DATEIVERGLEICH
Erstellt: 22.05.2005 00:13:37
   
Modus: Alle Zeilen  
   
Linke Datei: D:\Localhost_2\nuke5.5\html\mainfile.php     Rechte Datei: D:\Localhost\CP-Light\html\mainfile.php  
1 <?php = 1 <?php
2     2  
    <> 3 ##################################################################
      4 # Copyright by Siegfried Schlosser, Regine Diepold, Roman Mahr ( www.phpnuke-community.de )
      5 # know as: sigi, Regs, Dogman
      6 # Email: admin@phpnuke-community.de
      7 # Modified for CP v2.0 at www.phpnuke-community.de
      8 # This file is not free!
      9 # Do not Remove the Copyright!
      10 # mainfile.php CAN NOT be renamed.
      11 # mainfile.php CAN NOT be ported.
      12 # This package CAN NOT be mirrored.
      13 # Support: http://phpnuke-community.de
      14 # Only http://phpnuke-style.de is allowed to sell mainfile.php!
      15 ###################################################################
      16 ## QuickFix 3.7 Begin
3 ob_start("ob_gzhandler");   17 @ini_set("display_errors","0");
      18 ## QuickFix 3.7 End
      19 ## Admin Secure Begin
      20 //function nuke_getRootPath() {
      21 //$ret  = "./";
      22 //if (eregi('\/modules\/[^\/]+\/[^\/]+\/[^\/]+.php$', $_SERVER['PHP_SELF'])) { $ret = "../../../"; }
      23 //else if (eregi('\/modules\/[^\/]+\/[^\/]+.php$', $_SERVER['PHP_SELF'])) { $ret = "../../"; }
      24 //else if (eregi('\/modules\/[^\/]+.php$', $_SERVER['PHP_SELF'])) { $ret = "../"; }
      25 //return $ret;
      26 //}
      27 //require_once(nuke_getRootPath().'includes/asfunc.php');
      28 ## Admin Secure End
4   = 29  
5 /************************************************************************/ <> 30 require_once("config.php");
6 /* PHP-NUKE: Advanced Content Management System                         */   31 require_once("includes/cpfunctions.php");
7 /* ============================================                         */   32 require_once("includes/sql_layer.php");
8 /*                                                                      */   33  
9 /* Copyright (c) 2002 by Francisco Burzi (fbc@mandrakesoft.com)        */   34 $dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
10 /* http://phpnuke.org                                                   */   35 $mainfile = 1;
11 /*                                                                      */   36  
12 /* This program is free software. You can redistribute it and/or modify */   37 ## QuickFix 2.5 Begin
13 /* it under the terms of the GNU General Public License as published by */   38 if (isset($p_msg)){
14 /* the Free Software Foundation; either version 2 of the License.       */   39     unset($p_msg);
15 /************************************************************************/   40 }
16   = 41  
17 foreach ($HTTP_GET_VARS as $secvalue) { <> 42 if (isset($admin)){
18     if (eregi("<[^>]*script*\"?[^>]*>", $secvalue)) {   43     $admin = base64_decode($admin);
      44     $admin = addslashes($admin);
      45     $admin = base64_encode($admin);
      46 }
    = 47  
    -+ 48 if (isset($user)){
      49     $user = base64_decode($user);
      50     $user = addslashes($user);
      51     $user = base64_encode($user);
      52 }
      53 ## QuickFix 2.5 End
    = 54  
    <> 55 ## Adminfuncs
      56 ## SpeedUp by DJMaze Begin
      57 function is_admin($admin) {
      58     global $prefix, $dbi;
      59     static $adminSave;
      60     if (isset($adminSave)) return ($adminSave);
      61     if(!is_array($admin)) {
      62         $admin = base64_decode($admin);
      63         $admin = explode(":", $admin);
      64     }
      65     $aid = $admin[0];
      66     $pwd = $admin[1];
      67     if ($aid != "" AND $pwd != "") {
      68         $aid = trim($aid);
      69         $sql = "SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'";
      70         $result = sql_query($sql, $dbi);
      71         $row = sql_fetch_array($result, $dbi);
      72         $pass = $row['pwd'];
      73         if ($pass == $pwd && $pass != "") {
      74             return $adminSave = 1;
      75         }
      76     }
      77     return $adminSave = 0;
      78 }
      79 ## SpeedUp by DJMaze End
19         die ("I don't like you...");   80 function adminblock() {
      81     global $admin, $prefix, $dbi;
      82     if (is_admin($admin)) {
      83         $result = sql_query("select title, content from ".$prefix."_blocks where bkey='admin'", $dbi);
      84         while(list($title, $content) = sql_fetch_array($result, $dbi)) {
      85             $content = "<font class=\"content\">$content</font>";
      86             themesidebox($title, $content);
      87         }
      88         $title = ""._WAITINGCONT."";
      89         $result = sql_query("select * from ".$prefix."_queue", $dbi);
      90         $num = sql_num_rows($result, $dbi);
      91         $content = "<font class=\"content\">";
      92         $content .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"admin.php?op=submissions\">"._SUBMISSIONS."</a>: $num<br>";
      93         $result = sql_query("select * from ".$prefix."_reviews_add", $dbi);
      94         $num = sql_num_rows($result, $dbi);
      95         $content .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"admin.php?op=reviews\">"._WREVIEWS."</a>: $num<br>";
      96         $result = sql_query("select * from ".$prefix."_links_newlink", $dbi);
      97         $num = sql_num_rows($result, $dbi);
      98         $content .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"admin.php?op=Links\">"._WLINKS."</a>: $num<br>";
      99         $result = sql_query("select * from ".$prefix."_downloads_newdownload", $dbi);
      100         $num = sql_num_rows($result, $dbi);
      101         $content .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"admin.php?op=downloads\">"._UDOWNLOADS."</a>: $num<br></font>";
      102          if (eregi("admin.php",$_SERVER["SCRIPT_FILENAME"])){
      103             themesideboxadmin($title, $content);
      104          } else {
      105              themesidebox($title, $content);
      106          }
20     } = 107     }
21 }   108 }
    -+ 109 ## End Adminfunc
      110 ## Begin Startfuncs
      111 ## NukeHackerTrap Begin
      112 require_once("includes/class_sql_inject.php");
      113 ## Dies einsetzten, wenn die php-Version älter als 4.1.x ist
      114 //if ($HTTP_SERVER_VARS["QUERY_STRING"] != ""){
      115 ##
      116 if ($_SERVER["QUERY_STRING"] != ""){
      117     $sql = new sql_inject("sqlinject.txt",FALSE,"index.php");
      118     $sql->test($_SERVER["QUERY_STRING"]);
      119     ## Dies einsetzten, wenn die php-Version älter als 4.1.x ist
      120     //$sql->test($HTTP_SERVER_VARS["QUERY_STRING"]);
      121     ##
      122 }
      123 ## NukeHackerTrap End
22   = 124  
    -+ 125 $phpver = phpversion();
      126 if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
      127     if (extension_loaded('zlib')) {
      128         ob_end_clean();
      129         ob_start('ob_gzhandler');
      130     }
      131 } else if ($phpver > '4.0') {
      132     if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
      133         if (extension_loaded('zlib')) {
      134             $do_gzip_compress = TRUE;
      135             ob_start();
      136             ob_implicit_flush(0);
      137         }
      138     }
      139 }
    = 140  
    -+ 141 $phpver = explode(".", $phpver);
      142 $phpver = "$phpver[0]$phpver[1]";
      143 if ($phpver >= 41) {
      144     $PHP_SELF = $_SERVER['PHP_SELF'];
      145 }
    = 146  
23 if (eregi("mainfile.php",$PHP_SELF)) { <> 147 if (eregi("mainfile.php", $_SERVER['SCRIPT_NAME'])) {
24     Header("Location: index.php"); = 148     Header("Location: index.php");
25     die();   149     die();
26 }   150 }
27     151  
28 require_once("config.php"); <> 152 if (!ini_get("register_globals")) {
29 require_once("includes/sql_layer.php");   153     import_request_variables('GPC');
30 $dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);      
31 $mainfile = 1;   154 }
32   = 155  
    -+ 156 ## SiteCloseDownHack by Mighty_Y Begin
33 if (isset($newlang)) { = 157 if (isset($newlang)) {
34     if (file_exists("language/lang-$newlang.php")) {   158     if (file_exists("language/lang-$newlang.php")) {
35         setcookie("lang",$newlang,time()+31536000); <> 159         setcookie("lang",$newlang,time()+31536000);
36         include("language/lang-$newlang.php");   160         include("language/lang-$newlang.php");
37         $currentlang = $newlang;   161         $currentlang = $newlang;
38     } else { = 162     } else {
39         setcookie("lang",$language,time()+31536000); <> 163         setcookie("lang",$language,time()+31536000);
40         include("language/lang-$language.php");   164         include("language/lang-$language.php");
41         $currentlang = $language;   165         $currentlang = $language;
42     } = 166     }
43 } elseif (isset($lang)) {   167 } elseif (isset($lang)) {
44     include("language/lang-$lang.php");   168     include("language/lang-$lang.php");
45     $currentlang = $lang;   169     $currentlang = $lang;
46 } else {   170 } else {
47     setcookie("lang",$language,time()+31536000);   171     setcookie("lang",$language,time()+31536000);
48     include("language/lang-$language.php");   172     include("language/lang-$language.php");
49     $currentlang = $language;   173     $currentlang = $language;
50 }   174 }
51     175  
    -+ 176 $result = sql_query("SELECT disable_site, disable_message, disable_title FROM ".$prefix."_config", $dbi);
      177 list($disable, $disablemessage, $disabletitle) = sql_fetch_row($result, $dbi);
      178 if ($disablemessage != "" && !is_admin($admin)){
      179     $reason = "<br><br><font color =\"#ff0000\"><b>"._DISABLE_REASON2."</b></font><br><font class=\"boxtitle\">$disablemessage</font>";
      180 } elseif ($disablemessage != "" && is_admin($admin)){
      181               $reason = "<br>$disablemessage";
      182 }
      183 if($disabletitle != "" ){
      184    $titleclosed = $disabletitle;
      185 }else{
      186    $titleclosed = ""._DIS_TITLE."";
      187 }
      188 if (!eregi("admin.php", $_SERVER['SCRIPT_NAME']) && !is_admin($admin) && $disable){
      189     include("header.php");
      190     $index = 1;
      191     title($titleclosed);
      192     OpenTable();
      193     echo "<center><font class=\"boxtitle\">"._DISABLE_REASON1."</font>$reason</center>";
      194     CloseTable();
      195     include("footer.php");
      196     die();
      197 } elseif (!eregi("admin.php", $_SERVER['SCRIPT_NAME']) && is_admin($admin) && $disable && $name!= "Your_Account"){
      198           echo "<center><b><font color =\"#000000\">"._DISABLE."</font><font color =\"#ff0000\">$reason</font></b></center>";
      199 }
      200 ## SiteCloseDownHack by Mighty_Y End
    = 201  
    <> 202 ## SpeedUp by DJMaze Begin
52 function get_lang($module) {   203 function is_active($module) {
      204     global $prefix, $dbi;
      205     static $save;
      206     if (is_array($save)) {
      207         if (isset($save[$module])) return ($save[$module]);
      208         return 0;
      209     }
      210     $sql = "SELECT title FROM ".$prefix."_modules WHERE active=1";
      211     $result = sql_query($sql, $dbi);
      212     while ($row = sql_fetch_row($result, $dbi)) {
      213         $save[$row[0]] = 1;
      214     }
      215     if (isset($save[$module])) return ($save[$module]);
53     global $currentlang;   216     return 0;
