Waraxe IT Security Portal
Login or Register
December 22, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 156
Members: 0
Total: 156
Full disclosure
CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205
Stored XSS with Filter Bypass - blogenginev3.3.8
[SYSS-2024-085]: Broadcom CA Client Automation - Improper Privilege Management (CWE-269)
[KIS-2024-07] GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities
RansomLordNG - anti-ransomware exploit tool
APPLE-SA-12-11-2024-9 Safari 18.2
APPLE-SA-12-11-2024-8 visionOS 2.2
APPLE-SA-12-11-2024-7 tvOS 18.2
APPLE-SA-12-11-2024-6 watchOS 11.2
APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2
APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2
APPLE-SA-12-11-2024-3 macOS Sequoia 15.2
APPLE-SA-12-11-2024-2 iPadOS 17.7.3
APPLE-SA-12-11-2024-1 iOS 18.2 and iPadOS 18.2
SEC Consult SA-20241211-0 :: Reflected Cross-Site Scripting in Numerix License Server Administration System Login
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> How to fix -> running phpnuke 7.4 code is different in reviews modue
Post new topicReply to topic View previous topic :: View next topic
running phpnuke 7.4 code is different in reviews modue
PostPosted: Sat Jul 24, 2004 1:08 pm Reply with quote
wiggies
Beginner
Beginner
Joined: Jul 24, 2004
Posts: 1




Hi, I just installed phpnuke 7.4 and I am now applying your security patches. I did it for the search, faq and encyclopedia modules. Now in the index.php in the reviews moudule it has some extra code and I got confused Sad can you please help me fix it this is my code.

Code:
<?php

/************************************************************************/
/* PHP-NUKE: Web Portal System */
/* =========================== */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* ===================== */
/* Base on Reviews Addon */
/* Copyright (c) 2000 by Jeff Lambert (jeffx@ican.net) */
/* http://www.qchc.com */
/* More scripts on http://www.jeffx.qchc.com */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
/* Additional security & Abstraction layer conversion */
/* 2003 chatserv */
/* http://www.nukefixes.com -- http://www.nukeresources.com */
/************************************************************************/

if (!eregi("modules.php", $_SERVER['SCRIPT_NAME'])) {
die ("You can't access this file directly...");
}
if (stristr($_SERVER["QUERY_STRING"],'%25')) header("Location: index.php");

require_once("mainfile.php");
$module_name = basename(dirname(__FILE__));
get_lang($module_name);

function alpha() {
global $module_name;
$alphabet = array ("A","B","C","D","E","F","G","H","I","J","K","L","M",
"N","O","P","Q","R","S","T","U","V","W","X","Y","Z","1","2","3","4","5","6","7","8","9","0");
$num = count($alphabet) - 1;
echo "<center>[ ";
$counter = 0;
while (list(, $ltr) = each($alphabet)) {
echo "<a href=\"modules.php?name=$module_name&rop=$ltr\">$ltr</a>";
if ( $counter == round($num/2) ) {
echo " ]\n<br>\n[ ";
} elseif ( $counter != $num ) {
echo " ;;| ;;\n";
}
$counter++;
}
echo " ]</center><br><br>\n\n\n";
echo "<center>[ <a href=\"modules.php?name=$module_name&rop=write_review\">"._WRITEREVIEW."</a> ]</center><br><br>\n\n";
}

function display_score($score) {
$image = "<img src=\"images/blue.gif\" alt=\"\">";
$halfimage = "<img src=\"images/bluehalf.gif\" alt=\"\">";
$full = "<img src=\"images/star.gif\" alt=\"\">";

if ($score == 10) {
for ($i=0; $i < 5; $i++)
echo "$full";
} else if ($score % 2) {
$score -= 1;
$score /= 2;
for ($i=0; $i < $score; $i++)
echo "$image";
echo "$halfimage";
} else {
$score /= 2;
for ($i=0; $i < $score; $i++)
echo "$image";
}
}

