when i ban a member he still have access to the site
modcp.php
modproc.php
code in the index
login.php
can anyone help with this please
modcp.php
Code:
<?php
header("Content-type: text/vnd.wap.wml");
header("Cache-Control: no-store, no-cache, must-revalidate");
echo("<?xml version=\"1.0\"?>");
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.1//EN\"". " \"http://www.wapforum.org/DTD/wml_1.1.xml\">";
?>
<wml>
<?php
include("config.php");
include("core.php");
connectdb();
$action = $_GET["action"];
$sid = $_GET["sid"];
if(!ismod(getuid_sid($sid)))
{
echo "<card id=\"main\" title=\"$stitle\">";
echo "<p align=\"center\">";
echo "You are not a mod<br/>";
echo "<br/>";
echo "<a href=\"index.php\">Home</a>";
echo "</p>";
echo "</card>";
exit();
}
if(islogged($sid)==false)
{
echo "<card id=\"main\" title=\"$stitle\">";
echo "<p align=\"center\">";
echo "You are not logged in<br/>";
echo "Or Your session has been expired<br/><br/>";
echo "<a href=\"index.php\">Login</a>";
echo "</p>";
echo "</card>";
}
addonline(getuid_sid($sid),"Mod CP","");
if($action=="main")
{
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
echo "<b>Reports</b>";
echo "</p>";
echo "<p>";
$nrpm = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_private WHERE reported='1'"));
echo "<a href=\"modcp.php?action=rpm&sid=$sid\">»Pr. Messages($nrpm[0])</a><br/>";
$nrps = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_posts WHERE reported='1'"));
echo "<a href=\"modcp.php?action=rps&sid=$sid\">»Posts($nrps[0])</a><br/>";
$nrtp = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_topics WHERE reported='1'"));
echo "<a href=\"modcp.php?action=rtp&sid=$sid\">»Topics($nrtp[0])</a>";
echo "</p>";
echo "<p align=\"center\">";
echo "<b>Logs</b>";
echo "</p>";
echo "<p>";
$noi = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_mlog"));
if($noi[0]>0){
$nola = mysql_query("SELECT DISTINCT (action) FROM ibwf_mlog ORDER BY actdt DESC");
while($act=mysql_fetch_array($nola))
{
$noi = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_mlog WHERE action='".$act[0]."'"));
echo "<a href=\"modcp.php?action=log&sid=$sid&view=$act[0]\">$act[0]($noi[0])</a><br/>";
}
}
echo "</p>";
echo "<p align=\"center\">";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
/////////////////////////////////Reported PMs
else if($action=="rpm")
{
$page = $_GET["page"];
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
echo "<b>Reported PMs</b>";
echo "</p>";
echo "<p>";
echo "<small>";
if($page=="" || $page<=0)$page=1;
$noi = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_private WHERE reported ='1'"));
$num_items = $noi[0]; //changable
$items_per_page= 5;
$num_pages = ceil($num_items/$items_per_page);
if($page>$num_pages)$page= $num_pages;
$limit_start = ($page-1)*$items_per_page;
$sql = "SELECT id, text, byuid, touid, timesent FROM ibwf_private WHERE reported='1' ORDER BY timesent DESC LIMIT $limit_start, $items_per_page";
$items = mysql_query($sql);
while ($item=mysql_fetch_array($items))
{
$fromnk = getnick_uid($item[2]);
$tonick = getnick_uid($item[3]);
$dtop = date("d m y - H:i:s", $item[4]);
$text = parsepm($item[1]);
$flk = "<a href=\"index.php?action=viewuser&sid=$sid&who=$item[2]\">$fromnk</a>";
$tlk = "<a href=\"index.php?action=viewuser&sid=$sid&who=$item[3]\">$tonick</a>";
echo "From: $flk To: $tlk<br/>Time: $dtop<br/>";
echo $text;
echo "<br/>";
echo "<a href=\"modproc.php?action=hpm&sid=$sid&pid=$item[0]\">Handle</a><br/><br/>";
}
echo "</small>";
echo "</p>";
echo "<p align=\"center\">";
if($page>1)
{
$ppage = $page-1;
echo "<a href=\"modcp.php?action=$action&page=$ppage&sid=$sid\">«PREV</a> ";
}
if($page<$num_pages)
{
$npage = $page+1;
echo "<a href=\"modcp.php?action=$action&page=$npage&sid=$sid\">Next»</a>";
}
echo "<br/>$page/$num_pages<br/>";
if($num_pages>2)
{
$rets = "Jump to page<input name=\"pg\" format=\"*N\" size=\"3\"/>";
$rets .= "<anchor>[GO]";
$rets .= "<go href=\"modcp.php\" method=\"get\">";
$rets .= "<postfield name=\"action\" value=\"$action\"/>";
$rets .= "<postfield name=\"sid\" value=\"$sid\"/>";
$rets .= "<postfield name=\"page\" value=\"$(pg)\"/>";
$rets .= "</go></anchor>";
echo $rets;
}
echo "<br/><br/>";
echo "<a href=\"modcp.php?action=main&sid=$sid\">";
echo "Mod R/L</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
/////////////////////////////////Reported Posts
else if($action=="rps")
{
$page = $_GET["page"];
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
echo "<b>Reported Posts</b>";
echo "</p>";
echo "<p>";
echo "<small>";
if($page=="" || $page<=0)$page=1;
$noi = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_posts WHERE reported ='1'"));
$num_items = $noi[0]; //changable
$items_per_page= 5;
$num_pages = ceil($num_items/$items_per_page);
if($page>$num_pages)$page= $num_pages;
$limit_start = ($page-1)*$items_per_page;
$sql = "SELECT id, text, tid, uid, dtpost FROM ibwf_posts WHERE reported='1' ORDER BY dtpost DESC LIMIT $limit_start, $items_per_page";
$items = mysql_query($sql);
while ($item=mysql_fetch_array($items))
{
$poster = getnick_uid($item[3]);
$tname = htmlspecialchars(gettname($item[3]));
$dtop = date("d m y - H:i:s", $item[4]);
$text = parsemsg($item[1]);
$flk = "<a href=\"index.php?action=viewuser&sid=$sid&who=$item[3]\">$poster</a>";
$tlk = "<a href=\"index.php?action=viewtpc&sid=$sid&tid=$item[2]\">$tname</a>";
echo "Poster: $flk<br/>In: $tlk<br/>Time: $dtop<br/>";
echo $text;
echo "<br/>";