      217 }
      218 ## SpeedUp by DJMaze End
      219 ## End Startfuncs
      220 ## Begin Blockfuncs
      221 function blockfileinc($title, $blockfile, $side=0) {
      222     $blockfiletitle = $title;
      223     $file = @file("blocks/$blockfile");
    = 224  
54     if ($module == admin) { <> 225     if (!$file) {
55         if (file_exists("admin/language/lang-$currentlang.php")) {   226         $content = _BLOCKPROBLEM;
56             include_once("admin/language/lang-$currentlang.php");   227     } else {
      228         ## QuickFix 3.3 Begin
      229         $content = "";
      230         ## QuickFix 3.3 End
      231         include("blocks/$blockfile");
57         }   232     }
      233     if ($content == "") {
      234    $content = _BLOCKPROBLEM2;
      235     }
      236     if ($side == 1) {
      237    themecenterbox($blockfiletitle, $content);
      238     } elseif ($side == 2) {
      239    themecenterbox($blockfiletitle, $content);
58     } else { = 240     } else {
59         if (file_exists("modules/$module/language/lang-$currentlang.php")) {    <> 241        if (eregi("admin.php",$_SERVER["SCRIPT_FILENAME"])){
60             include_once("modules/$module/language/lang-$currentlang.php");   242              themesideboxadmin($blockfiletitle, $content);
      243         } else {
      244             themesidebox($title, $content);
61         }   245         }
62     } = 246     }
63 }   247 }
64     248  
65 function is_admin($admin) { <> 249 function blocks($side) {
      250     global $storynum, $prefix, $multilingual, $currentlang, $dbi, $admin, $name, $user;
    = 251  
    <> 252     if ($multilingual == 1) {
      253        $querylang = "AND (blanguage='$currentlang' OR blanguage='')";
66     global $prefix, $dbi;   254     } else {
      255        $querylang = "";
67     if(!is_array($admin)) {   256     }
68         $admin = base64_decode($admin);   257     if (strtolower($side[0]) == "l") {
69         $admin = explode(":", $admin);   258         $pos = "l";
      259     } elseif (strtolower($side[0]) == "r") {
      260         $pos = "r";
      261     }  elseif (strtolower($side[0]) == "c") {
      262         $pos = "c";
      263     } elseif  (strtolower($side[0]) == "d") {
70         $aid = "$admin[0]";   264         $pos = "d";
      265     }
71         $pwd = "$admin[1]";   266     $side = $pos;
      267     if (isset($name)) {
      268        $result = sql_query("SELECT b.bid, b.bkey, b.title, b.content, b.url, b.blockfile, b.view, b.custom_title_german, b.custom_title_english FROM ".$prefix."_blocks b, ".$prefix."_blocks_manager m WHERE b.bid=m.bid AND m.title='$name' AND b.position='$pos' AND b.active='1' $querylang ORDER BY b.weight ASC", $dbi);
72     } else { = 269     } else {
73         $aid = "$admin[0]"; <> 270        $result = sql_query("SELECT b.bid, b.bkey, b.title, b.content, b.url, b.blockfile, b.view , b.custom_title_german, b.custom_title_english FROM ".$prefix."_blocks b WHERE b.position='$pos' AND b.active='1' $querylang ORDER BY b.weight ASC", $dbi);
74         $pwd = "$admin[1]";      
75     } = 271     }
76     $result = sql_query("select pwd from ".$prefix."_authors where aid='$aid'", $dbi); <> 272     while(list($bid, $bkey, $title, $content, $url, $blockfile, $view, $ctg, $cte) = sql_fetch_row($result, $dbi)) {
      273           ## QuickFix 3.2 Begin
      274           $bid = intval($bid);
      275           $title = stripslashes(check_html($title, "nohtml"));
      276           $content = stripslashes($content);
77     list($pass) = sql_fetch_row($result, $dbi);   277           $url = stripslashes($url);
      278           $view = intval($view);
      279           $ctg = stripslashes(check_html($ctg, "nohtml"));
      280           $cte = stripslashes(check_html($cte, "nohtml"));
      281           ## QuickFix 3.2 Begin
    = 282  
    -+ 283     $otitle=$title;
      284     switch ($currentlang)
      285     {
      286      case "english":
      287      $title=$cte;
      288       break;
      289       default:
      290       $title=$ctg;
      291        break;
    = 292  
    -+ 293        }
      294         if ($title=="") $title=$otitle;
    = 295  
    <> 296    if ($bkey == admin) {
      297        adminblock();
      298    } elseif ($bkey == userbox) {
      299        userblock();
      300    } elseif ($bkey == "") {
78     if($pass == $pwd && $pass != "") {   301        if ($view == 0) {
      302       render_blocks($side, $blockfile, $title, $content, $bid, $url);
      303        } elseif ($view == 1 AND is_user($user)) {// || is_admin($admin)
      304       render_blocks($side, $blockfile, $title, $content, $bid, $url);
      305        } elseif ($view == 2 AND is_admin($admin)) {
79         return 1;   306  
      307                  render_blocks($side, $blockfile, $title, $content, $bid, $url);
      308        } elseif ($view == 3 AND !is_user($user)) {// || is_admin($admin)
      309       render_blocks($side, $blockfile, $title, $content, $bid, $url);
      310        } elseif ($view > 3 AND is_user($user)) {// || is_admin($admin)
      311                 $userInfo = getusrinfo($user);
      312                 $newView = $view - 3;
      313                 list($groupName) = sql_fetch_row(sql_query("select groupName from ".$prefix."_usergroups where groupID=$newView", $dbi), $dbi);
      314                 list($confUID) = sql_fetch_row(sql_query("select uid from ".$prefix."_usergroup_users where groupID=$newView AND uid=$userInfo[uid]", $dbi), $dbi);
      315                 if ($confUID == $userInfo[uid] || is_admin($admin)) {
      316                     render_blocks($side, $blockfile, $title, $content, $bid, $url);
      317                 }
      318             }
      319    }
80     } = 320     }
81     return 0; +-    
82 } = 321 }
83     322  
84 function is_user($user) { <> 323 function render_blocks($side, $blockfile, $title, $content, $bid, $url) {
85     global $prefix, $dbi, $user_prefix;   324  
86     if(!is_array($user)) {   325     if ($url == "") {
87         $user = base64_decode($user);   326          if ($blockfile == "") {
88         $user = explode(":", $user);   327             if ($side == "c") {
      328                 themecenterbox($title, $content);
      329             } elseif ($side == "d") {
      330                 themecenterbox($title, $content);
      331             } else {
    = 332  
    -+ 333                 themesidebox($title, $content);
    = 334  
    <> 335             }
89         $uid = "$user[0]";   336         } else {
      337             if ($side == "c") {
      338                 blockfileinc($title, $blockfile, 1);
      339             } elseif ($side == "d") {
      340                 blockfileinc($title, $blockfile, 1);
      341             } else {
90         $pwd = "$user[2]";   342  
      343                 blockfileinc($title, $blockfile);
      344             }
      345         }
91     } else { = 346     } else {
    <> 347         if ($side == "c" OR $side == "d") {
      348             headlines($bid,1);
92         $uid = "$user[0]";   349         } else {
      350                 headlines($bid);
93         $pwd = "$user[2]";   351         }
94     } = 352     }
      353  
    -+ 354 }
    = 355  
    -+ 356 function themecenterbox($title, $content) {
      357     OpenTable();
      358     echo "<center><font class=\"option\"><b>$title</b></font></center><br>"
      359    ."$content";
      360     CloseTable();
      361     echo "<br>";
      362 }
    = 363  
    <> 364 function userblock() {
      365     global $user, $cookie, $prefix, $dbi, $user_prefix;
      366     if((is_user($user)) AND ($cookie[8])) {
95     $result = sql_query("select pass from ".$user_prefix."_users where uid='$uid'", $dbi);   367    $getblock = sql_query("select ublock from ".$user_prefix."_users where uid='$cookie[0]'", $dbi);
      368    $title = ""._MENUFOR." $cookie[1]";
96     list($pass) = sql_fetch_row($result, $dbi);   369    list($ublock) = sql_fetch_row($getblock, $dbi);
97     if($pass == $pwd && $pass != "") {   370          if (eregi("admin.php",$_SERVER["SCRIPT_FILENAME"])){
      371        themesideboxadmin($title, $ublock);
      372          } else {
      373              themesidebox($title, $ublock);
      374          }
      375     }
      376 }
98         return 1;   377  
      378 function searchblock() {
      379     OpenTable();
      380     echo "<form action=\"modules.php?name=Forum&file=search\" method=\"post\">";
      381     echo "<input type=\"hidden\" name=\"addterm\" value=\"any\">";
      382     echo "<input type=\"hidden\" name=\"sortby\" value=\"p.post_time\">";
      383     echo "&nbsp;&nbsp;<b>"._SEARCH."</b>&nbsp;<input type=\"text\" name=\"term\" size=\"15\">";
      384     echo "<input type=\"hidden\" name=\"submit\" value=\"submit\"></form>";
      385     echo "<div align=\"left\"><font class=\"content\">&nbsp;&nbsp;[ <a href=\"modules.php?name=Forum&file=search&addterm=any&amp;sortby=p.post_time&amp;adv=1\">Advanced Search</a> ]</font></div>";
      386     CloseTable();
      387 }
      388 ## End Blockfuncs
      389 ## Begin Textfuncs
      390 function FixQuotes ($what = "") {
      391         $what = ereg_replace("'","''",$what);
      392         while (eregi("\\\\'", $what)) {
      393                 $what = ereg_replace("\\\\'","'",$what);
      394         }
      395         return $what;
      396 }
    = 397  
    -+ 398 /*********************************************************/
      399 /* text filter                                           */
      400 /*********************************************************/
    = 401  
    -+ 402 function check_words($Message) {
      403     global $EditedMessage;
      404     include("config.php");
      405     $EditedMessage = $Message;
      406     if ($CensorMode != 0) {
    = 407  
    -+ 408         if (is_array($CensorList)) {
      409             $Replace = $CensorReplace;
      410             if ($CensorMode == 1) {
      411                 for ($i = 0; $i < count($CensorList); $i++) {
      412                     $EditedMessage = eregi_replace("$CensorList[$i]([^a-zA-Z0-9])","$Replace\\1",$EditedMessage);
      413                 }
      414             } elseif ($CensorMode == 2) {
      415                 for ($i = 0; $i < count($CensorList); $i++) {
      416                     $EditedMessage = eregi_replace("(^|[^[:alnum:]])$CensorList[$i]","\\1$Replace",$EditedMessage);
      417                 }
      418             } elseif ($CensorMode == 3) {
      419                 for ($i = 0; $i < count($CensorList); $i++) {
      420                     $EditedMessage = eregi_replace("$CensorList[$i]","$Replace",$EditedMessage);
      421                 }
      422             }
      423         }
99     } = 424     }
    -+ 425     return ($EditedMessage);
      426 }
    = 427  
    <> 428 function delQuotes($string){
      429     /* no recursive function to add quote to an HTML tag if needed */
      430     /* and delete duplicate spaces between attribs. */
      431     $tmp="";    # string buffer
      432     $result=""; # result string
      433     $i=0;
      434     $attrib=-1; # Are us in an HTML attrib ?   -1: no attrib   0: name of the attrib   1: value of the atrib
      435     $quote=0;   # Is a string quote delimited opened ? 0=no, 1=yes
      436     $len = strlen($string);
      437     while ($i<$len) {
      438         switch($string[$i]) { # What car is it in the buffer ?