function write_review() {
global $admin, $sitename, $user, $cookie, $prefix, $user_prefix, $currentlang, $multilingual, $db, $module_name;
include ('header.php');
OpenTable();
echo "
<b>"._WRITEREVIEWFOR." $sitename</b><br><br>
<i>"._ENTERINFO."</i><br><br>
<form method=\"post\" action=\"modules.php?name=$module_name\">
<b>"._PRODUCTTITLE.":</b><br>
<input type=\"text\" name=\"title\" size=\"50\" maxlength=\"150\"><br>
<i>"._NAMEPRODUCT."</i><br>";
if ($multilingual == 1) {
echo "<br><b>"._LANGUAGE.": </b>"
."<select name=\"rlanguage\">";
$handle=opendir('language');
while ($file = readdir($handle)) {
if (preg_match("/^lang\-(.+)\.php/", $file, $matches)) {
$langFound = $matches[1];
$languageslist .= "$langFound ";
}
}
closedir($handle);
$languageslist = explode(" ", $languageslist);
for ($i=0; $i < sizeof($languageslist); $i++) {
if($languageslist[$i]!="") {
echo "<option value=\"$languageslist[$i]\" ";
if($languageslist[$i]==strtolower($currentlang)) echo "selected";
echo ">$languageslist[$i]</option>\n";
}
}
echo "</select><br><br>";
} else {
echo "<input type=\"hidden\" name=\"rlanguage\" value=\"$language\"><br><br>";
}
echo "<b>"._REVIEW.":</b><br>
<textarea name=\"text\" rows=\"15\" wrap=\"virtual\" cols=\"60\"></textarea><br>";
if (is_admin($admin)) {
echo "<font class=\"content\">"._PAGEBREAK."</font><br>";
}
echo "
<i>"._CHECKREVIEW."</i><br><br>
<b>"._YOURNAME.":</b><br>";
if (is_user($user)) {
$result = $db->sql_query("select name, user_email from ".$user_prefix."_users where username='$cookie[1]'");
list($rname, $email) = $db->sql_fetchrow($result);
$rname = stripslashes(check_html($rname, "nohtml"));
$email = stripslashes(check_html($email, "nohtml"));
}
echo "<input type=\"text\" name=\"reviewer\" size=\"41\" maxlength=\"40\" value=\"$rname\"><br>
<i>"._FULLNAMEREQ."</i><br><br>
<b>"._REMAIL.":</b><br>
<input type=\"text\" name=\"email\" size=\"40\" maxlength=\"80\" value=\"$email\"><br>
<i>"._REMAILREQ."</i><br><br>
<b>"._SCORE."</b><br>
<select name=\"score\">
<option name=\"score\" value=\"10\">10</option>
<option name=\"score\" value=\"9\">9</option>
<option name=\"score\" value=\"8\">8</option>
<option name=\"score\" value=\"7\">7</option>
<option name=\"score\" value=\"6\">6</option>
<option name=\"score\" value=\"5\">5</option>
<option name=\"score\" value=\"4\">4</option>
<option name=\"score\" value=\"3\">3</option>
<option name=\"score\" value=\"2\">2</option>
<option name=\"score\" value=\"1\">1</option>
</select>
<i>"._SELECTSCORE."</i><br><br>
<b>"._RELATEDLINK.":</b><br>
<input type=\"text\" name=\"url\" size=\"40\" maxlength=\"100\" value=\"http://\"><br>
<i>"._PRODUCTSITE."</i><br><br>
<b>"._LINKTITLE.":</b><br>
<input type=\"text\" name=\"url_title\" size=\"40\" maxlength=\"50\"><br>
<i>"._LINKTITLEREQ."</i><br><br>
";
if(is_admin($admin)) {
echo "
<b>"._RIMAGEFILE.":</b><br>
<input type=\"text\" name=\"cover\" size=\"40\" maxlength=\"100\"><br>
<i>"._RIMAGEFILEREQ."</i><br><br>
";
}
echo "<i>"._CHECKINFO."</i><br><br>";
echo "<input type=\"hidden\" name=\"rop\" value=\"preview_review\">
<input type=\"submit\" value=\""._PREVIEW."\"> <input type=\"button\" onClick=\"history.go(-1)\" value=\""._CANCEL."\"></form>";
CloseTable();
include ("footer.php");
}

function preview_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $rlanguage) {
global $admin, $multilingual, $module_name;
if (eregi("<!--pagebreak-->", $text)) {
$text = ereg_replace("<!--pagebreak-->","&lt;!--pagebreak--&gt;",$text);
}
$title = stripslashes(check_html($title, "nohtml"));
$text = stripslashes(check_html($text, ""));
$reviewer = stripslashes(check_html($reviewer, "nohtml"));
$url_title = stripslashes(check_html($url_title, "nohtml"));
$email = stripslashes(check_html($email, "nohtml"));
$score = intval($score);
$cover = stripslashes(check_html($cover, "nohtml"));
$url = stripslashes(check_html($url, "nohtml"));
$url_title = stripslashes(check_html($url_title, "nohtml"));
$hits = intval($hits);
$id = intval($id);
include ('header.php');
OpenTable();
echo "<form method=\"post\" action=\"modules.php?name=$module_name\">";

