XMB PHP Cross Reference Discussion Forums

Source: /memcp.php - 888 lines - 35463 bytes - Summary - Text - Print

Description: eXtreme Message Board XMB 1.9.11

   1  <?php
   2  /**
   3   * eXtreme Message Board
   4   * XMB 1.9.11
   5   *
   6   * Developed And Maintained By The XMB Group
   7   * Copyright (c) 2001-2012, The XMB Group
   8   * http://www.xmbforum2.com/
   9   *
  10   * This program is free software; you can redistribute it and/or
  11   * modify it under the terms of the GNU General Public License
  12   * as published by the Free Software Foundation; either version 2
  13   * of the License, or (at your option) any later version.
  14   *
  15   * This program is distributed in the hope that it will be useful,
  16   * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18   * GNU General Public License for more details.
  19   *
  20   * You should have received a copy of the GNU General Public License
  21   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22   *
  23   **/
  24  
  25  define('X_SCRIPT', 'memcp.php');
  26  
  27  require  'header.php';
  28  
  29  header('X-Robots-Tag: noindex');
  30  
  31  loadtemplates(
  32  'buddylist_buddy_offline',
  33  'buddylist_buddy_online',
  34  'memcp_favs',
  35  'memcp_favs_button',
  36  'memcp_favs_none',
  37  'memcp_favs_row',
  38  'memcp_home',
  39  'memcp_home_favs_none',
  40  'memcp_home_favs_row',
  41  'memcp_home_u2u_none',
  42  'memcp_home_u2u_row',
  43  'memcp_profile',
  44  'memcp_profile_avatarlist',
  45  'memcp_profile_avatarurl',
  46  'memcp_subscriptions',
  47  'memcp_subscriptions_button',
  48  'memcp_subscriptions_multipage',
  49  'memcp_subscriptions_none',
  50  'memcp_subscriptions_row'
  51  );
  52  
  53  smcwcache();
  54  
  55  eval('$css = "'.template('css').'";');
  56  
  57  $buddys = array();
  58  $favs = '';
  59  $footer = '';
  60  $header = '';
  61  $mempage = '';
  62  
  63  $action = postedVar('action', '', FALSE, FALSE, FALSE, 'g');
  64  switch($action) {
  65      case 'profile':
  66          nav('<a href="memcp.php">'.$lang['textusercp'].'</a>');
  67          nav($lang['texteditpro']);
  68          break;
  69      case 'subscriptions':
  70          nav('<a href="memcp.php">'.$lang['textusercp'].'</a>');
  71          nav($lang['textsubscriptions']);
  72          break;
  73      case 'favorites':
  74          nav('<a href="memcp.php">'.$lang['textusercp'].'</a>');
  75          nav($lang['textfavorites']);
  76          break;
  77      default:
  78          nav($lang['textusercp']);
  79          break;
  80  }
  81  
  82  function makenav($current) {
  83      global $THEME, $bordercolor, $tablewidth, $altbg1, $altbg2, $lang;
  84  
  85      $output =
  86        '<table cellpadding="0" cellspacing="0" border="0" bgcolor="'.$bordercolor.'" width="'.$tablewidth.'" align="center"><tr><td>
  87        <table cellpadding="4" cellspacing="'.$THEME['borderwidth'].'" border="0" width="100%">
  88        <tr align="center" class="tablerow">';
  89  
  90      if ($current == '') {
  91          $output .= "<td bgcolor=\"$altbg1\" width=\"15%\" class=\"ctrtablerow\">" .$lang['textmyhome']. "</td>";
  92      } else {
  93          $output .= "<td bgcolor=\"$altbg2\" width=\"15%\" class=\"ctrtablerow\"><a href=\"memcp.php\">" .$lang['textmyhome']. "</a></td>";
  94      }
  95  
  96      if ($current == 'profile') {
  97          $output .= "<td bgcolor=\"$altbg1\" width=\"15%\" class=\"ctrtablerow\">" .$lang['texteditpro']. "</td>";
  98      } else {
  99          $output .= "<td bgcolor=\"$altbg2\" width=\"15%\" class=\"ctrtablerow\"><a href=\"memcp.php?action=profile\">" .$lang['texteditpro']. "</a></td>";
 100      }
 101  
 102      if ($current == 'subscriptions') {
 103          $output .= "<td bgcolor=\"$altbg1\" width=\"15%\" class=\"ctrtablerow\">" .$lang['textsubscriptions']. "</td>";
 104      } else {
 105          $output .= "<td bgcolor=\"$altbg2\" width=\"15%\" class=\"ctrtablerow\"><a href=\"memcp.php?action=subscriptions\">" .$lang['textsubscriptions']. "</a></td>";
 106      }
 107  
 108      if ($current == 'favorites') {
 109          $output .= "<td bgcolor=\"$altbg1\" width=\"15%\" class=\"ctrtablerow\">" .$lang['textfavorites']. "</td>";
 110      } else {
 111          $output .= "<td bgcolor=\"$altbg2\" width=\"15%\" class=\"ctrtablerow\"><a href=\"memcp.php?action=favorites\">" .$lang['textfavorites']. "</a></td>";
 112      }
 113  
 114      $output .= "<td bgcolor=\"$altbg2\" width=\"20%\" class=\"ctrtablerow\"><a href=\"u2u.php\" onclick=\"Popup(this.href, 'Window', 700, 450); return false;\">" .$lang['textu2umessenger']. "</a></td>";
 115      $output .= "<td bgcolor=\"$altbg2\" width=\"15%\" class=\"ctrtablerow\"><a href=\"buddy.php\" onclick=\"Popup(this.href, 'Window', 450, 400); return false;\">" .$lang['textbuddylist']. "</a></td>";
 116      $output .= "<td bgcolor=\"$altbg2\" width=\"10%\" class=\"ctrtablerow\"><a href=\"faq.php\">" .$lang['helpbar']. "</a></td>";
 117      $output .=
 118        '</tr>
 119        </table>
 120        </td>