echo "<a href=\"modproc.php?action=hps&sid=$sid&pid=$item[0]\">Handle</a><br/><br/>";
}
echo "</small>";
echo "</p>";
echo "<p align=\"center\">";
if($page>1)
{
$ppage = $page-1;
echo "<a href=\"modcp.php?action=$action&page=$ppage&sid=$sid\">«PREV</a> ";
}
if($page<$num_pages)
{
$npage = $page+1;
echo "<a href=\"modcp.php?action=$action&page=$npage&sid=$sid\">Next»</a>";
}
echo "<br/>$page/$num_pages<br/>";
if($num_pages>2)
{
$rets = "Jump to page<input name=\"pg\" format=\"*N\" size=\"3\"/>";
$rets .= "<anchor>[GO]";
$rets .= "<go href=\"modcp.php\" method=\"get\">";
$rets .= "<postfield name=\"action\" value=\"$action\"/>";
$rets .= "<postfield name=\"sid\" value=\"$sid\"/>";
$rets .= "<postfield name=\"page\" value=\"$(pg)\"/>";
$rets .= "</go></anchor>";
echo $rets;
}
echo "<br/><br/>";
echo "<a href=\"modcp.php?action=main&sid=$sid\">";
echo "Mod R/L</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
/////////////////////////////////Reported Posts
else if($action=="log")
{
$page = $_GET["page"];
$view = $_GET["view"];
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
echo "<b>$view</b>";
echo "</p>";
echo "<p>";
echo "<small>";
if($page=="" || $page<=0)$page=1;
$noi = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_mlog WHERE action='".$view."'"));
$num_items = $noi[0]; //changable
$items_per_page= 5;
$num_pages = ceil($num_items/$items_per_page);
if($page>$num_pages)$page= $num_pages;
$limit_start = ($page-1)*$items_per_page;
$sql = "SELECT actdt, details FROM ibwf_mlog WHERE action='".$view."' ORDER BY actdt DESC LIMIT $limit_start, $items_per_page";
$items = mysql_query($sql);
while ($item=mysql_fetch_array($items))
{
echo "Time: ".date("d m y-H:i:s", $item[0])."<br/>";
echo $item[1];
echo "<br/>";
}
echo "</small>";
echo "</p>";
echo "<p align=\"center\">";
if($page>1)
{
$ppage = $page-1;
echo "<a href=\"modcp.php?action=$action&page=$ppage&sid=$sid&view=$view\">«PREV</a> ";
}
if($page<$num_pages)
{
$npage = $page+1;
echo "<a href=\"modcp.php?action=$action&page=$npage&sid=$sid&view=$view\">Next»</a>";
}
echo "<br/>$page/$num_pages<br/>";
if($num_pages>2)
{
$rets = "Jump to page<input name=\"pg\" format=\"*N\" size=\"3\"/>";
$rets .= "<anchor>[GO]";
$rets .= "<go href=\"modcp.php\" method=\"get\">";
$rets .= "<postfield name=\"action\" value=\"$action\"/>";
$rets .= "<postfield name=\"sid\" value=\"$sid\"/>";
$rets .= "<postfield name=\"view\" value=\"$view\"/>";
$rets .= "<postfield name=\"page\" value=\"$(pg)\"/>";
$rets .= "</go></anchor>";
echo $rets;
}
echo "<br/><br/>";
echo "<a href=\"modcp.php?action=main&sid=$sid\">";
echo "Mod R/L</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
/////////////////////////////////Reported Topics
else if($action=="rtp")
{
$page = $_GET["page"];
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
echo "<b>Reported Topics</b>";
echo "</p>";
echo "<p>";
echo "<small>";
if($page=="" || $page<=0)$page=1;
$noi = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_topics WHERE reported ='1'"));
$num_items = $noi[0]; //changable
$items_per_page= 5;
$num_pages = ceil($num_items/$items_per_page);
if($page>$num_pages)$page= $num_pages;
$limit_start = ($page-1)*$items_per_page;
$sql = "SELECT id, name, text, authorid, crdate FROM ibwf_topics WHERE reported='1' ORDER BY crdate DESC LIMIT $limit_start, $items_per_page";
$items = mysql_query($sql);
while ($item=mysql_fetch_array($items))
{
$poster = getnick_uid($item[3]);
$tname = htmlspecialchars($item[1]);
$dtop = date("d m y - H:i:s", $item[4]);
$text = parsemsg($item[2]);
$flk = "<a href=\"index.php?action=viewuser&sid=$sid&who=$item[3]\">$poster</a>";
$tlk = "<a href=\"index.php?action=viewtpc&sid=$sid&tid=$item[0]\">$tname</a>";
echo "Poster: $flk<br/>In: $tlk<br/>Time: $dtop<br/>";
echo $text;
echo "<br/>";
echo "<a href=\"modproc.php?action=htp&sid=$sid&tid=$item[0]\">Handle</a><br/><br/>";
}
echo "</small>";
echo "</p>";
echo "<p align=\"center\">";
if($page>1)
{
$ppage = $page-1;
echo "<a href=\"modcp.php?action=$action&page=$ppage&sid=$sid\">«PREV</a> ";
}
if($page<$num_pages)
{
$npage = $page+1;
echo "<a href=\"modcp.php?action=$action&page=$npage&sid=$sid\">Next»</a>";
}
echo "<br/>$page/$num_pages<br/>";
if($num_pages>2)
{
$rets = "Jump to page<input name=\"pg\" format=\"*N\" size=\"3\"/>";
$rets .= "<anchor>[GO]";
$rets .= "<go href=\"modcp.php\" method=\"get\">";
$rets .= "<postfield name=\"action\" value=\"$action\"/>";
$rets .= "<postfield name=\"sid\" value=\"$sid\"/>";
$rets .= "<postfield name=\"page\" value=\"$(pg)\"/>";
$rets .= "</go></anchor>";
echo $rets;
}
echo "<br/><br/>";
echo "<a href=\"modcp.php?action=main&sid=$sid\">";
echo "Mod R/L</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
///////////////////////////////////////////////Mod a user
else if($action=="user")
{
$who = $_GET["who"];
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$unick = getnick_uid($who);
echo "<b>Moderating $unick</b>";
echo "</p>";
echo "<p>";
echo "<a href=\"modcp.php?action=penopt&sid=$sid&who=$who\">»Penalties</a><br/>";
echo "<a href=\"modcp.php?action=plsopt&sid=$sid&who=$who\">»Plusses</a><br/><br/>";
if(istrashed($who))
{
echo "<a href=\"modproc.php?action=untr&sid=$sid&who=$who\">»Untrash</a><br/>";
}
if(isbanned($who))
{
echo "<a href=\"modproc.php?action=unban&sid=$sid&who=$who\">»Unban</a><br/>";
}
if(!isshield($who))
{
echo "<a href=\"modproc.php?action=shld&sid=$sid&who=$who\">»Shield</a><br/>";
}else{
echo "<a href=\"modproc.php?action=ushld&sid=$sid&who=$who\">»Unshield</a><br/>";
