Scripts
SNP Login Script Beta 1.3
Uitleg: -------- Dit is een login systeem met prive berichten, members kunnen zich aanmelden en de optie Prive Berichten uitschakelen als zij geen berichten willen ontvangen EN versturen, het script maakt gebruik van sessions Installatie: -------- Upload alle bestanden naar je host behalve de text bestanden en TABLES.SQL. In TABLES.SQL staan de tabellen die je in je PhpMyAdmin op je host moet aanmaken... er staat alvast een test account in met de volgende gegevens : Username : test Password : testpass Vragen ?: -------- Als je vragen hebt kan je ze hier posten of op ons forum ( www.scripters.nl/forum ) Download : -------- http://members.lycos.nl/xdragoon/snp_loginscript_b13.zip Demo : -------- werkt niet meer! Je kan je hier ook gewoon aanmelden ! CHANGELOG -------- Version : Beta 1.1 Date : February 7th 2004 Changes : - Fixed some bugs in msg.php with sending messages - Made admin page - Implanted page-navigation script - Addes some extra tables - Antiflood NOT YET fixed, next version - And some other options i forgot :P ----------------------------------- Version : Beta 1.2 Date : February 9th 2004 Changes : - Updated memberlist - If your logged in to admin, a link will be visible on index.php - Added link from admin to index page - If you click on reply you'll get an automatic title "Re: ....." - If you're logged in as admin you can see all info about a user on his profile - If users dont want to show their email address it will be empty on memberlist - Hide email can be edited on 'Change Profile' page - If user hasn't filled in a website, it'll be gone on the profile page - If username already exists you can't change your name to that name on 'Change Profile' page - Smiles won't be shown below message entry box if they're disabled now - Maxlength's on field set - Added UBB Codes in messages, which can be disabled in admin - Added QUOTE-Function - Added 3 functions to admin: - Optimize & Repaire Database - Delete all members - Delete all messages - Added checkbox to admin user-edit to delete user-accounts - Antiflood will come with the next version !!! --------- Version : Beta 1.3 Date : February 12th 2004 Changes : - Added option to make profile PUBLIC on 'Change Profile' page - From now on you can't send yourself messages anymore - When u try to send yourself you get a message 'You can't send messages to yourself.' - Blocked HTML-Tags in msg.php on "From"- part (forgot that earlier) - NON-Pubilc profiles won't be shown to unregistered members now - Added QUOTE-Button on msg.php - Added new Private Message option : , also made an IMG-Button on msg.php for it - Added ANTI-FLOOD option :D - Added Mass-PM function on Admin Page to send all members a PM at the same time - Added function to edit / delete / add smiles - Displaying of UBB and SMILES are now in FUNCTIONS.PHP - Added UN-Install function - Added new function to admin 'Newest Members' which displays the last 10 registered members Veel plezier ermee !
snp-login-script-beta-13
ADMIN.PHP
-----------------------------------------------
[code]
<?
############################################
# Filename : ADMIN.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
error_reporting(E_ALL);
session_start();
include("config.php");
include("functions.php");
if(!isset($_SESSION['admin_login']))
{
if(isset($_POST['login']))
{
if($_POST['username'] == $cfg['admin_user'] AND $_POST['password'] == $cfg['admin_pass'])
{
header("Location: admin.php");
$_SESSION['admin_login'] = 1;
}
else
{
echo "<script>alert('Login Incorrect.'); document.location.href=('admin.php')</script>";
}
}
else
{
?>
<form method="POST">
<input type="hidden" value="1" name="login">
Username : <input type="text" name="username"><br>
Password : <input type="password" name="password"><br><br>
<input type="Submit" value="Login"><br><br>
<?
}
}
else
{
echo "<script src=\"javascript.js\"></script>";
if(!isset($_GET['act']))
{
?>
<b>Options</b><br>
<a href="admin.php?act=config">Configuration</a><br>
<a href="admin.php?act=mass_pm">Mass PM</a><br>
<a href="admin.php?act=smiles">Smiles</a><br>
<br>
<b>Maintenance</b><br>
<a href="admin.php?act=repair">Repair & Optimize Database</a><br>
<a href="javascript:delete_members()">Delete all members</a><br>
<a href="javascript:delete_messages()">Delete all messages</a><br>
<a href="javascript:uninstall()">UN-Install</a><br>
<br>
<b>Others</b><br>
<a href="index.php">Index Page</a><br>
<a href="admin.php?act=newest_members">Last 10 Registered</a><br>
<a href="admin.php?act=member_list">Memberlist</a><br>
<a href="logoff.php">Log Off</a>
<?
}
else
{
if($_GET['act'] == "member_list")
{
if(isset($_GET['order_by']))
{
if($_GET['order_by'] == "user_name")
{
$order_by = "user_name";
}
elseif($_GET['order_by'] == "user_email")
{
$order_by = "user_email";
}
elseif($_GET['order_by'] == "user_url")
{
$order_by = "user_url";
}
elseif($_GET['order_by'] == "user_regdate")
{
$order_by = "user_regdate";
}
else
{
$order_by = "user_id";
}
}
else
{
$order_by = "user_id";
}
$total = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!isset($_GET['page']) OR $_GET['page'] < 1)
{
$page = 0;
$prev = "[ Previous " . $cfg['per_page'] . " ]";
}
else
{
$page = $_GET['page'];
}
$start = $page * $cfg['per_page'];
$pages = $total / $cfg['per_page'];
$pageplus = $page + 1;
$pagemin = $page - 1;
if(($page + 1) < $pages)
{
$next = "[ <a href=\"admin.php?act=member_list&order_by=" . $order_by . "&page=" . $pageplus . "\">Next " . $cfg['per_page'] . "</a> ]";
}
if(($page - 1) < $pages AND $page)
{
$prev = "[ <a href=\"admin.php?act=member_list&order_by=" . $order_by . "&page=" . $pagemin . "\">Previous " . $cfg['per_page'] . "</a> ]";
}
else
{
$prev = "[ Previous " . $cfg['per_page'] . " ]";
}
if($pageplus > $pages OR $pageplus == "$pages")
{
$next = "[ Next " . $cfg['per_page'] . " ]";
}
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users WHERE user_public = '1' ORDER BY " . $order_by . " ASC LIMIT $start," . $cfg['per_page'] . "");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!empty($result))
{
echo "<center>" . $prev ." [ <a href=\"index.php\">Main Page</a> ] ". $next . "<center>";
?>
<table style="border-collapse: collapse" cellpadding="2" cellspacing="0" width="100%" border="1" bordercolor="#000000">
<tr>
<td width="21%"><b><a href="admin.php?act=member_list&order_by=user_name&page=<? echo $_GET['page'] ?>">Username</a></b></td>
<td width="26%"><b><a href="admin.php?act=member_list&order_by=user_email&page=<? echo $_GET['page'] ?>">Email</b></td>
<td width="23%"><b><a href="admin.php?act=member_list&order_by=user_url&page=<? echo $_GET['page'] ?>">Website</b></td>
<td width="20%"><b><a href="admin.php?act=member_list&order_by=user_regdate&page=<? echo $_GET['page'] ?>">Registered</b></td>
<td width="10%" align="center"><b>Options</b></td>
</tr>
<?
while($row = mysql_fetch_assoc($query))
{
$format_date = date("$cfg[admin_date]", $row['user_regdate']);
?>
<tr>
<td width="21%"><a href="profile.php?act=view&user_id=<? echo $row['user_id'] ?>"><? echo htmlspecialchars($row['user_name']) ?></a></td>
<td width="26%"><a href="mailto:<? echo htmlspecialchars($row['user_email']) ?>"><? echo htmlspecialchars($row['user_email']) ?></a></td>
<?
