Money, money, money...

Captain Joined: Jan 17, 2003 Posts: 629 Location: Europe

// it is horrible right now

Yes, I do agree. I might be an idealist, because I do believe perfect principles will sooner or later produce perfect results.

General Joined: Mar 22, 2003 Posts: 5233 Location: USA

Only if implemented by perfect people Wink

Purists and idealists are very lonely people. That's why we all tend to compromise at some point - we get lonely Crying or Very sad

Posted: Sat May 24, 2003 8:46 pm

I only found out about the whole 6.6 issue today and for the last hour I've been going through the offical nuke site, the thread here etc.

I am pretty shocked to say the least, I only found out about phpnuke a few weeks ago and since then I have been continuously working on it and trying to build a new website.

I've been extensively enjoying the excellent support on nukecops.
I am quite concerned about sticking with nuke 6.5 or drop the whole thing all together which would be a real shame.

All my plans have pretty much been shattered here and I need to find some solution as how to continue. I am running a phpBB forum at the moment, loosing my current contents is not really an option.

The e107 thing looks good as well but it doesn't seem to use phpBB?

It sounds like the end of phpNuke to me alright, this FB guy is obviously not wanting to budge and is only after cash. Whatever will happen next it seems that the trust in phpNuke from the wider community is irreversably damaged.

So only question left, what do we go with now?

General Joined: Mar 22, 2003 Posts: 5233 Location: USA

Hang in there Smile

. The boat's still afloat. We're considering our options. Stay tuned .....

Posted: Sat May 24, 2003 9:44 pm

I'm only vaguely familiar with all the GNU/GPL licensing.
But if this actually is illegal, will someone actually do something about it?

Plus isn't this FB guy actually selling phpBB here as well as part of nuke? Talk about highway robbery!

I do hope you come up with some good options guys!

EDIT: PS I also let all my users know about this on my website!

Posted: Mon May 26, 2003 4:13 am

I also brought this up at phpBB, and I got an answer there that this 6.6 will become available to everyone after 30 days?

http://www.phpbb.com/phpBB/viewtopic.php?t=104397&highlight=

General Joined: Mar 22, 2003 Posts: 5233 Location: USA

FB is NOT releasing it!

Quote:

Re: PHP-Nuke 6.6 Released (Score: 1)
by nukelite on Friday, May 23 @ 02:58:30 EDT
(User Info | Send a Message) http://phpnuke.org
Hi... sorry but this is a Club only release. If at some point there is a serious security bug, then it will go public, otherwhise the public release will be version 7.0

FB has FINALLY acknowledged that anyone can release the 6.6. here is his quote:

Quote:

Re: PHP-Nuke 6.6 Released (Score: 1)
by nukelite on Monday, May 26 @ 01:09:31 EDT
(User Info | Send a Message) http://phpnuke.org
If you really know the GPL license you "should know" that you can distribute it... if you're asking it, you're not understanding the GPL and will be good idea to read it twice and read also the FAQ on the GNU website.

Yes, you can distribute it as you wish, even charging for it, which also the GPL grants to you, but don't expect from me to link back to it, I'll remove/delete any link to it from my site... clear? but YES you can distribute it... of course under the GPL terms... did you read it?

Why need you to ask something that's clear as the water?

Read the entire thread at http://phpnuke.org/modules.php?name=News&file=article&sid=5870&mode=nested&order=0&thold=0 .

Posted: Mon May 26, 2003 4:43 am

Been reading through all that stuff on the nuke site.

Let me see if I get this

He is not releasing 6.6 publically
He allows everyone else to spread his 6.6 release for free as per GPL license.
Once he does version 7 he will release it publically again.

It clears up the confusion but it certainly can't understand FB's logic.

Anyway, will this change the viewpoint that nukecops will be taking on 6.6, since it will still be publically available after all? (by people who publish 6.6 themselves as per GPL)
So will nukecops support it? And would you support version 7 upon release?

Cheers

Posted: Mon May 26, 2003 4:51 am

Hello,

My feelings are hurt Sad

because you all wont support 6.6

Don't punish us for what FB is doing. I really like the new associated addon for the news. I'm willing to pay the $10 and submit it here to the download section for the public to get it for free if you all would reconsider and support it.

I dont want to download it and run across problems with no support. Going to phpnuke.org for support is like pulling teeth from a newborn baby. Smile

General Joined: Mar 22, 2003 Posts: 5233 Location: USA

FF, get it here for free http://www.templeanime.org/modules.php?name=Downloads&d_op=getit&lid=2 . We are not YET supporting it and haven't decided what path we may take.

Posted: Mon May 26, 2003 9:31 am

Hey all...

been away for sometime.. just read about this.

what is the major difference between 6.5 and 6.6?
anyone know. My "club" membership expired the day before FB released 6.6.. things that make you go hmmm.

anyway.. what give with this?

Major Joined: Jan 13, 2003 Posts: 892

6.5secfix3 vs 6.6 at a glance (The fixes which the public doesn't need are mostly directly related to publically posted (bugtraq ect...) vulnerabilites.) Your on your own for the moment to decide if they are worth $10 to you. We didn't give them a very high rank at the time they were posted as most have existed for a long time without being much of a threat. I haven't looked at the changes to the your_account, webmail or weblinks files for specifics yet but the mainfile.php follows at the end of this post for anyone who wishes to have it. It adds filtering of the style tags as post requests.

