<?
/* OekakiPoteto v5.x © RanmaGuy (Theo Chakkapark) and Marcello 2000-2002, http://suteki.nu
Global Functions for OekakiPoteto */
include('config.php');
if($apostrophes == "0"){
set_magic_quotes_runtime(0);
function nifty2_convert($in){
return $in;
}
} else {
function nifty2_convert($in){
return addslashes($in);
}
}
function errorCheck($location)
{
/* Outputs any error messages sent by the database. If there are no errors,
the function will redirect to the specified page. */
global $result;
if($result) {
header ('Location: '.$location);
//mysql_close($dbconn);
exit;
} else {
header ('Location: error.php?error='.urlencode(mysql_error()));
//mysql_close($dbconn);
exit;
}
}
$hostname = gethostbyaddr($REMOTE_ADDR);
/* Including Language */
if(isset($OekakiU)){
include('dbconn.php');
$result = mysql_query("SELECT language,usrname,usrpass FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
if($row = mysql_fetch_array($result)){
include("language/".$row[language].".php");
mysql_close();
} else {
setcookie("OekakiU","",time() - 1209600);
setcookie("OekakiPass","",time() - 1209600);
mysql_close();
header("Location: index.php");
exit;
}
if($OekakiPass != $row[usrpass]){
setcookie("OekakiU","",time() - 1209600);
setcookie("OekakiPass","",time() - 1209600);
header('Location: index.php');
exit;
}
} else {
include("language/".$language.".php");
}
/* Mass OPMail */
if($mailbox=="masssend"){
include('dbconn.php');
$result2 = mysql_query("SELECT usrflags FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
extract(mysql_fetch_array($result2));
if (strstr($usrflags,"O")) {
$body = nifty2_convert($body);
$subject = nifty2_convert($subject);
if (isset($OekakiU)) {
if($subject == ""){
header ('Location: error.php?error='.urlencode($langop_functions_err1));
exit;
}
$result = mysql_query("Select * from ".$OekakiPoteto_MemberPrefix."oekaki");
while($row = mysql_fetch_array($result)){
$result3 = mysql_query("INSERT INTO ".$OekakiPoteto_MemberPrefix."oekakimailbox SET sender='$OekakiU', reciever='$row[usrname]', subject='$subject', body='$body', senddate=NOW()");
}
mysql_close();
header ('Location: mailbox.php');
exit;
}
} else {
header ('Location: error.php?error='.urlencode($langop_functions_err2));
exit;
}
}
/* Archival */
if($mode == "archive"){
//security
include('dbconn.php');
$result2 = mysql_query("SELECT usrflags FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
extract(mysql_fetch_array($result2));
if (strstr($usrflags,"A") || strstr($usrflags,"S") || strstr($usrflags,"O")) {
//get archive flag
$result2 = mysql_query("SELECT * FROM ".$OekakiPoteto_Prefix."oekakidta WHERE PIC_ID=".$picid);
$row = mysql_fetch_array($result2);
//set the flag
if($row[archive] == "0"){
$result = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakidta SET archive='1' WHERE PIC_ID=".$picid);
} else {
$result = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakidta SET archive='0' WHERE PIC_ID=".$picid);
}
//redirect and close the database
errorCheck('index.php');
} else {
header ('Location: error.php?error='.urlencode("$langop_functions_err3"));
exit;
}
}
/* Lost Password Send */
if($action == "pretrieve"){
include('dbconn.php');
$result = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$username'");
$row = mysql_fetch_array($result);
$numrows = mysql_numrows($result);
if($numrows != 0){
mail ($row[email], $BBStitle." ".$langop_precover_title, $langop_word_dear." ".$row[usrname].",\n\n".$langop_precover_p1." [".$REMOTE_ADDR." / ".$hostname."] ".$langop_precover_p2." ".$BBStitle." @ ".$okurl.". ".$langop_precover_p3.":\n\n".$okurl."/chngpass.php?vcode=".$row[usrpass]."&username=".urlencode($username)."\n\n".$langop_precover_p4."\n\n".$langop_precover_p5."\n\n Get your own OekakiPoteto: http://suteki.nu\n OekakiPoteto is © 2001 - 2002 RanmaGuy (Theo Chakkapark) and Marcello.", "From: \"OekakiPoteto Admin\" <$eaddr>\nX-Mailer: OekakiPoteto 5.x by RanmaGuy (Theo Chakkapark) and Marcello\n");
//redirect and close the database
errorCheck('index.php');
} else {
header ('Location: error.php?error='.urlencode($langop_functions_err4));
exit;
}
}
//Administrative picture recovery
if($action=="arecover"){
include('dbconn.php');
$result2 = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