$split_url = substr($row['user_url'],0,7);
if($split_url != "http://")
{
$url = "http://" . $row['user_url'];
}
else
{
$url = $row['user_url'];
}
?>
<td width="23%"><a href="<? echo $url ?>" target="_blank"><? echo $row['user_url'] ?></a></td>
<td width="20%"><? echo $format_date ?></td>
<td width="10%" align="center"><a href="admin.php?act=edit&user_id=<? echo $row['user_id'] ?>">Edit this user</a></td>
</tr>
<?
}
echo "</table>";
echo "<center>" . $prev ." [ <a href=\"index.php\">Main Page</a> ] ". $next . "<center>";
}
else
{
echo "<script>alert('No members yet.'); history.go(-1)</script>";
}
}
if($_GET['act'] == "config" AND !isset($_POST['update_config']))
{
$query = mysql_query("SELECT * FROM tbl_config");
while($row = mysql_fetch_assoc($query))
{
?>
<form method="POST">
<input type="hidden" value="1" name="update_config">
<b>Antiflood :</b><br>
<input type="text" name="antiflood" value="<? echo $row['cfg_antiflood'] ?>" size="5"><br>
<b>Max messages in inbox :</b><br>
<input type="text" name="maxmsg" value="<? echo $row['cfg_maxmsg'] ?>" size="5"><br>
<b>Enable Registrations :</b><br>
<select name="register">
<?
if(!empty($row['cfg_register']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Enable Smiles :</b><br>
<select name="smiles">
<?
if(!empty($row['cfg_smiles']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Enable UBB-Codes :</b><br>
<select name="ubb">
<?
if(!empty($cfg['ubb']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Member Per Page :</b><br>
<input type="text" name="perpage" value="<? echo $row['cfg_perpage'] ?>" size="5"><br>
<b>Messages Per Page :</b><br>
<input type="text" name="perpageinbox" value="<? echo $row['cfg_perpageinbox'] ?>" size="5"><br>
<b>Admin Dateformat :</b><br>
<input type="text" name="dateformat" value="<? echo $row['cfg_admindate'] ?>" size="10"><br><br>
<b>Admin Username :</b><br>
<input type="text" name="adminuser" value="<? echo $row['cfg_adminuser'] ?>" size="5"><br>
<b>Admin Password :</b><br>
<input type="text" name="adminpass" value="<? echo $row['cfg_adminpass'] ?>" size="5"><br>
<input type="submit" value="Save">
<input type="reset" value="Reset">
<?
}
}
if($_GET['act'] == "repair")
{
mysql_query("REPAIR TABLE tbl_config,tbl_msg,tbl_smiles,tbl_users") or die("<script>alert('Tables could not be repaired.')</script>");
mysql_query("OPTIMIZE TABLE tbl_config") or die("<script>alert('Tables could not be optimized.')</script>");
mysql_query("OPTIMIZE TABLE tbl_msg") or die("<script>alert('Tables could not be optimized.')</script>");
mysql_query("OPTIMIZE TABLE tbl_smiles") or die("<script>alert('Tables could not be optimized.')</script>");
mysql_query("OPTIMIZE TABLE tbl_users") or die("<script>alert('Tables could not be optimized.')</script>");
echo "<script>alert('Tables repaired & optimized.'); document.location.href=('admin.php')</script>";
}
if($_GET['act'] == "delete_members")
{
$users = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!empty($users))
{
mysql_query("DELETE FROM tbl_users") or die("<script>alert('Could not delete members.')</script>");
echo "<script>alert('All users have been deleted.'); document.location.href=('admin.php')</script>";
}
else
{
echo "<script>alert('No users found.'); document.location.href=('admin.php')</script>";
}
}
if($_GET['act'] == "delete_messages")
{
$messages = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg"),0);
if(!empty($messages))
{
mysql_query("DELETE FROM tbl_msg") or die("<script>alert('Could not delete message.')</script>");
echo "<script>alert('All messages have been deleted.'); document.location.href=('admin.php')</script>";
}
else
{
echo "<script>alert('No messages found.'); document.location.href=('admin.php')</script>";
}
}
if($_GET['act'] == "edit" AND !isset($_POST['update_user']))
{
if(isset($_GET['user_id']))
{
$user_exists = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_id = '" . $_GET['user_id'] . "'"),0);
if(!empty($_GET['user_id']) AND isset($_GET['user_id']) AND !empty($user_exists))
{
if(isset($_SESSION['admin_login']))
{
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users WHERE user_id = '" . $_GET['user_id'] . "'");
while($row = mysql_fetch_assoc($query))
{
?>
<form method="POST">
<input type="hidden" value="<? echo $_GET['user_id'] ?>" name="user_id">
<input type="hidden" value="1" name="update_user">
<b>Username :</b><br>
<input type="text" name="user" value="<? echo htmlspecialchars($row['user_name']) ?>"><br>
<b>Email :</b><br>
<input type="text" name="email" value="<? echo htmlspecialchars($row['user_email']) ?>"><br>
<b>Website :</b><br>
<input type="text" name="url" value="<? echo htmlspecialchars($row['user_url']) ?>"><br>
<b>Date Format :</b><br>
<input type="text" name="date" value="<? echo htmlspecialchars($row['user_dateformat']) ?>">
<a href="http://www.php.net/date" target="_blank">More info</a><br>
<b>User IP: </b><br>
<input type="text" value="<? echo $row['user_ip'] ?>" disabled><br>
<b>Registered: </b><br>
<input type="text" value="<? echo date("$cfg[admin_date]",$row['user_regdate']); ?>" size="25" disabled><br>
<b>Show Email :</b><br>
<select name="showmail">
<?
if(!empty($row['user_showmail']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Enabled PM :</b><br>
<select name="pm">
<?
if(!empty($row['user_pm']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select> If "No" all messages will be deleted<br>
<b>Public Profile :</b><br>
<select name="public">
<?
if(!empty($row['user_public']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Account Activated :</b><br>
<select name="activated">
<?
if($row['user_activated'] == "1")
{
$is_activated = " selected";
}
elseif(empty($row['user_activated']))
{
$not_activated = " selected";
}
else
{
$pending_activated = " selected";
}
?>
<option value="1"<? if(isset($is_activated)){ echo $is_activated; } ?>>Yes</option>
<option value="0"<? if(isset($not_activated)){ echo $not_activated; } ?>>No</option>
<option value="<? echo $row['user_activated'] ?>"<? if(isset($pending_activated)){ echo $pending_activated; } ?>>Pending</option>
</select> * Pending means that the user has to activate his account<br><br>
<b>Admin Comment :</b><br>
<textarea cols="25" rows="5" name="admcom"><? echo $row['user_admcom'] ?></textarea><br>
<b>Password :</b><br>
<input type="password" name="pass"><br><br>
<input type="checkbox" name="deluser" value="1"> Delete User<br><br>
<input type="submit" value="Save">
<input type="reset" value="Reset">
<?
}
}
else
{
echo "<script>alert('You\'re not logged in'.); document.location.href=('admin.php')</script>";
}
}
else
{
echo "<script>alert('User with this ID doesn\'t exist.'); history.go(-1);</script>";
}
}
else
{
echo "<script>alert('No ID defined.'); history.go(-1);</script>";
}
}
if($_GET['act'] == "mass_pm" AND !isset($_POST['send_masspm']))
{
?>
<form method="POST" name="form">
<input type="hidden" value="1" name="send_masspm">
<b>Title :</b><br>
<input type="text" name="title" size="50"><br>
<b>Message :</b><br>
<?
echo_ubb();
echo "<textarea cols=\"75\" rows=\"20\" name=\"message\"></textarea>";
echo "<br>\n";
echo_smiles();
echo "<br>\n";
?>
<input type="submit" value="Save">
<input type="reset" value="Reset">
</form>
<?