66 files don't match
--------------------
html\admin\modules\content.php
html\admin\modules\stories.php
html\blocks\block-Login.php
html\blocks\block-Modules.php
html\blocks\block-User_Info.php
html\includes\constants.php
html\includes\sessions.php
html\includes\usercp_register.php
html\includes\usercp_viewprofile.php
html\language\lang-albanian.php
html\language\lang-arabic.php
html\language\lang-brazilian.php
html\language\lang-catala.php
html\language\lang-chinese.php
html\language\lang-czech.php
html\language\lang-danish.php
html\language\lang-dutch.php
html\language\lang-english.php
html\language\lang-euskara.php
html\language\lang-finnish.php
html\language\lang-french.php
html\language\lang-galego.php
html\language\lang-german.php
html\language\lang-greek.php
html\language\lang-hungarian.php
html\language\lang-icelandic.php
html\language\lang-indonesian.php
html\language\lang-italian.php
html\language\lang-macedonian.php
html\language\lang-norwegian.php
html\language\lang-polish.php
html\language\lang-portuguese.php
html\language\lang-romanian.php
html\language\lang-russian.php
html\language\lang-slovak.php
html\language\lang-slovenian.php
html\language\lang-spanish.php
html\language\lang-swedish.php
html\language\lang-thai.php
html\language\lang-turkish.php
html\language\lang-ukrainian.php
html\language\lang-vietnamese.php
html\modules\Downloads\index.php
html\modules\Downloads\voteinclude.php
html\modules\Forums\admin\admin_forums.php
html\modules\Forums\admin\admin_ranks.php
html\modules\Forums\admin\admin_ug_auth.php
html\modules\Forums\admin\admin_users.php
html\modules\Forums\admin\index.php
html\modules\Forums\templates\subSilver\admin\index_navigate.tpl
html\modules\Forums\common.php
html\modules\Forums\modcp.php
html\modules\Forums\profile.php
html\modules\Journal\index.php
html\modules\Members_List\index.php
html\modules\News\article.php
html\modules\News\comments.php
html\modules\Private_Messages\index.php
html\modules\Web_Links\index.php
html\modules\Web_Links\voteinclude.php
html\modules\WebMail\contactbook.php
html\modules\WebMail\mailfooter.php
html\modules\Your_Account\language\lang-spanish.php
html\modules\Your_Account\index.php
html\modules\Your_Account\navbar.php
html\mainfile.php

2 folders and files only on left
--------------------------------
html\images\menu\
html\updateforum.php

14 folders and files only on right
----------------------------------
html\modules\News\associates.php
html\themes\3D-Fantasy\
html\themes\Anagram\
html\themes\ExtraLite\
html\themes\Kaput\
html\themes\Karate\
html\themes\Milo\
html\themes\NukeNews\
html\themes\Odyssey\
html\themes\Sand_Journey\
html\themes\Slash\
html\themes\SlashOcean\
html\themes\Sunset\
html\themes\Traditional\

Code:

<?php

/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/

$phpver = phpversion();
if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
 $do_gzip_compress = TRUE;
 ob_start();
 ob_implicit_flush(0);
 //header('Content-Encoding: gzip');
}
}
}

$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}

if (!ini_get("register_globals")) {
import_request_variables('GPC');
}

foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
(eregi("$[^>]*\"?[^)]*$", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("I don't like you...");
}
}

foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
Header("Location: index.php");
die();
}
}

if (eregi("mainfile.php",$PHP_SELF)) {
Header("Location: index.php");
die();
}

if ($forum_admin == 1) {
require_once("../../../config.php");
require_once("../../../db/db.php");
} elseif (inside_mod == 1) {
require_once("../../config.php");
require_once("../../db/db.php");
} else {
require_once("config.php");
require_once("db/db.php");
/* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
/* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
require_once("includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
}

$mainfile = 1;
$sql = "SELECT sitename, nukeurl, site_logo, slogan, startdate, adminmail, anonpost, Default_Theme, foot1, foot2, foot3, commentlimit, anonymous, minpass, pollcomm, articlecomm, broadcast_msg, my_headlines, top, storyhome, user_news, oldnum, ultramode, banners, backend_title, backend_language, language, locale, multilingual, useflags, notify, notify_email, notify_subject, notify_message, notify_from, footermsgtxt, email_send, attachmentdir, attachments, attachments_view, download_dir, defaultpopserver, singleaccount, singleaccountname, numaccounts, imgpath, filter_forward, moderate, admingraphic, httpref, httprefmax, CensorMode, CensorReplace, copyright, Version_Num FROM ".$prefix."_config";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$sitename = $row[sitename];
$nukeurl = $row[nukeurl];
$site_logo = $row[site_logo];
$slogan = $row[slogan];
$startdate = $row[startdate];
$adminmail = $row[adminmail];
$anonpost = $row[anonpost];
$Default_Theme = $row[Default_Theme];
$foot1 = $row[foot1];
$foot2 = $row[foot2];
$foot3 = $row[foot3];
$commentlimit = $row[commentlimit];
$anonymous = $row[anonymous];
$minpass = $row[minpass];
$pollcomm = $row[pollcomm];
$articlecomm = $row[articlecomm];
$broadcast_msg = $row[broadcast_msg];
$my_headlines = $row[my_headlines];
$top = $row[top];
$storyhome = $row[storyhome];
$user_news = $row[user_news];
$oldnum = $row[oldnum];
$ultramode = $row[ultramode];
$banners = $row[banners];
$backend_title = $row[backend_title];
$backend_language = $row[backend_language];
$language = $row[language];
$locale = $row[locale];
$multilingual = $row[multilingual];
$useflags = $row[useflags];
$notify = $row[notify];
$notify_email = $row[notify_email];
$notify_subject = $row[notify_subject];
$notify_message = $row[notify_message];
$notify_from = $row[notify_from];
$footermsgtxt = $row[footermsgtxt];
$email_send = $row[email_send];
$attachmentdir = $row[attachmentdir];
$attachments = $row[attachments];
$attachments_view = $row[attachments_view];
$download_dir = $row[download_dir];
$defaultpopserver = $row[defaultpopserver];
$singleaccount = $row[singleaccount];
$singleaccountname = $row[singleaccountname];
$numaccounts = $row[numaccounts];
$imgpath = $row[imgpath];
$filter_forward = $row[filter_forward];
$moderate = $row[moderate];
$admingraphic = $row[admingraphic];
$httpref = $row[httpref];
$httprefmax = $row[httprefmax];
$CensorMode = $row[CensorMode];
$CensorReplace = $row[CensorReplace];
$copyright = $row[copyright];
$Version_Num = $row[Version_Num];
$domain = eregi_replace("http://", "", $nukeurl);
$tipath = "images/topics/";
$mtime = microtime();
$mtime = explode(" ",$mtime);
$mtime = $mtime[1] + $mtime[0];
$start_time = $mtime;