 121        </tr>
 122        </table>
 123        <br />';
 124  
 125      return $output;
 126  }
 127  
 128  if (X_GUEST) {
 129      redirect($full_url.'misc.php?action=login', 0);
 130      exit();
 131  }
 132  
 133  if ($action == 'profile') {
 134      eval('$header = "'.template('header').'";');
 135      $header .= makenav($action);
 136  
 137      if (noSubmit('editsubmit')) {
 138          $member = $self;
 139  
 140          $checked = '';
 141          if ($member['showemail'] == 'yes') {
 142              $checked = $cheHTML;
 143          }
 144  
 145          $newschecked = '';
 146          if ($member['newsletter'] == 'yes') {
 147              $newschecked = $cheHTML;
 148          }
 149  
 150          $uou2uchecked = '';
 151          if ($member['useoldu2u'] == 'yes') {
 152              $uou2uchecked = $cheHTML;
 153          }
 154  
 155          $ogu2uchecked = '';
 156          if ($member['saveogu2u'] == 'yes') {
 157              $ogu2uchecked = $cheHTML;
 158          }
 159  
 160          $eouchecked = '';
 161          if ($member['emailonu2u'] == 'yes') {
 162              $eouchecked = $cheHTML;
 163          }
 164  
 165          $invchecked = '';
 166          if ($member['invisible'] == 1) {
 167              $invchecked = $cheHTML;
 168          }
 169  
 170          $currdate = gmdate($timecode, $onlinetime+ ($addtime * 3600));
 171          eval($lang['evaloffset']);
 172  
 173          $timezone1 = $timezone2 = $timezone3 = $timezone4 = $timezone5 = $timezone6 = '';
 174          $timezone7 = $timezone8 = $timezone9 = $timezone10 = $timezone11 = $timezone12 = '';
 175          $timezone13 = $timezone14 = $timezone15 = $timezone16 = $timezone17 = $timezone18 = '';
 176          $timezone19 = $timezone20 = $timezone21 = $timezone22 = $timezone23 = $timezone24 = '';
 177          $timezone25 = $timezone26 = $timezone27 = $timezone28 = $timezone29 = $timezone30 = '';
 178          $timezone31 = $timezone32 = $timezone33 = '';
 179          switch($member['timeoffset']) {
 180              case '-12.00':
 181                  $timezone1 = $selHTML;
 182                  break;
 183              case '-11.00':
 184                  $timezone2 = $selHTML;
 185                  break;
 186              case '-10.00':
 187                  $timezone3 = $selHTML;
 188                  break;
 189              case '-9.00':
 190                  $timezone4 = $selHTML;
 191                  break;
 192              case '-8.00':
 193                  $timezone5 = $selHTML;
 194                  break;
 195              case '-7.00':
 196                  $timezone6 = $selHTML;
 197                  break;
 198              case '-6.00':
 199                  $timezone7 = $selHTML;
 200                  break;
 201              case '-5.00':
 202                  $timezone8 = $selHTML;
 203                  break;
 204              case '-4.00':
 205                  $timezone9 = $selHTML;
 206                  break;
 207              case '-3.50':
 208                  $timezone10 = $selHTML;
 209                  break;
 210              case '-3.00':
 211                  $timezone11 = $selHTML;
 212                  break;
 213              case '-2.00':
 214                  $timezone12 = $selHTML;
 215                  break;
 216              case '-1.00':
 217                  $timezone13 = $selHTML;
 218                  break;
 219              case '1.00':
 220                  $timezone15 = $selHTML;
 221                  break;
 222              case '2.00':
 223                  $timezone16 = $selHTML;
 224                  break;
 225              case '3.00':
 226                  $timezone17 = $selHTML;
 227                  break;
 228              case '3.50':
 229                  $timezone18 = $selHTML;
 230                  break;
 231              case '4.00':
 232                  $timezone19 = $selHTML;
 233                  break;
 234              case '4.50':
 235                  $timezone20 = $selHTML;
 236                  break;
 237              case '5.00':
 238                  $timezone21 = $selHTML;
 239                  break;
 240              case '5.50':
 241                  $timezone22 = $selHTML;
 242                  break;
 243              case '5.75':
 244                  $timezone23 = $selHTML;
 245                  break;
 246              case '6.00':
 247                  $timezone24 = $selHTML;
 248                  break;
 249              case '6.50':
 250                  $timezone25 = $selHTML;
 251                  break;
 252              case '7.00':
 253                  $timezone26 = $selHTML;
 254                  break;
 255              case '8.00':
 256                  $timezone27 = $selHTML;
 257                  break;
 258              case '9.00':
 259                  $timezone28 = $selHTML;
 260                  break;
 261              case '9.50':
 262                  $timezone29 = $selHTML;
 263                  break;
 264              case '10.00':
 265                  $timezone30 = $selHTML;
