Location: PHPKode > projects > AnoBBS 3DES encrypted forum and communication repository > anobbs-3des-encrypted-forum-and-communication-repository/progs/bbs_auth.php
<?PHP
##############################################################################################
## Auth core for AnoBBS # v. 1.0 mlk #  Coded by Knut Møgster 2008 | http://www.redesign.no ##
##############################################################################################

## Include the authentication function ##
require("$prog_dir/xAuth.php");
/* Get some vars needed for comparison
$cpc = the CRC check, encrypted with the CP key (forum key) | hex
$dhash = the main comparison hash. It changes every time the page loads | md5
$e = the previous $trigger, used in the calculation of the hash above | md5
Tip: To navigate this script, search for -->
*/
$cpc = isHex($_GET['cpc']);
$dhash = is_md5($_GET['dh']);
$exec = $_GET['e'];
if($exec != "srq") {
	$execute = is_md5($exec);
	} else {
	$execute = "srq";
}

## Declare empty values ##
$retHash = "";
$uLevel = "";
$trigger = "";
$runcontrol = "";
$retcontxt = "";
$retcontfillarr = "";

## Run the auth function, it returns a six piece array ##
$retcontfillarr = xauth($xuser, $dhash, $dcodesearch, $ss, $execute, $cpc, $retcontx);
## The return hash for comparison ##
$retHash = $retcontfillarr[0];
## The users userlevel ##
$uLevel = $retcontfillarr[1];
## The microsession trigger ##
$trigger = $retcontfillarr[2];
## The value $ss is now filled into the value $seedz
$seedz = $retcontfillarr[3];
## The run control, controls which type of action we are allowed to take: login or runtime
$runcontrol = $retcontfillarr[4];
## The return of the treated xml ##
$retcontxt = $retcontfillarr[5];
## We prepare an error string for errors ##
if(file_exists($prog_dir."/err.xml")) {
	$reterrstring = file_get_contents($prog_dir."/err.xml");
	} else {
  exit;
}

## Start checking auth, do we have the seed? ##
if($seedz != "") {
	## If seed is present do comparison ##
	if($retHash != "" && $retHash == md5(md5($xuser) . $seedz  . $trigger)) {
	  ## The login-parse switch run control
		switch($runcontrol) {
			## Treatment on login
			case "login":
				updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontxt);
				$retcontxt = filterXML($retcontxt);
				$retcontxt =  put_xmlfield("acforumtstamp", $retcontxt, time());
				$retcontxt =  put_xmlfield("aexec", $retcontxt, $trigger);
				header("Content-type: application/xml");
				echo $retcontxt;
			break;
			
			## Treatment for inlogged ##
			case "runtime":
				
				## The main switch for action ##
				switch($c) {
					
					## Auth action ##
					## --> Log out (login is done before we get here, in anobbs.php) ##
					case "lgt":
					$retcontxt = xlogOut($xuser, $seedz, $retcontxt);
					updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontxt);
					$retcontxt = filterXML($retcontxt);
					$retcontxt =  put_xmlfield("autherr", $retcontxt, $bbslang[17]);
					$retcontxt =  put_xmlfield("acforumtstamp", $retcontxt, time());
					header("Content-type: application/xml");
					echo $retcontxt;
					break;
					
					## Admin actions ##
					## --> Delete BBS ##
					case "dbs":
					if($uLevel == "admin") {
						delBBS($dcodesearch);
						$retcontxc = str_replace("^ERR^", $bbslang[18], $reterrstring);
						} else {
						$retcontxc = str_replace("^ERR^", $bbslang[11], $reterrstring);
					}
					header("Content-type: application/xml");
					echo $retcontxc;
					break;
					
