ons http://www.oscommerce.com Copyright (c) 2003 osCommerce Released under the GNU General Public License */ require('includes/application_top.php'); // redirect the customer to a friendly cookie-must-be-enabled page if cookies are disabled (or the session has not started) if ($session_started == false) { tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE)); } require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN); $error = false; if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) { $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']); $password = tep_db_prepare_input($HTTP_POST_VARS['password']); // Check if email exists $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'"); if (!tep_db_num_rows($check_customer_query)) { $error = true; } else { $check_customer = tep_db_fetch_array($check_customer_query); // Check that password is good if (!tep_validate_password($password, $check_customer['customers_password'])) { $error = true; } else { if (SESSION_RECREATE == 'True') { tep_session_recreate(); } $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$check_customer['customers_id'] . "' and address_book_id = '" . (int)$check_customer['customers_default_address_id'] . "'"); $check_country = tep_db_fetch_array($check_country_query); $customer_id = $check_customer['customers_id']; $customer_default_address_id = $check_customer['customers_default_address_id']; $customer_first_name = $check_customer['customers_firstname']; $customer_country_id = $check_country['entry_country_id']; $customer_zone_id = $check_country['entry_zone_id']; tep_session_register('customer_id'); tep_session_register('customer_default_address_id'); tep_session_register('customer_first_name'); tep_session_register('customer_country_id'); tep_session_register('customer_zone_id'); tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int)$customer_id . "'"); // restore cart contents $cart->restore_contents(); if (sizeof($navigation->snapshot) > 0) { $origin_href = tep_href_link($navigation->snapshot['page'], tep_arnction searchHistory($where, $sbsearchtext, $results, $style, $timeframe, $order) { include("config.php"); global $db, $user, $cookie, $prefix, $username, $AvatarFound; include("header.php"); cookiedecode($user); $username = $cookie[1]; if ($username == "") { $username = "Anonymous"; } if (is_user($user)) { $username = $cookie[1]; if ($username != '') { $sqlF = "SELECT user_timezone, user_dateformat from ".$prefix."_users WHERE username='$username'"; $resultF = $db->sql_query($sqlF); $userSetup = $db->sql_fetchrow($resultF); } } $sql = "select * from ".$prefix."_shoutbox_date"; $resultD = $db->sql_query($sql); $rowD = $db->sql_fetchrow($resultD); // search form OpenTable(); showSearchBox($sbsearchtext, $where, $style, $results, $timeframe, $order); echo "\n"; echo "

