hey guiz...hackers use srticles 4 hacking now they put js..when the users read that article,,they can hack or steal the session ID.thats it,,so any one here..post a code 4 locking article,,,,tnx,,,or only staff can make article,,also pls,,,,post here the code that only users that have 200 plusses can upload photos
-
-
if(!getplusses(getuid_sid($sid))>200)
{
echo "<p align=\"center\">";
echo "you should have 200 plusses to add a articles<br/><br/>"; -
If(ismod()){ echo "**** u hehe ur n0t all0wed"; exit();}Comment
-
There are many ways in hacking . . even n0t logging in from ur site lolComment
-
Why lock it or allow only staff to use it ? why dont you fix it rather than stop people from using it?
$string = htmlspecialchars($string);
$string = str_replace(".js","get lost",$string);Comment
-
where to put that,, articles.php or index.php?Comment
-
it needs placing after the information has been posted into articles
without seeing script i cant tell u where :P
also $string needs replacing to what ever the articles string is
if you post script here i can show u where
Comment
-
Instead allow only user that have chatpost more then 2000 chatpost can post articlesComment
-
Still doesnt solve the problem lolOriginally posted by friend View Post
I dont use articles my self as they seem really pointless as exactly the same can be posted in forum?Comment
-
PHP Code:<?php
include("core.php");
include("config.php");
header("Content-type: text/html; charset=ISO-8859-1");
echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>";
echo "<!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.0//EN\"\"http://www.wapforum.org/DTD/xhtml-mobile10.dtd\">";
echo "<html xmlns=\"http://www.w3.org/1999/xhtml\">";
echo "<head>";
echo "<title>beta Articles</title>";
echo "<link rel=\"StyleSheet\" type=\"text/css\" href=\"style/style.css\" />";
echo "</head>";
echo "<body>";
$bcon = connectdb();
if (!$bcon)
{
echo "<p align=\"center\">";
echo "sorry probably our database cant hold the system of our server.<br/>";
echo "Please come back later<br/><br/>";
echo "</p>";
exit();
}
$action = $_GET["action"];
$sid = $_GET["sid"];
$artid = $_GET["artid"];
$page = $_GET["page"];
$uid = getuid_sid($sid);
if($action != "")
{
if(islogged($sid)==false)
{
echo "<p align=\"center\">";
echo "You are not logged in<br/>";
echo "Or Your session has been expired<br/><br/>";
echo "<a href=\"index.php\">Login</a>";
echo "</p>";
exit();
}
}
if(isbanned($uid))
{
echo "<p align=\"center\">";
echo "<img src=\"images/exit2.gif\" alt=\"*\"/><br/>";
echo "You are <b>Banned</b><br/>";
$banto = mysql_fetch_array(mysql_query("SELECT timeto FROM ibwf_penalties WHERE uid='".$uid."' AND penalty='1'"));
$remain = $banto[0]- time();
$rmsg = gettimemsg($remain);
echo "Time to finish your penalty: $rmsg<br/><br/>";
//echo "<a href=\"index.php\">Login</a>";
echo "</p>";
exit();
}
if($action=="articles")
{
addonline(getuid_sid($sid),"Articles","index.php?action=$action");
echo "<p align=\"left\">";
echo "PinoyAztig Articles<br/>";
$fcats = mysql_query("SELECT id, name FROM ibwf_articles ORDER BY id");
while($fcat=mysql_fetch_array($fcats))
{
$noi = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_readart WHERE cid='".$fcat[0]."'"));
$catlink = "• <a href=\"articles.php?action=cwart&sid=$sid&cid=$fcat[0]&browse?\">$fcat[1]($noi[0])</a>";
echo "<br/>$catlink";
}
echo "<br/><a href=\"index.php?action=main&sid=$sid&browse?\">";
echo "Main menu</a>";
echo "</p>";
echo "<p align=\"center\">";
echo "</p>";
}
//////////////////////////////////ONLINE USERS
else if($action=="newart")
{
$cid = $_GET["cid"];
$artid = $_GET["artid"];