$row = mysql_fetch_array($result2);
if (strstr($row[usrflags],"S") || strstr($row[usrflags],"O") || strstr($row[usrflags],"A")) {
$result3 = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekaki where ID='$usrname'");
$row2 = mysql_fetch_array($result3);
switch($dtype){
case 0:
$result = mysql_query("INSERT into ".$OekakiPoteto_Prefix."oekakidta SET usrname='$row2[usrname]',postdate=NOW(),hostname='$hostname', PIC_ID='$picno', IP='$REMOTE_ADDR',datatype='0', animation='1', edittime='0', postlock='1'");
errorCheck('index.php');
break;
case 1:
$result = mysql_query("INSERT into ".$OekakiPoteto_Prefix."oekakidta SET usrname='$row2[usrname]',postdate=NOW(),hostname='$hostname', PIC_ID='$picno', IP='$REMOTE_ADDR',datatype='0', animation='0', edittime='0', postlock='1'");
errorCheck('index.php');
break;
case 2:
$result = mysql_query("INSERT into ".$OekakiPoteto_Prefix."oekakidta SET usrname='$row2[usrname]',postdate=NOW(),hostname='$hostname', PIC_ID='$picno', IP='$REMOTE_ADDR',datatype='1', animation='1', edittime='0', postlock='1'");
errorCheck('index.php');
break;
case 3:
$result = mysql_query("INSERT into ".$OekakiPoteto_Prefix."oekakidta SET usrname='$row2[usrname]',postdate=NOW(),hostname='$hostname', PIC_ID='$picno', IP='$REMOTE_ADDR',datatype='1', animation='0', edittime='0', postlock='1'");
errorCheck('index.php');
break;
default:
errorCheck('index.php');
break;
}
}
}
/* Lost Password Change */
if($action == "pchange") {
include('dbconn.php');
$result = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$username'");
$row = mysql_fetch_array($result);
$numrows = mysql_numrows($result);
if($numrows != 0){
//compare the existing password against the database
if($row[usrpass] == $vcode){
//compare the new password with the old
if($newpass == $retype){
//change the password
$newpass = crypt($newpass,$saltenc);
$result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekaki set usrpass='$newpass' where usrname = '$username'");
errorCheck('index.php');
} else {
header ('Location: error.php?error='.urlencode($langop_functions_err5));
exit;
}
} else {
header ('Location: error.php?error='.urlencode($langop_functions_err6));
exit;
}
} else {
header ('Location: error.php?error='.urlencode($langop_functions_err7));
exit;
}
}
/* Mailbox Send */
if($Send == "Send"){
$body = nifty2_convert($body);
$subject = nifty2_convert($subject);
if (isset($OekakiU)) {
if($subject == ""){
header ('Location: error.php?error='.urlencode($langop_functions_err8));
exit;
}
include('dbconn.php');
$result = mysql_query("Select usrname from ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$reciever'");
$row = mysql_fetch_array($result);
$numrows = mysql_numrows($result);
if($numrows != 0){
if($action == "reply"){
$result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekakimailbox SET mstatus='3' where MID='$MID'");
}
$result = mysql_query("INSERT INTO ".$OekakiPoteto_MemberPrefix."oekakimailbox SET sender='$OekakiU', reciever='$row[usrname]', subject='$subject', body='$body', senddate=NOW()");
errorCheck('mailbox.php');
} else {
header ('Location: error.php?error='.urlencode($langop_functions_err9));
exit;
}
} else {
header ('Location: error.php?error='.urlencode($langop_functions_err10));
exit;
}
}
/* Mailbox Delete */
if($mail== "delete"){
include('dbconn.php');
$result = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekakimailbox WHERE MID='$MID'");
$row = mysql_fetch_array($result);
if($row[reciever] != $OekakiU){
header('Location: error.php?error='.urlencode($langop_functions_err11));
exit;
} else {
$result = mysql_query("DELETE FROM ".$OekakiPoteto_MemberPrefix."oekakimailbox WHERE MID='$MID'");
errorCheck('mailbox.php');
}
}
/* User delete */
if($memdel == "Delete"){
//security
include('dbconn.php');
$result2 = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
$row = mysql_fetch_array($result2);
if (strstr($row[usrflags],"S") || strstr($row[usrflags],"O")) {
if($action == "0"){
//initiate delete
$result = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekaki where ID ='$usrname2'");
$row2 = mysql_fetch_array($result);
$result = mysql_query("DELETE FROM ".$OekakiPoteto_MemberPrefix."oekakionline where onlineusr = '$row2[usrname]'");
