2:
ShowSchemeForm( $scheme_id, $scheme_name, $scheme_desc, $background_color, $table_border_size, $table_border_color, $table_header_background, $table_header_text_color, $text_color, $text_font, $text_regular, $text_small, $table_color_1, $table_color_2, $link_color, $error_message, $header_background, $menu_background, $active_scheme, $type );
break;
/* Show preview */
case 3:
echo " <FORM action=\"?pid=scheme_admin\" method=\"POST\" name=\"scheme_admin\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR>\n"
. " <TD class=\"table_header\" colspan=\"2\">Forum Preview</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Scheme Name:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $scheme_name\n"
. " <INPUT type=\"hidden\" name=\"scheme_name\" value=\"$scheme_name\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Scheme Description:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $scheme_desc\n"
. " <INPUT type=\"hidden\" name=\"scheme_desc\" value=\"$scheme_desc\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Background Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\">\n"
. " <TR>\n"
. " <TD><TABLE bgcolor=\"$background_color\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD>\n"
. " <TD>&nbsp;$background_color</TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"background_color\" value=\"$background_color\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Table Border Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\">\n"
. " <TR>\n"
. " <TD><TABLE bgcolor=\"$table_border_color\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD>\n"
. " <TD>&nbsp;$table_border_color</TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"table_border_color\" value=\"$table_border_color\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Table Border Size:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $table_border_size\n"
. " <INPUT type=\"hidden\" name=\"table_border_size\" value=\"$table_border_size\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Header Background Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\">\n"
. " <TR>\n"
. " <TD><TABLE bgcolor=\"$header_background\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD>\n"
. " <TD>&nbsp;$header_background</TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"header_background\" value=\"$header_background\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Menu Background Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\">\n"
. " <TR>\n"
. " <TD><TABLE bgcolor=\"$menu_background\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD>\n"
. " <TD>&nbsp;$menu_background</TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"menu_background\" value=\"$menu_background\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Text Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\"><TR><TD><TABLE bgcolor=\"$text_color\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD><TD>&nbsp;$text_color</TD></TR></TABLE>\n"
. " <INPUT type=\"hidden\" name=\"text_color\" value=\"$text_color\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Font Face:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $text_font\n"
. " <INPUT type=\"hidden\" name=\"text_font\" value=\"$text_font\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Small Font Size:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $text_small\n"
. " <INPUT type=\"hidden\" name=\"text_small\" value=\"$text_small\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Regular Font Size:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $text_regular\n"
. " <INPUT type=\"hidden\" name=\"text_regular\" value=\"$text_regular\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Link Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\"><TR><TD><TABLE bgcolor=\"$link_color\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD><TD>&nbsp;$link_color</TD></TR></TABLE>\n"
. " <INPUT type=\"hidden\" name=\"link_color\" value=\"$link_color\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Table Header Background Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\"><TR><TD><TABLE bgcolor=\"$table_header_background\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD><TD>&nbsp;$table_header_background</TD></TR></TABLE>\n"
. " <INPUT type=\"hidden\" name=\"table_header_background\" value=\"$table_header_background\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Table Header Text Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\"><TR><TD><TABLE bgcolor=\"$table_header_text_color\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD><TD>&nbsp;$table_header_text_color</TD></TR></TABLE>\n"
. " <INPUT type=\"hidden\" name=\"table_header_text_color\" value=\"$table_header_text_color\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Alternating Table Color #1:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\"><TR><TD><TABLE bgcolor=\"$table_color_1\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD><TD>&nbsp;$table_color_1</TD></TR></TABLE>\n"
. " <INPUT type=\"hidden\" name=\"table_color_1\" value=\"$table_color_1\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Alternating Table Color #2:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\"><TR><TD><TABLE bgcolor=\"$table_color_2\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD><TD>&nbsp;$table_color_2</TD></TR></TABLE>\n"
. " <INPUT type=\"hidden\" name=\"table_color_2\" value=\"$table_color_2\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Error Message Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TABLE cellspacing=\"0\" cellpadding=\"0\" border=\"0\" class=\"regular_text\"><TR><TD><TABLE bgcolor=\"$error_message\" height=\"15\" width=\"15\" border=\"1\" bordercolor=\"#000000\" cellpadding=\"0\" cellspading=\"0\"><TR><TD></TD></TR></TABLE></TD><TD>&nbsp;$error_message</TD></TR></TABLE>\n"
. " <INPUT type=\"hidden\" name=\"error_message\" value=\"$error_message\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Active Scheme:</B></TD>\n"
. " <TD width=\"50%\"><I>";
/* Will this be the active scheme? */
if ($active_scheme == 1)
echo "This will be the active scheme.";
else
echo "This will not be the active scheme.";
/* Finish off the preview */
echo "</I><INPUT type=\"hidden\" name=\"active_scheme\" value=\"$active_scheme\">\n"
. " </TD>\n";
echo " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"scheme_id\" value=\"$scheme_id\">\n"
. " <INPUT type=\"hidden\" name=\"type\" value=\"$type\">\n"
. " <INPUT type=\"hidden\" name=\"old_name\" value=\"$old_name\">\n"
. " <CENTER><BR><INPUT type=\"submit\" value=\"Edit Scheme\" name=\"action\"> <INPUT type=\"submit\" value=\"Submit Scheme\" name=\"action\"></CENTER>\n"
. " </CENTER>\n"
. " </FORM>\n";
break;
/* Add the new scheme to the database */
case 4:
/* Make sure it was POSTed */
if ( $REQUEST_METHOD == "POST" )
{
/* No errors... yet */
$no_err = 0;
/* Pull the number of schemes with the same name */
$SQL = "SELECT COUNT(*) as scheme_exists FROM " . TABLE_PREFIX . "schemes WHERE scheme_name='$scheme_name';";
$results = ExeSQL($SQL);
/* Grab the data, and analyze it */
while ($row = mysql_fetch_array($results))
{
/* If the forum already exists ... */
if ($row["scheme_exists"] != 0)
{
/* Let the user know */
echo " <CENTER class=\"error_message\">A forum by that name already exists!</CENTER><BR>\n";
$no_err++;
}
}
/* If there were no errors, then keep going */
if ($no_err == 0)
{
/* Add the new scheme to the database */
$SQL = "INSERT INTO " . TABLE_PREFIX . "schemes (scheme_name, scheme_desc, background_color, table_border_color, table_border_size, header_background, menu_background, text_color, text_font, text_small, text_regular, link_color, table_header_background, table_header_text_color, table_color_1, table_color_2, error_message, active_scheme) VALUES ('$scheme_name', '$scheme_desc', '$background_color', '$table_border_color', '$table_border_size', '$header_background', '$menu_background', '$text_color', '$text_font', '$text_small', '$text_regular', '$link_color', '$table_header_background', '$table_header_text_color', '$table_color_1', '$table_color_2', '$error_message', '$active_scheme');";
$results = ExeSQL($SQL);
/* If this is supposed to be the active scheme ... */
if ($active_scheme == 1)
{
/* Set all the other schemes to inactive */
$SQL = "UPDATE " . TABLE_PREFIX . "schemes SET active_scheme='0' WHERE scheme_name!='$scheme_name';";
$results = ExeSQL($SQL);
}
/* Let the user know it went off w/o a hitch */
echo " <CENTER class=\"regular_text\">\n"
. " <FONT class=\"normal_message\">The new scheme has successfully been added!</FONT><BR>\n"
. " <A href=\"?pid=scheme_admin\">If you changed the active scheme, click here to update the page</A>\n"
. " </CENTER><BR>\n";
ShowSchemes();
return;
}
else
{
/* If there was a problem, then display the form again */
ShowSchemeForm( $scheme_id, $scheme_name, $scheme_desc, $background_color, $table_border_size, $table_border_color, $table_header_background, $table_header_text_color, $text_color, $text_font, $text_regular, $text_small, $table_color_1, $table_color_2, $link_color, $error_message, $header_background, $menu_background, $active_scheme, $type );
}
}
else
{
/* Same deal */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
ShowSchemeForm( $scheme_id, $scheme_name, $scheme_desc, $background_color, $table_border_size, $table_border_color, $table_header_background, $table_header_text_color, $text_color, $text_font, $text_regular, $text_small, $table_color_1, $table_color_2, $link_color, $error_message, $header_background, $menu_background, $active_scheme, $type );
}
break;
/* Update an existing scheme */
case 5:
/* Make sure the form is POSTed */
if ( $REQUEST_METHOD == "POST" )
{
/* No errors */
$no_err = 0;
/* If the old and new names don't match */
if ($scheme_name != $old_name)
{
/* Pull the number of schemes with the same name */
$SQL = "SELECT COUNT(*) as scheme_exists FROM " . TABLE_PREFIX . "schemes WHERE scheme_name='$scheme_name';";
$results = ExeSQL($SQL);
/* Grab the data, parse the results */
while ($row = mysql_fetch_array($results))
{
/* If the scheme name exists, then error out */
if ($row["scheme_exists"] != 0)
{
echo " <CENTER class=\"error_message\">A scheme by that name already exists!</CENTER><BR>\n";
$no_err++;
}
}
}
/* If there were no errors ... */
if ($no_err == 0)
{
/* Update the scheme in the database */
$SQL = "UPDATE " . TABLE_PREFIX . "schemes SET scheme_name='$scheme_name', scheme_desc='$scheme_desc', background_color='$background_color', table_border_color='$table_border_color', table_border_size='$table_border_size', header_background='$header_background', menu_background='$menu_background', text_color='$text_color', text_font='$text_font', text_small='$text_small', text_regular='$text_regular', link_color='$link_color', table_header_background='$table_header_background', table_header_text_color='$table_header_text_color', table_color_1='$table_color_1', table_color_2='$table_color_2', error_message='$error_message', active_scheme='$active_scheme' WHERE scheme_id='$scheme_id';";
$results = ExeSQL($SQL);
/* If this is supposed to be the active scheme */
if ($active_scheme == 1)
{
/* Then set the other schemes to inactive */
$SQL = "UPDATE " . TABLE_PREFIX . "schemes SET active_scheme='0' WHERE scheme_id!='$scheme_id';";
$results = ExeSQL($SQL);
}
/* Count how many active schemes there are */
$SQL = "SELECT COUNT(*) AS any_active FROM " . TABLE_PREFIX . "schemes WHERE active_scheme='1';";
$results = ExeSQL($SQL);
/* Grab the data and load it in a variable */
while ($row = mysql_fetch_array($results))
$any_active = $row["any_active"];
/* If there are no active schemes */
if ($any_active == 0)
{
/* Set the oldest scheme as active */
$SQL = "UPDATE " . TABLE_PREFIX . "schemes SET active_scheme='1' LIMIT 1;";
$results = ExeSQL($SQL);
}
/* Let the user know everything went well */
echo " <CENTER class=\"regular_text\">\n"
. " <FONT class=\"normal_message\">The forum has successfully been updated!</FONT><BR>\n"
. " <A href=\"?pid=scheme_admin\">If you changed the active scheme, click here to update the page</A>\n"
. " </CENTER><BR>\n";
ShowSchemes();
return;
}
else
ShowSchemeForm( $scheme_id, $scheme_name, $scheme_desc, $background_color, $table_border_size, $table_border_color, $table_header_background, $table_header_text_color, $text_color, $text_font, $text_regular, $text_small, $table_color_1, $table_color_2, $link_color, $error_message, $header_background, $menu_background, $active_scheme, $type );
}
else
{
/* If it wasn't POSTed, then error out */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
ShowSchemeForm( $scheme_id, $scheme_name, $scheme_desc, $background_color, $table_border_size, $table_border_color, $table_header_background, $table_header_text_color, $text_color, $text_font, $text_regular, $text_small, $table_color_1, $table_color_2, $link_color, $error_message, $header_background, $menu_background, $active_scheme, $type );
}
break;
/* Delete the selected scheme */
case 6:
/* Delete the scheme */
$SQL = "DELETE FROM " . TABLE_PREFIX . "schemes WHERE scheme_id='$scheme_id';";
$results = ExeSQL($SQL);
/* Check for active schemes */
$SQL = "SELECT COUNT(*) AS any_active FROM " . TABLE_PREFIX . "schemes WHERE active_scheme='1';";
$results = ExeSQL($SQL);
/* Grab the data, and load it in a variable */
while ($row = mysql_fetch_array($results))
$any_active = $row["any_active"];
/* If there are no active schemes ... */
if ($any_active == 0)
{
/* Set the oldest scheme as active */
$SQL = "UPDATE " . TABLE_PREFIX . "schemes SET active_scheme='1' WHERE scheme_name='default';";
$results = ExeSQL($SQL);
}
/* Let the user know what's up */
echo " <CENTER class=\"regular_text\">\n"
. " <FONT class=\"normal_message\">The scheme has successfully been removed!</FONT><BR>\n"
