snp-login-script-beta-13
Gesponsorde koppelingen
PHP script bestanden
ADMIN.PHP
-----------------------------------------------
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
<?
############################################
# Filename : ADMIN.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
error_reporting(E_ALL);
session_start();
include("config.php");
include("functions.php");
if(!isset($_SESSION['admin_login']))
{
if(isset($_POST['login']))
{
if($_POST['username'] == $cfg['admin_user'] AND $_POST['password'] == $cfg['admin_pass'])
{
header("Location: admin.php");
$_SESSION['admin_login'] = 1;
}
else
{
echo "<script>alert('Login Incorrect.'); document.location.href=('admin.php')</script>";
}
}
else
{
?>
<form method="POST">
<input type="hidden" value="1" name="login">
Username : <input type="text" name="username"><br>
Password : <input type="password" name="password"><br><br>
<input type="Submit" value="Login"><br><br>
<?
}
}
else
{
echo "<script src=\"javascript.js\"></script>";
if(!isset($_GET['act']))
{
?>
<b>Options</b><br>
<a href="admin.php?act=config">Configuration</a><br>
<a href="admin.php?act=mass_pm">Mass PM</a><br>
<a href="admin.php?act=smiles">Smiles</a><br>
<br>
<b>Maintenance</b><br>
<a href="admin.php?act=repair">Repair & Optimize Database</a><br>
<a href="javascript:delete_members()">Delete all members</a><br>
<a href="javascript:delete_messages()">Delete all messages</a><br>
<a href="javascript:uninstall()">UN-Install</a><br>
<br>
<b>Others</b><br>
<a href="index.php">Index Page</a><br>
<a href="admin.php?act=newest_members">Last 10 Registered</a><br>
<a href="admin.php?act=member_list">Memberlist</a><br>
<a href="logoff.php">Log Off</a>
<?
}
else
{
if($_GET['act'] == "member_list")
{
if(isset($_GET['order_by']))
{
if($_GET['order_by'] == "user_name")
{
$order_by = "user_name";
}
elseif($_GET['order_by'] == "user_email")
{
$order_by = "user_email";
}
elseif($_GET['order_by'] == "user_url")
{
$order_by = "user_url";
}
elseif($_GET['order_by'] == "user_regdate")
{
$order_by = "user_regdate";
}
else
{
$order_by = "user_id";
}
}
else
{
$order_by = "user_id";
}
$total = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!isset($_GET['page']) OR $_GET['page'] < 1)
{
$page = 0;
$prev = "[ Previous " . $cfg['per_page'] . " ]";
}
else
{
$page = $_GET['page'];
}
$start = $page * $cfg['per_page'];
$pages = $total / $cfg['per_page'];
$pageplus = $page + 1;
$pagemin = $page - 1;
if(($page + 1) < $pages)
{
$next = "[ <a href=\"admin.php?act=member_list&order_by=" . $order_by . "&page=" . $pageplus . "\">Next " . $cfg['per_page'] . "</a> ]";
}
if(($page - 1) < $pages AND $page)
{
$prev = "[ <a href=\"admin.php?act=member_list&order_by=" . $order_by . "&page=" . $pagemin . "\">Previous " . $cfg['per_page'] . "</a> ]";
}
else
{
$prev = "[ Previous " . $cfg['per_page'] . " ]";
}
if($pageplus > $pages OR $pageplus == "$pages")
{
$next = "[ Next " . $cfg['per_page'] . " ]";
}
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users WHERE user_public = '1' ORDER BY " . $order_by . " ASC LIMIT $start," . $cfg['per_page'] . "");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!empty($result))
{
echo "<center>" . $prev ." [ <a href=\"index.php\">Main Page</a> ] ". $next . "<center>";
?>
<table style="border-collapse: collapse" cellpadding="2" cellspacing="0" width="100%" border="1" bordercolor="#000000">
<tr>
<td width="21%"><b><a href="admin.php?act=member_list&order_by=user_name&page=<? echo $_GET['page'] ?>">Username</a></b></td>
<td width="26%"><b><a href="admin.php?act=member_list&order_by=user_email&page=<? echo $_GET['page'] ?>">Email</b></td>
<td width="23%"><b><a href="admin.php?act=member_list&order_by=user_url&page=<? echo $_GET['page'] ?>">Website</b></td>
<td width="20%"><b><a href="admin.php?act=member_list&order_by=user_regdate&page=<? echo $_GET['page'] ?>">Registered</b></td>
<td width="10%" align="center"><b>Options</b></td>
</tr>
<?
while($row = mysql_fetch_assoc($query))
{
$format_date = date("$cfg[admin_date]", $row['user_regdate']);
?>
<tr>
<td width="21%"><a href="profile.php?act=view&user_id=<? echo $row['user_id'] ?>"><? echo htmlspecialchars($row['user_name']) ?></a></td>
<td width="26%"><a href="mailto:<? echo htmlspecialchars($row['user_email']) ?>"><? echo htmlspecialchars($row['user_email']) ?></a></td>
<?
$split_url = substr($row['user_url'],0,7);
if($split_url != "http://")
{
$url = "http://" . $row['user_url'];
}
else
{
$url = $row['user_url'];
}
?>
<td width="23%"><a href="<? echo $url ?>" target="_blank"><? echo $row['user_url'] ?></a></td>
<td width="20%"><? echo $format_date ?></td>
<td width="10%" align="center"><a href="admin.php?act=edit&user_id=<? echo $row['user_id'] ?>">Edit this user</a></td>
</tr>
<?
}
echo "</table>";
echo "<center>" . $prev ." [ <a href=\"index.php\">Main Page</a> ] ". $next . "<center>";
}
else
{
echo "<script>alert('No members yet.'); history.go(-1)</script>";
}
}
if($_GET['act'] == "config" AND !isset($_POST['update_config']))
{
$query = mysql_query("SELECT * FROM tbl_config");
while($row = mysql_fetch_assoc($query))
{
?>
<form method="POST">
<input type="hidden" value="1" name="update_config">
<b>Antiflood :</b><br>
<input type="text" name="antiflood" value="<? echo $row['cfg_antiflood'] ?>" size="5"><br>
<b>Max messages in inbox :</b><br>
<input type="text" name="maxmsg" value="<? echo $row['cfg_maxmsg'] ?>" size="5"><br>
<b>Enable Registrations :</b><br>
<select name="register">
<?
if(!empty($row['cfg_register']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Enable Smiles :</b><br>
<select name="smiles">
<?
if(!empty($row['cfg_smiles']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Enable UBB-Codes :</b><br>
<select name="ubb">
<?
if(!empty($cfg['ubb']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Member Per Page :</b><br>
<input type="text" name="perpage" value="<? echo $row['cfg_perpage'] ?>" size="5"><br>
<b>Messages Per Page :</b><br>
<input type="text" name="perpageinbox" value="<? echo $row['cfg_perpageinbox'] ?>" size="5"><br>
<b>Admin Dateformat :</b><br>
<input type="text" name="dateformat" value="<? echo $row['cfg_admindate'] ?>" size="10"><br><br>
<b>Admin Username :</b><br>
<input type="text" name="adminuser" value="<? echo $row['cfg_adminuser'] ?>" size="5"><br>
<b>Admin Password :</b><br>
<input type="text" name="adminpass" value="<? echo $row['cfg_adminpass'] ?>" size="5"><br>
<input type="submit" value="Save">
<input type="reset" value="Reset">
<?
}
}
if($_GET['act'] == "repair")
{
mysql_query("REPAIR TABLE tbl_config,tbl_msg,tbl_smiles,tbl_users") or die("<script>alert('Tables could not be repaired.')</script>");
mysql_query("OPTIMIZE TABLE tbl_config") or die("<script>alert('Tables could not be optimized.')</script>");
mysql_query("OPTIMIZE TABLE tbl_msg") or die("<script>alert('Tables could not be optimized.')</script>");
mysql_query("OPTIMIZE TABLE tbl_smiles") or die("<script>alert('Tables could not be optimized.')</script>");
mysql_query("OPTIMIZE TABLE tbl_users") or die("<script>alert('Tables could not be optimized.')</script>");
echo "<script>alert('Tables repaired & optimized.'); document.location.href=('admin.php')</script>";
}
if($_GET['act'] == "delete_members")
{
$users = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!empty($users))
{
mysql_query("DELETE FROM tbl_users") or die("<script>alert('Could not delete members.')</script>");
echo "<script>alert('All users have been deleted.'); document.location.href=('admin.php')</script>";
}
else
{
echo "<script>alert('No users found.'); document.location.href=('admin.php')</script>";
}
}
if($_GET['act'] == "delete_messages")
{
$messages = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg"),0);
if(!empty($messages))
{
mysql_query("DELETE FROM tbl_msg") or die("<script>alert('Could not delete message.')</script>");
echo "<script>alert('All messages have been deleted.'); document.location.href=('admin.php')</script>";
}
else
{
echo "<script>alert('No messages found.'); document.location.href=('admin.php')</script>";
}
}
if($_GET['act'] == "edit" AND !isset($_POST['update_user']))
{
if(isset($_GET['user_id']))
{
$user_exists = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_id = '" . $_GET['user_id'] . "'"),0);
if(!empty($_GET['user_id']) AND isset($_GET['user_id']) AND !empty($user_exists))
{
if(isset($_SESSION['admin_login']))
{
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users WHERE user_id = '" . $_GET['user_id'] . "'");
while($row = mysql_fetch_assoc($query))
{
?>
<form method="POST">
<input type="hidden" value="<? echo $_GET['user_id'] ?>" name="user_id">
<input type="hidden" value="1" name="update_user">
<b>Username :</b><br>
<input type="text" name="user" value="<? echo htmlspecialchars($row['user_name']) ?>"><br>
<b>Email :</b><br>
<input type="text" name="email" value="<? echo htmlspecialchars($row['user_email']) ?>"><br>
<b>Website :</b><br>
<input type="text" name="url" value="<? echo htmlspecialchars($row['user_url']) ?>"><br>
<b>Date Format :</b><br>
<input type="text" name="date" value="<? echo htmlspecialchars($row['user_dateformat']) ?>">
<a href="http://www.php.net/date" target="_blank">More info</a><br>
<b>User IP: </b><br>
<input type="text" value="<? echo $row['user_ip'] ?>" disabled><br>
<b>Registered: </b><br>
<input type="text" value="<? echo date("$cfg[admin_date]",$row['user_regdate']); ?>" size="25" disabled><br>
<b>Show Email :</b><br>
<select name="showmail">
<?
if(!empty($row['user_showmail']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Enabled PM :</b><br>
<select name="pm">
<?
if(!empty($row['user_pm']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select> If "No" all messages will be deleted<br>
<b>Public Profile :</b><br>
<select name="public">
<?
if(!empty($row['user_public']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Account Activated :</b><br>
<select name="activated">
<?
if($row['user_activated'] == "1")
{
$is_activated = " selected";
}
elseif(empty($row['user_activated']))
{
$not_activated = " selected";
}
else
{
$pending_activated = " selected";
}
?>
<option value="1"<? if(isset($is_activated)){ echo $is_activated; } ?>>Yes</option>
<option value="0"<? if(isset($not_activated)){ echo $not_activated; } ?>>No</option>
<option value="<? echo $row['user_activated'] ?>"<? if(isset($pending_activated)){ echo $pending_activated; } ?>>Pending</option>
</select> * Pending means that the user has to activate his account<br><br>
<b>Admin Comment :</b><br>
<textarea cols="25" rows="5" name="admcom"><? echo $row['user_admcom'] ?></textarea><br>
<b>Password :</b><br>
<input type="password" name="pass"><br><br>
<input type="checkbox" name="deluser" value="1"> Delete User<br><br>
<input type="submit" value="Save">
<input type="reset" value="Reset">
<?
}
}
else
{
echo "<script>alert('You\'re not logged in'.); document.location.href=('admin.php')</script>";
}
}
else
{
echo "<script>alert('User with this ID doesn\'t exist.'); history.go(-1);</script>";
}
}
else
{
echo "<script>alert('No ID defined.'); history.go(-1);</script>";
}
}
if($_GET['act'] == "mass_pm" AND !isset($_POST['send_masspm']))
{
?>
<form method="POST" name="form">
<input type="hidden" value="1" name="send_masspm">
<b>Title :</b><br>
<input type="text" name="title" size="50"><br>
<b>Message :</b><br>
<?
echo_ubb();
echo "<textarea cols=\"75\" rows=\"20\" name=\"message\"></textarea>";
echo "<br>\n";
echo_smiles();
echo "<br>\n";
?>
<input type="submit" value="Save">
<input type="reset" value="Reset">
</form>
<?
}
if($_GET['act'] == "smiles")
{
?>
<table style="border-collapse: collapse" cellpadding="2" cellspacing="0" width="100%" border="1" bordercolor="#000000">
<tr>
<td width="35%"><b>Name</b></td>
<td width="20%"><b>Tag</b></td>
<td width="20%"><b>Preview</b></td>
<td width="10%" align="center"><b>Options</b></td>
</tr>
<?
$query = mysql_query("SELECT * FROM tbl_smiles ORDER BY smile_name ASC");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles"),0);
if(!empty($result))
{
while($row = mysql_fetch_assoc($query))
{
?>
<tr>
<td width="35%"><? echo htmlspecialchars($row['smile_name']) ?></td>
<td width="20%"><? echo htmlspecialchars($row['smile_tag']) ?></td>
<td width="20%"><img src="smiles/<? echo $row['smile_file'] ?>"></td>
<td width="10%" align="center"><a href="admin.php?act=edit_smile&smile_id=<? echo $row['smile_id'] ?>">Edit</a> |
<a href="javascript:del_smile('<? echo $row['smile_id'] ?>')">Delete</a></td>
</tr>
<?
}
}
echo "</table>";
echo "<br>\n";
echo "<a href=\"admin.php?act=add_smile\">Add Smile</a>";
echo "<br>\n";
echo "<a href=\"admin.php\">Admin Index</a>";
}
if($_GET['act'] == "edit_smile" AND !isset($_POST['save_smile']))
{
$query = mysql_query("SELECT * FROM tbl_smiles WHERE smile_id = '" . $_GET['smile_id'] . "'");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles WHERE smile_id = '" . $_GET['smile_id'] . "'"),0);
if(!empty($result))
{
while($row = mysql_fetch_assoc($query))
{
?>
<form method="POST" name="form">
<input type="hidden" value="1" name="save_smile">
<input type="hidden" value="<? echo $_GET['smile_id'] ?>" name="id">
<b>Smile Name :</b><br>
<input type="text" name="name" value="<? echo $row['smile_name'] ?>"><br>
<b>Smile Tag :</b><br>
<input type="text" name="tag" value="<? echo $row['smile_tag'] ?>" size="5"><br>
<b>Smile File :</b><br>
<select name="file" onChange="showimage()"><?
