PC World 2001 March

home *** CD-ROM | disk | FTP | other *** search

/ PC World 2001 March / PCWorld_2001-03_cd.bin / KOMUNIK / progweb / progweb.exe / phpnuke / html / user.php < prev next >

Wrap

PHP Script | 2000-12-05 | 28.6 KB | 644 lines

<?PHP ###################################################################### # PHP-NUKE: Web Portal System # =========================== # # Copyright (c) 2000 by Francisco Burzi (fburzi@ncc.org.ve) # http://phpnuke.org # # This modules is to manage all registered user's options # # This program is free software. You can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License. ###################################################################### if(!isset($mainfile)) { include("mainfile.php"); } function nav() { global $uimages; ?> <center> <a href="user.php?op=edituser"><img src=<?php echo "$uimages"; ?>/edit.gif border=0></a> <a href="user.php?op=edithome"><img src=<?php echo "$uimages"; ?>/change.gif border=0></a> <a href="user.php?op=editcomm"><img src=<?php echo "$uimages"; ?>/conf_comments.gif border=0></a> <a href="user.php?op=chgtheme"><img src=<?php echo "$uimages"; ?>/theme.gif border=0></a> <a href="user.php?op=logout"><img src=<?php echo "$uimages"; ?>/exit.gif border=0></a><br><br> </center> <?php } function userCheck($uname, $email) { global $stop; if ((!$email) || ($email=="") || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$",$email))) $stop = "<center>".translate("ERROR: Invalid email")."</center><br>"; if (strrpos($uname,' ') > 0) $stop = "<center>".translate("ERROR: Email addresses do not contain spaces.")."</center>"; if ((!$uname) || ($uname=="") || (ereg("[^a-zA-Z0-9_-]",$uname))) $stop = "<center>".translate("ERROR: Invalid Nickname")."</center><br>"; if (strlen($uname) > 25) $stop = "<center>".translate("Nickname is too long. It must be less than 25 characters.")."</center>"; if (eregi("^((root)|(adm)|(linux)|(webmaster)|(admin)|(god)|(administrator)|(administrador)|(nobody)|(anonymous)|(anonimo)|(an≤nimo)|(operator))$",$uname)) $stop = "<center>".translate("ERROR: Name is reserved.").""; if (strrpos($uname,' ') > 0) $stop = "<center>".translate("There cannot be any spaces in the Nickname.")."</center>"; if (mysql_num_rows(mysql_query("select uname from users where uname='$uname'")) > 0) $stop = "<center>".translate("ERROR: Nickname taken")."</center><br>"; if (mysql_num_rows(mysql_query("select email from users where email='$email'")) > 0) $stop = "<center>".translate("ERROR: Email address already registered")."</center><br>"; return($stop); } function makePass() { $makepass=""; $syllables="er,in,tia,wol,fe,pre,vet,jo,nes,al,len,son,cha,ir,ler,bo,ok,tio,nar,sim,ple,bla,ten,toe,cho,co,lat,spe,ak,er,po,co,lor,pen,cil,li,ght,wh,at,the,he,ck,is,mam,bo,no,fi,ve,any,way,pol,iti,cs,ra,dio,sou,rce,sea,rch,pa,per,com,bo,sp,eak,st,fi,rst,gr,oup,boy,ea,gle,tr,ail,bi,ble,brb,pri,dee,kay,en,be,se"; $syllable_array=explode(",", $syllables); srand((double)microtime()*1000000); for ($count=1;$count<=4;$count++) { if (rand()%10 == 1) { $makepass .= sprintf("%0.0f",(rand()%50)+1); } else { $makepass .= sprintf("%s",$syllable_array[rand()%62]); } } return($makepass); } function confirmNewUser($uname, $email) { global $stop, $EditedMessage; include("header.php"); filter_text($uname); $uname = $EditedMessage; userCheck($uname, $email); if (!$stop) { echo "Username: $uname<br>" ."Email: $email<br>"; ?> <form action="user.php" method="post"> <input type="hidden" name="uname" value="<?PHP echo"$uname"; ?