addonline(getuid_sid($sid),"Making new article","index.php?action=$action&fid=$fid");
echo "<p align=\"left\">";
echo "<form action=\"articles.php?action=done&sid=$sid&artid=$artid\" method=\"post\">";
echo "Article: <input name=\"ntitle\" maxlength=\"60\"/><br/>";
echo "Details: <input name=\"tpctxt\" maxlength=\"300\"/><br/>";
echo "<input type=\"hidden\" name=\"cid\" value=\"$cid\"/>";
echo "<input type=\"submit\" value=\"SUBMIT\"/>";
echo "</form>";
echo "<br/><a href=\"articles.php?action=articles&sid=$sid&browse?\">";
echo "Articles</a>";
echo "<br/><a href=\"index.php?action=main&sid=$sid&browse?\">";
echo "Main menu</a>";
echo "</p>";
}
//////////////////////////////////ONLINE USERS
else if($action=="newart2")
{
$artid = $_GET["artid"];
$cid = $_GET["cid"];
$id = $_GET["id"];
addonline(getuid_sid($sid),"Making new article","index.php?action=$action&fid=$fid");
echo "<p align=\"left\">";
echo "<form action=\"articles.php?action=done2&sid=$sid&artid=$artid&cid=$cid&id=$id\" method=\"post\">";
echo "Details: <input name=\"tpctxt\" maxlength=\"300\"/><br/>";
echo "<input type=\"hidden\" name=\"cid\" value=\"$cid\"/>";
echo "<input type=\"submit\" value=\"SUBMIT\"/>";
echo "</form>";
echo "<br/><a href=\"articles.php?action=articles&sid=$sid&browse?\">";
echo "Articles</a>";
echo "<br/><a href=\"index.php?action=main&sid=$sid&browse?\">";
echo "Main menu</a>";
echo "</p>";
}
/////////////////////////////////////////////////////new tops
else if($action=="done")
{
$artid = $_GET["artid"];
$cid = $_POST["cid"];
$ntitle = $_POST["ntitle"];
$tpctxt = $_POST["tpctxt"];
addonline(getuid_sid($sid),"Making New Article","index.php?action=main");
echo "<p align=\"center\">";
$crdate = time();
$uid = getuid_sid($sid);
$texst = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_readart WHERE name LIKE '".$ntitle."' AND cid='".$cid."'"));
if($texst[0]==0)
{
$res = false;
if((trim($ntitle)!="")||(trim($tpctxt)!=""))
{
$res = mysql_query("INSERT INTO ibwf_readart SET name='".$ntitle."', cid='".$cid."', authorid='".$uid."', text='".$tpctxt."', crdate='".$crdate."'");
}
if($res)
{
$tnm = htmlspecialchars($ntitle);
echo "Article <b>$tnm</b> Submitted Successfully<br/>";
}else{
echo "Article could not submit";
}
}else{
echo "Article name Already submitted";
}
echo "<br/><a href=\"articles.php?action=articles&sid=$sid&browse?\">";
echo "Articles</a>";
echo "<br/>";
echo "<br/><a href=\"index.php?action=main&sid=$sid&type=send&browse?start\">";
echo "Main menu</a>";
echo "</p>";
echo "</card>";
}
/////////////////////////////////////////////////////new tops
else if($action=="done2")
{
$artid = $_GET["artid"];
$cid = $_GET["cid"];
$id = $_GET["id"];
$tpctxt = $_POST["tpctxt"];
addonline(getuid_sid($sid),"Making New Article","index.php?action=main");
echo "<p align=\"center\">";
$crdate = time();
$uid = getuid_sid($sid);
$res = mysql_query("INSERT INTO ibwf_artpost SET artid='".$artid."', text='".$tpctxt."', crdate='".time()."'");
if($res)
{
$tnm = htmlspecialchars($ntitle);
echo "Article <b>$tnm</b> Submitted Successfully";
$tid = mysql_fetch_array(mysql_query("SELECT id FROM ibwf_topics WHERE name='".$ntitle."' AND fid='".$fid."'"));
echo "<br/><br/><a href=\"articles.php?action=viewart&sid=$sid&artid=$artid&cid=$cid&id=$id&go=last&type=send&browse?start\">";
echo "Read Article</a>";
}else{
echo "Article could not submit";
}
echo "<br/><a href=\"articles.php?action=articles&sid=$sid&browse?\">";
echo "Articles</a>";
echo "<br/>";
echo "<br/><a href=\"index.php?action=main&sid=$sid&type=send&browse?start\">";
echo "Main menu</a>";
echo "</p>";
}
//////////////////////////////////Buddies
