Patch 3 or Patch 3.1 ?

kguske · Site Admin Joined: Jun 04, 2004 Posts: 6044

The official site for CNB is

Only registered users can see links on this board!
Get registered or login to the forums!

.

The latest version, 4.4.2, was released before 7.6, and it may require changes both for 7.6 and the latest patch. The next version, 5.0, has been in testing status since June, but has some excellent features. menelaos and Sixonetonoffun, how about an update?

The other official site for CNB is

Only registered users can see links on this board!
Get registered or login to the forums!

and has English-language feature requests and bug tracking.

emma · Hangin' Around Joined: Nov 02, 2005 Posts: 32

Kguske,

Thanks for your last reply.

I am in a dialemma as to which version to use with my 7.6 nuke with 3.1 patch install.

Can you advise what you think is the best way to go?

I assume that the although the 4.42 version may require code changes, it has been tested extensively, while the 5.0 version may not have been.

I just want it to work as well as it does with my other site which is currently running version 7.6 nuke and 3.0 patch.

Raven · Posted: Tue Dec 27, 2005 9:30 am

Emma,

I just noticed in your sig that you are using NS2.3.2. If that is the case, I'd advise you to upgrade immediately to v2.4.2pl2 Wink

emma · Hangin' Around Joined: Nov 02, 2005 Posts: 32

Hi Raven,

My signature is ahead of my installation... Sad

Your observation and comment is much appreciated, however I have still do install both CNBYA and Sentinel, so I will make sure I take your advise when I do.

Thanks.

E.

kguske · Site Admin Joined: Jun 04, 2004 Posts: 6044

CNB YA 5.0 hasn't been released yet, so the only choice is 4.4.2. You may notice that 4.4.2 is a Beta version, but it's been around for a long time and used extensively on many sites without significant issues.

I would suggest comparing the patched changes to the standard Your Account module to identify similar changes in the CNB YA module.

emma · Hangin' Around Joined: Nov 02, 2005 Posts: 32

Oh Lord!...

So, I have my 7.6 PHP with patch 3.1 installation and have just added/uploaded the CNBYA version 4.4.2 files with it.

I have carried out the following 2 modifications:

A) Mainfile.php
Open mainfile.php in a text editor and goto the end of the file.
Just before the ?> add the following code:

if ($forum_admin == 1) {
include("../../../modules/Your_Account/includes/mainfileend.php");
} elseif ($inside_mod == 1) {
include("../../modules/Your_Account/includes/mainfileend.php");
} else {
include("modules/Your_Account/includes/mainfileend.php");
}

5. SECUTIRY
-----------
Open modules/includes/constants.php
Find:
define("CNBYA_DOMAINNAME", "");
add your domain or IP here without any http or www or slashes
Example:
define("CNBYA_DOMAINNAME", "phpnuke.org.br");

After this I tried running the cnbya.php file to complete the install, but now my site just shows a white blank page...

Heeeeeeeelp!!!!.....(please)...

Raven · Posted: Tue Dec 27, 2005 12:12 pm

Restore your 2 files from backup and then try again. Maybe you missed a step or maybe the instructions are flawed.

emma · Hangin' Around Joined: Nov 02, 2005 Posts: 32

Hi Raven,

I did do as you suggested, but I still have the same problem.

I do note that the instructions say that the 1st change should be done to file Mainfile.php, which is this one:

Open mainfile.php in a text editor and goto the end of the file.
Just before the ?> add the following code:

if ($forum_admin == 1) {
include("../../../modules/Your_Account/includes/mainfileend.php");
} elseif ($inside_mod == 1) {
include("../../modules/Your_Account/includes/mainfileend.php");
} else {
include("modules/Your_Account/includes/mainfileend.php");
}

BUT I do also see that for the second change you are advised to locate the constants.php file here modules/includes/constants.php and this must be incorrect. My constants.php
is located in:

modules/YOURACCOUNT/includes/constants.php and this is where I made the folllowing change:

5. SECUTIRY
-----------
Open modules/includes/constants.php
Find:
define("CNBYA_DOMAINNAME", "");
add your domain or IP here without any http or www or slashes
Example:
define("CNBYA_DOMAINNAME", "phpnuke.org.br");

The website is now only a blank white page, even thought I have the following setting in in my config.php file:

$display_errors = true;

By the way, I HAVE changed the name of my original admin.php file...Would this be causing the problem..If so, what should I do?

Any more ideas, please?

hitwalker · Sells PC To Pay For Divorce Joined: Posts: 5661

Call 911 ?

kguske · Site Admin Joined: Jun 04, 2004 Posts: 6044

If display_errors is on and you don't get some sort of parsing error, it's most likely a security issue. If you PM your website, I'll take a look.

emma · Hangin' Around Joined: Nov 02, 2005 Posts: 32

kguske,

Could it then be the fact I have changed the name of my admin.php file?

chatserv · Posted: Tue Dec 27, 2005 3:42 pm

emma since you are using nuke patched change the first file to (edit the url):

Code:

<?php

/*********************************************************************************/
/* CNB Your Account: An Advanced User Management System for phpnuke */
/* ============================================ */
/* */
/* Copyright (c) 2004 by Comunidade PHP Nuke Brasil */
/* http://dev.phpnuke.org.br & http://www.phpnuke.org.br */
/* */
/* Contact author:

Only registered users can see links on this board!
Get registered or login to the forums!