					## --> Save BBS ##
					case "sbbs":
					if($uLevel == "admin") {
						$retcontxta = filterXML($retcontxt);
						$retcontxta =  put_xmlfield("acforumtstamp", $retcontxta, time());
						$fErr = 0;
						if(!file_exists($root_dir."/js/tripleDes.js")) {
							$fErr = 1;
						}
						if(!file_exists($root_dir."/js/md5.js")) {
							$fErr = 1;
						}
						if(!file_exists($root_dir."/js/anochat_system.js")) {
							$fErr = 1;
						}
						if(!file_exists($root_dir."/js/anobbs_vars.js")) {
							$fErr = 1;
						}
						if(!file_exists($root_dir."/js/anobbs_save.js")) {
							$fErr = 1;
						}
						if($fErr == 0) {
							$varbbsxmlstr = str_replace("\n", "\\\n", $retcontxta);
							$savetime = date("Y-m-d", time());
							$varptitle = "AnoBBS node: ".$dcodesearch." Full BBS saved: ".$savetime;
							$retjxbbsvar = "var bbsxmlstring = '".$varbbsxmlstr."';";
							$retjsx1 = "\n".file_get_contents($root_dir."/js/tripleDes.js")."\n";
							$retjsx2 = "\n".file_get_contents($root_dir."/js/md5.js")."\n";
							$retjsx3 = "\n".file_get_contents($root_dir."/js/anochat_system.js")."\n";
							$retjsx4 = "\n".file_get_contents($root_dir."/js/anobbs_vars.js")."\n";
							$retjsx5 = "\n".file_get_contents($root_dir."/js/anobbs_save.js")."\n";
							$retcssx = "\n".file_get_contents($root_dir."/anobbs_print.css")."\n";
							$retjxbbsvar .= "\nvar tcxml = new Array();\n";
							$strNodes = saveTopics($dcodesearch);
							$retjxbbsvar .= $strNodes;
							$bodyvar = "writefAuthscreen();";
							$headscripts = $retjsx1.$retjsx2.$retjsx3.$retjsx4.$retjsx5.$retjxbbsvar;
							$rethtmltpl = file_get_contents($prog_dir."/save.html");
							$rethtmltpl = str_replace("^PTITLE^", $varptitle, $rethtmltpl);
							$rethtmltpl = str_replace("^PSCRIPTS^", $headscripts, $rethtmltpl);
							$rethtmltpl = str_replace("^PSTYLES^", $retcssx, $rethtmltpl);
							$rethtmltpl = str_replace("^PAGEBODY^", $bodyvar, $rethtmltpl);
							$retcontxc = $rethtmltpl;
							header("Content-type: text/html");
							header("Content-disposition: inline; filename=\"".$savetime."-ABBS-".$dcodesearch.".html\"");
							} else {
							$retcontxc = str_replace("^ERR^", $bbslang[13], $reterrstring);
							header("Content-type: application/xml");
						}
						} else {
						$retcontxc = str_replace("^ERR^", $bbslang[10], $reterrstring);
						header("Content-type: application/xml");
					}
					echo $retcontxc;
					break;
					
