.
*
**/
define('X_SCRIPT', 'cp2.php');
require 'header.php';
require ROOT.'include/admin.inc.php';
loadtemplates('error_nologinsession');
eval('$css = "'.template('css').'";');
$action = postedVar('action', '', FALSE, FALSE, FALSE, 'g');
if (X_ADMIN) {
if ($action == 'templates' && onSubmit('download')) {
$code = '';
$templates = $db->query("SELECT * FROM ".X_PREFIX."templates ORDER BY name ASC");
while($template = $db->fetch_array($templates)) {
$template['template'] = trim($template['template']);
$template['name'] = trim($template['name']);
if ($template['name'] != '') {
$template['template'] = stripslashes($template['template']);
$code.= $template['name'].'|#*XMB TEMPLATE*#|'."\r\n".$template['template']."\r\n\r\n".'|#*XMB TEMPLATE FILE*#|';
}
}
header("Content-disposition: attachment; filename=templates.xmb");
header("Content-Length: ".strlen($code));
header("Content-type: unknown/unknown");
header("Pragma: no-cache");
header("Expires: 0");
echo $code;
exit();
}
$download = getInt('download');
if ($action == "themes" && $download) {
$contents = array();
$query = $db->query("SELECT * FROM ".X_PREFIX."themes WHERE themeid='$download'");
$themebits = $db->fetch_array($query);
foreach($themebits as $key=>$val) {
if (!is_integer($key) && $key != 'themeid' && $key != 'dummy') {
$contents[] = $key.'='.$val;
}
}
$name = str_replace(' ', '+', $themebits['name']);
header("Content-Type: application/x-ms-download");
header("Content-Disposition: filename=${name}-theme.xmb");
echo implode("\r\n", $contents);
exit();
}
}
nav($lang['textcp']);
eval('echo "'.template('header').'";');
echo '';
if (!X_ADMIN) {
eval('echo "'.template('error_nologinsession').'";');
end_time();
eval('echo "'.template('footer').'";');
exit();
}
$auditaction = $_SERVER['REQUEST_URI'];
$aapos = strpos($auditaction, "?");
if ($aapos !== false) {
$auditaction = substr($auditaction, $aapos + 1);
}
$auditaction = addslashes("$onlineip|#|$auditaction");
audit($xmbuser, $auditaction, 0, 0);
displayAdminPanel();
if ($action == 'restrictions') {
if (noSubmit('restrictedsubmit')) {
?>
query("SELECT id FROM ".X_PREFIX."restricted");
while($restricted = $db->fetch_array($queryrestricted)) {
$name = postedVar('name'.$restricted['id'], '', FALSE, TRUE);
$delete = getInt('delete'.$restricted['id'], 'p');
$case = getInt('case'.$restricted['id'], 'p');
$partial = getInt('partial'.$restricted['id'], 'p');
if ($partial) {
$partial = 1;
}
if ($case) {
$case = 1;
}
if ($delete) {
$db->query("DELETE FROM ".X_PREFIX."restricted WHERE id=$delete");
} else {
$db->query("UPDATE ".X_PREFIX."restricted SET name='$name', case_sensitivity='$case', partial='$partial' WHERE id=".$restricted['id']);
}
}
$newname = postedVar('newname', '', FALSE, TRUE);
$newcase = getInt('newcase', 'p');
$newpartial = getInt('newpartial', 'p');
if (!empty($newname)) {
if ($newpartial) {
$newpartial = 1;
}
if ($newcase) {
$newcase = 1;
}
$db->query("INSERT INTO ".X_PREFIX."restricted (`name`, `case_sensitivity`, `partial`) VALUES ('$newname', '$newcase', '$newpartial')");
}
echo ''.$lang['restrictedupdate'].' ';
redirect('cp2.php?action=restrictions', 2);
}
}
if ($action == 'themes') {
$single = '';
$single_str = postedVar('single', '', FALSE, FALSE, FALSE, 'g');
$single_int = getInt('single');
$newtheme = postedVar('newtheme');
