Location: PHPKode > scripts > Orca Ringmaker > orca-ringmaker/orm3/head.php
<?php /* ***** Orca Ringmaker - Head File *************************** */



require "config.ini.php";
require "config.php";


$_USER['id'] = 0;
$_USER['level'] = 0;
$_USER['action'] = "";
$_USER['subaction'] = "";
$_USER['filters'] = "";


if ($_DDATA['online']) {

	/* ***** User Data (Login) **************************************** */
	if (isset($_COOKIE['orm3_user'])) {
		$x = explode(" :: ", base64_decode($_COOKIE['orm3_user']));
		$_USER['username'] = $x[0];
		$select = mysql_query("SELECT `id`, `level`, `filters` FROM `{$_DDATA['tableuser']}` WHERE `username`='".addslashes($_USER['username'])."' AND MD5(`password`)='".addslashes($x[1])."' LIMIT 1;", $_DDATA['link']);
		if (mysql_num_rows($select)) {
			$_USER = array_merge($_USER, mysql_fetch_assoc($select));
			if ($_USER['level'])
				setcookie('orm3_user', base64_encode("{$_USER['username']} :: {$x[1]}"), time() + 7200, "/");
		}
	}

	if (!$_USER['level'] && isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] == "Login" && $_SERVER['REQUEST_METHOD'] == "POST") {
		$_USER['username'] = $_POST['username'];
		$select = mysql_query("SELECT `id`, `level`, `filters` FROM `{$_DDATA['tableuser']}` WHERE `username`='".addslashes($_USER['username'])."' AND `password`='".addslashes($_POST['password'])."' LIMIT 1;", $_DDATA['link']);
		if (mysql_num_rows($select)) {
			$_USER = array_merge($_USER, mysql_fetch_assoc($select));
			if ($_USER['level']) {
				setcookie('orm3_user', base64_encode("{$_USER['username']} :: ".md5($_POST['password'])), time() + 7200, "/");
			} else $_SDATA['error'][] = $_LANG['030'];
		} else $_SDATA['error'][] = $_LANG['031'];
	}


	/* ***** Page Access Rights *************************************** */
	if (isset($_SERVER['QUERY_STRING'])) {
		$action = explode("&", $_SERVER['QUERY_STRING']);
		switch ($action[0]) {
			case "Logout":
				if ($_USER['level'] > 0) {
					$_USER['level'] = 0;
					setcookie('orm3_user', "", time() - 86400, "/");
					$_SDATA['success'][] = $_LANG['060'];
				}
				break;

			case "Setup":
			case "Email":
				if ($_USER['level'] <= 1) {
					$_USER['action'] = "Blank";
					$_SDATA['error'][] = $_LANG['032'];
					break;
				}
			case "Account":
				if ($_USER['level'] == 1) {
					$select = mysql_query("SELECT * FROM `{$_DDATA['tableuser']}` WHERE `id`='{$_USER['id']}';", $_DDATA['link']);
					if (mysql_num_rows($select)) {
						$_EDIT = mysql_fetch_assoc($select);
						$_USER['subaction'] = "Select";
					} else $_SDATA['error'][] = $_LANG['033'];
				} else if ($_USER['level'] > 1 && isset($_GET['id'])) {
					$select = mysql_query("SELECT * FROM `{$_DDATA['tableuser']}` WHERE `id`='".addslashes($_GET['id'])."';", $_DDATA['link']);
					if (mysql_num_rows($select)) {
						$_EDIT = mysql_fetch_assoc($select);
						if ($_USER['level'] > $_EDIT['level'] || $_USER['id'] == $_GET['id']) {
							$_USER['subaction'] = "Select";
						} else $_SDATA['error'][] = $_LANG['03b'];
					} else $_SDATA['error'][] = $_LANG['033'];
				}
			case "Edit":
			case "Add":
				if ($_USER['level'] < 1) {
					$_USER['action'] = "Blank";
					$_SDATA['error'][] = $_LANG['032'];
					break;
				}
				$_USER['action'] = $action[0];
				break;

			case "Join":
				if ($_USER['level'] > 0) {
					$_USER['action'] = "Blank";
					$_SDATA['error'][] = $_LANG['034'];
					break;
				}
				$_USER['action'] = $action[0];
				break;

			case "Help":
				if (!@file_exists("{$_SERVER['DOCUMENT_ROOT']}/{$_SDATA['directory']}/help.html")) break;
			case "Confirm":
			case "Stats":
			case "Profile":
			case "Go":
			case "Nav":
			case "Blank":
			// default:
				$_USER['action'] = $action[0];
		}
	}


	/* ***** Perform Actions ****************************************** */
	switch ($_USER['action']) {

		/* ***** Ring Setup ********************************************* */
		case "Setup":
			if ($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['action'])) {
				switch ($_USER['subaction'] = $_POST['action']) {

					/* ***** Edit Ring Details ******************************** */
					case "Edit":
						ORM_sanitize($_POST['ring_name'], 64);
						if (!$_POST['ring_name']) $_POST['ring_name'] = $_LANG['00t'];

						ORM_sanitize($_POST['ring_display_announcement'], 1024, true);

						$_POST['ring_display_sitelimit'] = min(255, max(1, (int)$_POST['ring_display_sitelimit']));

						ORM_sanitize($_POST['ring_display_charset'], 16);
						if (!$_POST['ring_display_charset']) $_POST['ring_display_charset'] = "ISO-8859-1";

						if (!is_dir("{$_SERVER['DOCUMENT_ROOT']}/{$_SDATA['directory']}/themes/".$_POST['ring_display_theme'])) $_POST['ring_display_theme'] = $_VDATA['display.theme'];

						if (!in_array($_POST['ring_mail_method'], array("mail", "sendmail", "smtp"))) $_POST['ring_mail_method'] = $_VDATA['mail.method'];

						if (isset($_POST['ring_mail_smtp_server'])) {
							ORM_sanitize($_POST['ring_mail_smtp_server'], 128);
						} else $_POST['ring_mail_smtp_server'] = $_VDATA['mail.smtp.server'];

						if (isset($_POST['ring_mail_smtp_username'])) {
							ORM_sanitize($_POST['ring_mail_smtp_username'], 128);
						} else $_POST['ring_mail_smtp_username'] = $_VDATA['mail.smtp.username'];

						if (isset($_POST['ring_mail_smtp_password'])) {
							ORM_sanitize($_POST['ring_mail_smtp_password'], 128);
						} else $_POST['ring_mail_smtp_password'] = $_VDATA['mail.smtp.password'];

						ORM_sanitize($_POST['ring_stats_timezone_name'], 5);
						if (!$_POST['ring_stats_timezone_name']) $_POST['ring_stats_timezone_name'] = "-";

						$_POST['ring_stats_timezone_offset'] = min(12, max(-13, (int)$_POST['ring_stats_timezone_offset']));

						$_POST['ring_stats_toplimit'] = min(100, max(1, (int)$_POST['ring_stats_toplimit']));

						$_POST['ring_stats_colbots'] = (!isset($_POST['ring_stats_colbots'])) ? "no" : "yes";

						if (!isset($_LANG['stats.type'][$_POST['ring_stats_type']])) $_POST['ring_stats_type'] = $_VDATA['stats.type'];

