<?php
session_start();
header ("Cache-control: private");
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
require_once("../includes/config.inc.php");
require_once("../includes/db.inc.php");
require_once("../language/language.".$language.".php");
if ((isset($_GET['logout'])) && ($_GET['logout'] == 'true')){
$_SESSION = array();
session_destroy();
}
$act = '';
$title = '';
$errmsg = '';
$epage = 0;
if (!empty($_POST['user']) && !empty($_POST['pw'])){
$user = htmlspecialchars($_POST['user'],ENT_QUOTES);
$pw = htmlspecialchars($_POST['pw'],ENT_QUOTES);
if ($chirpuname == $user){
if ($chirppw == $pw){
$_SESSION['GBOOK_ADMIN_LOGIN'] = "ISADMIN";
}else{
$errmsg = "Wrong username or password, please verify your entries.<br />";
}
}else{
$errmsg = "Wrong username or password, please verify your entries and try again.<br />";
}
}
if(!isset($_SESSION['GBOOK_ADMIN_LOGIN']) && (@$_SESSION['GBOOK_ADMIN_LOGIN'] != 'ISADMIN')){
$_SESSION['GBOOK_ADMIN_LOGIN'] = 'NOTADMIN';
}
switch($_SESSION['GBOOK_ADMIN_LOGIN']){
case "ISADMIN":
$title = "Chirp Admin Area";
break;
default:
$title = "Admin Login";
}
if(isset($_GET['act'])){
$act = htmlspecialchars($_GET['act'],ENT_QUOTES);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//Dtd style="padding:5px;" XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/Dtd style="padding:5px;" /xhtml1-transitional.dtd style="padding:5px;" ">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Chirp Admin Area</title>
<style type="text/css">
body {
background-color:#444444;
font-family:Georgia, "Times New Roman", Times, serif;
font-size: 100%;
margin: 0 auto;
width:800px !important;
min-width:800px !important;
max-width:800px !important;
}
.wrapper {
text-align:center;
width:800px !important;
padding:0px 0px 0px 0px;
background:url('wrapperbg.jpg') repeat-y top center;
}
.header{
background-image: url('headerbg.jpg');
width:800px !important;
height:147px !important;
}
.bar{
background-image: url('mainbar.jpg');
width:800px !important;
height:65px !important;
padding-left: 20px;
text-align:left;
}
.footer{
background-image: url('footer.jpg');
width:800px !important;
height:72px !important;
text-align:center;
font-size: .7em;
color:#CCCCCC;
}
.footer a{
color:#CCCCCC;
}
.footer a:hover{
color:#FFCC00;
}
button, input {
font-family:Georgia, "Times New Roman", Times, serif;
font-size: .8em;
padding: 5px;
}
#users tr {
background-color: #DDDDDD;
}
#users tr.normal {
background-color: #CCCCCC;
}
#users tr.highlight {
background-color:#99CCCC;
}
</style>
</head>
<body>
<div class="wrapper">
<table width="800" border="0" padding="0" cellspacing="0">
<tr>
<td align="left" class="header" style="color:#CCCCCC;top:40px;padding-left:20px;font-size:2.5em"><i>Chirp Admin</i></td>
</tr>
<tr>
<td class="bar"><?php echo $title; ?></td>
</tr>
</table>
<?php
if($_SESSION['GBOOK_ADMIN_LOGIN'] == "ISADMIN"){
?>
<center>
<script type="text/javascript"><!--
google_ad_client = "pub-8588402342452246";
/* GBook */
google_ad_slot = "2195100696";
google_ad_width = 728;
google_ad_height = 15;
//-->
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script></center>
<?php
}
?>
<br />
<?php
if (isset($_SESSION['GBOOK_ADMIN_LOGIN']) && ($_SESSION['GBOOK_ADMIN_LOGIN'] == 'NOTADMIN')){
echo $errmsg;
?>
<form method="POST" action="index.php">
<table padding="5" cellspacing="0" border="0" style="margin:auto auto">
<tr><td style="padding:5px;" >User name:</td><td style="padding:5px;" ><input type="text" name="user" /></td></tr>
<tr><td style="padding:5px;" >Password:</td><td style="padding:5px;" ><input type="password" name="pw" /></td></tr>
<tr><td style="padding:5px;" colspan="2"><button type="submit">Admin Login</button></td></tr>
</table>
</form>
<?php
} else {
?>
<table width="800" cellpadding="2" cellspacing="0" border="0" style="margin:auto auto;">
<tr>
<td style="padding:5px;" valign="top" align="right" width="160" style="font-size:1.4em;">
<a href="index.php?act=conf">Configuration</a><br />
<a href="index.php?act=users">Users</a><br />
<a href="index.php?act=add">Add Users</a><br />
<a href="index.php?act=waiting">Waiting Users</a><br />
<a href="index.php?act=word">Word Filter</a><br />
<a href="index.php?act=spam">Spam Filter</a><br />
<!-- <a href="index.php?act=msg0">view messages</a><br /> -->
<a href="index.php?logout=true">logout</a><br />
</td>
<td style="padding:5px;" valign="top" align="center" style="font-size:.75em;">
<?php
switch($act){
case "conf":
$statmsg = '';
if ($_SERVER["REQUEST_METHOD"] == 'POST'){
if(isset($_POST['setset'])){
$sitename = htmlspecialchars($_POST['sitename'],ENT_QUOTES);
$siteurl = htmlspecialchars($_POST['siteurl'],ENT_QUOTES);
$sitetheme = htmlspecialchars($_POST['theme'],ENT_QUOTES);
$siteemail = htmlspecialchars($_POST['email'],ENT_QUOTES);