*/
/* International Support Forum: http://ravenphpscripts.com/forum76.html */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/* */
/*********************************************************************************/
/* CNB Your Account it the official successor of NSN Your Account by Bob Marion */
/*********************************************************************************/

if (stristr($_SERVER['PHP_SELF'], "constants.php")) {
Header("Location: index.php");
die();
}

# enter your domain name here to add an extra layer of protection or leave blank.
# example shows how to use this with a subdomain
# define("CNBYA_DOMAINNAME", "wwww.yourdomain.com");
# no www or http just the domain name
# remove the '//' from the next two lines and insert your domain name for additional security
# (don't put 'http://' in front of it, your domain name only!

define("CNBYA_DOMAINNAME", "your_url.com");
if (($_SERVER['SERVER_NAME'] != CNBYA_DOMAINNAME OR $_SERVER['SERVER_NAME'] != CNBYA_DOMAINNAME) AND CNBYA_DOMAINNAME != "") {exit();}

define('CNBYA', true);
?>

and mainfile.php to:

Code:

<?php

/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
/* Additional Security and Code Cleanup for Patched 3.1 */
/* Commited by the Nuke Patched Development Team 2005 */
/* chatserv, Evaders99, Quake */
/* http://www.nukeresources.com - Download location */
/* http://www.nukefixes.com - Development location */
/* http://sourceforge.net/projects/nukepatched/ - CVS */
/************************************************************************/

// End the transaction
if(!defined('END_TRANSACTION')) {
define('END_TRANSACTION', 2);
}

// Get php version
$phpver = phpversion();

// convert superglobals if php is lower then 4.1.0
if ($phpver < '4.1.0') {
$_GET = $HTTP_GET_VARS;
$_POST = $HTTP_POST_VARS;
$_SERVER = $HTTP_SERVER_VARS;
$_FILES = $HTTP_POST_FILES;
$_ENV = $HTTP_ENV_VARS;
if($_SERVER['REQUEST_METHOD'] == "POST") {
$_REQUEST = $_POST;
} elseif($_SERVER['REQUEST_METHOD'] == "GET") {
$_REQUEST = $_GET;
}
if(isset($HTTP_COOKIE_VARS)) {
$_COOKIE = $HTTP_COOKIE_VARS;
}
if(isset($HTTP_SESSION_VARS)) {
$_SESSION = $HTTP_SESSION_VARS;
}
}

// override old superglobals if php is higher then 4.1.0
if($phpver >= '4.1.0') {
$HTTP_GET_VARS = $_GET;
$HTTP_POST_VARS = $_POST;
$HTTP_SERVER_VARS = $_SERVER;
$HTTP_POST_FILES = $_FILES;
$HTTP_ENV_VARS = $_ENV;
$PHP_SELF = $_SERVER['PHP_SELF'];
if(isset($_SESSION)) {
$HTTP_SESSION_VARS = $_SESSION;
}
if(isset($_COOKIE)) {
$HTTP_COOKIE_VARS= $_COOKIE;
}
}

// After doing those superglobals we can now use one
// and check if this file isnt being accessed directly
if (stristr(htmlentities($_SERVER['PHP_SELF']), "mainfile.php")) {
header("Location: index.php");
exit();
}

if (!function_exists("floatval")) {
function floatval($inputval) {
return (float)$inputval;
}
}

if ($phpver >= '4.0.4pl1' && isset($_SERVER['HTTP_USER_AGENT']) && strstr($_SERVER['HTTP_USER_AGENT'],'compatible')) {
if (extension_loaded('zlib')) {
@ob_end_clean();
ob_start('ob_gzhandler');
}
} elseif ($phpver > '4.0' && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && !empty($_SERVER['HTTP_ACCEPT_ENCODING'])) {
if (strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
$do_gzip_compress = true;
ob_start(array('ob_gzhandler',5));
ob_implicit_flush(0);
if (ereg("MSIE", $_SERVER['HTTP_USER_AGENT'])) {
header('Content-Encoding: gzip');
}
}
}
}

if (!ini_get('register_globals')) {
@import_request_variables("GPC", "");
}

// This block of code makes sure $admin and $user are COOKIES
if((isset($admin) && $admin != $_COOKIE['admin']) OR (isset($user) && $user != $_COOKIE['user'])) {
die("Illegal Operation");
}

// We want to use the function stripos,
// but thats only available since PHP5.
// So we cloned the function...
if(!function_exists('stripos')) {
function stripos_clone($haystack, $needle, $offset=0) {
$return = strpos(strtoupper($haystack), strtoupper($needle), $offset);
if ($return === false) {
return false;
} else {
return true;
}
}
} else {
// But when this is PHP5, we use the original function
function stripos_clone($haystack, $needle, $offset=0) {
$return = stripos($haystack, $needle, $offset=0);
if ($return === false) {
return false;
} else {
return true;
}
}
}

if(isset($admin) && $admin == $_COOKIE['admin'])
{
$admin = base64_decode($admin);
$admin = addslashes($admin);
$admin = base64_encode($admin);
}

if(isset($user) && $user == $_COOKIE['user'])
{
$user = base64_decode($user);
$user = addslashes($user);
$user = base64_encode($user);
}

// Die message for not allowed HTML tags
$htmltags = "<center><img src=\"images/logo.gif\"> ";
$htmltags .= "The html tags you attempted to use are not allowed ";
$htmltags .= "[ <a href=\"javascript:history.go(-1)\">Go Back</a> ]</center>";

if (!defined('ADMIN_FILE') && !file_exists('includes/nukesentinel.php')) {
foreach ($_GET as $sec_key => $secvalue) {
if((eregi("<[^>]*script*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*onmouseover *\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*body *\"?[^>]*", $secvalue)) ||
(eregi("$[^>]*\"?[^)]*$", $secvalue)) ||
(eregi("\"", $secvalue)) ||
(eregi("forum_admin", $sec_key)) ||
(eregi("inside_mod", $sec_key)))
{
die ($htmltags);
}
}

foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*iframe*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*onmouseover*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]script*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*body*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]style*\"?[^>]*", $secvalue))) {
die ($htmltags);
}
}
}

if(defined('FORUM_ADMIN')) {
define('INCLUDE_PATH', '../../../');
} elseif(defined('INSIDE_MOD')) {
define('INCLUDE_PATH', '../../');
} else {
define('INCLUDE_PATH', './');
}

@require_once(INCLUDE_PATH."config.php");
@require_once(INCLUDE_PATH."db/db.php");
@require_once(INCLUDE_PATH."includes/sql_layer.php");
@require_once(INCLUDE_PATH."includes/ipban.php");
if (file_exists(INCLUDE_PATH."includes/custom_files/custom_mainfile.php")) {
@include_once(INCLUDE_PATH."includes/custom_files/custom_mainfile.php");
}
@include_once(INCLUDE_PATH."modules/Your_Account/includes/mainfileend.php");

if (!defined('FORUM_ADMIN')) {
if(empty($admin_file)) {
die ("You must set a value for admin_file in config.php");
} elseif (!empty($admin_file) && !file_exists($admin_file.".php")) {
die ("The admin_file you defined in config.php does not exist");
}
}