						$update = mysql_query("UPDATE `{$_DDATA['tablename']}` SET
							`name`='".addslashes($_POST['ring_name'])."',
							`display.charset`='".addslashes($_POST['ring_display_charset'])."',
							`display.sitelimit`='".addslashes($_POST['ring_display_sitelimit'])."',
							`display.announcement`='".addslashes($_POST['ring_display_announcement'])."',
							`display.theme`='".addslashes($_POST['ring_display_theme'])."',
							`mail.method`='".addslashes($_POST['ring_mail_method'])."',
							`mail.smtp.server`='".addslashes($_POST['ring_mail_smtp_server'])."',
							`mail.smtp.username`='".addslashes($_POST['ring_mail_smtp_username'])."',
							`mail.smtp.password`='".addslashes($_POST['ring_mail_smtp_password'])."',
							`stats.type`='".addslashes($_POST['ring_stats_type'])."',
							`stats.timezone.name`='".addslashes($_POST['ring_stats_timezone_name'])."',
							`stats.timezone.offset`='".addslashes($_POST['ring_stats_timezone_offset'])."',
							`stats.toplimit`='".addslashes($_POST['ring_stats_toplimit'])."',
							`stats.colbots`='{$_POST['ring_stats_colbots']}'
						;", $_DDATA['link']);

						if (mysql_affected_rows()) {
							$_SDATA['success'][] = $_LANG['061'];
						} else if (mysql_error()) $_SDATA['error'][] = $_LANG['035'];
						break;

					/* ***** Edit Ring Order ********************************** */
					case "Order":
						$ordered = true;
						list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tablesite']}`;", $_DDATA['link']));
						if ($count > 1) {
							switch ($_POST['order_method']) {
								case "random":
									$order = range(1, $count);
									shuffle($order);
									$select = mysql_query("SELECT `id` FROM `{$_DDATA['tablesite']}` ORDER BY `id`;", $_DDATA['link']);
									for ($x = 0; $x < count($order); $x++)
										$update = mysql_query("UPDATE `{$_DDATA['tablesite']}` SET `order`='{$order[$x]}' WHERE `id`='".mysql_result($select, $x, "id")."';", $_DDATA['link']);
									break;
								case "alpha_asc":
								case "alpha_des":
									$select = mysql_query("SELECT `id` FROM `{$_DDATA['tablesite']}` ORDER BY `title`".(($_POST['order_method'] == "alpha_des") ? " DESC" : "").";", $_DDATA['link']);
									for ($x = 0; $x < mysql_num_rows($select); $x++)
										$update = mysql_query("UPDATE `{$_DDATA['tablesite']}` SET `order`='".($x + 1)."' WHERE `id`='".mysql_result($select, $x, "id")."';", $_DDATA['link']);
									break;
								case "sid_asc":
									$update = mysql_query("UPDATE `{$_DDATA['tablesite']}` SET `order`=`id`;", $_DDATA['link']);
									break;
								case "sid_des":
									$select = mysql_query("SELECT `id` FROM `{$_DDATA['tablesite']}` ORDER BY `id` DESC;", $_DDATA['link']);
									for ($x = 0; $x < mysql_num_rows($select); $x++)
										$update = mysql_query("UPDATE `{$_DDATA['tablesite']}` SET `order`='".($x + 1)."' WHERE `id`='".mysql_result($select, $x, "id")."';", $_DDATA['link']);
									break;
								case "join_asc":
								case "join_des":
									$select = mysql_query("SELECT `id` FROM `{$_DDATA['tablesite']}` ORDER BY `date`".(($_POST['order_method'] == "join_des") ? " DESC" : "").";", $_DDATA['link']);
									for ($x = 0; $x < mysql_num_rows($select); $x++)
										$update = mysql_query("UPDATE `{$_DDATA['tablesite']}` SET `order`='".($x + 1)."' WHERE `id`='".mysql_result($select, $x, "id")."';", $_DDATA['link']);
									break;
								case "pop_asc":
								case "pop_des":
								case "pop_int":
									require_once "statistics.php";

									$order = array(); $x = 0;
									foreach ($_CACHE->ids as $id)
										$order[$id] = array_sum(array_slice($_CACHE->site[$id]['days']->hits['total'], 0, 3));
									if ($_POST['order_method'] == "pop_des") { arsort($order); } else asort($order);
									$order = array_keys($order);
									if ($_POST['order_method'] == "pop_int") {
										while (count($order) > 0) {
											$update = mysql_query("UPDATE `{$_DDATA['tablesite']}` SET `order`='".($x++)."' WHERE `id`='".array_pop($order)."';", $_DDATA['link']);
											if (count($order) > 0)
												$update = mysql_query("UPDATE `{$_DDATA['tablesite']}` SET `order`='".($x++)."' WHERE `id`='".array_shift($order)."';", $_DDATA['link']);
										}
									} else
										foreach ($order as $value)
											$update = mysql_query("UPDATE `{$_DDATA['tablesite']}` SET `order`='".($x++)."' WHERE `id`='$value';", $_DDATA['link']);
									break;
								default:
									$ordered = false;
							}
							if ($ordered) $_SDATA['success'][] = $_LANG['062'];
						} else $_SDATA['error'][] = $_LANG['036'];
						break;

					/* ***** Edit Navigation Bar HTML ************************* */
					case "Navbar":
						if (!isset($_POST['navbar_type']) || !in_array($_POST['navbar_type'], array("html", "script")))
							$_POST['navbar_type'] = $_VDATA['navbar.type'];

						ORM_sanitize($_POST['navbar_html'], 8192, true);

						if (isset($_POST['navbar_script'])) {
							ORM_sanitize($_POST['navbar_script'], 2048, true);
						} else $_POST['navbar_script'] = $_VDATA['navbar.script'];

						$update = mysql_query("UPDATE `{$_DDATA['tablename']}` SET
							`navbar.type`='".addslashes($_POST['navbar_type'])."',
							`navbar.html`='".addslashes($_POST['navbar_html'])."',
							`navbar.script`='".addslashes($_POST['navbar_script'])."'
						;", $_DDATA['link']);

						if (mysql_affected_rows()) {
							$_SDATA['success'][] = $_LANG['063'];
						} else if (mysql_error()) $_SDATA['error'][] = $_LANG['035'];

						break;

				}
				$_VDATA = mysql_fetch_assoc(mysql_query("SELECT * FROM `{$_DDATA['tablename']}`;", $_DDATA['link']));
				$_USER['subaction'] = "";
			}
			break;

		/* ***** Email Ring Members ************************************* */
		case "Email":
			if (isset($_REQUEST['action'])) {
				switch ($_USER['subaction'] = $_REQUEST['action']) {

