Blank page

neodesc · New Member Joined: Jun 20, 2005 Posts: 18

I have installed NukeSentinel(tm) 71-77 2.3.0 on one of my sites that is running PHP-Nuke 7.6.0.3.0b -

Only registered users can see links on this board!
Get registered or login to the forums!

.

The problem is that I get a blank page and I need to recharge it in order to see it normally, maybe this is not an installation problem because I get this blank page at

Only registered users can see links on this board!
Get registered or login to the forums!

too but I don't get it at

Only registered users can see links on this board!
Get registered or login to the forums!

and

Only registered users can see links on this board!
Get registered or login to the forums!

.

PD: My browser is Mozilla Firefox 1.0.4.

64bitguy · Posted: Mon Jun 20, 2005 10:21 am

This is an odd error.

The FIRST time you visit the sites commented about, the page does not display, but the source looks like it is there.

When you hit refresh, the page loads normally.

Now... If you revisit one of these sites AFTER this forced reload, everything loads normally, every time.

BUT, if you close the browser completely and then start it up again and visit these sites, the problem happens again.

Now, if you do this in another 'tab', (without closing the entire browser down)... the problem doesn't happen again. You actually have to CLOSE the Mozilla based browser down completely to replicate the problem.

If I didn't know better, it almost looks like some kind of cache or cookie problem, but not one that I have been able to identify.

I'm also not able to tell if this is a problem with "Patched" or NukeSentinel.

Anyone else have any ideas?

neodesc · New Member Joined: Jun 20, 2005 Posts: 18

Last week I tested one Nuke Patched and the problem was there, without the Nukesentinel but now I have been testing the PHP-Nuke 7.6.0.3.0b and it doesn't give this problem until I installed the NukeSentinel.

Susann · Posted: Mon Jun 20, 2005 1:24 pm

I visited nukescripts.net yesterday and got also only blank pages with Firefox for all 6 demo sites. Is this a new generation of sites or a new trend ? Very strange, isn´t it.
nooticias.com is also a blank page without refresh.
Wink

infidelguy · Posted: Tue Jun 21, 2005 5:31 am

Yeah.. same problem I'm having too: Solaris users get this error:

NSURL - error Domain 1101

infidelguy · Posted: Tue Jun 21, 2005 9:20 am

Oh well.. I guess I have to uninstall it.

neodesc · New Member Joined: Jun 20, 2005 Posts: 18

Someone knows how to fix this problem? I think it's very important.

infidelguy · Posted: Tue Jun 21, 2005 9:36 am

Well.. I removed the code in the mainfile.php and it stopped. Big surprise. heh. Smile

if (defined('FORUM_ADMIN')) {
@include_once("../../../includes/nukesentinel.php");
} elseif (defined('INSIDE_MOD')) {
@include_once("../../includes/nukesentinel.php");
} else {
@include_once("includes/nukesentinel.php");
}

neodesc · New Member Joined: Jun 20, 2005 Posts: 18

Nukesentinel runs well without it?

infidelguy · Posted: Tue Jun 21, 2005 9:46 am

Okay a little more helpful info.. I even changed the code to:

if ($forum_admin == 1) {
include_once("../../../includes/nukesentinel.php");
} elseif ($inside_mod == 1) {
include_once("../../includes/nukesentinel.php");
} else {
include_once("includes/nukesentinel.php");
}

and also in the includes... no dice. So I'm beginning to suspect this isn't a patching issue per se'.

I get the same blank page no matter which one I use.

neodesc · New Member Joined: Jun 20, 2005 Posts: 18

With this changes the problem continues.

infidelguy · Posted: Tue Jun 21, 2005 10:02 am

Well neodesc I can see why no one jumped right in to help!

Only registered users can see links on this board!
Get registered or login to the forums!

Read that post! That should fix your problem. Fixed mine.

Thanks Raven.

neodesc · New Member Joined: Jun 20, 2005 Posts: 18

Problem fixed !

infidelguy · Posted: Tue Jun 21, 2005 11:40 am

Unsure if the moderators mind me posting this site, I use it as a tool to test vulnerabilities. However, I think the original intent was to hack sites:

*** Link Removed By Moderator 64BITGUY Please do not post hacker based links intended to attack Nuke domains. ***

If any links come up, you are vulnerable to attack, in theory.

Click on one of the links (if they show up). You should get blocked by your site. Make sure you are a protected user of course before you do this.

You should see the blocked page. if not.. something still may not be right. Ravens suggestion is more secure but it causes this error. The previous poster at this link will allow you to see the blocked page:

Only registered users can see links on this board!
Get registered or login to the forums!

Susann · Posted: Tue Jun 21, 2005 1:37 pm

Hi neodesc,

I asked today in my firefox forum two people about this problem and one of them wasn´t able to see your source code he got also a blank page.
But I quess it´s solved now. Smile

64bitguy · Posted: Tue Jun 21, 2005 7:18 pm

infidelguy wrote:

If any links come up, you are vulnerable to attack, in theory.

Click on one of the links (if they show up). You should get blocked by your site. Make sure you are a protected user of course before you do this.

Actually, this informaiton is incorrect.

These "tests" merely display a list of 25 page destinations of known Nuke modules and provides a list of the known vulnerabilities of each of those modules.

This is the primary reason why NukeSentinel was invented.

Clicking any link that comes up on that list would then attempt to use that particular attack against those known vulnerabilities of baseline Nuke code. While these are mainly Union attacks there are a couple of other types of attacks as well.

As clicking any link will execute the attack in question, if you have NukeSentinel, the person originating any of those attacks would be instantly identified and thus banned.

Now, with all of that said, I have removed the link from your original post BECAUSE, the site in question IS a hacker site that is hosting files intended to purposely and maliciously attack PHP-Nuke domains or to otherwise expose weakness in baseline PHP-Nuke code.

While the people hosting this funciton may not consider it malicious, anyone that has been attacked would disagree with that. Further, as the information that is generated when you run that "test" is stored by hackers, if you did successfully penetrate a non-NukeSentinel protected domain, you would be essentially identifying an exposed site and handing over control of that domain to a hacker, which YES, is a bad thing.

I would suggest that not only do you NOT use this domain to "test" your own domain, but not anyone else's domain for these obvious reasons. It can only lead to someone getting hurt and nothing good can come from it.