$handle = opendir('smiles');
while(false!==($file = readdir($handle)))
{
if($file != "." AND $file != "..")
{
if($file == $row['smile_file'])
{
$selected = " selected";
}
else
{
$selected = " ";
}
echo "<option value=\"" . $file . "\"" . $selected . ">" . $file . "</option>\n";
}
}
closedir($handle);
?>
</select><img src="smiles/<? echo $row['smile_file'] ?>" name="icons" hspace="10"><br>
<input type="submit" value="Save">
<input type="reset" value="Reset">
</form>
<?
}
}
else
{
echo "<script>alert('Smile with this ID doesn\'t excist'); history.go(-1)</script>";
}
}
if($_GET['act'] == "add_smile" AND !isset($_POST['add_smile']))
{
?>
<form method="POST" name="form">
<input type="hidden" value="1" name="add_smile">
<b>Smile Name :</b><br>
<input type="text" name="name"><br>
<b>Smile Tag :</b><br>
<input type="text" name="tag" size="5"><br>
<b>Smile File :</b><br>
<select name="file" onChange="showimage()"><?
$handle = opendir('smiles');
while(false!==($file = readdir($handle)))
{
if($file != "." AND $file != "..")
{
if(!isset($first_smile))
{
$first_smile = $file;
}
echo "<option value=\"" . $file . "\">" . $file . "</option>\n";
}
}
closedir($handle);
?>
</select><img src="smiles/<? echo $first_smile ?>" name="icons" hspace="10"><br>
<input type="submit" value="Save">
<input type="reset" value="Reset">
</form>
<?
}
if($_GET['act'] == "del_smile")
{
if(isset($_GET['smile_id']))
{
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles WHERE smile_id = '" . $_GET['smile_id'] . "'"),0);
if(!empty($result))
{
mysql_query("DELETE FROM tbl_smiles WHERE smile_id = '" . $_GET['smile_id'] . "'");
}
else
{
echo "<script>alert('Smile with this ID doesn\'t excist.'); history.go(-1)</script>";
}
}
else
{
echo "<script>alert('Please validate a smile ID.'); history.go(-1)</script>";
}
}
if($_GET['act'] == "newest_members")
{
$query = mysql_query("SELECT * FROM tbl_users ORDER BY user_id DESC LIMIT 0,10");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(empty($result))
{
echo "<script>alert('No members yet.'); history.go(-1)</script>";
}
else
{
while($row = mysql_fetch_assoc($query))
{
echo $row['user_id'] . ". <a href=\"profile.php?act=view&user_id=" . $row['user_id'] . "\">" . $row['user_name'] . "</a><br>";
}
}
}
if($_GET['act'] == "uninstall")
{
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!empty($result))
{
mysql_query("DROP TABLE tbl_config");
mysql_query("DROP TABLE tbl_msg");
mysql_query("DROP TABLE tbl_smiles");
mysql_query("DROP TABLE tbl_users");
echo "SNP Login Script successfully uninstalled, you can now remove all files of SNP Login Script.";
echo "<br>\n<br>\n";
echo "<script>window.close()</script>";
}
else
{
echo "<script>alert('SNP Login Script has already been uninstalled, delete the directory containing this file to finish the un-installation.'); window.close()</script>";
}
}
}
if(isset($_POST['update_user']))
{
if(empty($_POST['deluser']))
{
if(!empty($_POST['pass']))
{
mysql_query("UPDATE tbl_users SET user_pass = '" . md5($_POST['pass']) . "' WHERE user_id = '" . $_POST['user_id'] . "'") or die(mysql_error());
}
mysql_query("UPDATE tbl_users SET user_name = '" . $_POST['user'] . "', user_email = '" . $_POST['email'] . "', user_url = '" . $_POST['url'] . "', user_dateformat = '" . $_POST['date'] . "', user_showmail = '" . $_POST['showmail'] . "', user_public = '" . $_POST['public'] . "', user_activated = '" . $_POST['activated'] . "', user_admcom = '" . $_POST['admcom'] . "', user_pm = '" . $_POST['pm'] . "' WHERE user_id = '" . $_POST['user_id'] . "'") or die(mysql_error());
echo "Information successfully updated !";
echo "<br>\n<br>\n";
echo "<a href=\"admin.php?act=member_list\">Back to memberlist</a>";
echo "<br>\n";
echo "<a href=\"admin.php\">Admin Index</a>";
}
else
{
$user_exists = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_id = '" . $_POST['user_id'] . "'"),0);
if(!empty($user_exists))
{
mysql_query("DELETE FROM tbl_users WHERE user_id = '" . $_POST['user_id'] . "'");
mysql_query("DELETE FROM tbl_msg WHERE msg_to = '" . $_POST['user_id'] . "' OR msg_from = '" . $_POST['user_id'] . "'");
echo "<script>alert('User successfully deleted.'); document.location.href=('admin.php?act=member_list')</script>";
}
else
{
echo "<script>alert('User doesn\'t exist.'); document.location.href=('admin.php?act=member_list')</script>";
}
}
}
if(isset($_POST['update_config']))
{
mysql_query("UPDATE tbl_config SET cfg_antiflood = '" . $_POST['antiflood'] . "', cfg_maxmsg = '" . $_POST['maxmsg'] . "', cfg_register = '" . $_POST['register'] . "', cfg_smiles = '" . $_POST['smiles'] . "', cfg_ubbcode = '" . $_POST['ubb'] . "', cfg_perpage = '" . $_POST['perpage'] . "', cfg_perpageinbox = '" . $_POST['perpageinbox'] . "', cfg_admindate = '" . $_POST['dateformat'] . "', cfg_adminuser = '" . $_POST['adminuser'] . "', cfg_adminpass = '" . $_POST['adminpass'] . "'") or die(mysql_error());
echo "Configuration successfully updated !";
echo "<br>\n<br>\n";
echo "<a href=\"admin.php\">Admin Index</a>";
}
if(isset($_POST['send_masspm']))
{
$query = mysql_query("SELECT * FROM tbl_users ORDER BY user_id ASC");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!empty($result))
{
while($row = mysql_fetch_assoc($query))
{
mysql_query("INSERT INTO tbl_msg VALUES ('','" . $_POST['title'] . "',NOW(),'" . $_POST['message'] . "','0','" . $row['user_id'] . "','0','" . $_ENV['REMOTE_ADDR'] . "')");
}
echo "Mass PM Sent to all members.";
echo "<br>\n<br>\n";
echo "<a href=\"admin.php?act=inbox\">My Inbox</a>";
echo "<br>\n";
echo "<a href=\"admin.php\">Admin Index</a>";
}
else
{
echo "<script>alert('Can\'t send message: No members yet.')</script>";
}
}
if(isset($_POST['save_smile']))
{
mysql_query("UPDATE tbl_smiles SET smile_name = '" . $_POST['name'] . "', smile_tag = '" . $_POST['tag'] . "', smile_file = '" . $_POST['file'] . "' WHERE smile_id = '" . $_POST['id'] . "'") or die(mysql_error());
echo "Configuration successfully updated !";
echo "<br>\n<br>\n";
echo "<a href=\"admin.php\">Admin Index</a>";
}
if(isset($_POST['add_smile']))
{
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles WHERE smile_file = '" . $_POST['file'] . "'"),0);
if(empty($result))
{
mysql_query("INSERT INTO tbl_smiles VALUES ('','" . $_POST['name'] . "', '" . $_POST['tag'] . "', '" . $_POST['file'] . "')");
echo "Smiles successfully added !";
echo "<br>\n<br>\n";
echo "<a href=\"admin.php\">Admin Index</a>";
}
else
{
echo "<script>alert('Smile already excists'); history.go(-1)</script>";
}
}
}
?>
############################################
# Filename : ADMIN.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
error_reporting(E_ALL);
session_start();
include("config.php");
include("functions.php");
if(!isset($_SESSION['admin_login']))
{
if(isset($_POST['login']))
{
if($_POST['username'] == $cfg['admin_user'] AND $_POST['password'] == $cfg['admin_pass'])
{
header("Location: admin.php");
$_SESSION['admin_login'] = 1;
}
else
{
echo "<script>alert('Login Incorrect.'); document.location.href=('admin.php')</script>";
}
}
else
{
?>
<form method="POST">
<input type="hidden" value="1" name="login">
Username : <input type="text" name="username"><br>
Password : <input type="password" name="password"><br><br>
<input type="Submit" value="Login"><br><br>
<?
}
}
else
{
echo "<script src=\"javascript.js\"></script>";
if(!isset($_GET['act']))
{
?>
<b>Options</b><br>
<a href="admin.php?act=config">Configuration</a><br>
<a href="admin.php?act=mass_pm">Mass PM</a><br>
<a href="admin.php?act=smiles">Smiles</a><br>
<br>
<b>Maintenance</b><br>
<a href="admin.php?act=repair">Repair & Optimize Database</a><br>
<a href="javascript:delete_members()">Delete all members</a><br>
<a href="javascript:delete_messages()">Delete all messages</a><br>
<a href="javascript:uninstall()">UN-Install</a><br>
<br>
<b>Others</b><br>
<a href="index.php">Index Page</a><br>
<a href="admin.php?act=newest_members">Last 10 Registered</a><br>
<a href="admin.php?act=member_list">Memberlist</a><br>
<a href="logoff.php">Log Off</a>
<?
}
else
{
if($_GET['act'] == "member_list")
{
if(isset($_GET['order_by']))
{
if($_GET['order_by'] == "user_name")
{
$order_by = "user_name";
}
elseif($_GET['order_by'] == "user_email")
{
$order_by = "user_email";
}
elseif($_GET['order_by'] == "user_url")
{
$order_by = "user_url";
}
elseif($_GET['order_by'] == "user_regdate")
{
$order_by = "user_regdate";
}
else
{
$order_by = "user_id";
}
}
else
{
$order_by = "user_id";
}
$total = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!isset($_GET['page']) OR $_GET['page'] < 1)
{
$page = 0;
$prev = "[ Previous " . $cfg['per_page'] . " ]";
}
else
{
$page = $_GET['page'];
}
$start = $page * $cfg['per_page'];
$pages = $total / $cfg['per_page'];
$pageplus = $page + 1;
$pagemin = $page - 1;
if(($page + 1) < $pages)
{
$next = "[ <a href=\"admin.php?act=member_list&order_by=" . $order_by . "&page=" . $pageplus . "\">Next " . $cfg['per_page'] . "</a> ]";
}
if(($page - 1) < $pages AND $page)
{
$prev = "[ <a href=\"admin.php?act=member_list&order_by=" . $order_by . "&page=" . $pagemin . "\">Previous " . $cfg['per_page'] . "</a> ]";
}
else
{
$prev = "[ Previous " . $cfg['per_page'] . " ]";
}
if($pageplus > $pages OR $pageplus == "$pages")
{
$next = "[ Next " . $cfg['per_page'] . " ]";
}
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users WHERE user_public = '1' ORDER BY " . $order_by . " ASC LIMIT $start," . $cfg['per_page'] . "");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!empty($result))
{
echo "<center>" . $prev ." [ <a href=\"index.php\">Main Page</a> ] ". $next . "<center>";
?>
<table style="border-collapse: collapse" cellpadding="2" cellspacing="0" width="100%" border="1" bordercolor="#000000">
<tr>
<td width="21%"><b><a href="admin.php?act=member_list&order_by=user_name&page=<? echo $_GET['page'] ?>">Username</a></b></td>
<td width="26%"><b><a href="admin.php?act=member_list&order_by=user_email&page=<? echo $_GET['page'] ?>">Email</b></td>
<td width="23%"><b><a href="admin.php?act=member_list&order_by=user_url&page=<? echo $_GET['page'] ?>">Website</b></td>
<td width="20%"><b><a href="admin.php?act=member_list&order_by=user_regdate&page=<? echo $_GET['page'] ?>">Registered</b></td>
<td width="10%" align="center"><b>Options</b></td>
</tr>
<?
while($row = mysql_fetch_assoc($query))
{
$format_date = date("$cfg[admin_date]", $row['user_regdate']);
?>
<tr>
<td width="21%"><a href="profile.php?act=view&user_id=<? echo $row['user_id'] ?>"><? echo htmlspecialchars($row['user_name']) ?></a></td>
<td width="26%"><a href="mailto:<? echo htmlspecialchars($row['user_email']) ?>"><? echo htmlspecialchars($row['user_email']) ?></a></td>
<?
$split_url = substr($row['user_url'],0,7);
if($split_url != "http://")
{
$url = "http://" . $row['user_url'];
}
else
{
$url = $row['user_url'];
}
?>
<td width="23%"><a href="<? echo $url ?>" target="_blank"><? echo $row['user_url'] ?></a></td>
<td width="20%"><? echo $format_date ?></td>
<td width="10%" align="center"><a href="admin.php?act=edit&user_id=<? echo $row['user_id'] ?>">Edit this user</a></td>
</tr>
<?
}
echo "</table>";
echo "<center>" . $prev ." [ <a href=\"index.php\">Main Page</a> ] ". $next . "<center>";
}
else
{
echo "<script>alert('No members yet.'); history.go(-1)</script>";
}
}
if($_GET['act'] == "config" AND !isset($_POST['update_config']))
{
$query = mysql_query("SELECT * FROM tbl_config");
while($row = mysql_fetch_assoc($query))
{
?>
<form method="POST">
<input type="hidden" value="1" name="update_config">
<b>Antiflood :</b><br>
<input type="text" name="antiflood" value="<? echo $row['cfg_antiflood'] ?>" size="5"><br>
<b>Max messages in inbox :</b><br>
<input type="text" name="maxmsg" value="<? echo $row['cfg_maxmsg'] ?>" size="5"><br>
<b>Enable Registrations :</b><br>
<select name="register">
<?
if(!empty($row['cfg_register']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Enable Smiles :</b><br>
<select name="smiles">
<?
if(!empty($row['cfg_smiles']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Enable UBB-Codes :</b><br>
<select name="ubb">
<?
if(!empty($cfg['ubb']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Member Per Page :</b><br>
<input type="text" name="perpage" value="<? echo $row['cfg_perpage'] ?>" size="5"><br>
<b>Messages Per Page :</b><br>
<input type="text" name="perpageinbox" value="<? echo $row['cfg_perpageinbox'] ?>" size="5"><br>
<b>Admin Dateformat :</b><br>
<input type="text" name="dateformat" value="<? echo $row['cfg_admindate'] ?>" size="10"><br><br>
<b>Admin Username :</b><br>
<input type="text" name="adminuser" value="<? echo $row['cfg_adminuser'] ?>" size="5"><br>
<b>Admin Password :</b><br>
<input type="text" name="adminpass" value="<? echo $row['cfg_adminpass'] ?>" size="5"><br>
<input type="submit" value="Save">
<input type="reset" value="Reset">
<?