>"> <input type="hidden" name="email" value="<?PHP echo"$email"; ?>"> <br><br><input type=hidden name=op value=finish><input type="submit" value="<?php echo translate("Finish"); ?>"></form> <?PHP } else { echo "$stop"; } include("footer.php"); } function finishNewUser($uname, $email) { global $stop, $makepass, $EditedMessage, $system; include("header.php"); userCheck($uname, $email); if (!isset($stop)) { $makepass=makepass(); if(!$system) $cryptpass=crypt($makepass); else $cryptpass=$makepass; $result = mysql_query("insert into users values (NULL,'','$uname','$email','','','$cryptpass',10,'',0,0,0,'',0,'','','$commentlimit', '0')"); if(!$result) { echo mysql_errno(). ": ".mysql_error(). "<br>"; } else { $message = "".translate("Welcome to")." $sitename!\n\n".translate("You or someone else has used your email account")." ($email) ".translate("to register an account at")." $sitename. ".translate("The following is the member information:")."\n\n".translate("-Nickname: ")." $uname\n".translate("-Password: ")." $makepass"; $subject="".translate("User Password for")." $uname"; $from="$adminmail"; if ($system == 1) { echo "".translate("Your password is: ")."<b>$makepass</b><br>"; echo "<a href=\"user.php?op=login&uname=$uname&pass=$makepass\">Login</a> to change your info"; } else { mail($email, $subject, $message, "From: $from\nX-Mailer: PHP/" . phpversion()); echo "".translate("You are now registered. You should receive your password at the email account you provided.").""; } } } else { echo "$stop"; } include("footer.php"); } function userinfo($uname, $bypass=0) { global $user, $cookie, $sitename; $result = mysql_query("select femail, url, bio from users where uname='$uname'"); $userinfo = mysql_fetch_array($result); if(!$bypass) cookiedecode($user); include("header.php"); if(($uname == $cookie[1]) || ($bypass==1)) { echo "<font size=4><center>$uname, ".translate("Welcome to")." $sitename!<br><br>"; echo "<font size=3>".translate("This is your personal page")."<hr size=1 noshade>"; nav(); } if((mysql_num_rows($result)==1) && ($userinfo[url] || $userinfo[femail] || $userinfo[bio])) { if ($userinfo[url]) { echo "".translate("My HomePage:")." <a href=\"$userinfo[url]\">$userinfo[url]</a><br>\n"; } if ($userinfo[femail]) { echo "".translate("My E-Mail:")." <a href=\"mailto:$userinfo[femail]\">$userinfo[femail]</a><br>\n"; } if ($userinfo[bio]) { echo "<br><b>".translate("Extra Info:")." </b><br>$userinfo[bio]<br>\n"; } } else { echo "<center>".translate("There is no available info for")." $uname</center>"; } echo "<center><br><br>"; echo "<table cellpadding=1 cellspacing=0 border=0 bgcolor=000000 width=80%><tr><td>"; echo "<table cellpadding=8 cellspacing=0 border=0 bgcolor=FFFFFF width=100%><tr><td>"; echo "<b>".translate("Last 10 comments by")." $uname:</b><br>"; $result = mysql_query("select tid, sid, subject from comments where name='$uname' order by tid DESC limit 0,10"); while(list($tid, $sid, $subject) = mysql_fetch_row($result)) { echo "<li><a href=article.php?thold=-1&mode=flat&order=0&sid=$sid#$tid>$subject</a><br>"; } echo "</td></tr></table></td></tr></table>"; echo "<br><br>"; echo "<table cellpadding=1 cellspacing=0 border=0 bgcolor=000000 width=80%><tr><td>"; echo "<table cellpadding=8 cellspacing=0 border=0 bgcolor=FFFFFF width=100%><tr><td>"; echo "<b>".translate("Last 10 news submissions sent by")." $uname:</b><br>"; $result = mysql_query("select sid, title from stories where informant='$uname' order by sid DESC limit 0,10"); while(list($sid, $title) = mysql_fetch_row($result)) { echo "<li><a href=article.php?sid=$sid>$title</a><br>"; } echo "</td></tr></table></td></tr></table>"; include("footer.php"); } function main($user) { global $stop; if(!isset($user)) { include("header.php"); ?