}
echo "</p>";
echo "<p align=\"center\">";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
//////////////////////////////////////Penalties Options
else if($action=="penopt")
{
$who = $_GET["who"];
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$unick = getnick_uid($who);
echo "What do you want to do with $unick";
echo "</p>";
echo "<p>";
$pen[0]="Trash";
$pen[1]="Ban";
$pen[2]="Ban Ip";
echo "Penalty: <select name=\"pid\">";
for($i=0;$i<count($pen);$i++)
{
echo "<option value=\"$i\">$pen[$i]</option>";
}
echo "</select><br/>";
echo "Reason: <input name=\"pres\" maxlength=\"100\"/><br/>";
echo "Days: <input name=\"pds\" format=\"*N\" maxlength=\"4\"/><br/>";
echo "Hours: <input name=\"phr\" format=\"*N\" maxlength=\"4\"/><br/>";
echo "Minutes: <input name=\"pmn\" format=\"*N\" maxlength=\"2\"/><br/>";
echo "Seconds: <input name=\"psc\" format=\"*N\" maxlength=\"2\"/><br/>";
echo "<anchor>PUNISH";
echo "<go href=\"modproc.php?action=pun&sid=$sid\" method=\"post\">";
echo "<postfield name=\"who\" value=\"$who\"/>";
echo "<postfield name=\"pid\" value=\"$(pid)\"/>";
echo "<postfield name=\"pres\" value=\"$(pres)\"/>";
echo "<postfield name=\"pds\" value=\"$(pds)\"/>";
echo "<postfield name=\"phr\" value=\"$(phr)\"/>";
echo "<postfield name=\"pmn\" value=\"$(pmn)\"/>";
echo "<postfield name=\"psc\" value=\"$(psc)\"/>";
echo "</go></anchor>";
echo "</p>";
echo "<p align=\"center\">";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
//////////////////////////////////////Penalties Options
else if($action=="plsopt")
{
$who = $_GET["who"];
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$unick = getnick_uid($who);
echo "Add/Substract $unick's Plusses";
echo "</p>";
echo "<p>";
$pen[0]="Substract";
$pen[1]="Add";
echo "Action: <select name=\"pid\">";
for($i=0;$i<count($pen);$i++)
{
echo "<option value=\"$i\">$pen[$i]</option>";
}
echo "</select><br/>";
echo "Reason: <input name=\"pres\" maxlength=\"100\"/><br/>";
echo "Plusses: <input name=\"pval\" format=\"*N\" maxlength=\"3\"/><br/>";
echo "<anchor>Update";
echo "<go href=\"modproc.php?action=pls&sid=$sid\" method=\"post\">";
echo "<postfield name=\"who\" value=\"$who\"/>";
echo "<postfield name=\"pres\" value=\"$(pres)\"/>";
echo "<postfield name=\"pval\" value=\"$(pval)\"/>";
echo "<postfield name=\"pid\" value=\"$(pid)\"/>";
echo "</go></anchor>";
echo "</p>";
echo "<p align=\"center\">";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
else{
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
echo "I don't know how did you get into here, but there's nothing to show<br/><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
?></wml>
Code:
<?php
header("Content-type: text/vnd.wap.wml");
header("Cache-Control: no-store, no-cache, must-revalidate");
echo("<?xml version=\"1.0\"?>");
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.1//EN\"". " \"http://www.wapforum.org/DTD/wml_1.1.xml\">";
?>
<wml>
<?php
include("config.php");
include("core.php");
connectdb();
$action = $_GET["action"];
$sid = $_GET["sid"];
if(!ismod(getuid_sid($sid)))
{
echo "<card id=\"main\" title=\"$stitle\">";
echo "<p align=\"center\">";
echo "You are not a mod<br/>";
echo "<br/>";
echo "<a href=\"index.php\">Home</a>";
echo "</p>";
echo "</card>";
exit();
}
if(islogged($sid)==false)
{
echo "<card id=\"main\" title=\"$stitle\">";
echo "<p align=\"center\">";
echo "You are not logged in<br/>";
echo "Or Your session has been expired<br/><br/>";
echo "<a href=\"index.php\">Login</a>";
echo "</p>";
echo "</card>";
}
addonline(getuid_sid($sid),"Mod CP","");
if($action=="delp")
{
$pid = $_GET["pid"];
$tid = gettid_pid($pid);
$fid = getfid_tid($tid);
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$res = mysql_query("DELETE FROM ibwf_posts WHERE id='".$pid."'");
if($res)
{
$tname = mysql_fetch_array(mysql_query("SELECT name FROM ibwf_topics WHERE id='".$tid."'"));
mysql_query("INSERT INTO ibwf_mlog SET action='posts', details='<b>".getnick_uid(getuid_sid($sid))."</b> Deleted Post Number $pid Of the thread ".mysql_escape_string($tname[0])." at the forum ".getfname($fid)."', actdt='".(time() - $timeadjust)."'");
echo "<img src=\"images/ok.gif\" alt=\"O\"/>Post Message Deleted";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Database Error";
}
echo "<br/><br/><a href=\"index.php?action=viewtpc&sid=$sid&tid=$tid&page=1000\">";
echo "View Topic</a><br/>";
$fname = getfname($fid);
echo "<a href=\"index.php?action=viewfrm&sid=$sid&fid=$fid\">";
echo "$fname</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
////////////////////////////////////////////Edit Post
else if($action=="edtpst")
{
$pid = $_GET["pid"];
$ptext = $_POST["ptext"];
$tid = gettid_pid($pid);
$fid = getfid_tid($tid);
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$res = mysql_query("UPDATE ibwf_posts SET text='"
.$ptext."' WHERE id='".$pid."'");
if($res)
{
$tname = mysql_fetch_array(mysql_query("SELECT name FROM ibwf_topics WHERE id='".$tid."'"));
mysql_query("INSERT INTO ibwf_mlog SET action='posts', details='<b>".getnick_uid(getuid_sid($sid))."</b> Edited Post Number $pid Of the thread ".mysql_escape_string($tname[0])." at the forum ".getfname($fid)."', actdt='".(time() - $timeadjust)."'");
echo "<img src=\"images/ok.gif\" alt=\"O\"/>Post Message Edited";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Database Error";
}
echo "<br/><br/>";
echo "<a href=\"index.php?action=viewtpc&sid=$sid&tid=$tid\">";