if (noSubmit('themesubmit') && $single_str == '' && noSubmit('importsubmit')) {
?>
$val) {
if ($key == 'themeid') {
$val = '';
} else if ($key == 'name') {
$dbname = $db->escape($val);
}
$keysql[] = $db->escape($key);
$valsql[] = "'".$db->escape($val)."'";
}
$keysql = implode(', ', $keysql);
$valsql = implode(', ', $valsql);
$query = $db->query("SELECT COUNT(themeid) FROM ".X_PREFIX."themes WHERE name='$dbname'");
if ($db->result($query, 0) > 0) {
error($lang['theme_already_exists'], false, '');
}
$sql = "INSERT INTO ".X_PREFIX."themes ($keysql) VALUES ($valsql);";
$query = $db->query($sql);
echo '';
if (!$query) {
echo $lang['textthemeimportfail'];
} else {
echo $lang['textthemeimportsuccess'];
}
echo ' ';
} else if (onSubmit('themesubmit')) {
$theme_delete = formArray('theme_delete');
$theme_name = formArray('theme_name');
$number_of_themes = $db->result($db->query("SELECT count(themeid) FROM ".X_PREFIX."themes"), 0);
if ($theme_delete && count($theme_delete) >= $number_of_themes) {
error($lang['delete_all_themes'], false, '');
}
if ($theme_delete) {
foreach($theme_delete as $themeid) {
$otherid = $db->result($db->query("SELECT themeid FROM ".X_PREFIX."themes WHERE themeid != '$themeid' ORDER BY rand() LIMIT 1"), 0);
$db->query("UPDATE ".X_PREFIX."members SET theme='$otherid' WHERE theme='$themeid'");
$db->query("UPDATE ".X_PREFIX."forums SET theme=0 WHERE theme='$themeid'");
if ($SETTINGS['theme'] == $themeid) {
$db->query("UPDATE ".X_PREFIX."settings SET theme='$otherid'");
}
$db->query("DELETE FROM ".X_PREFIX."themes WHERE themeid='$themeid'");
}
}
foreach($theme_name as $themeid=>$name) {
$db->query("UPDATE ".X_PREFIX."themes SET name='$name' WHERE themeid='$themeid'");
}
echo ''.$lang['themeupdate'].' ';
}
if ($single_int > 0) {
$query = $db->query("SELECT * FROM ".X_PREFIX."themes WHERE themeid='$single_int'");
$themestuff = $db->fetch_array($query);
$db->free_result($query);
?>
query("UPDATE ".X_PREFIX."themes SET name='$namenew', bgcolor='$bgcolornew', altbg1='$altbg1new', altbg2='$altbg2new', link='$linknew', bordercolor='$bordercolornew', header='$headernew', headertext='$headertextnew', top='$topnew', catcolor='$catcolornew', tabletext='$tabletextnew', text='$textnew', borderwidth='$borderwidthnew', tablewidth='$tablewidthnew', tablespace='$tablespacenew', fontsize='$fsizenew', font='$fnew', boardimg='$boardlogonew', imgdir='$imgdirnew', smdir='$smdirnew', cattext='$cattextnew' WHERE themeid='$orig'");
echo ''.$lang['themeupdate'].' ';
} else if ($single_str == "submit" && $newtheme) {
$namenew = postedVar('namenew');
$bgcolornew = postedVar('bgcolornew');
$altbg1new = postedVar('altbg1new');
$altbg2new = postedVar('altbg2new');
$linknew = postedVar('linknew');
$bordercolornew = postedVar('bordercolornew');
$headernew = postedVar('headernew');
$headertextnew = postedVar('headertextnew');
$topnew = postedVar('topnew');
$catcolornew = postedVar('catcolornew');
$cattextnew = postedVar('cattextnew');
$tabletextnew = postedVar('tabletextnew');
$textnew = postedVar('textnew');
$borderwidthnew = postedVar('borderwidthnew');
$tablewidthnew = postedVar('tablewidthnew');
$tablespacenew = postedVar('tablespacenew');
$fnew = postedVar('fnew');
$fsizenew = postedVar('fsizenew');
$boardlogonew = postedVar('boardlogonew');
