","
", "    ", "\\2", "", "\\1", "\\1", "\\1", "\\1", "\\1", "&#\\1;", ); $tags_decode_search=array( "/
/", "/    /", "/(.*?)<\/a>/", "//", "/(.*?)<\/i>/", "/(.*?)<\/u>/", "/(.*?)<\/b>/", "/(.*?)<\/em>/", "/(.*?)<\/small>/", ); $tags_decode_replace=array( "\n", "\t", "[url=\\1]\\2[/url]", "[img=\\1]", "[i]\\1[/i]", "[u]\\1[/u]", "[b]\\1[/b]", "[em]\\1[/em]", "[small]\\1[/small]", ); function pageheader($title=NULL) { $messages=array( "So, you wanted a message board, eh?", "Waah! Mommy, where are my cookies", "Keep It Simple, Stupid", "Minimalist, yet functional (barely)", "Not even your father's rock & roll (we're still beating the rocks together)", "What, you want the server to search *for* you?", "It's one of the places to be! :)", "It's like eating", "The world is corrupt!", "Not even remotely secure", "We bring slightly less buggy things to life", "Brute force ROMhacking since 2004", "With a side of search", ); echo "HCS Forum - "; if (is_null($title)) echo $messages[rand(0,count($messages)-1)]; else echo $title; ?> Tags:

bold: [b]bold[/b]
italics: [i]italics[/i]
emphasis: [em]emphasis[/em]
underline: [u]underline[/u]
small: [small]small[/small]
Link: [url=http://www.google.com]Link[/url]

[img=http://www.hcs64.com/images/mm1.png]
?addpost" method="POST">
User Name "; else echo $_COOKIE[$cookie_uname]; tagsinstructions(); ?>
Password "; else echo "**********"; ?>
Subject
Message
User Name "; else echo $_COOKIE[$cookie_uname]; tagsinstructions(); ?>
Password "; else echo "**********"; ?>
Subject
Message
\n"; if( $ppage > 0) { echo ""; echo "
\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
\n"; echo "\n"; } if(($highr) < $nresults) { echo ""; echo "
\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
\n"; echo "\n"; } echo "\n"; } // ***************************** Top of code ******************************** require("../dblogin.php"); if (isset($_GET[login])) { // **** Display login form pageheader(); ?>
User Name
Password

welcome back $_POST[uname].
your last recorded activity was ".date($timefmt." ".$datefmt,$line[llstamp]); echo "
proceed to the forums"; } else if (isset($_GET[logout])) { // Log Out setcookie($cookie_uname, "", time() - 3600, $cookie_path,$cookie_site); setcookie($cookie_token, "", time() - 3600, $cookie_path,$cookie_site); if (isset($_COOKIE[$cookie_uname])) { $result=mysql_query(" UPDATE users SET logintoken = NULL, lastlogin = NOW() WHERE uname = '".mysql_real_escape_string($_COOKIE[$cookie_uname])."' AND logintoken = '".mysql_real_escape_string($_COOKIE[$cookie_token])."' ") or die(mysql_error()); $deleted=1; } else $deleted=0; pageheader(); if ($deleted==1) echo "Cookies deleted.

"; else echo "Cookies not found, trying to delete anyway."; } else if (isset($_GET[adduser])) { // **** Display form to add a user pageheader(); ?>
User Name
Password
Verify Password
Please note that passwords are stored and transmitted unencrypted,
so don't use anything sensitive.
the forums"; } else echo "password verification error"; } else echo "User name $_POST[uname] already exists."; mysql_free_result($result); } else if (isset($_GET[userinfo])) { // **** User info page // get info from users database $result = mysql_query("SELECT uname, UNIX_TIMESTAMP(joined) as joindate, logintoken, UNIX_TIMESTAMP(lastlogin) as login FROM users WHERE idx = '".mysql_real_escape_string($_GET[userinfo])."'") or die (mysql_error()); if (mysql_num_rows($result) != 1) die("no such user"); $userline = mysql_fetch_assoc($result); mysql_free_result($result); // get post count, last post $result = mysql_query("SELECT COUNT(*) AS postcount, UNIX_TIMESTAMP(MAX(postedtime)) as lasttime FROM board WHERE author = '". mysql_real_escape_string($_GET[userinfo])."'") or die(mysql_error()); $postline = mysql_fetch_assoc($result); mysql_free_result($result); pageheader($userline[uname]." user info"); echo "Info for user "$userline[uname]":

