Codezwiz >> Forums >> Codezwiz PHP Nuke Help >> Fix for registered users not being able to access modules!

Hi all!

If your having a problems with registered users not being able to access modules set to registered users only heres the fix

Open the mainfile.php in your root directory and search for

if ($points > 0 AND $points >= $row[points] || $mod_group == 0) {

This dont seem to work for me cant find the line you said in mainfile.php

(CZenhanced7)

I hope there is a fix soon I need it my members are pissed off

That line is there and does that need that fix look again Bowen.

<?php

/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/

$phpver = phpversion();
if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
 $do_gzip_compress = TRUE;
 ob_start();
 ob_implicit_flush(0);
 //header('Content-Encoding: gzip');
}
}
}

$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}

if (!ini_get("register_globals")) {
import_request_variables('GPC');
}

foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("$[^>]*\"?[^)]*$", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("<center><img src=images/logo.gif> The html tags you attempted to use are not allowed [ <a href=\"javascript:history.go(-1)\">Go Back</a> ]");
}
}

foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
die ("<center><img src=images/logo.gif> The html tags you attempted to use are not allowed [ <a href=\"javascript:history.go(-1)\">Go Back</a> ]");
}
}

if (eregi("mainfile.php",$_SERVER['PHP_SELF'])) {
Header("Location: index.php");
die();
}

if ($forum_admin == 1) {
require_once("../../../config.php");
require_once("../../../db/db.php");
} elseif ($inside_mod == 1) {
require_once("../../config.php");
require_once("../../db/db.php");
} else {
require_once("config.php");
require_once("db/db.php");
/* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
/* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
require_once("includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
}

$mainfile = 1;
$sql = "SELECT sitename, nukeurl, site_logo, slogan, startdate, adminmail, anonpost, Default_Theme, foot1, foot2, foot3, commentlimit, anonymous, minpass, pollcomm, articlecomm, broadcast_msg, my_headlines, top, storyhome, user_news, oldnum, ultramode, banners, backend_title, backend_language, language, locale, multilingual, useflags, notify, notify_email, notify_subject, notify_message, notify_from, footermsgtxt, email_send, attachmentdir, attachments, attachments_view, download_dir, defaultpopserver, singleaccount, singleaccountname, numaccounts, imgpath, filter_forward, moderate, admingraphic, httpref, httprefmax, CensorMode, CensorReplace, copyright, Version_Num FROM ".$prefix."_config";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$sitename = $row['sitename'];
$nukeurl = $row['nukeurl'];
$site_logo = $row['site_logo'];
$slogan = $row['slogan'];
$startdate = $row['startdate'];
$adminmail = $row['adminmail'];
$anonpost = $row['anonpost'];
$Default_Theme = $row['Default_Theme'];
$foot1 = $row['foot1'];
$foot2 = $row['foot2'];
$foot3 = $row['foot3'];
$commentlimit = $row['commentlimit'];
$commentlimit = intval($commentlimit);
$anonymous = $row['anonymous'];
$minpass = $row['minpass'];
$minpass = intval($minpass);
$pollcomm = $row['pollcomm'];
$pollcomm = intval($pollcomm);
$articlecomm = $row['articlecomm'];
$articlecomm = intval($articlecomm);
$broadcast_msg = $row['broadcast_msg'];
$broadcast_msg = intval($broadcast_msg);
$my_headlines = $row['my_headlines'];
$my_headlines = intval($my_headlines);
$top = $row['top'];
$top = intval($top);
$storyhome = $row['storyhome'];
$storyhome = intval($storyhome);
$user_news = $row['user_news'];
$user_news = intval($user_news);
$oldnum = $row['oldnum'];
$oldnum = intval($oldnum);
$ultramode = $row['ultramode'];
$ultramode = intval($ultramode);
$banners = $row['banners'];
$banners = intval($banners);
$backend_title = $row['backend_title'];
$backend_language = $row['backend_language'];
$language = $row['language'];
$locale = $row['locale'];
$multilingual = $row['multilingual'];
$multilingual = intval($multilingual);
$useflags = $row['useflags'];
$useflags = intval($useflags);
$notify = $row['notify'];
$notify = intval($notify);
$notify_email = $row['notify_email'];
$notify_subject = $row['notify_subject'];
$notify_message = $row['notify_message'];
$notify_from = $row['notify_from'];
$footermsgtxt = $row['footermsgtxt'];
$email_send = $row['email_send'];
$email_send = intval($email_send);
$attachmentdir = $row['attachmentdir'];
$attachments = $row['attachments'];
$attachments = intval($attachments);
$attachments_view = $row['attachments_view'];
$attachments_view = intval($attachments_view);
$download_dir = $row['download_dir'];
$defaultpopserver = $row['defaultpopserver'];
$singleaccount = $row['singleaccount'];
$singleaccount = intval($singleaccount);
$singleaccountname = $row['singleaccountname'];
$numaccounts = $row['numaccounts'];
$imgpath = $row['imgpath'];
$filter_forward = $row['filter_forward'];
$filter_forward = intval($filter_forward);
$moderate = $row['moderate'];
$moderate = intval($moderate);
$admingraphic = $row['admingraphic'];
$admingraphic = intval($admingraphic);
$httpref = $row['httpref'];
$httpref = intval($httpref);
$httprefmax = $row['httprefmax'];
$httprefmax = intval($httprefmax);
$CensorMode = $row['CensorMode'];
$CensorMode = intval($CensorMode);
$CensorReplace = $row['CensorReplace'];
$copyright = $row['copyright'];
$Version_Num = $row['Version_Num'];
$domain = eregi_replace("http://", "", $nukeurl);
$tipath = "images/topics/";
$mtime = microtime();
$mtime = explode(" ",$mtime);
$mtime = $mtime[1] + $mtime[0];
$start_time = $mtime;

if ($forum_admin != 1) {
if (isset($newlang) AND !eregi("\.","$newlang")) {
if (file_exists("language/lang-$newlang.php")) {
 setcookie("lang",$newlang,time()+31536000);
 include("language/lang-$newlang.php");
 $currentlang = $newlang;
} else {
 setcookie("lang",$language,time()+31536000);
 include("language/lang-$language.php");
 $currentlang = $language;
}
} elseif (isset($lang)) {
include("language/lang-$lang.php");
$currentlang = $lang;
} else {
setcookie("lang",$language,time()+31536000);
include("language/lang-$language.php");
$currentlang = $language;
}
}

function get_lang($module) {
global $currentlang, $language;
if (file_exists("modules/$module/language/lang-$currentlang.php")) {
if ($module == admin) {
 include_once("admin/language/lang-$currentlang.php");
} else {
 include_once("modules/$module/language/lang-$currentlang.php");
}
} else {
if ($module == admin) {
 include_once("admin/language/lang-$currentlang.php");
} else {
 include_once("modules/$module/language/lang-$language.php");
}
}
}

function is_admin($admin) {
global $prefix, $db;
if(!is_array($admin)) {
$admin = base64_decode($admin);
$admin = explode(":", $admin);
$aid = "$admin[0]";
$pwd = "$admin[1]";
} else {
$aid = "$admin[0]";
$pwd = "$admin[1]";
}
if ($aid != "" AND $pwd != "") {
$aid = trim($aid);
$sql = "SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$pass = $row['pwd'];
if($pass == $pwd && $pass != "") {
 return 1;
}
}
return 0;
}

function is_user($user) {
global $prefix, $db, $user_prefix;
if(!is_array($user)) {
$user = base64_decode($user);
$user = explode(":", $user);
$uid = "$user[0]";
$pwd = "$user[2]";
} else {
$uid = "$user[0]";
$pwd = "$user[2]";
}
$uid = addslashes($uid);
$uid = intval($uid);
if ($uid != "" AND $pwd != "") {
$sql = "SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$pass = $row['user_password'];
if($pass == $pwd && $pass != "") {
 return 1;
}
}
return 0;
}

function is_group($user, $name) {
global $prefix, $db, $user_prefix;
if(!is_array($user)) {
$user = base64_decode($user);
$user = explode(":", $user);
$uid = "$user[0]";
$pwd = "$user[2]";
} else {
$uid = "$user[0]";
$uid = intval($uid);
$pwd = "$user[2]";
}
if ($uid != "" AND $pwd != "") {
$sql = "SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$pass = $row['user_password'];
if($pass == $pwd && $pass != "") {
 $sql = "SELECT points FROM ".$user_prefix."_users WHERE user_id='$uid'";
 $result = $db->sql_query($sql);
 $row = $db->sql_fetchrow($result);
 $points = intval($row['points']);
 $sql = "SELECT mod_group FROM ".$prefix."_modules WHERE title='$name'";
 $result = $db->sql_query($sql);
 $row = $db->sql_fetchrow($result);
 $mod_group = $row['mod_group'];
 $sql = "SELECT points FROM ".$prefix."_groups WHERE id='$mod_group'";
 $result = $db->sql_query($sql);
 $row = $db->sql_fetchrow($result);
 $grp = intval($row['points']);
 if ($points >= 0 AND $points >= $grp || $mod_group == 0) {
 return 1;
 }
}
}
return 0;
}

function update_points($id) {
global $user_prefix, $prefix, $db, $user;
if (is_user($user)) {
if(!is_array($user)) {
 $user1 = base64_decode($user);
 $user1 = explode(":", $user1);
 $username = "$user1[1]";
} else {
 $username = "$user1[1]";
}
if ($db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_groups")) > 0) {
 $row = $db->sql_fetchrow($db->sql_query("SELECT points FROM ".$prefix."_groups_points WHERE id='$id'"));
 $row[points] = intval($row['points']);
 $db->sql_query("UPDATE ".$user_prefix."_users SET points=points+$row[points] WHERE username='$username'");
}
}
}

function title($text) {
OpenTable();
echo "<center>$text</center>";
CloseTable();
echo " ";
}

function is_active($module) {
global $prefix, $db;
$module = trim($module);
$sql = "SELECT active FROM ".$prefix."_modules WHERE title='$module'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$act = $row['active'];
$act = intval($act);
if (!$result OR $act == 0) {
return 0;
} else {
return 1;
}
}

