nincollin
/
minibord
1
0
Fork 0
Code Pull Requests Packages Projects Releases 4 Wiki Activity

update to v1.03

This commit is contained in:
NinCollin 2023-04-21 11:19:03 -05:00 committed by GitHub
parent c139278b8b
commit c07af5997b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 1604 additions and 175 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

229
editprofile.php Normal file
View File

@ -0,0 +1,229 @@
<?php
$run=1;
$activefile=__FILE__;
//Require the core file for logins and functions and stuff
require ('corefiles/core.php');
//print our header
printheader();
if(empty($user))
{
printmessage("you cannot edit your profile while logged out");
printfooter();
die();
}
if(empty($_POST['submit']))
{
print "<form action=editprofile.php method=POST>
<table $themesettings[tableAttributes] class=\"table\">
<tr><th $themesettings[thRegularAttributes] class=\"thRegular\">&nbsp;</th>
<th $themesettings[thRegularAttributes] class=\"thRegular\" width=400>&nbsp;</th></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" align=center><b>Username:</b><br><div class=\"smalltext\" align=left>To request a username change, please contact an admin.</div></td>
<td $themesettings[tdStyle2Attributes] class=\"tdStyle2\">$user[name]</td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" align=center><b>Password:</b><br><div class=\"smalltext\" align=left>You can change your password here if desired.</div></td>
<td $themesettings[tdStyle2Attributes] class=\"tdStyle2\"><input type=password length=70 width=25 name=password></td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" align=center><b>Namecolor:</b><br><div class=\"smalltext\" align=left>Your name color.</div></td>
<td $themesettings[tdStyle2Attributes] class=\"tdStyle2\">";
$checked0 = "";
$checked1 = "";
$checked2 = "";
if($user['namecolor'] == 0)
$checked0 = "checked";
elseif($user['namecolor'] == 1)
$checked1 = "checked";
else
$checked2 = "checked";
print "
<input type=radio id=colorchoice name=\"namecolor\" value=0 $checked0> Color 1
<input type=radio id=colorchoice name=\"namecolor\" value=1 $checked1> Color 2
<input type=radio id=colorchoice name=\"namecolor\" value=2 $checked2> Color 3
</td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" align=center><b>Avatar URL:</b><br><div class=\"smalltext\" align=left>This is picture that shows up next to all your posts.</div></td>
<td $themesettings[tdStyle2Attributes] class=\"tdStyle2\"><input type=text name=avatarurl length=100 size=40 value=\"$user[avatarurl]\"></td></td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" align=center><b>Minipic URL:</b><br><div class=\"smalltext\" align=left>A 16x16 picture that shows up next to your username.</div></td>
<td $themesettings[tdStyle2Attributes] class=\"tdStyle2\"><input type=text name=minipicurl length=100 size=40 value=\"$user[minipicurl]\"></td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" align=center><b>Homepage URL:</b><br><div class=\"smalltext\" align=left>The URL of your homepage.</div></td>
<td $themesettings[tdStyle2Attributes] class=\"tdStyle2\"><input type=text name=homepageurl length=100 size=40 value=\"$user[homepageurl]\"></td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" align=center><b>Homepage Name:</b><br><div class=\"smalltext\" align=left>The name of your homepage.</div></td>
<td $themesettings[tdStyle2Attributes] class=\"tdStyle2\"><input type=text name=homepagename length=100 size=40 value=\"$user[homepagename]\"></td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" align=center><b>Email Address:</b><br><div class=\"smalltext\" align=left>Your email address; not required.</div></td>
<td $themesettings[tdStyle2Attributes] class=\"tdStyle2\"><input type=text name=email length=100 size=40 value=\"$user[email]\"></td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" align=center><b>Birthday:</b><br><div class=\"smalltext\" align=left>Your birthday in YYYY-MM-DD format; not required.</div></td>
<td $themesettings[tdStyle2Attributes] class=\"tdStyle2\">";
if(!empty($user['birthday']))
{
$birthday=getdate($user['birthday']);
$year = "value=$birthday[year]";
$month = "value=$birthday[mon]";
$day = "value=$birthday[mday]";
}
else
{
$year = "";
$month = "";
$day = "";
}
print "
<input type=number name=year size=8 min=1900 max=2099 $year> - <input type=number name=month size=6 min=1 max=12 $month> - <input type=number name=day size=6 min=1 max=31 $day></td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" align=center><b>Bio:</b><br><div class=\"smalltext\" align=left>Here you can write information about yourself to be displayed on your profile.</div></td>
<td $themesettings[tdStyle2Attributes] class=\"tdStyle2\"><textarea name=bio>$user[bio]</textarea></td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" align=center><b>Post Header:</b><br><div class=\"smalltext\" align=left>Stuff in this box is displayed at the top of your posts.</div></td>
<td $themesettings[tdStyle2Attributes] class=\"tdStyle2\"><textarea name=postheader>$user[postheader]</textarea></td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" align=center><b>Post Footer:</b><br><div class=\"smalltext\" align=left>Stuff in this box is displayed at the bottom of your posts.</div></td>
<td $themesettings[tdStyle2Attributes] class=\"tdStyle2\"><textarea name=postfooter>$user[postfooter]</textarea></td></tr>";
//lets get the list of themes
$themes=mysqli_query($sql,"SELECT `id`, `name` FROM `themes` ORDER BY `displayorder`");
//lets generate a select menu
$selectMenu="<select name=\"theme\" autocomplete=off>";
if(!empty($user['theme']))
$selectedThemeID = intval($user['theme']);
else
$selectedThemeID = $defaultThemeID;
while($theme=mysqli_fetch_array($themes))
{
$selected="";
if($selectedThemeID == $theme['id'])
$selected = "selected";
$selectMenu .= " <option value=$theme[id] $selected>$theme[name]</option>";
}
$selectMenu .= "</select>";
print "
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" align=center><b>Theme:</b><br><div class=\"smalltext\" align=left>The theme you want to use (overrides cookie settings.)</div></td>
<td $themesettings[tdStyle2Attributes] class=\"tdStyle2\">$selectMenu</td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" align=center>&nbsp;</td>
<td $themesettings[tdStyle2Attributes] class=\"tdStyle2\"><input type=submit name=submit value=Submit></td></tr>
</table>
</form>";
}
else
{
//Intval our number thingies
$_POST['namecolor']=intval($_POST['namecolor']);
$_POST['year']=intval($_POST['year']);
$_POST['month']=intval($_POST['month']);
$_POST['day']=intval($_POST['day']);
$_POST['theme']=intval($_POST['theme']);
$_POST['homepageurl']=htmlspecialchars($_POST['homepageurl']);
$_POST['homepagename']=htmlspecialchars($_POST['homepagename']);
$_POST['avatarurl']=htmlspecialchars($_POST['avatarurl']);
$_POST['minipicurl']=htmlspecialchars($_POST['minipicurl']);
$_POST['email']=htmlspecialchars($_POST['email']);
//we intval'd our POST data, so this query is safe
$isThemeIDValid=mysqli_num_rows(mysqli_query($sql,"SELECT `id` FROM `themes` WHERE `id` = $_POST[theme]"));
//if the theme id isn't valid, fix it!
if(!$isThemeIDValid)
{
$_POST['theme'] = $defaultThemeID;
}
//if the namecolor isnt a valid choice, fix it!
if($_POST['namecolor'] < 0 || $_POST['namecolor'] > 2)
{
$_POST['namecolor'] = 0;
}
if($_POST['year'] == 0 || $_POST['month'] == 0 || $_POST['day'] == 0)
$birthday="";
else
$birthday=strtotime("$_POST[year]/$_POST[month]/$_POST[day]");
//Check if html is allowed
if($options['enableHTML'] == true)
{
//If so, check if we're cleaning it up
if($options['enablehtmLawed'] == true)
{
require_once($options['htmLawedPath']);
$_POST['postheader'] = htmLawed($_POST['postheader'], $options['htmLawedconfig']);
$_POST['postfooter'] = htmLawed($_POST['postfooter'], $options['htmLawedconfig']);
$_POST['bio'] = htmLawed($_POST['bio'], $options['htmLawedconfig']);
}
}
else
{
//If its not enabled, let's just strip everything out
$_POST['bio']=htmlspecialchars($_POST['bio']);
$_POST['postheader']=htmlspecialchars($_POST['postheader']);
$_POST['postfooter']=htmlspecialchars($_POST['postfooter']);
}
//prepared query time; update dat data!
$stmt1 = mysqli_prepare($sql,"UPDATE `users` SET `namecolor` = ?, `postheader` = ?, `postfooter` = ?, `avatarurl` = ?, `minipicurl` = ?, `email` = ?, `homepageurl` = ?, `homepagename` = ?, `birthday` = ?, `bio` = ?, `theme` = ? WHERE `id` = $user[id]");
mysqli_stmt_bind_param($stmt1,"isssssssisi", $_POST['namecolor'], $_POST['postheader'], $_POST['postfooter'], $_POST['avatarurl'], $_POST['minipicurl'], $_POST['email'], $_POST['homepageurl'], $_POST['homepagename'], $birthday, $_POST['bio'], $_POST['theme'],);
mysqli_stmt_execute($stmt1);
//if the user changed their password, lets update it seperately
if(!empty($_POST['password']))
{
$hashedpassword=password_hash(substr($_POST['password'], 0, 70), PASSWORD_DEFAULT);
//prepared query time; update dat data!
$stmt2 = mysqli_prepare($sql,"UPDATE `users` SET `password` = ? WHERE `id` = $user[id]");
mysqli_stmt_bind_param($stmt2,"s", $hashedpassword);
mysqli_stmt_execute($stmt2);
}
printmessage("Your profile has been successfully updated.<br><br>
Click <a href=profile.php?id=$user[id]>here</a> to view your profile.<br>");
}
printfooter();
?>