					## --> Save topic/thread ##
					case "ttt":
					$xtid = strip_tags($_GET['ft']);
					$gtxstrng = $xtid."_".strip_tags($dcodesearch).".xml";
					if(file_exists($bbsfiledir."/".$dcodesearch."/".$gtxstrng)) {
						if(file_exists($root_dir."/js/tripleDes.js")) {
							if(file_exists($root_dir."/js/md5.js")) {
								if(file_exists($prog_dir."/save.html")) {
									$retjsx1 = "\n".file_get_contents($root_dir."/js/tripleDes.js")."\n";
									$retjsx2 = "\n".file_get_contents($root_dir."/js/md5.js")."\n";
									$retjsx3 = "\n".file_get_contents($root_dir."/js/anochat_system.js")."\n";
									$retjsx4 = "\n".file_get_contents($root_dir."/js/anobbs_vars.js")."\n";
									$retjsx5 = "\n".file_get_contents($root_dir."/js/anobbs_save.js")."\n";
									$retcssx = "\n".file_get_contents($root_dir."/anobbs_print.css")."\n";
									$varxmlstr = file_get_contents($bbsfiledir."/".$dcodesearch."/".$gtxstrng);
									$varxmlstr = str_replace("\n", "\\\n", $varxmlstr);
									$savetime = date("Y-m-d", time());
									$varptitle = "AnoBBS node: ".$dcodesearch." Topic: ".$xtid." Saved: ".$savetime;
									$retjxvar = "var cxmlstring = '".$varxmlstr."';";
									$bodyvar = "writeAuthscreen();";
									$headscripts = $retjsx1.$retjsx2.$retjsx3.$retjsx4.$retjsx5.$retjxvar;
									$rethtmltpl = file_get_contents($prog_dir."/save.html");
									$rethtmltpl = str_replace("^PTITLE^", $varptitle, $rethtmltpl);
									$rethtmltpl = str_replace("^PSCRIPTS^", $headscripts, $rethtmltpl);
									$rethtmltpl = str_replace("^PSTYLES^", $retcssx, $rethtmltpl);
									$rethtmltpl = str_replace("^PAGEBODY^", $bodyvar, $rethtmltpl);
									$retcontxc = $rethtmltpl;
									header("Content-type: text/html");
									header("Content-disposition: inline; filename=\"".$savetime."-ABBST-".$dcodesearch."-".$xtid.".html\"");
									} else {
									$retcontxc = str_replace("^ERR^", $bbslang[14], $reterrstring);
									header("Content-type: application/xml");
								}
								} else {
								$retcontxc = str_replace("^ERR^", $bbslang[13], $reterrstring);
								header("Content-type: application/xml");
							}
							} else {
							$retcontxc = str_replace("^ERR^", $bbslang[13], $reterrstring);
							header("Content-type: application/xml");
						}
						} else {
						$retcontxc = str_replace("^ERR^", $bbslang[10], $reterrstring);
						header("Content-type: application/xml");
					}
					updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontxt);
					echo $retcontxc;
					break;
					
					## --> Delete user ##
					case "udl":
					if($uLevel == "admin") {
						## User name
						//$fxudel = xisNum($_GET['xd']);
						$fxudel = isHex($_GET['xd']);
						$retcontxt = delUser($fxudel, $retcontxt);
						updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontxt);
						$retcontxt = filterXML($retcontxt);
						$retcontxt =  put_xmlfield("acforumtstamp", $retcontxt, time());
						$retcontxt =  put_xmlfield("aexec", $retcontxt, $trigger);
						} else {
						$retcontxt = str_replace("^ERR^", $bbslang[10], $reterrstring);
					}
					header("Content-type: application/xml");
					echo $retcontxt;
					break;
					
					## --> Update modlist ##
					case "uml":
					if($uLevel == "admin") {
						$cxnuame = isHex($_GET['xu']);
						$cxulevel = strip_tags($_GET['xl']);
						if($cxnuame != "" && $cxulevel != "") {
							$retcontxt = updUserlevel($cxnuame, $cxulevel, $retcontxt);
						}
						updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontxt);
						$retcontxt = filterXML($retcontxt);
						$retcontxt =  put_xmlfield("acforumtstamp", $retcontxt, time());
						$retcontxt =  put_xmlfield("aexec", $retcontxt, $trigger);
						} else {
						$retcontxt = str_replace("^ERR^", $bbslang[10], $reterrstring);
					}
					header("Content-type: application/xml");
					echo $retcontxt;
					break;
					
					## --> Return modlist ##
					case "rml":
					if($uLevel == "admin") {
						updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontxt);
						$retcontxt = filterXML($retcontxt);
						$retcontxt =  put_xmlfield("acforumtstamp", $retcontxt, time());
						$retcontxt =  put_xmlfield("aexec", $retcontxt, $trigger);
						} else {
						$retcontxt = str_replace("^ERR^", $bbslang[10], $reterrstring);
					}
					header("Content-type: application/xml");
					echo $retcontxt;
					break;
					