}
}
if($_GET['act'] == "repair")
{
mysql_query("REPAIR TABLE tbl_config,tbl_msg,tbl_smiles,tbl_users") or die("<script>alert('Tables could not be repaired.')</script>");
mysql_query("OPTIMIZE TABLE tbl_config") or die("<script>alert('Tables could not be optimized.')</script>");
mysql_query("OPTIMIZE TABLE tbl_msg") or die("<script>alert('Tables could not be optimized.')</script>");
mysql_query("OPTIMIZE TABLE tbl_smiles") or die("<script>alert('Tables could not be optimized.')</script>");
mysql_query("OPTIMIZE TABLE tbl_users") or die("<script>alert('Tables could not be optimized.')</script>");
echo "<script>alert('Tables repaired & optimized.'); document.location.href=('admin.php')</script>";
}
if($_GET['act'] == "delete_members")
{
$users = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!empty($users))
{
mysql_query("DELETE FROM tbl_users") or die("<script>alert('Could not delete members.')</script>");
echo "<script>alert('All users have been deleted.'); document.location.href=('admin.php')</script>";
}
else
{
echo "<script>alert('No users found.'); document.location.href=('admin.php')</script>";
}
}
if($_GET['act'] == "delete_messages")
{
$messages = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg"),0);
if(!empty($messages))
{
mysql_query("DELETE FROM tbl_msg") or die("<script>alert('Could not delete message.')</script>");
echo "<script>alert('All messages have been deleted.'); document.location.href=('admin.php')</script>";
}
else
{
echo "<script>alert('No messages found.'); document.location.href=('admin.php')</script>";
}
}
if($_GET['act'] == "edit" AND !isset($_POST['update_user']))
{
if(isset($_GET['user_id']))
{
$user_exists = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_id = '" . $_GET['user_id'] . "'"),0);
if(!empty($_GET['user_id']) AND isset($_GET['user_id']) AND !empty($user_exists))
{
if(isset($_SESSION['admin_login']))
{
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users WHERE user_id = '" . $_GET['user_id'] . "'");
while($row = mysql_fetch_assoc($query))
{
?>
<form method="POST">
<input type="hidden" value="<? echo $_GET['user_id'] ?>" name="user_id">
<input type="hidden" value="1" name="update_user">
<b>Username :</b><br>
<input type="text" name="user" value="<? echo htmlspecialchars($row['user_name']) ?>"><br>
<b>Email :</b><br>
<input type="text" name="email" value="<? echo htmlspecialchars($row['user_email']) ?>"><br>
<b>Website :</b><br>
<input type="text" name="url" value="<? echo htmlspecialchars($row['user_url']) ?>"><br>
<b>Date Format :</b><br>
<input type="text" name="date" value="<? echo htmlspecialchars($row['user_dateformat']) ?>">
<a href="http://www.php.net/date" target="_blank">More info</a><br>
<b>User IP: </b><br>
<input type="text" value="<? echo $row['user_ip'] ?>" disabled><br>
<b>Registered: </b><br>
<input type="text" value="<? echo date("$cfg[admin_date]",$row['user_regdate']); ?>" size="25" disabled><br>
<b>Show Email :</b><br>
<select name="showmail">
<?
if(!empty($row['user_showmail']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Enabled PM :</b><br>
<select name="pm">
<?
if(!empty($row['user_pm']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select> If "No" all messages will be deleted<br>
<b>Public Profile :</b><br>
<select name="public">
<?
if(!empty($row['user_public']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Account Activated :</b><br>
<select name="activated">
<?
if($row['user_activated'] == "1")
{
$is_activated = " selected";
}
elseif(empty($row['user_activated']))
{
$not_activated = " selected";
}
else
{
$pending_activated = " selected";
}
?>
<option value="1"<? if(isset($is_activated)){ echo $is_activated; } ?>>Yes</option>
<option value="0"<? if(isset($not_activated)){ echo $not_activated; } ?>>No</option>
<option value="<? echo $row['user_activated'] ?>"<? if(isset($pending_activated)){ echo $pending_activated; } ?>>Pending</option>
</select> * Pending means that the user has to activate his account<br><br>
<b>Admin Comment :</b><br>
<textarea cols="25" rows="5" name="admcom"><? echo $row['user_admcom'] ?></textarea><br>
<b>Password :</b><br>
<input type="password" name="pass"><br><br>
<input type="checkbox" name="deluser" value="1"> Delete User<br><br>
<input type="submit" value="Save">
<input type="reset" value="Reset">
<?
}
}
else
{
echo "<script>alert('You\'re not logged in'.); document.location.href=('admin.php')</script>";
}
}
else
{
echo "<script>alert('User with this ID doesn\'t exist.'); history.go(-1);</script>";
}
}
else
{
echo "<script>alert('No ID defined.'); history.go(-1);</script>";
}
}
if($_GET['act'] == "mass_pm" AND !isset($_POST['send_masspm']))
{
?>
<form method="POST" name="form">
<input type="hidden" value="1" name="send_masspm">
<b>Title :</b><br>
<input type="text" name="title" size="50"><br>
<b>Message :</b><br>
<?
echo_ubb();
echo "<textarea cols=\"75\" rows=\"20\" name=\"message\"></textarea>";
echo "<br>\n";
echo_smiles();
echo "<br>\n";
?>
<input type="submit" value="Save">
<input type="reset" value="Reset">
</form>
<?
}
if($_GET['act'] == "smiles")
{
?>
<table style="border-collapse: collapse" cellpadding="2" cellspacing="0" width="100%" border="1" bordercolor="#000000">
<tr>
<td width="35%"><b>Name</b></td>
<td width="20%"><b>Tag</b></td>
<td width="20%"><b>Preview</b></td>
<td width="10%" align="center"><b>Options</b></td>
</tr>
<?
$query = mysql_query("SELECT * FROM tbl_smiles ORDER BY smile_name ASC");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles"),0);
if(!empty($result))
{
while($row = mysql_fetch_assoc($query))
{
?>
<tr>
<td width="35%"><? echo htmlspecialchars($row['smile_name']) ?></td>
<td width="20%"><? echo htmlspecialchars($row['smile_tag']) ?></td>
<td width="20%"><img src="smiles/<? echo $row['smile_file'] ?>"></td>
<td width="10%" align="center"><a href="admin.php?act=edit_smile&smile_id=<? echo $row['smile_id'] ?>">Edit</a> |
<a href="javascript:del_smile('<? echo $row['smile_id'] ?>')">Delete</a></td>
</tr>
<?
}
}
echo "</table>";
echo "<br>\n";
echo "<a href=\"admin.php?act=add_smile\">Add Smile</a>";
echo "<br>\n";
echo "<a href=\"admin.php\">Admin Index</a>";
}
if($_GET['act'] == "edit_smile" AND !isset($_POST['save_smile']))
{
$query = mysql_query("SELECT * FROM tbl_smiles WHERE smile_id = '" . $_GET['smile_id'] . "'");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles WHERE smile_id = '" . $_GET['smile_id'] . "'"),0);
if(!empty($result))
{
while($row = mysql_fetch_assoc($query))
{
?>
<form method="POST" name="form">
<input type="hidden" value="1" name="save_smile">
<input type="hidden" value="<? echo $_GET['smile_id'] ?>" name="id">
<b>Smile Name :</b><br>
<input type="text" name="name" value="<? echo $row['smile_name'] ?>"><br>
<b>Smile Tag :</b><br>
<input type="text" name="tag" value="<? echo $row['smile_tag'] ?>" size="5"><br>
<b>Smile File :</b><br>
<select name="file" onChange="showimage()"><?
$handle = opendir('smiles');
while(false!==($file = readdir($handle)))
{
if($file != "." AND $file != "..")
{
if($file == $row['smile_file'])
{
$selected = " selected";
}
else
{
$selected = " ";
}
echo "<option value=\"" . $file . "\"" . $selected . ">" . $file . "</option>\n";
}
}
closedir($handle);
?>
</select><img src="smiles/<? echo $row['smile_file'] ?>" name="icons" hspace="10"><br>
<input type="submit" value="Save">
<input type="reset" value="Reset">
</form>
<?
}
}
else
{
echo "<script>alert('Smile with this ID doesn\'t excist'); history.go(-1)</script>";
}
}
if($_GET['act'] == "add_smile" AND !isset($_POST['add_smile']))
{
?>
<form method="POST" name="form">
<input type="hidden" value="1" name="add_smile">
<b>Smile Name :</b><br>
<input type="text" name="name"><br>
<b>Smile Tag :</b><br>
<input type="text" name="tag" size="5"><br>
<b>Smile File :</b><br>
<select name="file" onChange="showimage()"><?
$handle = opendir('smiles');
while(false!==($file = readdir($handle)))
{
if($file != "." AND $file != "..")
{
if(!isset($first_smile))
{
$first_smile = $file;
}
echo "<option value=\"" . $file . "\">" . $file . "</option>\n";
}
}
closedir($handle);
?>
</select><img src="smiles/<? echo $first_smile ?>" name="icons" hspace="10"><br>
<input type="submit" value="Save">
<input type="reset" value="Reset">
</form>
<?
}
if($_GET['act'] == "del_smile")
{
if(isset($_GET['smile_id']))
{
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles WHERE smile_id = '" . $_GET['smile_id'] . "'"),0);
if(!empty($result))
{
mysql_query("DELETE FROM tbl_smiles WHERE smile_id = '" . $_GET['smile_id'] . "'");
}
else
{
echo "<script>alert('Smile with this ID doesn\'t excist.'); history.go(-1)</script>";
}
}
else
{
echo "<script>alert('Please validate a smile ID.'); history.go(-1)</script>";
}
}
if($_GET['act'] == "newest_members")
{
$query = mysql_query("SELECT * FROM tbl_users ORDER BY user_id DESC LIMIT 0,10");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(empty($result))
{
echo "<script>alert('No members yet.'); history.go(-1)</script>";
}
else
{
while($row = mysql_fetch_assoc($query))
{
echo $row['user_id'] . ". <a href=\"profile.php?act=view&user_id=" . $row['user_id'] . "\">" . $row['user_name'] . "</a><br>";
}
}
}
if($_GET['act'] == "uninstall")
{
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!empty($result))
{
mysql_query("DROP TABLE tbl_config");
mysql_query("DROP TABLE tbl_msg");
mysql_query("DROP TABLE tbl_smiles");
mysql_query("DROP TABLE tbl_users");
echo "SNP Login Script successfully uninstalled, you can now remove all files of SNP Login Script.";
echo "<br>\n<br>\n";
echo "<script>window.close()</script>";
}
else
{
echo "<script>alert('SNP Login Script has already been uninstalled, delete the directory containing this file to finish the un-installation.'); window.close()</script>";
}
}
}
if(isset($_POST['update_user']))
{
if(empty($_POST['deluser']))
{
if(!empty($_POST['pass']))
{
mysql_query("UPDATE tbl_users SET user_pass = '" . md5($_POST['pass']) . "' WHERE user_id = '" . $_POST['user_id'] . "'") or die(mysql_error());
}
mysql_query("UPDATE tbl_users SET user_name = '" . $_POST['user'] . "', user_email = '" . $_POST['email'] . "', user_url = '" . $_POST['url'] . "', user_dateformat = '" . $_POST['date'] . "', user_showmail = '" . $_POST['showmail'] . "', user_public = '" . $_POST['public'] . "', user_activated = '" . $_POST['activated'] . "', user_admcom = '" . $_POST['admcom'] . "', user_pm = '" . $_POST['pm'] . "' WHERE user_id = '" . $_POST['user_id'] . "'") or die(mysql_error());
echo "Information successfully updated !";
echo "<br>\n<br>\n";
echo "<a href=\"admin.php?act=member_list\">Back to memberlist</a>";
echo "<br>\n";
echo "<a href=\"admin.php\">Admin Index</a>";
}
else
{
$user_exists = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_id = '" . $_POST['user_id'] . "'"),0);
if(!empty($user_exists))
{
mysql_query("DELETE FROM tbl_users WHERE user_id = '" . $_POST['user_id'] . "'");
mysql_query("DELETE FROM tbl_msg WHERE msg_to = '" . $_POST['user_id'] . "' OR msg_from = '" . $_POST['user_id'] . "'");
echo "<script>alert('User successfully deleted.'); document.location.href=('admin.php?act=member_list')</script>";
}
else
{
echo "<script>alert('User doesn\'t exist.'); document.location.href=('admin.php?act=member_list')</script>";
}
}
}
if(isset($_POST['update_config']))
{
mysql_query("UPDATE tbl_config SET cfg_antiflood = '" . $_POST['antiflood'] . "', cfg_maxmsg = '" . $_POST['maxmsg'] . "', cfg_register = '" . $_POST['register'] . "', cfg_smiles = '" . $_POST['smiles'] . "', cfg_ubbcode = '" . $_POST['ubb'] . "', cfg_perpage = '" . $_POST['perpage'] . "', cfg_perpageinbox = '" . $_POST['perpageinbox'] . "', cfg_admindate = '" . $_POST['dateformat'] . "', cfg_adminuser = '" . $_POST['adminuser'] . "', cfg_adminpass = '" . $_POST['adminpass'] . "'") or die(mysql_error());
echo "Configuration successfully updated !";
echo "<br>\n<br>\n";
echo "<a href=\"admin.php\">Admin Index</a>";
}
if(isset($_POST['send_masspm']))
{
$query = mysql_query("SELECT * FROM tbl_users ORDER BY user_id ASC");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!empty($result))
{
while($row = mysql_fetch_assoc($query))
{
mysql_query("INSERT INTO tbl_msg VALUES ('','" . $_POST['title'] . "',NOW(),'" . $_POST['message'] . "','0','" . $row['user_id'] . "','0','" . $_ENV['REMOTE_ADDR'] . "')");
}
echo "Mass PM Sent to all members.";
echo "<br>\n<br>\n";
echo "<a href=\"admin.php?act=inbox\">My Inbox</a>";
echo "<br>\n";
echo "<a href=\"admin.php\">Admin Index</a>";
}
else
{
echo "<script>alert('Can\'t send message: No members yet.')</script>";
}
}
if(isset($_POST['save_smile']))
{
mysql_query("UPDATE tbl_smiles SET smile_name = '" . $_POST['name'] . "', smile_tag = '" . $_POST['tag'] . "', smile_file = '" . $_POST['file'] . "' WHERE smile_id = '" . $_POST['id'] . "'") or die(mysql_error());
echo "Configuration successfully updated !";
echo "<br>\n<br>\n";
echo "<a href=\"admin.php\">Admin Index</a>";
}
if(isset($_POST['add_smile']))
{
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles WHERE smile_file = '" . $_POST['file'] . "'"),0);
if(empty($result))
{
mysql_query("INSERT INTO tbl_smiles VALUES ('','" . $_POST['name'] . "', '" . $_POST['tag'] . "', '" . $_POST['file'] . "')");
echo "Smiles successfully added !";
echo "<br>\n<br>\n";
echo "<a href=\"admin.php\">Admin Index</a>";
}
else
{
echo "<script>alert('Smile already excists'); history.go(-1)</script>";
}
}
}
?>
-----------------------------------------------
CONFIG.PHP
-----------------------------------------------
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
<?