BobMarion · Posted: Tue Jun 21, 2005 9:22 pm

The NSN Demo sites, I won't list them here cause there are too many of them Wink

, are running 7.6 Patched 3.0 not the 3.0b . Therefore I will do some testing and see were the conflict is happening. I can do this on my local so I can disable the Error Supression and hopefully will see what the true error is.

neodesc · New Member Joined: Jun 20, 2005 Posts: 18

Now, with this changes it chargues a blank page when you try to access the forum logged in as an admin. Try it infidelguy or anyone else.

infidelguy · Posted: Wed Jun 22, 2005 10:23 am

I'm not having any problems at the moment. Everything is working fine for me. You might want to post your mainfile here.

neodesc · New Member Joined: Jun 20, 2005 Posts: 18

Yes, ok

[code:1:4c401ae327]
<?php

/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
/* Additional security checking code 2003 by chatserv */
/* http://www.nukefixes.com -- http://www.nukeresources.com */
/************************************************************************/
//define('NUKE_FILE', true);
if (file_exists("includes/custom_files/custom_mainfile.php")) {
include_once("includes/custom_files/custom_mainfile.php");
}
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
die();
}

$queryString = strtolower($_SERVER['QUERY_STRING']);
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0')) {
header("Location: index.php");
die();
}

$phpver = phpversion();
if ($phpver < '4.1.0') {
$_GET = $HTTP_GET_VARS;
$_POST = $HTTP_POST_VARS;
$_SERVER = $HTTP_SERVER_VARS;
}
if ($phpver >= '4.0.4pl1' && strstr($_SERVER["HTTP_USER_AGENT"],'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
$do_gzip_compress = TRUE;
ob_start(array('ob_gzhandler',5));
ob_implicit_flush(0);
header('Content-Encoding: gzip');
}
}
}

$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}

if (defined('FORUM_ADMIN')) {
@include_once("../../../includes/nukesentinel.php");
} elseif (defined('INSIDE_MOD')) {
@include_once("../../includes/nukesentinel.php");
} else {
@include_once("includes/nukesentinel.php");
}

if (!ini_get("register_globals")) {
import_request_variables('GPC');
}

if(isset($admin))
{
$admin = base64_decode($admin);
$admin = addslashes($admin);
$admin = base64_encode($admin);
}

if(isset($user))
{
$user = base64_decode($user);
$user = addslashes($user);
$user = base64_encode($user);
}

foreach ($_GET as $sec_key => $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
(eregi("$[^>]*\"?[^)]*$", $secvalue)) ||
(eregi("\"", $secvalue)) ||
(eregi("forum_admin", $sec_key)) ||
(eregi("inside_mod", $sec_key))) {
die ("<center><img src=images/logo.gif> The html tags you attempted to use are not allowed [ <a href=\"javascript:history.go(-1)\">Go Back</a> ]");
}
}

foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
die ("<center><img src=images/logo.gif> The html tags you attempted to use are not allowed [ <a href=\"javascript:history.go(-1)\">Go Back</a> ]");
}
}

if (stristr($_SERVER['PHP_SELF'], "mainfile.php")) {
Header("Location: index.php");
die();
}

if (defined('FORUM_ADMIN')) {
@require_once("../../../config.php");
@require_once("../../../db/db.php");
} elseif (defined('INSIDE_MOD')) {
@require_once("../../config.php");
@require_once("../../db/db.php");
} else {
@require_once("config.php");
@require_once("db/db.php");
}

/* FOLLOWING LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
/* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
if (defined('FORUM_ADMIN')) {
@require_once("../../../includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
} elseif (defined('INSIDE_MOD')) {
@require_once("../../includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
} else {
@require_once("includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
}

@ini_set("display_errors","$display_errors");
$mainfile = 1;
$result = $db->sql_query("SELECT * FROM ".$prefix."_config");
$row = $db->sql_fetchrow($result);
$sitename = $row['sitename'];
$nukeurl = $row['nukeurl'];
$site_logo = $row['site_logo'];
$slogan = $row['slogan'];
$startdate = $row['startdate'];
$adminmail = stripslashes($row['adminmail']);
$anonpost = $row['anonpost'];
$Default_Theme = $row['Default_Theme'];
$foot1 = $row['foot1'];
$foot2 = $row['foot2'];
$foot3 = $row['foot3'];
$commentlimit = intval($row['commentlimit']);
$anonymous = $row['anonymous'];
$minpass = intval($row['minpass']);
$pollcomm = intval($row['pollcomm']);
$articlecomm = intval($row['articlecomm']);
$broadcast_msg = intval($row['broadcast_msg']);
$my_headlines = intval($row['my_headlines']);
$top = intval($row['top']);
$storyhome = intval($row['storyhome']);
$user_news = intval($row['user_news']);
$oldnum = intval($row['oldnum']);
$ultramode = intval($row['ultramode']);
$banners = intval($row['banners']);
$backend_title = $row['backend_title'];
$backend_language = $row['backend_language'];
$language = $row['language'];
$locale = $row['locale'];
$multilingual = intval($row['multilingual']);
$useflags = intval($row['useflags']);
$notify = intval($row['notify']);
$notify_email = $row['notify_email'];
$notify_subject = $row['notify_subject'];
$notify_message = $row['notify_message'];
$notify_from = $row['notify_from'];
$moderate = intval($row['moderate']);
$admingraphic = intval($row['admingraphic']);
$httpref = intval($row['httpref']);
$httprefmax = intval($row['httprefmax']);
$CensorMode = intval($row['CensorMode']);
$CensorReplace = $row['CensorReplace'];
$copyright = $row['copyright'];
$Version_Num = $row['Version_Num'];
$domain = eregi_replace("http://", "", $nukeurl);
$tipath = "images/topics/";
$mtime = microtime();
$mtime = explode(" ",$mtime);
$mtime = $mtime[1] + $mtime[0];
$start_time = $mtime;

if (!defined('FORUM_ADMIN')) {
if (isset($newlang) AND !eregi("\.","$newlang")) {
if (file_exists("language/lang-".$newlang.".php")) {
setcookie("lang",$newlang,time()+31536000);
include("language/lang-".$newlang.".php");
$currentlang = $newlang;
} else {
setcookie("lang",$language,time()+31536000);
include("language/lang-".$language.".php");
$currentlang = $language;
}
} elseif (isset($lang)) {
include("language/lang-".$lang.".php");
$currentlang = $lang;
} else {
setcookie("lang",$language,time()+31536000);
include("language/lang-".$language.".php");
$currentlang = $language;
}
}