					## --> Forum update ##
					case "fu":
					if($uLevel == "admin") {
						$fxname = strip_tags($_POST['xfn']);
						$fxdesc = strip_tags($_POST['xfd']);
						$fxgname = strip_tags($_POST['xgn']);
						$fxgdesc = strip_tags($_POST['xgd']);
						$retcontxt =  put_xmlfield("acforumname", $retcontxt, $fxname);
						if($fxdesc != "none") {
							$retcontxt =  put_xmlfield("acforumdescription", $retcontxt, $fxdesc);
							} else {
							$retcontxt =  put_xmlfield("acforumdescription", $retcontxt, "^ACFORUMDESC^");
						}
						if($fxgname != "none") {
							$retcontxt =  put_xmlfield("acforumgroupname", $retcontxt, $fxgname);
							} else {
							$retcontxt =  put_xmlfield("acforumgroupname", $retcontxt, "^ACFORUMGROUPNAME^");
						}
						if($fxgdesc != "none") {
							$retcontxt =  put_xmlfield("acforumgroupdescription", $retcontxt, $fxgdesc);
							} else {
							$retcontxt =  put_xmlfield("acforumgroupdescription", $retcontxt, "^ACFORUMGROUPDESC^");
						}
						$retcontxt = updUser($xuser, $retcontxt, "");
						updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontxt);
						$retcontxt = filterXML($retcontxt);
						$retcontxt =  put_xmlfield("acforumtstamp", $retcontxt, time());
						$retcontxt =  put_xmlfield("aexec", $retcontxt, $trigger);
						} else {
						$retcontxt = str_replace("^ERR^", $bbslang[11], $reterrstring);
					}
					header("Content-type: application/xml");
					echo $retcontxt;
					break;
					
					## Moderator action ##
					## --> Sticky thread ##
					case "tst":
					if($uLevel == "admin" || $uLevel == "moderator") {
						## Topic id
						$fxtpc = xisNum($_GET['xtpc']);
						$gtxstrng = $fxtpc."_".strip_tags($dcodesearch).".xml";
						if(file_exists($bbsfiledir."/".$dcodesearch."/".$gtxstrng)) {
							$retcontpix = file_get_contents($bbsfiledir."/".$dcodesearch."/".$gtxstrng);
							if(trim(ret_xmlfield("actopicsticky", $retcontpix)) == "y") {
								$zstatus = "n";
								} else {
								$zstatus = "y";
							}
							$retcontpix =  put_xmlfield("actopicsticky", $retcontpix, $zstatus);
							updateBBS($bbsfiledir."/".$dcodesearch."/".$gtxstrng, $retcontpix);
							$retcontxt = updTopicsticky($fxtpc, $zstatus, $retcontxt);
						}
						updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontxt);
						$retcontxt = filterXML($retcontxt);
						## Return merge of files for ajax return
						$retcontpix = retFUlist($retcontxt, $retcontpix);
						$retcontpix =  put_xmlfield("acforumtstamp", $retcontpix, time());
						$retcontpix =  put_xmlfield("aexec", $retcontpix, $trigger);
						} else {
						$retcontpix = str_replace("^ERR^", $bbslang[10], $reterrstring);
					}
					header("Content-type: application/xml");
					echo $retcontpix;
					break;
					
