Code: Select all
<?php
/***************************************************************************
* website.php
* -------------------
* begin : Thursday, Jun 09, 2005
* copyright : (C) 2005 Battye @ CricketMX.com
* email : cricketmx@hotmail.com
*
* $Id: website.php, v1.000.0.00 2005/09/06 21:18:36 battye Exp $
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
include($phpbb_root_path . 'config.'.$phpEx);
include($phpbb_root_path . '/includes/constants.'.$phpEx);
include($phpbb_root_path . '/includes/functions_website.'.$phpEx);
include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);
//
// End session management
//
/* // For testing purposes
$lang['No_website'] = 'No website has been configured at this address!';
$lang['No_website_chosen'] = 'No website has been entered';
$lang['MOD_provided_website'] = 'User Website MOD © <a href=http://www.cricketmx.com>battye</a> 2005';
$lang['Admin_website'] = 'Administer Website';
$lang['Admin_sitename'] = 'Select an appropriate name for your website:';
$lang['Admin_sitetext'] = 'Enter the HTML for your site here:<br /><span class="genmed">Or use site %stemplates%s!';
$lang['Admin_website_updated'] = 'Website updated successfully!<br />Click %shere%s to view your site!';
$lang['Admin_website_colour'] = 'Choose a background colour for your site:';
$lang['Admin_website_nav'] = 'Administer Website';
$lang['Admin_website_back'] = 'Click <a href="javascript: history.go(-1)">here</a> to go back and make changes, or Submit!';
$lang['Admin_website_view_template'] = 'View Templates';
$lang['Admin_wesbite_theme_name'] = 'Template Name';
$lang['Admin_wesbite_theme_desc'] = 'Template Description';
$lang['Admin_wesbite_theme_auth'] = 'Template Author';
$lang['Admin_wesbite_use_temp'] = 'Use Template';
$lang['Admin_wesbite_preview_theme'] = 'Preview Template';
$lang['Admin_css'] = 'Enter the CSS for your site here:';
$lang['Admin_user_banned'] = 'You have been banned from creating a website!<br />Please contact an administrator for further details!';
$lang['Admin_group_banned'] = 'This usergroup has been banned from creating a website!<br />Please contact an administrator for further details!';
$lang['Admin_user_low_post'] = 'You need to have at least %s posts to create a website!<br />Please contact an administrator for further details!';
$lang['Admin_mod_off'] = 'This feature has been disabled by an administrator.';
$lang['Admin_user_not_enabled'] = 'Users are not allowed to have websites!';
$lang['Admin_group_not_enabled'] = 'Usergroups are not allowed to have websites!'; */
// $lang['Admin_website_hits'] = 'This page has had %d hits!';
// Gotta remember to put this in constants.php
/* // User Website MOD
define('WEB_YES', '1');
define('WEB_NO', '0');
*/
/*
$uwm_lang = array();
$uwm_lang['TABLE_HEADING'] = 'Table Heading';
$uwm_lang['SITE_DESCRIPTION'] = 'Enter a description of your site here';
$uwm_lang['LINK_DESCRIPTION'] = 'Enter a description of your link here';
$uwm_lang['CONTENT'] = 'Enter content here';
$uwm_lang['FONT_FACE'] = 'Verdana';
$uwm_lang['FONT_SIZE'] = '2'; */
// Ok let's begin outputting the site.. not just yet though.. haha tricked you :-)
if(isset($HTTP_GET_VARS['id']) || intval($HTTP_GET_VARS['group_id']) && $HTTP_GET_VARS['mode'] != "owner")
{
uwm_enabled();
user_or_group_enabled($HTTP_GET_VARS['group_id']);
if(intval($HTTP_GET_VARS['id']) || intval($HTTP_GET_VARS['group_id']))
{
$id = (intval($HTTP_GET_VARS['id'])) ? $HTTP_GET_VARS['id'] : $HTTP_GET_VARS['group_id'];
if(intval($HTTP_GET_VARS['id']))
{
$hits = "UPDATE " . USERS_TABLE . " SET user_website_hits = user_website_hits + 1 WHERE user_id = " . $HTTP_GET_VARS['id'];
if(!$db->sql_query($hits))
{
message_die(GENERAL_ERROR, 'Could not update hit counter');
}
$sql = "SELECT * FROM " . USERS_TABLE . " WHERE user_id = '" . $id . "'";
}
if(intval($HTTP_GET_VARS['group_id']))
{
// Are they a member?
