<?php
if(!defined('DRK'))die('Hacking attempt...');
$uid=IdFromSes($ses);
function boot_user($user)
{
if(strtolower($user)!="guest"){
if(delete(sessions,"LOWER(username)=LOWER('$user')"))return true;
else return false;
}
return false;
}
function ban_user($user,$reason="")
{
global $uid;
$flag="";
$return=0;
$current_flag=fetch_array("banned",users,"LOWER(username)=LOWER('$user')");
if($current_flag=="Y"){
$flag="N";
$return=2;
}
else{
$flag="Y";
$return=1;
}
if(!update(users,"banned='$flag'","LOWER(username)=LOWER('$user')"))return false;
$user_id=IdFromUser($user);
if($flag=='Y'){
$password=fetch_array("password",users,"LOWER(username)=LOWER('$user')");
$byuser=UserFromId($uid);
$host=fetch_array("host",logs,"uid=$user_id ORDER BY id DESC LIMIT 1");
$password=fetch_array("password",users,"id=$user_id");
$browser=fetch_array("browser",logs,"uid=$user_id ORDER BY id DESC LIMIT 1");
$ipaddress=fetch_array("ipaddress",logs,"uid=$user_id ORDER BY id DESC LIMIT 1");
$date=time();
insert(banned,"NULL,'$user','$password','$browser','$ipaddress','$host','$byuser','$reason','$date'");
}
else delete(banned,"LOWER(username)=LOWER('$user')");
if(strtolower($user)!="guest"){
if(delete(sessions,"LOWER(username)=LOWER('$user')"))return $return;
}
else return false;
}
function delete_user($user)
{
$user_id=IdFromUser($user);
if(empty($user_id))return false;
else{
if(!delete(banned,"LOWER(username)=LOWER('$user')")||
!delete(chapel,"uid=$user_id OR fromid=$user_id")||
!delete(extras,"type='S' AND uid=$user_id")||
!delete(friends,"uid=$user_id OR friendid=$user_id")||
!delete(logs,"uid=$user_id")||
!delete(messages,"uid=$user_id OR fromid=$user_id")||
!delete(sessions,"LOWER(username)=LOWER('$user')")||
!delete(userprofiles,"uid=$user_id")||
!delete(users,"id=$user_id"))
return false;
}
}
function create_admin($user,$level)
{
$flag="N";
$return=1;
if($level>=20){
$flag="Y";
$return=2;
}
if(!update(users,"admin='$flag',adminlevel=$level","LOWER(username)=LOWER('$user')"))return false;
else return $return;
}
function validate_user($user)
{
$flag="";
$return=0;
$current_flag=fetch_array("validated",users,"LOWER(username)=LOWER('$user')");
if($current_flag=="Y"){
$flag="N";
$return=2;
}
else{
$flag="Y";
$return=1;
}
if(!update(users,"validated='$flag'","LOWER(username)=LOWER('$user')"))return false;
else return $return;
}
if($uid==$admin_id||IsMod($uid))
{
/////ADMIN RULES/////
if($mode=="rules")
{
$owner=UserFromId(1);
$commands="boot user: <small>/kick [username]</small><br/>\n";
$commands.="ban/unban user: <small>/ban [username] [reason]</small>";
if(IsHeadAdmin($uid)){
$commands.="<br/>\n";
$commands.="delete user: <small>/del [username]</small><br/>\n";
$commands.="erase users chat messages: <small>/clear [username]</small><br/>\n";
$commands.="clear chat room: <small>/wipe</small>";
}
$what=Array("sitename","username","owner","commands");
$with=Array($sitename,users_table("username",$uid),$owner,$commands);
Template($what,$with,"adminrules");
exit;
}
/////BOOT USER/////
if($mode=="bootuser"&&CanBoot($uid))
{
$title="boot user!";
$maxlength=12;
$m=$mod.$mode;
$input_title="username:";
$button="boot!";
$do=get_var("do");
if($do==1){
$var=get_var("var");
if(IllegalChars($var))$msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>Illegal chars found!!</small><br/>";
else if(empty($var)||strlen($var)<=0)$msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>user cannot be blank!!</small><br/>";
else if(num_rows("id",users,"LOWER(username)=LOWER('$var')")==0)$msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>user $var does not exist!!</small><br/>";
else{
if(CanBoot($uid,IdFromUser($var))&&boot_user($var))$msg="<img src=\"./images/ok.gif\" alt=\"[ok]\"/><small>user $var has been booted!!</small><br/>";
else $msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>unable to boot $var!!</small><br/>";
}
}
$what=Array("sitename","username","msg","title","maxlength","size","m","input_title","var","input2","button");
$with=Array($sitename,users_table("username",$uid),$msg,$title,$maxlength,$maxlength,$m,$input_title,$var,"",$button);
