Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) Bug Reports
Author Message
raphael
New Member
New Member



Joined: Aug 17, 2005
Posts: 6

PostPosted: Wed Aug 17, 2005 1:54 pm Reply with quote

Hi

I've installes nuke7.6 patched3.1 .
I tried firs install sentinel 2.4.0 but there is a problem in mainfile.php so I don't Know what to do
Here il mainfile.php(mofified)
Quote:
<?php

/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* [ Only registered users can see links on this board! Get registered or login! ] */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
/* Additional Security and Code Cleanup for Patched 3.1 */
/* Commited by the Nuke Patched Development Team 2005 */
/* chatserv, Evaders99, Quake */
/* [ Only registered users can see links on this board! Get registered or login! ] - Download location */
/* [ Only registered users can see links on this board! Get registered or login! ] - Development location */
/* [ Only registered users can see links on this board! Get registered or login! ] - CVS */
/************************************************************************/

// End the transaction
if(!defined('END_TRANSACTION')) {
define('END_TRANSACTION', 2);
}

// Get php version
$phpver = phpversion();

// convert superglobals if php is lower then 4.1.0
if ($phpver < '4.1.0') {
$_GET = $HTTP_GET_VARS;
$_POST = $HTTP_POST_VARS;
$_SERVER = $HTTP_SERVER_VARS;
$_FILES = $HTTP_POST_FILES;
$_ENV = $HTTP_ENV_VARS;
if(isset($_POST)) {
$_REQUEST = $_POST;
} elseif(isset($_GET)) {
$_REQUEST = $_GET;
}
if(isset($HTTP_COOKIE_VARS)) {
$_COOKIE = $HTTP_COOKIE_VARS;
}
if(isset($HTTP_SESSION_VARS)) {
$_SESSION = $HTTP_SESSION_VARS;
}
}

// override old superglobals if php is higher then 4.1.0
if($phpver >= '4.1.0') {
$HTTP_GET_VARS = $_GET;
$HTTP_POST_VARS = $_POST;
$HTTP_SERVER_VARS = $_SERVER;
$HTTP_POST_FILES = $_FILES;
$HTTP_ENV_VARS = $_ENV;
$PHP_SELF = $_SERVER['PHP_SELF'];
if(isset($_SESSION)) {
$HTTP_SESSION_VARS = $_SESSION;
}
if(isset($_COOKIE)) {
$HTTP_COOKIE_VARS= $_COOKIE;
}
}

// After doing those superglobals we can now use one
// and check if this file isnt being accessed directly
if (stristr(htmlentities($_SERVER['PHP_SELF']), "mainfile.php")) {
header("Location: index.php");
exit();
}

if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
$do_gzip_compress = TRUE;
ob_start();
ob_implicit_flush(0);
//header('Content-Encoding: gzip');
}
}
}

if (!ini_get('register_globals')) {
@import_request_variables("GPC", "");
}

//Union Tap
//Copyright Zhen-Xjell 2004 [ Only registered users can see links on this board! Get registered or login! ]
//Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if(isset($_SERVER['QUERY_STRING'])) {
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {
die('Illegal Operation');
}
}

// This block of code makes sure $admin and $user are COOKIES
if((isset($admin) && $admin != $_COOKIE['admin']) OR (isset($user) && $user != $_COOKIE['user'])) {
die("Illegal Operation");
}

// We want to use the function stripos,
// but thats only available since PHP5.
// So we cloned the function...
if(!function_exists('stripos')) {
function stripos_clone($haystack, $needle, $offset=0) {
return strpos(strtoupper($haystack), strtoupper($needle), $offset);
}
} else {
// But when this is PHP5, we use the original function
function stripos_clone($haystack, $needle, $offset=0) {
return stripos($haystack, $needle, $offset=0);
}
}

// Additional security (Union, CLike, XSS)
if(!file_exists('includes/nukesentinel.php')) {
if(isset($_SERVER['QUERY_STRING'])) {
if(!file_exists('includes/nukesentinel.php')) {
if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
$queryString = $_SERVER['QUERY_STRING'];
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
die('Illegal Operation');
}
}
}

in function function online() {
}
}
}

if(isset($admin) && $admin == $_COOKIE['admin'])
{
$admin = base64_decode($admin);
$admin = addslashes($admin);
$admin = base64_encode($admin);
}

if(isset($user) && $user == $_COOKIE['user'])
{
$user = base64_decode($user);
$user = addslashes($user);
$user = base64_encode($user);
}

$htmltags = "<center><img src=\"images/logo.gif\"><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]";

if (!defined('ADMIN_FILE') && !file_exists('includes/nukesentinel.php')) {
foreach ($_GET as $sec_key => $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*body*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue)) ||
(eregi("forum_admin", $sec_key)) ||
(eregi("inside_mod", $sec_key))) {
die ($htmltags);
}
}

foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*body*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
die ($htmltags);
}
}
}

// Posting from other servers in not allowed
// Fix by Quake
// Bug found by PeNdEjO
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (strlen($_SERVER["HTTP_REFERER"]) > 0) {
if (!ereg("(http://$_SERVER[HTTP_HOST])", $_SERVER["HTTP_REFERER"]) && !ereg("(https://$_SERVER[HTTP_HOST])", $_SERVER["HTTP_REFERER"])) {
die('Posting from another server not allowed!');
}
}
/* problems when using some firewalls and proxy servers
else {
die("Warning your browser doesn't send the HTTP_REFERER header to the website.
This can be caused due to your browser, using a proxy server or your firewall.
Please change browser or turn off the use of a proxy or turn off the "Deny servers to trace web browsing" in your firewall
and you shouldn't have problems when sending a POST on this website.");
}
*/
}

if (defined('FORUM_ADMIN')) {
@require_once("../../../config.php");
@require_once("../../../db/db.php");
@require_once("../../../includes/sql_layer.php");
if (file_exists("../../../includes/custom_files/custom_mainfile.php")) { @include_once("../../../includes/custom_files/custom_mainfile.php"); }
//@require_once("../../../includes/ipban.php");
@include_once("../../../includes/nukesentinel.php");
if (defined('NUKE_HEADER') && file_exists("../../../includes/custom_files/custom_head.php")) { @include_once("../../../includes/custom_files/custom_head.php"); }
if (defined('NUKE_HEADER') && file_exists("../../../includes/custom_files/custom_header.php")) { @include_once("../../../includes/custom_files/custom_header.php"); }
} elseif (defined('INSIDE_MOD')) {
@require_once("../../config.php");
@require_once("../../db/db.php");
@require_once("../../includes/sql_layer.php");
if (file_exists("../../includes/custom_files/custom_mainfile.php")) { @include_once("../../includes/custom_files/custom_mainfile.php"); }
//@require_once("../../includes/ipban.php");
@include_once("../../includes/nukesentinel.php");
if (defined('NUKE_HEADER') && file_exists("../../includes/custom_files/custom_head.php")) { @include_once("../../includes/custom_files/custom_head.php"); }
if (defined('NUKE_HEADER') && file_exists("../../includes/custom_files/custom_header.php")) { @include_once("../../includes/custom_files/custom_header.php"); }
} else {
@require_once("config.php");
@require_once("db/db.php");
@require_once("includes/sql_layer.php");
if (file_exists("includes/custom_files/custom_mainfile.php")) { @include_once("includes/custom_files/custom_mainfile.php"); }
//@require_once("includes/ipban.php");
@include_once("includes/nukesentinel.php");
if (defined('NUKE_HEADER') && file_exists("includes/custom_files/custom_head.php")) { @include_once("includes/custom_files/custom_head.php"); }
if (defined('NUKE_HEADER') && file_exists("includes/custom_files/custom_header.php")) { @include_once("includes/custom_files/custom_header.php"); }
}
if (defined('NUKE_HEADER') && file_exists("includes/custom_files/custom_header.php")) { @include_once("includes/custom_files/custom_header.php"); }
}

if (!defined('FORUM_ADMIN')) {
if(empty($admin_file)) {
die ("You must set a value for admin_file in config.php");
} elseif (!empty($admin_file) && !file_exists($admin_file.".php")) {
die ("The admin_file you defined in config.php does not exist");
}
}