"; CloseTable(); echo "
"; // show results OpenTable(); if ($results > 50) { $results = 50; } if ($results < 10) { $results = 10; } echo "\n"; echo "\n"; //echo "\n"; // build SQL query based on user choices //$sql = "select * from ".$prefix."_shoutbox_shouts WHERE name='$sbsearchtext' ORDER BY id desc LIMIT $results"; // search by Nicknames only if ($where == 'Nicknames') { $SearchArray = explode(" ",$sbsearchtext); $c = count($SearchArray); $d = 0; $sql = "select * from ".$prefix."_shoutbox_shouts WHERE name"; foreach($SearchArray as $SearchPart) { $d++; if ($style == 'Exact') { $sql .= "='".$SearchPart."'"; } else { $sql .= " LIKE '%".$SearchPart."%'"; } if ($d < $c) { $sql .= " OR name"; } } } elseif ($where == 'Both') { // search by Nicknames and Shouts if ($style == 'Exact') { $sql = "select * from ".$prefix."_shoutbox_shouts WHERE name='$sbsearchtext' OR comment='$sbsearchtext'"; } else { $SearchArray = explode(" ",$sbsearchtext); $c = count($SearchArray); $d = 0; $sql = "select * from ".$prefix."_shoutbox_shouts WHERE name"; foreach($SearchArray as $SearchPart) { $d++; $sql .= " LIKE '%".$SearchPart."%' OR comment LIKE '%".$SearchPart."%'"; if ($d < $c) { $sql .= " OR name"; } } } } else { // search by Shouts only if ($style == 'Exact') { $sql = "select * from ".$prefix."_shoutbox_shouts WHERE comment LIKE '%".$sbsearchtext."%'"; } else { $SearchArray = explode(" ",$sbsearchtext); $c = count($SearchArray); $d = 0; $sql = "select * from ".$prefix."_shoutbox_shouts WHERE comment"; foreach($SearchArray as $SearchPart) { $d++; $sql .= " LIKE '%".$SearchPart."%'"; if ($d < $c) { $sql .= " AND comment"; } } } } if (($order == '') OR ($order == 'newest')) { $sql .= " ORDER BY id desc"; } else { $sql .= " ORDER BY id asc"; } $sql .= " LIMIT $results"; // end building SQL query $result = $db->sql_query($sql); $numrows = $db->sql_numrows($result); if ($numrows > 0) { $sqlz = "select * from ".$prefix."_shoutbox_conf"; $resultz = $db->sql_query($sqlz); $conf = $db->sql_fetchrow($resultz); $post = 0; $loop = 0; $flag = 1; $ThemeSel = get_theme(); $sql = "select * from ".$prefix."_shoutbox_themes WHERE themeName='$ThemeSel'"; $resultT = $db->sql_query($sql); $rowColor = $db->sql_fetchrow($resultT); while ($row = $db->sql_fetchrow($result)) { if ($flag == 1) { $bgcolor = $rowColor['menuColor1']; } if ($flag == 2) { $bgcolor = $rowColor['menuColor2']; } $comment = str_replace('src=', 'src="', $row['comment']); $comment = str_replace('.gif>', '.gif" alt="" />', $comment); $comment = str_replace('.jpg>', '.jpg" alt="" />', $comment); $comment = str_replace('.png>', '.png" alt="" />', $comment); $comment = str_replace('.bmp>', '.bmp" alt="" />', $comment); // BB code [b]word[/b] [i]word[/i] [u]word[/u] if ((eregi("[b]", $comment)) AND (eregi("[/b]", $comment)) AND (substr_count("$comment","[b]") == substr_count("$comment","[/b]"))) { $comment = eregi_replace("\[b\]","","$comment"); $comment = eregi_replace("\[\/b\]","","$comment"); } if ((eregi("[i]", $comment)) AND (eregi("[/i]", $comment)) AND (substr_count("$comment","[i]") == substr_count("$comment","[/i]"))) { $comment = eregi_replace("\[i\]","","$comment"); $comment = eregi_replace("\[\/i\]","","$comment"); } if ((eregi("[u]", $comment)) AND (eregi("[/u]", $comment)) AND (substr_count("$comment","[u]") == substr_count("$comment","[/u]"))) { $comment = eregi_replace("\[u\]","","$comment"); $comment = eregi_replace("\[\/u\]","","$comment"); } $sqlN = "SELECT * FROM ".$prefix."_users WHERE username='$row[name]'"; $nameresultN = $db->sql_query($sqlN); $rowN = $db->sql_fetchrow($nameresultN); // Disallow Anonymous users from seeing links to users' accounts if ($username == "Anonymous") { if (($rowN['user_avatar']) && ($rowN['user_avatar'] != "blank.gif") && ($rowN['user_avatar'] != "gallery/blank.gif") && (stristr($rowN['user_avatar'],'.') == TRUE)) { echo "\n"; } else { echo "\n"; } } else { // check to see if nickname is a user in the DB and not Anonymous if (($rowN) && ($rowN['username'] != "Anonymous")) { if (($rowN['user_avatar']) && ($rowN['user_avatar'] != "blank.gif") && ($rowN['user_avatar'] != "gallery/blank.gif") && (stristr($rowN['user_avatar'],'.') == TRUE)) { echo "\n"; } else { echo "\n"; } } else { echo "\n"; } } if ($flag == 1) { $flag = 2; } elseif ($flag == 2) { $flag =1; } } } else { echo ""; } echo "

"._SEARCHRESULTS."

$\"\"$

"._SEARCHRESULTS."

"; echo ""; echo "

"; $row_avatar = $rowN['user_avatar']; $av_found = findAvatar($row_avatar); echo "$av_found"; echo "

"; echo "$row[name]: $comment"; if ($conf['date'] == "yes") { if ($row['timestamp'] != '') { // reads unix timestamp and formats it to the viewer's timezone if (is_user($user)) { // time adjustment for following user's timezone $displayTime = $userSetup['user_timezone'] - $conf['serverTimezone']; $displayTime = $displayTime * 3600; $newTimestamp = $row['timestamp'] + $displayTime; $unixTime = date("$userSetup[user_dateformat]", $newTimestamp); echo "
$unixTime"; } else { // adjustmet for timezone offset $displayTime = $conf['timeOffset'] * 3600; $newTimestamp = $row['timestamp'] + $displayTime; $unixDay = date("$rowD[date]", $newTimestamp); $unixTime = date("$rowD[time]", $newTimestamp); echo "
$unixDay $unixTime"; } } else { echo "
$row[date] $row[time]"; } } echo "

"; echo "

"; echo ""; echo "

"; $row_avatar = $rowN['user_avatar']; $av_found = findAvatar($row_avatar); echo "$av_found"; echo "