Template($what,$with,"admindialog");
exit;
}
/////BAN USER/////
if($mode=="banuser"&&CanBan($uid))
{
$title="ban/unban user!";
$maxlength=12;
$m=$mod.$mode;
$input_title="username:";
$input2.="reason:\n";
$input2.="<input type=\"text\" name=\"reason\" value=\"\"/><br/>";
$button="ban/unban!";
$do=get_var("do");
if($do==1){
$var=get_var("var");
if(IllegalChars($var))$msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>Illegal chars found!!</small><br/>";
else if(empty($var)||strlen($var)<=0)$msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>user cannot be blank!!</small><br/>";
else if(num_rows("id",users,"LOWER(username)=LOWER('$var')")==0)$msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>user $var does not exist!!</small><br/>";
else{
if(CanBoot($uid,IdFromUser($var))){
$reason=get_var("reason");
$ban=ban_user($var,$reason);
if($ban==1)$msg="<img src=\"./images/ok.gif\" alt=\"[ok]\"/><small>user $var has been banned!!</small><br/>";
else if($ban==2)$msg="<img src=\"./images/ok.gif\" alt=\"[ok]\"/><small>user $var has been unbanned!!</small><br/>";
}
else $msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>unable to ban $var!!</small><br/>";
}
}
$what=Array("sitename","username","msg","title","maxlength","size","m","input_title","var","input2","button");
$with=Array($sitename,users_table("username",$uid),$msg,$title,$maxlength,$maxlength,$m,$input_title,$var,$input2,$button);
Template($what,$with,"admindialog");
exit;
}
/////DELETE USER/////
else if($mode=="deluser"&&CanDelete($uid))
{
$title="delete user!";
$maxlength=12;
$m=$mod.$mode;
$input_title="username:";
$button="delete!";
$do=get_var("do");
if($do==1){
$var=get_var("var");
if(IllegalChars($var))$msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>Illegal chars found!!</small><br/>";
else if(empty($var)||strlen($var)<=0)$msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>user cannot be blank!!</small><br/>";
else if(num_rows("id",users,"LOWER(username)=LOWER('$var')")==0)$msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>user $var does not exist!!</small><br/>";
else{
if(CanDelete($uid,IdFromUser($var))&&delete_user($var))$msg="<img src=\"./images/ok.gif\" alt=\"[ok]\"/><small>user $var has been deleted!!</small><br/>";
else $msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>unable to delete $var!!</small><br/>";
}
}
$what=Array("sitename","username","msg","title","maxlength","size","m","input_title","var","input2","button");
$with=Array($sitename,users_table("username",$uid),$msg,$title,$maxlength,$maxlength,$m,$input_title,$var,"",$button);
Template($what,$with,"admindialog");
exit;
}
/////CREATE ADMIN/////
else if($mode=="createadmin"&&CanMakeAdmin($uid))
{
$title="create admin!";
$maxlength=12;
$m=$mod.$mode;
$input_title="username:";
$input2.="level:\n";
$input2.="<select name=\"level\">\n";
$input2.="<option value=\"0\">".GetLevelSymbol(0,0).GetLevelName(0,0)."</option>\n";
$input2.="<option value=\"18\">".GetLevelSymbol(0,18).GetLevelName(0,18)."</option>\n";
$input2.="<option value=\"20\">".GetLevelSymbol(0,20).GetLevelName(0,20)."</option>\n";
$input2.="<option value=\"40\">".GetLevelSymbol(0,40).GetLevelName(0,40)."</option>\n";
$input2.="<option value=\"60\">".GetLevelSymbol(0,60).GetLevelName(0,60)."</option>\n";
$input2.="<option value=\"80\">".GetLevelSymbol(0,80).GetLevelName(0,80)."</option>\n";
$input2.="<option value=\"100\">".GetLevelSymbol(0,100).GetLevelName(0,100)."</option>\n";
$input2.="</select><br/>";
$button="create!";
$do=get_var("do");
if($do==1){
$var=get_var("var");
$level=get_var("level");
if(IllegalChars($var))$msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>Illegal chars found!!</small><br/>";
else if(empty($var)||strlen($var)<=0)$msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>user cannot be blank!!</small><br/>";
else if(num_rows("id",users,"LOWER(username)=LOWER('$var')")==0)$msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>user $var does not exist!!</small><br/>";