if ($title == "") {
$error = 1;
echo ""._INVALIDTITLE."<br>";
}
if ($text == "") {
$error = 1;
echo ""._INVALIDTEXT."<br>";
}
if (($score < 1) || ($score > 10)) {
$error = 1;
echo ""._INVALIDSCORE."<br>";
}
if (($hits < 0) && ($id != 0)) {
$error = 1;
echo ""._INVALIDHITS."<br>";
}
if ($reviewer == "" || $email == "") {
$error = 1;
echo ""._CHECKNAME."<br>";
} else if ($reviewer != "" && $email != "")
if (!(eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,3}$",$email))) {
$error = 1;
/* eregi checks for a valid email! works nicely for me! */
echo ""._INVALIDEMAIL."<br>";
}
if (($url_title != "" && $url =="") || ($url_title == "" && $url != "")) {
$error = 1;
echo ""._INVALIDLINK."<br>";
} else if (($url != "") && (!(eregi('(^http[s]*:[/]+)(.*)', $url))))
$url = "http://" . $url;
/* If the user ommited the http, this nifty eregi will add it */
if ($error == 1)
echo "<br>"._GOBACK."";
else
{
if ($date == "")
$date = date("Y-m-d", time());
$year2 = substr($date,0,4);
$month = substr($date,5,2);
$day = substr($date,8,2);
$fdate = date("F jS Y",mktime (0,0,0,$month,$day,$year2));
echo "<table border=\"0\" width=\"100%\"><tr><td colspan=\"2\">";
echo "<p><font class=\"title\"><i><b>$title</b></i></font><br>";
echo "<blockquote><p>";
if ($cover != "")
echo "<img src=\"images/reviews/$cover\" align=\"right\" border=\"1\" vspace=\"2\" alt=\"\">";
echo "$text<p>";
echo "<b>"._ADDED."</b> $fdate<br>";
if ($multilingual == 1) {
echo "<b>"._LANGUAGE."</b> $rlanguage<br>";
}
echo "<b>"._REVIEWER."</b> <a href=\"mailto:$email\">$reviewer</a><br>";
echo "<b>"._SCORE."</b> ";
display_score($score);
if ($url != "")
echo "<br><b>"._RELATEDLINK.":</b> <a href=\"$url\" target=\"new\">$url_title</a>";
$id = intval($id);
if ($id != 0) {
echo "<br><b>"._REVIEWID.":</b> $id<br>";
echo "<b>"._HITS.":</b> $hits<br>";
}
echo "</font></blockquote>";
echo "</td></tr></table>";
$text = urlencode($text);
echo "<p><i>"._LOOKSRIGHT."</i> ";
echo "<input type=\"hidden\" name=\"id\" value=$id>
<input type=\"hidden\" name=\"hits\" value=\"$hits\">
<input type=\"hidden\" name=\"rop\" value=send_review>
<input type=\"hidden\" name=\"date\" value=\"$date\">
<input type=\"hidden\" name=\"title\" value=\"$title\">
<input type=\"hidden\" name=\"text\" value=\"$text\">
<input type=\"hidden\" name=\"reviewer\" value=\"$reviewer\">
<input type=\"hidden\" name=\"email\" value=\"$email\">
<input type=\"hidden\" name=\"score\" value=\"$score\">
<input type=\"hidden\" name=\"url\" value=\"$url\">
<input type=\"hidden\" name=\"url_title\" value=\"$url_title\">
<input type=\"hidden\" name=\"cover\" value=\"$cover\">";
echo "<input type=\"hidden\" name=\"rlanguage\" value=\"$rlanguage\">";
echo "<input type=\"submit\" name=\"rop\" value=\""._YES."\"> <input type=\"button\" onClick=\"history.go(-1)\" value=\""._NO."\">";
$id = intval($id);
if($id != 0)
$word = ""._RMODIFIED."";
else
$word = ""._RADDED."";
if(is_admin($admin))
echo "<br><br><b>"._NOTE."</b> "._ADMINLOGGED." $word.";
}
CloseTable();
include ("footer.php");
}

function send_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $rlanguage) {
global $admin, $EditedMessage, $prefix, $db, $module_name;
include ('header.php');
if (eregi("<!--pagebreak-->", $text)) {
$text = ereg_replace("<!--pagebreak-->","&lt;!--pagebreak--&gt;;",$text);
}
$id = intval($id);
$title = stripslashes(FixQuotes(check_html($title, "nohtml")));
$text = stripslashes(Fixquotes(urldecode(check_html($text, ""))));
$reviewer = stripslashes(check_html($reviewer, "nohtml"));
$url_title = stripslashes(check_html($url_title, "nohtml"));
$email = stripslashes(check_html($email, "nohtml"));
$score = intval($score);
$cover = stripslashes(check_html($cover, "nohtml"));
$url = stripslashes(check_html($url, "nohtml"));
$url_title = stripslashes(check_html($url_title, "nohtml"));
$hits = intval($hits);
if (eregi("&lt;!--pagebreak--&gt;", $text)) {
$text = ereg_replace("&lt;!--pagebreak--&gt;","<!--pagebreak-->",$text);
}
OpenTable();
echo "<br><center>"._RTHANKS."";
$id = intval($id);
if ($id != 0)
echo " "._MODIFICATION."";
else
echo ", $reviewer";
echo "!<br>";
if ($score < 0 OR $score > 10) {
$score = 0;
}
if ((is_admin($admin)) && ($id == 0)) {
$db->sql_query("INSERT INTO ".$prefix."_reviews VALUES (NULL, '$date', '$title', '$text', '$reviewer', '$email', '$score', '$cover', '$url', '$url_title', '1', '$rlanguage')");
echo ""._ISAVAILABLE."";
} else if ((is_admin($admin)) && ($id != 0)) {
$db->sql_query("UPDATE ".$prefix."_reviews SET date='$date', title='$title', text='$text', reviewer='$reviewer', email='$email', score='$score', cover='$cover', url='$url', url_title='$url_title', hits='$hits', rlanguage='$rlanguage' where id = '$id'");
echo ""._ISAVAILABLE."";
} else {
$db->sql_query("INSERT INTO ".$prefix."_reviews_add VALUES (NULL, '$date', '$title', '$text', '$reviewer', '$email', '$score', '$url', '$url_title', '$rlanguage')");
echo ""._EDITORWILLLOOK."";
}
echo "<br><br>[ <a href=\"modules.php?name=$module_name\">"._RBACK."</a> ]<br></center>";
CloseTable();
include ("footer.php");
}