$row[name]: $comment
"; if ($conf['date'] == "yes") { if ($row['timestamp'] != '') { // reads unix timestamp and formats it to the viewer's timezone if (is_user($user)) { // time adjustment for following user's timezone $displayTime = $userSetup['user_timezone'] - $conf['serverTimezone']; $displayTime = $displayTime * 3600; $newTimestamp = $row['timestamp'] + $displayTime; $unixTime = date("$userSetup[user_dateformat]", $newTimestamp); echo "$unixTime"; } else { // adjustmet for timezone offset $displayTime = $conf['timeOffset'] * 3600; $newTimestamp = $row['timestamp'] + $displayTime; $unixDay = date("$rowD[date]", $newTimestamp); $unixTime = date("$rowD[time]", $newTimestamp); echo "$unixDay $unixTime"; } } else { echo "$row[date] $row[time]"; } } // registered users edit/delete posts if (($conf['delyourlastpost'] == "yes") && ($username == $row['name'])) { echo " [ "._EDIT." | "._DELETE." ]"; } echo "

"; echo "

"; echo "$row[name]: $comment
"; if ($conf['date'] == "yes") { if ($row['timestamp'] != '') { // reads unix timestamp and formats it to the viewer's timezone if (is_user($user)) { // time adjustment for following user's timezone $displayTime = $userSetup['user_timezone'] - $conf['serverTimezone']; $displayTime = $displayTime * 3600; $newTimestamp = $row['timestamp'] + $displayTime; $unixTime = date("$userSetup[user_dateformat]", $newTimestamp); echo "$unixTime"; } else { // adjustmet for timezone offset $displayTime = $conf['timeOffset'] * 3600; $newTimestamp = $row['timestamp'] + $displayTime; $unixDay = date("$rowD[date]", $newTimestamp); $unixTime = date("$rowD[time]", $newTimestamp); echo "$unixDay $unixTime"; } } else { echo "$row[date] $row[time]"; } } // registered users edit/delete posts if (($conf['delyourlastpost'] == "yes") && ($username == $row['name'])) { echo " [ "._EDIT." | "._DELETE." ]"; } echo "

\n"; echo "

"._NORESULTS."

"; CloseTable(); include("footer.php"); } function showSearchBox($sbsearchtext, $where, $style, $results, $timeframe, $order) { echo "

\n"; echo "\n"; echo "\n"; //echo "\n"; echo "

"._SEARCHBOX."

$\"\"$

"._SEARCHBOX."

