<?php /* ***** Orca Ringmaker - Head File *************************** */
require "config.ini.php";
require "config.php";
$_USER['id'] = 0;
$_USER['level'] = 0;
$_USER['action'] = "";
$_USER['subaction'] = "";
$_USER['filters'] = "";
if ($_DDATA['online']) {
/* ***** User Data (Login) **************************************** */
if (isset($_COOKIE['orm3_user'])) {
$x = explode(" :: ", base64_decode($_COOKIE['orm3_user']));
$_USER['username'] = $x[0];
$select = mysql_query("SELECT `id`, `level`, `filters` FROM `{$_DDATA['tableuser']}` WHERE `username`='".addslashes($_USER['username'])."' AND MD5(`password`)='".addslashes($x[1])."' LIMIT 1;", $_DDATA['link']);
if (mysql_num_rows($select)) {
$_USER = array_merge($_USER, mysql_fetch_assoc($select));
if ($_USER['level'])
setcookie('orm3_user', base64_encode("{$_USER['username']} :: {$x[1]}"), time() + 7200, "/");
}
}
if (!$_USER['level'] && isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] == "Login" && $_SERVER['REQUEST_METHOD'] == "POST") {
$_USER['username'] = $_POST['username'];
$select = mysql_query("SELECT `id`, `level`, `filters` FROM `{$_DDATA['tableuser']}` WHERE `username`='".addslashes($_USER['username'])."' AND `password`='".addslashes($_POST['password'])."' LIMIT 1;", $_DDATA['link']);
if (mysql_num_rows($select)) {
$_USER = array_merge($_USER, mysql_fetch_assoc($select));
if ($_USER['level']) {
setcookie('orm3_user', base64_encode("{$_USER['username']} :: ".md5($_POST['password'])), time() + 7200, "/");
} else $_SDATA['error'][] = $_LANG['030'];
} else $_SDATA['error'][] = $_LANG['031'];
}
/* ***** Page Access Rights *************************************** */
if (isset($_SERVER['QUERY_STRING'])) {
$action = explode("&", $_SERVER['QUERY_STRING']);
switch ($action[0]) {
case "Logout":
if ($_USER['level'] > 0) {
$_USER['level'] = 0;
setcookie('orm3_user', "", time() - 86400, "/");
$_SDATA['success'][] = $_LANG['060'];
}
break;
case "Setup":
case "Email":
if ($_USER['level'] <= 1) {
$_USER['action'] = "Blank";
$_SDATA['error'][] = $_LANG['032'];
break;
}
case "Account":
if ($_USER['level'] == 1) {
$select = mysql_query("SELECT * FROM `{$_DDATA['tableuser']}` WHERE `id`='{$_USER['id']}';", $_DDATA['link']);
if (mysql_num_rows($select)) {
$_EDIT = mysql_fetch_assoc($select);
$_USER['subaction'] = "Select";
} else $_SDATA['error'][] = $_LANG['033'];
} else if ($_USER['level'] > 1 && isset($_GET['id'])) {
$select = mysql_query("SELECT * FROM `{$_DDATA['tableuser']}` WHERE `id`='".addslashes($_GET['id'])."';", $_DDATA['link']);
if (mysql_num_rows($select)) {
$_EDIT = mysql_fetch_assoc($select);
if ($_USER['level'] > $_EDIT['level'] || $_USER['id'] == $_GET['id']) {
$_USER['subaction'] = "Select";
} else $_SDATA['error'][] = $_LANG['03b'];
} else $_SDATA['error'][] = $_LANG['033'];
}
case "Edit":
case "Add":
if ($_USER['level'] < 1) {
$_USER['action'] = "Blank";
$_SDATA['error'][] = $_LANG['032'];
break;
}
$_USER['action'] = $action[0];
break;
case "Join":
if ($_USER['level'] > 0) {
$_USER['action'] = "Blank";
$_SDATA['error'][] = $_LANG['034'];
break;
}
$_USER['action'] = $action[0];
break;
case "Help":
if (!@file_exists("{$_SERVER['DOCUMENT_ROOT']}/{$_SDATA['directory']}/help.html")) break;
case "Confirm":
case "Stats":
case "Profile":
case "Go":
case "Nav":
case "Blank":
// default:
$_USER['action'] = $action[0];
}
}
/* ***** Perform Actions ****************************************** */
switch ($_USER['action']) {
/* ***** Ring Setup ********************************************* */
case "Setup":
if ($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['action'])) {
switch ($_USER['subaction'] = $_POST['action']) {
/* ***** Edit Ring Details ******************************** */
case "Edit":
ORM_sanitize($_POST['ring_name'], 64);
if (!$_POST['ring_name']) $_POST['ring_name'] = $_LANG['00t'];
ORM_sanitize($_POST['ring_display_announcement'], 1024, true);
$_POST['ring_display_sitelimit'] = min(255, max(1, (int)$_POST['ring_display_sitelimit']));
ORM_sanitize($_POST['ring_display_charset'], 16);
if (!$_POST['ring_display_charset']) $_POST['ring_display_charset'] = "ISO-8859-1";
if (!is_dir("{$_SERVER['DOCUMENT_ROOT']}/{$_SDATA['directory']}/themes/".$_POST['ring_display_theme'])) $_POST['ring_display_theme'] = $_VDATA['display.theme'];
if (!in_array($_POST['ring_mail_method'], array("mail", "sendmail", "smtp"))) $_POST['ring_mail_method'] = $_VDATA['mail.method'];
if (isset($_POST['ring_mail_smtp_server'])) {
ORM_sanitize($_POST['ring_mail_smtp_server'], 128);
} else $_POST['ring_mail_smtp_server'] = $_VDATA['mail.smtp.server'];
if (isset($_POST['ring_mail_smtp_username'])) {
ORM_sanitize($_POST['ring_mail_smtp_username'], 128);
} else $_POST['ring_mail_smtp_username'] = $_VDATA['mail.smtp.username'];
if (isset($_POST['ring_mail_smtp_password'])) {
ORM_sanitize($_POST['ring_mail_smtp_password'], 128);
} else $_POST['ring_mail_smtp_password'] = $_VDATA['mail.smtp.password'];
ORM_sanitize($_POST['ring_stats_timezone_name'], 5);
if (!$_POST['ring_stats_timezone_name']) $_POST['ring_stats_timezone_name'] = "-";