"; echo "Joined: ".date($datefmt,$userline[joindate])."
"; echo "Posts: $postline[postcount]"; if ($postline[postcount] > 0) echo ", last posted ".date("$datefmt $timefmt",$postline[lasttime])."
"; if (isset($userline[logintoken]) && $userline[logintoken] != "") echo "Logged in ".date("$datefmt $timefmt",$userline[login])."
"; else if ($userline[login] > 0) echo "Last logged in ".date("$datefmt $timefmt",$userline[login])."
"; else echo "Never logged in.
"; echo "
User List"; } else if (isset($_GET[userlist])) { // **** User list pageheader("User List"); $result = mysql_query(" SELECT COUNT(*) AS postcount, users.uname AS uname, UNIX_TIMESTAMP(users.joined) AS joined, users.idx AS idx FROM board, users WHERE board.author = users.idx GROUP BY uname ORDER BY postcount DESC ") or die(mysql_error()); echo "User list:

".mysql_num_rows($result)." users
\n"; while ($line=mysql_fetch_assoc($result)) { echo "\n"; } echo "
NamePost CountJoined
$line[uname]$line[postcount]".date($datefmt,$line[joined])."
\n"; } else if (isset($_GET[chpass])) { // **** Change password form pageheader(); ?> Change Password:
User Name
Old Password
New Password
Verify New Password
0) echo "Previous Page"; if ($pageno > 0 && $pageno < floor(($postcount-1)/$postsperpage)) echo " | "; if ($pageno < floor(($postcount-1)/$postsperpage)) echo "Next Page"; $result = mysql_query(" SELECT board.subject AS subject, board.message AS message, board.idx AS idx, UNIX_TIMESTAMP(board.postedtime) AS postedtime, UNIX_TIMESTAMP(board.lasttime) AS lasttime, users.uname AS uname, users.idx AS uidx FROM board, users WHERE board.author = users.idx AND (board.replyto = '".mysql_real_escape_string($_GET[showthread])."' OR board.idx = '".mysql_real_escape_string($_GET[showthread])."') ORDER BY postedtime ASC LIMIT $firstonpage,$postsperpage ") or die (mysql_error()); echo "
\n"; $firstpost=1; while ($line=mysql_fetch_array($result,MYSQL_ASSOC)) { echo "
"; if ($lastlogin > 0 && $line[lasttime] > $lastlogin) echo "* "; echo "$line[subject] by $line[uname] at ".date($timefmt,$line[postedtime])." on ".date($datefmt,$line[postedtime])."
\n"; echo "
$line[message]"; if (time()-$line[postedtime] < $editexpire && ((!isset($_COOKIE[$cookie_uname]) || !isset($_COOKIE[$cookie_token])) || !strcmp($line[uname],$_COOKIE[$cookie_uname]))) echo "
[edit]"; echo "
\n"; } echo "
\n"; if ($pageno > 0) echo "Previous Page"; if ($pageno > 0 && $pageno < floor(($postcount-1)/$postsperpage)) echo " | "; if ($pageno < floor(($postcount-1)/$postsperpage)) echo "Next Page"; echo "
"; echo "Show all threads