// Error reporting, to be set in config.php
if($display_errors) {
ini_set('display_errors', 1);
error_reporting(E_ALL^E_NOTICE);
} else {
ini_set('display_errors', 0);
error_reporting(0);
}

define('NUKE_FILE', true);
$dbi = $db->db_connect_id;
$result = $db->sql_query("SELECT * FROM ".$prefix."_config");
$row = $db->sql_fetchrow($result);
$sitename = $row['sitename'];
$nukeurl = $row['nukeurl'];
$site_logo = $row['site_logo'];
$slogan = $row['slogan'];
$startdate = $row['startdate'];
$adminmail = stripslashes($row['adminmail']);
$anonpost = $row['anonpost'];
$Default_Theme = $row['Default_Theme'];
$foot1 = $row['foot1'];
$foot2 = $row['foot2'];
$foot3 = $row['foot3'];
$commentlimit = intval($row['commentlimit']);
$anonymous = $row['anonymous'];
$minpass = intval($row['minpass']);
$pollcomm = intval($row['pollcomm']);
$articlecomm = intval($row['articlecomm']);
$broadcast_msg = intval($row['broadcast_msg']);
$my_headlines = intval($row['my_headlines']);
$top = intval($row['top']);
$storyhome = intval($row['storyhome']);
$user_news = intval($row['user_news']);
$oldnum = intval($row['oldnum']);
$ultramode = intval($row['ultramode']);
$banners = intval($row['banners']);
$backend_title = $row['backend_title'];
$backend_language = $row['backend_language'];
$language = $row['language'];
$locale = $row['locale'];
$multilingual = intval($row['multilingual']);
$useflags = intval($row['useflags']);
$notify = intval($row['notify']);
$notify_email = $row['notify_email'];
$notify_subject = $row['notify_subject'];
$notify_message = $row['notify_message'];
$notify_from = $row['notify_from'];
$moderate = intval($row['moderate']);
$admingraphic = intval($row['admingraphic']);
$httpref = intval($row['httpref']);
$httprefmax = intval($row['httprefmax']);
$CensorMode = intval($row['CensorMode']);
$CensorReplace = $row['CensorReplace'];
$copyright = $row['copyright'];
$Version_Num = floatval($row['Version_Num']);
$domain = str_replace("http://", "", $nukeurl);
$mtime = microtime();
$mtime = explode(" ",$mtime);
$mtime = $mtime[1] + $mtime[0];
$start_time = $mtime;

if (!defined('FORUM_ADMIN')) {
if (isset($newlang) AND !stripos_clone($newlang,".")) {
if (file_exists("language/lang-".$newlang.".php")) {
setcookie("lang",$newlang,time()+31536000);
include_once("language/lang-".$newlang.".php");
$currentlang = $newlang;
} else {
setcookie("lang",$language,time()+31536000);
include_once("language/lang-".$language.".php");
$currentlang = $language;
}
} elseif (isset($lang)) {
include_once("language/lang-".$lang.".php");
$currentlang = $lang;
} else {
setcookie("lang",$language,time()+31536000);
include_once("language/lang-".$language.".php");
$currentlang = $language;
}
}

function get_lang($module) {
global $currentlang, $language;
if (file_exists("modules/$module/language/lang-".$currentlang.".php")) {
if ($module == "admin") {
include_once("admin/language/lang-".$currentlang.".php");
} else {
include_once("modules/$module/language/lang-".$currentlang.".php");
}
} else {
if ($module != "Forums") {
if ($module == "admin") {
include_once("admin/language/lang-".$currentlang.".php");
} else {
include_once("modules/$module/language/lang-".$language.".php");
}
}
}
}

function is_admin($admin) {
if (!$admin) { return 0; }
if (isset($adminSave)) return $adminSave;
if (!is_array($admin)) {
$admin = base64_decode($admin);
$admin = addslashes($admin);
$admin = explode(":", $admin);
}
$aid = $admin[0];
$pwd = $admin[1];
$aid = substr(addslashes($aid), 0, 25);
if (!empty($aid) && !empty($pwd)) {
global $prefix, $db;
$sql = "SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'";
$result = $db->sql_query($sql);
$pass = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($pass[0] == $pwd && !empty($pass[0])) {
static $adminSave;
return $adminSave = 1;
}
}
static $adminSave;
return $adminSave = 0;
}

function is_user($user) {
if (!$user) { return 0; }
if (isset($userSave)) return $userSave;
if (!is_array($user)) {
$user = base64_decode($user);
$user = addslashes($user);
$user = explode(":", $user);
}
$uid = $user[0];
$pwd = $user[2];
$uid = intval($uid);
if (!empty($uid) AND !empty($pwd)) {
global $db, $user_prefix;
$sql = "SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row[0] == $pwd && !empty($row[0])) {
static $userSave;
return $userSave = 1;
}
}
static $userSave;
return $userSave = 1;
}

function is_group($user, $name) {
global $prefix, $db, $user_prefix, $cookie, $user;
if (is_user($user)) {
if(!is_array($user)) {
$cookie = cookiedecode($user);
$uid = intval($cookie[0]);
} else {
$uid = intval($user[0]);
}
$result = $db->sql_query("SELECT points FROM ".$user_prefix."_users WHERE user_id='$uid'");
list($points) = $db->sql_fetchrow($result);
$points = intval($points);
$db->sql_freeresult($result);
$result2 = $db->sql_query("SELECT mod_group FROM ".$prefix."_modules WHERE title='$name'");
list($mod_group) = $db->sql_fetchrow($result2);
$mod_group = intval($mod_group);
$db->sql_freeresult($result2);
$result3 = $db->sql_query("SELECT points FROM ".$prefix."_groups WHERE id='$mod_group'");
list($rpoints) = $db->sql_fetchrow($result3);
$grp = intval($rpoints);
$db->sql_freeresult($result3);
if (($points >= 0 AND $points >= $grp) OR $mod_group == 0) {
return 1;
}
}
return 0;
}

function update_points($id) {
global $user_prefix, $prefix, $db, $user;
if (is_user($user)) {
if(!is_array($user)) {
$cookie = cookiedecode($user);
$username = trim($cookie[1]);
} else {
$username = trim($user[1]);
}
if ($db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_groups")) > '0') {
$id = intval($id);
$result = $db->sql_query("SELECT points FROM ".$prefix."_groups_points WHERE id='$id'");
list($points) = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$rpoints = intval($points);
$db->sql_query("UPDATE ".$user_prefix."_users SET points=points+".$rpoints." WHERE username='$username'");
}
}
}

function title($text) {
OpenTable();
echo "<center><span class=\"title\"><strong>$text</strong></span></center>";
CloseTable();
echo "<br>";
}

function is_active($module) {
global $prefix, $db;
static $save;
if (is_array($save)) {
if (isset($save[$module])) return ($save[$module]);
return 0;
}
$sql = "SELECT title FROM ".$prefix."_modules WHERE active=1";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$save[$row[0]] = 1;
}
$db->sql_freeresult($result);
if (isset($save[$module])) return ($save[$module]);
return 0;
}

function render_blocks($side, $blockfile, $title, $content, $bid, $url) {
if(!defined('BLOCK_FILE')) {
define('BLOCK_FILE', true);
}
if (empty($url)) {
if (empty($blockfile)) {
if ($side == "c") {
themecenterbox($title, $content);
} elseif ($side == "d") {
themecenterbox($title, $content);
} else {
themesidebox($title, $content);
}
} else {
if ($side == "c") {
blockfileinc($title, $blockfile, 1);
} elseif ($side == "d") {
blockfileinc($title, $blockfile, 1);
} else {
blockfileinc($title, $blockfile);
}
}
} else {
if ($side == "c" OR $side == "d") {
headlines($bid,1);
} else {
headlines($bid);
}
}
}

