Przy przypisaniu gif'ów rang mam możliwość przypisania tylko do (moderatorów, adminów, superadminów, użytkowników), jak zrobić żeby dodać jeszcze jakąś grupę która będzie miała stałą nie zmienna rangę??
Wiadomość doklejona:
Może ktoś podpowie które pliki trzeba edytować chociaż??Albo w jaki sposób można nadać określonemu userowi inny gif rang na forum??
Wiadomość doklejona:
Ok udało mi się to zrobić , w bazie danych przypisałem do grupy nowy level ( 108 ) i do rangi ten sam. Tylko teraz jest inny problem , w kodzie php. Przy takim level'u nadaje admina userowi bez możliwości wejścia w PA, może on tylko ustawić hasło admina.
I pytanie gdzie dopisac ten level żeby był na poziomie zwykłego (101) ??
Hmm.. dołączam się do tych dwóch pytań ![Smile](../images/smiley/smile.gif)
- Jak dodać listę niestandardowych grup
- Jak dodać nowy rodzaj konta do tych wszystkich list (przykładowo o numerze 104 -> VIP)
Mimo tego, że moja rada nie jest dokładnie tym o co wam chodziło postanawiam zamieścić wskazówkę (choć zapewne już o niej wiecie), dla użytkowników fusionboard 4, która w pewnym sensie zastąpi dodatkowe rangi.
Tak więc oprócz tego, że danego użytkownika mamy np. w grupie GRAFIK, to by zrobić prowizoryczny obrazek rangi wchodzimy we wtyczki-->fusionboard-->Nagrody-->wpisujemy nick usera--> i z listy wybieramy obrazek Rangi, który wcześniej umieściliśmy na serwerze w /infusions/fusionboard4/images/awards/ . Nie jest to filozofią, lecz może komuś pomoże.
Hmm.. Prowizorka.. Ale może da się jakoś dopisać grupy do listy?
Ok mam dla was rozwiązanie jest ono nowatorskie bo trzeba trochę plików edytować, ale działa. Zaznaczam że modyfikacje wprowadzacie na własną odpowiedzialność.
To tak otwieramy plik maincore.php szukamy funkcji:
// Display the user's level
function getuserlevel($userlevel) {
global $locale;
if ($userlevel == 101) { return $locale['user1'];
} elseif ($userlevel == 102) { return $locale['user2'];
} elseif ($userlevel == 103) { return $locale['user3']; }
Zamieniamy na:
// Display the user's level
function getuserlevel($userlevel) {
global $locale;
if ($userlevel == 101) { return $locale['user1'];
} elseif ($userlevel == 102) { return $locale['user2'];
} elseif ($userlevel == 103) { return $locale['user3'];
} elseif ($userlevel == 108) { return $locale['user4']; }
Dalej szukamy // Compile access levels & user group array
function getusergroups() {
global $locale, $groups_cache;
$groups_array = array(
array("0", $locale['user0']),
array("101", $locale['user1']),
array("102", $locale['user2']),
array("103", $locale['user3'])
if (!$groups_cache) { cache_groups(); }
if (is_array($groups_cache) && count($groups_cache)) {
foreach ($groups_cache as $group) {
array_push($groups_array, array($group['group_id'], $group['group_name']));
return $groups_array;
Zamieniamy na:
// Compile access levels & user group array
function getusergroups() {
global $locale, $groups_cache;
$groups_array = array(
array("0", $locale['user0']),
array("101", $locale['user1']),
array("102", $locale['user2']),
array("103", $locale['user3']),
array("108", $locale['user4'])
if (!$groups_cache) { cache_groups(); }
if (is_array($groups_cache) && count($groups_cache)) {
foreach ($groups_cache as $group) {
array_push($groups_array, array($group['group_id'], $group['group_name']));
return $groups_array;
Dalej // Get the name of the access level or user group
function getgroupname($group_id, $return_desc = false) {
global $locale, $groups_cache;
if ($group_id == "0") { return $locale['user0'];
} elseif ($group_id == "101") { return $locale['user1']; exit;
} elseif ($group_id == "102") { return $locale['user2']; exit;
} elseif ($group_id == "103") { return $locale['user3']; exit;
} else {
if (!$groups_cache) { cache_groups(); }
if (is_array($groups_cache) && count($groups_cache)) {
foreach ($groups_cache as $group) {
if ($group_id == $group['group_id']) { return ($return_desc ? ($group['group_description'] ? $group['group_description'] : '-') : $group['group_name']); exit; }
return "N/A";
Zamieniamy na: // Get the name of the access level or user group
function getgroupname($group_id, $return_desc = false) {
global $locale, $groups_cache;
if ($group_id == "0") { return $locale['user0'];
} elseif ($group_id == "101") { return $locale['user1']; exit;
} elseif ($group_id == "102") { return $locale['user2']; exit;
} elseif ($group_id == "103") { return $locale['user3']; exit;
} elseif ($group_id == "108") { return $locale['user4']; exit;
} else {
if (!$groups_cache) { cache_groups(); }
if (is_array($groups_cache) && count($groups_cache)) {
foreach ($groups_cache as $group) {
if ($group_id == $group['group_id']) { return ($return_desc ? ($group['group_description'] ? $group['group_description'] : '-') : $group['group_name']); exit; }
return "N/A";
Zapisujemy teraz otwieramy plik locale/global.php
Szukamy $locale['user3'] = "Główny administrator";
pod dodajemy $locale['user4'] = "Newsman";
Zapisujemy i wgrywamy
Oki Pierwszy etap mamy za sobą jak wyżej widać powielałem w funkcji wpisy dotyczące grupy oznaczając ja jako "108" nadając jej napis Newsman można w ten sposób dodać masę grup. Teraz została nam edycja pliku administrators.php
Który podam cały bo myślę, że go nie macie edytowanego albo zmienionego w czystej postaci z paczki php-fusion-7-00-05-pl.
| PHP-Fusion Content Management System
| Copyright (C) 2002 - 2008 Nick Jones
| Filename: administrators.php
| Author: Nick Jones (Digitanium)
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
require_once "../maincore.php";
require_once THEMES."templates/admin_header.php";
include LOCALE.LOCALESET."admin/admins.php";
if (!checkrights("AD") || !defined("iAUTH") || $_GET['aid'] != iAUTH) { redirect("../index.php"); }
if (isset($_GET['status']) && !isset($message)) {
if ($_GET['status'] == "sn") {
$message = $locale['400'];
} elseif ($_GET['status'] == "su") {
$message = $locale['401'];
} elseif ($_GET['status'] == "del") {
$message = $locale['402'];
} elseif ($_GET['status'] == "pw") {
$message = $locale['global_182'];
if ($message) { echo "<div class='admin-message'>".$message."</div>\n"; }
if (isset($_POST['cancel'])) {
//dodawanie z ograniczonym dostępem DJPromo
if (isset($_POST['add_admin2']) && (isset($_POST['user_id']) && isnum($_POST['user_id']))) {
if ((isset($_COOKIE[COOKIE_PREFIX.'admin']) && md5($_COOKIE[COOKIE_PREFIX.'admin']) == $userdata['user_admin_password']) || (isset($_POST['admin_password']) && md5(md5($_POST['admin_password'])) == $userdata['user_admin_password'])) {
if (isset($_POST['restricted_rights'])) {
$admin_rights2 = "A.AC.NC.N";
$result = dbquery("UPDATE ".DB_USERS." SET user_level='108', user_rights='$admin_rights2' WHERE user_id='".$_POST['user_id']."'");
if (!isset($_COOKIE[COOKIE_PREFIX.'admin']) && md5(md5($_POST['admin_password'])) == $userdata['user_admin_password']) {
setcookie(COOKIE_PREFIX."admin", md5($_POST['admin_password']), time() + 3600, "/", "", "0");
redirect(FUSION_SELF.$aidlink."&status=sn", true);
} else {
//koniec dodawania z ograniczonym dostępem DJPromo
if (isset($_POST['add_admin']) && (isset($_POST['user_id']) && isnum($_POST['user_id']))) {