############################################
# Filename : CONFIG.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
$hostname = "localhost";
$username = "user";
$password = "";
$database = "login";
mysql_connect($hostname,$username,$password) or die(mysql_error());
mysql_select_db($database);
$select_config = mysql_query("SELECT * FROM tbl_config");
while($config = mysql_fetch_assoc($select_config))
{
$cfg['antiflood'] = $config['cfg_antiflood'];
$cfg['max_msg'] = $config['cfg_maxmsg'];
$cfg['register'] = $config['cfg_register'];
$cfg['smiles'] = $config['cfg_smiles'];
$cfg['ubb'] = $config['cfg_ubbcode'];
$cfg['per_page'] = $config['cfg_perpage'];
$cfg['per_pageinbox'] = $config['cfg_perpageinbox'];
$cfg['admin_date'] = $config['cfg_admindate'];
$cfg['admin_user'] = $config['cfg_adminuser'];
$cfg['admin_pass'] = $config['cfg_adminpass'];
}
?>
############################################
# Filename : CONFIG.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
$hostname = "localhost";
$username = "user";
$password = "";
$database = "login";
mysql_connect($hostname,$username,$password) or die(mysql_error());
mysql_select_db($database);
$select_config = mysql_query("SELECT * FROM tbl_config");
while($config = mysql_fetch_assoc($select_config))
{
$cfg['antiflood'] = $config['cfg_antiflood'];
$cfg['max_msg'] = $config['cfg_maxmsg'];
$cfg['register'] = $config['cfg_register'];
$cfg['smiles'] = $config['cfg_smiles'];
$cfg['ubb'] = $config['cfg_ubbcode'];
$cfg['per_page'] = $config['cfg_perpage'];
$cfg['per_pageinbox'] = $config['cfg_perpageinbox'];
$cfg['admin_date'] = $config['cfg_admindate'];
$cfg['admin_user'] = $config['cfg_adminuser'];
$cfg['admin_pass'] = $config['cfg_adminpass'];
}
?>
-----------------------------------------------
FUNCTIONS.PHP
-----------------------------------------------
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
<?
############################################
# Filename : FUNCTIONS.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
include("config.php");
function echo_ubb()
{
global $cfg;
if(!empty($cfg['ubb']))
{
echo "<input type=\"button\" OnClick=\"smile('[b][/b]')\" style=\"font-weight: bold; width: 30pt\" value=\"B\"> ";
echo "<input type=\"button\" OnClick=\"smile('[u][/u]')\" style=\"text-decoration: underline; width: 30pt\" value=\"U\"> ";
echo "<input type=\"button\" OnClick=\"smile('[i][/i]')\" style=\"font-style: italic; width: 30pt\" value=\"I\"> ";
echo "<input type=\"button\" OnClick=\"smile('[quote][/quote]')\" style=\"width: 50pt\" value=\"Quote\"> ";
echo "<input type=\"button\" OnClick=\"smile('[img][/img]')\" style=\"width: 50pt\" value=\"Image\">";
echo "<br>\n";
}
}
function echo_smiles()
{
global $cfg;
if(!empty($cfg['smiles']))
{
$query = mysql_query("SELECT * FROM tbl_smiles");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles"),0);
if(!empty($result))
{
while($row = mysql_fetch_assoc($query))
{
echo " <a href=\"javascript:smile('" . addslashes($row['smile_tag']) . "')\"><img src=\"smiles/" . $row['smile_file'] . "\" border=\"0\"></a>";
}
echo "<br>\n";
}
}
}
?>
############################################
# Filename : FUNCTIONS.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
include("config.php");
function echo_ubb()
{
global $cfg;
if(!empty($cfg['ubb']))
{
echo "<input type=\"button\" OnClick=\"smile('[b][/b]')\" style=\"font-weight: bold; width: 30pt\" value=\"B\"> ";
echo "<input type=\"button\" OnClick=\"smile('[u][/u]')\" style=\"text-decoration: underline; width: 30pt\" value=\"U\"> ";
echo "<input type=\"button\" OnClick=\"smile('[i][/i]')\" style=\"font-style: italic; width: 30pt\" value=\"I\"> ";
echo "<input type=\"button\" OnClick=\"smile('[quote][/quote]')\" style=\"width: 50pt\" value=\"Quote\"> ";
echo "<input type=\"button\" OnClick=\"smile('[img][/img]')\" style=\"width: 50pt\" value=\"Image\">";
echo "<br>\n";
}
}
function echo_smiles()
{
global $cfg;
if(!empty($cfg['smiles']))
{
$query = mysql_query("SELECT * FROM tbl_smiles");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles"),0);
if(!empty($result))
{
while($row = mysql_fetch_assoc($query))
{
echo " <a href=\"javascript:smile('" . addslashes($row['smile_tag']) . "')\"><img src=\"smiles/" . $row['smile_file'] . "\" border=\"0\"></a>";
}
echo "<br>\n";
}
}
}
?>
-----------------------------------------------
INDEX.PHP
-----------------------------------------------
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<?
############################################
# Filename : INDEX.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
error_reporting(E_ALL);
session_start();
include("config.php");
if(!isset($_SESSION['user_id']))
{
if(isset($_POST['login']))
{
$query = mysql_query("SELECT * FROM tbl_users WHERE user_name = '" . $_POST['user'] . "' AND user_pass = '" . md5($_POST['pass']) . "'");
$result = mysql_num_rows($query);
if(empty($result))
{
echo "<script>alert('Login Incorrect.'); document.location.href=('index.php')</script>";
}
else
{
while($row = mysql_fetch_assoc($query))
{
$user_id = $row['user_id'];
}
header("Location: index.php");
$_SESSION['user_id'] = $user_id;
}
}
else
{
?>
<form method="POST">
<input type="hidden" value="1" name="login">
Username : <input type="text" name="user"><br>
Password : <input type="password" name="pass"><br><br>
<input type="Submit" value="Login"><br><br>
<a href="register.php">Register</a><br>
<a href="memberlist.php">Memberlist</a>
<?
}
}
else
{
$query = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $_SESSION['user_id'] . "'");
while($row = mysql_fetch_assoc($query))
{
echo "Username : <b>" . $row['user_name']. "</b>";
if($row['user_pm'])
{
$msg = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(empty($msg))
{
$msg = "<font color=\"#008000\">Empty</font>";
}
elseif($msg >= $cfg['max_msg'])
{
$msg = "<font color=\"#FF0000\">FULL</font>";
}
else
{
$msg = $msg . " / " . $cfg['max_msg'];
}
echo "<br>\n";
echo "Inbox : <b>". $msg ."</b> ( <a href=\"msg.php?act=inbox\">Open</a> )";
}
}
echo "<br>\n<br>\n";
if(isset($_SESSION['admin_login']))
{
echo "<a href=\"admin.php\">Admin Page</a>";
echo "<br>\n";
}
echo "<a href=\"memberlist.php\">Memberlist</a>";
echo "<br>\n";
echo "<a href=\"profile.php?act=edit_profile\">Change Profile</a>";
echo "<br>\n";
echo "<a href=\"profile.php?act=view&user_id=" . $_SESSION['user_id'] . "\">My Profile</a>";
echo "<br>\n";
echo "<a href=\"logoff.php\">Log Off</a>";
}
?>
############################################
# Filename : INDEX.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
error_reporting(E_ALL);
session_start();
include("config.php");
if(!isset($_SESSION['user_id']))
{
if(isset($_POST['login']))
{
$query = mysql_query("SELECT * FROM tbl_users WHERE user_name = '" . $_POST['user'] . "' AND user_pass = '" . md5($_POST['pass']) . "'");
$result = mysql_num_rows($query);
if(empty($result))
{
echo "<script>alert('Login Incorrect.'); document.location.href=('index.php')</script>";
}
else
{
while($row = mysql_fetch_assoc($query))
{
$user_id = $row['user_id'];
}
header("Location: index.php");
$_SESSION['user_id'] = $user_id;
}
}
else
{
?>
<form method="POST">
<input type="hidden" value="1" name="login">
Username : <input type="text" name="user"><br>
Password : <input type="password" name="pass"><br><br>
<input type="Submit" value="Login"><br><br>
<a href="register.php">Register</a><br>
<a href="memberlist.php">Memberlist</a>
<?
}
}
else
{
$query = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $_SESSION['user_id'] . "'");
while($row = mysql_fetch_assoc($query))
{
echo "Username : <b>" . $row['user_name']. "</b>";
if($row['user_pm'])
{
$msg = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(empty($msg))
{
$msg = "<font color=\"#008000\">Empty</font>";
}
elseif($msg >= $cfg['max_msg'])
{
$msg = "<font color=\"#FF0000\">FULL</font>";
}
else
{
$msg = $msg . " / " . $cfg['max_msg'];
}
echo "<br>\n";
echo "Inbox : <b>". $msg ."</b> ( <a href=\"msg.php?act=inbox\">Open</a> )";
}
}
echo "<br>\n<br>\n";
if(isset($_SESSION['admin_login']))
{
echo "<a href=\"admin.php\">Admin Page</a>";
echo "<br>\n";
}
echo "<a href=\"memberlist.php\">Memberlist</a>";
echo "<br>\n";
echo "<a href=\"profile.php?act=edit_profile\">Change Profile</a>";
echo "<br>\n";
echo "<a href=\"profile.php?act=view&user_id=" . $_SESSION['user_id'] . "\">My Profile</a>";
echo "<br>\n";
echo "<a href=\"logoff.php\">Log Off</a>";
}
?>
-----------------------------------------------
JAVASCRIPT.JS
-----------------------------------------------
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
function clr_inbox()
{
if(confirm("Are you sure you want to clear all messages ?"))
{
document.location.href = 'msg.php?act=del_inbox';
}
}
function del_msg(value)
{
if(confirm("Are you sure you want to delete this message ?"))
{
document.location.href = 'msg.php?act=delmsg&msg_id=' + value;
}
}
function del_smile(value)
{
if(confirm("Are you sure you want to delete this smile ?"))
{
document.location.href = 'admin.php?act=del_smile&smile_id=' +value;
}
}
function smile(tag)
{
document.form.message.value += ""+tag;
document.form.message.focus();
}
function delete_members()
{
if(confirm("Are you sure you want to delete all members ?"))
{
document.location.href = 'admin.php?act=delete_members';
}
}
function delete_messages()
{
if(confirm("Are you sure you want to delete all messages ?"))
{
document.location.href = 'admin.php?act=delete_messages';
}
}
function uninstall()
{
if(confirm("Are you sure you want to uninstall SNP Login Script ?"))
{
document.location.href = 'admin.php?act=uninstall';
}
}
function showimage()
{
if(!document.images)return;
document.images.icons.src="smiles/"+document.form.file.options[document.form.file.selectedIndex].value;
}
{
if(confirm("Are you sure you want to clear all messages ?"))
{
document.location.href = 'msg.php?act=del_inbox';
}
}
function del_msg(value)
{
if(confirm("Are you sure you want to delete this message ?"))
{
document.location.href = 'msg.php?act=delmsg&msg_id=' + value;
}
}
function del_smile(value)
{
if(confirm("Are you sure you want to delete this smile ?"))
{
document.location.href = 'admin.php?act=del_smile&smile_id=' +value;
}
}
function smile(tag)
{
document.form.message.value += ""+tag;
document.form.message.focus();
}
function delete_members()
{
if(confirm("Are you sure you want to delete all members ?"))
{
document.location.href = 'admin.php?act=delete_members';
}
}
function delete_messages()
{
if(confirm("Are you sure you want to delete all messages ?"))
{
document.location.href = 'admin.php?act=delete_messages';
}
}
function uninstall()
{
if(confirm("Are you sure you want to uninstall SNP Login Script ?"))
{
document.location.href = 'admin.php?act=uninstall';
}
}
function showimage()
{
if(!document.images)return;
document.images.icons.src="smiles/"+document.form.file.options[document.form.file.selectedIndex].value;
}
-----------------------------------------------
LOGOFF.PHP
-----------------------------------------------
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<?
############################################
# Filename : LOGOFF.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
session_start();
if(isset($_SESSION))
{
if(isset($_SESSION['user_id']))
{
unset($_SESSION['user_id']);
}
if(isset($_SESSION['admin_login']))
{
unset($_SESSION['admin_login']);
}
header("Location: index.php");
}
else
{
echo "<script>alert('Your not logged in.')</script>";
}
?>
############################################
# Filename : LOGOFF.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
session_start();
if(isset($_SESSION))
{
if(isset($_SESSION['user_id']))
{
unset($_SESSION['user_id']);
}
if(isset($_SESSION['admin_login']))
{
unset($_SESSION['admin_login']);
}
header("Location: index.php");
}
else
{
echo "<script>alert('Your not logged in.')</script>";
}
?>
-----------------------------------------------
MEMBERLIST.PHP
-----------------------------------------------
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
<?