					## --> Lock thread ##
					case "tlc":
					if($uLevel == "admin" || $uLevel == "moderator") {
						## Topic id
						$fxtpc = xisNum($_GET['xtpc']);
						$gtxstrng = $fxtpc."_".strip_tags($dcodesearch).".xml";
						if(file_exists($bbsfiledir."/".$dcodesearch."/".$gtxstrng)) {
							$retcontpix = file_get_contents($bbsfiledir."/".$dcodesearch."/".$gtxstrng);
							if(trim(ret_xmlfield("actopicstatus", $retcontpix)) == "open") {
								$zstatus = "locked";
								} else {
								$zstatus = "open";
							}
							$retcontpix =  put_xmlfield("actopicstatus", $retcontpix, $zstatus);
							updateBBS($bbsfiledir."/".$dcodesearch."/".$gtxstrng, $retcontpix);
							$retcontxt = updTopicstatus($fxtpc, $zstatus, $retcontxt);
						}
						updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontxt);
						$retcontxt = filterXML($retcontxt);
						## Return merge of files for ajax return
						$retcontpix = retFUlist($retcontxt, $retcontpix);
						$retcontpix =  put_xmlfield("acforumtstamp", $retcontpix, time());
						$retcontpix =  put_xmlfield("aexec", $retcontpix, $trigger);
						} else {
						$retcontpix = str_replace("^ERR^", $bbslang[10], $reterrstring);
					}
					header("Content-type: application/xml");
					echo $retcontpix;
					break;
					
					## --> Delete thread ##
					case "tld":
					if($uLevel == "admin" || $uLevel == "moderator") {
						## Topic id
						$fxtpc = xisNum($_GET['xtpc']);
						$gtxstrng = $fxtpc."_".strip_tags($dcodesearch).".xml";
						if(file_exists($bbsfiledir."/".$dcodesearch."/".$gtxstrng)) {
							@unlink($bbsfiledir."/".$dcodesearch."/".$gtxstrng);
							$retcontxt = delTopic($fxtpc, $retcontxt);
						}
						updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontxt);
						$retcontxt = filterXML($retcontxt);
						$retcontxt =  put_xmlfield("acforumtstamp", $retcontxt, time());
						$retcontxt =  put_xmlfield("aexec", $retcontxt, $trigger);
						} else {
						$retcontxt = str_replace("^ERR^", $bbslang[10], $reterrstring);
					}
					header("Content-type: application/xml");
					echo $retcontxt;
					break;
					
					## --> Delete thread post ##
					case "tpd":
					if($uLevel == "admin" || $uLevel == "moderator") {
						## Topic id
						$fxtpc = xisNum($_GET['xtpc']);
						## Post ID
						$fxtpp = xisNum($_GET['xtpp']);
						if($fxtpc != "" && $fxtpp != "") {
							$gtxstrng = $fxtpc."_".strip_tags($dcodesearch).".xml";
							if(file_exists($bbsfiledir."/".$dcodesearch."/".$gtxstrng)) {
								$retcontpix = file_get_contents($bbsfiledir."/".$dcodesearch."/".$gtxstrng);
								$retcontpix = delTopicpost($fxtpc, $fxtpp, $retcontpix);
								$retcontxt = updForumonreply($xuser, $fxtpc, $retcontxt, "neg");
								updateBBS($bbsfiledir."/".$dcodesearch."/".$gtxstrng, $retcontpix);
							}
							updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontxt);
							$retcontxt = filterXML($retcontxt);
							## Return merge of files for ajax return
							$retcontpix = retFUlist($retcontxt, $retcontpix);
							$retcontpix =  put_xmlfield("acforumtstamp", $retcontpix, time());
							$retcontpix =  put_xmlfield("aexec", $retcontpix, $trigger);
							} else {
							$retcontpix = str_replace("^ERR^", $bbslang[10], $reterrstring);
						}
						} else {
						$retcontpix = str_replace("^ERR^", $bbslang[15], $reterrstring);
					}
					header("Content-type: application/xml");
					echo $retcontpix;
					break;
					