if ((isset($_COOKIE[COOKIE_PREFIX.'admin']) && md5($_COOKIE[COOKIE_PREFIX.'admin']) == $userdata['user_admin_password']) || (isset($_POST['admin_password']) && md5(md5($_POST['admin_password'])) == $userdata['user_admin_password'])) {
if (isset($_POST['all_rights']) || isset($_POST['make_super'])) {
$admin_rights = "";
$result = dbquery("SELECT DISTINCT admin_rights AS admin_right FROM ".DB_ADMIN." ORDER BY admin_right");
while ($data = dbarray($result)) {
$admin_rights .= (isset($admin_rights) ? "." : "").$data['admin_right'];
$result = dbquery("UPDATE ".DB_USERS." SET user_level='".(isset($_POST['make_super']) ? "103" : "102")."', user_rights='$admin_rights' WHERE user_id='".$_POST['user_id']."'");
} else {
$result = dbquery("UPDATE ".DB_USERS." SET user_level='102' WHERE user_id='".$_POST['user_id']."'");
if (!isset($_COOKIE[COOKIE_PREFIX.'admin']) && md5(md5($_POST['admin_password'])) == $userdata['user_admin_password']) {
setcookie(COOKIE_PREFIX."admin", md5($_POST['admin_password']), time() + 3600, "/", "", "0");
redirect(FUSION_SELF.$aidlink."&status=sn", true);
} else {
if (isset($_GET['remove']) && (isset($_GET['remove']) && isnum($_GET['remove']) && $_GET['remove'] != 1)) {
if ((isset($_COOKIE[COOKIE_PREFIX.'admin']) && md5($_COOKIE[COOKIE_PREFIX.'admin']) == $userdata['user_admin_password']) || (isset($_POST['admin_password']) && md5(md5($_POST['admin_password'])) == $userdata['user_admin_password'])) {
$result = dbquery("UPDATE ".DB_USERS." SET user_admin_password='', user_level='101', user_rights='' WHERE user_id='".$_GET['remove']."' AND user_level>='102'");
if (!isset($_COOKIE[COOKIE_PREFIX.'admin']) && md5(md5($_POST['admin_password'])) == $userdata['user_admin_password']) {
setcookie(COOKIE_PREFIX."admin", md5($_POST['admin_password']), time() + 3600, "/", "", "0");
redirect(FUSION_SELF.$aidlink."&status=del", true);
} else {
if (isset($_POST['confirm'])) {
echo "<div class='admin-message'>".$locale['global_182']."</div>\n";
echo "<div style='text-align:center'>\n";
echo "<form action='".FUSION_SELF.$aidlink."&remove=".$_GET['remove']."' method='post'>\n";
echo $locale['471']."<br /><br />\n<input class='textbox' type='password' name='admin_password' /><br /><br />\n";
echo "<input class='button' type='submit' name='confirm' value='".$locale['472']."' />\n";
echo "<input class='button' type='submit' name='cancel' value='".$locale['473']."' />\n";
echo "</form>\n</div>\n";
if (isset($_POST['update_admin']) && (isset($_GET['user_id']) && isnum($_GET['user_id']) && $_GET['user_id'] != 1)) {
if ((isset($_COOKIE[COOKIE_PREFIX.'admin']) && md5($_COOKIE[COOKIE_PREFIX.'admin']) == $userdata['user_admin_password']) || (isset($_POST['admin_password']) && md5(md5($_POST['admin_password'])) == $userdata['user_admin_password'])) {
if (isset($_POST['rights'])) {
$user_rights = "";
for ($i = 0;$i < count($_POST['rights']);$i++) {
$user_rights .= ($user_rights != "" ? "." : "").stripinput($_POST['rights'][$i]);
$result = dbquery("UPDATE ".DB_USERS." SET user_rights='$user_rights' WHERE user_id='".$_GET['user_id']."' AND user_level>='102'");
} else {
$result = dbquery("UPDATE ".DB_USERS." SET user_rights='' WHERE user_id='".$_GET['user_id']."' AND user_level>='102'");
if (!isset($_COOKIE[COOKIE_PREFIX.'admin']) && md5(md5($_POST['admin_password'])) == $userdata['user_admin_password']) {
setcookie(COOKIE_PREFIX."admin", md5($_POST['admin_password']), time() + 3600, "/", "", "0");
redirect(FUSION_SELF.$aidlink."&status=su", true);
} else {
if (isset($_GET['edit']) && isnum($_GET['edit']) && $_GET['edit'] != 1) {
$result = dbquery("SELECT * FROM ".DB_USERS." WHERE user_id='".$_GET['edit']."' AND user_level>='102' ORDER BY user_id");
if (dbrows($result)) {
$data = dbarray($result);
$user_rights = explode(".", $data['user_rights']);
$result2 = dbquery("SELECT * FROM ".DB_ADMIN." ORDER BY admin_page ASC,admin_title");
opentable($locale['440']." [".$data['user_name']."]");
$columns = 2; $counter = 0; $page = 1;
$admin_page = array($locale['441'], $locale['442'], $locale['443'], $locale['444']);
echo "<form name='rightsform' method='post' action='".FUSION_SELF.$aidlink."&user_id=".$_GET['edit']."'>\n";
echo "<table cellpadding='0' cellspacing='1' width='450' class='tbl-border center'>\n";
echo "<tr>\n<td colspan='2' class='tbl2'><strong>".$admin_page['0']."</strong></td>\n</tr>\n<tr>\n";
while ($data2 = dbarray($result2)) {
if ($page != $data2['admin_page']) {
echo ($counter % $columns == 0 ? "</tr>\n" : "<td width='50%' class='tbl1'></td>\n</tr>\n");
echo "<tr>\n<td colspan='2' class='tbl2'><strong>".$admin_page[$page]."</strong></td>\n</tr>\n<tr>\n";
$page++; $counter = 0;
if ($counter != 0 && ($counter % $columns == 0)) { echo "</tr>\n<tr>\n"; }
echo "<td width='50%' class='tbl1'><label><input type='checkbox' name='rights[]' value='".$data2['admin_rights']."'".(in_array($data2['admin_rights'], $user_rights) ? " checked='checked'" : "")." /> ".$data2['admin_title']."</label></td>\n";
echo "</tr>\n<tr>\n</table>\n";
echo "<div style='text-align:center'><br />\n";
echo "<input type='button' class='button' onclick=\"setChecked('rightsform','rights[]',1);\" value='".$locale['445']."' />\n";
echo "<input type='button' class='button' onclick=\"setChecked('rightsform','rights[]',0);\" value='".$locale['446']."' /><br /><br />\n";
if ((!isset($_COOKIE[COOKIE_PREFIX.'admin']) || md5($_COOKIE[COOKIE_PREFIX.'admin']) != $userdata['user_admin_password']) && (!isset($_POST['admin_password']) || md5(md5($_POST['admin_password'])) != $userdata['user_admin_password'])) {
echo $locale['447']." <input type='password' name='admin_password' class='textbox' style='width:150px;' /><br /><br />\n";
echo "<input type='submit' name='update_admin' value='".$locale['448']."' class='button' />\n";
echo "</div>\n</form>\n";
echo "<script type='text/javascript'>"."\n"."function setChecked(frmName,chkName,val) {"."\n";
echo "dml=document.forms[frmName];"."\n"."len=dml.elements.length;"."\n"."for(i=0;i < len;i++) {"."\n";
echo "if(dml.elements[i].name == chkName) {"."\n"."dml.elements[i].checked = val;"."\n";
echo "}\n}\n}\n</script>\n";
} else {
if (!isset($_POST['search_users']) || !isset($_POST['search_criteria'])) {
echo "<form name='searchform' method='post' action='".FUSION_SELF.$aidlink."'>\n";
echo "<table cellpadding='0' cellspacing='0' width='450' class='center'>\n";
echo "<tr>\n<td align='center' class='tbl'>".$locale['411']."<br /><br />\n";
echo "<input type='text' name='search_criteria' class='textbox' style='width:300px' />\n</td>\n";
echo "</tr>\n<tr>\n<td align='center' class='tbl'>\n";
echo "<label><input type='radio' name='search_type' value='user_name' checked='checked' />".$locale['413']."</label>\n";
echo "<label><input type='radio' name='search_type' value='user_id' />".$locale['412']."</label></td>\n";
echo "</tr>\n<tr>\n<td align='center' class='tbl'><input type='submit' name='search_users' value='".$locale['414']."' class='button' /></td>\n";
echo "</tr>\n</table>\n</form>\n";
} elseif (isset($_POST['search_users']) && isset($_POST['search_criteria'])) {
$mysql_search = "";