############################################
# Filename : MEMBERLIST.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
session_start();
error_reporting(E_ALL);
include("config.php");
if(isset($_GET['order_by']))
{
if($_GET['order_by'] == "user_name")
{
$order_by = "user_name";
}
elseif($_GET['order_by'] == "user_email")
{
$order_by = "user_email";
}
elseif($_GET['order_by'] == "user_url")
{
$order_by = "user_url";
}
elseif($_GET['order_by'] == "user_regdate")
{
$order_by = "user_regdate";
}
elseif($_GET['order_by'] == "user_pm")
{
$order_by = "user_pm";
}
else
{
$order_by = "user_id";
}
}
else
{
$order_by = "user_id";
}
$total = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!isset($_GET['page']) OR $_GET['page'] < 1)
{
$page = 0;
$prev = "[ Previous " . $cfg['per_page'] . " ]";
}
else
{
$page = $_GET['page'];
}
$start = $page * $cfg['per_page'];
$pages = $total / $cfg['per_page'];
$pageplus = $page + 1;
$pagemin = $page - 1;
if(($page + 1) < $pages)
{
$next = "[ <a href=\"memberlist.php?page=" . $pageplus . "&order_by=" . $order_by . "\">Next " . $cfg['per_page'] . "</a> ]";
}
if(($page - 1) < $pages AND $page)
{
$prev = "[ <a href=\"memberlist.php?page=" . $pagemin . "&order_by=" . $order_by . "\">Previous " . $cfg['per_page'] . "</a> ]";
}
else
{
$prev = "[ Previous " . $cfg['per_page'] . " ]";
}
if($pageplus > $pages OR $pageplus == "$pages")
{
$next = "[ Next " . $cfg['per_page'] . " ]";
}
if(isset($_SESSION['user_id']))
{
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users ORDER BY " . $order_by . " ASC LIMIT $start," . $cfg['per_page'] . "");
}
else
{
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users WHERE user_public = '1' ORDER BY " . $order_by . " ASC LIMIT $start," . $cfg['per_page'] . "");
}
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!empty($result))
{
echo "<center>" . $prev ." [ <a href=\"index.php\">Main Page</a> ] ". $next . "<center>";
?>
<table style="border-collapse: collapse" cellpadding="2" cellspacing="0" width="100%" border="1" bordercolor="#000000">
<tr>
<td width="21%"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_name">Username</a></b></td>
<td width="26%"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_email">Email</b></td>
<td width="23%"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_url">Website</b></td>
<td width="20%"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_regdate">Registered</b></td>
<td width="10%" align="center"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_pm">Enabled PM</a></b></td>
</tr>
<?
while($row = mysql_fetch_assoc($query))
{
if(isset($_SESSION['user_id']))
{
$date_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $_SESSION['user_id'] . "'");
while($date = mysql_fetch_assoc($date_select))
{
$date_format = $date['user_dateformat'];
}
$format_date = date("$date_format",$row['user_regdate']);
}
else
{
$format_date = date("d-m-Y H:i:s", $row['user_regdate']);
}
?>
<tr>
<td width="21%"><a href="profile.php?act=view&user_id=<? echo $row['user_id'] ?>"><? echo htmlspecialchars($row['user_name']) ?></a></td>
<td width="26%">
<?
if(!empty($row['user_showmail']))
{
echo "<a href=\"mailto:" . htmlspecialchars($row['user_email']) . "\">" . htmlspecialchars($row['user_email']) . "</a></td>";
}
if(!empty($row['user_url']))
{
$split_url = substr($row['user_url'],0,7);
if($split_url != "http://")
{
$url = "http://" . $row['user_url'];
}
else
{
$url = $row['user_url'];
}
}
?>
<td width="23%"><a href="<? echo $url ?>" target="_blank"><? echo $row['user_url'] ?></a></td>
<td width="20%"><? echo $format_date ?></td>
<?
if(!empty($row['user_pm']))
{
$user_pm = "<font color=\"#008000\">Yes</font>";
}
else
{
$user_pm = "<font color=\"#FF0000\">No</font>";
}
?>
<td width="10%" align="center"><? echo $user_pm ?></td>
</tr>
<?
}
echo "</table>";
echo "<center>" . $prev ." [ <a href=\"index.php\">Main Page</a> ] ". $next . "<center>";
}
else
{
echo "<script>alert('No members yet.'); history.go(-1)</script>";
}
?>
############################################
# Filename : MEMBERLIST.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
session_start();
error_reporting(E_ALL);
include("config.php");
if(isset($_GET['order_by']))
{
if($_GET['order_by'] == "user_name")
{
$order_by = "user_name";
}
elseif($_GET['order_by'] == "user_email")
{
$order_by = "user_email";
}
elseif($_GET['order_by'] == "user_url")
{
$order_by = "user_url";
}
elseif($_GET['order_by'] == "user_regdate")
{
$order_by = "user_regdate";
}
elseif($_GET['order_by'] == "user_pm")
{
$order_by = "user_pm";
}
else
{
$order_by = "user_id";
}
}
else
{
$order_by = "user_id";
}
$total = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!isset($_GET['page']) OR $_GET['page'] < 1)
{
$page = 0;
$prev = "[ Previous " . $cfg['per_page'] . " ]";
}
else
{
$page = $_GET['page'];
}
$start = $page * $cfg['per_page'];
$pages = $total / $cfg['per_page'];
$pageplus = $page + 1;
$pagemin = $page - 1;
if(($page + 1) < $pages)
{
$next = "[ <a href=\"memberlist.php?page=" . $pageplus . "&order_by=" . $order_by . "\">Next " . $cfg['per_page'] . "</a> ]";
}
if(($page - 1) < $pages AND $page)
{
$prev = "[ <a href=\"memberlist.php?page=" . $pagemin . "&order_by=" . $order_by . "\">Previous " . $cfg['per_page'] . "</a> ]";
}
else
{
$prev = "[ Previous " . $cfg['per_page'] . " ]";
}
if($pageplus > $pages OR $pageplus == "$pages")
{
$next = "[ Next " . $cfg['per_page'] . " ]";
}
if(isset($_SESSION['user_id']))
{
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users ORDER BY " . $order_by . " ASC LIMIT $start," . $cfg['per_page'] . "");
}
else
{
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users WHERE user_public = '1' ORDER BY " . $order_by . " ASC LIMIT $start," . $cfg['per_page'] . "");
}
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!empty($result))
{
echo "<center>" . $prev ." [ <a href=\"index.php\">Main Page</a> ] ". $next . "<center>";
?>
<table style="border-collapse: collapse" cellpadding="2" cellspacing="0" width="100%" border="1" bordercolor="#000000">
<tr>
<td width="21%"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_name">Username</a></b></td>
<td width="26%"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_email">Email</b></td>
<td width="23%"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_url">Website</b></td>
<td width="20%"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_regdate">Registered</b></td>
<td width="10%" align="center"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_pm">Enabled PM</a></b></td>
</tr>
<?
while($row = mysql_fetch_assoc($query))
{
if(isset($_SESSION['user_id']))
{
$date_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $_SESSION['user_id'] . "'");
while($date = mysql_fetch_assoc($date_select))
{
$date_format = $date['user_dateformat'];
}
$format_date = date("$date_format",$row['user_regdate']);
}
else
{
$format_date = date("d-m-Y H:i:s", $row['user_regdate']);
}
?>
<tr>
<td width="21%"><a href="profile.php?act=view&user_id=<? echo $row['user_id'] ?>"><? echo htmlspecialchars($row['user_name']) ?></a></td>
<td width="26%">
<?
if(!empty($row['user_showmail']))
{
echo "<a href=\"mailto:" . htmlspecialchars($row['user_email']) . "\">" . htmlspecialchars($row['user_email']) . "</a></td>";
}
if(!empty($row['user_url']))
{
$split_url = substr($row['user_url'],0,7);
if($split_url != "http://")
{
$url = "http://" . $row['user_url'];
}
else
{
$url = $row['user_url'];
}
}
?>
<td width="23%"><a href="<? echo $url ?>" target="_blank"><? echo $row['user_url'] ?></a></td>
<td width="20%"><? echo $format_date ?></td>
<?
if(!empty($row['user_pm']))
{
$user_pm = "<font color=\"#008000\">Yes</font>";
}
else
{
$user_pm = "<font color=\"#FF0000\">No</font>";
}
?>
<td width="10%" align="center"><? echo $user_pm ?></td>
</tr>
<?
}
echo "</table>";
echo "<center>" . $prev ." [ <a href=\"index.php\">Main Page</a> ] ". $next . "<center>";
}
else
{
echo "<script>alert('No members yet.'); history.go(-1)</script>";
}
?>
-----------------------------------------------
MSG.PHP
-----------------------------------------------
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
<?
############################################
# Filename : MSG.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
error_reporting(E_ALL);
session_start();
include("config.php");
include("functions.php");
if(isset($_POST['send_msg']))
{
if($_POST['user_id'] == $_SESSION['user_id'])
{
echo "<script>alert('You can\'t send messages to yourself.'); history.go(-1)</script>";
}
else
{
if(!isset($_COOKIE['antiflood']))
{
$inbox = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_POST['user_id'] . "'"),0);
if($inbox >= $cfg['max_msg'])
{
$send = 0;
}
else
{
$send = 1;
}
if(!empty($send))
{
if(!empty($_POST['title']) AND !empty($_POST['message']))
{
mysql_query("INSERT INTO tbl_msg VALUES ('','" . $_POST['title'] . "',NOW(),'" . $_POST['message'] . "','" . $_SESSION['user_id'] . "','" . $_POST['user_id'] . "','0','" . $_ENV['REMOTE_ADDR'] . "')") or die(mysql_error());
setcookie("antiflood",true,time()+$cfg['antiflood']);
echo "Message successfully sent !";
echo "<br>\n<br>\n";
echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
else
{
echo "<script>alert('Please fill in all fields.'); history.go(-1)</script>";
}
}
else
{
echo "<script>alert('We\'re sorry but the inbox of this user is full or the user disabled Private Messages.'); history.go(-1)</script>";
}
}
else
{
echo "Antiflood is still active, this means you can only send 1 message per <b style=\"color: #FF0000\">" . $cfg['antiflood'] . "</b> seconds.";
echo "<br>\n<br>\n";
echo "<a href=\"javascript:window.location.reload()\">Refresh Page</a>";
echo "<br>\n";
echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
echo "<br>\n";
echo "<a href=\"msg.php?act=new\">Write new message</a>";
}
}
}
echo "<script src=\"javascript.js\"></script>";
if(isset($_SESSION['user_id']))
{
if(isset($_GET['act']))
{
if($_GET['act'] == "inbox")
{
$total = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(!isset($_GET['page']) OR $_GET['page'] < 1)
{
$page = 0;
$prev = "[ Previous " . $cfg['per_pageinbox'];
}
else
{
$page = $_GET['page'];
}
$start = $page * $cfg['per_pageinbox'];
$pages = $total / $cfg['per_pageinbox'];
$pageplus = $page + 1;
$pagemin = $page - 1;
if(($page + 1) < $pages)
{
$next = "[ <a href=\"msg.php?act=inbox&page=" . $pageplus . "\">Next " . $cfg['per_pageinbox'] . "</a> ]";
}
if(($page - 1) < $pages AND $page)
{
$prev = "[ <a href=\"msg.php?act=inbox&page=" . $pagemin . "\">Previous " . $cfg['per_pageinbox'] . "</a> ]";
}
else
{
$prev = "[ Previous " . $cfg['per_pageinbox'] . " ]";
}
if($pageplus > $pages OR $pageplus == "$pages")
{
$next = "[ Next " . $cfg['per_pageinbox'] . " ]";
}
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(msg_time) AS msg_time FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "' ORDER BY msg_id DESC LIMIT $start," . $cfg['per_pageinbox'] . "");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(empty($result))
{
echo "No messages in your inbox";
echo "<br>\n";
}
else
{
echo "<center>" . $prev ." ". $next . "</center>";
?>
<table style="border-collapse: collapse" cellpadding="2" cellspacing="0" width="100%" border="1" bordercolor="#000000">
<tr>
<td width="40%"><b>Title</b></td>
<td width="25%"><b>From</b></td>
<td width="30%"><b>Date</b></td>
<td width="5%" align="center"><b>Read</b></td>
</tr>
<?
while($row = mysql_fetch_assoc($query))
{
$from_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['msg_from'] . "'");
while($from = mysql_fetch_assoc($from_select))
{
$from_name = $from['user_name'];
}
$to_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['msg_to'] . "'");
while($date = mysql_fetch_assoc($to_select))
{
$date_format = $date['user_dateformat'];
}
?>
<tr>
<td width="40%">
<?
echo " <a href=\"msg.php?act=read&msg_id=" . $row['msg_id'] . "\">" . htmlspecialchars($row['msg_title']) . "</a>";
?>
</td>
<td width="25%">
<?
if(empty($row['msg_from']))
{
echo "Administrator";
}
else
{
echo "<a href=\"profile.php?act=view&user_id=". $row['msg_from'] ."\">" . htmlspecialchars($from_name) . "</a>";
}
?>
</td>
<td width="30%">
<?
echo date("$date_format", $row['msg_time']);
?>
</td>
<td width="5%" align="center">
<?
if(!empty($row['msg_read']))
{
echo " <font color=\"#008000\">Yes</font>";
}
else
{
echo " <font color=\"#FF0000\">No</font>";
}
?>
</td>
</tr>
<?