function get_lang($module) {
global $currentlang, $language;
if (file_exists("modules/$module/language/lang-".$currentlang.".php")) {
if ($module == admin) {
include_once("admin/language/lang-".$currentlang.".php");
} else {
include_once("modules/$module/language/lang-".$currentlang.".php");
}
} else {
if ($module != "Forums") {
if ($module == admin) {
include_once("admin/language/lang-".$currentlang.".php");
} else {
include_once("modules/$module/language/lang-".$language.".php");
}
}
}
}

function is_admin($admin) {
global $prefix, $db;
if(!is_array($admin)) {
$admin = base64_decode($admin);
$admin = addslashes($admin);
$admin = explode(":", $admin);
$aid = addslashes($admin[0]);
$pwd = "$admin[1]";
} else {
$aid = addslashes($admin[0]);
$pwd = "$admin[1]";
}
if ($aid != "" AND $pwd != "") {
$aid = substr("$aid", 0,25);
$result = $db->sql_query("SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'");
$row = $db->sql_fetchrow($result);
$pass = $row['pwd'];
if($pass == $pwd && $pass != "") {
return 1;
}
}
return 0;
}

function is_user($user) {
global $prefix, $db, $user_prefix;
if(!is_array($user)) {
$user = base64_decode($user);
$user = addslashes($user);
$user = explode(":", $user);
$uid = "$user[0]";
$pwd = "$user[2]";
} else {
$uid = "$user[0]";
$pwd = "$user[2]";
}
$uid = addslashes($uid);
$uid = intval($uid);
if ($uid != "" AND $pwd != "") {
$result = $db->sql_query("SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'");
$row = $db->sql_fetchrow($result);
$pass = $row['user_password'];
if($pass == $pwd && $pass != "") {
return 1;
}
}
return 0;
}

function is_group($user, $name) {
global $prefix, $db, $user_prefix;
if(!is_array($user)) {
$user = base64_decode($user);
$user = addslashes($user);
$user = explode(":", $user);
$uid = "$user[0]";
$pwd = "$user[2]";
} else {
$uid = "$user[0]";
$uid = intval($uid);
$pwd = "$user[2]";
}
if ($uid != "" AND $pwd != "") {
$result = $db->sql_query("SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'");
$row = $db->sql_fetchrow($result);
$pass = $row['user_password'];
if($pass == $pwd && $pass != "") {
$result2 = $db->sql_query("SELECT points FROM ".$user_prefix."_users WHERE user_id='$uid'");
$row2 = $db->sql_fetchrow($result2);
$points = intval($row2['points']);
$result3 = $db->sql_query("SELECT mod_group FROM ".$prefix."_modules WHERE title='$name'");
$row3 = $db->sql_fetchrow($result3);
$mod_group = $row3['mod_group'];
$result4 = $db->sql_query("SELECT points FROM ".$prefix."_groups WHERE id='$mod_group'");
$row4 = $db->sql_fetchrow($result4);
$grp = intval($row4['points']);
if (($points >= 0 AND $points >= $grp) OR $mod_group == 0) {
return 1;
}
}
}
return 0;
}

function update_points($id) {
global $user_prefix, $prefix, $db, $user;
if (is_user($user)) {
if(!is_array($user)) {
$user1 = base64_decode($user);
$user1 = addslashes($user1);
$user1 = explode(":", $user1);
$username = "$user1[1]";
} else {
$username = "$user1[1]";
}
if ($db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_groups")) > '0') {
$id = intval($id);
$result = $db->sql_query("SELECT points FROM ".$prefix."_groups_points WHERE id='$id'");
$row = $db->sql_fetchrow($result);
$rpoints = intval($row['points']);
$db->sql_query("UPDATE ".$user_prefix."_users SET points=points+" . $rpoints . " WHERE username='$username'");
}
}
}

function title($text) {
OpenTable();
echo "<center>$text</center>";
CloseTable();
echo " ";
}

function is_active($module) {
global $prefix, $db;
$module = trim($module);
$result = $db->sql_query("SELECT active FROM ".$prefix."_modules WHERE title='$module'");
$row = $db->sql_fetchrow($result);
$act = intval($row['active']);
if (!$result OR $act == 0) {
return 0;
} else {
return 1;
}
}

function render_blocks($side, $blockfile, $title, $content, $bid, $url) {
define('BLOCK_FILE', true);
if ($url == "") {
if ($blockfile == "") {
if ($side == "c") {
themecenterbox($title, $content);
} elseif ($side == "d") {
themecenterbox($title, $content);
} else {
themesidebox($title, $content);
}
} else {
if ($side == "c") {
blockfileinc($title, $blockfile, 1);
} elseif ($side == "d") {
blockfileinc($title, $blockfile, 1);
} else {
blockfileinc($title, $blockfile);
}
}
} else {
if ($side == "c" OR $side == "d") {
headlines($bid,1);
} else {
headlines($bid);
}
}
}

function blocks($side) {
global $storynum, $prefix, $multilingual, $currentlang, $db, $admin, $user;
if ($multilingual == 1) {
$querylang = "AND (blanguage='$currentlang' OR blanguage='')";
} else {
$querylang = "";
}
if (strtolower($side[0]) == "l") {
$pos = "l";
} elseif (strtolower($side[0]) == "r") {
$pos = "r";
} elseif (strtolower($side[0]) == "c") {
$pos = "c";
} elseif (strtolower($side[0]) == "d") {
$pos = "d";
}
$side = $pos;
$sql = "SELECT bid, bkey, title, content, url, blockfile, view, expire, action, subscription FROM ".$prefix."_blocks WHERE bposition='$pos' AND active='1' $querylang ORDER BY weight ASC";
$result = $db->sql_query($sql);
while($row = $db->sql_fetchrow($result)) {
$bid = intval($row['bid']);
$title = stripslashes(check_html($row['title'], "nohtml"));
$content = stripslashes($row['content']);
$url = stripslashes($row['url']);
$blockfile = $row['blockfile'];
$view = intval($row['view']);
$expire = intval($row['expire']);
$action = $row['action'];
$action = substr("$action", 0,1);
$now = time();
$sub = intval($row['subscription']);
if ($sub == 0 OR ($sub == 1 AND !paid())) {
if ($expire != 0 AND $expire <= $now) {
if ($action == "d") {
$db->sql_query("UPDATE ".$prefix."_blocks SET active='0', expire='0' WHERE bid='$bid'");
return;
} elseif ($action == "r") {
$db->sql_query("DELETE FROM ".$prefix."_blocks WHERE bid='$bid'");
return;
}
}
if ($row[bkey] == admin) {
adminblock();
} elseif ($row[bkey] == userbox) {
userblock();
} elseif ($row[bkey] == "") {
if ($view == 0) {
render_blocks($side, $blockfile, $title, $content, $bid, $url);
} elseif ($view == 1 AND is_user($user) || is_admin($admin)) {
render_blocks($side, $blockfile, $title, $content, $bid, $url);
} elseif ($view == 2 AND is_admin($admin)) {
render_blocks($side, $blockfile, $title, $content, $bid, $url);
} elseif ($view == 3 AND !is_user($user) || is_admin($admin)) {
render_blocks($side, $blockfile, $title, $content, $bid, $url);
}
}
}
}
}