171
forum.php Normal file
View File

@ -0,0 +1,171 @@
<?php
$run=1;
$activefile=__FILE__;
//Require the core file for logins and functions and stuff
require ('corefiles/core.php');
//Sanitize GET data
$id=intval($_GET['id']);
if(!empty($_GET['page']) && empty($_GET['page']) >= 0)
$page=intval($_GET['page']);
else
$page=0;
//Declare some variables to check if a user submitted an empty field
$whoopstext="";
//print our header
printheader();
//If the GET value refers to an invalid topic, then spew a generic error and end page execution
if(mysqli_num_rows(mysqli_query($sql, "SELECT NULL FROM `forums` WHERE `id` = $id")) == 0)
printdiemessage("no data");
//Calculate range of data to grab
$low = 20 * $page;
//count number of threads
$numthreads=mysqli_fetch_array(mysqli_query($sql, "SELECT COUNT(*) FROM `threads` WHERE `forumid` = $id"));
$pagelist="<div class=\"smalltext\">Pages: ";
$numpages=(ceil($numthreads[0]/20) - 1);
for($i = 0; $i <= $numpages; $i++)
{
$p = $i + 1;
if($i == $page)
$pagelist.="$p ";
else
$pagelist.="<a href=forum.php?id=$id&page=$i>$p</a> ";
}
$pagelist.="</div>";
//Now lets grab our topic data and sort by how recently the topic was created (sorting by date of late post will be implemented lat0rz)
$threads=mysqli_query($sql, "SELECT * FROM `threads` WHERE `forumid` = $id ORDER BY `lastactivity` DESC LIMIT $low,20 ");
$forumname=mysqli_fetch_array(mysqli_query($sql, "SELECT `name` FROM `forums` WHERE `id` = $id"));
//if a user is logged in, show the "new topic" link
$newtopic="";
if(!empty($user))
{
$newtopic="<span class=\"smalltext\" style=\"float: right\"><a href=newtopic.php?id=$id>new topic</a></span>";
}
print "<a href=index.php>minibord</a> - $forumname[name]$newtopic<br>$pagelist";
//Lets start our threads table
print "<table $themesettings[tableAttributes] class=\"table\">
<th $themesettings[thRegularAttributes] class=\"thRegular\" width=16></th>
<th $themesettings[thRegularAttributes] class=\"thRegular\">topic name</th>
<th $themesettings[thRegularAttributes] class=\"thRegular\" width=150>human name</th>
<th $themesettings[thRegularAttributes] class=\"thRegular\" width=150>last human</td>
<th $themesettings[thRegularAttributes] class=\"thRegular\" width=200>last reply</th>
<th nowrap $themesettings[thRegularAttributes] class=\"thRegular\" width=80># posts</th>";
//lets go through our topic data and spit it out
while($thread=mysqli_fetch_array($threads))
{
//grab number of posts in topic
$postnum = mysqli_num_rows(mysqli_query($sql, "SELECT `id` FROM `posts` WHERE `threadid` = $thread[id]"));
//get into on last reply
$lastreply = mysqli_fetch_array(mysqli_query($sql, "SELECT `date`, `userid` FROM `posts` WHERE `threadid` = $thread[id] ORDER BY `date` DESC LIMIT 1"));
//if there aren't any replies, then lets say so
if(empty($lastreply['date']))
{
$lastreplydate="<i>No Posts</i>";
}
//otherwise, say the date of the last reply
else
{
$lastreplydate=date("Y-m-d H:i:s", $lastreply['date']);
}
//if there aren't any replies, then lets say so
if(empty($lastreply['userid']))
{
$lasthuman="<i>No Posts</i>";
}
//otherwise, give the last user to post in the topic
else
{
$lasthuman=getusername($lastreply['userid']);
}
$new="";
if(empty($user))
{
$currenttime = time();
$timediff = $currenttime - $thread['lastactivity'];
if($timediff <= 3600)
{
$new="<img src=images/new.png>";
}
}
else
{
$userlastforumread=mysqli_fetch_assoc(mysqli_query($sql,"SELECT `date` FROM `lastforumread` WHERE `lastforumread`.`userid` = $user[id] AND `lastforumread`.`forumid` = $thread[forumid]"));
$userlastthreadread=mysqli_fetch_assoc(mysqli_query($sql,"SELECT `date` FROM `lastthreadread` WHERE `lastthreadread`.`userid` = $user[id] AND `lastthreadread`.`threadid` = $thread[id]"));
if(empty($userlastthreadread['date']))
$userlastthreaddate=NULL;
else
$userlastthreaddate=$userlastthreadread['date'];
if(empty($userlastforumread['date']))
$userlastforumdate=NULL;
else
$userlastforumdate=$userlastforumread['date'];
if(!($userlastforumdate > $thread['lastactivity'] || $userlastthreaddate > $thread['lastactivity']))
{
$new="<img src=images/new.png>";
}
}
//spit out all the data in a nice table
print "<tr>
<td nowrap $themesettings[tdStyle1Attributes] class=\"tdStyle2\">$new</td>
<td nowrap $themesettings[tdStyle1Attributes] class=\"tdStyle1\"><a href=topic.php?id=$thread[id]>$thread[name]</a></td>
<td nowrap $themesettings[tdStyle1Attributes] class=\"tdStyle2\">".getusername($thread['userid'])."</td>
<td nowrap $themesettings[tdStyle1Attributes] class=\"tdStyle2\">$lasthuman</td>
<td nowrap $themesettings[tdStyle1Attributes] class=\"tdStyle1\">$lastreplydate</td>
<td width=70 $themesettings[tdStyle1Attributes] class=\"tdStyle1\">$postnum</td>
</tr>
";
}
//Lets wrap this table and page up
print "</table>";
print "$pagelist<a href=index.php>minibord</a> - $forumname[name]$newtopic<br><br>";
printfooter();
?>