// Error reporting, to be set in config.php
error_reporting(E_ALL^E_NOTICE);
if($display_errors) {
@ini_set('display_errors', 1);
} else {
@ini_set('display_errors', 0);
}

define('NUKE_FILE', true);
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
$result = $db->sql_query("SELECT * FROM ".$prefix."_config");
$row = $db->sql_fetchrow($result);
$sitename = check_html($row['sitename'], "nohtml");
$nukeurl = check_html($row['nukeurl'], "nohtml");
$site_logo = check_html($row['site_logo'], "nohtml");
$slogan = check_html($row['slogan'], "nohtml");
$startdate = check_html($row['startdate'], "nohtml");
$adminmail = check_html($row['adminmail'], "nohtml");
$anonpost = intval($row['anonpost']);
$Default_Theme = check_html($row['Default_Theme'], "nohtml");
$foot1 = check_html($row['foot1'], "");
$foot2 = check_html($row['foot2'], "");
$foot3 = check_html($row['foot3'], "");
$commentlimit = intval($row['commentlimit']);
$anonymous = check_html($row['anonymous'], "nohtml");
$minpass = intval($row['minpass']);
$pollcomm = intval($row['pollcomm']);
$articlecomm = intval($row['articlecomm']);
$broadcast_msg = intval($row['broadcast_msg']);
$my_headlines = intval($row['my_headlines']);
$top = intval($row['top']);
$storyhome = intval($row['storyhome']);
$user_news = intval($row['user_news']);
$oldnum = intval($row['oldnum']);
$ultramode = intval($row['ultramode']);
$banners = intval($row['banners']);
$backend_title = check_html($row['backend_title'], "nohtml");
$backend_language = check_html($row['backend_language'], "nohtml");
$language = check_html($row['language'], "nohtml");
$locale = check_html($row['locale'], "nohtml");
$multilingual = intval($row['multilingual']);
$useflags = intval($row['useflags']);
$notify = intval($row['notify']);
$notify_email = check_html($row['notify_email'], "nohtml");
$notify_subject = check_html($row['notify_subject'], "nohtml");
$notify_message = check_html($row['notify_message'], "nohtml");
$notify_from = check_html($row['notify_from'], "nohtml");
$moderate = intval($row['moderate']);
$admingraphic = intval($row['admingraphic']);
$httpref = intval($row['httpref']);
$httprefmax = intval($row['httprefmax']);
$CensorMode = intval($row['CensorMode']);
$CensorReplace = check_html($row['CensorReplace'], "nohtml");
$copyright = check_html($row['copyright'], "");
$Version_Num = floatval($row['Version_Num']);
$domain = str_replace("http://", "", $nukeurl);
$mtime = microtime();
$mtime = explode(" ",$mtime);
$mtime = $mtime[1] + $mtime[0];
$start_time = $mtime;

if (!defined('FORUM_ADMIN')) {
if ((isset($newlang)) AND (stristr($newlang,"."))) {
 if (file_exists("language/lang-".$newlang.".php")) {
 setcookie("lang",$newlang,time()+31536000);
 include_once("language/lang-".$newlang.".php");
 $currentlang = $newlang;
 } else {
 setcookie("lang",$language,time()+31536000);
 include_once("language/lang-".$language.".php");
 $currentlang = $language;
 }
} elseif (isset($lang)) {
 include_once("language/lang-".$lang.".php");
 $currentlang = $lang;
} else {
 setcookie("lang",$language,time()+31536000);
 include_once("language/lang-".$language.".php");
 $currentlang = $language;
}
}

function get_lang($module) {
global $currentlang, $language;
if ($module == "admin" AND $module != "Forums") {
if (file_exists("admin/language/lang-".$currentlang.".php")) {
include_once("admin/language/lang-".$currentlang.".php");
} elseif (file_exists("admin/language/lang-".$language.".php")) {
include_once("admin/language/lang-".$language.".php");
}
} else {
if (file_exists("modules/$module/language/lang-".$currentlang.".php")) {
include_once("modules/$module/language/lang-".$currentlang.".php");
} elseif (file_exists("modules/$module/language/lang-".$language.".php")) {
include_once("modules/$module/language/lang-".$language.".php");
}
}
}

function is_admin($admin) {
if (!$admin) { return 0; }
if (isset($adminSave)) return $adminSave;
if (!is_array($admin)) {
$admin = base64_decode($admin);
$admin = addslashes($admin);
$admin = explode(":", $admin);
}
$aid = $admin[0];
$pwd = $admin[1];
$aid = substr(addslashes($aid), 0, 25);
if (!empty($aid) && !empty($pwd)) {
global $prefix, $db;
$sql = "SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'";
$result = $db->sql_query($sql);
$pass = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($pass[0] == $pwd && !empty($pass[0])) {
static $adminSave;
return $adminSave = 1;
}
}
static $adminSave;
return $adminSave = 0;
}

function is_user($user) {
if (!$user) { return 0; }
if (isset($userSave)) return $userSave;
if (!is_array($user)) {
$user = base64_decode($user);
$user = addslashes($user);
$user = explode(":", $user);
}
$uid = $user[0];
$pwd = $user[2];
$uid = intval($uid);
if (!empty($uid) AND !empty($pwd)) {
global $db, $user_prefix;
$sql = "SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row[0] == $pwd && !empty($row[0])) {
static $userSave;
return $userSave = 1;
}
}
static $userSave;
return $userSave = 0;
}

function is_group($user, $name) {
global $prefix, $db, $user_prefix, $cookie, $user;
if (is_user($user)) {
if(!is_array($user)) {
$cookie = cookiedecode($user);
$uid = intval($cookie[0]);
} else {
$uid = intval($user[0]);
}
$result = $db->sql_query("SELECT points FROM ".$user_prefix."_users WHERE user_id='$uid'");
$row = $db->sql_fetchrow($result);
$points = intval($row['points']);
$db->sql_freeresult($result);
$result2 = $db->sql_query("SELECT mod_group FROM ".$prefix."_modules WHERE title='$name'");
$row2 = $db->sql_fetchrow($result2);
$mod_group = intval($row2['mod_group']);
$db->sql_freeresult($result2);
$result3 = $db->sql_query("SELECT points FROM ".$prefix."_groups WHERE id='$mod_group'");
$row3 = $db->sql_fetchrow($result3);
$grp = intval($row3['points']);
$db->sql_freeresult($result3);
if (($points >= 0 AND $points >= $grp) OR $mod_group == 0) {
return 1;
}
}
return 0;
}