}
if($_GET['act'] == "smiles")
{
?>
<table style="border-collapse: collapse" cellpadding="2" cellspacing="0" width="100%" border="1" bordercolor="#000000">
<tr>
<td width="35%"><b>Name</b></td>
<td width="20%"><b>Tag</b></td>
<td width="20%"><b>Preview</b></td>
<td width="10%" align="center"><b>Options</b></td>
</tr>
<?
$query = mysql_query("SELECT * FROM tbl_smiles ORDER BY smile_name ASC");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles"),0);
if(!empty($result))
{
while($row = mysql_fetch_assoc($query))
{
?>
<tr>
<td width="35%"><? echo htmlspecialchars($row['smile_name']) ?></td>
<td width="20%"><? echo htmlspecialchars($row['smile_tag']) ?></td>
<td width="20%"><img src="smiles/<? echo $row['smile_file'] ?>"></td>
<td width="10%" align="center"><a href="admin.php?act=edit_smile&smile_id=<? echo $row['smile_id'] ?>">Edit</a> |
<a href="javascript:del_smile('<? echo $row['smile_id'] ?>')">Delete</a></td>
</tr>
<?
}
}
echo "</table>";
echo "<br>\n";
echo "<a href=\"admin.php?act=add_smile\">Add Smile</a>";
echo "<br>\n";
echo "<a href=\"admin.php\">Admin Index</a>";
}
if($_GET['act'] == "edit_smile" AND !isset($_POST['save_smile']))
{
$query = mysql_query("SELECT * FROM tbl_smiles WHERE smile_id = '" . $_GET['smile_id'] . "'");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles WHERE smile_id = '" . $_GET['smile_id'] . "'"),0);
if(!empty($result))
{
while($row = mysql_fetch_assoc($query))
{
?>
<form method="POST" name="form">
<input type="hidden" value="1" name="save_smile">
<input type="hidden" value="<? echo $_GET['smile_id'] ?>" name="id">
<b>Smile Name :</b><br>
<input type="text" name="name" value="<? echo $row['smile_name'] ?>"><br>
<b>Smile Tag :</b><br>
<input type="text" name="tag" value="<? echo $row['smile_tag'] ?>" size="5"><br>
<b>Smile File :</b><br>
<select name="file" onChange="showimage()"><?
$handle = opendir('smiles');
while(false!==($file = readdir($handle)))
{
if($file != "." AND $file != "..")
{
if($file == $row['smile_file'])
{
$selected = " selected";
}
else
{
$selected = " ";
}
echo "<option value=\"" . $file . "\"" . $selected . ">" . $file . "</option>\n";
}
}
closedir($handle);
?>
</select><img src="smiles/<? echo $row['smile_file'] ?>" name="icons" hspace="10"><br>
<input type="submit" value="Save">
<input type="reset" value="Reset">
</form>
<?
}
}
else
{
echo "<script>alert('Smile with this ID doesn\'t excist'); history.go(-1)</script>";
}
}
if($_GET['act'] == "add_smile" AND !isset($_POST['add_smile']))
{
?>
<form method="POST" name="form">
<input type="hidden" value="1" name="add_smile">
<b>Smile Name :</b><br>
<input type="text" name="name"><br>
<b>Smile Tag :</b><br>
<input type="text" name="tag" size="5"><br>
<b>Smile File :</b><br>
<select name="file" onChange="showimage()"><?
$handle = opendir('smiles');
while(false!==($file = readdir($handle)))
{
if($file != "." AND $file != "..")
{
if(!isset($first_smile))
{
$first_smile = $file;
}
echo "<option value=\"" . $file . "\">" . $file . "</option>\n";
}
}
closedir($handle);
?>
</select><img src="smiles/<? echo $first_smile ?>" name="icons" hspace="10"><br>
<input type="submit" value="Save">
<input type="reset" value="Reset">
</form>
<?
}
if($_GET['act'] == "del_smile")
{
if(isset($_GET['smile_id']))
{
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles WHERE smile_id = '" . $_GET['smile_id'] . "'"),0);
if(!empty($result))
{
mysql_query("DELETE FROM tbl_smiles WHERE smile_id = '" . $_GET['smile_id'] . "'");
}
else
{
echo "<script>alert('Smile with this ID doesn\'t excist.'); history.go(-1)</script>";
}
}
else
{
echo "<script>alert('Please validate a smile ID.'); history.go(-1)</script>";
}
}
if($_GET['act'] == "newest_members")
{
$query = mysql_query("SELECT * FROM tbl_users ORDER BY user_id DESC LIMIT 0,10");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(empty($result))
{
echo "<script>alert('No members yet.'); history.go(-1)</script>";
}
else
{
while($row = mysql_fetch_assoc($query))
{
echo $row['user_id'] . ". <a href=\"profile.php?act=view&user_id=" . $row['user_id'] . "\">" . $row['user_name'] . "</a><br>";
}
}
}
if($_GET['act'] == "uninstall")
{
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!empty($result))
{
mysql_query("DROP TABLE tbl_config");
mysql_query("DROP TABLE tbl_msg");
mysql_query("DROP TABLE tbl_smiles");
mysql_query("DROP TABLE tbl_users");
echo "SNP Login Script successfully uninstalled, you can now remove all files of SNP Login Script.";
echo "<br>\n<br>\n";
echo "<script>window.close()</script>";
}
else
{
echo "<script>alert('SNP Login Script has already been uninstalled, delete the directory containing this file to finish the un-installation.'); window.close()</script>";
}
}
}
if(isset($_POST['update_user']))
{
if(empty($_POST['deluser']))
{
if(!empty($_POST['pass']))
{
mysql_query("UPDATE tbl_users SET user_pass = '" . md5($_POST['pass']) . "' WHERE user_id = '" . $_POST['user_id'] . "'") or die(mysql_error());
}
mysql_query("UPDATE tbl_users SET user_name = '" . $_POST['user'] . "', user_email = '" . $_POST['email'] . "', user_url = '" . $_POST['url'] . "', user_dateformat = '" . $_POST['date'] . "', user_showmail = '" . $_POST['showmail'] . "', user_public = '" . $_POST['public'] . "', user_activated = '" . $_POST['activated'] . "', user_admcom = '" . $_POST['admcom'] . "', user_pm = '" . $_POST['pm'] . "' WHERE user_id = '" . $_POST['user_id'] . "'") or die(mysql_error());
echo "Information successfully updated !";
echo "<br>\n<br>\n";
echo "<a href=\"admin.php?act=member_list\">Back to memberlist</a>";
echo "<br>\n";
echo "<a href=\"admin.php\">Admin Index</a>";
}
else
{
$user_exists = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_id = '" . $_POST['user_id'] . "'"),0);
if(!empty($user_exists))
{
mysql_query("DELETE FROM tbl_users WHERE user_id = '" . $_POST['user_id'] . "'");
mysql_query("DELETE FROM tbl_msg WHERE msg_to = '" . $_POST['user_id'] . "' OR msg_from = '" . $_POST['user_id'] . "'");
echo "<script>alert('User successfully deleted.'); document.location.href=('admin.php?act=member_list')</script>";
}
else
{
echo "<script>alert('User doesn\'t exist.'); document.location.href=('admin.php?act=member_list')</script>";
}
}
}
if(isset($_POST['update_config']))
{
mysql_query("UPDATE tbl_config SET cfg_antiflood = '" . $_POST['antiflood'] . "', cfg_maxmsg = '" . $_POST['maxmsg'] . "', cfg_register = '" . $_POST['register'] . "', cfg_smiles = '" . $_POST['smiles'] . "', cfg_ubbcode = '" . $_POST['ubb'] . "', cfg_perpage = '" . $_POST['perpage'] . "', cfg_perpageinbox = '" . $_POST['perpageinbox'] . "', cfg_admindate = '" . $_POST['dateformat'] . "', cfg_adminuser = '" . $_POST['adminuser'] . "', cfg_adminpass = '" . $_POST['adminpass'] . "'") or die(mysql_error());
echo "Configuration successfully updated !";
echo "<br>\n<br>\n";
echo "<a href=\"admin.php\">Admin Index</a>";
}
if(isset($_POST['send_masspm']))
{
$query = mysql_query("SELECT * FROM tbl_users ORDER BY user_id ASC");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!empty($result))
{
while($row = mysql_fetch_assoc($query))
{
mysql_query("INSERT INTO tbl_msg VALUES ('','" . $_POST['title'] . "',NOW(),'" . $_POST['message'] . "','0','" . $row['user_id'] . "','0','" . $_ENV['REMOTE_ADDR'] . "')");
}
echo "Mass PM Sent to all members.";
echo "<br>\n<br>\n";
echo "<a href=\"admin.php?act=inbox\">My Inbox</a>";
echo "<br>\n";
echo "<a href=\"admin.php\">Admin Index</a>";
}
else
{
echo "<script>alert('Can\'t send message: No members yet.')</script>";
}
}
if(isset($_POST['save_smile']))
{
mysql_query("UPDATE tbl_smiles SET smile_name = '" . $_POST['name'] . "', smile_tag = '" . $_POST['tag'] . "', smile_file = '" . $_POST['file'] . "' WHERE smile_id = '" . $_POST['id'] . "'") or die(mysql_error());
echo "Configuration successfully updated !";
echo "<br>\n<br>\n";
echo "<a href=\"admin.php\">Admin Index</a>";
}
if(isset($_POST['add_smile']))
{
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles WHERE smile_file = '" . $_POST['file'] . "'"),0);
if(empty($result))
{
mysql_query("INSERT INTO tbl_smiles VALUES ('','" . $_POST['name'] . "', '" . $_POST['tag'] . "', '" . $_POST['file'] . "')");
echo "Smiles successfully added !";
echo "<br>\n<br>\n";
echo "<a href=\"admin.php\">Admin Index</a>";
}
else
{
echo "<script>alert('Smile already excists'); history.go(-1)</script>";
}
}
}
?>
[/code]
-----------------------------------------------
CONFIG.PHP
-----------------------------------------------
[code]
<?