function render_blocks($side, $blockfile, $title, $content, $bid, $url) {
if ($url == "") {
if ($blockfile == "") {
 if ($side == "c") {
 themecenterbox($title, $content);
 } elseif ($side == "d") {
 themecenterbox($title, $content);
 } else {
 themesidebox($title, $content);
 }
} else {
 if ($side == "c") {
 blockfileinc($title, $blockfile, 1);
 } elseif ($side == "d") {
 blockfileinc($title, $blockfile, 1);
 } else {
 blockfileinc($title, $blockfile);
 }
}
} else {
if ($side == "c" OR $side == "d") {
 headlines($bid,1);
} else {
 headlines($bid);
}
}
}

function blocks($side) {
global $storynum, $prefix, $multilingual, $currentlang, $db, $admin, $user;
if ($multilingual == 1) {
$querylang = "AND (blanguage='$currentlang' OR blanguage='')";
} else {
$querylang = "";
}
if (strtolower($side[0]) == "l") {
$pos = "l";
} elseif (strtolower($side[0]) == "r") {
$pos = "r";
} elseif (strtolower($side[0]) == "c") {
$pos = "c";
} elseif (strtolower($side[0]) == "d") {
$pos = "d";
}
$side = $pos;
$sql = "SELECT bid, bkey, title, content, url, blockfile, view, expire, action FROM ".$prefix."_blocks WHERE bposition='$pos' AND active='1' $querylang ORDER BY weight ASC";
$result = $db->sql_query($sql);
while($row = $db->sql_fetchrow($result)) {
$bid = $row['bid'];
$bid = intval($bid);
$title = $row['title'];
$content = $row['content'];
$url = $row['url'];
$blockfile = $row['blockfile'];
$view = $row['view'];
$view = intval($view);
$expire = $row['expire'];
$action = $row['action'];
$now = time();
if ($expire != 0 AND $expire <= $now) {
if ($action == "d") {
$db->sql_query("UPDATE ".$prefix."_blocks SET active='0', expire='0' WHERE bid='$bid'");
return;
} elseif ($action == "r") {
$db->sql_query("DELETE FROM ".$prefix."_blocks WHERE bid='$bid'");
return;
}
}
if ($row['bkey'] == admin) {
 adminblock();
} elseif ($row['bkey'] == userbox) {
 userblock();
} elseif ($row['bkey'] == "") {
 if ($view == 0) {
 render_blocks($side, $blockfile, $title, $content, $bid, $url);
 } elseif ($view == 1 AND is_user($user) || is_admin($admin)) {
 render_blocks($side, $blockfile, $title, $content, $bid, $url);
 } elseif ($view == 2 AND is_admin($admin)) {
 render_blocks($side, $blockfile, $title, $content, $bid, $url);
 } elseif ($view == 3 AND !is_user($user) || is_admin($admin)) {
 render_blocks($side, $blockfile, $title, $content, $bid, $url);
 }
}
}
}

function message_box() {
global $bgcolor1, $bgcolor2, $user, $admin, $cookie, $textcolor2, $prefix, $multilingual, $currentlang, $db;
if ($multilingual == 1) {
$querylang = "AND (mlanguage='$currentlang' OR mlanguage='')";
} else {
$querylang = "";
}
$sql = "SELECT mid, title, content, date, expire, view FROM ".$prefix."_message WHERE active='1' $querylang";
$result = $db->sql_query($sql);
if ($numrows = $db->sql_numrows($result) == 0) {
return;
} else {
while ($row = $db->sql_fetchrow($result)) {
 $mid = $row['mid'];
$mid = intval($mid);
 $title = $row['title'];
 $content = $row['content'];
 $mdate = $row['date'];
 $expire = $row['expire'];
$expire = intval($expire);
 $view = $row['view'];
$view = intval($view);
if ($title != "" && $content != "") {
 if ($expire == 0) {
 $remain = _UNLIMITED;
 } else {
 $etime = (($mdate+$expire)-time())/3600;
 $etime = (int)$etime;
 if ($etime < 1) {
 $remain = _EXPIRELESSHOUR;
 } else {
 $remain = ""._EXPIREIN." $etime "._HOURS."";
 }
 }
 if ($view == 4 AND is_admin($admin)) {
OpenTable();
echo "<center>$title</center> \n"
 ."$content"
 ." <center>[ "._MVIEWADMIN." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
 CloseTable();
 echo " ";
 } elseif ($view == 3 AND is_user($user) || is_admin($admin)) {
OpenTable();
echo "<center>$title</center> \n"
 ."$content";
 if (is_admin($admin)) {
 echo " <center>[ "._MVIEWUSERS." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
 }
 CloseTable();
 echo " ";
 } elseif ($view == 2 AND !is_user($user) || is_admin($admin)) {
OpenTable();
echo "<center>$title</center> \n"
 ."$content";
 if (is_admin($admin)) {
 echo " <center>[ "._MVIEWANON." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
 }
 CloseTable();
 echo " ";
 } elseif ($view == 1) {
OpenTable();
echo "<center>$title</center> \n"
 ."$content";
 if (is_admin($admin)) {
 echo " <center>[ "._MVIEWALL." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
 }
 CloseTable();
 echo " ";
 }
 if ($expire != 0) {
 $past = time()-$expire;
 if ($mdate < $past) {
 $db->sql_query("UPDATE ".$prefix."_message SET active='0' WHERE mid='$mid'");
 }
 }
 }
}
}
}

function online() {
global $user, $cookie, $prefix, $db;
cookiedecode($user);
$ip = $_SERVER["REMOTE_ADDR"];
$uname = $cookie[1];
if (!isset($uname)) {
$uname = "$ip";
$guest = 1;
}
$past = time()-1800;
$sql = "DELETE FROM ".$prefix."_session WHERE time < '$past'";
$db->sql_query($sql);
$sql = "SELECT time FROM ".$prefix."_session WHERE uname='$uname'";
$result = $db->sql_query($sql);
$ctime = time();
if ($row = $db->sql_fetchrow($result)) {
$sql = "UPDATE ".$prefix."_session SET uname='$uname', time='$ctime', host_addr='$ip', guest='$guest' WHERE uname='$uname'";
$db->sql_query($sql);
} else {
$sql = "INSERT INTO ".$prefix."_session (uname, time, host_addr, guest) VALUES ('$uname', '$ctime', '$ip', '$guest')";
$db->sql_query($sql);
}
}

function blockfileinc($title, $blockfile, $side=0) {
$blockfiletitle = $title;
$file = @file("blocks/$blockfile");
if (!$file) {
$content = _BLOCKPROBLEM;
} else {
include("blocks/$blockfile");
}
if ($content == "") {
$content = _BLOCKPROBLEM2;
}
if ($side == 1) {
themecenterbox($blockfiletitle, $content);
} elseif ($side == 2) {
themecenterbox($blockfiletitle, $content);
} else {
themesidebox($blockfiletitle, $content);
}
}

function selectlanguage() {
global $useflags, $currentlang;
if ($useflags == 1) {
$title = _SELECTLANGUAGE;
$content = "<center>"._SELECTGUILANG." ";
$langdir = dir("language");
while($func=$langdir->read()) {
if(substr($func, 0, 5) == "lang-") {
 $menulist .= "$func ";
}
}
closedir($langdir->handle);
$menulist = explode(" ", $menulist);
sort($menulist);
for ($i=0; $i < sizeof($menulist); $i++) {
if($menulist[$i]!="") {
 $tl = ereg_replace("lang-","",$menulist[$i]);
 $tl = ereg_replace(".php","",$tl);
 $altlang = ucfirst($tl);
 $content .= "<a href=\"index.php?newlang=$tl\"><img src=\"images/language/flag-$tl.png\" border=\"0\" alt=\"$altlang\" title=\"$altlang\" hspace=\"3\" vspace=\"3\"></a> ";
}
}
$content .= "</center>";
themesidebox($title, $content);
} else {
$title = _SELECTLANGUAGE;
$content = "<center>"._SELECTGUILANG." ";
$content .= "<form action=\"index.php\" method=\"get\"><select name=\"newlanguage\" onChange=\"top.location.href=this.options[this.selectedIndex].value\">";
 $handle=opendir('language');
 while ($file = readdir($handle)) {
 if (preg_match("/^lang\-(.+)\.php/", $file, $matches)) {
 $langFound = $matches[1];
 $languageslist .= "$langFound ";
 }
 }
 closedir($handle);
 $languageslist = explode(" ", $languageslist);
 sort($languageslist);
 for ($i=0; $i < sizeof($languageslist); $i++) {
 if($languageslist[$i]!="") {
$content .= "<option value=\"index.php?newlang=$languageslist[$i]\" ";
 if($languageslist[$i]==$currentlang) $content .= " selected";
$content .= ">".ucfirst($languageslist[$i])."</option>\n";
 }
}
$content .= "</select></form></center>";
themesidebox($title, $content);
}
}

function ultramode() {
global $prefix, $db;
$ultra = "ultramode.txt";
$file = fopen("$ultra", "w");
fwrite($file, "General purpose self-explanatory file with news headlines\n");
$sql = "SELECT sid, aid, title, time, comments, topic FROM ".$prefix."_stories ORDER BY time DESC LIMIT 0,10";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$sql = "select topictext, topicimage from ".$prefix."_topics where topicid='$row[topic]'";
$result2 = $db->sql_query($sql);
$row2 = $db->sql_fetchrow($result2);
$topictext = $row2['topictext'];
$topicimage = $row2['topicimage'];
$content = "%%\n$row[title]\n/modules.php?name=News&file=article&sid=$row[sid]\n$row[time]\n$row[aid]\n$row2[topictext]\n$row[comments]\n$row2[topicimage]\n";
fwrite($file, $content);
}
fclose($file);
}

function cookiedecode($user) {
global $cookie, $prefix, $db, $user_prefix;
$user = base64_decode($user);
$cookie = explode(":", $user);
$sql = "SELECT user_password FROM ".$user_prefix."_users WHERE username='$cookie[1]'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$pass = $row['user_password'];
if ($cookie[2] == $pass && $pass != "") {
return $cookie;
} else {
unset($user);
unset($cookie);
}
}

function getusrinfo($user) {
global $userinfo, $user_prefix, $db;
$user2 = base64_decode($user);
$user3 = explode(":", $user2);
$sql = "SELECT * FROM ".$user_prefix."_users WHERE username='$user3[1]' AND user_password='$user3[2]'";
$result = $db->sql_query($sql);
if ($db->sql_numrows($result) == 1) {
$userinfo = $db->sql_fetchrow($result);
}
return $userinfo;
}

function FixQuotes ($what = "") {
$what = ereg_replace("'","''",$what);
while (eregi("\\\\'", $what)) {
$what = ereg_replace("\\\\'","'",$what);
}
return $what;
}