$postString = "";
foreach ($_POST as $postkey => $postvalue) {
if ($postString > "") {
$postString .= "&".$postkey."=".$postvalue;
} else {
$postString .= $postkey."=".$postvalue;
}
}
str_replace("%09", "%20", $postString);
$postString_64 = base64_decode($postString);
if ((!is_admin($admin)) AND (stristr($postString,'%20union%20')) OR (stristr($postString,'*/union/*')) OR (stristr($postString,' union ')) OR (stristr($postString_64,'%20union%20')) OR (stristr($postString_64,'*/union/*')) OR (stristr($postString_64,' union ')) OR (stristr($postString_64,'+union+')) OR (stristr($postString,'http-equiv')) OR (stristr($postString_64,'http-equiv')) OR (stristr($postString,'alert')) OR (stristr($postString_64,'alert'))) {
header("Location: index.php");
die();
}

// Additional security (Union, CLike, XSS)
if(!file_exists('includes/nukesentinel.php')) {
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if(isset($_SERVER['QUERY_STRING'])) {
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {
die('Illegal Operation');
}
}
if((!is_admin($admin)) AND (isset($_SERVER['QUERY_STRING'])) AND (!stristr($_SERVER['QUERY_STRING'], "ad_click"))) {
$queryString = $_SERVER['QUERY_STRING'];
if ((stristr($queryString,'%20union%20')) OR (stristr($queryString,'/*')) OR (stristr($queryString,'*/union/*')) OR (stristr($queryString,'c2nyaxb0')) OR (stristr($queryString,'+union+')) OR (stristr($queryString,'http://')) OR ((stristr($queryString,'cmd=')) AND (!stristr($queryString,'&cmd'))) OR ((stristr($queryString,'exec')) AND (!stristr($queryString,'execu'))) OR (stristr($queryString,'concat'))) {
die('Illegal Operation');
}
}
}

function update_points($id) {
global $user_prefix, $prefix, $db, $user;
if (is_user($user)) {
if(!is_array($user)) {
$cookie = cookiedecode($user);
$username = $cookie[1];
} else {
$username = $user[1];
}
$username = substr(htmlspecialchars(str_replace("\'", "'", trim($username))), 0, 25);
$username = rtrim($username, "\\");
$username = str_replace("'", "\'", $username);
if ($db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_groups")) > 0) {
$id = intval($id);
$result = $db->sql_query("SELECT points FROM ".$prefix."_groups_points WHERE id='$id'");
list($points) = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$rpoints = intval($points);
$db->sql_query("UPDATE ".$user_prefix."_users SET points=points+".$rpoints." WHERE username='$username'");
}
}
}

function title($text) {
OpenTable();
echo "<center>$text</center>";
CloseTable();
echo " ";
}

function is_active($module) {
global $prefix, $db;
static $save;
if (is_array($save)) {
if (isset($save[$module])) return ($save[$module]);
return 0;
}
$sql = "SELECT title FROM ".$prefix."_modules WHERE active=1";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$save[$row[0]] = 1;
}
$db->sql_freeresult($result);
if (isset($save[$module])) return ($save[$module]);
return 0;
}

function render_blocks($side, $blockfile, $title, $content, $bid, $url) {
if(!defined('BLOCK_FILE')) {
define('BLOCK_FILE', true);
}
if (empty($url)) {
 if (empty($blockfile)) {
 if ($side == "c") {
 themecenterbox($title, $content);
 } elseif ($side == "d") {
 themecenterbox($title, $content);
 } else {
 themesidebox($title, $content);
 }
 } else {
 if ($side == "c") {
 blockfileinc($title, $blockfile, 1);
 } elseif ($side == "d") {
 blockfileinc($title, $blockfile, 1);
 } else {
 blockfileinc($title, $blockfile);
 }
 }
} else {
 if ($side == "c" OR $side == "d") {
 headlines($bid,1);
 } else {
 headlines($bid);
 }
}
}

function blocks($side) {
global $storynum, $prefix, $multilingual, $currentlang, $db, $admin, $user;
if ($multilingual == 1) {
$querylang = "AND (blanguage='$currentlang' OR blanguage='')";
} else {
$querylang = "";
}
if (strtolower($side[0]) == "l") {
 $pos = "l";
} elseif (strtolower($side[0]) == "r") {
 $pos = "r";
} elseif (strtolower($side[0]) == "c") {
 $pos = "c";
} elseif (strtolower($side[0]) == "d") {
 $pos = "d";
}
$side = $pos;
$sql = "SELECT bid, bkey, title, content, url, blockfile, view, expire, action, subscription FROM ".$prefix."_blocks WHERE bposition='$pos' AND active='1' $querylang ORDER BY weight ASC";
$result = $db->sql_query($sql);
while($row = $db->sql_fetchrow($result)) {
$bid = intval($row['bid']);
$title = check_html($row['title'], "nohtml");
$content = stripslashes($row['content']);
$url = check_html($row['url'], "nohtml");
$blockfile = check_html($row['blockfile'], "nohtml");
$view = intval($row['view']);
$expire = intval($row['expire']);
$action = check_html($row['action'], "nohtml");
$action = substr($action, 0,1);
 $now = time();
 $sub = intval($row['subscription']);
 if ($sub == 0 OR ($sub == 1 AND !paid())) {
 if ($expire != 0 AND $expire <= $now) {
 if ($action == "d") {
 $db->sql_query("UPDATE ".$prefix."_blocks SET active='0', expire='0' WHERE bid='$bid'");
 return;
 } elseif ($action == "r") {
 $db->sql_query("DELETE FROM ".$prefix."_blocks WHERE bid='$bid'");
 return;
 }
 }
 if ($row['bkey'] == "admin") {
 adminblock();
 } elseif ($row['bkey'] == "userbox") {
 userblock();
 } elseif (empty($row['bkey'])) {
 if ($view == 0) {
 render_blocks($side, $blockfile, $title, $content, $bid, $url);
 } elseif ($view == 1 AND is_user($user) || is_admin($admin)) {
 render_blocks($side, $blockfile, $title, $content, $bid, $url);
 } elseif ($view == 2 AND is_admin($admin)) {
 render_blocks($side, $blockfile, $title, $content, $bid, $url);
 } elseif ($view == 3 AND !is_user($user) || is_admin($admin)) {
 render_blocks($side, $blockfile, $title, $content, $bid, $url);
 }
 }
 }
}
$db->sql_freeresult($result);
}