function blocks($side) {
global $storynum, $prefix, $multilingual, $currentlang, $db, $admin, $user;
if ($multilingual == 1) {
$querylang = "AND (blanguage='$currentlang' OR blanguage='')";
} else {
$querylang = "";
}
if (strtolower($side[0]) == "l") {
$pos = "l";
} elseif (strtolower($side[0]) == "r") {
$pos = "r";
} elseif (strtolower($side[0]) == "c") {
$pos = "c";
} elseif (strtolower($side[0]) == "d") {
$pos = "d";
}
$side = $pos;
$sql = "SELECT bid, bkey, title, content, url, blockfile, view, expire, action, subscription FROM ".$prefix."_blocks WHERE bposition='$pos' AND active='1' $querylang ORDER BY weight ASC";
$result = $db->sql_query($sql);
while($row = $db->sql_fetchrow($result)) {
$bid = intval($row['bid']);
$title = stripslashes(check_html($row['title'], "nohtml"));
$content = stripslashes($row['content']);
$url = stripslashes($row['url']);
$blockfile = $row['blockfile'];
$view = intval($row['view']);
$expire = intval($row['expire']);
$action = $row['action'];
$action = substr("$action", 0,1);
$now = time();
$sub = intval($row['subscription']);
if ($sub == 0 OR ($sub == 1 AND !paid())) {
if ($expire != 0 AND $expire <= $now) {
if ($action == "d") {
$db->sql_query("UPDATE ".$prefix."_blocks SET active='0', expire='0' WHERE bid='$bid'");
return;
} elseif ($action == "r") {
$db->sql_query("DELETE FROM ".$prefix."_blocks WHERE bid='$bid'");
return;
}
}
if ($row['bkey'] == "admin") {
adminblock();
} elseif ($row['bkey'] == "userbox") {
userblock();
} elseif (empty($row['bkey'])) {
if ($view == 0) {
render_blocks($side, $blockfile, $title, $content, $bid, $url);
} elseif ($view == 1 AND is_user($user) || is_admin($admin)) {
render_blocks($side, $blockfile, $title, $content, $bid, $url);
} elseif ($view == 2 AND is_admin($admin)) {
render_blocks($side, $blockfile, $title, $content, $bid, $url);
} elseif ($view == 3 AND !is_user($user) || is_admin($admin)) {
render_blocks($side, $blockfile, $title, $content, $bid, $url);
}
}
}
}
$db->sql_freeresult($result);
}

function message_box() {
global $bgcolor1, $bgcolor2, $user, $admin, $cookie, $textcolor2, $prefix, $multilingual, $currentlang, $db, $admin_file;
if ($multilingual == 1) {
$querylang = "AND (mlanguage='$currentlang' OR mlanguage='')";
} else {
$querylang = "";
}
$result = $db->sql_query("SELECT mid, title, content, date, expire, view FROM ".$prefix."_message WHERE active='1' $querylang");
if ($numrows = $db->sql_numrows($result) == 0) {
return;
} else {
while ($row = $db->sql_fetchrow($result)) {
$mid = intval($row['mid']);
$title = stripslashes(check_html($row['title'], "nohtml"));
$content = stripslashes($row['content']);
$mdate = $row['date'];
$expire = intval($row['expire']);
$view = intval($row['view']);
if (!empty($title) && !empty($content)) {
if ($expire == 0) {
$remain = _UNLIMITED;
} else {
$etime = (($mdate+$expire)-time())/3600;
$etime = (int)$etime;
if ($etime < 1) {
$remain = _EXPIRELESSHOUR;
} else {
$remain = ""._EXPIREIN." $etime "._HOURS."";
}
}
if ($view == 5 AND paid()) {
OpenTable();
echo "<center><font class=\"option\" color=\"$textcolor2\"><b>$title</b></font></center><br>\n"
."<font class=\"content\">$content</font>";
if (is_admin($admin)) {
echo "<br><br><center><font class=\"content\">[ "._MVIEWSUBUSERS." - $remain - <a href=\"".$admin_file.".php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</font></center>";
}
CloseTable();
echo "<br>";
} elseif ($view == 4 AND is_admin($admin)) {
OpenTable();
echo "<center><font class=\"option\" color=\"$textcolor2\"><b>$title</b></font></center><br>\n"
."<font class=\"content\">$content</font>"
."<br><br><center><font class=\"content\">[ "._MVIEWADMIN." - $remain - <a href=\"".$admin_file.".php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</font></center>";
CloseTable();
echo "<br>";
} elseif ($view == 3 AND is_user($user) || is_admin($admin)) {
OpenTable();
echo "<center><font class=\"option\" color=\"$textcolor2\"><b>$title</b></font></center><br>\n"
."<font class=\"content\">$content</font>";
if (is_admin($admin)) {
echo "<br><br><center><font class=\"content\">[ "._MVIEWUSERS." - $remain - <a href=\"".$admin_file.".php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</font></center>";
}
CloseTable();
echo "<br>";
} elseif ($view == 2 AND !is_user($user) || is_admin($admin)) {
OpenTable();
echo "<center><font class=\"option\" color=\"$textcolor2\"><b>$title</b></font></center><br>\n"
."<font class=\"content\">$content</font>";
if (is_admin($admin)) {
echo "<br><br><center><font class=\"content\">[ "._MVIEWANON." - $remain - <a href=\"".$admin_file.".php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</font></center>";
}
CloseTable();
echo "<br>";
} elseif ($view == 1) {
OpenTable();
echo "<center><font class=\"option\" color=\"$textcolor2\"><b>$title</b></font></center><br>\n"
."<font class=\"content\">$content</font>";
if (is_admin($admin)) {
echo "<br><br><center><font class=\"content\">[ "._MVIEWALL." - $remain - <a href=\"".$admin_file.".php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</font></center>";
}
CloseTable();
echo "<br>";
}
if ($expire != 0) {
$past = time()-$expire;
if ($mdate < $past) {
$db->sql_query("UPDATE ".$prefix."_message SET active='0' WHERE mid='$mid'");
}
}
}
}
}
}

function online() {
global $nsnst_const, $user, $cookie, $prefix, $db;
if(!file_exists('includes/nukesentinel.php')) {
$ip = $_SERVER['REMOTE_ADDR'];
} else {
$ip = $nsnst_const['remote_ip'];
}

$guest = 0;
if (is_user($user)) {
cookiedecode($user);
$uname = $cookie[1];
if (!isset($uname)) {
$uname = $ip;
$guest = 1;
}
} else {
$uname = $ip;
$guest = 1;
}
$past = time()-3600;
$sql = "DELETE FROM ".$prefix."_session WHERE time < '$past'";
$db->sql_query($sql);
$sql = "SELECT time FROM ".$prefix."_session WHERE uname='$uname'";
$result = $db->sql_query($sql);
$ctime = time();
if (!empty($uname)) {
$uname = substr($uname, 0,25);
$row = $db->sql_fetchrow($result);
if ($row) {
$db->sql_query("UPDATE ".$prefix."_session SET uname='$uname', time='$ctime', host_addr='$ip', guest='$guest' WHERE uname='$uname'");
} else {
$db->sql_query("INSERT INTO ".$prefix."_session (uname, time, host_addr, guest) VALUES ('$uname', '$ctime', '$ip', '$guest')");
}
}
$db->sql_freeresult($result);
}

function blockfileinc($title, $blockfile, $side=0) {
$blockfiletitle = $title;
$file = @file("blocks/".$blockfile."");
if (!$file) {
$content = _BLOCKPROBLEM;
} else {
include("blocks/".$blockfile."");
}
if (empty($content)) {
$content = _BLOCKPROBLEM2;
}
if ($side == 1) {
themecenterbox($blockfiletitle, $content);
} elseif ($side == 2) {
themecenterbox($blockfiletitle, $content);
} else {
themesidebox($blockfiletitle, $content);
}
}