      439             case "\"": #"       # a quote.
      440                 if ($quote==0) {
      441                     $quote=1;
      442                 } else {
      443                     $quote=0;
      444                     if (($attrib>0) && ($tmp != "")) { $result .= "=\"$tmp\""; }
      445                     $tmp="";
      446                     $attrib=-1;
      447                 }
      448                 break;
      449             case "=":           # an equal - attrib delimiter
      450                 if ($quote==0) {  # Is it found in a string ?
      451                     $attrib=1;
      452                     if ($tmp!="") $result.=" $tmp";
      453                     $tmp="";
      454                 } else $tmp .= '=';
      455                 break;
      456             case " ":           # a blank ?
      457                 if ($attrib>0) {  # add it to the string, if one opened.
      458                     $tmp .= $string[$i];
      459                 }
      460                 break;
      461             default:            # Other
      462                 if ($attrib<0)    # If we weren't in an attrib, set attrib to 0
      463                 $attrib=0;
      464                 $tmp .= $string[$i];
      465                 break;
      466         }
      467         $i++;
      468     }
      469     if (($quote!=0) && ($tmp != "")) {
      470         if ($attrib==1) $result .= "=";
      471         /* If it is the value of an atrib, add the '=' */
      472         $result .= "\"$tmp\"";  /* Add quote if needed (the reason of the function ;-) */
      473     }
100     return 0;   474     return $result;
      475 }
    = 476  
    -+ 477 function check_html ($str, $strip="") {
      478     /* The core of this code has been lifted from phpslash */
      479     /* which is licenced under the GPL. */
      480     include("config.php");
      481     if ($strip == "nohtml")
      482             $AllowableHTML=array('');
      483         $str = stripslashes($str);
      484                 $str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>",'<\\1>', $str);
      485                 // Delete all spaces from html tags .
      486                 $str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?[[:space:]]*([^\" >]*)[[:space:]]*\"?[^>]*>",'<a href="\\1">', $str);
      487                 // Delete all attribs from Anchor, except an href, double quoted.
      488                 $str = eregi_replace("<[[:space:]]* img[[:space:]]*([^>]*)[[:space:]]*>", '', $str);
      489                 // Delete all img tags
      490                 $str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?javascript[[:punct:]]*\"?[^>]*>", '', $str);
      491                 // Delete javascript code from a href tags -- Zhen-Xjell @ http://nukecops.com
      492         $tmp = "";
      493         while (ereg("<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>",$str,$reg)) {
      494                 $i = strpos($str,$reg[0]);
      495                 $l = strlen($reg[0]);
      496                 if ($reg[1][0] == "/") $tag = strtolower(substr($reg[1],1));
      497                 else $tag = strtolower($reg[1]);
      498                 if ($a = $AllowableHTML[$tag])
      499                         if ($reg[1][0] == "/") $tag = "</$tag>";
      500                         elseif (($a == 1) || ($reg[2] == "")) $tag = "<$tag>";
      501                         else {
      502                           # Place here the double quote fix function.
      503                           $attrb_list=delQuotes($reg[2]);
      504                           // A VER
      505                           $attrb_list = ereg_replace("&","&amp;",$attrb_list);
      506                           $tag = "<$tag" . $attrb_list . ">";
      507                         } # Attribs in tag allowed
      508                 else $tag = "";
      509                 $tmp .= substr($str,0,$i) . $tag;
      510                 $str = substr($str,$i+$l);
      511         }
      512         $str = $tmp . $str;
      513         return $str;
      514         exit;
      515         /* Squash PHP tags unconditionally */
      516         $str = ereg_replace("<\?","",$str);
      517         return $str;
      518 }
    = 519  
    -+ 520 function filter_text($Message, $strip="") {
      521     global $EditedMessage;
      522     check_words($Message);
      523     $EditedMessage=check_html($EditedMessage, $strip);
      524     return ($EditedMessage);
101 } = 525 }
102     526  
103 function title($text) {   527 function title($text) {
104     OpenTable();   528     OpenTable();
105     echo "<center><font class=\"title\"><b>$text</b></font></center>";   529     echo "<center><font class=\"title\"><b>$text</b></font></center>";
106     CloseTable();   530     CloseTable();
107     echo "<br>";   531     echo "<br>";
108 }   532 }
109     533  
110 function is_active($module) { <> 534 function message_box() {
111     global $prefix, $dbi;   535     global $bgcolor1, $bgcolor2, $user, $admin, $cookie, $textcolor2, $prefix, $multilingual, $currentlang, $dbi;
112     $result = sql_query("select active from ".$prefix."_modules where title='$module'", $dbi);      
113     list ($act) = sql_fetch_row($result, $dbi);      
114     if (!$result OR $act == 0) {   536     if ($multilingual == 1) {
115         return 0;   537         $querylang = "AND (mlanguage='$currentlang' OR mlanguage='')";
116     } else { = 538     } else {
117         return 1; <> 539         $querylang = "";
118     } = 540     }
    <> 541     $result = sql_query("select mid, title, content, date, expire, view from ".$prefix."_message where active='1' $querylang", $dbi);
      542     if (sql_num_rows($result, $dbi) == 0) {
119 }   543        return;
120     544     } else {
121 function render_blocks($side, $blockfile, $title, $content, $bid, $url) {   545         while (list($mid, $title, $content, $mdate, $expire, $view) = sql_fetch_row($result, $dbi)) {
      546         if ($title != "" && $content != "") {
122     if ($url == "") {   547             if ($expire == 0) {
123         if ($blockfile == "") {   548                 $remain = _UNLIMITED;
124             if ($side == "c") {   549           } else {
125                 themecenterbox($title, $content);   550                 $etime = (($mdate+$expire)-time())/3600;
      551                 $etime = (int)$etime;
      552                 if ($etime < 1) {
      553                     $remain = _EXPIRELESSHOUR;
126             } else {   554                 } else {
127                 themesidebox($title, $content);   555                     $remain = ""._EXPIREIN." $etime "._HOURS."";
128             }   556                 }
129         } else {   557             }
      558             if ($view == 4 AND is_admin($admin)) {
      559                 OpenTable2();
      560                 echo "<center><font class=\"option\" color=\"$textcolor2\"><b>$title</b></font></center>\n"
      561                     ."<font class=\"content\">$content</font>"
      562                     ."<br><br><center><font class=\"content\">[ "._MVIEWADMIN." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</font></center>";
      563                 CloseTable2();
      564                 echo "<br>";
      565             } elseif ($view == 3 AND is_user($user) || is_admin($admin)) {
      566                 OpenTable2();
      567                 echo "<center><font class=\"option\" color=\"$textcolor2\"><b>$title</b></font></center>\n"
      568                     ."<font class=\"content\">$content</font>";
      569                 if (is_admin($admin)) {
      570                     echo "<br><br><center><font class=\"content\">[ "._MVIEWUSERS." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</font></center>";
130             if ($side == "c") {   571                 }
131                 blockfileinc($title, $blockfile, 1);   572                     CloseTable2();
      573                 echo "<br>";
      574             } elseif ($view == 2 AND !is_user($user) || is_admin($admin)) {
      575                 OpenTable2();
      576                 echo "<center><font class=\"option\" color=\"$textcolor2\"><b>$title</b></font></center>\n"
      577                     ."<font class=\"content\">$content</font>";
      578                 if (is_admin($admin)) {
      579                     echo "<br><br><center><font class=\"content\">[ "._MVIEWANON." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</font></center>";
132             } else {   580               }
133                 blockfileinc($title, $blockfile);   581                 CloseTable2();
      582                 echo "<br>";
      583             } elseif ($view == 1) {
      584                 OpenTable2();
      585                 echo "<center><font class=\"option\" color=\"$textcolor2\"><b>$title</b></font></center>\n"
      586                     ."<font class=\"content\">$content</font>";
      587                 if (is_admin($admin)) {
      588                     echo "<br><br><center><font class=\"content\">[ "._MVIEWALL." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</font></center>";
134             }   589                 }
      590                 CloseTable2();
      591                 echo "<br>";
      592             } elseif ($view > 4 AND is_user($user)) {// || is_admin($admin)
      593                 $userInfo = getusrinfo($user);
      594                 $newView = $view - 4;
      595                 list($groupName) = sql_fetch_row(sql_query("select groupName from ".$prefix."_usergroups where groupID=$newView", $dbi), $dbi);
      596                 list($confUID) = sql_fetch_row(sql_query("select uid from ".$prefix."_usergroup_users where groupID=$newView AND uid=$userInfo[uid]", $dbi), $dbi);
      597                 if ($confUID == $userInfo[uid] || is_admin($admin)) {
      598                     OpenTable2();
      599                     echo "<center><font class=\"option\" color=\"$textcolor2\"><b>$title</b></font></center>\n"
      600                            ."<font class=\"content\">$content</font>";
      601                     if (is_admin($admin)) {
      602                         echo "<br><br><center><font class=\"content\">[ $groupName - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</font></center>";
      603                     }
      604                     CloseTable2();
      605                     echo "<br>";
135         }   606                 }
136     } else {   607             }
137         if ($side == "c") {   608             if ($expire != 0) {
138             headlines($bid,1);   609                     $past = time()-$expire;
      610                 if ($mdate < $past) {
      611                     $result = sql_query("update ".$prefix."_message set active='0' where mid='$mid'", $dbi);
139         } else {   612                 }
      613                 }
140             headlines($bid);   614             }
141         }   615         }
142     } = 616     }
143 }   617 }
144     618  
145 function blocks($side) { <> 619 function ultramode() {
146     global $storynum, $prefix, $multilingual, $currentlang, $dbi, $admin, $user;      
147     if ($multilingual == 1) {   620     global $prefix, $dbi;
148         $querylang = "AND (blanguage='$currentlang' OR blanguage='')";      