/*********************************************************/
/* text filter */
/*********************************************************/

function check_words($Message) {
global $EditedMessage;
include("config.php");
$EditedMessage = $Message;
if ($CensorMode != 0) {
if (is_array($CensorList)) {
 $Replace = $CensorReplace;
 if ($CensorMode == 1) {
 for ($i = 0; $i < count($CensorList); $i++) {
 $EditedMessage = eregi_replace("$CensorList[$i]([^a-zA-Z0-9])","$Replace\\1",$EditedMessage);
 }
 } elseif ($CensorMode == 2) {
 for ($i = 0; $i < count($CensorList); $i++) {
 $EditedMessage = eregi_replace("(^|[^[:alnum:]])$CensorList[$i]","\\1$Replace",$EditedMessage);
 }
 } elseif ($CensorMode == 3) {
 for ($i = 0; $i < count($CensorList); $i++) {
 $EditedMessage = eregi_replace("$CensorList[$i]","$Replace",$EditedMessage);
 }
 }
}
}
return ($EditedMessage);
}

function delQuotes($string){
/* no recursive function to add quote to an HTML tag if needed */
/* and delete duplicate spaces between attribs. */
$tmp=""; # string buffer
$result=""; # result string
$i=0;
$attrib=-1; # Are us in an HTML attrib ? -1: no attrib 0: name of the attrib 1: value of the atrib
$quote=0; # Is a string quote delimited opened ? 0=no, 1=yes
$len = strlen($string);
while ($i<$len) {
switch($string[$i]) { # What car is it in the buffer ?
 case "\"": #" # a quote.
 if ($quote==0) {
 $quote=1;
 } else {
 $quote=0;
 if (($attrib>0) && ($tmp != "")) { $result .= "=\"$tmp\""; }
 $tmp="";
 $attrib=-1;
 }
 break;
 case "=": # an equal - attrib delimiter
 if ($quote==0) { # Is it found in a string ?
 $attrib=1;
 if ($tmp!="") $result.=" $tmp";
 $tmp="";
 } else $tmp .= '=';
 break;
 case " ": # a blank ?
 if ($attrib>0) { # add it to the string, if one opened.
 $tmp .= $string[$i];
 }
 break;
 default: # Other
 if ($attrib<0) # If we weren't in an attrib, set attrib to 0
 $attrib=0;
 $tmp .= $string[$i];
 break;
}
$i++;
}
if (($quote!=0) && ($tmp != "")) {
if ($attrib==1) $result .= "=";
/* If it is the value of an atrib, add the '=' */
$result .= "\"$tmp\""; /* Add quote if needed (the reason of the function ;-) */
}
return $result;
}

function check_html ($str, $strip="") {
/* The core of this code has been lifted from phpslash */
/* which is licenced under the GPL. */
include("config.php");
if ($strip == "nohtml")
$AllowableHTML=array('');
$str = stripslashes($str);
$str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>",'<\\1>', $str);
 // Delete all spaces from html tags .
$str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?[[:space:]]*([^\" >]*)[[:space:]]*\"?[^>]*>",'<a href="\\1">', $str);
 // Delete all attribs from Anchor, except an href, double quoted.
$str = eregi_replace("<[[:space:]]* img[[:space:]]*([^>]*)[[:space:]]*>", '', $str);
 // Delete all img tags
$str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?javascript[[:punct:]]*\"?[^>]*>", '', $str);
 // Delete javascript code from a href tags -- Zhen-Xjell @ http://nukecops.com
$tmp = "";
while (ereg("<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>",$str,$reg)) {
 $i = strpos($str,$reg[0]);
 $l = strlen($reg[0]);
 if ($reg[1][0] == "/") $tag = strtolower(substr($reg[1],1));
 else $tag = strtolower($reg[1]);
 if ($a = $AllowableHTML[$tag])
 if ($reg[1][0] == "/") $tag = "</$tag>";
 elseif (($a == 1) || ($reg[2] == "")) $tag = "<$tag>";
 else {
 # Place here the double quote fix function.
 $attrb_list=delQuotes($reg[2]);
 // A VER
 $attrb_list = ereg_replace("&","&",$attrb_list);
 $tag = "<$tag" . $attrb_list . ">";
 } # Attribs in tag allowed
 else $tag = "";
 $tmp .= substr($str,0,$i) . $tag;
 $str = substr($str,$i+$l);
}
$str = $tmp . $str;
return $str;
exit;
/* Squash PHP tags unconditionally */
$str = ereg_replace("<\?","",$str);
return $str;
}

function filter_text($Message, $strip="") {
global $EditedMessage;
check_words($Message);
$EditedMessage=check_html($EditedMessage, $strip);
return ($EditedMessage);
}

/*********************************************************/
/* formatting stories */
/*********************************************************/

function formatTimestamp($time) {
global $datetime, $locale;
setlocale (LC_TIME, $locale);
ereg ("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})", $time, $datetime);
$datetime = strftime(""._DATESTRING."", mktime($datetime[4],$datetime[5],$datetime[6],$datetime[2],$datetime[3],$datetime[1]));
$datetime = ucfirst($datetime);
return($datetime);
}

function formatAidHeader($aid) {
global $prefix, $db;
$sql = "SELECT url, email FROM ".$prefix."_authors WHERE aid='$aid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$url = $row['url'];
$email = $row['email'];
if (isset($url)) {
$aid = "<a href=\"$url\">$aid</a>";
} elseif (isset($email)) {
$aid = "<a href=\"mailto:$email\">$aid</a>";
} else {
$aid = $aid;
}
echo "$aid";
}

function get_author($aid) {
global $prefix, $db;
$sql = "SELECT url, email FROM ".$prefix."_authors WHERE aid='$aid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
if (isset($row[url])) {
$aid = "<a href=\"$row[url]\">$aid</a>";
} elseif (isset($row[email])) {
$aid = "<a href=\"mailto:$row[email]\">$aid</a>";
} else {
$aid = $aid;
}
return($aid);
}

function themepreview($title, $hometext, $bodytext="", $notes="") {
echo "$title $hometext";
if ($bodytext != "") {
echo " $bodytext";
}
if ($notes != "") {
echo " "._NOTE." $notes";
}
}

function adminblock() {
global $admin, $prefix, $db;
if (is_admin($admin)) {
$sql = "SELECT title, content FROM ".$prefix."_blocks WHERE bkey='admin'";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
 $content = "$row[content]";
 themesidebox($row[title], $row[content]);
}
$title = ""._WAITINGCONT."";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_queue"));
$content = "";
$content .= "<big>·</big> <a href=\"admin.php?op=submissions\">"._SUBMISSIONS."</a>: $num ";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_reviews_add"));
$content .= "<big>·</big> <a href=\"admin.php?op=reviews\">"._WREVIEWS."</a>: $num ";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_links_newlink"));
$brokenl = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_links_modrequest WHERE brokenlink='1'"));
$modreql = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_links_modrequest WHERE brokenlink='0'"));
$content .= "<big>·</big> <a href=\"admin.php?op=Links\">"._WLINKS."</a>: $num ";
$content .= "<big>·</big> <a href=\"admin.php?op=LinksListModRequests\">"._MODREQLINKS."</a>: $modreql ";
$content .= "<big>·</big> <a href=\"admin.php?op=LinksListBrokenLinks\">"._BROKENLINKS."</a>: $brokenl ";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_downloads_newdownload"));
$brokend = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_downloads_modrequest WHERE brokendownload='1'"));
$modreqd = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_downloads_modrequest WHERE brokendownload='0'"));
$content .= "<big>·</big> <a href=\"admin.php?op=downloads\">"._UDOWNLOADS."</a>: $num ";
$content .= "<big>·</big> <a href=\"admin.php?op=DownloadsListModRequests\">"._MODREQDOWN."</a>: $modreqd ";
$content .= "<big>·</big> <a href=\"admin.php?op=DownloadsListBrokenDownloads\">"._BROKENDOWN."</a>: $brokend ";
$suppen = $db->sql_numrows($db->sql_query("select * FROM ".$prefix."_supporters WHERE site_status='0'"));
$supdea = $db->sql_numrows($db->sql_query("select * FROM ".$prefix."_supporters WHERE site_status='-1'"));
$content .= "<big>·</big> <a href=\"modules.php?name=Supporters&file=admin\">"._WSUPPORT."</a>: $suppen ";
$content .= "<big>·</big> <a href=\"modules.php?name=Supporters&file=admin\">"._DSUPPORT."</a>: $supdea ";

themesidebox($title, $content);
}
}

function loginbox() {
global $user;
if (!is_user($user)) {
$title = _LOGIN;
$boxstuff = "<form action=\"modules.php?name=Your_Account\" method=\"post\">";
$boxstuff .= "<center>"._NICKNAME." ";
$boxstuff .= "<input type=\"text\" name=\"username\" size=\"8\" maxlength=\"25\"> ";
$boxstuff .= ""._PASSWORD." ";
$boxstuff .= "<input type=\"password\" name=\"user_password\" size=\"8\" maxlength=\"20\"> ";
$boxstuff .= "<input type=\"hidden\" name=\"op\" value=\"login\">";
$boxstuff .= "<input type=\"submit\" value=\""._LOGIN."\"></center></form>";
$boxstuff .= "<center>"._ASREGISTERED."</center>";
themesidebox($title, $boxstuff);
}
}

function userblock() {
global $user, $cookie, $db, $user_prefix;
if((is_user($user)) AND ($cookie[8])) {
$sql = "SELECT ublock FROM ".$user_prefix."_users WHERE user_id='$cookie[0]'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$title = ""._MENUFOR." $cookie[1]";
themesidebox($title, $row[ublock]);
}
}

function getTopics($s_sid) {
global $topicname, $topicimage, $topictext, $prefix, $db;
$sid = $s_sid;
$sid = intval($sid);
$sql = "SELECT topic FROM ".$prefix."_stories WHERE sid='$sid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$sql = "SELECT topicid, topicname, topicimage, topictext FROM ".$prefix."_topics WHERE topicid='$row[topic]'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$topicid = $row['topicid'];
$topicid = intval($topicid);
$topicname = $row['topicname'];
$topicimage = $row['topicimage'];
$topictext = $row['topictext'];
}