}
echo "</table>";
echo "<center>" . $prev ." ". $next . "</center>";
}
echo "<br>\n";
echo "<a href=\"msg.php?act=new\">New Message</a>";
if(!empty($result))
{
echo "<br>\n";
echo "<a href=\"javascript:clr_inbox()\">Clear Inbox</a>";
}
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
if($_GET['act'] == "new" AND !isset($_POST['send_msg']))
{
if(isset($_GET['user_id']))
{
if($_GET['user_id'] == $_SESSION['user_id'] OR isset($_GET['quote']) == $_SESSION['user_id'])
{
echo "<script>alert('You can\'t reply to this message'); history.go(-1)</script>";
}
$enabled_pm = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_pm = 1 AND user_id = '" . $_GET['user_id'] . "'"),0);
$inbox = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_GET['user_id'] . "'"),0);
if($inbox >= $cfg['max_msg'] OR empty($enabled_pm))
{
$send = 0;
}
else
{
$send = 1;
}
}
else
{
$send = 1;
}
if(!empty($send))
{
$query = mysql_query("SELECT * FROM tbl_users WHERE user_pm = 1 ORDER BY user_name ASC");
?>
<form method="POST" name="form">
<input type="hidden" value="1" name="send_msg">
<b>To : </b><br><select name="user_id">
<?
while($row = mysql_fetch_assoc($query))
{
if(isset($_GET['user_id']) OR isset($_GET['quote']))
{
if($row['user_id'] == $_GET['user_id'])
{
$selected = " selected";
}
else
{
$selected = "";
}
if(isset($_GET['user_id']))
{
$title = mysql_query("SELECT * FROM tbl_msg WHERE msg_id = " . $_GET['msg_id'] . "");
}
if(isset($_GET['quote']))
{
$title = mysql_query("SELECT * FROM tbl_msg WHERE msg_id = " . $_GET['quote'] . "");
}
while($msg = mysql_fetch_assoc($title))
{
$msg_title = str_replace("Re: ","", $msg['msg_title']);
$msg_title = "Re: " . htmlspecialchars($msg_title);
}
}
$user_select = mysql_query("SELECT * FROM tbl_users");
while($user = mysql_fetch_assoc($user_select))
{
$user_name = $row['user_name'];
}
echo "<option value=\"" . $row['user_id'] . "\"" . $selected . ">" . $user_name . "</option>";
}
echo "</select>";
echo "<br>\n";
?>
<b>Title :</b><br> <input type="text" name="title" value="<? if(isset($msg_title)){ echo $msg_title; } ?>" size="45" maxlength="50"><br>
<b>Message :</b><br>
<?
echo echo_ubb();
?>
<textarea name="message" cols="40" rows="10"><?
if(isset($_GET['quote']))
{
$select_quote = mysql_query("SELECT * FROM tbl_msg WHERE msg_id = '" . $_GET['quote'] . "'");
while($quote = mysql_fetch_assoc($select_quote))
{
$quote_userid = $quote['msg_from'];
$quote_message = $quote['msg_message'];
}
$select_user = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $quote_userid . "'");
while($user = mysql_fetch_assoc($select_user))
{
$quote_username = $user['user_name'];
}
echo "[quote=" . $quote_username . "]" . $quote_message . "[/quote]";
}
?></textarea><br>
<?
echo_smiles();
echo "<br>\n";
?>
<input type="submit" value="Send">
<input type="reset" value="Reset">
<?
}
else
{
echo "<script>alert('Inbox of this user is full or user disabled Private Messages.'); history.go(-1)</script>";
}
}
if($_GET['act'] == "read" AND isset($_GET['msg_id']))
{
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(msg_time) AS msg_time FROM tbl_msg WHERE msg_id = '" . $_GET['msg_id'] . "' AND msg_to = '" . $_SESSION['user_id'] . "'");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_id = '" . $_GET['msg_id'] . "' AND msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(empty($result))
{
echo "<script>alert('Message with this ID doesn\'t exist.'); document.location.href=('msg.php?act=inbox')</script>";
}
else
{
while($row = mysql_fetch_assoc($query))
{
if(empty($row['msg_read']))
{
mysql_query("UPDATE tbl_msg SET msg_read = 1 WHERE msg_id = '" . $_GET['msg_id'] . "'") or die(mysql_error());
}
echo "<b>Title : </b>". htmlspecialchars($row['msg_title']);
echo "<br>\n";
$from_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['msg_from'] . "'");
while($from = mysql_fetch_assoc($from_select))
{
$from_user = $from['user_name'];
}
$to_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['msg_to'] . "'");
while($date = mysql_fetch_assoc($to_select))
{
$date_format = $date['user_dateformat'];
}
echo "<b>From : </b>";
if(empty($row['msg_from']))
{
echo "Administrator";
}
else
{
echo "<a href=\"profile.php?act=view&user_id=". $row['msg_from'] ."\">" . htmlspecialchars($from_name) . "</a>";
}
echo "<br>\n";
$row['msg_time'] = date("$date_format", $row['msg_time']);
echo "<b>Time : </b>". htmlspecialchars($row['msg_time']);
echo "<br>\n";
echo "<b>Message: </b>";
echo "<hr>\n";
$row['msg_message'] = nl2br(htmlspecialchars($row['msg_message']));
if(!empty($cfg['smiles']))
{
$smile_select = mysql_query("SELECT * FROM tbl_smiles ORDER BY smile_id ASC");
while($smile = mysql_fetch_assoc($smile_select))
{
$smile['smile_tag'] = str_replace(">",">", $smile['smile_tag']);
$smile['smile_tag'] = str_replace("<","<", $smile['smile_tag']);
$row['msg_message'] = str_replace("$smile[smile_tag]","<img src=\"smiles/" . $smile['smile_file'] . "\">", $row['msg_message']);
}
}
$quote_tags = substr_count($row['msg_message'], '[/quote]');
for($i = 0; $i <= $quote_tags; $i++)
{
$row['msg_message'] = preg_replace('/\[quote=(.*?)\](.*?)\[\/quote\]/si', "<br><blockquote>\\1 Schreef:<br><table border=\"1\" style=\"border-collapse: collapse\" bordercolor=\"#000000\" width=\"80%\" cellpadding=\"2\"><tr><td> \\2 </td></tr></table></blockquote>", $row['msg_message']);
}
$row['msg_message'] = preg_replace("/\[b\](.*?)\[\/b\]/si", "<b>\\1</b>",$row['msg_message']);
$row['msg_message'] = preg_replace("/\[u\](.*?)\[\/u\]/si", "<u>\\1</u>",$row['msg_message']);
$row['msg_message'] = preg_replace("/\[i\](.*?)\[\/i\]/si", "<i>\\1</i>",$row['msg_message']);
$row['msg_message'] = preg_replace("/\[img\](.*?)\[\/img\]/si", "<img src=\"\\1\">",$row['msg_message']);
$row['msg_message'] = ereg_replace("([ ]{2})","\\1 ",$row['msg_message']);
$row['msg_message'] = eregi_replace("(^|[>[:space:]\n])([[:alnum:]]+)://([^[:space:]]*)([[:alnum:]#?/&=])([<[:space:]\n]|$)","\\1<a href=\"\\2://\\3\\4\" target=\"_blank\">\\2://\\3\\4</a>\\5", $row['msg_message']);
$row['msg_message'] = wordwrap($row['msg_message'], 100,"\t", 1);
echo $row['msg_message'];
$msg_from = $row['msg_from'];
$msg_id = $row['msg_id'];
}
echo "<hr>\n";
echo "<a href=\"javascript:del_msg('" . $_GET['msg_id'] . "')\">Delete message</a>";
echo "<br>\n";
echo "<a href=\"msg.php?act=new&user_id=" . $msg_from . "&msg_id=" . $msg_id . "\">Reply</a>";
echo "<br>\n";
echo "<a href=\"msg.php?act=new&user_id=" . $msg_from . ""e=" . $msg_id . "\">Quote</a>";
echo "<br>\n";
echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
}
if($_GET['act'] == "delmsg" AND isset($_GET['msg_id']))
{
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_id = '" . $_GET['msg_id'] . "' AND msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(empty($result))
{
echo "<script>alert('Message with this ID doesn\'t exist, you might have deleted it earlier.'); document.location.href=('msg.php?act=read&msg_id=" . $_GET['msg_id'] . "')</script>";
}
else
{
mysql_query("DELETE FROM tbl_msg WHERE msg_id = '" . $_GET['msg_id'] . "' AND msg_to = '" . $_SESSION['user_id'] . "'") or die(mysql_error());
echo "Message successfully deleted !";
echo "<br>\n<br>\n";
echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
}
if($_GET['act'] == "del_inbox")
{
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(empty($result))
{
echo "<script>alert('You have no messages in your inbox.'); document.location.href=('msg.php?act=inbox')</script>";
}
else
{
mysql_query("DELETE FROM tbl_msg WHERE msg_to = " . $_SESSION['user_id'] . "") or die(mysql_error());
echo "Inbox successfully cleared !";
echo "<br>\n<br>\n";
echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
}
}
else
{
echo "<script>alert('Undifined action.'); history.go(-1)</script>";
}
}
else
{
echo "<script>alert('You\'re not logged in.'); document.location.href=('index.php')</script>";
}
?>
############################################
# Filename : MSG.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
error_reporting(E_ALL);
session_start();
include("config.php");
include("functions.php");
if(isset($_POST['send_msg']))
{
if($_POST['user_id'] == $_SESSION['user_id'])
{
echo "<script>alert('You can\'t send messages to yourself.'); history.go(-1)</script>";
}
else
{
if(!isset($_COOKIE['antiflood']))
{
$inbox = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_POST['user_id'] . "'"),0);
if($inbox >= $cfg['max_msg'])
{
$send = 0;
}
else
{
$send = 1;
}
if(!empty($send))
{
if(!empty($_POST['title']) AND !empty($_POST['message']))
{
mysql_query("INSERT INTO tbl_msg VALUES ('','" . $_POST['title'] . "',NOW(),'" . $_POST['message'] . "','" . $_SESSION['user_id'] . "','" . $_POST['user_id'] . "','0','" . $_ENV['REMOTE_ADDR'] . "')") or die(mysql_error());
setcookie("antiflood",true,time()+$cfg['antiflood']);
echo "Message successfully sent !";
echo "<br>\n<br>\n";
echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
else
{
echo "<script>alert('Please fill in all fields.'); history.go(-1)</script>";
}
}
else
{
echo "<script>alert('We\'re sorry but the inbox of this user is full or the user disabled Private Messages.'); history.go(-1)</script>";
}
}
else
{
echo "Antiflood is still active, this means you can only send 1 message per <b style=\"color: #FF0000\">" . $cfg['antiflood'] . "</b> seconds.";
echo "<br>\n<br>\n";
echo "<a href=\"javascript:window.location.reload()\">Refresh Page</a>";
echo "<br>\n";
echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
echo "<br>\n";
echo "<a href=\"msg.php?act=new\">Write new message</a>";
}
}
}
echo "<script src=\"javascript.js\"></script>";
if(isset($_SESSION['user_id']))
{
if(isset($_GET['act']))
{
if($_GET['act'] == "inbox")
{
$total = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(!isset($_GET['page']) OR $_GET['page'] < 1)
{
$page = 0;
$prev = "[ Previous " . $cfg['per_pageinbox'];
}
else
{
$page = $_GET['page'];
}
$start = $page * $cfg['per_pageinbox'];
$pages = $total / $cfg['per_pageinbox'];
$pageplus = $page + 1;
$pagemin = $page - 1;
if(($page + 1) < $pages)
{
$next = "[ <a href=\"msg.php?act=inbox&page=" . $pageplus . "\">Next " . $cfg['per_pageinbox'] . "</a> ]";
}
if(($page - 1) < $pages AND $page)
{
$prev = "[ <a href=\"msg.php?act=inbox&page=" . $pagemin . "\">Previous " . $cfg['per_pageinbox'] . "</a> ]";
}
else
{
$prev = "[ Previous " . $cfg['per_pageinbox'] . " ]";
}
if($pageplus > $pages OR $pageplus == "$pages")
{
$next = "[ Next " . $cfg['per_pageinbox'] . " ]";
}
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(msg_time) AS msg_time FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "' ORDER BY msg_id DESC LIMIT $start," . $cfg['per_pageinbox'] . "");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(empty($result))
{
echo "No messages in your inbox";
echo "<br>\n";
}
else
{
echo "<center>" . $prev ." ". $next . "</center>";
?>
<table style="border-collapse: collapse" cellpadding="2" cellspacing="0" width="100%" border="1" bordercolor="#000000">
<tr>
<td width="40%"><b>Title</b></td>
<td width="25%"><b>From</b></td>
<td width="30%"><b>Date</b></td>
<td width="5%" align="center"><b>Read</b></td>
</tr>
<?
while($row = mysql_fetch_assoc($query))
{
$from_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['msg_from'] . "'");
while($from = mysql_fetch_assoc($from_select))
{
$from_name = $from['user_name'];
}
$to_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['msg_to'] . "'");
while($date = mysql_fetch_assoc($to_select))
{
$date_format = $date['user_dateformat'];
}
?>
<tr>
<td width="40%">
<?
echo " <a href=\"msg.php?act=read&msg_id=" . $row['msg_id'] . "\">" . htmlspecialchars($row['msg_title']) . "</a>";
?>
</td>
<td width="25%">
<?
if(empty($row['msg_from']))
{
echo "Administrator";
}
else
{
echo "<a href=\"profile.php?act=view&user_id=". $row['msg_from'] ."\">" . htmlspecialchars($from_name) . "</a>";
}
?>
</td>
<td width="30%">
<?
echo date("$date_format", $row['msg_time']);
?>
</td>
<td width="5%" align="center">
<?
if(!empty($row['msg_read']))
{
echo " <font color=\"#008000\">Yes</font>";
}
else
{
echo " <font color=\"#FF0000\">No</font>";
}
?>
</td>
</tr>
<?