$_POST['ring_stats_timezone_offset'] = min(12, max(-13, (int)$_POST['ring_stats_timezone_offset']));
$_POST['ring_stats_toplimit'] = min(100, max(1, (int)$_POST['ring_stats_toplimit']));
$_POST['ring_stats_colbots'] = (!isset($_POST['ring_stats_colbots'])) ? "no" : "yes";
if (!isset($_LANG['stats.type'][$_POST['ring_stats_type']])) $_POST['ring_stats_type'] = $_VDATA['stats.type'];
$update = mysql_query("UPDATE `{$_DDATA['tablename']}` SET
`name`='".addslashes($_POST['ring_name'])."',
`display.charset`='".addslashes($_POST['ring_display_charset'])."',
`display.sitelimit`='".addslashes($_POST['ring_display_sitelimit'])."',
`display.announcement`='".addslashes($_POST['ring_display_announcement'])."',
`display.theme`='".addslashes($_POST['ring_display_theme'])."',
`mail.method`='".addslashes($_POST['ring_mail_method'])."',
`mail.smtp.server`='".addslashes($_POST['ring_mail_smtp_server'])."',
`mail.smtp.username`='".addslashes($_POST['ring_mail_smtp_username'])."',
`mail.smtp.password`='".addslashes($_POST['ring_mail_smtp_password'])."',
`stats.type`='".addslashes($_POST['ring_stats_type'])."',
`stats.timezone.name`='".addslashes($_POST['ring_stats_timezone_name'])."',
`stats.timezone.offset`='".addslashes($_POST['ring_stats_timezone_offset'])."',
`stats.toplimit`='".addslashes($_POST['ring_stats_toplimit'])."',
`stats.colbots`='{$_POST['ring_stats_colbots']}'
;", $_DDATA['link']);
if (mysql_affected_rows()) {
$_SDATA['success'][] = $_LANG['061'];
} else if (mysql_error()) $_SDATA['error'][] = $_LANG['035'];
break;
/* ***** Edit Ring Order ********************************** */
case "Order":
$ordered = true;
list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tablesite']}`;", $_DDATA['link']));
if ($count > 1) {
switch ($_POST['order_method']) {
case "random":
$order = range(1, $count);
shuffle($order);
$select = mysql_query("SELECT `id` FROM `{$_DDATA['tablesite']}` ORDER BY `id`;", $_DDATA['link']);
for ($x = 0; $x < count($order); $x++)
$update = mysql_query("UPDATE `{$_DDATA['tablesite']}` SET `order`='{$order[$x]}' WHERE `id`='".mysql_result($select, $x, "id")."';", $_DDATA['link']);
break;
case "alpha_asc":
case "alpha_des":
$select = mysql_query("SELECT `id` FROM `{$_DDATA['tablesite']}` ORDER BY `title`".(($_POST['order_method'] == "alpha_des") ? " DESC" : "").";", $_DDATA['link']);
for ($x = 0; $x < mysql_num_rows($select); $x++)
$update = mysql_query("UPDATE `{$_DDATA['tablesite']}` SET `order`='".($x + 1)."' WHERE `id`='".mysql_result($select, $x, "id")."';", $_DDATA['link']);
break;
case "sid_asc":
$update = mysql_query("UPDATE `{$_DDATA['tablesite']}` SET `order`=`id`;", $_DDATA['link']);
break;
case "sid_des":
$select = mysql_query("SELECT `id` FROM `{$_DDATA['tablesite']}` ORDER BY `id` DESC;", $_DDATA['link']);
for ($x = 0; $x < mysql_num_rows($select); $x++)
$update = mysql_query("UPDATE `{$_DDATA['tablesite']}` SET `order`='".($x + 1)."' WHERE `id`='".mysql_result($select, $x, "id")."';", $_DDATA['link']);
break;
case "join_asc":
case "join_des":
$select = mysql_query("SELECT `id` FROM `{$_DDATA['tablesite']}` ORDER BY `date`".(($_POST['order_method'] == "join_des") ? " DESC" : "").";", $_DDATA['link']);
for ($x = 0; $x < mysql_num_rows($select); $x++)
$update = mysql_query("UPDATE `{$_DDATA['tablesite']}` SET `order`='".($x + 1)."' WHERE `id`='".mysql_result($select, $x, "id")."';", $_DDATA['link']);
break;
case "pop_asc":
case "pop_des":
case "pop_int":
require_once "statistics.php";
$order = array(); $x = 0;
foreach ($_CACHE->ids as $id)
$order[$id] = array_sum(array_slice($_CACHE->site[$id]['days']->hits['total'], 0, 3));
if ($_POST['order_method'] == "pop_des") { arsort($order); } else asort($order);
$order = array_keys($order);
if ($_POST['order_method'] == "pop_int") {
while (count($order) > 0) {
$update = mysql_query("UPDATE `{$_DDATA['tablesite']}` SET `order`='".($x++)."' WHERE `id`='".array_pop($order)."';", $_DDATA['link']);
if (count($order) > 0)
$update = mysql_query("UPDATE `{$_DDATA['tablesite']}` SET `order`='".($x++)."' WHERE `id`='".array_shift($order)."';", $_DDATA['link']);
}
} else
foreach ($order as $value)
$update = mysql_query("UPDATE `{$_DDATA['tablesite']}` SET `order`='".($x++)."' WHERE `id`='$value';", $_DDATA['link']);
break;
default:
$ordered = false;
}
if ($ordered) $_SDATA['success'][] = $_LANG['062'];
} else $_SDATA['error'][] = $_LANG['036'];
break;
/* ***** Edit Navigation Bar HTML ************************* */
case "Navbar":
if (!isset($_POST['navbar_type']) || !in_array($_POST['navbar_type'], array("html", "script")))
$_POST['navbar_type'] = $_VDATA['navbar.type'];
ORM_sanitize($_POST['navbar_html'], 8192, true);
if (isset($_POST['navbar_script'])) {
ORM_sanitize($_POST['navbar_script'], 2048, true);
} else $_POST['navbar_script'] = $_VDATA['navbar.script'];
$update = mysql_query("UPDATE `{$_DDATA['tablename']}` SET
`navbar.type`='".addslashes($_POST['navbar_type'])."',
`navbar.html`='".addslashes($_POST['navbar_html'])."',
`navbar.script`='".addslashes($_POST['navbar_script'])."'