$result = mysql_query("DELETE FROM ".$OekakiPoteto_Prefix."oekakidta where usrname = '$row2[usrname]'");
$result = mysql_query("DELETE FROM ".$OekakiPoteto_Prefix."oekakicmt where usrname = '$row2[usrname]'");
$result = mysql_query("DELETE FROM ".$OekakiPoteto_MemberPrefix."oekakichat where usrname = '$row2[usrname]'");
mail ($row2[email], $BBStitle." ".$langop_mandel_title, $langop_word_dear." ".$row2[usrname].",\n\n".$langop_mandel_p1." ".$BBStitle." at ".$okurl.". ".$langop_mandel_p3.".\n\n".$BBStitle." ".$langop_word_admin."\n".$langop_mandel_p2.": ".$OekakiU." (".$row[email].")"."\n".$langop_word_comments.": ".$reason."\n\nGet your own OekakiPoteto: http://suteki.nu\nOekakiPoteto is © 2001 - 2002 RanmaGuy (Theo Chakkapark) and Marcello.", "From: \"OekakiPoteto Admin\" <$eaddr>\nX-Mailer: OekakiPoteto 5.x by RanmaGuy (Theo Chakkapark) and Marcello\n");
$result = mysql_query("DELETE FROM ".$OekakiPoteto_MemberPrefix."oekaki where ID = '$row2[ID]'");
}
} else {
header ('Location: error.php?error='.urlencode($langop_functions_err12));
}
errorCheck('delusr.php');
}
/* Login (from header.php)
$username (username to login)
$pass (password used to login)
$login (check if login request submitted)
*/
if ($login == "Login") {
//open the database and configuration
include('dbconn.php');
//encrypt the submitted password for comparison
$usrpass3 = crypt($pass,$saltenc);
//query the database for the username
$result = mysql_query("SELECT usrname, usrpass, usrflags FROM ".$OekakiPoteto_MemberPrefix."oekaki WHERE usrname='$username'");
//extract the fields selected above into variables
$row = mysql_fetch_array($result);
//check if passwords are correct and that the user is a non-pending member
if (($usrpass3 == $row[usrpass]) && strstr($row[usrflags],"G")) {
//create a cookie that contains the username of the person who logged in
setcookie("OekakiU",$row[usrname],time() + 1209600);
setcookie("OekakiPass",$usrpass3,time() + 1209600);
//redirect and close the database
errorCheck('index.php');
} else {
header ('Location: error.php?error='.urlencode($langop_functions_err13));
exit;
}
}
/* Logoff (from header.php)
$mode (check if mode is "logoff")
*/
if ($mode == "logoff") {
//kill all cookies
setcookie("OekakiU","",time() - 1209600);
setcookie("OekakiPass","",time() - 1209600);
header('Location: index.php');
}
//Registration Verification
if($mode == "Verify")
{
//include database connections and configuration
include('dbconn.php');
$result = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$username'");
$row = mysql_fetch_array($result);
if($vcode == $row[usrpass] && $row[usrflags] == "P"){
$theflags = "G";
$permissions = $langop_type_guser."\n";
if($drawaccess == "yes"){
$theflags = $theflags."D";
$permissions = $permissions.$langop_type_daccess."\n";
}
if($animationaccess == "yes"){
$theflags = $theflags."M";
$permissions = $permissions.$langop_type_aaccess."\n";
}
//insert the user into the database with automatic acceptance and draw permissions
$result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekaki SET usrflags='".$theflags."' where usrname='".$username."'");
setcookie("OekakiU",$row[usrname],time() + 12096000);
setcookie("OekakiPass",$row[usrpass],time() + 12096000);
mail ( $row[email], $BBStitle." ".$langop_autoreg_title, $langop_word_dear." ".$row[usrname].",\n\n".$langop_autoreg_p1." ".$BBStitle." @ ".$okurl." ".$langop_autoreg_p2."\n\n".$langop_autoreg_p3.":\n".$permissions."\n".$langop_autoreg_p4."\n\n".$BBStitle." ".$langop_word_admin."\n".$langop_autoreg_p5."\n\n Get your own OekakiPoteto: http://suteki.nu\n OekakiPoteto is © 2001 - 2002 RanmaGuy (Theo Chakkapark) and Marcello.", "From: \"OekakiPoteto Admin\" <$eaddr>\nX-Mailer: OekakiPoteto 5.x by RanmaGuy (Theo Chakkapark) and Marcello\n");
header('Location: index.php');
exit;
} else {
header('Location: error.php?error='.urlencode($langop_functions_err14));
exit;
}
}
/* Registration (from register.php)
$username (username to register)
$email (email used for registration)
$pass (password)
$pass2 (password for verification)
$comments (introduction comment)
$artURL (location to URL of art)
$register (check if submitted w/ value of "Submit")
*/
if ($register == "Submit" && $username != "") {