else if($action=="cwart")
{
$cid = $_GET["cid"];
$cinfo = mysql_fetch_array(mysql_query("SELECT name from ibwf_articles WHERE id='".$cid."'"));
addonline(getuid_sid($sid),"Viewing article $cinfo[0]","index.php?action=$action&cid=$cid");
$cinfo = mysql_fetch_array(mysql_query("SELECT name from ibwf_articles WHERE id='".$cid."'"));
echo "<p align=\"left\">";
echo "<b>$cinfo[0]</b>";
$ibwf = mysql_fetch_array(mysql_query("SELECT COUNT(distinct id) FROM ibwf_readart WHERE cid='".$cid."'"));
if($page=="" || $page<=0)$page=1;
$num_items = $ibwf[0]; //changable
$items_per_page= 10;
$num_pages = ceil($num_items/$items_per_page);
if(($page>$num_pages)&&$page!=1)$page= $num_pages;
$limit_start = ($page-1)*$items_per_page;
$cou = $limit_start+1;
////////////////////////////////////////
$ibwfsites = mysql_query("SELECT id, name, crdate FROM ibwf_readart WHERE cid='".$cid."' ORDER BY cid, crdate DESC LIMIT $limit_start, $items_per_page");
while($ibwfsite=mysql_fetch_array($ibwfsites))
{
if (ismod(getuid_sid($sid)))
{
$hm = "<a href=\"articles.php?action=delart1&sid=$sid&id=$ibwfsite[0]\">[x]</a>,";
$hm2 = "<a href=\"articles.php?action=edit&sid=$sid&artid=$ibwfsite[0]\">edit</a>";
}
if (ischecker(getuid_sid($sid)))
{
$hm = "<a href=\"articles.php?action=delart1&sid=$sid&cid=$ibwfsite[0]\">[x]</a>,";
$hm2 = "<a href=\"articles.php?action=edit&sid=$sid&artid=$ibwfsite[0]\">edit</a>";
}
$sitelink = "$cou. <a href=\"articles.php?action=viewart&id=$ibwfsite[0]&sid=$sid&cid=$cid&artid=$ibwfsite[0]\">$ibwfsite[1]</a> $hm$hm2";
echo "<br/>$sitelink";
$cou++;
}
echo "</p>";
echo "<p align=\"center\">";
if($page>1)
{
$ppage = $page-1;
echo "<a href=\"articles.php?action=$action&page=$ppage&sid=$sid&cid=$cid&type=send&browse?\">«PREV</a> ";
}
if($page<$num_pages)
{
$npage = $page+1;
echo "<a href=\"articles.php?action=$action&page=$npage&sid=$sid&cid=$cid&type=send&browse?\">Next»</a>";
}
echo "<br/>Page $page of $num_pages";
if($num_pages>2)
{
$rets = "<form action=\"articles.php\" method=\"get\">";
$rets .= "Jump to page<input name=\"page\" format=\"*N\" size=\"3\"/>";
$rets .= "<input type=\"submit\" value=\"GO\"/>";
$rets .= "<input type=\"hidden\" name=\"action\" value=\"$action\"/>";
$rets .= "<input type=\"hidden\" name=\"sid\" value=\"$sid\"/>";
$rets .= "<input type=\"hidden\" name=\"cid\" value=\"$cid\"/>";
$rets .= "</form>";
echo $rets;
}
echo "<br/><a href=\"articles.php?action=newart&cid=$cid&sid=$sid&type=send&artid=$item[0]\">Submit Article</a><br/>";
echo "<a href=\"articles.php?action=articles&sid=$sid&browse?\">";
echo "Articles</a><br/>";
echo "<br/>";
echo "<a href=\"index.php?action=main&sid=$sid&type=send&browse?\">";
echo "Main menu</a>";
echo "</p>";
echo "</card>";
}
else if($action=="edit")
{
$artid = $_GET["artid"];
addonline(getuid_sid($sid),"Article Checker Tool ","index.php?action=main");
$pinfo= mysql_fetch_array(mysql_query("SELECT name FROM ibwf_readart WHERE id='".$artid."'"));
$ptext = htmlspecialchars($pinfo[0]);
echo "<p align=\"center\">";
echo "<form action=\"articles.php?action=edit2&sid=$sid&artid=$artid&\" method=\"post\">";
echo "Edit: <input name=\"ptext\" maxlength=\"150\"/><br/>";
echo "<input type=\"submit\" value=\"SUBMIT\"/>";
echo "</form>";
echo "</p>";
echo "<p align=\"center\">";
echo "<a href=\"index.php?action=main&sid=$sid\">";
echo "Main menu</a>";
echo "</p>";
}
//////////////////////////////////View Topic
else if($action=="viewart")
{
$id = $_GET["id"];
$cid = $_GET["cid"];
$artid = $_GET["artid"];
$cinfo = mysql_fetch_array(mysql_query("SELECT name from ibwf_readart WHERE id='".$id."'"));
addonline(getuid_sid($sid),"Reading article $cinfo[0]","articles.php?action=$action");