$msg_size = htmlspecialchars($_POST['max_msg_size'],ENT_QUOTES);
$lang = htmlspecialchars($_POST['language'],ENT_QUOTES);
$emotes = htmlspecialchars($_POST['emotes'],ENT_QUOTES);
$emotepack = htmlspecialchars($_POST['emoticon_pack'],ENT_QUOTES);
$nummsg = htmlspecialchars($_POST['nummsg'],ENT_QUOTES);
$msg_num_days = htmlspecialchars($_POST['msg_num_days'],ENT_QUOTES);
$imgsize = htmlspecialchars($_POST['imgsize'],ENT_QUOTES);
$umin = htmlspecialchars($_POST['umin'],ENT_QUOTES);
$umax = htmlspecialchars($_POST['umax'],ENT_QUOTES);
$pmin = htmlspecialchars($_POST['pmin'],ENT_QUOTES);
$allowdm = htmlspecialchars($_POST['allowdm'],ENT_QUOTES);
$spamf = htmlspecialchars($_POST['spam'],ENT_QUOTES);
$badwordf = htmlspecialchars($_POST['badword'],ENT_QUOTES);
$numfriends = htmlspecialchars($_POST['numfriends'],ENT_QUOTES);
$auname = htmlspecialchars($_POST['auname'],ENT_QUOTES);
$apword = htmlspecialchars($_POST['apword'],ENT_QUOTES);
$encaptcha = htmlspecialchars($_POST['enablecaptcha'],ENT_QUOTES);
$cappub = htmlspecialchars($_POST['publickey'],ENT_QUOTES);
$cappriv = htmlspecialchars($_POST['privatekey'],ENT_QUOTES);
if(FUNCT_SAVE_SETTINGS($sitename,$siteurl,$sitetheme,$siteemail,$lang,$emotes,$emotepack,$nummsg,$msg_size,$imgsize,$umin,$umax,$pmin,$allowdm,$spamf,$badwordf,$numfriends,$auname,$apword,$msg_num_days,$encaptcha,$cappub,$cappriv)){
$statmsg = "Configuration Saved.";
}else{
$statmsg = "There was a problem saving the config file";
}
}
}
echo $statmsg.FUNCT_CONFIGURATION();
break;
case "word":
echo Word_Filter_Form(@$_POST['badlist'],@$_POST['goodlist'],@$_POST['bad'],@$_POST['good'],@$_GET['mode']);
break;
case "add":
$statmsg = '';
if($_SERVER['REQUEST_METHOD'] == 'POST'){
if(isset($_POST['addbtn'])){
$username = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['username'],ENT_QUOTES)));
$firstname = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['firstname'],ENT_QUOTES)));
$lastname = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['lastname'],ENT_QUOTES)));
$email = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['email'],ENT_QUOTES)));
$address = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['address'],ENT_QUOTES)));
$city = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['city'],ENT_QUOTES)));
$state = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['state'],ENT_QUOTES)));
$zipcode = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['zipcode'],ENT_QUOTES)));
$phone = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['phone'],ENT_QUOTES)));
$password = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['password'],ENT_QUOTES)));
$statmsg = FUNCT_ADD_USER($username,$firstname,$lastname,$email,$address,$city,$state,$zipcode,$phone,$password);
}
}
echo $statmsg.FUNCT_USER_ADD_FRM();
break;
case "waiting":
$uname = '';
$statmsg = '';
if(isset($_GET['a']) && !empty($_GET['a'])){
$a = addslashes(mysql_real_escape_string(htmlspecialchars($_GET['a'],ENT_QUOTES)));
$id = addslashes(mysql_real_escape_string(htmlspecialchars($_GET['id'],ENT_QUOTES)));
switch($a){
case "del":
mysql_query('DELETE FROM users_waiting WHERE USERID = '.$id);
if(mysql_errno()){
echo mysql_errno() . ': ' . mysql_error() . "\n";
die();
}
break;
case "enable":
$result = mysql_query('SELECT * FROM users_waiting WHERE USERID = "'.$id.'" LIMIT 1');
$cnt = mysql_num_rows($result);
if($cnt == 1){
$row = mysql_fetch_array($result);
$newpw = r_id();
$newpw = substr($newpw, 2, 6);
$sql = 'INSERT INTO users (USERNAME,FIRSTNAME,LASTNAME,EMAIL,STATE,SIGNUPDATE,PASSWORD) VALUES ("'.$row['USERNAME'].'","'.$row['FIRSTNAME'].'","'.$row['LASTNAME'].'","'.$row['EMAIL'].'","'.$row['STATE'].'","'.$row['SIGNDATE'].'","'.md5($newpw).'")';
mysql_query($sql) or die(mysql_error());
$sql = 'DELETE FROM users_waiting WHERE USERID = "'.$id.'" LIMIT 1';
mysql_query($sql) or die(mysql_error());
if (sendregemail($newpw, $row['EMAIL'])){
$statmsg = 'Account enabled.';
}else{
$statmsg = 'There was a problem sending the registration email.';
}
}else{
$statmsg = 'There is no account to register with that user id.';
}
break;
case "resend":
$result = mysql_query('SELECT EMAIL,VERID FROM users_waiting WHERE USERID = '.$id.' LIMIT 1');
if(mysql_errno()){
echo mysql_errno() . ': ' . mysql_error() . "\n";
die();
}else{
$cnt = mysql_num_rows($result);
if($cnt > 0){
$row = mysql_fetch_array($result);
if (regEmail($row['EMAIL'],$row['VERID'])){
$statmsg = 'The verification email was sent successfully.';
}else{
$statmsg = 'There was a problem sending the verification email.';
}
}else{
$statmsg = 'A user with that ID does not exist.';
}
}
break;
}
}
echo $statmsg.FUNCT_SHOW_WAITING_USERS();
break;
case "users":
$uname = '';
$statmsg = '';
if(isset($_GET['a']) && !empty($_GET['a'])){