if ($_POST['search_type'] == "user_id" && isnum($_POST['search_criteria'])) {
$mysql_search .= "user_id='".$_POST['search_criteria']."' ";
} elseif ($_POST['search_type'] == "user_name" && preg_match("/^[-0-9A-Z_@\s]+$/i", $_POST['search_criteria'])) {
$mysql_search .= "user_name LIKE '".$_POST['search_criteria']."%' ";
if ($mysql_search) {
$result = dbquery("SELECT user_id, user_name FROM ".DB_USERS." WHERE ".$mysql_search." AND user_level='101' ORDER BY user_name");
if (isset($result) && dbrows($result)) {
echo "<form name='add_users_form' method='post' action='".FUSION_SELF.$aidlink."'>\n";
echo "<table cellpadding='0' cellspacing='1' width='450' class='tbl-border center'>\n";
$i = 0; $users = "";
while ($data = dbarray($result)) {
$row_color = ($i % 2 == 0 ? "tbl1" : "tbl2"); $i++;
$users .= "<tr>\n<td class='$row_color'><label><input type='radio' name='user_id' value='".$data['user_id']."' /> ".$data['user_name']."</label></td>\n</tr>";
if ($i > 0) {
echo "<tr>\n<td class='tbl2'><strong>".$locale['413']."</strong></td>\n</tr>\n";
echo $users."<tr>\n<td align='center' class='tbl'>\n";
echo "<input type='checkbox' name='all_rights' value='1' /> ".$locale['415']."<br />\n";
echo "<input type='checkbox' name='restricted_rights' value='2' /> Dodaj ograniczone uprawnienia<br />\n";
if ($userdata['user_level'] == 103) { echo "<label><input type='checkbox' name='make_super' value='1' /> ".$locale['416']."</label><br />\n"; }
if ((!isset($_COOKIE[COOKIE_PREFIX.'admin']) || md5($_COOKIE[COOKIE_PREFIX.'admin']) != $userdata['user_admin_password']) && (!isset($_POST['admin_password']) || md5(md5($_POST['admin_password'])) != $userdata['user_admin_password'])) {
echo $locale['447']." <input type='password' name='admin_password' class='textbox' style='width:150px;' /><br /><br />\n";
echo "<br />\n<input type='submit' name='add_admin' value='".$locale['417']."' class='button' />\n";
echo "<br /><br /> <span style='font-size: 9px;'>Tylko w przypadku zaznaczenia<br><b> Dodaj ograniczone uprawnienia</b></span><br><input type='submit' name='add_admin2' value='Dodaj uprawnienia' class='button' />\n";
echo "</td>\n</tr>\n";
} else {
echo "<tr>\n<td align='center' class='tbl'>".$locale['418']."<br /><br />\n";
echo "<a href='".FUSION_SELF.$aidlink."'>".$locale['419']."</a>\n</td>\n</tr>\n";
echo "</table>\n</form>\n";
} else {
echo "<table cellpadding='0' cellspacing='1' width='450' class='tbl-border center'>\n";
echo "<tr>\n<td align='center' class='tbl'>".$locale['418']."<br /><br />\n";
echo "<a href='".FUSION_SELF.$aidlink."'>".$locale['419']."</a>\n</td>\n</tr>\n</table>\n";
$i = 0;
$result = dbquery("SELECT * FROM ".DB_USERS." WHERE user_level>='102' ORDER BY user_level DESC, user_name");
echo "<table cellpadding='0' cellspacing='1' width='450' class='tbl-border center'>\n<tr>\n";
echo "<td class='tbl2'>".$locale['421']."</td>\n";
echo "<td align='center' width='1%' class='tbl2' style='white-space:nowrap'>".$locale['422']."</td>\n";
echo "<td align='center' width='1%' class='tbl2' style='white-space:nowrap'>".$locale['423']."</td>\n";
echo "</tr>\n";
while ($data = dbarray($result)) {
$row_color = $i % 2 == 0 ? "tbl1" : "tbl2";
echo "<tr>\n<td class='$row_color'><span title='".($data['user_rights'] ? str_replace(".", " ", $data['user_rights']) : "".$locale['425']."")."' style='cursor:hand;'>".$data['user_name']."</span></td>\n";
echo "<td align='center' width='1%' class='$row_color' style='white-space:nowrap'>".getuserlevel($data['user_level'])."</td>\n";
echo "<td align='center' width='1%' class='$row_color' style='white-space:nowrap'>\n";
if ($data['user_level'] == "103" && $userdata['user_id'] == "1") { $can_edit = true;
} elseif ($data['user_level'] != "103") { $can_edit = true;
} else { $can_edit = false; }
if ($can_edit == true && $data['user_id'] != "1") {
echo "<a href='".FUSION_SELF.$aidlink."&edit=".$data['user_id']."'>".$locale['426']."</a> |\n";
echo "<a href='".FUSION_SELF.$aidlink."&remove=".$data['user_id']."' onclick=\"return confirm('".$locale['460']."');\">".$locale['427']."</a>\n";
echo "</td>\n</tr>\n";
echo "</table>\n";
require_once THEMES."templates/footer.php";
Uprawnienia jakie nadałem maja wartości A.AC.NC.N takie sobie wybrałem np: dla newsmana do testów w chwili jak dodam go do grupy ( po edycji możemy dać mu wszystkie, albo dodać jeszcze jakieś uprawnienia :)
w lini 45 zmienimy te wartości $admin_rights2 = "A.AC.NC.N";
Lub możemy zostawić puste wtedy będzie miał zero uprawnień i dopiero edytując go nadamy te,które nas interesują :)
Z przyczyn iż jest to chwilowe rozwiązanie z mojej strony dla was może kogoś zainspiruje i wykona wtyczkę która ominie wszystkie te edycje aby po dodaniu np kolejnych grup nie musimy powielać kilku rzeczy w pliku jedna jest Funkcja:
//dodawanie z ograniczonym dostępem DJPromo
if (isset($_POST['add_admin2']) && (isset($_POST['user_id']) && isnum($_POST['user_id']))) {
if ((isset($_COOKIE[COOKIE_PREFIX.'admin']) && md5($_COOKIE[COOKIE_PREFIX.'admin']) == $userdata['user_admin_password']) || (isset($_POST['admin_password']) && md5(md5($_POST['admin_password'])) == $userdata['user_admin_password'])) {
if (isset($_POST['restricted_rights'])) {
$admin_rights2 = "A.AC.NC.N";
$result = dbquery("UPDATE ".DB_USERS." SET user_level='108', user_rights='$admin_rights2' WHERE user_id='".$_POST['user_id']."'");
if (!isset($_COOKIE[COOKIE_PREFIX.'admin']) && md5(md5($_POST['admin_password'])) == $userdata['user_admin_password']) {
setcookie(COOKIE_PREFIX."admin", md5($_POST['admin_password']), time() + 3600, "/", "", "0");
redirect(FUSION_SELF.$aidlink."&status=sn", true);
} else {
//koniec dodawania z ograniczonym dostępem DJPromo
dalej powielić musimy echo "<input type='checkbox' name='restricted_rights' value='2' /> Dodaj ograniczone uprawnienia<br />\n";
i echo "<br /><br /> <span style='font-size: 9px;'>Tylko w przypadku zaznaczenia<br><b> Dodaj ograniczone uprawnienia</b></span><br><input type='submit' name='add_admin2' value='Dodaj uprawnienia' class='button' />\n";
Mam nadzieje, że komuś to na początek wystarczy i pomoże :) daje też fotki jak to wygląda
Hmm.. wtyczka pod to cy się przydała.. Bo rozumiem, że dodaje typ kont, uprawnienia w PA itd.. ale mam pytanie:
1. Jak powiązać to z if (iXXX) {echo (...)?
2. Czy pojawia się ta grupa np: w uprawnieniach widoku stron, bądź w przyznawaniu rang na forum?
Z pierwszym nie ma najmniejszego problemu szukasz funkcji function checkgroup
i zamieniasz na // Check if user is assigned to the specified user group
function checkgroup($group) {
if (iSUPERADMIN) { return true; }
elseif (iADMIN && ($group == "0" || $group == "101" || $group == "102")) { return true;
} elseif (iMEMBER && ($group == "0" || $group == "101")) { return true;
} elseif (iNewsman && ($group == "0" || $group == "102" || $group == "108"))) { return true;
} elseif (iGUEST && $group == "0") { return true;
} elseif (iMEMBER && in_array($group, explode(".", iUSER_GROUPS))) {
return true;
} else {
return false;
Teraz używasz sobie if (iNewsman) {echo (...)? uprawnienia masz jak i dla admina i dla grupy 108 czyli newsmana wszystko możesz sobie ustalić.