> <?PHP if ($stop) echo "<center><blink><marquee><h3>".translate("Incorrect Login!")."</h3></marquee></blink></center>"; ?> <?php if ($user) { } else { ?> <table cellpadding=1 cellspacing=0 border=0 bgcolor=000000 width="100%"><tr><td> <table cellpadding=8 cellspacing=0 border=0 bgcolor=FFFFFF width="100%"> <tr><td valign="top"> <form action="user.php" method="post"> <b><?php echo translate("User Login"); ?></b><br><br> <?php echo translate("Nickname: "); ?><input class=textbox type="text" name="uname" size=26 maxlength=25><br> <?php echo translate("Password: "); ?><input class=textbox type="password" name="pass" size=21 maxlength=20><br> <input type=hidden name=op value="login"> <input type="submit" value="<?php echo translate("Login"); ?>"> </td</tr></table></td</tr></table></form> <br> <?php } ?> <table cellpadding=1 cellspacing=0 border=0 bgcolor=000000 width="100%"><tr><td> <table cellpadding=8 cellspacing=0 border=0 bgcolor=FFFFFF width="100%"> <tr><td valign="top"> <form action="user.php" method="post"> <b><?php echo translate("New User:"); ?></b><br><br> <?php echo translate("Nickname: "); ?><input class=textbox type="text" name="uname" size=26 maxlength=25><br> <?php echo translate("E-Mail: "); ?><input class=textbox type="text" name="email" size=25 maxlength=60><br> <input type=hidden name=op value="new user"> <input type="submit" value="<?php echo translate("New User"); ?>"> </form> <font size=2><?php echo translate("(Password will be sent to the email address you enter.)"); ?><br><br> <font size=2><?php echo translate("Notice: Account preferences are cookie based."); ?></font><br> <?php echo translate("As a registered user you can:"); ?><br> <li> <?php echo translate("Post comments with your name"); ?> <li> <?php echo translate("Send news with your name"); ?> <li> <?php echo translate("Have a personal box in the Home"); ?> <li> <?php echo translate("Select how many news you want in the Home"); ?> <li> <?php echo translate("Customize the comments"); ?> <li> <?php echo translate("Select different themes"); ?> <li> <?php echo translate("some other cool stuff..."); ?><br> <?php echo translate("Register Now! It's Free!"); ?><br> <?php echo translate("We don't sell/give to others your personal info."); ?> </td</tr></table></td</tr></table> <br><br> <table cellpadding=1 cellspacing=0 border=0 bgcolor=000000 width="100%"><tr><td> <table cellpadding=8 cellspacing=0 border=0 bgcolor=FFFFFF width="100%"> <tr><td valign="top"> <b><?php echo translate("Lost your Password?"); ?></b><br><br> <font size=2> <?php echo translate("No problem. Just type your Nickname and click on send button."); ?><br> <?php echo translate("Confirmation Info"); ?><br> <form action="user.php" method="post"> <?php echo translate("Nickname: "); ?><input class=textbox type="text" name="uname" size=26 maxlength=25> <?php echo translate("Confirmation Code: "); ?><input class=textbox type="text" name="code" size=5 maxlength=6><br> <input type=hidden name=op value=mailpasswd> <input type="submit" value="<?php echo translate("Send Password"); ?>"> </td></tr></table></td></tr></table></form> <?PHP include("footer.php"); } elseif(isset($user)) { global $cookie; cookiedecode($user); userinfo($cookie[1]); } } function logout() { setcookie("user"); include("header.php"); ?