function headlines($bid, $cenbox=0) {
global $prefix, $db;
$bid = intval($bid);
$sql = "SELECT title, content, url, refresh, time FROM ".$prefix."_blocks WHERE bid='$bid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$title = $row['title'];
$content = $row['content'];
$url = $row['url'];
$refresh = $row['refresh'];
$refresh = intval($refresh);
$otime = $row['time'];
$past = time()-$refresh;
if ($otime < $past) {
$btime = time();
$rdf = parse_url($url);
$fp = fsockopen($rdf['host'], 80, $errno, $errstr, 15);
if (!$fp) {
 $content = "";
 $sql = "UPDATE ".$prefix."_blocks SET content='$content', time='$btime' WHERE bid='$bid'";
 $db->sql_query($sql);
 $cont = 0;
 if ($cenbox == 0) {
 themesidebox($title, $content);
 } else {
 themecenterbox($title, $content);
 }
 return;
}
if ($fp) {
 if ($rdf['query'] != '')
 $rdf['query'] = "?" . $rdf['query'];

 fputs($fp, "GET " . $rdf['path'] . $rdf['query'] . " HTTP/1.0\r\n");
 fputs($fp, "HOST: " . $rdf['host'] . "\r\n\r\n");
 $string = "";
 while(!feof($fp)) {
 $pagetext = fgets($fp,300);
 $string .= chop($pagetext);
 }
 fputs($fp,"Connection: close\r\n\r\n");
 fclose($fp);
 $items = explode("</item>",$string);
 $content = "";
 for ($i=0;$i<10;$i++) {
 $link = ereg_replace(".*<link>","",$items[$i]);
 $link = ereg_replace("</link>.*","",$link);
 $title2 = ereg_replace(".*<title>","",$items[$i]);
 $title2 = ereg_replace("</title>.*","",$title2);
 $title2 = stripslashes($title2);
 if ($items[$i] == "" AND $cont != 1) {
 $content = "";
 $sql = "UPDATE ".$prefix."_blocks SET content='$content', time='$btime' WHERE bid='$bid'";
 $db->sql_query($sql);
 $cont = 0;
 if ($cenbox == 0) {
 themesidebox($title, $content);
 } else {
 themecenterbox($title, $content);
 }
 return;
 } else {
 if (strcmp($link,$title2) AND $items[$i] != "") {
 $cont = 1;
 $content .= "<big>·</big><a href=\"$link\" target=\"new\">$title2</a> \n";
 }
 }
 }

}
$sql = "UPDATE ".$prefix."_blocks SET content='$content', time='$btime' WHERE bid='$bid'";
$db->sql_query($sql);
}
$siteurl = ereg_replace("http://","",$url);
$siteurl = explode("/",$siteurl);
if (($cont == 1) OR ($content != "")) {
$content .= " <a href=\"http://$siteurl[0]\" target=\"blank\">"._HREADMORE."</a>";
} elseif (($cont == 0) OR ($content == "")) {
$content = ""._RSSPROBLEM."";
}
if ($cenbox == 0) {
themesidebox($title, $content);
} else {
themecenterbox($title, $content);
}
}

function automated_news() {
global $prefix, $multilingual, $currentlang, $db;
if ($multilingual == 1) {
$querylang = "WHERE (alanguage='$currentlang' OR alanguage='')"; /* the OR is needed to display stories who are posted to ALL languages */
} else {
$querylang = "";
}
$today = getdate();
$day = $today[mday];
if ($day < 10) {
$day = "0$day";
}
$month = $today[mon];
if ($month < 10) {
$month = "0$month";
}
$year = $today[year];
$hour = $today[hours];
$min = $today[minutes];
$sec = "00";
$sql = "SELECT anid, time FROM ".$prefix."_autonews $querylang";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$anid = $row['anid'];
$time = $row['time'];
ereg ("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})", $time, $date);
if (($date[1] <= $year) AND ($date[2] <= $month) AND ($date[3] <= $day)) {
 if (($date[4] < $hour) AND ($date[5] >= $min) OR ($date[4] <= $hour) AND ($date[5] <= $min)) {
 $sql2 = "SELECT * FROM ".$prefix."_autonews WHERE anid='$anid'";
 $result2 = $db->sql_query($sql2);
 while ($row2 = $db->sql_fetchrow($result2)) {
 $title = stripslashes(FixQuotes($row2[title]));
 $hometext = stripslashes(FixQuotes($row2[hometext]));
 $bodytext = stripslashes(FixQuotes($row2[bodytext]));
 $notes = stripslashes(FixQuotes($row2[notes]));
 $sql = "INSERT INTO ".$prefix."_stories VALUES (NULL, '$row2[catid]', '$row2[aid]', '$title', '$row2[time]', '$hometext', '$bodytext', '0', '0', '$row2[topic]', '$row2[informant]', '$notes', '$row2[ihome]', '$row2[alanguage]', '$row2[acomm]', '0', '0', '0', '0', '$row2[associated]')";
 $db->sql_query($sql);
 $sql = "DELETE FROM ".$prefix."_autonews WHERE anid='$anid'";
 $db->sql_query($sql);
 }
 }
}
}
}

function themecenterbox($title, $content) {
OpenTable();
echo "<center>$title</center> "
."$content";
CloseTable();
echo " ";
}

function public_message() {
global $prefix, $user_prefix, $db, $user, $admin, $p_msg, $cookie, $broadcast_msg;
if ($broadcast_msg == 1) {
if (is_user($user)) {
cookiedecode($user);
$sql = "SELECT broadcast FROM ".$user_prefix."_users WHERE username='$cookie[1]'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$upref = $row['broadcast'];
if ($upref == 1) {
 $t_off = " [ <a href=\"modules.php?name=Your_Account&op=edithome\">"._TURNOFFMSG."</a> ]";
 $pm_show = 1;
} else {
 $pm_show = 0;
}
} else {
$t_off = "";
}
if (!is_user($user) OR (is_user($user) AND ($pm_show == 1))) {
$c_mid = base64_decode($p_msg);
$sql = "SELECT mid, content, date, who FROM ".$prefix."_public_messages WHERE mid > '$c_mid' ORDER BY date ASC LIMIT 1";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$mid = $row['mid'];
$mid = intval($mid);
$content = $row['content'];
$tdate = $row['date'];
$who = $row['who'];
if ((!isset($c_mid)) OR ($c_mid = $mid)) {
 $public_msg = " <table width=\"90%\" border=\"1\" cellspacing=\"2\" cellpadding=\"0\" bgcolor=\"FFFFFF\" align=\"center\"><tr><td>\n";
 $public_msg .= "<table width=\"100%\" border=\"0\" cellspacing=\"1\" cellpadding=\"2\" bgcolor=\"FF0000\"><tr><td>\n";
 $public_msg .= ""._BROADCASTFROM." <a href=\"modules.php?name=Your_Account&op=userinfo&username=$who\">$who</a>: \"$content\"";
 $public_msg .= "$t_off";
 $public_msg .= "</td></tr></table>";
 $public_msg .= "</td></tr></table>";
 $ref_date = $tdate+600;
 $actual_date = time();
 if ($actual_date >= $ref_date) {
 $public_msg = "";
 $numrows = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_public_messages"));
 if ($numrows == 1) {
 $db->sql_query("DELETE FROM ".$prefix."_public_messages");
 $mid = 0;
 } else {
 $db->sql_query("DELETE FROM ".$prefix."_public_messages WHERE mid='$mid'");
 }
 }
 if ($mid == 0 OR $mid == "") {
 setcookie("p_msg");
 } else {
 $mid = base64_encode($mid);
 setcookie("p_msg",$mid,time()+600);
 }
}
}
} else {
$public_msg = "";
}
return($public_msg);
}

function get_theme() {
global $user, $cookie, $Default_Theme;
if(is_user($user)) {
$user2 = base64_decode($user);
$t_cookie = explode(":", $user2);
if($t_cookie[9]=="") $t_cookie[9]=$Default_Theme;
if(isset($theme)) $t_cookie[9]=$theme;
if(!$tfile=@opendir("themes/$t_cookie[9]")) {
 $ThemeSel = $Default_Theme;
} else {
 $ThemeSel = $t_cookie[9];
}
} else {
$ThemeSel = $Default_Theme;
}
return($ThemeSel);
}

function removecrlf($str) {
// Function for Security Fix by Ulf Harnhammar, VSU Security 2002
// Looks like I don't have so bad track record of security reports as Ulf believes
// He decided to not contact me, but I'm always here, digging on the net
return strtr($str, "\015\012", ' ');
}
// NSN Mod
$urinfo = getusrinfo($user);
$ulevel = $urinfo['user_level'];
$uactive = $urinfo['user_active'];
if ($ulevel < 1 OR $uactive < 1) {
unset($user);
unset($cookie);
}
// NSN Mod

// NSN Mod
if (is_user($user)) {
$uinfo = getusrinfo($user);
$lv = time();
$db->sql_query("UPDATE ".$user_prefix."_users SET user_lastvisit='$lv' WHERE user_id='".$uinfo['user_id']."'");
}
// WARNING THIS SECTION OF CODE CAN SLOW SITE LOAD TIME DOWN!!!!!!!!!!!!!
// IF YOU DO NOT WANT TO USE THIS CODE YOU DO NOT HAVE TO.
// THIS FUCTION IS IN USER ADMIN AND CAN BE TRIGGERED ONLY
// WHEN THE ADMIN WANTS IT RUN.
list($autosuspend) = $db->sql_fetchrow($db->sql_query("SELECT autosuspend FROM ".$prefix."_users_config WHERE ucid='1'"));
if ($autosuspend > 0){
$st = $lv - $autosuspend;
$susresult = $db->sql_query("SELECT user_id FROM ".$user_prefix."_users WHERE user_lastvisit <= $st AND user_level > 0");
while(list($sus_uid) = $db->sql_fetchrow($susresult)) {
$db->sql_query("UPDATE ".$user_prefix."_users SET user_level='0', user_active='0' WHERE user_id='$sus_uid'");
}
}
// NSN Mod
//
// Show 'Disabled' message if needed.
// � Mighty_Y <http://www.portedmods.com>
$result = $db->sql_query("SELECT disable_site, disable_message, disable_title FROM ".$prefix."_config");
$row = $db->sql_fetchrow($result);
$disable = $row[disable_site];
$disablemessage = $row[disable_message];
$disabletitle = $row[disable_title];
if ($disablemessage != "" && !is_admin($admin))
{
$reason = " "._DISABLE_REASON2." $disablemessage";
}
elseif ($disablemessage != "" && is_admin($admin))
{
$reason = " $disablemessage";
}
if ($disabletitle != "" )
{
$title14 = $disabletitle;
}else{
$title14 = ""._DIS_TITLE."";
}
if (!eregi("admin.php", $_SERVER['PHP_SELF']) && !is_admin($admin) && $disable && $name!= "Your_Account")
{
include("header.php");
$index = 1;
title($title14);
OpenTable();
echo "<center>"._DISABLE_REASON1."$reason</center>";
CloseTable();
include("footer.php");
die();
}elseif (!eregi("admin.php", $_SERVER['PHP_SELF']) && is_admin($admin) && $disable && $name!= "Your_Account")
{
echo "<center>"._DISABLE."$reason</center>";
}
?>