$tinfo = mysql_fetch_array(mysql_query("SELECT name, authorid, crdate, id from ibwf_readart WHERE id='".$id."'"));
$tnm = htmlspecialchars($tinfo[0]);
echo "<p align=\"left\">";
echo "<b>$cinfo[0]</b><br/>";
$tmstamp = $tinfo[2];
$tmdt = date("D,dMy-h:i:s a",$tmstamp);
echo "$tmdt<br/>";
$unick = getnick_uid($tinfo[1]);
$usl = "<a href=\"index.php?action=viewuser&sid=$sid&who=$tinfo[1]&browse?\">$unick</a>";
echo "$usl2 Submitted by: $usl<br/>";
$tid = $_GET["artid"];
$go = $_GET["go"];
$uid = getuid_sid($sid);
$num_pages = getnumpages2($artid);
if($page==""||$page<1)$page=1;
if($go!="")$page=getpage_go2($go,$artid);
$posts_per_page = 5;
if($page>$num_pages)$page=$num_pages;
$limit_start = $posts_per_page *($page-1);
$vws = $tinfo[3]+1;
///////from here
if($page==1)
{
$posts_per_page=4;
$ttext = mysql_fetch_array(mysql_query("SELECT authorid, text, crdate FROM ibwf_readart WHERE id='".$id."'"));
$pst2 = parsemsg($ttext[1], $sid);
$unick = getnick_uid($ttext[0]);
if(substr_count($ttext[1],"[br/]")<=1000){
$text = str_replace("[br/]","<br/>",$ttext[1]);
}
echo "$text<br/>";
mysql_query("UPDATE ibwf_readart SET vws='".$vws."' WHERE id='".$id."'");
mysql_query("INSERT INTO ibwf_view2 SET uid='".$uid."', artid='".$artid."', actime='".time()."'");
}
if($page>1)
{
$limit_start--;
}
$sql = "SELECT id, text FROM ibwf_artpost WHERE artid='".$artid."' ORDER BY crdate LIMIT $limit_start, $posts_per_page";
$posts = mysql_query($sql);
while($post = mysql_fetch_array($posts))
{
$unick = getnick_uid($post[2]);
$usl = "<br/><a href=\"index.php?action=viewuser&sid=$sid&who=$post[2]&browse?\">$unick</a>";
$pst = parsemsg($post[1], $sid);
if(substr_count($post[1],"[br/]")<=1000){
$pst = str_replace("[br/]","<br/>",$post[1]);
}
echo "<br/>$hm $pst<br/>";
}
///to here
if($page>1)
{
$ppage = $page-1;
echo "<a href=\"articles.php?action=viewart&page=$ppage&sid=$sid&artid=$artid&cid=$cid&id=$id\">«PREV</a> ";
}
if($page<$num_pages)
{
$npage = $page+1;
echo "<a href=\"articles.php?action=viewart&page=$npage&sid=$sid&artid=$artid&cid=$cid&id=$id\">Next»</a>";
}
echo "<br/>Page $page of $num_pages";
if($num_pages>2)
{
$rets = "<form action=\"articles.php\" method=\"get\">";
$rets .= "Jump to page<input name=\"page\" format=\"*N\" size=\"3\"/>";
$rets .= "<input type=\"submit\" value=\"GO\"/>";
$rets .= "<input type=\"hidden\" name=\"action\" value=\"$action\"/>";
$rets .= "<input type=\"hidden\" name=\"sid\" value=\"$sid\"/>";
$rets .= "<input type=\"hidden\" name=\"cid\" value=\"$cid\"/>";
$rets .= "<input type=\"hidden\" name=\"id\" value=\"$id\"/>";
$rets .= "<input type=\"hidden\" name=\"artid\" value=\"$artid\"/>";
$rets .= "</form>";
echo $rets;
}
if(canaddart($uid, $id))
{
echo "<br/><a href=\"articles.php?&action=newart2&sid=$sid&id=$artid&artid=$artid&cid=$cid\">Add more</a>";
}
$tmsg = getpmcount(getuid_sid($sid));
$umsg = getunreadpm(getuid_sid($sid));
if($umsg>0)
{
echo "<br/><a href=\"inbox.php?action=main&sid=$sid&browse?\">New Private msg($umsg/$tmsg)</a>";
}
$countpics = mysql_fetch_array(mysql_query("SELECT COUNT(id) FROM iwbf_cwart WHERE artid='".$artid."'"));
echo "<br/><a href=\"articles.php?&action=artcom&sid=$sid&id=$id&artid=$id&cid=$cid\">Comments($countpics[0])</a>";
echo "<br/>";
echo "<a href=\"articles.php?&action=dload&sid=$sid&id=$id&artid=$id\">Download</a>";
echo "<br/>";
echo "<a href=\"articles.php?&action=viewall&sid=$sid&id=$id&artid=$id&cid=$cid\">Fastread</a>";
echo "<br/>";
$cinfo = mysql_fetch_array(mysql_query("SELECT name from ibwf_articles WHERE id='".$cid."'"));
echo "<a href=\"articles.php?&action=cwart&sid=$sid&cid=$cid\">$cinfo[0]</a>";