 266                  break;
 267              case '11.00':
 268                  $timezone31 = $selHTML;
 269                  break;
 270              case '12.00':
 271                  $timezone32 = $selHTML;
 272                  break;
 273              case '13.00':
 274                  $timezone33 = $selHTML;
 275                  break;
 276              case '0.00':
 277              default:
 278                  $timezone14 = $selHTML;
 279                  break;
 280          }
 281  
 282          $u2uasel0 = $u2uasel1 = $u2uasel2 = '';
 283          switch($member['u2ualert']) {
 284              case 2:
 285                  $u2uasel2 = $selHTML;
 286                  break;
 287              case 1:
 288                  $u2uasel1 = $selHTML;
 289                  break;
 290              case 0:
 291              default:
 292                  $u2uasel0 = $selHTML;
 293                  break;
 294          }
 295  
 296          $themelist = array();
 297          $themelist[] = '<select name="thememem">';
 298          $themelist[] = '<option value="0">'.$lang['textusedefault'].'</option>';
 299          $query = $db->query("SELECT themeid, name FROM ".X_PREFIX."themes ORDER BY name ASC");
 300          while($themeinfo = $db->fetch_array($query)) {
 301              if ($themeinfo['themeid'] == $member['theme']) {
 302                  $themelist[] = '<option value="'.intval($themeinfo['themeid']).'" '.$selHTML.'>'.$themeinfo['name'].'</option>';
 303              } else {
 304                  $themelist[] = '<option value="'.intval($themeinfo['themeid']).'">'.$themeinfo['name'].'</option>';
 305              }
 306          }
 307          $themelist[] = '</select>';
 308          $themelist = implode("\n", $themelist);
 309          $db->free_result($query);
 310  
 311          $langfileselect = createLangFileSelect($member['langfile']);
 312  
 313          $day = intval(substr($member['bday'], 8, 2));
 314          $month = intval(substr($member['bday'], 5, 2));
 315          $year = substr($member['bday'], 0, 4);
 316  
 317          for($i = 0; $i <= 12; $i++) {
 318              $sel[$i] = '';
 319          }
 320          $sel[$month] = $selHTML;
 321  
 322          $dayselect = array();
 323          $dayselect[] = '<select name="day">';
 324          $dayselect[] = '<option value="">&nbsp;</option>';
 325          for($num = 1; $num <= 31; $num++) {
 326              if ($day == $num) {
 327                  $dayselect[] = '<option value="'.$num.'" '.$selHTML.'>'.$num.'</option>';
 328              } else {
 329                  $dayselect[] = '<option value="'.$num.'">'.$num.'</option>';
 330              }
 331          }
 332          $dayselect[] = '</select>';
 333          $dayselect = implode("\n", $dayselect);
 334  
 335          $check12 = $check24 = '';
 336          if ($member['timeformat'] == 24) {
 337              $check24 = $cheHTML;
 338          } else {
 339              $check12 = $cheHTML;
 340          }
 341  
 342          if ($SETTINGS['sigbbcode'] == 'on') {
 343              $bbcodeis = $lang['texton'];
 344          } else {
 345              $bbcodeis = $lang['textoff'];
 346          }
 347  
 348          if ($SETTINGS['sightml'] == 'on') {
 349              $htmlis = $lang['texton'];
 350          } else {
 351              $htmlis = $lang['textoff'];
 352          }
 353  
 354          $avatar = '';
 355          if ($SETTINGS['avastatus'] == 'on') {
 356              eval('$avatar = "'.template('memcp_profile_avatarurl').'";');
 357          }
 358  
 359          if ($SETTINGS['avastatus'] == 'list')  {
 360              $avatars = '<option value="" />'.$lang['textnone'].'</option>';
 361              $dir1 = opendir(ROOT.'images/avatars');
 362              while($avFile = readdir($dir1)) {
 363                  if (is_file(ROOT.'images/avatars/'.$avFile) && $avFile != '.' && $avFile != '..' && $avFile != 'index.html') {
 364                      $avatars .= '<option value="./images/avatars/'.$avFile.'" />'.$avFile.'</option>';
 365                  }
 366              }
 367              $avatars = str_replace('value="'.$member['avatar'].'"', 'value="'.$member['avatar'].'" selected="selected"', $avatars);
 368              $avatarbox = '<select name="newavatar" onchange="document.images.avatarpic.src=this[this.selectedIndex].value;">'.$avatars.'</select>';
 369              eval('$avatar = "'.template('memcp_profile_avatarlist').'";');
 370              closedir($dir1);
 371          }
 372  
 373          $member['icq'] = ($member['icq'] > 0) ? $member['icq'] : '';
 374          $member['bio'] = rawHTMLsubject($member['bio']);
 375          $member['location'] = rawHTMLsubject($member['location']);
 376          $member['mood'] = rawHTMLsubject($member['mood']);
 377          $member['sig'] = rawHTMLsubject($member['sig']);
 378          if (X_STAFF) {
 379              $template = template_secure('memcp_profile', 'edpro', $self['uid']);
 380          } else {
 381              $template = template('memcp_profile');
 382          }