					## Ordinary action, posts, replies, read ##
					## --> Update post after edit ##
					case "tpu":
					## Topic id
					$fxtpc = xisNum($_GET['xtpc']);
					## Post ID
					$fxtpp = xisNum($_GET['xtpp']);
					## Allowed time difference
					$fxtpchk = strip_tags($_GET['xtpk']);
					## Parse - edit post or topic?
					$fxtpact = strip_tags($_GET['xtpa']);
					## Subject
					$fxsubject = isHex($_POST['xts']);
					## Message
					$fxmsg = isHex($_POST['xtm']);
					$gtxstrng = $fxtpc."_".strip_tags($dcodesearch).".xml";
					if(file_exists($bbsfiledir."/".$dcodesearch."/".$gtxstrng)) {
						$retcontpix = file_get_contents($bbsfiledir."/".$dcodesearch."/".$gtxstrng);
						if(trim(ret_xmlfield("actopicstatus", $retcontpix)) == "open") {
							if($fxtpact == "t") {
								$chkSt = chkTopicstamp($fxtpp, $fxtpchk, "t", $uLevel, $retcontpix);
								} else {
								$chkSt = chkTopicstamp($fxtpp, $fxtpchk, "p", $uLevel, $retcontpix);
							}
							if($uLevel == "user" && $chkSt < 1) {
								$retcontpix = str_replace("^ERR^", $bbslang[16], $reterrstring);
								} else {
								if($fxtpact == "t") {
									if($fxmsg == "none") {
										$trgstr = "\n\t\t\t<actopicmessages>none</actopicmessages>\n\t\t";
										} else {
										$trga = chunk_split($fxmsg, 2000, ",");
										$trgb = explode(",", $trga);
										$trgstr = "\n";
										for($y=0;$y<sizeof($trgb);$y++) {
											if(trim($trgb[$y]) != "") {
												$trgstr .= "\t\t\t<actopicmessages>".$trgb[$y]."</actopicmessages>\n";
											}
										}
										$trgstr .= "\t\t";
									}
									$retcontpix =  put_xmlfield("actopictitle", $retcontpix, $fxsubject);
									$retcontxt = updForumTopic($fxsubject, $fxtpc, $retcontxt);
									$retcontpix =  put_xmlfield("actopicmessage", $retcontpix, $trgstr);
									} else {
									if($fxmsg == "none") {
										$trgstr = "\n\t\t\t<actopicreplytexts>none</actopicreplytexts>\n\t\t\t";
										} else {
										$trga = chunk_split($fxmsg, 2000, ",");
										$trgb = explode(",", $trga);
										$trgstr = "\n";
										for($y=0;$y<sizeof($trgb);$y++) {
											if(trim($trgb[$y]) != "") {
												$trgstr .= "\t\t\t\t<actopicreplytexts>".$trgb[$y]."</actopicreplytexts>\n";
											}
										}
										$trgstr .= "\t\t\t";
									}
									$retcontpix = doEdReply($fxtpp, $fxsubject, $trgstr, $retcontpix);
								}
								updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontxt);
								updateBBS($bbsfiledir."/".$dcodesearch."/".$gtxstrng, $retcontpix);
								$retcontxt = filterXML($retcontxt);
								## Return merge of files for ajax return
								$retcontpix = retFUlist($retcontxt, $retcontpix);
								$retcontpix =  put_xmlfield("acforumtstamp", $retcontpix, time());
								$retcontpix =  put_xmlfield("aexec", $retcontpix, $trigger);
							}
							} else {
							$retcontpix = str_replace("^ERR^", $bbslang[12], $reterrstring);
						}
						} else {
						$retcontpix = str_replace("^ERR^", $bbslang[10], $reterrstring);
					}
					header("Content-type: application/xml");
					echo $retcontpix;
					break;
					