$comment2 = nifty2_convert($comments);
//include database connections and configuration
include('dbconn.php');
//check if an email already exists
$result = mysql_query("SELECT * from ".$OekakiPoteto_MemberPrefix."oekaki where email='$email'");
$row = mysql_fetch_array($result);
if($email == $row[email]){
header('Location: error.php?error='.urlencode($langop_functions_err15));
exit;
}
if($username == $row[usrname]){
header('Location: error.php?error='.urlencode($langop_functions_err15));
exit;
}
//encrypt the password
$userpass1 = crypt($pass,$saltenc);
//check if the passwords match
if($pass == $pass2) {
if($approval=="yes"){
//add the user as pending
$result = mysql_query("INSERT into ".$OekakiPoteto_MemberPrefix."oekaki SET usrname='$username',email='$email',usrpass='$userpass1',usrflags='P',comment='$comment2 - $hostname - $REMOTE_ADDR', url='$artURL', joindate=NOW(), language='$language', templatesel='$template', lastlogin=NOW()");
} else {
//send an email for verification
$result = mysql_query("INSERT into ".$OekakiPoteto_MemberPrefix."oekaki SET usrname='$username',email='$email',usrpass='$userpass1',usrflags='P',comment='$comment2 - $hostname - $REMOTE_ADDR', url='$artURL', joindate=NOW(), language='$language', templatesel='$template', lastlogin=NOW()");
mail ( $email, $BBStitle." ".$langop_verreg_title, $langop_word_dear." ".$username.",\n\n".$langop_verreg_p1." ".$BBStitle." @ ".$okurl.". ".$langop_verreg_p2.":\n\n".$okurl."/functions.php?mode=Verify&vcode=".$userpass1."&username=".urlencode($username)."\n\n".$langop_verreg_p3."\n\n".$langop_precover_p5."\n\n Get your own OekakiPoteto: http://suteki.nu\n OekakiPoteto is © 2001 - 2002 RanmaGuy (Theo Chakkapark) and Marcello.", "From: \"OekakiPoteto Admin\" <$eaddr>\nX-Mailer: OekakiPoteto 5.x by RanmaGuy (Theo Chakkapark) and Marcello\n");
}
} else {
header('Location: error.php?error='.urlencode($langop_functions_err5));
exit;
}
errorCheck("index.php");
}
/* User Flag Modification (from modflags.php)
$sa (super admin)
$admin (admin)
$gusr (guest user)
$drawd (draw access)
$ax (adult flag)
$usrname2 (the user selected to modify)
$immunity (immunity flag)
*/
if ($muser2 == "Submit") {
include('dbconn.php');
$flags = $sa.$admin.$gusr.$drawd.$drawm.$ax.$immunity;
//Unauthorized user protection
include('flagchk.php');
$result = mysql_query("SELECT usrname, usrflags, usrpass FROM ".$OekakiPoteto_MemberPrefix."oekaki WHERE usrname='$OekakiU'");
extract(mysql_fetch_array($result));
if($OekakiPass != $usrpass){
header('Location: index.php');
exit;
}
if ((!check_flag('O')) && (!check_flag('S')) && (!check_flag('A'))) {
header('Location: error.php?error='.urlencode($langop_functions_err16));
exit;
}
$result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekaki SET usrflags='$flags' WHERE usrname='$usrname2'");
errorCheck('modflags.php');
}
/* Add/Remove User (from addusr.php)
$usrname2 (person to accept/reject)
$drawa (enable or disable draw flag)
$action (accept or reject)
$reason (reason for rejection)
$pmember2 (form submit)
*/
if ($pmember2 == "Submit"){
$reason = nifty2_convert($reason);
include('dbconn.php');
//unauthorized user protection
include('flagchk.php');
$result2 = mysql_query("SELECT usrname, usrflags, email as email2 FROM ".$OekakiPoteto_MemberPrefix."oekaki WHERE usrname='$OekakiU'");
extract(mysql_fetch_array($result2));
$adminEmail = $email2;
if ((!check_flag('O')) && (!check_flag('S')) && (!check_flag('A'))) {
header('Location: error.php?error='.urlencode($langop_functions_err17));
exit;
}
mysql_close($dbconn);
//Add user
include('dbconn.php');
$result = mysql_query("Select * from ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$usrname2'");
extract(mysql_fetch_array($result));
if ($action == "0") {
$theflags = "G";
$permissions = $langop_type_guser."\n";
if($drawa == "1"){
$theflags = $theflags."D";
$permissions = $permissions.$langop_common_drawacc."\n";
}
if($animation == "1"){
$theflags = $theflags."M";
$permissions = $permissions.$langop_common_aniacc."\n";
}