149     } else {   621     $ultra = "ultramode.txt";
150         $querylang = "";   622     $file = fopen("$ultra", "w");
151     }   623     fwrite($file, "General purpose self-explanatory file with news headlines\n");
152     if (strtolower($side[0]) == "l") {   624     $rfile=sql_query("select sid, aid, title, time, comments, topic from ".$prefix."_stories order by time DESC limit 0,10", $dbi);
153         $pos = "l";   625     while(list($sid, $aid, $title, $time, $comments, $topic) = sql_fetch_row($rfile, $dbi)) {
154     } elseif (strtolower($side[0]) == "r") {   626         $rfile2=sql_query("select topictext, topicimage from ".$prefix."_topics where topicid=$topic", $dbi);
155         $pos = "r";   627         list($topictext, $topicimage) = sql_fetch_row($rfile2, $dbi);
156     }  elseif (strtolower($side[0]) == "c") {   628         $content = "%%\n$title\n/modules.php?name=News&file=article&sid=$sid\n$time\n$aid\n$topictext\n$comments\n$topicimage\n";
157         $pos = "c";   629         fwrite($file, $content);
158     } = 630     }
159     $side = $pos; <> 631     fclose($file);
160    $result = sql_query("select bid, bkey, title, content, url, blockfile, view from ".$prefix."_blocks where position='$pos' AND active='1' $querylang ORDER BY weight ASC", $dbi);   632 }
161     while(list($bid, $bkey, $title, $content, $url, $blockfile, $view) = sql_fetch_row($result, $dbi)) {   633  
162         if ($bkey == admin) {   634 ## End Textfuncs
163            adminblock();   635 ## Begin Userfuncs
164         } elseif ($bkey == userbox) {   636 function loginbox() {
165             userblock();   637     global $user;
166         } elseif ($bkey == "") {   638     if (!is_user($user)) {
167             if ($view == 0) {   639         $title = _LOGIN;
168                 render_blocks($side, $blockfile, $title, $content, $bid, $url);   640         $boxstuff = "<form action=\"modules.php?name=Your_Account\" method=\"post\">";
169             } elseif ($view == 1 AND is_user($user) || is_admin($admin)) {   641        $boxstuff .= "<center><font class=\"content\">"._NICKNAME."<br>";
170                 render_blocks($side, $blockfile, $title, $content, $bid, $url);   642         $boxstuff .= "<input type=\"text\" name=\"uname\" size=\"8\" maxlength=\"25\"><br>";
171             } elseif ($view == 2 AND is_admin($admin)) {   643        $boxstuff .= ""._PASSWORD."<br>";
172                 render_blocks($side, $blockfile, $title, $content, $bid, $url);   644         $boxstuff .= "<input type=\"password\" name=\"pass\" size=\"8\" maxlength=\"20\"><br>";
173             } elseif ($view == 3 AND !is_user($user) || is_admin($admin)) {   645        $boxstuff .= "<input type=\"hidden\" name=\"op\" value=\"login\">";
174                 render_blocks($side, $blockfile, $title, $content, $bid, $url);   646         $boxstuff .= "<input type=\"submit\" value=\""._LOGIN."\"></font></center></form>";
      647         $boxstuff .= "<center><font class=\"content\">"._ASREGISTERED."</font></center>";
      648          if (eregi("admin.php", $_SERVER["SCRIPT_FILENAME"])){
      649             themesideboxadmin($title, $boxstuff);
175             }   650          } else {
      651              themesidebox($title, $boxstuff);
176         }   652          }
177     } = 653     }
178 }   654 }
179     655  
    <> 656 ## SpeedUp by DJMaze Begin
180 function message_box() {   657 function cookiedecode($user) {
181     global $bgcolor1, $bgcolor2, $user, $admin, $cookie, $textcolor2, $prefix, $multilingual, $currentlang, $dbi;   658     global $cookie, $dbi, $user_prefix;
      659     static $pass;
182     if ($multilingual == 1) {   660     if(!is_array($user)) {
183         $querylang = "AND (mlanguage='$currentlang' OR mlanguage='')";   661         $user = base64_decode($user);
      662         ## QuickFix 3.2 Begin
      663         $user = addslashes($user);
      664         ## QuickFix 3.2 Begin
      665         $cookie = explode(":", $user);
184     } else { = 666     } else {
185         $querylang = ""; <> 667         $cookie = $user;
186     } = 668     }
187     $result = sql_query("select mid, title, content, date, expire, view from ".$prefix."_message where active='1' $querylang", $dbi); <> 669     if (!isset($pass)) {
      670        $sql = "SELECT pass FROM ".$user_prefix."_users WHERE uname='$cookie[1]'";
188     if (sql_num_rows($result, $dbi) == 0) {   671        $result = sql_query($sql, $dbi);
189         return;   672        list($pass) = sql_fetch_row($result, $dbi);
190     } else {   673     }
191         while (list($mid, $title, $content, $mdate, $expire, $view) = sql_fetch_row($result, $dbi)) {   674     if ($cookie[2] == $pass && $pass != "") { return $cookie; }
192         if ($title != "" && $content != "") {   675    ## QuickFix 2.4 Begin
      676     unset($GLOBALS['user']);
      677     unset($GLOBALS['cookie']);
193             if ($expire == 0) {   678     ## QuickFix 2.4 End
194                 $remain = _UNLIMITED;   679 }
195             } else {   680  
196                 $etime = (($mdate+$expire)-time())/3600;   681 function getusrinfo($user) {
      682     global $user_prefix, $dbi, $userinfo;
197                 $etime = (int)$etime;   683     static $userrow;
      684     if (!$user || $user == '') { return NULL; }
198                 if ($etime < 1) {   685     if(!is_array($user)) {
199                     $remain = _EXPIRELESSHOUR;   686         $user = base64_decode($user);
200                 } else {   687        ## QuickFix 3.2 Begin
201                     $remain = ""._EXPIREIN." $etime "._HOURS."";   688         $user = addslashes($user);
202                 }   689         ## QuickFix 3.2 Begin
      690         $user = explode(":", $user);
203             }   691     }
204             if ($view == 4 AND is_admin($admin)) {   692     if (is_array($userrow)) {
205                 OpenTable();   693         if ($userrow['uname'] == $user[1] && $userrow['pass'] = $user[2]) {
206                 echo "<center><font class=\"option\" color=\"$textcolor2\"><b>$title</b></font></center>\n"   694             return $userrow;
207                     ."<font class=\"content\">$content</font>"      
208                     ."<br><br><center><font class=\"content\">[ "._MVIEWADMIN." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</font></center>";      
209                 CloseTable();   695         }
210                 echo "<br>";   696     }
211             } elseif ($view == 3 AND is_user($user) || is_admin($admin)) {   697    $sql = "SELECT * FROM ".$user_prefix."_users WHERE uname='$user[1]' AND pass='$user[2]'";
212                 OpenTable();   698     $result = sql_query($sql, $dbi);
213                 echo "<center><font class=\"option\" color=\"$textcolor2\"><b>$title</b></font></center>\n"   699     if (sql_num_rows($result, $dbi) == 1) {
214                     ."<font class=\"content\">$content</font>";   700         $userrow = sql_fetch_array($result, $dbi);
215                 if (is_admin($admin)) {   701         return $userinfo = $userrow;
216                     echo "<br><br><center><font class=\"content\">[ "._MVIEWUSERS." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</font></center>";      
217                 }   702     }
218                 CloseTable();   703     unset($userinfo);
      704 }
219                 echo "<br>";   705  
220             } elseif ($view == 2 AND !is_user($user) || is_admin($admin)) {   706 function is_user($user) {
221                 OpenTable();   707     global $dbi, $user_prefix;
222                 echo "<center><font class=\"option\" color=\"$textcolor2\"><b>$title</b></font></center>\n"   708     static $userSave;
223                     ."<font class=\"content\">$content</font>";   709     if (isset($userSave)) return ($userSave);
224                 if (is_admin($admin)) {   710     if (!is_array($user)) {
225                     echo "<br><br><center><font class=\"content\">[ "._MVIEWANON." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</font></center>";   711       $user = base64_decode($user);
      712         ## QuickFix 3.2 Begin
      713         $user = addslashes($user);
      714         ## QuickFix 3.2 Begin
      715         $user = explode(":", $user);
226                 }   716     }
227                 CloseTable();   717     $uid = $user[0];
228                 echo "<br>";   718     $pwd = $user[2];
229             } elseif ($view == 1) {   719    $uid = intval($uid);
230                 OpenTable();   720     if ($uid != "" AND $pwd != "") {
231                 echo "<center><font class=\"option\" color=\"$textcolor2\"><b>$title</b></font></center>\n"   721         $sql = "SELECT pass FROM ".$user_prefix."_users WHERE uid='$uid'";
232                     ."<font class=\"content\">$content</font>";   722         $result = sql_query($sql, $dbi);
233                 if (is_admin($admin)) {   723         $row = sql_fetch_array($result, $dbi);
234                     echo "<br><br><center><font class=\"content\">[ "._MVIEWALL." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</font></center>";   724         $pass = $row['pass'];
      725         if ($pass == $pwd && $pass != "") {
      726             return $userSave = 1;
235                 }   727         }
236                 CloseTable();   728     }
      729     return $userSave = 0;
237                 echo "<br>";   730 }
      731 ## SpeedUp by DJMaze End
238             }   732  
239             if ($expire != 0) {   733 function get_lang($module) {
240                 $past = time()-$expire;   734     global $currentlang;
241                 if ($mdate < $past) {   735     if ($module == admin) {
242                     $result = sql_query("update ".$prefix."_message set active='0' where mid='$mid'", $dbi);   736         if (file_exists("admin/language/lang-$currentlang.php")) {
243                 }   737             include_once("admin/language/lang-$currentlang.php");
244                 }   738         }
245             }   739     } else {
      740         if (file_exists("modules/$module/language/lang-$currentlang.php")) {
      741             include_once("modules/$module/language/lang-$currentlang.php");
246         }   742         }
247     } = 743     }
248 }   744 }
249     745  
250 function online() {   746 function online() {
251     global $user, $cookie, $prefix, $dbi;   747     global $user, $cookie, $prefix, $dbi;
252     cookiedecode($user);   748     cookiedecode($user);
253     $ip = getenv("REMOTE_ADDR");   749     $ip = getenv("REMOTE_ADDR");
254     $username = $cookie[1];   750     $username = $cookie[1];
255     if (!isset($username)) {   751     if (!isset($username)) {
256         $username = "$ip";   752         $username = "$ip";
257         $guest = 1;   753         $guest = 1;
258     }   754     }
259     $past = time()-1800;   755     $past = time()-1800;
260     sql_query("DELETE FROM ".$prefix."_session WHERE time < $past", $dbi);   756     sql_query("DELETE FROM ".$prefix."_session WHERE time < $past", $dbi);
261     $result = sql_query("SELECT time FROM ".$prefix."_session WHERE username='$username'", $dbi);   757     $result = sql_query("SELECT time FROM ".$prefix."_session WHERE username='$username'", $dbi);
262     $ctime = time();   758     $ctime = time();
263     if ($row = sql_fetch_array($result, $dbi)) {   759     if ($row = sql_fetch_array($result, $dbi)) {
