'') $theme = $HTTP_GET_VARS['tmp_theme']; if (strpos($theme, '://')) { die("Hacking attempt"); }; if ($HTTP_GET_VARS['tmp_lang']>'') $language = $HTTP_GET_VARS['tmp_lang']; if (strpos($language, "://")) { die("Hacking attempt"); }; if ($HTTP_POST_VARS['tmp_theme']>'') $theme = $HTTP_POST_VARS['tmp_theme']; if ($HTTP_POST_VARS['tmp_lang']>'') $language = $HTTP_POST_VARS['tmp_lang']; require("$path_to_themes/$theme"); require("$path_to_languages/$language"); if ($use_filter_file) require("filters.inc.php"); $action = empty($HTTP_GET_VARS['action'])?$HTTP_POST_VARS['action']:$HTTP_GET_VARS['action']; $msgid = $HTTP_GET_VARS['msgid']; $vpass = $HTTP_POST_VARS['vpass']; $msg = $HTTP_POST_VARS['msg']; if ($HTTP_GET_VARS['start']>'') $start = $HTTP_GET_VARS['start']; if ($HTTP_POST_VARS['start']>'') $start = $HTTP_POST_VARS['start']; $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; $submit = $HTTP_POST_VARS['submit']; ?> \n"; echo ""; echo ""; echo ""; echo "
"; echo "
$label_password:

\n"; echo "\n"; echo "\n"; echo "  
"; echo ""; echo "\n"; if ($use_footer) require("footer.php"); exit; } #else if(isset($submit)||$vpass>"") { $vpass = $HTTP_POST_VARS['vpass']; $msgid = $HTTP_POST_VARS['msgid']; $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; $row = 0; $tmp_data = array(); $fp = fopen("$path_to_gb","r") or die("$unable_to_access_file_msg $path_to_gb"); for ($i=0;$i<16;$i++) { $j = $i+1; $head_array[$i] = ${"col$j"}; } $rn = 0; while ($data = fgetcsv($fp,$csv_buffer_size,",")) { $row++; if ($row>1) { $num = count($data); if ($data[0]==$msgid) { if ($data[0]>10000) { $dateShift = dateShift($data[0]); $data[2] = date($date_format,$data[0]-$dateShift[1]); $data[3] = date($time_format,$data[0]-$dateShift[1]); } for ($c=0;$c<$num;$c++) { $tmp_data[$rn][$c] = $data[$c]; } } } } fclose($fp); unset($data); #release memory; $rows = $row; $user_is_editing = false; $admin_is_editing = false; if ($vpass==$tmp_data[$rn][15]||md5($vpass)==$tmp_data[$rn][15]) $user_is_editing = true; elseif ($vpass==$admin_pw||md5($vpass)==$admin_pw) $admin_is_editing = true; if ($allow_msg_lvl_edit_by_user&&$show_password) $edit_update = true; else if ($allow_msg_lvl_edit_by_admin) $edit_update = true; else $edit_update = false; /* Routine to limit when message can be updated */ if ($msgid>10000) $tmp_date = $msgid; else $edit_update = false; if (time() > $tmp_date+($cutoff_date_for_updates)) $edit_update = false; if ($admin_is_editing||($cutoff_date_for_updates<0)) $edit_update = true; if (!$edit_update||$vpass==""||(!$allow_msg_lvl_edit_by_user&&($vpass==$tmp_data[$rn][15]||md5($vpass)==$tmp_data[$rn][15]))||($vpass!=$admin_pw&&$vpass!=md5($admin_pw)&&$vpass!=$tmp_data[$rn][15]&&md5($vpass)!=$tmp_data[$rn][15])) { echo "
$not_authorized_msg

$label_back

"; if ($use_footer) include_once 'footer.php'; exit; } $id = "tdadd"; if ($action!='edit') { echo "

".$label_back."