> <?php echo " <center><font size=4><br><br> ".translate("You are now logged out")." </center>"; ?> <?PHP include("footer.php"); } function mail_password($uname, $code) { global $system, $aminmail, $nuke_url; $result = mysql_query("select email, pass from users where (uname='$uname')"); if(!$result) { echo "<center>".translate("Sorry, no corresponding user info was found")."</center>"; } else { $host_name = getenv("REMOTE_ADDR"); list($email, $pass) = mysql_fetch_row($result); $areyou = substr($pass, 0, 5); if ($areyou==$code) { $newpass=makepass(); $message = "".translate("The user account")." '$uname' ".translate("at")." $nuke_url ".translate("has this email associated with it.")." ".translate("A web user from")." $host_name ".translate("has just requested that password be sent.")."\n\n".translate("Your New Password is:")." $newpass\n\n ".translate("You can change it after you login at")." $nuke_url/user.php\n\n".translate("If you didn't ask for this, don't worry. You are seeing this message, not 'them'. If this was an error just login with your new password.").""; $subject="".translate("User Password for")." $uname"; mail($email, $subject, $message, "From: $adminmail\nX-Mailer: PHP/" . phpversion()); // Next step: add the new password to the database if(!$system) { $cryptpass=crypt($newpass); } else { $cryptpass=$newpass; } $query="update users set pass='$cryptpass' where uname='$uname'"; if(!mysql_query($query)) { echo "mail_password: could not update user entry. Contact the Administrator"; } $titlebar = "User password sent"; include ("header.php"); echo "<center>".translate("Password for")." $uname ".translate("mailed.").""; include ("footer.php"); // If no Code, send it } else { $result = mysql_query("select email, pass from users where (uname='$uname')"); if(!$result) { echo "<center>".translate("Sorry, no corresponding user info was found")."</center>"; } else { $host_name = getenv("REMOTE_ADDR"); list($email, $pass) = mysql_fetch_row($result); $areyou = substr($pass, 0, 5); $message = "".translate("The user account")." '$uname' ".translate("at")." $nuke_url ".translate("has this email associated with it.")." ".translate("A web user from")." $host_name ".translate("has just requested a Confirmation Code to change the password.")."\n\n".translate("Your Confirmation Code is:")." $areyou \n\n".translate("With this code you can now assign a new password at")." $nuke_url/user.php\n".translate("If you didn't ask for this, don't worry. Just delete this Email.").""; $subject="".translate("Confirmation Code for")." $uname"; mail($email, $subject, $message, "From: $adminmail\nX-Mailer: PHP/" . phpversion()); include ("header.php"); echo "<center>".translate("Confirmation Code for")." $uname ".translate("mailed.").""; include ("footer.php"); } } } } function docookie($setuid, $setuname, $setpass, $setstorynum, $setumode, $setuorder, $setthold, $setnoscore, $setublockon, $settheme, $setcommentmax) { $info = base64_encode("$setuid:$setuname:$setpass:$setstorynum:$setumode:$setuorder:$setthold:$setnoscore:$setublockon:$settheme:$setcommentmax"); setcookie("user","$info",time()+15552000); // 6 mo is 15552000 } function login($uname, $pass) { global $setinfo, $system, $nuke_url; $result = mysql_query("select pass, uid, storynum, umode, uorder, thold, noscore, ublockon, theme, commentmax from users where uname='$uname'"); if(mysql_num_rows($result)==1) { $setinfo = mysql_fetch_array($result); $dbpass=$setinfo[pass]; if(!