					## --> Edit post ##
					case "tpe":
					## Topic id
					$fxtpc = xisNum($_GET['xtpc']);
					## Post ID
					$fxtpp = xisNum($_GET['xtpp']);
					## Allowed time difference
					$fxtpchk = strip_tags($_GET['xtpk']);
					## Parse - edit post or topic?
					$fxtpact = strip_tags($_GET['xtpa']);
					if($fxtpc != "" && $fxtpp != "") {
						$chkSt = 0;
						$gtxstrng = $fxtpc."_".strip_tags($dcodesearch).".xml";
						if(file_exists($bbsfiledir."/".$dcodesearch."/".$gtxstrng)) {
							$retcontpix = file_get_contents($bbsfiledir."/".$dcodesearch."/".$gtxstrng);
							if($fxtpact == "t") {
								$chkSt = chkTopicstamp($fxtpp, $fxtpchk, "t", $uLevel, $retcontpix);
								} else {
								$chkSt = chkTopicstamp($fxtpp, $fxtpchk, "p", $uLevel, $retcontpix);
							}
							updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontxt);
							if($uLevel == "user" && $chkSt < 1) {
								$retcontpix = str_replace("^ERR^", $bbslang[16], $reterrstring);
								} else {
								$retcontxt = filterXML($retcontxt);
								$retcontpix = $chkSt[1];
								## Return merge of files for ajax return
								$retcontpix = retFUlist($retcontxt, $retcontpix);
								$retcontpix =  put_xmlfield("acforumtstamp", $retcontpix, time());
								$retcontpix =  put_xmlfield("aexec", $retcontpix, $trigger);
							}
							} else {
							$retcontpix = str_replace("^ERR^", $bbslang[10], $reterrstring);
						}
						} else {
						$retcontpix = str_replace("^ERR^", $bbslang[15], $reterrstring);
					}
					header("Content-type: application/xml");
					echo $retcontpix;
					break;
					
					## --> Post topic reply ##
					case "ptr":
					$fxsubject = isHex($_POST['xts']);
					$fxmsg = isHex($_POST['xtm']);
					## Topic id
					$fxtpc = xisNum($_GET['xtpc']);
					## Reply id
					$fxtpcr = xisNum($_GET['xtr']);
					$gtxstrng = $fxtpc."_".strip_tags($dcodesearch).".xml";
					if(file_exists($bbsfiledir."/".$dcodesearch."/".$gtxstrng)) {
						$retcontpix = file_get_contents($bbsfiledir."/".$dcodesearch."/".$gtxstrng);
						if(trim(ret_xmlfield("actopicstatus", $retcontpix)) == "open") {
							$rplyid = trim(ret_xmlfield("actopicreplies", $retcontpix));
							$rplyid = $rplyid+1;
							$retcontpix =  put_xmlfield("actopicreplies", $retcontpix, $rplyid);
							$retcontpix =  put_xmlfield("actopiclastpost", $retcontpix, time());
							$retcontpix =  put_xmlfield("actopiclastpostauthor", $retcontpix, $xuser);
							$retcontxt = updForumonreply($xuser, $fxtpc, $retcontxt, "pos");
							if($fxmsg == "none") {
								$trgstr = "\n\t\t\t<actopicreplytexts>none</actopicreplytexts>\n\t\t\t";
								} else {
								$trga = chunk_split($fxmsg, 2000, ",");
								$trgb = explode(",", $trga);
								$trgstr = "\n";
								for($y=0;$y<sizeof($trgb);$y++) {
									if(trim($trgb[$y]) != "") {
										$trgstr .= "\t\t\t\t<actopicreplytexts>".$trgb[$y]."</actopicreplytexts>\n";
									}
								}
								$trgstr .= "\t\t\t";
							}
							
							$xmssnip = retTopicreply($rplyid, $fxtpcr, $fxsubject, $trgstr, $xuser);
							$retcontpix = doReply($xmssnip, $retcontpix);
							updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontxt);
							updateBBS($bbsfiledir."/".$dcodesearch."/".$gtxstrng, $retcontpix);
							$retcontxt = filterXML($retcontxt);
							## Return merge of files for ajax return
							$retcontpix = retFUlist($retcontxt, $retcontpix);
							} else {
							$retcontpix = str_replace("^ERR^", $bbslang[12], $reterrstring);
						}
						} else {
						$retcontpix = str_replace("^ERR^", $bbslang[10], $reterrstring);
					}
					$retcontpix =  put_xmlfield("aexec", $retcontpix, $trigger);
					header("Content-type: application/xml");
					echo $retcontpix;
					break;
					