Parse error: parse error in /home/bemused/public_html/mainfile.php on line 63

Fatal error: Call to a member function on a non-object in /home/bemused/public_html/index.php on line 18

NOPE I GET THIS NOW when trying to enter page

Ok I get the message in the above message when I used your file telli and if I use the top One nothing changes @ all I still am having the same hassle

Ok I dont know why but....as I was having massive troubles with the problem mentioned above I took the mainfile.php out of a version of 7 that I have running on another domain and it works ok now..here is the version I run now it seems to be ok I have no idea about the code as I am still trying to learn but you may find something in here...my users now have full access even though I have ste all moduls to reg users only

<?php

/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/

$phpver = phpversion();
if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
 $do_gzip_compress = TRUE;
 ob_start();
 ob_implicit_flush(0);
 //header('Content-Encoding: gzip');
}
}
}

$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}

if (!ini_get("register_globals")) {
import_request_variables('GPC');
}

foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("$[^>]*\"?[^)]*$", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("<center><img src=images/logo.gif> The html tags you attempted to use are not allowed [ <a href=\"javascript:history.go(-1)\">Go Back</a> ]");
}
}

foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
die ("<center><img src=images/logo.gif> The html tags you attempted to use are not allowed [ <a href=\"javascript:history.go(-1)\">Go Back</a> ]");
}
}

if (eregi("mainfile.php",$PHP_SELF)) {
Header("Location: index.php");
die();
}

if ($forum_admin == 1) {
require_once("../../../config.php");
require_once("../../../db/db.php");
} elseif ($inside_mod == 1) {
require_once("../../config.php");
require_once("../../db/db.php");
} else {
require_once("config.php");
require_once("db/db.php");
/* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
/* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
require_once("includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
}

$mainfile = 1;
$sql = "SELECT sitename, nukeurl, site_logo, slogan, startdate, adminmail, anonpost, Default_Theme, foot1, foot2, foot3, commentlimit, anonymous, minpass, pollcomm, articlecomm, broadcast_msg, my_headlines, top, storyhome, user_news, oldnum, ultramode, banners, backend_title, backend_language, language, locale, multilingual, useflags, notify, notify_email, notify_subject, notify_message, notify_from, footermsgtxt, email_send, attachmentdir, attachments, attachments_view, download_dir, defaultpopserver, singleaccount, singleaccountname, numaccounts, imgpath, filter_forward, moderate, admingraphic, httpref, httprefmax, CensorMode, CensorReplace, copyright, Version_Num FROM ".$prefix."_config";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$sitename = $row[sitename];
$nukeurl = $row[nukeurl];
$site_logo = $row[site_logo];
$slogan = $row[slogan];
$startdate = $row[startdate];
$adminmail = $row[adminmail];
$anonpost = $row[anonpost];
$Default_Theme = $row[Default_Theme];
$foot1 = $row[foot1];
$foot2 = $row[foot2];
$foot3 = $row[foot3];
$commentlimit = $row[commentlimit];
$commentlimit = intval($commentlimit);
$anonymous = $row[anonymous];
$minpass = $row[minpass];
$minpass = intval($minpass);
$pollcomm = $row[pollcomm];
$pollcomm = intval($pollcomm);
$articlecomm = $row[articlecomm];
$articlecomm = intval($articlecomm);
$broadcast_msg = $row[broadcast_msg];
$broadcast_msg = intval($broadcast_msg);
$my_headlines = $row[my_headlines];
$my_headlines = intval($my_headlines);
$top = $row[top];
$top = intval($top);
$storyhome = $row[storyhome];
$storyhome = intval($storyhome);
$user_news = $row[user_news];
$user_news = intval($user_news);
$oldnum = $row[oldnum];
$oldnum = intval($oldnum);
$ultramode = $row[ultramode];
$ultramode = intval($ultramode);
$banners = $row[banners];
$banners = intval($banners);
$backend_title = $row[backend_title];
$backend_language = $row[backend_language];
$language = $row[language];
$locale = $row[locale];
$multilingual = $row[multilingual];
$multilingual = intval($multilingual);
$useflags = $row[useflags];
$useflags = intval($useflags);
$notify = $row[notify];
$notify = intval($notify);
$notify_email = $row[notify_email];
$notify_subject = $row[notify_subject];
$notify_message = $row[notify_message];
$notify_from = $row[notify_from];
$footermsgtxt = $row[footermsgtxt];
$email_send = $row[email_send];
$email_send = intval($email_send);
$attachmentdir = $row[attachmentdir];
$attachments = $row[attachments];
$attachments = intval($attachments);
$attachments_view = $row[attachments_view];
$attachments_view = intval($attachments_view);
$download_dir = $row[download_dir];
$defaultpopserver = $row[defaultpopserver];
$singleaccount = $row[singleaccount];
$singleaccount = intval($singleaccount);
$singleaccountname = $row[singleaccountname];
$numaccounts = $row[numaccounts];
$imgpath = $row[imgpath];
$filter_forward = $row[filter_forward];
$filter_forward = intval($filter_forward);
$moderate = $row[moderate];
$moderate = intval($moderate);
$admingraphic = $row[admingraphic];
$admingraphic = intval($admingraphic);
$httpref = $row[httpref];
$httpref = intval($httpref);
$httprefmax = $row[httprefmax];
$httprefmax = intval($httprefmax);
$CensorMode = $row[CensorMode];
$CensorMode = intval($CensorMode);
$CensorReplace = $row[CensorReplace];
$copyright = $row[copyright];
$Version_Num = $row[Version_Num];
$domain = eregi_replace("http://", "", $nukeurl);
$tipath = "images/topics/";
$mtime = microtime();
$mtime = explode(" ",$mtime);
$mtime = $mtime[1] + $mtime[0];
$start_time = $mtime;

if ($forum_admin != 1) {
if (isset($newlang) AND !eregi("\.","$newlang")) {
if (file_exists("language/lang-$newlang.php")) {
 setcookie("lang",$newlang,time()+31536000);
 include("language/lang-$newlang.php");
 $currentlang = $newlang;
} else {
 setcookie("lang",$language,time()+31536000);
 include("language/lang-$language.php");
 $currentlang = $language;
}
} elseif (isset($lang)) {
include("language/lang-$lang.php");
$currentlang = $lang;
} else {
setcookie("lang",$language,time()+31536000);
include("language/lang-$language.php");
$currentlang = $language;
}
}

function get_lang($module) {
global $currentlang, $language;
if (file_exists("modules/$module/language/lang-$currentlang.php")) {
if ($module == admin) {
 include_once("admin/language/lang-$currentlang.php");
} else {
 include_once("modules/$module/language/lang-$currentlang.php");
}
} else {
if ($module == admin) {
 include_once("admin/language/lang-$currentlang.php");
} else {
 include_once("modules/$module/language/lang-$language.php");
}
}
}

function is_admin($admin) {
global $prefix, $db;
if(!is_array($admin)) {
$admin = base64_decode($admin);
$admin = explode(":", $admin);
$aid = "$admin[0]";
$pwd = "$admin[1]";
} else {
$aid = "$admin[0]";
$pwd = "$admin[1]";
}
if ($aid != "" AND $pwd != "") {
$aid = trim($aid);
$sql = "SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$pass = $row[pwd];
if($pass == $pwd && $pass != "") {
 return 1;
}
}
return 0;
}

function is_user($user) {
global $prefix, $db, $user_prefix;
if(!is_array($user)) {
$user = base64_decode($user);
$user = explode(":", $user);
$uid = "$user[0]";
$pwd = "$user[2]";
} else {
$uid = "$user[0]";
$pwd = "$user[2]";
}
$uid = addslashes($uid);
$uid = intval($uid);
if ($uid != "" AND $pwd != "") {
$sql = "SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$pass = $row[user_password];
if($pass == $pwd && $pass != "") {
 return 1;
}
}
return 0;
}

function is_group($user, $name) {
global $prefix, $db, $user_prefix;
if(!is_array($user)) {
$user = base64_decode($user);
$user = explode(":", $user);
$uid = "$user[0]";
$pwd = "$user[2]";
} else {
$uid = "$user[0]";
$pwd = "$user[2]";
}
if ($uid != "" AND $pwd != "") {
$sql = "SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$pass = $row[user_password];
if($pass == $pwd && $pass != "") {
 $sql = "SELECT points FROM ".$user_prefix."_users WHERE user_id='$uid'";
 $result = $db->sql_query($sql);
 $row = $db->sql_fetchrow($result);
 $points = $row[points];
 $sql = "SELECT mod_group FROM ".$prefix."_modules WHERE title='$name'";
 $result = $db->sql_query($sql);
 $row = $db->sql_fetchrow($result);
 $mod_group = $row[mod_group];
 $sql = "SELECT points FROM ".$prefix."_groups WHERE id='$mod_group'";
 $result = $db->sql_query($sql);
 $row = $db->sql_fetchrow($result);
 $grp = $row[points];
if (($points >= 0 AND $points >= $grp) OR $mod_group == 0) {
 return 1;
 }
}
}
return 0;
}

