Location: PHPKode > scripts > OekakiPoteto > oekakipoteto/functions.php
<?
/* OekakiPoteto v5.x © RanmaGuy (Theo Chakkapark) and Marcello 2000-2002, http://suteki.nu
Global Functions for OekakiPoteto */

include('config.php');

if($apostrophes == "0"){
	set_magic_quotes_runtime(0);

	function nifty2_convert($in){
		return $in;
	}
} else {
	function nifty2_convert($in){
		return addslashes($in);
	}
}


function errorCheck($location)
{
	/* Outputs any error messages sent by the database. If there are no errors,
	the function will redirect to the specified page. */
	global $result;
	if($result) {
		header ('Location: '.$location);
		//mysql_close($dbconn);
		exit;
	} else {
		header ('Location: error.php?error='.urlencode(mysql_error()));
		//mysql_close($dbconn);
		exit;
	}
}

$hostname = gethostbyaddr($REMOTE_ADDR);

/* Including Language */

if(isset($OekakiU)){
	include('dbconn.php');
	$result = mysql_query("SELECT language,usrname,usrpass FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
	
	if($row = mysql_fetch_array($result)){	
		include("language/".$row[language].".php");
		mysql_close();
	} else {
		setcookie("OekakiU","",time() - 1209600);
		setcookie("OekakiPass","",time() - 1209600);
		mysql_close();
		header("Location: index.php");
		exit;

	}
	if($OekakiPass != $row[usrpass]){
		setcookie("OekakiU","",time() - 1209600);
		setcookie("OekakiPass","",time() - 1209600);
		header('Location: index.php');
		exit;
	}		


} else {

	include("language/".$language.".php");

}

/* Mass OPMail */

if($mailbox=="masssend"){
	include('dbconn.php');
	$result2 = mysql_query("SELECT usrflags FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
	extract(mysql_fetch_array($result2));
	if (strstr($usrflags,"O")) {

		$body = nifty2_convert($body);
		$subject = nifty2_convert($subject);
		if (isset($OekakiU)) {
			if($subject == ""){
				header ('Location: error.php?error='.urlencode($langop_functions_err1));
				exit;
			}
			$result = mysql_query("Select * from ".$OekakiPoteto_MemberPrefix."oekaki");
			while($row = mysql_fetch_array($result)){
				$result3 = mysql_query("INSERT INTO ".$OekakiPoteto_MemberPrefix."oekakimailbox SET sender='$OekakiU', reciever='$row[usrname]', subject='$subject', body='$body', senddate=NOW()");
			}
			mysql_close();
			header ('Location: mailbox.php');
			exit;
		}
	} else {
		header ('Location: error.php?error='.urlencode($langop_functions_err2));
		exit;
	}
}	

/* Archival */

if($mode == "archive"){
	//security
	include('dbconn.php');
	$result2 = mysql_query("SELECT usrflags FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
	extract(mysql_fetch_array($result2));
	if (strstr($usrflags,"A") || strstr($usrflags,"S") || strstr($usrflags,"O")) {
		//get archive flag
		$result2 = mysql_query("SELECT * FROM ".$OekakiPoteto_Prefix."oekakidta WHERE PIC_ID=".$picid);
		$row = mysql_fetch_array($result2);

		//set the flag
		if($row[archive] == "0"){
			$result = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakidta SET archive='1' WHERE PIC_ID=".$picid);
		} else {
			$result = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakidta SET archive='0' WHERE PIC_ID=".$picid);
		}
		//redirect and close the database
		errorCheck('index.php');
	} else {
		header ('Location: error.php?error='.urlencode("$langop_functions_err3"));
		exit;
	}
}		

/* Lost Password Send */

if($action == "pretrieve"){
	include('dbconn.php');
	$result = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$username'");
	$row = mysql_fetch_array($result);
	$numrows = mysql_numrows($result);
	if($numrows != 0){






		mail ($row[email], $BBStitle." ".$langop_precover_title, $langop_word_dear." ".$row[usrname].",\n\n".$langop_precover_p1." [".$REMOTE_ADDR." / ".$hostname."] ".$langop_precover_p2." ".$BBStitle." @ ".$okurl.". ".$langop_precover_p3.":\n\n".$okurl."/chngpass.php?vcode=".$row[usrpass]."&username=".urlencode($username)."\n\n".$langop_precover_p4."\n\n".$langop_precover_p5."\n\n Get your own OekakiPoteto: http://suteki.nu\n OekakiPoteto is © 2001 - 2002 RanmaGuy (Theo Chakkapark) and Marcello.", "From: \"OekakiPoteto Admin\" <$eaddr>\nX-Mailer: OekakiPoteto 5.x by RanmaGuy (Theo Chakkapark) and Marcello\n");
		//redirect and close the database
		errorCheck('index.php');
	} else {
		header ('Location: error.php?error='.urlencode($langop_functions_err4));
		exit;
	}	
}