218
index.php
View File

@ -1,124 +1,144 @@
<?php
//Require the core file for logins and functions and stuff
require ('core.php');
$run=1;
$activefile=__FILE__;
//Declare some variables to check if a user submitted an empty field
$whoopsuser="";
$whoopsname="";
//Require the core file for logins and functions and stuff
require ('corefiles/core.php');
//print our header
printheader();
//If the user submitted a valid topic and username, lets add their topic to the database and tell them this
if(!empty($_POST['name']) && !empty($_POST['user']))
//If a user is marking a forum read, lets take care of that
if(!empty($_GET['action']) && $_GET['action'] == "markforumread")
{
//print message
printmessage("topic posted");
//Sanitize the forum id
$forumid=intval($_GET['id']);
//Make sure the forum exists
$doesforumexist=mysqli_fetch_array(mysqli_query($sql, "SELECT COUNT(*) FROM `forums` WHERE `id` = $forumid"));
//grab da time
$date=time();
//Insert or update the lastforumread entry for the user and forum
if($doesforumexist[0])
mysqli_query($sql,"INSERT INTO `lastforumread` (`userid`, `forumid`, `date`) VALUES ('$user[id]', $forumid, $date) ON DUPLICATE KEY UPDATE `date` = $date");
//sanitize user input so it doesn't render <script>'s and junk
$_POST['name']=htmlspecialchars($_POST['name']);
$_POST['user']=htmlspecialchars($_POST['user']);
//prepared query time; insert dat data!
$stmt = mysqli_prepare($sql,"INSERT INTO `threads` ( `date`, `lastactivity`, `name`, `user`, `ip`) VALUES (?, ?, ?, ?, ?)");
$time=time();
mysqli_stmt_bind_param($stmt,"iisss", $time, $time, $_POST['name'], $_POST['user'], $_SERVER['REMOTE_ADDR']);
mysqli_stmt_execute($stmt);
}
//If their topic name was empty, show an error message
else if(isset($_POST['name']) && empty($_POST['name']) && !empty($_POST['user']))
//If a user is marking all forums read, lets do that instead
else if(!empty($_GET['action']) && $_GET['action'] == "markallforumsread")
{
//print the error
printmessage("you left your topic field empty");
//lets be nice though and save the username they entered, so they dont have to retype it
$whoopsuser=htmlspecialchars($_POST['user']);
}
//If their username was empty, show an error message
else if(isset($_POST['user']) && empty($_POST['user']) && !empty($_POST['name']))
{
//print the error
printmessage("you left your user field empty");
//lets be nice though and save the topic name they entered, so they dont have to retype it
$whoopsname=htmlspecialchars($_POST['name']);
}
//If they didnt type *anything,* then they receive yet a different error
else if(isset($_POST['name']) && isset($_POST['user']))
{
//art thou blind? didst thou not see the entry rectangles?
printmessage("thou must type before submitting");
}
//Now lets grab our topic data and sort by how recently the topic was created (sorting by date of late post will be implemented lat0rz)
$threads=mysqli_query($sql, "SELECT * FROM `threads` ORDER BY `lastactivity` DESC");
//lets create our input table
print "<form method=\"post\" action=index.php>
<table border=1 width=345 $themesettings[tableAttributes]>
<tr><th colspan=2>create new topic</th></tr>
<tr><td>topic name: </td> <td>&nbsp<input align=right type=text value=\"$whoopsname\" maxlength=100 name=\"name\"></td></tr>
<tr><td>human name: </td> <td>&nbsp<input type=text maxlength=50 value=\"$whoopsuser\" name=\"user\"></td></tr>
<tr><td colspan=2><input type=submit value=Submit></td></tr>
</table>
</form>";
//Lets start our threads table
print "<table border=1 width=800 $themesettings[tableAttributes]>
<th>topic name</th> <th>human name</th> <th>last human</td> <th>last reply</th> <th nowrap># posts</th>";
//lets go through our topic data and spit it out
while($thread=mysqli_fetch_array($threads))
{
//grab number of posts in topic
$postnum = mysqli_num_rows(mysqli_query($sql, "SELECT `id` FROM `posts` WHERE `threadid` = $thread[id]"));
//get into on last reply
$lastreply = mysqli_fetch_array(mysqli_query($sql, "SELECT `date`, `user` FROM `posts` WHERE `threadid` = $thread[id] ORDER BY `date` DESC LIMIT 1"));
//if there aren't any replies, then lets say so
if(empty($lastreply['date']))
//grab da time
$date=time();
//Loop through all the forums, and add (or update) a lastforumread entry for each one
$forums=mysqli_query($sql,"SELECT `id` FROM `forums`");
while($forum=mysqli_fetch_array($forums))
{
$lastreplydate="<i>No Posts</i>";
mysqli_query($sql,"INSERT INTO `lastforumread` (`userid`, `forumid`, `date`) VALUES ('$user[id]', $forum[id], $date) ON DUPLICATE KEY UPDATE `date` = $date");
}
//otherwise, say the date of the last reply
else
}
print "<table $themesettings[tableAttributes] class=\"table\">
<tr><th $themesettings[thRegularAttributes] class=\"thRegular\" width=32></th>
<th $themesettings[thRegularAttributes] class=\"thRegular\">forum name</th>
<th $themesettings[thRegularAttributes] class=\"thRegular\" width=90># threads</th>
<th $themesettings[thRegularAttributes] class=\"thRegular\" width=80># posts</th>
<th $themesettings[thRegularAttributes] class=\"thRegular\" width=150>last human</th>
<th $themesettings[thRegularAttributes] class=\"thRegular\" width=200>last post</th></tr>";
$categories=mysqli_query($sql, "SELECT * FROM `categories` ORDER BY `displayorder`");
while($category=mysqli_fetch_array($categories))
{
print "<tr><th colspan=6 $themesettings[thCategoryAttributes] class=\"thCategory\">$category[name]</th></tr>";
$forums=mysqli_query($sql, "SELECT * FROM `forums` WHERE `catid` = $category[id] ORDER BY `displayorder`");
while($forum=mysqli_fetch_array($forums))
{
$lastreplydate=date("Y-m-d H:i:s", $lastreply['date']);
}
$numthreads=mysqli_num_rows(mysqli_query($sql, "SELECT NULL FROM `threads` WHERE `forumid` = $forum[id]"));
$numposts=mysqli_num_rows(mysqli_query($sql, "SELECT NULL FROM `threads` INNER JOIN `posts` ON `threads`.`id` = `posts`.`threadid` WHERE `threads`.`forumid` = $forum[id]"));
$lastpost=mysqli_fetch_array(mysqli_query($sql, "SELECT `posts`.`userid`, `posts`.`date`
FROM `threads`
INNER JOIN `posts` ON `threads`.`id` = `posts`.`threadid`
WHERE `threads`.`forumid` = $forum[id] ORDER BY `posts`.`date` DESC LIMIT 1"));
$lastactivity=mysqli_fetch_array(mysqli_query($sql, "SELECT `threads`.`lastactivity` AS `date` FROM `threads` WHERE `threads`.`forumid` = $forum[id] ORDER BY `threads`.`lastactivity` DESC LIMIT 1"));
//if there aren't any replies, then lets say so
if(empty($lastreply['user']))
{
$lasthuman="<i>No Posts</i>";
if(!empty($lastpost['userid']))
$lastpostuser=getusername($lastpost['userid']);
else
$lastpostuser="";
if(!empty($lastpost['date']))
$lastpostdate=date("Y-m-d H:i:s", $lastpost['date']);
else
$lastpostdate="<i>No Posts</i>";
$new="";
if(empty($user) && !empty($lastactivity))
{
$currenttime = time();
$timediff = $currenttime - $lastactivity['date'];
if($timediff <= 3600)
{
$new="<img src=images/new.png>";
}
}
else if(!empty($user))
{
$userlastforumread=mysqli_fetch_assoc(mysqli_query($sql,"SELECT `date` FROM `lastforumread` WHERE `lastforumread`.`userid` = $user[id] AND `lastforumread`.`forumid` = $forum[id]"));
if(empty($userlastforumread['date']))
$userlastforumdate=NULL;
else
$userlastforumdate=$userlastforumread['date'];
$numunread=mysqli_fetch_array(mysqli_query($sql, "
SELECT COUNT(*) FROM `threads`
LEFT JOIN
(SELECT `lastthreadread`.`date`,`lastthreadread`.`threadid` FROM `lastthreadread` WHERE `lastthreadread`.`userid` = $user[id])
AS `userlastthreadread`
ON `userlastthreadread`.`threadid` = `threads`.`id`
WHERE `threads`.`forumid` = $forum[id]
AND (`threads`.`lastactivity` > '$userlastforumdate' OR '$userlastforumdate' IS NULL)
AND (`threads`.`lastactivity` > `userlastthreadread`.`date` OR `userlastthreadread`.`date` IS NULL)
"));
if(!empty($numunread[0]))
{
$new="<img src=images/new.png><br>$numunread[0]";
}
}
print "<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle2\">$new</td>
<td $themesettings[tdStyle1Attributes] class=\"tdStyle1\"><a href=forum.php?id=$forum[id]>$forum[name]</a><br><div class=\"smalltext\">$forum[description]</div></td>
<td $themesettings[tdStyle2Attributes] class=\"tdStyle2\">$numthreads</td><td $themesettings[tdStyle2Attributes] class=\"tdStyle2\">$numposts</td>
<td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">$lastpostuser</td>
<td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">$lastpostdate</td></tr>";
}
//otherwise, give the last user to post in the topic
else
{
$lasthuman=$lastreply['user'];
}
//spit out all the data in a nice table
print "<tr>
<td nowrap><a href=topic.php?id=$thread[id]>$thread[name]</a></td>
<td nowrap>$thread[user]</td>
<td nowrap>$lasthuman</td>
<td nowrap>$lastreplydate</td>
<td width=70>$postnum</td>
</tr>
";
}
//Lets wrap this table and page up
print "</table>";
print "</table><br>";
printfooter();
?>