############################################
# Filename : CONFIG.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
$hostname = "localhost";
$username = "user";
$password = "";
$database = "login";
mysql_connect($hostname,$username,$password) or die(mysql_error());
mysql_select_db($database);
$select_config = mysql_query("SELECT * FROM tbl_config");
while($config = mysql_fetch_assoc($select_config))
{
$cfg['antiflood'] = $config['cfg_antiflood'];
$cfg['max_msg'] = $config['cfg_maxmsg'];
$cfg['register'] = $config['cfg_register'];
$cfg['smiles'] = $config['cfg_smiles'];
$cfg['ubb'] = $config['cfg_ubbcode'];
$cfg['per_page'] = $config['cfg_perpage'];
$cfg['per_pageinbox'] = $config['cfg_perpageinbox'];
$cfg['admin_date'] = $config['cfg_admindate'];
$cfg['admin_user'] = $config['cfg_adminuser'];
$cfg['admin_pass'] = $config['cfg_adminpass'];
}
?>[/code]
-----------------------------------------------
FUNCTIONS.PHP
-----------------------------------------------
[code]
<?
############################################
# Filename : FUNCTIONS.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
include("config.php");
function echo_ubb()
{
global $cfg;
if(!empty($cfg['ubb']))
{
echo "<input type=\"button\" OnClick=\"smile('[b][/b]')\" style=\"font-weight: bold; width: 30pt\" value=\"B\"> ";
echo "<input type=\"button\" OnClick=\"smile('[u][/u]')\" style=\"text-decoration: underline; width: 30pt\" value=\"U\"> ";
echo "<input type=\"button\" OnClick=\"smile('[i][/i]')\" style=\"font-style: italic; width: 30pt\" value=\"I\"> ";
echo "<input type=\"button\" OnClick=\"smile('[quote][/quote]')\" style=\"width: 50pt\" value=\"Quote\"> ";
echo "<input type=\"button\" OnClick=\"smile('[img][/img]')\" style=\"width: 50pt\" value=\"Image\">";
echo "<br>\n";
}
}
function echo_smiles()
{
global $cfg;
if(!empty($cfg['smiles']))
{
$query = mysql_query("SELECT * FROM tbl_smiles");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles"),0);
if(!empty($result))
{
while($row = mysql_fetch_assoc($query))
{
echo " <a href=\"javascript:smile('" . addslashes($row['smile_tag']) . "')\"><img src=\"smiles/" . $row['smile_file'] . "\" border=\"0\"></a>";
}
echo "<br>\n";
}
}
}
?>
[/code]
-----------------------------------------------
INDEX.PHP
-----------------------------------------------
[code]
<?
############################################
# Filename : INDEX.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
error_reporting(E_ALL);
session_start();
include("config.php");
if(!isset($_SESSION['user_id']))
{
if(isset($_POST['login']))
{
$query = mysql_query("SELECT * FROM tbl_users WHERE user_name = '" . $_POST['user'] . "' AND user_pass = '" . md5($_POST['pass']) . "'");
$result = mysql_num_rows($query);
if(empty($result))
{
echo "<script>alert('Login Incorrect.'); document.location.href=('index.php')</script>";
}
else
{
while($row = mysql_fetch_assoc($query))
{
$user_id = $row['user_id'];
}
header("Location: index.php");
$_SESSION['user_id'] = $user_id;
}
}
else
{
?>
<form method="POST">
<input type="hidden" value="1" name="login">
Username : <input type="text" name="user"><br>
Password : <input type="password" name="pass"><br><br>
<input type="Submit" value="Login"><br><br>
<a href="register.php">Register</a><br>
<a href="memberlist.php">Memberlist</a>
<?
}
}
else
{
$query = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $_SESSION['user_id'] . "'");
while($row = mysql_fetch_assoc($query))
{
echo "Username : <b>" . $row['user_name']. "</b>";
if($row['user_pm'])
{
$msg = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(empty($msg))
{
$msg = "<font color=\"#008000\">Empty</font>";
}
elseif($msg >= $cfg['max_msg'])
{
$msg = "<font color=\"#FF0000\">FULL</font>";
}
else
{
$msg = $msg . " / " . $cfg['max_msg'];
}
echo "<br>\n";
echo "Inbox : <b>". $msg ."</b> ( <a href=\"msg.php?act=inbox\">Open</a> )";
}
}
echo "<br>\n<br>\n";
if(isset($_SESSION['admin_login']))
{
echo "<a href=\"admin.php\">Admin Page</a>";
echo "<br>\n";
}
echo "<a href=\"memberlist.php\">Memberlist</a>";
echo "<br>\n";
echo "<a href=\"profile.php?act=edit_profile\">Change Profile</a>";
echo "<br>\n";
echo "<a href=\"profile.php?act=view&user_id=" . $_SESSION['user_id'] . "\">My Profile</a>";
echo "<br>\n";
echo "<a href=\"logoff.php\">Log Off</a>";
}
?>[/code]
-----------------------------------------------
JAVASCRIPT.JS
-----------------------------------------------
[code]
function clr_inbox()
{
if(confirm("Are you sure you want to clear all messages ?"))
{
document.location.href = 'msg.php?act=del_inbox';
}
}
function del_msg(value)
{
if(confirm("Are you sure you want to delete this message ?"))
{
document.location.href = 'msg.php?act=delmsg&msg_id=' + value;
}
}
function del_smile(value)
{
if(confirm("Are you sure you want to delete this smile ?"))
{
document.location.href = 'admin.php?act=del_smile&smile_id=' +value;
}
}
function smile(tag)
{
document.form.message.value += ""+tag;
document.form.message.focus();
}
function delete_members()
{
if(confirm("Are you sure you want to delete all members ?"))