if ($forum_admin != 1) {
if (isset($newlang) AND !eregi("\.","$newlang")) {
if (file_exists("language/lang-$newlang.php")) {
 setcookie("lang",$newlang,time()+31536000);
 include("language/lang-$newlang.php");
 $currentlang = $newlang;
} else {
 setcookie("lang",$language,time()+31536000);
 include("language/lang-$language.php");
 $currentlang = $language;
}
} elseif (isset($lang)) {
include("language/lang-$lang.php");
$currentlang = $lang;
} else {
setcookie("lang",$language,time()+31536000);
include("language/lang-$language.php");
$currentlang = $language;
}
}

function get_lang($module) {
global $currentlang, $language;
if (file_exists("modules/$module/language/lang-$currentlang.php")) {
if ($module == admin) {
 include_once("admin/language/lang-$currentlang.php");
} else {
 include_once("modules/$module/language/lang-$currentlang.php");
}
} else {
if ($module == admin) {
 include_once("admin/language/lang-$currentlang.php");
} else {
 include_once("modules/$module/language/lang-$language.php");
}
}
}

function is_admin($admin) {
global $prefix, $db;
if(!is_array($admin)) {
$admin = base64_decode($admin);
$admin = explode(":", $admin);
$aid = "$admin[0]";
$pwd = "$admin[1]";
} else {
$aid = "$admin[0]";
$pwd = "$admin[1]";
}
if ($aid != "" AND $pwd != "") {
$sql = "SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$pass = $row[pwd];
if($pass == $pwd && $pass != "") {
 return 1;
}
}
return 0;
}

function is_user($user) {
global $prefix, $db, $user_prefix;
if(!is_array($user)) {
$user = base64_decode($user);
$user = explode(":", $user);
$uid = "$user[0]";
$pwd = "$user[2]";
} else {
$uid = "$user[0]";
$pwd = "$user[2]";
}
if ($uid != "" AND $pwd != "") {
$sql = "SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$pass = $row[user_password];
if($pass == $pwd && $pass != "") {
 return 1;
}
}
return 0;
}

function title($text) {
OpenTable();
echo "<center>$text</center>";
CloseTable();
echo " ";
}

function is_active($module) {
global $prefix, $db;
$sql = "SELECT active FROM ".$prefix."_modules WHERE title='$module'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$act = $row[active];
if (!$result OR $act == 0) {
return 0;
} else {
return 1;
}
}

function render_blocks($side, $blockfile, $title, $content, $bid, $url) {
if ($url == "") {
if ($blockfile == "") {
 if ($side == "c") {
 themecenterbox($title, $content);
 } elseif ($side == "d") {
 themecenterbox($title, $content);
 } else {
 themesidebox($title, $content);
 }
} else {
 if ($side == "c") {
 blockfileinc($title, $blockfile, 1);
 } elseif ($side == "d") {
 blockfileinc($title, $blockfile, 1);
 } else {
 blockfileinc($title, $blockfile);
 }
}
} else {
if ($side == "c" OR $side == "d") {
 headlines($bid,1);
} else {
 headlines($bid);
}
}
}