"; if (($where == 'Shouts') OR ($where == '')) { $wSEL1 = " selected=\"selected\""; } else { $wSEL1 = ""; } if ($where == 'Nicknames') { $wSEL2 = " selected=\"selected\""; } else { $wSEL2 = ""; } if ($where == 'Both') { $wSEL3 = " selected=\"selected\""; } else { $wSEL3 = ""; } echo " "; if (($style == 'Exact') OR ($style == '')) { $sSEL1 = " selected=\"selected\""; } else { $sSEL1 = ""; } if ($style == 'Any') { $sSEL2 = " selected=\"selected\""; } else { $sSEL2 = ""; } echo " "; if (($results == 10) OR ($results == '')) { $rSEL10 = " selected=\"selected\""; } else { $rSEL10 = ""; } if ($results == 20) { $rSEL20 = " selected=\"selected\""; } else { $rSEL20 = ""; } if ($results == 30) { $rSEL30 = " selected=\"selected\""; } else { $rSEL30 = ""; } if ($results == 50) { $rSEL50 = " selected=\"selected\""; } else { $rSEL50 = ""; } echo " "; // Search by time frame: // if (($= ($PAGE-1) * $alb_per_page; $upper_limit = min($nbAlb, $PAGE * $alb_per_page); $limit = "LIMIT " . $lower_limit . "," . ($upper_limit - $lower_limit); $sql = 'SELECT a.aid, a.title, a.description, category, visibility, filepath, ' . 'filename, url_prefix, pwidth, pheight ' . 'FROM ' . $CONFIG['TABLE_ALBUMS'] . ' as a ' . 'LEFT JOIN ' . $CONFIG['TABLE_PICTURES'] . ' as p ' . 'ON a.thumb=p.pid ' . 'WHERE category=' . $cat . $album_filter . ' ORDER BY a.pos ' . $limit; $alb_thumbs_q = cpg_db_query($sql); $alb_thumbs = cpg_db_fetch_rowset($alb_thumbs_q); mysql_free_result($alb_thumbs_q); $disp_album_count = count($alb_thumbs); $album_set = ''; foreach($alb_thumbs as $value) { $album_set .= $value['aid'] . ', '; } $album_set = '(' . substr($album_set, 0, -2) . ')'; //This query will fetch album stats and keyword for the albums $sql = "SELECT a.aid, count( p.pid ) AS pic_count, max( p.pid ) AS last_pid, max( p.ctime ) AS last_upload, a.keyword" . " FROM {$CONFIG['TABLE_ALBUMS']} AS a " . " LEFT JOIN {$CONFIG['TABLE_PICTURES']} AS p ON a.aid = p.aid AND p.approved = 'YES' ". "WHERE a.aid IN $album_set" . "GROUP BY a.aid"; $alb_stats_q = cpg_db_query($sql); $alb_stats = cpg_db_fetch_rowset($alb_stats_q); mysql_free_result($alb_stats_q); foreach($alb_stats as $key => $value) { $cross_ref[$value['aid']] = $sql = "select * from ".$prefix."_shoutbox_conf"; $result = $db->sql_query($sql); $conf = $db->sql_fetchrow($result); if ($conf['delyourlastpost'] == "yes") { $sql = "select * from ".$prefix."_shoutbox_shouts where id='$shoutID'"; $nameresult = $db->sql_query($sql); $row = $db->sql_fetchrow($nameresult); include("config.php"); cookiedecode($user); $username = $cookie[1]; if ($row['name'] == $username) { $sqlD = "DELETE FROM ".$prefix."_shoutbox_shouts WHERE id='$shoutID'"; $db->sql_query($sqlD); } } Header("Location: modules.php?name=Shout_Box&page=$page"); exit; } function shoutEdit($page, $shoutID, $ShoutError) { include("config.php"); global $db, $user, $cookie, $prefix; include("header.php"); $sql = "select * from ".$prefix."_shoutbox_conf"; $result = $db->sql_query($sql); $conf = $db->sql_fetchrow($result); OpenTable(); if ($conf['delyourlastpost'] == "yes") { $sql = "select * from ".$prefix."_shoutbox_shouts where id='$shoutID'"; $nameresult = $db->sql_query($sql); $row = $db->sql_fetchrow($nameresult); cookiedecode($user); $username = $cookie[1]; if ($row['name'] == $username) { // strip out link code here (added back in later if saved) $ShoutComment = $row['comment']; $ShoutComment = ereg_replace("[URL]", "",$ShoutComment); $ShoutComment = ereg_replace("\">FTP]", "",$ShoutComment); $ShoutComment = ereg_replace("\">IRC]", "",$ShoutComment); $ShoutComment = ereg_replace("\">TeamSpeak]", "",$ShoutComment); $ShoutComment = ereg_replace("\">AIM]", "",$ShoutComment); $ShoutComment = ereg_replace("\">Gopher]", "",$ShoutComment); $ShoutComment = ereg_replace("\">E-Mail]", "",$ShoutComment); $i = 0; $ShoutNew = ''; $ShoutArray = explode(" ",$ShoutComment); foreach($ShoutArray as $ShoutPart) { if (eregi("mailto:", $ShoutPart)) { // find mailto: $ShoutPart = eregi_replace("mailto:", "",$ShoutPart); // strip out mailto: $ShoutPart = eregi_replace("%", " ",$ShoutPart); $ShoutPart = trim($ShoutPart); // decode address to ascii $c = 0; $AddyArray = explode(" ",$ShoutPart); foreach($AddyArray as $AddyPart) { $AddyNew[$c] = chr(hexdec($AddyPart)); $c++; } $ShoutPart = implode("",$AddyNew); $ShoutNew[$i] = "mailto:$ShoutPart"; // add mailto: back in } else { $ShoutNew[$i] = $ShoutPart; } $i++; } $ShoutComment = implode(" ",$ShoutNew); // strip smilies code here (added back in later if saved) $sql = "select * from ".$prefix."_shoutbox_emoticons"; $eresult = $db->sql_query($sql); while ($emoticons = $db->sql_fetchrow($eresult)) { $ShoutComment = str_replace($emoticons['image'],$emoticons['text'],$ShoutComment); } echo "\n"; echo "\n"; echo "\n"; if (($ShoutError) && ($ShoutError != 'none')) { echo ""; } echo ""; echo ""; echo "

"._SHOUTBOXEDIT."

"._SB_NOTE.": $ShoutError

"; echo "

"._SHOUTHISTORY."

"; } else { echo ""._EDITINGOTHERSDISALLOWED.""; } } else { echo ""._EDITINGDISABLEDBYADMIN.""; } CloseTable(); include("footer.php"); } function shoutSave($page, $shoutID, $ShoutComment) { include("config.php"); global $db, $user, $cookie, $prefix; $sql = "select * from ".$prefix."_shoutbox_conf"; $result = $db->sql_query($sql); $conf = $db->sql_fetchrow($result); if ($conf['delyourlastpost']