function selectlanguage() {
global $useflags, $currentlang;
if ($useflags == 1) {
$title = _SELECTLANGUAGE;
$content = "<center><font class=\"content\">"._SELECTGUILANG."<br><br>";
$langdir = dir("language");
while($func=$langdir->read()) {
if(substr($func, 0, 5) == "lang-") {
$menulist .= "$func ";
}
}
closedir($langdir->handle);
$menulist = explode(" ", $menulist);
sort($menulist);
for ($i=0; $i < sizeof($menulist); $i++) {
if($menulist[$i]!="") {
$tl = str_replace("lang-","",$menulist[$i]);
$tl = str_replace(".php","",$tl);
$altlang = ucfirst($tl);
$content .= "<a href=\"index.php?newlang=".$tl."\"><img src=\"images/language/flag-".$tl.".png\" border=\"0\" alt=\"$altlang\" title=\"$altlang\" hspace=\"3\" vspace=\"3\"></a> ";
}
}
$content .= "</font></center>";
themesidebox($title, $content);
} else {
$title = _SELECTLANGUAGE;
$content = "<center><font class=\"content\">"._SELECTGUILANG."<br><br></font>";
$content .= "<form action=\"index.php\" method=\"get\"><select name=\"newlanguage\" onChange=\"top.location.href=this.options[this.selectedIndex].value\">";
$handle=opendir('language');
while ($file = readdir($handle)) {
if (preg_match("/^lang\-(.+)\.php/", $file, $matches)) {
$langFound = $matches[1];
$languageslist .= "$langFound ";
}
}
closedir($handle);
$languageslist = explode(" ", $languageslist);
sort($languageslist);
for ($i=0; $i < sizeof($languageslist); $i++) {
if($languageslist[$i]!="") {
$content .= "<option value=\"index.php?newlang=$languageslist[$i]\" ";
if($languageslist[$i]==$currentlang) $content .= " selected";
$content .= ">".ucfirst($languageslist[$i])."</option>\n";
}
}
$content .= "</select></form></center>";
themesidebox($title, $content);
}
}

function ultramode() {
global $prefix, $db;
$ultra = "ultramode.txt";
$file = fopen($ultra, "w");
fwrite($file, "General purpose self-explanatory file with news headlines\n");
$sql = "SELECT sid, aid, title, time, comments, topic FROM ".$prefix."_stories ORDER BY time DESC LIMIT 0,10";
$result = $db->sql_query($sql);
while (list($rsid, $raid, $rtitle, $rtime, $rcomments, $rtopic) = $db->sql_fetchrow($result)) {
$rsid = intval($rsid);
$rtitle = stripslashes(check_html($rtitle, "nohtml"));
$rcomments = stripslashes($rcomments);
$rtopic = intval($rtopic);
$sql = "select topictext, topicimage from ".$prefix."_topics where topicid='$rtopic'";
$query = $db->sql_query($sql);
list($topictext, $topicimage) = $db->sql_fetchrow($query);
$topictext = stripslashes(check_html($topictext, "nohtml"));
$content = "%%\n$rtitle\n/modules.php?name=News&file=article&sid=$rsid\n$rtime\n$raid\n$topictext\n$rcomments\n$topicimage\n";
fwrite($file, $content);
}
fclose($file);
$db->sql_freeresult($result);
}

function cookiedecode($user) {
global $cookie, $db, $user_prefix;
static $pass;
if(!is_array($user)) {
$user = base64_decode($user);
$user = addslashes($user);
$cookie = explode(":", $user);
} else {
$cookie = $user;
}
if (!isset($pass)) {
$sql = "SELECT user_password FROM ".$user_prefix."_users WHERE username='$cookie[1]'";
$result = $db->sql_query($sql);
list($pass) = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
if ($cookie[2] == $pass && !empty($pass)) { return $cookie; }
}

function getusrinfo($user) {
global $user_prefix, $db, $userinfo, $cookie;
if (!$user OR empty($user)) {
return NULL;
}
cookiedecode($user);
$user = $cookie;
if (isset($userrow) AND is_array($userrow)) {
if ($userrow['username'] == $user[1] && $userrow['user_password'] == $user[2]) {
return $userrow;
}
}
$sql = "SELECT * FROM ".$user_prefix."_users WHERE username='$user[1]' AND user_password='$user[2]'";
$result = $db->sql_query($sql);
if ($db->sql_numrows($result) == 1) {
static $userrow;
$userrow = $db->sql_fetchrow($result);
return $userinfo = $userrow;
}
$db->sql_freeresult($result);
unset($userinfo);
}

// Speed up this function with stripos_clone and str_replace
function FixQuotes ($what = "") {
$what = str_replace("'","''",$what);
while (stripos_clone($what, "\\\\'")) {
$what = str_replace("\\\\'","'",$what);
}
return $what;
}

/*********************************************************/
/* text filter */
/*********************************************************/

function check_words($Message) {
global $CensorMode, $CensorReplace, $EditedMessage, $CensorList;
include("config.php");
$EditedMessage = $Message;
if ($CensorMode != 0) {
if (is_array($CensorList)) {
$Replace = $CensorReplace;
if ($CensorMode == 1) {
for ($i = 0; $i < count($CensorList); $i++) {
$EditedMessage = eregi_replace("$CensorList[$i]([^a-zA-Z0-9])","$Replace\\1",$EditedMessage);
}
} elseif ($CensorMode == 2) {
for ($i = 0; $i < count($CensorList); $i++) {
$EditedMessage = eregi_replace("(^|[^[:alnum:]])$CensorList[$i]","\\1$Replace",$EditedMessage);
}
} elseif ($CensorMode == 3) {
for ($i = 0; $i < count($CensorList); $i++) {
$EditedMessage = eregi_replace("$CensorList[$i]","$Replace",$EditedMessage);
}
}
}
}
return $EditedMessage;
}

function delQuotes($string){
/* no recursive function to add quote to an HTML tag if needed */
/* and delete duplicate spaces between attribs. */
$tmp=""; # string buffer
$result=""; # result string
$i=0;
$attrib=-1; # Are us in an HTML attrib ? -1: no attrib 0: name of the attrib 1: value of the atrib
$quote=0; # Is a string quote delimited opened ? 0=no, 1=yes
$len = strlen($string);
while ($i<$len) {
switch($string[$i]) { # What car is it in the buffer ?
case "\"": #" # a quote.
if ($quote==0) {
$quote=1;
} else {
$quote=0;
if (($attrib>0) && (!empty($tmp))) { $result .= "=\"$tmp\""; }
$tmp="";
$attrib=-1;
}
break;
case "=": # an equal - attrib delimiter
if ($quote==0) { # Is it found in a string ?
$attrib=1;
if ($tmp!="") $result.=" $tmp";
$tmp="";
} else $tmp .= '=';
break;
case " ": # a blank ?
if ($attrib>0) { # add it to the string, if one opened.
$tmp .= $string[$i];
}
break;
default: # Other
if ($attrib<0) # If we weren't in an attrib, set attrib to 0
$attrib=0;
$tmp .= $string[$i];
break;
}
$i++;
}
if (($quote!=0) && (!empty($tmp))) {
if ($attrib==1) $result .= "=";
/* If it is the value of an atrib, add the '=' */
$result .= "\"$tmp\""; /* Add quote if needed (the reason of the function Wink */
}
return $result;
}