function message_box() {
global $bgcolor1, $bgcolor2, $user, $admin, $cookie, $textcolor2, $prefix, $multilingual, $currentlang, $db, $admin_file;
if ($multilingual == 1) {
$querylang = "AND (mlanguage='$currentlang' OR mlanguage='')";
} else {
$querylang = "";
}
$result = $db->sql_query("SELECT mid, title, content, date, expire, view FROM ".$prefix."_message WHERE active='1' $querylang");
if ($numrows = $db->sql_numrows($result) == 0) {
return;
} else {
while ($row = $db->sql_fetchrow($result)) {
$mid = intval($row['mid']);
$title = stripslashes(check_html($row['title'], "nohtml"));
$content = stripslashes($row['content']);
$mdate = $row['date'];
$expire = intval($row['expire']);
$view = intval($row['view']);
if ($title != "" && $content != "") {
if ($expire == 0) {
$remain = _UNLIMITED;
} else {
$etime = (($mdate+$expire)-time())/3600;
$etime = (int)$etime;
if ($etime < 1) {
$remain = _EXPIRELESSHOUR;
} else {
$remain = ""._EXPIREIN." $etime "._HOURS."";
}
}
if ($view == 5 AND paid()) {
OpenTable();
echo "<center>$title</center> \n"
."$content";
if (is_admin($admin)) {
echo " <center>[ "._MVIEWSUBUSERS." - $remain - <a href=\"".$admin_file.".php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
}
CloseTable();
echo " ";
} elseif ($view == 4 AND is_admin($admin)) {
OpenTable();
echo "<center>$title</center> \n"
."$content"
." <center>[ "._MVIEWADMIN." - $remain - <a href=\"".$admin_file.".php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
CloseTable();
echo " ";
} elseif ($view == 3 AND is_user($user) || is_admin($admin)) {
OpenTable();
echo "<center>$title</center> \n"
."$content";
if (is_admin($admin)) {
echo " <center>[ "._MVIEWUSERS." - $remain - <a href=\"".$admin_file.".php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
}
CloseTable();
echo " ";
} elseif ($view == 2 AND !is_user($user) || is_admin($admin)) {
OpenTable();
echo "<center>$title</center> \n"
."$content";
if (is_admin($admin)) {
echo " <center>[ "._MVIEWANON." - $remain - <a href=\"".$admin_file.".php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
}
CloseTable();
echo " ";
} elseif ($view == 1) {
OpenTable();
echo "<center>$title</center> \n"
."$content";
if (is_admin($admin)) {
echo " <center>[ "._MVIEWALL." - $remain - <a href=\"".$admin_file.".php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
}
CloseTable();
echo " ";
}
if ($expire != 0) {
$past = time()-$expire;
if ($mdate < $past) {
$db->sql_query("UPDATE ".$prefix."_message SET active='0' WHERE mid='$mid'");
}
}
}
}
}
}

function online() {
global $user, $cookie, $prefix, $db;
cookiedecode($user);
$ip = $_SERVER["REMOTE_ADDR"];
$uname = $cookie[1];
if (!isset($uname)) {
$uname = "$ip";
$guest = 1;
}
$past = time()-1800;
$db->sql_query("DELETE FROM ".$prefix."_session WHERE time < '$past'");
$result = $db->sql_query("SELECT time FROM ".$prefix."_session WHERE uname='$uname'");
$ctime = time();
if ($uname!="") {
$uname = substr("$uname", 0,25);
if ($row = $db->sql_fetchrow($result)) {
$db->sql_query("UPDATE ".$prefix."_session SET uname='$uname', time='$ctime', host_addr='$ip', guest='$guest' WHERE uname='$uname'");
} else {
$db->sql_query("INSERT INTO ".$prefix."_session (uname, time, host_addr, guest) VALUES ('$uname', '$ctime', '$ip', '$guest')");
}
}
}

function blockfileinc($title, $blockfile, $side=0) {
$blockfiletitle = $title;
$file = @file("blocks/".$blockfile."");
if (!$file) {
$content = _BLOCKPROBLEM;
} else {
include("blocks/".$blockfile."");
}
if ($content == "") {
$content = _BLOCKPROBLEM2;
}
if ($side == 1) {
themecenterbox($blockfiletitle, $content);
} elseif ($side == 2) {
themecenterbox($blockfiletitle, $content);
} else {
themesidebox($blockfiletitle, $content);
}
}

function selectlanguage() {
global $useflags, $currentlang;
if ($useflags == 1) {
$title = _SELECTLANGUAGE;
$content = "<center>"._SELECTGUILANG." ";
$langdir = dir("language");
while($func=$langdir->read()) {
if(substr($func, 0, 5) == "lang-") {
$menulist .= "$func ";
}
}
closedir($langdir->handle);
$menulist = explode(" ", $menulist);
sort($menulist);
for ($i=0; $i < sizeof($menulist); $i++) {
if($menulist[$i]!="") {
$tl = ereg_replace("lang-","",$menulist[$i]);
$tl = ereg_replace(".php","",$tl);
$altlang = ucfirst($tl);
$content .= "<a href=\"index.php?newlang=".$tl."\"><img src=\"images/language/flag-".$tl.".png\" border=\"0\" alt=\"$altlang\" title=\"$altlang\" hspace=\"3\" vspace=\"3\"></a> ";
}
}
$content .= "</center>";
themesidebox($title, $content);
} else {
$title = _SELECTLANGUAGE;
$content = "<center>"._SELECTGUILANG." ";
$content .= "<form action=\"index.php\" method=\"get\"><select name=\"newlanguage\" onChange=\"top.location.href=this.options[this.selectedIndex].value\">";
$handle=opendir('language');
while ($file = readdir($handle)) {
if (preg_match("/^lang\-(.+)\.php/", $file, $matches)) {
$langFound = $matches[1];
$languageslist .= "$langFound ";
}
}
closedir($handle);
$languageslist = explode(" ", $languageslist);
sort($languageslist);
for ($i=0; $i < sizeof($languageslist); $i++) {
if($languageslist[$i]!="") {
$content .= "<option value=\"index.php?newlang=$languageslist[$i]\" ";
if($languageslist[$i]==$currentlang) $content .= " selected";
$content .= ">".ucfirst($languageslist[$i])."</option>\n";
}
}
$content .= "</select></form></center>";
themesidebox($title, $content);
}
}