echo "<br/>";
$ttext = mysql_fetch_array(mysql_query("SELECT authorid, text, crdate FROM ibwf_readart WHERE id='".$id."'"));
$unick = getnick_uid($ttext[0]);
$unick2 = getnick_uid($post[2]);
echo "<a href=\"articles.php?&action=vall&sid=$sid&who=$ttext[0]&cid=$cid&cid=$cid&id=$artid&artid=$artid\">All articles of $unick</a>";
echo "<br/>----------<br/>";
echo "<a href=\"articles.php?action=articles&sid=$sid&browse?\">";
echo "Articles</a><br/>";
echo "<br/>";
echo "<a href=\"index.php?action=main&sid=$sid&type=send\">";
echo "Main menu</a>";
echo "</p>";
}
//////////////////////////////////View Topic
else if($action=="viewall")
{
$id = $_GET["id"];
$cid = $_GET["cid"];
$artid = $_GET["artid"];
$cinfo = mysql_fetch_array(mysql_query("SELECT name from ibwf_readart WHERE id='".$id."'"));
addonline(getuid_sid($sid),"Reading article $cinfo[0]","articles.php?action=$action");
$tinfo = mysql_fetch_array(mysql_query("SELECT name, authorid, crdate, vws from ibwf_readart WHERE id='".$id."'"));
$tnm = htmlspecialchars($tinfo[0]);
echo "<p align=\"left\">";
echo "<b>$cinfo[0]</b><br/>";
$num_pages = getnumpages2($artid);
if($page==""||$page<1)$page=1;
if($go!="")$page=getpage_go2($go,$artid);
$posts_per_page = 100;
if($page>$num_pages)$page=$num_pages;
$limit_start = $posts_per_page *($page-1);
$vws = $tinfo[3]+1;
$tmstamp = $tinfo[2];
$tmdt = date("D,dMy-h:i:s a",$tmstamp);
echo "$tmdt<br/>";
$unick = getnick_uid($tinfo[1]);
$usl = "<a href=\"index.php?action=viewuser&sid=$sid&who=$tinfo[1]&browse?\">$unick</a>";
echo "Submitted by: $usl<br/>";
$tid = $_GET["artid"];
$go = $_GET["go"];
$uid = getuid_sid($sid);
if($page==1)
{
$posts_per_page=100;
mysql_query("UPDATE ibwf_readart SET views='".$vws."' WHERE id='".$id."'");
$ttext = mysql_fetch_array(mysql_query("SELECT authorid, text, crdate FROM ibwf_readart WHERE id='".$id."'"));
$pst2 = parsemsg($ttext[1], $sid);
$unick = getnick_uid($ttext[0]);
if(substr_count($ttext[1],"[br/]")<=1000){
$text = str_replace("[br/]","<br/>",$ttext[1]);
}
echo "$text<br/>";
}
if($page>1)
{
$limit_start--;
}
$sql = "SELECT id, text FROM ibwf_artpost WHERE artid='".$artid."' ORDER BY crdate LIMIT $limit_start, $posts_per_page";
$posts = mysql_query($sql);
while($post = mysql_fetch_array($posts))
{
$unick = getnick_uid($post[2]);
$usl = "<br/><a href=\"index.php?action=viewuser&sid=$sid&who=$post[2]&browse?\">$unick</a>";
$pst = parsemsg($post[1], $sid);
if(substr_count($post[1],"[br/]")<=1000){
$text2 = str_replace("[br/]","<br/>",$post[1]);
}
echo "<br/>$hm $text2<br/>";
}
echo "-------<br/>Viewed: $vws";
if(canaddart($uid, $id))
{
echo "<br/><a href=\"articles.php?&action=newart2&sid=$sid&id=$artid&artid=$artid&cid=$cid\">Add more</a>";
}
$tmsg = getpmcount(getuid_sid($sid));
$umsg = getunreadpm(getuid_sid($sid));
if($umsg>0)
{
echo "<br/><a href=\"inbox.php?action=main&sid=$sid&browse?\">NEW PM($umsg/$tmsg)</a>";
}
$countpics = mysql_fetch_array(mysql_query("SELECT COUNT(id) FROM iwbf_cwart WHERE artid='".$artid."'"));
echo "<br/><a href=\"articles.php?&action=artcom&sid=$sid&id=$id&artid=$id&cid=$cid\">Comments($countpics[0])</a>";
echo "<br/>";
echo "<a href=\"articles.php?&action=dload&sid=$sid&id=$id&artid=$id\">Download</a>";
echo "<br/>";
$cinfo = mysql_fetch_array(mysql_query("SELECT name from ibwf_articles WHERE id='".$cid."'"));
echo "<a href=\"articles.php?&action=cwart&sid=$sid&cid=$cid\">$cinfo[0]</a>";
echo "<br/>";
$ttext = mysql_fetch_array(mysql_query("SELECT authorid, text, crdate FROM ibwf_readart WHERE id='".$id."'"));
$unick = getnick_uid($ttext[0]);
$unick2 = getnick_uid($post[2]);