}
echo "</table>";
echo "<center>" . $prev ." ". $next . "</center>";
}
echo "<br>\n";
echo "<a href=\"msg.php?act=new\">New Message</a>";
if(!empty($result))
{
echo "<br>\n";
echo "<a href=\"javascript:clr_inbox()\">Clear Inbox</a>";
}
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
if($_GET['act'] == "new" AND !isset($_POST['send_msg']))
{
if(isset($_GET['user_id']))
{
if($_GET['user_id'] == $_SESSION['user_id'] OR isset($_GET['quote']) == $_SESSION['user_id'])
{
echo "<script>alert('You can\'t reply to this message'); history.go(-1)</script>";
}
$enabled_pm = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_pm = 1 AND user_id = '" . $_GET['user_id'] . "'"),0);
$inbox = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_GET['user_id'] . "'"),0);
if($inbox >= $cfg['max_msg'] OR empty($enabled_pm))
{
$send = 0;
}
else
{
$send = 1;
}
}
else
{
$send = 1;
}
if(!empty($send))
{
$query = mysql_query("SELECT * FROM tbl_users WHERE user_pm = 1 ORDER BY user_name ASC");
?>
<form method="POST" name="form">
<input type="hidden" value="1" name="send_msg">
<b>To : </b><br><select name="user_id">
<?
while($row = mysql_fetch_assoc($query))
{
if(isset($_GET['user_id']) OR isset($_GET['quote']))
{
if($row['user_id'] == $_GET['user_id'])
{
$selected = " selected";
}
else
{
$selected = "";
}
if(isset($_GET['user_id']))
{
$title = mysql_query("SELECT * FROM tbl_msg WHERE msg_id = " . $_GET['msg_id'] . "");
}
if(isset($_GET['quote']))
{
$title = mysql_query("SELECT * FROM tbl_msg WHERE msg_id = " . $_GET['quote'] . "");
}
while($msg = mysql_fetch_assoc($title))
{
$msg_title = str_replace("Re: ","", $msg['msg_title']);
$msg_title = "Re: " . htmlspecialchars($msg_title);
}
}
$user_select = mysql_query("SELECT * FROM tbl_users");
while($user = mysql_fetch_assoc($user_select))
{
$user_name = $row['user_name'];
}
echo "<option value=\"" . $row['user_id'] . "\"" . $selected . ">" . $user_name . "</option>";
}
echo "</select>";
echo "<br>\n";
?>
<b>Title :</b><br> <input type="text" name="title" value="<? if(isset($msg_title)){ echo $msg_title; } ?>" size="45" maxlength="50"><br>
<b>Message :</b><br>
<?
echo echo_ubb();
?>
<textarea name="message" cols="40" rows="10"><?
if(isset($_GET['quote']))
{
$select_quote = mysql_query("SELECT * FROM tbl_msg WHERE msg_id = '" . $_GET['quote'] . "'");
while($quote = mysql_fetch_assoc($select_quote))
{
$quote_userid = $quote['msg_from'];
$quote_message = $quote['msg_message'];
}
$select_user = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $quote_userid . "'");
while($user = mysql_fetch_assoc($select_user))
{
$quote_username = $user['user_name'];
}
echo "[quote=" . $quote_username . "]" . $quote_message . "[/quote]";
}
?></textarea><br>
<?
echo_smiles();
echo "<br>\n";
?>
<input type="submit" value="Send">
<input type="reset" value="Reset">
<?
}
else
{
echo "<script>alert('Inbox of this user is full or user disabled Private Messages.'); history.go(-1)</script>";
}
}
if($_GET['act'] == "read" AND isset($_GET['msg_id']))
{
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(msg_time) AS msg_time FROM tbl_msg WHERE msg_id = '" . $_GET['msg_id'] . "' AND msg_to = '" . $_SESSION['user_id'] . "'");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_id = '" . $_GET['msg_id'] . "' AND msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(empty($result))
{
echo "<script>alert('Message with this ID doesn\'t exist.'); document.location.href=('msg.php?act=inbox')</script>";
}
else
{
while($row = mysql_fetch_assoc($query))
{
if(empty($row['msg_read']))
{
mysql_query("UPDATE tbl_msg SET msg_read = 1 WHERE msg_id = '" . $_GET['msg_id'] . "'") or die(mysql_error());
}
echo "<b>Title : </b>". htmlspecialchars($row['msg_title']);
echo "<br>\n";
$from_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['msg_from'] . "'");
while($from = mysql_fetch_assoc($from_select))
{
$from_user = $from['user_name'];
}
$to_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['msg_to'] . "'");
while($date = mysql_fetch_assoc($to_select))
{
$date_format = $date['user_dateformat'];
}
echo "<b>From : </b>";
if(empty($row['msg_from']))
{
echo "Administrator";
}
else
{
echo "<a href=\"profile.php?act=view&user_id=". $row['msg_from'] ."\">" . htmlspecialchars($from_name) . "</a>";
}
echo "<br>\n";
$row['msg_time'] = date("$date_format", $row['msg_time']);
echo "<b>Time : </b>". htmlspecialchars($row['msg_time']);
echo "<br>\n";
echo "<b>Message: </b>";
echo "<hr>\n";
$row['msg_message'] = nl2br(htmlspecialchars($row['msg_message']));
if(!empty($cfg['smiles']))
{
$smile_select = mysql_query("SELECT * FROM tbl_smiles ORDER BY smile_id ASC");
while($smile = mysql_fetch_assoc($smile_select))
{
$smile['smile_tag'] = str_replace(">",">", $smile['smile_tag']);
$smile['smile_tag'] = str_replace("<","<", $smile['smile_tag']);
$row['msg_message'] = str_replace("$smile[smile_tag]","<img src=\"smiles/" . $smile['smile_file'] . "\">", $row['msg_message']);
}
}
$quote_tags = substr_count($row['msg_message'], '[/quote]');
for($i = 0; $i <= $quote_tags; $i++)
{
$row['msg_message'] = preg_replace('/\[quote=(.*?)\](.*?)\[\/quote\]/si', "<br><blockquote>\\1 Schreef:<br><table border=\"1\" style=\"border-collapse: collapse\" bordercolor=\"#000000\" width=\"80%\" cellpadding=\"2\"><tr><td> \\2 </td></tr></table></blockquote>", $row['msg_message']);
}
$row['msg_message'] = preg_replace("/\[b\](.*?)\[\/b\]/si", "<b>\\1</b>",$row['msg_message']);
$row['msg_message'] = preg_replace("/\[u\](.*?)\[\/u\]/si", "<u>\\1</u>",$row['msg_message']);
$row['msg_message'] = preg_replace("/\[i\](.*?)\[\/i\]/si", "<i>\\1</i>",$row['msg_message']);
$row['msg_message'] = preg_replace("/\[img\](.*?)\[\/img\]/si", "<img src=\"\\1\">",$row['msg_message']);
$row['msg_message'] = ereg_replace("([ ]{2})","\\1 ",$row['msg_message']);
$row['msg_message'] = eregi_replace("(^|[>[:space:]\n])([[:alnum:]]+)://([^[:space:]]*)([[:alnum:]#?/&=])([<[:space:]\n]|$)","\\1<a href=\"\\2://\\3\\4\" target=\"_blank\">\\2://\\3\\4</a>\\5", $row['msg_message']);
$row['msg_message'] = wordwrap($row['msg_message'], 100,"\t", 1);
echo $row['msg_message'];
$msg_from = $row['msg_from'];
$msg_id = $row['msg_id'];
}
echo "<hr>\n";
echo "<a href=\"javascript:del_msg('" . $_GET['msg_id'] . "')\">Delete message</a>";
echo "<br>\n";
echo "<a href=\"msg.php?act=new&user_id=" . $msg_from . "&msg_id=" . $msg_id . "\">Reply</a>";
echo "<br>\n";
echo "<a href=\"msg.php?act=new&user_id=" . $msg_from . ""e=" . $msg_id . "\">Quote</a>";
echo "<br>\n";
echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
}
if($_GET['act'] == "delmsg" AND isset($_GET['msg_id']))
{
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_id = '" . $_GET['msg_id'] . "' AND msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(empty($result))
{
echo "<script>alert('Message with this ID doesn\'t exist, you might have deleted it earlier.'); document.location.href=('msg.php?act=read&msg_id=" . $_GET['msg_id'] . "')</script>";
}
else
{
mysql_query("DELETE FROM tbl_msg WHERE msg_id = '" . $_GET['msg_id'] . "' AND msg_to = '" . $_SESSION['user_id'] . "'") or die(mysql_error());
echo "Message successfully deleted !";
echo "<br>\n<br>\n";
echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
}
if($_GET['act'] == "del_inbox")
{
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(empty($result))
{
echo "<script>alert('You have no messages in your inbox.'); document.location.href=('msg.php?act=inbox')</script>";
}
else
{
mysql_query("DELETE FROM tbl_msg WHERE msg_to = " . $_SESSION['user_id'] . "") or die(mysql_error());
echo "Inbox successfully cleared !";
echo "<br>\n<br>\n";
echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
}
}
else
{
echo "<script>alert('Undifined action.'); history.go(-1)</script>";
}
}
else
{
echo "<script>alert('You\'re not logged in.'); document.location.href=('index.php')</script>";
}
?>
-----------------------------------------------
PROFILE.PHP
-----------------------------------------------
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
<?
############################################
# Filename : PROFILE.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
error_reporting(E_ALL);
session_start();
include("config.php");
if(isset($_GET['act']))
{
if($_GET['act'] == "view")
{
if(isset($_GET['user_id']))
{
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users WHERE user_id = '" . $_GET['user_id'] . "'");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_id = '" . $_GET['user_id'] . "'"),0);
if(empty($result))
{
echo "<script>alert('User with this ID doesn\'t exist.'); history.go(-1);</script>";
}
else
{
while($row = mysql_fetch_assoc($query))
{
$public_profile = $row['user_public'];
if(empty($public_profile))
{
if(isset($_SESSION['user_id']))
{
$show_profile = 1;
}
else
{
$show_profile = 0;
}
}
else
{
$show_profile = 1;
}
if(!empty($show_profile))
{
echo "<b>Username : </b>" . htmlspecialchars($row['user_name']) . "<br>\n";
if($row['user_showmail'])
{
echo "<b>Email : </b><a href=\"mailto:" . htmlspecialchars($row['user_email']) . "\">" . htmlspecialchars($row['user_email']) . "</a><br>\n";
}
if(!empty($row['user_url']))
{
$split_url = substr($row['user_url'],0,7);
if($split_url != "http://")
{
$url = "http://" . $row['user_url'];
}
else
{
$url = $row['user_url'];
}
echo "<b>Website : </b><a href=\"" . htmlspecialchars($url) . "\" target=\"_blank\">" . htmlspecialchars($row['user_url']) . "</a><br>\n";
}
$date_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['user_id'] . "'");
while($date = mysql_fetch_assoc($date_select))
{
$date_format = $date['user_dateformat'];
}
$row['user_regdate'] = date("$date_format", $row['user_regdate']);
echo "<b>Registered : </b>" . $row['user_regdate'] . "<br>\n";
if($row['user_pm'])
{
$user_pm = "Yes";
}
else
{
$user_pm = "No";
}
echo "<b>Enabled PM : </b>" . $user_pm . "<br>\n";
$user_inbox = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = " . $_GET['user_id'] . ""),0);
if(isset($row['user_pm']) AND !empty($row['user_pm']))
{
echo "<b>Inbox : </b>";
if($user_inbox >= $cfg['max_msg'])
{
$user_inbox = "<font color=\"red\">" . $user_inbox;
$cfg['max_msg'] = $cfg['max_msg'] . "</font>";
}
else
{
$user_inbox = "$user_inbox";
}
echo $user_inbox . " / " . $cfg['max_msg'];
echo "<br>\n";
}
if($row['user_pm'] AND isset($_SESSION['user_id']) AND $user_inbox <= $cfg['max_msg'])
{
if($_GET['user_id'] != $_SESSION['user_id'])
{
echo "<br>\n";
echo "<a href=\"msg.php?act=new&user_id=" . $_GET['user_id'] . "\">Send this user a Private Message</a>";
}
}
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
else
{
echo "<script>alert('Only registered users can see this profile.'); history.go(-1);</script>";
}
}
}
}
else
{
echo "<script>alert('User with this ID doesn\'t exist.'); history.go(-1);</script>";
}
}
if($_GET['act'] = "edit_profile" AND !isset($_GET['user_id']) AND !isset($_POST['change_profile']))
{
if(isset($_SESSION['user_id']))
{
$query = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $_SESSION['user_id'] . "'");
while($row = mysql_fetch_assoc($query))
{
?>
<form method="POST">
<input type="hidden" value="1" name="change_profile">
<b>Username :</b><br>
<input type="text" name="user" value="<? echo htmlspecialchars($row['user_name']) ?>"><br>
<b>Email :</b><br>
<input type="text" name="email" value="<? echo htmlspecialchars($row['user_email']) ?>"><br>
<b>Website :</b><br>
<input type="text" name="url" value="<? echo htmlspecialchars($row['user_url']) ?>"><br>
<b>Show Email :</b><br>
<select name="showmail">
<?
if(!empty($row['user_showmail']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Public Profile :</b><br>
<select name="public">
<?
if(!empty($row['user_public']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Date Format :</b><br>
<input type="text" name="date" value="<? echo htmlspecialchars($row['user_dateformat']) ?>">
<a href="http://www.php.net/date" target="_blank">More info</a><br>
<b>Enable PM :</b><br>
<select name="pm">
<?
if(!empty($row['user_pm']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select> If "No" all messages will be deleted<br><br>
<i>Change Password</i><br>
<b>Password :</b><br>
<input type="password" name="pass"><br>
<b>Password [Confirm] :</b><br>
<input type="password" name="pass2"><br><br>
<input type="submit" value="Save">
<input type="reset" value="Reset"><br><br>
<?