function ultramode() {
global $prefix, $db;
$ultra = "ultramode.txt";
$file = fopen("$ultra", "w");
fwrite($file, "General purpose self-explanatory file with news headlines\n");
$result = $db->sql_query("SELECT sid, aid, title, time, comments, topic FROM ".$prefix."_stories ORDER BY time DESC LIMIT 0,10");
while ($row = $db->sql_fetchrow($result)) {
$rsid = intval($row['sid']);
$raid = $row['aid'];
$rtitle = stripslashes(check_html($row['title'], "nohtml"));
$rtime = $row['time'];
$rcomments = stripslashes($row['comments']);
$rtopic = intval($row['topic']);
$row2 = $db->sql_fetchrow($db->sql_query("select topictext, topicimage from ".$prefix."_topics where topicid='$rtopic'"));
$topictext = stripslashes(check_html($row2['topictext'], "nohtml"));
$topicimage = $row2['topicimage'];
$content = "%%\n$rtitle\n/modules.php?name=News&file=article&sid=$rsid\n$rtime\n$raid\n$topictext\n$rcomments\n$topicimage\n";
fwrite($file, $content);
}
fclose($file);
}

function cookiedecode($user) {
global $cookie, $prefix, $db, $user_prefix;
$user = base64_decode($user);
$user = addslashes($user);
$user = htmlentities($user, ENT_QUOTES);
$cookie = explode(":", $user);
$result = $db->sql_query("SELECT user_password FROM ".$user_prefix."_users WHERE username='$cookie[1]'");
$row = $db->sql_fetchrow($result);
$pass = $row['user_password'];
if ($cookie[2] == $pass && $pass != "") {
return $cookie;
} else {
unset($user);
unset($cookie);
}
}

function getusrinfo($user) {
global $userinfo, $user_prefix, $db;
$user2 = base64_decode($user);
$user2 = addslashes($user2);
$user3 = explode(":", $user2);
$result = $db->sql_query("SELECT * FROM ".$user_prefix."_users WHERE username='$user3[1]' AND user_password='$user3[2]'");
if ($db->sql_numrows($result) == 1) {
$userinfo = $db->sql_fetchrow($result);
}
return $userinfo;
}

function FixQuotes ($what = "") {
$what = ereg_replace("'","''",$what);
while (eregi("\\\\'", $what)) {
$what = ereg_replace("\\\\'","'",$what);
}
return $what;
}

/*********************************************************/
/* text filter */
/*********************************************************/

function check_words($Message) {
global $CensorMode, $CensorReplace, $EditedMessage, $CensorList;
$EditedMessage = $Message;
if ($CensorMode != 0) {
if (is_array($CensorList)) {
$Replace = $CensorReplace;
if ($CensorMode == 1) {
for ($i = 0; $i < count($CensorList); $i++) {
$EditedMessage = eregi_replace("$CensorList[$i]([^a-zA-Z0-9])","$Replace\\1",$EditedMessage);
}
} elseif ($CensorMode == 2) {
for ($i = 0; $i < count($CensorList); $i++) {
$EditedMessage = eregi_replace("(^|[^[:alnum:]])$CensorList[$i]","\\1$Replace",$EditedMessage);
}
} elseif ($CensorMode == 3) {
for ($i = 0; $i < count($CensorList); $i++) {
$EditedMessage = eregi_replace("$CensorList[$i]","$Replace",$EditedMessage);
}
}
}
}
return ($EditedMessage);
}

function delQuotes($string){
/* no recursive function to add quote to an HTML tag if needed */
/* and delete duplicate spaces between attribs. */
$tmp=""; # string buffer
$result=""; # result string
$i=0;
$attrib=-1; # Are us in an HTML attrib ? -1: no attrib 0: name of the attrib 1: value of the atrib
$quote=0; # Is a string quote delimited opened ? 0=no, 1=yes
$len = strlen($string);
while ($i<$len) {
switch($string[$i]) { # What car is it in the buffer ?
case "\"": #" # a quote.
if ($quote==0) {
$quote=1;
} else {
$quote=0;
if (($attrib>0) && ($tmp != "")) { $result .= "=\"$tmp\""; }
$tmp="";
$attrib=-1;
}
break;
case "=": # an equal - attrib delimiter
if ($quote==0) { # Is it found in a string ?
$attrib=1;
if ($tmp!="") $result.=" $tmp";
$tmp="";
} else $tmp .= '=';
break;
case " ": # a blank ?
if ($attrib>0) { # add it to the string, if one opened.
$tmp .= $string[$i];
}
break;
default: # Other
if ($attrib<0) # If we weren't in an attrib, set attrib to 0
$attrib=0;
$tmp .= $string[$i];
break;
}
$i++;
}
if (($quote!=0) && ($tmp != "")) {
if ($attrib==1) $result .= "=";
/* If it is the value of an atrib, add the '=' */
$result .= "\"$tmp\""; /* Add quote if needed (the reason of the function ;-) */
}
return $result;
}

function check_html ($str, $strip="") {
/* The core of this code has been lifted from phpslash */
/* which is licenced under the GPL. */
if ($strip == "nohtml")
global $AllowableHTML;
if (!is_array($AllowableHTML)) $AllowableHTML =array('');
$str = stripslashes($str);
$str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>",'<\\1>', $str);
// Delete all spaces from html tags .
$str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?[[:space:]]*([^\" >]*)[[:space:]]*\"?[^>]*>",'<a href="\\1">', $str);
// Delete all attribs from Anchor, except an href, double quoted.
$str = eregi_replace("<[[:space:]]* img[[:space:]]*([^>]*)[[:space:]]*>", '', $str);
// Delete all img tags
$str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?javascript[[:punct:]]*\"?[^>]*>", '', $str);
// Delete javascript code from a href tags -- Zhen-Xjell @ http://nukecops.com
$tmp = "";
while (ereg("<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>",$str,$reg)) {
$i = strpos($str,$reg[0]);
$l = strlen($reg[0]);
if ($reg[1][0] == "/") $tag = strtolower(substr($reg[1],1));
else $tag = strtolower($reg[1]);
if ($a = $AllowableHTML[$tag])
if ($reg[1][0] == "/") $tag = "</$tag>";
elseif (($a == 1) || ($reg[2] == "")) $tag = "<$tag>";
else {
# Place here the double quote fix function.
$attrb_list=delQuotes($reg[2]);
// A VER
$attrb_list = ereg_replace("&","&",$attrb_list);
$tag = "<$tag" . $attrb_list . ">";
} # Attribs in tag allowed
else $tag = "";
$tmp .= substr($str,0,$i) . $tag;
$str = substr($str,$i+$l);
}
$str = $tmp . $str;
return $str;
exit;
/* Squash PHP tags unconditionally */
$str = ereg_replace("<\?","",$str);
return $str;
}

function filter_text($Message, $strip="") {
global $EditedMessage;
check_words($Message);
$EditedMessage=check_html($EditedMessage, $strip);
return ($EditedMessage);
}