$system) $pass=crypt($pass,substr($dbpass,0,2)); if (strcmp($dbpass,$pass)) { Header("Location: $nuke_url/user.php?stop=1"); return; } docookie($setinfo[uid], $uname, $pass, $setinfo[storynum], $setinfo[umode], $setinfo[uorder], $setinfo[thold], $setinfo[noscore], $setinfo[ublockon], $setinfo[theme], $setinfo[commentmax]); Header("Location: user.php?op=userinfo&bypass=1&uname=$uname"); } else { Header("Location: user.php?stop=1"); } } function infoCheck($uid, $email, $url) { global $stop; if ((!$email) || ($email=="") || (!ereg("[@]",$email)) || (!ereg("[.]",$email)) || (strlen($email) < 7) || (ereg("[^a-zA-Z0-9@.]",$email))) { $stop = "Invalid email<br>"; } if (($url) && ($url!="http://") && ((!ereg("[http://]",$url)) || (!ereg("[.]",$url)) || (strlen($url) < 12) || (ereg("[^a-zA-Z0-9~.:/]",$url)))) { $stop = "Invalid URL<br>"; } list($test) = mysql_fetch_row(mysql_query("select email from users where (email='$email' and uid!=$uid)")); if ("$test"=="$email") $stop = "<center>".translate("ERROR: Email address already registered")."</center><br>"; return($stop); } function edituser() { global $user, $userinfo; include("header.php"); getusrinfo($user); nav(); ?> <table cellpadding=8 border=0><tr><td> <form action="user.php" method="post"> <b><?php echo translate("Real Name"); ?></b> <?php echo translate("(optional)"); ?><br> <input class=textbox type="text" name="name" value="<?PHP echo"$userinfo[name]"; ?>" size=30 maxlength=60><br> <b><?php echo translate("Real Email"); ?></b> <?php echo translate("(required)"); ?><br> <?php echo translate("(This Email will not be public but is required, will be used to send your password if you lost it)"); ?><br> <input class=textbox type="text" name="email" value="<?PHP echo"$userinfo[email]"; ?>" size=30 maxlength=60><br> <b><?php echo translate("Fake Email"); ?></b> <?php echo translate("(optional)"); ?><br> <?php echo translate("(This Email will be public. Just type what you want, Spam proof)"); ?><br> <input class=textbox type="text" name="femail" value="<?PHP echo"$userinfo[femail]"; ?>" size=30 maxlength=60><br> <b><?php echo translate("Your HomePage"); ?></b> <?php echo translate("(optional)"); ?><br> <input class=textbox type="text" name="url" value="<?PHP echo"$userinfo[url]"; ?>" size=30 maxlength=100><br> <b><?php echo translate("Extra Info"); ?></b> <?php echo translate("(optional)"); ?><br> <?php echo translate("(255 characters max. Type what others can know about yourself)"); ?><br> <textarea class=textbox wrap=virtual cols=50 rows=5 name=bio><?PHP echo"$userinfo[bio]"; ?></TEXTAREA> <br><br> <b><?php echo translate("Password"); ?></b> <?php echo translate("(type a new password twice to change it)"); ?><br> <input class=textbox type="password" name="pass" size=10 maxlength=20> <input class=textbox type="password" name="vpass" size=10 maxlength=20> <br><br> <input type="hidden" name="uname" value="<?PHP echo"$userinfo[uname]"; ?>"> <input type="hidden" name="uid" value="<?PHP echo"$userinfo[uid]"; ?>"> <input type="hidden" name="op" value="saveuser"> <input type="submit" value="<?php echo translate("Save Changes"); ?>"> </form></td></tr></table> <?PHP include("footer.php"); } function saveuser($uid, $name, $uname, $email, $femail, $url, $pass, $vpass, $bio) { global $user, $cookie, $userinfo, $EditedMessage, $system, $minpass; cookiedecode($user); // Vulnerability fix thanks to DrBrain $user_check=$cookie[1]; $result=mysql_query("select uid from users where uname='$user_check'"); $vuid=mysql_result($result,0,"uid"); if ($user AND ($cookie[1] == $uname) AND ($uid == $vuid)) { if ((isset($pass)) && ("$pass" != "$vpass")) { echo "<center>".translate("Both passwords are different. They need to be identical.")