function check_html ($str, $strip="") {
/* The core of this code has been lifted from phpslash */
/* which is licenced under the GPL. */
include("config.php");
if ($strip == "nohtml")
global $AllowableHTML;
if (!is_array($AllowableHTML)) $AllowableHTML =array('');
$str = stripslashes($str);
$str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>",'<\\1>', $str);
// Delete all spaces from html tags .
$str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?[[:space:]]*([^\" >]*)[[:space:]]*\"?[^>]*>",'<a href="\\1">', $str);
// Delete all attribs from Anchor, except an href, double quoted.
$str = eregi_replace("<[[:space:]]* img[[:space:]]*([^>]*)[[:space:]]*>", '', $str);
// Delete all img tags
$str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?javascript[[:punct:]]*\"?[^>]*>", '', $str);
// Delete javascript code from a href tags -- Zhen-Xjell @ [ Only registered users can see links on this board! Get registered or login! ]
$tmp = "";
while (ereg("<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>",$str,$reg)) {
$i = strpos($str,$reg[0]);
$l = strlen($reg[0]);
if ($reg[1][0] == "/") $tag = strtolower(substr($reg[1],1));
else $tag = strtolower($reg[1]);
if ($a = $AllowableHTML[$tag])
if ($reg[1][0] == "/") $tag = "</$tag>";
elseif (($a == 1) || (empty($reg[2]))) $tag = "<$tag>";
else {
# Place here the double quote fix function.
$attrb_list=delQuotes($reg[2]);
// A VER
$attrb_list = str_replace("&","&amp;",$attrb_list);
$tag = "<$tag" . $attrb_list . ">";
} # Attribs in tag allowed
else $tag = "";
$tmp .= substr($str,0,$i) . $tag;
$str = substr($str,$i+$l);
}
$str = $tmp . $str;
return $str;
exit;
/* Squash PHP tags unconditionally */
$str = str_replace("<?","",$str);
return $str;
}

function filter_text($Message, $strip="") {
global $EditedMessage;
check_words($Message);
$EditedMessage=check_html($EditedMessage, $strip);
return $EditedMessage;
}

/*********************************************************/
/* formatting stories */
/*********************************************************/

function formatTimestamp($time) {
global $datetime, $locale;
setlocale (LC_TIME, $locale);
ereg ("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2})Sad[0-9]{1,2})Sad[0-9]{1,2})", $time, $datetime);
// We've got to use strftime to use the $locale var
$datetime = strftime(""._DATESTRING."", mktime($datetime[4],$datetime[5],$datetime[6],$datetime[2],$datetime[3],$datetime[1]));
$datetime = ucfirst($datetime);
return $datetime;
}

function formatAidHeader($aid) {
global $prefix, $db;
static $users;
if (isset($users[$aid]) AND is_array($users[$aid])) {
$row = $users[$aid];
} else {
$sql = "SELECT url, email FROM ".$prefix."_authors WHERE aid='$aid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$users[$aid] = $row;
$db->sql_freeresult($result);
}
$aidurl = stripslashes($row['url']);
$aidmail = encode_mail(stripslashes($row['email']));
if ((isset($aidurl)) && ($aidurl != "http://")) {
$aid = "<a href=\"".$aidurl."\">$aid</a>";
} elseif (isset($aidmail)) {
$aid = "<a href=\"mailto:".$aidmail."\">$aid</a>";
} else {
$aid = $aid;
}
echo $aid;
}

function get_author($aid) {
global $prefix, $db;
static $users;
if (isset($users[$aid]) AND is_array($users[$aid])) {
$row = $users[$aid];
} else {
$sql = "SELECT url, email FROM ".$prefix."_authors WHERE aid='$aid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$users[$aid] = $row;
$db->sql_freeresult($result);
}
$aidurl = stripslashes($row['url']);
$aidmail = encode_mail(stripslashes($row['email']));
if ((isset($aidurl)) && ($aidurl != "http://")) {
$aid = "<a href=\"".$aidurl."\">$aid</a>";
} elseif (isset($aidmail)) {
$aid = "<a href=\"mailto:".$aidmail."\">$aid</a>";
} else {
$aid = $aid;
}
return $aid;
}

if(!defined('FORUM_ADMIN')) {
$ThemeSel = get_theme();
include_once("themes/$ThemeSel/theme.php");
}
if(!function_exists("themepreview")) {
function themepreview($title, $hometext, $bodytext="", $notes="") {
echo "<b>$title</b><br><br>$hometext";
if (!empty($bodytext)) {
echo "<br><br>$bodytext";
}
if (!empty($notes)) {
echo "<br><br><b>"._NOTE."</b> <i>$notes</i>";
}
}
}

function adminblock() {
global $admin, $prefix, $db, $admin_file;
if (is_admin($admin)) {
$sql = "SELECT title, content FROM ".$prefix."_blocks WHERE bkey='admin'";
$result = $db->sql_query($sql);
while (list($title, $content) = $db->sql_fetchrow($result)) {
$content = "<span class=\"content\">".$content."</span>";
themesidebox($title, $content);
}
$title = _WAITINGCONT;
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_queue"));
$content = "<span class=\"content\">";
$content .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"".$admin_file.".php?op=submissions\">"._SUBMISSIONS."</a>: $num<br>";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_reviews_add"));
$content .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"".$admin_file.".php?op=reviews\">"._WREVIEWS."</a>: $num<br>";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_links_newlink"));
$brokenl = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_links_modrequest WHERE brokenlink='1'"));
$modreql = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_links_modrequest WHERE brokenlink='0'"));
$content .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"".$admin_file.".php?op=Links\">"._WLINKS."</a>: $num<br>";
$content .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"".$admin_file.".php?op=LinksListModRequests\">"._MODREQLINKS."</a>: $modreql<br>";
$content .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"".$admin_file.".php?op=LinksListBrokenLinks\">"._BROKENLINKS."</a>: $brokenl<br>";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_downloads_newdownload"));
$brokend = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_downloads_modrequest WHERE brokendownload='1'"));
$modreqd = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_downloads_modrequest WHERE brokendownload='0'"));
$content .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"".$admin_file.".php?op=downloads\">"._UDOWNLOADS."</a>: $num<br>";
$content .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"".$admin_file.".php?op=DownloadsListModRequests\">"._MODREQDOWN."</a>: $modreqd<br>";
$content .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"".$admin_file.".php?op=DownloadsListBrokenDownloads\">"._BROKENDOWN."</a>: $brokend<br></span>";
themesidebox($title, $content);
}
}

function loginbox() {
global $user, $sitekey, $gfx_chk;

mt_srand ((double)microtime()*1000000);
$maxran = 1000000;
$random_num = mt_rand(0, $maxran);
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 6);

if (!is_user($user)) {
$title = _LOGIN;
$boxstuff = "<form action=\"account.html\" method=\"post\">";
$boxstuff .= "<center><font class=\"content\">"._NICKNAME."<br>";
$boxstuff .= "<input type=\"text\" name=\"username\" size=\"8\" maxlength=\"25\"><br>";
$boxstuff .= ""._PASSWORD."<br>";
$boxstuff .= "<input type=\"password\" name=\"user_password\" size=\"8\" maxlength=\"20\"><br>";
if (extension_loaded("gd") AND ($gfx_chk == 2 OR $gfx_chk == 4 OR $gfx_chk == 5 OR $gfx_chk == 7)) {
$boxstuff .= ""._SECURITYCODE.": <img src='?gfx=gfx&amp;random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'><br>\n";
$boxstuff .= ""._TYPESECCODE."<br><input type=\"text\" NAME=\"gfx_check\" SIZE=\"7\" MAXLENGTH=\"6\">\n";
$boxstuff .= "<input type=\"hidden\" name=\"random_num\" value=\"$random_num\"><br>\n";
} else {
$boxstuff .= "<input type=\"hidden\" name=\"random_num\" value=\"$random_num\">";
$boxstuff .= "<input type=\"hidden\" name=\"gfx_check\" value=\"$code\">";
}
$boxstuff .= "<input type=\"hidden\" name=\"op\" value=\"login\">";
$boxstuff .= "<input type=\"submit\" value=\""._LOGIN."\"></font></center></form>";
$boxstuff .= "<center><font class=\"content\">"._ASREGISTERED."</font></center>";
themesidebox($title, $boxstuff);
}
}

