├── classes ├── index.html ├── post.class.php ├── webm.class.php ├── tag.class.php ├── extimage.class.php ├── cache.class.php ├── comment.class.php ├── innodb.search.class.php ├── user.class.php └── search.class.php ├── counter ├── index.html ├── 0.png ├── 1.png ├── 2.png ├── 3.png ├── 4.png ├── 5.png ├── 6.png ├── 7.png ├── 8.png ├── 9.png └── quote.gif ├── images ├── index.html └── 404.jpg ├── public ├── index.html ├── current_date.php ├── domains.php ├── addfav.php ├── report.php ├── post_vote.php ├── remove.php └── note_save.php ├── script ├── index.html ├── pngfix.js ├── sound.js ├── scriptaculous.js └── builder.js ├── tmp └── index.html ├── includes ├── index.html ├── forum │ ├── index.html │ ├── forum_search.php │ ├── forum_post.php │ ├── forum_remove.php │ ├── forum_edit.php │ ├── forum_list.php │ ├── forum_add.php │ └── forum_view.php ├── search.php ├── posts.php ├── forum.php ├── login.php ├── account.php ├── post_vote.php ├── index.php ├── post_random.php ├── signup.php ├── header.php ├── api_view.php ├── alias.php ├── users.php ├── reset_password.php ├── dapi.php ├── account_options.php ├── favorites.php ├── account_profile.php ├── api_list.php └── history.php ├── thumbnails └── index.html ├── LICENSE.txt ├── default.png ├── favicon.ico ├── gelbooru.png ├── README.md ├── extras ├── lightbox2.04.zip ├── bytebox.css ├── readme.txt └── bytebox.js ├── autoload.php ├── inv.header.php ├── admin ├── header.php ├── tcon_depoint.php ├── index.php ├── admin.functions.php ├── add_group.php ├── left_menu.php ├── mass_parent.php ├── edit_user.php ├── alias.php ├── reported_posts.php ├── reported_comments.php ├── ban_user.php └── edit_group_permission.php ├── gelbooru.src ├── auto_login.php ├── help ├── index.php ├── forum.php ├── posts.php └── ratings.php ├── .gitattributes ├── thumbnail.php ├── .gitignore ├── optimize_defrag.php ├── thumbs_fix.php ├── upgrades ├── 0.1.10 │ └── index.php └── 0.1.11 │ └── index.php ├── index.php ├── install ├── index.php └── Readme.txt ├── functions.global.php ├── image_data.php ├── gelbooru.xml ├── config.php └── batch_add.php /classes/index.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /counter/index.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /images/index.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /public/index.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /script/index.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tmp/index.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /includes/index.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /thumbnails/index.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /includes/forum/index.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /public/current_date.php: -------------------------------------------------------------------------------- 1 | 4 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zixaphir/gelbooru-fork/HEAD/LICENSE.txt -------------------------------------------------------------------------------- /default.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zixaphir/gelbooru-fork/HEAD/default.png -------------------------------------------------------------------------------- /favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zixaphir/gelbooru-fork/HEAD/favicon.ico -------------------------------------------------------------------------------- /gelbooru.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zixaphir/gelbooru-fork/HEAD/gelbooru.png -------------------------------------------------------------------------------- /counter/0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zixaphir/gelbooru-fork/HEAD/counter/0.png -------------------------------------------------------------------------------- /counter/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zixaphir/gelbooru-fork/HEAD/counter/1.png -------------------------------------------------------------------------------- /counter/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zixaphir/gelbooru-fork/HEAD/counter/2.png -------------------------------------------------------------------------------- /counter/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zixaphir/gelbooru-fork/HEAD/counter/3.png -------------------------------------------------------------------------------- /counter/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zixaphir/gelbooru-fork/HEAD/counter/4.png -------------------------------------------------------------------------------- /counter/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zixaphir/gelbooru-fork/HEAD/counter/5.png -------------------------------------------------------------------------------- /counter/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zixaphir/gelbooru-fork/HEAD/counter/6.png -------------------------------------------------------------------------------- /counter/7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zixaphir/gelbooru-fork/HEAD/counter/7.png -------------------------------------------------------------------------------- /counter/8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zixaphir/gelbooru-fork/HEAD/counter/8.png -------------------------------------------------------------------------------- /counter/9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zixaphir/gelbooru-fork/HEAD/counter/9.png -------------------------------------------------------------------------------- /images/404.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zixaphir/gelbooru-fork/HEAD/images/404.jpg -------------------------------------------------------------------------------- /counter/quote.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zixaphir/gelbooru-fork/HEAD/counter/quote.gif -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # gelbooru-fork 2 | A continuation of Gelbooru 0.1 beta with an emphasis on usability. 3 | -------------------------------------------------------------------------------- /extras/lightbox2.04.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zixaphir/gelbooru-fork/HEAD/extras/lightbox2.04.zip -------------------------------------------------------------------------------- /autoload.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /public/domains.php: -------------------------------------------------------------------------------- 1 | ",$domains); 4 | ?> 5 | -------------------------------------------------------------------------------- /includes/search.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /includes/forum/forum_search.php: -------------------------------------------------------------------------------- 1 | real_escape_string($_POST['search']); 5 | header("Location: index.php?page=forum&s=list&query=$search"); 6 | } 7 | ?> -------------------------------------------------------------------------------- /inv.header.php: -------------------------------------------------------------------------------- 1 | set_charset('utf8'); 7 | require "auto_login.php"; 8 | ?> -------------------------------------------------------------------------------- /admin/header.php: -------------------------------------------------------------------------------- 1 | gotpermission('admin_panel')) 5 | { 6 | header("Location:../"); 7 | exit; 8 | } 9 | define('_IN_ADMIN_HEADER_',true); 10 | require "left_menu.php"; 11 | ?> -------------------------------------------------------------------------------- /gelbooru.src: -------------------------------------------------------------------------------- 1 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /admin/tcon_depoint.php: -------------------------------------------------------------------------------- 1 | gotpermission('is_admin')) 5 | header("Location:../"); 6 | exit; 7 | } 8 | $s1 = "UPDATE posts set score='-100' where tags LIKE '% toddlercon %' AND rating !='safe'"; 9 | $db->query($s1) or die($db->error); 10 | ?> -------------------------------------------------------------------------------- /auto_login.php: -------------------------------------------------------------------------------- 1 | check_log()) 6 | { 7 | setcookie("user_id","",time()-60*60*24*365); 8 | setcookie("pass_hash","",time()-60*60*24*365); 9 | } 10 | } 11 | ?> -------------------------------------------------------------------------------- /includes/posts.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /help/index.php: -------------------------------------------------------------------------------- 1 | 5 |
6 |
7 |

Help

8 | 13 |
-------------------------------------------------------------------------------- /extras/bytebox.css: -------------------------------------------------------------------------------- 1 | #bb_ov{ position: absolute; top: 0; left: 0; z-index: 90; width: 100%; height: 500px; background-color: #000; } 2 | #bb_div{ 3 | padding:20px; 4 | padding-bottom:0px; 5 | z-index:100; 6 | background:#FFFFFF; 7 | position:absolute; 8 | } 9 | #bb_a{ 10 | font-family:Arial, Helvetica, sans-serif; 11 | color:#999999; 12 | font-weight:bold; 13 | text-decoration:none; 14 | font-size:14px; 15 | } 16 | #bb_da{ 17 | padding:10px; 18 | } -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | 4 | # Custom for Visual Studio 5 | *.cs diff=csharp 6 | 7 | # Standard to msysgit 8 | *.doc diff=astextplain 9 | *.DOC diff=astextplain 10 | *.docx diff=astextplain 11 | *.DOCX diff=astextplain 12 | *.dot diff=astextplain 13 | *.DOT diff=astextplain 14 | *.pdf diff=astextplain 15 | *.PDF diff=astextplain 16 | *.rtf diff=astextplain 17 | *.RTF diff=astextplain 18 | *.js diff=astextplain 19 | -------------------------------------------------------------------------------- /extras/readme.txt: -------------------------------------------------------------------------------- 1 | Find the first instance of $data = ''; in post_view.php 2 | Under and before '; add in: 3 | 6 | 7 | In the tag list area if you're unsure of where to put it. 8 | Original Image 9 | 10 | 11 | 12 | 13 | 14 | header.php add 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /includes/forum.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /admin/index.php: -------------------------------------------------------------------------------- 1 | 19 |
-------------------------------------------------------------------------------- /thumbnail.php: -------------------------------------------------------------------------------- 1 | real_escape_string(basename($_SERVER["PATH_INFO"])); 4 | if(!is_numeric($id)) 5 | die; 6 | $misc = new misc; 7 | $query = "SELECT image, directory, ext FROM $post_table WHERE id='$id' LIMIT 1"; 8 | $result = $db->query($query); 9 | $row = $result->fetch_assoc(); 10 | $f = fopen("./thumbnails".$misc->getThumb($row['image'], $row['dir']),"rb") or die; 11 | $data = ''; 12 | header("Cache-Control: store, cache"); 13 | header("Pragma: cache"); 14 | header("Content-type: image/".str_replace(".","",$row['ext'])); 15 | while(!feof($f)) 16 | { 17 | $data .= fread($f, 8192); 18 | } 19 | fclose($f); 20 | print $data; 21 | flush(); 22 | ?> 23 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Windows image file caches 2 | Thumbs.db 3 | ehthumbs.db 4 | 5 | # Folder config file 6 | Desktop.ini 7 | 8 | # Recycle Bin used on file shares 9 | $RECYCLE.BIN/ 10 | 11 | # Windows Installer files 12 | *.cab 13 | *.msi 14 | *.msm 15 | *.msp 16 | 17 | # Windows shortcuts 18 | *.lnk 19 | 20 | # ========================= 21 | # Operating System Files 22 | # ========================= 23 | 24 | # OSX 25 | # ========================= 26 | 27 | .DS_Store 28 | .AppleDouble 29 | .LSOverride 30 | 31 | # Thumbnails 32 | ._* 33 | 34 | # Files that might appear on external disk 35 | .Spotlight-V100 36 | .Trashes 37 | 38 | # Directories potentially created on remote AFP share 39 | .AppleDB 40 | .AppleDesktop 41 | Network Trash Folder 42 | Temporary Items 43 | .apdisk 44 | -------------------------------------------------------------------------------- /optimize_defrag.php: -------------------------------------------------------------------------------- 1 | gotpermission('is_admin')) 5 | { 6 | header('Location: index.php'); 7 | exit; 8 | } 9 | //turn verbose on/off (on shows output of processed tables) 10 | $verbose = true; 11 | $query = "SHOW TABLE STATUS"; 12 | $result = $db->query($query) or die($db->error); 13 | while($row = $result->fetch_assoc()) 14 | { 15 | if($row['Data_free'] > 0) 16 | { 17 | $ret = "OPTIMIZE TABLE ".$row['Name']; 18 | $db->query($ret); 19 | $ret = "ANALYZE TABLE ".$row['Name']; 20 | $db->query($ret); 21 | if($verbose == true) 22 | { 23 | echo "Optimized table ".$row['Name']."
"; 24 | echo "Analyzed table ".$row['Name']."
"; 25 | } 26 | } 27 | } 28 | $result->free_result(); 29 | ?> -------------------------------------------------------------------------------- /admin/admin.functions.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /includes/forum/forum_post.php: -------------------------------------------------------------------------------- 1 | real_escape_string($_GET['id']); 6 | $query = "SELECT topic_id FROM $forum_post_table WHERE id='$id'"; 7 | $result = $db->query($query) or die($db->error); 8 | $row = $result->fetch_assoc(); 9 | $fid = $row['topic_id']; 10 | $result->free_result(); 11 | if(!is_numeric($fid)) 12 | { 13 | header("Location:index.php?page=forum&s=list"); 14 | exit; 15 | } 16 | $i = 0; 17 | $query = "SELECT id FROM $forum_post_table WHERE topic_id='$fid'"; 18 | $result = $db->query($query) or die($db->error); 19 | while($row = $result->fetch_assoc()) 20 | { 21 | $i++; 22 | if($row['id'] == $id) 23 | break; 24 | } 25 | $result->free_result(); 26 | $j = 1; 27 | while(($j*$limit)<$i) 28 | { 29 | $j++; 30 | } 31 | $pid = $limit*($j - 1); 32 | header("Location:index.php?page=forum&s=view&id=$fid&pid=$pid#$id"); 33 | } 34 | ?> -------------------------------------------------------------------------------- /help/forum.php: -------------------------------------------------------------------------------- 1 | 5 |
6 |
7 |

Help: Forum

8 |

All forum posts are sanitized, meaning all HTML is escaped. That being said, there are a few features you can use:

9 | 10 |
11 |

URLs

12 |

Any URL starting with http:// will automatically be converted into a link.

13 |
14 | 15 |
16 |

Post Link Shorthand

17 |

You can link to specific post/view pages using the following shorthand: [post]nnnn[/post], where nnnn is the id number of the post.

18 |
19 | 20 |
21 |

Forum Link Shorthand

22 |

You can link to specific forum using the following shorthand: [forum]nnnn[/forum], where nnnn is the id number of the forum.

23 |
24 | 25 |
26 |

Forum Post Link Shorthand

27 |

You can link to specific forum posts using the following shorthand: [forump]nnnn[/forump], where nnnn is the id number of the forum post.

28 |
29 | 30 |
-------------------------------------------------------------------------------- /public/addfav.php: -------------------------------------------------------------------------------- 1 | real_escape_string($_SERVER['REMOTE_ADDR']); 5 | if($user->banned_ip($ip)) 6 | exit; 7 | if(is_numeric($_GET['id'])) 8 | { 9 | if($user->check_log()) 10 | { 11 | $id = $db->real_escape_string($_GET['id']); 12 | $query = "SELECT COUNT(*) FROM $favorites_table WHERE user_id='$checked_user_id' AND favorite='$id'"; 13 | $result = $db->query($query); 14 | $row = $result->fetch_assoc(); 15 | if($row['COUNT(*)'] < 1) 16 | { 17 | $result->free_result(); 18 | $query = "INSERT INTO $favorites_table(user_id, favorite) VALUES('$checked_user_id', '$id')"; 19 | if($db->query($query)) 20 | { 21 | $query = "SELECT COUNT(*) FROM $favorites_count_table WHERE user_id='$checked_user_id'"; 22 | $result = $db->query($query); 23 | $row = $result->fetch_assoc(); 24 | if($row['COUNT(*)'] < 1) 25 | $query = "INSERT INTO $favorites_count_table(user_id, fcount) VALUES('$checked_user_id','1')"; 26 | else 27 | $query = "UPDATE $favorites_count_table SET fcount=fcount+1 WHERE user_id='$checked_user_id'"; 28 | $db->query($query); 29 | echo "3"; 30 | } 31 | } 32 | else 33 | echo "1"; 34 | } 35 | else 36 | echo "2"; 37 | } 38 | ?> -------------------------------------------------------------------------------- /includes/login.php: -------------------------------------------------------------------------------- 1 | check_log()) 6 | { 7 | header("Location:index.php?page=account"); 8 | exit; 9 | } 10 | if(isset($_POST['user']) && $_POST['user'] != "" && isset($_POST['pass']) && $_POST['pass'] != "") 11 | { 12 | $username = $db->real_escape_string(htmlentities($_POST['user'], ENT_QUOTES, 'UTF-8')); 13 | $password = $db->real_escape_string($_POST['pass']); 14 | if(!$user->login($username, $password)) 15 | header("Location:index.php?page=login&code=00"); 16 | else 17 | header("Location:index.php?page=account"); 18 | exit; 19 | } 20 | header("Cache-Control: store, cache"); 21 | header("Pragma: cache"); 22 | require "includes/header.php"; 23 | echo '
24 | 28 | 32 | 35 |
25 | Username:
26 | 27 |
29 | Password:
30 | 31 |
33 | 34 |
36 | forgot password? 37 |
'; 38 | } 39 | if($_GET['code'] == "01") 40 | $user->logout(); 41 | ?> -------------------------------------------------------------------------------- /thumbs_fix.php: -------------------------------------------------------------------------------- 1 | gotpermission('is_admin')) 6 | { 7 | header('Location: index.php'); 8 | exit; 9 | } 10 | 11 | $image = new image(); 12 | $misc = new misc(); 13 | $dir = "./images/"; 14 | $dirs = array(); 15 | 16 | function is_valid_extension($img) 17 | { 18 | $ext = explode('.', $img); 19 | $ext = array_pop($ext); 20 | switch ($ext) 21 | { 22 | case 'jpg': 23 | case 'jpeg': 24 | case 'webm': 25 | case 'png': 26 | case 'gif': 27 | return true; 28 | default: 29 | return false; 30 | } 31 | } 32 | 33 | $dir_contents = scandir($dir); 34 | foreach ($dir_contents as $current) 35 | { 36 | if (!is_dir($dir.$current) || $current == '.' || $current == '..') 37 | { 38 | continue; 39 | } 40 | 41 | $dir_contents = scandir("./images/".$current."/"); 42 | if(!is_dir("./thumbnails/".$current."/")) 43 | $image->makethumbnailfolder($current); 44 | 45 | foreach ($dir_contents as $item) 46 | { 47 | $thumb = "./thumbnails".$misc->getThumb($item, $current); 48 | if ($item != '.' && $item != '..' && !is_dir($dir.$item) && is_valid_extension($item) && !file_exists($thumb)) 49 | { 50 | $image->thumbnail($current."/".$item); 51 | print $thumb."
"; 52 | } 53 | 54 | } 55 | } 56 | ?> -------------------------------------------------------------------------------- /upgrades/0.1.10/index.php: -------------------------------------------------------------------------------- 1 | gotpermission('is_admin')) 5 | { 6 | $upgrades = "ALTER TABLE $user_table MODIFY COLUMN mail_reset_code TEXT CHARACTER SET latin1 COLLATE latin1_swedish_ci NULL"; 7 | $db->query($upgrades) or die($db->error); 8 | print "Altering mail_reset code Success

"; 9 | $query = "SELECT * FROM $post_count_table WHERE access_key = 'comment_count'"; 10 | $result = $db->query($query); 11 | if($result->num_rows == "0") 12 | { 13 | $upgrades = "INSERT INTO $post_count_table(pcount,access_key,last_update) VALUES('0','comment_count','0')"; 14 | $db->query($upgrades) or die($db->error); 15 | } 16 | $upgrades = "SELECT * FROM $comment_table"; 17 | $result = $db->query($upgrades) or die($db->error); 18 | $numrows = $result->num_rows; 19 | $upgrades = "UPDATE $post_count_table SET pcount = '$numrows' WHERE access_key = 'comment_count'"; 20 | $db->query($upgrades) or die($db->error); 21 | 22 | $query = "CREATE FUNCTION notes_next_id(post BIGINT) 23 | RETURNS INTEGER 24 | NOT DETERMINISTIC 25 | BEGIN 26 | DECLARE iv1 INTEGER; 27 | DECLARE iv2 INTEGER; 28 | SELECT id INTO iv1 FROM $note_table WHERE post_id=post ORDER BY id DESC LIMIT 1; 29 | SET iv2 = (iv1+1); 30 | RETURN iv2; 31 | END"; 32 | $db->query($query) or die($db->error); 33 | print "Upgrades complete."; 34 | } 35 | ?> -------------------------------------------------------------------------------- /index.php: -------------------------------------------------------------------------------- 1 | Memory Usage: " . round((memory_get_usage()/1048576), 2) . " MB, Total execution time: " . (microtime(true) - $time_start) * 1000 . "ms"; 51 | ?> -------------------------------------------------------------------------------- /install/index.php: -------------------------------------------------------------------------------- 1 | 5 | 9 | 13 | 17 | 20 |
6 | Username (for admin):
7 | 8 |
10 | Password:
11 | 12 |
14 | Email:
15 | 16 |
18 | 19 |
21 | 22 |
'; 23 | exit; 24 | } 25 | require "create_db.php"; 26 | $user = $db->real_escape_string($_POST['user']); 27 | $pass = $db->real_escape_string($_POST['pass']); 28 | $email = $db->real_escape_string($_POST['email']); 29 | $pass = sha1(md5($pass)); 30 | $query = "SELECT * FROM $user_table"; 31 | $result = $db->query($query); 32 | if($result->num_rows == "0") 33 | { 34 | $query = "INSERT INTO $user_table(user,pass,ugroup,email,signup_date) VALUES('$user','$pass','1','$email',NOW())"; 35 | $db->query($query) or die($db->error); 36 | } 37 | else 38 | print "You've already installed the Gelbooru software in this database. A new user will not be added. You may wish to run the upgrade instead?

"; 39 | print "
Install went well. Log into your account using the username and password during this install."; 40 | ?> -------------------------------------------------------------------------------- /admin/add_group.php: -------------------------------------------------------------------------------- 1 | gotpermission('is_admin')) 7 | { 8 | header('Location:../'); 9 | exit; 10 | } 11 | if(isset($_POST['gname']) && $_POST['gname'] != "") 12 | { 13 | $name =$db->real_escape_string($_POST['gname']); 14 | $query = "SELECT COUNT(*) FROM $group_table WHERE group_name='$name'"; 15 | $result = $db->query($query); 16 | $row = $result->fetch_assoc(); 17 | if($row['COUNT(*)'] > 0) 18 | print "Group already exists."; 19 | else 20 | { 21 | if(isset($_POST['default']) && $_POST['default'] == true) 22 | { 23 | $query = "UPDATE $group_table SET default_group=FALSE"; 24 | $db->query($query); 25 | $query = "INSERT INTO $group_table(group_name, default_group) VALUES('$name', TRUE)"; 26 | } 27 | else 28 | { 29 | $query = "INSERT INTO $group_table(group_name, default_group) VALUES('$name', FALSE)"; 30 | } 31 | if($db->query($query)) 32 | print "Group added."; 33 | else 34 | print "Could not add group."; 35 | } 36 | } 37 | ?>
38 |
39 | 42 | 45 |
Group name:
40 | 41 |
43 | 44 |
46 | Is this group the default group? (a default group must exist)
47 | 48 |
49 |
50 |
-------------------------------------------------------------------------------- /admin/left_menu.php: -------------------------------------------------------------------------------- 1 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |
10 |

Moderation Tasks / View Board

Hover over links for more info.


11 |
12 |
13 |
14 |
38 |
-------------------------------------------------------------------------------- /admin/mass_parent.php: -------------------------------------------------------------------------------- 1 | gotpermission('is_admin')) 6 | { 7 | header('Location:../'); 8 | exit; 9 | } 10 | 11 | if(!isset($_POST['start']) && !isset($_POST['end']) && !isset($_POST['parent'])) 12 | { 13 | print 'enter id\'s range to change!

14 |
15 | Makes the below a parent of this id:
16 | 17 |

18 | 19 | Starting #:
20 | 21 |

22 | 23 | Ending #:
24 | 25 |

26 | 27 | 28 |
29 | '; 30 | } 31 | else 32 | { 33 | $cache = new cache(); 34 | $start = $db->real_escape_string($_POST['start']); 35 | $end = $db->real_escape_string($_POST['end']); 36 | $parent_id = $db->real_escape_string($_POST['parent']); 37 | while($start<=$end) 38 | { 39 | $cache->destroy_page_cache("cache/".$start); 40 | $parent_check1 = "SELECT COUNT(*) FROM $post_table WHERE id='$parent_id'"; 41 | $pres1 = $db->query($parent_check1); 42 | $prow1 = $pres1->fetch_assoc(); 43 | if($prow1['COUNT(*)'] > 0) 44 | { 45 | $temp = "INSERT INTO $parent_child_table(parent,child) VALUES('$parent_id','$start')"; 46 | $db->query($temp); 47 | $temp = "UPDATE $post_table SET parent='$parent_id' WHERE id='$start'"; 48 | $db->query($temp); 49 | } 50 | $start++; 51 | } 52 | } 53 | ?> -------------------------------------------------------------------------------- /includes/account.php: -------------------------------------------------------------------------------- 1 |
'; 3 | $user = new user(); 4 | if($user->check_log()) 5 | { 6 | echo '

» Logout

7 |

Make like a tree and get out of here! Click here to logout of your account.

8 |

» My Profile

9 |

It\'s your profile. Do you need me to explain more?

10 |

» My Favorites

11 |

View all of your favorites and remove them if you wish.

'; 12 | } 13 | else 14 | { 15 | print '

You are not logged in.