/*********************************************************/
/* formatting stories */
/*********************************************************/

function formatTimestamp($time) {
global $datetime, $locale;
setlocale (LC_TIME, $locale);
ereg ("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})", $time, $datetime);
$datetime = strftime(""._DATESTRING."", mktime($datetime[4],$datetime[5],$datetime[6],$datetime[2],$datetime[3],$datetime[1]));
$datetime = ucfirst($datetime);
return($datetime);
}

function formatAidHeader($aid) {
global $prefix, $db;
$result = $db->sql_query("SELECT url, email FROM ".$prefix."_authors WHERE aid='$aid'");
$row = $db->sql_fetchrow($result);
$url = stripslashes($row['url']);
$email = stripslashes($row['email']);
if ((isset($url)) && ($url != "http://")) {
$aid = "<a href=\"$url\">$aid</a>";
} elseif (isset($email)) {
$aid = "<a href=\"mailto:$email\">$aid</a>";
} else {
$aid = $aid;
}
echo "$aid";
}

function get_author($aid) {
global $prefix, $db;
$result = $db->sql_query("SELECT url, email FROM ".$prefix."_authors WHERE aid='$aid'");
$row = $db->sql_fetchrow($result);
$url = stripslashes($row['url']);
$email = stripslashes($row['email']);
if ((isset($url)) && ($url != "http://")) {
$aid = "<a href=\"$url\">$aid</a>";
} elseif (isset($email)) {
$aid = "<a href=\"mailto:$email\">$aid</a>";
} else {
$aid = $aid;
}
return($aid);
}

if(!defined('FORUM_ADMIN')) {
$ThemeSel = get_theme();
include_once("themes/$ThemeSel/theme.php");
}
if(!function_exists(themepreview)) {
function themepreview($title, $hometext, $bodytext="", $notes="") {
echo "$title $hometext";
if ($bodytext != "") {
echo " $bodytext";
}
if ($notes != "") {
echo " "._NOTE." $notes";
}
}
}

function adminblock() {
global $admin, $prefix, $db, $admin_file;
if (is_admin($admin)) {
$result = $db->sql_query("SELECT title, content FROM ".$prefix."_blocks WHERE bkey='admin'");
while ($row = $db->sql_fetchrow($result)) {
$content = "$row[content]";
themesidebox($row[title], $row[content]);
}
$title = ""._WAITINGCONT."";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_queue"));
$content = "";
$content .= "<big>·</big> <a href=\"".$admin_file.".php?op=submissions\">"._SUBMISSIONS."</a>: $num ";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_reviews_add"));
$content .= "<big>·</big> <a href=\"".$admin_file.".php?op=reviews\">"._WREVIEWS."</a>: $num ";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_links_newlink"));
$brokenl = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_links_modrequest WHERE brokenlink='1'"));
$modreql = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_links_modrequest WHERE brokenlink='0'"));
$content .= "<big>·</big> <a href=\"".$admin_file.".php?op=Links\">"._WLINKS."</a>: $num ";
$content .= "<big>·</big> <a href=\"".$admin_file.".php?op=LinksListModRequests\">"._MODREQLINKS."</a>: $modreql ";
$content .= "<big>·</big> <a href=\"".$admin_file.".php?op=LinksListBrokenLinks\">"._BROKENLINKS."</a>: $brokenl ";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_downloads_newdownload"));
$brokend = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_downloads_modrequest WHERE brokendownload='1'"));
$modreqd = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_downloads_modrequest WHERE brokendownload='0'"));
$content .= "<big>·</big> <a href=\"".$admin_file.".php?op=downloads\">"._UDOWNLOADS."</a>: $num ";
$content .= "<big>·</big> <a href=\"".$admin_file.".php?op=DownloadsListModRequests\">"._MODREQDOWN."</a>: $modreqd ";
$content .= "<big>·</big> <a href=\"".$admin_file.".php?op=DownloadsListBrokenDownloads\">"._BROKENDOWN."</a>: $brokend ";
themesidebox($title, $content);
}
}

function loginbox() {
global $user, $sitekey, $gfx_chk;

mt_srand ((double)microtime()*1000000);
$maxran = 1000000;
$random_num = mt_rand(0, $maxran);
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 6);

if (!is_user($user)) {
$title = _LOGIN;
$boxstuff = "<form action=\"modules.php?name=Your_Account\" method=\"post\">";
$boxstuff .= "<center>"._NICKNAME." ";
$boxstuff .= "<input type=\"text\" name=\"username\" size=\"8\" maxlength=\"25\"> ";
$boxstuff .= ""._PASSWORD." ";
$boxstuff .= "<input type=\"password\" name=\"user_password\" size=\"8\" maxlength=\"20\"> ";
if (extension_loaded("gd") AND ($gfx_chk == 2 OR $gfx_chk == 4 OR $gfx_chk == 5 OR $gfx_chk == 7)) {
$boxstuff .= ""._SECURITYCODE.": <img src='?gfx=gfx&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'> \n";
$boxstuff .= ""._TYPESECCODE." <input type=\"text\" NAME=\"gfx_check\" SIZE=\"7\" MAXLENGTH=\"6\">\n";
$boxstuff .= "<input type=\"hidden\" name=\"random_num\" value=\"$random_num\"> \n";
} else {
$boxstuff .= "<input type=\"hidden\" name=\"random_num\" value=\"$random_num\">";
$boxstuff .= "<input type=\"hidden\" name=\"gfx_check\" value=\"$code\">";
}
$boxstuff .= "<input type=\"hidden\" name=\"op\" value=\"login\">";
$boxstuff .= "<input type=\"submit\" value=\""._LOGIN."\"></center></form>";
$boxstuff .= "<center>"._ASREGISTERED."</center>";
themesidebox($title, $boxstuff);
}
}