{
document.location.href = 'admin.php?act=delete_members';
}
}
function delete_messages()
{
if(confirm("Are you sure you want to delete all messages ?"))
{
document.location.href = 'admin.php?act=delete_messages';
}
}
function uninstall()
{
if(confirm("Are you sure you want to uninstall SNP Login Script ?"))
{
document.location.href = 'admin.php?act=uninstall';
}
}
function showimage()
{
if(!document.images)return;
document.images.icons.src="smiles/"+document.form.file.options[document.form.file.selectedIndex].value;
}
[/code]
-----------------------------------------------
LOGOFF.PHP
-----------------------------------------------
[code]
<?
############################################
# Filename : LOGOFF.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
session_start();
if(isset($_SESSION))
{
if(isset($_SESSION['user_id']))
{
unset($_SESSION['user_id']);
}
if(isset($_SESSION['admin_login']))
{
unset($_SESSION['admin_login']);
}
header("Location: index.php");
}
else
{
echo "<script>alert('Your not logged in.')</script>";
}
?>
[/code]
-----------------------------------------------
MEMBERLIST.PHP
-----------------------------------------------
[code]
<?
############################################
# Filename : MEMBERLIST.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
session_start();
error_reporting(E_ALL);
include("config.php");
if(isset($_GET['order_by']))
{
if($_GET['order_by'] == "user_name")
{
$order_by = "user_name";
}
elseif($_GET['order_by'] == "user_email")
{
$order_by = "user_email";
}
elseif($_GET['order_by'] == "user_url")
{
$order_by = "user_url";
}
elseif($_GET['order_by'] == "user_regdate")
{
$order_by = "user_regdate";
}
elseif($_GET['order_by'] == "user_pm")
{
$order_by = "user_pm";
}
else
{
$order_by = "user_id";
}
}
else
{
$order_by = "user_id";
}
$total = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!isset($_GET['page']) OR $_GET['page'] < 1)
{
$page = 0;
$prev = "[ Previous " . $cfg['per_page'] . " ]";
}
else
{
$page = $_GET['page'];
}
$start = $page * $cfg['per_page'];
$pages = $total / $cfg['per_page'];
$pageplus = $page + 1;
$pagemin = $page - 1;
if(($page + 1) < $pages)
{
$next = "[ <a href=\"memberlist.php?page=" . $pageplus . "&order_by=" . $order_by . "\">Next " . $cfg['per_page'] . "</a> ]";
}
if(($page - 1) < $pages AND $page)
{
$prev = "[ <a href=\"memberlist.php?page=" . $pagemin . "&order_by=" . $order_by . "\">Previous " . $cfg['per_page'] . "</a> ]";
}
else
{
$prev = "[ Previous " . $cfg['per_page'] . " ]";
}
if($pageplus > $pages OR $pageplus == "$pages")
{
$next = "[ Next " . $cfg['per_page'] . " ]";
}
if(isset($_SESSION['user_id']))
{
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users ORDER BY " . $order_by . " ASC LIMIT $start," . $cfg['per_page'] . "");
}
else
{
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users WHERE user_public = '1' ORDER BY " . $order_by . " ASC LIMIT $start," . $cfg['per_page'] . "");
}
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);
if(!empty($result))
{
echo "<center>" . $prev ." [ <a href=\"index.php\">Main Page</a> ] ". $next . "<center>";
?>
<table style="border-collapse: collapse" cellpadding="2" cellspacing="0" width="100%" border="1" bordercolor="#000000">
<tr>
<td width="21%"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_name">Username</a></b></td>
<td width="26%"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_email">Email</b></td>
<td width="23%"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_url">Website</b></td>
<td width="20%"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_regdate">Registered</b></td>
<td width="10%" align="center"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_pm">Enabled PM</a></b></td>
</tr>
<?
while($row = mysql_fetch_assoc($query))
{
if(isset($_SESSION['user_id']))
{
$date_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $_SESSION['user_id'] . "'");
while($date = mysql_fetch_assoc($date_select))
{
$date_format = $date['user_dateformat'];
}
$format_date = date("$date_format",$row['user_regdate']);
}
else
{
$format_date = date("d-m-Y H:i:s", $row['user_regdate']);
}
?>
<tr>
<td width="21%"><a href="profile.php?act=view&user_id=<? echo $row['user_id'] ?>"><? echo htmlspecialchars($row['user_name']) ?></a></td>
<td width="26%">
<?
if(!empty($row['user_showmail']))
{
echo "<a href=\"mailto:" . htmlspecialchars($row['user_email']) . "\">" . htmlspecialchars($row['user_email']) . "</a></td>";
}
if(!empty($row['user_url']))
{
$split_url = substr($row['user_url'],0,7);
if($split_url != "http://")
{
$url = "http://" . $row['user_url'];
}
else
{
$url = $row['user_url'];
}
}
?>
<td width="23%"><a href="<? echo $url ?>" target="_blank"><? echo $row['user_url'] ?></a></td>
<td width="20%"><? echo $format_date ?></td>
<?
if(!empty($row['user_pm']))
{
$user_pm = "<font color=\"#008000\">Yes</font>";
}
else
{
$user_pm = "<font color=\"#FF0000\">No</font>";
}
?>
<td width="10%" align="center"><? echo $user_pm ?></td>
</tr>
<?
}
echo "</table>";
echo "<center>" . $prev ." [ <a href=\"index.php\">Main Page</a> ] ". $next . "<center>";
}
else
{
echo "<script>alert('No members yet.'); history.go(-1)</script>";
}
?>[/code]
-----------------------------------------------
MSG.PHP
-----------------------------------------------
[code]<?
############################################
# Filename : MSG.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
error_reporting(E_ALL);
session_start();
include("config.php");
include("functions.php");
if(isset($_POST['send_msg']))
{
if($_POST['user_id'] == $_SESSION['user_id'])
{
echo "<script>alert('You can\'t send messages to yourself.'); history.go(-1)</script>";
}
else
{
if(!isset($_COOKIE['antiflood']))
{
$inbox = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_POST['user_id'] . "'"),0);
if($inbox >= $cfg['max_msg'])
{
$send = 0;
}
else
{
$send = 1;
}
if(!empty($send))
{
if(!empty($_POST['title']) AND !empty($_POST['message']))
{
mysql_query("INSERT INTO tbl_msg VALUES ('','" . $_POST['title'] . "',NOW(),'" . $_POST['message'] . "','" . $_SESSION['user_id'] . "','" . $_POST['user_id'] . "','0','" . $_ENV['REMOTE_ADDR'] . "')") or die(mysql_error());
setcookie("antiflood",true,time()+$cfg['antiflood']);
echo "Message successfully sent !";
echo "<br>\n<br>\n";
echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
else
{
echo "<script>alert('Please fill in all fields.'); history.go(-1)</script>";
}
}
else
{
echo "<script>alert('We\'re sorry but the inbox of this user is full or the user disabled Private Messages.'); history.go(-1)</script>";
}
}
else
{
echo "Antiflood is still active, this means you can only send 1 message per <b style=\"color: #FF0000\">" . $cfg['antiflood'] . "</b> seconds.";
echo "<br>\n<br>\n";
echo "<a href=\"javascript:window.location.reload()\">Refresh Page</a>";
echo "<br>\n";
echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
echo "<br>\n";
echo "<a href=\"msg.php?act=new\">Write new message</a>";
}
}
}
echo "<script src=\"javascript.js\"></script>";
if(isset($_SESSION['user_id']))
{
if(isset($_GET['act']))
{
if($_GET['act'] == "inbox")
{
$total = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(!isset($_GET['page']) OR $_GET['page'] < 1)
{
$page = 0;
$prev = "[ Previous " . $cfg['per_pageinbox'];
}
else
{
$page = $_GET['page'];
}
$start = $page * $cfg['per_pageinbox'];
$pages = $total / $cfg['per_pageinbox'];
$pageplus = $page + 1;
$pagemin = $page - 1;
if(($page + 1) < $pages)
{
$next = "[ <a href=\"msg.php?act=inbox&page=" . $pageplus . "\">Next " . $cfg['per_pageinbox'] . "</a> ]";
}
if(($page - 1) < $pages AND $page)
{
$prev = "[ <a href=\"msg.php?act=inbox&page=" . $pagemin . "\">Previous " . $cfg['per_pageinbox'] . "</a> ]";
}
else
{
$prev = "[ Previous " . $cfg['per_pageinbox'] . " ]";
}
if($pageplus > $pages OR $pageplus == "$pages")
{
$next = "[ Next " . $cfg['per_pageinbox'] . " ]";
}
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(msg_time) AS msg_time FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "' ORDER BY msg_id DESC LIMIT $start," . $cfg['per_pageinbox'] . "");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(empty($result))
{
echo "No messages in your inbox";
echo "<br>\n";
}
else
{
echo "<center>" . $prev ." ". $next . "</center>";
?>
<table style="border-collapse: collapse" cellpadding="2" cellspacing="0" width="100%" border="1" bordercolor="#000000">
<tr>
<td width="40%"><b>Title</b></td>
<td width="25%"><b>From</b></td>
<td width="30%"><b>Date</b></td>
<td width="5%" align="center"><b>Read</b></td>
</tr>
<?