function userblock() {
global $user, $cookie, $db, $user_prefix, $userinfo;
if(is_user($user)) {
getusrinfo($user);
if($userinfo['ublockon']) {
$sql = "SELECT ublock FROM ".$user_prefix."_users WHERE user_id='$cookie[0]'";
$result = $db->sql_query($sql);
list($ublock) = $db->sql_fetchrow($result);
$title = _MENUFOR." ".$cookie[1];
themesidebox($title, $ublock);
}
}
}

function getTopics($s_sid) {
global $topicname, $topicimage, $topictext, $prefix, $db;
$sid = intval($s_sid);
$query = $db->sql_query("SELECT topic FROM ".$prefix."_stories WHERE sid='$sid'");
list($rtopic) = $db->sql_fetchrow($query);
$result2 = $db->sql_query("SELECT topicid, topicname, topicimage, topictext FROM ".$prefix."_topics WHERE topicid='$rtopic'");
list($topicid, $topicname, $topicimage, $topictext) = $db->sql_fetchrow($result2);
$topicid = intval($topicid);
$topictext = stripslashes(check_html($topictext, "nohtml"));
}

function headlines($bid, $cenbox=0) {
global $prefix, $db;
$bid = intval($bid);
$result = $db->sql_query("SELECT title, content, url, refresh, time FROM ".$prefix."_blocks WHERE bid='$bid'");
list($title, $content, $url, $refresh, $otime) = $db->sql_fetchrow($result);
$title = stripslashes(check_html($title, "nohtml"));
$content = stripslashes($content);
$refresh = intval($refresh);
$past = time()-$refresh;
if ($otime < $past) {
$btime = time();
$rdf = parse_url($url);
$fp = fsockopen($rdf['host'], 80, $errno, $errstr, 15);
if (!$fp) {
$content = "";
$db->sql_query("UPDATE ".$prefix."_blocks SET content='$content', time='$btime' WHERE bid='$bid'");
$cont = 0;
if ($cenbox == 0) {
themesidebox($title, $content);
} else {
themecenterbox($title, $content);
}
return;
}
if ($fp) {
if (!empty($rdf['query']))
$rdf['query'] = "?" . $rdf['query'];

fputs($fp, "GET " . $rdf['path'] . $rdf['query'] . " HTTP/1.0\r\n");
fputs($fp, "HOST: " . $rdf['host'] . "\r\n\r\n");
$string = "";
while(!feof($fp)) {
$pagetext = fgets($fp,300);
$string .= chop($pagetext);
}
fputs($fp,"Connection: close\r\n\r\n");
fclose($fp);
$items = explode("</item>",$string);
$content = "<font class=\"content\">";
for ($i=0;$i<10;$i++) {
$link = ereg_replace(".*<link>","",$items[$i]);
$link = ereg_replace("</link>.*","",$link);
$title2 = ereg_replace(".*<title>","",$items[$i]);
$title2 = ereg_replace("</title>.*","",$title2);
$title2 = stripslashes($title2);
if (empty($items[$i]) AND $cont != 1) {
$content = "";
$db->sql_query("UPDATE ".$prefix."_blocks SET content='$content', time='$btime' WHERE bid='$bid'");
$cont = 0;
if ($cenbox == 0) {
themesidebox($title, $content);
} else {
themecenterbox($title, $content);
}
return;
} else {
if (strcmp($link,$title2) AND !empty($items[$i])) {
$cont = 1;
$content .= "<strong><big>&middot;</big></strong><a href=\"$link\" target=\"new\">$title2</a><br>\n";
}
}
}

}
$db->sql_query("UPDATE ".$prefix."_blocks SET content='$content', time='$btime' WHERE bid='$bid'");
}
$siteurl = str_replace("http://","",$url);
$siteurl = explode("/",$siteurl);
if (($cont == 1) OR (!empty($content))) {
$content .= "<br><a href=\"http://$siteurl[0]\" target=\"blank\"><b>"._HREADMORE."</b></a></font>";
} elseif (($cont == 0) OR (empty($content))) {
$content = "<font class=\"content\">"._RSSPROBLEM."</font>";
}
if ($cenbox == 0) {
themesidebox($title, $content);
} else {
themecenterbox($title, $content);
}
}

function automated_news() {
global $prefix, $multilingual, $currentlang, $db;
if ($multilingual == 1) {
$querylang = "WHERE (alanguage='$currentlang' OR alanguage='')"; /* the OR is needed to display stories who are posted to ALL languages */
} else {
$querylang = "";
}
$today = getdate();
$day = $today['mday'];
if ($day < 10) {
$day = "0$day";
}
$month = $today['mon'];
if ($month < 10) {
$month = "0$month";
}
$year = $today['year'];
$hour = $today['hours'];
$min = $today['minutes'];
$sec = "00";
$result = $db->sql_query("SELECT anid, time FROM ".$prefix."_autonews $querylang");
while (list($anid, $time) = $db->sql_fetchrow($result)) {
ereg ("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2})Sad[0-9]{1,2})Sad[0-9]{1,2})", $time, $date);
if (($date[1] <= $year) AND ($date[2] <= $month) AND ($date[3] <= $day)) {
if (($date[4] < $hour) AND ($date[5] >= $min) OR ($date[4] <= $hour) AND ($date[5] <= $min)) {
$result2 = $db->sql_query("SELECT * FROM ".$prefix."_autonews WHERE anid='$anid'");
while ($row2 = $db->sql_fetchrow($result2)) {
$title = stripslashes(FixQuotes(check_html($row2['title'], "nohtml")));
$hometext = stripslashes(FixQuotes($row2['hometext']));
$bodytext = stripslashes(FixQuotes($row2['bodytext']));
$notes = stripslashes(FixQuotes($row2['notes']));
$catid2 = intval($row2['catid']);
$aid2 = $row2['aid'];
$time2 = $row2['time'];
$topic2 = $row2['topic'];
$informant2 = $row2['informant'];
$ihome2 = intval($row2['ihome']);
$alanguage2 = $row2['alanguage'];
$acomm2 = intval($row2['acomm']);
$associated2 = $row2['associated'];
$num = $db->sql_numrows($db->sql_query("SELECT sid FROM ".$prefix."_stories WHERE title='$title'"));
if ($num == 0) {
$db->sql_query("DELETE FROM ".$prefix."_autonews WHERE anid='$anid'");
$db->sql_query("INSERT INTO ".$prefix."_stories VALUES (NULL, '$catid2', '$aid2', '$title', '$time2', '$hometext', '$bodytext', '0', '0', '$topic2', '$informant2', '$notes', '$ihome2', '$alanguage2', '$acomm2', '0', '0', '0', '0', '$associated2')");
$db->sql_freeresult($result2);
}
}
}
}
}
$db->sql_freeresult($result);
}

if(!defined('FORUM_ADMIN')) {
$ThemeSel = get_theme();
include_once("themes/$ThemeSel/theme.php");
}

if(!function_exists("themecenterbox")) {
function themecenterbox($title, $content) {
OpenTable();
echo "<center><font class=\"option\"><b>$title</b></font></center><br>$content";
CloseTable();
echo "<br>";
}
}