function userblock() {
global $user, $cookie, $db, $user_prefix;
if((is_user($user)) AND ($cookie[8])) {
$sql = "SELECT ublock FROM ".$user_prefix."_users WHERE user_id='$cookie[0]'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$title = ""._MENUFOR." $cookie[1]";
themesidebox($title, $row[ublock]);
}
}

function getTopics($s_sid) {
global $topicname, $topicimage, $topictext, $prefix, $db;
$sid = intval($s_sid);
$row = $db->sql_fetchrow($db->sql_query("SELECT topic FROM ".$prefix."_stories WHERE sid='$sid'"));
$rtopic = $row['topic'];
$result2 = $db->sql_query("SELECT topicid, topicname, topicimage, topictext FROM ".$prefix."_topics WHERE topicid='$rtopic'");
$row2 = $db->sql_fetchrow($result2);
$topicid = intval($row2['topicid']);
$topicname = $row2['topicname'];
$topicimage = $row2['topicimage'];
$topictext = stripslashes(check_html($row2['topictext'], "nohtml"));
}

function headlines($bid, $cenbox=0) {
global $prefix, $db;
$bid = intval($bid);
$result = $db->sql_query("SELECT title, content, url, refresh, time FROM ".$prefix."_blocks WHERE bid='$bid'");
$row = $db->sql_fetchrow($result);
$title = stripslashes(check_html($row['title'], "nohtml"));
$content = stripslashes($row['content']);
$url = $row['url'];
$refresh = intval($row['refresh']);
$otime = $row['time'];
$past = time()-$refresh;
if ($otime < $past) {
$btime = time();
$rdf = parse_url($url);
$fp = fsockopen($rdf['host'], 80, $errno, $errstr, 15);
if (!$fp) {
$content = "";
$db->sql_query("UPDATE ".$prefix."_blocks SET content='$content', time='$btime' WHERE bid='$bid'");
$cont = 0;
if ($cenbox == 0) {
themesidebox($title, $content);
} else {
themecenterbox($title, $content);
}
return;
}
if ($fp) {
if ($rdf['query'] != '')
$rdf['query'] = "?" . $rdf['query'];

fputs($fp, "GET " . $rdf['path'] . $rdf['query'] . " HTTP/1.0\r\n");
fputs($fp, "HOST: " . $rdf['host'] . "\r\n\r\n");
$string = "";
while(!feof($fp)) {
$pagetext = fgets($fp,300);
$string .= chop($pagetext);
}
fputs($fp,"Connection: close\r\n\r\n");
fclose($fp);
$items = explode("</item>",$string);
$content = "";
for ($i=0;$i<10;$i++) {
$link = ereg_replace(".*<link>","",$items[$i]);
$link = ereg_replace("</link>.*","",$link);
$title2 = ereg_replace(".*<title>","",$items[$i]);
$title2 = ereg_replace("</title>.*","",$title2);
$title2 = stripslashes($title2);
if ($items[$i] == "" AND $cont != 1) {
$content = "";
$db->sql_query("UPDATE ".$prefix."_blocks SET content='$content', time='$btime' WHERE bid='$bid'");
$cont = 0;
if ($cenbox == 0) {
themesidebox($title, $content);
} else {
themecenterbox($title, $content);
}
return;
} else {
if (strcmp($link,$title2) AND $items[$i] != "") {
$cont = 1;
$content .= "<big>·</big><a href=\"$link\" target=\"new\">$title2</a> \n";
}
}
}

}
$db->sql_query("UPDATE ".$prefix."_blocks SET content='$content', time='$btime' WHERE bid='$bid'");
}
$siteurl = ereg_replace("http://","",$url);
$siteurl = explode("/",$siteurl);
if (($cont == 1) OR ($content != "")) {
$content .= " <a href=\"http://$siteurl[0]\" target=\"blank\">"._HREADMORE."</a>";
} elseif (($cont == 0) OR ($content == "")) {
$content = ""._RSSPROBLEM."";
}
if ($cenbox == 0) {
themesidebox($title, $content);
} else {
themecenterbox($title, $content);
}
}

function automated_news() {
global $prefix, $multilingual, $currentlang, $db;
if ($multilingual == 1) {
$querylang = "WHERE (alanguage='$currentlang' OR alanguage='')"; /* the OR is needed to display stories who are posted to ALL languages */
} else {
$querylang = "";
}
$today = getdate();
$day = $today[mday];
if ($day < 10) {
$day = "0$day";
}
$month = $today[mon];
if ($month < 10) {
$month = "0$month";
}
$year = $today[year];
$hour = $today[hours];
$min = $today[minutes];
$sec = "00";
$result = $db->sql_query("SELECT anid, time FROM ".$prefix."_autonews $querylang");
while ($row = $db->sql_fetchrow($result)) {
$anid = $row['anid'];
$time = $row['time'];
ereg ("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})", $time, $date);
if (($date[1] <= $year) AND ($date[2] <= $month) AND ($date[3] <= $day)) {
if (($date[4] < $hour) AND ($date[5] >= $min) OR ($date[4] <= $hour) AND ($date[5] <= $min)) {
$result2 = $db->sql_query("SELECT * FROM ".$prefix."_autonews WHERE anid='$anid'");
while ($row2 = $db->sql_fetchrow($result2)) {
$title = stripslashes(FixQuotes(check_html($row2['title'], "nohtml")));
$hometext = stripslashes(FixQuotes($row2['hometext']));
$bodytext = stripslashes(FixQuotes($row2['bodytext']));
$notes = stripslashes(FixQuotes($row2['notes']));
$catid2 = intval($row2['catid']);
$aid2 = $row2['aid'];
$time2 = $row2['time'];
$topic2 = $row2['topic'];
$informant2 = $row2['informant'];
$ihome2 = intval($row2['ihome']);
$alanguage2 = $row2['alanguage'];
$acomm2 = intval($row2['acomm']);
$associated2 = $row2['associated'];
$num = $db->sql_numrows($db->sql_query("SELECT sid FROM ".$prefix."_stories WHERE title='$title'"));
if ($num == 0) {
$db->sql_query("DELETE FROM ".$prefix."_autonews WHERE anid='$anid'");
$db->sql_query("INSERT INTO ".$prefix."_stories VALUES (NULL, '$catid2', '$aid2', '$title', '$time2', '$hometext', '$bodytext', '0', '0', '$topic2', '$informant2', '$notes', '$ihome2', '$alanguage2', '$acomm2', '0', '0', '0', '0', '$associated2')");
}
}
}
}
}
}