function reviews_index() {
global $bgcolor3, $bgcolor2, $prefix, $multilingual, $currentlang, $db, $module_name;
include ('header.php');
if ($multilingual == 1) {
$querylang = "WHERE rlanguage='$currentlang'";
} else {
$querylang = "";
}
OpenTable();
echo "<table border=\"0\" width=\"95%\" CELLPADDING=\"2\" CELLSPACING=\"4\" align=\"center\">
<tr><td colspan=\"2\"><center><font class=\"title\">"._RWELCOME."</font></center><br><br><br>";
$result = $db->sql_query("select title, description from ".$prefix."_reviews_main");
list($title, $description) = $db->sql_fetchrow($result);
$title = stripslashes(check_html($title, "nohtml"));
$description = stripslashes($description);
echo "<center><b>$title</b><br><br>$description</center>";
echo "<br><br><br>";
alpha();
echo "</td></tr>";
echo "<tr><td width=\"50%\" bgcolor=\"$bgcolor2\"><b>"._10MOSTPOP."</b></td>";
echo "<td width=\"50%\" bgcolor=\"$bgcolor2\"><b>"._10MOSTREC."</b></td></tr>";
$result_pop = $db->sql_query("SELECT id, title, hits from ".$prefix."_reviews $querylang order by hits DESC limit 10");
$result_rec = $db->sql_query("SELECT id, title, date, hits from ".$prefix."_reviews $querylang order by date DESC limit 10");
$y = 1;
for ($x = 0; $x < 10; $x++) {
$myrow = $db->sql_fetchrow($result_pop);
$id = intval($myrow['id']);
$title = stripslashes(check_html($myrow['title'], "nohtml"));
$hits = intval($myrow['hits']);
echo "<tr><td width=\"50%\" bgcolor=\"$bgcolor3\">$y) <a href=\"modules.php?name=$module_name&rop=showcontent&amp;id=$id\">$title</a></td>";
$myrow2 = $db->sql_fetchrow($result_rec);
$id = intval($myrow2['id']);
$title = stripslashes(check_html($myrow2['title'], "nohtml"));
$hits = intval($myrow2['hits']);
echo "<td width=\"50%\" bgcolor=\"$bgcolor3\">$y) <a href=\"modules.php?name=$module_name&rop=showcontent&amp;id=$id\">$title</a></td></tr>";
$y++;
}
echo "<tr><td colspan=\"2\"><br></td></tr>";
$result2 = $db->sql_query("SELECT * FROM ".$prefix."_reviews $querylang");
$numresults = $db->sql_numrows($result2);
echo "<tr><td colspan=\"2\"><br><center>"._THEREARE." $numresults "._REVIEWSINDB."</center></td></tr></table>";
CloseTable();
include ("footer.php");
}

function reviews($letter, $field, $order) {
global $bgcolor4, $sitename, $prefix, $multilingual, $currentlang, $db, $module_name;
include ('header.php');
$letter = substr("$letter", 0,1);
if ($multilingual == 1) {
$querylang = "AND rlanguage='$currentlang'";
} else {
$querylang = "";
}
OpenTable();
echo "<center><b>$sitename "._REVIEWS."</b><br>";
echo "<i>"._REVIEWSLETTER." \"$letter\"</i><br><br>";
switch ($field) {

case "reviewer":
$result = $db->sql_query("SELECT id, title, hits, reviewer, score FROM ".$prefix."_reviews WHERE UPPER(title) LIKE '$letter%' $querylang ORDER by reviewer $order");
break;

case "score":
$result = $db->sql_query("SELECT id, title, hits, reviewer, score FROM ".$prefix."_reviews WHERE UPPER(title) LIKE '$letter%' $querylang ORDER by score $order");
break;

case "hits":
$result = $db->sql_query("SELECT id, title, hits, reviewer, score FROM ".$prefix."_reviews WHERE UPPER(title) LIKE '$letter%' $querylang ORDER by hits $order");
break;

default:
$result = $db->sql_query("SELECT id, title, hits, reviewer, score FROM ".$prefix."_reviews WHERE UPPER(title) LIKE '$letter%' $querylang ORDER by title $order");
break;