//Administrative picture recovery
if($action=="arecover"){
	include('dbconn.php');
	$result2 = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
	$row = mysql_fetch_array($result2);
	if (strstr($row[usrflags],"S") || strstr($row[usrflags],"O") || strstr($row[usrflags],"A")) {
		$result3 = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekaki where ID='$usrname'");
		$row2 = mysql_fetch_array($result3);
		switch($dtype){
			case 0:
				$result = mysql_query("INSERT into ".$OekakiPoteto_Prefix."oekakidta SET usrname='$row2[usrname]',postdate=NOW(),hostname='$hostname', PIC_ID='$picno', IP='$REMOTE_ADDR',datatype='0', animation='1', edittime='0', postlock='1'");
				errorCheck('index.php');
				break;
			case 1:
				$result = mysql_query("INSERT into ".$OekakiPoteto_Prefix."oekakidta SET usrname='$row2[usrname]',postdate=NOW(),hostname='$hostname', PIC_ID='$picno', IP='$REMOTE_ADDR',datatype='0', animation='0', edittime='0', postlock='1'");
				errorCheck('index.php');
				break;
			case 2:
				$result = mysql_query("INSERT into ".$OekakiPoteto_Prefix."oekakidta SET usrname='$row2[usrname]',postdate=NOW(),hostname='$hostname', PIC_ID='$picno', IP='$REMOTE_ADDR',datatype='1', animation='1', edittime='0', postlock='1'");
				errorCheck('index.php');
				break;
			case 3:
				$result = mysql_query("INSERT into ".$OekakiPoteto_Prefix."oekakidta SET usrname='$row2[usrname]',postdate=NOW(),hostname='$hostname', PIC_ID='$picno', IP='$REMOTE_ADDR',datatype='1', animation='0', edittime='0', postlock='1'");
				errorCheck('index.php');
				break;
			default:
				errorCheck('index.php');
				break;	
		}
	}
}


/* Lost Password Change */

if($action == "pchange") {
	include('dbconn.php');
	$result = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$username'");
	$row = mysql_fetch_array($result);
	$numrows = mysql_numrows($result);
	if($numrows != 0){
		//compare the existing password against the database
		if($row[usrpass] == $vcode){
			//compare the new password with the old
			if($newpass == $retype){
				//change the password
				$newpass = crypt($newpass,$saltenc);
				$result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekaki set usrpass='$newpass' where usrname = '$username'");
				errorCheck('index.php');
			} else {
				header ('Location: error.php?error='.urlencode($langop_functions_err5));
				exit;
			}
		} else {
			header ('Location: error.php?error='.urlencode($langop_functions_err6));


			exit;


		}

	} else {
		header ('Location: error.php?error='.urlencode($langop_functions_err7));
		exit;
	}
			
}

/* Mailbox Send */

if($Send == "Send"){
	$body = nifty2_convert($body);
	$subject = nifty2_convert($subject);
	if (isset($OekakiU)) {
		if($subject == ""){
			header ('Location: error.php?error='.urlencode($langop_functions_err8));
			exit;
		}
		include('dbconn.php');
		$result = mysql_query("Select usrname from ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$reciever'");
		$row = mysql_fetch_array($result);
		$numrows = mysql_numrows($result);
		
		if($numrows != 0){
			if($action == "reply"){
				$result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekakimailbox SET mstatus='3' where MID='$MID'");
			}
			$result = mysql_query("INSERT INTO ".$OekakiPoteto_MemberPrefix."oekakimailbox SET sender='$OekakiU', reciever='$row[usrname]', subject='$subject', body='$body', senddate=NOW()");
			errorCheck('mailbox.php');
		} else {
			header ('Location: error.php?error='.urlencode($langop_functions_err9));
			exit;
		}
	} else {
		header ('Location: error.php?error='.urlencode($langop_functions_err10));

		exit;
	}
}	


/* Mailbox Delete */

if($mail== "delete"){


	include('dbconn.php');
	$result = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekakimailbox WHERE MID='$MID'");
	$row = mysql_fetch_array($result);
	
	if($row[reciever] != $OekakiU){
		header('Location: error.php?error='.urlencode($langop_functions_err11));
		exit;
	} else {
		$result = mysql_query("DELETE FROM ".$OekakiPoteto_MemberPrefix."oekakimailbox WHERE MID='$MID'");
		errorCheck('mailbox.php');
	}	
}

/* User delete */

if($memdel == "Delete"){
	//security
	include('dbconn.php');