;", $_DDATA['link']);
if (mysql_affected_rows()) {
$_SDATA['success'][] = $_LANG['063'];
} else if (mysql_error()) $_SDATA['error'][] = $_LANG['035'];
break;
}
$_VDATA = mysql_fetch_assoc(mysql_query("SELECT * FROM `{$_DDATA['tablename']}`;", $_DDATA['link']));
$_USER['subaction'] = "";
}
break;
/* ***** Email Ring Members ************************************* */
case "Email":
if (isset($_REQUEST['action'])) {
switch ($_USER['subaction'] = $_REQUEST['action']) {
/* ***** Send a Message *********************************** */
case "Send":
if ($_SERVER['REQUEST_METHOD'] == "POST") {
if ($_USER['level'] > 1) {
switch ($_POST['email_recipients']) {
case "all":
$to = $_LANG['0cp'];
$select = mysql_query("SELECT `username`, `email` FROM `{$_DDATA['tableuser']}` WHERE `level`>0;", $_DDATA['link']);
while ($row = mysql_fetch_array($select)) $_LIST[] = $row;
break;
case "administrators":
$to = $_LANG['0cq'];
$select = mysql_query("SELECT `username`, `email` FROM `{$_DDATA['tableuser']}` WHERE `level`>1;", $_DDATA['link']);
while ($row = mysql_fetch_array($select)) $_LIST[] = $row;
break;
case "selected":
if (isset($_POST['email_accounts'])) {
$to = $_LANG['0cr'];
$select = mysql_query("SELECT `id`, `username`, `email` FROM `{$_DDATA['tableuser']}` WHERE `level`>0;", $_DDATA['link']);
while ($row = mysql_fetch_assoc($select)) $_ALL[$row['id']] = array($row['username'], $row['email']);
foreach ($_POST['email_accounts'] as $email_accounts)
if (isset($_ALL[$email_accounts])) $_LIST[] = $_ALL[$email_accounts];
}
break;
}
if (isset($_LIST) && count($_LIST)) {
$adds = array();
foreach ($_LIST as $list) $adds[] = implode($list, " <").">";
ORM_sanitize($_POST['email_subject'], 64);
if (!$_POST['email_subject']) $_SDATA['error'][] = $_LANG['037'];
ORM_sanitize($_POST['email_message'], 8192, true);
if (!$_POST['email_message']) $_SDATA['error'][] = $_LANG['038'];
if (!count($_SDATA['error'])) {
if ($sent = ORM_ringmail($_LIST, $_POST['email_subject'], $_POST['email_message']))
$_SDATA['success'][] = sprintf($_LANG['064'], $sent);
$insert = mysql_query("INSERT INTO `{$_DDATA['tablemail']}` SET
`sentby`={$_USER['id']},
`date`=UNIX_TIMESTAMP(),
`to`='".addslashes($to)."',
`adds`='".addslashes(implode($adds, ", "))."',
`subject`='".addslashes($_POST['email_subject'])."',
`message`='".addslashes($_POST['email_message'])."'
;", $_DDATA['link']);
}
} else $_SDATA['error'][] = $_LANG['039'];
} else $_SDATA['error'][] = $_LANG['03a'];
}
break;
/* ***** View a Sent Message ****************************** */
case "View":
if (isset($_GET['message_id'])) {
$select = mysql_query("
SELECT
`mail`.`id` as `id`,
`user`.`username` as `sender`,
`user`.`id` as `userid`,
`mail`.`date` as `date`,
`mail`.`to` as `to`,
`mail`.`subject` as `subject`,
`mail`.`message` as `message`,
`mail`.`adds` as `adds`
FROM
`{$_DDATA['tablemail']}` as `mail`,
`{$_DDATA['tableuser']}` as `user`
WHERE
`mail`.`sentby`=`user`.`id` AND
`mail`.`id`=".(int)$_GET['message_id']."
;", $_DDATA['link']);
if (mysql_num_rows($select)) {
$_EDIT = mysql_fetch_assoc($select);
} else {
$_USER['subaction'] = "";
$_SDATA['error'][] = "Message not found";
}
}
break;
/* ***** Delete a Sent Message **************************** */
case "Delete":
if ($_SERVER['REQUEST_METHOD'] == "POST") {
if ($_USER['level'] == 3) {
if (isset($_POST['message_id']) && count($_POST['message_id'])) {
$deleted = 0;
foreach ($_POST['message_id'] as $message_id) {
$delete = mysql_query("DELETE FROM `{$_DDATA['tablemail']}` WHERE `id`=".(int)$message_id.";", $_DDATA['link']);
$deleted += mysql_affected_rows();
}
$_SDATA['success'][] = "$deleted message(s) were deleted";
} else $_SDATA['error'][] = "No selected messages to delete";
} else $_SDATA['error'][] = $_LANG['03h'];
}
break;
/* ***** No Action **************************************** */
default:
$_USER['subaction'] = "";
}
}
break;
/* ***** Edit Account Information ******************************* */
case "Account":
$_USER['filters'] =& new ORM_filterSet($_USER['filters']);
if ($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['action'])) {
switch ($_USER['subaction'] = $_POST['action']) {
/* ***** Select an Account to Edit ************************ */
case "Select":
$_USER['subaction'] = "";
foreach ($_POST as $key => $value) {
if (strpos($key, "Edit_") === 0) {
$select = mysql_query("SELECT * FROM `{$_DDATA['tableuser']}` WHERE `id`='".(int)str_replace("Edit_", "", $key)."';", $_DDATA['link']);
if (mysql_num_rows($select)) {
$_EDIT = mysql_fetch_assoc($select);
if ($_USER['level'] > $_EDIT['level'] || $_USER['id'] == $_EDIT['id']) {
$_USER['subaction'] = "Select";
} else $_SDATA['error'][] = $_LANG['03b'];
} else $_SDATA['error'][] = $_LANG['03c'];
}
}
if (!$_USER['subaction'] && isset($_POST['Filter'])) {
ORM_sanitize($_POST['Filter_username'], 32);
$_USER['filters']->accoFilter[0] = $_POST['Filter_username'];
if (!$_POST['Filter_level'] || isset($_LANG['level'][$_POST['Filter_level']]))
$_USER['filters']->accoFilter[1] = $_POST['Filter_level'];
$newcode = $_USER['filters']->getCode();
$update = mysql_query("UPDATE `{$_DDATA['tableuser']}` SET `filters`='$newcode' WHERE `id`='{$_USER['id']}';", $_DDATA['link']);
}
break;
/* ***** Edit Account Information ************************* */
case "Edit":
$select = mysql_query("SELECT * FROM `{$_DDATA['tableuser']}` WHERE `id`='".addslashes($_POST['user_id'])."';", $_DDATA['link']);
if (mysql_num_rows($select)) {
$_EDIT = mysql_fetch_assoc($select);
$selfmod = ($_USER['id'] == $_EDIT['id']);