echo "<a href=\"articles.php?&action=vall&sid=$sid&who=$ttext[0]&cid=$cid&cid=$cid&id=$artid&artid=$artid\">All articles of $unick</a>";
echo "<br/>----------<br/>";
echo "<a href=\"articles.php?action=articles&sid=$sid&browse?\">";
echo "Articles</a><br/>";
echo "<br/>";
echo "<a href=\"index.php?action=main&sid=$sid&type=send\">";
echo "Main menu</a>";
echo "</p>";
echo "</card>";
}
//////////////////////////////////////////////sdasda
else if($action=="artcom2")
{
$text = $_POST["text"];
$artid = $_GET["artid"];
//$qut = $_POST["qut"];
addonline(getuid_sid($sid),"Adding Article Comment","index.php?action=main");
echo "<p align=\"center\">";
$crdate = time();
$uid = getuid_sid($sid);
$res = false;
if(trim($text)!="")
{
$res = mysql_query("INSERT INTO iwbf_cwart SET uid='".$uid."', text='".$text."', crdate='".$crdate."', artid='".$artid."'");
}
if($res)
{
echo "Comment submitted<br/>";
}else{
echo "Error Adding Comment<br/>";
}
echo "<a href=\"articles.php?action=articles&sid=$sid&browse?\">";
echo "Articles</a><br/>";
echo "<br/>";
echo "<a href=\"index.php?action=main&sid=$sid&browse?start\">";
echo "Main menu</a>";
echo "</p>";
}
else if($action=="delart")
{
$id = $_GET["id"];
addonline(getuid_sid($sid),"Secret ehem","index.php?action=main");
echo "<p align=\"center\">";
$res = mysql_query("DELETE FROM iwbf_cwart WHERE id ='".$id."'");
if($res)
{
echo "Comment deleted";
}else{
echo "Database Error";
}
echo "<br/><br/>";
echo "<a href=\"articles.php?action=articles&sid=$sid&browse?\">";
echo "Articles</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\">";
echo "Main menu</a>";
echo "</p>";
}
///////////////////////////////////////////////sadasdas
else if($action=="delart1")
{
$id = $_GET["id"];
$cid = $_GET["cid"];
addonline(getuid_sid($sid),"Secret ehem","index.php?action=main");
echo "<p align=\"center\">";
$res = mysql_query("DELETE FROM ibwf_readart WHERE id ='".$id."'");
if($res)
{
echo "Article deleted";
$tpci = mysql_fetch_array(mysql_query("SELECT name, authorid FROM ibwf_readart WHERE id='".$id."'"));
$tname = htmlspecialchars($tpci[0]);
$msg = "Your article "."[/topic] is deleted"." due to non-sense or not in correct category!";
autopm($msg, $tpci[1]);
}else{
echo "Database Error";
}
echo "<br/><br/>";
echo "<a href=\"articles.php?action=articles&sid=$sid&browse?\">";
echo "Articles</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\">";
echo "Main menu</a>";
echo "</p>";
}
///////////////////////////////vrrrrr
else if($action=="artcom3")
{
$artid = $_GET["artid"];
addonline(getuid_sid($sid),"Making Article Comments","index.php?action=$action&who=$who");
echo "<p align=\"center\">";
echo "<form action=\"articles.php?action=artcom2&sid=$sid&artid=$artid\" method=\"post\">";
echo "Comments: <input name=\"text\" maxlength=\"300\"/><br/>";
echo "<input type=\"submit\" value=\"SUBMIT\"/>";
echo "</form>";
echo "</p>";
echo "<p align=\"center\">";
echo "<a href=\"articles.php?action=articles&sid=$sid&browse?\">";
echo "Articles</a><br/>";
echo "<br/>";
echo "<a href=\"index.php?action=main&sid=$sid\">";
echo "Main menu</a>";
echo "</p>";
}
/////////////////////////////////////smooch
else if($action=="artcom")
{
$id = $_GET["id"];
$cid = $_GET["cid"];
$artid = $_GET["artid"];
addonline(getuid_sid($sid),"Viewing Article Comments","lists.php?action=$action&who=$who&bid=$bid");
$uid = getuid_sid($sid);
echo "<p align=\"left\">";
//////ALL LISTS SCRIPT <<
if($page=="" || $page<=0)$page=1;
$noi = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM iwbf_cwart WHERE artid='".$artid."'"));
$num_items = $noi[0]; //changable
$items_per_page= 5;
$num_pages = ceil($num_items/$items_per_page);