	$result2 = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
	$row = mysql_fetch_array($result2);
	if (strstr($row[usrflags],"S") || strstr($row[usrflags],"O")) {
		if($action == "0"){
			//initiate delete
			$result = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekaki where ID ='$usrname2'");
			$row2 = mysql_fetch_array($result);
			$result = mysql_query("DELETE FROM ".$OekakiPoteto_MemberPrefix."oekakionline where onlineusr = '$row2[usrname]'");
			$result = mysql_query("DELETE FROM ".$OekakiPoteto_Prefix."oekakidta where usrname = '$row2[usrname]'");
			$result = mysql_query("DELETE FROM ".$OekakiPoteto_Prefix."oekakicmt where usrname = '$row2[usrname]'");
			$result = mysql_query("DELETE FROM ".$OekakiPoteto_MemberPrefix."oekakichat where usrname = '$row2[usrname]'");
			mail ($row2[email], $BBStitle." ".$langop_mandel_title, $langop_word_dear." ".$row2[usrname].",\n\n".$langop_mandel_p1." ".$BBStitle." at ".$okurl.". ".$langop_mandel_p3.".\n\n".$BBStitle." ".$langop_word_admin."\n".$langop_mandel_p2.": ".$OekakiU." (".$row[email].")"."\n".$langop_word_comments.": ".$reason."\n\nGet your own OekakiPoteto: http://suteki.nu\nOekakiPoteto is © 2001 - 2002 RanmaGuy (Theo Chakkapark) and Marcello.", "From: \"OekakiPoteto Admin\" <$eaddr>\nX-Mailer: OekakiPoteto 5.x by RanmaGuy (Theo Chakkapark) and Marcello\n");
			$result = mysql_query("DELETE FROM ".$OekakiPoteto_MemberPrefix."oekaki where ID = '$row2[ID]'");
		}

	} else {
		header ('Location: error.php?error='.urlencode($langop_functions_err12));
	}		
	errorCheck('delusr.php');
}

/* Login (from header.php)

$username (username to login)
$pass (password used to login)
$login (check if login request submitted)

*/





if ($login == "Login") {
	//open the database and configuration
	include('dbconn.php');
	//encrypt the submitted password for comparison
	$usrpass3 = crypt($pass,$saltenc);
	//query the database for the username
	$result = mysql_query("SELECT usrname, usrpass, usrflags FROM ".$OekakiPoteto_MemberPrefix."oekaki WHERE usrname='$username'");
	//extract the fields selected above into variables
	$row = mysql_fetch_array($result);
	//check if passwords are correct and that the user is a non-pending member
	if (($usrpass3 == $row[usrpass]) && strstr($row[usrflags],"G")) {
		//create a cookie that contains the username of the person who logged in
		setcookie("OekakiU",$row[usrname],time() + 1209600);		
		setcookie("OekakiPass",$usrpass3,time() + 1209600);
		//redirect and close the database
		errorCheck('index.php');
	} else {

		header ('Location: error.php?error='.urlencode($langop_functions_err13));
		exit;
	}
}

/* Logoff (from header.php)


$mode (check if mode is "logoff")

*/

if ($mode == "logoff") {
	//kill all cookies
	setcookie("OekakiU","",time() - 1209600);
	setcookie("OekakiPass","",time() - 1209600);
	header('Location: index.php');
}

//Registration Verification

if($mode == "Verify")
{
	//include database connections and configuration 
	include('dbconn.php');
	$result = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$username'");
	$row = mysql_fetch_array($result);
	if($vcode == $row[usrpass] && $row[usrflags] == "P"){
		$theflags = "G";
		$permissions = $langop_type_guser."\n";
	
		if($drawaccess == "yes"){
			$theflags = $theflags."D";
			$permissions = $permissions.$langop_type_daccess."\n";
		}
		if($animationaccess == "yes"){
			$theflags = $theflags."M";
			$permissions = $permissions.$langop_type_aaccess."\n";
		}
		//insert the user into the database with automatic acceptance and draw permissions
		$result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekaki SET usrflags='".$theflags."' where usrname='".$username."'");

		setcookie("OekakiU",$row[usrname],time() + 12096000);		
		setcookie("OekakiPass",$row[usrpass],time() + 12096000);
		mail ( $row[email], $BBStitle." ".$langop_autoreg_title, $langop_word_dear." ".$row[usrname].",\n\n".$langop_autoreg_p1." ".$BBStitle." @ ".$okurl." ".$langop_autoreg_p2."\n\n".$langop_autoreg_p3.":\n".$permissions."\n".$langop_autoreg_p4."\n\n".$BBStitle." ".$langop_word_admin."\n".$langop_autoreg_p5."\n\n Get your own OekakiPoteto: http://suteki.nu\n OekakiPoteto is © 2001 - 2002 RanmaGuy (Theo Chakkapark) and Marcello.", "From: \"OekakiPoteto Admin\" <$eaddr>\nX-Mailer: OekakiPoteto 5.x by RanmaGuy (Theo Chakkapark) and Marcello\n");
		header('Location: index.php');
		exit;
	} else {
		header('Location: error.php?error='.urlencode($langop_functions_err14));
		exit;
	}
}

/* Registration (from register.php)

$username (username to register)
$email (email used for registration)
$pass (password)
$pass2 (password for verification)
$comments (introduction comment)
$artURL (location to URL of art)
$register (check if submitted w/ value of "Submit")

*/

if ($register == "Submit" && $username != "") {

	$comment2 = nifty2_convert($comments);
	//include database connections and configuration 
	include('dbconn.php');
	//check if an email already exists