Co do forum zaraz sprawdzę i napisze :)
Nie dawno myślałem żeby zrobić wtyczkę, dzięki której można by było właśnie dodawać własne rangi i przypisywać danym userom/grupom.
Co do Twojego ostatniego posta @DJPromo, to funkcja checkgroup swoją drogą, ale żeby móc używać "if (iNewsman)" to trzeba pierwsze zdefiniować stałą przy pozostałych jak tą:
define("iMEMBER", $userdata['user_level'] >= 101 ? 1 : 0);
Kliknij i zaczekaj na załadowanie kodu ...
Teraz się tym nie będę bawił bo idę spać już. Ale co do definiowania tych stałych to tu trzeba pomyśleć trochę.
Zrobiłem tak samo jak napisał @DJPromo lecz:
1. Nie ma możliwości dodania rangi na forum,
2. fusionBoard 4 Newsman'a widzi Newsaman'a jako Grupę, a nie Poziom oraz po nadaniu tekstowi np. odpowiedniego koloru w tabelce Etykiety użytkownika dodaje się puste pole,
3. Nie wiem jak inne wtyczki, ale Nicks Mod mi nie widzi "Newsman'a". |
DJPromo |
Dodany dnia 15.06.2009 17:11:34
Postów: 630 Pomógł: 41
v7.02.07 Data rejestracji: 13.06.2006 18:51
@tOmaSz000 Czy ja gdzieś tam pisałem o forum ? nie wydaje mi się modyfikacja, która podałem działa na zasadzie dodania tak zwanego kolejnego Konta typu VIp czy newsman z uprawnieniami do panelu admina i napisem w profilu. Rozwiązanie to jest spartańskie i nowatorskie na ta chwile obecna. Z racji ze PF7 daje nam większe pole manewru używajac funkcji output_handling, której uczę się prawidłowo używać na ta chwile nie napisze jak zrobić z tego wtyczkę bez grzebania w plikach
Co do forum też się da trzeba dopisać do forum kod który pozwoli dodać nowym grupa rangi. (Znajdę chwile to napiszę.)
Co to fusionBoard 4 nie wiem i nie testowałem Modyfikacje, które podam opierać się będę o zwykłe forum.
Co do Nicks Mod nie wiem i nie pomogę.
Mam jeden problem. Zrobiłem wszystko tak jak napisał DJPromo i wszystko pięknie śmiga, tylko jak dodać kolejne rangi? np. jest ten Newsman i chcę zrobić jeszcze Uploader itp. Czy mógłby ktoś wytłumaczyć jak dodac następne rangi? Pozdro |
Heh robisz kolejne linie kodu takie same tylko zmienione nr.
EDIT:Jednak to nie jest takie proste ;/
EDIT2: Aby to zrobić z czymś innym musimy w global dodać znowu nową linie nazwę naprzykład grafik a user4 zmienić na user5 w maincore też tak wszystko edytujemy zmieniając 108 na 109a administration <?php
| PHP-Fusion Content Management System
| Copyright (C) 2002 - 2008 Nick Jones
| Filename: maincore.php
| Author: Nick Jones (Digitanium)
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
if (preg_match("/maincore.php/i", $_SERVER['PHP_SELF'])) { die(); }
// Calculate script start/end time
function get_microtime() {
list($usec, $sec) = explode(" ", microtime());
return ((float)$usec + (float)$sec);
// Define script start time
define("START_TIME", get_microtime());
// Prevent any possible XSS attacks via $_GET.
foreach ($_GET as $check_url) {
if (!is_array($check_url)) {
$check_url = str_replace("\"", "", $check_url);
if ((preg_match("/<[^>]*script*\"?[^>]*>/i", $check_url)) || (preg_match("/<[^>]*object*\"?[^>]*>/i", $check_url)) ||
(preg_match("/<[^>]*iframe*\"?[^>]*>/i", $check_url)) || (preg_match("/<[^>]*applet*\"?[^>]*>/i", $check_url)) ||
(preg_match("/<[^>]*meta*\"?[^>]*>/i", $check_url)) || (preg_match("/<[^>]*style*\"?[^>]*>/i", $check_url)) ||
(preg_match("/<[^>]*form*\"?[^>]*>/i", $check_url)) || (preg_match("/\([^>]*\"?[^)]*\)/i", $check_url)) ||
(preg_match("/\"/i", $check_url))) {
die ();
// Start Output Buffering
//ob_start("ob_gzhandler"); //Uncomment this line to enable output compression.
// Locate config.php and set the basedir path
$folder_level = ""; $i = 0;
while (!file_exists($folder_level."config.php")) {
$folder_level .= "../"; $i++;
if ($i == 5) { die("Config file not found"); }
require_once $folder_level."config.php";
define("BASEDIR", $folder_level);
// If config.php is empty, activate setup.php script
if (!isset($db_name)) { redirect("setup.php"); }
// Multisite definitions
require_once BASEDIR."includes/multisite_include.php";
// Establish mySQL database connection
$link = dbconnect($db_host, $db_user, $db_pass, $db_name);
// Fetch the Site Settings from the database and store them in the $settings variable
$settings = dbarray(dbquery("SELECT * FROM ".DB_SETTINGS));
// Sanitise $_SERVER globals
$_SERVER['PHP_SELF'] = cleanurl($_SERVER['PHP_SELF']);
$_SERVER['REQUEST_URI'] = isset($_SERVER['REQUEST_URI']) ? cleanurl($_SERVER['REQUEST_URI']) : "";
$PHP_SELF = cleanurl($_SERVER['PHP_SELF']);
// Common definitions
define("IN_FUSION", TRUE);
define("FUSION_SELF", basename($_SERVER['PHP_SELF']));
define("QUOTES_GPC", (ini_get('magic_quotes_gpc') ? TRUE : FALSE));
// Path definitions
define("ADMIN", BASEDIR."administration/");
define("IMAGES", BASEDIR."images/");
define("IMAGES_A", IMAGES."articles/");
define("IMAGES_N", IMAGES."news/");
define("IMAGES_NC", IMAGES."news_cats/");
define("RANKS", IMAGES."ranks/");
define("INCLUDES", BASEDIR."includes/");
define("LOCALE", BASEDIR."locale/");
define("LOCALESET", $settings['locale']."/");
define("FORUM", BASEDIR."forum/");
define("INFUSIONS", BASEDIR."infusions/");
define("PHOTOS", IMAGES."photoalbum/");
define("THEMES", BASEDIR."themes/");
// Predefine mysql_cache variables
$smiley_cache = ""; $bbcode_cache = ""; $groups_cache = ""; $forum_rank_cache = ""; $forum_mod_rank_cache = "";
// MySQL database functions
function dbquery($query) {
$result = @mysql_query($query);
if (!$result) {
echo mysql_error();
return false;
} else {
return $result;
function dbcount($field, $table, $conditions = "") {
$cond = ($conditions ? " WHERE ".$conditions : "");
$result = @mysql_query("SELECT Count".$field." FROM ".$table.$cond);
if (!$result) {
echo mysql_error();
return false;
} else {
$rows = mysql_result($result, 0);
return $rows;
function dbresult($query, $row) {
$result = @mysql_result($query, $row);
if (!$result) {
echo mysql_error();
return false;
} else {
return $result;
function dbrows($query) {
$result = @mysql_num_rows($query);
return $result;
function dbarray($query) {
$result = @mysql_fetch_assoc($query);
if (!$result) {
echo mysql_error();
return false;
} else {
return $result;
function dbarraynum($query) {
$result = @mysql_fetch_row($query);
if (!$result) {
echo mysql_error();
return false;
} else {
return $result;
function dbconnect($db_host, $db_user, $db_pass, $db_name) {
$db_connect = @mysql_connect($db_host, $db_user, $db_pass);
$db_select = @mysql_select_db($db_name);
if (!$db_connect) {
die("<div style='font-family:Verdana;font-size:11px;text-align:center;'><b>Unable to establish connection to MySQL</b><br />".mysql_errno()." : ".mysql_error()."</div>");
} elseif (!$db_select) {
die("<div style='font-family:Verdana;font-size:11px;text-align:center;'><b>Unable to select MySQL database</b><br />".mysql_errno()." : ".mysql_error()."</div>");
// Initialise the $locale array
$locale = array();
// Load the Global language file
include LOCALE.LOCALESET."global.php";
// Check if users full or partial ip is blacklisted
$sub_ip1 = substr(USER_IP, 0, strlen(USER_IP) - strlen(strrchr(USER_IP, ".")));
$sub_ip2 = substr($sub_ip1, 0, strlen($sub_ip1) - strlen(strrchr($sub_ip1, ".")));
if (dbcount("(*)", DB_BLACKLIST, "blacklist_ip='".USER_IP."' OR blacklist_ip='$sub_ip1' OR blacklist_ip='$sub_ip2'")) {
// PHP-Fusion user cookie functions