"; echo "Reply to this thread:
"; NewPostForm($_GET[showthread]); mysql_free_result($result); } else if (isset($_GET['addpost'])) { // **** Add a post pageheader(); if (isset($_POST[author]) && $_POST[author]!='' && isset($_POST[pass]) && $_POST[pass]!='') { $result=mysql_query(" SELECT idx FROM users WHERE uname = '".mysql_real_escape_string($_POST[author])."' AND pass = '".mysql_real_escape_string($_POST[pass])."' ") or die("auth attempt: ".mysql_error()); } else if (isset($_COOKIE[$cookie_uname]) && isset($_COOKIE[$cookie_token])) { $result=mysql_query(" SELECT idx FROM users WHERE uname = '".mysql_real_escape_string($_COOKIE[$cookie_uname])."' AND logintoken = '".mysql_real_escape_string($_COOKIE[$cookie_token])."' ") or die("auth attempt: ".mysql_error()); } else die("Authentication failed (incomplete data)."); if (mysql_num_rows($result) != 1) die("Authentication failed."); $line=mysql_fetch_array($result,MYSQL_ASSOC); if ($_POST[inresponseto]=="0" && (!isset($_POST[subject]) || $_POST[subject]=="" || ctype_space($_POST[subject]))) die("Cannot start thread with empty subject"); $insres = mysql_query(" INSERT INTO board VALUES(NULL,NOW(),NOW(),'".mysql_real_escape_string($line[idx])."','".mysql_real_escape_string($_POST[inresponseto])."', '".mysql_real_escape_string(htmlspecialchars($_POST[subject],ENT_QUOTES))."', '".mysql_real_escape_string(preg_replace($tags_search,$tags_replace,htmlspecialchars(stripslashes($_POST[message]),ENT_QUOTES)))."', '".mysql_real_escape_string($_SERVER[REMOTE_ADDR])."') ") or die ("post error: ".mysql_error()); echo "Added.
"; if ($_POST[inresponseto] != 0) { $upres = mysql_query(" UPDATE board SET lasttime = NOW() WHERE idx = '".mysql_real_escape_string($_POST[inresponseto])."' LIMIT 1 ") or die("update error: ".mysql_error()); echo "Return to thread
"; } echo "Return to forum"; } else if (isset($_GET['editpost'])) { // **** Edit a post pageheader(); $posttoedit = intval($_GET['editpost']); $result = mysql_query(" SELECT author,subject,message FROM board WHERE idx = '$posttoedit'") or die(mysql_error()); if (mysql_numrows($result) == 0) die("no such post"); $line = mysql_fetch_assoc($result); mysql_free_result($result); EditPostForm($posttoedit,preg_replace($tags_decode_search,$tags_decode_replace,htmlspecialchars_decode($line[message],ENT_QUOTES)),$line[subject]); } else if (isset($_GET['editpost2'])) { // **** Commit an edited post pageheader(); $posttoedit = intval($_POST[posttoupdate]); // look up what post this reponds to and when it was first posted $result = mysql_query("SELECT replyto, UNIX_TIMESTAMP(postedtime) FROM board WHERE idx = '$posttoedit' LIMIT 1") or die(mysql_error()); $line = mysql_fetch_assoc($result); $inresponseto = intval($line[replyto]); if (time()-$line["UNIX_TIMESTAMP(postedtime)"] >= $editexpire) die("edit time for this post has expired ($editexpire seconds)"); mysql_free_result($result); if (isset($_POST[author]) && $_POST[author]!='' && isset($_POST[pass]) && $_POST[pass]!='') { $result=mysql_query(" SELECT idx FROM users WHERE uname = '".mysql_real_escape_string($_POST[author])."' AND pass = '".mysql_real_escape_string($_POST[pass])."' ") or die("auth attempt: ".mysql_error()); } else if (isset($_COOKIE[$cookie_uname]) && isset($_COOKIE[$cookie_token])) { $result=mysql_query(" SELECT idx FROM users WHERE uname = '".mysql_real_escape_string($_COOKIE[$cookie_uname])."' AND logintoken = '".mysql_real_escape_string($_COOKIE[$cookie_token])."' ") or die("auth attempt: ".mysql_error()); } else die("Authentication failed (incomplete data)."); if (mysql_num_rows($result) != 1) die("Authentication failed."); $line=mysql_fetch_array($result,MYSQL_ASSOC); if ($inresponseto=="0" && (!isset($_POST[subject]) || $_POST[subject]=="" || ctype_space($_POST[subject]))) die("Thread cannot have empty subject"); $insres = mysql_query(" UPDATE board SET subject = '".mysql_real_escape_string(htmlspecialchars($_POST[subject],ENT_QUOTES))."', message = '".mysql_real_escape_string(preg_replace($tags_search,$tags_replace,htmlspecialchars(stripslashes($_POST[message]),ENT_QUOTES)))."