if(!defined('FORUM_ADMIN')) {
$ThemeSel = get_theme();
include_once("themes/$ThemeSel/theme.php");
}
if(!function_exists(themecenterbox)) {
function themecenterbox($title, $content) {
OpenTable();
echo "<center>$title</center> $content";
CloseTable();
echo " ";
}
}

function public_message() {
global $prefix, $user_prefix, $db, $user, $admin, $p_msg, $cookie, $broadcast_msg;
if ($broadcast_msg == 1) {
if (is_user($user)) {
cookiedecode($user);
$result = $db->sql_query("SELECT broadcast FROM ".$user_prefix."_users WHERE username='$cookie[1]'");
$row = $db->sql_fetchrow($result);
$upref = $row['broadcast'];
if ($upref == 1) {
$t_off = " [ <a href=\"modules.php?name=Your_Account&op=edithome\">"._TURNOFFMSG."</a> ]";
$pm_show = 1;
} else {
$pm_show = 0;
}
} else {
$t_off = "";
}
if (!is_user($user) OR (is_user($user) AND ($pm_show == 1))) {
$c_mid = base64_decode($p_msg);
$c_mid = addslashes($c_mid);
$c_mid = intval($c_mid);
$result2 = $db->sql_query("SELECT mid, content, date, who FROM ".$prefix."_public_messages WHERE mid > '$c_mid' ORDER BY date ASC LIMIT 1");
$row2 = $db->sql_fetchrow($result2);
$mid = intval($row2['mid']);
$content = $row2['content'];
$tdate = $row2['date'];
$who = $row2['who'];
if ((!isset($c_mid)) OR ($c_mid = $mid)) {
$public_msg = " <table width=\"90%\" border=\"1\" cellspacing=\"2\" cellpadding=\"0\" bgcolor=\"FFFFFF\" align=\"center\"><tr><td>\n";
$public_msg .= "<table width=\"100%\" border=\"0\" cellspacing=\"1\" cellpadding=\"2\" bgcolor=\"FF0000\"><tr><td>\n";
$public_msg .= ""._BROADCASTFROM." <a href=\"modules.php?name=Your_Account&op=userinfo&username=$who\">$who</a>: \"$content\"";
$public_msg .= "$t_off";
$public_msg .= "</td></tr></table>";
$public_msg .= "</td></tr></table>";
$ref_date = $tdate+600;
$actual_date = time();
if ($actual_date >= $ref_date) {
$public_msg = "";
$numrows = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_public_messages"));
if ($numrows == 1) {
$db->sql_query("DELETE FROM ".$prefix."_public_messages");
$mid = 0;
} else {
$db->sql_query("DELETE FROM ".$prefix."_public_messages WHERE mid='$mid'");
}
}
if ($mid == 0 OR $mid == "") {
setcookie("p_msg");
} else {
$mid = base64_encode($mid);
$mid = addslashes($mid);
setcookie("p_msg",$mid,time()+600);
}
}
}
} else {
$public_msg = "";
}
return($public_msg);
}

function get_theme() {
global $user, $cookie, $Default_Theme, $name, $op;
if(is_user($user) && ($name != "Your_Account" || $op != "logout")) {
$user2 = base64_decode($user);
$user2 = addslashes($user2);
$t_cookie = explode(":", $user2);
if($t_cookie[9]=="" || empty($t_cookie[9])) $t_cookie[9]=$Default_Theme;
if(@file_exists("themes/$t_cookie[9]/theme.php")) {
$ThemeSel = $t_cookie[9];
} else {
$ThemeSel = $Default_Theme;
}
} else {
$ThemeSel = $Default_Theme;
}
return($ThemeSel);
}

function removecrlf($str) {
// Function for Security Fix by Ulf Harnhammar, VSU Security 2002
// Looks like I don't have so bad track record of security reports as Ulf believes
// He decided to not contact me, bu

neodesc · New Member Joined: Jun 20, 2005 Posts: 18

Code:

// He decided to not contact me, but I'm always here, digging on the net
return strtr($str, "\015\012", ' ');
}

function paid() {
global $db, $user, $cookie, $adminmail, $sitename, $nukeurl, $subscription_url, $user_prefix, $prefix;
if (is_user($user)) {
 if ($subscription_url != "") {
 $renew = ""._SUBRENEW." $subscription_url";
 } else {
 $renew = "";
 }
 cookiedecode($user);
 $sql = "SELECT * FROM ".$prefix."_subscriptions WHERE userid='$cookie[0]'";
 $result = $db->sql_query($sql);
 $numrows = $db->sql_numrows($result);
 $row = $db->sql_fetchrow($result);
 if ($numrows == 0) {
 return 0;
 } elseif ($numrows != 0) {
 $time = time();
 if ($row[subscription_expire] <= $time) {
 $db->sql_query("DELETE FROM ".$prefix."_subscriptions WHERE userid='$cookie[0]' AND id='$row[id]'");
 $from = "$sitename <$adminmail>";
 $subject = "$sitename: "._SUBEXPIRED."";
 $body = ""._HELLO." $cookie[1]:\n\n"._SUBSCRIPTIONAT." $sitename "._HASEXPIRED."\n$renew\n\n"._HOPESERVED."\n\n$sitename "._TEAM."\n$nukeurl";
 $row = $db->sql_fetchrow($db->sql_query("SELECT user_email FROM ".$user_prefix."_users WHERE id='$cookie[0]' AND nickname='$cookie[1]' AND password='$cookie[2]'"));
 mail($row[user_email], $subject, $body, "From: $from\nX-Mailer: PHP/" . phpversion());
 }
 return 1;
 }
} else {
 return 0;
}
}

function stripos_clone($haystack, $needle, $offset=0) {
return strpos(strtoupper($haystack), strtoupper($needle), $offset);
}

switch($gfx) {

case "gfx":
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 6);
$ThemeSel = get_theme();
if (file_exists("themes/$ThemeSel/images/code_bg.jpg")) {
 $image = ImageCreateFromJPEG("themes/$ThemeSel/images/code_bg.jpg");
} else {
$image = ImageCreateFromJPEG("images/code_bg.jpg");
}
$text_color = ImageColorAllocate($image, 80, 80, 80);
Header("Content-type: image/jpeg");
ImageString ($image, 5, 12, 2, $code, $text_color);
ImageJPEG($image, '', 75);
ImageDestroy($image);
die();
break;

}

?>