."</center>"; } elseif (($pass != "") && (strlen($pass) < $minpass)) { echo "<center>".translate("Sorry, your password must be at least")." <b>$minpass</b> ".translate("characters long")."</center>"; } else { if ($bio) { filter_text($bio); $bio = $EditedMessage; $bio = FixQuotes($bio); } if ($pass != "") { mysql_query("LOCK TABLES users WRITE"); if(!$system) $pass=crypt($pass); mysql_query("update users set name='$name', email='$email', femail='$femail', url='$url', pass='$pass', bio='$bio' where uid='$uid'"); $result = mysql_query("select uid, uname, pass, storynum, umode, uorder, thold, noscore, ublockon, theme from users where uname='$uname' and pass='$pass'"); if(mysql_num_rows($result)==1) { $userinfo = mysql_fetch_array($result); docookie($userinfo[uid],$userinfo[uname],$userinfo[pass],$userinfo[storynum],$userinfo[umode],$userinfo[uorder],$userinfo[thold],$userinfo[noscore],$userinfo[ublockon],$userinfo[theme],$userinfo[commentmax]); } else { echo "<center>".translate("Something screwed up... don't you hate that?")."</center><br>"; } mysql_query("UNLOCK TABLES"); } else { mysql_query("update users set name='$name', email='$email', femail='$femail', url='$url', bio='$bio' where uid=$uid"); } Header("Location: user.php?"); // question is wierd bugfix } } else { Header("Location: user.php"); } } function edithome() { global $user, $userinfo, $Default_Theme; include ("header.php"); getusrinfo($user); nav(); if($userinfo[theme]=="") $userinfo[theme] = "$Default_Theme"; ?> <table cellpadding=8 border=0><tr><td> <form action="user.php" method="post"> <b><?php echo translate("News number in the Home"); ?></b> (max: 127)<br> <input class=textbox type="text" name="storynum" size=3 maxlength=3 value=<?PHP echo"$userinfo[storynum]"; ?>> <br><br> <B><?php echo translate("Activate Personal Menu"); ?></B> <INPUT type=checkbox name=ublockon <?PHP if ($userinfo[ublockon]==1) { echo "checked"; } ?>> <br><?php echo translate("(Check this option and the following text will appear in the Home)"); ?> <br><?php echo translate("(You can use HTML code to put links, for example)"); ?><br> <textarea class=textbox cols=55 rows=5 name=ublock><?PHP echo"$userinfo[ublock]"; ?></textarea> <br><br> <input type="hidden" name="theme" value="<?PHP echo"$userinfo[theme]"; ?>"> <input type="hidden" name="uname" value="<?PHP echo"$userinfo[uname]"; ?>"> <input type="hidden" name="uid" value="<?PHP echo"$userinfo[uid]"; ?>"> <input type="hidden" name="op" value="savehome"> <input type="submit" value="<?php echo translate("Save Changes!"); ?>"> </form></td></tr></table> <?PHP include ("footer.php"); } function chgtheme() { global $user, $userinfo; include ("header.php"); getusrinfo($user); nav(); ?> <center> <form action="user.php" method="post"> <b><?php echo translate("Select One Theme"); ?></b><br> <select class=textbox name=theme> <?php include("themes/list.php"); $themelist = explode(" ", $themelist); for ($i=0; $i < sizeof($themelist); $i++) { if($themelist[$i]!="") { echo "<option value=\"$themelist[$i]\" "; if((($userinfo[theme]=="") && ($themelist[$i]=="$Default_Theme")) || ($userinfo[theme]==$themelist[$i])) echo "selected"; echo ">$themelist[$i]\n"; } } if($userinfo[theme]=="") $userinfo[theme] = "Default_Theme"; ?> </select><br> <?php echo " ".translate("This option will change the look for the whole site.")."<br> ".translate("The changes will be valid only to you.")."<br> ".translate("Each user can view the site with different theme.")