if(user_group_member($userdata['user_id'], $HTTP_GET_VARS['group_id']) == 2)
{
message_die(CRITICAL_ERROR, $lang['Admin_only_group_can_make_edit']);
}
$hits = "UPDATE " . GROUPS_TABLE . " SET user_website_hits = user_website_hits + 1 WHERE group_id = " . $HTTP_GET_VARS['group_id'];
if(!$db->sql_query($hits))
{
message_die(GENERAL_ERROR, 'Could not update hit counter');
}
$sql = "SELECT * FROM " . GROUPS_TABLE . " WHERE group_id = '" . $id . "'";
}
if(!$result = $db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not grab information');
}
while($user_website = $db->sql_fetchrow($result))
{
if (!$user_website['user_website_html'])
{
message_die(GENERAL_ERROR, $lang['No_website']);
}
$user_website['user_website_title'] = str_replace($chars, $tags, $user_website['user_website_title']);
$user_css = (isset($user_website['user_website_css'])) ? "<style type=\"text/css\"><br /><!--<br />" . $user_website['user_website_css'] . "<br />--><br /></style>" : ""; // Originally by Excursus
$bad = array("<script", "<form", "<iframe", "<?php", "?>", "<html>", "<body>", "</html>", "</body>");
$good = array("<script", "<form", "<iframe", "<?php", "?>", "<html>", "<body>", "</html>", "</body");
// Changed to htmlspecialchars() and back again, damn error, how was *I* to know it wanted parameter 1 to be a string :rolls eyes:
$title_website = (str_replace("''", "'", $user_website['user_website_title'])) ? str_replace("''", "'", $user_website['user_website_title']) : "";
$user_html = str_replace("''", "'", str_replace($bad, $good, $user_website['user_website_html']));
$user_html = bbencode_second_pass($user_html, '');
$colour = $user_website['user_website_colour'];
if($board_config['website_hits'] == WEB_YES)
{
$hits_out = sprintf($lang['Admin_website_hits'], $user_website['user_website_hits']);
}
$db->sql_close();
}
// Ok, do it...
echo '<html><body bgcolor="' . $colour . '">';
echo $user_css; // Originally by Excursus
echo "<title>$title_website</title>";
echo $user_html;
echo '</body></html>';
echo '<br />';
echo '<font face="Arial"><table width="100%"><tr><td align="center">';
echo 'User Website MOD © <a href=http://www.online-scrabble.com>battye</a> 2005<br />
Powered by <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB</a> © 2001, 2005 phpBB Group';
echo '<br /><br />';
echo $board_config['website_footer'];
echo '<br />';
echo $hits_out;
echo '</td></tr></table></font>';
}
else
{
message_die(GENERAL_ERROR, $lang['No_website_chosen']);
}
}
if($HTTP_GET_VARS['mode'] == "owner" && $userdata['session_logged_in'])
{
uwm_enabled();
user_or_group_enabled($HTTP_GET_VARS['group_id']);
if(intval($HTTP_GET_VARS['group_id']))
{
// Are they a member?