edited ".date($timefmt." ".$datefmt)."', ip = '".mysql_real_escape_string($_SERVER[REMOTE_ADDR])."', lasttime = NOW() WHERE idx = '$posttoedit' AND author = '".mysql_real_escape_string($line[idx])."' LIMIT 1 ") or die ("update error: ".mysql_error()); if (mysql_affected_rows() != 1) die("no such post by you"); echo "Updated.
"; if ($inresponseto != 0) { $upres = mysql_query(" UPDATE board SET lasttime = NOW() WHERE idx = $inresponseto LIMIT 1 ") or die("update error: ".mysql_error()); echo "Return to thread
"; echo "Return to forum"; } } else if (isset($_GET['searchmode'])) { // **** Searching (largely ripped off from Josh W) pageheader(); echo "
\n"; echo "\n"; echo ""; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo ""; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "

\n"; echo "
Search for: 
Search where? In Message Body In Subject by Author
Search how? Exact Match Any Words All Words
\n"; if(isset($_POST[query])) { if(isset($_POST[page])) $lowr = ($_POST[page]-1)*$postsperpage; else $lowr = 0; $highr = $lowr + $postsperpage; switch ($_POST[searchwhere]) { case "message": $field = "message"; break; case "subject": $field = "subject"; break; case "uname": $field = "uname"; break; default: $field = "message"; } switch ($_POST[searchhow]) { case "phrase": $query = "'%" . mysql_real_escape_string(htmlspecialchars($_POST[query],ENT_QUOTES)) . "%'"; break; case "anywords": $query = "'%" . str_replace(" ","%' OR $field LIKE '%", mysql_real_escape_string(htmlspecialchars($_POST[query],ENT_QUOTES))) . "%'"; break; case "allwords": $query = "'%" . str_replace(" ","%' AND $field LIKE '%", mysql_real_escape_string(htmlspecialchars($_POST[query],ENT_QUOTES))) . "%'"; break; default: $query = "'%mothballs%'"; break; } $result=mysql_query("SELECT board.subject AS subject, board.message AS message, board.idx AS idx, board.author AS author, board.replyto AS replyto, UNIX_TIMESTAMP(board.postedtime) AS postedtime, UNIX_TIMESTAMP(board.lasttime) AS lasttime, users.uname AS uname, users.idx AS uidx FROM board, users WHERE ( $field LIKE $query ) AND board.author = users.idx ORDER BY postedtime ASC ") or die("auth attempt: ".mysql_error()); $nresults=mysql_num_rows($result); $npage = (int)(($highr+$postsperpage) / $postsperpage); $ppage = $npage - 2; $highr3 = $highr; if($highr > $nresults) $highr = $nresults; $test2 = preg_replace(array("[ ]"),array("+") ,$_POST[query]); echo "
\n"; PrevNext($ppage,$npage,$highr3,$nresults); echo "