if (!isset($_COOKIE[COOKIE_PREFIX.'visited'])) {
$result = dbquery("UPDATE ".DB_SETTINGS." SET counter=counter+1");
setcookie(COOKIE_PREFIX."visited", "yes", time() + 31536000, "/", "", "0");
//check that site or user theme exists
function theme_exists($theme) {
if (!file_exists(THEMES) || !is_dir(THEMES)) {
return false;
} else if (file_exists(THEMES.$theme."/theme.php") && file_exists(THEMES.$theme."/styles.css")) {
define("THEME", THEMES.$theme."/");
return true;
} else {
$dh = opendir(THEMES);
while (false !== ($entry = readdir($dh))) {
if ($entry != "." && $entry != ".." && is_dir(THEMES.$entry)) {
if (file_exists(THEMES.$entry."/theme.php") && file_exists(THEMES.$entry."/styles.css")) {
define("THEME", THEMES.$entry."/");
return true;
if (!defined("THEME")) {
return false;
if (isset($_POST['login']) && isset($_POST['user_name']) && isset($_POST['user_pass'])) {
$user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
$user_pass = md5($_POST['user_pass']);
$result = dbquery("SELECT * FROM ".DB_USERS." WHERE user_name='".$user_name."' AND user_password='".md5($user_pass)."' LIMIT 1");
if (dbrows($result)) {
$data = dbarray($result);
$cookie_value = $data['user_id'].".".$user_pass;
if ($data['user_status'] == 0) {
$cookie_exp = isset($_POST['remember_me']) ? time() + 3600 * 24 * 30 : time() + 3600 * 3;
setcookie(COOKIE_PREFIX."user", $cookie_value, $cookie_exp, "/", "", "0");
redirect(BASEDIR."setuser.php?user=".$data['user_name'], true);
} elseif ($data['user_status'] == 1) {
redirect(BASEDIR."setuser.php?error=1", true);
} elseif ($data['user_status'] == 2) {
redirect(BASEDIR."setuser.php?error=2", true);
} else {
if (isset($_COOKIE[COOKIE_PREFIX.'user'])) {
$cookie_vars = explode(".", $_COOKIE[COOKIE_PREFIX.'user']);
$cookie_1 = isnum($cookie_vars['0']) ? $cookie_vars['0'] : "0";
$cookie_2 = (preg_check("/^[0-9a-z]{32}$/", $cookie_vars['1']) ? $cookie_vars['1'] : "");
$result = dbquery("SELECT * FROM ".DB_USERS." WHERE user_id='$cookie_1' AND user_password='".md5($cookie_2)."' LIMIT 1");
if (dbrows($result)) {
$userdata = dbarray($result);
if ($userdata['user_status'] == 0) {
if ($userdata['user_theme'] != "Default" && file_exists(THEMES.$userdata['user_theme']."/theme.php") && ($settings['userthemes'] == 1 || $userdata['user_level'] >= 102)) {
if (!theme_exists($userdata['user_theme'])) {
echo "<strong>".$settings['sitename']." - ".$locale['global_300'].".</strong><br /><br />\n";
echo $locale['global_301'];
} else {
if (!theme_exists($settings['theme'])) {
echo "<strong>".$settings['sitename']." - ".$locale['global_300'].".</strong><br /><br />\n";
echo $locale['global_301'];
if ($userdata['user_offset'] <> 0) {
$settings['timeoffset'] = $settings['timeoffset'] + $userdata['user_offset'];
if (!isset($_COOKIE[COOKIE_PREFIX.'lastvisit']) || !isnum($_COOKIE[COOKIE_PREFIX.'lastvisit'])) {
$result = dbquery("UPDATE ".DB_USERS." SET user_threads='' WHERE user_id='".$userdata['user_id']."'");
setcookie(COOKIE_PREFIX."lastvisit", $userdata['user_lastvisit'], time() + 3600, "/", "", "0");
$lastvisited = $userdata['user_lastvisit'];
} else {
$lastvisited = $_COOKIE[COOKIE_PREFIX.'lastvisit'];
if ($userdata['user_level'] > 101) {
if (isset($_COOKIE[COOKIE_PREFIX.'admin']) && (!preg_match("#" . str_replace("../", "", "/".ADMIN) . "#i", FUSION_REQUEST) || USER_IP != $userdata['user_ip'])) {
setcookie(COOKIE_PREFIX."admin", "", time() - 7200, "/", "", "0");
} else {
setcookie(COOKIE_PREFIX."user", "", time() - 7200, "/", "", "0");
setcookie(COOKIE_PREFIX."lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", true);
} else {
setcookie(COOKIE_PREFIX."user", "", time() - 7200, "/", "", "0");
setcookie(COOKIE_PREFIX."lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", true);
} else {
if (!theme_exists($settings['theme'])) {
echo "<strong>".$settings['sitename']." - ".$locale['global_300'].".</strong><br /><br />\n";
echo $locale['global_301'];
$userdata = ""; $userdata['user_level'] = 0; $userdata['user_rights'] = ""; $userdata['user_groups'] = "";
// Redirect browser using header or script function
function redirect($location, $script = false) {
if (!$script) {
header("Location: ".str_replace("&", "&", $location));
} else {
echo "<script type='text/javascript'>document.location.href='".str_replace("&", "&", $location)."'</script>\n";
// Clean URL Function, prevents entities in server globals
function cleanurl($url) {
$bad_entities = array("&", "\"", "'", '\"', "\'", "<", ">", "(", ")", "*");
$safe_entities = array("&", "", "", "", "", "", "", "", "", "");
$url = str_replace($bad_entities, $safe_entities, $url);
return $url;
// Strip Input Function, prevents HTML in unwanted places
function stripinput($text) {
if (QUOTES_GPC) $text = stripslashes($text);
$search = array("&", "\"", "'", "\\", '\"', "\'", "<", ">", " ");
$replace = array("&", """, "'", "\", """, "'", "<", ">", " ");
$text = str_replace($search, $replace, $text);
return $text;
// stripslash function, only stripslashes if magic_quotes_gpc is on
function stripslash($text) {
if (QUOTES_GPC) { $text = stripslashes($text); }
return $text;
// stripslash function, add correct number of slashes depending on quotes_gpc
function addslash($text) {
if (!QUOTES_GPC) {
$text = addslashes(addslashes($text));
} else {
$text = addslashes($text);
return $text;
// htmlentities is too agressive so we use this function
function phpentities($text) {
$search = array("&", "\"", "'", "\\", "<", ">");
$replace = array("&", """, "'", "\", "<", ">");
$text = str_replace($search, $replace, $text);
return $text;
// Trim a line of text to a preferred length
function trimlink($text, $length) {
$dec = array("&", "\"", "'", "\\", '\"', "\'", "<", ">");
$enc = array("&", """, "'", "\", """, "'", "<", ">");
$text = str_replace($enc, $dec, $text);
if (strlen($text) > $length) $text = substr($text, 0, ($length-3))."...";
$text = str_replace($dec, $enc, $text);
return $text;
// Validate numeric input
function isnum($value) {
if (!is_array($value)) {
return (preg_match("/^[0-9]+$/", $value));
} else {
return false;
// custom preg-match function
function preg_check($expression, $value) {
if (!is_array($value)) {
return preg_match($expression, $value);
} else {
return false;
// Cache smileys mysql
function cache_smileys() {
global $smiley_cache;
$result = dbquery("SELECT * FROM ".DB_SMILEYS);
if (dbrows($result)) {
$smiley_cache = array();
while ($data = dbarray($result)) {
$smiley_cache[] = array(
"smiley_code" => $data['smiley_code'],
"smiley_image" => $data['smiley_image'],
"smiley_text" => $data['smiley_text']
} else {
$smiley_cache = array();
// Parse smiley bbcode
function parsesmileys($message) {
global $smiley_cache;
if (!preg_match("#(\[code\](.*?)\[/code\]|\[geshi=(.*?)\](.*?)\[/geshi\]|\[php\](.*?)\[/php\])#si", $message)) {
if (!$smiley_cache) { cache_smileys(); }
if (is_array($smiley_cache) && count($smiley_cache)) {
foreach ($smiley_cache as $smiley) {
$smiley_code = preg_quote($smiley['smiley_code']);
$smiley_image = "<img src='".get_image("smiley_".$smiley['smiley_text'])."' alt='".$smiley['smiley_text']."' style='vertical-align:middle;' />";
$message = preg_replace("#{$smiley_code}#si", $smiley_image, $message);
return $message;
// Show smiley icons in comments, forum and other post pages