$imgdirnew = postedVar('imgdirnew');
$smdirnew = postedVar('smdirnew');
$db->query("INSERT INTO ".X_PREFIX."themes (name, bgcolor, altbg1, altbg2, link, bordercolor, header, headertext, top, catcolor, tabletext, text, borderwidth, tablewidth, tablespace, font, fontsize, boardimg, imgdir, smdir, cattext) VALUES('$namenew', '$bgcolornew', '$altbg1new', '$altbg2new', '$linknew', '$bordercolornew', '$headernew', '$headertextnew', '$topnew', '$catcolornew', '$tabletextnew', '$textnew', '$borderwidthnew', '$tablewidthnew', '$tablespacenew', '$fnew', '$fsizenew', '$boardlogonew', '$imgdirnew', '$smdirnew', '$cattextnew')");
echo ''.$lang['themeupdate'].' ';
}
}
if ($action == "smilies") {
if (noSubmit('smiliesubmit')) {
?>
$val) {
if (count(array_keys($smcode, $val)) > 1) {
error($lang['smilieexists'], false, ' ');
}
}
}
$querysmilie = $db->query("SELECT id FROM ".X_PREFIX."smilies WHERE type='smiley'");
while($smilie = $db->fetch_array($querysmilie)) {
$id = $smilie['id'];
if (isset($smdelete[$id]) && $smdelete[$id] == 1) {
$query = $db->query("DELETE FROM ".X_PREFIX."smilies WHERE id='$id'");
continue;
}
$query = $db->query("UPDATE ".X_PREFIX."smilies SET code='$smcode[$id]', url='$smurl[$id]' WHERE id='$smilie[id]' AND type='smiley'");
}
if ($piurl) {
foreach($piurl as $key=>$val) {
if (count(array_keys($piurl, $val)) > 1) {
error($lang['piconexists'], false, ' ');
}
}
}
$querysmilie = $db->query("SELECT id FROM ".X_PREFIX."smilies WHERE type='picon'");
while($picon = $db->fetch_array($querysmilie)) {
$id = $picon['id'];
if (isset($pidelete[$id]) && $pidelete[$id] == 1) {
$query = $db->query("DELETE FROM ".X_PREFIX."smilies WHERE id='$picon[id]'");
continue;
}
$query = $db->query("UPDATE ".X_PREFIX."smilies SET url='$piurl[$id]' WHERE id='$picon[id]' AND type='picon'");
}
if ($newcode) {
if ($db->result($db->query("SELECT count(id) FROM ".X_PREFIX."smilies WHERE code='$newcode'"), 0) > 0) {
error($lang['smilieexists'], false, ' ');
}
$query = $db->query("INSERT INTO ".X_PREFIX."smilies (type, code, url) VALUES ('smiley', '$newcode', '$newurl1')");
}
if ($autoinsertsmilies) {
$smilies_count = $newsmilies_count = 0;
$smiley_url = array();
$smiley_code = array();
$query = $db->query("SELECT * FROM ".X_PREFIX."smilies WHERE type = 'smiley'");
while($smiley = $db->fetch_array($query)) {
$smiley_url[] = $smiley['url'];
$smiley_code[] = $smiley['code'];
}
$db->free_result($query);
$dir = opendir($smdir);
while($smiley = readdir($dir)) {
if ($smiley != '.' && $smiley != '..' && (strpos($smiley, '.gif') || strpos($smiley, '.jpg') || strpos($smiley, '.jpeg') || strpos($smiley, '.bmp') || strpos($smiley, '.png'))) {
$newsmiley_url = $smiley;
$newsmiley_code = $smiley;
$newsmiley_code = str_replace(array('.gif','.jpg','.jpeg','.bmp','.png','_'), array('','','','','',' '), $newsmiley_code);
$newsmiley_code = ':' . $newsmiley_code . ':';
if (!in_array($newsmiley_url, $smiley_url) && !in_array($newsmiley_code, $smiley_code)) {
$query = $db->query("INSERT INTO ".X_PREFIX."smilies (type, code, url) VALUES ('smiley', '$newsmiley_code', '$newsmiley_url')");
$newsmilies_count++;
}
$smilies_count++;
}
}
closedir($dir);
echo ''.$newsmilies_count.' / '.$smilies_count.' '.$lang['smiliesadded'].' ';
}
if ($newurl2) {