					/* ***** Send a Message *********************************** */
					case "Send":
						if ($_SERVER['REQUEST_METHOD'] == "POST") {
							if ($_USER['level'] > 1) {
								switch ($_POST['email_recipients']) {
									case "all":
										$to = $_LANG['0cp'];
										$select = mysql_query("SELECT `username`, `email` FROM `{$_DDATA['tableuser']}` WHERE `level`>0;", $_DDATA['link']);
										while ($row = mysql_fetch_array($select)) $_LIST[] = $row;
										break;

									case "administrators":
										$to = $_LANG['0cq'];
										$select = mysql_query("SELECT `username`, `email` FROM `{$_DDATA['tableuser']}` WHERE `level`>1;", $_DDATA['link']);
										while ($row = mysql_fetch_array($select)) $_LIST[] = $row;
										break;

									case "selected":
										if (isset($_POST['email_accounts'])) {
											$to = $_LANG['0cr'];
											$select = mysql_query("SELECT `id`, `username`, `email` FROM `{$_DDATA['tableuser']}` WHERE `level`>0;", $_DDATA['link']);
											while ($row = mysql_fetch_assoc($select)) $_ALL[$row['id']] = array($row['username'], $row['email']);
											foreach ($_POST['email_accounts'] as $email_accounts)
												if (isset($_ALL[$email_accounts])) $_LIST[] = $_ALL[$email_accounts];
										}
										break;

								}

								if (isset($_LIST) && count($_LIST)) {
									$adds = array();
									foreach ($_LIST as $list) $adds[] = implode($list, " <").">";

									ORM_sanitize($_POST['email_subject'], 64);
									if (!$_POST['email_subject']) $_SDATA['error'][] = $_LANG['037'];

									ORM_sanitize($_POST['email_message'], 8192, true);
									if (!$_POST['email_message']) $_SDATA['error'][] = $_LANG['038'];

									if (!count($_SDATA['error'])) {
										if ($sent = ORM_ringmail($_LIST, $_POST['email_subject'], $_POST['email_message']))
											$_SDATA['success'][] = sprintf($_LANG['064'], $sent);

										$insert = mysql_query("INSERT INTO `{$_DDATA['tablemail']}` SET
											`sentby`={$_USER['id']},
											`date`=UNIX_TIMESTAMP(),
											`to`='".addslashes($to)."',
											`adds`='".addslashes(implode($adds, ", "))."',
											`subject`='".addslashes($_POST['email_subject'])."',
											`message`='".addslashes($_POST['email_message'])."'
										;", $_DDATA['link']);
									}

								} else $_SDATA['error'][] = $_LANG['039'];
							} else $_SDATA['error'][] = $_LANG['03a'];
						}
						break;

					/* ***** View a Sent Message ****************************** */
					case "View":
						if (isset($_GET['message_id'])) {
							$select = mysql_query("
								SELECT
									`mail`.`id` as `id`,
									`user`.`username` as `sender`,
									`user`.`id` as `userid`,
									`mail`.`date` as `date`,
									`mail`.`to` as `to`,
									`mail`.`subject` as `subject`,
									`mail`.`message` as `message`,
									`mail`.`adds` as `adds`
									FROM
										`{$_DDATA['tablemail']}` as `mail`,
										`{$_DDATA['tableuser']}` as `user`
										WHERE
											`mail`.`sentby`=`user`.`id` AND
											`mail`.`id`=".(int)$_GET['message_id']."
							;", $_DDATA['link']);
							if (mysql_num_rows($select)) {
								$_EDIT = mysql_fetch_assoc($select);
							} else {
								$_USER['subaction'] = "";
								$_SDATA['error'][] = "Message not found";
							}
						}
						break;

					/* ***** Delete a Sent Message **************************** */
					case "Delete":
						if ($_SERVER['REQUEST_METHOD'] == "POST") {
							if ($_USER['level'] == 3) {
								if (isset($_POST['message_id']) && count($_POST['message_id'])) {
									$deleted = 0;
									foreach ($_POST['message_id'] as $message_id) {
										$delete = mysql_query("DELETE FROM `{$_DDATA['tablemail']}` WHERE `id`=".(int)$message_id.";", $_DDATA['link']);
										$deleted += mysql_affected_rows();
									}
									$_SDATA['success'][] = "$deleted message(s) were deleted";
								} else $_SDATA['error'][] = "No selected messages to delete";
							} else $_SDATA['error'][] = $_LANG['03h'];
						}
						break;

					/* ***** No Action **************************************** */
					default:
						$_USER['subaction'] = "";
				}
			}
			break;

		/* ***** Edit Account Information ******************************* */
		case "Account":
			$_USER['filters'] =& new ORM_filterSet($_USER['filters']);

			if ($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['action'])) {
				switch ($_USER['subaction'] = $_POST['action']) {

					/* ***** Select an Account to Edit ************************ */
					case "Select":
						$_USER['subaction'] = "";
						foreach ($_POST as $key => $value) {
							if (strpos($key, "Edit_") === 0) {
								$select = mysql_query("SELECT * FROM `{$_DDATA['tableuser']}` WHERE `id`='".(int)str_replace("Edit_", "", $key)."';", $_DDATA['link']);
								if (mysql_num_rows($select)) {
									$_EDIT = mysql_fetch_assoc($select);
									if ($_USER['level'] > $_EDIT['level'] || $_USER['id'] == $_EDIT['id']) {
										$_USER['subaction'] = "Select";
									} else $_SDATA['error'][] = $_LANG['03b'];
								} else $_SDATA['error'][] = $_LANG['03c'];
							}
						}
						if (!$_USER['subaction'] && isset($_POST['Filter'])) {
							ORM_sanitize($_POST['Filter_username'], 32);
							$_USER['filters']->accoFilter[0] = $_POST['Filter_username'];

							if (!$_POST['Filter_level'] || isset($_LANG['level'][$_POST['Filter_level']]))
								$_USER['filters']->accoFilter[1] = $_POST['Filter_level'];

							$newcode = $_USER['filters']->getCode();
							$update = mysql_query("UPDATE `{$_DDATA['tableuser']}` SET `filters`='$newcode' WHERE `id`='{$_USER['id']}';", $_DDATA['link']);
						}
						break;

					/* ***** Edit Account Information ************************* */
					case "Edit":
						$select = mysql_query("SELECT * FROM `{$_DDATA['tableuser']}` WHERE `id`='".addslashes($_POST['user_id'])."';", $_DDATA['link']);
						if (mysql_num_rows($select)) {
							$_EDIT = mysql_fetch_assoc($select);
							$selfmod = ($_USER['id'] == $_EDIT['id']);

							if ($_USER['level'] > $_EDIT['level'] || $selfmod) {

								ORM_sanitize($_POST['user_username'], 32);
								if (($selfmod && $_USER['level'] > 1) || $_USER['level'] == 3 || ($_USER['level'] == 2 && $_EDIT['level'] == 1)) {
									if ($_POST['user_username'] != $_EDIT['username']) {
										list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tableuser']}` WHERE `username`='".addslashes($_POST['user_username'])."';", $_DDATA['link']));
										if ($count) $_SDATA['error'][] = $_LANG['03d'];
									}
								} else $_SDATA['error'][] = $_LANG['03e'];