264         sql_query("UPDATE ".$prefix."_session SET username='$username', time='$ctime', host_addr='$ip', guest='$guest' WHERE username='$username'", $dbi); <> 760         sql_query("UPDATE ".$prefix."_session SET username='$username', time='$ctime', host_addr='$ip', guest='$guest' WHERE username='$username'", $dbi);
265     } else { = 761     } else {
266         sql_query("INSERT INTO ".$prefix."_session (username, time, host_addr, guest) VALUES ('$username', '$ctime', '$ip', '$guest')", $dbi); <> 762         sql_query("INSERT INTO ".$prefix."_session (username, time, host_addr, guest) VALUES ('$username', '$ctime', '$ip', '$guest')", $dbi);
267     } = 763     }
268 }   764 }
269        
270 function blockfileinc($title, $blockfile, $side=0) { +-    
271     $blockfiletitle = $title;      
272     $file = @file("blocks/$blockfile");      
273     if (!$file) {      
274         $content = _BLOCKPROBLEM;      
275     } else {      
276         include("blocks/$blockfile");      
277     }      
278     if ($content == "") {      
279         $content = _BLOCKPROBLEM2;      
280     }      
281     if ($side == 1) {      
282         themecenterbox($blockfiletitle, $content);      
283     } else {      
284         themesidebox($blockfiletitle, $content);      
285     }      
286 }      
287   =    
288 function selectlanguage() {   765 function selectlanguage() {
289     global $useflags, $currentlang;   766     global $useflags, $currentlang;
290     if ($useflags == 1) {   767     if ($useflags == 1) {
291     $title = _SELECTLANGUAGE;   768     $title = _SELECTLANGUAGE;
292     $content = "<center><font class=\"content\">"._SELECTGUILANG."<br><br>";   769     $content = "<center><font class=\"content\">"._SELECTGUILANG."<br><br>";
293     $langdir = dir("language");   770     $langdir = dir("language");
294     while($func=$langdir->read()) {   771     while($func=$langdir->read()) {
295         if(substr($func, 0, 5) == "lang-") { <> 772         if(substr($func, 0, 5) == "lang-") {
296             $menulist .= "$func ";   773                 $menulist .= "$func ";
297         }   774         }
298     } = 775     }
299     closedir($langdir->handle);   776     closedir($langdir->handle);
300     $menulist = explode(" ", $menulist);   777     $menulist = explode(" ", $menulist);
301     sort($menulist);   778     sort($menulist);
302     for ($i=0; $i < sizeof($menulist); $i++) {   779     for ($i=0; $i < sizeof($menulist); $i++) {
303         if($menulist[$i]!="") {   780         if($menulist[$i]!="") {
304             $tl = ereg_replace("lang-","",$menulist[$i]); <> 781             $tl = ereg_replace("lang-","",$menulist[$i]);
305             $tl = ereg_replace(".php","",$tl);   782             $tl = ereg_replace(".php","",$tl);
306             $altlang = ucfirst($tl);   783             $altlang = ucfirst($tl);
307             $content .= "<a href=\"index.php?newlang=$tl\"><img src=\"images/language/flag-$tl.png\" border=\"0\" alt=\"$altlang\" hspace=\"3\" vspace=\"3\"></a> ";   784             $content .= "<a href=\"index.php?newlang=$tl\"><img src=\"images/language/flag-$tl.png\" border=\"0\" alt=\"$altlang\" hspace=\"3\" vspace=\"3\"></a> ";
308         }   785         }
309     } = 786     }
310     $content .= "</font></center>";   787     $content .= "</font></center>";
311     themesidebox($title, $content);   788     themesidebox($title, $content);
312         } else { <> 789         } else {
313     $title = _SELECTLANGUAGE; = 790     $title = _SELECTLANGUAGE;
314         $content = "<center><font class=\"content\">"._SELECTGUILANG."<br><br></font>"; <> 791         $content = "<center><font class=\"content\">"._SELECTGUILANG."<br><br></font>";
315     $content .= "<form action=\"index.php\" method=\"get\"><select name=\"newlanguage\" onChange=\"top.location.href=this.options[this.selectedIndex].value\">"; = 792     $content .= "<form action=\"index.php\" method=\"get\"><select name=\"newlanguage\" onChange=\"top.location.href=this.options[this.selectedIndex].value\">";
316             $handle=opendir('language'); <> 793             $handle=opendir('language');
317             while ($file = readdir($handle)) {   794             while ($file = readdir($handle)) {
318                 if (preg_match("/^lang\-(.+)\.php/", $file, $matches)) {   795                 if (preg_match("/^lang\-(.+)\.php/", $file, $matches)) {
319                     $langFound = $matches[1];   796                     $langFound = $matches[1];
320                     $languageslist .= "$langFound ";   797                     $languageslist .= "$langFound ";
321                 }   798                 }
322             }   799             }
323             closedir($handle);   800             closedir($handle);
324             $languageslist = explode(" ", $languageslist);   801             $languageslist = explode(" ", $languageslist);
325             sort($languageslist);   802             sort($languageslist);
326             for ($i=0; $i < sizeof($languageslist); $i++) {   803             for ($i=0; $i < sizeof($languageslist); $i++) {
327                 if($languageslist[$i]!="") {   804                 if($languageslist[$i]!="") {
328         $content .= "<option value=\"index.php?newlang=$languageslist[$i]\" ";   805         $content .= "<option value=\"index.php?newlang=$languageslist[$i]\" ";
329                 if($languageslist[$i]==$currentlang) $content .= " selected";   806                 if($languageslist[$i]==$currentlang) $content .= " selected";
330         $content .= ">".ucfirst($languageslist[$i])."</option>\n";   807         $content .= ">".ucfirst($languageslist[$i])."</option>\n";
331                 }   808                 }
332     } = 809     }
333     $content .= "</select></form></center>";   810     $content .= "</select></form></center>";
334     themesidebox($title, $content);   811     themesidebox($title, $content);
335         } +-    
336 }      
337   =    
338 function ultramode() { <>    
339     global $prefix, $dbi;      
340     $ultra = "ultramode.txt";      
341     $file = fopen("$ultra", "w");      
342     fwrite($file, "General purpose self-explanatory file with news headlines\n");      
343     $rfile=sql_query("select sid, aid, title, time, comments, topic from ".$prefix."_stories order by time DESC limit 0,10", $dbi);      
344     while(list($sid, $aid, $title, $time, $comments, $topic) = sql_fetch_row($rfile, $dbi)) {      
345         $rfile2=sql_query("select topictext, topicimage from ".$prefix."_topics where topicid=$topic", $dbi);      
346         list($topictext, $topicimage) = sql_fetch_row($rfile2, $dbi);      
347         $content = "%%\n$title\n/modules.php?name=News&file=article&sid=$sid\n$time\n$aid\n$topictext\n$comments\n$topicimage\n";      
348         fwrite($file, $content);      
349     }   812         }
350     fclose($file);      
351 } = 813 }
352     814  
353 function cookiedecode($user) { <>    
354     global $cookie, $prefix, $dbi, $user_prefix;      
355     $user = base64_decode($user);      
356     $cookie = explode(":", $user);      
357     $result = sql_query("select pass from ".$user_prefix."_users where uname='$cookie[1]'", $dbi);      
358     list($pass) = sql_fetch_row($result, $dbi);      
359     if ($cookie[2] == $pass && $pass != "") {      
360         return $cookie;      
361     } else {      
362         unset($user);      
363         unset($cookie);      
364     }      
365 }      
366     815 ## End Userfuncs
367 function getusrinfo($user) {      
368     global $userinfo, $user_prefix, $dbi;      
369     $user2 = base64_decode($user);      
370     $user3 = explode(":", $user2);      
371     $result = sql_query("select uid, name, uname, email, femail, url, user_avatar, user_icq, user_occ, user_from, user_intrest, user_sig, user_viewemail, user_theme, user_aim, user_yim, user_msnm, pass, storynum, umode, uorder, thold, noscore, bio, ublockon, ublock, theme, commentmax, newsletter from ".$user_prefix."_users where uname='$user3[1]' and pass='$user3[2]'", $dbi);      
372     if (sql_num_rows($result, $dbi) == 1) {      
373         $userinfo = sql_fetch_array($result, $dbi);      
374     }      
375     return $userinfo;      
376 }      
377     816 ## Begin Newsfuncs
378 function searchblock() {      
379     OpenTable();      
380     echo "<form action=\"modules.php?name=Forum&file=search\" method=\"post\">";      
381     echo "<input type=\"hidden\" name=\"addterm\" value=\"any\">";      
382     echo "<input type=\"hidden\" name=\"sortby\" value=\"p.post_time\">";      
383     echo "&nbsp;&nbsp;<b>"._SEARCH."</b>&nbsp;<input type=\"text\" name=\"term\" size=\"15\">";      
384     echo "<input type=\"hidden\" name=\"submit\" value=\"submit\"></form>";      
385     echo "<div align=\"left\"><font class=\"content\">&nbsp;&nbsp;[ <a href=\"modules.php?name=Forum&file=search&addterm=any&amp;sortby=p.post_time&amp;adv=1\">Advanced Search</a> ]</font></div>";      
386     CloseTable();      
387 }      
388   =    
389 function FixQuotes ($what = "") { +-    
390         $what = ereg_replace("'","''",$what);      
391         while (eregi("\\\\'", $what)) {      
392                 $what = ereg_replace("\\\\'","'",$what);      
393         }      
394         return $what;      
395 }      
396   =    
397 /*********************************************************/ +-    
398 /* text filter                                           */      
399 /*********************************************************/      
400   =    
401 function check_words($Message) { +-    
402     global $EditedMessage;      
403     include("config.php");      
404     $EditedMessage = $Message;      
405     if ($CensorMode != 0) {      
406   =    
407         if (is_array($CensorList)) { +-    
408             $Replace = $CensorReplace;      
409             if ($CensorMode == 1) {      
410                 for ($i = 0; $i < count($CensorList); $i++) {      
411                     $EditedMessage = eregi_replace("$CensorList[$i]([^a-zA-Z0-9])","$Replace\\1",$EditedMessage);      
412                 }      
413             } elseif ($CensorMode == 2) {      
414                 for ($i = 0; $i < count($CensorList); $i++) {      
415                     $EditedMessage = eregi_replace("(^|[^[:alnum:]])$CensorList[$i]","\\1$Replace",$EditedMessage);      
416                 }      
417             } elseif ($CensorMode == 3) {      
418                 for ($i = 0; $i < count($CensorList); $i++) {      
419                     $EditedMessage = eregi_replace("$CensorList[$i]","$Replace",$EditedMessage);      
420                 }      
421             }      
422         }      
423     }      
424     return ($EditedMessage);      
425 }      
426   =    
427 function delQuotes($string){ +-    
428     /* no recursive function to add quote to an HTML tag if needed */      
429     /* and delete duplicate spaces between attribs. */      
430     $tmp="";    # string buffer      
431     $result=""; # result string      
432     $i=0;      
433     $attrib=-1; # Are us in an HTML attrib ?   -1: no attrib   0: name of the attrib   1: value of the atrib      
434     $quote=0;   # Is a string quote delimited opened ? 0=no, 1=yes      
435     $len = strlen($string);      
436     while ($i<$len) {      
437         switch($string[$i]) { # What car is it in the buffer ?      