	$result = mysql_query("SELECT * from ".$OekakiPoteto_MemberPrefix."oekaki where email='$email'");
	$row = mysql_fetch_array($result);
	if($email == $row[email]){
		header('Location: error.php?error='.urlencode($langop_functions_err15));

		exit;
	}
	if($username == $row[usrname]){

		header('Location: error.php?error='.urlencode($langop_functions_err15));
		exit;
	}
	//encrypt the password
	$userpass1 = crypt($pass,$saltenc);
	//check if the passwords match
	if($pass == $pass2) {
		if($approval=="yes"){
		//add the user as pending
		$result = mysql_query("INSERT into ".$OekakiPoteto_MemberPrefix."oekaki SET usrname='$username',email='$email',usrpass='$userpass1',usrflags='P',comment='$comment2 - $hostname - $REMOTE_ADDR', url='$artURL', joindate=NOW(), language='$language', templatesel='$template', lastlogin=NOW()");
		} else {
		//send an email for verification
		$result = mysql_query("INSERT into ".$OekakiPoteto_MemberPrefix."oekaki SET usrname='$username',email='$email',usrpass='$userpass1',usrflags='P',comment='$comment2 - $hostname - $REMOTE_ADDR', url='$artURL', joindate=NOW(), language='$language', templatesel='$template', lastlogin=NOW()");
		mail ( $email, $BBStitle." ".$langop_verreg_title, $langop_word_dear." ".$username.",\n\n".$langop_verreg_p1." ".$BBStitle." @ ".$okurl.". ".$langop_verreg_p2.":\n\n".$okurl."/functions.php?mode=Verify&vcode=".$userpass1."&username=".urlencode($username)."\n\n".$langop_verreg_p3."\n\n".$langop_precover_p5."\n\n Get your own OekakiPoteto: http://suteki.nu\n OekakiPoteto is © 2001 - 2002 RanmaGuy (Theo Chakkapark) and Marcello.", "From: \"OekakiPoteto Admin\" <$eaddr>\nX-Mailer: OekakiPoteto 5.x by RanmaGuy (Theo Chakkapark) and Marcello\n");
		}
	} else {
		header('Location: error.php?error='.urlencode($langop_functions_err5));
		exit;
	}
	errorCheck("index.php");	
} 
/* User Flag Modification (from modflags.php)

$sa (super admin)
$admin (admin)
$gusr (guest user)
$drawd (draw access)
$ax (adult flag)
$usrname2 (the user selected to modify)
$immunity (immunity flag)
*/

if ($muser2 == "Submit") {
	include('dbconn.php');

	$flags = $sa.$admin.$gusr.$drawd.$drawm.$ax.$immunity;
	//Unauthorized user protection
	include('flagchk.php');
	$result = mysql_query("SELECT usrname, usrflags, usrpass FROM ".$OekakiPoteto_MemberPrefix."oekaki WHERE usrname='$OekakiU'");
	extract(mysql_fetch_array($result));	
	if($OekakiPass != $usrpass){
		header('Location: index.php');
		exit;
	}

	if ((!check_flag('O')) && (!check_flag('S')) && (!check_flag('A'))) {
		header('Location: error.php?error='.urlencode($langop_functions_err16));
		exit;
	}
	$result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekaki SET usrflags='$flags' WHERE usrname='$usrname2'");
	errorCheck('modflags.php');
}

/* Add/Remove User (from addusr.php)
$usrname2 (person to accept/reject)
$drawa (enable or disable draw flag)
$action (accept or reject)
$reason (reason for rejection)
$pmember2 (form submit)
*/

if ($pmember2 == "Submit"){

	$reason = nifty2_convert($reason);
	include('dbconn.php');
	//unauthorized user protection
	include('flagchk.php');
	$result2 = mysql_query("SELECT usrname, usrflags, email as email2 FROM ".$OekakiPoteto_MemberPrefix."oekaki WHERE usrname='$OekakiU'");
	extract(mysql_fetch_array($result2));
	$adminEmail = $email2;
	if ((!check_flag('O')) && (!check_flag('S')) && (!check_flag('A'))) {
		header('Location: error.php?error='.urlencode($langop_functions_err17));
		exit;

	}
	mysql_close($dbconn);

	//Add user
	include('dbconn.php');
	$result = mysql_query("Select * from ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$usrname2'");
	extract(mysql_fetch_array($result));
	if ($action == "0") {
		$theflags = "G";
		$permissions = $langop_type_guser."\n";
	
		if($drawa == "1"){
			$theflags = $theflags."D";
			$permissions = $permissions.$langop_common_drawacc."\n";
		}
		if($animation == "1"){
			$theflags = $theflags."M";
			$permissions = $permissions.$langop_common_aniacc."\n";
		}