Showing $lowr - $highr out of $nresults posts

"; for($i = 0; $i < $lowr; $i++) $line=mysql_fetch_assoc($result); for($i = $lowr; $i < $highr; $i++) { if($line=mysql_fetch_assoc($result)) { $threadr=mysql_query("SELECT * FROM board, users WHERE board.idx = '".mysql_real_escape_string($line[replyto])."' LIMIT 1") or die(mysql_error()); $treads=mysql_fetch_assoc($threadr); $presult = mysql_query("SELECT COUNT(*) FROM board WHERE (board.replyto = '".mysql_real_escape_string($line[replyto])."' OR board.idx = '".mysql_real_escape_string($line[replyto])."') AND board.idx < '".mysql_real_escape_string($line[idx])."'") or die(mysql_error()); $pline = mysql_fetch_assoc($presult); $postcount = $pline['COUNT(*)']; $pageno = floor(($postcount) / $postsperpage); if(mysql_num_rows($threadr) && $line[replyto] != "0") echo "Thread: $treads[subject]
"; else echo "Thread: $line[subject]
"; echo "
$line[subject] by $line[uname] at " . date("g:i A T", $line[postedtime]) . " on " . date("F j, Y",$line[postedtime]); echo "
$line[message]
"; mysql_free_result($threadr); mysql_free_result($presult); } } echo "

"; PrevNext($ppage,$npage,$highr3,$nresults); mysql_free_result($result); } // end if query } else { // **** Display Threads pageheader(); $firstonpage=$_GET[showpage]*$threadsperpage; $result = mysql_query(" SELECT board.idx AS threadid, board.subject AS subject, UNIX_TIMESTAMP(board.postedtime) AS postedtime, UNIX_TIMESTAMP(board.lasttime) AS lasttime, users.uname AS uname, users.idx AS idx FROM board, users WHERE board.author = users.idx AND board.replyto = '0' ORDER BY lasttime DESC LIMIT $firstonpage,$threadsperpage ") or die(mysql_error()); // get user's last login time if (isset($_COOKIE[$cookie_uname]) && isset($_COOKIE[$cookie_token])) { $result2 = mysql_query("SELECT UNIX_TIMESTAMP(prevlogin) AS llstamp FROM users WHERE uname = '".mysql_real_escape_string($_COOKIE[$cookie_uname])."' AND logintoken = '".mysql_real_escape_string($_COOKIE[$cookie_token])."'") or die(mysql_error()); $line=mysql_fetch_assoc($result2); mysql_free_result($result2); $lastlogin = $line[llstamp]; } else $lastlogin=0; echo ""; while ($line=mysql_fetch_array($result,MYSQL_ASSOC)) { $result2 = mysql_query("SELECT COUNT(*) FROM board WHERE replyto = '".mysql_real_escape_string($line[threadid])."' OR idx = '".mysql_real_escape_string($line[threadid])."'") or die(mysql_error()); $line2 = mysql_fetch_assoc($result2); $postcount = $line2['COUNT(*)']; mysql_free_result($result2); echo "\n\n"; } echo "
Threadses
SubjectStarted byStarted atLast UpdatePosts
"; if ($lastlogin > 0 && $line[lasttime] > $lastlogin) echo "* "; echo "$line[subject]"; if ($postcount > $postsperpage) echo " (last page)"; echo " $line[uname] ".date($timefmt." ".$datefmt,$line[postedtime])." ".date($timefmt." ".$datefmt,$line[lasttime])." $postcount
"; mysql_free_result($result); $result = mysql_query("SELECT COUNT(*) FROM board WHERE replyto = '0'") or die(mysql_error()); $line=mysql_fetch_assoc($result); mysql_free_result($result); if ($_GET[showpage] > 0) echo "Previous Page"; if ($_GET[showpage] > 0 && $showpage < floor(($line['COUNT(*)']-1)/$threadsperpage)) echo " | "; if ($showpage < floor(($line['COUNT(*)']-1)/$threadsperpage)) echo "Next Page"; echo "

Search | Create an account | Change Password | "; if (!isset($_COOKIE[$cookie_uname]) || !isset($_COOKIE[$cookie_token])) echo "Log In"; else echo "Log Out"; echo "
User List"; echo "

Create a new thread:
"; NewPostForm(0); } mysql_close($dbh); echo "
HCS Forum Index
Halley's Comet Software
forum source
"; ?>