echo "View Topic</a><br/>";
$fname = getfname($fid);
echo "<a href=\"index.php?action=viewfrm&sid=$sid&fid=$fid\">";
echo "$fname</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
////////////////////////////////////////////Edit Post
else if($action=="edttpc")
{
$tid = $_GET["tid"];
$ttext = $_POST["ttext"];
$fid = getfid_tid($tid);
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$res = mysql_query("UPDATE ibwf_topics SET text='"
.$ttext."' WHERE id='".$tid."'");
if($res)
{
mysql_query("INSERT INTO ibwf_mlog SET action='topics', details='<b>".getnick_uid(getuid_sid($sid))."</b> Edited the text Of the thread ".mysql_escape_string(gettname($tid))." at the forum ".getfname($fid)."', actdt='".(time() - $timeadjust)."'");
echo "<img src=\"images/ok.gif\" alt=\"O\"/>Topic Message Edited";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Database Error";
}
echo "<br/><br/>";
echo "<a href=\"index.php?action=viewtpc&sid=$sid&tid=$tid\">";
echo "View Topic</a><br/>";
$fname = getfname($fid);
echo "<a href=\"index.php?action=viewfrm&sid=$sid&fid=$fid\">";
echo "$fname</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
///////////////////////////////////////Close/ Open Topic
else if($action=="clot")
{
$tid = $_GET["tid"];
$tdo = $_GET["tdo"];
$fid = getfid_tid($tid);
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$res = mysql_query("UPDATE ibwf_topics SET closed='"
.$tdo."' WHERE id='".$tid."'");
if($res)
{
if($tdo==1)
{
$msg = "Closed";
}else{
$msg = "Opened";
}
mysql_query("INSERT INTO ibwf_mlog SET action='topics', details='<b>".getnick_uid(getuid_sid($sid))."</b> Closed The thread ".mysql_escape_string(gettname($tid))." at the forum ".getfname($fid)."', actdt='".(time() - $timeadjust)."'");
echo "<img src=\"images/ok.gif\" alt=\"O\"/>Topic $msg";
$tpci = mysql_fetch_array(mysql_query("SELECT name, authorid FROM ibwf_topics WHERE id='".$tid."'"));
$tname = htmlspecialchars($tpci[0]);
$msg = "your thread [topic=$tid]$tname"."[/topic] is $msg"."[br/][small][i]p.s: this is an automatic pm[/i][/small]";
autopm($msg, $tpci[1]);
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Database Error";
}
echo "<br/><br/>";
$fname = getfname($fid);
echo "<a href=\"index.php?action=viewfrm&sid=$sid&fid=$fid\">";
echo "$fname</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
///////////////////////////////////////Untrash user
else if($action=="untr")
{
$who = $_GET["who"];
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$res = mysql_query("DELETE FROM ibwf_metpenaltiespl WHERE penalty='0' AND uid='".$who."'");
if($res)
{
$unick = getnick_uid($who);
mysql_query("INSERT INTO ibwf_mlog SET action='penalties', details='<b>".getnick_uid(getuid_sid($sid))."</b> Untrashed The user <b>".$unick."', actdt='".(time() - $timeadjust)."'");
echo "<img src=\"images/ok.gif\" alt=\"O\"/>$unick Untrashed";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Database Error";
}
echo "<br/><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
///////////////////////////////////////Unban user
else if($action=="unbanonley")
{
$who = $_GET["who"];
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$res = mysql_query("DELETE FROM ibwf_metpenaltiespl WHERE (penalty='1' OR penalty='2') AND uid='".$who."'");
if($res)
{
$unick = getnick_uid($who);
mysql_query("INSERT INTO ibwf_mlog SET action='penalties', details='<b>".getnick_uid(getuid_sid($sid))."</b> Unbanned The user <b>".$unick."</b>', actdt='".(time() - $timeadjust)."'");
echo "<img src=\"images/ok.gif\" alt=\"O\"/>$unick Unbanned";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Database Error";
}
echo "<br/><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
///////////////////////////////////////Delete shout
else if($action=="delsh")
{
$shid = $_GET["shid"];
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$sht = mysql_fetch_array(mysql_query("SELECT shouter, shout FROM ibwf_shouts WHERE id='".$shid."'"));
$msg = getnick_uid($sht[0]);
$msg .= ": ".htmlspecialchars((strlen($sht[1])<20?$sht[1]:substr($sht[1], 0, 20)));
$res = mysql_query("DELETE FROM ibwf_shouts WHERE id ='".$shid."'");
if($res)
{
mysql_query("INSERT INTO ibwf_mlog SET action='shouts', details='<b>".getnick_uid(getuid_sid($sid))."</b> Deleted the shout <b>".$shid."</b> - $msg', actdt='".(time() - $timeadjust)."'");
echo "<img src=\"images/ok.gif\" alt=\"O\"/>Shout deleted";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Database Error";
}
echo "<br/><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
///////////////////////////////////////Unban user
else if($action=="shld")
{
$who = $_GET["who"];
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$res = mysql_query("Update ibwf_users SET shield='1' WHERE id='".$who."'");
if($res)
{
$unick = getnick_uid($who);
mysql_query("INSERT INTO ibwf_mlog SET action='penalties', details='<b>".getnick_uid(getuid_sid($sid))."</b> Shielded The user <b>".$unick."</b>', actdt='".(time() - $timeadjust)."'");
echo "<img src=\"images/ok.gif\" alt=\"O\"/>$unick is Shielded";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Database Error";
}
echo "<br/><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
///////////////////////////////////////Unban user
else if($action=="ushld")
{
$who = $_GET["who"];
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$res = mysql_query("Update ibwf_users SET shield='0' WHERE id='".$who."'");
if($res)
{
$unick = getnick_uid($who);