		mail ( "$email", $BBStitle." ".$langop_autoreg_title, $langop_word_dear." ".$usrname2.",\n\n".$langop_autoreg_p1." ".$BBStitle." @ ".$okurl." ".$langop_autoreg_p2."\n\n".$langop_autoreg_p3.":\n".$permissions."\n".$langop_autoreg_p4."\n\n".$BBStitle." ".$langop_word_admin."\n".$langop_common_approvby.": ".$OekakiU." (".$adminEmail.")\n".$langop_word_comments.": ".$reason."\n\n Get your own OekakiPoteto: http://suteki.nu\n OekakiPoteto is © 2001 - 2002 RanmaGuy (Theo Chakkapark) and Marcello.", "From: \"OekakiPoteto Admin\" <$eaddr>\nX-Mailer: OekakiPoteto 5.x by RanmaGuy (Theo Chakkapark) and Marcello\n");
			$result2 = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekaki SET usrflags='$theflags' WHERE usrname='$usrname2'");
			errorCheck('addusr.php');
		} else {
		$reason = nifty2_convert($reason);
		mail ( "$email", $BBStitle." ".$langop_autoreg_title, $langop_word_dear." ".$usrname2.",\n\n".$langop_rejmsg_p1." ".$BBStitle." @ ".$okurl.", ".$langop_rejmsg_p2." ".$BBStitle." ".$langop_rejmsg_p3."\n\n ".$BBStitle." ".$langop_word_admin."\n ".$langop_common_rejby.": ".$OekakiU." (".$adminEmail.")"."\n ".$langop_word_comments.": ".$reason."\n\n Get your own OekakiPoteto: http://suteki.nu\n OekakiPoteto is © 2001 - 2002 RanmaGuy (Theo Chakkapark) and Marcello.", "From: \"OekakiPoteto Admin\" <$eaddr>\nX-Mailer: OekakiPoteto 5.x by RanmaGuy (Theo Chakkapark) and Marcello\n");
		$result2 = mysql_query("DELETE from ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$usrname2'");
		errorCheck('addusr.php');
	}
}


/* Profile Edit */

if ($eprofile=="Edit") {
	include('dbconn.php');



	$comment = nifty2_convert($comment);


	$urltitle = nifty2_convert($urltitle);
	if (strstr($sflags,"X")) {
	$sflags = eregi_replace("X", "", $sflags);

	}
	$flegs = $sflags.$adult;
	if($oldpass != ""){
		$result2 = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
		$row = mysql_fetch_array($result2);
		$oldpass2 = crypt($oldpass,$saltenc);
		if($oldpass2 == $row[usrpass]){
			if($passwd == $passwdnew){
				$passenc = crypt($passwd,$saltenc); 
				$result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekaki SET name='$name',url='$url',comment='$comment', email='$email',aim='$aim',icq='$icq',urltitle='$urltitle', MSN='$msn', yahoo='$yahoo', IRCserver='$ircserver', IRCnick='$ircnick', usrflags='$flegs', location='$location', IRCchan='$ircchan', templatesel='$ctemplate', usrpass='$passenc', age='$age', gender='$gender', picview='$picview', language='$language2' WHERE usrname='$username2'");
			} else {
				echo "New passwords do not match. Go back and retype them again.";
			}
		} else {
		$result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekaki SET name='$name',url='$url',comment='$comment', email='$email',aim='$aim',icq='$icq',urltitle='$urltitle', MSN='$msn', yahoo='$yahoo', IRCserver='$ircserver', IRCnick='$ircnick', usrflags='$flegs', location='$location', templatesel='$ctemplate', IRCchan='$ircchan', age='$age', gender='$gender', picview='$picview', language='$language2' WHERE usrname='$username2'");
		}
		

		} else {
			$result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekaki SET name='$name',url='$url',comment='$comment', email='$email',aim='$aim',icq='$icq',urltitle='$urltitle', MSN='$msn', yahoo='$yahoo', IRCserver='$ircserver', IRCnick='$ircnick', usrflags='$flegs', location='$location', templatesel='$ctemplate', IRCchan='$ircchan',age='$age', gender='$gender', picview='$picview', language='$language2' WHERE usrname='$username2'");
		}
	errorCheck('editprofile.php');
}

/* Edit Ban List */

if ($banlist=="Edit") {
	$fd = fopen ("hosts.txt", "w");

	fwrite($fd,$hostban); 
	fclose ($fd);
	$fd2 = fopen ("ips.txt", "w");
	fwrite($fd2,$ipban);
	fclose ($fd2);
	header ('Location: banlist.php');
	exit;

}


//edit news
if ($newssub=="Edit") {
set_magic_quotes_runtime(0);
	include('dbconn.php');
	$result2 = mysql_query("SELECT usrflags FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
	extract(mysql_fetch_array($result2));
	if (strstr($usrflags,"A") || strstr($usrflags,"S") || strstr($usrflags,"O")) {
		$newsedit = "\n\n\n<b>".$langop_common_postedby." <a onClick=\"openWindow('profile.php?user=<?=urlencode(\"".$OekakiU."\")?>', 300, 400); return false;\" href=\"#\">".$OekakiU."</a> @ <font color=\""."<?="."$"."dStamp"."?>"."\">".date("F j, Y, g:i a")."</font></b><br>".$newsedit;
		$fd = fopen ("announce.php", "w");
		fwrite($fd,stripslashes($newsedit)); 
		fclose ($fd);
		header ('Location: editnews.php');
		mysql_close($dbconn);
		exit;
	} else {