"; echo ""; echo "
".ucwords($head_array[4]).": ".$tmp_data[$rn][4]; echo "".ucwords($head_array[12]).": ".$tmp_data[$rn][12]; echo "".ucwords($head_array[5]).": "."".$tmp_data[$rn][5].""; echo "".ucwords($head_array[6]).": ".$tmp_data[$rn][6]; echo "
".ucwords($head_array[7]).": "."".$tmp_data[$rn][7].""; echo "".ucwords($head_array[8]).": ".$tmp_data[$rn][8]; echo "".ucwords($head_array[9]).": ".$tmp_data[$rn][9]; echo "".ucwords($head_array[10]).": ".$tmp_data[$rn][10]; echo "
".ucwords($head_array[11]).": ".$tmp_data[$rn][11]; echo "".ucwords($head_array[1]).": ".$tmp_data[$rn][1]; echo "".ucwords($head_array[2]).": ".$tmp_data[$rn][2]; echo "".ucwords($head_array[3]).": ".$tmp_data[$rn][3]; echo "
".ucwords($head_array[14]).": ".$tmp_data[$rn][14]; echo "".ucwords($head_array[15]).": "."***************"; /* This next set of code is mostly copied right from index.php */ $tmp_data[$rn][13] = stripslashes($tmp_data[$rn][13]); $tmp_data[$rn][13] = str_replace("<","<",$tmp_data[$rn][13]); $tmp_data[$rn][13] = str_replace(">",">",$tmp_data[$rn][13]); $tmp_data[$rn][13] = str_replace("src=smilies","src=$path_to_images/smilies",$tmp_data[$rn][13]); $icons_in_separate_column = false; if (strpos(strtolower($allowed_html_tags_no_img),"")&&$allow_html) $tmp_data[$rn][13] = makeLink($tmp_data[$rn][13]); $start_tag = strpos(strtoupper($tmp_data[$rn][13]),"",$start_tag); $a_tag = substr($a_tag_hold,$start_tag,$end_tag-$start_tag+1); $dquotes = substr_count($a_tag,"""); $squotes = substr_count($a_tag,"'"); if ($dquotes%2||$squotes%2) $a_tag_errors++; // begin search and destroy for image tag javascript calls $cant_use = explode(",",$words_not_allowed_in_anchor_tag); for ($x=0;$x",$start_tag,$end_tag-$start_tag+1); $js_errors++; } } // end search and destroy for image tag javascript calls $a_tag_hold = substr($a_tag_hold,$end_tag); } if (!$a_tag_errors) { $tmp_data[$rn][13] = str_replace(""","\"",$tmp_data[$rn][13]); $tmp_data[$rn][13] = str_replace("'","\'",$tmp_data[$rn][13]); } } $start_tag = strpos(strtoupper($tmp_data[$rn][13]),"""&&$show_pic&&!$hide_all) { $tmp_data[$rn][13] = "  ".$tmp_data[$rn][13]; } } else { $a_tag_hold = strtolower($tmp_data[$rn][13]); $a_tag_errors = 0; $js_errors = 0; for ($x=0;$x",$start_tag); $a_tag = substr($a_tag_hold,$start_tag,$end_tag-$start_tag+1); $dquotes = substr_count($a_tag,"""); $squotes = substr_count($a_tag,"'"); if ($dquotes%2||$squotes%2) $a_tag_errors++; // begin search and destroy for anchor tag javascript calls $cant_use = explode(",",$words_not_allowed_in_anchor_tag); for ($x=0;$x",$start_tag,$end_tag-$start_tag+1); $js_errors++; } } // end search and destroy for anchor tag javascript calls $a_tag_hold = substr($a_tag_hold,$end_tag); } if (!$a_tag_errors) { $tmp_data[$rn][13] = str_replace(""","\"",$tmp_data[$rn][13]); $tmp_data[$rn][13] = str_replace("'","\'",$tmp_data[$rn][13]); if (!$icons_in_separate_column&&$tmp_data[$rn][7]>"") { $tmp_data[$rn][13] = "  ".$tmp_data[$rn][13]; } } else { if (!$icons_in_separate_column&&$tmp_data[$rn][7]>"") { $tmp_data[$rn][13] = "  ".$tmp_data[$rn][13]; } $tmp_data[$rn][13] .= "
$broken_link_msg"; } if ($js_errors&&a_tag_errors) $tmp_data[$rn][13] .= "
$attempted_use_of_javascript_msg"; elseif ($js_errors) $tmp_data[$rn][13] .= "
$attempted_use_of_javascript_msg"; } $allow_tags = ""; if ($allow_html) $allow_tags .= $allowed_html_tags_no_img; if ($allow_smileys) $allow_tags .= ""; $tmp_data[$rn][13] = strip_tags($tmp_data[$rn][13],$allow_tags); echo "
".ucwords($head_array[13]).": ".$tmp_data[$rn][13]; echo "