» Login

If you already have an account you can login here. Alternatively, accessing features that require an account will automatically log you in if you have enabled cookies.

'; 16 | if($registration_allowed == true) 17 | echo '

» Sign Up

You can access 90% of '.$site_url3.' without an account, but you can sign up for that extra bit of functionality. Just a login and password, no email required!

'; 18 | else 19 | echo '

Registration is closed.

'; 20 | } 21 | ?> 22 |

» Everyone's Favorites

23 |

View everyone's favorites.

24 |

» Options

25 |

Manage account options.

26 |
-------------------------------------------------------------------------------- /includes/post_vote.php: -------------------------------------------------------------------------------- 1 | real_escape_string($_GET['id']); 6 | $type = $db->real_escape_string($_GET['type']); 7 | $ip = $db->real_escape_string($_SERVER['REMOTE_ADDR']); 8 | $user_id = "0"; 9 | $query_part = ""; 10 | if($user->check_log()) 11 | { 12 | $user_id = $checked_user_id; 13 | $query_part = " OR post_id='$id' AND user_id='$user_id'"; 14 | } 15 | if (!$anon_vote && $user_id == 0) 16 | { 17 | echo "Anonymous ratings are disabled."; 18 | exit; 19 | } 20 | $query = "SELECT COUNT(*) FROM $post_vote_table WHERE post_id='$id' AND ip='$ip'".$query_part; 21 | $result = $db->query($query); 22 | $row = $result->fetch_assoc(); 23 | if($row['COUNT(*)'] < 1) 24 | { 25 | $result->free_result(); 26 | if($type == "up") { 27 | $query = "UPDATE $post_table SET score=score+1 WHERE id='$id'"; 28 | } else if($type == "down") { 29 | $query = "UPDATE $post_table SET score=score-1 WHERE id='$id'"; 30 | } else 31 | exit; 32 | $db->query($query); 33 | $query = "INSERT INTO $post_vote_table(rated, ip, post_id, user_id) VALUES('$type', '$ip', '$id', '$user_id')"; 34 | $db->query($query); 35 | $cache = new cache(); 36 | $cache->destroy("cache/$id/post.cache"); 37 | } 38 | else 39 | { 40 | $result->free_result(); 41 | } 42 | $query = "SELECT score FROM $post_table WHERE id='$id'"; 43 | $result = $db->query($query); 44 | $row = $result->fetch_assoc(); 45 | echo $row['score']; 46 | $result->free_result(); 47 | exit; 48 | } 49 | ?> -------------------------------------------------------------------------------- /help/posts.php: -------------------------------------------------------------------------------- 1 | 5 | 6 |
7 |
8 |

Help: Posts

9 |

A post represents a single file that's been uploaded. Each post can have several tags, comments, and notes. If you have an account, you can also add a post to your favorites.

10 | 11 |
12 |

Search

13 |

Searching for posts is straightforward. Simply enter the tags you want to search for, separated by spaces. For example, searching for original panties will return every post that has both the original tag AND the panties tag.

14 |
15 | 16 |
17 |

Tag List

18 |

In both the listing page and the show page you'll notice a list of tag links with characters next to them. Here's an explanation of what they do: (Currently removed)

19 |
20 | 21 |
+
22 |
This adds the tag to the current search.
23 | 24 |
25 |
This adds the negated tag to the current search.
26 | 27 |
950
28 |
The number next to the tag represents how many posts there are. This isn't always the total number of posts for that tag. It may be slightly out of date as cache isn't always refreshed.
29 | 30 |
31 |

When you're not searching for a tag, by default the tag list will show the last few tags added to the database. When you are searching for tags, the tag list will show related tags, alphabetically.

32 |
33 | 34 |
-------------------------------------------------------------------------------- /script/pngfix.js: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Correctly handle PNG transparency in Win IE 5.5 & 6. 4 | http://homepage.ntlworld.com/bobosola. Updated 18-Jan-2006. 5 | 6 | Use in with DEFER keyword wrapped in conditional comments: 7 | 10 | 11 | */ 12 | 13 | var arVersion = navigator.appVersion.split("MSIE") 14 | var version = parseFloat(arVersion[1]) 15 | 16 | if ((version >= 5.5) && (document.body.filters)) 17 | { 18 | for(var i=0; i" 35 | img.outerHTML = strNewHTML 36 | i = i-1 37 | } 38 | } 39 | } -------------------------------------------------------------------------------- /public/report.php: -------------------------------------------------------------------------------- 1 | real_escape_string($_SERVER['REMOTE_ADDR']); 5 | if($user->banned_ip($ip)) 6 | exit; 7 | if(!$user->check_log() && !$anon_report) 8 | { 9 | header('Location: index.php?page=account&s=home'); 10 | exit; 11 | } 12 | if(isset($_GET['type']) && $_GET['type'] != "" && isset($_GET['rid']) && is_numeric($_GET['rid'])) 13 | { 14 | $type = $db->real_escape_string($_GET['type']); 15 | $rid = $db->real_escape_string($_GET['rid']); 16 | if($type == "comment") 17 | { 18 | $query = "UPDATE $comment_table SET spam=TRUE WHERE id='$rid'"; 19 | if($db->query($query)) 20 | { 21 | $cache = new cache(); 22 | $query = "SELECT post_id FROM $comment_table where id='$rid'"; 23 | $result = $db->query($query); 24 | $row = $result->fetch_assoc(); 25 | $cache->destroy_page_cache("cache/".$row['post_id']); 26 | $cache->create_page_cache("cache/".$row['post_id']); 27 | print "pass"; 28 | } 29 | else 30 | print "fail"; 31 | } 32 | else if($type == "post") 33 | { 34 | $user = new user(); 35 | if(!$user->check_log()) 36 | { 37 | header("Location: ../index.php?page=post&s=view&id=$rid"); 38 | exit; 39 | } 40 | $reason = $db->real_escape_string(htmlentities($_POST['reason'], ENT_QUOTES, 'UTF-8')); 41 | if(strlen($reason) > 0) 42 | { 43 | $query = "UPDATE $post_table SET spam=TRUE, reason='$reason' WHERE id='$rid'"; 44 | $db->query($query); 45 | } 46 | $cache = new cache(); 47 | $cache->destroy("cache/".$rid."/post.cache"); 48 | header("Location:../index.php?page=post&s=view&id=$rid"); 49 | } 50 | else 51 | header("Location:../index.php"); 52 | exit; 53 | } 54 | ?> -------------------------------------------------------------------------------- /includes/forum/forum_remove.php: -------------------------------------------------------------------------------- 1 | check_log()) 4 | exit; 5 | 6 | if(isset($_GET['pid']) && isset($_GET['cid']) && $_GET['pid'] != "" && $_GET['cid'] != "") 7 | { 8 | $pid = $db->real_escape_string($_GET['pid']); 9 | $cid = $db->real_escape_string($_GET['cid']); 10 | $uid = $checked_user_id; 11 | $uname = $checked_username; 12 | $query = "SELECT t1.author, t2.creation_post FROM $forum_post_table AS t1 JOIN $forum_topic_table AS t2 ON t2.id=t1.topic_id WHERE t1.topic_id='$pid' AND t1.id='$cid' LIMIT 1"; 13 | $result = $db->query($query) or die($db->error); 14 | $row = $result->fetch_assoc(); 15 | if($row['author'] == $uname || $user->gotpermission('delete_forum_posts')) 16 | { 17 | //make sure we don't erase the first post of a topic, would cause a huge mess... just edit it, or delete the topic. 18 | if($row['creation_post'] != $cid) 19 | { 20 | $query = "DELETE FROM $forum_post_table WHERE id='$cid'"; 21 | $db->query($query); 22 | } 23 | } 24 | header("Location:index.php?page=forum&s=view&id=$pid"); 25 | exit; 26 | } 27 | else if(isset($_GET['fid']) && is_numeric($_GET['fid']) && isset($_GET['pid']) && is_numeric($_GET['pid'])) 28 | { 29 | if($user->gotpermission('delete_forum_topics')) 30 | { 31 | $fid = $db->real_escape_string($_GET['fid']); 32 | $pid = $db->real_escape_string($_GET['pid']); 33 | $query = "DELETE FROM $forum_post_table WHERE topic_id='$fid'"; 34 | $db->query($query) or die($db->error); 35 | $query = "DELETE FROM $forum_topic_table WHERE id='$fid'"; 36 | $db->query($query) or die($db->error); 37 | header("Location:index.php?page=forum&s=list&pid=$pid"); 38 | exit; 39 | } 40 | header("HTTP/1.1 404 Not Found"); 41 | } 42 | header("HTTP/1.1 404 Not Found"); 43 | ?> -------------------------------------------------------------------------------- /public/post_vote.php: -------------------------------------------------------------------------------- 1 | check_log() && !$anon_vote) 4 | { 5 | header('Location: index.php?page=account&s=home'); 6 | exit; 7 | } 8 | if(isset($_GET['id']) && is_numeric($_GET['id']) && isset($_GET['type'])) 9 | { 10 | $id = $db->real_escape_string($_GET['id']); 11 | $type = $db->real_escape_string($_GET['type']); 12 | $ip = $db->real_escape_string($_SERVER['REMOTE_ADDR']); 13 | $query_part = ""; 14 | if($user->check_log()) 15 | { 16 | $user_id = $checked_user_id; 17 | $query_part = " OR post_id='$id' AND user_id='$user_id'"; 18 | } 19 | else 20 | $user_id = 0; 21 | $query = "SELECT COUNT(*) FROM $post_vote_table WHERE post_id='$id' AND ip='$ip'".$query_part; 22 | $result = $db->query($query); 23 | $row = $result->fetch_assoc(); 24 | if($row['COUNT(*)'] < 1) 25 | { 26 | $result->free_result(); 27 | if($type == "up") 28 | $query = "UPDATE $post_table SET score=score+1 WHERE id='$id'"; 29 | else if($type == "down") 30 | $query = "UPDATE $post_table SET score=score-1 WHERE id='$id'"; 31 | else 32 | exit; 33 | $db->query($query); 34 | $query = "INSERT INTO $post_vote_table(ip, post_id, user_id, rated) VALUES('$ip', '$id', '$user_id', '$type')"; 35 | $db->query($query); 36 | $query = "SELECT score FROM $post_table WHERE id='$id'"; 37 | $result = $db->query($query); 38 | $row = $result->fetch_assoc(); 39 | $cache = new cache(); 40 | $cache->destroy("cache/$id/post.cache"); 41 | echo $row['score']; 42 | $result->free_result(); 43 | } 44 | else 45 | { 46 | $query = "SELECT score FROM $post_table WHERE id='$id'"; 47 | $result = $db->query($query); 48 | $row = $result->fetch_assoc(); 49 | echo $row['score']; 50 | $result->free_result(); 51 | } 52 | } 53 | ?> -------------------------------------------------------------------------------- /includes/index.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | '.$site_url3.' 6 | 7 | 8 | 9 | 10 |
11 |

'.$site_url3.'

12 | '; 13 | ?> 14 | 20 |
21 |
22 |
23 | 24 |
25 |
26 |
27 |

28 | query($query); 31 | $query = "SELECT t1.pcount, t2.count FROM $post_count_table AS t1 JOIN $hit_counter_table as t2 WHERE t1.access_key='posts'"; 32 | $result = $db->query($query); 33 | $row = $result->fetch_assoc(); 34 | echo 'Serving '.number_format($row['pcount']).' posts - Running Gelbooru-fork Beta 0.1.11 35 |


'; 36 | for ($i=0;$i'; 40 | } 41 | echo '

Total number of visitors so far:'.number_format($row['count']).'

42 | '; 43 | ?> -------------------------------------------------------------------------------- /functions.global.php: -------------------------------------------------------------------------------- 1 | '; 24 | $db->query($query) or print $db->error.'
'; 25 | foreach($array as $current) 26 | { 27 | $query = "ALTER TABLE $mysql_db.$table ADD COLUMN $current"; 28 | print $query.'
'; 29 | $db->query($query) or print $db->error.'
'; 30 | } 31 | if($key != '') 32 | { 33 | $query = "ALTER TABLE $mysql_db.$table ADD PRIMARY KEY($key)"; 34 | print $query.'
'; 35 | $db->query($query) or print $db->error.'
'; 36 | } 37 | } 38 | 39 | function mb_trim($string, $charlist='\\\\s', $ltrim=true, $rtrim=true) 40 | { 41 | $both_ends = $ltrim && $rtrim; 42 | 43 | $char_class_inner = preg_replace( 44 | array( '/[\^\-\]\\\]/S', '/\\\{4}/S' ), 45 | array( '\\\\\\0', '\\' ), 46 | $charlist 47 | ); 48 | 49 | $work_horse = '[' . $char_class_inner . ']+'; 50 | $ltrim && $left_pattern = '^' . $work_horse; 51 | $rtrim && $right_pattern = $work_horse . '$'; 52 | 53 | if($both_ends) 54 | { 55 | $pattern_middle = $left_pattern . '|' . $right_pattern; 56 | } 57 | elseif($ltrim) 58 | { 59 | $pattern_middle = $left_pattern; 60 | } 61 | else 62 | { 63 | $pattern_middle = $right_pattern; 64 | } 65 | 66 | return preg_replace("/$pattern_middle/usSD", '', $string); 67 | } 68 | ?> -------------------------------------------------------------------------------- /image_data.php: -------------------------------------------------------------------------------- 1 | real_escape_string($_GET['start']); 6 | $limit = $db->real_escape_string($_GET['limit']); 7 | if(!is_numeric($start) || !is_numeric($limit)) 8 | die; 9 | if($limit > 100) 10 | $limit = 100; 11 | $query = "SELECT id, image, directory, score, rating, tags, height, width, hash FROM $post_table WHERE id >= '$start' LIMIT $limit"; 12 | $result = $db->query($query) or die($db->error); 13 | $count = $result->num_rows; 14 | header("Content-type: text/xml"); 15 | print ''; 16 | print ''; 17 | while($row = $result->fetch_assoc()) 18 | { 19 | $tags = str_replace("'","'",$row['tags']); 20 | $tags = substr($tags,1,strlen($tags)); 21 | $tags = substr($tags,0,strlen($tags)-1); 22 | if(strpos($tags,'&') !== false) 23 | $tags = str_replace("&", "&", $tags); 24 | if(strpos($tags,'>') !== false) 25 | $tags = str_replace(">", ">", $tags); 26 | if(strpos($tags,'<') !== false) 27 | $tags = str_replace("<", "<", $tags); 28 | if(strpos($tags,"'") !== false) 29 | $tags = str_replace("'", "'", $tags); 30 | if(strpos($tags,'"') !== false) 31 | $tags = str_replace('"', """, $tags); 32 | if(strpos($tags,'\r') !== false) 33 | $tags = str_replace('\r', "", $tags); 34 | $thumbnail_data = getimagesize("./thumbnails/".$row['directory']."/thumbnail_".$row['image']); 35 | $thumb_width = $thumbnail_data[0]; 36 | $thumb_height = $thumbnail_data[1]; 37 | $rating = strtolower(substr($row['rating'],0,1)); 38 | print ''; 39 | } 40 | ?> 41 | -------------------------------------------------------------------------------- /classes/post.class.php: -------------------------------------------------------------------------------- 1 | real_escape_string($id); 8 | $query = "SELECT * FROM $post_table WHERE id = '$id' LIMIT 1"; 9 | $result = $db->query($query); 10 | if($result->num_rows == "0") 11 | return false; 12 | $row = $result->fetch_assoc(); 13 | return $row; 14 | } 15 | 16 | function get_notes($id) 17 | { 18 | global $db, $note_table; 19 | $id = $db->real_escape_string($id); 20 | $query = "SELECT * FROM $note_table WHERE post_id='$id'"; 21 | $result = $db->query($query); 22 | return $result; 23 | } 24 | 25 | function has_notes($id) 26 | { 27 | $result = $this->get_notes($id); 28 | if($result->num_rows == "0") 29 | return false; 30 | else 31 | return true; 32 | } 33 | 34 | function prev_next($id) 35 | { 36 | global $db, $post_table; 37 | $query = "SELECT SQL_NO_CACHE id FROM $post_table WHERE id < $id ORDER BY id DESC LIMIT 1"; 38 | $result = $db->query($query); 39 | $row = $result->fetch_assoc(); 40 | $prev_next[] = $row['id']; 41 | $query = "SELECT SQL_NO_CACHE id FROM $post_table WHERE id > $id ORDER BY id DESC LIMIT 1"; 42 | $result = $db->query($query); 43 | $row = $result->fetch_assoc(); 44 | $prev_next[] = $row['id']; 45 | return $prev_next; 46 | } 47 | 48 | function has_children($id) 49 | { 50 | global $db, $parent_child_table; 51 | $query = "SELECT * FROM $parent_child_table WHERE parent = '$id' LIMIT 1"; 52 | $result = $db->query($query); 53 | if($result->num_rows == "0") 54 | return false; 55 | else 56 | return true; 57 | } 58 | 59 | function index_count($current) 60 | { 61 | global $db, $tag_index_table; 62 | $current = $db->real_escape_string(htmlentities($current, ENT_QUOTES, "UTF-8")); 63 | $query = "SELECT index_count FROM $tag_index_table WHERE tag='$current' LIMIT 1"; 64 | $result = $db->query($query); 65 | $row = $result->fetch_assoc(); 66 | return $row; 67 | } 68 | } 69 | ?> -------------------------------------------------------------------------------- /help/ratings.php: -------------------------------------------------------------------------------- 1 | 5 |
6 |
7 | 8 |

Help: Ratings

9 | 10 |
11 |

All posts on have one of three types of ratings: Safe, Questionable, and Explicit. Questionable is the default rating if you do not choose to specify one. Please take note: occasionally explicit images will be marked safe, and vice versa. You should not depend completely on rating filters unless you can tolerate the occasional wrongly rated image. If this happens to you, fix it so that other users don't have that happen to them.

12 | 13 |
14 |

Explicit

15 |

Any image where the vagina or penis are exposed and easily visible. This includes depictions of sex, masturbation, or any sort of penetration.

16 |
17 | 18 |
19 |

Safe

20 |

Safe posts are images that you would not feel guilty looking at openly in public. Pictures of nudes, exposed nipples or pubic hair, cameltoe, or any sort of sexually suggestive pose are NOT safe and belong in questionable. Swimsuits and lingerie are borderline cases; some are safe, some are questionable.

21 |
22 | 23 |
24 |

Questionable

25 |

Basically anything that isn\'t safe or explicit. This is the great middle area, and since it includes unrated posts, you shouldn\'t really expect anything one way or the other when browsing questionable posts.

26 |
27 | 28 |
29 |

Search

30 |

You can filter search results by querying for rating:safe, rating:questionable, or rating:explicit. You can also combine them with other tags and they work as expected.

31 |

If you want to remove a rating from your search results, use -rating:safe, -rating:questionable, and -rating:explicit.