438             case "\"": #"       # a quote.      
439                 if ($quote==0) {      
440                     $quote=1;      
441                 } else {      
442                     $quote=0;      
443                     if (($attrib>0) && ($tmp != "")) { $result .= "=\"$tmp\""; }      
444                     $tmp="";      
445                     $attrib=-1;      
446                 }      
447                 break;      
448             case "=":           # an equal - attrib delimiter      
449                 if ($quote==0) {  # Is it found in a string ?      
450                     $attrib=1;      
451                     if ($tmp!="") $result.=" $tmp";      
452                     $tmp="";      
453                 } else $tmp .= '=';      
454                 break;      
455             case " ":           # a blank ?      
456                 if ($attrib>0) {  # add it to the string, if one opened.      
457                     $tmp .= $string[$i];      
458                 }      
459                 break;      
460             default:            # Other      
461                 if ($attrib<0)    # If we weren't in an attrib, set attrib to 0      
462                 $attrib=0;      
463                 $tmp .= $string[$i];      
464                 break;      
465         }      
466         $i++;      
467     }      
468     if (($quote!=0) && ($tmp != "")) {      
469         if ($attrib==1) $result .= "=";      
470         /* If it is the value of an atrib, add the '=' */      
471         $result .= "\"$tmp\"";  /* Add quote if needed (the reason of the function ;-) */      
472     }      
473     return $result;      
474 }      
475   =    
476 function check_html ($str, $strip="") { +-    
477     /* The core of this code has been lifted from phpslash */      
478     /* which is licenced under the GPL. */      
479     include("config.php");      
480     if ($strip == "nohtml")      
481         $AllowableHTML=array('');      
482         $str = stripslashes($str);      
483         $str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>",      
484                          '<\\1>', $str);      
485                // Delete all spaces from html tags .      
486         $str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?[[:space:]]*([^\" >]*)[[:space:]]*\"?[^>]*>",      
487                          '<a href="\\1">', $str); # "      
488                // Delete all attribs from Anchor, except an href, double quoted.      
489         $str = eregi_replace("<img?",      
490                          '', $str); # "      
491         $tmp = "";      
492         while (ereg("<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>",$str,$reg)) {      
493                 $i = strpos($str,$reg[0]);      
494                 $l = strlen($reg[0]);      
495                 if ($reg[1][0] == "/") $tag = strtolower(substr($reg[1],1));      
496                 else $tag = strtolower($reg[1]);      
497                 if ($a = $AllowableHTML[$tag])      
498                         if ($reg[1][0] == "/") $tag = "</$tag>";      
499                         elseif (($a == 1) || ($reg[2] == "")) $tag = "<$tag>";      
500                         else {      
501                           # Place here the double quote fix function.      
502                           $attrb_list=delQuotes($reg[2]);      
503                           // A VER      
504                           $attrb_list = ereg_replace("&","&amp;",$attrb_list);      
505                           $tag = "<$tag" . $attrb_list . ">";      
506                         } # Attribs in tag allowed      
507                 else $tag = "";      
508                 $tmp .= substr($str,0,$i) . $tag;      
509                 $str = substr($str,$i+$l);      
510         }      
511         $str = $tmp . $str;      
512         return $str;      
513         exit;      
514         /* Squash PHP tags unconditionally */      
515         $str = ereg_replace("<\?","",$str);      
516         return $str;      
517 }      
518   =    
519 function filter_text($Message, $strip="") { +-    
520     global $EditedMessage;      
521     check_words($Message);      
522     $EditedMessage=check_html($EditedMessage, $strip);      
523     return ($EditedMessage);      
524 }      
525   =    
526 /*********************************************************/ +-    
527 /* formatting stories                                    */      
528 /*********************************************************/      
529   =    
530 function formatTimestamp($time) { +-    
531     global $datetime, $locale;      
532     setlocale ("LC_TIME", "$locale");      
533     ereg ("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})", $time, $datetime);      
534     $datetime = strftime(""._DATESTRING."", mktime($datetime[4],$datetime[5],$datetime[6],$datetime[2],$datetime[3],$datetime[1]));      
535     $datetime = ucfirst($datetime);      
536     return($datetime);      
537 }      
538   =    
539 function formatAidHeader($aid) { +-    
540     global $prefix, $dbi;      
541     $holder = sql_query("SELECT url, email FROM ".$prefix."_authors where aid='$aid'", $dbi);      
542     if (!$holder) {      
543         echo _ERROR;      
544         exit();      
545     }      
546     list($url, $email) = sql_fetch_row($holder, $dbi);      
547     if (isset($url)) {      
548         $aid = "<a href=\"$url\">$aid</a>";      
549     } elseif (isset($email)) {      
550         $aid = "<a href=\"mailto:$email\">$aid</a>";      
551     } else {      
552         $aid = $aid;      
553     }      
554     echo "$aid";      
555 }      
556   =    
557 function get_author($aid) { +-    
558     global $prefix, $dbi;      
559     $holder = sql_query("SELECT url, email FROM ".$prefix."_authors where aid='$aid'", $dbi);      
560     if (!$holder) {      
561         echo _ERROR;      
562         exit();      
563     }      
564     list($url, $email) = sql_fetch_row($holder, $dbi);      
565     if (isset($url)) {      
566         $aid = "<a href=\"$url\">$aid</a>";      
567     } elseif (isset($email)) {      
568         $aid = "<a href=\"mailto:$email\">$aid</a>";      
569     } else {      
570         $aid = $aid;      
571     }      
572     return($aid);      
573 }      
574   =    
575 function themepreview($title, $hometext, $bodytext="", $notes="") { +-    
576     echo "<b>$title</b><br><br>$hometext";      
577     if ($bodytext != "") {      
578         echo "<br><br>$bodytext";      
579     }      
580     if ($notes != "") {      
581         echo "<br><br><b>"._NOTE."</b> <i>$notes</i>";      
582     }      
583 }      
584   =    
585 function adminblock() { +-    
586     global $admin, $prefix, $dbi;      
587     if (is_admin($admin)) {      
588         $result = sql_query("select title, content from ".$prefix."_blocks where bkey='admin'", $dbi);      
589         while(list($title, $content) = sql_fetch_array($result, $dbi)) {      
590             $content = "<font class=\"content\">$content</font>";      
591             themesidebox($title, $content);      
592         }      
593         $title = ""._WAITINGCONT."";      
594         $result = sql_query("select * from ".$prefix."_queue", $dbi);      
595         $num = sql_num_rows($result, $dbi);      
596         $content = "<font class=\"content\">";      
597         $content .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"admin.php?op=submissions\">"._SUBMISSIONS."</a>: $num<br>";      
598         $result = sql_query("select * from ".$prefix."_reviews_add", $dbi);      
599         $num = sql_num_rows($result, $dbi);      
600         $content .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"admin.php?op=reviews\">"._WREVIEWS."</a>: $num<br>";      
601         $result = sql_query("select * from ".$prefix."_links_newlink", $dbi);      
602         $num = sql_num_rows($result, $dbi);      
603         $content .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"admin.php?op=Links\">"._WLINKS."</a>: $num<br>";      
604         $result = sql_query("select * from ".$prefix."_downloads_newdownload", $dbi);      
605         $num = sql_num_rows($result, $dbi);      
606         $content .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"admin.php?op=downloads\">"._UDOWNLOADS."</a>: $num<br></font>";      
607         themesidebox($title, $content);      
608     }      
609 }      
610   =    
611 function loginbox() { +-    
612     global $user;      
613     if (!is_user($user)) {      
614         $title = _LOGIN;      
615         $boxstuff = "<form action=\"modules.php?name=Your_Account\" method=\"post\">";      
616         $boxstuff .= "<center><font class=\"content\">"._NICKNAME."<br>";      
617         $boxstuff .= "<input type=\"text\" name=\"uname\" size=\"8\" maxlength=\"25\"><br>";      
618         $boxstuff .= ""._PASSWORD."<br>";      
619         $boxstuff .= "<input type=\"password\" name=\"pass\" size=\"8\" maxlength=\"20\"><br>";      
620         $boxstuff .= "<input type=\"hidden\" name=\"op\" value=\"login\">";      
621         $boxstuff .= "<input type=\"submit\" value=\""._LOGIN."\"></font></center></form>";      
622         $boxstuff .= "<center><font class=\"content\">"._ASREGISTERED."</font></center>";      
623         themesidebox($title, $boxstuff);      
624     }      
625 }      
626   =    
627 function userblock() { +-    
628     global $user, $cookie, $prefix, $dbi, $user_prefix;      
629     if((is_user($user)) AND ($cookie[8])) {      
630         $getblock = sql_query("select ublock from ".$user_prefix."_users where uid='$cookie[0]'", $dbi);      
631         $title = ""._MENUFOR." $cookie[1]";      
632         list($ublock) = sql_fetch_row($getblock, $dbi);      
633         themesidebox($title, $ublock);      
634     }      
635 }      
636   =    
637 function getTopics($s_sid) {   817 function getTopics($s_sid) {
638     global $topicname, $topicimage, $topictext, $prefix, $dbi;   818     global $topicname, $topicimage, $topictext, $prefix, $dbi;
639     $sid = $s_sid;   819     $sid = $s_sid;
640     $result = sql_query("SELECT topic FROM ".$prefix."_stories where sid=$sid", $dbi);   820     $result = sql_query("SELECT topic FROM ".$prefix."_stories where sid=$sid", $dbi);
641     list($topic) = sql_fetch_row($result, $dbi);   821     list($topic) = sql_fetch_row($result, $dbi);
642     $result = sql_query("SELECT topicid, topicname, topicimage, topictext FROM ".$prefix."_topics where topicid=$topic", $dbi);   822     $result = sql_query("SELECT topicid, topicname, topicimage, topictext FROM ".$prefix."_topics where topicid=$topic", $dbi);
643     list($topicid, $topicname, $topicimage, $topictext) = sql_fetch_row($result, $dbi);   823     list($topicid, $topicname, $topicimage, $topictext) = sql_fetch_row($result, $dbi);
644 }   824 }
645     825  
646 function headlines($bid, $cenbox=0) {   826 function headlines($bid, $cenbox=0) {
647     global $prefix, $dbi;   827     global $prefix, $dbi;
648     $result = sql_query("select title, content, url, refresh, time from ".$prefix."_blocks where bid='$bid'", $dbi);   828     $result = sql_query("select title, content, url, refresh, time from ".$prefix."_blocks where bid='$bid'", $dbi);