}
$numresults = $db->sql_numrows($result);
if ($numresults == 0) {
echo "<i><b>"._NOREVIEWS." \"$letter\"</b></i><br><br>";
} elseif ($numresults > 0) {
echo "<TABLE BORDER=\"0\" width=\"100%\" CELLPADDING=\"2\" CELLSPACING=\"4\">
<tr>
<td width=\"50%\" bgcolor=\"$bgcolor4\">
<P ALIGN=\"LEFT\"><a href=\"modules.php?name=$module_name&amp;rop=$letter&amp;field=title&amp;order=ASC\"><img src=\"images/up.gif\" border=\"0\" width=\"15\" height=\"9\" Alt=\""._SORTASC."\"></a><B> "._PRODUCTTITLE." </B><a href=\"modules.php?name=$module_name&amp;rop=$letter&amp;field=title&amp;order=DESC\"><img src=\"images/down.gif\" border=\"0\" width=\"15\" height=\"9\" Alt=\""._SORTDESC."\"></a>
</td>
<td width=\"18%\" bgcolor=\"$bgcolor4\">
<P ALIGN=\"CENTER\"><a href=\"modules.php?name=$module_name&amp;rop=$letter&amp;field=reviewer&amp;order=ASC\"><img src=\"images/up.gif\" border=\"0\" width=\"15\" height=\"9\" Alt=\""._SORTASC."\"></a><B> "._REVIEWER." </B><a href=\"modules.php?name=$module_name&amp;rop=$letter&amp;field=reviewer&amp;order=desc\"><img src=\"images/down.gif\" border=\"0\" width=\"15\" height=\"9\" Alt=\""._SORTDESC."\"></a>
</td>
<td width=\"18%\" bgcolor=\"$bgcolor4\">
<P ALIGN=\"CENTER\"><a href=\"modules.php?name=$module_name&amp;rop=$letter&amp;field=score&amp;order=ASC\"><img src=\"images/up.gif\" border=\"0\" width=\"15\" height=\"9\" Alt=\""._SORTASC."\"></a><B> "._SCORE." </B><a href=\"modules.php?name=$module_name&amp;rop=$letter&amp;field=score&amp;order=DESC\"><img src=\"images/down.gif\" border=\"0\" width=\"15\" height=\"9\" Alt=\""._SORTDESC."\"></a>
</td>
<td width=\"14%\" bgcolor=\"$bgcolor4\">
<P ALIGN=\"CENTER\"><a href=\"modules.php?name=$module_name&amp;rop=$letter&amp;field=hits&amp;order=ASC\"><img src=\"images/up.gif\" border=\"0\" width=\"15\" height=\"9\" Alt=\""._SORTASC."\"></a><B> "._HITS." </B><a href=\"modules.php?name=$module_name&amp;rop=$letter&amp;field=hits&amp;order=DESC\"><img src=\"images/down.gif\" border=\"0\" width=\"15\" height=\"9\" Alt=\""._SORTDESC."\"></a>
</td>
</tr>";
while($myrow = $db->sql_fetchrow($result)) {
$title = stripslashes(check_html($myrow["title"], "nohtml"));
$id = intval($myrow['id']);
$reviewer = stripslashes($myrow['reviewer']);
$email = stripslashes($myrow['email']);
$score = intval($myrow['score']);
$hits = intval($myrow['hits']);
echo "<tr>
<td width=\"50%\" bgcolor=\"#EEEEEE\"><a href=\"modules.php?name=$module_name&rop=showcontent&amp;id=$id\">$title</a></td>
<td width=\"18%\" bgcolor=\"#EEEEEE\">";
if ($reviewer != "")
echo "<center>$reviewer</center>";
echo "</td><td width=\"18%\" bgcolor=\"#EEEEEE\"><center>";
display_score($score);
echo "</center></td><td width=\"14%\" bgcolor=\"#EEEEEE\"><center>$hits</center></td>
</tr>";
}
echo "</TABLE>";
echo "<br>$numresults "._TOTALREVIEWS."<br><br>";
}
echo "[ <a href=\"modules.php?name=$module_name\">"._RETURN2MAIN."</a> ]";
CloseTable();
include ("footer.php");
}

function postcomment($id, $title) {
global $user, $cookie, $AllowableHTML, $anonymous, $module_name;
include("header.php");
cookiedecode($user);
$title = stripslashes(FixQuotes(check_html($title, nohtml)));
$title = urldecode($title);
OpenTable();
echo "<center><font class=option><b>"._REVIEWCOMMENT." $title</b><br><br></font></center>"
."<form action=modules.php?name=$module_name method=post>";
if (!is_user($user)) {
echo "<b>"._YOURNICK."</b> $anonymous [ "._RCREATEACCOUNT." ]<br><br>";
$uname = $anonymous;
} else {
echo "<b>"._YOURNICK."</b> $cookie[1]<br>
<input type=checkbox name=xanonpost> "._POSTANON."<br><br>";
$uname = $cookie[1];
}
echo "
<input type=hidden name=uname value=$uname>
<input type=hidden name=id value=$id>
<b>"._SELECTSCORE."</b>
<select name=score>
<option name=score value=10>10</option>
<option name=score value=9>9</option>
<option name=score value=8>8</option>
<option name=score value=7>7</option>
<option name=score value=6>6</option>
<option name=score value=5>5</option>
<option name=score value=4>4</option>
<option name=score value=3>3</option>
<option name=score value=2>2</option>
<option name=score value=1>1</option>
</select><br><br>
<b>"._YOURCOMMENT."</b><br>
<textarea name=comments rows=10 cols=70></textarea><br>
"._ALLOWEDHTML."<br>";
while (list($key,)= each($AllowableHTML)) echo " &lt;".$key."&gt;";
echo "<br><br>
<input type=hidden name=rop value=savecomment>
<input type=submit value=Submit>
</form>
";
CloseTable();
include("footer.php");
}