mail ( "$email", $BBStitle." ".$langop_autoreg_title, $langop_word_dear." ".$usrname2.",\n\n".$langop_autoreg_p1." ".$BBStitle." @ ".$okurl." ".$langop_autoreg_p2."\n\n".$langop_autoreg_p3.":\n".$permissions."\n".$langop_autoreg_p4."\n\n".$BBStitle." ".$langop_word_admin."\n".$langop_common_approvby.": ".$OekakiU." (".$adminEmail.")\n".$langop_word_comments.": ".$reason."\n\n Get your own OekakiPoteto: http://suteki.nu\n OekakiPoteto is © 2001 - 2002 RanmaGuy (Theo Chakkapark) and Marcello.", "From: \"OekakiPoteto Admin\" <$eaddr>\nX-Mailer: OekakiPoteto 5.x by RanmaGuy (Theo Chakkapark) and Marcello\n");
$result2 = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekaki SET usrflags='$theflags' WHERE usrname='$usrname2'");
errorCheck('addusr.php');
} else {
$reason = nifty2_convert($reason);
mail ( "$email", $BBStitle." ".$langop_autoreg_title, $langop_word_dear." ".$usrname2.",\n\n".$langop_rejmsg_p1." ".$BBStitle." @ ".$okurl.", ".$langop_rejmsg_p2." ".$BBStitle." ".$langop_rejmsg_p3."\n\n ".$BBStitle." ".$langop_word_admin."\n ".$langop_common_rejby.": ".$OekakiU." (".$adminEmail.")"."\n ".$langop_word_comments.": ".$reason."\n\n Get your own OekakiPoteto: http://suteki.nu\n OekakiPoteto is © 2001 - 2002 RanmaGuy (Theo Chakkapark) and Marcello.", "From: \"OekakiPoteto Admin\" <$eaddr>\nX-Mailer: OekakiPoteto 5.x by RanmaGuy (Theo Chakkapark) and Marcello\n");
$result2 = mysql_query("DELETE from ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$usrname2'");
errorCheck('addusr.php');
}
}
/* Profile Edit */
if ($eprofile=="Edit") {
include('dbconn.php');
$comment = nifty2_convert($comment);
$urltitle = nifty2_convert($urltitle);
if (strstr($sflags,"X")) {
$sflags = eregi_replace("X", "", $sflags);
}
$flegs = $sflags.$adult;
if($oldpass != ""){
$result2 = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
$row = mysql_fetch_array($result2);
$oldpass2 = crypt($oldpass,$saltenc);
if($oldpass2 == $row[usrpass]){
if($passwd == $passwdnew){
$passenc = crypt($passwd,$saltenc);
$result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekaki SET name='$name',url='$url',comment='$comment', email='$email',aim='$aim',icq='$icq',urltitle='$urltitle', MSN='$msn', yahoo='$yahoo', IRCserver='$ircserver', IRCnick='$ircnick', usrflags='$flegs', location='$location', IRCchan='$ircchan', templatesel='$ctemplate', usrpass='$passenc', age='$age', gender='$gender', picview='$picview', language='$language2' WHERE usrname='$username2'");
} else {
echo "New passwords do not match. Go back and retype them again.";
}
} else {
$result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekaki SET name='$name',url='$url',comment='$comment', email='$email',aim='$aim',icq='$icq',urltitle='$urltitle', MSN='$msn', yahoo='$yahoo', IRCserver='$ircserver', IRCnick='$ircnick', usrflags='$flegs', location='$location', templatesel='$ctemplate', IRCchan='$ircchan', age='$age', gender='$gender', picview='$picview', language='$language2' WHERE usrname='$username2'");
}
} else {
$result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekaki SET name='$name',url='$url',comment='$comment', email='$email',aim='$aim',icq='$icq',urltitle='$urltitle', MSN='$msn', yahoo='$yahoo', IRCserver='$ircserver', IRCnick='$ircnick', usrflags='$flegs', location='$location', templatesel='$ctemplate', IRCchan='$ircchan',age='$age', gender='$gender', picview='$picview', language='$language2' WHERE usrname='$username2'");
}
errorCheck('editprofile.php');
}
/* Edit Ban List */
if ($banlist=="Edit") {
$fd = fopen ("hosts.txt", "w");
fwrite($fd,$hostban);
fclose ($fd);
$fd2 = fopen ("ips.txt", "w");
fwrite($fd2,$ipban);
fclose ($fd2);
header ('Location: banlist.php');
exit;
}
//edit news
if ($newssub=="Edit") {
set_magic_quotes_runtime(0);
include('dbconn.php');
$result2 = mysql_query("SELECT usrflags FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
extract(mysql_fetch_array($result2));
if (strstr($usrflags,"A") || strstr($usrflags,"S") || strstr($usrflags,"O")) {
$newsedit = "\n\n\n<b>".$langop_common_postedby." <a onClick=\"openWindow('profile.php?user=<?=urlencode(\"".$OekakiU."\")?>', 300, 400); return false;\" href=\"#\">".$OekakiU."</a> @ <font color=\""."<?="."$"."dStamp"."?>"."\">".date("F j, Y, g:i a")."</font></b><br>".$newsedit;
$fd = fopen ("announce.php", "w");
fwrite($fd,stripslashes($newsedit));
fclose ($fd);
header ('Location: editnews.php');
mysql_close($dbconn);
exit;
} else {