32 |
33 |
34 |
-------------------------------------------------------------------------------- /classes/webm.class.php: -------------------------------------------------------------------------------- 1 | 5 | * 6 | * This program is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU Affero General Public License as 8 | * published by the Free Software Foundation, either version 3 of the 9 | * License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU Affero General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU Affero General Public License 17 | * along with this program. If not, see . 18 | * 19 | */ 20 | 21 | class webm { 22 | /* private properties */ 23 | private $input; //orginal webm movie 24 | private $exec_string; //commandline for ffmpeg 25 | 26 | function webm($webm_clip_name) { 27 | $this->input = $webm_clip_name; 28 | $this->exec_string = ""; 29 | } 30 | 31 | function frame() { 32 | $this->exec_string = 'ffmpeg -i '.$this->input. 33 | ' -vframes 1'. 34 | ' -y tmp/webmthumb.jpg'. 35 | ' 2>&1'; 36 | 37 | exec($this->exec_string,$output,$return_var); 38 | 39 | echo $return_var; 40 | 41 | if ($return_var==0) { 42 | return imagecreatefromjpeg("tmp/webmthumb.jpg"); 43 | } else { 44 | return false; 45 | } 46 | } 47 | 48 | /* 49 | * check for VP8/9 format 50 | */ 51 | function valid_webm() { 52 | $lines = []; 53 | $return = ""; 54 | $this->exec_string = 'ffmpeg -i '.$this->input .' 2>&1'; 55 | exec('ffmpeg -i '.$this->input .' 2>out.txt'); 56 | exec($this->exec_string, $lines, $return); 57 | 58 | foreach ($lines as $line) { 59 | if (preg_match('/Stream.+#\d:\d.+Video.+vp(8|9)/i', $line)) { 60 | return true; 61 | } 62 | } 63 | echo "invalid webm"; 64 | return false; 65 | } 66 | 67 | 68 | } 69 | 70 | ?> -------------------------------------------------------------------------------- /includes/post_random.php: -------------------------------------------------------------------------------- 1 | query($query) or die($db->error); 4 | $row = $result->fetch_assoc(); 5 | $result->close(); 6 | $count = $row['pcount']; 7 | if($count < 1) 8 | { 9 | header("Location: index.php?page=post&s=list"); 10 | exit; 11 | } 12 | $valid_post_found = false; 13 | if(isset($_COOKIE['tag_blacklist'])) 14 | $blacklist = str_replace('\',"\\",str_replace("'","'",str_replace("%20"," ",$_COOKIE['tag_blacklist']))); 15 | else 16 | $blacklist = ""; 17 | if(isset($_COOKIE['safe_only'])) 18 | { 19 | $blacklist = explode(" ",$blacklist); 20 | if(!in_array("rating:explicit",$blacklist)) 21 | $blacklist[] = "rating:explicit"; 22 | if(!in_array("rating:questionable",$blacklist)) 23 | $blacklist[] = "rating:questionable"; 24 | $blacklist = implode(" ",$blacklist); 25 | } 26 | //prevents users from getting stuck in an infinity loop 27 | if(mb_strpos($blacklist,'rating:explicit',0,'UTF-8') !== false && mb_strpos($blacklist,'rating:questionable',0,'UTF-8') !== false && mb_strpos($blacklist,'rating:safe',0,'UTF-8') !== false) 28 | $override = true; 29 | else 30 | $override = false; 31 | //looks for a post with an acceptable rating to prevent eternal loop on missing ratings in combination with banned existing ratings 32 | $i = 0; 33 | $blacklist_array = explode(" ",$blacklist); 34 | while(!$valid_post_found) 35 | { 36 | $rand = mt_rand(1,$count); 37 | $query = "SELECT id, rating, tags FROM $post_table WHERE id >='$rand' LIMIT 1"; 38 | $result = $db->query($query) or die($db->error); 39 | $row = $result->fetch_assoc(); 40 | $id = $row['id']; 41 | $result->close(); 42 | if(strpos($blacklist,'rating:'.strtolower($row['rating']),0) === false || $override || $i > 20) 43 | $valid_post_found = true; 44 | if($i < 20 && $valid_post_found == true) 45 | { 46 | foreach($blacklist_array as $current) 47 | { 48 | if(in_array($current,explode(" ",$row['tags'])) !== false) 49 | { 50 | $valid_post_found = false; 51 | break; 52 | } 53 | } 54 | } 55 | $i++; 56 | } 57 | header("Location:index.php?page=post&s=view&id=".$id); 58 | ?> -------------------------------------------------------------------------------- /classes/tag.class.php: -------------------------------------------------------------------------------- 1 | real_escape_string($tag); 11 | if($tag != "") 12 | { 13 | $query = "SELECT * FROM $tag_index_table WHERE tag='$tag'"; 14 | $result = $db->query($query); 15 | if($result->num_rows == 1) 16 | { 17 | $row = $result->fetch_assoc(); 18 | $query = "UPDATE $tag_index_table SET index_count='".($row['index_count'] + 1)."' WHERE tag='$tag'"; 19 | } 20 | else 21 | $query = "INSERT INTO $tag_index_table(tag, index_count) VALUES('$tag', '1')"; 22 | $db->query($query); 23 | } 24 | } 25 | 26 | function deleteindextag($tag) 27 | { 28 | global $db, $tag_index_table; 29 | $tag = $db->real_escape_string($tag); 30 | if($tag != "") 31 | { 32 | $query = "SELECT index_count FROM $tag_index_table WHERE tag='$tag'"; 33 | $result = $db->query($query); 34 | $row = $result->fetch_assoc(); 35 | if($row['index_count'] > 1) 36 | $query = "UPDATE $tag_index_table SET index_count='".($row['index_count'] - 1)."' WHERE tag='$tag'"; 37 | else 38 | $query = "DELETE FROM $tag_index_table WHERE tag='$tag'"; 39 | $db->query($query); 40 | } 41 | } 42 | 43 | function alias($tag) 44 | { 45 | global $db, $alias_table; 46 | $tag = $db->real_escape_string($tag); 47 | $query = "SELECT tag FROM $alias_table WHERE alias='$tag' AND status='accepted'"; 48 | $result = $db->query($query); 49 | $row = $result->fetch_assoc(); 50 | if($row['tag'] != "" && $row['tag'] != NULL) 51 | return $row['tag']; 52 | return false; 53 | } 54 | 55 | function filter_tags($tags, $current, $ttags) 56 | { 57 | if(substr_count($tags, $current) > 1) 58 | { 59 | $temp_array = array(); 60 | $key_array = array_keys($ttags, $current); 61 | $count = count($key_array)-1; 62 | for($i = 1; $i <= $count; $i++) 63 | $ttags[$key_array[$i]] = ''; 64 | foreach($ttags as $current) 65 | { 66 | if($current != "" && $current != " ") 67 | $temp_array[] = $current; 68 | } 69 | $ttags = $temp_array; 70 | } 71 | return $ttags; 72 | } 73 | } 74 | ?> -------------------------------------------------------------------------------- /admin/edit_user.php: -------------------------------------------------------------------------------- 1 | gotpermission('is_admin')) 5 | { 6 | header('Location:../'); 7 | exit; 8 | } 9 | if(isset($_POST['password']) && isset($_POST['group']) && is_numeric($_POST['group'])) 10 | { 11 | $user = $db->real_escape_string($_POST['uid']); 12 | $pass = $db->real_escape_string($_POST['password']); 13 | $group = $db->real_escape_string($_POST['group']); 14 | 15 | if($pass != "") 16 | $query = "UPDATE $user_table SET pass='".$userc->hashpass($pass)."', ugroup='$group' WHERE user='$user'"; 17 | else 18 | $query = "UPDATE $user_table SET ugroup='$group' WHERE user='$user'"; 19 | 20 | if($db->query($query)) 21 | print 'User edited.'; 22 | else 23 | print 'Could not edit user.'; 24 | 25 | exit; 26 | } 27 | else if(isset($_POST['user']) && $_POST['user'] != "") 28 | { 29 | $user = $db->real_escape_string($_POST['user']); 30 | echo '
31 | 33 | 37 | 53 |
32 | User: '.$user.'
34 | New password?
35 | 36 |
Group:
51 | 52 |
54 | 55 |
'; 56 | } 57 | else 58 | { 59 | echo '
63 |
60 | User:
61 | 62 |
64 | 65 |
'; 66 | } 67 | ?> -------------------------------------------------------------------------------- /includes/signup.php: -------------------------------------------------------------------------------- 1 | Registration is closed."); 4 | $user = new user(); 5 | $ip = $db->real_escape_string($_SERVER['REMOTE_ADDR']); 6 | if($user->banned_ip($ip)) 7 | { 8 | print "Action failed: ".$row['reason']; 9 | exit; 10 | } 11 | if($user->check_log()) 12 | { 13 | header("Location:index.php?page=account"); 14 | exit; 15 | } 16 | if(isset($_POST['user']) && $_POST['user'] != "" && isset($_POST['pass']) && $_POST['pass'] != "" && isset($_POST['conf_pass']) && $_POST['conf_pass'] != "") 17 | { 18 | $misc = new misc(); 19 | $username = $db->real_escape_string(str_replace(" ",'_',htmlentities($_POST['user'], ENT_QUOTES, 'UTF-8'))); 20 | $password = $db->real_escape_string($_POST['pass']); 21 | $conf_password = $db->real_escape_string($_POST['conf_pass']); 22 | $email = $db->real_escape_string($_POST['email']); 23 | if($password == $conf_password) 24 | { 25 | $user = new user(); 26 | if(!$user->signup($username,$password,$email)) 27 | { 28 | require "includes/header.php"; 29 | print "Signup failed. This can be caused by: a database error, a user with that username already exists, or your nick contains characters that are not allowed. Please make sure that your nick doesn't contain space, tab, ; or ,. Please also makes sure that your nick is atleast 3 characters.
"; 30 | } 31 | else 32 | { 33 | $user->login($username,$password); 34 | header("Location:index.php?page=account"); 35 | exit; 36 | } 37 | } 38 | else 39 | { 40 | require "includes/header.php"; 41 | print "Passwords does not match.
"; 42 | } 43 | } 44 | else 45 | require "includes/header.php"; 46 | ?> 47 |
48 | 52 | 56 | 60 | 64 | 67 |
49 | Username:
50 | 51 |
53 | Choose password:
54 | 55 |
57 | Confirm password:
58 | 59 |
61 | Email (not required):
62 | 63 |
65 | 66 |
68 |
-------------------------------------------------------------------------------- /install/Readme.txt: -------------------------------------------------------------------------------- 1 | Thanks for downloading the Gelbooru source code. I hope you enjoy it as much as we do. 2 | 3 | To install: 4 | 5 | 1. Make sure to fill in the information in config.php. You need to set the host which MySQL is listening on, the username, password and database name. Set your site URL as well. 6 | 2. Please navigate to the install folder using your web browser. http://sitename.com/install/ 7 | 3. When you are done installing, delete the install folder as well as the upgrade folder. 8 | 4. Give images, tmp, and thumbnails folders writable permissions. Every other directory will not be written to. 9 | 5. Check to make sure these are enabled in your php.ini, located at the installation path of PHP for Windows. 10 | - extension=php_mbstring.dll 11 | - extension=php_gd2.dll 12 | - extension=php_mysql.dll // Is not requred for this version. Other scripts may need this though. 13 | - extension=php_mysqli.dll 14 | - gd.jpeg_ignore_warning = 1 15 | 6. gelbooru.xml should be renamed to your site name, and the link inside the file edited to make sure you can actually use the Firefox search for your site and not ours. 16 | 7. Header.php needs to be edited to reflect the gelbooru.xml change and index.php in the includes folder need to be modified to fit your server setup. 17 | 18 | #Extra information# 19 | 20 | If you are upgrading or installing for the first time: 21 | 22 | Having issues searching for tags with less than 3 characters? 23 | 24 | - Disable the stopword file for MySQL and also set the minchar length to 1. 25 | Example: 26 | - ft_min_word_len=1 27 | - ft_stopword_file= 28 | 29 | After that is done, please run "repair table posts;" and also "repair table forum_topics; repair table forum_posts;" in the MySQL command prompt. You can also run a repair using phpmyadmin on all the tables. Please read here for more information: 30 | http://dev.mysql.com/doc/refman/5.1/en/fulltext-fine-tuning.html 31 | 32 | DELETE THE UPGRADES AND INSTALL DIRECTORY AFTER YOU ARE DONE! 33 | 34 | 35 | ----------------------------------------------------- 36 | 37 | *Seeing errors?* 38 | Search for error_reporting in your php.ini. Set it to this: 39 | 40 | error_reporting = E_ALL & ~(E_NOTICE | E_USER_NOTICE) ; display all errors and warnings 41 | display_errors = off (Not recommended, unless you have a error_log set) 42 | -------------------------------------------------------------------------------- /script/sound.js: -------------------------------------------------------------------------------- 1 | // script.aculo.us sound.js v1.7.1_beta3, Fri May 25 17:19:41 +0200 2007 2 | 3 | // Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us) 4 | // 5 | // Based on code created by Jules Gravinese (http://www.webveteran.com/) 6 | // 7 | // script.aculo.us is freely distributable under the terms of an MIT-style license. 8 | // For details, see the script.aculo.us web site: http://script.aculo.us/ 9 | 10 | Sound = { 11 | tracks: {}, 12 | _enabled: true, 13 | template: 14 | new Template(''), 15 | enable: function(){ 16 | Sound._enabled = true; 17 | }, 18 | disable: function(){ 19 | Sound._enabled = false; 20 | }, 21 | play: function(url){ 22 | if(!Sound._enabled) return; 23 | var options = Object.extend({ 24 | track: 'global', url: url, replace: false 25 | }, arguments[1] || {}); 26 | 27 | if(options.replace && this.tracks[options.track]) { 28 | $R(0, this.tracks[options.track].id).each(function(id){ 29 | var sound = $('sound_'+options.track+'_'+id); 30 | sound.Stop && sound.Stop(); 31 | sound.remove(); 32 | }) 33 | this.tracks[options.track] = null; 34 | } 35 | 36 | if(!this.tracks[options.track]) 37 | this.tracks[options.track] = { id: 0 } 38 | else 39 | this.tracks[options.track].id++; 40 | 41 | options.id = this.tracks[options.track].id; 42 | if (Prototype.Browser.IE) { 43 | var sound = document.createElement('bgsound'); 44 | sound.setAttribute('id','sound_'+options.track+'_'+options.id); 45 | sound.setAttribute('src',options.url); 46 | sound.setAttribute('loop','1'); 47 | sound.setAttribute('autostart','true'); 48 | $$('body')[0].appendChild(sound); 49 | } 50 | else 51 | new Insertion.Bottom($$('body')[0], Sound.template.evaluate(options)); 52 | } 53 | }; 54 | 55 | if(Prototype.Browser.Gecko && navigator.userAgent.indexOf("Win") > 0){ 56 | if(navigator.plugins && $A(navigator.plugins).detect(function(p){ return p.name.indexOf('QuickTime') != -1 })) 57 | Sound.template = new Template('') 58 | else 59 | Sound.play = function(){} 60 | } 61 | -------------------------------------------------------------------------------- /gelbooru.xml: -------------------------------------------------------------------------------- 1 | 2 | Gelbooru 3 | Gelbooru Search 4 | UTF-8 5 | data:image/x-icon;base64,AAABAAEAEBAAAAEACABoBQAAFgAAACgAAAAQAAAAIAAAAAEACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXoCkAF+ApABegaQAX4GkAF+BpQBfgqYAYIKmAGGEpwBihagAY4apAGOHqgBliKwAZYmsAGaJrQBmiq0AZ4quAGiLrwBojLEAao6yAGuPswBsj7UAbJC1AG2QtQBskbUAbZK3AG+TuABwk7kAb5S4AHCUuQBwlLoAcZS6AHCVugBxlboAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQDAwMDAgIEBAAAAAAAAAAEAwMEAQQDAwQABAAAAAAABAQEAwMCBAQEAAQDAAAAAAMDAwQDAwQDAwAEAQAAAAALCwoJCAYEAgQABwUAAAAAFBUUExIREA4MAA8NAAAAACAgHiAgHRoZFwAYFgAAAAAgICAgIR8fHiAAISEAAAAAIB4gISEgISAeAB4eAAAAAAAAAAAAAAAAAAAeIAAAAAAAICAcICAgICAgACAAAAAAAAAgIB4gIR8bICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//AACADwAAgAcAAIADAACAAQAAgAEAAIABAACAAQAAgAEAAIABAACAAQAAgAEAAMABAADgAQAA8AEAAP//AAA= 6 | 7 | 8 | 9 | 10 | 11 | http://gelbooru.com 12 | 13 | -------------------------------------------------------------------------------- /includes/header.php: -------------------------------------------------------------------------------- 1 | 5 | 6 | 7 | '.$site_url3.' '.$lozerisdumb.' 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 24 | 25 | 26 |
27 |

'.$site_url3.'

28 | 41 |
42 |
43 | '; 44 | ?> -------------------------------------------------------------------------------- /includes/api_view.php: -------------------------------------------------------------------------------- 1 | select_domain(); 7 | 8 | if(isset($_GET['t']) && $_GET['t'] == 'json') 9 | $api_type = 'json'; 10 | else 11 | $api_type = 'xml'; 12 | 13 | if ($api_type == 'json') 14 | header('Content-type: application/json'); 15 | else 16 | header('Content-type: text/xml'); 17 | 18 | if(isset($_GET['id'])) 19 | { 20 | $id = $db->real_escape_string($_GET['id']); 21 | if(!is_numeric($id)) 22 | $id = str_replace("#","",$id); 23 | $id = (int)$id; 24 | } 25 | else 26 | { 27 | if ($api_type == 'json') 28 | print '{"offset":"0","count":"0",posts":[]}'; 29 | else 30 | print ''; 31 | exit; 32 | } 33 | //Load post_table data and the previous next values in array. 0 previous, 1 next. 34 | $post_data = $post->show($id); 35 | //Check if data exists in array, if so, kinda ignore it. 36 | if($post_data == "" || is_null($post_data)) 37 | { 38 | if ($api_type == 'json') { 39 | print '{"offset":"0","count":"0",posts":[]}'; 40 | } 41 | else 42 | { 43 | print ''; 44 | } 45 | exit; 46 | } 47 | $prev_next = $post->prev_next($id); 48 | 49 | if(!is_dir("$main_cache_dir".""."\api_cache/$id")) 50 | $cache->create_page_cache("cache/$id"); 51 | $data = $cache->load("api_cache/".$id."/post.".$api_type.".cache"); 52 | if($data !== false) 53 | { 54 | echo str_replace("f6ca1c7d5d00a2a3fb4ea2f7edfa0f96a6d09c11717f39facabad2d724f16fbb",$domain,$data); 55 | flush(); 56 | } 57 | else 58 | { 59 | ob_start(); 60 | 61 | if ($api_type == 'json') 62 | { 63 | header('Content-type: application/json'); 64 | $posts = array(createPostObject($post_data)); 65 | $postsArr = array('offset' => 0, 'count' => 1, 'posts' => $posts); 66 | echo json_encode($postsArr); 67 | } 68 | else 69 | { 70 | header('Content-type: text/xml'); 71 | $posts = ''."\r\n"; 72 | $posts .= createPostXML($post_data); 73 | $posts .= ''; 74 | echo $posts; 75 | } 76 | $data = ''; 77 | $data = ob_get_contents(); 78 | ob_end_clean(); 79 | $cache->save("cache/".$id."/post.".$api_type.".cache",$data); 80 | echo str_replace("f6ca1c7d5d00a2a3fb4ea2f7edfa0f96a6d09c11717f39facabad2d724f16fbb",$domain,$data); 81 | } 82 | ?> -------------------------------------------------------------------------------- /extras/bytebox.js: -------------------------------------------------------------------------------- 1 | var bytebox=function(){ 2 | var b,i,im,src,co,st; 3 | return{ 4 | init:function(){ 5 | var ls = document.body.getElementsByTagName("a");for (i=0;i=bytebox.ht()){tp=bytebox.ht()-tp;tp=bytebox.ht()-(ih+60); 23 | 24 | if(tp<0){ 25 | tp=0; 26 | } 27 | i.style.top=tp+"px";} 28 | else{ 29 | if(tp<0){ 30 | tp=0; 31 | } 32 | 33 | 34 | i.style.top=tp+"px";} 35 | i.style.left=lp+"px"; 36 | n=d.createElement('img');n.src=im.src;i.appendChild(n);c=d.createElement('div');c.id='bb_da';cl=d.createElement('a');tn = document.createTextNode('CLOSE'); 37 | cl.href="javascript:void(0)";cl.onclick=bytebox.r;cl.id="bb_a"; 38 | d.body.appendChild(i);cl.appendChild(tn);c.appendChild(cl);i.appendChild(c); 39 | if((80+ih)>bytebox.ht()){ 40 | var nhh=ih+80; 41 | b.style.height=nhh+"px"; 42 | } 43 | i.style.opacity=0.1;co=1; i.style.filter='alpha(opacity=01)';st=1;setTimeout(bytebox.fd,1); 44 | }, 45 | r:function(){st=2;document.body.removeChild(b);document.body.removeChild(i);}, 46 | t:function(){return document.body.scrollTop||document.documentElement.scrollTop}, 47 | w:function(){return self.innerWidth||(document.documentElement.clientWidth||document.body.clientWidth);}, 48 | h:function(){return self.innerHeight||(document.documentElement.clientHeight||document.body.clientHeight);}, 49 | wt:function(){return (document.body.scrollWidth||document.documentElement.scrollWidth)||(document.body.clientWidth||document.documentElement.clientWidth);}, 50 | ht:function(){return (document.body.scrollHeight||document.documentElement.scrollHeight)||(document.body.clientHeight||document.documentElement.clientHeight);} 51 | } 52 | }(); -------------------------------------------------------------------------------- /classes/extimage.class.php: -------------------------------------------------------------------------------- 1 | query($query) or die($db->error); 10 | $row = $result->fetch_assoc(); 11 | $count = $row['COUNT(*)']; 12 | $result->free_result(); 13 | if($count > 0) 14 | return false; 15 | $misc = new misc(); 16 | if($url == "" || $url == " ") 17 | return false; 18 | $ext = explode('.',$url); 19 | $count = count($ext); 20 | $ext = $ext[$count-1]; 21 | $ext = strtolower($ext); 22 | if($ext != "jpg" && $ext != "jpeg" && $ext != "gif" && $ext != "png" && $ext != "bmp") 23 | return false; 24 | $ext = ".".$ext; 25 | $valid_download = false; 26 | $name = basename($url); 27 | while(!$valid_download) 28 | { 29 | $data = ''; 30 | $old = ini_set('default_socket_timeout', 120); 31 | $f = fopen($url,"rb"); 32 | ini_set('default_socket_timeout', $old); 33 | if($f == "") 34 | return false; 35 | while(!feof($f)) 36 | $data .= fread($f,4096); 37 | fclose($f); 38 | $rand = rand(1,350293847576); 39 | while(file_exists("./tmp/".$rand.$name)) 40 | $rand++; 41 | $f = fopen("./tmp/".$rand.$name,"w"); 42 | fwrite($f,$data); 43 | fclose($f); 44 | $tmp_md5 = md5_file("./tmp/".$rand.$name); 45 | if($tmp_md5 == $md5) 46 | $valid_download = true; 47 | unlink("./tmp/".$rand.$name); 48 | } 49 | $cdir = $this->getcurrentfolder(); 50 | if(!is_dir("./images/".$cdir."/")) 51 | $this->makefolder($cdir); 52 | if(preg_match("# $max_upload_width && $max_upload_width != 0 || $iinfo[1] < $min_upload_height && $min_upload_height != 0 || $iinfo[1] > $max_upload_height && $max_upload_height != 0 || !$this->checksum("./images/".$cdir."/".$filename.$ext)) 68 | { 69 | unlink("./images/".$cdir."/".$filename.$ext); 70 | return false; 71 | } 72 | $this->folder_index_increment($cdir); 73 | return $cdir.":".$filename.$ext; 74 | } 75 | } 76 | ?> -------------------------------------------------------------------------------- /admin/alias.php: -------------------------------------------------------------------------------- 1 | real_escape_string($_GET['tag']); 10 | $alias = $db->real_escape_string($_GET['alias']); 11 | if($_POST['accept'] == 1) 12 | { 13 | $tagc = new tag(); 14 | //tag boot, alias boots singular is better. 15 | $query = "UPDATE $alias_table SET status='accepted' WHERE tag='$tag' AND alias='$alias'"; 16 | $db->query($query); 17 | //Convert all current posts from the AKA to the tag. 18 | $query = "SELECT * FROM $post_table WHERE tags LIKE '% ".str_replace('%','\%',str_replace('_','\_',$alias))." %'"; 19 | $result = $db->query($query) or die($db->error); 20 | while($row = $result->fetch_assoc()) 21 | { 22 | $tags = explode(" ",$row['tags']); 23 | foreach($tags as $current) 24 | $tagc->deleteindextag($current); 25 | $tmp = str_replace(' '.$alias.' ',' '.$tag.' ',$row['tags']); 26 | $tags = implode(" ",$tagc->filter_tags($tmp,$tag,explode(" ",$tmp))); 27 | $tags = mb_trim(str_replace(" ","",$tags)); 28 | $tags2 = explode(" ",$tags); 29 | foreach($tags2 as $current) 30 | $tagc->addindextag($current); 31 | $tags = " $tags "; 32 | $query = "UPDATE $post_table SET tags='$tags' WHERE id='".$row['id']."'"; 33 | $db->query($query); 34 | } 35 | } 36 | else if($_POST['accept'] == 2) 37 | { 38 | $query = "UPDATE $alias_table SET status='rejected' WHERE tag='$tag' AND alias='$alias'"; 39 | $db->query($query); 40 | } 41 | print ''; 42 | exit; 43 | } 44 | 45 | echo '
46 | Accept 47 | Reject 48 |
49 | 50 |
'; 51 | } 52 | else 53 | { 54 | $query = "SELECT tag, alias FROM $alias_table WHERE status='pending'"; 55 | $result = $db->query($query); 56 | print '
57 | '; 58 | while($row = $result->fetch_assoc()) 59 | print ''; 60 | 61 | if($result->num_rows == 0) 62 | echo ""; 63 | $result->free_result(); 64 | echo "
Alias [What it should be!]Tag [What they search for!]
'.$row['tag'].''.$row['alias'].'

No aliases has been requested.

" 65 | } 66 | $db->close(); 67 | ?> 68 | -------------------------------------------------------------------------------- /script/scriptaculous.js: -------------------------------------------------------------------------------- 1 | // script.aculo.us scriptaculous.js v1.7.1_beta3, Fri May 25 17:19:41 +0200 2007 2 | 3 | // Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us) 4 | // 5 | // Permission is hereby granted, free of charge, to any person obtaining 6 | // a copy of this software and associated documentation files (the 7 | // "Software"), to deal in the Software without restriction, including 8 | // without limitation the rights to use, copy, modify, merge, publish, 9 | // distribute, sublicense, and/or sell copies of the Software, and to 10 | // permit persons to whom the Software is furnished to do so, subject to 11 | // the following conditions: 12 | // 13 | // The above copyright notice and this permission notice shall be 14 | // included in all copies or substantial portions of the Software. 15 | // 16 | // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 19 | // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 20 | // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 21 | // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 22 | // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 23 | // 24 | // For details, see the script.aculo.us web site: http://script.aculo.us/ 25 | 26 | var Scriptaculous = { 27 | Version: '1.7.1_beta3', 28 | require: function(libraryName) { 29 | // inserting via DOM fails in Safari 2.0, so brute force approach 30 | document.write(''); 31 | }, 32 | REQUIRED_PROTOTYPE: '1.5.1', 33 | load: function() { 34 | function convertVersionString(versionString){ 35 | var r = versionString.split('.'); 36 | return parseInt(r[0])*100000 + parseInt(r[1])*1000 + parseInt(r[2]); 37 | } 38 | 39 | if((typeof Prototype=='undefined') || 40 | (typeof Element == 'undefined') || 41 | (typeof Element.Methods=='undefined') || 42 | (convertVersionString(Prototype.Version) < 43 | convertVersionString(Scriptaculous.REQUIRED_PROTOTYPE))) 44 | throw("script.aculo.us requires the Prototype JavaScript framework >= " + 45 | Scriptaculous.REQUIRED_PROTOTYPE); 46 | 47 | $A(document.getElementsByTagName("script")).findAll( function(s) { 48 | return (s.src && s.src.match(/scriptaculous\.js(\?.*)?$/)) 49 | }).each( function(s) { 50 | var path = s.src.replace(/scriptaculous\.js(\?.*)?$/,''); 51 | var includes = s.src.match(/\?.*load=([a-z,]*)/); 52 | (includes ? includes[1] : 'builder,effects,dragdrop,controls,slider,sound').split(',').each( 53 | function(include) { Scriptaculous.require(path+include+'.js') }); 54 | }); 55 | } 56 | } 57 | 58 | Scriptaculous.load(); -------------------------------------------------------------------------------- /includes/alias.php: -------------------------------------------------------------------------------- 1 | real_escape_string(str_replace(" ","_",mb_trim(htmlentities($_POST['tag'], ENT_QUOTES, 'UTF-8')))); 10 | $alias = $db->real_escape_string(str_replace(" ","_",mb_trim(htmlentities($_POST['alias'], ENT_QUOTES, 'UTF-8')))); 11 | $query = "SELECT COUNT(*) FROM $alias_table WHERE tag='$tag' AND alias='$alias'"; 12 | $result = $db->query($query); 13 | $row = $result->fetch_assoc(); 14 | if($row['COUNT(*)'] > 0) 15 | echo "Tag/alias combination has already been requested.

"; 16 | else 17 | { 18 | $query = "INSERT INTO $alias_table(tag, alias, status) VALUES('$tag', '$alias', 'pending')"; 19 | $db->query($query); 20 | echo "Tag/alias combination has been requested.