."<br> "; ?> <br> <input type="hidden" name="storynum" value="<?PHP echo"$userinfo[storynum]"; ?>"> <input type="hidden" name="ublockon" value="<?PHP echo"$userinfo[ublockon]"; ?>"> <input type="hidden" name="ublock" value="<?PHP echo"$userinfo[ublock]"; ?>"> <input type="hidden" name="uname" value="<?PHP echo"$userinfo[uname]"; ?>"> <input type="hidden" name="uid" value="<?PHP echo"$userinfo[uid]"; ?>"> <input type="hidden" name="op" value="savetheme"> <input type="submit" value="<?php echo translate("Save Changes!"); ?>"> </form> <?PHP include ("footer.php"); } function savehome($uid, $uname, $theme, $storynum, $ublockon, $ublock) { global $user, $userinfo, $cookie; cookiedecode($user); $user_check=$cookie[1]; $result=mysql_query("select uid from users where uname='$user_check'"); $vuid=mysql_result($result,0,"uid"); if ($user AND ($cookie[1] == $uname) AND ($uid == $vuid)) { if(isset($ublockon)) $ublockon=1; else $ublockon=0; $ublock = FixQuotes($ublock); mysql_query("update users set storynum='$storynum', ublockon='$ublockon', ublock='$ublock' where uid=$uid"); getusrinfo($user); docookie($userinfo[uid],$userinfo[uname],$userinfo[pass],$userinfo[storynum],$userinfo[umode],$userinfo[uorder],$userinfo[thold],$userinfo[noscore],$userinfo[ublockon],$userinfo[theme],$userinfo[commentmax]); Header("Location: user.php?theme=$theme"); } } function savetheme($uid, $theme) { global $user, $userinfo, $cookie; cookiedecode($user); $user_check=$cookie[1]; $result=mysql_query("select uid, uname from users where uname='$user_check'"); list($ni, $uname) = mysql_fetch_row($result); $vuid=mysql_result($result,0,"uid"); if ($user AND ($cookie[1] == $uname) AND ($uid == $vuid)) { mysql_query("update users set theme='$theme' where uid=$uid"); getusrinfo($user); docookie($userinfo[uid],$userinfo[uname],$userinfo[pass],$userinfo[storynum],$userinfo[umode],$userinfo[uorder],$userinfo[thold],$userinfo[noscore],$userinfo[ublockon],$userinfo[theme],$userinfo[commentmax]); Header("Location: user.php?theme=$theme"); } } function editcomm() { global $user, $userinfo; include ("header.php"); getusrinfo($user); nav(); ?> <table cellpadding=8 border=0><tr><td> <form action="user.php" method="post"> <b><?php echo translate("Display Mode"); ?></b> <select class=textbox name=umode> <option value="nocomments" <?PHP if ($userinfo[umode] == 'nocomments') { echo "selected"; } ?>><?php echo translate("No Comments"); ?> <option value="nested" <?PHP if ($userinfo[umode] == 'nested') { echo "selected"; } ?>><?php echo translate("Nested"); ?> <option value="flat" <?PHP if ($userinfo[umode] == 'flat') { echo "selected"; } ?>><?php echo translate("Flat"); ?> <option value="thread" <?PHP if (!isset($userinfo[umode]) || ($userinfo[umode]=="") || $userinfo[umode]=='thread') { echo "selected"; } ?>><?php echo translate("Thread"); ?> </select> <br><br> <b><?php echo translate("Sort Order"); ?></b> <select class=textbox name=uorder> <option value="0" <?PHP if (!$userinfo[uorder]) { echo "selected"; } ?>><?php echo translate("Oldest First"); ?> <option value="1" <?PHP if ($userinfo[uorder]==1) { echo "selected"; } ?>><?php echo translate("Newest First"); ?> <option value="2" <?PHP if ($userinfo[uorder]==2) { echo "selected"; } ?>><?php echo translate("Highest Scores First"); ?> </select> <br><br> <b><?php echo translate("Threshold"); ?></b> <?php echo translate("Comments scored less than this setting will be ignored."); ?><br> <select class=textbox name=thold> <option value="-1" <?PHP if ($userinfo[thold]==-1) { echo "selected"; } ?