								ORM_sanitize($_POST['user_password1'], 32);
								ORM_sanitize($_POST['user_password2'], 32);
								if ($selfmod || $_USER['level'] == 3 || ($_USER['level'] == 2 && $_EDIT['level'] == 1)) {
									if (strlen($_POST['user_password1']) && strlen($_POST['user_password2'])) {
										if ($_POST['user_password1'] != $_POST['user_password2'])
											$_SDATA['error'][] = $_LANG['03f'];
									} else $_POST['user_password1'] = $_EDIT['password'];
								}
								$rebake = ($selfmod && ($_POST['user_username'] != $_EDIT['username'] || $_POST['user_password1'] != $_EDIT['password'])) ? true : false;

								ORM_sanitize($_POST['user_email_new']);
								if ($selfmod || $_USER['level'] == 3 || ($_USER['level'] == 2 && $_EDIT['level'] == 1)) {
									if (strlen($_POST['user_email_new'])) {
										if (!preg_match("/^(([^<>()[\]\\\\.,;:\s@\"]+(\.[^<>()[\]\\\\.,;:\s@\"]+)*)|(\"([^\"\\\\\r]|(\\\\[\w\W]))*\"))@((\[([0-9]{1,3}\.){3}[0-9]{1,3}\])|(([a-z\-0-9]+\.)+[a-z]{2,}))$/i", $_POST['user_email_new']))
											$_SDATA['error'][] = $_LANG['03g'];
									}
									if ($_POST['user_email_new'] == $_EDIT['email']) $_POST['user_email_new'] = "";
								}

								ORM_sanitize($_POST['user_description'], 1024, true);

								$newowner = false;
								if (isset($_POST['user_level']) && $_USER['level'] == 3 && $_EDIT['level'] < 3) {
									$_POST['user_level'] = min(3, max(0, (int)$_POST['user_level']));
									if (!$_POST['user_level'] && $_EDIT['level']) {
										$_POST['user_level'] = $_EDIT['level'];
									} else if ($_POST['user_level'] == 3) $newowner = true;
								} else $_POST['user_level'] = $_EDIT['level'];

								if (!count($_SDATA['error'])) {
									$newemail = ($_POST['user_email_new'] && $_POST['user_email_new'] != $_EDIT['email.new']);

									if ($newemail) {
										do {
											$key = substr(md5(microtime()), 0, 16);
											list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tableuser']}` WHERE `email.key`='$key';", $_DDATA['link']));
										} while ($count);
									}

									$update = mysql_query("UPDATE `{$_DDATA['tableuser']}` SET
										`username`='".addslashes($_POST['user_username'])."',
										`password`='".addslashes($_POST['user_password1'])."',
										`description`='".addslashes($_POST['user_description'])."',
										".(($newemail) ? "
											`email.new`='".addslashes($_POST['user_email_new'])."',
											`email.date`=UNIX_TIMESTAMP(),
											`email.key`='$key',
										" : "")."
										`level`='".addslashes($_POST['user_level'])."'
									WHERE `id`='".addslashes($_POST['user_id'])."';", $_DDATA['link']);

									if (mysql_affected_rows()) {
										if ($newemail) {
											ORM_ringmail(array($_POST['user_username'], $_POST['user_email_new']), $_LANG['096'], sprintf($_LANG['097'], $_VDATA['name'], "{$_SDATA['huburi']}?Confirm&id=$key"));
											$_SDATA['success'][] = $_LANG['065'];
										}

										$_SDATA['success'][] = $_LANG['066'];

										if ($newowner) {
											$update = mysql_query("UPDATE `{$_DDATA['tableuser']}` SET `level`='3' WHERE `level`='4' AND `id`!='".addslashes($_POST['user_id'])."';", $_DDATA['link']);
											if (mysql_affected_rows()) $_SDATA['success'][] = $_LANG['067'];
										}

										if ($selfmod) {
											$select = mysql_query("SELECT `id`, `username`, `password`, `level` FROM `{$_DDATA['tableuser']}` WHERE `id`='{$_USER['id']}' LIMIT 1;", $_DDATA['link']);
											if (mysql_num_rows($select)) {
												$_USER = array_merge($_USER, mysql_fetch_assoc($select));
												if ($rebake) setcookie('orm3_user', base64_encode("{$_USER['username']} :: ".md5($_USER['password'])), time() + 7200, "/");
											}

										} else if ($_EDIT['level'] != $_POST['user_level']) {
											if ($newowner) {
												ORM_ringmail(array($_POST['user_username'], $_EDIT['email']), $_LANG['09e'], sprintf($_LANG['09f'], $_POST['user_username'], $_VDATA['name']));
											} else ORM_ringmail(array($_POST['user_username'], $_EDIT['email']), $_LANG['09c'], sprintf($_LANG['09d'], $_POST['user_username'], $_VDATA['name'], $_LANG['level'][$_POST['user_level']]));

										} // other changes a member should be notified about

									} else if (mysql_error()) $_SDATA['error'][] = $_LANG['035'];
								} else $_USER['subaction'] = "Select";

								if ($_USER['level'] == 1) {
									$select = mysql_query("SELECT * FROM `{$_DDATA['tableuser']}` WHERE `id`='{$_USER['id']}';", $_DDATA['link']);
									if (mysql_num_rows($select)) {
										$_EDIT = mysql_fetch_assoc($select);
										$_USER['subaction'] = "Select";
									} else $_SDATA['error'][] = $_LANG['03j'];
								} else $_USER['subaction'] = "";

							} else $_SDATA['error'][] = $_LANG['03b'];
						} else $_SDATA['error'][] = $_LANG['03k'];
						break;

					/* ***** Delete an Account ******************************** */
					case "Delete":
						$_USER['subaction'] = "";

						$select = mysql_query("SELECT * FROM `{$_DDATA['tableuser']}` WHERE `id`='".addslashes($_POST['user_id'])."';", $_DDATA['link']);
						if (mysql_num_rows($select)) {
							$_EDIT = mysql_fetch_assoc($select);

							if ($_USER['level'] > $_EDIT['level'] || $_POST['user_id'] == $_USER['id']) {
								for ($x = 1, $confirm = true; $x <= 3; $x++)
									if (!isset($_POST["delete_check$x"]) || $_POST["delete_check$x"] != "check$x") $confirm = false;

								if ($confirm) {
									if ($_EDIT['level'] < 3) {
										$delete = mysql_query("DELETE FROM `{$_DDATA['tableuser']}` WHERE `id`='{$_EDIT['id']}';", $_DDATA['link']);
										if (mysql_affected_rows()) {
											$_SDATA['success'][] = sprintf($_LANG['068'], $_EDIT['username']);
											$_USER['subaction'] = "";

											$delete = mysql_query("DELETE FROM `{$_DDATA['tablesite']}` WHERE `owner`='{$_EDIT['id']}';", $_DDATA['link']);
											if (mysql_affected_rows())
												$_SDATA['success'][] = sprintf($_LANG['069'], mysql_affected_rows(), $_EDIT['username']);

											if ($_EDIT['id'] == $_USER['id']) {
												$_USER['level'] = 0;
												$_USER['action'] = "";
												setcookie('orm3_user', "", time() - 86400, "/");
												$_SDATA['success'][] = $_LANG['060'];