"; 21 | } 22 | } 23 | 24 | echo 'You can suggest a new alias, but they must be approved by an administrator before they are activated.
25 |
An example of how to use this: (Evangelion is the tag and Neon_Genesis_Evangelion is the alias.)


26 | '; 27 | 28 | if(isset($_GET['pid']) && $_GET['pid'] != "" && is_numeric($_GET['pid']) && $_GET['pid'] >= 0) 29 | $page = $db->real_escape_string($_GET['pid']); 30 | else 31 | $page = 0; 32 | $query = "SELECT COUNT(*) FROM $alias_table WHERE status !='rejected'"; 33 | $result = $db->query($query); 34 | $row = $result->fetch_assoc(); 35 | $count = $row['COUNT(*)']; 36 | $numrows = $count; 37 | $result->free_result(); 38 | $query = "SELECT * FROM $alias_table WHERE status != 'rejected' ORDER BY alias ASC LIMIT $page, $limit"; 39 | $result = $db->query($query) or die($db->error); 40 | $ccount = 0; 41 | print ''; 42 | while($row = $result->fetch_assoc()) 43 | { 44 | if($row['status']=="pending") 45 | $status = "pending-tag"; 46 | else 47 | $status = ""; 48 | echo ''; 49 | } 50 | echo '
Tag: (What you search for...)Alias: (What it should be...)Reason:
'.$row['alias'].''.$row['tag'].''.$row['reason'].'


51 |
53 | 54 |
52 | Name:
Alias to:
55 | 56 |
57 |
'; 58 | $misc = new misc(); 59 | print $misc->pagination($_GET['page'],$sub,$id,$limit,$page_limit,$numrows,$_GET['pid'],$tags); 60 | ?>
-------------------------------------------------------------------------------- /includes/forum/forum_edit.php: -------------------------------------------------------------------------------- 1 | real_escape_string($_SERVER['REMOTE_ADDR']); 4 | if($user->banned_ip($ip)) 5 | { 6 | print "Action failed: ".$row['reason']; 7 | exit; 8 | } 9 | if(!$user->check_log()) 10 | exit; 11 | if(isset($_POST['title']) && isset($_POST['post']) && isset($_GET['pid']) && $_GET['pid'] != "" && isset($_GET['cid']) && $_GET['cid'] != "" && isset($_GET['ppid']) && $_GET['ppid'] != "") 12 | { 13 | $pid = $db->real_escape_string($_GET['pid']); 14 | $cid = $db->real_escape_string($_GET['cid']); 15 | $ppid = $db->real_escape_string($_GET['ppid']); 16 | $uid = $checked_user_id; 17 | $uname = $checked_username; 18 | $query = "SELECT author FROM $forum_post_table WHERE topic_id='$pid' AND id='$cid' LIMIT 1"; 19 | $result = $db->query($query) or die($db->error); 20 | $row = $result->fetch_assoc(); 21 | if($row['author'] == $uname || $user->gotpermission('edit_forum_posts')) 22 | { 23 | $title = $db->real_escape_string(htmlentities($_POST['title'], ENT_QUOTES, 'UTF-8')); 24 | $post = $db->real_escape_string(htmlentities($_POST['post'], ENT_QUOTES, 'UTF-8')); 25 | $query = "UPDATE $forum_post_table SET title='$title', post='$post' WHERE topic_id='$pid' AND id='$cid'"; 26 | $db->query($query) or die($db->error); 27 | } 28 | header("Location:index.php?page=forum&s=view&id=$pid&pid=$ppid#$cid"); 29 | exit; 30 | } 31 | else if(isset($_GET['pin']) && $_GET['pin'] != "" && is_numeric($_GET['pin']) && isset($_GET['id']) && is_numeric($_GET['id']) && isset($_GET['pid']) && is_numeric($_GET['pid'])) 32 | { 33 | if($user->gotpermission('pin_forum_topics')) 34 | { 35 | $pin = $db->real_escape_string($_GET['pin']); 36 | $id = $db->real_escape_string($_GET['id']); 37 | $pid = $db->real_escape_string($_GET['pid']); 38 | if($pin > 0) 39 | $query = "UPDATE $forum_topic_table SET priority='1' WHERE id='$id'"; 40 | else 41 | $query = "UPDATE $forum_topic_table SET priority='0' WHERE id='$id'"; 42 | $db->query($query) or die($db->error); 43 | header("Location:index.php?page=forum&s=list&pid=$pid"); 44 | exit; 45 | } 46 | header("HTTP/1.1 404 Not Found"); 47 | } 48 | else if(isset($_GET['lock']) && $_GET['lock'] != "" && isset($_GET['id']) && is_numeric($_GET['id']) && isset($_GET['pid']) && is_numeric($_GET['pid'])) 49 | { 50 | if($user->gotpermission('lock_forum_topics')) 51 | { 52 | $id = $db->real_escape_string($_GET['id']); 53 | $lock = $db->real_escape_string($_GET['lock']); 54 | $pid = $db->real_escape_string($_GET['pid']); 55 | if($lock == "true") 56 | $query = "UPDATE $forum_topic_table SET locked=true WHERE id='$id'"; 57 | else if($lock == "false") 58 | $query = "UPDATE $forum_topic_table SET locked=false WHERE id='$id'"; 59 | $db->query($query) or die($db->error); 60 | header("Location:index.php?page=forum&s=view&id=$id&pid=$pid"); 61 | exit; 62 | } 63 | header("HTTP/1.1 404 Not Found"); 64 | } 65 | header("HTTP/1.1 404 Not Found"); 66 | ?> -------------------------------------------------------------------------------- /classes/cache.class.php: -------------------------------------------------------------------------------- 1 | destroy_page_cache($dir.$item.'/'); 69 | elseif (file_exists($dir.$item) && $item != '.' && $item != '..') 70 | @unlink($dir.$item); 71 | } 72 | @rmdir($dir); 73 | } 74 | } 75 | 76 | function create_page_cache($dir) 77 | { 78 | global $main_cache_dir; 79 | if(!is_dir($main_cache_dir)) 80 | @mkdir($main_cache_dir); 81 | if(!is_dir($main_cache_dir."/search_cache/")) 82 | @mkdir("$main_cache_dir/search_cache"); 83 | if(!is_dir($main_cache_dir."/cache/")) 84 | @mkdir("$main_cache_dir/cache"); 85 | $dir = $main_cache_dir.$dir; 86 | if(!is_dir($dir)) 87 | @mkdir($dir); 88 | } 89 | 90 | function destroy($file) 91 | { 92 | global $main_cache_dir; 93 | if(!is_dir($main_cache_dir)) 94 | @mkdir($main_cache_dir); 95 | if(!is_dir($main_cache_dir."/search_cache/")) 96 | @mkdir("$main_cache_dir/search_cache"); 97 | if(!is_dir($main_cache_dir."/cache/")) 98 | @mkdir("$main_cache_dir/cache"); 99 | $file = $main_cache_dir.$file; 100 | if(file_exists($file)) 101 | unlink($file); 102 | } 103 | } 104 | ?> -------------------------------------------------------------------------------- /public/remove.php: -------------------------------------------------------------------------------- 1 | check_log()) 6 | { 7 | header('Location: ../index.php?page=account&s=home'); 8 | exit; 9 | } 10 | if(isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] != "") 11 | { 12 | $id = $db->real_escape_string($_GET['id']); 13 | if(isset($_GET['note_id']) && is_numeric($_GET['note_id']) && $_GET['note_id'] != "") 14 | { 15 | if(!$user->gotpermission('alter_notes')) 16 | exit; 17 | $note_id = $db->real_escape_string($_GET['note_id']); 18 | $query = "SELECT COUNT(*) FROM $note_table WHERE post_id='$id' AND id='$note_id'"; 19 | $result = $db->query($query); 20 | $row = $result->fetch_assoc(); 21 | if($row['COUNT(*)'] == 1) 22 | { 23 | $result->free_result(); 24 | $query = "DELETE FROM $note_table WHERE post_id='$id' AND id='$note_id'"; 25 | $db->query($query); 26 | $query = "DELETE FROM $note_history_table WHERE post_id='$id' AND id='$note_id'"; 27 | $db->query($query); 28 | $cache->destroy("cache/".$id."/post.cache"); 29 | print $note_id; 30 | } 31 | } 32 | else if(isset($_GET['removepost']) && $_GET['removepost'] == 1) 33 | { 34 | $image = new image(); 35 | if($image->removeimage($id) == true) 36 | { 37 | $cache->destroy_page_cache("cache/".$id); 38 | $query = "SELECT id FROM $post_table WHERE id < $id ORDER BY id DESC LIMIT 1"; 39 | $result = $db->query($query); 40 | $row = $result->fetch_assoc(); 41 | $prev_id = $row['id']; 42 | $result->free_result(); 43 | $query = "SELECT id FROM $post_table WHERE id > $id ORDER BY id ASC LIMIT 1"; 44 | $result = $db->query($query); 45 | $row = $result->fetch_assoc(); 46 | $next_id = $row['id']; 47 | $date = date("Ymd"); 48 | if(is_dir("$main_cache_dir".""."cache/".$prev_id) && "$main_cache_dir".""."cache/".$prev_id != "$main_cache_dir".""."cache/") 49 | $cache->destroy_page_cache("cache/".$prev_id); 50 | if(is_dir("$main_cache_dir".""."cache/".$next_id) && "$main_cache_dir".""."cache/".$next_id != "$main_cache_dir".""."cache/") 51 | $cache->destroy_page_cache("cache/".$next_id); 52 | header("Location:../index.php?page=post&s=list"); 53 | } 54 | else 55 | header("Location:../index.php?page=post&s=view&id=$id"); 56 | } 57 | else if(isset($_GET['removecomment']) && $_GET['removecomment'] == 1) 58 | { 59 | $permission = $user->gotpermission('delete_comments'); 60 | if($permission == true) 61 | { 62 | $post_id = $db->real_escape_string($_GET['post_id']); 63 | $query = "SELECT * FROM $comment_table WHERE id='$id' LIMIT 1"; 64 | $result = $db->query($query); 65 | if($result->num_rows =="1") 66 | { 67 | $query = "DELETE FROM $comment_table WHERE id='$id'"; 68 | $db->query($query); 69 | $query = "DELETE FROM $comment_vote_table WHERE comment_id='$id'"; 70 | $db->query($query); 71 | $query = "UPDATE $post_count_table SET pcount=pcount-1 WHERE access_key = 'comment_count'"; 72 | $db->query($query); 73 | } 74 | $cache = new cache(); 75 | $cache->destroy_page_cache("cache/".$post_id); 76 | $cache->create_page_cache("cache/".$post_id); 77 | } 78 | header("Location:../index.php?page=post&s=view&id=$post_id"); 79 | } 80 | } 81 | ?> -------------------------------------------------------------------------------- /includes/users.php: -------------------------------------------------------------------------------- 1 | select_domain(); 12 | $misc = new misc(); 13 | ?> 14 | 17 |
18 | = 0) 20 | $page = $db->real_escape_string($_GET['pid']); 21 | else 22 | $page = 0; 23 | 24 | $query = "SELECT COUNT(id) FROM $user_table WHERE EXISTS ( 25 | SELECT 1 26 | FROM $post_table 27 | WHERE $post_table.owner = $user_table.user 28 | " . $search->blacklist_fragment() . " 29 | )"; 30 | 31 | $result = $db->query($query); 32 | $row = $result->fetch_assoc(); 33 | $numrows = $row['COUNT(id)']; 34 | $result->free_result(); 35 | 36 | //No users found 37 | if($numrows == 0) 38 | print '

Nobody here but us chickens!

'; 39 | else 40 | { 41 | echo '
'; 42 | 43 | $query = " 44 | SELECT id, user 45 | FROM $user_table 46 | WHERE EXISTS ( 47 | SELECT 1 48 | FROM $post_table 49 | WHERE $post_table.owner = $user_table.user 50 | " . $search->blacklist_fragment() . " 51 | ) 52 | ORDER BY user ASC LIMIT $page, $limit;"; 53 | 54 | $result = $db->query($query) or die($db->error); 55 | $script = "
'; 74 | echo $script; 75 | //Pagination function. This should work for the whole site... Maybe. 76 | print $misc->pagination($_GET['page'],$_GET['s'],$id,$limit,$page_limit,$numrows,$_GET['pid'],$_GET['tags']); 77 | } 78 | 79 | ?>

80 |
-------------------------------------------------------------------------------- /config.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /admin/reported_posts.php: -------------------------------------------------------------------------------- 1 | real_escape_string($_GET['unreport']); 8 | $query = "UPDATE $post_table SET spam='0' WHERE id='$post_id'"; 9 | if($db->query($query)) 10 | { 11 | $cache = new cache(); 12 | $cache->destroy_page_cache("cache/".$post_id); 13 | print "
Unflagged Post!
"; 14 | } 15 | } 16 | 17 | //number of reports/page 18 | $limit = 20; 19 | //number of pages to display. number - 1. ex: for 5 value should be 4 20 | $page_limit = 4; 21 | print '
'; 22 | if(isset($_GET['pid']) && $_GET['pid'] != "" && is_numeric($_GET['pid']) && $_GET['pid'] >= 0) 23 | $page = $db->real_escape_string($_GET['pid']); 24 | else 25 | $page = 0; 26 | $query = "SELECT COUNT(*) FROM $post_table WHERE spam=TRUE"; 27 | $result = $db->query($query); 28 | $row = $result->fetch_assoc(); 29 | $numrows = $row['COUNT(*)']; 30 | if($numrows == 0) 31 | print "

No reports found.

"; 32 | else 33 | { 34 | $pages = intval($numrows/$limit); 35 | if ($numrows%$limit) 36 | $pages++; 37 | $current = ($page/$limit) + 1; 38 | if ($pages < 1 || $pages == 0 || $pages == "") 39 | $total = 1; 40 | else 41 | $total = $pages; 42 | $first = $page + 1; 43 | if (!((($page + $limit) / $limit) >= $pages) && $pages != 1) 44 | $last = $page + $limit; 45 | else 46 | $last = $numrows; 47 | $query = "SELECT id, directory, image, reason FROM $post_table WHERE spam=TRUE ORDER BY id LIMIT $page, $limit"; 48 | $result = $db->query($query); 49 | while($row = $result->fetch_assoc()) 50 | echo ''; 51 | $result->free_result(); 52 | 53 | echo "
Post ID:Reason:Score:Date Posted:Unflag:
'.$row['reason'].''.$row['score'].''.$row['creation_date'].'Unflag



"; 54 | if($page == 0) 55 | $start = 1; 56 | else 57 | $start = ($page/$limit) + 1; 58 | $tmp_limit = $start + $page_limit; 59 | if($tmp_limit > $pages) 60 | $tmp_limit = $pages; 61 | if($pages > $page_limit) 62 | $lowerlimit = $pages - $page_limit; 63 | if($start > $lowerlimit) 64 | $start = $lowerlimit; 65 | $lastpage = $limit*($pages - 1); 66 | if($page != 0 && !((($page+$limit) / $limit) > $pages)) 67 | { 68 | // Don't show back link if current page is first page. 69 | $back_page = $page - $limit; 70 | echo '<< <'; 71 | } 72 | for($i=$start; $i <= $tmp_limit; $i++) // loop through each page and give link to it. 73 | { 74 | $ppage = $limit*($i - 1); 75 | if($ppage >= 0) 76 | { 77 | if($ppage == $page) 78 | echo ''.$i.''; 79 | else 80 | echo ''.$i.''; 81 | } 82 | } 83 | if (!((($page+$limit) / $limit) >= $pages) && $pages != 1) 84 | { 85 | // If last page don't give next link. 86 | $next_page = $page + $limit; 87 | echo '> >>'; 88 | } 89 | } 90 | ?> 91 |
-------------------------------------------------------------------------------- /public/note_save.php: -------------------------------------------------------------------------------- 1 | real_escape_string($_SERVER['REMOTE_ADDR']); 5 | if($user->banned_ip($ip)) 6 | exit; 7 | if(!$user->check_log()) 8 | exit; 9 | $user_id = $checked_user_id; 10 | if(!$user->gotpermission('alter_notes')) 11 | exit; 12 | if(is_numeric($_GET['id']) && is_numeric($_GET['note']['post_id']) && is_numeric($_GET['note']['x']) && is_numeric($_GET['note']['y']) && is_numeric($_GET['note']['width']) && is_numeric($_GET['note']['height'])) 13 | { 14 | $id = $db->real_escape_string($_GET['id']); 15 | $x = $db->real_escape_string($_GET['note']['x']); 16 | $y = $db->real_escape_string($_GET['note']['y']); 17 | $width = $db->real_escape_string($_GET['note']['width']); 18 | $height = $db->real_escape_string($_GET['note']['height']); 19 | $body = $db->real_escape_string(htmlentities($_GET['note']['body'], ENT_QUOTES,'UTF-8')); 20 | $body = str_replace("<tn>","", $body); 21 | $body = str_replace("</tn>","", $body); 22 | $body = str_replace("<br />","
",$body); 23 | $body = str_replace("<br>","
",$body); 24 | $body = str_replace("<b>","",$body); 25 | $body = str_replace("</b>","",$body); 26 | $body = str_replace("<i>","",$body); 27 | $body = str_replace("</i>","",$body); 28 | $post_id = $db->real_escape_string($_GET['note']['post_id']); 29 | $ip = $db->real_escape_string($_SERVER['REMOTE_ADDR']); 30 | $query = "SELECT COUNT(*) FROM $note_table WHERE post_id='$post_id' AND id='$id'"; 31 | $result = $db->query($query); 32 | $row = $result->fetch_assoc(); 33 | if($row['COUNT(*)'] == 1 && $id > 0) 34 | { 35 | $result->free_result(); 36 | $query = "SELECT x, y, width, height, x, y, body, created_at, updated_at, ip, version, user_id FROM $note_table WHERE id='$id' AND post_id='$post_id' LIMIT 1"; 37 | $result = $db->query($query); 38 | $row = $result->fetch_assoc(); 39 | $query = "INSERT INTO $note_history_table(x, y, width, height, body, created_at, updated_at, ip, user_id, version, id, post_id) VALUES('".$row['x']."', '".$row['y']."', '".$row['width']."', '".$row['height']."', '".$row['body']."', '".$row['created_at']."', '".$row['updated_at']."', '".$row['ip']."', '". $checked_user_id."', '".$row['version']."', '$id', '$post_id')"; 40 | $result->free_result(); 41 | $db->query($query); 42 | $query = "UPDATE $note_table SET x='$x', y='$y', width='$width', height='$height', body='$body', updated_at=NOW(), user_id='".$checked_user_id."', ip='$ip', version=version+1 WHERE post_id='$post_id' AND id='$id'"; 43 | $db->query($query); 44 | } 45 | else 46 | { 47 | $result->free_result(); 48 | $date = date("Y-m-d H:i:s"); 49 | $query = "SELECT COUNT(*) FROM $note_table WHERE post_id='$post_id'"; 50 | $result = $db->query($query); 51 | $row = $result->fetch_assoc(); 52 | if($row['COUNT(*)'] < 1) 53 | { 54 | $result->free_result(); 55 | $query = "INSERT INTO $note_table(x, y, width, height, body, post_id, id, ip, user_id, created_at, updated_at) VALUES('$x', '$y', '$width', '$height', '$body', '$post_id', '1', '$ip', '$checked_user_id', '$date', '$date')"; 56 | } 57 | else 58 | { 59 | $result->free_result(); 60 | $query = "INSERT INTO $note_table(x, y, width, height, body, post_id, id, ip, user_id, created_at, updated_at) VALUES('$x', '$y', '$width', '$height', '$body', '$post_id', notes_next_id($post_id), '$ip', '$checked_user_id', '$date', '$date')"; 61 | } 62 | $db->query($query); 63 | $query = "SELECT id FROM $note_table WHERE post_id='$post_id' AND body='$body' AND ip='$ip' AND created_at='$date'"; 64 | $result = $db->query($query); 65 | $row = $result->fetch_assoc(); 66 | print $row['id'].":".$id; 67 | $result->free_result(); 68 | } 69 | $cache = new cache(); 70 | $cache->destroy("cache/".$post_id."/post.cache"); 71 | } 72 | ?> -------------------------------------------------------------------------------- /includes/reset_password.php: -------------------------------------------------------------------------------- 1 | check_log()) 5 | header("Location: index.php?page=account"); 6 | else 7 | { 8 | header("Cache-Control: store, cache"); 9 | header("Pragma: cache"); 10 | require "includes/header.php"; 11 | } 12 | if(isset($_POST['username']) && $_POST['username'] != "") 13 | { 14 | $user = $db->real_escape_string(htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8')); 15 | $query = "SELECT email, id FROM $user_table WHERE user='$user' LIMIT 1"; 16 | $result = $db->query($query); 17 | $count = $result->num_rows; 18 | if($count > 0) 19 | { 20 | $row = $result->fetch_assoc(); 21 | if($row['email'] != "" && $row['email'] != NULL && strpos($row['email'],"@") !== false && strpos($row['email'],".") !== false && strlen($row['email']) > 2) 22 | { 23 | $misc = new misc(); 24 | $code = hash('sha256',rand(132,1004958327747882664857)); 25 | $link = $site_url."/index.php?page=reset_password&code=".$code."&id=".$row['id']; 26 | $body = 'A password reset has been requested for your account.

If you didn\'t request this, please ignore this email.