if(user_group_member($userdata['user_id'], $HTTP_GET_VARS['group_id']) == 2)
{
message_die(CRITICAL_ERROR, $lang['Admin_only_group_can_make_edit']);
}
$sql = "SELECT * FROM " . GROUPS_TABLE . " WHERE group_id = " . intval($HTTP_GET_VARS['group_id']);
}
else
{
$sql = "SELECT * FROM " . USERS_TABLE . " WHERE user_id = " . $userdata['user_id'];
}
if(!$result = $db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not grab information');
}
$gu_data = $db->sql_fetchrow($result);
if($HTTP_GET_VARS['view'] == "templates")
{
// From php.net: readdir
if(!(isset($HTTP_GET_VARS['filename'])))
{
if ($handle = opendir('./html_templates'))
{
include($phpbb_root_path . "includes/page_header.$phpEx");
$page_title = $lang['Admin_website_view_template'];
$template->set_filenames(array("admin_t" => "admin_view_site_template_body.tpl"));
/* This is the correct way to loop over the directory. */
while (false !== ($file = readdir($handle)))
{
if(get_site_template_html("description", $file) != '')
{
$file_link = "<a href='./website.$phpEx?mode=owner&view=templates&filename=$file'>$file</a>"; // Filename
$template->assign_block_vars('temp', array(
"U_LINK" => $file_link,
"U_DESC" => str_replace("Description: ", "", get_site_template_html("description", $file)),
"U_AUTHOR" => str_replace("Author: ", "", get_site_template_html("author", $file))));
}
}
$template->assign_vars(array(
"L_LINK_NAME" => $lang['Admin_wesbite_theme_name'],
"L_DESCRIPTION" => $lang['Admin_wesbite_theme_desc'],
"L_AUTHOR_NAME" => $lang['Admin_wesbite_theme_auth']));
$template->pparse("admin_t");
include($phpbb_root_path . "includes/page_tail.$phpEx");
}
}
if(isset($HTTP_GET_VARS['filename']))
{
include($phpbb_root_path . "includes/page_header.$phpEx");
$page_title = $lang['Admin_website_view_template'];
$template->set_filenames(array("admin_vt" => "admin_consider_template_body.tpl"));
$template->assign_vars(array(
"U_NAME" => $HTTP_GET_VARS['filename'],
"U_FULL_DESC" => str_replace("Description: ", "", get_site_template_html("description", $HTTP_GET_VARS['filename'])),
"U_AUTH_NAME" => str_replace("Author: ", "", get_site_template_html("author", $HTTP_GET_VARS['filename'])),
"U_CSS" => nl2br(htmlspecialchars("<style type=\"text/css\">" . get_site_template_html('css', $HTTP_GET_VARS['filename']) . "\n</style>")),
"U_HTML" => nl2br(htmlspecialchars(get_site_template_html("html", $HTTP_GET_VARS['filename']))),
"U_FORM" => append_sid("website.$phpEx?mode=owner"),
"U_FORM_P" => append_sid("website.$phpEx?mode=preview"),
"U_HIDDEN" => str_replace("<", "<", get_site_template_html("html", $HTTP_GET_VARS['filename'])),
"L_PRE_TEMP" => $lang['Admin_wesbite_preview_theme'],
"L_DESC" => $lang['Admin_wesbite_theme_desc'],
"L_USE_TEMP" => $lang['Admin_wesbite_use_temp'],
"L_AUTHOR" => $lang['Admin_wesbite_theme_auth']));
$template->pparse("admin_vt");
include($phpbb_root_path . "includes/page_tail.$phpEx");
}
}
else
{
if(isset($HTTP_POST_VARS['pre_temp']))
{
echo "<style type=\"text/css\"><br /><!--<br />" . get_site_template_html("css", $HTTP_POST_VARS['html']) . "<br />--><br /></style>";
echo get_site_template_html("html", $HTTP_POST_VARS['html']);
die();
}
if(isset($HTTP_POST_VARS['use_temp']))
{
$userdata_revised_text = get_site_template_html("html", $HTTP_POST_VARS['html']);
$userdata_revised_css = get_site_template_html("css", $HTTP_POST_VARS['html']);
}
else
{
$userdata_revised_text = stripslashes(str_replace("''", "'", $gu_data['user_website_html']));
$userdata_revised_css = stripslashes(str_replace("''", "'", $gu_data['user_website_css']));
}
check_web_ban("user", "");
if(isset($HTTP_GET_VARS['group_id']))
{
check_web_ban("group", $HTTP_GET_VARS['group_id']);
}
include($phpbb_root_path . "includes/page_header.$phpEx");