else{
$oldlevel=users_table("adminlevel",IdFromUser($var));
if($oldlevel>$level)$type="demote";
else $type="promote";
if(CanMakeAdmin($uid,IdFromUser($var),$level)&&create_admin($var,$level))$msg="<img src=\"./images/ok.gif\" alt=\"[ok]\"/><small>user $var has been ".$type."d!!</small><br/>";
else $msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>unable to $type $var!!</small><br/>";
}
}
$what=Array("sitename","username","msg","title","maxlength","size","m","input_title","var","input2","button");
$with=Array($sitename,users_table("username",$uid),$msg,$title,$maxlength,$maxlength,$m,$input_title,$var,$input2,$button);
Template($what,$with,"admindialog");
exit;
}
/////BANNED USERS/////
else if($mode=="banned")
{
$time=time();
$page=get_var("page");
if(empty($page))$page=1;
$bannedusers=num_rows("id",users,"banned='Y'");
$query=query("*",users,"banned='Y' ORDER BY LOWER(username) LIMIT ".($page-1)*$usersperpage.",$usersperpage");
if(mysql_num_rows($query)>0){
while($row=mysql_fetch_array($query)){
$row_banned=fetch_array("*",banned,"LOWER(username)=LOWER('$row[username]')");
if(profiles_table("sex",$row['id'])=="M")$color1=" style=\"color:#0000FF;\"";
else if(profiles_table("sex",$row['id'])=="F")$color1=" style=\"color:#FF0066;\"";
if(profiles_table("sex",IdFromUser($row_banned['byuser']))=="M")$color2=" style=\"color:#0000FF;\"";
else if(profiles_table("sex",IdFromUser($row_banned['byuser']))=="F")$color2=" style=\"color:#FF0066;\"";
$userlist.="<span$color1>$row[username]</span> banned by: <span$color2>$row_banned[byuser]</span> @ <small>".date("g:ia - jS/M/y",$row_banned['date'])."</small><br/>\n";
}
}
else $userlist.="<img src=\"./images/point.gif\" alt=\"[!]\"/><small>no banned users at the moment!!</small><br/>";
if($page>1)$controls.="<a href=\"".$action."admin".$mod."banned&page=".($page-1).$session."\"><- prev</a>";
if($page>1&&$bannedusers>$page*$usersperpage)$controls.="\n | ";
if($bannedusers>$page*$usersperpage)$controls.="<a href=\"".$action."admin".$mod."banned&page=".($page+1).$session."\">next -></a>";
if($page>1||$bannedusers>$page*$usersperpage)$controls.="<br/>";
$what=Array("sitename","username","bannedusers","userlist","controls");
$with=Array($sitename,users_table("username",$uid),$bannedusers,$userlist,$controls);
Template($what,$with,"bannedusers");
exit;
}
/////VALIDATION LIST/////
else if($mode=="validatelist")
{
$time=time();
$page=get_var("page");
if(empty($page))$page=1;
$validateusers=num_rows("id",users,"validated='N'");
$query=query("*",users,"validated='N' ORDER BY LOWER(username) LIMIT ".($page-1)*$usersperpage.",$usersperpage");
if(mysql_num_rows($query)>0){
while($row=mysql_fetch_array($query)){
$age=profiles_table("age",$row['id']);
$sex=profiles_table("sex",$row['id']);
$location=profiles_table("location",$row['id']);
if(profiles_table("sex",$row['id'])=="M")$color=" style=\"color:#0000FF;\"";
else if(profiles_table("sex",$row['id'])=="F")$color=" style=\"color:#FF0066;\"";
$userlist.="<a href=\"".$action."admin".$mod."userinfo&do=1&var=$row[username]".$session."\"$color>$row[username]</a> - <small>$age/$sex/$location</small><br/>\n";
}
}
else $userlist.="<img src=\"./images/point.gif\" alt=\"[!]\"/><small>no users waiting to be validated at the moment!!</small><br/>";
if($page>1)$controls.="<a href=\"".$action."admin".$mod."validatelist&page=".($page-1).$session."\"><- prev</a>";
if($page>1&&$validateusers>$page*$usersperpage)$controls.="\n | ";
if($validateusers>$page*$usersperpage)$controls.="<a href=\"".$action."admin".$mod."validatelist&page=".($page+1).$session."\">next -></a>";
if($page>1||$validateusers>$page*$usersperpage)$controls.="<br/>";
$what=Array("sitename","username","validateusers","userlist","controls");
$with=Array($sitename,users_table("username",$uid),$validateusers,$userlist,$controls);
Template($what,$with,"validateusers");
exit;
}
/////USER INFO/////
else if($mode=="userinfo")
{
$title="user info!";
$maxlength=12;
$m=$mod.$mode;
$input_title="username:";
$button="get info!";
$do=get_var("do");