function blocks($side) {
global $storynum, $prefix, $multilingual, $currentlang, $db, $admin, $user;
if ($multilingual == 1) {
$querylang = "AND (blanguage='$currentlang' OR blanguage='')";
} else {
$querylang = "";
}
if (strtolower($side[0]) == "l") {
$pos = "l";
} elseif (strtolower($side[0]) == "r") {
$pos = "r";
} elseif (strtolower($side[0]) == "c") {
$pos = "c";
} elseif (strtolower($side[0]) == "d") {
$pos = "d";
}
$side = $pos;
$sql = "SELECT bid, bkey, title, content, url, blockfile, view FROM ".$prefix."_blocks WHERE bposition='$pos' AND active='1' $querylang ORDER BY weight ASC";
$result = $db->sql_query($sql);
while($row = $db->sql_fetchrow($result)) {
$bid = $row[bid];
$title = $row[title];
$content = $row[content];
$url = $row[url];
$blockfile = $row[blockfile];
$view = $row[view];
if ($row[bkey] == admin) {
 adminblock();
} elseif ($row[bkey] == userbox) {
 userblock();
} elseif ($row[bkey] == "") {
 if ($view == 0) {
 render_blocks($side, $blockfile, $title, $content, $bid, $url);
 } elseif ($view == 1 AND is_user($user) || is_admin($admin)) {
 render_blocks($side, $blockfile, $title, $content, $bid, $url);
 } elseif ($view == 2 AND is_admin($admin)) {
 render_blocks($side, $blockfile, $title, $content, $bid, $url);
 } elseif ($view == 3 AND !is_user($user) || is_admin($admin)) {
 render_blocks($side, $blockfile, $title, $content, $bid, $url);
 }
}
}
}

function message_box() {
global $bgcolor1, $bgcolor2, $user, $admin, $cookie, $textcolor2, $prefix, $multilingual, $currentlang, $db;
if ($multilingual == 1) {
$querylang = "AND (mlanguage='$currentlang' OR mlanguage='')";
} else {
$querylang = "";
}
$sql = "SELECT mid, title, content, date, expire, view FROM ".$prefix."_message WHERE active='1' $querylang";
$result = $db->sql_query($sql);
if ($numrows = $db->sql_numrows($result) == 0) {
return;
} else {
while ($row = $db->sql_fetchrow($result)) {
 $mid = $row[mid];
 $title = $row[title];
 $content = $row[content];
 $mdate = $row[date];
 $expire = $row[expire];
 $view = $row[view];
if ($title != "" && $content != "") {
 if ($expire == 0) {
 $remain = _UNLIMITED;
 } else {
 $etime = (($mdate+$expire)-time())/3600;
 $etime = (int)$etime;
 if ($etime < 1) {
 $remain = _EXPIRELESSHOUR;
 } else {
 $remain = ""._EXPIREIN." $etime "._HOURS."";
 }
 }
 if ($view == 4 AND is_admin($admin)) {
OpenTable();
echo "<center>$title</center> \n"
 ."$content"
 ." <center>[ "._MVIEWADMIN." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
 CloseTable();
 echo " ";
 } elseif ($view == 3 AND is_user($user) || is_admin($admin)) {
OpenTable();
echo "<center>$title</center> \n"
 ."$content";
 if (is_admin($admin)) {
 echo " <center>[ "._MVIEWUSERS." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
 }
 CloseTable();
 echo " ";
 } elseif ($view == 2 AND !is_user($user) || is_admin($admin)) {
OpenTable();
echo "<center>$title</center> \n"
 ."$content";
 if (is_admin($admin)) {
 echo " <center>[ "._MVIEWANON." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
 }
 CloseTable();
 echo " ";
 } elseif ($view == 1) {
OpenTable();
echo "<center>$title</center> \n"
 ."$content";
 if (is_admin($admin)) {
 echo " <center>[ "._MVIEWALL." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
 }
 CloseTable();
 echo " ";
 }
 if ($expire != 0) {
 $past = time()-$expire;
 if ($mdate < $past) {
 $db->sql_query("UPDATE ".$prefix."_message SET active='0' WHERE mid='$mid'");
 }
 }
 }
}
}
}

function online() {
global $user, $cookie, $prefix, $db;
cookiedecode($user);
$ip = $_SERVER["REMOTE_ADDR"];
$uname = $cookie[1];
if (!isset($uname)) {
$uname = "$ip";
$guest = 1;
}
$past = time()-1800;
$sql = "DELETE FROM ".$prefix."_session WHERE time < $past";
$db->sql_query($sql);
$sql = "SELECT time FROM ".$prefix."_session WHERE uname='$uname'";
$result = $db->sql_query($sql);
$ctime = time();
if ($row = $db->sql_fetchrow($result)) {
$sql = "UPDATE ".$prefix."_session SET uname='$uname', time='$ctime', host_addr='$ip', guest='$guest' WHERE uname='$uname'";
$db->sql_query($sql);
} else {
$sql = "INSERT INTO ".$prefix."_session (uname, time, host_addr, guest) VALUES ('$uname', '$ctime', '$ip', '$guest')";
$db->sql_query($sql);
}
}

function blockfileinc($title, $blockfile, $side=0) {
$blockfiletitle = $title;
$file = @file("blocks/$blockfile");
if (!$file) {
$content = _BLOCKPROBLEM;
} else {
include("blocks/$blockfile");
}
if ($content == "") {
$content = _BLOCKPROBLEM2;
}
if ($side == 1) {
themecenterbox($blockfiletitle, $content);
} elseif ($side == 2) {
themecenterbox($blockfiletitle, $content);
} else {
themesidebox($blockfiletitle, $content);
}
}