function message_box() {
global $bgcolor1, $bgcolor2, $user, $admin, $cookie, $textcolor2, $prefix, $multilingual, $currentlang, $db, $admin_file;
if ($multilingual == 1) {
 $querylang = "AND (mlanguage='$currentlang' OR mlanguage='')";
} else {
 $querylang = "";
}
$result = $db->sql_query("SELECT mid, title, content, date, expire, view FROM ".$prefix."_message WHERE active='1' $querylang");
if ($numrows = $db->sql_numrows($result) == 0) {
 return;
} else {
while ($row = $db->sql_fetchrow($result)) {
 $mid = intval($row['mid']);
 $title = check_html($row['title'], "nohtml");
 $content = check_html($row['content'], "");
 $mdate = $row['date'];
 $expire = intval($row['expire']);
 $view = intval($row['view']);
if (!empty($title) && !empty($content)) {
 if ($expire == 0) {
 $remain = _UNLIMITED;
 } else {
 $etime = (($mdate+$expire)-time())/3600;
 $etime = (int)$etime;
 if ($etime < 1) {
 $remain = _EXPIRELESSHOUR;
 } else {
 $remain = ""._EXPIREIN." $etime "._HOURS."";
 }
 }
 if ($view == 5 AND paid()) {
OpenTable();
echo "<center>$title</center> \n"
 ."$content";
 if (is_admin($admin)) {
 echo " <center>[ "._MVIEWSUBUSERS." - $remain - <a href=\"".$admin_file.".php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
 }
 CloseTable();
 echo " ";
 } elseif ($view == 4 AND is_admin($admin)) {
OpenTable();
echo "<center>$title</center> \n"
 ."$content"
 ." <center>[ "._MVIEWADMIN." - $remain - <a href=\"".$admin_file.".php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
 CloseTable();
 echo " ";
 } elseif ($view == 3 AND is_user($user) || is_admin($admin)) {
OpenTable();
echo "<center>$title</center> \n"
 ."$content";
 if (is_admin($admin)) {
 echo " <center>[ "._MVIEWUSERS." - $remain - <a href=\"".$admin_file.".php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
 }
 CloseTable();
 echo " ";
 } elseif ($view == 2 AND !is_user($user) || is_admin($admin)) {
OpenTable();
echo "<center>$title</center> \n"
 ."$content";
 if (is_admin($admin)) {
 echo " <center>[ "._MVIEWANON." - $remain - <a href=\"".$admin_file.".php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
 }
 CloseTable();
 echo " ";
 } elseif ($view == 1) {
OpenTable();
echo "<center>$title</center> \n"
 ."$content";
 if (is_admin($admin)) {
 echo " <center>[ "._MVIEWALL." - $remain - <a href=\"".$admin_file.".php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
 }
 CloseTable();
 echo " ";
 }
 if ($expire != 0) {
 $past = time()-$expire;
 if ($mdate < $past) {
 $db->sql_query("UPDATE ".$prefix."_message SET active='0' WHERE mid='$mid'");
 }
 }
 }
 }
}
}

function online() {
global $user, $cookie, $prefix, $db;
$ip = $_SERVER['REMOTE_ADDR'];
$guest = 0;
if (is_user($user)) {
cookiedecode($user);
$uname = $cookie[1];
if (!isset($uname)) {
$uname = $ip;
$guest = 1;
}
} else {
$uname = $ip;
$guest = 1;
}
$past = time()-3600;
$sql = "DELETE FROM ".$prefix."_session WHERE time < '$past'";
$db->sql_query($sql);
$sql = "SELECT time FROM ".$prefix."_session WHERE uname='$uname'";
$result = $db->sql_query($sql);
$ctime = time();
if (!empty($uname)) {
$uname = substr($uname, 0,25);
$row = $db->sql_fetchrow($result);
if ($row) {
$db->sql_query("UPDATE ".$prefix."_session SET uname='$uname', time='$ctime', host_addr='$ip', guest='$guest' WHERE uname='$uname'");
} else {
$db->sql_query("INSERT INTO ".$prefix."_session (uname, time, host_addr, guest) VALUES ('$uname', '$ctime', '$ip', '$guest')");
}
}
$db->sql_freeresult($result);
}

function blockfileinc($title, $blockfile, $side=0) {
$blockfiletitle = $title;
$file = file_exists("blocks/".$blockfile."");
if (!$file) {
$content = _BLOCKPROBLEM;
} else {
include("blocks/".$blockfile."");
}
if (empty($content)) {
$content = _BLOCKPROBLEM2;
}
if ($side == 1) {
themecenterbox($blockfiletitle, $content);
} elseif ($side == 2) {
themecenterbox($blockfiletitle, $content);
} else {
themesidebox($blockfiletitle, $content);
}
}

function selectlanguage() {
global $useflags, $currentlang;
if ($useflags == 1) {
$title = _SELECTLANGUAGE;
$content = "<center>"._SELECTGUILANG." ";
$langdir = dir("language");
while($func=$langdir->read()) {
if(substr($func, 0, 5) == "lang-") {
 $menulist .= "$func ";
}
}
closedir($langdir->handle);
$menulist = explode(" ", $menulist);
sort($menulist);
for ($i=0; $i < sizeof($menulist); $i++) {
if($menulist[$i]!="") {
 $tl = str_replace("lang-","",$menulist[$i]);
 $tl = str_replace(".php","",$tl);
 $altlang = ucfirst($tl);
 $content .= "<a href=\"index.php?newlang=".$tl."\"><img src=\"images/language/flag-".$tl.".png\" border=\"0\" alt=\"$altlang\" title=\"$altlang\" hspace=\"3\" vspace=\"3\"></a> ";
}
}
$content .= "</center>";
themesidebox($title, $content);
} else {
$title = _SELECTLANGUAGE;
$content = "<center>"._SELECTGUILANG." ";
$content .= "<form action=\"index.php\" method=\"get\"><select name=\"newlanguage\" onChange=\"top.location.href=this.options[this.selectedIndex].value\">";
 $handle=opendir('language');
 while ($file = readdir($handle)) {
 if (preg_match("/^lang\-(.+)\.php/", $file, $matches)) {
 $langFound = $matches[1];
 $languageslist .= "$langFound ";
 }
 }
 closedir($handle);
 $languageslist = explode(" ", $languageslist);
 sort($languageslist);
 for ($i=0; $i < sizeof($languageslist); $i++) {
 if($languageslist[$i]!="") {
$content .= "<option value=\"index.php?newlang=$languageslist[$i]\" ";
 if($languageslist[$i]==$currentlang) $content .= " selected";
$content .= ">".ucfirst($languageslist[$i])."</option>\n";
 }
}
$content .= "</select></form></center>";
themesidebox($title, $content);
}
}