$a = addslashes(mysql_real_escape_string(htmlspecialchars($_GET['a'],ENT_QUOTES)));
$id = addslashes(mysql_real_escape_string(htmlspecialchars($_GET['id'],ENT_QUOTES)));
if($a == 'del'){
FUNCT_DEL_USER($id);
}
if ($a == 'ban'){
$result = mysql_query('SELECT BANNED FROM users WHERE USERID = '.$id.' LIMIT 1');
$cnt = mysql_num_rows($result);
if ($cnt > 0){
$row = mysql_fetch_array($result);
if($row['BANNED'] == 'no'){
mysql_query('UPDATE users SET BANNED = "yes" WHERE USERID = '.$id);
}elseif($row['BANNED'] == 'yes'){
mysql_query('UPDATE users SET BANNED = "no" WHERE USERID = '.$id);
}
}
}
}
if($_SERVER['REQUEST_METHOD'] == 'POST'){
if(isset($_POST['edbtn'])){
$firstname = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['firstname'],ENT_QUOTES)));
$lastname = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['lastname'],ENT_QUOTES)));
$email = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['email'],ENT_QUOTES)));
$address = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['address'],ENT_QUOTES)));
$city = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['city'],ENT_QUOTES)));
$state = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['state'],ENT_QUOTES)));
$zipcode = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['zipcode'],ENT_QUOTES)));
$phone = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['phone'],ENT_QUOTES)));
$password = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['password'],ENT_QUOTES)));
$statmsg = FUNCT_UPDATE_USER($id,$firstname,$lastname,$email,$address,$city,$state,$zipcode,$phone,$password);
}
}
if (isset($_POST['username']) && !empty($_POST['username'])){
$uname = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['username'], ENT_QUOTES)));
}
if(isset($_GET['page']) && !empty($_GET['page'])){
if(is_numeric($_GET['page'])){
$epage = htmlspecialchars($_GET['page'],ENT_QUOTES);
}
}
if (!empty($a) &&($a == 'edit')){
if(is_numeric($id)){
echo $statmsg.FUNCT_USER_EDIT_FRM($id);
}else{
echo FUNCT_SHOW_USERS($uname,$epage);
}
}else{
echo FUNCT_SHOW_USERS($uname,$epage);
}
break;
case "spam":
$keywordlist = '';
if (isset($_POST['keywords']) && !empty($_POST['keywords'])){
$keywordlist = htmlspecialchars($_POST['keywords'],ENT_QUOTES);
}
echo Keyword_Function($keywordlist);
default:
}
?>
</td>
</tr>
</table>
<?php
}
?>
<br /><br />
<table width="800" border="0" padding="0" cellspacing="0">
<tr>
<td style="padding:5px;" class="footer" valign="top">
Copyright <a href="http://www.groonesworld.com" target="_blank">Groone's World Development</a> 2011<br />
Chirp, version 3.1<br />
Licensed Under The GNU General Public License<br /><br />
</td>
</tr>
</table></div>
</body>
</html>
<?php
mysql_close($connection);
//############### Function area
function sendregemail($ssid, $rcpt){
include("../includes/config.inc.php");
include("../language/language.".$language.".php");
$headers = "From: ".$site_email_address."\n"; // From address
$headers .= "Reply-To: ".$site_email_address."\n"; // Reply-to address
$headers .= "Organization: ".stripslashes($sitename)."\n"; // Organisation
$headers .= "Content-Type: text/html; charset=iso-8859-1\n"; // Type
$subj = stripslashes($sitename). $conmsg4;
$letter = file_get_contents('../letters/confirmation_reply.letter.html');
$regmsg = $conmsg6.'<strong>'.$rcpt.'</strong><br />
'.$conmsg7.' <strong>'.$ssid.'</strong><br /><br />'.$conmsg8;
$regmsg = $letter.$regmsg;
if(mail($rcpt, $subj, $regmsg, $headers)){
return true;
}else{
return false;
}
}
function regEmail($rcpt,$ssid){
include("../includes/config.inc.php");
include("../language/language.".$language.".php");
$headers = "From: ".$site_email_address."\n"; // From address
$headers .= "Reply-To: ".$site_email_address."\n"; // Reply-to address
$headers .= "Organization: ".stripslashes($sitename)."\n"; // Organisation
$headers .= "Content-Type: text/html; charset=iso-8859-1\n"; // Type
$subj = stripslashes($sitename).$regmsg11;
$letter = file_get_contents('../letters/registration_reply.letter.html');
$regmsg = '
<a href="'.$url.'confirm.php?token='.$ssid.'">'.$url.'confirm.php?token='.$ssid.'</a>'.$regmsg10;
$regmsg = $letter.$regmsg;
if(mail($rcpt, $subj, $regmsg, $headers)){
return true;
}else{
return false;
}
}
function FUNCT_ADD_USER($uname,$fname,$lname,$mail,$addy,$cty,$stte,$zip,$ph,$pw){
include("../includes/config.inc.php");
if (strlen($pw)< $password_length_min){
$retval = "The password was too small. User not added.";
}else{
$result = mysql_query('SELECT * FROM users WHERE USERNAME = "'.$uname.'" LIMIT 1');
$cnt = mysql_num_rows($result);
if (($cnt > 0) || (strlen($uname) < $username_length_min )){
$retval = "The username is already in use. User not added.";
}else{
$result = mysql_query('SELECT * FROM users WHERE EMAIL = "'.$mail.'" LIMIT 1');