To reset you password, please click on this link: '.$link.''; 27 | $misc->send_mail($row['email'],$email_recovery_subject,$body); 28 | $query = "UPDATE $user_table SET mail_reset_code='$code' WHERE id='".$row['id']."'"; 29 | $db->query($query); 30 | print "An email with a reset link has been sent to your mailbox.
"; 31 | } 32 | else 33 | print "No email has been added to this account.
"; 34 | } 35 | else 36 | print "No email has been added to this account.
"; 37 | } 38 | if(isset($_GET['code']) && $_GET['code'] != "" && isset($_GET['id']) && $_GET['id'] != "" && is_numeric($_GET['id'])) 39 | { 40 | $id = $db->real_escape_string($_GET['id']); 41 | $code = $db->real_escape_string($_GET['code']); 42 | $query = "SELECT id FROM $user_table WHERE id='$id' AND mail_reset_code='$code' LIMIT 1"; 43 | $result = $db->query($query) or die($db->error); 44 | if($result->num_rows > 0) 45 | { 46 | $_SESSION['reset_code'] = $code; 47 | $_SESSION['tmp_id'] = $id; 48 | echo '
49 | 53 | 56 |
50 | Enter your new password: 51 | 52 |
54 | 55 |
57 |
'; 58 | } 59 | else 60 | { 61 | print "Invalid reset link.
"; 62 | } 63 | } 64 | if(isset($_POST['new_password']) && $_POST['new_password'] != "" && isset($_SESSION['tmp_id']) && $_SESSION['tmp_id'] != "" && is_numeric($_SESSION['tmp_id']) && isset($_SESSION['reset_code']) && $_SESSION['reset_code'] != "") 65 | { 66 | $code = $db->real_escape_string($_SESSION['reset_code']); 67 | $id = $db->real_escape_string($_SESSION['tmp_id']); 68 | $pass = $db->real_escape_string($_POST['new_password']); 69 | $user = new user(); 70 | $query = "SELECT id FROM $user_table WHERE id='$id' AND mail_reset_code='$code'"; 71 | $result = $db->query($query) or die($db->error); 72 | if($result->num_rows > 0) 73 | { 74 | $user->update_password($id,$pass); 75 | $query = "UPDATE $user_table SET mail_reset_code='' WHERE id='$id' AND mail_reset_code='$code'"; 76 | $db->query($query); 77 | unset($_SESSION['tmp_id']); 78 | unset($_SESSION['reset_code']); 79 | print "Your password has been changed.
"; 80 | } 81 | } 82 | if(!isset($_GET['code']) && $_GET['code'] == "") 83 | { 84 | echo'
85 | 89 | 92 |
86 | Username: 87 | 88 |
90 | 91 |
'; 93 | } 94 | ?> -------------------------------------------------------------------------------- /upgrades/0.1.11/index.php: -------------------------------------------------------------------------------- 1 | gotpermission('is_admin')) 5 | { 6 | $upgrades = "ALTER TABLE $group_table ADD COLUMN alter_notes TINYINT(1) DEFAULT 0"; 7 | $db->query($upgrades) or print $db->error; 8 | $upgrades = "ALTER TABLE $group_table ADD COLUMN can_upload TINYINT(1) DEFAULT 1"; 9 | $db->query($upgrades) or print $db->error; 10 | $upgrades = "ALTER TABLE $tag_history_table ADD COLUMN ip VARCHAR(255) DEFAULT NULL"; 11 | $db->query($upgrades) or print $db->error; 12 | $upgrades = "ALTER TABLE $user_table ADD COLUMN my_tags TEXT DEFAULT NULL"; 13 | $db->query($upgrades) or print $db->error; 14 | $upgrades = "ALTER TABLE $tag_history_table ADD COLUMN total_amount BIGINT(99) UNSIGNED NOT NULL AUTO_INCREMENT AFTER `ip`, ADD PRIMARY KEY (`total_amount`)"; 15 | $db->query($upgrades) or print $db->error; 16 | $upgrades = "ALTER TABLE $forum_topic_table ENGINE=InnoDB"; 17 | $db->query($upgrades) or print $db->error; 18 | $upgrades = "ALTER TABLE $group_table ENGINE=InnoDB"; 19 | $db->query($upgrades) or print $db->error; 20 | $upgrades = "ALTER TABLE $note_table ENGINE=InnoDB"; 21 | $db->query($upgrades) or print $db->error; 22 | $upgrades = "ALTER TABLE $note_history_table ENGINE=InnoDB"; 23 | $db->query($upgrades) or print $db->error; 24 | $upgrades = "ALTER TABLE $parent_child_table ENGINE=InnoDB"; 25 | $db->query($upgrades) or print $db->error; 26 | $upgrades = "ALTER TABLE $user_table ADD COLUMN post_count INTEGER(11) UNSIGNED NOT NULL DEFAULT 0"; 27 | $db->query($upgrades) or print $db->error; 28 | $upgrades = "ALTER TABLE $user_table ADD COLUMN record_score INTEGER(11) UNSIGNED NOT NULL DEFAULT 0"; 29 | $db->query($upgrades) or print $db->error; 30 | $upgrades = "ALTER TABLE $user_table ADD COLUMN comment_count INTEGER(11) UNSIGNED NOT NULL DEFAULT 0"; 31 | $db->query($upgrades) or print $db->error; 32 | $upgrades = "ALTER TABLE $user_table ADD COLUMN tag_edit_count INTEGER(11) UNSIGNED NOT NULL DEFAULT 0"; 33 | $db->query($upgrades) or print $db->error; 34 | $upgrades = "ALTER TABLE $user_table ADD COLUMN forum_post_count INTEGER(11) UNSIGNED NOT NULL DEFAULT 0"; 35 | $db->query($upgrades) or print $db->error; 36 | $upgrades = "ALTER TABLE $user_table ADD COLUMN signup_date VARCHAR(255) DEFAULT NULL"; 37 | $db->query($upgrades) or print $db->error; 38 | $upgrades = "ALTER TABLE $favorites_table ADD COLUMN added INTEGER(11) UNSIGNED NOT NULL DEFAULT 0"; 39 | $db->query($upgrades) or print $db->error; 40 | $upgrades = "ALTER TABLE $comment_table MODIFY COLUMN edited_at INTEGER(11) DEFAULT 0"; 41 | $db->query($upgrades) or print $db->error; 42 | $upgrades = "ALTER TABLE $post_table MODIFY COLUMN owner VARCHAR(255) DEFAULT NULL"; 43 | $db->query($upgrades) or print $db->error; 44 | $upgrades = "ALTER TABLE $post_table MODIFY COLUMN ext VARCHAR(10) DEFAULT NULL"; 45 | $db->query($upgrades) or print $db->error; 46 | $upgrades = "ALTER TABLE $post_table MODIFY COLUMN source VARCHAR(255) DEFAULT NULL"; 47 | $db->query($upgrades) or print $db->error; 48 | $upgrades = "ALTER TABLE $post_table MODIFY COLUMN image VARCHAR(255) DEFAULT NULL"; 49 | $db->query($upgrades) or print $db->error; 50 | $upgrades = "ALTER TABLE $post_table MODIFY COLUMN title VARCHAR(255) DEFAULT NULL"; 51 | $db->query($upgrades) or print $db->error; 52 | $upgrades = "ALTER TABLE $post_table DROP COLUMN local_copy"; 53 | $db->query($upgrades) or print $db->error; 54 | $upgrades = "CREATE TABLE IF NOT EXISTS $banned_ip_table ( 55 | `id` int(11) NOT NULL AUTO_INCREMENT, 56 | `ip` varchar(255) DEFAULT NULL, 57 | `user` text, 58 | `reason` text, 59 | `date_added` int(11) DEFAULT NULL, 60 | PRIMARY KEY (`id`), 61 | UNIQUE KEY `ip` (`ip`) 62 | ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8"; 63 | $db->query($upgrades) or print $db->error; 64 | $upgrades ="ALTER TABLE $tag_history_table ADD COLUMN active BOOLEAN NOT NULL DEFAULT 1"; 65 | $db->query($upgrades) or print $db->error; 66 | print "

Upgrades complete."; 67 | } 68 | ?> -------------------------------------------------------------------------------- /classes/comment.class.php: -------------------------------------------------------------------------------- 1 | = 3) 15 | { 16 | $comment = $db->real_escape_string(htmlentities($comment,ENT_QUOTES,'UTF-8')); 17 | $now_time = time(); 18 | $query = "INSERT INTO $comment_table(comment, ip, user, posted_at, post_id) VALUES('$comment', '$ip', '$username', '$now_time', '$post_id')"; 19 | $db->query($query) or die($db->error); 20 | $query = "UPDATE $post_table SET last_comment=NOW() WHERE id='$post_id'"; 21 | $db->query($query); 22 | $query = "UPDATE $post_count_table SET pcount=pcount+1 WHERE access_key = 'comment_count'"; 23 | $db->query($query); 24 | if($user != "Anonymous") 25 | { 26 | $query = "UPDATE $user_table SET comment_count = comment_count+1 WHERE id='$user_id'"; 27 | $db->query($query); 28 | } 29 | } 30 | } 31 | //Edit comments, there is a limit to how many minutes you have to comment as well as a 3 character minimum. 32 | function edit($comment,$comment_id,$user) 33 | { 34 | global $db, $comment_table, $edit_limit; 35 | $len = strlen($comment); 36 | $count = substr_count($comment, ' ', 0, $len); 37 | if($comment != "" && ($len - $count) >= 3) 38 | { 39 | $comment = $db->real_escape_string(htmlentities($comment,ENT_QUOTES,'UTF-8')); 40 | $comment_id = $db->real_escape_string($comment_id); 41 | $query = "SELECT posted_at FROM $comment_table WHERE id = '$comment_id' LIMIT 1"; 42 | $result = $db->query($query); 43 | $row = $result->fetch_assoc(); 44 | $posted_at = $row['posted_at']; 45 | $edit_limit = ($edit_limit * 60) + $posted_at; 46 | $query = "UPDATE $comment_table SET comment ='$comment', edited_at='".time()."' WHERE user='$user' AND id='$comment_id' AND posted_at <= '$edit_limit'"; 47 | $db->query($query); 48 | } 49 | } 50 | //Just the voting function. Nothing much needed to be edited here unless you want to change the vote score values... 51 | function vote($cid,$vote,$user,$id,$user_id) 52 | { 53 | global $db, $comment_vote_table, $comment_table; 54 | $id = $db->real_escape_string($id); 55 | $cid = $db->real_escape_string($cid); 56 | $user_id = $db->real_escape_string($user_id); 57 | $user = $db->real_escape_string(htmlentities($user, ENT_QUOTES, "UTF-8")); 58 | $vote = $db->real_escape_string($vote); 59 | $ip = $db->real_escape_string($_SERVER['REMOTE_ADDR']); 60 | $query_part = ""; 61 | if($user != "Anonymous") 62 | $query_part = " OR comment_id='$cid' AND post_id='$id' AND user_id='".$user_id."'"; 63 | $query = "SELECT comment_id FROM $comment_vote_table WHERE comment_id='$cid' AND post_id='$id' AND ip='$ip'".$query_part; 64 | $result = $db->query($query); 65 | $count = $result->num_rows; 66 | $result->free_result(); 67 | if($count == 0) 68 | { 69 | if($vote == "up") 70 | $query = "UPDATE $comment_table SET score=score+1 WHERE id='$cid'"; 71 | else 72 | $query = "UPDATE $comment_table SET score=score-1 WHERE id='$cid'"; 73 | $db->query($query); 74 | $query = "INSERT INTO $comment_vote_table(ip,post_id,comment_id) VALUES('$ip', '$id', '$cid')"; 75 | $db->query($query); 76 | } 77 | $query = "SELECT score FROM $comment_table WHERE id='$cid'"; 78 | $result = $db->query($query); 79 | $row = $result->fetch_assoc(); 80 | echo $row['score']; 81 | } 82 | 83 | //How many comments are set for this page, sub page, and post id? 84 | function count($id,$page,$sub) 85 | { 86 | global $db, $comment_table; 87 | $id = $db->real_escape_string($id); 88 | if($page == "post" && $sub == "view") 89 | $query = "SELECT id FROM $comment_table WHERE post_id='$id'"; 90 | $result = $db->query($query); 91 | return $result->num_rows; 92 | } 93 | } 94 | ?> -------------------------------------------------------------------------------- /admin/reported_comments.php: -------------------------------------------------------------------------------- 1 | real_escape_string($_GET['unreport']); 8 | $query = "UPDATE $comment_table SET spam='0' WHERE id='$comment_id'"; 9 | if($db->query($query)) 10 | { 11 | $cache = new cache(); 12 | $query = "SELECT post_id FROM $comment_table WHERE id='$comment_id'"; 13 | $result = $db->query($query); 14 | $row = $result->fetch_assoc(); 15 | $cache->destroy_page_cache("cache/".$row['post_id']); 16 | $cache->create_page_cache("cache/".$row['post_id']); 17 | echo '
Unflagged comment!
'; 18 | } 19 | } 20 | echo '
'; 21 | //number of reports/page 22 | $limit = 50; 23 | //number of pages to display. number - 1. ex: for 5 value should be 4 24 | $page_limit = 4; 25 | 26 | if(isset($_GET['pid']) && $_GET['pid'] != "" && is_numeric($_GET['pid']) && $_GET['pid'] >= 0) 27 | $page = $db->real_escape_string($_GET['pid']); 28 | else 29 | $page = 0; 30 | $query = "SELECT COUNT(*) FROM $comment_table WHERE spam='1' ORDER BY id ASC"; 31 | $result = $db->query($query); 32 | $row = $result->fetch_assoc(); 33 | $numrows = $row['COUNT(*)']; 34 | if($numrows == 0) 35 | print "

No reports found.

"; 36 | else 37 | { 38 | $pages = intval($numrows/$limit); 39 | if ($numrows%$limit) 40 | $pages++; 41 | $current = ($page/$limit) + 1; 42 | if ($pages < 1 || $pages == 0 || $pages == "") 43 | $total = 1; 44 | else 45 | $total = $pages; 46 | $first = $page + 1; 47 | if (!((($page + $limit) / $limit) >= $pages) && $pages != 1) 48 | $last = $page + $limit; 49 | else 50 | $last = $numrows; 51 | $query = "SELECT id, comment, ip, user, posted_at, score, post_id FROM $comment_table WHERE spam='1' ORDER BY id LIMIT $page, $limit"; 52 | $result = $db->query($query); 53 | while($row = $result->fetch_assoc()) 54 | { 55 | $user = $row['user']; 56 | $date = $row['posted_at']; 57 | $date = date("M d, y | g:i a",$date); 58 | if($user == "Anonymous") 59 | $user = 'Anonymous'; 60 | else 61 | $user = ''.$user.''; 62 | 63 | echo ''; 64 | } 65 | $result->free_result(); 66 | echo '
Remove?Post ID:Comment:Score:Date Posted:Unflag:
Remove'.$row['post_id'].' '.$row['reason'].''.htmlentities($row['comment']).' - '.$row['ip'].' '.$user.'
'.$row['score'].'
'.$date.'Unflag



'; 67 | if($page == 0) 68 | $start = 1; 69 | else 70 | $start = ($page/$limit) + 1; 71 | $tmp_limit = $start + $page_limit; 72 | if($tmp_limit > $pages) 73 | $tmp_limit = $pages; 74 | if($pages > $page_limit) 75 | $lowerlimit = $pages - $page_limit; 76 | if($start > $lowerlimit) 77 | $start = $lowerlimit; 78 | $lastpage = $limit*($pages - 1); 79 | if($page != 0 && !((($page+$limit) / $limit) > $pages)) 80 | { 81 | // Don't show back link if current page is first page. 82 | $back_page = $page - $limit; 83 | echo '<< <'; 84 | } 85 | for($i=$start; $i <= $tmp_limit; $i++) // loop through each page and give link to it. 86 | { 87 | $ppage = $limit*($i - 1); 88 | if($ppage >= 0) 89 | { 90 | if($ppage == $page) 91 | echo ''.$i.' '; 92 | else 93 | echo ''.$i.''; 94 | } 95 | } 96 | if (!((($page+$limit) / $limit) >= $pages) && $pages != 1) 97 | { 98 | // If last page don't give next link. 99 | $next_page = $page + $limit; 100 | echo '> >>'; 101 | } 102 | } 103 | ?> 104 |
-------------------------------------------------------------------------------- /includes/dapi.php: -------------------------------------------------------------------------------- 1 | ') !== false) 15 | $tags = str_replace(">", ">", $tags); 16 | if(strpos($tags,'<') !== false) 17 | $tags = str_replace("<", "<", $tags); 18 | if(strpos($tags,"'") !== false) 19 | $tags = str_replace("'", "'", $tags); 20 | if(strpos($tags,'"') !== false) 21 | $tags = str_replace('"', """, $tags); 22 | if(strpos($tags,'\r') !== false) 23 | $tags = str_replace('\r', "", $tags); 24 | return $tags; 25 | } 26 | 27 | function getUserID($name) 28 | { 29 | global $db, $user_table; 30 | $result = $db->query("SELECT id FROM $user_table WHERE user='$name' LIMIT 1"); 31 | 32 | if ($result) 33 | $user_id = $result->fetch_assoc()['id']; 34 | else 35 | $user_id = ''; 36 | 37 | if ($user_id == 0) 38 | $user_id = ''; 39 | 40 | return $user_id; 41 | } 42 | 43 | function createPostObject($row) { 44 | global $site_url, $image_folder, $thumbnail_url, $post, $misc; 45 | $file_url = $site_url.'/'.$image_folder.'/'.$row['directory'].'/'.$row['image']; 46 | 47 | $parent_id = $row['parent']; 48 | if ($parent_id == 0) 49 | $parent_id = ''; 50 | 51 | return array('post' => array ( 52 | 'width' => $row['width'], 53 | 'height' => $row['height'], 54 | 'sample_width' => $row['width'], 55 | 'sample_height' => $row['height'], 56 | 'preview_width' => '150px', 57 | 'preview_height' => '150px', 58 | 'score' => $row['score'], 59 | 'file_url' => $file_url, 60 | 'sample_url' => $file_url, 61 | 'parent_id' => $parent_id, 62 | 'preview_url' => $thumbnail_url.$misc->getThumb($row['image'], $row['directory']), 63 | 'rating' => strtolower(substr($row['rating'], 0, 1)), 64 | 'tags' => fixTags($row['tags']), 65 | 'id' => $row['id'], 66 | // 'change' => 'UNIMPLEMENTED', 67 | 'md5' => $row['hash'], 68 | 'creator_id' => getUserID($row['owner']), 69 | 'created_at' => $row['creation_date'], 70 | // 'status' => 'UNIMPLEMENTED', 71 | 'source' => $row['source'], 72 | 'has_notes' => $post->has_notes($row['id']), 73 | 'has_comments' => !empty($row['last_comment']), 74 | 'has_children' => $post->has_children($row['id']) 75 | )); 76 | } 77 | 78 | function createPostXML($row) 79 | { 80 | global $site_url, $image_folder, $thumbnail_url, $post, $misc; 81 | $parent_id = $row['parent']; 82 | if ($parent_id == 0) 83 | $parent_id = ''; 84 | 85 | $has_notes = $post->has_notes($row['id']); 86 | if ($has_notes) 87 | $has_notes = 'true'; 88 | else 89 | $has_notes = 'false'; 90 | 91 | $has_comments = !empty($row['last_comment']); 92 | if ($has_comments) 93 | $has_comments = 'true'; 94 | else 95 | $has_comments = 'false'; 96 | 97 | $has_children = $post->has_children($row['id']); 98 | if ($has_children) 99 | $has_children = 'true'; 100 | else 101 | $has_children = 'false'; 102 | 103 | $file_url = $site_url.'/'.$image_folder.'/'.$row['directory'].'/'.$row['image']; 104 | return ''."\r\n"; 105 | } 106 | 107 | if ($_GET['q'] == "index") { 108 | require "includes/api_list.php"; 109 | } else if ($_GET['q'] == "view") { 110 | require "includes/api_view.php"; 111 | } else { 112 | die("{'error':'q not defined'}"); 113 | } 114 | } 115 | else 116 | die("{'error':'s not defined.'}"); 117 | ?> -------------------------------------------------------------------------------- /includes/forum/forum_list.php: -------------------------------------------------------------------------------- 1 | 13 | 14 | 15 | 16 | '; 17 | if(isset($_GET['pid']) && $_GET['pid'] != "" && is_numeric($_GET['pid']) && $_GET['pid'] >= 0) 18 | $page = $db->real_escape_string($_GET['pid']); 19 | else 20 | $page = 0; 21 | if(isset($_GET['query'])) 22 | $search = $db->real_escape_string($_GET['query']); 23 | else 24 | $search = ''; 25 | $user = new user(); 26 | if($search != "") 27 | { 28 | $tmp = explode(" ",$search); 29 | $rsearch = '&query='.$search; 30 | $search = ''; 31 | foreach($tmp as $current) 32 | { 33 | $search .= "'\"$current\"' "; 34 | } 35 | $search .= 'IN BOOLEAN MODE'; 36 | } 37 | else 38 | $rsearch = ''; 39 | if($search != '') 40 | $query = "SELECT COUNT(*) FROM $forum_topic_table as t1 JOIN $forum_post_table AS t2 ON (MATCH(t2.post) AGAINST($search)>0.5)"; 41 | else 42 | $query = "SELECT COUNT(*) FROM $forum_topic_table"; 43 | $result = $db->query($query); 44 | $row = $result->fetch_assoc(); 45 | $numrows = $row['COUNT(*)']; 46 | if($search != "") 47 | $query = "SELECT t1.id, t1.topic, t1.last_updated, t1.priority, t1.author FROM $forum_topic_table AS t1 JOIN $forum_post_table AS t2 ON (MATCH(t2.post) AGAINST($search)>0.5) ORDER BY t1.priority DESC, t1.last_updated DESC LIMIT $page, $limit"; 48 | else 49 | $query = "SELECT id, topic, last_updated, author, locked, priority FROM $forum_topic_table ORDER BY priority DESC, last_updated DESC LIMIT $page, $limit"; 50 | $result = $db->query($query) or die($db->error()); 51 | if($user->gotpermission('delete_forum_topics') || $user->gotpermission('pin_forum_topics')) 52 | print ''; 53 | echo ''; 54 | while($row = $result->fetch_assoc()) 55 | { 56 | $que = "SELECT COUNT(*) FROM $forum_post_table WHERE topic_id='".$row['id']."'"; 57 | $res = $db->query($que) or die($db->error()); 58 | $ret = $res->fetch_assoc(); 59 | $replies = $ret['COUNT(*)']-1; 60 | $date_now = $misc->date_words($row['last_updated']); 61 | $sticky = ""; 62 | $locked = ""; 63 | if($row['priority'] =="1") 64 | $sticky ="Sticky: "; 65 | if($row['locked']=="1") 66 | $locked =' (locked)'; 67 | 68 | print ''; 69 | print ''; 70 | if($row['priority'] == 0) 71 | { 72 | if($user->gotpermission('pin_forum_topics')) 73 | print ''; 82 | echo ''; 83 | } 84 | echo '
TitleCreated byUpdatedRepliesTools
'.$sticky.''.$row['topic'].''.$locked.''.$row['author'].''.$date_now.''.$replies.'Pin | '; 74 | } 75 | else 76 | { 77 | if($user->gotpermission('pin_forum_topics')) 78 | print 'Unpin | '; 79 | } 80 | if($user->gotpermission('delete_forum_topics')) 81 | print ' Delete
'; 85 | $misc = new misc(); 86 | print $misc->pagination($_GET['page'],$_GET['s'],$row['id'],$limit,$page_limit,$numrows,$_GET['pid'],$_GET['tags'],$_GET['query']); 87 | echo '

101 | -------------------------------------------------------------------------------- /includes/account_options.php: -------------------------------------------------------------------------------- 1 | session_tags($_POST['my_tags']); 64 | $new_my_tags = $_POST['my_tags']; 65 | if($user->check_log()) 66 | { 67 | $my_tags = $db->real_escape_string($_POST['my_tags']); 68 | $query = "UPDATE $user_table SET my_tags = '$my_tags' WHERE id = '$checked_user_id'"; 69 | $db->query($query); 70 | } 71 | } 72 | else 73 | { 74 | setcookie("tags",'',time()-60*60*24*365); 75 | $new_my_tags = " "; 76 | } 77 | } 78 | header("Cache-Control: store, cache"); 79 | header("Pragma: cache"); 80 | require "includes/header.php"; 81 | ?> 82 |
83 |
84 |

Separate individual tags and users with spaces. You must have cookies and JavaScript enabled in order for filtering to work. Note that the user blacklist is case sensitive.

85 | 86 |
87 | 88 | 93 | 98 | 103 | 108 |
89 |

Any post containing a blacklisted tag will be ignored. Note that you can also blacklist ratings.

90 | 		91 | 92 |
94 |

Any post or comment from a blacklisted user will be ignored.

95 | 		96 | "/> 97 |
99 |

Any comment with a score below this will be ignored.

100 | 		101 | "/> 102 |
104 |

Any post with a score below this will be ignored.

105 | 		106 | "/> 107 |
109 | 110 |

These will be accessible when you add or edit a post.