function ultramode() {
global $prefix, $db;
$ultra = "ultramode.txt";
$file = fopen($ultra, "w");
fwrite($file, "General purpose self-explanatory file with news headlines\n");
$sql = "SELECT s.sid, s.catid, s.aid, s.title, s.time, s.hometext, s.comments, s.topic, t.topictext, t.topicimage FROM ".$prefix."_stories s LEFT JOIN ".$prefix."_topics t ON t.topicid = s.topic WHERE s.ihome = '0' ".$querylang." ORDER BY s.time DESC LIMIT 0,10";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
 $rsid = intval($row['sid']);
 $raid = check_html($row['aid'], "nohtml");
 $rcatid = check_html($row['catid'], "nohtml");
 $rtitle = check_html(stripslashes($row['title']), "nohtml");
 $rtime = $row['time'];
 $rhometext = check_html(stripslashes($row['hometext']), "nohtml");
 $rcomments = intval($row['comments']);
 $rtopic = intval($row['topic']);
 $topictext = stripslashes(check_html($row['topictext'], "nohtml"));
 $topicimage = check_html($row['topicimage'], "nohtml");
$content = "%%\n".$rtitle."\n/modules.php?name=News&file=article&sid=".$rsid."\n".$rtime."\n".$raid."\n".$topictext."\n".$rcomments."\n".$topicimage."\n";
fwrite($file, $content);
}
fclose($file);
$db->sql_freeresult($result);
}

function cookiedecode($user) {
global $cookie, $db, $user_prefix;
static $pass;
if(!is_array($user)) {
$user = base64_decode($user);
$user = addslashes($user);
$cookie = explode(":", $user);
} else {
$cookie = $user;
}
if (!isset($pass) AND isset($cookie[1])) {
$sql = "SELECT user_password FROM ".$user_prefix."_users WHERE username='$cookie[1]'";
$result = $db->sql_query($sql);
list($pass) = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
if (isset($cookie[2]) AND ($cookie[2] == $pass) AND (!empty($pass))) { return $cookie; }
}

function getusrinfo($user) {
global $user_prefix, $db, $userinfo, $cookie;
if (!$user OR empty($user)) {
return NULL;
}
cookiedecode($user);
$user = $cookie;
if (isset($userrow) AND is_array($userrow)) {
if ($userrow['username'] == $user[1] && $userrow['user_password'] == $user[2]) {
return $userrow;
}
}
$sql = "SELECT * FROM ".$user_prefix."_users WHERE username='$user[1]' AND user_password='$user[2]'";
$result = $db->sql_query($sql);
if ($db->sql_numrows($result) == 1) {
static $userrow;
$userrow = $db->sql_fetchrow($result);
return $userinfo = $userrow;
}
$db->sql_freeresult($result);
unset($userinfo);
}

function FixQuotes ($what = "") {
$what = str_replace("'","''",$what);
while (stristr($what, "\\\\'")) {
 $what = str_replace("\\\\'","'",$what);
}
return $what;
}

/*********************************************************/
/* text filter */
/*********************************************************/

function check_words($Message) {
global $CensorMode, $CensorReplace, $EditedMessage, $CensorList;
include("config.php");
$EditedMessage = $Message;
if ($CensorMode != 0) {
if (is_array($CensorList)) {
 $Replace = $CensorReplace;
 if ($CensorMode == 1) {
 for ($i = 0; $i < count($CensorList); $i++) {
 $EditedMessage = eregi_replace("$CensorList[$i]([^a-zA-Z0-9])","$Replace\\1",$EditedMessage);
 }
 } elseif ($CensorMode == 2) {
 for ($i = 0; $i < count($CensorList); $i++) {
 $EditedMessage = eregi_replace("(^|[^[:alnum:]])$CensorList[$i]","\\1$Replace",$EditedMessage);
 }
 } elseif ($CensorMode == 3) {
 for ($i = 0; $i < count($CensorList); $i++) {
 $EditedMessage = eregi_replace("$CensorList[$i]","$Replace",$EditedMessage);
 }
 }
}
}
return $EditedMessage;
}

function delQuotes($string){
/* no recursive function to add quote to an HTML tag if needed */
/* and delete duplicate spaces between attribs. */
$tmp=""; # string buffer
$result=""; # result string
$i=0;
$attrib=-1; # Are us in an HTML attrib ? -1: no attrib 0: name of the attrib 1: value of the atrib
$quote=0; # Is a string quote delimited opened ? 0=no, 1=yes
$len = strlen($string);
while ($i<$len) {
switch($string[$i]) { # What car is it in the buffer ?
 case "\"": #" # a quote.
 if ($quote==0) {
 $quote=1;
 } else {
 $quote=0;
 if (($attrib>0) && (!empty($tmp))) { $result .= "=\"$tmp\""; }
 $tmp="";
 $attrib=-1;
 }
 break;
 case "=": # an equal - attrib delimiter
 if ($quote==0) { # Is it found in a string ?
 $attrib=1;
 if ($tmp!="") $result.=" $tmp";
 $tmp="";
 } else $tmp .= '=';
 break;
 case " ": # a blank ?
 if ($attrib>0) { # add it to the string, if one opened.
 $tmp .= $string[$i];
 }
 break;
 default: # Other
 if ($attrib<0) # If we weren't in an attrib, set attrib to 0
 $attrib=0;
 $tmp .= $string[$i];
 break;
}
$i++;
}
if (($quote!=0) && (!empty($tmp))) {
if ($attrib==1) $result .= "=";
/* If it is the value of an atrib, add the '=' */
$result .= "\"$tmp\""; /* Add quote if needed (the reason of the function ;-) */
}
return $result;
}