		header ('Location: editnews.php');
		mysql_close($dbconn);
		exit;
	}

}

//edit notices
if ($noticesub=="Edit") {
	include('dbconn.php');
	$result2 = mysql_query("SELECT usrflags FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
	extract(mysql_fetch_array($result2));

	if (strstr($usrflags,"A") || strstr($usrflags,"S") || strstr($usrflags,"O")) {
		if($newsedit != ""){
			$newsedit = $newsedit." ~ <a onClick=\"openWindow('profile.php?user=<?=urlencode(\"".$OekakiU."\")?>', 300, 400); return false;\" href=\"#\">".$OekakiU."</a>";
			$fd = fopen ("notice.php", "w");
			fwrite($fd,stripslashes($newsedit)); 
			fclose ($fd);
			header ('Location: index.php');

			mysql_close($dbconn);
			exit;
		} else {
			$fd = fopen ("notice.php", "w");
			fwrite($fd,""); 
			fclose ($fd);
			header ('Location: index.php');
			mysql_close($dbconn);

			exit;
		}
	} else {
		header ('Location: index.php');
		mysql_close($dbconn);
		exit;
	}
}

//first post
//normal pic
if ($mode=="res_msg" || $mode=="ani_msg") {
		include('dbconn.php');
	setcookie("edittime","",time() - 1209600);
	//reset the picture count if it's past it's limit
	if ($picno >= $pstore) {
		$result = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakimisc set miscvalue='0' where miscname='piccount'");
	}
	$result = mysql_query("SELECT * from ".$OekakiPoteto_Prefix."oekakidta where usrname='$OekakiU' order by ID_2 DESC");
	$row = mysql_fetch_array($result);
	$curpicno = $row[PIC_ID];
	$result = mysql_query("SELECT * from ".$OekakiPoteto_Prefix."oekakidta where PIC_ID='$curpicno'");
	$row = mysql_fetch_array($result);
	$result2 = mysql_query("SELECT * from ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
	$row2 = mysql_fetch_array($result2);
	$comment = nifty2_convert($comment);
	$title = nifty2_convert($title);
	if (isset($OekakiU) && ($OekakiU == $row[usrname]) && ($OekakiPass == $row2[usrpass])) {
		$result = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakidta SET comment='$comment',hostname='$hostname', IP='$REMOTE_ADDR', title='$title', adult='$adult', postlock = '1' where PIC_ID='$curpicno'");

		$result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekaki SET piccount=(piccount + 1) WHERE usrname='$OekakiU'");
		//echo mysql_error()."<br><br>\n";
		errorCheck('index.php?sort=0&pageno=0');
	} else {
		header ('Location: error.php?error='.urlencode($langop_functions_err18));
		mysql_close();
		exit;
	}
}


//Comment Post
if ($mode=="add") {
	include('dbconn.php');
	$comment = nifty2_convert($comment);
		if (isset($OekakiU)) {
		$result = mysql_query("INSERT into ".$OekakiPoteto_Prefix."oekakicmt SET usrname='$OekakiU', comment='$comment',hostname='$hostname',postdate=NOW(), PIC_ID='$picno', IP='$REMOTE_ADDR'");
		$result2 = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakidta SET lastcmt=NOW() WHERE PIC_ID='$picno'");
		$result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekaki SET commcount=(commcount + 1) WHERE usrname='$OekakiU'");
		//echo mysql_error()."<br><br>\n";
		errorCheck('index.php?sort=0&pageno=0');
	} else {
	if ($name == "") {
		errorCheck('index.php?sort=0&pageno=0');
	}
		$result = mysql_query("INSERT into ".$OekakiPoteto_Prefix."oekakicmt SET usrname='Guest', postname='$name', comment='$comment',hostname='$hostname',email='$email',url='$url',postdate=NOW(), PIC_ID='$picno', IP='$REMOTE_ADDR'");

		setcookie("guestName",$name,time() + 1209600);
		setcookie("guestEmail",$email,time() + 1209600);
		setcookie("guestURL",$url,time() + 1209600);
		$result2 = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakidta SET lastcmt=NOW() WHERE PIC_ID='$picno'");
		//echo mysql_error()."<br><br>\n";


		header ('Location: index.php?sort=0&pageno=0');
		mysql_close($dbconn);
		exit;
	}
}


//Picture Recovery
/*
if ($recover=="Recover") {
	include('dbconn.php');
	//Unautorized user protection
	include('flagchk.php');
	$result = mysql_query("SELECT usrname, usrflags FROM ".$OekakiPoteto_MemberPrefix."oekaki WHERE usrname='$OekakiU'");
	extract(mysql_fetch_array($result));
	if ((!check_flag('O')) && (!check_flag('S')) && (!check_flag('A'))) {
		header('Location: error.php?error='.urlencode($langop_functions_err16));
		exit;
	}
	$result2 = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakidta where PIC_ID='$picno'");
	$result3 = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakicmt where PIC_ID='$picno'");
	$themsg = $langop_recovery_msg1." ".$OekakiU." - ".$langop_recovery_msg2;
	$result = mysql_query("INSERT into ".$OekakiPoteto_Prefix."oekakidta SET usrname='$usrname2', comment='$themsg',hostname='$hostname',postdate=NOW(), PIC_ID='$picno', IP='$REMOTE_ADDR', title='Recovered Pic', adult='$adult'");
	//echo mysql_error()."<br><br>\n";
	header ('Location: index.php');
	mysql_close($dbconn);
	exit;
}
*/