if ($_USER['level'] > $_EDIT['level'] || $selfmod) {
ORM_sanitize($_POST['user_username'], 32);
if (($selfmod && $_USER['level'] > 1) || $_USER['level'] == 3 || ($_USER['level'] == 2 && $_EDIT['level'] == 1)) {
if ($_POST['user_username'] != $_EDIT['username']) {
list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tableuser']}` WHERE `username`='".addslashes($_POST['user_username'])."';", $_DDATA['link']));
if ($count) $_SDATA['error'][] = $_LANG['03d'];
}
} else $_SDATA['error'][] = $_LANG['03e'];
ORM_sanitize($_POST['user_password1'], 32);
ORM_sanitize($_POST['user_password2'], 32);
if ($selfmod || $_USER['level'] == 3 || ($_USER['level'] == 2 && $_EDIT['level'] == 1)) {
if (strlen($_POST['user_password1']) && strlen($_POST['user_password2'])) {
if ($_POST['user_password1'] != $_POST['user_password2'])
$_SDATA['error'][] = $_LANG['03f'];
} else $_POST['user_password1'] = $_EDIT['password'];
}
$rebake = ($selfmod && ($_POST['user_username'] != $_EDIT['username'] || $_POST['user_password1'] != $_EDIT['password'])) ? true : false;
ORM_sanitize($_POST['user_email_new']);
if ($selfmod || $_USER['level'] == 3 || ($_USER['level'] == 2 && $_EDIT['level'] == 1)) {
if (strlen($_POST['user_email_new'])) {
if (!preg_match("/^(([^<>()[\]\\\\.,;:\s@\"]+(\.[^<>()[\]\\\\.,;:\s@\"]+)*)|(\"([^\"\\\\\r]|(\\\\[\w\W]))*\"))@((\[([0-9]{1,3}\.){3}[0-9]{1,3}\])|(([a-z\-0-9]+\.)+[a-z]{2,}))$/i", $_POST['user_email_new']))
$_SDATA['error'][] = $_LANG['03g'];
}
if ($_POST['user_email_new'] == $_EDIT['email']) $_POST['user_email_new'] = "";
}
ORM_sanitize($_POST['user_description'], 1024, true);
$newowner = false;
if (isset($_POST['user_level']) && $_USER['level'] == 3 && $_EDIT['level'] < 3) {
$_POST['user_level'] = min(3, max(0, (int)$_POST['user_level']));
if (!$_POST['user_level'] && $_EDIT['level']) {
$_POST['user_level'] = $_EDIT['level'];
} else if ($_POST['user_level'] == 3) $newowner = true;
} else $_POST['user_level'] = $_EDIT['level'];
if (!count($_SDATA['error'])) {
$newemail = ($_POST['user_email_new'] && $_POST['user_email_new'] != $_EDIT['email.new']);
if ($newemail) {
do {
$key = substr(md5(microtime()), 0, 16);
list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tableuser']}` WHERE `email.key`='$key';", $_DDATA['link']));
} while ($count);
}
$update = mysql_query("UPDATE `{$_DDATA['tableuser']}` SET
`username`='".addslashes($_POST['user_username'])."',
`password`='".addslashes($_POST['user_password1'])."',
`description`='".addslashes($_POST['user_description'])."',
".(($newemail) ? "
`email.new`='".addslashes($_POST['user_email_new'])."',
`email.date`=UNIX_TIMESTAMP(),
`email.key`='$key',
" : "")."
`level`='".addslashes($_POST['user_level'])."'
WHERE `id`='".addslashes($_POST['user_id'])."';", $_DDATA['link']);
if (mysql_affected_rows()) {
if ($newemail) {
ORM_ringmail(array($_POST['user_username'], $_POST['user_email_new']), $_LANG['096'], sprintf($_LANG['097'], $_VDATA['name'], "{$_SDATA['huburi']}?Confirm&id=$key"));
$_SDATA['success'][] = $_LANG['065'];
}
$_SDATA['success'][] = $_LANG['066'];
if ($newowner) {
$update = mysql_query("UPDATE `{$_DDATA['tableuser']}` SET `level`='3' WHERE `level`='4' AND `id`!='".addslashes($_POST['user_id'])."';", $_DDATA['link']);
if (mysql_affected_rows()) $_SDATA['success'][] = $_LANG['067'];
}
if ($selfmod) {
$select = mysql_query("SELECT `id`, `username`, `password`, `level` FROM `{$_DDATA['tableuser']}` WHERE `id`='{$_USER['id']}' LIMIT 1;", $_DDATA['link']);
if (mysql_num_rows($select)) {
$_USER = array_merge($_USER, mysql_fetch_assoc($select));
if ($rebake) setcookie('orm3_user', base64_encode("{$_USER['username']} :: ".md5($_USER['password'])), time() + 7200, "/");
}
} else if ($_EDIT['level'] != $_POST['user_level']) {
if ($newowner) {
ORM_ringmail(array($_POST['user_username'], $_EDIT['email']), $_LANG['09e'], sprintf($_LANG['09f'], $_POST['user_username'], $_VDATA['name']));
} else ORM_ringmail(array($_POST['user_username'], $_EDIT['email']), $_LANG['09c'], sprintf($_LANG['09d'], $_POST['user_username'], $_VDATA['name'], $_LANG['level'][$_POST['user_level']]));
} // other changes a member should be notified about
} else if (mysql_error()) $_SDATA['error'][] = $_LANG['035'];
} else $_USER['subaction'] = "Select";
if ($_USER['level'] == 1) {
$select = mysql_query("SELECT * FROM `{$_DDATA['tableuser']}` WHERE `id`='{$_USER['id']}';", $_DDATA['link']);
if (mysql_num_rows($select)) {
$_EDIT = mysql_fetch_assoc($select);
$_USER['subaction'] = "Select";
} else $_SDATA['error'][] = $_LANG['03j'];
} else $_USER['subaction'] = "";
} else $_SDATA['error'][] = $_LANG['03b'];
} else $_SDATA['error'][] = $_LANG['03k'];
break;
/* ***** Delete an Account ******************************** */
case "Delete":
$_USER['subaction'] = "";
$select = mysql_query("SELECT * FROM `{$_DDATA['tableuser']}` WHERE `id`='".addslashes($_POST['user_id'])."';", $_DDATA['link']);
if (mysql_num_rows($select)) {
$_EDIT = mysql_fetch_assoc($select);
if ($_USER['level'] > $_EDIT['level'] || $_POST['user_id'] == $_USER['id']) {
for ($x = 1, $confirm = true; $x <= 3; $x++)
if (!isset($_POST["delete_check$x"]) || $_POST["delete_check$x"] != "check$x") $confirm = false;
if ($confirm) {
if ($_EDIT['level'] < 3) {
$delete = mysql_query("DELETE FROM `{$_DDATA['tableuser']}` WHERE `id`='{$_EDIT['id']}';", $_DDATA['link']);
if (mysql_affected_rows()) {
$_SDATA['success'][] = sprintf($_LANG['068'], $_EDIT['username']);
$_USER['subaction'] = "";
$delete = mysql_query("DELETE FROM `{$_DDATA['tablesite']}` WHERE `owner`='{$_EDIT['id']}';", $_DDATA['link']);