. " <A href=\"?pid=scheme_admin\">If you changed the active scheme, click here to update the page</A>\n"
. " </CENTER><BR>\n";
ShowSchemes();
return;
break;
}
/*
* Show the schemes that are currently in the database
*/
function
ShowSchemes()
{
/* Stop your yappin' and start showing the schemes */
echo " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">\n"
. " <TABLE cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\" class=\"table_header\">\n"
. " <TR>\n"
. " <TD>\n"
. " Scheme Administration&nbsp;\n"
. " </TD>\n"
. " <TD align=\"right\">\n"
. " [ <A href=\"?pid=scheme_admin&step=2\" class=\"table_header\">Add New Scheme</A> ]\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n"
. " </TR>\n";
/* Set the active color */
$the_color = TABLE_COLOR_2;
/* Pull the schemes */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "schemes ORDER BY scheme_id;";
$results = ExeSQL($SQL);
/* Grab the data, parse the results */
while ($row = mysql_fetch_array($results))
{
/* Load up all the variables */
$scheme_id = $row["scheme_id"];
$scheme_name = $row["scheme_name"];
$scheme_desc = $row["scheme_desc"];
$background_color = $row["background_color"];
$table_border_size = $row["table_border_size"];
$table_border_color = $row["table_border_color"];
$table_header_background = $row["table_header_background"];
$table_header_text_color = $row["table_header_text_color"];
$text_color = $row["text_color"];
$text_font = $row["text_font"];
$text_regular = $row["text_regular"];
$text_small = $row["text_small"];
$table_color_1 = $row["table_color_1"];
$table_color_2 = $row["table_color_2"];
$link_color = $row["link_color"];
$error_message = $row["error_message"];
$header_background = $row["header_background"];
$menu_background = $row["menu_background"];
$active_scheme = $row["active_scheme"];
/* Swap the colors */
if ($the_color == TABLE_COLOR_2)
$the_color = TABLE_COLOR_1;
else
$the_color = TABLE_COLOR_2;
/* Keep showing the data */
echo " <TR bgcolor=\"$the_color\">\n"
. " <TD>\n"
. " <TABLE cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n"
. " <TR>\n"
. " <TD valign=\"top\"width=\"400\">\n"
. " <FONT class=\"regular_text\">";
/* If the current scheme is active, then bold the name */
if ($active_scheme != 1)
echo "<A href=\"?preview_scheme=$scheme_id\" target=\"new\">$scheme_name</A>";
else
echo "<B><A href=\"?preview_scheme=$scheme_id\" target=\"new\">$scheme_name</A></B>";
/* Finish displaying */
echo "</FONT><BR>\n"
. " <FONT class=\"small_text\">$scheme_desc</FONT><BR>\n"
. " </TD>\n";
/*
I couldn't get this shit to look right, so it's been replaced... I think this code might get resurrected someday, hence why it's still here!!
echo " <TD align=\"center\" valign=\"top\">\n"
. " <TABLE border class=\"table_border\" bgcolor=\"$background_color\" cellspacing=\"0\" cellpadding=\"10\" width=\"200\" height=\"150\">\n"
. " <TR>\n"
. " <TD align=\"center\" valign=\"middle\">\n"
. " <FONT face=\"$text_font\" color=\"$error_message\" style=\"font-size: $text_regular;\"><B>error message</B></FONT>\n"
. " <TABLE width=\"100%\" border=\"$table_border_size=\" bordercolor=\"$table_border_color\" cellspacing=\"0\" cellpadding=\"5\">\n"
. " <TR bgcolor=\"$table_header_background\">\n"
. " <TD><FONT face=\"$text_font\" style=\"font-size: $text_small; color=\"$table_header_text_color;\"><B>table header</B></FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"$table_color_1\">\n"
. " <TD><FONT face=\"$text_font\" color=\"$text_color\" style=\"font-size: $text_regular;\">regular text...</FONT></TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"$table_color_2\">\n"
. " <TD>\n"
. " <A href=\"\"><FONT face=\"$text_font\" color=\"$link_color\" style=\"font-size: $text_regular;\">linkage...</FONT></A>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <FONT face=\"$text_font\" color=\"$normal_message\" style=\"font-size: $text_regular;\"><B>normal message</B></FONT>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n";
*/
/* Throw all the properties into hidden fields */
echo " <TD align=\"right\" valign=\"top\" nowrap>\n"
. " <FORM action=\"?pid=scheme_admin\" method=\"POST\">\n"
. " <INPUT type=\"hidden\" name=\"scheme_id\" value=\"$scheme_id\">\n"
. " <INPUT type=\"hidden\" name=\"scheme_name\" value=\"$scheme_name\">\n"
. " <INPUT type=\"hidden\" name=\"scheme_desc\" value=\"$scheme_desc\">\n"
. " <INPUT type=\"hidden\" name=\"background_color\" value=\"$background_color\">\n"
. " <INPUT type=\"hidden\" name=\"table_border_size\" value=\"$table_border_size\">\n"
. " <INPUT type=\"hidden\" name=\"table_border_color\" value=\"$table_border_color\">\n"
. " <INPUT type=\"hidden\" name=\"table_header_background\" value=\"$table_header_background\">\n"
. " <INPUT type=\"hidden\" name=\"table_header_text_color\" value=\"$table_header_text_color\">\n"
. " <INPUT type=\"hidden\" name=\"text_color\" value=\"$text_color\">\n"
. " <INPUT type=\"hidden\" name=\"text_font\" value=\"$text_font\">\n"
. " <INPUT type=\"hidden\" name=\"text_regular\" value=\"$text_regular\">\n"
. " <INPUT type=\"hidden\" name=\"text_small\" value=\"$text_small\">\n"
. " <INPUT type=\"hidden\" name=\"table_color_1\" value=\"$table_color_1\">\n"
. " <INPUT type=\"hidden\" name=\"table_color_2\" value=\"$table_color_2\">\n"
. " <INPUT type=\"hidden\" name=\"link_color\" value=\"$link_color\">\n"
. " <INPUT type=\"hidden\" name=\"error_message\" value=\"$error_message\">\n"
. " <INPUT type=\"hidden\" name=\"header_background\" value=\"$header_background\">\n"
. " <INPUT type=\"hidden\" name=\"menu_background\" value=\"$menu_background\">\n"
. " <INPUT type=\"hidden\" name=\"active_scheme\" value=\"$active_scheme\">\n"
. " <INPUT type=\"submit\" name=\"action\" value=\"Edit\">\n"
. " <INPUT type=\"submit\" name=\"action\" value=\"Delete\" onClick=\"return Confirm('Are you sure you want to delete this scheme?');\">\n"
. " </FORM>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n"
. " </TR>\n";
}
/* Close off the table */
echo " </TABLE>\n";
}
/*
* Show the form to edit the scheme
*/
function
ShowSchemeForm( $scheme_id, $scheme_name, $scheme_desc, $background_color, $table_border_size, $table_border_color, $table_header_background, $table_header_text_color, $text_color, $text_font, $text_regular, $text_small, $table_color_1, $table_color_2, $link_color, $error_message, $header_background, $menu_background, $active_scheme, $type )
{
echo " <SCRIPT language=\"JavaScript\">\n"
. " function\n"
. " CheckForm()\n"
. " {\n"
. " if (document.scheme_admin.scheme_name.value == '')\n"
. " {\n"
. " alert('The \'Scheme Name\' field is mandatory!');\n"
. " document.scheme_admin.scheme_name.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.scheme_desc.value == '')\n"
. " {\n"
. " alert('The \'Scheme Description\' field is mandatory!');\n"
. " document.scheme_admin.scheme_desc.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.background_color.value == '')\n"
. " {\n"
. " alert('The \'Background Color\' field is mandatory!');\n"
. " document.scheme_admin.background_color.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.table_border_color.value == '')\n"
. " {\n"
. " alert('The \'Table Border Color\' field is mandatory!');\n"
. " document.scheme_admin.table_border_color.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.table_border_size.value == '')\n"
. " {\n"
. " alert('The \'Table Border Size\' field is mandatory!');\n"
. " document.scheme_admin.table_border_size.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.header_background.value == '')\n"
. " {\n"
. " alert('The \'Header Background Color\' field is mandatory!');\n"
. " document.scheme_admin.header_background.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.menu_background.value == '')\n"
. " {\n"
. " alert('The \'Menu Background Color\' field is mandatory!');\n"
. " document.scheme_admin.menu_background.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.text_color.value == '')\n"
. " {\n"
. " alert('The \'Text Color\' field is mandatory!');\n"
. " document.scheme_admin.text_color.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.text_font.value == '')\n"
. " {\n"
. " alert('The \'Font Face\' field is mandatory!');\n"
. " document.scheme_admin.text_font.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.text_small.value == '')\n"
. " {\n"
. " alert('The \'Small Font Size\' field is mandatory!');\n"
. " document.scheme_admin.text_small.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.text_regular.value == '')\n"
. " {\n"
. " alert('The \'Regular Font Size\' field is mandatory!');\n"
. " document.scheme_admin.text_regular.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.link_color.value == '')\n"
. " {\n"
. " alert('The \'Link Color\' field is mandatory!');\n"
. " document.scheme_admin.link_color.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.table_header_background.value == '')\n"
. " {\n"
. " alert('The \'Table Header Background Color\' field is mandatory!');\n"
. " document.scheme_admin.table_header_background.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.table_header_text_color.value == '')\n"
. " {\n"
. " alert('The \'Table Header Text Color\' field is mandatory!');\n"
. " document.scheme_admin.table_header_text_color.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.table_color_1.value == '')\n"
. " {\n"
. " alert('The \'Alternating Table Color #1\' field is mandatory!');\n"
. " document.scheme_admin.table_color_1.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.table_color_2.value == '')\n"
. " {\n"
. " alert('The \'Alternating Table Color #2\' field is mandatory!');\n"
. " document.scheme_admin.table_color_2.focus();\n"
. " return false;\n"
. " }\n"
. " if (document.scheme_admin.error_message.value == '')\n"
. " {\n"
. " alert('The \'Error Message Color\' field is mandatory!');\n"
. " document.scheme_admin.error_message.focus();\n"
. " return false;\n"
. " }\n"
. " return true;\n"
. " }\n"
. " </SCRIPT>\n"
. " <FORM action=\"?pid=scheme_admin\" method=\"POST\" name=\"scheme_admin\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\"><TD colspan=\"2\">Scheme Administration</TD></TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Scheme Name:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"scheme_name\" value=\"$scheme_name\" size=\"50\" maxlength=\"64\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Scheme Description:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <TEXTAREA name=\"scheme_desc\" rows=\"5\" cols=\"40\">$scheme_desc</TEXTAREA>\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Background Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"background_color\" value=\"$background_color\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Table Border Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"table_border_color\" value=\"$table_border_color\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Table Border Size:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"table_border_size\" value=\"$table_border_size\" size=\"4\" maxlength=\"2\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Header Background Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"header_background\" value=\"$header_background\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Menu Background Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"menu_background\" value=\"$menu_background\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Text Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"text_color\" value=\"$text_color\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Font Face:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"text_font\" value=\"$text_font\" size=\"50\" maxlength=\"64\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Small Font Size:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"text_small\" value=\"$text_small\" size=\"4\" maxlength=\"2\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Regular Font Size:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"text_regular\" value=\"$text_regular\" size=\"4\" maxlength=\"2\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Link Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"link_color\" value=\"$link_color\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Table Header Background Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"table_header_background\" value=\"$table_header_background\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Table Header Text Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"table_header_text_color\" value=\"$table_header_text_color\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Alternating Table Color #1:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"table_color_1\" value=\"$table_color_1\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Alternating Table Color #2:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"table_color_2\" value=\"$table_color_2\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Error Message Color:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " <INPUT type=\"text\" name=\"error_message\" value=\"$error_message\" size=\"10\" maxlength=\"7\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Active Scheme:</B></TD>\n"
. " <TD width=\"50%\">\n";
/* If it's the active scheme, then put a check in the box */
if ($active_scheme == 1)
$checked = " checked";
else
$checked = "";
/* An finish off displaying the page */
echo " <INPUT type=\"checkbox\" name=\"active_scheme\" value=\"1\"$checked> Scheme is active?\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"scheme_id\" value=\"$scheme_id\">\n"
. " <INPUT type=\"hidden\" name=\"type\" value=\"$type\">\n"
. " <INPUT type=\"hidden\" name=\"old_name\" value=\"$scheme_name\">\n"
. " <CENTER><BR><INPUT type=\"submit\" value=\"Preview Information\" name=\"action\" onClick=\"return CheckForm();\"></CENTER>\n"
. " </FORM>\n";
}
?>