while($row = mysql_fetch_assoc($query))
{
$from_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['msg_from'] . "'");
while($from = mysql_fetch_assoc($from_select))
{
$from_name = $from['user_name'];
}
$to_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['msg_to'] . "'");
while($date = mysql_fetch_assoc($to_select))
{
$date_format = $date['user_dateformat'];
}
?>
<tr>
<td width="40%">
<?
echo " <a href=\"msg.php?act=read&msg_id=" . $row['msg_id'] . "\">" . htmlspecialchars($row['msg_title']) . "</a>";
?>
</td>
<td width="25%">
<?
if(empty($row['msg_from']))
{
echo "Administrator";
}
else
{
echo "<a href=\"profile.php?act=view&user_id=". $row['msg_from'] ."\">" . htmlspecialchars($from_name) . "</a>";
}
?>
</td>
<td width="30%">
<?
echo date("$date_format", $row['msg_time']);
?>
</td>
<td width="5%" align="center">
<?
if(!empty($row['msg_read']))
{
echo " <font color=\"#008000\">Yes</font>";
}
else
{
echo " <font color=\"#FF0000\">No</font>";
}
?>
</td>
</tr>
<?
}
echo "</table>";
echo "<center>" . $prev ." ". $next . "</center>";
}
echo "<br>\n";
echo "<a href=\"msg.php?act=new\">New Message</a>";
if(!empty($result))
{
echo "<br>\n";
echo "<a href=\"javascript:clr_inbox()\">Clear Inbox</a>";
}
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
if($_GET['act'] == "new" AND !isset($_POST['send_msg']))
{
if(isset($_GET['user_id']))
{
if($_GET['user_id'] == $_SESSION['user_id'] OR isset($_GET['quote']) == $_SESSION['user_id'])
{
echo "<script>alert('You can\'t reply to this message'); history.go(-1)</script>";
}
$enabled_pm = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_pm = 1 AND user_id = '" . $_GET['user_id'] . "'"),0);
$inbox = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_GET['user_id'] . "'"),0);
if($inbox >= $cfg['max_msg'] OR empty($enabled_pm))
{
$send = 0;
}
else
{
$send = 1;
}
}
else
{
$send = 1;
}
if(!empty($send))
{
$query = mysql_query("SELECT * FROM tbl_users WHERE user_pm = 1 ORDER BY user_name ASC");
?>
<form method="POST" name="form">
<input type="hidden" value="1" name="send_msg">
<b>To : </b><br><select name="user_id">
<?
while($row = mysql_fetch_assoc($query))
{
if(isset($_GET['user_id']) OR isset($_GET['quote']))
{
if($row['user_id'] == $_GET['user_id'])
{
$selected = " selected";
}
else
{
$selected = "";
}
if(isset($_GET['user_id']))
{
$title = mysql_query("SELECT * FROM tbl_msg WHERE msg_id = " . $_GET['msg_id'] . "");
}
if(isset($_GET['quote']))
{
$title = mysql_query("SELECT * FROM tbl_msg WHERE msg_id = " . $_GET['quote'] . "");
}
while($msg = mysql_fetch_assoc($title))
{
$msg_title = str_replace("Re: ","", $msg['msg_title']);
$msg_title = "Re: " . htmlspecialchars($msg_title);
}
}
$user_select = mysql_query("SELECT * FROM tbl_users");
while($user = mysql_fetch_assoc($user_select))
{
$user_name = $row['user_name'];
}
echo "<option value=\"" . $row['user_id'] . "\"" . $selected . ">" . $user_name . "</option>";
}
echo "</select>";
echo "<br>\n";
?>
<b>Title :</b><br> <input type="text" name="title" value="<? if(isset($msg_title)){ echo $msg_title; } ?>" size="45" maxlength="50"><br>
<b>Message :</b><br>
<?
echo echo_ubb();
?>
<textarea name="message" cols="40" rows="10"><?
if(isset($_GET['quote']))
{
$select_quote = mysql_query("SELECT * FROM tbl_msg WHERE msg_id = '" . $_GET['quote'] . "'");
while($quote = mysql_fetch_assoc($select_quote))
{
$quote_userid = $quote['msg_from'];
$quote_message = $quote['msg_message'];
}
$select_user = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $quote_userid . "'");
while($user = mysql_fetch_assoc($select_user))
{
$quote_username = $user['user_name'];
}
echo "[quote=" . $quote_username . "]" . $quote_message . "[/quote]";
}
?></textarea><br>
<?
echo_smiles();
echo "<br>\n";
?>
<input type="submit" value="Send">
<input type="reset" value="Reset">
<?