if (mysql_affected_rows())
$_SDATA['success'][] = sprintf($_LANG['069'], mysql_affected_rows(), $_EDIT['username']);
if ($_EDIT['id'] == $_USER['id']) {
$_USER['level'] = 0;
$_USER['action'] = "";
setcookie('orm3_user', "", time() - 86400, "/");
$_SDATA['success'][] = $_LANG['060'];
} else if ($_EDIT['email']) {
ORM_sanitize($_POST['delete_reason'], 256);
if (!$_POST['delete_reason']) $_POST['delete_reason'] = "None";
ORM_ringmail(array($_EDIT['username'], $_EDIT['email']), $_LANG['092'], sprintf($_LANG['093'], $_EDIT['username'], $_VDATA['name'], $_POST['delete_reason']));
}
} else $_SDATA['error'][] = $_LANG['035'];
} else $_SDATA['error'][] = $_LANG['03m'];
} else $_SDATA['error'][] = $_LANG['03n'];
} else $_SDATA['error'][] = $_LANG['03o'];
} else $_SDATA['error'][] = $_LANG['03k'];
break;
/* ***** No Action **************************************** */
default:
$_USER['subaction'] = "";
}
} else if ($_SERVER['REQUEST_METHOD'] == "GET") {
if (isset($_GET['sort']) && in_array($_GET['sort'], array('id', 'username', 'level', 'sites'))) {
foreach ($_USER['filters']->accoOrder as $key => $value) {
if ($_GET['sort'] == $value[0]) {
if ($key) {
$value[1] = false;
unset($_USER['filters']->accoOrder[$key]);
array_unshift($_USER['filters']->accoOrder, $value);
} else $_USER['filters']->accoOrder[$key][1] = !$_USER['filters']->accoOrder[$key][1];
$newcode = $_USER['filters']->getCode();
$update = mysql_query("UPDATE `{$_DDATA['tableuser']}` SET `filters`='$newcode' WHERE `id`='{$_USER['id']}';", $_DDATA['link']);
break;
}
}
}
}
break;
/* ***** Edit Site Information ********************************** */
case "Edit":
$_USER['filters'] =& new ORM_filterSet($_USER['filters']);
if ($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['action'])) {
switch ($_USER['subaction'] = $_POST['action']) {
/* ***** Select a Site to Edit **************************** */
case "Select":
$_USER['subaction'] = "";
foreach ($_POST as $key => $value) {
if (strpos($key, "Edit_") === 0) {
$select = mysql_query("
SELECT
`site`.`id` as `id`,
`site`.`owner` as `owner`,
`site`.`status` as `status`,
`site`.`lookahead` as `lookahead`,
`site`.`uri` as `uri`,
`site`.`title` as `title`,
`site`.`description` as `description`,
`user`.`username` as `username`,
`user`.`level` as `level`
FROM
`{$_DDATA['tablesite']}` as `site`,
`{$_DDATA['tableuser']}` as `user`
WHERE
`site`.`owner`=`user`.`id`
AND `site`.`id`='".(int)str_replace("Edit_", "", $key)."'
;", $_DDATA['link']);
if (mysql_num_rows($select)) {
$_EDIT = mysql_fetch_assoc($select);
if ($_USER['level'] > $_EDIT['level'] || $_EDIT['owner'] == $_USER['id']) {
$_USER['subaction'] = "Select";
} else $_SDATA['error'][] = $_LANG['03q'];
} else $_SDATA['error'][] = $_LANG['03c'];
}
}
if (!$_USER['subaction'] && isset($_POST['Filter'])) {
ORM_sanitize($_POST['Filter_title'], 32);
$_USER['filters']->siteFilter[0] = $_POST['Filter_title'];
if (isset($_POST['Filter_owner'])) {
ORM_sanitize($_POST['Filter_owner'], 32);
$_USER['filters']->siteFilter[1] = $_POST['Filter_owner'];
}
if (!$_POST['Filter_status'] || isset($_LANG['status'][$_POST['Filter_status']]))
$_USER['filters']->siteFilter[2] = $_POST['Filter_status'];
$newcode = $_USER['filters']->getCode();
$update = mysql_query("UPDATE `{$_DDATA['tableuser']}` SET `filters`='$newcode' WHERE `id`='{$_USER['id']}';", $_DDATA['link']);
}
break;
/* ***** Edit Site Information **************************** */
case "Edit":
$select = mysql_query("
SELECT
`site`.`owner` as `owner`,
`site`.`status` as `status`,
`user`.`username` as `username`,
`user`.`level` as `level`,
`user`.`email` as `email`
FROM
`{$_DDATA['tablesite']}` as `site`,
`{$_DDATA['tableuser']}` as `user`
WHERE
`site`.`owner`=`user`.`id`
AND `site`.`id`='".addslashes($_POST['site_id'])."'
;", $_DDATA['link']);
if (mysql_num_rows($select)) {
$_EDIT = mysql_fetch_assoc($select);
if ($_USER['level'] > $_EDIT['level'] || $_EDIT['owner'] == $_USER['id']) {
if (isset($_POST['site_owner']) && $_USER['level'] > 1 && $_POST['site_owner'] != $_EDIT['owner']) {
if (mysql_num_rows($select)) {
$_EDIT['owner'] = $_POST['site_owner'];
} else $_SDATA['error'][] = $_LANG['03r'];
}
$newdate = false;
if (isset($_POST['site_status']) && isset($_LANG['status'][$_POST['site_status']]) && $_POST['site_status'] != "inactive" && ($_USER['level'] > 1 || !in_array($_POST['site_status'], array("hibernating", "active")))) {
if ($_EDIT['status'] == "inactive" && $_POST['site_status'] != $_EDIT['status']) $newdate = true;
} else $_POST['site_status'] = $_EDIT['status'];
$_POST['site_lookahead'] = (!isset($_POST['site_lookahead'])) ? "no" : "yes";
ORM_sanitize($_POST['site_uri'], 256);
if (strlen($_POST['site_uri']) > 11) {
list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tablesite']}` WHERE `uri`='".addslashes($_POST['site_uri'])."' AND `id`!='".addslashes($_POST['site_id'])."';", $_DDATA['link']));
if ($count) $_SDATA['error'][] = $_LANG['03s'];
} else $_SDATA['error'][] = $_LANG['03t'];
ORM_sanitize($_POST['site_title'], 64);
if (!$_POST['site_title']) $_POST['site_title'] = "Untitled";
ORM_sanitize($_POST['site_description'], 1024, true);
if (!count($_SDATA['error'])) {
$update = mysql_query("UPDATE `{$_DDATA['tablesite']}` SET
`owner`='{$_EDIT['owner']}',
`uri`='".addslashes($_POST['site_uri'])."',
`title`='".addslashes($_POST['site_title'])."',
`description`='".addslashes($_POST['site_description'])."',
".(($newdate) ? "`date`=UNIX_TIMESTAMP()," : "")."