if ($db->result($db->query("SELECT count(id) FROM ".X_PREFIX."smilies WHERE url='$newurl2' AND type='picon'"), 0) > 0) {
error($lang['piconexists'], false, ' ');
}
$query = $db->query("INSERT INTO ".X_PREFIX."smilies (type, code, url) VALUES ('picon', '', '$newurl2')");
}
if ($autoinsertposticons) {
$posticons_count = $newposticons_count = 0;
$posticon_url = array();
$query = $db->query("SELECT * FROM ".X_PREFIX."smilies WHERE type='picon'");
while($picon = $db->fetch_array($query)) {
$posticon_url[] = $picon['url'];
}
$db->free_result($query);
$dir = opendir($smdir);
while($picon = readdir($dir)) {
if ($picon != '.' && $picon != '..' && (strpos($picon, '.gif') || strpos($picon, '.jpg') || strpos($picon, '.jpeg') || strpos($picon, '.bmp') || strpos($picon, '.png'))) {
$newposticon_url = $picon;
$newposticon_url = str_replace(' ', '%20', $newposticon_url);
if (!in_array($newposticon_url, $posticon_url)) {
$query = $db->query("INSERT INTO ".X_PREFIX."smilies (type, code, url) VALUES ('picon', '', '$newposticon_url')");
$newposticons_count++;
}
$posticons_count++;
}
}
closedir($dir);
echo ''.$newposticons_count.' / '.$posticons_count.' '.$lang['posticonsadded'].' ';
}
echo ''.$lang['smilieupdate'].' ';
}
}
if ($action == 'censor') {
if (noSubmit('censorsubmit')) {
?>
query("SELECT id FROM ".X_PREFIX."words");
while($censor = $db->fetch_array($querycensor)) {
$find = postedVar('find'.$censor['id']);
$replace = postedVar('replace'.$censor['id']);
$delete = formInt('delete'.$censor['id']);
if ($delete) {
$db->query("DELETE FROM ".X_PREFIX."words WHERE id=$delete");
}
if ($find) {
$db->query("UPDATE ".X_PREFIX."words SET find='$find', replace1='$replace' WHERE id='$censor[id]'");
}
}
$db->free_result($querycensor);
if ($newfind) {
$db->query("INSERT INTO ".X_PREFIX."words (find, replace1) VALUES ('$newfind', '$newreplace')");
}
echo ''.$lang['censorupdate'].' ';
}
}
if ($action == "ranks") {
if (noSubmit('rankssubmit')) {
?>
query("SELECT * FROM ".X_PREFIX."ranks");
$staffranks = array();
while($ranks = $db->fetch_array($query)) {
if ($ranks['title'] == 'Super Administrator' || $ranks['title'] == 'Administrator' || $ranks['title'] == 'Super Moderator' || $ranks['title'] == 'Moderator') {
$title[$ranks['id']] = $ranks['title'];
$posts[$ranks['id']] = 0;
if ((int) $stars[$ranks['id']] == 0) {
$stars[$ranks['id']] = 1;
}
$staffranks[] = $ranks['title'];
}
}
$i = 0;
if ($delete) {
$del = implode(', ', $delete);
$db->query("DELETE FROM ".X_PREFIX."ranks WHERE id IN ($del)");
}
foreach($id as $key=>$val) {
$posts[$key] = (in_array($title[$key], $staffranks)) ? (int) -1 : $posts[$key];
$db->query("UPDATE ".X_PREFIX."ranks SET title='$title[$key]', posts='$posts[$key]', stars='$stars[$key]', allowavatars='$allowavatars[$key]', avatarrank='$avaurl[$key]' WHERE id='$key'");
}
if ($newtitle) {
$db->query("INSERT INTO ".X_PREFIX."ranks (title, posts, stars, allowavatars, avatarrank) VALUES ('$newtitle', '$newposts', '$newstars', '$newallowavatars', '$newavaurl')");
}
echo ''.$lang['rankingsupdate'].' ';
}
}
if ($action == "newsletter") {
if (noSubmit('newslettersubmit')) {
?>
query("SELECT username, email FROM ".X_PREFIX."members WHERE newsletter='yes' $tome ORDER BY uid");
} else if ($to == "staff") {