}
else
{
echo "<script>alert('Inbox of this user is full or user disabled Private Messages.'); history.go(-1)</script>";
}
}
if($_GET['act'] == "read" AND isset($_GET['msg_id']))
{
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(msg_time) AS msg_time FROM tbl_msg WHERE msg_id = '" . $_GET['msg_id'] . "' AND msg_to = '" . $_SESSION['user_id'] . "'");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_id = '" . $_GET['msg_id'] . "' AND msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(empty($result))
{
echo "<script>alert('Message with this ID doesn\'t exist.'); document.location.href=('msg.php?act=inbox')</script>";
}
else
{
while($row = mysql_fetch_assoc($query))
{
if(empty($row['msg_read']))
{
mysql_query("UPDATE tbl_msg SET msg_read = 1 WHERE msg_id = '" . $_GET['msg_id'] . "'") or die(mysql_error());
}
echo "<b>Title : </b>". htmlspecialchars($row['msg_title']);
echo "<br>\n";
$from_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['msg_from'] . "'");
while($from = mysql_fetch_assoc($from_select))
{
$from_user = $from['user_name'];
}
$to_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['msg_to'] . "'");
while($date = mysql_fetch_assoc($to_select))
{
$date_format = $date['user_dateformat'];
}
echo "<b>From : </b>";
if(empty($row['msg_from']))
{
echo "Administrator";
}
else
{
echo "<a href=\"profile.php?act=view&user_id=". $row['msg_from'] ."\">" . htmlspecialchars($from_name) . "</a>";
}
echo "<br>\n";
$row['msg_time'] = date("$date_format", $row['msg_time']);
echo "<b>Time : </b>". htmlspecialchars($row['msg_time']);
echo "<br>\n";
echo "<b>Message: </b>";
echo "<hr>\n";
$row['msg_message'] = nl2br(htmlspecialchars($row['msg_message']));
if(!empty($cfg['smiles']))
{
$smile_select = mysql_query("SELECT * FROM tbl_smiles ORDER BY smile_id ASC");
while($smile = mysql_fetch_assoc($smile_select))
{
$smile['smile_tag'] = str_replace(">",">", $smile['smile_tag']);
$smile['smile_tag'] = str_replace("<","<", $smile['smile_tag']);
$row['msg_message'] = str_replace("$smile[smile_tag]","<img src=\"smiles/" . $smile['smile_file'] . "\">", $row['msg_message']);
}
}
$quote_tags = substr_count($row['msg_message'], '[/quote]');
for($i = 0; $i <= $quote_tags; $i++)
{
$row['msg_message'] = preg_replace('/\[quote=(.*?)\](.*?)\[\/quote\]/si', "<br><blockquote>\\1 Schreef:<br><table border=\"1\" style=\"border-collapse: collapse\" bordercolor=\"#000000\" width=\"80%\" cellpadding=\"2\"><tr><td> \\2 </td></tr></table></blockquote>", $row['msg_message']);
}
$row['msg_message'] = preg_replace("/\[b\](.*?)\[\/b\]/si", "<b>\\1</b>",$row['msg_message']);
$row['msg_message'] = preg_replace("/\[u\](.*?)\[\/u\]/si", "<u>\\1</u>",$row['msg_message']);
$row['msg_message'] = preg_replace("/\[i\](.*?)\[\/i\]/si", "<i>\\1</i>",$row['msg_message']);
$row['msg_message'] = preg_replace("/\[img\](.*?)\[\/img\]/si", "<img src=\"\\1\">",$row['msg_message']);
$row['msg_message'] = ereg_replace("([ ]{2})","\\1 ",$row['msg_message']);
$row['msg_message'] = eregi_replace("(^|[>[:space:]\n])([[:alnum:]]+)://([^[:space:]]*)([[:alnum:]#?/&=])([<[:space:]\n]|$)","\\1<a href=\"\\2://\\3\\4\" target=\"_blank\">\\2://\\3\\4</a>\\5", $row['msg_message']);
$row['msg_message'] = wordwrap($row['msg_message'], 100,"\t", 1);
echo $row['msg_message'];
$msg_from = $row['msg_from'];
$msg_id = $row['msg_id'];
}
echo "<hr>\n";
echo "<a href=\"javascript:del_msg('" . $_GET['msg_id'] . "')\">Delete message</a>";
echo "<br>\n";
echo "<a href=\"msg.php?act=new&user_id=" . $msg_from . "&msg_id=" . $msg_id . "\">Reply</a>";
echo "<br>\n";
echo "<a href=\"msg.php?act=new&user_id=" . $msg_from . ""e=" . $msg_id . "\">Quote</a>";
echo "<br>\n";
echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
}
if($_GET['act'] == "delmsg" AND isset($_GET['msg_id']))
{
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_id = '" . $_GET['msg_id'] . "' AND msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(empty($result))
{
echo "<script>alert('Message with this ID doesn\'t exist, you might have deleted it earlier.'); document.location.href=('msg.php?act=read&msg_id=" . $_GET['msg_id'] . "')</script>";
}
else
{
mysql_query("DELETE FROM tbl_msg WHERE msg_id = '" . $_GET['msg_id'] . "' AND msg_to = '" . $_SESSION['user_id'] . "'") or die(mysql_error());
echo "Message successfully deleted !";
echo "<br>\n<br>\n";
echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
}
if($_GET['act'] == "del_inbox")
{
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(empty($result))
{
echo "<script>alert('You have no messages in your inbox.'); document.location.href=('msg.php?act=inbox')</script>";
}
else
{
mysql_query("DELETE FROM tbl_msg WHERE msg_to = " . $_SESSION['user_id'] . "") or die(mysql_error());
echo "Inbox successfully cleared !";
echo "<br>\n<br>\n";
echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
}
}
else
{
echo "<script>alert('Undifined action.'); history.go(-1)</script>";
}
}
else
{
echo "<script>alert('You\'re not logged in.'); document.location.href=('index.php')</script>";
}
?>[/code]
-----------------------------------------------
PROFILE.PHP
-----------------------------------------------
[code]<?
############################################
# Filename : PROFILE.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
error_reporting(E_ALL);
session_start();
include("config.php");
if(isset($_GET['act']))
{
if($_GET['act'] == "view")
{
if(isset($_GET['user_id']))
{
$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users WHERE user_id = '" . $_GET['user_id'] . "'");
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_id = '" . $_GET['user_id'] . "'"),0);
if(empty($result))
{
echo "<script>alert('User with this ID doesn\'t exist.'); history.go(-1);</script>";
}
else
{
while($row = mysql_fetch_assoc($query))
{
$public_profile = $row['user_public'];
if(empty($public_profile))
{
if(isset($_SESSION['user_id']))
{
$show_profile = 1;
}
else
{
$show_profile = 0;
}
}
else
{
$show_profile = 1;
}
if(!empty($show_profile))
{
echo "<b>Username : </b>" . htmlspecialchars($row['user_name']) . "<br>\n";
if($row['user_showmail'])
{
echo "<b>Email : </b><a href=\"mailto:" . htmlspecialchars($row['user_email']) . "\">" . htmlspecialchars($row['user_email']) . "</a><br>\n";
}
if(!empty($row['user_url']))
{
$split_url = substr($row['user_url'],0,7);
if($split_url != "http://")
{
$url = "http://" . $row['user_url'];
}
else
{
$url = $row['user_url'];
}
echo "<b>Website : </b><a href=\"" . htmlspecialchars($url) . "\" target=\"_blank\">" . htmlspecialchars($row['user_url']) . "</a><br>\n";
}
$date_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['user_id'] . "'");
while($date = mysql_fetch_assoc($date_select))
{
$date_format = $date['user_dateformat'];
}
$row['user_regdate'] = date("$date_format", $row['user_regdate']);
echo "<b>Registered : </b>" . $row['user_regdate'] . "<br>\n";
if($row['user_pm'])
{
$user_pm = "Yes";
}
else
{
$user_pm = "No";
}
echo "<b>Enabled PM : </b>" . $user_pm . "<br>\n";
$user_inbox = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = " . $_GET['user_id'] . ""),0);
if(isset($row['user_pm']) AND !empty($row['user_pm']))
{
echo "<b>Inbox : </b>";
if($user_inbox >= $cfg['max_msg'])
{
$user_inbox = "<font color=\"red\">" . $user_inbox;
$cfg['max_msg'] = $cfg['max_msg'] . "</font>";
}
else
{
$user_inbox = "$user_inbox";
}
echo $user_inbox . " / " . $cfg['max_msg'];
echo "<br>\n";
}
if($row['user_pm'] AND isset($_SESSION['user_id']) AND $user_inbox <= $cfg['max_msg'])
{
if($_GET['user_id'] != $_SESSION['user_id'])
{
echo "<br>\n";
echo "<a href=\"msg.php?act=new&user_id=" . $_GET['user_id'] . "\">Send this user a Private Message</a>";
}
}
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
else
{
echo "<script>alert('Only registered users can see this profile.'); history.go(-1);</script>";
}
}
}
}
else
{
echo "<script>alert('User with this ID doesn\'t exist.'); history.go(-1);</script>";
}
}
if($_GET['act'] = "edit_profile" AND !isset($_GET['user_id']) AND !isset($_POST['change_profile']))
{
if(isset($_SESSION['user_id']))
{
$query = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $_SESSION['user_id'] . "'");
while($row = mysql_fetch_assoc($query))
{
?>
<form method="POST">
<input type="hidden" value="1" name="change_profile">
<b>Username :</b><br>
<input type="text" name="user" value="<? echo htmlspecialchars($row['user_name']) ?>"><br>
<b>Email :</b><br>
<input type="text" name="email" value="<? echo htmlspecialchars($row['user_email']) ?>"><br>
<b>Website :</b><br>
<input type="text" name="url" value="<? echo htmlspecialchars($row['user_url']) ?>"><br>
<b>Show Email :</b><br>
<select name="showmail">
<?