122
login.php Normal file
View File

@ -0,0 +1,122 @@
<?php
$run=1;
$activefile=__FILE__;
//Require the core file for logins and functions and stuff
require ('corefiles/core.php');
$showinputboxes=true;
if(!empty($_GET['action']) && $_GET['action'] == "logout" && !empty($user))
{
$stmt4 = mysqli_prepare($sql,"DELETE FROM `tokens` WHERE `token` = ?");
mysqli_stmt_bind_param($stmt4, "s", $_COOKIE['token']);
mysqli_stmt_execute($stmt4);
setcookie("token", "");
printheader();
printmessage("thou hast been logged out");
printfooter();
die();
}
//print our header
printheader();
if(!empty($user))
{
printmessage("thou cannot login while logged in");
printfooter();
die();
}
else if(!empty($_POST['username']) && !empty($_POST['password']) )
{
$stmt = mysqli_prepare($sql,"SELECT `id`, `password` FROM `users` WHERE `name` = ?");
$time=time();
mysqli_stmt_bind_param($stmt, "s", $_POST['username']);
mysqli_stmt_execute($stmt);
$query=mysqli_stmt_get_result($stmt);
if(mysqli_num_rows($query) == 0)
{
printmessage("user not found");
}
else
{
$userarray=mysqli_fetch_array($query);
$verified=password_verify(substr($_POST['password'], 0, 70), $userarray['password']);
if(!$verified)
{
printmessage("auth failed; please try again");
}
else
{
$new_token=bin2hex(random_bytes(30));
$duration=time() + 604800;
mysqli_query($sql, "INSERT INTO `tokens` ( `token`, `ipverification`, `ip`, `expires`, `userid`) VALUES ('$new_token', 1, '$_SERVER[REMOTE_ADDR]', $duration, $userarray[id])") or die(mysqli_error($sql));
setcookie("token", $new_token, 0, "", "", false, true);
printmessage("you are now logged in!<br><br>Click <a href=index.php>here</a> to return to the site.");
$showinputboxes=false;
}
}
}
else if(!empty($_POST['username']) && empty($_POST['password']))
{
printmessage("you left your password blank");
}
else if(empty($_POST['username']) && !empty($_POST['password']))
{
printmessage("you left your username blank");
}
else if(isset($_POST['username']) && isset($_POST['password']) )
{
printmessage("thou must type before submitting");
}
if($showinputboxes)
{
//lets create our input table
print "<form method=\"post\" action=login.php>
<table $themesettings[tableAttributes] class=\"table\">
<tr><th colspan=2 $themesettings[thRegularAttributes] class=\"thRegular\">login</th></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" width=200>human name:</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\"><input type=text length=25 width=25 name=username></td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">password:</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\"><input type=password length=70 width=25 name=password></td></tr>
<tr><td colspan=2 $themesettings[tdStyle1Attributes] class=\"tdStyle1\"><input type=submit value=Submit></tr>
</table>
</form>";
}
printfooter();
?>

224
newpost.php Normal file
View File

@ -0,0 +1,224 @@
<?php
$run=1;
$activefile=__FILE__;
//Require the core file for logins and functions and stuff
require ('corefiles/core.php');
//print our header
printheader();
//Sanitize GET data
$id=intval($_GET['id']);
//Declare some variables for making sure input input persists across POSTs
$whoopstext="";
$smiliechecked="";
//This value is used for checking if the post wants smilies disabled
$disablesmilies=0;
if(!empty($_POST['disablesmilies']))
{
$disablesmilies=1;
}
//If the GET value refers to an invalid topic, then spew a generic error and end page execution
if(mysqli_num_rows(mysqli_query($sql, "SELECT NULL FROM `threads` WHERE `id` = $id")) == 0)
die(printmessage("topic not found") . printfooter());
//Lets grab our topic and forum data
$thread=mysqli_fetch_array(mysqli_query($sql, "SELECT `threads`.`name`, `threads`.`forumid`, `forums`.`name` AS `forumname` FROM `threads` INNER JOIN `forums` ON `forums`.`id` = `threads`.`forumid` WHERE `threads`.`id` = $id"));
//If the user isn't logged in, dont let them post!
if(empty($user))
{
printmessage("you must be logged in to post");
printfooter();
die();
}
//If the user submitted valid text and username, lets add their post to the database and tell them this
if(!empty($_POST['text']) && !empty($_POST['action']) && $_POST['action'] == "Submit")
{
//Check if html is allowed
if($options['enableHTML'] == true)
{
//If so, check if we're cleaning it up
if($options['enablehtmLawed'] == true)
{
require_once($options['htmLawedPath']);
$_POST['text'] = htmLawed($_POST['text'], $options['htmLawedconfig']);
}
//If not, then just...use the unsanitzed html :(
else
$_POST['text']=$_POST['text'];
}
else
{
//If its not enabled, let's just strip everything out
$_POST['text']=htmlspecialchars($_POST['text']);
}
//prepared query time; insert dat data!
$stmt = mysqli_prepare($sql,"INSERT INTO `posts` ( `threadid`, `date`, `text`, `userid`, `ip`, `disablesmilies`) VALUES (?, ?, ?, ?, ?, ?)");
$time=time();
mysqli_stmt_bind_param($stmt,"iisisi", $id, $time, $_POST['text'], $user['id'], $_SERVER['REMOTE_ADDR'], $disablesmilies);
mysqli_stmt_execute($stmt);
//now lets update the thread's last activity
$stmt = mysqli_prepare($sql,"UPDATE `threads` SET `lastactivity` = ? WHERE `id` = $id");
mysqli_stmt_bind_param($stmt,"i", $time);
mysqli_stmt_execute($stmt);
//print message
printmessage("Reply has been posted!<br>Click <a href=topic.php?id=$id>here</a> to return to the thread");
printfooter();
die();
}
//print the topic name and a link back to the topic list
print "<a href=index.php>minibord</a> - <a href=forum.php?id=$thread[forumid]>$thread[forumname]</a> - <a href=topic.php?id=$id>$thread[name]</a> - new post<br><br>";
if(!empty($_POST['text']) && !empty($_POST['action']) && $_POST['action'] == "Preview")
{
//Check if html is allowed
if($options['enableHTML'] == true)
{
//If so, check if we're cleaning it up
if($options['enablehtmLawed'] == true)
{
require_once($options['htmLawedPath']);
$_POST['text'] = htmLawed($_POST['text'], $options['htmLawedconfig']);
}
//If not, then just...use the unsanitzed html :(
else
$_POST['text']=$_POST['text'];
}
else
{
//If its not enabled, let's just strip everything out
$_POST['text']=htmlspecialchars($_POST['text']);
}
//Grab user input for the input field (after it's been optionally processed, that way a user can correct errors
$whoopstext=$_POST['text'];
//Lets make sure those disablesmilies and disablehtml boxes stay checked (or unchecked)
if($disablesmilies==true)
$smiliechecked="checked";
//Lets start our preview table
print "<table border=1 width=800 $themesettings[tableAttributes] class=\"table\">";
$avatar="";
if(!empty($user['avatarurl']))
{
$avatar="<img src=$user[avatarurl] style=\"max-width: 150px, max-height: 150px\"><br><br>";
}
$title="<br>";
if(!empty($user['title']))
{
$title="<br><div class=\"smalltext\">$user[title]</div>";
}
//Check if they want smilies disabled or not
if($disablesmilies == false)
{
$_POST['text']=showsmilies($_POST['text']);
}
//Print the post; use nl2br() to process line breaks so they look right
print "<tr><td rowspan=2 valign=top nowrap $themesettings[tdStyle1Attributes] class=\"tdStyle1\" width=200>".getusername($user['id'])."$title<br>$avatar</td>
<td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" valign=top>$user[postheader]".nl2br($_POST['text'],false)."<br><br>$user[postfooter]</td></tr>
<tr><td nowrap $themesettings[tdStyle1Attributes] class=\"tdStyle1\" height=10>Date: ".date("Y-m-d H:i:s", time())."</td></tr></table><br>";
}
//If they gave absolutely nothing when something, anything, was expected, then lets tell them this
else if(isset($_POST['text']))
{
//art thou blind? didst thou not see the entry rectangles?
printmessage("thou must type before submitting");
}
//Heres our input form so users can add more posts
print "<table border=1 width=345 $themesettings[tableAttributes] class=\"table\">
<form method=\"post\">
<tr><th colspan=2 $themesettings[thRegularAttributes] class=\"thRegular\">reply</th></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" width=100>text:</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">&nbsp<textarea cols=21 name=\"text\">$whoopstext</textarea></td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">&nbsp;</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">&nbsp;
<input type=submit name=\"action\" value=Submit>
<input type=submit name=\"action\" value=Preview>
<input type=\"checkbox\" name=\"disablesmilies\" value=\"1\" $smiliechecked>Disable Smilies
</td></tr></form></table><br>";
//Now lets grab some post history and order it descending
$posts=mysqli_query($sql, "SELECT `posts`.* FROM `posts` WHERE `threadid` = $id ORDER BY `date` DESC LIMIT 10");
//Lets start our table
print "<table border=1 width=800 $themesettings[tableAttributes] class=\"table\">
<tr><th colspan=2 $themesettings[thRegularAttributes] class=\"thRegular\">topic history</th></tr>
";
//go through the posts data
while($post=mysqli_fetch_array($posts))
{
//Let's clean up HTML just in case HTML was enabled at some point and then disabled
if($options['enableHTML'] == false && $options['sanitizeExistingIfHTMLDisabled'] == true)
{
//The extra options prevent existing HTML entities from being re-escaped
$post['text']=htmlspecialchars($post['text'], ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, NULL, false);
}
if($post['disablesmilies'] == false)
{
$post['text']=showsmilies($post['text']);
}
//Print each post; use nl2br() to process line breaks so they look right
print "<tr><td valign=top nowrap $themesettings[tdStyle1Attributes] class=\"tdStyle1\" width=200>".getusername($post['userid'])."</td>
<td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" valign=top>".nl2br($post['text'],false)."</td></tr>
";
}
//End the post table
print "</table><br>";
//print the topic name and a link back to the topic list
print "<a href=index.php>minibord</a> - <a href=forum.php?id=$thread[forumid]>$thread[forumname]</a> - <a href=topic.php?id=$id>$thread[name]</a> - new post<br><br>";
//print our footer and call it a day
printfooter();
?>