$cnt = mysql_num_rows($result);
if (($cnt > 0) || (strlen($mail) < 6 )){
$retval = "The email is already in use. User not added.";
}else{
$retval = '';
mysql_query('INSERT INTO users (USERNAME,FIRSTNAME,LASTNAME,EMAIL,ADDRESS,CITY,STATE,ZIPCODE,PHONE,SIGNUPDATE,PASSWORD) VALUES ("'.$uname.'","'.$fname.'","'.$lname.'","'.$mail.'","'.$addy.'","'.$cty.'","'.$stte.'","'.$zip.'","'.$ph.'",NOW(),"'.md5($pw).'")');
if(mysql_errno()){
echo mysql_errno() . ': ' . mysql_error() . "\n";
die();
}else{
$retval = "User Added Successfully!";
}
}
}
}
return $retval;
}
function FUNCT_USER_ADD_FRM(){
$retval = '';
$retval = '<div style="width:100%;text-align:center;">
<form method="POST" action="index.php?act=add">
<table width="90%" cellpadding="3" cellspacing="0" border="0" style="margin:auto;">
<tr>
<td align="left" width="30%">User Name </td>
<td align="center"><input type="text" name="username" style="width:100%" /></td>
</tr>
<tr>
<td align="left" width="30%">First Name </td>
<td><input type="text" name="firstname" style="width:100%" /></td>
</tr>
<tr>
<td align="left" width="30%">Last Name</td>
<td><input type="text" name="lastname" style="width:100%" /></td>
</tr>
<tr>
<td align="left" width="30%">Email </td>
<td><input type="text" name="email" style="width:100%" /></td>
</tr>
<tr>
<td align="left" width="30%">Street</td>
<td><input type="text" name="address" style="width:100%" /></td>
</tr>
<tr>
<td align="left" width="30%">City</td>
<td><input type="text" name="city" style="width:100%" /></td>
</tr>
<tr>
<td align="left" width="30%">State</td>
<td><input type="text" name="state" style="width:100%" /></td>
</tr>
<tr>
<td align="left" width="30%">Zip Code</td>
<td><input type="text" name="zipcode" style="width:100%" /></td>
</tr>
<tr>
<td align="left" width="30%">Phone</td>
<td><input type="text" name="phone" style="width:100%" /></td>
</tr>
<tr>
<td align="left" width="30%">Password</td>
<td><input type="PASSWORD" name="password" style="width:100%" /></td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit" name="addbtn" value="Save User" /></td>
</tr>
</table></form></div>';
return $retval;
}
function FUNCT_UPDATE_USER($uid,$fname,$lname,$mail,$addy,$cty,$stte,$zip,$ph,$pw){
$retval = '';
$chpw = '';
if(!empty($pw)){
$chpw = ',PASSWORD = "'.md5($pw).'"';
}
mysql_query('UPDATE users SET FIRSTNAME="'.$fname.'",LASTNAME="'.$lname.'",EMAIL="'.$mail.'",ADDRESS="'.$addy.'",CITY="'.$cty.'",STATE="'.$stte.'",ZIPCODE="'.$zip.'",PHONE="'.$ph.'"'.$chpw.' WHERE USERID = '.$uid);
if(mysql_errno()){
echo mysql_errno() . ': ' . mysql_error() . "\n";
die();
}else{
$retval = "Updated Successfully!";
}
return $retval;
}
function FUNCT_USER_EDIT_FRM($uid){
$retval = '';
$result = mysql_query('SELECT * FROM users WHERE USERID = '.$uid.' LIMIT 1');
if(mysql_errno()){
}else{
$row = mysql_fetch_array($result);
$retval = '<div style="width:100%;text-align:center;">
<form method="POST" action="index.php?act=users&a=edit&id='.$uid.'">
<table width="90%" cellpadding="3" cellspacing="0" border="0" style="margin:auto;">
<tr>
<td align="left" width="30%">User Name </td>
<td align="center"><span style="font-weight:bold;font-size:1.2em;">'.$row['USERNAME'].'</span></td>
</tr>
<tr>
<td align="left" width="30%">First Name </td>
<td><input type="text" name="firstname" value="'.$row['FIRSTNAME'].'" style="width:100%" /></td>
</tr>
<tr>
<td align="left" width="30%">Last Name</td>
<td><input type="text" name="lastname" value="'.$row['LASTNAME'].'" style="width:100%" /></td>
</tr>
<tr>
<td align="left" width="30%">Email </td>
<td><input type="text" name="email" value="'.$row['EMAIL'].'" style="width:100%" /></td>
</tr>
<tr>
<td align="left" width="30%">Street</td>
<td><input type="text" name="address" value="'.$row['ADDRESS'].'" style="width:100%" /></td>
</tr>
<tr>
<td align="left" width="30%">City</td>
<td><input type="text" name="city" value="'.$row['CITY'].'" style="width:100%" /></td>
</tr>
<tr>
<td align="left" width="30%">State</td>
<td><input type="text" name="state" value="'.$row['STATE'].'" style="width:100%" /></td>
</tr>
<tr>
<td align="left" width="30%">Zip Code</td>
<td><input type="text" name="zipcode" value="'.$row['ZIPCODE'].'" style="width:100%" /></td>
</tr>
<tr>
<td align="left" width="30%">Phone</td>
<td><input type="text" name="phone" value="'.$row['PHONE'].'" style="width:100%" /></td>
</tr>
<tr>
<td align="left" width="30%">Password</td>
<td><input type="PASSWORD" name="password" style="width:100%" /></td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit" name="edbtn" value="Save User" /></td>
</tr>
</table></form></div>';
}
return $retval;
}
function FUNCT_DEL_USER($uid = -1){
// Not the best sql delete method but I don't know any other way at this time.