mysql_query("INSERT INTO ibwf_mlog SET action='penalties', details='<b>".getnick_uid(getuid_sid($sid))."</b> Unshielded The user <b>".$unick."</b>', actdt='".(time() - $timeadjust)."'");
echo "<img src=\"images/ok.gif\" alt=\"O\"/>$unick is Unshielded";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Database Error";
}
echo "<br/><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
///////////////////////////////////////Pin/ Unpin Topic
else if($action=="pint")
{
$tid = $_GET["tid"];
$tdo = $_GET["tdo"];
$fid = getfid_tid($tid);
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$pnd = getpinned($fid);
if($pnd<=5)
{
$res = mysql_query("UPDATE ibwf_topics SET pinned='"
.$tdo."' WHERE id='".$tid."'");
if($res)
{
if($tdo==1)
{
$msg = "Pinned";
}else{
$msg = "Unpinned";
}
mysql_query("INSERT INTO ibwf_mlog SET action='topics', details='<b>".getnick_uid(getuid_sid($sid))."</b> $msg The thread ".mysql_escape_string(gettname($tid))." at the forum ".getfname($fid)."', actdt='".(time() - $timeadjust)."'");
echo "<img src=\"images/ok.gif\" alt=\"O\"/>Topic $msg";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Database Error";
}
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>You can only pin 5 topics in every forum";
}
echo "<br/><br/>";
$fname = getfname($fid);
echo "<a href=\"index.php?action=viewfrm&sid=$sid&fid=$fid\">";
echo "$fname</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
///////////////////////////////////Delete the damn thing
else if($action=="delt")
{
$tid = $_GET["tid"];
$fid = getfid_tid($tid);
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$tname=gettname($tid);
$res = mysql_query("DELETE FROM ibwf_topics WHERE id='".$tid."'");
if($res)
{
mysql_query("DELETE FROM ibwf_posts WHERE tid='".$tid."'");
mysql_query("INSERT INTO ibwf_mlog SET action='topics', details='<b>".getnick_uid(getuid_sid($sid))."</b> Deleted The thread ".mysql_escape_string($tname)." at the forum ".getfname($fid)."', actdt='".(time() - $timeadjust)."'");
echo "<img src=\"images/ok.gif\" alt=\"O\"/>Topic Deleted";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Database Error";
}
echo "<br/><br/>";
$fname = getfname($fid);
echo "<a href=\"index.php?action=viewfrm&sid=$sid&fid=$fid\">";
echo "$fname</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
////////////////////////////////////////////Edit Post
else if($action=="rentpc")
{
$tid = $_GET["tid"];
$tname = $_POST["tname"];
$fid = getfid_tid($tid);
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$otname = gettname($tid);
if(trim($tname!=""))
{
$not = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_topics WHERE name LIKE '".$tname."' AND fid='".$fid."'"));
if($not[0]==0)
{
$res = mysql_query("UPDATE ibwf_topics SET name='"
.$tname."' WHERE id='".$tid."'");
if($res)
{
mysql_query("INSERT INTO ibwf_mlog SET action='topics', details='<b>".getnick_uid(getuid_sid($sid))."</b> Renamed The thread ".mysql_escape_string($otname)." to ".mysql_escape_string($tname)." at the forum ".getfname($fid)."', actdt='".(time() - $timeadjust)."'");
echo "<img src=\"images/ok.gif\" alt=\"O\"/>Topic Renamed";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Database Error";
}
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Topic Name already exist";
}
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>You must specify a name for the topic";
}
echo "<br/><br/>";
echo "<a href=\"index.php?action=viewtpc&sid=$sid&tid=$tid\">";
echo "View Topic</a><br/>";
$fname = getfname($fid);
echo "<a href=\"index.php?action=viewfrm&sid=$sid&fid=$fid\">";
echo "$fname</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
///////////////////////////////////////////////////Move topic
else if($action=="mvt")
{
$tid = $_GET["tid"];
$mtf = $_POST["mtf"];
$fname = htmlspecialchars(getfname($mtf));
//$fid = getfid_tid($tid);
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$not = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_topics WHERE name LIKE '".$tname."' AND fid='".$mtf."'"));
if($not[0]==0)
{
$res = mysql_query("UPDATE ibwf_topics SET fid='"
.$mtf."', moved='1' WHERE id='".$tid."'");
if($res)
{
mysql_query("INSERT INTO ibwf_mlog SET action='topics', details='<b>".getnick_uid(getuid_sid($sid))."</b> Moved The thread ".mysql_escape_string($tname)." to forum ".getfname($fid)."', actdt='".(time() - $timeadjust)."'");
$tpci = mysql_fetch_array(mysql_query("SELECT name, authorid FROM ibwf_topics WHERE id='".$tid."'"));
$tname = htmlspecialchars($tpci[0]);
$msg = "your thread [topic=$tid]$tname"."[/topic] Was moved to $fname forum[br/][small][i]p.s: this is an automatic pm[/i][/small]";
autopm($msg, $tpci[1]);
echo "<img src=\"images/ok.gif\" alt=\"O\"/>Topic Moved";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Database Error";
}
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Topic Name already exist";
}
echo "<br/><br/>";
echo "<a href=\"index.php?action=viewfrm&sid=$sid&fid=$mtf\">";
echo "$fname</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
//////////////////////////////////////////Handle PM
else if($action=="hpm")
{
$pid = $_GET["pid"];
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$info = mysql_fetch_array(mysql_query("SELECT byuid, touid FROM ibwf_private WHERE id='".$pid."'"));
$res = mysql_query("UPDATE ibwf_private SET reported='2' WHERE id='".$pid."'");
if($res)
{
mysql_query("INSERT INTO ibwf_mlog SET action='handling', details='<b>".getnick_uid(getuid_sid($sid))."</b> handled The PM ".$pid."', actdt='".(time() - $timeadjust)."'");