 383          eval('$mempage = "'.$template.'";');
 384      }
 385  
 386      if (onSubmit('editsubmit')) {
 387          if (X_STAFF) request_secure('edpro', $self['uid'], X_NONCE_FORM_EXP);
 388          if (!empty($_POST['newpassword'])) {
 389              if (empty($_POST['oldpassword'])) {
 390                  error($lang['textpwincorrect']);
 391              }
 392              if (!elevateUser($xmbuser, md5($_POST['oldpassword']))) {
 393                  error($lang['textpwincorrect']);
 394              }
 395              if (empty($_POST['newpasswordcf'])) {
 396                  error($lang['pwnomatch']);
 397              }
 398              if ($_POST['newpassword'] != $_POST['newpasswordcf']) {
 399                  error($lang['pwnomatch']);
 400              }
 401  
 402              $newpassword = md5($_POST['newpassword']);
 403  
 404              $pwtxt = "password='$newpassword',";
 405  
 406              $query = $db->query("DELETE FROM ".X_PREFIX."whosonline WHERE username='$xmbuser'");
 407  
 408              put_cookie("xmbuser", '', 0, $cookiepath, $cookiedomain);
 409              put_cookie("xmbpw", '', 0, $cookiepath, $cookiedomain);
 410  
 411              foreach($_COOKIE as $key=>$val) {
 412                  if (preg_match('#^fidpw([0-9]+)$#', $key)) {
 413                      put_cookie($key, '', 0, $cookiepath, $cookiedomain);
 414                  }
 415              }
 416          } else {
 417              $pwtxt = '';
 418          }
 419  
 420          $langfilenew = postedVar('langfilenew');
 421          $result = $db->query("SELECT devname FROM ".X_PREFIX."lang_base WHERE devname='$langfilenew'");
 422          if ($db->num_rows($result) == 0) {
 423              $langfilenew = $SETTINGS['langfile'];
 424          }
 425  
 426          $timeoffset1 = isset($_POST['timeoffset1']) && is_numeric($_POST['timeoffset1']) ? $_POST['timeoffset1'] : 0;
 427          $thememem = formInt('thememem');
 428          $tppnew = isset($_POST['tppnew']) ? (int) $_POST['tppnew'] : $SETTINGS['topicperpage'];
 429          $pppnew = isset($_POST['pppnew']) ? (int) $_POST['pppnew'] : $SETTINGS['postperpage'];
 430  
 431          $dateformatnew = postedVar('dateformatnew', '', FALSE, TRUE);
 432          $dateformattest = attrOut($dateformatnew, 'javascript');  // NEVER allow attribute-special data in the date format because it can be unescaped using the date() parser.
 433          if (strlen($dateformatnew) == 0 Or $dateformatnew != $dateformattest) {
 434              $dateformatnew = $SETTINGS['dateformat'];
 435          }
 436          unset($dateformattest);
 437  
 438          $timeformatnew = formInt('timeformatnew');
 439          if ($timeformatnew != 12 And $timeformatnew != 24) {
 440              $timeformatnew = $SETTINGS['timeformat'];
 441          }
 442  
 443          $saveogu2u = formYesNo('saveogu2u');
 444          $emailonu2u = formYesNo('emailonu2u');
 445          $useoldu2u = formYesNo('useoldu2u');
 446          $invisible = formInt('newinv');
 447          $showemail = formYesNo('newshowemail');
 448          $newsletter = formYesNo('newnewsletter');
 449          $u2ualert = formInt('u2ualert');
 450          $year = formInt('year');
 451          $month = formInt('month');
 452          $day = formInt('day');
 453          $bday = iso8601_date($year, $month, $day);
 454          $location = postedVar('newlocation', 'javascript', TRUE, TRUE, TRUE);
 455          $icq = postedVar('newicq', '', FALSE, FALSE);
 456          $icq = ($icq && is_numeric($icq) && $icq > 0) ? $icq : 0;
 457          $yahoo = postedVar('newyahoo', 'javascript', TRUE, TRUE, TRUE);
 458          $aim = postedVar('newaim', 'javascript', TRUE, TRUE, TRUE);
 459          $msn = postedVar('newmsn', 'javascript', TRUE, TRUE, TRUE);
 460          $email = postedVar('newemail', 'javascript', TRUE, TRUE, TRUE);
 461          $site = postedVar('newsite', 'javascript', TRUE, TRUE, TRUE);
 462          $bio = postedVar('newbio', 'javascript', TRUE, TRUE, TRUE);
 463          $mood = postedVar('newmood', 'javascript', TRUE, TRUE, TRUE);
 464          $sig = postedVar('newsig', 'javascript', ($SETTINGS['sightml']=='off'), TRUE, TRUE);
 465  
 466          if ($email != $db->escape($self['email'])) {
 467              if ($SETTINGS['doublee'] == 'off' && false !== strpos($email, "@")) {
 468                  $query = $db->query("SELECT COUNT(uid) FROM ".X_PREFIX."members WHERE email = '$email' AND username != '$xmbuser'");
 469                  $count1 = $db->result($query,0);
 470                  $db->free_result($query);
 471                  if ($count1 != 0) {
 472                      error($lang['alreadyreg']);
 473                  }
 474              }
 475  
 476              $efail = false;
 477              $query = $db->query("SELECT * FROM ".X_PREFIX."restricted");
 478              while($restriction = $db->fetch_array($query)) {
 479                  $t_email = $email;
 480                  if ($restriction['case_sensitivity'] == 0) {
 481                      $t_email = strtolower($t_email);
