<?php
Session_Start();
mysql_connect("localhost", "dan92_happy", "[CENSORED]") or die(mysql_error());
mysql_select_db("dan92_admin") or die(mysql_error());
$resultsagain = mysql_query("SELECT * FROM bannedwords")
or die(mysql_error());
while($chaos = mysql_fetch_array( $resultsagain )) {
$ban = $chaos['wrd'];
$num_rows = mysql_num_rows($resultsagain);
}
$resultagain = mysql_query("SELECT * FROM user WHERE nm='$_SESSION[username]'")
or die(mysql_error());
while($rao = mysql_fetch_array( $resultagain )) {
$sk = $rao['sk'];
if ( $sk == '1' ) {
include("..//head.php");
echo "<title>Forums - Chankys</title>";
include("..//headunder.php");
include("..//menu.php");
} elseif ( $sk == '2') {
include("..//head2.php");
echo "<title>Forums - Chankys</title>";
include("..//headunder.php");
include("..//menu2.php");
} else {
include("..//head.php");
echo "<title>Forums - Chankys</title>";
include("..//headunder.php");
include("..//menu.php");
}
}
if ( $_SESSION[logged_in] == 0 ) {
include("..//head.php");
echo "<title>Forums - Chankys</title>";
include("..//headunder.php");
include("..//menu.php");
}
$av = $_SESSION[av];
$nm = $_POST['nm'];
$pst = $_POST['pst'];
$tt = $_POST['tt'];
$tid = $_POST['tid'];
$ip = $_SERVER['REMOTE_ADDR'];
$lk = $_POST['lk'];
$id = $_POST['id'];
$dt = date("l, F j, Y h:i:s A");
$pst = preg_replace("/\n/","\n<br />",$pst);
$nm = stripslashes($nm);
$bid = stripslashes($bid);
$nm = strip_tags($nm);
if($_SESSION[user] == administrator ) {
$pst = strip_tags($pst, '<b><i><u><br><img><a><table><td><tr><th><frame>');
$tt = strip_tags($tt, '<b><i><u>');
} else {
$pst = strip_tags($pst, '<b><i><u><br>');
$tt = strip_tags($tt);
}
$bid = strip_tags($bid);
$nm = $_SESSION[username];
$lk = "http://dan92.yfma.com/u.php?id=$_SESSION[id]";
$bid = $_GET['f'];
if ( $bid == "" ) {
$quero = "SELECT * FROM forum WHERE id='$tid'";
$result = mysql_query($quero) or die(mysql_error());
$list = mysql_fetch_array($result) or die(mysql_error());
$num_rows = mysql_num_rows($result);
$lock = $list['cs'];
} else {
$queris = "SELECT * FROM board WHERE id='$bid'";
$results = mysql_query($queris) or die(mysql_error());
$row = mysql_fetch_array($results) or die(mysql_error());
$lv = $row['lv'];
$des = $row['des'];
}
if( $lv == '2' ) {
if($_SESSION[user] == administrator ) {
echo "";
} elseif($_SESSION[user] == 'trusted member' ) {
echo "";
} else {
$access = "negative";
}
} elseif($lv == '3' ) {
if($_SESSION[user] == administrator ) {
$access = "positive";
} elseif($_SESSION[user] == 'trusted member' ) {
$access = "positive";
} else {
$access = "notpositive";
}
} else {
"";
}
if (!(strpos($pst, "<b>" ) == true)) {
if (!(strpos($pst, "</b>" ) == false)) {
$htmlallowance = "negative";
}
}
if (!(strpos($pst, "<i>" ) == true)) {
if (!(strpos($pst, "</i>" ) == false)) {
$htmlallowance = "negative";
}
}
if (!(strpos($pst, "<u>" ) == true)) {
if (!(strpos($pst, "</u>" ) == false)) {
$htmlallowance = "negative";
}
}
if($_SESSION[logged_in] == 0 ) {
echo "<h1>Access error!</h1><p>You need an account at Chanky's. register one <a href=\"..//register.php\"><b>here</b></a>.</p>";
} elseif($_SESSION[user] == 'banned member' ) {
echo "<h1>Access error!</h1><p>You can no longer post at Chanky's because of your user level.";
} elseif($_SESSION[user] == 'suspended member' ) {
echo "<h1>Access error!</h1><p>You temporarily cannot post at Chanky's because of your user level. Wait for your condemn results for further notice.";
} elseif($htmlallowance == "negative" ) {
echo "<h1>Error!</h1><p>Your post has bad HTML. You failed to end the bold tag.</p>";