header ('Location: editnews.php');
mysql_close($dbconn);
exit;
}
}
//edit notices
if ($noticesub=="Edit") {
include('dbconn.php');
$result2 = mysql_query("SELECT usrflags FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
extract(mysql_fetch_array($result2));
if (strstr($usrflags,"A") || strstr($usrflags,"S") || strstr($usrflags,"O")) {
if($newsedit != ""){
$newsedit = $newsedit." ~ <a onClick=\"openWindow('profile.php?user=<?=urlencode(\"".$OekakiU."\")?>', 300, 400); return false;\" href=\"#\">".$OekakiU."</a>";
$fd = fopen ("notice.php", "w");
fwrite($fd,stripslashes($newsedit));
fclose ($fd);
header ('Location: index.php');
mysql_close($dbconn);
exit;
} else {
$fd = fopen ("notice.php", "w");
fwrite($fd,"");
fclose ($fd);
header ('Location: index.php');
mysql_close($dbconn);
exit;
}
} else {
header ('Location: index.php');
mysql_close($dbconn);
exit;
}
}
//first post
//normal pic
if ($mode=="res_msg" || $mode=="ani_msg") {
include('dbconn.php');
setcookie("edittime","",time() - 1209600);
//reset the picture count if it's past it's limit
if ($picno >= $pstore) {
$result = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakimisc set miscvalue='0' where miscname='piccount'");
}
$result = mysql_query("SELECT * from ".$OekakiPoteto_Prefix."oekakidta where usrname='$OekakiU' order by ID_2 DESC");
$row = mysql_fetch_array($result);
$curpicno = $row[PIC_ID];
$result = mysql_query("SELECT * from ".$OekakiPoteto_Prefix."oekakidta where PIC_ID='$curpicno'");
$row = mysql_fetch_array($result);
$result2 = mysql_query("SELECT * from ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
$row2 = mysql_fetch_array($result2);
$comment = nifty2_convert($comment);
$title = nifty2_convert($title);
if (isset($OekakiU) && ($OekakiU == $row[usrname]) && ($OekakiPass == $row2[usrpass])) {
$result = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakidta SET comment='$comment',hostname='$hostname', IP='$REMOTE_ADDR', title='$title', adult='$adult', postlock = '1' where PIC_ID='$curpicno'");
$result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekaki SET piccount=(piccount + 1) WHERE usrname='$OekakiU'");
//echo mysql_error()."<br><br>\n";
errorCheck('index.php?sort=0&pageno=0');
} else {
header ('Location: error.php?error='.urlencode($langop_functions_err18));
mysql_close();
exit;
}
}
//Comment Post
if ($mode=="add") {
include('dbconn.php');
$comment = nifty2_convert($comment);
if (isset($OekakiU)) {
$result = mysql_query("INSERT into ".$OekakiPoteto_Prefix."oekakicmt SET usrname='$OekakiU', comment='$comment',hostname='$hostname',postdate=NOW(), PIC_ID='$picno', IP='$REMOTE_ADDR'");
$result2 = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakidta SET lastcmt=NOW() WHERE PIC_ID='$picno'");
$result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekaki SET commcount=(commcount + 1) WHERE usrname='$OekakiU'");
//echo mysql_error()."<br><br>\n";
errorCheck('index.php?sort=0&pageno=0');
} else {
if ($name == "") {
errorCheck('index.php?sort=0&pageno=0');
}
$result = mysql_query("INSERT into ".$OekakiPoteto_Prefix."oekakicmt SET usrname='Guest', postname='$name', comment='$comment',hostname='$hostname',email='$email',url='$url',postdate=NOW(), PIC_ID='$picno', IP='$REMOTE_ADDR'");
setcookie("guestName",$name,time() + 1209600);
setcookie("guestEmail",$email,time() + 1209600);
setcookie("guestURL",$url,time() + 1209600);
$result2 = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakidta SET lastcmt=NOW() WHERE PIC_ID='$picno'");
//echo mysql_error()."<br><br>\n";
header ('Location: index.php?sort=0&pageno=0');
mysql_close($dbconn);
exit;
}
}
//Picture Recovery
/*
if ($recover=="Recover") {
include('dbconn.php');
//Unautorized user protection
include('flagchk.php');
$result = mysql_query("SELECT usrname, usrflags FROM ".$OekakiPoteto_MemberPrefix."oekaki WHERE usrname='$OekakiU'");
extract(mysql_fetch_array($result));
if ((!check_flag('O')) && (!check_flag('S')) && (!check_flag('A'))) {
header('Location: error.php?error='.urlencode($langop_functions_err16));
exit;
}
$result2 = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakidta where PIC_ID='$picno'");
$result3 = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakicmt where PIC_ID='$picno'");