 482                      $restriction['name'] = strtolower($restriction['name']);
 483                  }
 484  
 485                  if ($restriction['partial'] == 1) {
 486                      if (strpos($t_email, $restriction['name']) !== false) {
 487                          $efail = true;
 488                      }
 489                  } else {
 490                      if ($t_email == $restriction['name']) {
 491                          $efail = true;
 492                      }
 493                  }
 494              }
 495              $db->free_result($query);
 496  
 497              if ($efail) {
 498                  error($lang['emailrestricted']);
 499              }
 500  
 501              require  ROOT.'include/validate-email.inc.php';
 502              $test = new EmailAddressValidator();
 503              $rawemail = postedVar('newemail', '', FALSE, FALSE);
 504              if (false === $test->check_email_address($rawemail)) {
 505                  error($lang['bademail']);
 506              }
 507          }
 508  
 509          if ($SETTINGS['resetsigs'] == 'on') {
 510              if (strlen(trim($self['sig'])) == 0) {
 511                  if (strlen($sig) > 0) {
 512                      $db->query("UPDATE ".X_PREFIX."posts SET usesig='yes' WHERE author='$xmbuser'");
 513                  }
 514              } else {
 515                  if (strlen(trim($sig)) == 0) {
 516                      $db->query("UPDATE ".X_PREFIX."posts SET usesig='no' WHERE author='$xmbuser'");
 517                  }
 518              }
 519          }
 520  
 521          if ($SETTINGS['avastatus'] == 'on') {
 522              $avatar = postedVar('newavatar', 'javascript', TRUE, TRUE, TRUE);
 523              $rawavatar = postedVar('newavatar', '', FALSE, FALSE);
 524  
 525              $newavatarcheck = postedVar('newavatarcheck');
 526  
 527              $max_size = explode('x', $SETTINGS['max_avatar_size']);
 528  
 529              if (preg_match('#^(http|ftp)://[:a-z\\./_\-0-9%~]+(\?[a-z=0-9&_\-;~]*)?$#Smi', $rawavatar) == 0) {
 530                  $avatar = '';
 531              } elseif (ini_get('allow_url_fopen')) {
 532                  if ($max_size[0] > 0 And $max_size[1] > 0 And strlen($rawavatar) > 0) {
 533                      $size = @getimagesize($rawavatar);
 534                      if ($size === FALSE) {
 535                          $avatar = '';
 536                      } elseif ((($size[0] > $max_size[0] && $max_size[0] > 0) || ($size[1] > $max_size[1] && $max_size[1] > 0)) && !X_SADMIN) {
 537                          error($lang['avatar_too_big'] . $SETTINGS['max_avatar_size'] . 'px');
 538                      }
 539                  }
 540              } elseif ($newavatarcheck == "no") {
 541                  $avatar = '';
 542              }
 543              unset($rawavatar);
 544          } elseif ($SETTINGS['avastatus'] == 'list') {
 545              $rawavatar = postedVar('newavatar', '', FALSE, FALSE);
 546              $dirHandle = opendir(ROOT.'images/avatars');
 547              $filefound = FALSE;
 548              while($avFile = readdir($dirHandle)) {
 549                  if ($rawavatar == './images/avatars/'.$avFile) {
 550                      if (is_file(ROOT.'images/avatars/'.$avFile) && $avFile != '.' && $avFile != '..' && $avFile != 'index.html') {
 551                          $filefound = TRUE;
 552                      }
 553                  }
 554              }
 555              closedir($dirHandle);
 556              unset($rawavatar);
 557              if ($filefound) {
 558                  $avatar = postedVar('newavatar', 'javascript', TRUE, TRUE, TRUE);
 559              } else {
 560                  $avatar = '';
 561              }
 562          } else {
 563              $avatar = '';
 564          }
 565  
 566          $db->query("UPDATE ".X_PREFIX."members SET $pwtxt email='$email', site='$site', aim='$aim', location='$location', bio='$bio', sig='$sig', showemail='$showemail', timeoffset='$timeoffset1', icq='$icq', avatar='$avatar', yahoo='$yahoo', theme='$thememem', bday='$bday', langfile='$langfilenew', tpp='$tppnew', ppp='$pppnew', newsletter='$newsletter', timeformat='$timeformatnew', msn='$msn', dateformat='$dateformatnew', mood='$mood', invisible='$invisible', saveogu2u='$saveogu2u', emailonu2u='$emailonu2u', useoldu2u='$useoldu2u', u2ualert=$u2ualert WHERE username='$xmbuser'");
 567  
 568          message($lang['usercpeditpromsg'], TRUE, '', '', $full_url.'memcp.php', true, false, true);
 569      }
 570  } else if ($action == 'favorites') {
 571      eval('$header = "'.template('header').'";');
 572      $header .= makenav($action);
 573  
 574      $favadd = getInt('favadd');
 575      if (noSubmit('favsubmit') && $favadd) {
 576          if ($favadd == 0) {
 577              error($lang['generic_missing']);
 578          }
 579  
 580          $query = $db->query("SELECT fid FROM ".X_PREFIX."threads WHERE tid=$favadd");
 581          if ($db->num_rows($query) == 0) {
 582              error($lang['privforummsg']);
 583          }