111 | 		112 | 113 |
114 |
115 |
116 | 117 |
118 |
-------------------------------------------------------------------------------- /includes/forum/forum_add.php: -------------------------------------------------------------------------------- 1 | real_escape_string($_SERVER['REMOTE_ADDR']); 4 | if($user->banned_ip($ip)) 5 | { 6 | print "Action failed: ".$row['reason']; 7 | exit; 8 | } 9 | if(!$user->check_log()) 10 | { 11 | header("Location:index.php?page=reg"); 12 | exit; 13 | } 14 | $add_forum_count = "UPDATE $user_table SET forum_post_count = forum_post_count+1 WHERE id='$checked_user_id'"; 15 | if(isset($_GET['t']) && $_GET['t'] == "post") 16 | { 17 | if(isset($_GET['pid']) && is_numeric($_GET['pid']) && isset($_POST['conf']) && $_POST['conf'] == 1) 18 | { 19 | $title = $db->real_escape_string(htmlentities($_POST['title'], ENT_QUOTES, 'UTF-8')); 20 | $post = $db->real_escape_string(htmlentities($_POST['post'], ENT_QUOTES, 'UTF-8')); 21 | $pid = $db->real_escape_string($_GET['pid']); 22 | $limit = $db->real_escape_string($_POST['l']); 23 | $uid = $checked_user_id; 24 | $query = "SELECT locked FROM $forum_topic_table WHERE id='$pid'"; 25 | $result = $db->query($query) or die($db->error); 26 | $row = $result->fetch_assoc(); 27 | if($row['locked'] == true) 28 | { 29 | header("HTTP/1.1 404 Not Found"); 30 | exit; 31 | } 32 | $query = "SELECT forum_can_post FROM $user_table WHERE id='$uid'"; 33 | $result = $db->query($query) or die($db->error); 34 | $row = $result->fetch_assoc(); 35 | $user = $checked_username; 36 | $can_post = $row['forum_can_post']; 37 | if($can_post == false) 38 | { 39 | header("HTTP/1.1 404 Not Found"); 40 | exit; 41 | } 42 | $query = "INSERT INTO $forum_post_table(title, post, author, creation_date, topic_id) VALUES('$title', '$post', '$user', '".mktime()."', '$pid')"; 43 | $db->query($query) or die($db->error); 44 | $query = "SELECT LAST_INSERT_ID() as id FROM $forum_post_table"; 45 | $result = $db->query($query) or die($db->error); 46 | $row = $result->fetch_assoc(); 47 | $id = $row['id']; 48 | $result->free_result(); 49 | $query = "UPDATE $forum_topic_table SET last_updated='".mktime()."' WHERE id='$pid'"; 50 | $db->query($query) or die($db->error); 51 | $db->query($add_forum_count); 52 | $query = "SELECT COUNT(*) FROM $forum_post_table WHERE topic_id='$pid'"; 53 | $result = $db->query($query) or die($db->error); 54 | $row = $result->fetch_assoc(); 55 | $numrows = $row['COUNT(*)']; 56 | $result->free_result(); 57 | $pages = @intval($numrows/$limit); 58 | if($numrows%$limit>0) 59 | $pages++; 60 | else 61 | $pages = 1; 62 | $ppid = $limit*($pages - 1); 63 | header("Location:index.php?page=forum&s=view&id=$pid&pid=$ppid#$id"); 64 | exit; 65 | } 66 | } 67 | else 68 | { 69 | if(isset($_POST['topic']) && $_POST['topic'] != "" && isset($_POST['post']) && $_POST['post'] != "" && isset($_POST['conf']) && $_POST['conf'] == 1) 70 | { 71 | $topic = $db->real_escape_string(htmlentities($_POST['topic'], ENT_QUOTES, 'UTF-8')); 72 | $post = $db->real_escape_string(htmlentities($_POST['post'], ENT_QUOTES, 'UTF-8')); 73 | $uid = $checked_user_id; 74 | $query = "SELECT forum_can_create_topic FROM $user_table WHERE id='$uid'"; 75 | $result = $db->query($query) or die($db->error); 76 | $row = $result->fetch_assoc(); 77 | $user = $checked_username; 78 | $can_create_topic = $row['forum_can_create_topic']; 79 | if($can_create_topic == false) 80 | { 81 | header("HTTP/1.1 404 Not Found"); 82 | exit; 83 | } 84 | $query = "INSERT INTO $forum_topic_table(topic, author, creation_post, last_updated) VALUES('$topic', '$user', '0', '".mktime()."')"; 85 | $db->query($query) or die($db->error); 86 | $query = "SELECT LAST_INSERT_ID() as id FROM $forum_topic_table"; 87 | $result = $db->query($query) or die($db->error); 88 | $row = $result->fetch_assoc(); 89 | $pid = $row['id']; 90 | $query = "INSERT INTO $forum_post_table(title, post, author, creation_date, topic_id) VALUES('$topic', '$post', '$user', '".mktime()."', '$pid')"; 91 | $db->query($query) or die($db->error); 92 | $db->query($add_forum_count); 93 | $query = "SELECT LAST_INSERT_ID() as id FROM $forum_post_table"; 94 | $result = $db->query($query) or die($db->error); 95 | $row = $result->fetch_assoc(); 96 | $id = $row['id']; 97 | $query = "UPDATE $forum_topic_table SET creation_post='$id' WHERE id='$pid'"; 98 | $db->query($query) or die($db->error); 99 | header("Location:index.php?page=forum&s=view&id=$pid#$id"); 100 | exit; 101 | } 102 | } 103 | require "includes/header.php"; 104 | ?> 105 |
106 | 110 | 114 | 117 |
107 | Topic:
108 | 109 |
111 | Post:
112 | 113 |
115 | 116 |
118 | 119 |
120 | -------------------------------------------------------------------------------- /includes/forum/forum_view.php: -------------------------------------------------------------------------------- 1 | = 0) 12 | $page = $db->real_escape_string($_GET['pid']); 13 | else 14 | $page = 0; 15 | $id = $db->real_escape_string($_GET['id']); 16 | if($user->check_log()) 17 | { 18 | $uname = $checked_username; 19 | $uid = checked_user_id; 20 | } 21 | $query = "SELECT COUNT(*) FROM $forum_post_table WHERE topic_id='$id'"; 22 | $result = $db->query($query); 23 | $row = $result->fetch_assoc(); 24 | $numrows = $row['COUNT(*)']; 25 | $result->free_result(); 26 | if($numrows == 0) 27 | { 28 | header("Location: index.php?page=forum&s=list"); 29 | exit; 30 | } 31 | require "includes/header.php"; 32 | $query = "SELECT t1.id, t1.title, t1.post, t1.author, t1.creation_date, t2.creation_post FROM $forum_post_table AS t1 JOIN $forum_topic_table AS t2 ON t2.id=t1.topic_id WHERE t1.topic_id='$id' ORDER BY id LIMIT $page, $limit"; 33 | $result = $db->query($query) or die(mysql_error()); 34 | print'
'; 35 | while($row = $result->fetch_assoc()) 36 | { 37 | $date_made = $misc->date_words($row['creation_date']); 38 | print '
39 |
'.$row['author'].'
40 | '.$date_made.' 41 |
42 |
'.$row['title'].'
43 |
'.$misc->short_url($misc->swap_bbs_tags($misc->linebreaks($row['post']))).'
44 |
'; 45 | if($uname == $row['author'] || $user->gotpermission('edit_forum_posts')) 46 | echo 'edit |'; 47 | else 48 | echo 'edit |'; 49 | echo ' quote '; 50 | if($user->gotpermission('delete_forum_posts') && $row['id'] != $row['creation_post']) 51 | print ' | remove
'; 52 | if($uname == $row['author'] || $user->gotpermission('edit_forum_posts')) 53 | print ''; 54 | echo '
'; 55 | } 56 | echo '
'; 57 | $misc = new misc(); 58 | print $misc->pagination($_GET['page'],$_GET['s'],$row['id'],$limit,$page_limit,$numrows,$_GET['pid'],$_GET['tags']); 59 | echo '


'; 60 | $query = "SELECT locked FROM $forum_topic_table WHERE id='$id' LIMIT 1"; 61 | $result = $db->query($query) or die(mysql_error()); 62 | $row = $result->fetch_assoc(); 63 | print ($row['locked'] == false) ? 'Reply | ' : ''; 64 | print 'New Topic | Help | Forum Index'; 65 | if($row['locked'] == false) 66 | { 67 | if($user->gotpermission('lock_forum_topics')) 68 | print ' | Lock topic'; 69 | } 70 | else 71 | { 72 | if($user->gotpermission('lock_forum_topics')) 73 | print ' | Unlock topic'; 74 | } 75 | if($row['locked'] == false) 76 | { 77 | echo '


91 | '; 94 | } 95 | ?> 96 |
-------------------------------------------------------------------------------- /script/builder.js: -------------------------------------------------------------------------------- 1 | // script.aculo.us builder.js v1.7.1_beta3, Fri May 25 17:19:41 +0200 2007 2 | 3 | // Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us) 4 | // 5 | // script.aculo.us is freely distributable under the terms of an MIT-style license. 6 | // For details, see the script.aculo.us web site: http://script.aculo.us/ 7 | 8 | var Builder = { 9 | NODEMAP: { 10 | AREA: 'map', 11 | CAPTION: 'table', 12 | COL: 'table', 13 | COLGROUP: 'table', 14 | LEGEND: 'fieldset', 15 | OPTGROUP: 'select', 16 | OPTION: 'select', 17 | PARAM: 'object', 18 | TBODY: 'table', 19 | TD: 'table', 20 | TFOOT: 'table', 21 | TH: 'table', 22 | THEAD: 'table', 23 | TR: 'table' 24 | }, 25 | // note: For Firefox < 1.5, OPTION and OPTGROUP tags are currently broken, 26 | // due to a Firefox bug 27 | node: function(elementName) { 28 | elementName = elementName.toUpperCase(); 29 | 30 | // try innerHTML approach 31 | var parentTag = this.NODEMAP[elementName] || 'div'; 32 | var parentElement = document.createElement(parentTag); 33 | try { // prevent IE "feature": http://dev.rubyonrails.org/ticket/2707 34 | parentElement.innerHTML = "<" + elementName + ">"; 35 | } catch(e) {} 36 | var element = parentElement.firstChild || null; 37 | 38 | // see if browser added wrapping tags 39 | if(element && (element.tagName.toUpperCase() != elementName)) 40 | element = element.getElementsByTagName(elementName)[0]; 41 | 42 | // fallback to createElement approach 43 | if(!element) element = document.createElement(elementName); 44 | 45 | // abort if nothing could be created 46 | if(!element) return; 47 | 48 | // attributes (or text) 49 | if(arguments[1]) 50 | if(this._isStringOrNumber(arguments[1]) || 51 | (arguments[1] instanceof Array) || 52 | arguments[1].tagName) { 53 | this._children(element, arguments[1]); 54 | } else { 55 | var attrs = this._attributes(arguments[1]); 56 | if(attrs.length) { 57 | try { // prevent IE "feature": http://dev.rubyonrails.org/ticket/2707 58 | parentElement.innerHTML = "<" +elementName + " " + 59 | attrs + ">"; 60 | } catch(e) {} 61 | element = parentElement.firstChild || null; 62 | // workaround firefox 1.0.X bug 63 | if(!element) { 64 | element = document.createElement(elementName); 65 | for(attr in arguments[1]) 66 | element[attr == 'class' ? 'className' : attr] = arguments[1][attr]; 67 | } 68 | if(element.tagName.toUpperCase() != elementName) 69 | element = parentElement.getElementsByTagName(elementName)[0]; 70 | } 71 | } 72 | 73 | // text, or array of children 74 | if(arguments[2]) 75 | this._children(element, arguments[2]); 76 | 77 | return element; 78 | }, 79 | _text: function(text) { 80 | return document.createTextNode(text); 81 | }, 82 | 83 | ATTR_MAP: { 84 | 'className': 'class', 85 | 'htmlFor': 'for' 86 | }, 87 | 88 | _attributes: function(attributes) { 89 | var attrs = []; 90 | for(attribute in attributes) 91 | attrs.push((attribute in this.ATTR_MAP ? this.ATTR_MAP[attribute] : attribute) + 92 | '="' + attributes[attribute].toString().escapeHTML().gsub(/"/,'"') + '"'); 93 | return attrs.join(" "); 94 | }, 95 | _children: function(element, children) { 96 | if(children.tagName) { 97 | element.appendChild(children); 98 | return; 99 | } 100 | if(typeof children=='object') { // array can hold nodes and text 101 | children.flatten().each( function(e) { 102 | if(typeof e=='object') 103 | element.appendChild(e) 104 | else 105 | if(Builder._isStringOrNumber(e)) 106 | element.appendChild(Builder._text(e)); 107 | }); 108 | } else 109 | if(Builder._isStringOrNumber(children)) 110 | element.appendChild(Builder._text(children)); 111 | }, 112 | _isStringOrNumber: function(param) { 113 | return(typeof param=='string' || typeof param=='number'); 114 | }, 115 | build: function(html) { 116 | var element = this.node('div'); 117 | $(element).update(html.strip()); 118 | return element.down(); 119 | }, 120 | dump: function(scope) { 121 | if(typeof scope != 'object' && typeof scope != 'function') scope = window; //global scope 122 | 123 | var tags = ("A ABBR ACRONYM ADDRESS APPLET AREA B BASE BASEFONT BDO BIG BLOCKQUOTE BODY " + 124 | "BR BUTTON CAPTION CENTER CITE CODE COL COLGROUP DD DEL DFN DIR DIV DL DT EM FIELDSET " + 125 | "FONT FORM FRAME FRAMESET H1 H2 H3 H4 H5 H6 HEAD HR HTML I IFRAME IMG INPUT INS ISINDEX "+ 126 | "KBD LABEL LEGEND LI LINK MAP MENU META NOFRAMES NOSCRIPT OBJECT OL OPTGROUP OPTION P "+ 127 | "PARAM PRE Q S SAMP SCRIPT SELECT SMALL SPAN STRIKE STRONG STYLE SUB SUP TABLE TBODY TD "+ 128 | "TEXTAREA TFOOT TH THEAD TITLE TR TT U UL VAR").split(/\s+/); 129 | 130 | tags.each( function(tag){ 131 | scope[tag] = function() { 132 | return Builder.node.apply(Builder, [tag].concat($A(arguments))); 133 | } 134 | }); 135 | } 136 | } 137 | -------------------------------------------------------------------------------- /admin/ban_user.php: -------------------------------------------------------------------------------- 1 | gotpermission('is_admin')) 8 | { 9 | print "No permission to access this."; 10 | exit; 11 | } 12 | if(isset($_GET['user_id']) && is_numeric($_GET['user_id'])) 13 | { 14 | $ban_id = $db->real_escape_string($_GET['user_id']); 15 | $query = "SELECT id, user, ip FROM $user_table WHERE id = '$ban_id' LIMIT 1"; 16 | $result = $db->query($query); 17 | $row = $result->fetch_assoc(); 18 | if(!isset($_POST['ban_reason'])) 19 | { 20 | //Are you an idiot who decided to ban themselves? Let's hope not... ;) 21 | if(mb_strtolower($row['user']) == "anonymous" || mb_strtolower($row['user']) == mb_strtolower($checked_username)) 22 | { 23 | print "You really REALLY don't want to do that. Trust me."; 24 | exit; 25 | } 26 | print '
Make note that banning using this tool will check the whole database for all IP addresses associated with this account. This will take a while if you have a really big database. Even then this will take forever. Just sit back.

27 |
28 | 30 | 32 |
29 | User:
31 | Reason:
33 |
34 |
35 |
36 | '; 37 | exit; 38 | } 39 | $ban_reason = $db->real_escape_string($_POST['ban_reason']); 40 | //Let's grab the database values of all three since they are already there. 41 | $ban_id = $db->real_escape_string($row['id']); 42 | $ban_username = $db->real_escape_string($row['user']); 43 | $ban_ip = $db->real_escape_string($row['ip']); 44 | 45 | //These queries could be done with a single join, but why bother making it complicated? 46 | //Multiple simple queries shouldn't be that bad on the server... Right? 47 | print "Now attempting to ban IP address in user table...
"; 48 | flush(); 49 | $query = "INSERT INTO $banned_ip_table(ip,user,reason,date_added) VALUES('$ban_ip','$checked_username','$ban_reason','".time()."')"; 50 | $db->query($query); 51 | 52 | print "Now attempting to ban IP addresses in comment_vote table...
"; 53 | flush(); 54 | $query = "SELECT * FROM $comment_vote_table WHERE user_id = '$ban_id' GROUP BY ip"; 55 | $result = $db->query($query); 56 | while($row = $result->fetch_assoc()) 57 | { 58 | $ban_ip = $db->real_escape_string($row['ip']); 59 | $query = "INSERT INTO $banned_ip_table(ip,user,reason,date_added) VALUES('$ban_ip','$checked_username','$ban_reason','".time()."')"; 60 | $db->query($query); 61 | } 62 | 63 | print "Now attempting to ban IP addresses in comment table...
"; 64 | flush(); 65 | $query = "SELECT * FROM $comment_table WHERE user = '$ban_username' GROUP BY ip"; 66 | $result = $db->query($query); 67 | while($row = $result->fetch_assoc()) 68 | { 69 | $ban_ip = $db->real_escape_string($row['ip']); 70 | $query = "INSERT INTO $banned_ip_table(ip,user,reason,date_added) VALUES('$ban_ip','$checked_username','$ban_reason','".time()."')"; 71 | $db->query($query); 72 | } 73 | 74 | print "Now attempting to ban IP addresses in note table...
"; 75 | flush(); 76 | $query = "SELECT * FROM $note_table WHERE user_id = '$ban_id' GROUP BY ip"; 77 | $result = $db->query($query); 78 | while($row = $result->fetch_assoc()) 79 | { 80 | $ban_ip = $db->real_escape_string($row['ip']); 81 | $query = "INSERT INTO $banned_ip_table(ip,user,reason,date_added) VALUES('$ban_ip','$checked_username','$ban_reason','".time()."')"; 82 | $db->query($query); 83 | } 84 | 85 | print "Now attempting to ban IP addresses in post vote table...
"; 86 | flush(); 87 | $query = "SELECT * FROM $post_vote_table WHERE user_id = '$ban_id' GROUP BY ip"; 88 | $result = $db->query($query); 89 | while($row = $result->fetch_assoc()) 90 | { 91 | $ban_ip = $db->real_escape_string($row['ip']); 92 | $query = "INSERT INTO $banned_ip_table(ip,user,reason,date_added) VALUES('$ban_ip','$checked_username','$ban_reason','".time()."')"; 93 | $db->query($query); 94 | } 95 | 96 | print "Now attempting to ban IP addresses in tag history table...
"; 97 | flush(); 98 | $query = "SELECT * FROM $tag_history_table WHERE user_id = '$ban_id' GROUP BY ip"; 99 | $result = $db->query($query); 100 | while($row = $result->fetch_assoc()) 101 | { 102 | $ban_ip = $db->real_escape_string($row['ip']); 103 | $query = "INSERT INTO $banned_ip_table(ip,user,reason,date_added) VALUES('$ban_ip','$checked_username','$ban_reason','".time()."')"; 104 | $db->query($query); 105 | } 106 | 107 | print "Now attempting to ban IP addresses in post table...
"; 108 | flush(); 109 | $query = "SELECT * FROM $post_table WHERE owner = '$ban_username' ORDER BY id DESC"; 110 | $result = $db->query($query); 111 | while($row = $result->fetch_assoc()) 112 | { 113 | $ban_ip = $db->real_escape_string($row['ip']); 114 | $query = "INSERT INTO $banned_ip_table(ip,user,reason,date_added) VALUES('$ban_ip','$checked_username','$ban_reason','".time()."')"; 115 | $db->query($query); 116 | } 117 | } 118 | else 119 | header('Location:../'); 120 | ?> -------------------------------------------------------------------------------- /includes/favorites.php: -------------------------------------------------------------------------------- 1 | select_domain(); 12 | header("Cache-Control: store, cache"); 13 | header("Pragma: cache"); 14 | require "includes/header.php"; 15 | ?> 16 | 19 | real_escape_string($_GET['id']); 21 | if(isset($_GET['pid']) && $_GET['pid'] != "" && is_numeric($_GET['pid']) && $_GET['pid'] >= 0) 22 | $page = $db->real_escape_string($_GET['pid']); 23 | else 24 | $page = 0; 25 | $query = "SELECT fcount FROM $favorites_count_table WHERE user_id='$id'"; 26 | $result = $db->query($query); 27 | $row = $result->fetch_assoc(); 28 | $numrows = $row['fcount']; 29 | $result->free_result(); 30 | if($numrows < 1) 31 | die("

You have no favorites.

"); 32 | $images = ''; 33 | $query = "SELECT t2.id, t2.image, t2.directory, t2.tags, t2.owner, t2.score, t2.rating FROM $favorites_table as t1 JOIN $post_table AS t2 ON t2.id=t1.favorite WHERE t1.user_id='$id' LIMIT $page, $limit"; 34 | $result = $db->query($query); 35 | while($row = $result->fetch_assoc()) 36 | { 37 | $tags = $row['tags']; 38 | $tags = substr($tags,1,strlen($tags)); 39 | $tags = substr($tags,0,strlen($tags)-1); 40 | $images .= 'image_thumb'; (isset($_COOKIE['user_id']) && $_COOKIE['user_id'] == $id) ? $images .= '
Remove' : $images .= ''; 41 | $images .= ''; 44 | } 45 | $images .= '
46 | 49 |
'; 50 | echo $images; 51 | ob_flush(); 52 | flush(); 53 | $result->free_result(); 54 | print $misc->pagination($_GET['page'],$_GET['s'],$id,$limit,$page_limit,$numrows,$page); 55 | } 56 | else if(isset($_GET['s']) && $_GET['s'] == "list") 57 | { 58 | //List how many users per page that should be here. 59 | //number of images/page 60 | $limit = 50; 61 | //number of pages to display. number - 1. ex: for 5 value should be 4 62 | $page_limit = 6; 63 | header("Cache-Control: store, cache"); 64 | header("Pragma: cache"); 65 | require "includes/header.php"; 66 | echo'
'; 67 | if(isset($_GET['pid']) && $_GET['pid'] != "" && is_numeric($_GET['pid']) && $_GET['pid'] >= 0) 68 | $page = $db->real_escape_string($_GET['pid']); 69 | else 70 | $page = 0; 71 | $query = "SELECT COUNT(*) FROM $favorites_count_table ORDER BY user_id"; 72 | $result = $db->query($query); 73 | $row = $result->fetch_assoc(); 74 | $numrows = $row['COUNT(*)']; 75 | $result->free_result(); 76 | if($numrows < 1) 77 | die("
UserCount

No favorites exists.