222
newtopic.php Normal file
View File

@ -0,0 +1,222 @@
<?php
$run=1;
$activefile=__FILE__;
//Require the core file for logins and functions and stuff
require ('corefiles/core.php');
//print our header
printheader();
//Sanitize GET data
$id=intval($_GET['id']);
//Declare some variables to check if a user submitted an empty field
$whoopstext="";
$whoopsname="";
$smiliechecked="";
//This value is used for checking if the post wants smilies disabled
$disablesmilies=0;
if(!empty($_POST['disablesmilies']))
{
$disablesmilies=1;
}
//If the GET value refers to an invalid forum, then spew a generic error and end page execution
if(mysqli_num_rows(mysqli_query($sql, "SELECT NULL FROM `forums` WHERE `id` = $id")) == 0)
die(printmessage("forum not found") . printfooter());
//Lets grab our forum data
$forum=mysqli_fetch_array(mysqli_query($sql, "SELECT `forums`.`name` FROM `forums` WHERE `forums`.`id` = $id"));
//print the forum name and a link back to the thread list
print "<a href=index.php>minibord</a> - <a href=forum.php?id=$id>$forum[name]</a> - new topic<br><br>";
//If the user isn't logged in, dont let them post!
if(empty($user))
{
printmessage("you must be logged in to create a new topic");
printfooter();
die();
}
//If the user submitted valid text and username, lets add their post to the database and tell them this
if(!empty($_POST['text']) && !empty($_POST['name']) && !empty($_POST['action']) && $_POST['action'] == "Submit")
{
//Check if html is allowed
if($options['enableHTML'] == true)
{
//If so, check if we're cleaning it up
if($options['enablehtmLawed'] == true)
{
require_once($options['htmLawedPath']);
$_POST['text'] = htmLawed($_POST['text'], $options['htmLawedconfig']);
}
//If not, then just...use the unsanitzed html :(
else
$_POST['text']=$_POST['text'];
}
else
{
//If its not enabled, let's just strip everything out
$_POST['text']=htmlspecialchars($_POST['text']);
}
//sanitize thread title so it doesn't render <script>'s and junk; the post's text is sanitized at run-time
$_POST['name']=htmlspecialchars($_POST['name']);
//prepared query time; insert dat data!
//first, add the thread
$stmt = mysqli_prepare($sql,"INSERT INTO `threads` ( `forumid`, `name`, `date`, `userid`, `ip`, `lastactivity`) VALUES (?, ?, ?, ?, ?, ?)");
$time=time();
mysqli_stmt_bind_param($stmt,"isiisi", $id, $_POST['name'], $time, $user['id'], $_SERVER['REMOTE_ADDR'], $time);
mysqli_stmt_execute($stmt);
//get the thread id from that
$threadid=mysqli_insert_id($sql);
//then the post
$stmt = mysqli_prepare($sql,"INSERT INTO `posts` ( `threadid`, `date`, `text`, `userid`, `ip`, `disablesmilies`) VALUES (?, ?, ?, ?, ?, ?)");
$time=time();
mysqli_stmt_bind_param($stmt,"iisisi", $threadid, $time, $_POST['text'], $user['id'], $_SERVER['REMOTE_ADDR'], $disablesmilies);
mysqli_stmt_execute($stmt);
//print message
printmessage("Topic has been posted!<br>Click <a href=topic.php?id=$threadid>here</a> to return to go to the thread");
printfooter();
die();
}
else if(!empty($_POST['text']) && !empty($_POST['name']) && !empty($_POST['action']) && $_POST['action'] == "Preview")
{
//Check if html is allowed
if($options['enableHTML'] == true)
{
//If so, check if we're cleaning it up
if($options['enablehtmLawed'] == true)
{
require_once($options['htmLawedPath']);
$_POST['text'] = htmLawed($_POST['text'], $options['htmLawedconfig']);
}
//If not, then just...use the unsanitzed html :(
else
$_POST['text']=$_POST['text'];
}
else
{
//If its not enabled, let's just strip everything out
$_POST['text']=htmlspecialchars($_POST['text']);
}
//Grab user input for the input field (after it's been optionally processed, that way a user can correct errors
$whoopstext=$_POST['text'];
//Lets make sure those disablesmilies and disablehtml boxes stay checked (or unchecked)
if($disablesmilies==true)
$smiliechecked="checked";
//Grab the topic name too
$whoopsname=htmlspecialchars($_POST['name']);
//Lets start our preview table
print "<table border=1 width=800 $themesettings[tableAttributes] class=\"table\">";
$avatar="";
if(!empty($user['avatarurl']))
{
$avatar="<img src=$user[avatarurl] style=\"max-width: 150px, max-height: 150px\"><br><br>";
}
$title="<br>";
if(!empty($user['title']))
{
$title="<br><div class=\"smalltext\">$user[title]</div>";
}
//Check if they want smilies disabled or not
if($disablesmilies == false)
{
$_POST['text']=showsmilies($_POST['text']);
}
print "<tr><th colspan=2 $themesettings[thRegularAttributes] class=\"thRegular\">topic preview</th></tr>
<tr><td colspan=2 $themesettings[tdStyle1Attributes] class=\"tdStyle1\"><b>".htmlspecialchars($_POST['name'])."</b></th></tr>
<tr><td rowspan=2 valign=top nowrap $themesettings[tdStyle1Attributes] class=\"tdStyle1\" width=200>".getusername($user['id'])."$title<br>$avatar</td>
<td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" valign=top>$user[postheader]".nl2br($_POST['text'],false)."<br><br>$user[postfooter]</td></tr>
<tr><td nowrap $themesettings[tdStyle1Attributes] class=\"tdStyle1\" height=10>Date: ".date("Y-m-d H:i:s", time())."</td></tr></table><br>";
}
else if(!empty($_POST['text']) && empty($_POST['name']) && !empty($_POST['action']))
{
$whoopstext=$_POST['text'];
printmessage("thou must type a name for thou topic");
}
else if(empty($_POST['text']) && !empty($_POST['name']) && !empty($_POST['action']))
{
$whoopsname=$_POST['name'];
printmessage("thou must type a message for thou topic");
}
else if(empty($_POST['text']) && empty($_POST['name']) && !empty($_POST['action']))
{
printmessage("thou must type before submitting");
}
//Heres our input form so users can add a new topic
print "<table border=1 width=345 $themesettings[tableAttributes] class=\"table\">
<form method=\"post\">
<tr><th colspan=2 $themesettings[thRegularAttributes] class=\"thRegular\">new topic</th></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" width=100>name:</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">&nbsp<input type=\"text\" maxlength=100 name=\"name\" value=\"$whoopsname\"></td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" width=100>text:</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">&nbsp<textarea cols=21 name=\"text\">$whoopstext</textarea></td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">&nbsp;</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">&nbsp;
<input type=submit name=\"action\" value=Submit>
<input type=submit name=\"action\" value=Preview>
<input type=\"checkbox\" name=\"disablesmilies\" value=\"1\" $smiliechecked>Disable Smilies
</td></tr></form></table><br>";
//print the forum name and a link back to the thread list
print "<a href=index.php>minibord</a> - <a href=forum.php?id=$id>$forum[name]</a> - new topic<br><br>";
//print our footer and call it a day
printfooter();
?>