1090
content/user_admin.php Normal file
View file

File diff suppressed because it is too large Load diff

267
content/view_forums.php Normal file
View file

@ -0,0 +1,267 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'View Forums' page. Don't *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 21st, 2002 (JJS) *
\******************************************************************************/
/* Deter hackers */
$file_name = "view_forums.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Pull the total number of users */
$SQL = "SELECT COUNT(*) as total_users FROM " . TABLE_PREFIX . "users;";
$results = ExeSQL($SQL);
/* Start off the table to divide everything */
echo " <TABLE border=\"0\" width=\"100%\">\n"
. " <TR class=\"small_text\">\n"
. " <TD>\n";
/* Grab the data, and display it */
while ($row = mysql_fetch_array($results))
echo " Registered Members: <B>" . $row["total_users"] . "</B><BR>\n";
/* Start the number of posts at zero */
$total_posts = 0;
/* Pull the total number of threads */
$SQL = "SELECT COUNT(*) AS total_posts FROM " . TABLE_PREFIX . "threads;";
$results = ExeSQL($SQL);
/* Grab the data and load it in a variable */
while ($row = mysql_fetch_array($results))
$total_posts = $row["total_posts"];
/* Pull the total number of replies */
$SQL = "SELECT COUNT(*) AS total_posts FROM " . TABLE_PREFIX . "replies;";
$results = ExeSQL($SQL);
/* Grab the data, and load it in a variable */
while ($row = mysql_fetch_array($results))
$total_posts = $total_posts + $row["total_posts"];
/* Display the total number of posts */
echo " Total Posts: <B>$total_posts</B><BR>\n";
/* Pull the most recent user added to the database */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "users ORDER BY user_id DESC LIMIT 1;";
$results = ExeSQL($SQL);
/* Grab the data, and throw it on the screen */
while ($row = mysql_fetch_array($results))
echo " Welcome to our newest member, <B><A href=\"?pid=view_profile&user=" . $row["user_name"] . "\">" . $row["user_name"] . "</A></B>.<P>\n";
/* Show the current date / time, then close out the table */
echo " </TD>\n"
. " <TD align=\"right\" valign=\"bottom\">\n"
. " " . date("l, F jS, Y\<\B\R\>g:i:s A T") . "\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n";
/* Pull the forum list */
$SQL = "SELECT DISTINCT(forum_id) FROM " . TABLE_PREFIX . "forums;";
$results = ExeSQL($SQL);
/* Grab the data, and load it in an array */
while ($row = mysql_fetch_array($results))
$forum_list[] = $row["forum_id"];
/* Loop through the forum list and count the number of threads and replies, loading both into their respective arrays */
for ( $i = 0; $i < count($forum_list); $i++ )
{
/* Set the current forum in the loop */
$current_forum = $forum_list[$i];
/* Pull the total number of threads for the forum */
$SQL = "SELECT COUNT(*) AS total_threads FROM " . TABLE_PREFIX . "threads WHERE forum_id='$current_forum';";
$results = ExeSQL($SQL);
/* Grab the data, and load it in an array */
while ($row = mysql_fetch_array($results))
$total_threads[] = $row["total_threads"];
/* Pull the total number of replies for the forum */
$SQL = "SELECT COUNT(*) AS total_replies FROM " . TABLE_PREFIX . "replies WHERE forum_id='$current_forum';";
$results = ExeSQL($SQL);
/* Grab the data, and load it in an array */
while ($row = mysql_fetch_array($results))
$total_replies[] = $row["total_replies"];
}
/* Build the HTML table (column headings) */
echo " <TABLE cellspacing=\"0\" cellpadding=\"5\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD>Forum</TD>\n"
. " <TD align=\"center\" width=\"1\">Threads</TD>\n"
. " <TD align=\"center\" width=\"1\">Replies</TD>\n"
. " <TD align=\"center\" width=\"\" nowrap>Latest Post</TD>\n"
. " <TD align=\"center\" width=\"\">Moderator</TD>\n"
. " </TR>\n";
/* Pull each forum name in alpabetical order */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "forums ORDER BY forum_order, forum_name;";
$results = ExeSQL($SQL);
/* Grab the data, do crap to it and and display it in the table */
while ($row = mysql_fetch_array($results))
{
/* Determine how many posts there are for that forum */
$forum_key = array_search($row["forum_id"], $forum_list);
$all_threads = $total_threads[$forum_key];
$all_replies = $total_replies[$forum_key];
/* If there are no posts, then just set the value to "--" instead of "0" which I find unpleasant to the eye */
if ( $all_threads == "" || $all_threads == 0 )
$all_threads = "--";
/* If there are no posts, then just set the value to "--" instead of "0" which I find unpleasant to the eye */
if ( $all_replies == "" || $all_replies == 0 )
$all_replies = "--";
/* Null out these variables */
$moderator_id = "";
$moderators = "";
/* Grab the moderators */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "moderators WHERE forum_id=" . $row["forum_id"] . ";";
$results2 = ExeSQL($SQL);
/* Give the arrays default values */
$moderator_id[] = "";
//$moderators[] = "";
/* Grab the data, and add it to an array */
while ($row2 = mysql_fetch_array($results2))
$moderator_id[] = $row2["user_id"];
/* Loop through the array */
for ( $i = 0; $i < sizeof($moderator_id); $i++ )
{
/* Grab the moderators */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_id='" . $moderator_id[$i] . "';";
$results2 = ExeSQL($SQL);
/* Grab the data, and add it to an array */
while ($row2 = mysql_fetch_array($results2))
$moderators[] = $row2["user_name"];
}
/* Clear out the variables before we determine the most recent post for the forum */
$latest_post = "";
$latest_user = "";
$thread_time = "";
$thread_user = "";
$reply_time = "";
$reply_user = "";
/* Grab the most recent thread */
$SQL = "SELECT *, DATE_FORMAT(thread_time, '%W, %M %e, %Y<BR>%r') AS nice_time FROM " . TABLE_PREFIX . "threads WHERE forum_id=" . $row["forum_id"] . " ORDER BY thread_id DESC LIMIT 1 ;";
$results2 = ExeSQL($SQL);
/* Grab the data, and add it to variables */
while ($row2 = mysql_fetch_array($results2))
{
$thread_time = $row2["nice_time"];
$thread_user = $row2["user_id"];
}
/* Grab the most recent replies */
$SQL = "SELECT *, DATE_FORMAT(reply_time, '%W, %M %e, %Y<BR>%r') AS nice_time FROM " . TABLE_PREFIX . "replies WHERE forum_id=" . $row["forum_id"] . " ORDER BY reply_id DESC LIMIT 1 ;";
$results2 = ExeSQL($SQL);
/* Grab the data, and load it into variables */
while ($row2 = mysql_fetch_array($results2))
{
$reply_time = $row2["nice_time"];
$reply_user = $row2["user_id"];
}
/* If the thread is more recent than the reply */
if ($thread_time > $reply_time)
{
/* Set the thread as the most recent */
$latest_post = $thread_time;
$latest_user = $thread_user;
}
else
{
/* Set the reply as the most recent */
$latest_post = $reply_time;
$latest_user = $reply_user;
}
/* Grab the most recent user */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_id='" . $latest_user . "';";
$results2 = ExeSQL($SQL);
/* Grab the data, and load it in a variable */
while ($row2 = mysql_fetch_array($results2))
$latest_user = $row2["user_name"];
/* Display more stuff on the screen */
echo " <TR>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_1 . "\"><FONT class=\"regular_text\"><A href=\"?pid=view_threads&forum_id=" . $row["forum_id"] . "\">" . $row["forum_name"] . "</A></FONT><BR><FONT class=\"small_text\">" . $row["forum_desc"] . "</FONT></TD>\n"
. " <TD align=\"center\" valign=\"middle\" bgcolor=\"" . TABLE_COLOR_2 . "\">\n"
. " <FONT class=\"regular_text\">" . $all_threads . "</FONT>\n"
. " </TD>\n"
. " <TD align=\"center\" valign=\"middle\" bgcolor=\"" . TABLE_COLOR_1 . "\">\n"
. " <FONT class=\"regular_text\">" . $all_replies . "</FONT>\n"
. " </TD>\n"
. " <TD valign=\"middle\" align=\"center\" bgcolor=\"" . TABLE_COLOR_2 . "\" nowrap>\n";
/* If the latest post exists then display it */
if ($latest_post != "")
echo " <FONT class=\"small_text\">$latest_post by <B><A href=\"?pid=view_profile&user=$latest_user\">$latest_user</A></B></FONT><BR>\n";
else
echo " <FONT class=\"regular_text\">--</FONT>\n";
/* Finish off this section */
echo " </TD>\n"
. " <TD align=\"center\" valign=\"middle\" bgcolor=\"" . TABLE_COLOR_1 . "\" width=\"150\">\n"
. " <FONT class=\"small_text\">";
/* If there are moderators then show them */
if (@isset($moderators[0]))
{
/* Sort the list in alphabetical order */
sort($moderators);
/* Sort through the array */
for ( $i = 0; $i < sizeof($moderators); $i++ )
{
/* Display the moderators */
echo "<A href=\"?pid=view_profile&user={$moderators[$i]}\">{$moderators[$i]}</A>";
/* Comma deliminate them */
if ($i != (sizeof($moderators)) - 1)
echo ", ";
}
/* Throw in a line break for good measure */
echo "<BR>";
}
else
echo "<FONT class=\"regular_text\">--</FONT>";
/* Finish off this page! */
echo " </FONT>\n"
. " </TD>\n"
. " </TR>\n";
}
echo " </TABLE>\n";
?>

44
content/view_message.php Normal file
View file

@ -0,0 +1,44 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'View Message' page. Don't *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 24th, 2002 (JJS) *
\******************************************************************************/
/* Redirect the person if they call this file directly */
$file_name = "view_message.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Pull the named message */
if ($message == "faq")
{
require("./language/faq.php");
$message_name = FAQ_TITLE;
$message_body = FREQUENTLY_ASKED_QUESTIONS;
}
else
header("Location: ../index.php");
/* Display the message */
echo " <TABLE cellspacing=\"0\" cellpadding=\"5\" width=\"100%\" border class=\"table_border\">\n"
. " <TR>\n"
. " <TD class=\"table_header\">$message_name</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\">\n"
. " <TD class=\"regular_text\">\n"
. " $message_body\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n";
?>

191
content/view_profile.php Normal file
View file

@ -0,0 +1,191 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'View Profile' page. Don't *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 24th, 2002 (JJS) *
\******************************************************************************/
/* Stop all direct access to this file!!! */
$file_name = "view_profile.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Grab the veriables held by superglobals */
$user = $_GET['user'];
/* Parse any user input */
CheckVars(&$user, 64);
/* Pull the number of accounts with the specified username */
$SQL = "SELECT COUNT(*) AS user_exists FROM " . TABLE_PREFIX . "users WHERE user_name='$user';";
$results = ExeSQL($SQL);
/* Grab the data and add it to a variable */
while ($row = mysql_fetch_array($results))
$user_exists = $row["user_exists"];
/* If the user doesn't exist then ... */
if ($user_exists == 0)
{
/* Let the user know what's up, then redirect to the view forums page */
echo " <CENTER class=\"normal_message\">Sorry, there are no users by that name!</CENTER><BR><BR>\n";
require("view_forums.php");
}
else
{
/* Pull the information for the specified username */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_name='$user';";
$results = ExeSQL($SQL);
/* Grab the data, and add it to variables */
while ($row = mysql_fetch_array($results))
{
$username = $row["user_name"];
$email = $row["user_email"];
$location = $row["user_location"];
$occupation = $row["user_occupation"];
$homepage = $row["user_homepage"];
$picture = $row["user_picture"];
$interests = $row["user_interests"];
$aim = $row["user_aim"];
$icq = $row["user_icq"];
$yahoo = $row["user_yahoo"];
}
/* Display the table header */
echo " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">$username's Profile</TD>\n"
. " </TR>\n";
/* Set the active color to the second color */
$the_color = TABLE_COLOR_2;
/* Preview the email section */
PreviewSection ( $email, "Email", &$the_color );
/* If the location isn't NULL, then preview it */
if ( $location != "" )
PreviewSection( $location, "Location", &$the_color );
/* same with the occupation */
if ( $occupation != "" )
PreviewSection( $occupation, "Occupation", &$the_color );
/* and the homepage */
if ( $homepage != "" && $homepage != "http://" )
PreviewSection( $homepage, "Homepage", &$the_color );
/* AND the picture */
if ( $picture != "" && $picture != "http://" )
PreviewSection ( $picture, "Picture", &$the_color );
/* Can't forget the interests */
if ( $interests != "" )
PreviewSection ( $interests, "Interests", &$the_color );
/* And of course, the AIM name */
if ( $aim != "" )
PreviewSection ( $aim, "AOL Instant Messenger", &$the_color );
/* Along with the ICQ UIN */
if ( $icq != "" )
PreviewSection ( $icq, "ICQ", &$the_color );
/* And last, and IMHO least, the Yahoo! Pager */
if ( $yahoo != "" )
PreviewSection ( $yahoo, "Yahoo Pager", &$the_color );
/* Close out the fuggin' table */
echo " </TABLE>\n";
}
/*
* This function lets you preview sections, and
* kills a lot of repetative, and messy code
*/
function
PreviewSection ( $section_value, $section_title, $the_color )
{
/* Swap the colors */
if ($the_color == TABLE_COLOR_1)
$the_color = TABLE_COLOR_2;
else
$the_color = TABLE_COLOR_1;
/* Display the section name */
echo " <TR bgcolor=\"$the_color\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>$section_title:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " ";
/* Jump to the section for the appropriate section */
switch ($section_title)
{
/* Email section */
case "Email":
echo "<A href=\"mailto:$section_value\">$section_value</A>";
break;
/* Homepage section */
case "Homepage":
echo "<A href=\"$section_value\" target=\"_blank\">$section_value</A>";
break;
/* AIM Section*/
case "AOL Instant Messenger":
echo "$section_value ";
$section_value = str_replace(" ", "", $section_value);
/* Add the cool links instead of just the AIM name */
echo "(<A href=\"aim:addbuddy?screenname=$section_value\">Add Buddy</A>, <A href=\"aim:goim?screenname=$section_value&message=\">Send Message</A>)";
break;
/* Picture section */
case "Picture":
/* Grab the image size */
$profile_img = @getimagesize($section_value);
/* Set the caption */
$image_caption = "Image size";
/* If the width is larger than 320, then rectify the situation */
if ($profile_img[0] > 320)
$profile_img[0] = 320;
/* Same with the height, but set it to 240 */
if ($profile_img[1] > 240)
$profile_img[1] = 240;
/* If height's larger, then use the height, width larger, then use the width */
if ($profile_img[0] > $profile_img[1])
$scale_img = "height=\"$profile_img[1]\"";
else
$scale_img = "width=\"$profile_img[0]\"";
/* Show the image!! */
echo " <TABLE cellspacing=\"0\" cellpadding=\"0\" border class=\"table_border\"><TR><TD><A href=\"$section_value\" target=\"_blank\"><IMG src=\"$section_value\" $scale_img border=\"0\"></A></TD></TR></TABLE>\n";
break;
/* Not specified, then just display the value */
default:
echo "$section_value";
break;
}
/* Finish it off */
echo "</FONT>\n"
. " </TD>\n"
. " </TR>\n";
}
?>