function update_points($id) {
global $user_prefix, $prefix, $db, $user;
if (is_user($user)) {
if(!is_array($user)) {
 $user1 = base64_decode($user);
 $user1 = explode(":", $user1);
 $username = "$user1[1]";
} else {
 $username = "$user1[1]";
}
if ($db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_groups")) > 0) {
 $row = $db->sql_fetchrow($db->sql_query("SELECT points FROM ".$prefix."_groups_points WHERE id='$id'"));
 $db->sql_query("UPDATE ".$user_prefix."_users SET points=points+$row[points] WHERE username='$username'");
}
}
}

function title($text) {
OpenTable();
echo "<center>$text</center>";
CloseTable();
echo " ";
}

function is_active($module) {
global $prefix, $db;
$module = trim($module);
$sql = "SELECT active FROM ".$prefix."_modules WHERE title='$module'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$act = $row[active];
$act = intval($act);
if (!$result OR $act == 0) {
return 0;
} else {
return 1;
}
}

function render_blocks($side, $blockfile, $title, $content, $bid, $url) {
if ($url == "") {
if ($blockfile == "") {
 if ($side == "c") {
 themecenterbox($title, $content);
 } elseif ($side == "d") {
 themecenterbox($title, $content);
 } else {
 themesidebox($title, $content);
 }
} else {
 if ($side == "c") {
 blockfileinc($title, $blockfile, 1);
 } elseif ($side == "d") {
 blockfileinc($title, $blockfile, 1);
 } else {
 blockfileinc($title, $blockfile);
 }
}
} else {
if ($side == "c" OR $side == "d") {
 headlines($bid,1);
} else {
 headlines($bid);
}
}
}

function blocks($side) {
global $storynum, $prefix, $multilingual, $currentlang, $db, $admin, $user;
if ($multilingual == 1) {
$querylang = "AND (blanguage='$currentlang' OR blanguage='')";
} else {
$querylang = "";
}
if (strtolower($side[0]) == "l") {
$pos = "l";
} elseif (strtolower($side[0]) == "r") {
$pos = "r";
} elseif (strtolower($side[0]) == "c") {
$pos = "c";
} elseif (strtolower($side[0]) == "d") {
$pos = "d";
}
$side = $pos;
$sql = "SELECT bid, bkey, title, content, url, blockfile, view, expire, action FROM ".$prefix."_blocks WHERE bposition='$pos' AND active='1' $querylang ORDER BY weight ASC";
$result = $db->sql_query($sql);
while($row = $db->sql_fetchrow($result)) {
$bid = $row[bid];
$bid = intval($bid);
$title = $row[title];
$content = $row[content];
$url = $row[url];
$blockfile = $row[blockfile];
$view = $row[view];
$expire = $row[expire];
$action = $row[action];
$now = time();
if ($expire != 0 AND $expire <= $now) {
if ($action == "d") {
$db->sql_query("UPDATE ".$prefix."_blocks SET active='0', expire='0' WHERE bid='$bid'");
return;
} elseif ($action == "r") {
$db->sql_query("DELETE FROM ".$prefix."_blocks WHERE bid='$bid'");
return;
}
}
if ($row[bkey] == admin) {
 adminblock();
} elseif ($row[bkey] == userbox) {
 userblock();
} elseif ($row[bkey] == "") {
 if ($view == 0) {
 render_blocks($side, $blockfile, $title, $content, $bid, $url);
 } elseif ($view == 1 AND is_user($user) || is_admin($admin)) {
 render_blocks($side, $blockfile, $title, $content, $bid, $url);
 } elseif ($view == 2 AND is_admin($admin)) {
 render_blocks($side, $blockfile, $title, $content, $bid, $url);
 } elseif ($view == 3 AND !is_user($user) || is_admin($admin)) {
 render_blocks($side, $blockfile, $title, $content, $bid, $url);
 }
}
}
}

function message_box() {
global $bgcolor1, $bgcolor2, $user, $admin, $cookie, $textcolor2, $prefix, $multilingual, $currentlang, $db;
if ($multilingual == 1) {
$querylang = "AND (mlanguage='$currentlang' OR mlanguage='')";
} else {
$querylang = "";
}
$sql = "SELECT mid, title, content, date, expire, view FROM ".$prefix."_message WHERE active='1' $querylang";
$result = $db->sql_query($sql);
if ($numrows = $db->sql_numrows($result) == 0) {
return;
} else {
while ($row = $db->sql_fetchrow($result)) {
 $mid = $row[mid];
$mid = intval($mid);
 $title = $row[title];
 $content = $row[content];
 $mdate = $row[date];
 $expire = $row[expire];
$expire = intval($expire);
 $view = $row[view];
$view = intval($view);
if ($title != "" && $content != "") {
 if ($expire == 0) {
 $remain = _UNLIMITED;
 } else {
 $etime = (($mdate+$expire)-time())/3600;
 $etime = (int)$etime;
 if ($etime < 1) {
 $remain = _EXPIRELESSHOUR;
 } else {
 $remain = ""._EXPIREIN." $etime "._HOURS."";
 }
 }
 if ($view == 4 AND is_admin($admin)) {
OpenTable();
echo "<center>$title</center> \n"
 ."$content"
 ." <center>[ "._MVIEWADMIN." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
 CloseTable();
 echo " ";
 } elseif ($view == 3 AND is_user($user) || is_admin($admin)) {
OpenTable();
echo "<center>$title</center> \n"
 ."$content";
 if (is_admin($admin)) {
 echo " <center>[ "._MVIEWUSERS." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
 }
 CloseTable();
 echo " ";
 } elseif ($view == 2 AND !is_user($user) || is_admin($admin)) {
OpenTable();
echo "<center>$title</center> \n"
 ."$content";
 if (is_admin($admin)) {
 echo " <center>[ "._MVIEWANON." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
 }
 CloseTable();
 echo " ";
 } elseif ($view == 1) {
OpenTable();
echo "<center>$title</center> \n"
 ."$content";
 if (is_admin($admin)) {
 echo " <center>[ "._MVIEWALL." - $remain - <a href=\"admin.php?op=editmsg&mid=$mid\">"._EDIT."</a> ]</center>";
 }
 CloseTable();
 echo " ";
 }
 if ($expire != 0) {
 $past = time()-$expire;
 if ($mdate < $past) {
 $db->sql_query("UPDATE ".$prefix."_message SET active='0' WHERE mid='$mid'");
 }
 }
 }
}
}
}

function online() {
global $user, $cookie, $prefix, $db;
cookiedecode($user);
$ip = $_SERVER["REMOTE_ADDR"];
$uname = $cookie[1];
if (!isset($uname)) {
$uname = "$ip";
$guest = 1;
}
$past = time()-1800;
$sql = "DELETE FROM ".$prefix."_session WHERE time < $past";
$db->sql_query($sql);
$sql = "SELECT time FROM ".$prefix."_session WHERE uname='$uname'";
$result = $db->sql_query($sql);
$ctime = time();
if ($row = $db->sql_fetchrow($result)) {
$sql = "UPDATE ".$prefix."_session SET uname='$uname', time='$ctime', host_addr='$ip', guest='$guest' WHERE uname='$uname'";
$db->sql_query($sql);
} else {
$sql = "INSERT INTO ".$prefix."_session (uname, time, host_addr, guest) VALUES ('$uname', '$ctime', '$ip', '$guest')";
$db->sql_query($sql);
}
}

function blockfileinc($title, $blockfile, $side=0) {
$blockfiletitle = $title;
$file = @file("blocks/$blockfile");
if (!$file) {
$content = _BLOCKPROBLEM;
} else {
include("blocks/$blockfile");
}
if ($content == "") {
$content = _BLOCKPROBLEM2;
}
if ($side == 1) {
themecenterbox($blockfiletitle, $content);
} elseif ($side == 2) {
themecenterbox($blockfiletitle, $content);
} else {
themesidebox($blockfiletitle, $content);
}
}

function selectlanguage() {
global $useflags, $currentlang;
if ($useflags == 1) {
$title = _SELECTLANGUAGE;
$content = "<center>"._SELECTGUILANG." ";
$langdir = dir("language");
while($func=$langdir->read()) {
if(substr($func, 0, 5) == "lang-") {
 $menulist .= "$func ";
}
}
closedir($langdir->handle);
$menulist = explode(" ", $menulist);
sort($menulist);
for ($i=0; $i < sizeof($menulist); $i++) {
if($menulist[$i]!="") {
 $tl = ereg_replace("lang-","",$menulist[$i]);
 $tl = ereg_replace(".php","",$tl);
 $altlang = ucfirst($tl);
 $content .= "<a href=\"index.php?newlang=$tl\"><img src=\"images/language/flag-$tl.png\" border=\"0\" alt=\"$altlang\" title=\"$altlang\" hspace=\"3\" vspace=\"3\"></a> ";
}
}
$content .= "</center>";
themesidebox($title, $content);
} else {
$title = _SELECTLANGUAGE;
$content = "<center>"._SELECTGUILANG." ";
$content .= "<form action=\"index.php\" method=\"get\"><select name=\"newlanguage\" onChange=\"top.location.href=this.options[this.selectedIndex].value\">";
 $handle=opendir('language');
 while ($file = readdir($handle)) {
 if (preg_match("/^lang\-(.+)\.php/", $file, $matches)) {
 $langFound = $matches[1];
 $languageslist .= "$langFound ";
 }
 }
 closedir($handle);
 $languageslist = explode(" ", $languageslist);
 sort($languageslist);
 for ($i=0; $i < sizeof($languageslist); $i++) {
 if($languageslist[$i]!="") {
$content .= "<option value=\"index.php?newlang=$languageslist[$i]\" ";
 if($languageslist[$i]==$currentlang) $content .= " selected";
$content .= ">".ucfirst($languageslist[$i])."</option>\n";
 }
}
$content .= "</select></form></center>";
themesidebox($title, $content);
}
}

function ultramode() {
global $prefix, $db;
$ultra = "ultramode.txt";
$file = fopen("$ultra", "w");
fwrite($file, "General purpose self-explanatory file with news headlines\n");
$sql = "SELECT sid, aid, title, time, comments, topic FROM ".$prefix."_stories ORDER BY time DESC LIMIT 0,10";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$sql = "select topictext, topicimage from ".$prefix."_topics where topicid='$row[topic]'";
$result2 = $db->sql_query($sql);
$row2 = $db->sql_fetchrow($result2);
$topictext = $row2[topictext];
$topicimage = $row2[topicimage];
$content = "%%\n$row[title]\n/modules.php?name=News&file=article&sid=$row[sid]\n$row[time]\n$row[aid]\n$row2[topictext]\n$row[comments]\n$row2[topicimage]\n";
fwrite($file, $content);
}
fclose($file);
}

function cookiedecode($user) {
global $cookie, $prefix, $db, $user_prefix;
$user = base64_decode($user);
$cookie = explode(":", $user);
$sql = "SELECT user_password FROM ".$user_prefix."_users WHERE username='$cookie[1]'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$pass = $row[user_password];
if ($cookie[2] == $pass && $pass != "") {
return $cookie;
} else {
unset($user);
unset($cookie);
}
}

function getusrinfo($user) {
global $userinfo, $user_prefix, $db;
$user2 = base64_decode($user);
$user3 = explode(":", $user2);
$sql = "SELECT * FROM ".$user_prefix."_users WHERE username='$user3[1]' AND user_password='$user3[2]'";
$result = $db->sql_query($sql);
if ($db->sql_numrows($result) == 1) {
$userinfo = $db->sql_fetchrow($result);
}
return $userinfo;
}

function FixQuotes ($what = "") {
$what = ereg_replace("'","''",$what);
while (eregi("\\\\'", $what)) {
$what = ereg_replace("\\\\'","'",$what);
}
return $what;
}