$query = $db->query("SELECT username, email FROM ".X_PREFIX."members WHERE (status='Super Administrator' OR status='Administrator' OR status='Super Moderator' OR status='Moderator') $tome ORDER BY uid");
} else if ($to == "admin") {
$query = $db->query("SELECT username, email FROM ".X_PREFIX."members WHERE (status='Administrator' OR status = 'Super Administrator') $tome ORDER BY uid");
} else if ($to == "supermod") {
$query = $db->query("SELECT username, email FROM ".X_PREFIX."members WHERE status='Super moderator' $tome ORDER by uid");
} else if ($to == "mod") {
$query = $db->query("SELECT username, email FROM ".X_PREFIX."members WHERE status='Moderator' ORDER BY uid");
}
if ($sendvia == "u2u") {
while($memnews = $db->fetch_array($query)) {
$db->query("INSERT INTO ".X_PREFIX."u2u (msgto, msgfrom, type, owner, folder, subject, message, dateline, readstatus, sentstatus) VALUES ('".$db->escape($memnews['username'])."', '$xmbuser', 'incoming', '".$db->escape($memnews['username'])."', 'Inbox', '$newssubject', '$newsmessage', '" . time() . "', 'no', 'yes')");
}
} else {
$rawnewssubject = postedVar('newssubject', '', FALSE, FALSE);
$rawnewsmessage = postedVar('newsmessage', '', FALSE, FALSE);
$headers[] = "From: $bbname <$adminemail>";
$headers[] = "X-Sender: <$adminemail>";
$headers[] = 'X-Mailer: PHP';
$headers[] = 'X-AntiAbuse: Board servername - '.$bbname;
$headers[] = 'X-AntiAbuse: Username - '.$xmbuser;
$headers[] = 'X-Priority: 2';
$headers[] = "Return-Path: <$adminemail>";
$headers[] = 'Content-Type: text/plain; charset='.$charset;
$headers = implode("\r\n", $headers);
$i = 0;
@ignore_user_abort(1);
@set_time_limit(0);
@ob_implicit_flush(1);
while($memnews = $db->fetch_array($query)) {
if ($i > 0 && $i == $wait) {
sleep(3);
$i = 0;
} else {
$i++;
}
altMail($memnews['email'], '['.$bbname.'] '.$rawnewssubject, $rawnewsmessage, $headers);
}
}
echo "$lang[newslettersubmit] ";
}
}
if ($action == "prune") {
if (noSubmit('pruneSubmit')) {
$forumselect = forumList('pruneFromList[]', true, false);
?>
0) {
$fs[] = $fid;
}
}
$fs = array_unique($fs);
if (count($fs) < 1) {
error($lang['nopruneforums'], false, ' ');
}
$queryWhere[] = 'fid IN ('.implode(',', $fs).')';
break;
case 'fid':
$fs = array();
$fids = explode(',', $pruneFromFid);
foreach($fids as $fid) {
if ($fid > 0) {
$fs[] = $fid;
}
}
$fs = array_unique($fs);
if (count($fs) < 1) {
error($lang['nopruneforums'], false, ' ');
}
$queryWhere[] = 'fid IN ('.implode(',', $fs).')';
break;
default:
error($lang['nopruneforums'], false, ' ');
}
$sign = '';
if (isset($pruneByPosts['check']) && $pruneByPosts['check'] == "1") {
switch($pruneByPosts['type']) {
case 'less':
$sign = '<';
break;
case 'is':
$sign = '=';
break;
case 'more':
default:
$sign = '>';
break;
}
$queryWhere[] = 'replies '.$sign.' '.(int) ($pruneByPosts['posts']-1);
}
if (isset($pruneByDate['check']) && $pruneByDate['check'] == 1) {
switch($pruneByDate['type']) {
case 'less':
$queryWhere[] = 'lastpost >= '.(time()-(24*3600*$pruneByDate['date']));
break;
case 'is':
$queryWhere[] = 'lastpost >= '.(time()-(24*3600*($pruneByDate['date']-1))).' AND lastpost <= '.(time()-(24*3600*($pruneByDate['date'])));
break;
case 'more':
default:
$queryWhere[] = 'lastpost <= '.(time()-(24*3600*$pruneByDate['date']));
break;
}
} else if ($sign == '') {
$queryWhere[] = '1=0'; //Neither 'prune by' option was set, prune should abort.