echo "<img src=\"images/ok.gif\" alt=\"O\"/>PM Handled";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Database Error";
}
echo "<br/><br/>";
echo "<a href=\"index.php?action=viewuser&sid=$sid&who=$info[0]\">PM Sender's Profile</a><br/>";
echo "<a href=\"index.php?action=viewuser&sid=$sid&who=$info[1]\">PM Reporter's Profile</a><br/><br/>";
echo "<a href=\"modcp.php?action=main&sid=$sid\">";
echo "Mod R/L</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
//////////////////////////////////////////Handle Post
else if($action=="hps")
{
$pid = $_GET["pid"];
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$info = mysql_fetch_array(mysql_query("SELECT uid, tid FROM ibwf_posts WHERE id='".$pid."'"));
$res = mysql_query("UPDATE ibwf_posts SET reported='2' WHERE id='".$pid."'");
if($res)
{
mysql_query("INSERT INTO ibwf_mlog SET action='handling', details='<b>".getnick_uid(getuid_sid($sid))."</b> handled The Post ".$pid."', actdt='".(time() - $timeadjust)."'");
echo "<img src=\"images/ok.gif\" alt=\"O\"/>Post Handled";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Database Error";
}
echo "<br/><br/>";
$poster = getnick_uid($info[0]);
echo "<a href=\"index.php?action=viewuser&sid=$sid&who=$info[0]\">$poster's Profile</a><br/>";
echo "<a href=\"index.php?action=viewtpc&sid=$sid&tid=$info[1]\">View Topic</a><br/><br/>";
echo "<a href=\"modcp.php?action=main&sid=$sid\">";
echo "Mod R/L</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
//////////////////////////////////////////Handle Topic
else if($action=="htp")
{
$pid = $_GET["tid"];
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$info = mysql_fetch_array(mysql_query("SELECT authorid FROM ibwf_topics WHERE id='".$pid."'"));
$res = mysql_query("UPDATE ibwf_topics SET reported='2' WHERE id='".$pid."'");
if($res)
{
mysql_query("INSERT INTO ibwf_mlog SET action='handling', details='<b>".getnick_uid(getuid_sid($sid))."</b> handled The topic ".mysql_escape_string(gettname($pid))."', actdt='".(time() - $timeadjust)."'");
echo "<img src=\"images/ok.gif\" alt=\"O\"/>Topic Handled";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Database Error";
}
echo "<br/><br/>";
$poster = getnick_uid($info[0]);
echo "<a href=\"index.php?action=viewuser&sid=$sid&who=$info[0]\">$poster's Profile</a><br/>";
echo "<a href=\"index.php?action=viewtpc&sid=$sid&tid=$pid\">View Topic</a><br/><br/>";
echo "<a href=\"modcp.php?action=main&sid=$sid\">";
echo "Mod R/L</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
////////////////////////////////////////Punish
else if($action=="pun")
{
$pid = $_POST["pid"];
$who = $_POST["who"];
$pres = $_POST["pres"];
$pds = $_POST["pds"];
$phr = $_POST["phr"];
$pmn = $_POST["pmn"];
$psc = $_POST["psc"];
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$uip = "";
$ubr = "";
$pmsg[0]="Trashed";
$pmsg[1]="Banned";
$pmsg[2]="IP-Banned";
if($pid=='2')
{
//ip ban
$uip = getip_uid($who);
$ubr = getbr_uid($who);
}
if(trim($pres)=="")
{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>You must Specify a reson for punishing the user";
}else{
$timeto = $pds*24*60*60;
$timeto += $phr*60*60;
$timeto += $pmn*60;
$timeto += $psc;
$ptime = $timeto + (time() - $timeadjust);
$unick = getnick_uid($who);
$res = mysql_query("INSERT INTO ibwf_metpenaltiespl SET uid='".$who."', penalty='".$pid."', exid='".getuid_sid($sid)."', timeto='".$ptime."', pnreas='".mysql_escape_string($pres)."', ipadd='".$uip."', browserm='".$ubr."'");
if($res)
{
mysql_query("UPDATE ibwf_users SET lastpnreas='".$pmsg[$pid].": ".mysql_escape_string($pres)."' WHERE id='".$who."'");
mysql_query("INSERT INTO ibwf_mlog SET action='penalties', details='<b>".getnick_uid(getuid_sid($sid))."</b> $pmsg[$pid] The user <b>".$unick."</b> For ".$timeto." Seconds', actdt='".(time() - $timeadjust)."'");
echo "<img src=\"images/ok.gif\" alt=\"O\"/>$unick is $pmsg[$pid] for $timeto Seconds";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Database Error";
}
}
echo "<br/><br/><a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
////////////////////////////////////////Punish
else if($action=="pls")
{
$pid = $_POST["pid"];
$who = $_POST["who"];
$pres = $_POST["pres"];
$pval = $_POST["pval"];
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
$unick = getnick_uid($who);
$opl = mysql_fetch_array(mysql_query("SELECT plusses FROM ibwf_users WHERE id='".$who."'"));
if($pid=='0')
{
$npl = $opl[0] - $pval;
}else{
$npl = $opl[0] + $pval;
}
if($npl<0)
{
$npl=0;
}
if(trim($pres)=="")
{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>You must Specify a reson for updating $unick's Plusses";
}else{
$res = mysql_query("UPDATE ibwf_users SET lastplreas='".mysql_escape_string($pres)."', plusses='".$npl."' WHERE id='".$who."'");
if($res)
{
mysql_query("INSERT INTO ibwf_mlog SET action='penalties', details='<b>".getnick_uid(getuid_sid($sid))."</b> Updated <b>".$unick."</b> plusses from ".$opl[0]." to $npl', actdt='".(time() - $timeadjust)."'");
echo "<img src=\"images/ok.gif\" alt=\"O\"/>$unick's Plusses Updated From $opl[0] to $npl";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Database Error";
}
}
echo "<br/><br/><a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
else{
echo "<card id=\"main\" title=\"Mod CP\">";
echo "<p align=\"center\">";
echo "I don't know how did you get into here, but there's nothing to show<br/><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p></card>";
}
?></wml>
Code:
<?