$page_title = $lang['Admin_website'];
$template->set_filenames(array("admin" => "admin_website_body.tpl"));
$template->assign_vars(array(
"L_ADMIN_WEBSITE" => $lang['Admin_website_nav'],
"L_SITENAME" => $lang['Admin_sitename'],
"L_SITETEXT" => sprintf($lang['Admin_sitetext'], "<a href='./website.$phpEx?mode=owner&view=templates'>", "</a>"),
"L_SITECOLOUR" => $lang['Admin_website_colour'],
"L_CSS" => $lang['Admin_css'],
"L_SUBMIT" => $lang['Submit'],
"L_PREVIEW" => $lang['Preview'],
"U_SITECOLOUR" => $gu_data['user_website_colour'],
"U_CSS" => $userdata_revised_css,
"U_SITENAME" => $gu_data['user_website_title'],
"U_SITETEXT" => $userdata_revised_text,
"GROUP" => (intval($HTTP_GET_VARS['group_id'])) ? $HTTP_GET_VARS['group_id'] : '',
"FORM" => append_sid("website.$phpEx?mode=sql")));
$template->pparse("admin");
include($phpbb_root_path . "includes/page_tail.$phpEx");
}
}
if($HTTP_GET_VARS['mode'] == "sql" && $userdata['session_logged_in'])
{
uwm_enabled();
user_or_group_enabled($HTTP_POST_VARS['group']);
if(!$HTTP_POST_VARS)
{
message_die(CRITICAL_ERROR, 'No $HTTP_POST_VARS found!');
}
if(isset($HTTP_POST_VARS['preview']))
{
$site_text = bbencode_first_pass(str_replace("\'", "''", $HTTP_POST_VARS['Sitetext']), '');
$site_text = str_replace($chars, $tags, $site_text);
$site_title = str_replace("\'", "''", $HTTP_POST_VARS['Sitename']);
$user_css = (isset($HTTP_POST_VARS['Sitecss'])) ? "<style type=\"text/css\"><br /><!--<br />" . $HTTP_POST_VARS['Sitecss'] . "<br />--><br /></style>" : ""; // Originally by Excursus
$bad = array("<script", "<form", "<iframe", "<?php", "?>", "<html>", "<body>", "</html>", "</body>");
$good = array("<script", "<form", "<iframe", "<?php", "?>", "<html>", "<body>", "</html>", "</body");
$title_website = (str_replace("''", "'", $site_title)) ? str_replace("''", "'", $site_title) : "";
$user_html = stripslashes(str_replace("''", "'", str_replace($bad, $good, $site_text)));
$user_html = bbencode_second_pass($user_html, '');
$colour = str_replace("'", "''", $HTTP_POST_VARS['Sitecolour']);
$db->sql_close();
echo '<html><body bgcolor="' . $colour . '">';
echo $user_css;
echo "<title>$title_website</title>";
echo $user_html;
echo '</body></html>';
echo '<br />';
echo '<font face="Arial"><table width="100%"><tr><td align="center">';
echo $lang['Admin_website_back'];
echo '</td></tr></table></font>';
}
if(isset($HTTP_POST_VARS['submit']))
{
$site_text = bbencode_first_pass(str_replace("\'", "''", $HTTP_POST_VARS['Sitetext']), '');
$site_title = str_replace("\'", "''", $HTTP_POST_VARS['Sitename']);
$site_css = str_replace("\'", "''", $HTTP_POST_VARS['Sitecss']);
if(intval($HTTP_POST_VARS['group']))
{
$sql = "UPDATE " . GROUPS_TABLE . " SET user_website_title = '$site_title', user_website_colour = '" . str_replace("'", "''", $HTTP_POST_VARS['Sitecolour']) . "', user_website_css = '$site_css', user_website_html = '$site_text' WHERE group_id = " . $HTTP_POST_VARS['group'];
}
else
{
$sql = "UPDATE " . USERS_TABLE . " SET user_website_title = '$site_title', user_website_colour = '" . str_replace("'", "''", $HTTP_POST_VARS['Sitecolour']) . "', user_website_css = '$site_css', user_website_html = '$site_text' WHERE user_id = " . $userdata['user_id'];
}
if(!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not update user website information');
}
else
{
if(intval($HTTP_POST_VARS['group']))
{
message_die(GENERAL_MESSAGE, sprintf($lang['Admin_website_updated'], "<a href='./website.$phpEx?group_id=" . intval($HTTP_POST_VARS['group']) . "'>", "</a>"));
}
else
{
message_die(GENERAL_MESSAGE, sprintf($lang['Admin_website_updated'], "<a href='./website.$phpEx?id=" . $userdata['user_id'] . "'>", "</a>"));
}
}
}
}
?>