649     list($title, $content, $url, $refresh, $otime) = sql_fetch_row($result, $dbi);   829     list($title, $content, $url, $refresh, $otime) = sql_fetch_row($result, $dbi);
650     $past = time()-$refresh;   830     $past = time()-$refresh;
651     if ($otime < $past) {   831     if ($otime < $past) {
652         $btime = time(); <> 832         $btime = time();
653         $rdf = parse_url($url);   833         $rdf = parse_url($url);
654         $fp = fsockopen($rdf['host'], 80, $errno, $errstr, 15);   834         $fp = fsockopen($rdf['host'], 80, $errno, $errstr, 15);
655         if (!$fp) {   835         if (!$fp) {
656             $content = "";   836             $content = "";
657             //$content = "<font class=\"content\">"._RSSPROBLEM."</font>";   837             //$content = "<font class=\"content\">"._RSSPROBLEM."</font>";
658             $result = sql_query("update ".$prefix."_blocks set content='$content', time='$btime' where bid='$bid'", $dbi);   838             $result = sql_query("update ".$prefix."_blocks set content='$content', time='$btime' where bid='$bid'", $dbi);
659             $cont = 0;   839             $cont = 0;
660             if ($cenbox == 0) {   840             if ($cenbox == 0) {
661                 themesidebox($title, $content);   841                 themesidebox($title, $content);
662             } else {   842             } else {
663                 themecenterbox($title, $content);   843                 themecenterbox($title, $content);
664             }   844             }
665             return;   845             return;
666         }   846         }
667         if ($fp) {   847         if ($fp) {
668             fputs($fp, "GET " . $rdf['path'] . "?" . $rdf['query'] . " HTTP/1.0\r\n");   848             fputs($fp, "GET " . $rdf['path'] . "?" . $rdf['query'] . " HTTP/1.0\r\n");
669             fputs($fp, "HOST: " . $rdf['host'] . "\r\n\r\n");   849             fputs($fp, "HOST: " . $rdf['host'] . "\r\n\r\n");
670             $string     = "";   850             $string       = "";
671             while(!feof($fp)) {   851             while(!feof($fp)) {
672                 $pagetext = fgets($fp,300);   852                     $pagetext = fgets($fp,300);
673                 $string .= chop($pagetext);   853                     $string .= chop($pagetext);
674             }   854             }
675             fputs($fp,"Connection: close\r\n\r\n");   855             fputs($fp,"Connection: close\r\n\r\n");
676             fclose($fp);   856             fclose($fp);
677             $items = explode("</item>",$string);   857             $items = explode("</item>",$string);
678             $content = "<font class=\"content\">";   858             $content = "<font class=\"content\">";
679             for ($i=0;$i<10;$i++) {   859             for ($i=0;$i<10;$i++) {
680                 $link = ereg_replace(".*<link>","",$items[$i]);   860                 $link = ereg_replace(".*<link>","",$items[$i]);
681                 $link = ereg_replace("</link>.*","",$link);   861                 $link = ereg_replace("</link>.*","",$link);
682                 $title2 = ereg_replace(".*<title>","",$items[$i]);   862                 $title2 = ereg_replace(".*<title>","",$items[$i]);
683                 $title2 = ereg_replace("</title>.*","",$title2);   863                 $title2 = ereg_replace("</title>.*","",$title2);
684                 if ($items[$i] == "") {   864                 if ($items[$i] == "") {
685                     $content = "";   865                     $content = "";
686                     sql_query("update ".$prefix."_blocks set content='$content', time='$btime' where bid='$bid'", $dbi);   866                     sql_query("update ".$prefix."_blocks set content='$content', time='$btime' where bid='$bid'", $dbi);
687                     $cont = 0;   867                     $cont = 0;
688                     if ($cenbox == 0) {   868                     if ($cenbox == 0) {
689                         themesidebox($title, $content);   869                         themesidebox($title, $content);
690                     } else {   870                     } else {
691                         themecenterbox($title, $content);   871                         themecenterbox($title, $content);
692                     }   872                     }
693                     return;   873                     return;
694                 } else {   874                 } else {
695                     if (strcmp($link,$title)) {   875                     if (strcmp($link,$title)) {
696                         $cont = 1;   876                         $cont = 1;
697                         $content .= "<strong><big>&middot;</big></strong><a href=\"$link\" target=\"new\">$title2</a><br>\n";   877                         $content .= "<strong><big>&middot;</big></strong><a href=\"$link\" target=\"new\">$title2</a><br>\n";
698                     }   878                     }
699                 }   879                 }
700             }   880             }
701   = 881  
702         } <> 882         }
703         sql_query("update ".$prefix."_blocks set content='$content', time='$btime' where bid='$bid'", $dbi);   883         sql_query("update ".$prefix."_blocks set content='$content', time='$btime' where bid='$bid'", $dbi);
704     } = 884     }
705     $siteurl = ereg_replace("http://","",$url);   885     $siteurl = ereg_replace("http://","",$url);
706     $siteurl = explode("/",$siteurl);   886     $siteurl = explode("/",$siteurl);
707     if (($cont == 1) OR ($content != "")) {   887     if (($cont == 1) OR ($content != "")) {
708         $content .= "<br><a href=\"http://$siteurl[0]\" target=\"blank\"><b>"._HREADMORE."</b></a></font>"; <> 888         $content .= "<br><a href=\"http://$siteurl[0]\" target=\"blank\"><b>"._HREADMORE."</b></a></font>";
709     } elseif (($cont == 0) OR ($content == "")) { = 889     } elseif (($cont == 0) OR ($content == "")) {
710         $content = "<font class=\"content\">"._RSSPROBLEM."</font>"; <> 890         $content = "<font class=\"content\">"._RSSPROBLEM."</font>";
711     } = 891     }
712     if ($cenbox == 0) {   892     if ($cenbox == 0) {
713         themesidebox($title, $content); <> 893         themesidebox($title, $content);
714     } else { = 894     } else {
715         themecenterbox($title, $content); <> 895         themecenterbox($title, $content);
716     } = 896     }
717 }   897 }
718     898  
719 function automated_news() {   899 function automated_news() {
720     global $prefix, $multilingual, $currentlang, $dbi;   900     global $prefix, $multilingual, $currentlang, $dbi;
721     if ($multilingual == 1) {   901     if ($multilingual == 1) {
722             $querylang = "WHERE (alanguage='$currentlang' OR alanguage='')"; /* the OR is needed to display stories who are posted to ALL languages */ <> 902             $querylang = "WHERE (alanguage='$currentlang' OR alanguage='')"; /* the OR is needed to display stories who are posted to ALL languages */
723     } else { = 903     } else {
724             $querylang = ""; <> 904             $querylang = "";
725     } = 905     }
726     $today = getdate();   906     $today = getdate();
727     $day = $today[mday];   907     $day = $today[mday];
728     if ($day < 10) {   908     if ($day < 10) {
729         $day = "0$day"; <> 909         $day = "0$day";
730     } = 910     }
731     $month = $today[mon];   911     $month = $today[mon];
732     if ($month < 10) {   912     if ($month < 10) {
733         $month = "0$month"; <> 913         $month = "0$month";
734     } = 914     }
735     $year = $today[year];   915     $year = $today[year];
736     $hour = $today[hours];   916     $hour = $today[hours];
737     $min = $today[minutes];   917     $min = $today[minutes];
738     $sec = "00";   918     $sec = "00";
739     $result = sql_query("select anid, time from ".$prefix."_autonews $querylang", $dbi);   919     $result = sql_query("select anid, time from ".$prefix."_autonews $querylang", $dbi);
740     while(list($anid, $time) = sql_fetch_row($result, $dbi)) {   920     while(list($anid, $time) = sql_fetch_row($result, $dbi)) {
741         ereg ("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})", $time, $date); <> 921         ereg ("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})", $time, $date);
742         if (($date[1] <= $year) AND ($date[2] <= $month) AND ($date[3] <= $day)) {   922         if (($date[1] <= $year) AND ($date[2] <= $month) AND ($date[3] <= $day)) {
743             if (($date[4] < $hour) AND ($date[5] >= $min) OR ($date[4] <= $hour) AND ($date[5] <= $min)) {   923             if (($date[4] < $hour) AND ($date[5] >= $min) OR ($date[4] <= $hour) AND ($date[5] <= $min)) {
744                 $result2 = sql_query("select catid, aid, title, time, hometext, bodytext, topic, informant, notes, ihome, alanguage, acomm from ".$prefix."_autonews where anid='$anid'", $dbi);   924                 $result2 = sql_query("select catid, aid, title, time, hometext, bodytext, topic, informant, notes, ihome, alanguage, acomm from ".$prefix."_autonews where anid='$anid'", $dbi);
745                 while(list($catid, $aid, $title, $a_time, $hometext, $bodytext, $topic, $author, $notes, $ihome, $alanguage, $acomm) = sql_fetch_row($result2, $dbi)) {   925                 while(list($catid, $aid, $title, $a_time, $hometext, $bodytext, $topic, $author, $notes, $ihome, $alanguage, $acomm) = sql_fetch_row($result2, $dbi)) {
746                     $title = stripslashes(FixQuotes($title));   926                     $title = stripslashes(FixQuotes($title));
747                     $hometext = stripslashes(FixQuotes($hometext));   927                     $hometext = stripslashes(FixQuotes($hometext));
748                     $bodytext = stripslashes(FixQuotes($bodytext));   928                     $bodytext = stripslashes(FixQuotes($bodytext));
749                     $notes = stripslashes(FixQuotes($notes));   929                     $notes = stripslashes(FixQuotes($notes));
750                     sql_query("insert into ".$prefix."_stories values (NULL, '$catid', '$aid', '$title', '$a_time', '$hometext', '$bodytext', '0', '0', '$topic', '$author', '$notes', '$ihome', '$alanguage', '$acomm', '0', '0', '0', '0')", $dbi);   930                     sql_query("insert into ".$prefix."_stories values (NULL, '$catid', '$aid', '$title', '$a_time', '$hometext', '$bodytext', '0', '0', '$topic', '$author', '$notes', '$ihome', '$alanguage', '$acomm', '0', '0', '0', '0')", $dbi);
751                     sql_query("delete from ".$prefix."_autonews where anid='$anid'", $dbi);   931                     sql_query("delete from ".$prefix."_autonews where anid='$anid'", $dbi);
      932                 }
      933             }
      934         }
      935     }
752                 }   936 }
    = 937  
    -+ 938 /*********************************************************/
      939 /* formatting stories                                    */
      940 /*********************************************************/
    = 941  
    -+ 942 function formatTimestamp($time) {
      943     global $datetime, $locale;