/*********************************************************/
/* text filter */
/*********************************************************/

function check_words($Message) {
global $EditedMessage;
include("config.php");
$EditedMessage = $Message;
if ($CensorMode != 0) {
if (is_array($CensorList)) {
 $Replace = $CensorReplace;
 if ($CensorMode == 1) {
 for ($i = 0; $i < count($CensorList); $i++) {
 $EditedMessage = eregi_replace("$CensorList[$i]([^a-zA-Z0-9])","$Replace\\1",$EditedMessage);
 }
 } elseif ($CensorMode == 2) {
 for ($i = 0; $i < count($CensorList); $i++) {
 $EditedMessage = eregi_replace("(^|[^[:alnum:]])$CensorList[$i]","\\1$Replace",$EditedMessage);
 }
 } elseif ($CensorMode == 3) {
 for ($i = 0; $i < count($CensorList); $i++) {
 $EditedMessage = eregi_replace("$CensorList[$i]","$Replace",$EditedMessage);
 }
 }
}
}
return ($EditedMessage);
}

function delQuotes($string){
/* no recursive function to add quote to an HTML tag if needed */
/* and delete duplicate spaces between attribs. */
$tmp=""; # string buffer
$result=""; # result string
$i=0;
$attrib=-1; # Are us in an HTML attrib ? -1: no attrib 0: name of the attrib 1: value of the atrib
$quote=0; # Is a string quote delimited opened ? 0=no, 1=yes
$len = strlen($string);
while ($i<$len) {
switch($string[$i]) { # What car is it in the buffer ?
 case "\"": #" # a quote.
 if ($quote==0) {
 $quote=1;
 } else {
 $quote=0;
 if (($attrib>0) && ($tmp != "")) { $result .= "=\"$tmp\""; }
 $tmp="";
 $attrib=-1;
 }
 break;
 case "=": # an equal - attrib delimiter
 if ($quote==0) { # Is it found in a string ?
 $attrib=1;
 if ($tmp!="") $result.=" $tmp";
 $tmp="";
 } else $tmp .= '=';
 break;
 case " ": # a blank ?
 if ($attrib>0) { # add it to the string, if one opened.
 $tmp .= $string[$i];
 }
 break;
 default: # Other
 if ($attrib<0) # If we weren't in an attrib, set attrib to 0
 $attrib=0;
 $tmp .= $string[$i];
 break;
}
$i++;
}
if (($quote!=0) && ($tmp != "")) {
if ($attrib==1) $result .= "=";
/* If it is the value of an atrib, add the '=' */
$result .= "\"$tmp\""; /* Add quote if needed (the reason of the function ;-) */
}
return $result;
}

function check_html ($str, $strip="") {
/* The core of this code has been lifted from phpslash */
/* which is licenced under the GPL. */
include("config.php");
if ($strip == "nohtml")
$AllowableHTML=array('');
$str = stripslashes($str);
$str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>",'<\\1>', $str);
 // Delete all spaces from html tags .
$str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?[[:space:]]*([^\" >]*)[[:space:]]*\"?[^>]*>",'<a href="\\1">', $str);
 // Delete all attribs from Anchor, except an href, double quoted.
$str = eregi_replace("<[[:space:]]* img[[:space:]]*([^>]*)[[:space:]]*>", '', $str);
 // Delete all img tags
$str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?javascript[[:punct:]]*\"?[^>]*>", '', $str);
 // Delete javascript code from a href tags -- Zhen-Xjell @ http://nukecops.com
$tmp = "";
while (ereg("<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>",$str,$reg)) {
 $i = strpos($str,$reg[0]);
 $l = strlen($reg[0]);
 if ($reg[1][0] == "/") $tag = strtolower(substr($reg[1],1));
 else $tag = strtolower($reg[1]);
 if ($a = $AllowableHTML[$tag])
 if ($reg[1][0] == "/") $tag = "</$tag>";
 elseif (($a == 1) || ($reg[2] == "")) $tag = "<$tag>";
 else {
 # Place here the double quote fix function.
 $attrb_list=delQuotes($reg[2]);
 // A VER
 $attrb_list = ereg_replace("&","&",$attrb_list);
 $tag = "<$tag" . $attrb_list . ">";
 } # Attribs in tag allowed
 else $tag = "";
 $tmp .= substr($str,0,$i) . $tag;
 $str = substr($str,$i+$l);
}
$str = $tmp . $str;
return $str;
exit;
/* Squash PHP tags unconditionally */
$str = ereg_replace("<\?","",$str);
return $str;
}

function filter_text($Message, $strip="") {
global $EditedMessage;
check_words($Message);
$EditedMessage=check_html($EditedMessage, $strip);
return ($EditedMessage);
}

/*********************************************************/
/* formatting stories */
/*********************************************************/

function formatTimestamp($time) {
global $datetime, $locale;
setlocale (LC_TIME, $locale);
ereg ("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})", $time, $datetime);
$datetime = strftime(""._DATESTRING."", mktime($datetime[4],$datetime[5],$datetime[6],$datetime[2],$datetime[3],$datetime[1]));
$datetime = ucfirst($datetime);
return($datetime);
}

function formatAidHeader($aid) {
global $prefix, $db;
$sql = "SELECT url, email FROM ".$prefix."_authors WHERE aid='$aid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$url = $row[url];
$email = $row[email];
if (isset($url)) {
$aid = "<a href=\"$url\">$aid</a>";
} elseif (isset($email)) {
$aid = "<a href=\"mailto:$email\">$aid</a>";
} else {
$aid = $aid;
}
echo "$aid";
}

function get_author($aid) {
global $prefix, $db;
$sql = "SELECT url, email FROM ".$prefix."_authors WHERE aid='$aid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
if (isset($row[url])) {
$aid = "<a href=\"$row[url]\">$aid</a>";
} elseif (isset($row[email])) {
$aid = "<a href=\"mailto:$row[email]\">$aid</a>";
} else {
$aid = $aid;
}
return($aid);
}

function themepreview($title, $hometext, $bodytext="", $notes="") {
echo "$title $hometext";
if ($bodytext != "") {
echo " $bodytext";
}
if ($notes != "") {
echo " "._NOTE." $notes";
}
}

function adminblock() {
global $admin, $prefix, $db;
if (is_admin($admin)) {
$sql = "SELECT title, content FROM ".$prefix."_blocks WHERE bkey='admin'";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
 $content = "$row[content]";
 themesidebox($row[title], $row[content]);
}
$title = ""._WAITINGCONT."";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_queue"));
$content = "";
$content .= "<big>·</big> <a href=\"admin.php?op=submissions\">"._SUBMISSIONS."</a>: $num ";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_reviews_add"));
$content .= "<big>·</big> <a href=\"admin.php?op=reviews\">"._WREVIEWS."</a>: $num ";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_links_newlink"));
$brokenl = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_links_modrequest WHERE brokenlink='1'"));
$modreql = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_links_modrequest WHERE brokenlink='0'"));
$content .= "<big>·</big> <a href=\"admin.php?op=Links\">"._WLINKS."</a>: $num ";
$content .= "<big>·</big> <a href=\"admin.php?op=LinksListModRequests\">"._MODREQLINKS."</a>: $modreql ";
$content .= "<big>·</big> <a href=\"admin.php?op=LinksListBrokenLinks\">"._BROKENLINKS."</a>: $brokenl ";
$num = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_downloads_newdownload"));
$brokend = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_downloads_modrequest WHERE brokendownload='1'"));
$modreqd = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_downloads_modrequest WHERE brokendownload='0'"));
$content .= "<big>·</big> <a href=\"admin.php?op=downloads\">"._UDOWNLOADS."</a>: $num ";
$content .= "<big>·</big> <a href=\"admin.php?op=DownloadsListModRequests\">"._MODREQDOWN."</a>: $modreqd ";
$content .= "<big>·</big> <a href=\"admin.php?op=DownloadsListBrokenDownloads\">"._BROKENDOWN."</a>: $brokend ";
themesidebox($title, $content);
}
}

function loginbox() {
global $user;
if (!is_user($user)) {
$title = _LOGIN;
$boxstuff = "<form action=\"modules.php?name=Your_Account\" method=\"post\">";
$boxstuff .= "<center>"._NICKNAME." ";
$boxstuff .= "<input type=\"text\" name=\"username\" size=\"8\" maxlength=\"25\"> ";
$boxstuff .= ""._PASSWORD." ";
$boxstuff .= "<input type=\"password\" name=\"user_password\" size=\"8\" maxlength=\"20\"> ";
$boxstuff .= "<input type=\"hidden\" name=\"op\" value=\"login\">";
$boxstuff .= "<input type=\"submit\" value=\""._LOGIN."\"></center></form>";
$boxstuff .= "<center>"._ASREGISTERED."</center>";
themesidebox($title, $boxstuff);
}
}