//User Delete Comment

if ($mode=="udelcmt") {
	include('dbconn.php');
	$result2 = mysql_query("SELECT usrname FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
	extract(mysql_fetch_array($result2));
	if ($usrname == $OekakiU) {

		$result4 = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakicmt where ID_3='$cmtno'");
		header ('Location: lcommentdel.php');

		mysql_close($dbconn);
		exit;
	} else {
		header ('Location: error.php?error='.urlencode($langop_functions_err19));
		mysql_close($dbconn);
		exit;
	}

}


//Admin Delete
if ($mode=="dela") {
	include('dbconn.php');
	$result2 = mysql_query("SELECT usrflags FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
	extract(mysql_fetch_array($result2));
	if (strstr($usrflags,"A") || strstr($usrflags,"S") || strstr($usrflags,"O")) {
		$result2 = mysql_query("SELECT * FROM ".$OekakiPoteto_Prefix."oekakidta where PIC_ID='$picno'");
		$row = mysql_fetch_array($result2);

		$reason = nifty2_convert($langop_word_hello.",\n\n".$langop_functions_yourpic." (".$okurl."/".$OPpics."/".$picno.".png) ".$langop_picdel_p1." ".$OekakiU." ".$langop_picdel_p2.":\n\n".$reason."\n\n".$langop_picdel_p3);	
		$result = mysql_query("INSERT INTO ".$OekakiPoteto_MemberPrefix."oekakimailbox SET sender='$OekakiU', reciever='$row[usrname]', subject='$langop_picdel_title', body='$reason', senddate=NOW()");
		$result3 = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakidta where PIC_ID='$picno'");
		$result4 = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakicmt where PIC_ID='$picno'");
		errorCheck('delpics.php');
	} else {
		header ('Location: delpics.php');
		mysql_close($dbconn);
		exit;
	}
}



//Admin Delete Comment
if ($mode=="delcmt") {
	include('dbconn.php');
	$result2 = mysql_query("SELECT usrflags FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
	extract(mysql_fetch_array($result2));
	if (strstr($usrflags,"A") || strstr($usrflags,"S") || strstr($usrflags,"O")) {
		$result4 = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakicmt where ID_3='$cmtno'");

		header ('Location: delcomments.php');
		mysql_close($dbconn);
		exit;


	} else {
		header ('Location: delcomments.php');
		mysql_close($dbconn);
		exit;
	}
}



//User Pic Delete
if ($mode=="del") {
	include('dbconn.php');


	$result = mysql_query("SELECT usrname from ".$OekakiPoteto_Prefix."oekakidta where PIC_ID='$picno'");
	extract(mysql_fetch_array($result));
	if ($usrname!==$OekakiU) {
		header ('Location: error.php?error='.urlencode($langop_functions_err20));
		mysql_close($dbconn);
		exit;
	} else {
		$result2 = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakidta where PIC_ID='$picno'");
		$result3 = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakicmt where PIC_ID='$picno'");
		//echo mysql_error()."<br><br>\n";

		header ('Location: ldelpics.php');
		mysql_close($dbconn);
		exit;
	}
}

//Edit Comment

if ($commedit=="Edit") {
	include('dbconn.php');


	$comment2 = nifty2_convert($comment2);
	$comment2 = $comment2."\n\n(".$langop_common_editedon." ".date("F j, Y, g:i a").")";
	$title3 = strip_tags($title2);
	$title3 = eregi_replace("'", "\'", $title3);
	$result = mysql_query("SELECT usrname, comment from ".$OekakiPoteto_Prefix."oekakicmt where ID_3='$idno'");
	extract(mysql_fetch_array($result));
	if ($usrname!==$OekakiU) {
		header ('Location: error.php?error='.urlencode($langop_functions_err21));
		mysql_close($dbconn);
		exit;


	} else {
		$result2 = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakicmt SET comment='$comment2' WHERE ID_3='$idno'");

		header ('Location: lcommentdel.php');

		mysql_close($dbconn);
		exit;

	}
}


//Edit Pic
if ($picedit=="Edit") {
	include('dbconn.php');
	$comment2 = nifty2_convert($comment2);
	$comment2 = $comment2."\n\n(Edited on ".date("F j, Y, g:i a").")";
	$title3 = nifty2_convert($title2);
	$title3 = eregi_replace("'", "\'", $title3);
	$result2 = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakidta SET title='$title3', comment='$comment2', adult='$adult', postlock='1' WHERE PIC_ID='$picno'");
	header ('Location: ldelpics.php');
	mysql_close($dbconn);
	exit;
}

//Edit Oekaki Pic; code by Marcello
if ($mode=="picsaveo"){
$buffer = $HTTP_RAW_POST_DATA;



$thecheck = "0";