 584          $row = $db->fetch_array($query);
 585          $forum = getForum($row['fid']);
 586          $perms = checkForumPermissions($forum);
 587          if (!($perms[X_PERMS_VIEW] && $perms[X_PERMS_PASSWORD])) {
 588              error($lang['privforummsg']);
 589          }
 590          if ($forum['type'] == 'sub') {
 591              $perms = checkForumPermissions(getForum($forum['fup']));
 592              if (!($perms[X_PERMS_VIEW] && $perms[X_PERMS_PASSWORD])) {
 593                  error($lang['privforummsg']);
 594              }
 595          }
 596  
 597          $query = $db->query("SELECT tid FROM ".X_PREFIX."favorites WHERE tid=$favadd AND username='$xmbuser' AND type='favorite'");
 598          $favthread = $db->fetch_array($query);
 599          $db->free_result($query);
 600  
 601          if ($favthread) {
 602              error($lang['favonlistmsg']);
 603          }
 604  
 605          $db->query("INSERT INTO ".X_PREFIX."favorites (tid, username, type) VALUES ($favadd, '$xmbuser', 'favorite')");
 606          message($lang['favaddedmsg'], TRUE, '', '', $full_url.'memcp.php?action=favorites', true, false, true);
 607      }
 608  
 609      if (!$favadd && noSubmit('favsubmit')) {
 610          $favnum = 0;
 611          $favs = '';
 612          $fids = permittedForums(forumCache(), 'thread', 'csv');
 613          if (strlen($fids) != 0) {
 614              $query = $db->query(
 615                  "SELECT t.tid, t.fid, t.icon, t.lastpost, t.subject, t.replies, r.uid AS lastauthor
 616                   FROM ".X_PREFIX."favorites f
 617                   INNER JOIN ".X_PREFIX."threads t USING (tid)
 618                   LEFT JOIN ".X_PREFIX."members AS r ON SUBSTRING_INDEX(SUBSTRING_INDEX(t.lastpost, '|', 2), '|', -1) = r.username
 619                   WHERE f.username='$xmbuser' AND f.type='favorite' AND t.fid IN ($fids)
 620                   ORDER BY t.lastpost DESC"
 621              );
 622              $tmOffset = ($timeoffset * 3600) + ($addtime * 3600);
 623              while($fav = $db->fetch_array($query)) {
 624                  $forum = getForum($fav['fid']);
 625                  $forum['name'] = fnameOut($forum['name']);
 626  
 627                  $lastpost = explode('|', $fav['lastpost']);
 628  
 629                  if ($lastpost[1] == 'Anonymous') {
 630                      $lastpost[1] = $lang['textanonymous'];
 631                  } elseif (!is_null($fav['lastauthor'])) {
 632                      $lastpost[1] = '<a href="member.php?action=viewpro&amp;member='.recodeOut(trim($lastpost[1])).'">'.trim($lastpost[1]).'</a>';
 633                  } // else leave value unchanged
 634  
 635                  $lastreplydate = gmdate($dateformat, $lastpost[0] + $tmOffset);
 636                  $lastreplytime = gmdate($timecode, $lastpost[0] + $tmOffset);
 637                  $lastpost = $lang['lastreply1'].' '.$lastreplydate.' '.$lang['textat'].' '.$lastreplytime.' '.$lang['textby'].' '.$lastpost[1];
 638                  $fav['subject'] = rawHTMLsubject(stripslashes($fav['subject']));
 639  
 640                  if ($fav['icon'] != '') {
 641                      $fav['icon'] = '<img src="'.$smdir.'/'.$fav['icon'].'" alt="" border="0" />';
 642                  } else {
 643                      $fav['icon'] = '';
 644                  }
 645  
 646                  $favnum++;
 647                  eval('$favs .= "'.template('memcp_favs_row').'";');
 648              }
 649              $db->free_result($query);
 650          }
 651  
 652          $favsbtn = '';
 653          if ($favnum != 0) {
 654              eval('$favsbtn = "'.template('memcp_favs_button').'";');
 655          }
 656  
 657          if ($favnum == 0) {
 658              eval('$favs = "'.template('memcp_favs_none').'";');
 659          }
 660          eval('$mempage = "'.template('memcp_favs').'";');
 661      }
 662  
 663      if (!$favadd && onSubmit('favsubmit')) {
 664          $query = $db->query("SELECT tid FROM ".X_PREFIX."favorites WHERE username='$xmbuser' AND type='favorite'");
 665          $tids = array();
 666          while($fav = $db->fetch_array($query)) {
 667              $delete = formInt('delete'.$fav['tid']);
 668              if ($delete == intval($fav['tid'])) {
 669                  $tids[] = $delete;
 670              }
 671          }
 672          $db->free_result($query);
 673          if (count($tids) > 0) {
 674              $tids = implode(', ', $tids);
 675              $db->query("DELETE FROM ".X_PREFIX."favorites WHERE username='$xmbuser' AND tid IN ($tids) AND type='favorite'");
 676          }
 677          message($lang['favsdeletedmsg'], TRUE, '', '', $full_url.'memcp.php?action=favorites', true, false, true);
 678      }
 679  } else if ($action == 'subscriptions') {
 680      $subadd = getInt('subadd');
 681      if (!$subadd && noSubmit('subsubmit')) {
 682          $num = $db->result($db->query("SELECT COUNT(*) FROM ".X_PREFIX."favorites WHERE username='$xmbuser' AND type='subscription'"), 0);
 683          $mpage = multipage($num, $tpp, 'memcp.php?action=subscriptions');