      944     setlocale (LC_TIME, "$locale");
      945     ereg ("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})", $time, $datetime);
      946     $datetime = strftime(""._DATESTRING."", mktime($datetime[4],$datetime[5],$datetime[6],$datetime[2],$datetime[3],$datetime[1]));
      947     $datetime = ucfirst($datetime);
    = 948  
    -+ 949     /* Änderung Wochentage Anfang*/
    = 950  
    -+ 951 $datetime = str_replace("MEST","",$datetime);
      952     /* Hier kann wahlweise auch: $datetime = str_replace("CEST","",$datetime); stehen */
      953 if (stristr($datetime,'Monday'))
      954 {
      955 $datetime = str_replace("Monday", "Montag", $datetime);
      956 }
      957 if (stristr($datetime,'Tuesday'))
      958 {
      959 $datetime = str_replace("Tuesday", "Dienstag", $datetime);
      960 }
      961 if (stristr($datetime,'Wednesday'))
      962 {
      963 $datetime = str_replace("Wednesday", "Mittwoch", $datetime);
      964 }
      965 if (stristr($datetime,'Thursday'))
      966 {
      967 $datetime = str_replace("Thursday", "Donnerstag", $datetime);
      968 }
      969 if (stristr($datetime,'Friday'))
      970 {
      971 $datetime = str_replace("Friday", "Freitag", $datetime);
      972 }
      973 if (stristr($datetime,'Saturday'))
      974 {
      975 $datetime = str_replace("Saturday", "Samstag", $datetime);
      976 }
      977 if (stristr($datetime,'Sunday'))
      978 {
      979 $datetime = str_replace("Sunday", "Sonntag", $datetime);
      980 }
      981 /* Änderung Wochentage Ende*/
    = 982  
    -+ 983 /* Änderung Monatsnamen */
      984 if (stristr($datetime,'January'))
      985 {
      986 $datetime = str_replace("January", "Januar", $datetime);
      987 }
      988 if (stristr($datetime,'February'))
      989 {
      990 $datetime = str_replace("February", "Februar", $datetime);
      991 }
      992 if (stristr($datetime,'March'))
      993 {
      994 $datetime = str_replace("March", "März", $datetime);
      995 }
      996 if (stristr($datetime,'May'))
      997 {
      998 $datetime = str_replace("May", "Mai", $datetime);
      999 }
      1000 if (stristr($datetime,'June'))
      1001 {
      1002 $datetime = str_replace("June", "Juni", $datetime);
      1003 }
      1004 if (stristr($datetime,'July'))
      1005 {
      1006 $datetime = str_replace("July", "Juli", $datetime);
      1007 }
      1008 if (stristr($datetime,'October'))
      1009 {
      1010 $datetime = str_replace("October", "Oktober", $datetime);
      1011 }
      1012 if (stristr($datetime,'December'))
      1013 {
      1014 $datetime = str_replace("December", "Dezember", $datetime);
      1015 }
    = 1016  
    -+ 1017 /* Änderung Ende */
    = 1018  
    -+ 1019     return($datetime);
      1020 }
    = 1021  
    -+ 1022 ## SpeedUp by DJMaze Begin
      1023 function formatAidHeader($aid) {
      1024     echo get_author($aid);
      1025 }
    = 1026  
    <> 1027 function get_author($aid) {
      1028     global $prefix, $dbi;
      1029     static $users;
      1030     if (is_array($users[$aid])) {
      1031         $row = $users[$aid];
      1032     } else {
      1033         $sql = "SELECT url, email FROM ".$prefix."_authors WHERE aid='$aid'";
      1034         $result = sql_query($sql, $dbi);
      1035         $row = sql_fetch_row($result, $dbi);
      1036         $users[$aid] = $row;
753             }   1037     }
      1038     if (isset($row['url'])) {
      1039         $aid = "<a href=\"$row[url]\">$aid</a>";
      1040     } elseif (isset($row['email'])) {
      1041         $aid = "<a href=\"mailto:$row[email]\">$aid</a>";
      1042     } else {
      1043         $aid = $aid;
      1044     }
      1045     return $aid;
754         }   1046 }
      1047 ## SpeedUp by DJMaze End
    = 1048  
    -+ 1049 function themepreview($title, $hometext, $bodytext="", $notes="") {
      1050     echo "<b>$title</b><br><br>$hometext";
      1051     if ($bodytext != "") {
      1052         echo "<br><br>$bodytext";
755     } = 1053     }
    -+ 1054     if ($notes != "") {
      1055         echo "<br><br><b>"._NOTE."</b> <i>$notes</i>";
      1056     }
756 } = 1057 }
757     1058  
758 function themecenterbox($title, $content) { <> 1059 ## End Newsfuncs
      1060 ## QuickFix 2.2 Begin
      1061 foreach ($_REQUEST as $value) {
      1062         if (is_string($value) && !is_int($value)) {
      1063              $pattern = '#(\<(img|i?frame|object|i?layer|script|link|embed)[^\>]+([[:space:]]{0,})(src|rel)([[:space:]]{0,})?=([^\>]+)?admin\.php\?[^\>]+\>)|(\[img\](.+)?(admin\.php\?).+?\[/img\])#si';
      1064              if (preg_match($pattern, $value)) {
      1065                   Header("Location: index.php");
      1066                   exit;
      1067               }
      1068          }
      1069 }
      1070 unset($pattern);
759    OpenTable();   1071 unset($value);
760     echo "<center><fon class=\"option\"><b>$title</b></font></center><br>"   1072 ## QuickFix 2.2 End
761         ."$content";   1073  
      1074 ## Admin Secure Begin
      1075 //asec_performFilterNotify();
      1076 //asec_performRealTimeNotify();
      1077 //asec_performAutoCheckNotify();
      1078 ## Admin Secure End
      1079 // GT-NExtGEn 0.5 by Bill Murrin (Audioslaved) http://gt.audioslaved.com (c) 2004
      1080 // Configuration settings for GoogleTap --- nextGenOb, nextGenDebug Variables
      1081 $nextGenOb = 1;                   //<-- NExtGEn On or Off, 1=On, 0=Off
      1082 $nextGenDebug = 0;                //<-- Turn Debugging On or Off 1=On, 0=Off (Admin View Only)
      1083 $nextGenMainPath = "GoogleTap";   //<-- Name of Directory to GoogleTap Files. Should be located
      1084                                   // in root path with mainfile.php.
      1085 $nextGenBlock = 0;                //<-- Enable Auto-Convert on Blocks 1=On, 0=Off (!Warning! May slow down the tap)
      1086 $nextGenAdmin = is_admin($admin); //<-- Do NOT Touch!
      1087 // End of Configuration Options
    = 1088  
    -+ 1089 function nextGenTap($nextGenHead, $nextGenFoot, $nextGenContents) {
      1090 global $prefix, $dbi, $admin, $nextGenOb, $nextGenDebug, $nextGenMainPath, $nextGenBlock, $nextGenAdmin;
      1091 // GT-NExtGEn 0.5 by Bill Murrin (Audioslaved) http://gt.audioslaved.com (c) 2004
    = 1092  
    -+ 1093      if($nextGenOb == 1) {
      1094           if(isset($_REQUEST['name'])) {
      1095           $nextGenName = $_REQUEST['name'];
      1096           if ($nextGenAdmin && $nextGenDebug == 1 && ($nextGenHead == 1 || $nextGenFoot == 1)) {
      1097                echo "[nextGenName] = $nextGenName<br>";
      1098           }
      1099           } else {
      1100      $sql = "SELECT main_module FROM ".$prefix."_main";
      1101      $result = sql_query($sql, $dbi);
      1102         $row = sql_fetch_array($result, $dbi);
      1103      $mainmod_name = $row['main_module'];
      1104      $nextGenName = $mainmod_name;
      1105                if ($nextGenAdmin && $nextGenDebug == 1 && $nextGenHead == 1) {
      1106           echo "[nextGenName] = $nextGenName (Main Module)<br>";
      1107           }
      1108           }
    = 1109  
    -+ 1110      //GT-NExtGEn Files Path --- nextGenPath Variable
      1111      $nextGenPath = $nextGenMainPath . "/GT-" . $nextGenName . ".php";
      1112           if (file_exists($nextGenPath) && ($nextGenHead == 1 || $nextGenFoot == 1)) {
      1113                if ($nextGenAdmin && $nextGenDebug == 1 && $nextGenHead == 1) {
      1114                echo "[nextGenPath] = Path Does Exist<br>";
      1115                }
      1116           } elseif ($nextGenHead == 1 || $nextGenFoot == 1) {
      1117                if ($nextGenAdmin && $nextGenDebug == 1 && $nextGenHead == 1) {
      1118                echo "[nextGenPath] = Path Does Not Exist!<br>";
      1119                }
      1120           return;
      1121           }
    = 1122  
    <> 1123           //GT-NExtGEn Header Code --- nextGenHead Variable
      1124           if($nextGenHead == 1) {
      1125                if ($nextGenAdmin && $nextGenDebug == 1 ) {
      1126                echo "[nextGenPath] = Present In Header<br>";
      1127                }
762     CloseTable();   1128           ob_start();
      1129           return;
      1130           }
    = 1131  
    -+ 1132           //GT-NExtGEn Footer Code --- nextGenFoot Variable
      1133           if ($nextGenFoot == 1) {
      1134                if ($nextGenAdmin && $nextGenDebug == 1) {
      1135                echo "[nextGenPath] = Present In Footer<br>";
      1136                }
      1137           $getNextGen = ob_get_contents();
      1138           $getNextGen = preg_replace("(&(?!([a-zA-Z]{2,6}|[0-9\#]{1,6})[\;]))", "&amp;", $getNextGen);
      1139           $getNextGen = str_replace(array("&amp;&amp;", "&amp;middot;", "&amp;nbsp;"), array("&&", "·", " "), $getNextGen);
      1140           ob_end_clean();
      1141           include($nextGenPath);
      1142           $nextGenContent = preg_replace($urlin, $urlout, $getNextGen);
      1143           echo $nextGenContent;
      1144           return;
      1145           }
    = 1146  
    <> 1147           //GT-NExtGEn Block Code --- nextGenBlock Variable
      1148           if ($nextGenBlock == 1 && $nextGenContents != "") {
      1149                preg_match_all ("(\b[name]{4}=[a-zA-Z0-9_-]*)", $nextGenContents, $getGenMatches);
      1150                $gotGenMatches = array();
      1151           foreach($getGenMatches[0] as $gotten) {
      1152                $gotGenMatches[] = $gotten;
      1153                }
      1154                unset($getGenMatches);
      1155                $gotGenMatches = array_unique($gotGenMatches);
      1156                     foreach($gotGenMatches as $newGenMatch) {
      1157                     $expGenMatch = explode("=", $newGenMatch);
      1158                          if(file_exists("" . $nextGenMainPath . "/GT-" . $expGenMatch[1] . ".php")) {
      1159           $path_exists[] = 1;
      1160                     include_once("" . $nextGenMainPath . "/GT-" . $expGenMatch[1] . ".php");
      1161                          $newGenContents = preg_replace($urlin, $urlout, $nextGenContents);
      1162                          }
      1163                     }
      1164                     if (count($path_exists) < 1) {
      1165                     return $nextGenContents;
      1166           } else {
      1167                     unset($path_exists);
      1168                     $newGenContents = preg_replace("(&(?!([a-zA-Z]{2,6}|[0-9\#]{1,6})[\;]))", "&amp;", $newGenContents);
      1169                     $newGenContents = str_replace(array("&amp;&amp;", "&amp;middot;", "&amp;nbsp;"), array("&&", "·", " "), $newGenContents);
      1170                     return $newGenContents;
      1171                     }
      1172           } elseif ($nextGenContents != "") {
      1173           return $nextGenContents;
      1174           }
      1175      } elseif ($nextGenContents != "") {
      1176      return $nextGenContents;
763     echo "<br>";   1177      }
764 } = 1178 }
765     1179  
766 ?>   1180 ?>