300
content/view_replies.php Normal file
View file

@ -0,0 +1,300 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'View Replies' page. Don't *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 13th, 2002 (JJS) *
\******************************************************************************/
/* srekcah eb-dluow yna pu kcuF */
$file_name = "view_forums.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Assign a value to the array, so it doesn't freak out is the user is an admin, but not a moderator */
$moderated_forums[] = "0";
/* Pull the list of forums this user is a moderator for */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "moderators WHERE user_id='$user_id';";
$results = ExeSQL($SQL);
/* Grab the data and load it in an array */
while ($row = mysql_fetch_array($results))
$moderated_forums[] = $row["forum_id"];
/* Pull the forum id list from the database */
$SQL = "SELECT forum_id FROM " . TABLE_PREFIX . "forums;";
$results = ExeSQL($SQL);
/* Grab the data and load it into an array */
while ($row = mysql_fetch_array($results))
$forum_list[] = $row["forum_id"];
/* Pull the thread id list from the database */
$SQL = "SELECT thread_id FROM " . TABLE_PREFIX . "threads;";
$results = ExeSQL($SQL);
/* Grab the data and load it into an array */
while ($row = mysql_fetch_array($results))
$thread_list[] = $row["thread_id"];
/* If the forum doesn't exist, then halt */
if ( !in_array($forum_id, $forum_list) || !in_array($thread_id, $thread_list) )
{
echo " <CENTER class=\"error_message\"><B>Malformed request detected!</CENTER>
<BR>\n";
require ("./content/view_forums.php");
return;
}
/* Start off the table */
echo " <TABLE width=\"100%\" cellpadding=\"0\" cellspacing=\"0\">\n"
. " <TR>\n";
/* Pull the forum name from the database */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "forums WHERE forum_id='$forum_id';";
$results = ExeSQL($SQL);
/* Grab the data and print it on the screen */
while ($row = mysql_fetch_array($results))
echo " <TD class=\"regular_text\"><A href=\"?pid=view_forums\">" . BOARD_NAME . "</A> > <A href=\"?pid=view_threads&forum_id=" . $row["forum_id"] . "\">" . $row["forum_name"] . "</A> > ";
/* Pull the thread name from the database */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "threads WHERE thread_id=$thread_id;";
$results = ExeSQL($SQL);
/* Grab the data and throw it on the screen */
while ($row = mysql_fetch_array($results))
echo " " . $row["thread_title"] . "</TD>\n";
/* Add some options for the user */
echo " <TD align=\"right\" class=\"regular_text\"><A href=\"?pid=post_thread&forum_id=$forum_id\">Post New Thread</A> | <A href=\"?pid=post_reply&thread_id=$thread_id&forum_id=$forum_id\">Post Reply</A></TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <BR>\n";
/* Pull each thread name from the database */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "threads WHERE thread_id='$thread_id';";
$results = ExeSQL($SQL);
/* Grab the data and load it into a variable */
while ($row = mysql_fetch_array($results))
$thread_topic = $row["thread_title"];
/* Build the HTML table (column headings) */
echo " <TABLE cellspacing=\"0\" cellpadding=\"5\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD width=\"150\">Author</TD>\n"
. " <TD width=\"100%\">Thread: $thread_topic</TD>\n"
. " </TR>\n";
/* Pull the requested thread */
$SQL = "SELECT *, DATE_FORMAT(thread_time, '%W, %M %e, %Y %r') AS nice_time FROM " . TABLE_PREFIX . "threads WHERE thread_id='$thread_id' ORDER BY thread_title;";
$results = ExeSQL($SQL);
/* Grab the data, and parse it out and do some other shit too! */
while ($row = mysql_fetch_array($results))
{
/* Pull each user name from the database */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_id='" . $row["user_id"] . "';";
$results2 = ExeSQL($SQL);
/* Grab the data and load it into an array */
while ($row2 = mysql_fetch_array($results2))
{
$user_name = $row2["user_name"];
$user_location = $row2["user_location"];
}
/* Pull the total number of threads from the database */
$SQL = "SELECT COUNT(*) AS total_posts FROM " . TABLE_PREFIX . "threads WHERE user_id='" . $row["user_id"] . "';";
$results2 = ExeSQL($SQL);
/* Grab the data and load it into a variable */
while ($row2 = mysql_fetch_array($results2))
$total_posts = $row2["total_posts"];
/* Pull the total number of replies from the database */
$SQL = "SELECT COUNT(*) AS total_posts FROM " . TABLE_PREFIX . "replies WHERE user_id='" . $row["user_id"] . "';";
$results2 = ExeSQL($SQL);
/* Grab the data and load it into a variable */
while ($row2 = mysql_fetch_array($results2))
$total_posts = $total_posts + $row2["total_posts"];
echo " <TR>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_2 . "\" width=\"200\" valign=\"top\" nowrap>\n"
. " <FONT class=\"regular_text\"><B><A href=\"?pid=view_profile&user=$user_name\">$user_name</A></B></FONT><BR><BR>\n"
. " <FONT class=\"small_text\">\n"
. " Total Posts: $total_posts<BR>\n";
/* Show the user the tree of where they are located */
if ($user_location != "") { echo " Location: $user_location<BR>\n"; }
/* Display more of the table */
echo " </FONT>\n"
. " </TD>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_2 . "\" width=\"100%\" valign=\"top\">\n"
. " <FONT class=\"small_text\">Posted " . $row["nice_time"] . "</FONT>\n"
. " <HR>\n"
. " <FONT class=\"regular_text\">\n"
. " " . $row["thread_body"] . "\n"
. " </FONT>\n";
/* If the user is a moderator or an admin then ... */
if ( ( $is_moderator != 0 && in_array($forum_id, $moderated_forums) ) || $is_admin != 0 )
{
/* Pull each user ip from the database */
$SQL = "SELECT user_ip FROM " . TABLE_PREFIX . "threads WHERE thread_id=" . $row["thread_id"] . ";";
$results2 = ExeSQL($SQL);
/* Grab the data and load it int a variable */
while ($row2 = mysql_fetch_array($results2))
$user_ip = $row2["user_ip"];
/* Display the start of the mod / admin options */
echo " <HR>\n"
. " <TABLE width=\"100%\" cellspacing=\"0\" cellpadding=\"0\">\n"
. " <TR class=\"small_text\">\n";
/* Is the user a mod or an admin? */
if ($is_admin == 0)
$which = "mod";
else
$which = "admin";
/* Display the form */
echo " <FORM action=\"index.php\" method=\"POST\" name=\"" . $which . "_tools\">\n"
. " <TD>\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n";
/* Check if the value is set */
if (isset($row["reply_id"]))
echo " <INPUT type=\"hidden\" name=\"reply_id\" value=\"" . $row["reply_id"] . "\">\n";
/* Keep on truckin' */
echo " <INPUT type=\"hidden\" name=\"thread_id\" value=\"" . $row["thread_id"] . "\">\n"
. " <INPUT type=\"submit\" name=\"" . $which . "_action\" value=\"Delete Entire Thread\" onClick=\"return Confirm('Are you sure you want to delete this thread, and all of the associated replies?');\">\n"
. " </TD>\n"
. " <TD align=\"right\">\n"
. " <B>IP:</B> " . $user_ip . "\n"
. " </TD>\n"
. " </FORM>\n"
. " </TR>\n"
. " </TABLE>\n";
}
/* Close off the section */
echo " </TD>\n"
. " </TR>\n";
}
/* Pull each reply in reverse time order */
$SQL = "SELECT *, DATE_FORMAT(reply_time, '%W, %M %e, %Y %r') AS nice_time FROM " . TABLE_PREFIX . "replies WHERE thread_id='$thread_id' ORDER BY reply_time;";
$results = ExeSQL($SQL);
/* Grab the data, and display it in the table */
while ($row = mysql_fetch_array($results))
{
/* Pull each user name from the database */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_id='" . $row["user_id"] . "';";
$results2 = ExeSQL($SQL);
/* Grab the data and load it into variables */
while ($row2 = mysql_fetch_array($results2))
{
$user_name = $row2["user_name"];
$user_location = $row2["user_location"];
}
/* Pull the total number of posts */
$SQL = "SELECT COUNT(*) AS total_posts FROM " . TABLE_PREFIX . "threads WHERE user_id='" . $row["user_id"] . "';";
$results2 = ExeSQL($SQL);
/* Grab the data and load it into a variable */
while ($row2 = mysql_fetch_array($results2))
$total_posts = $row2["total_posts"];
/* Pull the total number of replies */
$SQL = "SELECT COUNT(*) AS total_posts FROM " . TABLE_PREFIX . "replies WHERE user_id='" . $row["user_id"] . "';";
$results2 = ExeSQL($SQL);
/* Grab the data and load it into a variable */
while ($row2 = mysql_fetch_array($results2))
$total_posts = $total_posts + $row2["total_posts"];
/* Display the user info */
echo " <TR>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_1 . "\" width=\"150\" valign=\"top\" nowrap>\n"
. " <FONT class=\"regular_text\"><B><A href=\"?pid=view_profile&user=$user_name\">$user_name</A></B></FONT><BR><BR>\n"
. " <FONT class=\"small_text\">\n"
. " Total Posts: $total_posts<BR>\n";
/* If the user specified their location, then display it */
if ($user_location != "") { echo " Location: $user_location<BR>\n"; }
/* Keep going ... */
echo " </FONT>\n"
. " </TD>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_1 . "\" width=\"100%\">\n"
. " <FONT class=\"small_text\">Posted " . $row["nice_time"] . "</FONT>\n"
. " <HR>\n"
. " <FONT class=\"regular_text\">\n"
. " " . $row["reply_body"] . "\n"
. " </FONT>\n";
/* If the user is a mod or an admin, then display the extra options */
if ( ( $is_moderator != 0 && in_array($forum_id, $moderated_forums) ) || $is_admin != 0 )
{
/* Pull the user's IP address */
$SQL = "SELECT user_ip FROM " . TABLE_PREFIX . "replies WHERE reply_id='" . $row["reply_id"] . "';";
$results2 = ExeSQL($SQL);
/* Grab the data and load it into a variable */
while ($row2 = mysql_fetch_array($results2))
$user_ip = $row2["user_ip"];
/* Start displaying the options */
echo " <HR>\n"
. " <TABLE width=\"100%\" cellspacing=\"0\" cellpadding=\"0\">\n"
. " <TR class=\"small_text\">\n";
/* Is the user an admin or a moderator? */
if ($is_admin == 0)
$which = "mod";
else
$which = "admin";
/* Display the form */
echo " <FORM action=\"index.php\" method=\"POST\" name=\"" . $which . "_tools\">\n"
. " <TD>\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n"
. " <INPUT type=\"hidden\" name=\"thread_id\" value=\"$thread_id\">\n"
. " <INPUT type=\"hidden\" name=\"reply_id\" value=\"" . $row["reply_id"] . "\">\n"
. " <INPUT type=\"submit\" name=\"" . $which . "_action\" value=\"Delete Reply\" onClick=\"return Confirm('Are you sure you want to delete this reply?');\">\n"
. " </TD>\n"
. " <TD align=\"right\" valign=\"middle\">\n"
. " <B>IP:</B> $user_ip\n"
. " </TD>\n"
. " </FORM>\n"
. " </TR>\n"
. " </TABLE>\n";
}
/* Close out the section */
echo " </TD>\n"
. " </TR>\n";
}
/* Let's get the hell out of dodge! */
echo " </TABLE>\n";
?>

162
content/view_threads.php Normal file
View file

@ -0,0 +1,162 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'View Threads' page. Don't *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 13th, 2002 (JJS) *
\******************************************************************************/
/* Redirect if this file is called directly */
$file_name = "view_forums.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Pull the forum id list from the database */
$SQL = "SELECT forum_id FROM " . TABLE_PREFIX . "forums;";
$results = ExeSQL($SQL);
/* Grab the data and load it into an array */
while ($row = mysql_fetch_array($results))
$forum_list[] = $row["forum_id"];
/* If the forum doesn't exist, then halt */
if (!in_array($forum_id, $forum_list))
{
/* Tell the user what's up */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
require ("./content/view_forums.php");
return;
}
/* Start the table */
echo " <TABLE width=\"100%\" cellpadding=\"0\" cellspacing=\"0\">\n"
. " <TR>\n";
/* Pull the forum name from the database */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "forums WHERE forum_id='$forum_id';";
$results = ExeSQL($SQL);
/* Grab the data and display it */
while ($row = mysql_fetch_array($results))
echo " <TD class=\"regular_text\"><A href=\"?pid=view_forums\">" . BOARD_NAME . "</A> > " . $row["forum_name"]."</TD>\n";
/* Count the number of threads for the named forum */
$SQL = "SELECT COUNT(*) AS any_threads FROM " . TABLE_PREFIX . "threads WHERE forum_id='$forum_id';";
$results = ExeSQL($SQL);
/* Grab the data, and load it in a variable */
while ($row = mysql_fetch_array($results))
$any_threads = $row["any_threads"];
/* If there are threads then display them */
if ($any_threads != 0)
{
/* Display the Post new thread link */
echo " <TD align=\"right\" class=\"regular_text\"><A href=\"?pid=post_thread&forum_id=$forum_id\">Post New Thread</A></TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <BR>\n";
/* Build the HTML table (column headings) */
echo " <TABLE cellspacing=\"0\" cellpadding=\"5\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD width=\"100%\">Thread</TD>\n"
. " <TD align=\"center\" width=\"1\">Author</TD>\n"
. " <TD align=\"center\" width=\"1\">Replies</TD>\n"
. " <TD width=\"\" nowrap>Posted on</TD>\n"
. " </TR>\n";
/* Pull each thread title and date/time in a nice format in time order */
$SQL = "SELECT *, DATE_FORMAT(thread_time, '%W, %M %e, %Y %r') AS nice_time, DATE_FORMAT(thread_time, '%Y-%m-%d') AS post_date FROM " . TABLE_PREFIX . "threads WHERE forum_id='$forum_id' ORDER BY thread_time DESC;";
$results = ExeSQL($SQL);
/* Grab the data, and display it in the table */
while ($row = mysql_fetch_array($results))
{
/* Get the current date */
$current_date = strftime ("%Y-%m-%d", time());
/* Grab the Thread ID and the User ID */
$thread_id = $row["thread_id"];
$user_id = $row["user_id"];
/* Pull the total number of replies for each thread */
$SQL = "SELECT COUNT(*) AS total_items FROM " . TABLE_PREFIX . "replies WHERE thread_id='$thread_id';";
$results2 = ExeSQL($SQL);
/* Grab the data, and load it in an array */
while ($row2 = mysql_fetch_array($results2))
$total_items = $row2["total_items"];
/* Grab the total number of threads */
if ($total_items == "")
$total_replies = "--";
else
$total_replies = $total_items;
/* Pull each user name from the database */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';";
$results2 = ExeSQL($SQL);
/* Grab the data and load it into an array */
while ($row2 = mysql_fetch_array($results2))
$the_user = $row2["user_name"];
/* Set which image to show for the thread */
if ( $row["post_date"] == $current_date && $total_replies >= 25 )
$which_image = "folder-blue-fire";
else if ( $row["post_date"] == $current_date )
$which_image = "folder-blue";
else if ( $total_replies >= 25 )
$which_image = "folder-yellow-fire";
else
$which_image = "folder-yellow";
/* Spit out the rest of the HTML */
echo " <TR>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <IMG src=\"./images/$which_image.png\"> <A href=\"?pid=view_replies&thread_id=" . $row["thread_id"] . "&forum_id=$forum_id\">" . $row["thread_title"] . "</A>\n"
. " </TD>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_2 . "\" align=\"center\" nowrap class=\"small_text\">\n"
. " <A href=\"?pid=view_profile&user=" . $the_user . "\">" . $the_user . "</A>\n"
. " </TD>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_1 . "\" align=\"center\" class=\"regular_text\">\n"
. " " . $total_replies . "\n"
. " </TD>\n"
. " <TD bgcolor=\"" . TABLE_COLOR_2 . "\" nowrap class=\"small_text\">\n"
. " " . $row["nice_time"] . "\n"
. " </TD>\n"
. " </TR>\n";
}
/* Close off the table, and display the key */
echo " </TABLE>\n"
. " <BR>\n"
. " <FONT class=\"small_text\">\n"
. " <IMG src=\"./images/folder-yellow.png\"> = Older threads<BR>\n"
. " <IMG src=\"./images/folder-blue.png\"> = Today's threads<BR>\n"
. " <IMG src=\"./images/folder-yellow-fire.png\"> = Hot thread with 25+ replies<BR>\n"
. " <IMG src=\"./images/folder-blue-fire.png\"> = Hot thread from today<BR>\n"
. " </FONT>\n";
}
else
{
/* If there are no active threads, display this stuff */
echo " </TR>\n"
. " </TABLE>\n"
. " <BR>\n"
. " <CENTER class=\"regular_text\">\n"
. " <B>There are no active threads in this forum.</B><BR>\n"
. " <A href=\"?pid=post_thread&forum_id=$forum_id\">Click here if you'd like to post a new thread.</A>\n"
. " </CENTER>\n";
}
?>