function displaysmileys($textarea, $form = "inputform") {
global $smiley_cache;
$smileys = ""; $i = 0;
if (!$smiley_cache) { cache_smileys(); }
if (is_array($smiley_cache) && count($smiley_cache)) {
foreach ($smiley_cache as $smiley) {
if ($i != 0 && ($i % 10 == 0)) { $smileys .= "<br />\n"; $i++; }
$smileys .= "<img src='".get_image("smiley_".$smiley['smiley_text'])."' alt='".$smiley['smiley_text']."' onclick=\"insertText('".$textarea."', '".$smiley['smiley_code']."', '".$form."');\" />\n";
return $smileys;
// Cache bbcode mysql
function cache_bbcode() {
global $bbcode_cache;
$result = dbquery("SELECT * FROM ".DB_BBCODES." ORDER BY bbcode_order ASC");
if (dbrows($result)) {
$bbcode_cache = array();
while ($data = dbarray($result)) {
$bbcode_cache[] = $data['bbcode_name'];
} else {
$bbcode_cache = array();
// Parse bbcode
function parseubb($text, $selected=false) {
global $bbcode_cache;
if (!$bbcode_cache) { cache_bbcode(); }
if (is_array($bbcode_cache) && count($bbcode_cache)) {
if ($selected) { $sel_bbcodes = explode("|", $selected); }
foreach ($bbcode_cache as $bbcode) {
if ($selected && in_array($bbcode, $sel_bbcodes)) {
if (file_exists(INCLUDES."bbcodes/".$bbcode."_bbcode_include.php")) {
if (file_exists(LOCALE.LOCALESET."bbcodes/".$bbcode.".php")) {
include (LOCALE.LOCALESET."bbcodes/".$bbcode.".php");
} elseif (file_exists(LOCALE."English/bbcodes/".$bbcode.".php")) {
include (LOCALE."English/bbcodes/".$bbcode.".php");
include (INCLUDES."bbcodes/".$bbcode."_bbcode_include.php");
} elseif (!$selected) {
if (file_exists(INCLUDES."bbcodes/".$bbcode."_bbcode_include.php")) {
if (file_exists(LOCALE.LOCALESET."bbcodes/".$bbcode.".php")) {
include (LOCALE.LOCALESET."bbcodes/".$bbcode.".php");
} elseif (file_exists(LOCALE."English/bbcodes/".$bbcode.".php")) {
include (LOCALE."English/bbcodes/".$bbcode.".php");
include (INCLUDES."bbcodes/".$bbcode."_bbcode_include.php");
$text = descript($text, false);
return $text;
// Javascript email encoder by Tyler Akins
function hide_email($email, $title = "", $subject = "") {
if (strpos($email, "@")) {
$parts = explode("@", $email);
$MailLink = "<a href='mailto:".$parts[0]."@".$parts[1];
if ($subject != "") { $MailLink .= "?subject=".urlencode($subject); }
$MailLink .= "'>".($title?$title:$parts[0]."@".$parts[1])."</a>";
$MailLetters = "";
for ($i = 0; $i < strlen($MailLink); $i++) {
$l = substr($MailLink, $i, 1);
if (strpos($MailLetters, $l) === false) {
$p = rand(0, strlen($MailLetters));
$MailLetters = substr($MailLetters, 0, $p).$l.substr($MailLetters, $p, strlen($MailLetters));
$MailLettersEnc = str_replace("\\", "\\\\", $MailLetters);
$MailLettersEnc = str_replace("\"", "\\\"", $MailLettersEnc);
$MailIndexes = "";
for ($i = 0; $i < strlen($MailLink); $i ++) {
$index = strpos($MailLetters, substr($MailLink, $i, 1));
$index += 48;
$MailIndexes .= chr($index);
$MailIndexes = str_replace("\\", "\\\\", $MailIndexes);
$MailIndexes = str_replace("\"", "\\\"", $MailIndexes);
$res = "<script type='text/javascript'>";
$res .= "ML=\"".str_replace("<", "xxxx", $MailLettersEnc)."\";";
$res .= "MI=\"".str_replace("<", "xxxx", $MailIndexes)."\";";
$res .= "ML=ML.replace(/xxxx/g, '<');";
$res .= "MI=MI.replace(/xxxx/g, '<');"; $res .= "OT=\"\";";
$res .= "for(j=0;j < MI.length;j++){";
$res .= "OT+=ML.charAt(MI.charCodeAt(j)-48);";
$res .= "}document.write(OT);";
$res .= "</script>";
return $res;
} else {
return $email;
// Format spaces and tabs in code bb tags
function formatcode($text) {
$text = str_replace(" ", " ", $text);
$text = str_replace(" ", " ", $text);
$text = str_replace("\t", " ", $text);
$text = preg_replace("/^ {1}/m", " ", $text);
return $text;
// Highlights given words in subject
function highlight_words($word, $subject) {
if (is_array($word)) {
$regex_chars = "*|#.+?(){}[]^$/";
for ($j = 0; $j < count($word); $j++) {
for ($i = 0; $i < strlen($regex_chars); $i++) {
$char = substr($regex_chars, $i, 1);
$word[$j] = str_replace($char, '\\'.$char, $word[$j]);
$subject = preg_replace("/(".$word[$j].")/is", "<span style='background-color:yellow;font-weight:bold;padding-left:2px;padding-right:2px'>\\1</span>", $subject);
return $subject;
// This function sanitises news & article submissions
function descript($text, $striptags = true) {
// Convert problematic ascii characters to their true values
$search = array("40","41","58","65","66","67","68","69","70",
$replace = array("(",")",":","a","b","c","d","e","f","g","h",
$entities = count($search);
for ($i=0; $i < $entities; $i++) {
$text = preg_replace("#(&\#)(0*".$search[$i]."+);*#si", $replace[$i], $text);
$text = preg_replace('#(&\#x)([0-9A-F]+);*#si', "", $text);
$text = preg_replace('#(<[^>]+[/\"\'\s])(onmouseover|onmousedown|onmouseup|onmouseout|onmousemove|onclick|ondblclick|onfocus|onload|xmlns)[^>]*>#iU', ">", $text);
$text = preg_replace('#([a-z]*)=([\`\'\"]*)script:#iU', '$1=$2nojscript...', $text);
$text = preg_replace('#([a-z]*)=([\`\'\"]*)javascript:#iU', '$1=$2nojavascript...', $text);
$text = preg_replace('#([a-z]*)=([\'\"]*)vbscript:#iU', '$1=$2novbscript...', $text);
$text = preg_replace('#(<[^>]+)style=([\`\'\"]*).*expression\([^>]*>#iU', "$1>", $text);
$text = preg_replace('#(<[^>]+)style=([\`\'\"]*).*behaviour\([^>]*>#iU', "$1>", $text);
if ($striptags) {
do {
$thistext = $text;
$text = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $text);
} while ($thistext != $text);
return $text;
// Scan image files for malicious code
function verify_image($file) {
$txt = file_get_contents($file);
$image_safe = true;
if (preg_match('#&(quot|lt|gt|nbsp|<?php);#i', $txt)) { $image_safe = false; }
elseif (preg_match("#&\#x([0-9a-f]+);#i", $txt)) { $image_safe = false; }
elseif (preg_match('#&\#([0-9]+);#i', $txt)) { $image_safe = false; }
elseif (preg_match("#([a-z]*)=([\`\'\"]*)script:#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#([a-z]*)=([\`\'\"]*)javascript:#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#([a-z]*)=([\'\"]*)vbscript:#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#(<[^>]+)style=([\`\'\"]*).*expression\([^>]*>#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#(<[^>]+)style=([\`\'\"]*).*behaviour\([^>]*>#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#</*(applet|link|style|script|iframe|frame|frameset)[^>]*>#i", $txt)) { $image_safe = false; }
return $image_safe;
// captcha routines
function make_captcha() {
global $settings;
$captcha_string = ""; $captcha_encode = "";
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for ($i = 0; $i < 5; $i++) {
$captcha_string .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);
for ($i = 0; $i < 31; $i++) {
$captcha_encode .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);
$result = mysql_query("INSERT INTO ".DB_PREFIX."captcha (captcha_datestamp, captcha_ip, captcha_encode, captcha_string) VALUES('".time()."', '".USER_IP."', '$captcha_encode', '$captcha_string')");
if ($settings['validation_method'] == "image") {
return "<input type='hidden' name='captcha_encode' value='".$captcha_encode."' /><img src='".INCLUDES."captcha_include.php?captcha_code=".$captcha_encode."' alt='' />\n";
} else {
return "<input type='hidden' name='captcha_encode' value='".$captcha_encode."' /><strong>".$captcha_string."</strong>\n";