function savecomment($xanonpost, $uname, $id, $score, $comments) {
global $anonymous, $user, $cookie, $prefix, $db, $module_name;
if ($xanonpost) {
$uname = $anonymous;
}
$comments = stripslashes(FixQuotes(check_html($comments)));
$id = intval($id);
$score = intval($score);
$db->sql_query("insert into ".$prefix."_reviews_comments values (NULL, '$id', '$uname', now(), '$comments', '$score')");
update_points(12);
Header("Location: modules.php?name=$module_name&rop=showcontent&id=$id");
}

function r_comments($id, $title) {
global $admin, $prefix, $db, $module_name;
$id = intval($id);
$result = $db->sql_query("SELECT cid, userid, date, comments, score from ".$prefix."_reviews_comments where rid='$id' ORDER BY date DESC");
while ($row = $db->sql_fetchrow($result)) {
$cid = intval($row['cid']);
$uname = stripslashes($row['userid']);
$date = $row['date'];
$comments = stripslashes($row['comments']);
$score = intval($row['score']);
OpenTable();
$title = urldecode(check_html($title, "nohtml"));
echo "
<b>$title</b><br>";
if ($uname == "Anonymous") {
echo ""._POSTEDBY." $uname "._ON." $date<br>";
} else {
echo ""._POSTEDBY." <a href=\"modules.php?name=Your_Account&amp;op=userinfo&amp;username=$uname\">$uname</a> "._ON." $date<br>";
}
echo ""._MYSCORE." ";
display_score($score);
if (is_admin($admin)) {
echo "<br><b>"._ADMIN."</b> [ <a href=\"modules.php?name=$module_name&rop=del_comment&amp;cid=$cid&amp;id=$id\">"._DELETE."</a> ]</font><hr noshade size=1><br><br>";
} else {
echo "</font><hr noshade size=1><br><br>";
}
$comments = FixQuotes(nl2br(filter_text($comments)));
echo "
$comments
";
CloseTable();
echo "<br>";
}
}

function showcontent($id, $page) {
global $admin, $uimages, $prefix, $db, $module_name;
$id = intval($id);
$page = intval($page);
include ('header.php');
OpenTable();
if (($page == 1) OR ($page == "")) {
$db->sql_query("UPDATE ".$prefix."_reviews SET hits=hits+1 WHERE id='$id'");
}
$result = $db->sql_query("SELECT * FROM ".$prefix."_reviews WHERE id='$id'");
$myrow = $db->sql_fetchrow($result);
$id = intval($myrow['id']);
$date = $myrow['date'];
$year = substr($date,0,4);
$month = substr($date,5,2);
$day = substr($date,8,2);
$fdate = date("F jS Y",mktime (0,0,0,$month,$day,$year));
$title = $myrow['title'];
$title = stripslashes(FixQuotes(check_html($title, nohtml)));
$text = $myrow['text'];
$cover = $myrow['cover'];
$reviewer = $myrow['reviewer'];
$email = $myrow['email'];
$hits = intval($myrow['hits']);
$url = $myrow['url'];
$url_title = $myrow['url_title'];
$score = intval($myrow['score']);
$rlanguage = $myrow['rlanguage'];
$contentpages = explode( "<!--pagebreak-->", $text );
$pageno = count($contentpages);
if ( $page=="" || $page < 1 )
$page = 1;
if ( $page > $pageno )
$page = $pageno;
$arrayelement = (int)$page;
$arrayelement --;
echo "<p><i><b><font class=\"title\">$title</b></i></font><br>";
echo "<BLOCKQUOTE><p align=justify>";
if ($cover != "")
echo "<img src=\"images/reviews/$cover\" align=right border=1 vspace=2 alt=\"\">";
echo "$contentpages[$arrayelement]
</BLOCKQUOTE><p>";
if (is_admin($admin))
echo "<b>"._ADMIN."</b> [ <a href=\"modules.php?name=$module_name&rop=mod_review&amp;id=$id\">"._EDIT."</a> | <a href=modules.php?name=$module_name&rop=del_review&amp;id_del=$id>"._DELETE."</a> ]<br>";
echo "<b>"._ADDED."</b> $fdate<br>";
if ($reviewer != "")
echo "<b>"._REVIEWER."</b> <a href=mailto:$email>$reviewer</a><br>";
if ($score != "")
echo "<b>"._SCORE."</b> ";
display_score($score);
if ($url != "")
echo "<br><b>"._RELATEDLINK.":</b> <a href=\"$url\" target=new>$url_title</a>";
echo "<br><b>"._HITS.":</b> $hits";
echo "<br><b>"._LANGUAGE.":</b> $rlanguage";
if ($pageno > 1) {
echo "<br><b>"._PAGE.":</b> $page/$pageno<br>";
}
echo "</font>";
echo "</CENTER>";
$title = urlencode($title);
if($page >= $pageno) {
$next_page = "";
} else {
$next_pagenumber = $page + 1;
if ($page != 1) {
$next_page .= "<img src=\"images/blackpixel.gif\" width=\"10\" height=\"2\" border=\"0\" alt=\"\"> ;; ;; ";
}
$next_page .= "<a href=\"modules.php?name=$module_name&rop=showcontent&amp;id=$id&amp;page=$next_pagenumber\">"._NEXT." ($next_pagenumber/$pageno)</a> <a href=\"modules.php?name=$module_name&rop=showcontent&amp;id=$id&amp;page=$next_pagenumber\"><img src=\"images/right.gif\" border=\"0\" alt=\""._NEXT."\"></a>";
}
if($page <= 1) {
$previous_page = "";
} else {
$previous_pagenumber = $page - 1;
$previous_page = "<a href=\"modules.php?name=$module_name&rop=showcontent&amp;id=$id&amp;page=$previous_pagenumber\"><img src=\"images/left.gif\" border=\"0\" alt=\""._PREVIOUS."\"></a> <a href=\"modules.php?name=$module_name&rop=showcontent&amp;id=$id&amp;page=$previous_pagenumber\">"._PREVIOUS." ($previous_pagenumber/$pageno)</a>";
}
echo "<center>"
."$previous_page ;; ;; $next_page<br><br>"
."[ <a href=\"modules.php?name=$module_name\">"._RBACK."</a> | "
."<a href=\"modules.php?name=$module_name&rop=postcomment&amp;id=$id&amp;title=$title\">"._REPLYMAIN."</a> ]";
CloseTable();
if (($page == 1) OR ($page == "")) {
echo "<br>";
r_comments($id, $title);
}
include ("footer.php");
}