$themsg = $langop_recovery_msg1." ".$OekakiU." - ".$langop_recovery_msg2;
$result = mysql_query("INSERT into ".$OekakiPoteto_Prefix."oekakidta SET usrname='$usrname2', comment='$themsg',hostname='$hostname',postdate=NOW(), PIC_ID='$picno', IP='$REMOTE_ADDR', title='Recovered Pic', adult='$adult'");
//echo mysql_error()."<br><br>\n";
header ('Location: index.php');
mysql_close($dbconn);
exit;
}
*/
//User Delete Comment
if ($mode=="udelcmt") {
include('dbconn.php');
$result2 = mysql_query("SELECT usrname FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
extract(mysql_fetch_array($result2));
if ($usrname == $OekakiU) {
$result4 = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakicmt where ID_3='$cmtno'");
header ('Location: lcommentdel.php');
mysql_close($dbconn);
exit;
} else {
header ('Location: error.php?error='.urlencode($langop_functions_err19));
mysql_close($dbconn);
exit;
}
}
//Admin Delete
if ($mode=="dela") {
include('dbconn.php');
$result2 = mysql_query("SELECT usrflags FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
extract(mysql_fetch_array($result2));
if (strstr($usrflags,"A") || strstr($usrflags,"S") || strstr($usrflags,"O")) {
$result2 = mysql_query("SELECT * FROM ".$OekakiPoteto_Prefix."oekakidta where PIC_ID='$picno'");
$row = mysql_fetch_array($result2);
$reason = nifty2_convert($langop_word_hello.",\n\n".$langop_functions_yourpic." (".$okurl."/".$OPpics."/".$picno.".png) ".$langop_picdel_p1." ".$OekakiU." ".$langop_picdel_p2.":\n\n".$reason."\n\n".$langop_picdel_p3);
$result = mysql_query("INSERT INTO ".$OekakiPoteto_MemberPrefix."oekakimailbox SET sender='$OekakiU', reciever='$row[usrname]', subject='$langop_picdel_title', body='$reason', senddate=NOW()");
$result3 = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakidta where PIC_ID='$picno'");
$result4 = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakicmt where PIC_ID='$picno'");
errorCheck('delpics.php');
} else {
header ('Location: delpics.php');
mysql_close($dbconn);
exit;
}
}
//Admin Delete Comment
if ($mode=="delcmt") {
include('dbconn.php');
$result2 = mysql_query("SELECT usrflags FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='$OekakiU'");
extract(mysql_fetch_array($result2));
if (strstr($usrflags,"A") || strstr($usrflags,"S") || strstr($usrflags,"O")) {
$result4 = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakicmt where ID_3='$cmtno'");
header ('Location: delcomments.php');
mysql_close($dbconn);
exit;
} else {
header ('Location: delcomments.php');
mysql_close($dbconn);
exit;
}
}
//User Pic Delete
if ($mode=="del") {
include('dbconn.php');
$result = mysql_query("SELECT usrname from ".$OekakiPoteto_Prefix."oekakidta where PIC_ID='$picno'");
extract(mysql_fetch_array($result));
if ($usrname!==$OekakiU) {
header ('Location: error.php?error='.urlencode($langop_functions_err20));
mysql_close($dbconn);
exit;
} else {
$result2 = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakidta where PIC_ID='$picno'");
$result3 = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakicmt where PIC_ID='$picno'");
//echo mysql_error()."<br><br>\n";
header ('Location: ldelpics.php');
mysql_close($dbconn);
exit;
}
}
//Edit Comment
if ($commedit=="Edit") {
include('dbconn.php');
$comment2 = nifty2_convert($comment2);
$comment2 = $comment2."\n\n(".$langop_common_editedon." ".date("F j, Y, g:i a").")";
$title3 = strip_tags($title2);
$title3 = eregi_replace("'", "\'", $title3);
$result = mysql_query("SELECT usrname, comment from ".$OekakiPoteto_Prefix."oekakicmt where ID_3='$idno'");
extract(mysql_fetch_array($result));
if ($usrname!==$OekakiU) {
header ('Location: error.php?error='.urlencode($langop_functions_err21));
mysql_close($dbconn);
exit;
} else {
$result2 = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakicmt SET comment='$comment2' WHERE ID_3='$idno'");
header ('Location: lcommentdel.php');
mysql_close($dbconn);
exit;
}
}
//Edit Pic
if ($picedit=="Edit") {
include('dbconn.php');
$comment2 = nifty2_convert($comment2);
$comment2 = $comment2."\n\n(Edited on ".date("F j, Y, g:i a").")";
$title3 = nifty2_convert($title2);
$title3 = eregi_replace("'", "\'", $title3);