											} else if ($_EDIT['email']) {
												ORM_sanitize($_POST['delete_reason'], 256);
												if (!$_POST['delete_reason']) $_POST['delete_reason'] = "None";
												ORM_ringmail(array($_EDIT['username'], $_EDIT['email']), $_LANG['092'], sprintf($_LANG['093'], $_EDIT['username'], $_VDATA['name'], $_POST['delete_reason']));
											}

										} else $_SDATA['error'][] = $_LANG['035'];
									} else $_SDATA['error'][] = $_LANG['03m'];
								} else $_SDATA['error'][] = $_LANG['03n'];
							} else $_SDATA['error'][] = $_LANG['03o'];
						} else $_SDATA['error'][] = $_LANG['03k'];
						break;

					/* ***** No Action **************************************** */
					default:
						$_USER['subaction'] = "";
				}

			} else if ($_SERVER['REQUEST_METHOD'] == "GET") {
				if (isset($_GET['sort']) && in_array($_GET['sort'], array('id', 'username', 'level', 'sites'))) {
					foreach ($_USER['filters']->accoOrder as $key => $value) {
						if ($_GET['sort'] == $value[0]) {
							if ($key) {
								$value[1] = false;
								unset($_USER['filters']->accoOrder[$key]);
								array_unshift($_USER['filters']->accoOrder, $value);
							} else $_USER['filters']->accoOrder[$key][1] = !$_USER['filters']->accoOrder[$key][1];

							$newcode = $_USER['filters']->getCode();
							$update = mysql_query("UPDATE `{$_DDATA['tableuser']}` SET `filters`='$newcode' WHERE `id`='{$_USER['id']}';", $_DDATA['link']);
							break;
						}
					}
				}
			}
			break;

		/* ***** Edit Site Information ********************************** */
		case "Edit":
			$_USER['filters'] =& new ORM_filterSet($_USER['filters']);

			if ($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['action'])) {
				switch ($_USER['subaction'] = $_POST['action']) {

					/* ***** Select a Site to Edit **************************** */
					case "Select":
						$_USER['subaction'] = "";
						foreach ($_POST as $key => $value) {
							if (strpos($key, "Edit_") === 0) {
								$select = mysql_query("
									SELECT
										`site`.`id` as `id`,
										`site`.`owner` as `owner`,
										`site`.`status` as `status`,
										`site`.`lookahead` as `lookahead`,
										`site`.`uri` as `uri`,
										`site`.`title` as `title`,
										`site`.`description` as `description`,
										`user`.`username` as `username`,
										`user`.`level` as `level`
										FROM
											`{$_DDATA['tablesite']}` as `site`,
											`{$_DDATA['tableuser']}` as `user`
											WHERE
												`site`.`owner`=`user`.`id`
												AND `site`.`id`='".(int)str_replace("Edit_", "", $key)."'
								;", $_DDATA['link']);

								if (mysql_num_rows($select)) {
									$_EDIT = mysql_fetch_assoc($select);
									if ($_USER['level'] > $_EDIT['level'] || $_EDIT['owner'] == $_USER['id']) {
										$_USER['subaction'] = "Select";
									} else $_SDATA['error'][] = $_LANG['03q'];
								} else $_SDATA['error'][] = $_LANG['03c'];
							}
						}
						if (!$_USER['subaction'] && isset($_POST['Filter'])) {
							ORM_sanitize($_POST['Filter_title'], 32);
							$_USER['filters']->siteFilter[0] = $_POST['Filter_title'];

							if (isset($_POST['Filter_owner'])) {
								ORM_sanitize($_POST['Filter_owner'], 32);
								$_USER['filters']->siteFilter[1] = $_POST['Filter_owner'];
							}

							if (!$_POST['Filter_status'] || isset($_LANG['status'][$_POST['Filter_status']]))
								$_USER['filters']->siteFilter[2] = $_POST['Filter_status'];

							$newcode = $_USER['filters']->getCode();
							$update = mysql_query("UPDATE `{$_DDATA['tableuser']}` SET `filters`='$newcode' WHERE `id`='{$_USER['id']}';", $_DDATA['link']);
						}
						break;

					/* ***** Edit Site Information **************************** */
					case "Edit":
						$select = mysql_query("
							SELECT
								`site`.`owner` as `owner`,
								`site`.`status` as `status`,
								`user`.`username` as `username`,
								`user`.`level` as `level`,
								`user`.`email` as `email`
								FROM
									`{$_DDATA['tablesite']}` as `site`,
									`{$_DDATA['tableuser']}` as `user`
									WHERE
										`site`.`owner`=`user`.`id`
										AND `site`.`id`='".addslashes($_POST['site_id'])."'
						;", $_DDATA['link']);

						if (mysql_num_rows($select)) {
							$_EDIT = mysql_fetch_assoc($select);
							if ($_USER['level'] > $_EDIT['level'] || $_EDIT['owner'] == $_USER['id']) {

								if (isset($_POST['site_owner']) && $_USER['level'] > 1 && $_POST['site_owner'] != $_EDIT['owner']) {
									if (mysql_num_rows($select)) {
										$_EDIT['owner'] = $_POST['site_owner'];
									} else $_SDATA['error'][] = $_LANG['03r'];
								}

								$newdate = false;
								if (isset($_POST['site_status']) && isset($_LANG['status'][$_POST['site_status']]) && $_POST['site_status'] != "inactive" && ($_USER['level'] > 1 || !in_array($_POST['site_status'], array("hibernating", "active")))) {
									if ($_EDIT['status'] == "inactive" && $_POST['site_status'] != $_EDIT['status']) $newdate = true;
								} else $_POST['site_status'] = $_EDIT['status'];

								$_POST['site_lookahead'] = (!isset($_POST['site_lookahead'])) ? "no" : "yes";

								ORM_sanitize($_POST['site_uri'], 256);
								if (strlen($_POST['site_uri']) > 11) {
									list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tablesite']}` WHERE `uri`='".addslashes($_POST['site_uri'])."' AND `id`!='".addslashes($_POST['site_id'])."';", $_DDATA['link']));
									if ($count) $_SDATA['error'][] = $_LANG['03s'];
								} else $_SDATA['error'][] = $_LANG['03t'];

								ORM_sanitize($_POST['site_title'], 64);
								if (!$_POST['site_title']) $_POST['site_title'] = "Untitled";
				
								ORM_sanitize($_POST['site_description'], 1024, true);

								if (!count($_SDATA['error'])) {
									$update = mysql_query("UPDATE `{$_DDATA['tablesite']}` SET
										`owner`='{$_EDIT['owner']}',
										`uri`='".addslashes($_POST['site_uri'])."',
										`title`='".addslashes($_POST['site_title'])."',
										`description`='".addslashes($_POST['site_description'])."',
										".(($newdate) ? "`date`=UNIX_TIMESTAMP()," : "")."
										`status`='{$_POST['site_status']}',
										`lookahead`='{$_POST['site_lookahead']}'
									WHERE `id`='".addslashes($_POST['site_id'])."';", $_DDATA['link']);
	
									if (mysql_affected_rows()) {
										$_SDATA['success'][] = sprintf($_LANG['06a'], $_POST['site_title']);
										$_USER['subaction'] = "";

										if ($_EDIT['owner'] != $_USER['id']) {
											if ($_EDIT['status'] == "inactive" && $_POST['site_status'] == "active") {
												ORM_ringmail(array($_EDIT['username'], $_EDIT['email']), $_LANG['098'], sprintf($_LANG['099'], $_EDIT['username'], $_POST['site_title'], $_VDATA['name']));
											} else if ($_EDIT['status'] != $_POST['site_status'])
												ORM_ringmail(array($_EDIT['username'], $_EDIT['email']), $_LANG['09a'], sprintf($_LANG['09b'], $_EDIT['username'], $_POST['site_title'], $_VDATA['name'], $_LANG['status'][$_POST['site_status']]));
										}
									} else if (mysql_error()) $_SDATA['error'][] = $_LANG['035'];
								} else $_USER['subaction'] = "Select";