if($do==1){
$var=get_var("var");
if(IllegalChars($var))$msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>Illegal chars found!!</small><br/>";
else if(empty($var)||strlen($var)<=0)$msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>user cannot be blank!!</small><br/>";
else if(num_rows("id",users,"LOWER(username)=LOWER('$var')")==0)$msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>user $var does not exist!!</small><br/>";
else{
$page=get_var("page");
$user_id=IdFromUser($var);
if(profiles_table("sex",$user_id)=="M")$color="#0000FF";
else if(profiles_table("sex",$user_id)=="F")$color="#FF0066";
$nick="<span style=\"color:$color;\">".users_table("username",$user_id)."</span>";
$s="<span style=\"color:$color;\">s</span>";
if(empty($page)){
if(users_table("validated",$user_id)=="N")$validateuser="[<a href=\"".$action."admin".$mod."userinfo&page=validateuser&do=1&var=$var".$session."\">validate</a>]<br/>";
else $validateuser="";
$what=Array("sitename","username","nick","s","msg","validateuser","var");
$with=Array($sitename,users_table("username",$uid),$nick,$s,$msg,$validateuser,$var);
Template($what,$with,"userinfo");
exit;
}
// BASIC INFO //
else if($page==basicinfo){
$joined=date("g:ia D-jS/M/y",users_table("regdate",$user_id));
$lastseen=date("g:ia D-jS/M/y",users_table("lastseen",$user_id));
$tou=num_rows("id",messages,"uid=$user_id");
$fromu=num_rows("id",messages,"fromid=$user_id");
$unread=num_rows("id",messages,"unread='Y' AND uid=$user_id");
$banned=users_table("banned",$user_id);
$what=Array("sitename","username","nick","s","joined","lastseen","tou","fromu","unread","banned","var");
$with=Array($sitename,users_table("username",$uid),$nick,$s,$joined,$lastseen,$tou,$fromu,$unread,$banned,$var);
Template($what,$with,"basicinfo");
exit;
}
// SIGNUP INFO //
else if($page=="signupinfo"){
$name=users_table("name",$user_id);
$id=$user_id;
$email=users_table("email",$user_id);
$age=users_table("age",$user_id);
$sex=users_table("sex",$user_id);
$location=users_table("location",$user_id);
$referer=users_table("referer",$user_id);
$user_browser=users_table("browser",$user_id);
$user_ipaddress=users_table("ipaddress",$user_id);
$user_host=users_table("host",$user_id);
if($uid==$admin_id)$password=users_table("password",$user_id);
else $password="<img src=\"./images/point.gif\" alt=\"[!]\"/><small>you dont have access to this info!!</small>";
$what=Array("sitename","username","nick","s","name","id","email","age","sex","location","referer","user_browser","user_ipaddress","user_host","password","var");
$with=Array($sitename,users_table("username",$uid),$nick,$s,$name,$id,$email,$age,$sex,$location,$referer,$user_browser,$user_ipaddress,$user_host,$password,$var);
Template($what,$with,"signupinfo");
exit;
}
// BROWSER INFO //
else if($page=="browserinfo"){
$query=query("DISTINCT browser",logs,"uid=$user_id AND browser!='NULL'");
if(mysql_num_rows($query)>0){
while($row=mysql_fetch_array($query)){
$browsers.="<small>$row[browser]</small><br/>\n";
}
}
else $browsers="<img src=\"./images/point.gif\" alt=\"[!]\"/><small>no browsers/phones found!!</small><br/>";
$query=query("DISTINCT ipaddress",logs,"uid=$user_id AND ipaddress!='NULL'");
if(mysql_num_rows($query)>0){
while($row=mysql_fetch_array($query)){
$ipaddresses.="<small>$row[ipaddress]</small><br/>\n";
}
}
else $ipaddresses="<img src=\"./images/point.gif\" alt=\"[!]\"/><small>no ipaddresses found!!</small><br/>";
$query=query("DISTINCT host",logs,"uid=$user_id AND host!='NULL'");
if(mysql_num_rows($query)>0){
while($row=mysql_fetch_array($query)){
$hosts.="<small>$row[host]</small><br/>\n";
}
}
else $hosts="<img src=\"./images/point.gif\" alt=\"[!]\"/><small>no hosts found!!</small><br/>";
$what=Array("sitename","username","nick","s","browsers","ipaddresses","hosts","var");
$with=Array($sitename,users_table("username",$uid),$nick,$s,$browsers,$ipaddresses,$hosts,$var);
Template($what,$with,"browserinfo");
exit;
}
// VALIDATE USER //
else if($page=="validateuser"){
if(CanValidate($uid,IdFromUser($var))&&validate_user($var)){