`status`='{$_POST['site_status']}',
`lookahead`='{$_POST['site_lookahead']}'
WHERE `id`='".addslashes($_POST['site_id'])."';", $_DDATA['link']);
if (mysql_affected_rows()) {
$_SDATA['success'][] = sprintf($_LANG['06a'], $_POST['site_title']);
$_USER['subaction'] = "";
if ($_EDIT['owner'] != $_USER['id']) {
if ($_EDIT['status'] == "inactive" && $_POST['site_status'] == "active") {
ORM_ringmail(array($_EDIT['username'], $_EDIT['email']), $_LANG['098'], sprintf($_LANG['099'], $_EDIT['username'], $_POST['site_title'], $_VDATA['name']));
} else if ($_EDIT['status'] != $_POST['site_status'])
ORM_ringmail(array($_EDIT['username'], $_EDIT['email']), $_LANG['09a'], sprintf($_LANG['09b'], $_EDIT['username'], $_POST['site_title'], $_VDATA['name'], $_LANG['status'][$_POST['site_status']]));
}
} else if (mysql_error()) $_SDATA['error'][] = $_LANG['035'];
} else $_USER['subaction'] = "Select";
} else $_SDATA['error'][] = $_LANG['03q'];
} else $_SDATA['error'][] = $_LANG['03c'];
break;
/* ***** Delete a Site ************************************ */
case "Delete":
$_USER['subaction'] = "";
$select = mysql_query("
SELECT
`site`.`id` AS `id`,
`site`.`title` AS `title`,
`user`.`level` AS `level`,
`user`.`id` AS `owner`
FROM
`{$_DDATA['tablesite']}` AS `site`,
`{$_DDATA['tableuser']}` AS `user`
WHERE
`site`.`owner`=`user`.`id`
AND `site`.`id`='".addslashes($_POST['site_id'])."'
;", $_DDATA['link']);
if (mysql_num_rows($select)) {
$_EDIT = mysql_fetch_assoc($select);
for ($x = 1, $confirm = true; $x <= 3; $x++)
if (!isset($_POST["delete_check$x"]) || $_POST["delete_check$x"] != "check$x") $confirm = false;
if ($confirm) {
if ($_USER['level'] > $_EDIT['level'] || $_EDIT['owner'] == $_USER['id']) {
$delete = mysql_query("DELETE FROM `{$_DDATA['tablesite']}` WHERE `id`='{$_EDIT['id']}';", $_DDATA['link']);
if (mysql_affected_rows()) {
$_USER['subaction'] = "";
$_SDATA['success'][] = sprintf($_LANG['06b'], htmlspecialchars($_EDIT['title']));
if ($_EDIT['owner'] != $_USER['id']) {
$select = mysql_query("SELECT `username`, `email` FROM `{$_DDATA['tableuser']}` WHERE `id`='{$_EDIT['owner']}';", $_DDATA['link']);
if (mysql_num_rows($select)) {
$mailinfo = mysql_fetch_assoc($select);
if ($mailinfo['email']) {
ORM_sanitize($_POST['delete_reason'], 256);
if (!$_POST['delete_reason']) $_POST['delete_reason'] = "None";
ORM_ringmail(array($mailinfo['username'], $mailinfo['email']), $_LANG['094'], sprintf($_LANG['095'], $mailinfo['username'], $_EDIT['title'], $_VDATA['name'], $_POST['delete_reason']));
}
}
}
} else $_SDATA['error'][] = $_LANG['035'];
} else $_SDATA['error'][] = $_LANG['03w'];
} else $_SDATA['error'][] = $_LANG['03x'];
} else $_SDATA['error'][] = $_LANG['03c'];
break;
/* ***** Check Site for Navigation Bar ******************** */
case "Check":
break;
/* ***** No Action **************************************** */
default:
$_USER['subaction'] = "";
}
} else if ($_SERVER['REQUEST_METHOD'] == "GET") {
if (isset($_GET['sort']) && in_array($_GET['sort'], array('id', 'title', 'owner', 'errors'))) {
foreach ($_USER['filters']->siteOrder as $key => $value) {
if ($_GET['sort'] == $value[0]) {
if ($key) {
$value[1] = false;
unset($_USER['filters']->siteOrder[$key]);
array_unshift($_USER['filters']->siteOrder, $value);
} else $_USER['filters']->siteOrder[$key][1] = !$_USER['filters']->siteOrder[$key][1];
$newcode = $_USER['filters']->getCode();
$update = mysql_query("UPDATE `{$_DDATA['tableuser']}` SET `filters`='$newcode' WHERE `id`='{$_USER['id']}';", $_DDATA['link']);
break;
}
}
}
}
break;
/* ***** Add Site *********************************************** */
case "Add":
if ($_SERVER['REQUEST_METHOD'] == "POST") {
list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tablesite']}` WHERE `owner`='{$_USER['id']}' AND `status`='inactive';", $_DDATA['link']));
if ($count < 5) {
if (isset($_POST['site_owner']) && $_USER['level'] > 1 && $_POST['site_owner'] != $_USER['id']) {
$select = mysql_query("SELECT `id` FROM `{$_DDATA['tableuser']}` WHERE `id`='".addslashes($_POST['site_owner'])."';", $_DDATA['link']);
if (!mysql_num_rows($select))
$_SDATA['error'][] = $_LANG['03r'];
} else $_POST['site_owner'] = $_USER['id'];
ORM_sanitize($_POST['site_uri'], 256);
if (strlen($_POST['site_uri']) > 11) {
list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tablesite']}` WHERE `uri`='".addslashes($_POST['site_uri'])."';", $_DDATA['link']));
if ($count) $_SDATA['error'][] = $_LANG['03s'];
} else $_SDATA['error'][] = $_LANG['03t'];
if (!isset($_POST['site_title'])) {
if ($_SDATA['allowfopen']) {
$file = @file_get_contents(str_replace(" ", "%20", $_POST['site_uri']));
if ($file) {
preg_match("/<title.*?>(.*?)<\/title>/", $file, $match);
$_POST['site_title'] = (isset($match[1])) ? $match[1] : "Untitled";
} else $_POST['site_title'] = "Untitled";
} else $_POST['site_title'] = "Untitled";
}
ORM_sanitize($_POST['site_title'], 64);
if (!$_POST['site_title']) $_POST['site_title'] = "Untitled";
ORM_sanitize($_POST['site_description'], 1024, true);
if (!count($_SDATA['error'])) {
$select = mysql_query("SELECT `order` FROM `{$_DDATA['tablesite']}` ORDER BY `order`;", $_DDATA['link']);
for ($order = 1; $order <= mysql_num_rows($select); $order++)
if ($order == mysql_num_rows($select) || mysql_result($select, $order, "order") != $order) break;
$insert = mysql_query("INSERT INTO `{$_DDATA['tablesite']}` SET
`order`='$order',
`owner`='{$_POST['site_owner']}',