}
if (!isset($pruneType['closed']) || $pruneType['closed'] != 1) {
$queryWhere[] = "closed != 'yes'";
}
if (!isset($pruneType['topped']) || $pruneType['topped'] != 1) {
$queryWhere[] = 'topped != 1';
}
if (!isset($pruneType['normal']) || $pruneType['normal'] != 1) {
$queryWhere[] = "(topped == 1 OR closed == 'yes')";
}
if (count($queryWhere) > 0) {
$tids = array();
$queryWhere = implode(' AND ', $queryWhere);
$q = $db->query("SELECT tid FROM ".X_PREFIX."threads WHERE ".$queryWhere);
if ($db->num_rows($q) > 0) {
while($t = $db->fetch_array($q)) {
$tids[] = $t['tid'];
}
$tids = implode(',', $tids);
$db->query("DELETE FROM ".X_PREFIX."threads WHERE tid IN ($tids)");
$db->query("DELETE FROM ".X_PREFIX."posts WHERE tid IN ($tids)");
$db->query("DELETE FROM ".X_PREFIX."attachments WHERE tid IN ($tids)");
}
} else {
$db->query("TRUNCATE TABLE ".X_PREFIX."threads");
$db->query("TRUNCATE TABLE ".X_PREFIX."attachments");
$db->query("TRUNCATE TABLE ".X_PREFIX."posts");
$db->query("UPDATE ".X_PREFIX."members SET postnum=0");
}
echo "$lang[forumpruned] ";
}
}
if ($action == "templates") {
if (noSubmit('edit') && noSubmit('editsubmit') && noSubmit('delete') && noSubmit('deletesubmit') && noSubmit('new') && noSubmit('restore') && noSubmit('restoresubmit')) {
?>
');
}
$db->query("TRUNCATE ".X_PREFIX."templates");
$filesize=filesize('templates.xmb');
$fp=fopen('templates.xmb','r');
$templatesfile=fread($fp,$filesize);
fclose($fp);
$templates = explode("|#*XMB TEMPLATE FILE*#|", $templatesfile);
while(list($key,$val) = each($templates)) {
$template = explode("|#*XMB TEMPLATE*#|", $val);
$template[1] = isset($template[1]) ? addslashes($template[1]) : '';
$db->query("INSERT INTO ".X_PREFIX."templates (name, template) VALUES ('".addslashes($template[0])."', '".addslashes($template[1])."')");
}
$db->query("DELETE FROM ".X_PREFIX."templates WHERE name=''");
echo ''.$lang['templatesrestoredone'].' ';
redirect('cp2.php?action=templates', 2, X_REDIRECT_JS);
}
if (onSubmit('edit') && noSubmit('editsubmit')) {
$tid = postedVar('tid', '', FALSE, FALSE);
if ($tid == 'default') {
error($lang['selecttemplate'], false, ' ');
}
$tid = formInt('tid');
?>
escape(getRequestVar('templatenew'));
if ($tid == 'new') {
if (!$namenew) {
error($lang['templateempty'], false, ' ');
} else {
$check = $db->query("SELECT name FROM ".X_PREFIX."templates WHERE name='$namenew'");
if ($db->num_rows($check) != 0) {
error($lang['templateexists'], false, ' ');
} else {
$db->query("INSERT INTO ".X_PREFIX."templates (name, template) VALUES ('$namenew', '$templatenew')");
}
}
} else {
$tid = getInt('tid');
$db->query("UPDATE ".X_PREFIX."templates SET template='$templatenew' WHERE id=$tid");
}
echo ''.$lang['templatesupdate'].' ';
redirect('cp2.php?action=templates', 2, X_REDIRECT_JS);
}
if (onSubmit('delete')) {