function check_html ($str, $strip="") {
/* The core of this code has been lifted from phpslash */
/* which is licenced under the GPL. */
include("config.php");
if ($strip == "nohtml")
global $AllowableHTML;
if (!is_array($AllowableHTML)) $AllowableHTML = array('');
$str = stripslashes($str);
$str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>",'<\\1>', $str);
// Delete all spaces from html tags .
$str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?[[:space:]]*([^\" >]*)[[:space:]]*\"?[^>]*>",'<a href="\\1">', $str);
// Delete all attribs from Anchor, except an href, double quoted.
$str = eregi_replace("<[[:space:]]* img[[:space:]]*([^>]*)[[:space:]]*>", '', $str);
// Delete all img tags
$str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?javascript[[:punct:]]*\"?[^>]*>", '', $str);
// Delete javascript code from a href tags -- Zhen-Xjell @ http://nukecops.com
$tmp = "";
while (ereg("<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>",$str,$reg)) {
 $i = strpos($str,$reg[0]);
 $l = strlen($reg[0]);
 if ($reg[1][0] == "/") $tag = strtolower(substr($reg[1],1));
 else $tag = strtolower($reg[1]);
 if ($a = $AllowableHTML[$tag])
 if ($reg[1][0] == "/") $tag = "</$tag>";
 elseif (($a == 1) || (empty($reg[2]))) $tag = "<$tag>";
 else {
 # Place here the double quote fix function.
 $attrb_list=delQuotes($reg[2]);
 // A VER
$attrb_list = str_replace("&","&",$attrb_list);
 $attrb_list = str_replace("&","&",$attrb_list);
 $tag = "<$tag" . $attrb_list . ">";
 } # Attribs in tag allowed
 else $tag = "";
 $tmp .= substr($str,0,$i) . $tag;
 $str = substr($str,$i+$l);
}
$str = $tmp . $str;
return $str;
exit;
/* Squash PHP tags unconditionally */
$str = str_replace("<?","",$str);
return $str;
}

function filter_text($Message, $strip="") {
global $EditedMessage;
check_words($Message);
$EditedMessage=check_html($EditedMessage, $strip);
return $EditedMessage;
}

/*********************************************************/
/* formatting stories */
/*********************************************************/

function formatTimestamp($time) {
global $datetime, $locale;
setlocale(LC_TIME, $locale);
if (!is_numeric($time)) {
preg_match('/([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})/', $time, $datetime);
$time = gmmktime($datetime[4],$datetime[5],$datetime[6],$datetime[2],$datetime[3],$datetime[1]);
}
$time -= date("Z");
$datetime = strftime(_DATESTRING, $time);
$datetime = ucfirst($datetime);
return $datetime;
}

function get_author($aid) {
global $prefix, $db;
static $users;
if (isset($users[$aid]) AND is_array($users[$aid])) {
$row = $users[$aid];
} else {
$sql = "SELECT url, email FROM ".$prefix."_authors WHERE aid='$aid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$users[$aid] = $row;
$db->sql_freeresult($result);
}
$aidurl = check_html($row['url'], "nohtml");
$aidmail = check_html($row['email'], "nohtml");
if (isset($aidurl) && $aidurl != "http://") {
$aid = "<a href=\"".$aidurl."\">$aid</a>";
} elseif (isset($aidmail)) {
$aid = "<a href=\"mailto:".$aidmail."\">$aid</a>";
} else {
$aid = $aid;
}
return $aid;
}

function formatAidHeader($aid) {
$AidHeader = get_author($aid);
echo $AidHeader;
}

if(!defined('FORUM_ADMIN')) {
$ThemeSel = get_theme();
include_once("themes/$ThemeSel/theme.php");
}
if(!function_exists("themepreview")) {
function themepreview($title, $hometext, $bodytext="", $notes="") {
echo "$title $hometext";
if (!empty($bodytext)) {
 echo " $bodytext";
}
if (!empty($notes)) {
 echo " "._NOTE." $notes";
}
}
}

function adminblock() {
global $admin, $prefix, $db, $admin_file;
if (is_admin($admin)) {
 $sql = "SELECT title, content FROM ".$prefix."_blocks WHERE bkey='admin'";
 $result = $db->sql_query($sql);
 while (list($title, $content) = $db->sql_fetchrow($result)) {
 $content = check_html($content, "");
 $title = check_html($title, "nohtml");
 $content = "".$content."";
 themesidebox($title, $content);
 }
 $title = _WAITINGCONT;
 $num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_queue"));
 $content = "";
 $content .= "<big>·</big> <a href=\"".$admin_file.".php?op=submissions\">"._SUBMISSIONS."</a>: $num ";
 $num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_reviews_add"));
 $content .= "<big>·</big> <a href=\"".$admin_file.".php?op=reviews\">"._WREVIEWS."</a>: $num ";
 $num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_links_newlink"));
 $brokenl = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_links_modrequest WHERE brokenlink='1'"));
 $modreql = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_links_modrequest WHERE brokenlink='0'"));
 $content .= "<big>·</big> <a href=\"".$admin_file.".php?op=Links\">"._WLINKS."</a>: $num ";
 $content .= "<big>·</big> <a href=\"".$admin_file.".php?op=LinksListModRequests\">"._MODREQLINKS."</a>: $modreql ";
 $content .= "<big>·</big> <a href=\"".$admin_file.".php?op=LinksListBrokenLinks\">"._BROKENLINKS."</a>: $brokenl ";
 $num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_downloads_newdownload"));
 $brokend = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_downloads_modrequest WHERE brokendownload='1'"));
 $modreqd = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_downloads_modrequest WHERE brokendownload='0'"));
 $content .= "<big>·</big> <a href=\"".$admin_file.".php?op=downloads\">"._UDOWNLOADS."</a>: $num ";
 $content .= "<big>·</big> <a href=\"".$admin_file.".php?op=DownloadsListModRequests\">"._MODREQDOWN."</a>: $modreqd ";
 $content .= "<big>·</big> <a href=\"".$admin_file.".php?op=DownloadsListBrokenDownloads\">"._BROKENDOWN."</a>: $brokend ";
 themesidebox($title, $content);
}
}