"); 78 | $uid = ''; 79 | $query = "SELECT t2.user, t1.user_id, t1.fcount FROM $favorites_count_table AS t1 JOIN $user_table AS t2 ON t2.id=t1.user_id ORDER BY t2.user ASC LIMIT $page, $limit"; 80 | $result = $db->query($query); 81 | while($row = $result->fetch_assoc()) 82 | echo ''.$row['user'].''.$row['fcount'].''; 83 | $result->free_result(); 84 | echo "
"; 85 | print $misc->pagination($_GET['page'],$_GET['s'],$eh,$limit,$page_limit,$numrows,$page); 86 | } 87 | else if(isset($_GET['s']) && $_GET['s'] == "delete" && isset($_GET['id']) && is_numeric($_GET['id'])) 88 | { 89 | $pid = $_GET['pid']; 90 | $id = $db->real_escape_string($_GET['id']); 91 | $user_id = $db->real_escape_string($_COOKIE['user_id']); 92 | $query = "SELECT fcount FROM $favorites_count_table WHERE user_id='$user_id'"; 93 | $result = $db->query($query) or die(mysql_error()); 94 | $row = $result->fetch_assoc(); 95 | $count = $row['fcount']; 96 | $result->free_result(); 97 | if($count > 0) 98 | { 99 | $query = "DELETE FROM $favorites_table WHERE user_id='$user_id' and favorite='$id'"; 100 | $db->query($query) or die(mysql_error()); 101 | $query = "UPDATE $favorites_count_table SET fcount=fcount-1 WHERE user_id='$user_id'"; 102 | $db->query($query) or die(mysql_error()); 103 | } 104 | header("Location:index.php?page=favorites&s=view&id=$user_id&pid=".$pid.""); 105 | exit; 106 | } 107 | ?>
-------------------------------------------------------------------------------- /classes/innodb.search.class.php: -------------------------------------------------------------------------------- 1 | real_escape_string($search); 13 | $tags = ''; 14 | $aliased_tags = ''; 15 | $original_tags = ''; 16 | $parent = ''; 17 | $ttags = explode(" ",$search); 18 | $g_rating = ''; 19 | $g_owner = ''; 20 | $g_tags = ''; 21 | $g_parent = ''; 22 | 23 | foreach($ttags as $current) 24 | { 25 | if(strpos(strtolower($current),'parent:') !== false) 26 | { 27 | $g_parent = str_replace("parent:","",$current); 28 | $parent = " AND id='$g_parent'"; 29 | if(!is_numeric($g_parent)) 30 | $g_parent = ''; 31 | else 32 | $g_parent = " AND parent='$g_parent'"; 33 | $current = ''; 34 | } 35 | if($current != "" && $current != " ") 36 | { 37 | $len = strlen($current); 38 | $count = substr_count($current, '*', 0, $len); 39 | if(($len - $count) >= 2) 40 | { 41 | if(strpos(strtolower($current),'rating:') !== false) 42 | { 43 | $rating = str_replace('rating:','',$current); 44 | if(substr($current,0,1) == "-") 45 | { 46 | $rating = substr($rating,1,strlen($rating)-1); 47 | $rating = ucfirst(strtolower($rating)); 48 | $g_rating .= " AND rating != '$rating'"; 49 | } 50 | else 51 | { 52 | $rating = ucfirst(strtolower($rating)); 53 | $g_rating .= " AND rating = '$rating'"; 54 | } 55 | } 56 | else if(strpos(strtolower($current),'user:') !== false) 57 | { 58 | $owner = str_replace('user:','',$current); 59 | if(substr($current,0,1) == "-") 60 | { 61 | $owner = substr($owner,1,strlen($owner)-1); 62 | $g_owner = " AND owner != '$owner'"; 63 | } 64 | else 65 | $g_owner = " AND owner = '$owner'"; 66 | } 67 | else 68 | { 69 | $tclass = new tag(); 70 | if(substr($current,0,1) == "-") 71 | { 72 | $current = substr($current,1,strlen($current)-1); 73 | $wildcard = strpos($current,"*"); 74 | $alias = $tclass->alias($current); 75 | if($alias !== false) 76 | { 77 | if($wildcard === false) 78 | { 79 | $g_tags2 .= " AND tags NOT LIKE '% $alias %'"; 80 | $g_tags2 .= " AND tags NOT LIKE '% $current %'"; 81 | } 82 | else 83 | { 84 | $g_tags2 .= " AND tags NOT LIKE '% $alias %'"; 85 | $g_tags2 .= " AND tags NOT LIKE '% $current %'"; 86 | } 87 | } 88 | else 89 | { 90 | if($wildcard == false) 91 | $g_tags2 .= " AND tags NOT LIKE '% $current %'"; 92 | else 93 | $g_tags2 .= " AND tags NOT LIKE '% $current %'"; 94 | } 95 | } 96 | else if(substr($current,0,1) == "~") 97 | { 98 | $current = substr($current,1,strlen($current)-1); 99 | $alias = $tclass->alias($current); 100 | if($alias !== false) 101 | { 102 | $g_tags .= $alias; 103 | $g_tags .= $current; 104 | } 105 | else 106 | $g_tags .= $current; 107 | } 108 | else 109 | { 110 | $wildcard = strpos($current,"*"); 111 | $alias = $tclass->alias($current); 112 | if($alias !== false) 113 | $g_tags .= $alias; 114 | else 115 | $g_tags .= str_replace("*","%",$current); 116 | 117 | } 118 | } 119 | } 120 | } 121 | } 122 | if($g_tags != "") 123 | { 124 | if($g_parent != "") 125 | $parent_patch = "OR tags LIKE '% $g_tags %' $parent $g_owner $g_rating"; 126 | else 127 | $parent_patch = " AND parent='0'"; 128 | $query = "SELECT id, image, directory, score, rating, tags, owner FROM $post_table WHERE tags LIKE '% $g_tags %' $g_tags2 $g_parent $g_owner $g_rating $parent_patch ORDER BY id DESC"; 129 | } 130 | else if($g_parent != "" || $g_owner != "" || $g_rating != "") 131 | { 132 | if($g_parent != "") 133 | { 134 | $g_parent = str_replace('AND',"",$g_parent); 135 | $parent = substr($parent,4,strlen($parent)); 136 | $parent_patch = "OR $parent $g_owner $g_rating"; 137 | } 138 | else if($g_owner != "") 139 | $g_owner = str_replace('AND',"",$g_owner); 140 | else if($g_rating != "") 141 | $g_rating = substr($g_rating,4,strlen($g_rating)); 142 | if($g_parent == "") 143 | $parent_patch = " AND parent='0'"; 144 | $query = "SELECT id, image, directory, score, rating, tags, owner FROM $post_table WHERE $g_parent $g_owner $g_rating $parent_patch ORDER BY id DESC"; 145 | } 146 | else 147 | { 148 | $count = substr_count($search, '*', 0, strlen($search)); 149 | if(strlen($search)-$count > 0) 150 | { 151 | $res = str_replace("*","",$search); 152 | $query = "SELECT id, image, directory, score, rating, tags, owner FROM $post_table WHERE tags LIKE '% $res %' ORDER BY id DESC"; 153 | } 154 | else 155 | $query = "SELECT id, image, directory, score, rating, tags, owner FROM $post_table ORDER BY id DESC"; 156 | } 157 | return $query; 158 | } 159 | 160 | function search_tags_count($search) 161 | { 162 | global $post_table; 163 | $date = date("Ymd"); 164 | $query = "SELECT COUNT(*) FROM $post_table".$search; 165 | return $query; 166 | } 167 | 168 | function search_tags($search,$condition) 169 | { 170 | global $post_table; 171 | $date = date("Ymd"); 172 | $query = "SELECT id, image, directory, score, rating, tags, owner FROM $post_table".$search.$condition; 173 | return $query; 174 | } 175 | } 176 | ?> -------------------------------------------------------------------------------- /classes/user.class.php: -------------------------------------------------------------------------------- 1 | real_escape_string($user); 23 | $query = "SELECT COUNT(*) FROM $user_table WHERE user='$user'"; 24 | $result = $db->query($query) or die($db->error); 25 | $row = $result->fetch_assoc(); 26 | if($row['COUNT(*)'] == 0 && strtolower($user) != "anonymous" && strtolower($user) != "admin") 27 | return false; 28 | else 29 | return true; 30 | } 31 | 32 | function signup($user,$pass,$email="") 33 | { 34 | global $db, $user_table, $group_table; 35 | if(strpos($user,' ') !== false || strpos($user,' ') !== false || strpos($user,';') !== false || strpos($user,',') !== false || strlen($user) < 3) 36 | return false; 37 | if($this->user_exists($user)) 38 | return false; 39 | $user = $db->real_escape_string($user); 40 | $pass = $db->real_escape_string($pass); 41 | $email = $db->real_escape_string($email); 42 | $query = "SELECT id FROM $group_table WHERE default_group=TRUE"; 43 | $result = $db->query($query) or die($db->error); 44 | $row = $result->fetch_assoc(); 45 | $gid = $row['id']; 46 | $result->free_result(); 47 | $ip = $db->real_escape_string($_SERVER['REMOTE_ADDR']); 48 | $query = "INSERT INTO $user_table(user, pass, email, ip, ugroup, mail_reset_code, signup_date) VALUES('$user', '".$this->hashpass($pass)."', '$email', '$ip', '$gid', '', NOW())"; 49 | $result = $db->query($query) or die($db->error); 50 | if($result) 51 | return true; 52 | else 53 | return false; 54 | } 55 | 56 | function login($user, $pass) 57 | { 58 | global $db, $site_url, $user_table; 59 | $user = $db->real_escape_string($user); 60 | $pass = $db->real_escape_string($pass); 61 | $pass = $this->hashpass($pass); 62 | $query = "SELECT * FROM $user_table WHERE user='$user' AND pass='$pass'"; 63 | $result = $db->query($query); 64 | if($result->num_rows == 1) 65 | { 66 | $row = $result->fetch_assoc(); 67 | setcookie("user_id",$row['id'],time()+60*60*24*365); 68 | setcookie("pass_hash",$pass,time()+60*60*24*365); 69 | $this->session_tags($row['my_tags']); 70 | if(!isset($_COOKIE['tag_blacklist']) && $row['tags'] != "") 71 | setcookie("tag_blacklist",$row['tags'],time()+60*60*24*365); 72 | return true; 73 | } 74 | else 75 | return false; 76 | } 77 | 78 | function session_tags($tags) { 79 | setcookie("tags",str_replace(" ","%20",str_replace("'","'",$tags)),time()+60*60*24*365); 80 | } 81 | 82 | function logout() 83 | { 84 | global $site_url; 85 | setcookie("user_id","",time()-60*60*24*365); 86 | setcookie("pass_hash","",time()-60*60*24*365); 87 | setcookie("tags","",time()-60*60*24*365); 88 | header('Location: index.php?page=account&s=home'); 89 | } 90 | 91 | function check_log() 92 | { 93 | global $db, $user_table, $checked_username, $checked_user_id, $checked_user_group; 94 | $id = $db->real_escape_string($_COOKIE['user_id']); 95 | $pass_hash = $db->real_escape_string($_COOKIE['pass_hash']); 96 | $query = "SELECT * FROM $user_table WHERE id='$id' AND pass='$pass_hash'"; 97 | $result = $db->query($query); 98 | $row = $result->fetch_assoc(); 99 | if($result->num_rows == 1) 100 | { 101 | $checked_username = $row['user']; 102 | $checked_user_id = $row['id']; 103 | $checked_user_group = $row['ugroup']; 104 | return true; 105 | } 106 | else 107 | { 108 | $checked_username = "Anonymous"; 109 | $checked_user_id = "0"; 110 | return false; 111 | } 112 | } 113 | 114 | function gotpermission($column) 115 | { 116 | global $db, $user_table, $group_table, $checked_user_group; 117 | if($this->check_log()) 118 | { 119 | $ugroup = $checked_user_group; 120 | $query = "SELECT $column FROM $group_table WHERE id='$ugroup'"; 121 | $result = $db->query($query) or die($db->error); 122 | $row = $result->fetch_assoc(); 123 | if($row[''.$column.''] == true) 124 | return true; 125 | else 126 | return false; 127 | } 128 | else 129 | return false; 130 | } 131 | 132 | function loadpermissions() 133 | { 134 | if(isset($_COOKIE['user_id'])) 135 | { 136 | global $db, $group_table, $user_table; 137 | $user_id = $db->real_escape_string($_COOKIE['user_id']); 138 | $query = "SELECT * FROM $group_table AS t1 JOIN $user_table AS t2 ON t2.id='$user_id' where t1.id=t2.ugroup"; 139 | $result = $db->query($query); 140 | $row = $result->fetch_assoc(); 141 | return $row; 142 | } 143 | else 144 | { 145 | global $db, $group_table; 146 | $user_id = $db->real_escape_string($_COOKIE['user_id']); 147 | $query = "SELECT * FROM $group_table where default_group=true"; 148 | $result = $db->query($query); 149 | $row = $result->fetch_assoc(); 150 | return $row; 151 | } 152 | } 153 | 154 | function update_password($id, $pass) 155 | { 156 | global $db, $user_table; 157 | $pass = $this->hashpass($pass); 158 | $query = "UPDATE $user_table SET pass='$pass' WHERE id='$id'"; 159 | if($db->query($query)) 160 | return true; 161 | else 162 | return false; 163 | } 164 | 165 | function banned_ip($ip) 166 | { 167 | global $db, $banned_ip_table, $row; 168 | $query = "SELECT * FROM $banned_ip_table WHERE ip='$ip' LIMIT 1"; 169 | $result = $db->query($query); 170 | $row = $result->fetch_assoc(); 171 | if($result->num_rows == 1) 172 | return true; 173 | else 174 | return false; 175 | } 176 | 177 | } 178 | ?> -------------------------------------------------------------------------------- /batch_add.php: -------------------------------------------------------------------------------- 1 |
"; 9 | //Scan directory for folders. Exclude . and .. 10 | foreach($folders as $folder) 11 | { 12 | if(is_dir($path.$folder) && $folder !="." && $folder !="..") 13 | { 14 | $cur_folder[] = $folder; 15 | $tags2[] = $folder; 16 | } 17 | } 18 | $i = 0; 19 | foreach($cur_folder as $current_folder) 20 | { 21 | //Check for images in folder and add them one by one. 22 | $files = scandir($path.$current_folder); 23 | foreach($files as $file) 24 | { 25 | $extension = explode(".",$file); 26 | if($extension['1'] == "jpg" || $extension['1'] == "jpeg" || $extension['1'] == "png" || $extension['1'] == "bmp" || $extension['1'] == "gif") 27 | { 28 | $uploaded_image = false; 29 | //Extension looks good, toss it through the image processing section. 30 | $dl_url = $site_url.$path.rawurlencode($current_folder)."/".rawurlencode($file); 31 | $iinfo = $image->getremoteimage($dl_url); 32 | if($iinfo === false) 33 | $error = $image->geterror()."
Could not add the image."; 34 | else 35 | $uploaded_image = true; 36 | //Ok, download of image was successful! (yay?) 37 | if($uploaded_image == true) 38 | { 39 | $iinfo = explode(":",$iinfo); 40 | $tclass = new tag(); 41 | $misc = new misc(); 42 | $ext = strtolower(substr($iinfo[1],-4,10000)); 43 | $source = $db->real_escape_string(htmlentities($_POST['source'],ENT_QUOTES,'UTF-8')); 44 | $title = $db->real_escape_string(htmlentities($_POST['title'],ENT_QUOTES,'UTF-8')); 45 | $tags = strtolower($db->real_escape_string(str_replace('%','',htmlentities($tags2[$i],ENT_QUOTES,'UTF-8')))); 46 | $ttags = explode(" ",$tags); 47 | $tag_count = count($ttags); 48 | if($tag_count == 0) 49 | $ttags[] = "tagme"; 50 | if($tag_count < 5 && strpos($ttags,"tagme") === false) 51 | $ttags[] = "tagme"; 52 | foreach($ttags as $current) 53 | { 54 | if(strpos($current,'parent:') !== false) 55 | { 56 | $current = ''; 57 | $parent = str_replace("parent:","",$current); 58 | if(!is_numeric($parent)) 59 | $parent = ''; 60 | } 61 | if($current != "" && $current != " " && !$misc->is_html($current)) 62 | { 63 | $ttags = $tclass->filter_tags($tags,$current, $ttags); 64 | $alias = $tclass->alias($current); 65 | if($alias !== false) 66 | { 67 | $key_array = array_keys($ttags, $current); 68 | foreach($key_array as $key) 69 | $ttags[$key] = $alias; 70 | } 71 | } 72 | } 73 | $tags = implode(" ",$ttags); 74 | foreach($ttags as $current) 75 | { 76 | if($current != "" && $current != " " && !$misc->is_html($current)) 77 | { 78 | $ttags = $tclass->filter_tags($tags,$current, $ttags); 79 | $tclass->addindextag($current); 80 | $cache = new cache(); 81 | 82 | if(is_dir("$main_cache_dir".""."search_cache/".$current."/")) 83 | { 84 | $cache->destroy_page_cache("search_cache/".$current."/"); 85 | } 86 | else 87 | { 88 | if(is_dir("$main_cache_dir".""."search_cache/".$misc->windows_filename_fix($current)."/")) 89 | $cache->destroy_page_cache("search_cache/".$misc->windows_filename_fix($current)."/"); 90 | } 91 | } 92 | } 93 | asort($ttags); 94 | $tags = implode(" ",$ttags); 95 | $tags = mb_trim($tags); 96 | $tags = " $tags "; 97 | $rating = "Questionable"; 98 | $ip = "127.0.0.1"; 99 | $isinfo = getimagesize("./images/".$iinfo[0]."/".$iinfo[1]); 100 | $query = "INSERT INTO $post_table(creation_date, hash, image, title, owner, height, width, ext, rating, tags, directory, source, active_date, ip) VALUES(NOW(), '".md5_file("./images/".$iinfo[0]."/".$iinfo[1])."', '".$iinfo[1]."', '$title', '$user', '".$isinfo[1]."', '".$isinfo[0]."', '$ext', '$rating', '$tags', '".$iinfo[0]."', '$source', '".date("Ymd")."', '$ip')"; 101 | if(!is_dir("./thumbnails/".$iinfo[0]."/")) 102 | $image->makethumbnailfolder($iinfo[0]); 103 | if(!$image->thumbnail($iinfo[0]."/".$iinfo[1])) 104 | print "Thumbnail generation failed! A serious error occured and the image could not be resized.

"; 105 | if(!$db->query($query)) 106 | { 107 | print "failed to upload image."; 108 | unlink("./images/".$iinfo[0]."/".$iinfo[1]); 109 | $image->folder_index_decrement($iinfo[0]); 110 | $ttags = explode(" ",$tags); 111 | foreach($ttags as $current) 112 | $tclass->deleteindextag($current); 113 | } 114 | else 115 | { 116 | $query = "SELECT id FROM $post_table WHERE hash='".md5_file('./images/'.$iinfo[0]."/".$iinfo[1])."' AND image='".$iinfo[1]."' AND directory='".$iinfo[0]."' LIMIT 1"; 117 | $result = $db->query($query); 118 | $row = $result->fetch_assoc(); 119 | $cache = new cache(); 120 | if($parent != '' && is_numeric($parent)) 121 | { 122 | $parent_check = "SELECT COUNT(*) FROM $post_table WHERE id='$parent'"; 123 | $pres = $db->query($parent_check); 124 | $prow = $pres->fetch_assoc(); 125 | if($prow['COUNT(*)'] > 0) 126 | { 127 | $temp = "INSERT INTO $parent_child_table(parent,child) VALUES('$parent','".$row['id']."')"; 128 | $db->query($temp); 129 | $temp = "UPDATE $post_table SET parent='$parent' WHERE id='".$row['id']."'"; 130 | $db->query($temp); 131 | $cache->destroy("cache/".$parent."/post.cache"); 132 | } 133 | } 134 | if(is_dir("$main_cache_dir".""."cache/".$row['id'])) 135 | $cache->destroy_page_cache("cache/".$row['id']); 136 | $query = "SELECT id FROM $post_table WHERE id < ".$row['id']." ORDER BY id DESC LIMIT 1"; 137 | $result = $db->query($query); 138 | $row = $result->fetch_assoc(); 139 | $cache->destroy_page_cache("cache/".$row['id']); 140 | 141 | $query = "UPDATE $post_count_table SET last_update='20060101' WHERE access_key='posts'"; 142 | $db->query($query); 143 | print "Image added."; 144 | } 145 | } 146 | print "Valid Extension
".$tags2[$i]." | "; 147 | print $file."

"; 148 | } 149 | } 150 | $i++; 151 | } 152 | ?> -------------------------------------------------------------------------------- /includes/account_profile.php: -------------------------------------------------------------------------------- 1 | real_escape_string($_GET['uname']); 13 | $query = "SELECT id FROM $user_table WHERE user='$uname'"; 14 | $result = $db->query($query) or die($db->error); 15 | $row = $result->fetch_assoc(); 16 | $result->close(); 17 | $id = $row['id']; 18 | } 19 | else 20 | $id = $db->real_escape_string($_GET['id']); 21 | $query = "SELECT t1.user, t1.record_score, t1.post_count, t1.comment_count, t1.tag_edit_count, t1.forum_post_count, t1.signup_date, t2.group_name FROM $user_table as t1 JOIN $group_table AS t2 ON t2.id=t1.ugroup WHERE t1.id='$id'"; 22 | $result = $db->query($query) or die($db->error); 23 | $row = $result->fetch_assoc(); 24 | if($result->num_rows == 0) 25 | { 26 | header('Location: index.php?page=post&s=list'); 27 | exit; 28 | } 29 | require 'includes/header.php'; 30 | $result->close(); 31 | $user = $row['user']; 32 | $query = "SELECT fcount FROM $favorites_count_table WHERE user_id='$id'"; 33 | $result = $db->query($query) or die($db->error); 34 | $r = $result->fetch_assoc(); 35 | $result->close(); 36 | ($r == '') ? $row['fcount'] = 0 : $row['fcount'] = $r['fcount']; 37 | ?> 38 |
39 |

gotpermission('is_admin')){echo ' | Ban User';}?>

42 |
43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 |
Join Date
Level 51 | 52 |
Posts
Favorites
Comments
Tag Edits
Forum Posts
75 |
76 | select_domain(); 79 | ?> 80 | 83 |
84 | 85 | 86 |
87 |
88 |

Recent Favorites

89 |
90 | query($query) or die($db->error); 93 | while($row = $result->fetch_assoc()) 94 | { 95 | $query = "SELECT id, directory as dir, image, tags, owner, rating, score FROM $post_table WHERE id='".$row['favorite']."'"; 96 | $res = $db->query($query) or die($db->error); 97 | $r = $res->fetch_assoc(); 98 | ?> 99 | <?php print $r['tags'].' rating:'.$r['rating'].' score:'.$r['score'].' user:'.$r['owner']; ?> 100 | 103 | close(); 105 | } 106 | if($result->num_rows<1) 107 | { 108 | print '

Nobody here but us chickens!

'; 109 | } 110 | ?> 111 |
112 |
113 |
114 |

Recent Uploads »

115 |
116 | query($query) or die($db->error); 119 | while($row = $result->fetch_assoc()) 120 | { 121 | ?> 122 | <?php print $row['tags'].' rating:'.$row['rating'].' score:'.$row['score'].' user:'.$row['owner']; ?> 123 | 126 | num_rows<1) 129 | { 130 | echo '

Nobody here but us chickens!