`uri`='".addslashes($_POST['site_uri'])."',
`title`='".addslashes($_POST['site_title'])."',
`description`='".addslashes($_POST['site_description'])."',
`date`=UNIX_TIMESTAMP()
;", $_DDATA['link']);
if (mysql_affected_rows()) {
$_SDATA['success'][] = $_LANG['06c'];
$_USER['action'] = "Edit";
$_USER['filters'] =& new ORM_filterSet($_USER['filters']);
$_LIST = array();
$select = mysql_query("SELECT `username`, `email` FROM `{$_DDATA['tableuser']}` WHERE `level`>1;", $_DDATA['link']);
while ($row = mysql_fetch_array($select)) $_LIST[] = $row;
if (count($_LIST))
ORM_ringmail($_LIST, sprintf($_LANG['09g'], $_VDATA['name']), sprintf($_LANG['09h'], $_USER['username'], $_POST['site_title'], $_VDATA['name'], $_POST['site_uri']));
} else if (mysql_error()) $_SDATA['error'][] = $_LANG['035'];
}
} else $_SDATA['error'][] = $_LANG['03y'];
}
break;
/* ***** Join Ring ********************************************** */
case "Join":
if ($_SERVER['REQUEST_METHOD'] == "POST") {
ORM_sanitize($_POST['user_username'], 32);
if (strlen($_POST['user_username'])) {
list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tableuser']}` WHERE `username`='".addslashes($_POST['user_username'])."';", $_DDATA['link']));
if ($count) $_SDATA['error'][] = $_LANG['03d'];
} else $_SDATA['error'][] = $_LANG['040'];
ORM_sanitize($_POST['user_password1'], 32);
ORM_sanitize($_POST['user_password2'], 32);
if (strlen($_POST['user_password1']) && strlen($_POST['user_password2'])) {
if ($_POST['user_password1'] != $_POST['user_password2'])
$_SDATA['error'][] = $_LANG['03f'];
} else $_SDATA['error'][] = $_LANG['041'];
ORM_sanitize($_POST['user_email_new']);
if (strlen($_POST['user_email_new'])) {
if (!preg_match("/^(([^<>()[\]\\\\.,;:\s@\"]+(\.[^<>()[\]\\\\.,;:\s@\"]+)*)|(\"([^\"\\\\\r]|(\\\\[\w\W]))*\"))@((\[([0-9]{1,3}\.){3}[0-9]{1,3}\])|(([a-z\-0-9]+\.)+[a-z]{2,}))$/i", $_POST['user_email_new']))
$_SDATA['error'][] = $_LANG['03g'];
} else $_SDATA['error'][] = $_LANG['03z'];
ORM_sanitize($_POST['user_description'], 1024, true);
ORM_sanitize($_POST['site_uri'], 256);
if (strlen($_POST['site_uri']) > 11) {
list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tablesite']}` WHERE `uri`='".addslashes($_POST['site_uri'])."';", $_DDATA['link']));
if ($count) $_SDATA['error'][] = $_LANG['03s'];
} else $_SDATA['error'][] = $_LANG['03t'];
if (!isset($_POST['site_title'])) {
if ($_SDATA['allowfopen']) {
$file = @file_get_contents(str_replace(" ", "%20", $_POST['site_uri']));
if ($file) {
preg_match("/<title.*?>(.*?)<\/title>/", $file, $match);
$_POST['site_title'] = (isset($match[1])) ? $match[1] : "Untitled";
} else $_POST['site_title'] = "Untitled";
} else $_POST['site_title'] = "Untitled";
}
ORM_sanitize($_POST['site_title'], 64);
if (!$_POST['site_title']) $_POST['site_title'] = "Untitled";
ORM_sanitize($_POST['site_description'], 1024, true);
if ($_SDATA['captcha']) {
ORM_sanitize($_POST['auth_captcha'], 5);
$delete = mysql_query("DELETE FROM `{$_DDATA['tableauth']}` WHERE `captcha`='{$_POST['auth_captcha']}';", $_DDATA['link']);
if (!mysql_affected_rows()) $_SDATA['error'][] = $_LANG['043'];
}
if (!count($_SDATA['error'])) {
do {
$key = substr(md5(microtime()), 0, 16);
list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tableuser']}` WHERE `email.key`='$key';", $_DDATA['link']));
} while ($count);
$insert = mysql_query("INSERT INTO `{$_DDATA['tableuser']}` SET
`username`='".addslashes($_POST['user_username'])."',
`password`='".addslashes($_POST['user_password1'])."',
`date`=UNIX_TIMESTAMP(),
`description`='".addslashes($_POST['user_description'])."',
`email.new`='".addslashes($_POST['user_email_new'])."',
`email.date`=UNIX_TIMESTAMP(),
`email.key`='$key'
;", $_DDATA['link']);
if (mysql_affected_rows()) {
$select = mysql_query("SELECT `order` FROM `{$_DDATA['tablesite']}` ORDER BY `order`;", $_DDATA['link']);
for ($order = 1; $order <= mysql_num_rows($select); $order++)
if ($order == mysql_num_rows($select) || mysql_result($select, $order, "order") != $order) break;
$insert = mysql_query("INSERT INTO `{$_DDATA['tablesite']}` SET
`owner`='".mysql_insert_id()."',
`uri`='".addslashes($_POST['site_uri'])."',
`title`='".addslashes($_POST['site_title'])."',
`description`='".addslashes($_POST['site_description'])."',
`date`=UNIX_TIMESTAMP()
;", $_DDATA['link']);
if (mysql_affected_rows()) {
$_SDATA['success'][] = $_LANG['06d'];
ORM_ringmail(array($_POST['user_username'], $_POST['user_email_new']), $_LANG['090'], sprintf($_LANG['091'], $_VDATA['name'], "{$_SDATA['huburi']}?Confirm&id=$key"));
$_SDATA['success'][] = $_LANG['06e'];
$_USER['action'] = "";
} else if (mysql_error()) {
$delete = mysql_query("DELETE FROM `{$_DDATA['tableuser']}` WHERE `username`='".addslashes($_POST['user_username'])."';", $_DDATA['link']);
$_SDATA['error'][] = $_LANG['035'];
}
} else if (mysql_error()) $_SDATA['error'][] = $_LANG['035'];
}
}
break;
/* ***** Display Help Text ************************************** */
case "Help":
break;
/* ***** Confirm a New Email Address **************************** */
case "Confirm":
if (isset($_GET['id'])) {
$select = mysql_query("
SELECT
`user`.`username` AS `username`,
`user`.`id` AS `id`,
`user`.`email.new` AS `email.new`,
`user`.`level` AS `level`,
`site`.`title` AS `title`,
`site`.`uri` AS `uri`
FROM
`{$_DDATA['tableuser']}` AS `user`,
`{$_DDATA['tablesite']}` AS `site`
WHERE
`user`.`id`=`site`.`owner`
AND `email.key`='".addslashes($_GET['id'])."'