if(($page>$num_pages)&&$page!=1)$page= $num_pages;
$limit_start = ($page-1)*$items_per_page;
$sql = "SELECT id, artid, text, uid, crdate FROM iwbf_cwart WHERE artid='".$artid."' ORDER BY crdate DESC LIMIT $limit_start, $items_per_page";
$items = mysql_query($sql);
$items = mysql_query($sql);
echo mysql_error();
if(mysql_num_rows($items)>0)
{
while ($item = mysql_fetch_array($items))
{
if(isonline($item[3]))
{
$iml = "[•]";
}else{
$iml = "[x]";
}
$snick = getnick_uid($item[3]);
$lnk = "<a href=\"index.php?action=viewuser&who=$item[3]&sid=$sid\">$iml$snick</a>:";
$tmstamp = $item[4];
$bs = date("D,dMy-h:i:s a",$tmstamp);
echo "$lnk<br/><small>";
$me = getuid_sid($sid);
if($who=="$me") {
$can = "a";
}else{
$can = "b";
}
if(ismod($uid)||$can=="a")
{
$delnk = "<a href=\"articles.php?action=delart&sid=$sid&id=$item[0]\">[x]</a>";
}else{
$delnk = "";
}
$text = parsepm($item[2], $sid);
echo "$text $delnk<br/>";
echo "$bs";
echo "<br/>";
echo "</small>";
}
}
echo "</p><p align=\"center\">";
if($page>1)
{
$ppage = $page-1;
echo "<a href=\"articles.php?action=artcom&page=$ppage&sid=$sid&id=$artid&cid=$cid&artid=$artid&type=send\">«PREV</a> ";
}
if($page<$num_pages)
{
$npage = $page+1;
echo "<a href=\"articles.php?action=artcom&page=$npage&sid=$sid&id=$artid&cid=$cid&artid=$artid&type=send\">Next»</a>";
}
echo "<br/>$page/$num_pages<br/>";
if($num_pages>2)
{
$rets = "<form action=\"articles.php\" method=\"get\">";
$rets .= "Jump to page<input name=\"page\" format=\"*N\" size=\"3\"/>";
$rets .= "<input type=\"submit\" value=\"GO\"/>";
$rets .= "<input type=\"hidden\" name=\"action\" value=\"$action\"/>";
$rets .= "<input type=\"hidden\" name=\"sid\" value=\"$sid\"/>";
$rets .= "<input type=\"hidden\" name=\"cid\" value=\"$cid\"/>";
$rets .= "<input type=\"hidden\" name=\"id\" value=\"$artid\"/>";
$rets .= "<input type=\"hidden\" name=\"artid\" value=\"$artid\"/>";
$rets .= "</form>";
echo $rets;
}
echo "</p>";
echo "<p align=\"center\">";
$me = getuid_sid($sid);
if($me!="$id") {
echo "<a href=\"articles.php?action=artcom3&sid=$sid&artid=$artid\">Add Comment</a><br/>";
}
echo "<a href=\"articles.php?action=viewart&sid=$sid&cid=$cid&artid=$artid&id=$id&browse?\">";
echo "Back to article</a><br/>";
echo "<a href=\"articles.php?action=articles&sid=$sid&browse?\">";
echo "Articles</a><br/>";
echo "<br/>";
echo "<a href=\"index.php?action=main&sid=$sid\">";
echo "Main menu</a>";
echo "</p>";
}
//////////////////////////////////Buddies
else if($action=="vall")
{
$id = $_GET["id"];
$cid = $_GET["cid"];
$artid = $_GET["artid"];
$who = $_GET["who"];
addonline(getuid_sid($sid),"Users Articles","lists.php?action=$action");
$uid = getuid_sid($sid);
echo "<p align=\"left\">";
if($page=="" || $page<=0)$page=1;
$ibwf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_readart WHERE authorid='".$who."'"));
$num_items = $ibwf[0]; //changable
$items_per_page= 10;
$num_pages = ceil($num_items/$items_per_page);
if(($page>$num_pages)&&$page!=1)$page= $num_pages;
$limit_start = ($page-1)*$items_per_page;
$cou = $limit_start+1;
$ibwfsites = mysql_query("SELECT id, name, crdate, cid FROM ibwf_readart WHERE authorid='".$who."' ORDER BY crdate DESC LIMIT $limit_start, $items_per_page");;
while($ibwfsite=mysql_fetch_array($ibwfsites))
{
$sitelink = "$cou. <a href=\"articles.php?action=viewart&id=$ibwfsite[0]&sid=$sid&cid=$ibwfsite[3]&artid=$ibwfsite[0]\">$ibwfsite[1]</a>";
echo "<br/>$sitelink";
$cou++;
}
echo "</p>";
echo "<p align=\"center\">";
if($page>1)
{
$ppage = $page-1;
echo "<a href=\"articles.php?action=$action&page=$ppage&sid=$sid&artid=$artid&who=$who&cid=$cid&artid=$artid&id=$id\">«PREV</a> ";