echo "<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<?php
include("config.php");
include("core.php");
$bcon = connectdb();
if (!$bcon)
{
echo "<head>\n";
echo "<title>$stitle</title>\n";
echo "<link rel=\"StyleSheet\" type=\"text/css\" href=\"style/style.css\" />";
echo "<meta http-equiv=\"Cache-Control\" content=\"must-revalidate\" />\n";
echo "<meta http-equiv=\"Cache-Control\" content=\"no-cache\" />\n";
echo "<meta http-equiv=\"Pragma\" content=\"no-cache\" />\n";
echo "</head>";
echo "<body>";
echo "<div class=\"ahblock2\">";
echo "</div>";
echo "<p align=\"center\">";
echo "<img src=\"images/exit.gif\" alt=\"*\"/><br/>";
echo "ERROR! cannot connect to database<br/><br/>";
echo "This error happens usually when backing up the database, please be patient, The site will be up any minute<br/><br/>";
echo "you can temperoray be in this site <a href=\"http://4wap.co.cc\">4wap</a> while spiderwap is offline<br/>";
echo "<b>THANK YOU VERY MUCH</b>";
echo "</p>";
echo "<div class=\"ahblock2\">";
echo "</div>";
echo "</body>";
echo "</html>";
exit();
}
//protect against sql injections and remove $ sign
if( !get_magic_quotes_gpc() )
{
if( is_array($_GET) )
{
while( list($k, $v) = each($_GET) )
{
if( is_array($_GET[$k]) )
{
while( list($k2, $v2) = each($_GET[$k]) )
{
$_GET[$k][$k2] = addslashes($v2);
}
@reset($_GET[$k]);
}
else
{
$_GET[$k] = addslashes($v);
}
}
@reset($_GET);
}
if( is_array($_POST) )
{
while( list($k, $v) = each($_POST) )
{
if( is_array($_POST[$k]) )
{
while( list($k2, $v2) = each($_POST[$k]) )
{
$_POST[$k][$k2] = addslashes($v2);
}
@reset($_POST[$k]);
}
else
{
$_POST[$k] = addslashes($v);
}
}
@reset($_POST);
}
}
$brws = explode(" ", $_SERVER['HTTP_USER_AGENT']);
$ubr = $brws[0];
$uip = getip();
$action = $_GET["action"];
$sid = $_GET["sid"];
$page = $_GET["page"];
$who = $_GET["who"];
$uid = getuid_sid($sid);
$theme = mysql_fetch_array(mysql_query("SELECT theme FROM ibwf_users WHERE id='".$uid."'"));
//session_start();
cleardata();
if(isipbanned($uip,$ubr))
{
if(!isshield(getuid_sid($sid)))
{
echo "<head>\n";
echo "<title>SpiderWap</title>\n";
echo "<link rel=\"StyleSheet\" type=\"text/css\" href=\"style/style.css\" />";
echo "<meta http-equiv=\"Cache-Control\" content=\"must-revalidate\" />\n";
echo "<meta http-equiv=\"Cache-Control\" content=\"no-cache\" />\n";
echo "<meta http-equiv=\"Pragma\" content=\"no-cache\" />\n";
echo "</head>";
echo "<body>";
echo "<div class=\"ahblock2\">";
echo "</div>";
echo "<p align=\"center\">";
echo "<img src=\"images/notok.gif\" alt=\"x\"/><br/>";
echo "This IP address is blocked<br/>";
echo "<br/>";
echo "How ever we grant a shield against IP-Ban for our great users, you can try to see if you are shielded by trying to log-in, if you kept coming to this page that means you are not shielded, so come back when the ip-ban period is over<br/><br/>";
$banto = mysql_fetch_array(mysql_query("SELECT timeto FROM ibwf_penalties WHERE penalty='2' AND ipadd='".$uip."' AND browserm='".$ubr."' LIMIT 1 "));
//echo mysql_error();
$remain = $banto[0] - time();
$rmsg = gettimemsg($remain);
echo " IP: $rmsg<br/><br/>";
echo "</p>";
echo "<p>";
echo "</p>";
echo "<div class=\"ahblock2\">";
echo "</div>";
echo "</body>";
echo "</html>";
exit();
}
}
if(($action != "") && ($action!="terms") && ($action!="gviewfrm") && ($action!="gviewcat") && ($action!="gviewtpc") && ($action!="gforumindx"))
{
$uid = getuid_sid($sid);
if((islogged($sid)==false)||($uid==0))
{
echo "<head>\n";
echo "<title>SpiderWap</title>\n";
echo "<link rel=\"StyleSheet\" type=\"text/css\" href=\"style/style.css\" />";
echo "<meta http-equiv=\"Cache-Control\" content=\"must-revalidate\" />\n";
echo "<meta http-equiv=\"Cache-Control\" content=\"no-cache\" />\n";
echo "<meta http-equiv=\"Pragma\" content=\"no-cache\" />\n";
echo "</head>";
echo "<body>";
echo "<div class=\"ahblock2\">";
echo "</div>";
echo "<p align=\"center\">";
echo "You are not logged in<br/>";
echo "Or Your session has been expired<br/><br/>";
echo "<a href=\"index.php\">Login</a>";
echo "</p>";
echo "<div class=\"ahblock2\">";
echo "</div>";
echo "</body>";
echo "</html>";
exit();
}
}
//echo isbanned($uid);
if(isbanned($uid))
{
echo "<head>\n";
echo "<title>SpiderWap</title>\n";
echo "<link rel=\"StyleSheet\" type=\"text/css\" href=\"style/style.css\" />";
echo "<meta http-equiv=\"Cache-Control\" content=\"must-revalidate\" />\n";
echo "<meta http-equiv=\"Cache-Control\" content=\"no-cache\" />\n";
echo "<meta http-equiv=\"Pragma\" content=\"no-cache\" />\n";
echo "</head>";
echo "<body>";
echo "<div class=\"ahblock2\">";
echo "</div>";
echo "<p align=\"center\">";
echo "<img src=\"images/notok.gif\" alt=\"x\"/><br/>";
echo "You are <b>Banned</b><br/>";
$banto = mysql_fetch_array(mysql_query("SELECT timeto FROM ibwf_penalties WHERE uid='".$uid."' AND penalty='1'"));
$banres = mysql_fetch_array(mysql_query("SELECT lastpnreas FROM ibwf_users WHERE id='".$uid."'"));
$remain = $banto[0]- time();
$rmsg = gettimemsg($remain);
echo "Time to finish your penalty: $rmsg<br/><br/>";