function public_message() {
global $prefix, $user_prefix, $db, $user, $admin, $p_msg, $cookie, $broadcast_msg;
if ($broadcast_msg == 1) {
if (is_user($user)) {
cookiedecode($user);
$result = $db->sql_query("SELECT broadcast FROM ".$user_prefix."_users WHERE username='$cookie[1]'");
$row = $db->sql_fetchrow($result);
$upref = $row['broadcast'];
if ($upref == 1) {
$t_off = "<br><p align=\"right\">[ <a href=\"modules.php?name=Your_Account&amp;op=edithome\">";
$t_off .= "<font size=\"2\">"._TURNOFFMSG."</font></a> ]";
$pm_show = 1;
} else {
$pm_show = 0;
}
} else {
$t_off = "";
}
if (!is_user($user) OR (is_user($user) AND ($pm_show == 1))) {
$c_mid = base64_decode($p_msg);
$c_mid = addslashes($c_mid);
$c_mid = intval($c_mid);
$result2 = $db->sql_query("SELECT mid, content, date, who FROM ".$prefix."_public_messages WHERE mid > '$c_mid' ORDER BY date ASC LIMIT 1");
$row2 = $db->sql_fetchrow($result2);
$mid = intval($row2['mid']);
$content = $row2['content'];
$tdate = $row2['date'];
$who = $row2['who'];
if ((!isset($c_mid)) OR ($c_mid = $mid)) {
$public_msg = "<br><table width=\"90%\" border=\"1\" cellspacing=\"2\" cellpadding=\"0\" bgcolor=\"FFFFFF\" align=\"center\"><tr><td>\n";
$public_msg .= "<table width=\"100%\" border=\"0\" cellspacing=\"1\" cellpadding=\"2\" bgcolor=\"FF0000\"><tr><td>\n";
$public_msg .= "<font color=\"FFFFFF\" size=\"3\"><b>"._BROADCASTFROM." <a href=\"modules.php?name=Your_Account&amp;op=userinfo&amp;username=$who\"><font color=\"FFFFFF\" size=\"3\">$who</font></a>: \"$content\"</b>";
$public_msg .= "$t_off";
$public_msg .= "</td></tr></table>";
$public_msg .= "</td></tr></table>";
$ref_date = $tdate+600;
$actual_date = time();
if ($actual_date >= $ref_date) {
$public_msg = "";
$numrows = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_public_messages"));
if ($numrows == 1) {
$db->sql_query("DELETE FROM ".$prefix."_public_messages");
$mid = 0;
} else {
$db->sql_query("DELETE FROM ".$prefix."_public_messages WHERE mid='$mid'");
}
}
if ($mid == 0 OR empty($mid)) {
setcookie("p_msg");
} else {
$mid = base64_encode($mid);
$mid = addslashes($mid);
setcookie("p_msg",$mid,time()+600);
}
}
}
} else {
$public_msg = "";
}
return $public_msg;
}

function get_theme() {
global $user, $userinfo, $Default_Theme;
if (isset($ThemeSelSave)) return $ThemeSelSave;
if(is_user($user) && ($name != "Your_Account" || $op != "logout")) {
getusrinfo($user);
if(empty($userinfo['theme'])) $userinfo['theme']=$Default_Theme;
if(file_exists("themes/".$userinfo['theme']."/theme.php")) {
$ThemeSel = $userinfo['theme'];
} else {
$ThemeSel = $Default_Theme;
}
} else {
$ThemeSel = $Default_Theme;
}
static $ThemeSelSave;
$ThemeSelSave = $ThemeSel;
return $ThemeSelSave;
}

function removecrlf($str) {
// Function for Security Fix by Ulf Harnhammar, VSU Security 2002
// Looks like I don't have so bad track record of security reports as Ulf believes
// He decided to not contact me, but I'm always here, digging on the net
return strtr($str, "\015\012", ' ');
}

// Updated by Quake 24/7/05
function validate_mail($email) {
if(strlen($email) < 7 || !preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
//include_once("header.php");
OpenTable();
echo _ERRORINVEMAIL;
CloseTable();
//include_once("footer.php");
}
else {
return $email;
}
}

function encode_mail($email) {
$finished = "";
for($i=0; $i<strlen($email); ++$i) {
$n = rand(0, 1);
if($n) {
$finished .= '&#x'.sprintf("%X",ord($email{$i})).';';
}
else {
$finished .= '&#'.ord($email{$i}).';';
}
}
return $finished;
}

function paid() {
global $db, $user, $cookie, $adminmail, $sitename, $nukeurl, $subscription_url, $user_prefix, $prefix;
if (is_user($user)) {
if (!empty($subscription_url)) {
$renew = ""._SUBRENEW." $subscription_url";
} else {
$renew = "";
}
cookiedecode($user);
$sql = "SELECT * FROM ".$prefix."_subscriptions WHERE userid='$cookie[0]'";
$result = $db->sql_query($sql);
$numrows = $db->sql_numrows($result);
$row = $db->sql_fetchrow($result);
if ($numrows == 0) {
return 0;
} elseif ($numrows != 0) {
$time = time();
if ($row['subscription_expire'] <= $time) {
$db->sql_query("DELETE FROM ".$prefix."_subscriptions WHERE userid='$cookie[0]' AND id='".intval($row['id'])."'");
$from = "$sitename <$adminmail>";
$subject = "$sitename: "._SUBEXPIRED."";
$body = ""._HELLO." $cookie[1]:\n\n"._SUBSCRIPTIONAT." $sitename "._HASEXPIRED."\n$renew\n\n"._HOPESERVED."\n\n$sitename "._TEAM."\n$nukeurl";
$row = $db->sql_fetchrow($db->sql_query("SELECT user_email FROM ".$user_prefix."_users WHERE id='$cookie[0]' AND nickname='$cookie[1]' AND password='$cookie[2]'"));
mail($row['user_email'], $subject, $body, "From: $from\nX-Mailer: PHP/" . phpversion());
}
return 1;
}
} else {
return 0;
}
}

if (isset($gfx)){
switch($gfx) {

case "gfx":
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 6);
$ThemeSel = get_theme();
if (file_exists("themes/".$ThemeSel."/images/code_bg.jpg")) {
$image = ImageCreateFromJPEG("themes/".$ThemeSel."/images/code_bg.jpg");
} else {
$image = ImageCreateFromJPEG("images/code_bg.jpg");
}
$text_color = ImageColorAllocate($image, 80, 80, 80);
Header("Content-type: image/jpeg");
ImageString ($image, 5, 12, 2, $code, $text_color);
ImageJPEG($image, '', 75);
ImageDestroy($image);
die();
break;

}
}

?>

And it written this:

Quote:
/************************************************************************/
/* This file is for instructional use. */
/* By: NukeScripts Network (webmaster@nukescripts.net) */
/* [ Only registered users can see links on this board! Get registered or login! ] */
/* Modifications Copyright � 2000-2005 by NukeScripts Network */
/************************************************************************/
/* Based on Patched 3.1 mainfile.php your mainfile.php may differ from */
/* the examples found here. */
/************************************************************************/

#
#-----[ OPEN ]------------------------------------------
#
mainfile.php

#
#-----[ FIND ]------------------------------------------
#
if (defined('FORUM_ADMIN')) {
@require_once("../../../config.php");
@require_once("../../../db/db.php");
@require_once("../../../includes/sql_layer.php");
if (file_exists("../../../includes/custom_files/custom_mainfile.php")) { @include_once("../../../includes/custom_files/custom_mainfile.php"); }
@require_once("../../../includes/ipban.php");
if (defined('NUKE_HEADER') && file_exists("../../../includes/custom_files/custom_head.php")) { @include_once("../../../includes/custom_files/custom_head.php"); }
if (defined('NUKE_HEADER') && file_exists("../../../includes/custom_files/custom_header.php")) { @include_once("../../../includes/custom_files/custom_header.php"); }
} elseif (defined('INSIDE_MOD')) {
@require_once("../../config.php");
@require_once("../../db/db.php");
@require_once("../../includes/sql_layer.php");
if (file_exists("../../includes/custom_files/custom_mainfile.php")) { @include_once("../../includes/custom_files/custom_mainfile.php"); }
@require_once("../../includes/ipban.php");
if (defined('NUKE_HEADER') && file_exists("../../includes/custom_files/custom_head.php")) { @include_once("../../includes/custom_files/custom_head.php"); }
if (defined('NUKE_HEADER') && file_exists("../../includes/custom_files/custom_header.php")) { @include_once("../../includes/custom_files/custom_header.php"); }
} else {
@require_once("config.php");
@require_once("db/db.php");
@require_once("includes/sql_layer.php");
if (file_exists("includes/custom_files/custom_mainfile.php")) { @include_once("includes/custom_files/custom_mainfile.php"); }
@require_once("includes/ipban.php");
if (defined('NUKE_HEADER') && file_exists("includes/custom_files/custom_head.php")) { @include_once("includes/custom_files/custom_head.php"); }
if (defined('NUKE_HEADER') && file_exists("includes/custom_files/custom_header.php")) { @include_once("includes/custom_files/custom_header.php"); }
}