}
if($page<$num_pages)
{
$npage = $page+1;
echo "<a href=\"articles.php?action=$action&page=$npage&sid=$sid&artid=$artid&who=$who&cid=$cid&artid=$artid&id=$id\">Next»</a>";
}
echo "<br/>Page $page of $num_pages";
if($num_pages>2)
{
$rets = "<form action=\"articles.php\" method=\"get\">";
$rets .= "Jump to page<input name=\"page\" format=\"*N\" size=\"3\"/>";
$rets .= "<input type=\"submit\" value=\"GO\"/>";
$rets .= "<input type=\"hidden\" name=\"action\" value=\"$action\"/>";
$rets .= "<input type=\"hidden\" name=\"sid\" value=\"$sid\"/>";
$rets .= "<input type=\"hidden\" name=\"who\" value=\"$who\"/>";
$rets .= "</form>";
echo $rets;
}
////// UNTILL HERE >>
echo "<br/><a href=\"articles.php?action=viewart&sid=$sid&cid=$cid&artid=$artid&id=$id&browse?\">";
echo "Back to article</a>";
echo "<br/><a href=\"articles.php?action=articles&sid=$sid&browse?\">";
echo "Articles</a><br/>";
echo "<br/>";
echo "<a href=\"index.php?action=main&sid=$sid&type=send&browse?\">";
echo "Main menu</a>";
echo "</p>";
}
////////////////////////////////////
else if($action=="dload")
{
$artid = $artid;
addonline(getuid_sid($sid),"Download Article","index.php?action=main");
echo "<p align=\"center\">";
$pminfo = mysql_fetch_array(mysql_query("SELECT text, authorid FROM ibwf_readart WHERE id='".$id."'"));
echo "Ready to download<br/><br/>";
echo "<a href=\"artdl.php?action=dart&id=$id&artid=$artid&sid=$sid&type=send&browse?start\">Download Now</a><br/>";
echo "<a href=\"articles.php?action=articles&sid=$sid&browse?\">";
echo "Articles</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid&type=send&browse?start\">";
echo "Main menu</a>";
echo "</p>";
}
echo "</body>";
echo "</html>";
?>Comment
-
like this:
PHP Code:$ntitle = $_POST["ntitle"];
$tpctxt = $_POST["tpctxt"];
$ntitle = mysql_real_escape_string($ntitle);
$ntitle = htmlspecialchars($ntitle);
$ntitle = str_replace(".js","get lost",$ntitle);
$tpctext = mysql_real_escape_string($tpctext);
$tpctext = htmlspecialchars($tpctext);
$tpctext = str_replace(".js","get lost",$tpctext);
Comment
-
i know one way of hacking session through a javascript..be careful in parsing msgs that users have created..like that, in articles..Originally posted by cedwap View PostMy Blog: http://jhommark.blogspot.com
My Facebook: http://www.facebook.com/jhommark
My Official Site: http://www.undergroundweb.tk
My Community Site: http://undergroundwap.xtreemhost.comComment
-
add this bro in ur action=newart if user have 200 plusses den they able to add articles :P
Code://////////////////////////////////ONLINE USERS else if($action=="newart") { $cid = $_GET["cid"]; $artid = $_GET["artid"]; addonline(getuid_sid($sid),"Creating new article","index.php?action=$action&fid=$fid"); addlast(getuid_sid($sid),"Creating new article","index.php?action=$action&fid=$fid"); echo "<card id=\"main\" title=\"New Article\">"; echo "<p align=\"left\">"; if(getplusses(getuid_sid($sid))<200) { echo "You should have at least 200 plusses to add articles :P!"; }else{ echo "Article name: <input name=\"ntitle\" maxlength=\"60\"/><br/>"; echo "Details: <input name=\"tpctxt\" maxlength=\"300\"/><br/>"; echo "<anchor>SUBMIT"; echo " <go href=\"articles.php?action=done&sid=$sid&artid=$artid\" method=\"post\"> <postfield name=\"cid\" value=\"$cid\"/> <postfield name=\"ntitle\" value=\"$(ntitle)\"/> <postfield name=\"tpctxt\" value=\"$(tpctxt)\"/> </go> "; echo "</anchor>"; } echo "<br/><a href=\"articles.php?action=articles&sid=$sid&browse?\">"; echo "Articles</a><br/>"; echo "<a href=\"index.php?action=main&sid=$sid&browse?\">"; echo "Main menu</a>"; echo "</p>"; echo "</card>";Comment
Comment