function mod_review($id) {
global $admin, $prefix, $db, $module_name;
$id = intval($id);
include ('header.php');
OpenTable();
if (($id == 0) || (!is_admin($admin)))
echo "This function must be passed argument id, or you are not admin.";
else if (($id != 0) && (is_admin($admin)))
{
$result = $db->sql_query("SELECT * from ".$prefix."_reviews where id = '$id'");
while ($myrow = $db->sql_fetchrow($result)) {
$id = intval($myrow['id']);
$date = $myrow['date'];
$title = $myrow['title'];
$title = stripslashes(FixQuotes(check_html($title, nohtml)));
$text = stripslashes($myrow['text']);
$cover = stripslashes($myrow['cover']);
$reviewer = stripslashes($myrow['reviewer']);
$email = stripslashes($myrow['email']);
$hits = intval($myrow['hits']);
$url = stripslashes($myrow['url']);
$url_title = stripslashes(check_html($myrow['url_title'], "nohtml"));
$score = intval($myrow['score']);
$rlanguage = $myrow['rlanguage'];
}
echo "<center><b>"._REVIEWMOD."</b></center><br><br>";
echo "<form method=POST action=modules.php?name=$module_name&rop=preview_review><input type=hidden name=id value=$id>";
echo "<TABLE BORDER=0 width=100%>
<tr>
<td width=12%><b>"._RDATE."</b></td>
<td><INPUT TYPE=text NAME=date SIZE=15 VALUE=\"$date\" MAXLENGTH=10></td>
</tr>
<tr>
<td width=12%><b>"._RTITLE."</b></td>
<td><INPUT TYPE=text NAME=title SIZE=50 MAXLENGTH=150 value=\"$title\"></td>
</tr>
<tr>";
echo "<td width=12%><b>"._LANGUAGE."</b></td>
<td><select name=\"rlanguage\">";
$handle=opendir('language');
while ($file = readdir($handle)) {
if (preg_match("/^lang\-(.+)\.php/", $file, $matches)) {
$langFound = $matches[1];
$languageslist .= "$langFound ";
}
}
closedir($handle);
$languageslist = explode(" ", $languageslist);
for ($i=0; $i < sizeof($languageslist); $i++) {
if($languageslist[$i]!="") {
echo "<option value=\"$languageslist[$i]\" ";
if($languageslist[$i]==$rlanguage) echo "selected";
echo ">$languageslist[$i]</option>\n";
}
}