#
#-----[ CHANGE TO ]------------------------------------------
#
if (defined('FORUM_ADMIN')) {
@require_once("../../../config.php");
@require_once("../../../db/db.php");
@require_once("../../../includes/sql_layer.php");
if (file_exists("../../../includes/custom_files/custom_mainfile.php")) { @include_once("../../../includes/custom_files/custom_mainfile.php"); }
//@require_once("../../../includes/ipban.php");
@include_once("../../../includes/nukesentinel.php");
if (defined('NUKE_HEADER') && file_exists("../../../includes/custom_files/custom_head.php")) { @include_once("../../../includes/custom_files/custom_head.php"); }
if (defined('NUKE_HEADER') && file_exists("../../../includes/custom_files/custom_header.php")) { @include_once("../../../includes/custom_files/custom_header.php"); }
} elseif (defined('INSIDE_MOD')) {
@require_once("../../config.php");
@require_once("../../db/db.php");
@require_once("../../includes/sql_layer.php");
if (file_exists("../../includes/custom_files/custom_mainfile.php")) { @include_once("../../includes/custom_files/custom_mainfile.php"); }
//@require_once("../../includes/ipban.php");
@include_once("../../includes/nukesentinel.php");
if (defined('NUKE_HEADER') && file_exists("../../includes/custom_files/custom_head.php")) { @include_once("../../includes/custom_files/custom_head.php"); }
if (defined('NUKE_HEADER') && file_exists("../../includes/custom_files/custom_header.php")) { @include_once("../../includes/custom_files/custom_header.php"); }
} else {
@require_once("config.php");
@require_once("db/db.php");
@require_once("includes/sql_layer.php");
if (file_exists("includes/custom_files/custom_mainfile.php")) { @include_once("includes/custom_files/custom_mainfile.php"); }
//@require_once("includes/ipban.php");
@include_once("includes/nukesentinel.php");
if (defined('NUKE_HEADER') && file_exists("includes/custom_files/custom_head.php")) { @include_once("includes/custom_files/custom_head.php"); }
if (defined('NUKE_HEADER') && file_exists("includes/custom_files/custom_header.php")) { @include_once("includes/custom_files/custom_header.php"); }
}

#
#-----[ FIND ]------------------------------------------
#
//Union Tap
//Copyright Zhen-Xjell 2004 [ Only registered users can see links on this board! Get registered or login! ]
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if(isset($_SERVER['QUERY_STRING'])) {
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {
die('Illegal Operation');
}
}

#
#-----[ CHANGE TO ]------------------------------------------
#
//Union Tap
//Copyright Zhen-Xjell 2004 [ Only registered users can see links on this board! Get registered or login! ]
//Code to prevent UNION SQL Injections
if(!file_exists('includes/nukesentinel.php')) {
unset($matches);
unset($loc);
if(isset($_SERVER['QUERY_STRING'])) {
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {
die('Illegal Operation');
}
}
}

# In Patched 3.1 this step has already been done
#
#-----[ FIND ]------------------------------------------
#
$queryString = strtolower($_SERVER['QUERY_STRING']);
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0')) {
header("Location: index.php");
die();
}

#
#-----[ CHANGE TO ]------------------------------------------
#
if(!file_exists('includes/nukesentinel.php')) {
if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
$queryString = $_SERVER['QUERY_STRING'];
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
die('Illegal Operation');
}
}
}

in function function online() {
#
#-----[ FIND ]------------------------------------------
#
function online() {
global $user, $cookie, $prefix, $db;
$ip = $_SERVER['REMOTE_ADDR'];

#
#-----[ CHANGE TO ]------------------------------------------
#
function online() {
global $nsnst_const, $user, $cookie, $prefix, $db;
if(!file_exists('includes/nukesentinel.php')) {
$ip = $_SERVER['REMOTE_ADDR'];
} else {
$ip = $nsnst_const['remote_ip'];
}


May be there is a mistake in my mainfile.php fodified?

_________________
Image 
View user's profile Send private message Visit poster's website
BobMarion
Former Admin in Good Standing



Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)

PostPosted: Wed Aug 17, 2005 2:12 pm Reply with quote

What kind of problem, do you get an error report, a white screen, or something different? We need a more information to truely help you.

_________________
Bob Marion
Codito Ergo Sum
http://www.nukescripts.net 
View user's profile Send private message Send e-mail Visit poster's website
raphael







PostPosted: Wed Aug 17, 2005 3:19 pm Reply with quote

BobMarion wrote:
What kind of problem, do you get an error report, a white screen, or something different? We need a more information to truely help you.

Error line 135 with the modified mainfile.php that you can see at the beginning of my topic.
In French Nuke Web Portails ,they still dont'know your new version Nuke Sentine 2.4.0 'cause they only know NSN Sentinel 2.2.1a so... Sad
I'm so sad 'cause I 'm sure your new Nuke Sentinel 2.4.0 is great...I trust your network Smile
So I 'm completly mad....I've been trying .... so the dataBase NSentinel(12tables) can were installed no more than this ... but since the last day night...and have uninstall it Sad

In France,they think there's a bug conception in NSentinel2.4.0 but I dont accept to believe this
Sad

May be I coud get from you the modified Nukes_Core for Nuke 7.6 patched 3.1

Without your NSentinel 2.4.0...I 'll have to uninstall my Nuke version...Sad
 
technocrat
Life Cycles Becoming CPU Cycles



Joined: Jul 07, 2005
Posts: 511

PostPosted: Wed Aug 17, 2005 4:43 pm Reply with quote

Delete

Code:
in function function online() {

You copied that text by mistake into your mainfile.

_________________
Nuke-Evolution
phpBB-Evolution / phpBB-Evolution Blog 
View user's profile Send private message
raphael







PostPosted: Wed Aug 17, 2005 5:03 pm Reply with quote

technocrat wrote:
Delete

Code:
in function function online() {

You copied that text by mistake into your mainfile.

So I obtain

Quote:
Parse error: parse error, unexpected $ in /home/lior/public_html/nuke/mainfile.php on line 1437
Embarassed
 
technocrat







PostPosted: Wed Aug 17, 2005 5:05 pm Reply with quote

Its hard to tell because there are no spaces or tabs here so I cannot tell but you may need to delete the following 3 }

Or you can simply put back a default mainfile and do the edits again.
 
raphael







PostPosted: Wed Aug 17, 2005 5:27 pm Reply with quote

technocrat wrote:
Its hard to tell because there are no spaces or tabs here so I cannot tell but you may need to delete the following 3 }

Or you can simply put back a default mainfile and do the edits again.

I deleted the 3 folwing {, il have edit again from defaut mainfile but
Quote:
Parse error: parse error, unexpected '}' in /home/lior/public_html/nuke/mainfile.php on line 137
Embarassed Sad
 
technocrat







PostPosted: Wed Aug 17, 2005 5:31 pm Reply with quote

Are you using the fresh 7.6 3.1 mainfile?
If so I will make the edits for you and post it.
 
technocrat







PostPosted: Wed Aug 17, 2005 5:36 pm Reply with quote

[ Only registered users can see links on this board! Get registered or login! ]
 
raphael







PostPosted: Wed Aug 17, 2005 5:54 pm Reply with quote

technocrat wrote:
http://www.platinummods.com/mainfile.zip
[ Only registered users can see links on this board! Get registered or login! ] Smile so I keep on installing sentinel and come back to you Smile
 
raphael







PostPosted: Wed Aug 17, 2005 6:36 pm Reply with quote

I don't believe my eyes Smile
You so Great

Thank You Very Much Very Happy
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) Bug Reports

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©