function selectlanguage() {
global $useflags, $currentlang;
if ($useflags == 1) {
$title = _SELECTLANGUAGE;
$content = "<center>"._SELECTGUILANG." ";
$langdir = dir("language");
while($func=$langdir->read()) {
if(substr($func, 0, 5) == "lang-") {
 $menulist .= "$func ";
}
}
closedir($langdir->handle);
$menulist = explode(" ", $menulist);
sort($menulist);
for ($i=0; $i < sizeof($menulist); $i++) {
if($menulist[$i]!="") {
 $tl = ereg_replace("lang-","",$menulist[$i]);
 $tl = ereg_replace(".php","",$tl);
 $altlang = ucfirst($tl);
 $content .= "<a href=\"index.php?newlang=$tl\"><img src=\"images/language/flag-$tl.png\" border=\"0\" alt=\"$altlang\" title=\"$altlang\" hspace=\"3\" vspace=\"3\"></a> ";
}
}
$content .= "</center>";
themesidebox($title, $content);
} else {
$title = _SELECTLANGUAGE;
$content = "<center>"._SELECTGUILANG." ";
$content .= "<form action=\"index.php\" method=\"get\"><select name=\"newlanguage\" onChange=\"top.location.href=this.options[this.selectedIndex].value\">";
 $handle=opendir('language');
 while ($file = readdir($handle)) {
 if (preg_match("/^lang\-(.+)\.php/", $file, $matches)) {
 $langFound = $matches[1];
 $languageslist .= "$langFound ";
 }
 }
 closedir($handle);
 $languageslist = explode(" ", $languageslist);
 sort($languageslist);
 for ($i=0; $i < sizeof($languageslist); $i++) {
 if($languageslist[$i]!="") {
$content .= "<option value=\"index.php?newlang=$languageslist[$i]\" ";
 if($languageslist[$i]==$currentlang) $content .= " selected";
$content .= ">".ucfirst($languageslist[$i])."</option>\n";
 }
}
$content .= "</select></form></center>";
themesidebox($title, $content);
}
}

function ultramode() {
global $prefix, $db;
$ultra = "ultramode.txt";
$file = fopen("$ultra", "w");
fwrite($file, "General purpose self-explanatory file with news headlines\n");
$sql = "SELECT sid, aid, title, time, comments, topic FROM ".$prefix."_stories ORDER BY time DESC LIMIT 0,10";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$sql = "select topictext, topicimage from ".$prefix."_topics where topicid='$row[topic]'";
$result = $db->sql_query($result);
$row2 = $db->sql_fetchrow($result);
$topictext = $row2[topictext];
$topicimage = $row2[topicimage];
$content = "%%\n$row[title]\n/modules.php?name=News&file=article&sid=$row[sid]\n$row[time]\n$row[aid]\n$row2[topictext]\n$row[comments]\n$row2[topicimage]\n";
fwrite($file, $content);
}
fclose($file);
}

function cookiedecode($user) {
global $cookie, $prefix, $db, $user_prefix;
$user = base64_decode($user);
$cookie = explode(":", $user);
$sql = "SELECT user_password FROM ".$user_prefix."_users WHERE username='$cookie[1]'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$pass = $row[user_password];
if ($cookie[2] == $pass && $pass != "") {
return $cookie;
} else {
unset($user);
unset($cookie);
}
}

function getusrinfo($user) {
global $userinfo, $user_prefix, $db;
$user2 = base64_decode($user);
$user3 = explode(":", $user2);
$sql = "SELECT * FROM ".$user_prefix."_users WHERE username='$user3[1]' AND user_password='$user3[2]'";
$result = $db->sql_query($sql);
if ($db->sql_numrows($result) == 1) {
$userinfo = $db->sql_fetchrow($result);
}
return $userinfo;
}

function FixQuotes ($what = "") {
$what = ereg_replace("'","''",$what);
while (eregi("\\\\'", $what)) {
$what = ereg_replace("\\\\'","'",$what);
}
return $what;
}

/*********************************************************/
/* text filter */
/*********************************************************/

function check_words($Message) {
global $EditedMessage;
include("config.php");
$EditedMessage = $Message;
if ($CensorMode != 0) {
if (is_array($CensorList)) {
 $Replace = $CensorReplace;
 if ($CensorMode == 1) {
 for ($i = 0; $i < count($CensorList); $i++) {
 $EditedMessage = eregi_replace("$CensorList[$i]([^a-zA-Z0-9])","$Replace\\1",$EditedMessage);
 }
 } elseif ($CensorMode == 2) {
 for ($i = 0; $i < count($CensorList); $i++) {
 $EditedMessage = eregi_replace("(^|[^[:alnum:]])$CensorList[$i]","\\1$Replace",$EditedMessage);
 }
 } elseif ($CensorMode == 3) {
 for ($i = 0; $i < count($CensorList); $i++) {
 $EditedMessage = eregi_replace("$CensorList[$i]","$Replace",$EditedMessage);
 }
 }
}
}
return ($EditedMessage);
}