function userblock() {
global $user, $cookie, $db, $user_prefix;
if((is_user($user)) AND ($cookie[8])) {
$sql = "SELECT ublock FROM ".$user_prefix."_users WHERE user_id='$cookie[0]'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$title = ""._MENUFOR." $cookie[1]";
themesidebox($title, $row[ublock]);
}
}

function getTopics($s_sid) {
global $topicname, $topicimage, $topictext, $prefix, $db;
$sid = $s_sid;
$sid = intval($sid);
$sql = "SELECT topic FROM ".$prefix."_stories WHERE sid='$sid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$sql = "SELECT topicid, topicname, topicimage, topictext FROM ".$prefix."_topics WHERE topicid='$row[topic]'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$topicid = $row[topicid];
$topicname = $row[topicname];
$topicimage = $row[topicimage];
$topictext = $row[topictext];
}

function headlines($bid, $cenbox=0) {
global $prefix, $db;
$bid = intval($bid);
$sql = "SELECT title, content, url, refresh, time FROM ".$prefix."_blocks WHERE bid='$bid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$title = $row[title];
$content = $row[content];
$url = $row[url];
$refresh = $row[refresh];
$otime = $row[time];
$past = time()-$refresh;
if ($otime < $past) {
$btime = time();
$rdf = parse_url($url);
$fp = fsockopen($rdf['host'], 80, $errno, $errstr, 15);
if (!$fp) {
 $content = "";
 $sql = "UPDATE ".$prefix."_blocks SET content='$content', time='$btime' WHERE bid='$bid'";
 $db->sql_query($sql);
 $cont = 0;
 if ($cenbox == 0) {
 themesidebox($title, $content);
 } else {
 themecenterbox($title, $content);
 }
 return;
}
if ($fp) {
 if ($rdf['query'] != '')
 $rdf['query'] = "?" . $rdf['query'];

 fputs($fp, "GET " . $rdf['path'] . $rdf['query'] . " HTTP/1.0\r\n");
 fputs($fp, "HOST: " . $rdf['host'] . "\r\n\r\n");
 $string = "";
 while(!feof($fp)) {
 $pagetext = fgets($fp,300);
 $string .= chop($pagetext);
 }
 fputs($fp,"Connection: close\r\n\r\n");
 fclose($fp);
 $items = explode("</item>",$string);
 $content = "";
 for ($i=0;$i<10;$i++) {
 $link = ereg_replace(".*<link>","",$items[$i]);
 $link = ereg_replace("</link>.*","",$link);
 $title2 = ereg_replace(".*<title>","",$items[$i]);
 $title2 = ereg_replace("</title>.*","",$title2);
 $title2 = stripslashes($title2);
 if ($items[$i] == "" AND $cont != 1) {
 $content = "";
 $sql = "UPDATE ".$prefix."_blocks SET content='$content', time='$btime' WHERE bid='$bid'";
 $db->sql_query($sql);
 $cont = 0;
 if ($cenbox == 0) {
 themesidebox($title, $content);
 } else {
 themecenterbox($title, $content);
 }
 return;
 } else {
 if (strcmp($link,$title2) AND $items[$i] != "") {
 $cont = 1;
 $content .= "<big>·</big><a href=\"$link\" target=\"new\">$title2</a> \n";
 }
 }
 }

}
$sql = "UPDATE ".$prefix."_blocks SET content='$content', time='$btime' WHERE bid='$bid'";
$db->sql_query($sql);
}
$siteurl = ereg_replace("http://","",$url);
$siteurl = explode("/",$siteurl);
if (($cont == 1) OR ($content != "")) {
$content .= " <a href=\"http://$siteurl[0]\" target=\"blank\">"._HREADMORE."</a>";
} elseif (($cont == 0) OR ($content == "")) {
$content = ""._RSSPROBLEM."";
}
if ($cenbox == 0) {
themesidebox($title, $content);
} else {
themecenterbox($title, $content);
}
}

function automated_news() {
global $prefix, $multilingual, $currentlang, $db;
if ($multilingual == 1) {
$querylang = "WHERE (alanguage='$currentlang' OR alanguage='')"; /* the OR is needed to display stories who are posted to ALL languages */
} else {
$querylang = "";
}
$today = getdate();
$day = $today[mday];
if ($day < 10) {
$day = "0$day";
}
$month = $today[mon];
if ($month < 10) {
$month = "0$month";
}
$year = $today[year];
$hour = $today[hours];
$min = $today[minutes];
$sec = "00";
$sql = "SELECT anid, time FROM ".$prefix."_autonews $querylang";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$anid = $row[anid];
$time = $row[time];
ereg ("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})", $time, $date);
if (($date[1] <= $year) AND ($date[2] <= $month) AND ($date[3] <= $day)) {
 if (($date[4] < $hour) AND ($date[5] >= $min) OR ($date[4] <= $hour) AND ($date[5] <= $min)) {
 $sql2 = "SELECT * FROM ".$prefix."_autonews WHERE anid='$anid'";
 $result2 = $db->sql_query($sql2);
 while ($row2 = $db->sql_fetchrow($result2)) {
 $title = stripslashes(FixQuotes($row2[title]));
 $hometext = stripslashes(FixQuotes($row2[hometext]));
 $bodytext = stripslashes(FixQuotes($row2[bodytext]));
 $notes = stripslashes(FixQuotes($row2[notes]));
 $sql = "INSERT INTO ".$prefix."_stories VALUES (NULL, '$row2[catid]', '$row2[aid]', '$title', '$row2[time]', '$hometext', '$bodytext', '0', '0', '$row2[topic]', '$row2[informant]', '$notes', '$row2[ihome]', '$row2[alanguage]', '$row2[acomm]', '0', '0', '0', '0', '$row2[associated]')";
 $db->sql_query($sql);
 $sql = "DELETE FROM ".$prefix."_autonews WHERE anid='$anid'";
 $db->sql_query($sql);
 }
 }
}
}
}

function themecenterbox($title, $content) {
OpenTable();
echo "<center>$title</center> "
."$content";
CloseTable();
echo " ";
}

function public_message() {
global $prefix, $user_prefix, $db, $user, $admin, $p_msg, $cookie, $broadcast_msg;
if ($broadcast_msg == 1) {
if (is_user($user)) {
cookiedecode($user);
$sql = "SELECT broadcast FROM ".$user_prefix."_users WHERE username='$cookie[1]'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$upref = $row[broadcast];
if ($upref == 1) {
 $t_off = " [ <a href=\"modules.php?name=Your_Account&op=edithome\">"._TURNOFFMSG."</a> ]";
 $pm_show = 1;
} else {
 $pm_show = 0;
}
} else {
$t_off = "";
}
if (!is_user($user) OR (is_user($user) AND ($pm_show == 1))) {
$c_mid = base64_decode($p_msg);
$sql = "SELECT mid, content, date, who FROM ".$prefix."_public_messages WHERE mid > '$c_mid' ORDER BY date ASC LIMIT 1";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$mid = $row[mid];
$content = $row[content];
$tdate = $row[date];
$who = $row[who];
if ((!isset($c_mid)) OR ($c_mid = $mid)) {
 $public_msg = " <table width=\"90%\" border=\"1\" cellspacing=\"2\" cellpadding=\"0\" bgcolor=\"FFFFFF\" align=\"center\"><tr><td>\n";
 $public_msg .= "<table width=\"100%\" border=\"0\" cellspacing=\"1\" cellpadding=\"2\" bgcolor=\"FF0000\"><tr><td>\n";
 $public_msg .= ""._BROADCASTFROM." <a href=\"modules.php?name=Your_Account&op=userinfo&username=$who\">$who</a>: \"$content\"";
 $public_msg .= "$t_off";
 $public_msg .= "</td></tr></table>";
 $public_msg .= "</td></tr></table>";
 $ref_date = $tdate+600;
 $actual_date = time();
 if ($actual_date >= $ref_date) {
 $public_msg = "";
 $numrows = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_public_messages"));
 if ($numrows == 1) {
 $db->sql_query("DELETE FROM ".$prefix."_public_messages");
 $mid = 0;
 } else {
 $db->sql_query("DELETE FROM ".$prefix."_public_messages WHERE mid='$mid'");
 }
 }
 if ($mid == 0 OR $mid == "") {
 setcookie("p_msg");
 } else {
 $mid = base64_encode($mid);
 setcookie("p_msg",$mid,time()+600);
 }
}
}
} else {
$public_msg = "";
}
return($public_msg);
}

function get_theme() {
global $user, $cookie, $Default_Theme;
if(is_user($user)) {
$user2 = base64_decode($user);
$t_cookie = explode(":", $user2);
if($t_cookie[9]=="") $t_cookie[9]=$Default_Theme;
if(isset($theme)) $t_cookie[9]=$theme;
if(!$tfile=@opendir("themes/$t_cookie[9]")) {
 $ThemeSel = $Default_Theme;
} else {
 $ThemeSel = $t_cookie[9];
}
} else {
$ThemeSel = $Default_Theme;
}
return($ThemeSel);
}

function removecrlf($str) {
// Function for Security Fix by Ulf Harnhammar, VSU Security 2002
// Looks like I don't have so bad track record of security reports as Ulf believes
// He decided to not contact me, but I'm always here, digging on the net
return strtr($str, "\015\012", ' ');
}

?>

Ok the only thing that I have found wrong now I am running this mainfile from the standard 7 is that the site shutdown option dont work now. but my members are happy LOL

hey guys,

got a problem, and a question.

problem: i downloaded and installed the czmodules for 6.9. the menu comes up perfect and i have all the modules in the right places, but when i click on anything but the bookmark it send me to the homepage / startpage. i keep getting page loaded but with errors in the bottom left corner of my explorer page (where it says done). Need help!!

question: i e-mailed telli about contracting your services for some custom modules / themes a while ago, but i have not heard anything back as of yet. is he still around? did i contact the right person? if not who do i contact? let me know.... thanks

BombSquad

Please resubmit your email the mail server was down for a few days and that might have been when you sent it. For the block try this one.

Thanks for the help telli, I just fixed it but I still get an error:

Line 200
Char: 22
Error: Expected ';'
Code: 0
Url: [ Register or login to view links on this board. ]

It gives this error for every page, but the links work correctly. Just thought that I'd let you know.

Also, whenever I add new links to the menu, it adds them to the quick links section. How do I add the new links that I have added to other sections that I have created? How do I delete the qick links section and add its contents to a section called all users?