BIN
images/b2.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
images/b2.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 6.7 KiB

BIN
images/folder-blue-fire.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 321 B

BIN
images/folder-blue.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 264 B

BIN
images/folder-purple.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 264 B

BIN
images/folder-red.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 264 B

BIN
images/folder-yellow-fire.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 331 B

BIN
images/folder-yellow.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 291 B

1
images/index.php Normal file
View file

@ -0,0 +1 @@
<? header("Location: ../index.php"); ?>

BIN
images/title.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 5.6 KiB

431
include/include.php Normal file
View file

@ -0,0 +1,431 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script contains commonly used functions and variables for the site. *
* *
* Last modified : Septemeber 25th, 2002 (JJS) *
\******************************************************************************/
/* B Squared Version Number */
define("VERSION", "0.6.2");
/* B Squared Path */
$b2_path = "./";
/*
* return a trimmed value based on the given value
* and length
*
* @author Dean Jones <dean@geekoid.org>
* @param string $var
* the variable we want to trim
*
* @param int $size
* the length we want to trim the
* varible to
*
* @return string the variable trimmed to the
* length specified in $size
*/
function
CheckVars($var, $size)
{
/* Determine the length of $var */
$length = strlen($var);
/* If the length is fine, then exit */
if ($length <= $size)
return;
/* else, get your loop on! */
for ( ; $length >= $size; $length--)
$var[$length] = "";
}
/*
*
*/
function
GetVars($varname, $defval=NULL)
{
if (array_key_exists($varname, $_SERVER))
$retval = $_SERVER[$varname];
elseif (array_key_exists($varname, $_COOKIE))
$retval = $_COOKIE[$varname];
elseif (array_key_exists($varname, $_POST))
$retval = $_POST[$varname];
elseif (array_key_exists($varname, $_GET))
$retval = $_GET[$varname];
elseif (array_key_exists($varname, $_ENV))
$retval = $_ENV[$varname];
else
$retval = $defval;
return $retval;
}
/*
*
*/
function
ExeSQL($SQL)
{
$results = @mysql_db_query(DB_NAME, $SQL, CONNECTION);
if (!$results)
{
if (ADMIN_ERRORS != "yes")
{
NotifyAdmin("mysql_query");
exit(ERROR);
}
else
exit("There was an error.<BR><BR><B>MySQL Error:</B> <I>" . mysql_error() . "</I>\n");
}
return($results);
}
/*
*
*/
function
AttemptLogin( $pid, $logged_in, $login, $username, $password, $is_moderator, $is_admin )
{
/* Attempt to log the user in if they request it */
if ( $_SERVER['REQUEST_METHOD'] == "POST" && $pid == "login" && $username != "" && $password != "" )
{
/* Check to see if the provided username exists in the database */
$SQL = "SELECT COUNT(*) AS user_exists FROM " . TABLE_PREFIX . "users WHERE user_name='$username';";
$results = ExeSQL($SQL);
/* Grab the data, and analyze it */
while ($row = mysql_fetch_array($results))
$user_exists = $row["user_exists"];
/* User provided correct username */
if ($user_exists == 1)
{
/* Check to see if the provided username exists in the database */
$SQL = "SELECT user_pass FROM " . TABLE_PREFIX . "users WHERE user_name='$username';";
$results = ExeSQL($SQL);
/* Grab the data, and analyze it */
while ($row = mysql_fetch_array($results))
$existing_pass = $row["user_pass"];
$password = crypt($password, $existing_pass);
$the_host = GetVars("HTTP_HOST");
if ($password == $existing_pass)
{
/* Set the cookies */
SetCookie("user_name", $username, time() + 86400, ''); //, $the_host);
SetCookie("user_pass", $password, time() + 86400, ''); //, $the_host);
$pid = "view_forums";
$logged_in = 1;
}
else
{
/* Clear the cookies */
SetCookie("user_name", "", time() - 3600, ''); //, $the_host);
SetCookie("user_pass", "", time() - 3600, ''); //, $the_host);
$pid = "login";
$login = "failed";
$logged_in = 0;
}
if ($logged_in == 1)
{
/* Pull the user ID for the user */
$SQL = "SELECT user_id FROM " . TABLE_PREFIX . "users WHERE user_name='$username';";
$results = ExeSQL($SQL);
/* Grab the data */
while ($row = mysql_fetch_array($results))
$user_id = $row["user_id"];
/* Check to see if the user is a moderator */
$SQL = "SELECT COUNT(*) AS is_moderator FROM " . TABLE_PREFIX . "moderators WHERE user_id='$user_id';";
$results = ExeSQL($SQL);
/* Grab the data */
while ($row = mysql_fetch_array($results))
$is_moderator = $row["is_moderator"];
/* Check to see if the user is an administrator */
$SQL = "SELECT COUNT(*) AS is_admin FROM " . TABLE_PREFIX . "administrators WHERE user_id='$user_id';";
$results = ExeSQL($SQL);
/* Grab the data */
while ($row = mysql_fetch_array($results))
$is_admin = $row["is_admin"];
/* If user is admin, grant them moderator privileges */
if ($is_admin != 0)
$is_moderator = $is_admin;
}
}
/* User provided incorrect username */
else
{
/* Clear the cookies */
SetCookie("user_name", "", time() - 3600, ''); //, $the_host);
SetCookie("user_pass", "", time() - 3600, ''); //, $the_host);
$pid = "login";
$login = "failed";
$logged_in = 0;
}
}
}
/*
*
*/
function
VerifyLogin( $logged_in, $user_id, $is_moderator, $is_admin )
{
$user_name = GetVars("user_name");
$user_pass = GetVars("user_pass");
/* Verify the user's integrity */
if ( $user_name != "" && $user_pass != "" )
{
/* Check to see if the provided username exists in the database */
$SQL = "SELECT COUNT(*) AS user_verification FROM " . TABLE_PREFIX . "users WHERE user_name='" . $_COOKIE["user_name"] . "';";
$results = ExeSQL($SQL);
/* Grab the data, and analyze it */
while ($row = mysql_fetch_array($results))
$user_verification = $row["user_verification"];
if ($user_verification == 1)
{
/* Pull the password for the username we just determine existed */
$SQL = "SELECT user_name, user_pass FROM " . TABLE_PREFIX . "users WHERE user_name='" . $_COOKIE["user_name"] . "';";
$results = ExeSQL($SQL);
/* Grab the data, and analyze it */
while ($row = mysql_fetch_array($results))
{
$existing_user = $row["user_name"];
$existing_pass = $row["user_pass"];
}
$cookie_pass = urldecode($_COOKIE['user_pass']);
if ($existing_pass == $cookie_pass)
{
/* Set the cookies */
SetCookie("user_name", $existing_user, time() + 86400, '', $_SERVER['HTTP_HOST']);
SetCookie("user_pass", $existing_pass, time() + 86400, '', $_SERVER['HTTP_HOST']);
$pid = "view_forums";
$logged_in = 1;
}
else
{
/* Clear the cookies */
SetCookie("user_name", "", time() - 3600, '', $_SERVER['HTTP_HOST']);
SetCookie("user_pass", "", time() - 3600, '', $_SERVER['HTTP_HOST']);
$pid = "login";
$login = "failed";
$logged_in = 0;
}
}
else
{
SetCookie("user_name", "", time() - 3600, '', $_SERVER['HTTP_HOST']);
SetCookie("user_pass", "", time() - 3600, '', $_SERVER['HTTP_HOST']);
$logged_in = 0;
}
$is_moderator = $logged_in;
$is_admin = $logged_in;
if ($logged_in == 1)
{
/* Pull the user ID for the user */
$SQL = "SELECT user_id FROM " . TABLE_PREFIX . "users WHERE user_name='" . $_COOKIE["user_name"] . "';";
$results = ExeSQL($SQL);
/* Grab the data */
while ($row = mysql_fetch_array($results))
$user_id = $row["user_id"];
/* Check to see if the user is a moderator */
$SQL = "SELECT COUNT(*) AS is_moderator FROM " . TABLE_PREFIX . "moderators WHERE user_id='$user_id';";
$results = ExeSQL($SQL);
/* Grab the data */
while ($row = mysql_fetch_array($results))
$is_moderator = $row["is_moderator"];
/* Check to see if the user is an administrator */
$SQL = "SELECT COUNT(*) AS is_admin FROM " . TABLE_PREFIX . "administrators WHERE user_id='$user_id';";
$results = ExeSQL($SQL);
/* Grab the data */
while ($row = mysql_fetch_array($results))
$is_admin = $row["is_admin"];
/* If user is admin, grant them moderator privileges */
if ($is_admin != 0)
$is_moderator = $is_admin;
}
else
{
$is_moderator = 0;
$is_admin = 0;
}
}
}
/*
*
*/
function
ModAction ( $is_moderator, $mod_action, $forum_id, $thread_id, $reply_id, $user_id, $hack_attempt, $mod_feedback, $show_thread, $show_forum )
{
if ( $is_moderator == 0 && $mod_action != "" )
{
$hack_attempt = "outside";
return;
}
if ($mod_action != "")
{
/* Pull the list of forums this user is a moderator for */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "moderators WHERE user_id='$user_id';";
$results = ExeSQL($SQL);
/* Grab the data and load it in an array */
while ($row = mysql_fetch_array($results))
$moderated_forums[] = $row["forum_id"];
if (!in_array($forum_id, $moderated_forums))
{
$hack_attempt = "inside";
return;
}
}
switch ($mod_action)
{
case "Delete Reply":
/* Delete the specified reply */
$SQL = "DELETE FROM " . TABLE_PREFIX . "replies WHERE reply_id='$reply_id';";
$results = ExeSQL($SQL);
$mod_feedback = "The reply has been removed from the board.";
$show_thread = $thread_id;
break;
case "Delete Entire Thread":
/* Delete the specified thread */
$SQL = "DELETE FROM " . TABLE_PREFIX . "threads WHERE thread_id='$thread_id';";
$results = ExeSQL($SQL);
/* Delete the replies to the specified thread */
$SQL = "DELETE FROM " . TABLE_PREFIX . "replies WHERE thread_id='$thread_id';";
$results = ExeSQL($SQL);
$mod_feedback = "The thread has been removed from the board.";
$show_forum = $forum_id;
break;
default:
break;
}
}
/*
*
*/
function
AdminAction ( $is_admin, $admin_action, $forum_id, $thread_id, $reply_id, $user_id, $hack_attempt, $admin_feedback, $show_thread, $show_forum )
{
if ( $is_admin == 0 && $admin_action != "" )
{
$hack_attempt = "outside";
return;
}
switch ($admin_action)
{
case "Delete Reply":
/* Delete the specified reply */
$SQL = "DELETE FROM " . TABLE_PREFIX . "replies WHERE reply_id='$reply_id';";
$results = ExeSQL($SQL);
$mod_feedback = "The reply has been removed from the board.";
$show_thread = $thread_id;
break;
case "Delete Entire Thread":
/* Delete the specified thread */
$SQL = "DELETE FROM " . TABLE_PREFIX . "threads WHERE thread_id='$thread_id';";
$results = ExeSQL($SQL);
/* Delete the replies to the specified thread */
$SQL = "DELETE FROM " . TABLE_PREFIX . "replies WHERE thread_id='$thread_id';";
$results = ExeSQL($SQL);
$mod_feedback = "The thread has been removed from the board.";
$show_forum = $forum_id;
break;
default:
break;
}
}
/*
*
*/
function
NotifyAdmin($what_error)
{
/* If the admin notification is on, then run this */
if (NOTIFY_ADMIN == "yes")
{
switch ($what_error)
{
/* MySQL Query errors */
case "mysql_connect":
$subject = "[b^2] MySQL Error";
$body = "There was an error connecting to MySQL, the error is as follows:\n\n" . mysql_error() . "";
break;
/* MySQL Query errors */
case "mysql_query":
$subject = "[b^2] MySQL Error";
$body = "There was an error executing a MySQL Query, the error is as follows:\n\n" . mysql_error() . "";
break;
/* Default case, this should never be the case */
default:
$subject = "[b^2] Unknown Error";
$body = "Something fucked up, you should never get this email!!";
break;
}
/* Send the email to the admin */
mail(ADMIN_EMAIL, $subject, $body);
}
}
?>