if(!empty($row['user_showmail']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Public Profile :</b><br>
<select name="public">
<?
if(!empty($row['user_public']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>
<b>Date Format :</b><br>
<input type="text" name="date" value="<? echo htmlspecialchars($row['user_dateformat']) ?>">
<a href="http://www.php.net/date" target="_blank">More info</a><br>
<b>Enable PM :</b><br>
<select name="pm">
<?
if(!empty($row['user_pm']))
{
$selected = "";
}
else
{
$selected = " selected";
}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select> If "No" all messages will be deleted<br><br>
<i>Change Password</i><br>
<b>Password :</b><br>
<input type="password" name="pass"><br>
<b>Password [Confirm] :</b><br>
<input type="password" name="pass2"><br><br>
<input type="submit" value="Save">
<input type="reset" value="Reset"><br><br>
<?
}
}
else
{
echo "<script>alert('You\'re not logged in.'); document.location.href=('index.php')</script>";
}
}
if(isset($_POST['change_profile']))
{
$name_exists = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_name = '" . $_POST['user'] . "' AND user_id <> " . $_SESSION['user_id'] . ""),0);
if(empty($name_exists))
{
if(preg_match("/^([a-z0-9_\-]+\.)*?[a-z0-9_\-]+@([a-z0-9\-_]{2,})\.[a-z0-9\-_]*(\.[a-z0-9\-_]{2,})*$/i",$_POST['email']))
{
if(!empty($_POST['pass']) OR !empty($_POST['pass2']))
{
if($_POST['pass'] != $_POST['pass2'])
{
echo "<script>alert('Passwords are not the same.'); history.go(-1)</script>";
}
else
{
mysql_query("UPDATE tbl_users SET user_name = '" . $_POST['user'] . "', user_email = '" . $_POST['email'] . "', user_url = '" . $_POST['url'] . "', user_dateformat = '" . $_POST['date'] . "', user_showmail = '" . $_POST['showmail'] . "', user_public = '" . $_POST['public'] . "', user_pass = '" . md5($_POST['pass']) . "', user_pm = '" . $_POST['pm'] . "' WHERE user_id = '" . $_SESSION['user_id'] . "'") or die(mysql_error());
echo "Information + Password successfully updated !";
echo "<br>\n<br>\n";
echo "<a href=\"profile.php?act=view&user_id=" . $_SESSION['user_id'] . "\">My Profile</a>";
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
}
else
{
mysql_query("UPDATE tbl_users SET user_name = '" . $_POST['user'] . "', user_email = '" . $_POST['email'] . "', user_url = '" . $_POST['url'] . "', user_dateformat = '" . $_POST['date'] . "', user_showmail = '" . $_POST['showmail'] . "', user_public = '" . $_POST['public'] . "', user_pm = '" . $_POST['pm'] . "' WHERE user_id = '" . $_SESSION['user_id'] . "'") or die(mysql_error());
echo "Information successfully updated !";
echo "<br>\n<br>\n";
echo "<a href=\"profile.php?act=view&user_id=" . $_SESSION['user_id'] . "\">My Profile</a>";
echo "<br>\n";
echo "<a href=\"index.php\">Main Page</a>";
}
if(empty($_POST['pm']))
{
$result= mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'");
if(!empty($result))
{
mysql_query("DELETE FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'") or die(mysql_error());
}
}
}
else
{
echo "<script>alert('Email address incorrect.'); history.go(-1)</script>";
}
}
else
{
echo "<script>alert('Username already in use.'); history.go(-1)</script>";
}
}
}
else
{
echo "<script>alert('No ID Validated'); history.go(-1);</script>";
}
?>[/code]
-----------------------------------------------
REGISTER.PHP
-----------------------------------------------
[code]<?
############################################
# Filename : REGISTER.PHP #
#------------------------------------------#
# Written By : Dennis van den Hout #
# Email : [email protected] #
# Website : www.scripters.nl #
# Questions? : www.scripters.nl/forum #
#------------------------------------------#
# Editing source is allowed, unless you #
# give it to other users #
#------------------------------------------#
############################################
error_reporting(E_ALL);
include("config.php");
if(!empty($cfg['register']))
{
if(!isset($_POST['reg_user']))
{
?>
<form method="POST">
<input type="hidden" value="1" name="reg_user">
<b>Username :</b><br>
<input type="text" name="user" maxlength="30"><br>
<b>Email :</b><br>
<input type="text" name="email" maxlength="125"><br>
<b>Password :</b><br>
<input type="password" name="pass" maxlength="12"> (At least 5 chars)<br>
<b>Password [Confirm] :</b><br>
<input type="password" name="pass2" maxlength="12"> (At least 5 chars)<br><br>
<input type="Submit" value="Register"><br><br>
<?
}
else
{
if(!empty($_POST['user']) AND !empty($_POST['email']) AND !empty($_POST['pass']) AND !empty($_POST['pass2']))
{
$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_name = '" . $_POST['user'] . "'"),0);
if(!empty($result))
{
echo "<script>alert('Username already in use'); history.go(-1)</script>";
}
else
{
if(preg_match("/^([a-z0-9_\-]+\.)*?[a-z0-9_\-]+@([a-z0-9\-_]{2,})\.[a-z0-9\-_]*(\.[a-z0-9\-_]{2,})*$/i",$_POST['email']))
{
if(strlen($_POST['pass']) <= 4)
{
echo "<script>alert('Password too short.'); history.go(-1)</script>";
}
else
{
if($_POST['pass'] != $_POST['pass2'])
{
echo "<script>alert('Passwords are not the same.'); history.go(-1)</script>";
}
else
{
mysql_query("INSERT INTO tbl_users VALUES ('','" . $_POST['user'] . "','" . $_POST['email'] . "',NULL,'" . md5($_POST['pass']) . "',NOW(),'d-m-Y H:i:s',1,1,1,NULL,NULL,NULL,'" . $_ENV['REMOTE_ADDR'] . "')") or die(mysql_error());
echo "Successfully registered, you can now log in";
echo "<br><br><a href=\"index.php\">Log in</a>";
}
}
}
else
{
echo "<script>alert('Email address incorrect.'); history.go(-1)</script>";
}
}
}
else
{
echo "<script>alert('Please fill in all fields.'); history.go(-1)</script>";
}
}
}
else
{
echo "<script>alert('Registering of new user has been disabled by the site admin.'); history.go(-1)</script>";
}
?>[/code]
-----------------------------------------------
TABLES.SQL
-----------------------------------------------
[code]CREATE TABLE tbl_config (
cfg_antiflood int(10) unsigned default '0',
cfg_maxmsg int(5) unsigned default '0',
cfg_register int(1) unsigned default '0',
cfg_smiles int(1) unsigned default '0',
cfg_ubbcode int(1) unsigned default '0',
cfg_perpage int(5) unsigned default '0',
cfg_perpageinbox int(5) unsigned default '0',
cfg_admindate char(25) default '0',
cfg_adminuser char(15) default '0',
cfg_adminpass char(32) default '0'
) TYPE=MyISAM;
INSERT INTO tbl_config VALUES("60", "50", "1", "1", "1", "25", "25", "D d F g:i A", "admin", "1234");
CREATE TABLE tbl_msg (
msg_id int(10) unsigned NOT NULL auto_increment,
msg_title varchar(50) default '0',
msg_time datetime default NULL
Reacties
0