"; $rn--; echo "
"; } else { $js_string = <<<_JAVASCRIPT_ _JAVASCRIPT_; echo $js_string; $user_is_editing = ($vpass==$tmp_data[$rn][15]||md5($vpass)==$tmp_data[$rn][15])?true:false; if (!$user_is_editing) include("versionclient.php"); echo "
"; echo ""; echo ""; if (!$user_is_editing||$show_name) echo "
".$head_array[4].": "; else echo "
"; if (!$user_is_editing||$show_nation) { echo "".$head_array[12].": "; } else echo ""; if (!$user_is_editing||$show_email) echo "".$head_array[5].": "; else echo ""; if (!$user_is_editing||$show_home) echo "".$head_array[6].": "; else echo ""; if (!$user_is_editing||$show_pic) echo "
".$head_array[7].": "; else echo "
"; if (!$user_is_editing||$show_icq) echo "".$head_array[8].": "; else echo ""; if (!$user_is_editing||$show_aim) echo "".$head_array[9].": "; else echo ""; if (!$user_is_editing||$show_yim) echo "".$head_array[10].": "; else echo ""; if (!$user_is_editing||$show_msn) echo "
".$head_array[11].": "; else echo "
"; if (!$user_is_editing) echo "".$head_array[1].": "; else echo "".$head_array[1].": ".$tmp_data[$rn][1]; /*if (!$user_is_editing) echo "".$head_array[2].": "; else*/ echo "".$head_array[2].": ".$tmp_data[$rn][2]; /*if (!$user_is_editing) echo "".$head_array[3].": "; else*/ echo "".$head_array[3].": ".$tmp_data[$rn][3]; if ($tmp_data[$rn][14]=="on") { $checked = "checked"; $style = "style=\"background-color:$admin_private_message_color;\""; } elseif (!substr($tmp_data[$rn][0],0,1)) { $style = "style=\"background-color:$admin_moderate_message_color;\""; } else { $style = ""; $checked=""; } if (!$user_is_editing||$show_private) echo "
".$head_array[14].": "; else echo "
"; if (!$user_is_editing||$show_password) echo "".$head_array[15].": "; else echo ""; $tmp_data[$rn][13] = stripslashes($tmp_data[$rn][13]); // echo "
".$head_array[13].": "; ?>
.comments.focus();" />      "; if ($vpass==$admin_pw) $commentIntro = 'Модератор'; elseif ($user_is_editing) $commentIntro = $tmp_data[$rn][4]; else $commentIntro = '???'; $comment_btn = "$commentIntro $label_comments_added $on ".$date." $at ".$time.":  ';taPos(document.kisgb_form$rn);\" />  "; if ($vpass==$admin_pw||$allow_msg_lvl_delete_by_user) $delete_btn = ""; else $delete_btn = ""; echo "
$cancelBtn$comment_btn  $delete_btn"; echo "

"; echo ""; ?> "; } unset($tmp_data); # release memory; if ($use_footer) require 'footer.php'; exit; #} ?>