mysql_query('DELETE FROM users WHERE USERID = '.$uid);
if(mysql_errno()){
echo mysql_errno() . ': ' . mysql_error() . "\n";
die();
}
mysql_query('DELETE FROM chirpmsg WHERE USERID = '.$uid);
if(mysql_errno()){
echo mysql_errno() . ': ' . mysql_error() . "\n";
die();
}
mysql_query('DELETE FROM favorites WHERE USERID = '.$uid);
if(mysql_errno()){
echo mysql_errno() . ': ' . mysql_error() . "\n";
die();
}
mysql_query('DELETE FROM friends WHERE USERID = '.$uid);
if(mysql_errno()){
echo mysql_errno() . ': ' . mysql_error() . "\n";
die();
}
mysql_query('DELETE FROM public_profile WHERE USERID = '.$uid);
if(mysql_errno()){
echo mysql_errno() . ': ' . mysql_error() . "\n";
die();
}
mysql_query('DELETE FROM friends WHERE FRIENDID = '.$uid);
if(mysql_errno()){
echo mysql_errno() . ': ' . mysql_error() . "\n";
die();
}
}
function FUNCT_SHOW_USERS($uanme = '',$page=0){
$retval = '';
$isbanned = '';
$num_per_page = 45;
$result = mysql_query('SELECT * FROM users WHERE USERNAME LIKE "%'.$uanme.'%" ORDER BY USERNAME DESC');
$num = mysql_num_rows($result);
//=====================Pagenation Sequence ================================
$pages = intval($num/$num_per_page);
if ($num%$num_per_page) {
$pages++;
}
$current = ($page/$num_per_page) + 1;
if (($pages < 1) || ($pages == 0)) {
$total = 1;
}else{
$total = $pages;
}
$first = $page + 1;
if (!((($page + $num_per_page) / $num_per_page) >= $pages) && $pages != 1) {
$last = $page + $num_per_page;
}else{
$last = $num;
}
//=====================Pagenation Sequence ================================
$retval = '
<div style="width:100%;text-align:center;">
<form method="POST" action="index.php?act=users">
Username Search: <input type="text" name="username" style="width:275px" /> <input type="submit" value="Search" />
</form><br />
</div>';
if ($num == 0){
$retval .= 'Your query returned 0 results.';
}else{
$result = mysql_query('SELECT * FROM users WHERE USERNAME LIKE "%'.$uanme.'%" ORDER BY USERNAME ASC LIMIT '.$page.', '.$num_per_page);
if(mysql_errno()){
echo mysql_errno() . ': ' . mysql_error() . "\n";
die();
}else{
$num = mysql_num_rows($result);
$retval .= '
<div style="width:100%;text-align:center;">
<table border="0" style="font-size:.85em;width:95%;margin:auto;empty-cells:show;" cellspacing="0" cellpadding="3">
<th align="center" style="border-bottom:1px solid #000000">Username</th><th align="center" style="border-bottom:1px solid #000000">First Name</th><th align="center" style="border-bottom:1px solid #000000">Last Name</th><th align="center" style="border-bottom:1px solid #000000">Action</th>';
if ($num >0){
while($row = mysql_fetch_array($result)){
if ($row['BANNED'] == 'no'){
$isbanned = 'ban';
}elseif($row['BANNED'] == 'yes'){
$isbanned = 'unban';
}
$retval .= '<tr><td align="left" style="border-bottom:1px dotted #000000">'.$row['USERNAME'].'</td><td align="left" style="border-bottom:1px dotted #000000">'.$row['FIRSTNAME'].'</td><td align="left" style="border-bottom:1px dotted #000000">'.$row['LASTNAME'].'</td><td align="center" style="border-bottom:1px dotted #000000"><a href="index.php?act=users&a=del&id='.$row['USERID'].'">delete</a> | <a href="index.php?act=users&a=edit&id='.$row['USERID'].'">edit</a> | <a href="index.php?act=users&a=ban&id='.$row['USERID'].'">'.$isbanned.'</a></td></tr>';
}
$retval .= '</table></div>';
}else{
$retval = "Your query returned 0 results.";
}
}
//====================Pagenation Footer============================
if ($page != 0) {
$back_page = $page - $num_per_page;
$retval .= '<a href="index.php?act=users&page='.$back_page.'">back</a> ';
}
for ($i=1; $i <= $pages; $i++){
$ppage = $num_per_page*($i - 1);
if ($ppage == $page){
if ($pages > 1){
$retval .= '<b>'.$i.'</b> ';
}
}else{
$retval .= '<a href="index.php?act=users&page='.$ppage.'">'.$i.'</a> ';
}
}
if (!((($page+$num_per_page) / $num_per_page) >= $pages) && $pages != 1) {
$next_page = $page + $num_per_page;
$retval .= '<a href="index.php?act=users&page='.$next_page.'">next</a>';
}
//====================Pagenation Footer============================
}
return $retval;
}
function FUNCT_SHOW_WAITING_USERS($uanme = '',$page=0){
$retval = '';
$isbanned = '';
$num_per_page = 45;
$result = mysql_query('SELECT * FROM users_waiting WHERE USERNAME LIKE "%'.$uanme.'%" ORDER BY USERNAME DESC');
$num = mysql_num_rows($result);
//=====================Pagenation Sequence ================================
$pages = intval($num/$num_per_page);
if ($num%$num_per_page) {
$pages++;
}
$current = ($page/$num_per_page) + 1;
if (($pages < 1) || ($pages == 0)) {
$total = 1;
}else{
$total = $pages;
}
$first = $page + 1;