$i=0;
 
$start = strpos( $buffer, "Content-type:");
 
$middle=0;$end=0;
 
while ($start) {
 

$end = strpos( $buffer, "Content-type:", $start+1);
 

$middle = strpos( $buffer, "\r", $start);
 
$type = substr( $buffer, $start+13, $middle-$start-13 );
 
$middle = strpos( $buffer, "\r", $middle+1);
 



	if ($end===false) {
 

		$end=null;
 

		$data = substr( $buffer, $middle+2);


		} else $data = substr( $buffer, $middle+2, $end-$middle-2);
 

		$start=$end;


		if($type=='image/0'){    		
			$image_filenamejpg = $OPpics.'/'.$edit.".jpg";
			$image_filename = $OPpics.'/'.$edit.".png";
			unlink($image_filename);
				if ($fp = fopen($image_filename,'wb')) {
					// Write main file

					fwrite($fp,$data);
					fclose($fp);
				if($jpgcompression == "yes"){

				//convert to JPEG

				$img = imagecreatefrompng($image_filename);

				imagejpeg($img,$image_filenamejpg, $jpgcompressqual);

				}
				}
		}

		if($type=='animation/'){    		
			$image_filename = $OPpics.'/'.$edit.".oeb";
			unlink($image_filename);
				if ($fp = fopen($image_filename,'wb')) {
				// Write main file
				fwrite($fp,$data);
				fclose($fp);
			}
		}

	
		


}

include('dbconn.php');

			$edittime2 = time() - $edittimes;
			$result2 = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakidta SET edittime=(edittime + $edittime2) WHERE PIC_ID='$edit'");

			mysql_close();
}



//Picture saving; code by Marcello (http://www.cellosoft.com). Used with permission.
if($mode=="picsave"){
include('dbconn.php');
	$p = strpos($HTTP_RAW_POST_DATA, "\r");

	$size = strlen($HTTP_RAW_POST_DATA);

	if( $p === false) {
		print "Content-type: text/plain\n\n";

		print "error $size\n";
	} else {
		if(isset($edit)){
			unlink($image_filename);
			$fp = fopen($image_filename,'wb');
			$edittime2 = time() - $edittimes;
			$result2 = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakidta SET edittime=(edittime + $edittime2) WHERE PIC_ID='$edit'");

			mysql_close();
			$resno = $edit;
		} else {
			
			$result = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakimisc set miscvalue=miscvalue+1 where miscname='piccount'");
			$result = mysql_query("SELECT miscname, miscvalue FROM ".$OekakiPoteto_Prefix."oekakimisc where miscname='piccount'");
			$row = mysql_fetch_array($result);
			$resno = $row[miscvalue];

			//check if the picture is archived or not before saving
			$awrite = "false";
			while($awrite == "false"){
				$result = mysql_query("SELECT * FROM ".$OekakiPoteto_Prefix."oekakidta WHERE PIC_ID=".$resno);
				$row = mysql_fetch_array($result);
				if($row[archive] == "1"){
					//go to the next number
					$result = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakimisc set miscvalue=miscvalue+1 where miscname='piccount'");
					$result = mysql_query("SELECT miscname, miscvalue FROM ".$OekakiPoteto_Prefix."oekakimisc where miscname='piccount'");
					$row = mysql_fetch_array($result);
					$resno = $row[miscvalue];

 	 			} else {
					$awrite = "true";
				}
			}


		}
			
			$image_filenamejpg = $OPpics.'/'.$resno.".jpg";
			$image_filename = $OPpics.'/'.$resno.".png";
			unlink($image_filename);

			$fp = fopen($image_filename,'wb');
			

		if ($fp) {
 			fwrite($fp,substr($HTTP_RAW_POST_DATA,$p+2));
			fclose($fp);

				if($jpgcompression == "yes"){

				//convert to JPEG

				$img = imagecreatefrompng($image_filename);

				imagejpeg($img,$image_filenamejpg, $jpgcompressqual);

				}

		if(!isset($edit)){
			$result = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakicmt where PIC_ID='$resno'");
			$result = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakidta where PIC_ID='$resno'");

			$thetime = time() - $edittimes;
			//insert the picture into the database
			$inserted = "false";
			while($inserted == "false"){
				$result = mysql_query("INSERT into ".$OekakiPoteto_Prefix."oekakidta SET usrname='$username',hostname='$hostname', PIC_ID='$resno', IP='$REMOTE_ADDR', postdate=NOW(), edittime='$thetime'");
				$result = mysql_query("SELECT count(*) as rowcount FROM ".$OekakiPoteto_Prefix."oekakidta WHERE PIC_ID='$resno'");
				$r_rows = mysql_fetch_array($result);
				if($r_rows[rowcount] == 1){
					$inserted = "true";
				}
			}
		}


			mysql_close();
 		} else {
			mysql_close();
			fclose($fp);
			print "Content-type: text/plain\n\n";
 			print "error $size\n";
 
		}
 	}
		 echo "Content-type: text/plain\n\n";
		 echo "ok";
 }
?>
Return current item: OekakiPoteto