							} else $_SDATA['error'][] = $_LANG['03q'];
						} else $_SDATA['error'][] = $_LANG['03c'];
						break;

					/* ***** Delete a Site ************************************ */
					case "Delete":
						$_USER['subaction'] = "";

						$select = mysql_query("
							SELECT
								`site`.`id` AS `id`,
								`site`.`title` AS `title`,
								`user`.`level` AS `level`,
								`user`.`id` AS `owner`
								FROM
									`{$_DDATA['tablesite']}` AS `site`,
									`{$_DDATA['tableuser']}` AS `user`
									WHERE
									`site`.`owner`=`user`.`id`
									AND `site`.`id`='".addslashes($_POST['site_id'])."'
						;", $_DDATA['link']);

						if (mysql_num_rows($select)) {
							$_EDIT = mysql_fetch_assoc($select);

							for ($x = 1, $confirm = true; $x <= 3; $x++)
								if (!isset($_POST["delete_check$x"]) || $_POST["delete_check$x"] != "check$x") $confirm = false;

							if ($confirm) {
								if ($_USER['level'] > $_EDIT['level'] || $_EDIT['owner'] == $_USER['id']) {
									$delete = mysql_query("DELETE FROM `{$_DDATA['tablesite']}` WHERE `id`='{$_EDIT['id']}';", $_DDATA['link']);
									if (mysql_affected_rows()) {
										$_USER['subaction'] = "";
										$_SDATA['success'][] = sprintf($_LANG['06b'], htmlspecialchars($_EDIT['title']));

										if ($_EDIT['owner'] != $_USER['id']) {
											$select = mysql_query("SELECT `username`, `email` FROM `{$_DDATA['tableuser']}` WHERE `id`='{$_EDIT['owner']}';", $_DDATA['link']);
											if (mysql_num_rows($select)) {
												$mailinfo = mysql_fetch_assoc($select);
												if ($mailinfo['email']) {
													ORM_sanitize($_POST['delete_reason'], 256);
													if (!$_POST['delete_reason']) $_POST['delete_reason'] = "None";
													ORM_ringmail(array($mailinfo['username'], $mailinfo['email']), $_LANG['094'], sprintf($_LANG['095'], $mailinfo['username'], $_EDIT['title'], $_VDATA['name'], $_POST['delete_reason']));
												}
											}
										}
									} else $_SDATA['error'][] = $_LANG['035'];
								} else $_SDATA['error'][] = $_LANG['03w'];
							} else $_SDATA['error'][] = $_LANG['03x'];
						} else $_SDATA['error'][] = $_LANG['03c'];
						break;

					/* ***** Check Site for Navigation Bar ******************** */
					case "Check":
						break;

					/* ***** No Action **************************************** */
					default:
						$_USER['subaction'] = "";
				}

			} else if ($_SERVER['REQUEST_METHOD'] == "GET") {
				if (isset($_GET['sort']) && in_array($_GET['sort'], array('id', 'title', 'owner', 'errors'))) {
					foreach ($_USER['filters']->siteOrder as $key => $value) {
						if ($_GET['sort'] == $value[0]) {
							if ($key) {
								$value[1] = false;
								unset($_USER['filters']->siteOrder[$key]);
								array_unshift($_USER['filters']->siteOrder, $value);
							} else $_USER['filters']->siteOrder[$key][1] = !$_USER['filters']->siteOrder[$key][1];

							$newcode = $_USER['filters']->getCode();
							$update = mysql_query("UPDATE `{$_DDATA['tableuser']}` SET `filters`='$newcode' WHERE `id`='{$_USER['id']}';", $_DDATA['link']);
							break;
						}
					}
				}
			}
			break;

		/* ***** Add Site *********************************************** */
		case "Add":
			if ($_SERVER['REQUEST_METHOD'] == "POST") {
				list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tablesite']}` WHERE `owner`='{$_USER['id']}' AND `status`='inactive';", $_DDATA['link']));

				if ($count < 5) {
					if (isset($_POST['site_owner']) && $_USER['level'] > 1 && $_POST['site_owner'] != $_USER['id']) {
						$select = mysql_query("SELECT `id` FROM `{$_DDATA['tableuser']}` WHERE `id`='".addslashes($_POST['site_owner'])."';", $_DDATA['link']);
						if (!mysql_num_rows($select))
							$_SDATA['error'][] = $_LANG['03r'];
					} else $_POST['site_owner'] = $_USER['id'];

					ORM_sanitize($_POST['site_uri'], 256);
					if (strlen($_POST['site_uri']) > 11) {
						list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tablesite']}` WHERE `uri`='".addslashes($_POST['site_uri'])."';", $_DDATA['link']));
						if ($count) $_SDATA['error'][] = $_LANG['03s'];
					} else $_SDATA['error'][] = $_LANG['03t'];

					if (!isset($_POST['site_title'])) {
						if ($_SDATA['allowfopen']) {
							$file = @file_get_contents(str_replace(" ", "%20", $_POST['site_uri']));
							if ($file) {
								preg_match("/<title.*?>(.*?)<\/title>/", $file, $match);
								$_POST['site_title'] = (isset($match[1])) ? $match[1] : "Untitled";
							} else $_POST['site_title'] = "Untitled";
						} else $_POST['site_title'] = "Untitled";
					}
					ORM_sanitize($_POST['site_title'], 64);
					if (!$_POST['site_title']) $_POST['site_title'] = "Untitled";
				
					ORM_sanitize($_POST['site_description'], 1024, true);

					if (!count($_SDATA['error'])) {
						$select = mysql_query("SELECT `order` FROM `{$_DDATA['tablesite']}` ORDER BY `order`;", $_DDATA['link']);
						for ($order = 1; $order <= mysql_num_rows($select); $order++)
							if ($order == mysql_num_rows($select) || mysql_result($select, $order, "order") != $order) break;

						$insert = mysql_query("INSERT INTO `{$_DDATA['tablesite']}` SET
							`order`='$order',
							`owner`='{$_POST['site_owner']}',
							`uri`='".addslashes($_POST['site_uri'])."',
							`title`='".addslashes($_POST['site_title'])."',
							`description`='".addslashes($_POST['site_description'])."',
							`date`=UNIX_TIMESTAMP()
						;", $_DDATA['link']);
	
						if (mysql_affected_rows()) {
							$_SDATA['success'][] = $_LANG['06c'];
							$_USER['action'] = "Edit";
							$_USER['filters'] =& new ORM_filterSet($_USER['filters']);