function check_captcha($captchs_encode, $captcha_string) {
if (preg_check("/^[0-9A-Za-z]+$/", $captchs_encode) && preg_check("/^[0-9A-Za-z]+$/", $captcha_string)) {
$result = dbquery("SELECT * FROM ".DB_CAPTCHA." WHERE captcha_ip='".USER_IP."' AND captcha_encode='".$captchs_encode."' AND captcha_string='".$captcha_string."'");
if (dbrows($result)) {
$result = dbquery("DELETE FROM ".DB_CAPTCHA." WHERE captcha_ip='".USER_IP."' AND captcha_encode='".$captchs_encode."' AND captcha_string='".$captcha_string."'");
return true;
} else {
return false;
} else {
return false;
// Replace offensive words with the defined replacement word
function censorwords($text) {
global $settings;
if ($settings['bad_words_enabled'] == "1" && $settings['bad_words'] != "" ) {
$word_list = explode("\r\n", $settings['bad_words']);
for ($i=0; $i < count($word_list); $i++) {
if ($word_list[$i] != "") $text = preg_replace("/".$word_list[$i]."/si", $settings['bad_word_replace'], $text);
return $text;
// Display the user's level
function getuserlevel($userlevel) {
global $locale;
if ($userlevel == 101) { return $locale['user1'];
} elseif ($userlevel == 108) { return $locale['user2'];
} elseif ($userlevel == 102) { return $locale['user3'];
} elseif ($userlevel == 103) { return $locale['user4'];
} elseif ($userlevel == 109) { return $locale['user5']; }
// Check if Administrator has correct rights assigned
function checkrights($right) {
if (iADMIN && in_array($right, explode(".", iUSER_RIGHTS))) {
return true;
} else {
return false;
// Check if user is assigned to the specified user group
function checkgroup($group) {
if (iSUPERADMIN) { return true; }
elseif (iADMIN && ($group == "0" || $group == "101" || $group == "102")) { return true;
} elseif (iMEMBER && ($group == "0" || $group == "101")) { return true;
} elseif (iGUEST && $group == "0") { return true;
} elseif (iMEMBER && in_array($group, explode(".", iUSER_GROUPS))) {
return true;
} else {
return false;
// Cache groups mysql
function cache_groups() {
global $groups_cache;
$result = dbquery("SELECT * FROM ".DB_USER_GROUPS." ORDER BY group_id ASC");
if (dbrows($result)) {
$groups_cache = array();
while ($data = dbarray($result)) {
$groups_cache[] = $data;
} else {
$groups_cache = array();
// Compile access levels & user group array
function getusergroups() {
global $locale, $groups_cache;
$groups_array = array(
array("0", $locale['user0']),
array("101", $locale['user1']),
array("108", $locale['user2']),
array("102", $locale['user3']),
array("103", $locale['user4']),
array("109", $locale['user5'])
if (!$groups_cache) { cache_groups(); }
if (is_array($groups_cache) && count($groups_cache)) {
foreach ($groups_cache as $group) {
array_push($groups_array, array($group['group_id'], $group['group_name']));
return $groups_array;
// Get the name of the access level or user group
function getgroupname($group_id, $return_desc = false) {
global $locale, $groups_cache;
if ($group_id == "0") { return $locale['user0'];
} elseif ($group_id == "101") { return $locale['user1']; exit;
} elseif ($group_id == "108") { return $locale['user2']; exit;
} elseif ($group_id == "102") { return $locale['user3']; exit;
} elseif ($group_id == "103") { return $locale['user4']; exit;
} elseif ($group_id == "109") { return $locale['user5']; exit;
} else {
if (!$groups_cache) { cache_groups(); }
if (is_array($groups_cache) && count($groups_cache)) {
foreach ($groups_cache as $group) {
if ($group_id == $group['group_id']) { return ($return_desc ? ($group['group_description'] ? $group['group_description'] : '-') : $group['group_name']); exit; }
return "N/A";
function groupaccess($field) {
if (iGUEST) { return "$field = '0'";
} elseif (iSUPERADMIN) { return "1 = 1";
} elseif (iADMIN) { $res = "($field='0' OR $field='101' OR $field='102'";
} elseif (iMEMBER) { $res = "($field='0' OR $field='101'";
if (iUSER_GROUPS != "" && !iSUPERADMIN) { $res .= " OR $field='".str_replace(".", "' OR $field='", iUSER_GROUPS)."'"; }
$res .= ")";
return $res;
// Create a list of files or folders and store them in an array
function makefilelist($folder, $filter, $sort=true, $type="files") {
$res = array();
$filter = explode("|", $filter);
$temp = opendir($folder);
while ($file = readdir($temp)) {
if ($type == "files" && !in_array($file, $filter)) {
if (!is_dir($folder.$file)) { $res[] = $file; }
} elseif ($type == "folders" && !in_array($file, $filter)) {
if (is_dir($folder.$file)) { $res[] = $file; }
if ($sort) { sort($res); }
return $res;
// Create a selection list from an array created by makefilelist()
function makefileopts($files, $selected = "") {
$res = "";
for ($i = 0; $i < count($files); $i++) {
$sel = ($selected == $files[$i] ? " selected='selected'" : "");
$res .= "<option value='".$files[$i]."'$sel>".$files[$i]."</option>\n";
return $res;
function makepagenav($start, $count, $total, $range = 0, $link = "") {
global $locale;
if ($link == "") { $link = FUSION_SELF."?"; }
$pg_cnt = ceil($total / $count);
if ($pg_cnt <= 1) { return ""; }
$idx_back = $start - $count;
$idx_next = $start + $count;
$cur_page = ceil(($start + 1) / $count);
$res = $locale['global_092']." ".$cur_page.$locale['global_093'].$pg_cnt.": ";
if($idx_back >= 0) {
if($cur_page > ($range + 1)) {
$res .= "<a href='".$link."rowstart=0'>1</a>...";
$idx_fst = max($cur_page - $range, 1);
$idx_lst = min($cur_page + $range, $pg_cnt);
if ($range == 0) {
$idx_fst = 1;
$idx_lst = $pg_cnt;
for ($i = $idx_fst; $i <= $idx_lst; $i++) {
$offset_page = ($i - 1) * $count;
if ($i == $cur_page) {
$res .= "<span><strong>".$i."</strong></span>";
} else {
$res .= "<a href='".$link."rowstart=".$offset_page."'>".$i."</a>";
if ($idx_next < $total) {
if ($cur_page < ($pg_cnt - $range)) {
$res .= "...<a href='".$link."rowstart=".($pg_cnt - 1) * $count."'>".$pg_cnt."</a>\n";
return "<div class='pagenav'>\n".$res."</div>\n";
// Format the date & time accordingly
function showdate($format, $val) {
global $settings;
if ($format == "shortdate" || $format == "longdate" || $format == "forumdate") {
return strftime($settings[$format], $val + ($settings['timeoffset']*3600));
} else {
return strftime($format, $val + ($settings['timeoffset'] * 3600));
// Translate bytes into kb, mb, gb or tb by CrappoMan
function parsebytesize($size, $digits = 2, $dir = false) {
$kb = 1024; $mb = 1024 * $kb; $gb= 1024 * $mb; $tb = 1024 * $gb;
if (($size == 0) && ($dir)) { return "Empty"; }
elseif ($size < $kb) { return $size."Bytes"; }
elseif ($size < $mb) { return round($size / $kb,$digits)."Kb"; }
elseif ($size < $gb) { return round($size / $mb,$digits)."Mb"; }
elseif ($size < $tb) { return round($size / $gb,$digits)."Gb"; }
else { return round($size / $tb, $digits)."Tb"; }
// User level, Admin Rights & User Group definitions
define("iGUEST", $userdata['user_level'] == 0 ? 1 : 0);
define("iMEMBER", $userdata['user_level'] >= 101 ? 1 : 0);
define("iADMIN", $userdata['user_level'] >= 102 ? 1 : 0);
define("iSUPERADMIN", $userdata['user_level'] == 103 ? 1 : 0);
define("iUSER", $userdata['user_level']);
define("iUSER_RIGHTS", $userdata['user_rights']);
define("iUSER_GROUPS", substr($userdata['user_groups'], 1));
if (iADMIN) {
define("iAUTH", substr($userdata['user_password'], 16, 32));
$aidlink = "?aid=".iAUTH;
include INCLUDES."system_images.php";
!!! UWAGA !!!