echo "</select></td></tr>";
echo "<tr>
<td width=12%><b>"._RTEXT."</b></td>
<td><TEXTAREA class=textbox name=text rows=20 wrap=virtual cols=60>$text</TEXTAREA></td>
</tr>
<tr>
<td width=12%><b>"._REVIEWER."</b></td>
<td><INPUT TYPE=text NAME=reviewer SIZE=41 MAXLENGTH=40 value=\"$reviewer\"></td>
</tr>
<tr>
<td width=12%><b>"._REVEMAIL."</b></td>
<td><INPUT TYPE=text NAME=email value=\"$email\" SIZE=30 MAXLENGTH=80></td>
</tr>
<tr>
<td width=12%><b>"._SCORE."</b></td>
<td><INPUT TYPE=text NAME=score value=\"$score\" size=3 maxlength=2></td>
</tr>
<tr>
<td width=12%><b>"._RLINK."</b></td>
<td><INPUT TYPE=text NAME=url value=\"$url\" size=30 maxlength=100></td>
</tr>
<tr>
<td width=12%><b>"._RLINKTITLE."</b></td>
<td><INPUT TYPE=text NAME=url_title value=\"$url_title\" size=30 maxlength=50></td>
</tr>
<tr>
<td width=12%><b>"._COVERIMAGE."</b></td>
<td><INPUT TYPE=text NAME=cover value=\"$cover\" size=30 maxlength=100></td>
</tr>
<tr>
<td width=12%><b>"._HITS.":</b></td>
<td><INPUT TYPE=text NAME=hits value=\"$hits\" size=5 maxlength=5></td>
</tr>
</TABLE>";
echo "<input type=hidden name=rop value=preview_review><input type=submit value=\""._PREMODS."\"> ;; ;;<input type=button onClick=history.go(-1) value="._CANCEL."></form>";
}
CloseTable();
include ("footer.php");
}

function del_review($id_del) {
global $admin, $prefix, $db, $module_name;
$id_del = intval($id_del);
if (is_admin($admin)) {
$db->sql_query("delete from ".$prefix."_reviews where id = '$id_del'");
$db->sql_query("delete from ".$prefix."_reviews_comments where rid='$id_del'");
Header("Location: modules.php?name=$module_name");
} else {
echo "ACCESS DENIED";
}
}

function del_comment($cid, $id) {
global $admin, $prefix, $db, $module_name;
$cid = intval($cid);
if (is_admin($admin)) {
$db->sql_query("delete from ".$prefix."_reviews_comments where cid='$cid'");
Header("Location: modules.php?name=$module_name&rop=showcontent&id=$id");
} else {
echo "ACCESS DENIED";
}
}

switch($rop) {

case "A":
reviews(A, $field, $order);
break;

case "B":
reviews(B, $field, $order);
break;

case "C":
reviews(C, $field, $order);
break;

case "D":
reviews(D, $field, $order);
break;

case "E":
reviews(E, $field, $order);
break;

case "F":
reviews(F, $field, $order);
break;

case "G":
reviews(G, $field, $order);
break;

case "H":
reviews(H, $field, $order);
break;

case "I":
reviews(I, $field, $order);
break;

case "J":
reviews(J, $field, $order);
break;

case "K":
reviews(K, $field, $order);
break;

case "L":
reviews(L, $field, $order);
break;

case "M":
reviews(M, $field, $order);
break;

case "N":
reviews(N, $field, $order);
break;

case "O":
reviews(O, $field, $order);
break;

case "P":
reviews(P, $field, $order);
break;

case "Q":
reviews(Q, $field, $order);
break;

case "R":
reviews(R, $field, $order);
break;

case "S":
reviews(S, $field, $order);
break;

case "T":
reviews(T, $field, $order);
break;

case "U":
reviews(U, $field, $order);
break;

case "V":
reviews(V, $field, $order);
break;

case "W":
reviews(W, $field, $order);
break;

case "X":
reviews(X, $field, $order);
break;

case "Y":
reviews(Y, $field, $order);
break;

case "Z":
reviews(Z, $field, $order);
break;

case "1":
reviews(1, $field, $order);
break;

case "2":
reviews(2, $field, $order);
break;

case "3":
reviews(3, $field, $order);
break;

case "4":
reviews(4, $field, $order);
break;

case "5":
reviews(5, $field, $order);
break;

case "6":
reviews(6, $field, $order);
break;

case "7":
reviews(7, $field, $order);
break;

case "8":
reviews(8, $field, $order);
break;

case "9":
reviews(9, $field, $order);
break;

case "showcontent":
showcontent($id, $page);
break;

case "write_review":
write_review();
break;

case "preview_review":
preview_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $rlanguage);
break;

case ""._YES."":
send_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $rlanguage);
break;

case "del_review":
del_review($id_del);
break;

case "mod_review":
mod_review($id);
break;

case "postcomment":
postcomment($id, $title);
break;

case "savecomment":
savecomment($xanonpost, $uname, $id, $score, $comments);
break;

case "del_comment":
del_comment($cid, $id);
break;

default:
reviews_index();
break;
}

?>


Thanks a lot man if you fix it just post the entire code underneat my post so i can just copy and paste it back in the index.php thanks so much and i really appreciate the work that you are doing Wink
View user's profile Send private message
running phpnuke 7.4 code is different in reviews modue
www.waraxe.us Forum Index -> How to fix
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.036 Seconds