							$_LIST = array();
							$select = mysql_query("SELECT `username`, `email` FROM `{$_DDATA['tableuser']}` WHERE `level`>1;", $_DDATA['link']);
							while ($row = mysql_fetch_array($select)) $_LIST[] = $row;
							if (count($_LIST))
								ORM_ringmail($_LIST, sprintf($_LANG['09g'], $_VDATA['name']), sprintf($_LANG['09h'], $_USER['username'], $_POST['site_title'], $_VDATA['name'], $_POST['site_uri']));

						} else if (mysql_error()) $_SDATA['error'][] = $_LANG['035'];
					}
				} else $_SDATA['error'][] = $_LANG['03y'];
			}
			break;

		/* ***** Join Ring ********************************************** */
		case "Join":
			if ($_SERVER['REQUEST_METHOD'] == "POST") {
				ORM_sanitize($_POST['user_username'], 32);
				if (strlen($_POST['user_username'])) {
					list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tableuser']}` WHERE `username`='".addslashes($_POST['user_username'])."';", $_DDATA['link']));
					if ($count) $_SDATA['error'][] = $_LANG['03d'];
				} else $_SDATA['error'][] = $_LANG['040'];

				ORM_sanitize($_POST['user_password1'], 32);
				ORM_sanitize($_POST['user_password2'], 32);
				if (strlen($_POST['user_password1']) && strlen($_POST['user_password2'])) {
					if ($_POST['user_password1'] != $_POST['user_password2'])
						$_SDATA['error'][] = $_LANG['03f'];
				} else $_SDATA['error'][] = $_LANG['041'];

				ORM_sanitize($_POST['user_email_new']);
				if (strlen($_POST['user_email_new'])) {
					if (!preg_match("/^(([^<>()[\]\\\\.,;:\s@\"]+(\.[^<>()[\]\\\\.,;:\s@\"]+)*)|(\"([^\"\\\\\r]|(\\\\[\w\W]))*\"))@((\[([0-9]{1,3}\.){3}[0-9]{1,3}\])|(([a-z\-0-9]+\.)+[a-z]{2,}))$/i", $_POST['user_email_new']))
						$_SDATA['error'][] = $_LANG['03g'];
				} else $_SDATA['error'][] = $_LANG['03z'];
				
				ORM_sanitize($_POST['user_description'], 1024, true);

				ORM_sanitize($_POST['site_uri'], 256);
				if (strlen($_POST['site_uri']) > 11) {
					list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tablesite']}` WHERE `uri`='".addslashes($_POST['site_uri'])."';", $_DDATA['link']));
					if ($count) $_SDATA['error'][] = $_LANG['03s'];
				} else $_SDATA['error'][] = $_LANG['03t'];

				if (!isset($_POST['site_title'])) {
					if ($_SDATA['allowfopen']) {
						$file = @file_get_contents(str_replace(" ", "%20", $_POST['site_uri']));
						if ($file) {
							preg_match("/<title.*?>(.*?)<\/title>/", $file, $match);
							$_POST['site_title'] = (isset($match[1])) ? $match[1] : "Untitled";
						} else $_POST['site_title'] = "Untitled";
					} else $_POST['site_title'] = "Untitled";
				}
				ORM_sanitize($_POST['site_title'], 64);
				if (!$_POST['site_title']) $_POST['site_title'] = "Untitled";
				
				ORM_sanitize($_POST['site_description'], 1024, true);

				if ($_SDATA['captcha']) {
					ORM_sanitize($_POST['auth_captcha'], 5);
					$delete = mysql_query("DELETE FROM `{$_DDATA['tableauth']}` WHERE `captcha`='{$_POST['auth_captcha']}';", $_DDATA['link']);
					if (!mysql_affected_rows()) $_SDATA['error'][] = $_LANG['043'];
				}

				if (!count($_SDATA['error'])) {
					do {
						$key = substr(md5(microtime()), 0, 16);
						list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tableuser']}` WHERE `email.key`='$key';", $_DDATA['link']));
					} while ($count);
					$insert = mysql_query("INSERT INTO `{$_DDATA['tableuser']}` SET
						`username`='".addslashes($_POST['user_username'])."',
						`password`='".addslashes($_POST['user_password1'])."',
						`date`=UNIX_TIMESTAMP(),
						`description`='".addslashes($_POST['user_description'])."',
						`email.new`='".addslashes($_POST['user_email_new'])."',
						`email.date`=UNIX_TIMESTAMP(),
						`email.key`='$key'
					;", $_DDATA['link']);

					if (mysql_affected_rows()) {
						$select = mysql_query("SELECT `order` FROM `{$_DDATA['tablesite']}` ORDER BY `order`;", $_DDATA['link']);
						for ($order = 1; $order <= mysql_num_rows($select); $order++)
							if ($order == mysql_num_rows($select) || mysql_result($select, $order, "order") != $order) break;

						$insert = mysql_query("INSERT INTO `{$_DDATA['tablesite']}` SET
							`owner`='".mysql_insert_id()."',
							`uri`='".addslashes($_POST['site_uri'])."',
							`title`='".addslashes($_POST['site_title'])."',
							`description`='".addslashes($_POST['site_description'])."',
							`date`=UNIX_TIMESTAMP()
						;", $_DDATA['link']);

						if (mysql_affected_rows()) {
							$_SDATA['success'][] = $_LANG['06d'];

							ORM_ringmail(array($_POST['user_username'], $_POST['user_email_new']), $_LANG['090'], sprintf($_LANG['091'], $_VDATA['name'], "{$_SDATA['huburi']}?Confirm&id=$key"));
							$_SDATA['success'][] = $_LANG['06e'];

							$_USER['action'] = "";
						} else if (mysql_error()) {
							$delete = mysql_query("DELETE FROM `{$_DDATA['tableuser']}` WHERE `username`='".addslashes($_POST['user_username'])."';", $_DDATA['link']);
							$_SDATA['error'][] = $_LANG['035'];
						}
					} else if (mysql_error()) $_SDATA['error'][] = $_LANG['035'];
				}
			}
			break;

		/* ***** Display Help Text ************************************** */
		case "Help":
			break;

		/* ***** Confirm a New Email Address **************************** */
		case "Confirm":
			if (isset($_GET['id'])) {
				$select = mysql_query("
					SELECT
						`user`.`username` AS `username`,
						`user`.`id` AS `id`,
						`user`.`email.new` AS `email.new`,
						`user`.`level` AS `level`,
						`site`.`title` AS `title`,
						`site`.`uri` AS `uri`
						FROM
							`{$_DDATA['tableuser']}` AS `user`,
							`{$_DDATA['tablesite']}` AS `site`
							WHERE
							`user`.`id`=`site`.`owner`
							AND	`email.key`='".addslashes($_GET['id'])."'
				;", $_DDATA['link']);

				if (mysql_num_rows($select)) {
					$joiner = mysql_fetch_assoc($select);
					if ($joiner['email.new']) {
						$update = mysql_query("UPDATE `{$_DDATA['tableuser']}` SET
							`email`=`email.new`,
							`email.new`='',
							`date`=(CASE WHEN `level`='0' THEN UNIX_TIMESTAMP() ELSE `date` END),
							`level`=(CASE WHEN `level`='0' THEN '1' ELSE `level` END)
						WHERE `id`='{$joiner['id']}';", $_DDATA['link']);

						if (mysql_affected_rows()) {
							$_SDATA['success'][] = $_LANG['06f'];
							$select = mysql_query("SELECT `id`, `username`, `password`, `level` FROM `{$_DDATA['tableuser']}` WHERE `id`='{$joiner['id']}';", $_DDATA['link']);
							$_USER = array_merge($_USER, mysql_fetch_assoc($select));
							setcookie('orm3_user', base64_encode("{$_USER['username']} :: ".md5($_USER['password'])), time() + 7200, "/");

							if (!$joiner['level']) {
								$_USER['action'] = "Welcome";