1
include/index.php Normal file
View file

@ -0,0 +1 @@
<? header("Location: ../index.php"); ?>

13
include/javascript.js Normal file
View file

@ -0,0 +1,13 @@
function
PopUp(url, height, width)
{
open(url, "pop-up", "height=" + height + ",width=" + width + ",scrollbars=yes");
}
function
Confirm(question)
{
temp = window.confirm(question);
window.status=(temp)?'confirm: true':'confirm: false';
return(temp);
}

25
include/stylesheet.css Normal file
View file

@ -0,0 +1,25 @@
A
{
color: #000000;
}
A:hover
{
text-decoration: none;
}
INPUT
{
font-family: Verdana;
font-size: 9pt;
}
.table_header
{
color: #FFFFFF;
}
.table_header:hover
{
text-decoration: none;
}

528
index.php Normal file
View file

@ -0,0 +1,528 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* Just like on Mtv's Cribs, this is where the magic happen. This is the *
* only file that will output anything to the user. Huh? Yeah, all the *
* content pages are called from this file and loaded that way, they had been *
* set up to NOT let you call them directly. *
* *
* Last modified : September 24th, 2002 (JJS) *
\******************************************************************************/
/* Grab the time the page started loading */
$start_time = microtime();
/* Define the generic error message */
define("ERROR", "<B>There was a error.</B><BR><BR>The administrator has been notified, and the problem will be resolved as soon as he/she feels like it!\n");
/* Load the include file, and quit if it messes up */
if (!@include("./include/include.php"))
exit(ERROR);
/* Check the current state, and proceed to the installer is appropriate */
/* Check to see if config.php is present */
if ( !@include("config.php") )
{
/* No config? then call the installer! */
require("install.php");
exit;
}
/* If config.php is there, then check the installation status */
else if (INSTALLED != "yes")
{
/* Not installed? then call the installer! */
require("install.php");
exit;
}
/* Enable output buffering, so we can tweak the headers anytime */
ob_start();
/* Check the super globals and pull the values */
$destination = GetVars("destination");
$message = GetVars("message");
$password = GetVars("password");
$title = GetVars("title");
$username = GetVars("username");
$mod_action = GetVars("mod_action");
$admin_action = GetVars("admin_action");
$logout = GetVars("logout");
$pid = GetVars("pid");
$HTTP_HOST = GetVars("HTTP_HOST");
$REQUEST_METHOD = GetVars("REQUEST_METHOD");
$QUERY_STRING = GetVars("QUERY_STRING");
$forum_id = GetVars("forum_id");
$thread_id = GetVars("thread_id");
$reply_id = GetVars("reply_id");
$preview_scheme = GetVars("preview_scheme");
$user_name = GetVars("user_name");
/* Assign null values to these variables */
$logged_in = 0;
$login = "";
$user_id = "";
$is_moderator = 0;
$is_admin = 0;
$hack_attempt = "";
$mod_feedback = "";
$admin_feedback = "";
$show_thread = "";
$show_forum = "";
$scheme_error = "";
$scheme_feedback = "";
/* Parse the variables and trim them to a specified length */
CheckVars(&$pid, 16);
/* Connect to the MySQL database */
define("CONNECTION", @mysql_connect(DB_HOST, DB_USER, DB_PASS));
if (!CONNECTION)
{
if (ADMIN_ERRORS != "yes")
{
NotifyAdmin("mysql_connect");
exit(ERROR);
}
else
exit("There was an error.<BR><BR><B>MySQL Error:</B> <I>" . mysql_error() . "</I>\n");
}
/* Pull the general properties from the database */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "properties;";
$results = ExeSQL($SQL);
/* Grab the data and assign the values to constants */
while ($row = mysql_fetch_array($results))
{
define("BOARD_NAME", $row["board_name"]);
define("TITLE_IMAGE", $row["title_image"]);
}
/* Attempt to log the user in, if requested */
AttemptLogin(&$pid, &$logged_in, &$login, $username, &$password, &$is_moderator, &$is_admin );
/* Verify their identity, if they are logged in */
VerifyLogin( &$logged_in, &$user_id, &$is_moderator, &$is_admin );
/* Attempt to perform a moderator action, if requested */
ModAction( &$is_moderator, &$mod_action, $forum_id, $thread_id, $reply_id, $user_id, &$hack_attempt, &$mod_feedback, &$show_thread, &$show_forum );
/* Attempt to perform an admin action, if requested */
AdminAction( &$is_admin, &$admin_action, $forum_id, $thread_id, $reply_id, $user_id, &$hack_attempt, &$mod_feedback, &$show_thread, &$show_forum );
/* Determine if we pull the default scheme, or preview another */
if ($is_admin != 1)
$SQL = "SELECT * FROM " . TABLE_PREFIX . "schemes WHERE active_scheme='1';";
else
{
if ($preview_scheme == "")
$SQL = "SELECT * FROM " . TABLE_PREFIX . "schemes WHERE active_scheme='1';";
else
{
/* Pull the scheme that was requested */
$SQL = "SELECT COUNT(*) AS scheme_exists FROM " . TABLE_PREFIX . "schemes WHERE scheme_id='$preview_scheme';";
$results = ExeSQL($SQL);
/* Grab data and load it in a variable */
while ($row = mysql_fetch_array($results))
$scheme_exists = $row["scheme_exists"];
/* If the scheme doesn't exist then ... */
if ($scheme_exists == 0)
{
/* Pull the active scheme anyway! */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "schemes WHERE active_scheme='1';";
$scheme_error = "The scheme you requested to preview is unknown.";
}
else
{
/* Pull the name of the requested scheme */
$SQL = "SELECT scheme_name FROM " . TABLE_PREFIX . "schemes WHERE scheme_id='$preview_scheme';";
$results = ExeSQL($SQL);
/* Grab the name of the scheme and load it in a variable */
while ($row = mysql_fetch_array($results))
$scheme_name = $row["scheme_name"];
/* Pull the request scheme's properties */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "schemes WHERE scheme_id='$preview_scheme';";
$scheme_feedback = "You are currently previewing the '$scheme_name' scheme.";
}
}
}
/* Executed the winning scheme query */
$results = ExeSQL($SQL);
/* Grab the data and load it into constants */
while ($row = mysql_fetch_array($results))
{
define("BACKGROUND_COLOR", $row["background_color"]);
define("TABLE_BORDER_COLOR", $row["table_border_color"]);
define("TABLE_BORDER_SIZE", $row["table_border_size"]);
define("HEADER_BACKGROUND", $row["header_background"]);
define("MENU_BACKGROUND", $row["menu_background"]);
define("TEXT_COLOR", $row["text_color"]);
define("TEXT_FONT", $row["text_font"]);
define("TEXT_SMALL", $row["text_small"]);
define("TEXT_REGULAR", $row["text_regular"]);
define("LINK_COLOR", $row["link_color"]);
define("TABLE_HEADER_BACKGROUND", $row["table_header_background"]);
define("TABLE_HEADER_TEXT_COLOR", $row["table_header_text_color"]);
define("TABLE_COLOR_1", $row["table_color_1"]);
define("TABLE_COLOR_2", $row["table_color_2"]);
define("ERROR_MESSAGE", $row["error_message"]);
}
/* Attempt to redefine the colors with the defaults (success = there is nothing in the schemes table) */
define("BACKGROUND_COLOR", "#FFFFFF");
define("TABLE_BORDER_COLOR", "#000000");
define("TABLE_BORDER_SIZE", "1");
define("HEADER_BACKGROUND", "#FFFFFF");
define("MENU_BACKGROUND", "#EEEEEE");
define("TEXT_COLOR", "#000000");
define("TEXT_FONT", "Verdana");
define("TEXT_SMALL", "10");
define("TEXT_REGULAR", "12");
define("LINK_COLOR", "#000000");
define("TABLE_HEADER_BACKGROUND", "#000000");
define("TABLE_HEADER_TEXT_COLOR", "#FFFFFF");
define("TABLE_COLOR_1", "#EEEEEE");
define("TABLE_COLOR_2", "#CCCCCC");
define("ERROR_MESSAGE", "#FF0000");
/* Log the user out if requested */
if ($logout == "now")
{
/* Blow out the cookie */
SetCookie("user_name", "", time() - 3600, ''); //, $HTTP_HOST);
SetCookie("user_pass", "", time() - 3600, ''); //, $HTTP_HOST);
/* Blow out the variables */
$logged_in = 0;
$is_admin = 0;
$is_moderator = 0;
}
/* If the destination is specified, then assign it to the $pid */
if ($destination != "")
$pid = $destination;
/* If there's no specified $pid, then default to 'view_forums' */
if ($pid == "")
$pid = "view_forums";
/* If $show_thread isn't 0, then set the $pid and $thread_id */
if ($show_thread != 0)
{
$pid = "view_replies";
$thread_id = $show_thread;
}
/* Same deal as before, except it happens if $show_forum isn't 0 */
if ($show_forum != 0)
{
$pid = "view_threads";
$thread_id = $show_forum;
}
/* Determine which page to load based on the querystring */
switch ($pid)
{
/* The default page is the 'view forums' page */
default:
case "view_forums":
$page_title = "View Forums";
$pid = "view_forums";
break;
/* Nothing special */
case "view_threads":
$page_title = "View Threads";
break;
/* Nadda */
case "view_replies":
$page_title = "View Replies";
break;
/* Zippo */
case "register":
$page_title = "Register";
break;
/* Zilch */
case "login":
$page_title = "Login";
break;
/* If the user is trying to post a thread, check if they are logged in */
case "post_thread":
$page_title = "Post Thread";
/* If not, then direct them to the login page */
if ($logged_in == 0)
{
$destination = $pid;
$pid = "login";
}
break;
/* If the user is trying to post a reply, check if they are logged in */
case "post_reply":
$page_title = "Post Reply";
/* If not, then direct them to the login page */
if ($logged_in == 0)
{
$destination = $pid;
$pid = "login";
}
break;
/* If the user is trying to edit a profile, check if they are logged in */
case "edit_profile":
$page_title = "Edit Profile";
/* If not, then direct them to the login page */
if ($logged_in == 0)
{
$destination = $pid;
$pid = "login";
}
break;
/* Do the normal thang */
case "view_profile":
$page_title = "View Profile";
break;
/* These are the admin sections */
case "forum_admin":
case "user_admin":
case "scheme_admin":
case "general_admin":
/* If th user isn't logged in, send them there */
if ($logged_in == 0)
{
$destination = $pid;
$pid = "login";
}
/* If the user isn't an admin, assume it's a hack attempt */
if ($is_admin == 0)
{
$hack_attempt = "outside";
$pid = "view_forums";
}
break;
/* Show the FAQ for the board */
case "faq":
$page_title = "Frequently Asked Questions";
$message = $pid;
$pid = "view_message";
break;
}
/* Conver the $pid to lower case, and pull that filename */
$page_file = "./content/" . strtolower($pid) . ".php";
/* Display the page header, including CSS stuff */
echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n"
. "<HTML>\n"
. " <HEAD>\n"
. " <TITLE>" . BOARD_NAME . " [ powered by b^2 " . VERSION . " ]</TITLE>\n"
. " <SCRIPT language=\"JavaScript\" src=\"./include/javascript.js\"></SCRIPT>\n"
. " <STYLE>\n"
. " A\n"
. " {\n"
. " color: " . LINK_COLOR . ";\n"
. " }\n"
. " A:hover\n"
. " {\n"
. " text-decoration: none;\n"
. " }\n"
. " BODY, FONT\n"
. " {\n"
. " font-family: " . TEXT_FONT . ";\n"
. " font-size: " . TEXT_REGULAR . ";\n"
. " color: " . TEXT_COLOR . ";\n"
. " }\n"
. " INPUT, TEXTAREA\n"
. " {\n"
. " font-family: " . TEXT_FONT . ";\n"
. " font-size: " . TEXT_REGULAR . ";\n"
. " }\n"
. " .small_text\n"
. " {\n"
. " font-size: " . TEXT_SMALL . ";\n"
. " }\n"
. " .regular_text\n"
. " {\n"
. " font-size: " . TEXT_REGULAR . ";\n"
. " }\n"
. " .error_message\n"
. " {\n"
. " font-family: " . TEXT_FONT . ";\n"
. " font-size: " . TEXT_REGULAR . ";\n"
. " color: " . ERROR_MESSAGE . ";\n"
. " font-weight: BOLD;\n"
. " }\n"
. " .normal_message\n"
. " {\n"
. " font-family: " . TEXT_FONT . ";\n"
. " font-size: " . TEXT_REGULAR . ";\n"
. " color: " . TEXT_COLOR . ";\n"
. " font-weight: BOLD;\n"
. " }\n"
. " .table_header\n"
. " {\n"
. " font-size: " . TEXT_SMALL . ";\n"
. " color: " . TABLE_HEADER_TEXT_COLOR . ";\n"
. " background-color: " . TABLE_HEADER_BACKGROUND . ";\n"
. " font-weight: BOLD;\n"
. " }\n"
. " .table_border, td, tr\n"
. " {\n"
. " border-width: " . TABLE_BORDER_SIZE . ";\n"
. " border-color: " . TABLE_BORDER_COLOR . ";\n"
. " }\n"
. " </STYLE>\n"
. " </HEAD>\n"
. " <BODY bgcolor=\"" . BACKGROUND_COLOR . "\">\n"
. " <TABLE align=\"center\" valign=\"top\" cellpadding=\"8\" cellspacing=\"0\" width=\"100%\">\n"
. " <TR>\n"
. " <TD>\n"
. " <TABLE width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border class=\"table_border\">\n"
. " <TR>\n"
. " <TD>\n"
. " <TABLE width=\"100%\" cellspacing=\"0\" cellpadding=\"0\">\n"
. " <TR bgcolor=\"" . HEADER_BACKGROUND . "\">\n"
. " <TD><A href=\"?pid=view_forums\"><IMG src=\"" . TITLE_IMAGE . "\" border=\"0\"></A></TD>\n"
. " <TD align=\"right\" valign=\"bottom\" nowrap>\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" border=\"0\">\n"
. " <TR>\n"
. " <TD>\n";
/* Check if the user is logged in */
if ($logged_in == 0)
{
/* If not, then display the 'Log In' option */
$login_status = "Not logged in (<A href=\"?pid=login\">Log In</A>)";
}
else
{
/* If they are logged in, pull the username form the cookie */
if ($user_name == "")
$username = $username;
else
$username = $user_name;
/* Tell them they are logged in, and give them the option to log out */
$login_status = "Logged in as <B>$username</B> (<A href=\"?pid=login&logout=now\">Log Out</A>)";
}
/* Display the login status, and start on the menu */
echo " <FONT class=\"small_text\">$login_status</FONT>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD bgcolor=\"" . MENU_BACKGROUND . "\" valign=\"middle\">\n"
. " <TABLE cellpadding=\"3\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n"
. " <TR>\n"
. " <TD valign=\"middle\">\n";
/* If not logged in, give the register link */
if ($logged_in == 0)
{
$show_profile = "";
$show_register = "<A href=\"?pid=register\">Register</A> | ";
}
/* If logged in, then give a link to their profile */
else
{
$show_profile = "<A href=\"?pid=edit_profile\">My Profile</A> | ";
$show_register = "";
}
/* If the user is an admin, and logged in, display the admin links */
if ( $is_admin == 1 && $logged_in == 1 )
$show_admin = "<A href=\"?pid=general_admin\">General Admin</A> | <A href=\"?pid=scheme_admin\">Scheme Admin</A> | <A href=\"?pid=forum_admin\">Forum Admin</A> | <A href=\"?pid=user_admin\">User Admin</A> | ";
else
$show_admin = "";
/* Display the rest of the menu, and continue to the body of the page */
echo " <FONT class=\"small_text\">&nbsp;$show_profile$show_register$show_admin <A href=\"?pid=faq\">FAQ</A> <!-- | Search --></FONT><BR>\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD\n"
. " </TR>\n"
. " </TABLE>\n"
. " </TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD class=\"body_part\">\n"
. " <!-- Begin Dynamic Content -->\n";
/* If there is a scheme error, then show it! */
if ($scheme_error != "")
echo " <CENTER class=\"error_message\">$scheme_error</CENTER><BR>\n";
/* If there's scheme feedback, then show it */
if ($scheme_feedback != "")
echo " <CENTER class=\"normal_message\">$scheme_feedback</CENTER><BR>\n";
/* If there's a malformed request to the moderator tools, then error out */
if ($hack_attempt == "outside")
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
else if ($hack_attempt == "inside")
echo " <CENTER class=\"error_message\">Sorry, but your moderator privileges don't extend to this particular forum.</CENTER></BR>\n";
/* If a moderator tool have been executed, give feedback on it, positive or negative */
if ($mod_feedback != "")
echo " <CENTER class=\"normal_message\">$mod_feedback</CENTER><BR>\n";
/* Load the content for the page that was requested */
require($page_file);
/* It's all downhill from here ... */
echo " <!-- End Dynamic Content -->\n"
. " </TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD align=\"center\" class=\"small_text\">\n"
. " Powered by <B><A href=\"http://www.cleancode.org/b2/\" target=\"_blank\">b^2</A></B> " . VERSION . "<BR>\n";
/* Grab the current time, and figure the difference */
$load_time = round((microtime() - $start_time), 5);
/* If it's negative, then strip off the '-' */
if (substr($load_time, 0, 1) == "-")
$load_time = substr($load_time, 1);
echo " [ Page rendered in $load_time seconds ]\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " </BODY>\n"
. "</HTML>\n";
/* Close the MySQL connection like a good code monkey! */
mysql_close(CONNECTION);
/* Display the buffer, and stop buffering */
ob_end_flush();
?>