					## --> Post topic ##
					case "pt":
					$fxsubject = $_POST['xts'];
					$fxmsg = $_POST['xtm'];
					$ntopicid = trim(ret_xmlfield("acforumtopicount", $retcontxt));
					if($ntopicid == "^ACFORUMTOPICOUNT^") {
						$xtopicid = 1;
						} else {
						$xtopicid = $ntopicid+1;
					}
					$tcml = retnfTopic($xtopicid, $fxsubject, $xuser, $dcodesearch, "n");
					$retcontxt =  newTopic($retcontxt, $tcml);
					$retcontxt = updUser($xuser, $retcontxt, "new");
					if($fxmsg == "none") {
						$trgstr = "\n\t\t\t<actopicmessages>none</actopicmessages>\n\t\t";
						} else {
						$trga = chunk_split($fxmsg, 2000, ",");
						$trgb = explode(",", $trga);
						$trgstr = "\n";
						for($y=0;$y<sizeof($trgb);$y++) {
							if(trim($trgb[$y]) != "") {
								$trgstr .= "\t\t\t<actopicmessages>".$trgb[$y]."</actopicmessages>\n";
							}
						}
						$trgstr .= "\t\t";
					}
					retntTopic($xtopicid, $fxsubject, $trgstr, $xuser, $dcodesearch, "n");
					$retcontxt =  put_xmlfield("acforumtopicount", $retcontxt, $xtopicid);
					updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontxt);
					$retcontxt = filterXML($retcontxt);
					$gtxstrng = ($xtopicid)."_".strip_tags($dcodesearch).".xml";
					if(file_exists($bbsfiledir."/".$dcodesearch."/".$gtxstrng)) {
						$retcontpix = file_get_contents($bbsfiledir."/".$dcodesearch."/".$gtxstrng);
						$retcontpix = retFUlist($retcontxt, $retcontpix);
						$retcontxt = $retcontpix;
					}
					$retcontxt =  put_xmlfield("aexec", $retcontxt, $trigger);
					header("Content-type: application/xml");
					echo $retcontxt;
					break;
					
					## --> View topic ##
					case "vt":
					$xtid = strip_tags($_GET['ft']);
					$gtxstrng = $xtid."_".strip_tags($dcodesearch).".xml";
					updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontxt);
					$retcontxt = filterXML($retcontxt);
					if(file_exists($bbsfiledir."/".$dcodesearch."/".$gtxstrng)) {
						$retcontxtopic = file_get_contents($bbsfiledir."/".$dcodesearch."/".$gtxstrng);
						## Return merge of forum and topic files for ajax return
						$retcontxtopic = retFUlist($retcontxt, $retcontxtopic);
						} else {
						$retcontxtopic = str_replace("^ERR^", $bbslang[10], $reterrstring);
					}
					$retcontxtopic =  put_xmlfield("aexec", $retcontxtopic, $trigger);
					header("Content-type: application/xml");
					echo $retcontxtopic;
					
					break;
					
					## --> Show forum (vf)
					default:
					updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontxt);
					$retcontxt = filterXML($retcontxt);
					$retcontxt =  put_xmlfield("acforumtstamp", $retcontxt, time());
					$retcontxt =  put_xmlfield("aexec", $retcontxt, $trigger);
					header("Content-type: application/xml");
					echo $retcontxt;
				}
			break;
			
			default:
			$reterrstring = str_replace("^ERR^", $runcontrol, $reterrstring);
			header("Content-type: application/xml");
			echo $reterrstring;
			exit;
		}
		} else {
		$reterrstring = str_replace("^ERR^", "Hash failed! :-/", $reterrstring);
		header("Content-type: application/xml");
		echo $reterrstring;
	}
	} else {
	$reterrstring = str_replace("^ERR^", "Wrong auth, no return :-/", $reterrstring);
	header("Content-type: application/xml");
	echo $reterrstring;
}

?>
Return current item: AnoBBS 3DES encrypted forum and communication repository