140
profile.php Normal file
View File

@ -0,0 +1,140 @@
<?php
$run=1;
$activefile=__FILE__;
//Require the core file for logins and functions and stuff
require ('corefiles/core.php');
//print our header
printheader();
//Sanitize our data
$id=intval($_GET['id']);
//If the GET value refers to an invalid user, then spew a generic error and end page execution
if(mysqli_num_rows(mysqli_query($sql, "SELECT NULL FROM `users` WHERE `id` = $id")) == 0)
printdiemessage("no data");
$userdata=mysqli_fetch_array(mysqli_query($sql, "SELECT `avatarurl`, `regdate`, `birthday`, `homepageurl`, `homepagename`, `email`, `bio`, `postheader`, `postfooter`, `lastview`, `name`,
(SELECT COUNT(*) FROM `posts` WHERE `userid` = $id) AS `numposts`,
(SELECT COUNT(*) FROM `threads` WHERE `userid` = $id) AS `numthreads`
FROM `users`
WHERE `id` = $id LIMIT 1"));
//Clean up pre-stored HTML if HTML is disabled and sanitizeExistingIfHTMLDisabled is true
if($options['enableHTML'] == false && $options['sanitizeExistingIfHTMLDisabled'] == true)
{
//The extra options prevent existing HTML entities from being re-escaped
$userdata['bio']=htmlspecialchars($userdata['bio'], ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, NULL, false);
$userdata['postheader']=htmlspecialchars($userdata['postheader'], ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, NULL, false);
$userdata['postfooter']=htmlspecialchars($userdata['postfooter'], ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, NULL, false);
}
$lastpost=mysqli_fetch_array(mysqli_query($sql, "SELECT `posts`.`date`, `threads`.`name`, `posts`.`threadid` FROM `posts` INNER JOIN `threads` ON `posts`.`threadid` = `threads`.`id` WHERE `posts`.`userid` = $id ORDER BY `posts`.`date` DESC LIMIT 1"));
$avatar="";
if(!empty($userdata['avatarurl']))
{
$avatar="<img src=$userdata[avatarurl] style=\"max-width: 150px, max-height: 150px\"><br><br>";
}
if(!empty($userdata['homepagename']) && !empty($userdata['homepageurl']))
{
$homepage="<a href=\"$userdata[homepageurl]\">$userdata[homepagename]</a> - $userdata[homepageurl]";
}
elseif(!empty($userdata['homepageurl']))
{
$homepage="<a href=\"$userdata[homepageurl]\">$userdata[homepageurl]</a>";
}
else
{
$homepage="";
}
$email="";
if(!empty($userdata['email']))
{
$email=str_replace("@", " guess what ", $userdata['email']);
}
$birthday="";
if(!empty($userdata['birthday']))
{
$birthday=date("Y-m-d", $userdata['birthday']);
}
$lastview="<i>Never Active</i>";
if(!empty($userdata['lastview']))
{
$lastview=date("Y-m-d H:i:s", $userdata['lastview']);
}
$lastpostdate="<i>No Posts</i>";
if(!empty($lastpost['date']))
{
$lastpostdate=date("Y-m-d H:i:s", $lastpost['date'])." in <a href=topic.php?id=$lastpost[threadid]>$lastpost[name]</a>";
}
$title="<br>";
if(!empty($userdata['title']))
{
$title="<br><div class=\"smalltext\">$userdata[title]</div>";
}
print "<table $themesettings[tableAttributes] class=\"table\" >
<tr><th colspan=2 $themesettings[thRegularAttributes] class=\"thRegular\" >Profile for $userdata[name]</th></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" class=\"thRegular\" width=200># posts</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">$userdata[numposts]</td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" class=\"thRegular\"># threads</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">$userdata[numthreads]</td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" class=\"thRegular\">registered on</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">".date("Y-m-d H:i:s", $userdata['regdate'])."</td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" class=\"thRegular\">last post</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">$lastpostdate</td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" class=\"thRegular\">last page view</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">$lastview</td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" class=\"thRegular\">Birthday</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">$birthday</td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" class=\"thRegular\">Homepage</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">$homepage</td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" class=\"thRegular\">Email</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">$email</td></tr>
</table>
<br><br>
<table $themesettings[tableAttributes] class=\"table\" >
<tr><th $themesettings[thRegularAttributes] class=\"thRegular\" >Bio</th></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">".nl2br($userdata['bio'])."</td></tr>
</table>
<br><br>
<table $themesettings[tableAttributes] class=\"table\" >
<tr><th colspan=2 $themesettings[thRegularAttributes] class=\"thRegular\" >Sample post</th></tr>
<tr><td rowspan=2 valign=top nowrap $themesettings[tdStyle1Attributes] class=\"tdStyle1\" width=200>".getusername($id)."$title<br>$avatar</td>
<td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" class=\"thRegular\" valign=top>$userdata[postheader]
This is a test post.
<br>Blah.
<br>Blah..
<br>Blah...
<br><br>$userdata[postfooter]
</td></tr>
<tr><td nowrap $themesettings[tdStyle1Attributes] class=\"tdStyle1\" height=10>Date: ".date("Y-m-d H:i:s", 1530964800)."</td></tr>
</table>
<br>
";
printfooter();
?>

124
register.php Normal file
View File

@ -0,0 +1,124 @@
<?php
$run=1;
//Require the core file for logins and functions and stuff
require ('corefiles/core.php');
//print our header
printheader();
$showinputboxes=true;
$whoopsuser="";
$whoopspassword="";
$userlist=mysqli_query($sql, "SELECT `regip` FROM `users`");
$accountsonip=0;
while($userrow=mysqli_fetch_array($userlist))
{
if($_SERVER['REMOTE_ADDR'] == $userrow['regip'])
$accountsonip++;
}
$isnametaken=0;
if(!empty($_POST['username']))
{
$_POST['username']=substr($_POST['username'], 0, 25);
$stmt = mysqli_prepare($sql,"SELECT `id` FROM `users` WHERE `name` = ?");
mysqli_stmt_bind_param($stmt, "s", $_POST['username']);
mysqli_stmt_execute($stmt);
$query=mysqli_stmt_get_result($stmt);
if(mysqli_num_rows($query) >= 1)
$isnametaken = 1;
}
if(!empty($user))
{
printmessage("you cannot register while logged in");
printfooter();
die();
}
else if($isnametaken)
{
printmessage("that username is in use!");
}
else if($accountsonip >=2)
{
printmessage("you can't make more than 2 accounts per ip!");
printfooter();
die();
}
else if(!empty($_POST['username']) && !empty($_POST['password']) )
{
//sanitize user input so it doesn't render <script>'s and junk and also truncate it to 25 characters
$_POST['username']=htmlspecialchars(substr($_POST['username'], 0, 25));
//time to hash the users password
$hashedpassword=password_hash(substr($_POST['password'], 0, 70), PASSWORD_DEFAULT);
//prepared query time; insert dat data!
$stmt1 = mysqli_prepare($sql,"INSERT INTO `users` ( `name`, `password`, `regip`, `regdate`) VALUES (?, ?, ?, ?)");
$time=time();
mysqli_stmt_bind_param($stmt1,"sssi", $_POST['username'], $hashedpassword, $_SERVER['REMOTE_ADDR'], $time);
mysqli_stmt_execute($stmt1);
printmessage("Your account has been successfully added.<br><br>
Click <a href=login.php>here</a> to login to the site.<br>");
$showinputboxes=false;
}
else if(!empty($_POST['username']) && empty($_POST['password']))
{
printmessage("you left your password blank");
$whoopsuser=htmlspecialchars($_POST['username']);
}
else if(empty($_POST['username']) && !empty($_POST['password']))
{
printmessage("you left your username blank");
}
else if(isset($_POST['username']) && isset($_POST['password']) )
{
printmessage("thou must type before submitting");
}
if($showinputboxes)
{
//lets create our input table
print "<form method=\"post\" action=register.php>
<table $themesettings[tableAttributes] class=\"table\">
<tr><th colspan=2 $themesettings[thRegularAttributes] class=\"thRegular\">register</th></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" width=200>human name:</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\"><input type=text length=25 width=25 name=username value=\"$whoopsuser\"></td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">password:</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\"><input type=password length=70 width=25 name=password></td></tr>
<tr><td colspan=2 $themesettings[tdStyle1Attributes] class=\"tdStyle1\"><input type=submit value=Submit></tr>
</table>
</form>";
}
printfooter();
?>