function delQuotes($string){
/* no recursive function to add quote to an HTML tag if needed */
/* and delete duplicate spaces between attribs. */
$tmp=""; # string buffer
$result=""; # result string
$i=0;
$attrib=-1; # Are us in an HTML attrib ? -1: no attrib 0: name of the attrib 1: value of the atrib
$quote=0; # Is a string quote delimited opened ? 0=no, 1=yes
$len = strlen($string);
while ($i<$len) {
switch($string[$i]) { # What car is it in the buffer ?
 case "\"": #" # a quote.
 if ($quote==0) {
 $quote=1;
 } else {
 $quote=0;
 if (($attrib>0) && ($tmp != "")) { $result .= "=\"$tmp\""; }
 $tmp="";
 $attrib=-1;
 }
 break;
 case "=": # an equal - attrib delimiter
 if ($quote==0) { # Is it found in a string ?
 $attrib=1;
 if ($tmp!="") $result.=" $tmp";
 $tmp="";
 } else $tmp .= '=';
 break;
 case " ": # a blank ?
 if ($attrib>0) { # add it to the string, if one opened.
 $tmp .= $string[$i];
 }
 break;
 default: # Other
 if ($attrib<0) # If we weren't in an attrib, set attrib to 0
 $attrib=0;
 $tmp .= $string[$i];
 break;
}
$i++;
}
if (($quote!=0) && ($tmp != "")) {
if ($attrib==1) $result .= "=";
/* If it is the value of an atrib, add the '=' */
$result .= "\"$tmp\""; /* Add quote if needed (the reason of the function ;-) */
}
return $result;
}

function check_html ($str, $strip="") {
/* The core of this code has been lifted from phpslash */
/* which is licenced under the GPL. */
include("config.php");
if ($strip == "nohtml")
$AllowableHTML=array('');
$str = stripslashes($str);
$str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>",
'<\\1>', $str);
// Delete all spaces from html tags .
$str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?[[:space:]]*([^\" >]*)[[:space:]]*\"?[^>]*>",
'<a href="\\1">', $str); # "
// Delete all attribs from Anchor, except an href, double quoted.
$str = eregi_replace("<[[:space:]]* img[[:space:]]*([^>]*)[[:space:]]*>", '', $str);
 // Delete all img tags
$tmp = "";
while (ereg("<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>",$str,$reg)) {
 $i = strpos($str,$reg[0]);
 $l = strlen($reg[0]);
 if ($reg[1][0] == "/") $tag = strtolower(substr($reg[1],1));
 else $tag = strtolower($reg[1]);
 if ($a = $AllowableHTML[$tag])
 if ($reg[1][0] == "/") $tag = "</$tag>";
 elseif (($a == 1) || ($reg[2] == "")) $tag = "<$tag>";
 else {
 # Place here the double quote fix function.
 $attrb_list=delQuotes($reg[2]);
 // A VER
 $attrb_list = ereg_replace("&","&",$attrb_list);
 $tag = "<$tag" . $attrb_list . ">";
 } # Attribs in tag allowed
 else $tag = "";
 $tmp .= substr($str,0,$i) . $tag;
 $str = substr($str,$i+$l);
}
$str = $tmp . $str;
return $str;
exit;
/* Squash PHP tags unconditionally */
$str = ereg_replace("<\?","",$str);
return $str;
}

function filter_text($Message, $strip="") {
global $EditedMessage;
check_words($Message);
$EditedMessage=check_html($EditedMessage, $strip);
return ($EditedMessage);
}

/*********************************************************/
/* formatting stories */
/*********************************************************/

function formatTimestamp($time) {
global $datetime, $locale;
setlocale (LC_TIME, $locale);
ereg ("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})", $time, $datetime);
$datetime = strftime(""._DATESTRING."", mktime($datetime[4],$datetime[5],$datetime[6],$datetime[2],$datetime[3],$datetime[1]));
$datetime = ucfirst($datetime);
return($datetime);
}

function formatAidHeader($aid) {
global $prefix, $db;
$sql = "SELECT url, email FROM ".$prefix."_authors WHERE aid='$aid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$url = $row[url];
$email = $row[email];
if (isset($url)) {
$aid = "<a href=\"$url\">$aid</a>";
} elseif (isset($email)) {
$aid = "<a href=\"mailto:$email\">$aid</a>";
} else {
$aid = $aid;
}
echo "$aid";
}

function get_author($aid) {
global $prefix, $db;
$sql = "SELECT url, email FROM ".$prefix."_authors WHERE aid='$aid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
if (isset($row[url])) {
$aid = "<a href=\"$row[url]\">$aid</a>";
} elseif (isset($row[email])) {
$aid = "<a href=\"mailto:$row[email]\">$aid</a>";
} else {
$aid = $aid;
}
return($aid);
}

function themepreview($title, $hometext, $bodytext="", $notes="") {
echo "$title $hometext";
if ($bodytext != "") {
echo " $bodytext";
}
if ($notes != "") {
echo " "._NOTE." $notes";
}
}

function adminblock() {
global $admin, $prefix, $db;
if (is_admin($admin)) {
$sql = "SELECT title, content FROM ".$prefix."_blocks WHERE bkey='admin'";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
 $content = "$row[content]";
 themesidebox($row[title], $row[content]);
}
$title = ""._WAITINGCONT."";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_queue"));
$content = "";
$content .= "<big>&</big>&<a href=\"admin.php?op=submissions\">"._SUBMISSIONS."</a>: $num ";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_reviews_add"));
$content .= "<big>&</big>&<a href=\"admin.php?op=reviews\">"._WREVIEWS."</a>: $num ";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_links_newlink"));
$brokenl = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_links_modrequest WHERE brokenlink='1'"));
$modreql = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_links_modrequest WHERE brokenlink='0'"));
$content .= "<big>&</big>&<a href=\"admin.php?op=Links\">"._WLINKS."</a>: $num ";
$content .= "<big>&</big>&<a href=\"admin.php?op=LinksListModRequests\">"._MODREQLINKS."</a>: $modreql ";
$content .= "<big>&</big>&<a href=\"admin.php?op=LinksListBrokenLinks\">"._BROKENLINKS."</a>: $brokenl ";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_downloads_newdownload"));
$brokend = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_downloads_modrequest WHERE brokendownload='1'"));
$modreqd = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_downloads_modrequest WHERE brokendownload='0'"));
$content .= "<big>&</big>&<a href=\"admin.php?op=downloads\">"._UDOWNLOADS."</a>: $num ";
$content .= "<big>&</big>&<a href=\"admin.php?op=DownloadsListModRequests\">"._MODREQDOWN."</a>: $modreqd ";
$content .= "<big>&</big>&<a href=\"admin.php?op=DownloadsListBrokenDownloads\">"._BROKENDOWN."</a>: $brokend ";
themesidebox($title, $content);
}
}