>>-1: <?php echo translate("Uncut and Raw"); ?> <option value="0" <?PHP if ($userinfo[thold]==0) { echo "selected"; } ?>>0: <?php echo translate("Almost Everything"); ?> <option value="1" <?PHP if ($userinfo[thold]==1) { echo "selected"; } ?>>1: <?php echo translate("Filter Most Anon"); ?> <option value="2" <?PHP if ($userinfo[thold]==2) { echo "selected"; } ?>>2: <?php echo translate("Score"); ?> +2 <option value="3" <?PHP if ($userinfo[thold]==3) { echo "selected"; } ?>>3: <?php echo translate("Score"); ?> +3 <option value="4" <?PHP if ($userinfo[thold]==4) { echo "selected"; } ?>>4: <?php echo translate("Score"); ?> +4 <option value="5" <?PHP if ($userinfo[thold]==5) { echo "selected"; } ?>>5: <?php echo translate("Score"); ?> +5 </select><br> <?php echo translate("Anonymous posts start at 0, logged in posts start at 1. Moderators add and subtract points."); ?> <br><br> <INPUT type=checkbox name=noscore <?PHP if ($userinfo[noscore]==1) { echo "checked"; } ?>><B> <?php echo translate("Do Not Display Scores"); ?></B> <?php echo translate("(Hides score: They still apply, you just don't see them.)"); ?> <br><br> <b><?php echo translate("Max Comment Length"); ?></b> <?php echo translate("(Truncates long comments, and adds a Read More link. Set really big to disable)"); ?><br> <input class=textbox type="text" name="commentmax" value="<?PHP echo $userinfo[commentmax] ?>" size=11 maxlength=11> bytes (1024 bytes = 1K) <br><br> <input type="hidden" name="uname" value="<?PHP echo"$userinfo[uname]"; ?>"> <input type="hidden" name="uid" value="<?PHP echo"$userinfo[uid]"; ?>"> <input type="hidden" name="op" value="savecomm"> <input type="submit" value="<?php echo translate("Save Changes"); ?>"> </form></td></tr></table> <?PHP include ("footer.php"); } function savecomm($uid, $uname, $umode, $uorder, $thold, $noscore, $commentmax) { global $user, $userinfo, $cookie; cookiedecode($user); $user_check=$cookie[1]; $result=mysql_query("select uid from users where uname='$user_check'"); $vuid=mysql_result($result,0,"uid"); if ($user AND ($cookie[1] == $uname) AND ($uid == $vuid)) { if(isset($noscore)) $noscore=1; else $noscore=0; mysql_query("update users set umode='$umode', uorder='$uorder', thold='$thold', noscore='$noscore', commentmax='$commentmax' where uid=$uid"); getusrinfo($user); docookie($userinfo[uid],$userinfo[uname],$userinfo[pass],$userinfo[storynum],$userinfo[umode],$userinfo[uorder],$userinfo[thold],$userinfo[noscore],$userinfo[ublockon],$userinfo[theme],$userinfo[commentmax]); Header("Location: user.php?"); } } switch($op) { case "logout": logout(); break; case "lost_pass": lost_pass(); break; case "new user": confirmNewUser($uname, $email); break; case "finish": finishNewUser($uname, $email); break; case "mailpasswd": mail_password($uname, $code); break; case "userinfo": userinfo($uname, $bypass); break; case "login": login($uname, $pass); break; case "dummy": // this is needed to give the cookie a chance to digest Header("Location: user.php"); break; case "edituser": edituser(); break; case "saveuser": saveuser($uid, $name, $uname, $email, $femail, $url, $pass, $vpass, $bio); break; case "edithome": edithome(); break; case "chgtheme": chgtheme(); break; case "savehome": savehome($uid, $uname, $theme, $storynum, $ublockon, $ublock); break; case "savetheme": savetheme($uid, $theme); break; case "editcomm": editcomm(); break; case "savecomm": savecomm($uid, $uname, $umode, $uorder, $thold, $noscore, $commentmax); break; default: main($user); break; } ?>