if (!((($page + $num_per_page) / $num_per_page) >= $pages) && $pages != 1) {
$last = $page + $num_per_page;
}else{
$last = $num;
}
//=====================Pagenation Sequence ================================
$retval = '
<div style="width:100%;text-align:center;">
<form method="POST" action="index.php?act=waiting">
Username Search: <input type="text" name="username" style="width:275px" /> <input type="submit" value="Search" />
</form><br />
</div>';
if ($num == 0){
$retval .= 'Your query returned 0 results.';
}else{
$result = mysql_query('SELECT * FROM users_waiting WHERE USERNAME LIKE "%'.$uanme.'%" ORDER BY USERNAME ASC LIMIT '.$page.', '.$num_per_page);
if(mysql_errno()){
echo mysql_errno() . ': ' . mysql_error() . "\n";
die();
}else{
$num = mysql_num_rows($result);
$retval .= '
<div style="width:100%;text-align:center;">
<table border="0" style="font-size:.85em;width:95%;margin:auto;empty-cells:show;" cellspacing="0" cellpadding="3">
<th align="center" style="border-bottom:1px solid #000000">Username</th><th align="center" style="border-bottom:1px solid #000000">Date</th><th align="center" style="border-bottom:1px solid #000000">Email</th><th align="center" style="border-bottom:1px solid #000000">Action</th>';
if ($num >0){
while($row = mysql_fetch_array($result)){
$mdate = date_create($row['SIGNDATE']);
$retval .= '<tr><td align="left" style="border-bottom:1px dotted #000000">'.$row['USERNAME'].'</td><td align="left" style="border-bottom:1px dotted #000000">'.date_format($mdate,"M d, Y").'</td><td align="left" style="border-bottom:1px dotted #000000">'.$row['EMAIL'].'</td><td align="center" style="border-bottom:1px dotted #000000"><a href="index.php?act=waiting&a=del&id='.$row['USERID'].'">delete</a> | <a href="index.php?act=waiting&a=resend&id='.$row['USERID'].'">resend</a> | <a href="index.php?act=waiting&a=enable&id='.$row['USERID'].'">enable</a></td></tr>';
}
$retval .= '</table></div>';
}else{
$retval = "Your query returned 0 results.";
}
}
//====================Pagenation Footer============================
if ($page != 0) {
$back_page = $page - $num_per_page;
$retval .= '<a href="index.php?act=waiting&page='.$back_page.'">back</a> ';
}
for ($i=1; $i <= $pages; $i++){
$ppage = $num_per_page*($i - 1);
if ($ppage == $page){
if ($pages > 1){
$retval .= '<b>'.$i.'</b> ';
}
}else{
$retval .= '<a href="index.php?act=waiting&page='.$ppage.'">'.$i.'</a> ';
}
}
if (!((($page+$num_per_page) / $num_per_page) >= $pages) && $pages != 1) {
$next_page = $page + $num_per_page;
$retval .= '<a href="index.php?act=waiting&page='.$next_page.'">next</a>';
}
//====================Pagenation Footer============================
}
return $retval;
}
function FUNCT_CONFIGURATION(){
include("../includes/config.inc.php");
$content = '';
$emocontent = '';
$langopt = '';
foreach(glob('../themes/*', GLOB_ONLYDIR) as $dir) {
$dir = str_replace('../themes/', '', $dir);
$content .= '<option value="'.$dir.'">'.$dir.'</option>';
}
foreach(glob('../emoticons/*', GLOB_ONLYDIR) as $dir) {
$dir = str_replace('../emoticons/', '', $dir);
$emocontent .= '<option value="'.$dir.'">'.$dir.'</option>';
}
/*
$path = "../language/";
$dir_handle = @opendir($path) or die($path);
while ($file = readdir($dir_handle)) {
if((filetype($path.$file) == 'dir') && ($file != ".") && ($file != "..")){
$langopt .= "<option value=\"".$file."\">".$file."</option>";
}
}*/
$path = "../language/";
$dir_handle = @opendir($path) or die($path);
while ($file = readdir($dir_handle)) {
if(($file != ".") && ($file != "..")){
$langopt .= "<option value=\"".$file."\">".substr($file,9,2)."</option>";
}
}
$retval = '<div style="margin:auto;width:90%;text-align:middle">
<form method="POST" action="index.php?act=conf">
<table width="100%" cellpadding="0" cellspacing="0">
<tr>
<td style="padding:5px;" align="left" width="35%">Site Name:</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="sitename" value="'.stripslashes($sitename).'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Site Url:</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="siteurl" value="'.$url.'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Theme:</td><td style="padding:5px;" align="left"><select name="theme" style="width:100%"><option value="'.$theme.'" SELECTED>'.$theme.'</option>'.$content.'</select></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Email Address:</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="email" value="'.$site_email_address.'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Message Size</td><td style="padding:5px;" align="left"><span style="font-size:.65em">Remember to update main_txt_box.theme.html in your themes folder.