 684          $multipage =& $mpage['html'];
 685          if (strlen($mpage['html']) != 0) {
 686              eval('$multipage = "'.template('memcp_subscriptions_multipage').'";');
 687          }
 688  
 689          eval('$header = "'.template('header').'";');
 690          $header .= makenav($action);
 691  
 692          $query = $db->query(
 693              "SELECT t.tid, t.fid, t.icon, t.lastpost, t.subject, t.replies, r.uid AS lastauthor
 694               FROM ".X_PREFIX."favorites f
 695               INNER JOIN ".X_PREFIX."threads t USING (tid)
 696               LEFT JOIN ".X_PREFIX."members AS r ON SUBSTRING_INDEX(SUBSTRING_INDEX(t.lastpost, '|', 2), '|', -1) = r.username
 697               WHERE f.username='$xmbuser' AND f.type='subscription'
 698               ORDER BY t.lastpost DESC
 699               LIMIT {$mpage['start']}, $tpp"
 700          );
 701          $subnum = 0;
 702          $subscriptions = '';
 703          $tmOffset = ($timeoffset * 3600) + ($addtime * 3600);
 704          while($fav = $db->fetch_array($query)) {
 705              $forum = getForum($fav['fid']);
 706              $forum['name'] = fnameOut($forum['name']);
 707  
 708              $lastpost = explode('|', $fav['lastpost']);
 709  
 710              if ($lastpost[1] == 'Anonymous') {
 711                  $lastpost[1] = $lang['textanonymous'];
 712              } elseif (!is_null($fav['lastauthor'])) {
 713                  $lastpost[1] = '<a href="member.php?action=viewpro&amp;member='.recodeOut(trim($lastpost[1])).'">'.trim($lastpost[1]).'</a>';
 714              } // else leave value unchanged
 715  
 716              $lastreplydate = gmdate($dateformat, $lastpost[0] + $tmOffset);
 717              $lastreplytime = gmdate($timecode, $lastpost[0] + $tmOffset);
 718              $lastpost = $lang['lastreply1'].' '.$lastreplydate.' '.$lang['textat'].' '.$lastreplytime.' '.$lang['textby'].' '.$lastpost[1];
 719              $fav['subject'] = rawHTMLsubject(stripslashes($fav['subject']));
 720  
 721              if ($fav['icon'] != '') {
 722                  $fav['icon'] = '<img src="'.$smdir.'/'.$fav['icon'].'" alt="" border="0" />';
 723              } else {
 724                  $fav['icon'] = '';
 725              }
 726              $subnum++;
 727              eval('$subscriptions .= "'.template('memcp_subscriptions_row').'";');
 728          }
 729  
 730          $subsbtn = '';
 731          if ($subnum != 0) {
 732              eval('$subsbtn = "'.template('memcp_subscriptions_button').'";');
 733          }
 734  
 735          if ($subnum == 0) {
 736              eval('$subscriptions = "'.template('memcp_subscriptions_none').'";');
 737          }
 738          $db->free_result($query);
 739          eval('$mempage = "'.template('memcp_subscriptions').'";');
 740      } else if ($subadd && noSubmit('subsubmit')) {
 741          $query = $db->query("SELECT COUNT(tid) FROM ".X_PREFIX."favorites WHERE tid='$subadd' AND username='$xmbuser' AND type='subscription'");
 742          if ($db->result($query,0) == 1) {
 743              $db->free_result($query);
 744              error($lang['subonlistmsg'], TRUE);
 745          } else {
 746              $db->query("INSERT INTO ".X_PREFIX."favorites (tid, username, type) VALUES ('$subadd', '$xmbuser', 'subscription')");
 747              message($lang['subaddedmsg'], TRUE, '', '', $full_url.'memcp.php?action=subscriptions', true, false, true);
 748          }
 749      } else if (!$subadd && onSubmit('subsubmit')) {
 750          $query = $db->query("SELECT tid FROM ".X_PREFIX."favorites WHERE username='$xmbuser' AND type='subscription'");
 751          $tids = array();
 752          while($sub = $db->fetch_array($query)) {
 753              $delete = formInt('delete'.$sub['tid']);
 754              if ($delete == intval($sub['tid'])) {
 755                  $tids[] = $delete;
 756              }
 757          }
 758          $db->free_result($query);
 759          if (count($tids) > 0) {
 760              $tids = implode(', ', $tids);
 761              $db->query("DELETE FROM ".X_PREFIX."favorites WHERE username='$xmbuser' AND tid IN ($tids) AND type='subscription'");
 762          }
 763          message($lang['subsdeletedmsg'], TRUE, '', '', $full_url.'memcp.php?action=subscriptions', true, false, true);
 764      }
 765  } else {
 766      eval('$header = "'.template('header').'";');
 767      eval($lang['evalusercpwelcome']);
 768      $header .= makenav($action);
 769  
 770      $q = $db->query("SELECT b.buddyname, m.invisible, m.username, m.lastvisit FROM ".X_PREFIX."buddys b LEFT JOIN ".X_PREFIX."members m ON (b.buddyname=m.username) WHERE b.username='$xmbuser'");
 771      $buddys = array();
 772      $buddys['offline'] = '';
 773      $buddys['online'] = '';
 774      while($buddy = $db->fetch_array($q)) {
 775          $recodename = recodeOut($buddy['buddyname']);
 776          if ($onlinetime - (int)$buddy['lastvisit'] <= X_ONLINE_TIMER) {
 777              if ($buddy['invisible'] == 1) {
 778                  if (!X_ADMIN) {