525
install.php Normal file
View file

@ -0,0 +1,525 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script is for [re]installing b^2 on your server. It cannot be called *
* directly, for security purposes, what you will need to do is delete the *
* config.php file, or set the global variable of INSTALLED to 'no'. The *
* installer will prompt you for information, and build your database, and *
* configuration files. I recommend giving this file write access, if not, *
* you will need to upload the config.php file that is generated to the root *
* directory (the directory that this file is in). *
* *
* Last modified : September 25th, 2002 (JJS) *
\******************************************************************************/
/* Load up the language file for the installer */
require("./language/installer.php");
/* This will make sure kid's don't play around with this file */
$file_name = "install.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Turn off dummy error messages */
define("ADMIN_ERRORS", "yes");
/* Set the step to NULL */
$step = "";
/* Grab the REQUEST_METHOD */
$REQUEST_METHOD = $_SERVER['REQUEST_METHOD'];
/* If the form was POSTed then ... */
if ( $REQUEST_METHOD == "POST" )
{
/* Define constants for the MySQL variables */
define("DB_USER", $_POST['db_user']);
define("DB_PASS", $_POST['db_pass']);
define("DB_NAME", $_POST['db_name']);
define("DB_HOST", $_POST['db_host']);
$table_prefix = $_POST['table_prefix'];
/* Grab the step number */
$step = $_POST['step'];
/* Grab the rest of the variables from the super global, assuming it's step 3 */
if ($step != 3)
{
$board_name = $_POST['board_name'];
$title_image = $_POST['title_image'];
$admin_user = $_POST['admin_user'];
$admin_pass = $_POST['admin_pass'];
$admin_pass2 = $_POST['admin_pass2'];
$admin_email = $_POST['admin_email'];
$forum_name = $_POST['forum_name'];
$forum_desc = $_POST['forum_desc'];
}
/* Define the contents of the config.php file */
$config_file = "<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script is generated by b^2 upon installing the sofware. It is *
* recommended that you don't edit the file, but if you must, you must. If *
* you wish to perform a clean install, either delete this file, or set the *
* global variable 'INSTALLED' to equal 'no'. *
* *
* Last modified : September 25th, 2002 (JJS) *
\******************************************************************************/
/* Installation status */
define(\"INSTALLED\", \"yes\");
if (INSTALLED == \"yes\")
{
/* Variables used by MySQL */
define(\"DB_USER\", \"" . DB_USER . "\");
define(\"DB_PASS\", \"" . DB_PASS . "\");
define(\"DB_NAME\", \"" . DB_NAME . "\");
define(\"DB_HOST\", \"" . DB_HOST . "\");
/* Prefix for the tables in the database */
define(\"TABLE_PREFIX\", \"" . $table_prefix . "\");
/* Toggle dummy error messages */
define(\"ADMIN_ERRORS\", \"no\");
/* Notify admin on error? */
define(\"NOTIFY_ADMIN\", \"yes\");
/* Administrator's email addy */
define(\"ADMIN_EMAIL\", \"" . $admin_email . "\");
/* Define the language pack to use */
define(\"LANGUAGE\", \"English\");
}
?>";
}
/* Jump to the right step */
switch ($step)
{
/* Default / step 1, display the form for the installer */
default:
case 1:
/* Show the HTML header */
ShowHeader();
echo " <SCRIPT language=\"JavaScript\">\n"
. " function\n"
. " CheckForm()\n"
. " {\n"
. " if (document.installer.board_name.value == '')\n"
. " {\n"
. " alert('The \'Board Name\' field is mandatory!');\n"
. " document.installer.board_name.focus(1);\n"
. " return false;\n"
. " }\n"
. " if (document.installer.db_user.value == '')\n"
. " {\n"
. " alert('The MySQL \'Username\' field is mandatory!');\n"
. " document.installer.db_user.focus(1);\n"
. " return false;\n"
. " }\n"
. " if (document.installer.db_name.value == '')\n"
. " {\n"
. " alert('The MySQL \'Database\' field is mandatory!');\n"
. " document.installer.db_name.focus(1);\n"
. " return false;\n"
. " }\n"
. " if (document.installer.db_host.value == '')\n"
. " {\n"
. " alert('The MySQL \'Hostname\' field is mandatory!\\n\\nOn most systems this will be \'localhost\'.');\n"
. " document.installer.db_host.focus(1);\n"
. " return false;\n"
. " }\n"
. " if (document.installer.table_prefix.value == '')\n"
. " {\n"
. " alert('The \'Table Prefix\' field is mandatory!');\n"
. " document.installer.table_prefix.focus(1);\n"
. " return false;\n"
. " }\n"
. " if (document.installer.admin_user.value == '')\n"
. " {\n"
. " alert('The Admin \'Username\' field is mandatory!');\n"
. " document.installer.admin_user.focus(1);\n"
. " return false;\n"
. " }\n"
. " if (document.installer.admin_pass.value == '')\n"
. " {\n"
. " alert('The Admin \'Password\' field is mandatory!');\n"
. " document.installer.admin_pass.focus(1);\n"
. " return false;\n"
. " }\n"
. " if (document.installer.admin_pass2.value == '')\n"
. " {\n"
. " alert('The Admin \'Confirm Password\' field is mandatory!');\n"
. " document.installer.admin_pass2.focus(1);\n"
. " return false;\n"
. " }\n"
. " if (document.installer.admin_pass.value != document.installer.admin_pass2.value)\n"
. " {\n"
. " alert('The Admin \'Password\' and \'Confirm Password\' fields must match!');\n"
. " document.installer.admin_pass.select();\n"
. " document.installer.admin_pass2.value = '';\n"
. " return false;\n"
. " }\n"
. " if (document.installer.admin_email.value == '')\n"
. " {\n"
. " alert('The Admin \'Email\' field is mandatory!');\n"
. " document.installer.admin_email.focus(1);\n"
. " return false;\n"
. " }\n"
. " if (document.installer.forum_name.value == '')\n"
. " {\n"
. " alert('The Initial Forum \'Name\' field is mandatory!');\n"
. " document.installer.forum_name.focus(1);\n"
. " return false;\n"
. " }\n"
. " if (document.installer.forum_desc.value == '')\n"
. " {\n"
. " alert('The Initial Forum \'Description\' field is mandatory!');\n"
. " document.installer.forum_desc.focus(1);\n"
. " return false;\n"
. " }\n"
. " return true;\n"
. " }\n"
. " </SCRIPT>\n"
. " <FORM method=\"POST\" name=\"installer\" action=\"index.php\">\n"
. " <TABLE width=\"500\" align=\"center\">\n"
. " <TR>\n"
. " <TD colspan=\"2\">" . GENERAL . ":<HR noshade></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD nowrap><B>" . BOARD_NAME . ": </B></TD>\n"
. " <TD align=\"right\"><INPUT type=\"text\" name=\"board_name\" size=\"50\" maxlength=\"64\"></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD nowrap><B>" . TITLE_IMAGE . ": </B></TD>\n"
. " <TD align=\"right\"><INPUT type=\"text\" name=\"title_image\" size=\"50\" maxlength=\"64\"></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD colspan=\"2\"><HR noshade><BR>" . MYSQL . ":<HR noshade></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD nowrap><B>" . USERNAME . ": </B></TD>\n"
. " <TD align=\"right\"><INPUT type=\"text\" name=\"db_user\" size=\"50\"></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD nowrap><B>" . PASSWORD . ": </B></TD>\n"
. " <TD align=\"right\"><INPUT type=\"password\" name=\"db_pass\" size=\"50\"></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD nowrap><B>" . DATABASE . ": </B></TD>\n"
. " <TD align=\"right\"><INPUT type=\"text\" name=\"db_name\" size=\"50\"></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD nowrap><B>" . HOSTNAME . ": </B></TD>\n"
. " <TD align=\"right\"><INPUT type=\"text\" name=\"db_host\" size=\"50\" value=\"localhost\"></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD nowrap><B>" . TABLE_PREFIX . ": </B></TD>\n"
. " <TD align=\"right\"><INPUT type=\"text\" name=\"table_prefix\" size=\"50\" value=\"b2_\"></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD colspan=\"2\"><HR noshade><BR>" . ADMIN . ":<HR noshade></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD nowrap><B>" . USERNAME . ": </B></TD>\n"
. " <TD align=\"right\"><INPUT type=\"text\" name=\"admin_user\" size=\"50\"></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD nowrap><B>" . PASSWORD . ": </B></TD>\n"
. " <TD align=\"right\"><INPUT type=\"password\" name=\"admin_pass\" size=\"50\"></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD nowrap><B>" . CONFIRM_PASSWORD . ": </B></TD>\n"
. " <TD align=\"right\"><INPUT type=\"password\" name=\"admin_pass2\" size=\"50\"></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD nowrap><B>" . EMAIL . ": </B></TD>\n"
. " <TD align=\"right\"><INPUT type=\"text\" name=\"admin_email\" size=\"50\"></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD colspan=\"2\"><HR noshade><BR>" . FORUM . ":<HR noshade></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD nowrap><B>" . NAME . ": </B></TD>\n"
. " <TD align=\"right\"><INPUT type=\"text\" name=\"forum_name\" size=\"50\" value=\"" . FORUM_NAME . "\"></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD nowrap><B>" . DESC . ": </B></TD>\n"
. " <TD align=\"right\"><INPUT type=\"text\" name=\"forum_desc\" size=\"50\" value=\"" . FORUM_DESC . "\"></TD>\n"
. " </TR>\n"
. " <TR>\n"
. " <TD colspan=\"2\" align=\"center\"><HR noshade><BR><INPUT type=\"submit\" name=\"install\" value=\"" . INSTALL_BUTTON . "\" onClick=\"return CheckForm();\"></TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"step\" value=\"2\">\n"
. " </FORM>\n";
/* Show the HTML Footer */
ShowFooter();
break;
/* Now the user put the info in, why don't we check the MySQL variables to make sure it works? */
case 2:
/* Show the HTML header */
ShowHeader();
/* Connect to the MySQL database */
define("CONNECTION", @mysql_connect(DB_HOST, DB_USER, DB_PASS));
/* If it connects, then proceed to doing the install, if not, tell the user */
if (!CONNECTION)
exit("<CENTER>There was a problem connecting to MySQL.<BR><BR><A href=\"javascript:history.go(-1)\">Previous Page</CENTER>\n");
else
{
/* Create the 'forums' table */
$SQL = "create table " . $table_prefix . "forums
(
forum_id int(10) not null auto_increment,
forum_order int(10) null,
forum_name varchar(64) not null,
forum_desc varchar(255) not null,
primary key(forum_id)
);";
$results = ExeSQL($SQL);
/* Create the 'threads' table */
$SQL = "create table " . $table_prefix . "threads
(
thread_id int(10) not null auto_increment,
thread_title varchar(64) not null,
thread_body text not null,
thread_time timestamp(14) not null,
user_id int(10) not null,
user_ip varchar(15) not null,
forum_id int(10) not null,
primary key(thread_id)
);";
$results = ExeSQL($SQL);
/* Create the 'users' table */
$SQL = "create table " . $table_prefix . "users
(
user_id int(10) not null auto_increment,
user_name varchar(64) not null,
user_email varchar(128) not null,
user_pass varchar(64) not null,
user_location varchar(128) null,
user_occupation varchar(64) null,
user_homepage varchar(128) null,
user_picture varchar(128) null,
user_interests varchar(255) null,
user_aim varchar(16) null,
user_icq varchar(16) null,
user_yahoo varchar(32) null,
user_signature varchar(255) null,
user_usesig int(1) null default '0',
primary key(user_id)
);";
$results = ExeSQL($SQL);
/* Create the 'replies' table */
$SQL = "create table " . $table_prefix . "replies
(
reply_id int(10) not null auto_increment,
reply_body text not null,
reply_time timestamp(14) not null,
user_id int(10) not null,
user_ip varchar(15) not null,
thread_id int(10) not null,
forum_id int(10) not null,
primary key(reply_id)
);";
$results = ExeSQL($SQL);
/* Create the 'moderators' table */
$SQL = "create table " . $table_prefix . "moderators
(
moderator_id int(10) not null auto_increment,
user_id int(10) not null,
forum_id int(10) not null,
primary key(moderator_id)
);";
$results = ExeSQL($SQL);
/* Create the 'administrators' table */
$SQL = "create table " . $table_prefix . "administrators
(
admin_id int(10) not null auto_increment,
user_id int(10) not null,
primary key(admin_id)
);";
$results = ExeSQL($SQL);
/* Create the 'schemes' table */
$SQL = "create table " . $table_prefix . "schemes
(
scheme_id int(10) not null auto_increment,
scheme_name varchar(64) not null,
scheme_desc varchar(255) not null default 'No description provided.',
background_color varchar(7) not null default '#FFFFFF',
table_border_color varchar(7) not null default '#000000',
table_border_size int(1) not null default '1',
header_background varchar(7) not null default '#FFFFFF',
menu_background varchar(7) not null default '#EEEEEE',
text_color varchar(7) not null default '#000000',
text_font varchar(64) not null default 'Verdana',
text_small int(2) not null default '10',
text_regular int(2) not null default '12',
link_color varchar(7) not null default '#000000',
table_header_background varchar(7) not null default '#000000',
table_header_text_color varchar(7) not null default '#FFFFFF',
table_color_1 varchar(7) not null default '#EEEEEE',
table_color_2 varchar(7) not null default '#CCCCCC',
error_message varchar(7) not null default '#FF0000',
active_scheme varchar(1) not null default '0',
primary key(scheme_id)
);";
$results = ExeSQL($SQL);
/* Create the 'properties' table */
$SQL = "create table " . $table_prefix . "properties
(
board_name varchar(64) not null default 'Forums',
title_image varchar(128) not null default './images/title.png'
);";
$results = ExeSQL($SQL);
/* Insert the default schemes into the database */
$SQL = "INSERT INTO " . $table_prefix . "schemes VALUES (1,'default','Default scheme for b^2. This scheme was the original color scheme used when developing the software.','#FFFFFF','#000000',1,'#FFFFFF','#EEEEEE','#000000','Verdana',10,12,'#000000','#000000','#FFFFFF','#EEEEEE','#CCCCCC','#FF0000','1'),(2,'freshmeat','This scheme is a rip off of the baby blue color scheme that Freshmeat.net uses on their site.','#FFFFFF','#6F6F6F',1,'#FFFFFF','#DDDDDD','#000000','Verdana, Tahoma, Arial, Helvetica',12,14,'#3366CC','#BBDDFF','#000000','#FFFFFF','#EEEEEE','#FF0000','');";
$results = ExeSQL($SQL);
/* Insert the inital forum into the table */
$SQL = "INSERT INTO " . $table_prefix . "forums (forum_order, forum_name, forum_desc) VALUES ('0', '$forum_name', '$forum_desc');";
$results = ExeSQL($SQL);
/* If no title image was specified, then use the default */
if ($title_image == "")
$title_image = "./images/title.png";
/* Insert the properties into the table */
$SQL = "INSERT INTO " . $table_prefix . "properties (board_name, title_image) VALUES ('$board_name', '$title_image');";
$results = ExeSQL($SQL);
/* Crypt the admin password to a random salt */
$admin_pass = crypt($admin_pass);
/* Insert the administrator user account into the table */
$SQL = "INSERT INTO " . $table_prefix . "users (user_name, user_pass, user_email) VALUES ('$admin_user', '$admin_pass', '$admin_email');";
$results = ExeSQL($SQL);
/* Insert the user as an administrator */
$SQL = "INSERT INTO " . $table_prefix . "administrators (user_id) VALUES ('1');";
$results = ExeSQL($SQL);
/* If the file exists, then rename it */
if (file_exists("config.php"))
@rename ("config.php", "config.php.bak");
/* Open the file to write to it, display any problems */
if (!$fp = @fopen("config.php", "w"))
ShowConfigProblem();
else
{
/* If we can't write to it, then display an error */
if (!fwrite($fp, $config_file))
ShowConfigProblem();
else
fclose($fp);
/* Yay b^2 installed correctly!! */
echo "<CENTER>b^2 " . VERSION . " has successfully been installed, <A href=\"./\">click here</A> to view your new board.</CENTER>\n";
}
ShowFooter();
}
/* It's probably a good time to close the database connection */
mysql_close(CONNECTION);
break;
/* This is where we output the config.php if the user was wack and didn't chmod 777 the directory */
case 3:
header("Content-Type: text/x-delimtext; name=\"config.php\"");
header("Content-disposition: attachment; filename=config.php");
echo $config_file;
exit();
break;
}
/*
* This is the HTML header for the page ...
*/
function
ShowHeader()
{
echo "<HTML>\n"
. " <HEAD>\n"
. " <TITLE>" . INSTALL_TITLE . "</TITLE>\n"
. " <STYLE>\n"
. " body, td, input\n"
. " {\n"
. " font-family: Verdana;\n"
. " font-size: 10pt;\n"
. " }\n"
. " hr\n"
. " {\n"
. " color: #000000;\n"
. " height: 1;\n"
. " }\n"
. " </STYLE>\n"
. " </HEAD>\n"
. " <BODY>\n"
. " <CENTER><H3><U>" . INSTALL_TITLE . "</U></H3></CENTER>\n";
}
/*
* ... and this is the HTML footer
*/
function
ShowFooter()
{
echo " </BODY>\n"
. "</HTML>";
}
/*
* Show any problems with the config file.
*/
function
ShowConfigProblem()
{
echo " Installation is complete, well almost ;) Seems that the installation script wasn't able to write the 'config.php' file to your system (you didn't remember to chmod 777 the directory, did you?) No big deal, If you click the button below, you'll be able to download the file to your local system. From there, you'll want to upload that bad boy to your server, and place it in the b^2 directory. You will need to upload the 'config.php' file to the directory that b^2 was placed in."
. " <FORM method=\"POST\" name=\"installer\">\n"
. " <INPUT type=\"hidden\" name=\"db_user\" value=\"" . DB_USER . "\">\n"
. " <INPUT type=\"hidden\" name=\"db_pass\" value=\"" . DB_PASS . "\">\n"
. " <INPUT type=\"hidden\" name=\"db_name\" value=\"" . DB_NAME . "\">\n"
. " <INPUT type=\"hidden\" name=\"db_host\" value=\"" . DB_HOST . "\">\n"
. " <INPUT type=\"hidden\" name=\"table_prefix\" value=\"" . TABLE_PREFIX . "\">\n"
. " <INPUT type=\"hidden\" name=\"step\" value=\"3\">\n"
. " <CENTER><INPUT type=\"submit\" name=\"what\" value=\"Download 'config.php' Now!\"></CENTER>\n"
. " </FORM>\n";
}
?>