</span><br /><input style="width:100%" type="text" name="max_msg_size" value="'.$max_msg_size.'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Message Retention Days</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="msg_num_days" value="'.$msg_num_days.'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Language:</td><td style="padding:5px;" align="left"><select name="language" style="width:100%"><option value="'.$language.'">'.$language.'</option>'.$langopt.'</select></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Enable Emoticons:</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="emotes" value="'.$enable_emoticons.'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Emoticon Pack:</td><td style="padding:5px;" align="left"><select name="emoticon_pack" style="width:100%"><option value="'.$emoticon_pack.'" SELECTED>'.$emoticon_pack.'</option>'.$emocontent.'</select></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Num Messages:</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="nummsg" value="'.$num_msg_to_show.'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Profile Image Size in Kb:</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="imgsize" value="'.$max_img_size.'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Username Min/Max:</td><td style="padding:5px;" align="left"><input type="text" name="umin" value="'.$username_length_min.'" /> <input type="text" name="umax"value="'.$username_length_max.'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Password Min:</td><td style="padding:5px;" align="left"><input type="text" name="pmin" value="'.$password_length_min.'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Allow non-Follow Direct Messaging:</td><td style="padding:5px;" align="left"><input style="width:35%" type="text" name="allowdm" value="'.$allow_nonfollow_dm.'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Spam Filter:</td><td style="padding:5px;" align="left"><input style="width:35%" type="text" name="spam" value="'.$use_keyword_spam_filter.'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Bad Word Filter:</td><td style="padding:5px;" align="left"><input style="width:35%" type="text" name="badword" value="'.$use_bad_word_filer.'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Num Friends to Show:</td><td style="padding:5px;" align="left"><input style="width:35%" type="text" name="numfriends" value="'.$num_people_to_show.'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Admin Username:</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="auname" value="'.$chirpuname.'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Admin Password:</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="apword" value="'.$chirppw.'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Enable Recaptcha</td><td style="padding:5px;" align="left"><span style="font-size:.65em">Learn more about recaptcha <a href="http://www.google.com/recaptcha" target="_blank">http://www.google.com/recaptcha</a></span><br /><input style="width:35%" type="text" name="enablecaptcha" value="'.$enable_recaptcha.'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Public Key:</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="publickey" value="'.$recaptcha_public_key.'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="left" width="35%">Private Key</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="privatekey" value="'.$recaptcha_private_key.'" /></td>
</tr>
<tr>
<td style="padding:5px;" align="right" colspan="2"><input type="submit" name="setset" value="Save Settings" /></td>
</tr>
</table></form></div>';
return $retval;
}
function FUNCT_SAVE_SETTINGS($site="Chirp: The Microblog",$url ="http://yoursite.com/chirp/",$theme="default",$site_email_address="hide@address.com",$language="en",
$enable_emoticons=1,$emoticon_pack="default",$num_msg_to_show=50,$max_msg_size=151,$max_img_size=450,$username_length_min=4,$username_length_max=15,$password_length_min=6,
$allow_nonfollow_dm=0,$use_keyword_spam_filter=1,$use_bad_word_filer=1,$num_people_to_show=35,$chirpuname="admin",$chirppw="password",$msg_number_days=365,$enable_recaptcha=0,
$recaptcha_public_key="",$recaptcha_private_key=""){
$content =
"<?php\n\n
\$sitename = '".$site."';\n\n
\$url = '".$url."';\n\n
\$theme = '".$theme."';\n\n
\$site_email_address = '".$site_email_address."';\n\n
\$language = '".$language."';\n\n
\$enable_emoticons = ".$enable_emoticons.";\n\n
\$emoticon_pack = '".$emoticon_pack."';\n\n
\$num_msg_to_show = ".$num_msg_to_show.";\n\n
\$msg_num_days = ".$msg_number_days.";\n\n