} elseif($pst == "" ) {
echo "<h1>Error!</h1> <p>Your post is black. Please change that! You need at least one character.</p>";
} elseif(!(strpos($pst, "$num_rows" ) == true)) {
echo "Error! $ban is a banned word.";
} elseif($pst == "<b></b>" ) {
echo "<h1>Error!</h1> <p>Your post is black. Please change that! You need at least one character.</p>";
} elseif($pst == "<i></i>" ) {
echo "<h1>Error!</h1> <p>Your post is black. Please change that! You need at least one character.</p>";
} elseif($pst == "<u></u>" ) {
echo "<h1>Error!</h1> <p>Your post is black. Please change that! You need at least one character.</p>";
} elseif($access == "negative" ) {
echo "<h1>Access Error!</h1><p>You cannot post in this forum. Only trusted members and administrators can.</p>";
} elseif($lock == "lock" ) {
echo "<h1>Access error!</h1><p>This topic is locked! You cannot post in this topic. If you insist on posting in this topic, then unlock it.</p>";
} elseif($lock == "pinlock" ) {
echo "<h1>Access error!</h1><p>This topic is locked! Even though this topic is pinned, it does not mean you can post in it. You cannot post in this topic. If you insist on posting in this topic, then unlock it.</p>";
} elseif($ip == '71.101.45.67' ) {
/*
$resultend = mysql_query("UPDATE user SET user='suspended member' WHERE nm='$nm'")
$resultend = mysql_query("UPDATE user SET age='User committed Terms of Agreement violations, but punishment is pending. The user may or may not end up getting banned.' WHERE nm='$nm'")
or die(mysql_error());
*/
echo "<h1>Congratulations!</h1><p>You have successfully went through the posting system! However, rather then posting the message, the staff at Chanky's have decided to suspend your account.";
session_destroy();
} elseif($bid == "" ) {
if($num_rows == 1) {
mysql_query("INSERT INTO forum
(nm, brd, pst, tid, ip, tt, id, lk, dt, av) VALUES('$nm', '$bid', '$pst', '$tid', '$ip', '$tt', '$id', '$lk', '$dt', '$_SESSION[av]' ) ")
or die(mysql_error());
echo "<h1>Congrats!</h1><p>Your message was submitted! View your post <a href=\"t.php?id=$tid\"><b>right here</b></a>. Make sure that your post follows the <a href=\"http://www.dan92.yfma.com/terms.php\"><b>Terms of Agreement</b></a>.</p>";
} else {
echo "<h1>Flood control enabled!</h1> <p>You made this post about a second after another one! cut down!</p>";
}
} elseif($_SESSION[user] == 'POW member' ) {
echo "<h1>Access error!</h1><p>You cannot make topic on Chanky's as your user level. POW members can make messages, but cannot start topics.";
} elseif($tt == "" ) {
echo "<h1>Error!</h1> <p>Your topic title is non-existent. Please change that! You need at least one character.</p>";
} elseif($access == "notpositive" ) {
echo "<h1>Access error!</h1> <p>Only trusted members and administrators can post topics on this forum. You do not sport a high enough user level to post topics on this forum, but you can make posts.</p>";
} elseif($des == "" ) {
echo "<h1>Whoa whoa whoa!</h1><p>You can't post a topic on a forum that doesn't even exist!";
} else {
mysql_query("INSERT INTO forum
(nm, brd, pst, tid, ip, tt, id, lk, dt, av) VALUES('$nm', '$bid', '$pst', '$tid', '$ip', '$tt', '$id', '$lk', '$dt', '$_SESSION[av]' ) ")
or die(mysql_error());
echo "<h1>Congrats!</h1><p>Your topic was submitted! View your topic <a href=\"f.php?id=$bid\"><b>right here</b></a>. Make sure that your post follows the <a href=\"http://www.dan92.yfma.com/terms.php\"><b>Terms of Agreement</b></a>.</p>";
}
include("..//foot.php");
?>
$PST is the post, and I don't know why this won't work. Any help appreciated.