$result2 = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakidta SET title='$title3', comment='$comment2', adult='$adult', postlock='1' WHERE PIC_ID='$picno'");
header ('Location: ldelpics.php');
mysql_close($dbconn);
exit;
}
//Edit Oekaki Pic; code by Marcello
if ($mode=="picsaveo"){
$buffer = $HTTP_RAW_POST_DATA;
$thecheck = "0";
$i=0;
$start = strpos( $buffer, "Content-type:");
$middle=0;$end=0;
while ($start) {
$end = strpos( $buffer, "Content-type:", $start+1);
$middle = strpos( $buffer, "\r", $start);
$type = substr( $buffer, $start+13, $middle-$start-13 );
$middle = strpos( $buffer, "\r", $middle+1);
if ($end===false) {
$end=null;
$data = substr( $buffer, $middle+2);
} else $data = substr( $buffer, $middle+2, $end-$middle-2);
$start=$end;
if($type=='image/0'){
$image_filenamejpg = $OPpics.'/'.$edit.".jpg";
$image_filename = $OPpics.'/'.$edit.".png";
unlink($image_filename);
if ($fp = fopen($image_filename,'wb')) {
// Write main file
fwrite($fp,$data);
fclose($fp);
if($jpgcompression == "yes"){
//convert to JPEG
$img = imagecreatefrompng($image_filename);
imagejpeg($img,$image_filenamejpg, $jpgcompressqual);
}
}
}
if($type=='animation/'){
$image_filename = $OPpics.'/'.$edit.".oeb";
unlink($image_filename);
if ($fp = fopen($image_filename,'wb')) {
// Write main file
fwrite($fp,$data);
fclose($fp);
}
}
}
include('dbconn.php');
$edittime2 = time() - $edittimes;
$result2 = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakidta SET edittime=(edittime + $edittime2) WHERE PIC_ID='$edit'");
mysql_close();
}
//Picture saving; code by Marcello (http://www.cellosoft.com). Used with permission.
if($mode=="picsave"){
include('dbconn.php');
$p = strpos($HTTP_RAW_POST_DATA, "\r");
$size = strlen($HTTP_RAW_POST_DATA);
if( $p === false) {
print "Content-type: text/plain\n\n";
print "error $size\n";
} else {
if(isset($edit)){
unlink($image_filename);
$fp = fopen($image_filename,'wb');
$edittime2 = time() - $edittimes;
$result2 = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakidta SET edittime=(edittime + $edittime2) WHERE PIC_ID='$edit'");
mysql_close();
$resno = $edit;
} else {
$result = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakimisc set miscvalue=miscvalue+1 where miscname='piccount'");
$result = mysql_query("SELECT miscname, miscvalue FROM ".$OekakiPoteto_Prefix."oekakimisc where miscname='piccount'");
$row = mysql_fetch_array($result);
$resno = $row[miscvalue];
//check if the picture is archived or not before saving
$awrite = "false";
while($awrite == "false"){
$result = mysql_query("SELECT * FROM ".$OekakiPoteto_Prefix."oekakidta WHERE PIC_ID=".$resno);
$row = mysql_fetch_array($result);
if($row[archive] == "1"){
//go to the next number
$result = mysql_query("UPDATE ".$OekakiPoteto_Prefix."oekakimisc set miscvalue=miscvalue+1 where miscname='piccount'");
$result = mysql_query("SELECT miscname, miscvalue FROM ".$OekakiPoteto_Prefix."oekakimisc where miscname='piccount'");
$row = mysql_fetch_array($result);
$resno = $row[miscvalue];
} else {
$awrite = "true";
}
}
}
$image_filenamejpg = $OPpics.'/'.$resno.".jpg";
$image_filename = $OPpics.'/'.$resno.".png";
unlink($image_filename);
$fp = fopen($image_filename,'wb');
if ($fp) {
fwrite($fp,substr($HTTP_RAW_POST_DATA,$p+2));
fclose($fp);
if($jpgcompression == "yes"){
//convert to JPEG
$img = imagecreatefrompng($image_filename);
imagejpeg($img,$image_filenamejpg, $jpgcompressqual);
}
if(!isset($edit)){
$result = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakicmt where PIC_ID='$resno'");
$result = mysql_query("DELETE from ".$OekakiPoteto_Prefix."oekakidta where PIC_ID='$resno'");
$thetime = time() - $edittimes;
//insert the picture into the database
$inserted = "false";
while($inserted == "false"){
$result = mysql_query("INSERT into ".$OekakiPoteto_Prefix."oekakidta SET usrname='$username',hostname='$hostname', PIC_ID='$resno', IP='$REMOTE_ADDR', postdate=NOW(), edittime='$thetime'");
$result = mysql_query("SELECT count(*) as rowcount FROM ".$OekakiPoteto_Prefix."oekakidta WHERE PIC_ID='$resno'");
$r_rows = mysql_fetch_array($result);
if($r_rows[rowcount] == 1){
$inserted = "true";
}
}
}
mysql_close();
} else {
mysql_close();
fclose($fp);
print "Content-type: text/plain\n\n";
print "error $size\n";
}
}
echo "Content-type: text/plain\n\n";
echo "ok";
}
?>