\$max_msg_size= ".$max_msg_size.";\n\n
\$max_img_size = ".$max_img_size.";\n\n
\$username_length_min = ".$username_length_min.";\n\n
\$username_length_max = ".$username_length_max.";\n\n
\$password_length_min = ".$password_length_min.";\n\n
\$allow_nonfollow_dm = ".$allow_nonfollow_dm.";\n\n
\$use_keyword_spam_filter = ".$use_keyword_spam_filter.";\n\n
\$use_bad_word_filer = ".$use_bad_word_filer.";\n\n
\$num_people_to_show = ".$num_people_to_show.";\n\n
\$chirpuname = '".$chirpuname."';\n\n
\$chirppw = '".$chirppw."';\n\n
\$enable_recaptcha = ".$enable_recaptcha.";\n\n
\$recaptcha_public_key = '".$recaptcha_public_key."';\n\n
\$recaptcha_private_key = '".$recaptcha_private_key."';\n\n
?>";
$filename = "../includes/config.inc.php";
$file = fopen($filename, "w") or die("Cannot open ".$file_name);
fwrite($file, $content );
fclose($file);
return TRUE;
}
function Word_Filter_Form($badlist='',$goodlist='',$bad='',$good='',$mode=''){
$filterfrm = '';
$badoptions = '';
$goodoptions = '';
if (!empty($mode) && ($mode == "del")){
$bad = htmlspecialchars($badlist, ENT_QUOTES);
$good = htmlspecialchars($goodlist, ENT_QUOTES);
$query = "DELETE FROM wordfilter WHERE GOODWORD = '".$good."'";
$result = mysql_query($query);
}
if (!empty($mode) && ($mode == "add")){
$bad = htmlspecialchars($bad, ENT_QUOTES);
$good = htmlspecialchars($good, ENT_QUOTES);
$query = "INSERT INTO wordfilter (BADWORD, GOODWORD) VALUES ('".$bad."', '".$good."')";
$result = mysql_query($query);
}
$filterfrm .= "<script>
function selectu() {
for(var i=0;i<document.fmain.goodlist.options.length;i++) {
if (document.fmain.badlist.options[i].value == document.fmain.goodlist.options[document.fmain.goodlist.selectedIndex].value) {
document.fmain.badlist.selectedIndex=i;
}
}
}
function selectd() {
for(var i=0;i<document.fmain.badlist.options.length;i++) {
if (document.fmain.goodlist.options[i].value == document.fmain.badlist.options[document.fmain.badlist.selectedIndex].value) {
document.fmain.goodlist.selectedIndex=i;
}
}
}
</script>";
$filterfrm .= "<div style=\"clear:both;text-align:center;font-size:1.5em\">";
$filterfrm .= '<table width="100%" cellpadding="3" cellspacing="0" border="0" style="clear:both;margin:auto auto">
<tr>
<td valign="top">';
$filterfrm .= "<form action=\"index.php?act=word&mode=add\" method=\"post\"><center><input class=\"border\" type=\"TEXT\" name=\"bad\"> <input class=\"border\" type=\"TEXT\" name=\"good\"> <input type=\"SUBMIT\" value=\"Add Word\" class=\"border\"></center></form>";
$filterfrm .= "<form action=\"index.php?act=word&mode=del\" name=\"fmain\" method=\"post\">";
$filterfrm .= "<table border=\"0\" style=\"clear:both;margin:auto auto\"><tr><td align=\"center\">";
$filterfrm .= " Bad Word's <br>
<SELECT SIZE=\"9\" name=\"badlist\" onChange=\"selectd();\"> \n";
$result = mysql_query("SELECT * FROM wordfilter");
while ($row = mysql_fetch_array($result)){
$badoptions .= "<OPTION value=\"".$row['GOODWORD']."\">".$row['BADWORD']."</OPTION> \n";
$goodoptions .= "<OPTION value=\"".$row['GOODWORD']."\">".$row['GOODWORD']."</OPTION> \n";
}
$filterfrm .= $badoptions;
$filterfrm .= "</SELECT></td><td align=\"center\"> Good Word's <br>";
$filterfrm .= "<SELECT SIZE=\"9\" name=\"goodlist\" onChange=\"selectu();\">";
$filterfrm .= $goodoptions;
$filterfrm .= "</SELECT>
</td>
</tr>
<tr>
<td></td><td align=\"right\"><input type=\"SUBMIT\" value=\"Remove\" class=\"border\"></td>
</tr>
</table>
</form>";
$filterfrm .= '<td>
<td width="160" align="right" valign="top">
</td></tr></table></div>';
return $filterfrm;
}
function r_id(){
$strtime = md5(microtime());
return $strtime;
}
function Keyword_Function($data=''){
include('../includes/keywords.inc.php');
$keywordfrm = '';
if(!empty($data)){
$keywords = $data;
$data = "<?php\n\n\n\$keywords='".$data."';\n\n\n\n?>";
$file = "../includes/keywords.inc.php";
$handle = fopen($file, 'w');
fwrite($handle, $data);
fclose($handle);
}
$keywordfrm .= "<div style=\"width:100%\">
<div style=\"width:90%;margin:auto;\"><p align=\"left\" style=\"font-size: 1.1em;\">
Spammers tend to use predictable keywords that are not necessarily bad words. For example, a spammer might write \"buy inexpensive rolex watches\" whereas your friend might say, \"I bought a rolex watch.\"<br /><br />
Separate each phrase or word with a comma, and no spaces. Spaces can be used in phrases.</p>";
$keywordfrm .= "<form action=\"index.php?act=spam\" method=\"post\">
<textarea cols=\"65\" rows=\"10\" name=\"keywords\">".$keywords."</textarea><br />
<button type=\"submit\" style=\"font-size: 1.5em;\">Save</button></form></div></div>";
return $keywordfrm;
}