'; 131 | } 132 | $result->close(); 133 | echo' 136 |
'; 137 | } 138 | ?> -------------------------------------------------------------------------------- /includes/api_list.php: -------------------------------------------------------------------------------- 1 | = 0) 4 | { 5 | $limit = $db->real_escape_string($_GET['limit']); 6 | if ($limit > 100) { 7 | $limit = 100; 8 | } 9 | } 10 | else 11 | $limit = 32; 12 | if(isset($_GET['t']) && $_GET['t'] == 'json') 13 | { 14 | $api_type = 'json'; 15 | } 16 | else 17 | { 18 | $api_type = 'xml'; 19 | } 20 | if(isset($_GET['pid']) && $_GET['pid'] != "" && is_numeric($_GET['pid']) && $_GET['pid'] >= 0) 21 | { 22 | $pid = $db->real_escape_string($_GET['pid']); 23 | $page = $pid * $limit; 24 | } 25 | else 26 | $page = $pid = 0; 27 | $no_cache = null; 28 | $tag_count = null; 29 | //No tags have been searched for so let's check the last_update value to update our main page post count for parent posts. Updated once a day. 30 | if(!isset($_GET['tags']) || isset($_GET['tags']) && $_GET['tags'] == "all" || isset($_GET['tags']) && $_GET['tags'] == "") 31 | { 32 | $query = "SELECT pcount, last_update FROM $post_count_table WHERE access_key='posts'"; 33 | $result = $db->query($query); 34 | $row = $result->fetch_assoc(); 35 | $numrows = $row['pcount']; 36 | $date = date("Ymd"); 37 | if($row['last_update'] < $date) 38 | { 39 | $query = "SELECT COUNT(id) FROM posts WHERE parent = '0'"; 40 | $result = $db->query($query); 41 | $row = $result->fetch_assoc(); 42 | $numrows = $row['COUNT(id)']; 43 | $query = "UPDATE $post_count_table SET pcount='".$row['COUNT(id)']."', last_update='$date' WHERE access_key='posts'"; 44 | $db->query($query); 45 | } 46 | } 47 | else 48 | { 49 | //Searched some tag, deal with page caching of html files. 50 | $tags = $db->real_escape_string(str_replace("%",'',mb_trim(htmlentities($_GET['tags'], ENT_QUOTES, 'UTF-8')))); 51 | $tags = explode(" ",$tags); 52 | $tag_count = count($tags); 53 | $new_tag_cache = urldecode($tags[0]); 54 | ob_start(); // XXX Weird bug where "new misc();" causes 4 tabs to be output? 55 | $misc = new misc(); 56 | ob_end_clean(); 57 | if(strpos(strtolower($new_tag_cache),"parent:") === false && strpos(strtolower($new_tag_cache),"user:") === false && strpos(strtolower($new_tag_cache),"rating:") === false && strpos($new_tag_cache,"*") === false) 58 | $new_tag_cache = $misc->windows_filename_fix($new_tag_cache); 59 | if($tag_count > 1 || !is_dir("$main_cache_dir".""."api_cache/".$new_tag_cache."/") || !file_exists("$main_cache_dir".""."api_cache/".$new_tag_cache."/".$page.".json") || strpos(strtolower($new_tag_cache),"all") !== false || strpos(strtolower($new_tag_cache),"user:") !== false || strpos(strtolower($new_tag_cache),"rating:") !== false || substr($new_tag_cache,0,1) == "-" || strpos(strtolower($new_tag_cache),"*") !== false || strpos(strtolower($new_tag_cache),"parent:") !== false) 60 | { 61 | if(!is_dir("$main_cache_dir".""."api_cache/")) 62 | @mkdir("$main_cache_dir".""."api_cache"); 63 | $search = new search(); 64 | $query = $search->prepare_tags(implode(" ",$tags)); 65 | $result = $db->query($query) or die($db->error); 66 | $numrows = $result->num_rows; 67 | $result->free_result(); 68 | if($tag_count > 1 || strtolower($new_tag_cache) == "all" || strpos(strtolower($new_tag_cache),"user:") !== false || strpos(strtolower($new_tag_cache),"rating:") !== false || substr($new_tag_cache,0,1) == "-" || strpos(strtolower($new_tag_cache),"*") !== false || strpos(strtolower($new_tag_cache),"parent:") !== false) 69 | $no_cache = false; 70 | else 71 | { 72 | if(!is_dir("$main_cache_dir".""."api_cache/".$new_tag_cache."/")) 73 | @mkdir("$main_cache_dir".""."api_cache/".$new_tag_cache."/"); 74 | $no_cache = true; 75 | } 76 | } 77 | else 78 | { 79 | if(!is_dir("$main_cache_dir".""."api_cache/")) 80 | mkdir("$main_cache_dir".""."api_cache"); 81 | $tags = $new_tag_cache; 82 | $no_cache = true; 83 | if(is_dir("$main_cache_dir".""."api_cache/".$tags."/") && file_exists("$main_cache_dir".""."api_cache/".$tags."/".$page.".".$api_type)) 84 | { 85 | $data = $cache->load("api_cache/".$tags."/".$page.".".$api_type); 86 | echo $data; 87 | $numrows = 1; 88 | $no_cache = false; 89 | } 90 | } 91 | } 92 | //No images found 93 | if($numrows == 0) 94 | if ($api_type == 'json') { 95 | print '{"offset":"'.$page.'","count":"0",posts":[]}'; 96 | } 97 | else 98 | { 99 | print ''; 100 | } 101 | else 102 | { 103 | if(!isset($_GET['tags']) || isset($_GET['tags']) && $_GET['tags'] == "all" || isset($_GET['tags']) && $_GET['tags'] == "") 104 | $query = "SELECT * FROM $post_table WHERE parent = '0' ORDER BY id DESC LIMIT $page, $limit"; 105 | else 106 | { 107 | if($no_cache === true || $tag_count > 1 || strpos(strtolower($new_tag_cache),"user:") !== false || strpos(strtolower($new_tag_cache),"rating:") !== false || substr($new_tag_cache,0,1) == "-" || strpos(strtolower($new_tag_cache),"*") !== false || strpos(strtolower($new_tag_cache),"parent:") !== false) 108 | $query = $query." LIMIT $page, $limit"; 109 | } 110 | if(!isset($_GET['tags']) || $no_cache === true || $tag_count > 1 || strtolower($_GET['tags']) == "all" || strpos(strtolower($new_tag_cache),"user:") !== false || strpos(strtolower($new_tag_cache),"rating:") !== false || substr($new_tag_cache,0,1) == "-" || strpos(strtolower($new_tag_cache),"*") !== false || strpos(strtolower($new_tag_cache),"parent:") !== false) 111 | { 112 | if($no_cache === true) 113 | ob_start(); 114 | 115 | $result = $db->query($query) or die($db->error); 116 | 117 | if ($api_type == 'json') 118 | { 119 | header('Content-type: application/json'); 120 | $posts = array(); 121 | 122 | $i = 0; 123 | while($row = $result->fetch_assoc()) 124 | { 125 | $posts[$i++] = createPostObject($row); 126 | } 127 | $postsArr = array('offset' => $page, 'count' => $numrows, 'posts' => $posts); 128 | $result->free_result(); 129 | 130 | echo json_encode($postsArr); 131 | } 132 | else 133 | { 134 | header('Content-type: text/xml'); 135 | $posts = ''."\r\n"; 136 | while($row = $result->fetch_assoc()) 137 | { 138 | $posts .= createPostXML($row); 139 | } 140 | $posts .= ''; 141 | echo $posts; 142 | } 143 | } 144 | //Cache doesn't exist for search, make one. 145 | if($no_cache === true) 146 | { 147 | $data = ob_get_contents(); 148 | ob_end_flush(); 149 | if($new_tag_cache != "") 150 | { 151 | if(!is_dir("$main_cache_dir".""."api_cache/".$new_tag_cache)) 152 | @mkdir("$main_cache_dir".""."api_cache/".$new_tag_cache); 153 | $cache->save("api_cache/".$new_tag_cache."/".$page.".".$api_type,$data); 154 | } 155 | } 156 | } 157 | ?> -------------------------------------------------------------------------------- /includes/history.php: -------------------------------------------------------------------------------- 1 | real_escape_string($_GET['type']); 8 | $id = $db->real_escape_string($_GET['id']); 9 | $pid = $db->real_escape_string($_GET['pid']); 10 | if($type == "note") 11 | { 12 | header("Cache-Control: store, cache"); 13 | header("Pragma: cache"); 14 | require "includes/header.php"; 15 | $pid = $db->real_escape_string($_GET['pid']); 16 | $query = "SELECT updated_at, user_id, version, body FROM $note_history_table where id='$id' AND post_id='$pid' ORDER BY version DESC"; 17 | $result = $db->query($query); 18 | $count = $result->num_rows; 19 | while($row = $result->fetch_assoc()) 20 | { 21 | $ret = "SELECT user FROM $user_table WHERE id='".$row['user_id']."'"; 22 | $set = $db->query($ret); 23 | $retme = $set->fetch_assoc(); 24 | if($retme['user'] == "" || $retme['user'] == null) 25 | $user = "Anonymous"; 26 | else 27 | $user = $retme['user']; 28 | $set->free_result(); 29 | echo ''.$pid.' '.$id.''.$row['body'].' '.$user.' '.$row['updated_at'].' Revert

'; 30 | } 31 | $result->free_result(); 32 | if($count <= 0) 33 | echo '

This note has no history!

'; 34 | } 35 | else if($type == "page_notes") 36 | { 37 | header("Cache-Control: store, cache"); 38 | header("Pragma: cache"); 39 | require "includes/header.php"; 40 | print ' 41 | '; 42 | $query = "SELECT id, updated_at, user_id, version, body FROM $note_history_table where post_id='$id' ORDER BY id,version DESC"; 43 | $result = $db->query($query); 44 | $count = $result->num_rows; 45 | while($row = $result->fetch_assoc()) 46 | { 47 | $ret = "SELECT user FROM $user_table WHERE id='".$row['user_id']."'"; 48 | $set = $db->query($ret); 49 | $retme = $set->fetch_assoc(); 50 | if($retme['user'] == "" || $retme['user'] == null) 51 | $user = "Anonymous"; 52 | else 53 | $user = $retme['user']; 54 | $set->free_result(); 55 | echo ''; 56 | } 57 | print "
PostDateUserBodyOptions
'.$id.''.$row['updated_at'].''.$user.''.$row['body'].'Revert
"; 58 | $result->free_result(); 59 | if($count <= 0) 60 | echo '

This post has no note history!

'; 61 | } 62 | else if($type == "tag_history") 63 | { 64 | header("Cache-Control: store, cache"); 65 | header("Pragma: cache"); 66 | require "includes/header.php"; 67 | $query = "SELECT tags, version, user_id, updated_at FROM $tag_history_table WHERE id='$id' AND active='1' ORDER BY total_amount DESC"; 68 | $result = $db->query($query) or die($db->error); 69 | $count = $result->num_rows; 70 | print ' 71 | '; 72 | while($row = $result->fetch_assoc()) 73 | { 74 | $ret = "SELECT user FROM $user_table WHERE id='".$row['user_id']."'"; 75 | $set = $db->query($ret); 76 | $retme = $set->fetch_assoc(); 77 | if($retme['user'] == "" || $retme['user'] == null) 78 | $user = "Anonymous"; 79 | else 80 | $user = htmlentities($retme['user'], ENT_QUOTES, 'UTF-8'); 81 | echo ''; 82 | } 83 | print "
PostDateUserTagsOptions
'.$id.''.$row['updated_at'].''.$user.''.$row['tags'].'Revert
"; 84 | $result->free_result(); 85 | if($count <= 0) 86 | echo '

This post has no tag history!

'; 87 | } 88 | else if($type == "revert") 89 | { 90 | if($userc->gotpermission('reverse_notes')) 91 | { 92 | $pid = $db->real_escape_string($_GET['pid']); 93 | $version = $db->real_escape_string($_GET['version']); 94 | $query = "SELECT updated_at, x, y, width, height, body, user_id, ip FROM $note_history_table WHERE id='$id' AND post_id='$pid' AND version='$version'"; 95 | $result = $db->query($query); 96 | $row = $result->fetch_assoc(); 97 | $query = "UPDATE $note_table SET updated_at='".$row['updated_at']."', x='".$row['x']."', y='".$row['y']."', width='".$row['width']."', height='".$row['height']."', body='".$row['body']."', user_id='".$row['user_id']."', ip='".$row['ip']."', version='$version' WHERE id='$id' AND post_id='$pid'"; 98 | $result->free_result(); 99 | $db->query($query); 100 | $query = "DELETE FROM $note_history_table WHERE id='$id' AND post_id='$pid' AND version >= '$version'"; 101 | $db->query($query); 102 | $cache->destroy("cache/".$id."/post.cache"); 103 | header("Location:index.php?page=post&s=view&id=$pid"); 104 | } 105 | header("Location:index.php?page=post&s=view&id=$pid"); 106 | } 107 | else if($type == "revert_tags") 108 | { 109 | $version = $db->real_escape_string($_GET['version']); 110 | if($userc->gotpermission('reverse_tags')) 111 | { 112 | $misc = new misc(); 113 | $query = "SELECT t1.tags, t2.tags AS t2_tags FROM $tag_history_table AS t1 JOIN $post_table AS t2 ON t2.id='$id' WHERE t1.id='$id' AND t1.version='$version'"; 114 | $result = $db->query($query) or die($db->error); 115 | $row = $result->fetch_assoc(); 116 | $tmp = explode(" ",mb_trim($row['t2_tags'])); 117 | foreach($tmp as $current) 118 | { 119 | if(is_dir("$main_cache_dir".""."\search_cache/".$misc->windows_filename_fix($current)."/") && $current != "") 120 | $cache->destroy_page_cache("search_cache/".$misc->windows_filename_fix($current)."/"); 121 | $tclass->deleteindextag($current); 122 | } 123 | $tmp = explode(" ",mb_trim($row['tags'])); 124 | foreach($tmp as $current) 125 | { 126 | if(is_dir("$main_cache_dir".""."\search_cache/".$current."/") && $current != "") 127 | $cache->destroy_page_cache("search_cache/".$current."/"); 128 | $tclass->addindextag($current); 129 | } 130 | 131 | $query = "UPDATE $post_table SET tags='".$row['tags']."', recent_tags='".$row['tags']."', tags_version='$version' WHERE id='$id'"; 132 | $result->free_result(); 133 | $db->query($query); 134 | $query = "UPDATE $tag_history_table SET active='0' WHERE id='$id' AND version > '$version'"; 135 | $db->query($query); 136 | $cache->destroy("cache/".$id."/post.cache"); 137 | header("Location:index.php?page=post&s=view&id=$id"); 138 | } 139 | else 140 | header("Location:index.php?page=post&s=view&id=$id"); 141 | } 142 | } 143 | else 144 | header("Location:index.php"); 145 | ?> -------------------------------------------------------------------------------- /admin/edit_group_permission.php: -------------------------------------------------------------------------------- 1 | gotpermission('is_admin')) 6 | { 7 | header('Location: ../'); 8 | exit; 9 | } 10 | if(isset($_GET['delete']) && is_numeric($_GET['delete'])) 11 | { 12 | $del_id = $db->real_escape_string($_GET['delete']); 13 | $query = "DELETE FROM $group_table WHERE id ='$del_id'"; 14 | $db->query($query); 15 | 16 | } 17 | if(isset($_POST['check']) && $_POST['check'] == 1) 18 | { 19 | (isset($_POST['delete_posts']) && $_POST['delete_posts'] == true) ? $dposts = "TRUE" : $dposts = "FALSE"; 20 | (isset($_POST['delete_comments']) && $_POST['delete_comments'] == true) ? $dcomments = "TRUE" : $dcomments = "FALSE"; 21 | (isset($_POST['admin_panel']) && $_POST['admin_panel'] == true) ? $apanel = "TRUE" : $apanel = "FALSE"; 22 | (isset($_POST['is_default']) && $_POST['is_default'] == true) ? $is_default = "TRUE" : $is_default = "FALSE"; 23 | (isset($_POST['rnotes']) && $_POST['rnotes'] == true) ? $rnotes = "TRUE" : $rnotes = "FALSE"; 24 | (isset($_POST['rtags']) && $_POST['rtags'] == true) ? $rtags = "TRUE" : $rtags = "FALSE"; 25 | (isset($_POST['fposts']) && $_POST['fposts'] == true) ? $fposts = "TRUE" : $fposts = "FALSE"; 26 | (isset($_POST['ftopics']) && $_POST['ftopics'] == true) ? $ftopics = "TRUE" : $ftopics = "FALSE"; 27 | (isset($_POST['flock']) && $_POST['flock'] == true) ? $flock = "TRUE" : $flock = "FALSE"; 28 | (isset($_POST['fedit']) && $_POST['fedit'] == true) ? $fedit = "TRUE" : $fedit = "FALSE"; 29 | (isset($_POST['fpin']) && $_POST['fpin'] == true) ? $fpin = "TRUE" : $fpin = "FALSE"; 30 | (isset($_POST['anotes']) && $_POST['anotes'] == true) ? $anotes = "TRUE" : $anotes = "FALSE"; 31 | (isset($_POST['cupload']) && $_POST['cupload'] == true) ? $cupload = "TRUE" : $cupload = "FALSE"; 32 | (isset($_POST['iadmin']) && $_POST['iadmin'] == true) ? $iadmin = "TRUE" : $iadmin = "FALSE"; 33 | if($is_default == "TRUE") 34 | { 35 | $query = "UPDATE $group_table SET default_group=FALSE"; 36 | $db->query($query); 37 | } 38 | $query = "UPDATE $group_table SET delete_posts=$dposts, delete_comments=$dcomments, admin_panel=$apanel, default_group=$is_default, reverse_notes=$rnotes, reverse_tags=$rtags, delete_forum_posts=$fposts, delete_forum_topics=$ftopics, lock_forum_topics=$flock, edit_forum_posts=$fedit, pin_forum_topics=$fpin, alter_notes=$anotes, can_upload=$cupload, is_admin=$iadmin WHERE id='".$db->real_escape_string($_POST['group'])."'"; 39 | 40 | if($db->query($query)) 41 | print "Permissions edited."; 42 | else 43 | print "Failed to edit permissions."; 44 | } 45 | if(isset($_POST['group_name']) && $_POST['group_name'] != "") 46 | { 47 | $gname = $db->real_escape_string($_POST['group_name']); 48 | $query = "SELECT * FROM $group_table WHERE id='$gname'"; 49 | $result = $db->query($query); 50 | $row = $result->fetch_assoc(); 51 | ?> 52 |
53 |
54 | 57 | 61 | 65 | 69 | 73 | 77 | 81 | 85 | 89 | 93 | 97 | 101 | 105 | 109 | 113 | 116 | 119 |
55 | Group:
56 |
58 | Members of this group can delete posts?
59 | /> 60 |
62 | Members of this group can delete comments?
63 | /> 64 |
66 | Members of this group can access admin panel?
67 | /> 68 |
70 | Default group? (group assigned to members on sign up.)
71 | /> 72 |
74 | Members of this group can revert notes?
75 | /> 76 |
78 | Members of this group can revert tags?
79 | /> 80 |
82 | Members of this group can delete forum posts?
83 | /> 84 |
86 | Members of this group can delete forum topics?
87 | /> 88 |
90 | Members of this group can lock forum topics?
91 | /> 92 |
94 | Members of this group can edit all forum posts?
95 | /> 96 |
98 | Members of this group can pin forum topics?
99 | /> 100 |
102 | Members of this group can alter, create and remove notes?
103 | /> 104 |
106 | Members of this group can upload new posts?
107 | /> 108 |
110 | Members of this group is an admin? Be careful with this! Make sure it is unchecked unless you want this account to be admin!
111 | /> 112 |
114 | 115 |
117 | 118 |
120 | 121 |
122 |
123 | 124 |
125 | If you are deleting a group, make sure there are no users in it or they will not have a group assigned to their account and a lot of stuff will break. 126 |
127 | Delete Group! (NO UNDO OR CONFIRMATION!) 128 |
129 | 134 | 154 |
135 | Group name:
136 |
155 | 156 |
157 | '; 158 | } 159 | ?> -------------------------------------------------------------------------------- /classes/search.class.php: -------------------------------------------------------------------------------- 1 | real_escape_string($search); 13 | $tags = ''; 14 | $aliased_tags = ''; 15 | $original_tags = ''; 16 | $parent = ''; 17 | $ttags = explode(" ",$search); 18 | $g_rating = ''; 19 | $g_owner = ''; 20 | $g_score = ''; 21 | $g_tags = ''; 22 | $g_parent = ''; 23 | 24 | foreach($ttags as $current) 25 | { 26 | if(strpos(strtolower($current),'parent:') !== false) 27 | { 28 | $g_parent = str_replace("parent:","",$current); 29 | $parent = " AND id='$g_parent'"; 30 | if(!is_numeric($g_parent)) 31 | $g_parent = ''; 32 | else 33 | $g_parent = " AND parent='$g_parent'"; 34 | $current = ''; 35 | } 36 | if($current != "" && $current != " ") 37 | { 38 | $len = strlen($current); 39 | $count = substr_count($current, '*', 0, $len); 40 | if(($len - $count) >= 2) 41 | { 42 | if(strpos(strtolower($current),'rating:') !== false) 43 | { 44 | $rating = str_replace('rating:','',$current); 45 | if(substr($current,0,1) == "-") 46 | { 47 | $rating = substr($rating,1,strlen($rating)-1); 48 | $rating = ucfirst(strtolower($rating)); 49 | $g_rating .= " AND rating != '$rating'"; 50 | } 51 | else 52 | { 53 | $rating = ucfirst(strtolower($rating)); 54 | $g_rating .= " AND rating = '$rating'"; 55 | } 56 | } 57 | else if(strpos(strtolower($current),'user:') !== false) 58 | { 59 | $owner = str_replace('user:','',$current); 60 | if(substr($current,0,1) == "-") 61 | { 62 | $owner = substr($owner,1,strlen($owner)-1); 63 | $g_owner = " AND owner != '$owner'"; 64 | } 65 | else 66 | $g_owner = " AND owner = '$owner'"; 67 | } 68 | else if(strpos(strtolower($current),'score:') !== false) 69 | { 70 | $score = str_replace('score:','',$current); 71 | $score = htmlspecialchars_decode($score); 72 | $op = substr($score,0,1); 73 | switch ($op) 74 | { 75 | case '<': 76 | case '>': 77 | case '=': 78 | $score = substr($score, 1); 79 | break; 80 | default: 81 | $op = '='; 82 | } 83 | $score = (int) $score; 84 | $g_score = " AND score $op $score"; 85 | } 86 | else 87 | { 88 | $g_tags .= $this->parse_tag($current); 89 | } 90 | } 91 | } 92 | } 93 | $blacklist = $this->blacklist_fragment(); 94 | if($g_tags != "") 95 | { 96 | if($g_parent != "") 97 | $parent_patch = "OR (MATCH(tags) AGAINST('$g_tags' IN BOOLEAN MODE)>0.9) $parent $g_owner $g_score $g_rating"; 98 | else 99 | $parent_patch = " AND parent='0'"; 100 | $neg_search = !strpos($g_tags,"+"); 101 | if ($neg_search) { 102 | $g_tags = preg_replace("/\-/", "", $g_tags); 103 | $query = "SELECT id, image, directory, score, rating, tags, owner FROM $post_table WHERE NOT (MATCH(tags) AGAINST('$g_tags' IN BOOLEAN MODE)>0.9) $g_parent $g_owner $g_score $g_rating $blacklist $parent_patch ORDER BY id DESC"; 104 | } else { 105 | $query = "SELECT id, image, directory, score, rating, tags, owner FROM $post_table WHERE (MATCH(tags) AGAINST('$g_tags' IN BOOLEAN MODE)>0.9) $g_parent $g_owner $g_score $g_rating $blacklist $parent_patch ORDER BY id DESC"; 106 | } 107 | } 108 | else if($g_parent != "" || $g_owner != "" || $g_rating != "" || $g_score != "") 109 | { 110 | if($g_parent != "") 111 | { 112 | $g_parent = str_replace('AND',"",$g_parent); 113 | $parent = substr($parent,4,strlen($parent)); 114 | $parent_patch = "OR $parent $g_owner $g_score $g_rating"; 115 | } 116 | else if($g_owner != "") 117 | $g_owner = str_replace('AND',"",$g_owner); 118 | else if($g_rating != "") 119 | $g_rating = substr($g_rating,4,strlen($g_rating)); 120 | else if($g_score != "") 121 | $g_score = str_replace('AND',"",$g_score); 122 | else if($blacklist != "") 123 | $blacklist = str_replace('AND',"",$blacklist); 124 | if($g_parent == "") 125 | $parent_patch = " AND parent='0'"; 126 | $query = "SELECT id, image, directory, score, rating, tags, owner FROM $post_table WHERE $g_parent $g_owner $g_score $g_rating $blacklist $parent_patch ORDER BY id DESC"; 127 | } 128 | else 129 | { 130 | $count = substr_count($search, '*', 0, strlen($search)); 131 | if(strlen($search)-$count > 0) 132 | { 133 | $res = str_replace("*","",$search); 134 | $query = "SELECT * FROM $post_table WHERE tags LIKE '% $res %' ORDER BY id DESC"; 135 | } 136 | else 137 | $query = "SELECT * FROM $post_table ORDER BY id DESC"; 138 | } 139 | return $query; 140 | } 141 | 142 | function parse_tag($tag) 143 | { 144 | $tclass = new tag(); 145 | if(substr($tag,0,1) == "-") 146 | { 147 | $tag = substr($tag,1,strlen($tag)-1); 148 | $wildcard = strpos($tag,"*"); 149 | $alias = $tclass->alias($tag); 150 | if($alias !== false) 151 | { 152 | if($wildcard === false) 153 | { 154 | return ' -" '.$alias.' "'.' -" '.$tag.' "'; 155 | } 156 | else 157 | { 158 | return ' - '.$alias.' '.' - '.$tag.' '; 159 | } 160 | } 161 | else 162 | { 163 | if($wildcard == false) 164 | return ' -" '.$tag.' "'; 165 | else 166 | return ' - '.$tag.' '; 167 | } 168 | } 169 | else if(substr($tag,0,1) == "~") 170 | { 171 | $tag = substr($tag,1,strlen($tag)-1); 172 | $alias = $tclass->alias($tag); 173 | if($alias !== false) 174 | { 175 | return " $alias $tag"; 176 | } 177 | else 178 | return " $tag"; 179 | } 180 | else 181 | { 182 | $wildcard = strpos($tag,"*"); 183 | $alias = $tclass->alias($tag); 184 | if($alias !== false) 185 | { 186 | if($wildcard == false) 187 | return ' +" '.$alias.' "'; 188 | else 189 | return ' + '.$alias.' '; 190 | } 191 | else 192 | { 193 | if($wildcard === false) 194 | return ' +" '.$tag.' "'; 195 | else 196 | return ' + '.$tag.' '; 197 | } 198 | } 199 | } 200 | 201 | function blacklist_fragment() 202 | { 203 | global $db; 204 | $g_owner = ""; 205 | $blacklist = ""; 206 | if(isset($_COOKIE['tag_blacklist']) && $_COOKIE['tag_blacklist'] != "") 207 | { 208 | $tag_blacklist = $db->real_escape_string(str_replace('\',"\\",str_replace("'","'",str_replace("%20"," ",$_COOKIE['tag_blacklist'])))); 209 | $tags = explode(' ', $tag_blacklist); 210 | foreach ($tags as $tag) 211 | { 212 | $blacklist .= str_replace('+', '', $this->parse_tag($tag)); 213 | } 214 | } 215 | 216 | if(isset($_COOKIE['user_blacklist']) && $_COOKIE['user_blacklist'] != "") 217 | { 218 | $user_blacklist = $db->real_escape_string(str_replace('\',"\\",str_replace("'","'",str_replace("%20"," ",$_COOKIE['user_blacklist'])))); 219 | 220 | $users = explode(' ', $user_blacklist); 221 | foreach ($users as $user) 222 | $g_owner .= " AND owner != '$user'"; 223 | } 224 | 225 | if ($blacklist == "") 226 | return $g_owner; 227 | return "AND NOT (MATCH(tags) AGAINST('$blacklist' IN BOOLEAN MODE)>0.9) $g_owner"; 228 | } 229 | 230 | function search_tags_count($search) 231 | { 232 | global $post_table; 233 | $date = date("Ymd"); 234 | $query = "SELECT COUNT(*) FROM $post_table".$search; 235 | return $query; 236 | } 237 | 238 | function search_tags($search,$condition) 239 | { 240 | global $post_table; 241 | $date = date("Ymd"); 242 | $query = "SELECT id, image, directory, score, rating, tags, owner FROM $post_table".$search.$condition; 243 | return $query; 244 | } 245 | } 246 | ?> --------------------------------------------------------------------------------