}
}
else
{
echo "<script>alert('You\'re not logged in.'); document.location.href=('index.php')</script>";
}
}
if(isset($_POST['change_profile']))
{
$name_exists = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_name = '" . $_POST['user'] . "' AND user_id <> " . $_SESSION['user_id'] . ""),0);
if(empty($name_exists))
{
if(preg_match("/^([a-z0-9_\-]+\.)*?[a-z0-9_\-]+@([a-z0-9\-_]{2,})\.[a-z0-9\-_]*(\.[a-z0-9\-_]{2,})*$/i",$_POST['email']))
{
if(!empty($_POST['pass']) OR !empty($_POST['pass2']))
{
if($_POST['pass'] != $_POST['pass2'])
{
echo "<script>alert('Passwords are not the same.'); history.go(-1)</script>";
}
else
{
mysql_query("UPDATE tbl_users SET user_name = '" . $_POST['user'] . "', user_email = '" . $_POST['email'] . "', user_url = '" . $_POST['url'] . "', user_dateformat = '" . $_POST['date'] . "', user_showmail = '" . $_POST['showmail'] . "', user_public = '" . $_POST['public'] . "', user_pass = '" . md5($_POST['pass']) . "', user_pm = '" . $_POST['pm'] . "' WHERE user_id = '" . $_SESSION['user_id'] . "'") or die(mysql_error());
echo "Information + Password successfully updated !";
echo "<br>\n<br>\n";
echo "<a href=\"profile.php?act=view&user_id=" . $_SESSION['user_id'] . "\">My Profile</a>";
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
}
else
{
mysql_query("UPDATE tbl_users SET user_name = '" . $_POST['user'] . "', user_email = '" . $_POST['email'] . "', user_url = '" . $_POST['url'] . "', user_dateformat = '" . $_POST['date'] . "', user_showmail = '" . $_POST['showmail'] . "', user_public = '" . $_POST['public'] . "', user_pm = '" . $_POST['pm'] . "' WHERE user_id = '" . $_SESSION['user_id'] . "'") or die(mysql_error());
echo "Information successfully updated !";
echo "<br>\n<br>\n";
echo "<a href=\"profile.php?act=view&user_id=" . $_SESSION['user_id'] . "\">My Profile</a>";
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
if(empty($_POST['pm']))
{
$result= mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'");
if(!empty($result))
{
mysql_query("DELETE FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'") or die(mysql_error());
}
}
}
else
{
echo "<script>alert('Email address incorrect.'); history.go(-1)</script>";
}
}
else
{
echo "<script>alert('Username already in use.'); history.go(-1)</script>";
}
}
}
else
{
echo "<script>alert('No ID Validated'); history.go(-1);</script>";
}
?>
############################################
# Filename : PROFILE.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
error_reporting(E_ALL);
session_start();
include("config.php");
if(isset($_GET['act']))
{
if($_GET['act'] == "view")
{
if(isset($_GET['user_id']))
{
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users WHERE user_id = '" . $_GET['user_id'] . "'");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_id = '" . $_GET['user_id'] . "'"),0);
if(empty($result))
{
echo "<script>alert('User with this ID doesn\'t exist.'); history.go(-1);</script>";
}
else
{
while($row = mysql_fetch_assoc($query))
{
$public_profile = $row['user_public'];
if(empty($public_profile))
{
if(isset($_SESSION['user_id']))
{
$show_profile = 1;
}
else
{
$show_profile = 0;
}
}
else
{
$show_profile = 1;
}
if(!empty($show_profile))
{
echo "<b>Username : </b>" . htmlspecialchars($row['user_name']) . "<br>\n";
if($row['user_showmail'])
{
echo "<b>Email : </b><a href=\"mailto:" . htmlspecialchars($row['user_email']) . "\">" . htmlspecialchars($row['user_email']) . "</a><br>\n";
}
if(!empty($row['user_url']))
{
$split_url = substr($row['user_url'],0,7);
if($split_url != "http://")
{
$url = "http://" . $row['user_url'];
}
else
{
$url = $row['user_url'];
}
echo "<b>Website : </b><a href=\"" . htmlspecialchars($url) . "\" target=\"_blank\">" . htmlspecialchars($row['user_url']) . "</a><br>\n";
}
$date_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['user_id'] . "'");
while($date = mysql_fetch_assoc($date_select))
{
$date_format = $date['user_dateformat'];
}
$row['user_regdate'] = date("$date_format", $row['user_regdate']);
echo "<b>Registered : </b>" . $row['user_regdate'] . "<br>\n";
if($row['user_pm'])
{
$user_pm = "Yes";
}
else
{
$user_pm = "No";
}
echo "<b>Enabled PM : </b>" . $user_pm . "<br>\n";
$user_inbox = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = " . $_GET['user_id'] . ""),0);
if(isset($row['user_pm']) AND !empty($row['user_pm']))
{
echo "<b>Inbox : </b>";
if($user_inbox >= $cfg['max_msg'])
{
$user_inbox = "<font color=\"red\">" . $user_inbox;
$cfg['max_msg'] = $cfg['max_msg'] . "</font>";
}
else
{
$user_inbox = "$user_inbox";
}
echo $user_inbox . " / " . $cfg['max_msg'];
echo "<br>\n";
}
if($row['user_pm'] AND isset($_SESSION['user_id']) AND $user_inbox <= $cfg['max_msg'])
{
if($_GET['user_id'] != $_SESSION['user_id'])
{
echo "<br>\n";
echo "<a href=\"msg.php?act=new&user_id=" . $_GET['user_id'] . "\">Send this user a Private Message</a>";
}
}
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
else
{
echo "<script>alert('Only registered users can see this profile.'); history.go(-1);</script>";
}
}
}
}
else
{
echo "<script>alert('User with this ID doesn\'t exist.'); history.go(-1);</script>";
}
}
if($_GET['act'] = "edit_profile" AND !isset($_GET['user_id']) AND !isset($_POST['change_profile']))
{
if(isset($_SESSION['user_id']))
{
$query = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $_SESSION['user_id'] . "'");
while($row = mysql_fetch_assoc($query))
{
?>
<form method="POST">
<input type="hidden" value="1" name="change_profile">
<b>Username :</b><br>
<input type="text" name="user" value="<? echo htmlspecialchars($row['user_name']) ?>"><br>
<b>Email :</b><br>
<input type="text" name="email" value="<? echo htmlspecialchars($row['user_email']) ?>"><br>
<b>Website :</b><br>
<input type="text" name="url" value="<? echo htmlspecialchars($row['user_url']) ?>"><br>
<b>Show Email :</b><br>
<select name="showmail">
<?
if(!empty($row['user_showmail']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Public Profile :</b><br>
<select name="public">
<?
if(!empty($row['user_public']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Date Format :</b><br>
<input type="text" name="date" value="<? echo htmlspecialchars($row['user_dateformat']) ?>">
<a href="http://www.php.net/date" target="_blank">More info</a><br>
<b>Enable PM :</b><br>
<select name="pm">
<?
if(!empty($row['user_pm']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select> If "No" all messages will be deleted<br><br>
<i>Change Password</i><br>
<b>Password :</b><br>
<input type="password" name="pass"><br>
<b>Password [Confirm] :</b><br>
<input type="password" name="pass2"><br><br>
<input type="submit" value="Save">
<input type="reset" value="Reset"><br><br>
<?
}
}
else
{
echo "<script>alert('You\'re not logged in.'); document.location.href=('index.php')</script>";
}
}
if(isset($_POST['change_profile']))
{
$name_exists = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_name = '" . $_POST['user'] . "' AND user_id <> " . $_SESSION['user_id'] . ""),0);
if(empty($name_exists))
{
if(preg_match("/^([a-z0-9_\-]+\.)*?[a-z0-9_\-]+@([a-z0-9\-_]{2,})\.[a-z0-9\-_]*(\.[a-z0-9\-_]{2,})*$/i",$_POST['email']))
{
if(!empty($_POST['pass']) OR !empty($_POST['pass2']))
{
if($_POST['pass'] != $_POST['pass2'])
{
echo "<script>alert('Passwords are not the same.'); history.go(-1)</script>";
}
else
{
mysql_query("UPDATE tbl_users SET user_name = '" . $_POST['user'] . "', user_email = '" . $_POST['email'] . "', user_url = '" . $_POST['url'] . "', user_dateformat = '" . $_POST['date'] . "', user_showmail = '" . $_POST['showmail'] . "', user_public = '" . $_POST['public'] . "', user_pass = '" . md5($_POST['pass']) . "', user_pm = '" . $_POST['pm'] . "' WHERE user_id = '" . $_SESSION['user_id'] . "'") or die(mysql_error());
echo "Information + Password successfully updated !";
echo "<br>\n<br>\n";
echo "<a href=\"profile.php?act=view&user_id=" . $_SESSION['user_id'] . "\">My Profile</a>";
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
}
else
{
mysql_query("UPDATE tbl_users SET user_name = '" . $_POST['user'] . "', user_email = '" . $_POST['email'] . "', user_url = '" . $_POST['url'] . "', user_dateformat = '" . $_POST['date'] . "', user_showmail = '" . $_POST['showmail'] . "', user_public = '" . $_POST['public'] . "', user_pm = '" . $_POST['pm'] . "' WHERE user_id = '" . $_SESSION['user_id'] . "'") or die(mysql_error());
echo "Information successfully updated !";
echo "<br>\n<br>\n";
echo "<a href=\"profile.php?act=view&user_id=" . $_SESSION['user_id'] . "\">My Profile</a>";
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
if(empty($_POST['pm']))
{
$result= mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'");
if(!empty($result))
{
mysql_query("DELETE FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'") or die(mysql_error());
}
}
}
else
{
echo "<script>alert('Email address incorrect.'); history.go(-1)</script>";
}
}
else
{
echo "<script>alert('Username already in use.'); history.go(-1)</script>";
}
}
}
else
{
echo "<script>alert('No ID Validated'); history.go(-1);</script>";
}
?>
-----------------------------------------------
REGISTER.PHP
-----------------------------------------------
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<?
############################################
# Filename : REGISTER.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
error_reporting(E_ALL);
include("config.php");
if(!empty($cfg['register']))
{
if(!isset($_POST['reg_user']))
{
?>
<form method="POST">
<input type="hidden" value="1" name="reg_user">
<b>Username :</b><br>
<input type="text" name="user" maxlength="30"><br>
<b>Email :</b><br>
<input type="text" name="email" maxlength="125"><br>
<b>Password :</b><br>
<input type="password" name="pass" maxlength="12"> (At least 5 chars)<br>
<b>Password [Confirm] :</b><br>
<input type="password" name="pass2" maxlength="12"> (At least 5 chars)<br><br>
<input type="Submit" value="Register"><br><br>
<?
}
else
{
if(!empty($_POST['user']) AND !empty($_POST['email']) AND !empty($_POST['pass']) AND !empty($_POST['pass2']))
{
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_name = '" . $_POST['user'] . "'"),0);
if(!empty($result))
{
echo "<script>alert('Username already in use'); history.go(-1)</script>";
}
else
{
if(preg_match("/^([a-z0-9_\-]+\.)*?[a-z0-9_\-]+@([a-z0-9\-_]{2,})\.[a-z0-9\-_]*(\.[a-z0-9\-_]{2,})*$/i",$_POST['email']))
{
if(strlen($_POST['pass']) <= 4)
{
echo "<script>alert('Password too short.'); history.go(-1)</script>";
}
else
{
if($_POST['pass'] != $_POST['pass2'])
{
echo "<script>alert('Passwords are not the same.'); history.go(-1)</script>";
}
else
{
mysql_query("INSERT INTO tbl_users VALUES ('','" . $_POST['user'] . "','" . $_POST['email'] . "',NULL,'" . md5($_POST['pass']) . "',NOW(),'d-m-Y H:i:s',1,1,1,NULL,NULL,NULL,'" . $_ENV['REMOTE_ADDR'] . "')") or die(mysql_error());
echo "Successfully registered, you can now log in";
echo "<br><br><a href=\"index.php\">Log in</a>";
}
}
}
else
{
echo "<script>alert('Email address incorrect.'); history.go(-1)</script>";
}
}
}
else
{
echo "<script>alert('Please fill in all fields.'); history.go(-1)</script>";
}
}
}
else
{
echo "<script>alert('Registering of new user has been disabled by the site admin.'); history.go(-1)</script>";
}
?>
############################################
# Filename : REGISTER.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
error_reporting(E_ALL);
include("config.php");
if(!empty($cfg['register']))
{
if(!isset($_POST['reg_user']))
{
?>
<form method="POST">
<input type="hidden" value="1" name="reg_user">
<b>Username :</b><br>
<input type="text" name="user" maxlength="30"><br>
<b>Email :</b><br>
<input type="text" name="email" maxlength="125"><br>
<b>Password :</b><br>
<input type="password" name="pass" maxlength="12"> (At least 5 chars)<br>
<b>Password [Confirm] :</b><br>
<input type="password" name="pass2" maxlength="12"> (At least 5 chars)<br><br>
<input type="Submit" value="Register"><br><br>
<?
}
else
{
if(!empty($_POST['user']) AND !empty($_POST['email']) AND !empty($_POST['pass']) AND !empty($_POST['pass2']))
{
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_name = '" . $_POST['user'] . "'"),0);
if(!empty($result))
{
echo "<script>alert('Username already in use'); history.go(-1)</script>";
}
else
{
if(preg_match("/^([a-z0-9_\-]+\.)*?[a-z0-9_\-]+@([a-z0-9\-_]{2,})\.[a-z0-9\-_]*(\.[a-z0-9\-_]{2,})*$/i",$_POST['email']))
{
if(strlen($_POST['pass']) <= 4)
{
echo "<script>alert('Password too short.'); history.go(-1)</script>";
}
else
{
if($_POST['pass'] != $_POST['pass2'])
{
echo "<script>alert('Passwords are not the same.'); history.go(-1)</script>";
}
else
{
mysql_query("INSERT INTO tbl_users VALUES ('','" . $_POST['user'] . "','" . $_POST['email'] . "',NULL,'" . md5($_POST['pass']) . "',NOW(),'d-m-Y H:i:s',1,1,1,NULL,NULL,NULL,'" . $_ENV['REMOTE_ADDR'] . "')") or die(mysql_error());
echo "Successfully registered, you can now log in";
echo "<br><br><a href=\"index.php\">Log in</a>";
}
}
}
else
{
echo "<script>alert('Email address incorrect.'); history.go(-1)</script>";
}
}
}
else
{
echo "<script>alert('Please fill in all fields.'); history.go(-1)</script>";
}
}
}
else
{
echo "<script>alert('Registering of new user has been disabled by the site admin.'); history.go(-1)</script>";
}
?>
-----------------------------------------------
TABLES.SQL
-----------------------------------------------
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
CREATE TABLE tbl_config (
cfg_antiflood int(10) unsigned default '0',
cfg_maxmsg int(5) unsigned default '0',
cfg_register int(1) unsigned default '0',
cfg_smiles int(1) unsigned default '0',
cfg_ubbcode int(1) unsigned default '0',
cfg_perpage int(5) unsigned default '0',
cfg_perpageinbox int(5) unsigned default '0',
cfg_admindate char(25) default '0',
cfg_adminuser char(15) default '0',
cfg_adminpass char(32) default '0'
) TYPE=MyISAM;
INSERT INTO tbl_config VALUES("60", "50", "1", "1", "1", "25", "25", "D d F g:i A", "admin", "1234");
CREATE TABLE tbl_msg (
msg_id int(10) unsigned NOT NULL auto_increment,
msg_title varchar(50) default '0',
msg_time datetime default NULL
cfg_antiflood int(10) unsigned default '0',
cfg_maxmsg int(5) unsigned default '0',
cfg_register int(1) unsigned default '0',
cfg_smiles int(1) unsigned default '0',
cfg_ubbcode int(1) unsigned default '0',
cfg_perpage int(5) unsigned default '0',
cfg_perpageinbox int(5) unsigned default '0',
cfg_admindate char(25) default '0',
cfg_adminuser char(15) default '0',
cfg_adminpass char(32) default '0'
) TYPE=MyISAM;
INSERT INTO tbl_config VALUES("60", "50", "1", "1", "1", "25", "25", "D d F g:i A", "admin", "1234");
CREATE TABLE tbl_msg (
msg_id int(10) unsigned NOT NULL auto_increment,
msg_title varchar(50) default '0',
msg_time datetime default NULL