25
language/faq.php Normal file
View file

@ -0,0 +1,25 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* Blah blah blah blah *
* *
* Last modified : September 24th, 2002 (JJS) *
\******************************************************************************/
/* FAQ Name / Title */
$FAQ_title = "Frequently Asked Questions";
/* Frequently Asked Questions */
$FAQ = "This is where you'd put in your custom FAQ for visitors to access. If "
. "you are an administrator for this board, you can edit this message by "
. "editting the 'faq.php' file, located in the languages directory.";
/*************** FYI, you shouldn't need to edit below here ... ***************/
/* Define all the stuff as constants, so I can work with it */
define("FAQ_TITLE", $FAQ_title);
define("FREQUENTLY_ASKED_QUESTIONS", $FAQ);
?>

59
language/installer.php Normal file
View file

@ -0,0 +1,59 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* Blah blah blah blah *
* *
* Last modified : September 17th, 2002 (JJS) *
\******************************************************************************/
/* Installation page title */
$title = "b^2 " . VERSION . " Installer";
/* Section headings */
$general = "General Properties";
$mysql = "MySQL Properties";
$admin = "Admin Account";
$forum = "Initial Forum";
/* Section field names */
$board_name = "Board Name";
$title_image = "Title Image";
$username = "Username";
$password = "Password";
$database = "Database";
$hostname = "Hostname";
$table_prefix = "Table Prefix";
$confirm_pass = "Confirm Password";
$email = "Email";
$name = "Name";
$description = "Description";
$forum_name = "General Discussion";
$forum_desc = "This forum is for general discussion";
$install_button = "Install b^2 " . VERSION;
/*************** FYI, you shouldn't need to edit below here ... ***************/
/* Define all the stuff as constants, so I can work with it */
define("INSTALL_TITLE", $title);
define("GENERAL", $general);
define("MYSQL", $mysql);
define("ADMIN", $admin);
define("FORUM", $forum);
define("BOARD_NAME", $board_name);
define("TITLE_IMAGE", $title_image);
define("USERNAME", $username);
define("PASSWORD", $password);
define("DATABASE", $database);
define("HOSTNAME", $hostname);
define("TABLE_PREFIX", $table_prefix);
define("CONFIRM_PASSWORD", $confirm_pass);
define("EMAIL", $email);
define("NAME", $name);
define("DESC", $description);
define("FORUM_NAME", $forum_name);
define("FORUM_DESC", $forum_desc);
define("INSTALL_BUTTON", $install_button);
?>

70
language/tos.php Normal file
View file

@ -0,0 +1,70 @@
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* Blah blah blah blah *
* *
* Last modified : September 24th, 2002 (JJS) *
\******************************************************************************/
/* Terms of Service */
$TOS = "Considering the real-time nature of this bulletin board, it is "
. "impossible for us to review all of the messages or confirm the "
. "validity of information posted. Please remember that we do not "
. "actively monitor the contents of this bulletin board and are not "
. "responsible for any messages posted. We do not vouch for or warrant "
. "the accuracy, completeness or usefulness of any message, and are not "
. "responsible for the contents of any message. The messages express the "
. "views of the author of the message, not necessarily the views of this "
. "bulletin board. Any user who feels that a posted message is "
. "objectionable is encouraged to contact us immediately by email. We "
. "have the ability to remove objectionable messages andConsidering the "
. "real-time nature of this bulletin board, it is impossible for us to "
. "review all of the messages or confirm the validity of information "
. "posted. Please remember that we do not actively monitor the contents "
. "of this bulletin board and are not responsible for any messages "
. "posted. We do not vouch for or warrant the accuracy, completeness "
. "or usefulness of any message, and are not responsible for the contents "
. "of any message. The messages express the views of the author of the "
. "message, not necessarily the views of this bulletin board. Any user "
. "who feels that a posted message is objectionable is encouraged to "
. "contact us immediately by email. We have the ability to remove "
. "objectionable messages and we will make every effort to do so, within "
. "a reasonable time frame, if we determine that removal is necessary. "
. "This is a manual process, however, so please realize that we may not "
. "be able to remove or edit particular messages immediately."
. "<BR><BR>"
. "You agree, through your use of this service, that you will not use "
. "this bulletin board to post any material which is knowingly false "
. "and/or defamatory, inaccurate, abusive, vulgar, hateful, harassing, "
. "obscene, profane, sexually oriented, threatening, invasive of a "
. "person's privacy, or otherwise violative of any law. You agree not to "
. "post any copyrighted material unless the copyright is owned by you or "
. "by this bulletin board."
. "<BR><BR>"
. "Although we do not and cannot review the messages posted and are not "
. "responsible for the content of any of these messages, we reserve the "
. "right to delete any message for any or no reason whatsoever. You "
. "remain solely responsible for the content of your messages, and you "
. "agree to indemnify and hold harmless this bulletin board (and any "
. "owners of this bulletin board) and their agents with respect to any "
. "claim based upon transmission of your message(s)."
. "<BR><BR>"
. "We also reserve the right to reveal your identity (or whatever "
. "information we know about you) in the event of a complaint or legal "
. "action arising from any message posted by you."
. "<BR><BR>"
. "Please note that advertisements, chain letters, pyramid schemes, and "
. "solicitations are inappropriate on this bulletin board. We will make "
. "every effort to remove such posts, within a reasonable time frame, if "
. "we determine that removal is necessary. This is a manual process, "
. "however, so please realize that we may not be able to remove or edit "
. "such messages immediately.";
/*************** FYI, you shouldn't need to edit below here ... ***************/
/* Define all the stuff as constants, so I can work with it */
define("TERMS_OF_SERVICE", $TOS);
?>