9
rss.php
View File

@ -1,7 +1,10 @@
<?php
$run=1;
$activefile=__FILE__;
//Require the core file for logins and functions and stuff
require ('core.php');
require ('corefiles/core.php');
//Lets print the XML header and stuff
print "<?xml version='1.0' encoding='UTF-8'?>
@ -14,7 +17,7 @@ print "<?xml version='1.0' encoding='UTF-8'?>
<language>en-us</language>";
//Grab our topic and post data
$content=mysqli_query($sql,"SELECT `threads`.`name`, `posts`.`text`, `posts`.`user`, `threads`.`id`, `posts`.`date` FROM `posts` INNER JOIN `threads` ON `threads`.`id` = `posts`.`threadid` ORDER BY `date` DESC");
$content=mysqli_query($sql,"SELECT `threads`.`name`, `posts`.`text`, `posts`.`userid`, `threads`.`id`, `posts`.`date`, `users`.`name` AS `username` FROM `posts` INNER JOIN `threads` ON `threads`.`id` = `posts`.`threadid` INNER JOIN `users` ON `users`.`id` = `posts`.`userid` ORDER BY `date` DESC LIMIT $options[rssLimit]");
//nd lets go through it
while($post=mysqli_fetch_array($content))
@ -24,7 +27,7 @@ while($post=mysqli_fetch_array($content))
<item>
<title>$post[name]</title>
<link>$siteroot"."topic.php?id=$post[id]</link>
<description>$post[text]</description>
<description>$post[username] - $post[text]</description>
<pubDate>".date(DATE_RSS, $post['date'])."</pubDate>
</item>";
}

17
settings.php
View File

@ -1,7 +1,10 @@
<?php
$run=1;
$activefile=__FILE__;
//Require the core file for logins and functions and stuff
require ('core.php');
require ('corefiles/core.php');
//print our header
printheader();
@ -20,7 +23,7 @@ if(!empty($_POST['submitSettings']))
else
{
//lets get the list of themes
$themes=mysqli_query($sql,"SELECT `id`, `name` FROM `themes`");
$themes=mysqli_query($sql,"SELECT `id`, `name` FROM `themes` ORDER BY `displayorder`");
//lets generate a select menu
@ -42,11 +45,11 @@ else
//lets create our input table
print "<form method=\"post\" action=settings.php>
<table border=1 width=345 $themesettings[tableAttributes]>
<tr><th colspan=2>settings</th></tr>
<tr><td colspan=2>note: saved to cookies</td></tr>
<tr><td>theme: </td> <td>&nbsp$selectMenu</td></tr>
<tr><td colspan=2><input type=submit value=Submit><input type=hidden name=submitSettings value=true</td></tr>
<table $themesettings[tableAttributes] class=\"table\">
<tr><th colspan=2 $themesettings[thRegularAttributes] class=\"thRegular\">settings</th></tr>
<tr><td colspan=2 $themesettings[tdStyle1Attributes] class=\"tdStyle1\">note: saved to cookies</td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" width=100>theme: </td> <td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">&nbsp$selectMenu</td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">&nbsp;</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">&nbsp;<input type=submit value=Submit><input type=hidden name=submitSettings value=true</td></tr>
</table>
</form>";
}

101
smilies.php Normal file
View File

@ -0,0 +1,101 @@
<?php
$run=1;
$activefile=__FILE__;
//Require the core file for logins and functions and stuff
require ('corefiles/core.php');
//print our header
printheader();
print "<head>$themesettings[styletag]</head><body $themesettings[bodyAttributes] class=\"body\">";
$smilies=mysqli_query($sql, "SELECT * FROM `smilies` ORDER BY `displayorder`");
$numsmilies=mysqli_num_rows($smilies);
$found=false;
$numrowscols=1;
for($i = 1; $found == false; $i++)
{
if(pow($i, 2) == $numsmilies)
{
$found=true;
$numrowscols=$i;
}
if(($numsmilies % pow($i, 2)) == $numsmilies)
{
$found=true;
$numrowscols=$i;
}
}
print "<!--<table width=100% height=100%><tr><td align=center valign=middle> --><center>Smilies<table $themesettings[tableAttributes] class=\"table\" style=\"width: 500px;\">";
$col=1;
$row=1;
$startrow=true;
while($smilie=mysqli_fetch_array($smilies))
{
if($col==1)
{
print "<tr>";
}
print"<td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" width=50><img src=\"$smilie[image]\"></td><td $themesettings[tdStyle2Attributes] class=\"tdStyle2\" width=50>$smilie[code]</td>";
if($col == $numrowscols)
{
print "</tr>";
$col=1;
$row++;
$startrow=true;
}
else
{
$col++;
$startrow=false;
}
}
/*
for($r = $row; $r<=$numrowscols; $r++)
{
if($startrow==true)
{
print"<tr>";
}
*/
if($startrow==false)
{
for($c = $col; $c<=$numrowscols; $c++)
{
print"<td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" width=50>&nbsp;</td><td $themesettings[tdStyle2Attributes] class=\"tdStyle2\" width=50>&nbsp;</td>";
}
}
/*
$col=1;
print "<tr>";
}
*/
print "</table><!--</td></tr></table> --></center><br>";
printfooter();
?>