echo "Ban Reason: $banres[0]";
echo "</p>";
echo "<div class=\"ahblock2\">";
echo "</div>";
echo "</body>";
echo "</html>";
exit();
}
$res = mysql_query("UPDATE ibwf_users SET browserm='".$ubr."', ipadd='".$uip."' WHERE id='".getuid_sid($sid)."'");
Code:
<?php
include("config.php");
include("core.php");
connectdb();
//protect against sql injections and remove $ sign
if( !get_magic_quotes_gpc() )
{
if( is_array($_GET) )
{
while( list($k, $v) = each($_GET) )
{
if( is_array($_GET[$k]) )
{
while( list($k2, $v2) = each($_GET[$k]) )
{
$_GET[$k][$k2] = addslashes($v2);
}
@reset($_GET[$k]);
}
else
{
$_GET[$k] = addslashes($v);
}
}
@reset($_GET);
}
if( is_array($_POST) )
{
while( list($k, $v) = each($_POST) )
{
if( is_array($_POST[$k]) )
{
while( list($k2, $v2) = each($_POST[$k]) )
{
$_POST[$k][$k2] = addslashes($v2);
}
@reset($_POST[$k]);
}
else
{
$_POST[$k] = addslashes($v);
}
}
@reset($_POST);
}
}
$bcon = connectdb();
$uid = mysql_real_escape_string( $_GET["loguid"] );
$pwd = mysql_real_escape_string( $_GET["logpwd"] );
$theme = mysql_fetch_array(mysql_query("SELECT theme FROM ibwf_users WHERE name='".$uid."'"));
header("Content-type: text/html; charset=ISO-8859-1");
echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>";
echo "<!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.0//EN\"\"http://www.wapforum.org/DTD/xhtml-mobile10.dtd\">";
echo "<html xmlns=\"http://www.w3.org/1999/xhtml\">";
$netwerk=network(ip(),1);
mysql_query("UPDATE ibwf_users SET subno='".$netwerk."' WHERE name='".$uid."'");
echo "<head><title>$uid@$stitle.co.za</title>";
if($theme){echo "<link rel=\"StyleSheet\" type=\"text/css\" href=\"style/$theme[0]\" />";}
else{echo "<link rel=\"StyleSheet\" type=\"text/css\" href=\"style/style.css\" />";}
echo "<meta http-equiv=\"Cache-Control\" content=\"must-revalidate\" />";
echo "<meta http-equiv=\"Cache-Control\" content=\"no-cache\"/>";
echo "<body>";
if (!$bcon)
{
echo "<div class=\"ahblock2\">";
echo "</div>";
echo "<div align=\"center\">";
echo "<img src=\"images/exit.gif\" alt=\"*\"/><br/>";
echo "ERROR! cannot connect to database<br/><br/>";
echo "This error happens usually when backing up the database, please be patient, The site will be up any minute<br/><br/>";
echo "<b>THANK YOU VERY MUCH</b>";
echo "</div>";
echo "<div class=\"ahblock2\">";
echo "</div>";
echo "</body>";
echo "</html>";
exit();
}
$tolog = false;
$tolog = false;
echo "<div class=\"ahblock2\">";
echo "</div>";
echo "<div align=\"center\">";
echo "<small>";
echo "<img src=\"images/logo.gif\" alt=\"*\"/><br/>";
echo "Bookmark THIS page to avoid repeating the login proccess in the future<br/><br/>";
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."'"));
if($uinf[0]==0)
{
//Check for user ID
echo "<img src=\"images/notok.gif\" alt=\"X\"/>UserID doesn't exist<br/><br/>";
}else{
//check for pwd
$epwd = md5($pwd);
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."'"));
if($uinf[0]==0)
{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Incorrect Password<br/><br/>";
}else{
$tm = time();
$xtm = $tm + (getsxtm()*60);
$did = $uid.$tm;
$res = mysql_query("INSERT INTO ibwf_ses SET id='".md5($did)."', uid='".getuid_nick($uid)."', expiretm='".$xtm."'");
if($res)
{
$tolog=true;
echo "<img src=\"images/ok.gif\" alt=\"+\"/>Logged in successfully as $uid<br/>";
$idn = getuid_nick($uid);
$lact = mysql_fetch_array(mysql_query("SELECT lastact FROM ibwf_users WHERE id='".$idn."'"));
mysql_query("UPDATE ibwf_users SET lastvst='".$lact[0]."' WHERE id='".$idn."'");
}else{
//is user already logged in?
$logedin = mysql_fetch_array(mysql_query("SELECT (*) FROM ibwf_ses WHERE uid='".$getuid_nick($uid)."'"));
if($logedin[0]>0)
{
//yip, so let's just update the expiration time
$xtm = time() + (getsxtm()*60);
$res = mysql_query("UPDATE ibwf_ses SET expiretm='".$xtm."' WHERE uid='".getuid_nick($uid)."'");
if($res)
{
$tolog=true;
echo "<img src=\"images/ok.gif\" alt=\"+\"/>Logged in successfully as <b>$uid</b><br/><br/>";
echo "Bookmark <b>THIS PAGE</b> to avoid the login process in the future.<br/><br/>";
$lact = mysql_fetch_array(mysql_query("SELECT lastact FROM ibwf_users WHERE id='".$idn."'"));
mysql_query("UPDATE ibwf_users SET lastvst='".$lact[0]."' WHERE id='".$idn."'");
mysql_query("UPDATE ibwf_users SET lastact='".time()."' WHERE id='".$idn."'");
}else{
echo "<img src=\"images/point.gif\" alt=\"!\"/>Can't login at the time, plz try later<br/>"; //no chance this could happen unless there's error in mysql connection
}
}
}
echo "<br/><br/><b>Welcome back!!</b><br/>";
echo "$stitle, your no.1 online community!!!<br/>";
echo "We're still new and need members, please tell your friends about us<br/>";
echo "Enjoy!!<br/><br/>";
}
}
if($tolog)
{
$sid = md5($did);
echo "<a href=\"index.php?action=main&sid=$sid\">";
echo ">>Enter<<</a><br/><br/>";
}else{
echo "<a href=\"index.php\"><img src=\"images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
}
echo "</small></div>";
echo "<div class=\"ahblock2\">";
echo "</div>";
echo "<p>";
echo "</p>";
echo "</body>";
?>
</html>
Comment