if ($tid == 'default') {
error($lang['selecttemplate'], false, ' ');
}
$tid = getInt('tid', 'r');
?>
query("DELETE FROM ".X_PREFIX."templates WHERE id=$tid");
echo ''.$lang['templatesdelete'].' ';
redirect('cp2.php?action=templates', 2, X_REDIRECT_JS);
}
if (onSubmit('new')) {
?>
like_escape(postedVar('filename', '', FALSE, FALSE));
$author = postedVar('author');
$forumprune = postedVar('forumprune');
$forumprune = $forumprune == 'all' ? '' : intval($forumprune);
$sizeless = formInt('sizeless');
$sizemore = formInt('sizemore');
$dlcountless = formInt('dlcountless');
$dlcountmore = formInt('dlcountmore');
$daysold = formInt('daysold');
?>
$sizemore ";
$orderby = ' ORDER BY a.filesize DESC';
}
if ($dlcountless) {
$restriction .= "AND a.downloads < $dlcountless ";
$orderby = ' ORDER BY a.downloads DESC';
}
if ($dlcountmore) {
$restriction .= "AND a.downloads > $dlcountmore ";
$orderby = ' ORDER BY a.downloads DESC ';
}
$query = $db->query("SELECT a.aid, a.pid, a.filename, LENGTH(a.attachment) AS rowsize, a.downloads, p.author, p.tid, t.fid, t.subject AS tsubject, f.name AS fname FROM ".X_PREFIX."attachments a LEFT JOIN ".X_PREFIX."posts p USING (pid) LEFT JOIN ".X_PREFIX."threads t ON t.tid=p.tid LEFT JOIN ".X_PREFIX."forums f ON f.fid=t.fid WHERE 1=1 $restriction $orderby");
while($attachment = $db->fetch_array($query)) {
$attachsize = $attachment['rowsize'];
if ($attachsize >= 1073741824) {
$attachsize = round($attachsize / 1073741824 * 100) / 100 . "gb";
} else if ($attachsize >= 1048576) {
$attachsize = round($attachsize / 1048576 * 100) / 100 . "mb";
} else if ($attachsize >= 1024) {
$attachsize = round($attachsize / 1024 * 100) / 100 . "kb";
} else {
$attachsize = $attachsize . "b";
}
$attachment['tsubject'] = stripslashes($attachment['tsubject']); //old databases were double-slashed
$attachment['fname'] = stripslashes($attachment['fname']);
$attachment['filename'] = attrOut($attachment['filename'], 'javascript');
?>
Delete
$rawvalue) {
if (substr($postedname, 0, 8) == 'filename' And is_numeric($fileaid = substr($postedname, 8))) {
$filelist .= $fileaid.', ';
}
}
$filelist = substr($filelist, 0, -2);
$query = $db->query("SELECT a.aid, a.filename FROM ".X_PREFIX."attachments a WHERE a.aid IN ($filelist)");
while($attachment = $db->fetch_array($query)) {
$afilename = "filename" . $attachment['aid'];
$postedvalue = trim(postedVar($afilename, '', FALSE, FALSE));
if ($attachment['filename'] != $postedvalue And isValidFilename($postedvalue)) {
$dbrename = $db->escape($postedvalue);
$db->query("UPDATE ".X_PREFIX."attachments SET filename='$dbrename' WHERE aid={$attachment['aid']}");
}
}
echo "$lang[textattachmentsupdate] ";
}
}
if ($action == "modlog") {
nav($lang['textmodlogs']);
$page = getInt('page');
?>
Username:
Time:
URL:
Action:
result($db->query("SELECT count(fid) FROM ".X_PREFIX."logs WHERE NOT (fid='0' AND tid='0')"), 0);
if (!$page) {
$page = 1;
}
$old = (($page-1)*100);
$current = ($page*100);
$prevpage = '';
$nextpage = '';
$random_var = '';
$query = $db->query("SELECT l.*, t.subject FROM ".X_PREFIX."logs l LEFT JOIN ".X_PREFIX."threads t ON l.tid=t.tid WHERE NOT (l.fid='0' AND l.tid='0') ORDER BY date ASC LIMIT $old, 100");
$url = '';
while($recordinfo = $db->fetch_array($query)) {
$date = gmdate($dateformat, $recordinfo['date']);
$time = gmdate($timecode, $recordinfo['date']);
if ($recordinfo['tid'] > 0 && $recordinfo['action'] != 'delete' && trim($recordinfo['subject']) != '') {
$url = "$recordinfo[subject] ";
} else if ($recordinfo['action'] == 'delete') {
$recordinfo['action'] = ''.$recordinfo['action'].' ';
$url = ' ';
} else {
$url = 'tid='.$recordinfo['tid'].' - fid:'.$recordinfo['fid'];
}
?>
at
$current) {
$page = $current/100;
if ($page > 1) {
$prevpage = '« Previous Page ';
}
$nextpage = 'Next Page » ';
if ($prevpage == '' || $nextpage == '') {
$random_var = '';
} else {
$random_var = '-';
}
$last = ceil($count/100);
if ($last > $page) {
$lastpage = ' »» ';
}
$first = 1;
if ($page > $first) {
$firstpage = ' «« ';
}
?>
1) {
$prevpage = '« Previous Page ';
}
$first = 1;
if ($page > $first) {
$firstpage = ' «« ';
} else {
$firstpage = '';
}
if ($prevpage == '' || $nextpage == '') {
$random_var = '';
} else {
$random_var = '-';
}
?>
Username:
Time:
URL:
Action:
Ip:
result($db->query("SELECT count(fid) FROM ".X_PREFIX."logs WHERE (fid='0' AND tid='0')"), 0);
if (!$page) {
$page = 1;
}
$old = (($page-1)*100);
$current = ($page*100);
$firstpage = '';
$prevpage = '';
$nextpage = '';
$random_var = '';
$query = $db->query("SELECT l.*, t.subject FROM ".X_PREFIX."logs l LEFT JOIN ".X_PREFIX."threads t ON l.tid=t.tid WHERE (l.fid='0' AND l.tid='0') ORDER BY date ASC LIMIT $old, 100");
$url = '';
while($recordinfo = $db->fetch_array($query)) {
$date = gmdate($dateformat, $recordinfo['date']);
$time = gmdate($timecode, $recordinfo['date']);
$action = explode('|#|', $recordinfo['action']);
if (strpos($action[1], '/') === false) {
$recordinfo['action'] = $action[1];
$url = ' ';
} else {
$recordinfo['action'] = ' ';
$url = $action[1];
}
?>
at
$current) {
$page = $current/100;
if ($page > 1) {
$prevpage = '« Previous Page ';
}
$nextpage = 'Next Page » ';
if ($prevpage == '' || $nextpage == '') {
$random_var = '';
} else {
$random_var = '-';
}
$last = ceil($count/100);
if ($last > $page) {
$lastpage = ' »» ';
}
$first = 1;
if ($page > $first) {
$firstpage = ' «« ';
}
?>
« Previous Page';
}
$first = 1;
if ($page > $first) {
$firstpage = ' «« ';
}
?>
query("DELETE FROM ".X_PREFIX."attachments WHERE aid=$aid");
echo "Deleted ...";
}
echo '';
end_time();
eval('echo "'.template('footer').'";');
?>