function loginbox() {
global $user;
if (!is_user($user)) {
$title = _LOGIN;
$boxstuff = "<form action=\"modules.php?name=Your_Account\" method=\"post\">";
$boxstuff .= "<center>"._NICKNAME." ";
$boxstuff .= "<input type=\"text\" name=\"username\" size=\"8\" maxlength=\"25\"> ";
$boxstuff .= ""._PASSWORD." ";
$boxstuff .= "<input type=\"password\" name=\"user_password\" size=\"8\" maxlength=\"20\"> ";
$boxstuff .= "<input type=\"hidden\" name=\"op\" value=\"login\">";
$boxstuff .= "<input type=\"submit\" value=\""._LOGIN."\"></center></form>";
$boxstuff .= "<center>"._ASREGISTERED."</center>";
themesidebox($title, $boxstuff);
}
}

function userblock() {
global $user, $cookie, $db, $user_prefix;
if((is_user($user)) AND ($cookie[8])) {
$sql = "SELECT ublock FROM ".$user_prefix."_users WHERE user_id='$cookie[0]'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$title = ""._MENUFOR." $cookie[1]";
themesidebox($title, $row[ublock]);
}
}

function getTopics($s_sid) {
global $topicname, $topicimage, $topictext, $prefix, $db;
$sid = $s_sid;
$sql = "SELECT topic FROM ".$prefix."_stories WHERE sid='$sid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$sql = "SELECT topicid, topicname, topicimage, topictext FROM ".$prefix."_topics WHERE topicid='$row[topic]'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$topicid = $row[topicid];
$topicname = $row[topicname];
$topicimage = $row[topicimage];
$topictext = $row[topictext];
}

function headlines($bid, $cenbox=0) {
global $prefix, $db;
$sql = "SELECT title, content, url, refresh, time FROM ".$prefix."_blocks WHERE bid='$bid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$title = $row[title];
$content = $row[content];
$url = $row[url];
$refresh = $row[refresh];
$otime = $row[otime];
$past = time()-$refresh;
if ($otime < $past) {
$btime = time();
$rdf = parse_url($url);
$fp = fsockopen($rdf['host'], 80, $errno, $errstr, 15);
if (!$fp) {
 $content = "";
 $sql = "UPDATE ".$prefix."_blocks SET content='$content', time='$btime' WHERE bid='$bid'";
 $db->sql_query($sql);
 $cont = 0;
 if ($cenbox == 0) {
 themesidebox($title, $content);
 } else {
 themecenterbox($title, $content);
 }
 return;
}
if ($fp) {
 fputs($fp, "GET " . $rdf['path'] . "?" . $rdf['query'] . " HTTP/1.0\r\n");
 fputs($fp, "HOST: " . $rdf['host'] . "\r\n\r\n");
 $string = "";
 while(!feof($fp)) {
 $pagetext = fgets($fp,300);
 $string .= chop($pagetext);
 }
 fputs($fp,"Connection: close\r\n\r\n");
 fclose($fp);
 $items = explode("</item>",$string);
 $content = "";
 for ($i=0;$i<10;$i++) {
 $link = ereg_replace(".*<link>","",$items[$i]);
 $link = ereg_replace("</link>.*","",$link);
 $title2 = ereg_replace(".*<title>","",$items[$i]);
 $title2 = ereg_replace("</title>.*","",$title2);
 if ($items[$i] == "" AND $cont != 1) {
 $content = "";
 $sql = "UPDATE ".$prefix."_blocks SET content='$content', time='$btime' WHERE bid='$bid'";
 $db->sql_query($sql);
 $cont = 0;
 if ($cenbox == 0) {
 themesidebox($title, $content);
 } else {
 themecenterbox($title, $content);
 }
 return;
 } else {
 if (strcmp($link,$title2) AND $items[$i] != "") {
 $cont = 1;
 $content .= "<big>&</big><a href=\"$link\" target=\"new\">$title2</a> \n";
 }
 }
 }