176
topic.php
View File

@ -1,11 +1,19 @@
<?php
$run=1;
$activefile=__FILE__;
//Require the core file for logins and functions and stuff
require ('core.php');
require ('corefiles/core.php');
//Sanitize GET data
$id=intval($_GET['id']);
if(!empty($_GET['page']) && empty($_GET['page']) >= 0)
$page=intval($_GET['page']);
else
$page=0;
//Declare some variables to check if a user submitted an empty field
$whoopsuser="";
$whoopstext="";
@ -13,92 +21,128 @@ $whoopstext="";
//print our header
printheader();
//Let's set the user's lastthreadview if they're logged in, and also show the "new posts" link
$newpost="";
if(!empty($user))
{
$date=time();
mysqli_query($sql,"INSERT INTO `lastthreadread` (`userid`, `threadid`, `date`) VALUES ('$user[id]', $id, $date) ON DUPLICATE KEY UPDATE `date` = $date");
$newpost="<span class=\"smalltext\" style=\"float: right\"><a href=newpost.php?id=$id>new post</a></span>";
}
//If the GET value refers to an invalid topic, then spew a generic error and end page execution
if(mysqli_num_rows(mysqli_query($sql, "SELECT * FROM `threads` WHERE `id` = $id")) == 0)
if(mysqli_num_rows(mysqli_query($sql, "SELECT NULL FROM `threads` WHERE `id` = $id")) == 0)
die(printmessage("no data"));
//Lets grab our topic data
$thread=mysqli_fetch_array(mysqli_query($sql, "SELECT `name` FROM `threads` WHERE `id` = $id"));
//Lets grab our topic and forum data
$thread=mysqli_fetch_array(mysqli_query($sql, "SELECT `threads`.`name`, `threads`.`forumid`, `forums`.`name` AS `forumname` FROM `threads` INNER JOIN `forums` ON `forums`.`id` = `threads`.`forumid` WHERE `threads`.`id` = $id "));
//Calculate range of data to grab
$low = 20 * $page;
//count number of posts
$numposts=mysqli_fetch_array(mysqli_query($sql, "SELECT COUNT(*) FROM `posts` WHERE `threadid` = $id"));
$pagelist="<div class=\"smalltext\">Pages: ";
$numpages=(ceil($numposts[0]/20) - 1);
for($i = 0; $i <= $numpages; $i++)
{
$p = $i + 1;
if($i == $page)
$pagelist.="$p ";
else
$pagelist.="<a href=topic.php?id=$id&page=$i>$p</a> ";
}
$pagelist.="</div>";
//print the topic name and a link back to the topic list
print "<a href=index.php>minibord</a> - $thread[name]<br><br>";
print "<a href=index.php>minibord</a> - <a href=forum.php?id=$thread[forumid]>$thread[forumname]</a> - $thread[name]$newpost<br>$pagelist";
//If the user submitted valid text and username, lets add their post to the database and tell them this
if(!empty($_POST['text']) && !empty($_POST['user']))
{
//print message
printmessage("reply posted");
//sanitize user input so it doesn't render <script>'s and junk
$_POST['text']=htmlspecialchars($_POST['text']);
$_POST['user']=htmlspecialchars($_POST['user']);
//prepared query time; insert dat data!
$stmt = mysqli_prepare($sql,"INSERT INTO `posts` ( `threadid`, `date`, `text`, `user`, `ip`) VALUES (?, ?, ?, ?, ?)");
$time=time();
mysqli_stmt_bind_param($stmt,"iisss", $id, $time, $_POST['text'], $_POST['user'], $_SERVER['REMOTE_ADDR']);
mysqli_stmt_execute($stmt);
//now lets update the thread's last activity
$stmt = mysqli_prepare($sql,"UPDATE `threads` SET `lastactivity` = ? WHERE `id` = $id");
mysqli_stmt_bind_param($stmt,"i", $time);
mysqli_stmt_execute($stmt);
}
//If their text field was empty, show an error message
else if(isset($_POST['text']) && empty($_POST['text']) && !empty($_POST['user']))
{
//print the error
printmessage("you left your text field empty");
//lets be nice though and save the username they entered, so they dont have to retype it
$whoopsuser=htmlspecialchars($_POST['user']);
}
//If their username was empty, show an error message
else if(isset($_POST['user']) && empty($_POST['user']) && !empty($_POST['text']))
{
//print the error
printmessage("you left your user field empty");
//lets be *very* nice and save the text they entered, so they dont have to retype that juicy post
$whoopstext=htmlspecialchars($_POST['text']);
}
//If they gave absolutely nothing when something, anything, was expected, then lets tell them this
else if(isset($_POST['text']) && isset($_POST['user']))
{
//art thou blind? didst thou not see the entry rectangles?
printmessage("thou must type before submitting");
}
//Now lets grab our posts and order them by the date they were submitted
$posts=mysqli_query($sql, "SELECT * FROM `posts` WHERE `threadid` = $id ORDER BY `date`");
$posts=mysqli_query($sql, "SELECT `posts`.* FROM `posts` WHERE `threadid` = $id ORDER BY `date` LIMIT $low,20");
//$posts=mysqli_query($sql, "SELECT `posts`.* FROM `posts` WHERE `threadid` = $id ORDER BY `date`");
//Lets start our table
print "<table border=1 width=800 $themesettings[tableAttributes]>";
print "<table border=1 width=800 $themesettings[tableAttributes] class=\"table\">";
//go through the posts data
while($post=mysqli_fetch_array($posts))
{
$userdata=mysqli_fetch_assoc(mysqli_query($sql,"SELECT `avatarurl`, `lastview`, `title`, `postheader`, `postfooter` FROM `users` WHERE `id` = $post[userid]"));
$avatar="";
if(!empty($userdata['avatarurl']))
{
$avatar="<img src=$userdata[avatarurl] style=\"max-width: 150px, max-height: 150px\"><br><br>";
}
$title="<br>";
if(!empty($userdata['title']))
{
$title="<br><div class=\"smalltext\">$userdata[title]</div>";
}
//Clean up pre-stored HTML if HTML is disabled and sanitizeExistingIfHTMLDisabled is true
if($options['enableHTML'] == false && $options['sanitizeExistingIfHTMLDisabled'] == true)
{
//The extra options prevent existing HTML entities from being re-escaped
$post['text']=htmlspecialchars($post['text'], ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, NULL, false);
$userdata['postheader']=htmlspecialchars($userdata['postheader'], ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, NULL, false);
$userdata['postfooter']=htmlspecialchars($userdata['postfooter'], ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, NULL, false);
}
if($post['disablesmilies'] == false)
{
$post['text']=showsmilies($post['text']);
}
//Print each post; use nl2br() to process line breaks so they look right
print "<tr><td rowspan=2 valign=top nowrap>$post[user]</td>
<td>".nl2br($post['text'],false)."</td></tr>
<tr><td nowrap>Date: ".date("Y-m-d H:i:s", $post['date'])."</td></tr>";
print "<tr><td rowspan=2 valign=top nowrap $themesettings[tdStyle1Attributes] class=\"tdStyle1\" width=200>".getusername($post['userid'])."$title<br>$avatar</td>
<td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" valign=top>$userdata[postheader]".nl2br($post['text'],false)."<br><br>$userdata[postfooter]</td></tr>
<tr><td nowrap $themesettings[tdStyle1Attributes] class=\"tdStyle1\" height=10>Date: ".date("Y-m-d H:i:s", $post['date'])."</td></tr>";
}
//End the post table
print "</table><br>";
print "</table>";
//print the topic name and a link back to the topic list
print "$pagelist<a href=index.php>minibord</a> - <a href=forum.php?id=$thread[forumid]>$thread[forumname]</a> - $thread[name]$newpost<br><br>";
if(!empty($user))
{
//Heres our input form so users can add more posts
print "<table border=1 width=345 $themesettings[tableAttributes]>
<form method=\"post\">
<tr><th colspan=2>reply</th></tr>
<tr><td>text:</td><td>&nbsp<textarea cols=21 name=\"text\">$whoopstext</textarea></td></tr>
<tr><td>human name: </td><td>&nbsp<input type=text maxlength=50 value=\"$whoopsuser\" name=\"user\"></td></tr>
<tr><td colspan=2><input type=submit value=Submit></td></tr></form></table>";
print "<table border=1 width=345 $themesettings[tableAttributes] class=\"table\">
<form method=\"post\" action=\"newpost.php?id=$id\">
<tr><th colspan=2 $themesettings[thRegularAttributes] class=\"thRegular\">quick reply</th></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\" width=100>text:</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">&nbsp<textarea cols=21 name=\"text\">$whoopstext</textarea></td></tr>
<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">&nbsp;</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">&nbsp;
<input type=submit name=\"action\" value=Submit>
<input type=submit name=\"action\" value=Preview>
<input type=\"checkbox\" name=\"disablesmilies\" value=\"1\">Disable Smilies
</td></td></tr></form></table><br>";
}
//print our footer and call it a day
printfooter();

26
userlist.php Normal file
View File

@ -0,0 +1,26 @@
<?php
$run=1;
$activefile=__FILE__;
//Require the core file for logins and functions and stuff
require ('corefiles/core.php');
//print our header
printheader();
print "<table $themesettings[tableAttributes] class=\"table\">
<tr><th $themesettings[thRegularAttributes] class=\"thRegular\">username</th><th $themesettings[thRegularAttributes] class=\"thRegular\" width=200>date registered</th><th $themesettings[thRegularAttributes] class=\"thRegular\" width=80># posts</th></tr>";
$users_query=mysqli_query($sql, "SELECT `id`, `regdate`, (SELECT COUNT(*) FROM `posts` WHERE `userid` = `users`.`id`) AS `numposts` FROM `users` ORDER BY `numposts` DESC");
while($users_data=mysqli_fetch_array($users_query))
{
print "<tr><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">".getusername($users_data['id'])."</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">".date("Y-m-d H:i:s", $users_data['regdate'])."</td><td $themesettings[tdStyle1Attributes] class=\"tdStyle1\">$users_data[numposts]</td></tr>";
}
print "</table><br>";
printfooter();
?>