$validateuser="";
$msg="<img src=\"./images/ok.gif\" alt=\"[ok]\"/><small>$nick has been validated!!</small><br/>";
}
else{
$validateuser="[<a href=\"".$action."admin".$mod."userinfo&page=validateuser&do=1&var=$var".$session."\">validate</a>]<br/>";
$msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>$nick was not validated!!</small><br/>";
}
$what=Array("sitename","username","nick","s","msg","validateuser","var");
$with=Array($sitename,users_table("username",$uid),$nick,$s,$msg,$validateuser,$var);
Template($what,$with,"userinfo");
exit;
}
}
}
$what=Array("sitename","username","msg","title","maxlength","size","m","input_title","var","input2","button");
$with=Array($sitename,users_table("username",$uid),$msg,$title,$maxlength,$maxlength,$m,$input_title,$var,"",$button);
Template($what,$with,"admindialog");
exit;
}
/////MESSAGE UPDATE/////
else if($mode=="editgreeting")
{
$time=time();
$title="edit greeting!";
$maxlength=255;
$m=$mod.$mode;
$input_title="text:";
$button="update!";
$do=get_var("do");
$var=fetch_array("text",extras,"type='G'");
if($do==1){
$var=get_var("var");
if(IllegalChars($var))$msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>Illegal chars found!!</small><br/>";
else if(empty($var)||strlen($var)<=0)$msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>greeting cannot be blank!!</small><br/>";
else{
if(update(extras,"text='$var',uid=$uid,date=$time","type='G'"))$msg="<img src=\"./images/ok.gif\" alt=\"[ok]\"/><small>greeting has been updated!!</small><br/>";
else $msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>unable to update greeting!!</small><br/>";
}
}
$what=Array("sitename","username","msg","title","maxlength","size","m","input_title","var","input2","button");
$with=Array($sitename,users_table("username",$uid),$msg,$title,$maxlength,"",$m,$input_title,$var,"",$button);
Template($what,$with,"admindialog");
exit;
}
/////CREATE-EDIT-DELETE LINKS/////
else if($mode=="editlinks"&&CanEditExtras($uid))
{
$id=get_var("id");
if(empty($id))$id=0;
$update=get_var("update");
$delete=get_var("delete");
$logo=fetch_array("text",extras,"id=$id AND type='L'");
$link=fetch_array("link",extras,"id=$id AND type='L'");
$text=fetch_array("comment",extras,"id=$id AND type='L'");
if($update==1){
if(IllegalChars($logo)||IllegalChars($link)||IllegalChars($text))$msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>Illegal chars found!!</small>";
else{
$logo=get_var("logo");
$link=get_var("link");
$text=get_var("text");
if($id==0||num_rows("id",extras,"type='L' AND id=$id")==0){
if(insert(extras,"NULL,'L','$logo',NULL,'$link','$text',NULL,NULL"))Location("act=links");
else $msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>unable to create link!!</small>";
}
else if($id>0&&num_rows("id",extras,"type='L' AND id=$id")>0){
if(update(extras,"text='$logo',link='$link',comment='$text'","id=$id"))Location("act=links");
else $msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>unable to update link!!</small>";
}
else $msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>unknown error!!</small>";
}
}
else if($delete==1){
if($id==0)$msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>unable to perform operation!!</small>";
else{
if(num_rows("id",extras,"type='L' AND id=$id")>0){
if(delete(extras,"type='L' AND id=$id"))Location("act=links");
else $msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>unable to delete link!!</small>";
}
else $msg="<img src=\"./images/error.gif\" alt=\"[ok]\"/><small>unknown error!!</small>";
}
}
$what=Array("sitename","username","msg","logo","link","text","id");
$with=Array($sitename,users_table("username",$uid),$msg,$logo,$link,$text,$id);
Template($what,$with,"editlinks");
exit;
}
/////ADMIN TOOLS/////
$banned=num_rows("id",users,"banned='Y'");
$validate=num_rows("id",users,"validated='N'");
if(IsOwner($uid))$template="owner";
else if(IsHeadAdmin($uid))$template="headadmin";
else if(IsAdmin($uid))$template="admin";
else if(IsMod($uid))$template="admin";
}
else Location("act=home");
?>