;", $_DDATA['link']);
if (mysql_num_rows($select)) {
$joiner = mysql_fetch_assoc($select);
if ($joiner['email.new']) {
$update = mysql_query("UPDATE `{$_DDATA['tableuser']}` SET
`email`=`email.new`,
`email.new`='',
`date`=(CASE WHEN `level`='0' THEN UNIX_TIMESTAMP() ELSE `date` END),
`level`=(CASE WHEN `level`='0' THEN '1' ELSE `level` END)
WHERE `id`='{$joiner['id']}';", $_DDATA['link']);
if (mysql_affected_rows()) {
$_SDATA['success'][] = $_LANG['06f'];
$select = mysql_query("SELECT `id`, `username`, `password`, `level` FROM `{$_DDATA['tableuser']}` WHERE `id`='{$joiner['id']}';", $_DDATA['link']);
$_USER = array_merge($_USER, mysql_fetch_assoc($select));
setcookie('orm3_user', base64_encode("{$_USER['username']} :: ".md5($_USER['password'])), time() + 7200, "/");
if (!$joiner['level']) {
$_USER['action'] = "Welcome";
$_LIST = array();
$select = mysql_query("SELECT `username`, `email` FROM `{$_DDATA['tableuser']}` WHERE `level`>1;", $_DDATA['link']);
while ($row = mysql_fetch_array($select)) $_LIST[] = $row;
if (count($_LIST))
ORM_ringmail($_LIST, sprintf($_LANG['09i'], $_VDATA['name']), sprintf($_LANG['09j'], $joiner['username'], $joiner['title'], $joiner['uri']));
}
} else if (mysql_error()) {
$_USER['action'] = "Blank";
$_SDATA['error'][] = $_LANG['035'];
}
} else $_SDATA['error'][] = $_LANG['03i'];
} else $_SDATA['error'][] = $_LANG['03l'];
}
break;
/* ***** Display Statistics ************************************* */
case "Stats":
break;
/* ***** Display a Profile ************************************** */
case "Profile":
if (isset($_GET['id'])) {
$select = mysql_query("SELECT `id`, `username`, `description`, `date`, `level` FROM `{$_DDATA['tableuser']}` WHERE `id`='".addslashes($_GET['id'])."';", $_DDATA['link']);
if (mysql_num_rows($select)) {
$_PROFILE = mysql_fetch_assoc($select);
} else {
$_USER['action'] = "";
$_SDATA['error'][] = $_LANG['03k'];
}
}
break;
/* ***** Go to a Ring Site ************************************** */
case "Go":
if (count($action) > 2) {
$_GDATA = array();
$select = mysql_query("SELECT `id`, `uri`, `lookahead` FROM `{$_DDATA['tablesite']}` WHERE `status`='active' ORDER BY `order`;", $_DDATA['link']);
while ($row = mysql_fetch_assoc($select)) {
$_ORDER[] = $row['id'];
$_URIS[$row['id']] = $row['uri'];
$_LOOKS[$row['id']] = $row['lookahead'];
if ($row['id'] == (int)$action[2]) $_GDATA['zero'] = $row['id'];
}
if (count($_ORDER) > 1) {
switch ($_GDATA['type'] = strtolower($action[1])) {
case "rand": shuffle($_ORDER);
case "prev": $_ORDER = array_reverse($_ORDER);
case "next":
$_GDATA['from'] = (int)$action[2];
if (isset($_GDATA['zero']))
$_ORDER = array_merge(array_slice($_ORDER, array_search($_GDATA['zero'], $_ORDER)), array_slice($_ORDER, 0, array_search($_GDATA['zero'], $_ORDER)));
reset($_ORDER);
for ($_GDATA['tries'] = 1; $_GDATA['tries'] <= 5; $_GDATA['tries']++) {
$_GDATA['redirects'] = 0;
$_GDATA['to'] = $_ORDER[$_GDATA['tries']];
ORM_ringtravel($_URIS[$_ORDER[$_GDATA['tries']]], $_LOOKS[$_ORDER[$_GDATA['tries']]]);
}
$_SDATA['error'][] = $_LANG['03p'];
break;
case "site":
if (isset($_GDATA['zero'])) {
$_GDATA['from'] = 0;
$_GDATA['to'] = $_GDATA['zero'];
$_GDATA['redirects'] = 0;
ORM_ringtravel($_URIS[$_GDATA['zero']]);
}
$_SDATA['error'][] = $_LANG['03u'];
break;
default:
$_SDATA['error'][] = $_LANG['03v'];
}
} else if (count($_ORDER))
if (isset($_GDATA['zero'])) ORM_ringtravel($_URIS[$_GDATA['zero']]);
}
$_USER['action'] = "";
break;
/* ***** Display the Script-based Navigation Bar **************** */
case "Nav":
if ($_VDATA['navbar.type'] == "script") {
$id = explode("&", $_SERVER['QUERY_STRING']);
if (isset($id[1])) {
header("Content-type: text/javascript;charset={$_VDATA['display.charset']}");
?>function innerXHTML(dat,obj){var par=new DOMParser();var xdc=par.parseFromString('<div xmlns="http://www.w3.org/1999/xhtml">'+dat+'</div>',"application/xhtml+xml").documentElement;for(i=0;i<xdc.childNodes.length;i++)obj.parentNode.appendChild(document.importNode(xdc.childNodes[i], true));}
var dat='<?php echo ORM_html2js(ORM_navbarCodes($_VDATA['navbar.html'], (int)$id[1]), true); ?>';try{var pos=document;while(pos.lastChild&&pos.lastChild.nodeType==1)pos=pos.lastChild;innerXHTML(dat, pos);}catch(e){document.write(dat);}<?php
} else {
header("Content-type: text/html;charset={$_VDATA['display.charset']}", true, 400);
?><!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 <?php echo $_LANG['050']; ?></title>
</head><body>
<h1><?php echo $_LANG['050']; ?></h1>
<p><?php echo $_LANG['051']; ?></p>
<hr>
<address><?php echo $_SDATA['useragent']; ?> - <?php echo $_SERVER['SERVER_NAME']; ?></address>
</body></html><?php
}
} else {
header("Content-type: text/html;charset={$_VDATA['display.charset']}", true, 412);
?><!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>412 <?php echo $_LANG['052']; ?></title>
</head><body>
<h1><?php echo $_LANG['052']; ?></h1>
<p><?php echo $_LANG['053']; ?></p>
<hr>
<address><?php echo $_SDATA['useragent']; ?> - <?php echo $_SERVER['SERVER_NAME']; ?></address>
</body></html><?php
}
exit();
break;
/* ***** Display a Blank Page *********************************** */
case "Blank":
break;
/* ***** Display the Ring Hub *********************************** */
default:
if ($_USER['level'] > 1) {
list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tablesite']}` WHERE `status`='inactive';", $_DDATA['link']));
$_SDATA['success'][] = sprintf($_LANG['0h2'], htmlspecialchars($_USER['username'])).(($count) ? " ".sprintf($_LANG['0h3'], $count) : "");
}
}
}
require_once "statistics.php";
/* ***** Do not cache this page ************************************* */
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
?>