 779                      eval('$buddys["offline"] .= "'.template('buddylist_buddy_offline').'";');
 780                      continue;
 781                  } else {
 782                      $buddystatus = $lang['hidden'];
 783                  }
 784              } else {
 785                  $buddystatus = $lang['textonline'];
 786              }
 787              eval('$buddys["online"] .= "'.template('buddylist_buddy_online').'";');
 788          } else {
 789              eval('$buddys["offline"] .= "'.template('buddylist_buddy_offline').'";');
 790          }
 791      }
 792      $db->free_result($q);
 793  
 794      $query = $db->query("SELECT * FROM ".X_PREFIX."members WHERE username='$xmbuser'");
 795      $member = $db->fetch_array($query);
 796      $db->free_result($query);
 797  
 798      if ($member['avatar'] == '') {
 799          $member['avatar'] = '';
 800      } else {
 801          $member['avatar'] = '<img src="'.$member['avatar'].'" border="0" alt="'.$lang['altavatar'].'" />';
 802      }
 803  
 804      if ($member['mood'] != '') {
 805          $member['mood'] = postify($member['mood'], 'no', 'no', 'yes', 'no', 'yes', 'no', true, 'yes');
 806      } else {
 807          $member['mood'] = '';
 808      }
 809  
 810      $u2uquery = $db->query("SELECT * FROM ".X_PREFIX."u2u WHERE owner='$xmbuser' AND folder='Inbox' ORDER BY dateline DESC LIMIT 0, 5");
 811      $u2unum = $db->num_rows($u2uquery);
 812      $messages = '';
 813      $tmOffset = ($timeoffset * 3600) + ($addtime * 3600);
 814      while($message = $db->fetch_array($u2uquery)) {
 815          $postdate = gmdate($dateformat, $message['dateline'] + $tmOffset);
 816          $posttime = gmdate($timecode, $message['dateline'] + $tmOffset);
 817          $senton = $postdate.' '.$lang['textat'].' '.$posttime;
 818  
 819          $message['subject'] = rawHTMLsubject(stripslashes($message['subject']));
 820          if ($message['subject'] == '') {
 821              $message['subject'] = '&laquo;'.$lang['textnosub'].'&raquo;';
 822          }
 823  
 824          if ($message['readstatus'] == 'yes') {
 825              $read = $lang['textread'];
 826          } else {
 827              $read = $lang['textunread'];
 828          }
 829          eval('$messages .= "'.template('memcp_home_u2u_row').'";');
 830      }
 831  
 832      if ($u2unum == 0) {
 833          eval('$messages = "'.template('memcp_home_u2u_none').'";');
 834      }
 835      $db->free_result($u2uquery);
 836  
 837      $favnum = 0;
 838      $favs = '';
 839      $fids = permittedForums(forumCache(), 'thread', 'csv');
 840      if (strlen($fids) != 0) {
 841          $query2 = $db->query(
 842              "SELECT t.tid, t.fid, t.lastpost, t.subject, t.icon, t.replies, r.uid AS lastauthor
 843               FROM ".X_PREFIX."favorites f
 844               INNER JOIN ".X_PREFIX."threads t USING (tid)
 845               LEFT JOIN ".X_PREFIX."members AS r ON SUBSTRING_INDEX(SUBSTRING_INDEX(t.lastpost, '|', 2), '|', -1) = r.username
 846               WHERE f.username='$xmbuser' AND f.type='favorite' AND t.fid IN ($fids)
 847               ORDER BY t.lastpost DESC
 848               LIMIT 5"
 849          );
 850          $favnum = $db->num_rows($query2);
 851          $tmOffset = ($timeoffset * 3600) + ($addtime * 3600);
 852          while($fav = $db->fetch_array($query2)) {
 853              $forum = getForum($fav['fid']);
 854              $forum['name'] = fnameOut($forum['name']);
 855  
 856              $lastpost = explode('|', $fav['lastpost']);
 857  
 858              if ($lastpost[1] == 'Anonymous') {
 859                  $lastpost[1] = $lang['textanonymous'];
 860              } elseif (!is_null($fav['lastauthor'])) {
 861                  $lastpost[1] = '<a href="member.php?action=viewpro&amp;member='.recodeOut(trim($lastpost[1])).'">'.trim($lastpost[1]).'</a>';
 862              } // else leave value unchanged
 863  
 864              $lastreplydate = gmdate($dateformat, $lastpost[0] + $tmOffset);
 865              $lastreplytime = gmdate($timecode, $lastpost[0] + $tmOffset);
 866              $lastpost = $lang['lastreply1'].' '.$lastreplydate.' '.$lang['textat'].' '.$lastreplytime.' '.$lang['textby'].' '.$lastpost[1];
 867              $fav['subject'] = rawHTMLsubject(stripslashes($fav['subject']));
 868  
 869              if ($fav['icon'] != '') {
 870                  $fav['icon'] = '<img src="'.$smdir.'/'.$fav['icon'].'" alt="" border="0" />';
 871              } else {
 872                  $fav['icon'] = '';
 873              }
 874              eval('$favs .= "'.template('memcp_home_favs_row').'";');
 875          }
 876          $db->free_result($query2);
 877      }
 878  
 879      if ($favnum == 0) {
 880          eval('$favs = "'.template('memcp_home_favs_none').'";');
 881      }
 882      eval('$mempage = "'.template('memcp_home').'";');
 883  }
 884  
 885  end_time();
 886  eval('$footer = "'.template('footer').'";');
 887  echo $header, $mempage, $footer;
 888  ?>

title

Description

title

Description

title

Description

title

title

Body