function loginbox() {
global $user, $sitekey, $gfx_chk;

mt_srand ((double)microtime()*1000000);
$maxran = 1000000;
$random_num = mt_rand(0, $maxran);
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 6);

if (!is_user($user)) {
$title = _LOGIN;
$boxstuff = "<form action=\"modules.php?name=Your_Account\" method=\"post\">";
$boxstuff .= "<center>"._NICKNAME." ";
$boxstuff .= "<input type=\"text\" name=\"username\" size=\"8\" maxlength=\"25\"> ";
$boxstuff .= ""._PASSWORD." ";
$boxstuff .= "<input type=\"password\" name=\"user_password\" size=\"8\" maxlength=\"20\"> ";
if (extension_loaded("gd") AND ($gfx_chk == 2 OR $gfx_chk == 4 OR $gfx_chk == 5 OR $gfx_chk == 7)) {
$boxstuff .= ""._SECURITYCODE.": <img src='?gfx=gfx&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'> \n";
$boxstuff .= ""._TYPESECCODE." <input type=\"text\" NAME=\"gfx_check\" SIZE=\"7\" MAXLENGTH=\"6\">\n";
$boxstuff .= "<input type=\"hidden\" name=\"random_num\" value=\"$random_num\"> \n";
} else {
$boxstuff .= "<input type=\"hidden\" name=\"random_num\" value=\"$random_num\">";
$boxstuff .= "<input type=\"hidden\" name=\"gfx_check\" value=\"$code\">";
}
$boxstuff .= "<input type=\"hidden\" name=\"op\" value=\"login\">";
$boxstuff .= "<input type=\"submit\" value=\""._LOGIN."\"></center></form>";
$boxstuff .= "<center>"._ASREGISTERED."</center>";
themesidebox($title, $boxstuff);
}
}

function userblock() {
global $user, $cookie, $db, $user_prefix, $userinfo;
if(is_user($user)) {
getusrinfo($user);
if($userinfo['ublockon']) {
$sql = "SELECT ublock FROM ".$user_prefix."_users WHERE user_id='$cookie[0]'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$ublock = intval($row['ublock']);
$title = _MENUFOR." ".$cookie[1];
themesidebox($title, $ublock);
}
}
}

function getTopics($s_sid) {
global $topicid, $topicname, $topicimage, $topictext, $prefix, $db;
$sid = intval($s_sid);
$result = $db->sql_query("SELECT t.topicid, t.topicname, t.topicimage, t.topictext FROM ".$prefix."_stories s LEFT JOIN ".$prefix."_topics t ON t.topicid = s.topic WHERE s.sid = ".$sid);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$topicid = intval($row['topicid']);
$topicname = check_html($row['topicname'], "nohtml");
$topicimage = check_html($row['topicimage'], "nohtml");
$topictext = check_html($row['topictext'], "nohtml");
}

function headlines($bid, $cenbox=0) {
global $prefix, $db;
$bid = intval($bid);
$result = $db->sql_query("SELECT title, content, url, refresh, time FROM ".$prefix."_blocks WHERE bid='$bid'");
$row = $db->sql_fetchrow($result);
$title = stripslashes(check_html($row['title'], "nohtml"));
$content = check_html($row['content'], "");
$url = check_html($row['url'], "nohtml");
$refresh = intval($row['refresh']);
$otime = $row['time'];
$past = time()-$refresh;
$cont = 0;
if ($otime < $past) {
$btime = time();
$rdf = parse_url($url);
$fp = fsockopen($rdf['host'], 80, $errno, $errstr, 15);
if (!$fp) {
 $content = "";
 $db->sql_query("UPDATE ".$prefix."_blocks SET content='$content', time='$btime' WHERE bid='$bid'");
 $cont = 0;
 if ($cenbox == 0) {
 themesidebox($title, $content);
 } else {
 themecenterbox($title, $content);
 }
 return;
}
if ($fp) {
 if (!empty($rdf['query']))
 $rdf['query'] = "?" . $rdf['query'];

[Raven note: CS, looks like you got truncated]

kguske · Site Admin Joined: Jun 04, 2004 Posts: 6044

Since you're using the patch, $forum_admin and $inside_mod aren't defined. Instead of, at the end of your mainfile:

Code:

if ($forum_admin == 1) {
include("../../../modules/Your_Account/includes/mainfileend.php");
} elseif ($inside_mod == 1) {
include("../../modules/Your_Account/includes/mainfileend.php");
} else {
include("modules/Your_Account/includes/mainfileend.php");
}

use:

Code:

include(INCLUDE_PATH."modules/Your_Account/includes/mainfileend.php");

Beyond that, I'm at a loss.

emma · Hangin' Around Joined: Nov 02, 2005 Posts: 32

Chatserv,

That didnt work either. Did you include ALL the code in the second set?

I mean, I do note there is no ?> at the end so I wonder?

Also, as you can see, kguske suggest something different, so I have no clue why or if it is a case of either will work?...Anyhow, I tried your 'solution' first, but as I explain, I am still haiving no luck.

One thing to mention is that now I have returned the original mainfile.php and constants.php files from the 7.6 php 3.1 patch install and Ido note that I can log into a user account, and the new 'layout' for CNBYA has taken effect, but I can only visit one page before I am immediately automatically logged out again.

The other point is that although those original files have been replaced, my admin panel no longer works and all I see is the icons for Administration Menu' and 'Modules Administration'...When I click on the icons, nothing appears to happen.

Finally, do note that I have not yet added Sentinel or any other addon to this 7.6 3.1patch istallation yet.

Any more ideas?

chatserv · Posted: Wed Dec 28, 2005 10:16 am

As Raven noted when he edited my post the file got truncated, i made the mistake of assuming that since the preview displayed all the content the final post would as well, anyway let's do the following, email me the zip for CNBYA and any file it asks you to edit (i.e. your mainfile.php)

chatserv at nukeresources dot com

emma · Hangin' Around Joined: Nov 02, 2005 Posts: 32

How Strange Chatserv,

When I originally viewed the code you posted, I noted the text at the bottom, but it only read, '[Raven note: CS, looks', and I did wonder what it meant. It has now clearly been ammended.

I will forward my files to you...Thanks.