								$_LIST = array();
								$select = mysql_query("SELECT `username`, `email` FROM `{$_DDATA['tableuser']}` WHERE `level`>1;", $_DDATA['link']);
								while ($row = mysql_fetch_array($select)) $_LIST[] = $row;
								if (count($_LIST))
									ORM_ringmail($_LIST, sprintf($_LANG['09i'], $_VDATA['name']), sprintf($_LANG['09j'], $joiner['username'], $joiner['title'], $joiner['uri']));

							}
						} else if (mysql_error()) {
							$_USER['action'] = "Blank";
							$_SDATA['error'][] = $_LANG['035'];
						}
					} else $_SDATA['error'][] = $_LANG['03i'];
				} else $_SDATA['error'][] = $_LANG['03l'];
			}
			break;

		/* ***** Display Statistics ************************************* */
		case "Stats":
			break;

		/* ***** Display a Profile ************************************** */
		case "Profile":
			if (isset($_GET['id'])) {
				$select = mysql_query("SELECT `id`, `username`, `description`, `date`, `level` FROM `{$_DDATA['tableuser']}` WHERE `id`='".addslashes($_GET['id'])."';", $_DDATA['link']);
				if (mysql_num_rows($select)) {
					$_PROFILE = mysql_fetch_assoc($select);
				} else {
					$_USER['action'] = "";
					$_SDATA['error'][] = $_LANG['03k'];
				}
			}
			break;

		/* ***** Go to a Ring Site ************************************** */
		case "Go":
			if (count($action) > 2) {
				$_GDATA = array();

				$select = mysql_query("SELECT `id`, `uri`, `lookahead` FROM `{$_DDATA['tablesite']}` WHERE `status`='active' ORDER BY `order`;", $_DDATA['link']);
				while ($row = mysql_fetch_assoc($select)) {
					$_ORDER[] = $row['id'];
					$_URIS[$row['id']] = $row['uri'];
					$_LOOKS[$row['id']] = $row['lookahead'];
					if ($row['id'] == (int)$action[2]) $_GDATA['zero'] = $row['id'];
				}

				if (count($_ORDER) > 1) {
					switch ($_GDATA['type'] = strtolower($action[1])) {
						case "rand": shuffle($_ORDER);
						case "prev": $_ORDER = array_reverse($_ORDER);
						case "next":
							$_GDATA['from'] = (int)$action[2];

							if (isset($_GDATA['zero']))
								$_ORDER = array_merge(array_slice($_ORDER, array_search($_GDATA['zero'], $_ORDER)), array_slice($_ORDER, 0, array_search($_GDATA['zero'], $_ORDER)));

							reset($_ORDER);
							for ($_GDATA['tries'] = 1; $_GDATA['tries'] <= 5; $_GDATA['tries']++) {
								$_GDATA['redirects'] = 0;
								$_GDATA['to'] = $_ORDER[$_GDATA['tries']];
								ORM_ringtravel($_URIS[$_ORDER[$_GDATA['tries']]], $_LOOKS[$_ORDER[$_GDATA['tries']]]);
							}

							$_SDATA['error'][] = $_LANG['03p'];
							break;

						case "site":
							if (isset($_GDATA['zero'])) {
								$_GDATA['from'] = 0;
								$_GDATA['to'] = $_GDATA['zero'];
								$_GDATA['redirects'] = 0;
								ORM_ringtravel($_URIS[$_GDATA['zero']]);
							}

							$_SDATA['error'][] = $_LANG['03u'];
							break;

						default:
							$_SDATA['error'][] = $_LANG['03v'];

					}
				} else if (count($_ORDER))
					if (isset($_GDATA['zero'])) ORM_ringtravel($_URIS[$_GDATA['zero']]);

			}
			$_USER['action'] = "";
			break;

		/* ***** Display the Script-based Navigation Bar **************** */
		case "Nav":
			if ($_VDATA['navbar.type'] == "script") {
				$id = explode("&", $_SERVER['QUERY_STRING']);
				if (isset($id[1])) {
					header("Content-type: text/javascript;charset={$_VDATA['display.charset']}");
?>function innerXHTML(dat,obj){var par=new DOMParser();var xdc=par.parseFromString('<div xmlns="http://www.w3.org/1999/xhtml">'+dat+'</div>',"application/xhtml+xml").documentElement;for(i=0;i<xdc.childNodes.length;i++)obj.parentNode.appendChild(document.importNode(xdc.childNodes[i], true));}
var dat='<?php echo ORM_html2js(ORM_navbarCodes($_VDATA['navbar.html'], (int)$id[1]), true); ?>';try{var pos=document;while(pos.lastChild&&pos.lastChild.nodeType==1)pos=pos.lastChild;innerXHTML(dat, pos);}catch(e){document.write(dat);}<?php
				} else {
					header("Content-type: text/html;charset={$_VDATA['display.charset']}", true, 400);
?><!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 <?php echo $_LANG['050']; ?></title>
</head><body>
<h1><?php echo $_LANG['050']; ?></h1>
<p><?php echo $_LANG['051']; ?></p>
<hr>
<address><?php echo $_SDATA['useragent']; ?> - <?php echo $_SERVER['SERVER_NAME']; ?></address>
</body></html><?php
				}
			} else {
				header("Content-type: text/html;charset={$_VDATA['display.charset']}", true, 412);
?><!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>412 <?php echo $_LANG['052']; ?></title>
</head><body>
<h1><?php echo $_LANG['052']; ?></h1>
<p><?php echo $_LANG['053']; ?></p>
<hr>
<address><?php echo $_SDATA['useragent']; ?> - <?php echo $_SERVER['SERVER_NAME']; ?></address>
</body></html><?php
			}

			exit();
			break;

		/* ***** Display a Blank Page *********************************** */
		case "Blank":
			break;

		/* ***** Display the Ring Hub *********************************** */
		default:
			if ($_USER['level'] > 1) {
				list($count) = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM `{$_DDATA['tablesite']}` WHERE `status`='inactive';", $_DDATA['link']));
				$_SDATA['success'][] = sprintf($_LANG['0h2'], htmlspecialchars($_USER['username'])).(($count) ? "  ".sprintf($_LANG['0h3'], $count) : "");
			}

	}
}



require_once "statistics.php";



/* ***** Do not cache this page ************************************* */
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

?>
Return current item: Orca Ringmaker