}
$sql = "UPDATE ".$prefix."_blocks SET content='$content', time='$btime' WHERE bid='$bid'";
$db->sql_query($sql);
}
$siteurl = ereg_replace("http://","",$url);
$siteurl = explode("/",$siteurl);
if (($cont == 1) OR ($content != "")) {
$content .= " <a href=\"http://$siteurl[0]\" target=\"blank\">"._HREADMORE."</a>";
} elseif (($cont == 0) OR ($content == "")) {
$content = ""._RSSPROBLEM."";
}
if ($cenbox == 0) {
themesidebox($title, $content);
} else {
themecenterbox($title, $content);
}
}

function automated_news() {
global $prefix, $multilingual, $currentlang, $db;
if ($multilingual == 1) {
$querylang = "WHERE (alanguage='$currentlang' OR alanguage='')"; /* the OR is needed to display stories who are posted to ALL languages */
} else {
$querylang = "";
}
$today = getdate();
$day = $today[mday];
if ($day < 10) {
$day = "0$day";
}
$month = $today[mon];
if ($month < 10) {
$month = "0$month";
}
$year = $today[year];
$hour = $today[hours];
$min = $today[minutes];
$sec = "00";
$sql = "SELECT anid, time FROM ".$prefix."_autonews $querylang";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$anid = $row[anid];
$time = $row[time];
ereg ("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})", $time, $date);
if (($date[1] <= $year) AND ($date[2] <= $month) AND ($date[3] <= $day)) {
 if (($date[4] < $hour) AND ($date[5] >= $min) OR ($date[4] <= $hour) AND ($date[5] <= $min)) {
 $sql2 = "SELECT * FROM ".$prefix."_autonews WHERE anid='$anid'";
 $result2 = $db->sql_query($sql2);
 while ($row2 = $db->sql_fetchrow($result2)) {
 $title = stripslashes(FixQuotes($row2[title]));
 $hometext = stripslashes(FixQuotes($row2[hometext]));
 $bodytext = stripslashes(FixQuotes($row2[bodytext]));
 $notes = stripslashes(FixQuotes($row2[notes]));
 $sql = "INSERT INTO ".$prefix."_stories VALUES (NULL, '$row2[catid]', '$row2[aid]', '$title', '$row2[time]', '$hometext', '$bodytext', '0', '0', '$row2[topic]', '$row2[informant]', '$notes', '$row2[ihome]', '$row2[alanguage]', '$row2[acomm]', '0', '0', '0', '0', '$row2[associated]')";
 $db->sql_query($sql);
 $sql = "DELETE FROM ".$prefix."_autonews WHERE anid='$anid'";
 $db->sql_query($sql);
 }
 }
}
}
}

function themecenterbox($title, $content) {
OpenTable();
echo "<center>$title</center> "
."$content";
CloseTable();
echo " ";
}

function public_message() {
global $prefix, $user_prefix, $db, $user, $admin, $p_msg, $cookie, $broadcast_msg;
if ($broadcast_msg == 1) {
if (is_user($user)) {
cookiedecode($user);
$sql = "SELECT broadcast FROM ".$user_prefix."_users WHERE username='$cookie[1]'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$upref = $row[broadcast];
if ($upref == 1) {
 $t_off = " [ <a href=\"modules.php?name=Your_Account&op=edithome\">"._TURNOFFMSG."</a> ]";
 $pm_show = 1;
} else {
 $pm_show = 0;
}
} else {
$t_off = "";
}
if (!is_user($user) OR (is_user($user) AND ($pm_show == 1))) {
$c_mid = base64_decode($p_msg);
$sql = "SELECT mid, content, date, who FROM ".$prefix."_public_messages WHERE mid > '$c_mid' ORDER BY date ASC LIMIT 1";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$mid = $row[mid];
$content = $row[content];
$tdate = $row[date];
$who = $row[who];
if ((!isset($c_mid)) OR ($c_mid = $mid)) {
 $public_msg = " <table width=\"90%\" border=\"1\" cellspacing=\"2\" cellpadding=\"0\" bgcolor=\"FFFFFF\" align=\"center\"><tr><td>\n";
 $public_msg .= "<table width=\"100%\" border=\"0\" cellspacing=\"1\" cellpadding=\"2\" bgcolor=\"FF0000\"><tr><td>\n";
 $public_msg .= ""._BROADCASTFROM." <a href=\"userinfo-.html$who\">$who</a>: \"$content\"";
 $public_msg .= "$t_off";
 $public_msg .= "</td></tr></table>";
 $public_msg .= "</td></tr></table>";
 $ref_date = $tdate+600;
 $actual_date = time();
 if ($actual_date >= $ref_date) {
 $public_msg = "";
 $numrows = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_public_messages"));
 if ($numrows == 1) {
 $db->sql_query("DELETE FROM ".$prefix."_public_messages");
 $mid = 0;
 } else {
 $db->sql_query("DELETE FROM ".$prefix."_public_messages WHERE mid='$mid'");
 }
 }
 if ($mid == 0 OR $mid == "") {
 setcookie("p_msg");
 } else {
 $mid = base64_encode($mid);
 setcookie("p_msg",$mid,time()+600);
 }
}
}
} else {
$public_msg = "";
}
return($public_msg);
}

function get_theme() {
global $user, $cookie, $Default_Theme;
if(is_user($user)) {
$user2 = base64_decode($user);
$t_cookie = explode(":", $user2);
if($t_cookie[9]=="") $t_cookie[9]=$Default_Theme;
if(isset($theme)) $t_cookie[9]=$theme;
if(!$tfile=@opendir("themes/$t_cookie[9]")) {
 $ThemeSel = $Default_Theme;
} else {
 $ThemeSel = $t_cookie[9];
}
} else {
$ThemeSel = $Default_Theme;
}
return($ThemeSel);
}

function removecrlf($str) {
// Function for Security Fix by Ulf Harnhammar, VSU Security 2002
// Looks like I don't have so bad track record of security reports as Ulf believes
// He decided to not contact me, but I'm always here, digging on the net
return strtr($str, "\015\012", ' ');
}

?>