Sposób przedstawiony przez DJPromo NIE jest bezpieczny!
Tak stworzona nowa ranga osób - czyli grupa osób - może mieć dostęp do zasobów dostępnych dla Admina. Krócej: taka osoba może mieć niepowołany dostęp do strony. Mogą wystąpić także inne problemy.
Kiedyś próbowałem stworzyć wtyczkę/mod który pozwoliłby dodawanie nowych rang dla userów/grup ale nie mogłem znaleźć odpowiedniego i bezpiecznego sposobu bez większych modyfikacji rdzenia Fusiona.
Mój plik maincore.php
| PHP-Fusion Content Management System
| Copyright (C) 2002 - 2008 Nick Jones
| Filename: maincore.php
| Author: Nick Jones (Digitanium)
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
if (eregi("maincore.php", $_SERVER['PHP_SELF'])) { die(); }
// Calculate script start/end time
function get_microtime() {
list($usec, $sec) = explode(" ", microtime());
return ((float)$usec + (float)$sec);
// Define script start time
define("START_TIME", get_microtime());
// Prevent any possible XSS attacks via $_GET.
foreach ($_GET as $check_url) {
if (!is_array($check_url)) {
$check_url = str_replace("\"", "", $check_url);
if ((eregi("<[^>]*script*\"?[^>]*>", $check_url)) || (eregi("<[^>]*object*\"?[^>]*>", $check_url)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $check_url)) || (eregi("<[^>]*applet*\"?[^>]*>", $check_url)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $check_url)) || (eregi("<[^>]*style*\"?[^>]*>", $check_url)) ||
(eregi("<[^>]*form*\"?[^>]*>", $check_url)) || (eregi("\([^>]*\"?[^)]*\)", $check_url)) ||
(eregi("\"", $check_url))) {
die ();
// Start Output Buffering
//ob_start("ob_gzhandler"); //Uncomment this line to enable output compression.
// Locate config.php and set the basedir path
$folder_level = ""; $i = 0;
while (!file_exists($folder_level."config.php")) {
$folder_level .= "../"; $i++;
if ($i == 5) { die("Config file not found"); }
require_once $folder_level."config.php";
define("BASEDIR", $folder_level);
// If config.php is empty, activate setup.php script
if (!isset($db_name)) { redirect("setup.php"); }
// Multisite definitions
require_once BASEDIR."includes/multisite_include.php";
// Establish mySQL database connection
$link = dbconnect($db_host, $db_user, $db_pass, $db_name);
// Fetch the Site Settings from the database and store them in the $settings variable
$settings = dbarray(dbquery("SELECT * FROM ".DB_SETTINGS));
// Sanitise $_SERVER globals
$_SERVER['PHP_SELF'] = cleanurl($_SERVER['PHP_SELF']);
$_SERVER['REQUEST_URI'] = isset($_SERVER['REQUEST_URI']) ? cleanurl($_SERVER['REQUEST_URI']) : "";
$PHP_SELF = cleanurl($_SERVER['PHP_SELF']);
// Common definitions
define("IN_FUSION", TRUE);
define("FUSION_SELF", basename($_SERVER['PHP_SELF']));
define("QUOTES_GPC", (ini_get('magic_quotes_gpc') ? TRUE : FALSE));
// Path definitions
define("ADMIN", BASEDIR."administration/");
define("IMAGES", BASEDIR."images/");
define("IMAGES_A", IMAGES."articles/");
define("IMAGES_N", IMAGES."news/");
define("IMAGES_NC", IMAGES."news_cats/");
define("RANKS", IMAGES."ranks/");
define("INCLUDES", BASEDIR."includes/");
define("LOCALE", BASEDIR."locale/");
define("LOCALESET", $settings['locale']."/");
define("FORUM", BASEDIR."forum/");
define("INFUSIONS", BASEDIR."infusions/");
define("PHOTOS", IMAGES."photoalbum/");
define("THEMES", BASEDIR."themes/");
// Predefine mysql_cache variables
$smiley_cache = ""; $bbcode_cache = ""; $groups_cache = ""; $forum_rank_cache = ""; $forum_mod_rank_cache = "";
// MySQL database functions
function dbquery($query) {
$result = @mysql_query($query);
if (!$result) {
echo mysql_error();
return false;
} else {
return $result;
function dbcount($field, $table, $conditions = "") {
$cond = ($conditions ? " WHERE ".$conditions : "");
$result = @mysql_query("SELECT Count".$field." FROM ".$table.$cond);
if (!$result) {
echo mysql_error();
return false;
} else {
$rows = mysql_result($result, 0);
return $rows;
function dbresult($query, $row) {
$result = @mysql_result($query, $row);
if (!$result) {
echo mysql_error();
return false;
} else {
return $result;
function dbrows($query) {
$result = @mysql_num_rows($query);
return $result;
function dbarray($query) {
$result = @mysql_fetch_assoc($query);
if (!$result) {
echo mysql_error();
return false;
} else {
return $result;
function dbarraynum($query) {
$result = @mysql_fetch_row($query);
if (!$result) {
echo mysql_error();
return false;
} else {
return $result;
function dbconnect($db_host, $db_user, $db_pass, $db_name) {
$db_connect = @mysql_connect($db_host, $db_user, $db_pass);
$db_select = @mysql_select_db($db_name);
if (!$db_connect) {
die("<div style='font-family:Verdana;font-size:11px;text-align:center;'><b>Unable to establish connection to MySQL</b><br />".mysql_errno()." : ".mysql_error()."</div>");
} elseif (!$db_select) {
die("<div style='font-family:Verdana;font-size:11px;text-align:center;'><b>Unable to select MySQL database</b><br />".mysql_errno()." : ".mysql_error()."</div>");
// Initialise the $locale array
$locale = array();
// Load the Global language file
include LOCALE.LOCALESET."global.php";
// Check if users full or partial ip is blacklisted
$sub_ip1 = substr(USER_IP, 0, strlen(USER_IP) - strlen(strrchr(USER_IP, ".")));
$sub_ip2 = substr($sub_ip1, 0, strlen($sub_ip1) - strlen(strrchr($sub_ip1, ".")));
if (dbcount("(*)", DB_BLACKLIST, "blacklist_ip='".USER_IP."' OR blacklist_ip='$sub_ip1' OR blacklist_ip='$sub_ip2'")) {
// PHP-Fusion user cookie functions
if (!isset($_COOKIE[COOKIE_PREFIX.'visited'])) {
$result = dbquery("UPDATE ".DB_SETTINGS." SET counter=counter+1");
setcookie(COOKIE_PREFIX."visited", "yes", time() + 31536000, "/", "", "0");
//check that site or user theme exists
function theme_exists($theme) {
if (!file_exists(THEMES) || !is_dir(THEMES)) {
return false;
} else if (file_exists(THEMES.$theme."/theme.php") && file_exists(THEMES.$theme."/styles.css")) {
define("THEME", THEMES.$theme."/");
return true;
} else {
$dh = opendir(THEMES);
while (false !== ($entry = readdir($dh))) {
if ($entry != "." && $entry != ".." && is_dir(THEMES.$entry)) {
if (file_exists(THEMES.$entry."/theme.php") && file_exists(THEMES.$entry."/styles.css")) {
define("THEME", THEMES.$entry."/");
return true;
if (!defined("THEME")) {
return false;
if (isset($_POST['login']) && isset($_POST['user_name']) && isset($_POST['user_pass'])) {
$user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
$user_pass = md5($_POST['user_pass']);
$result = dbquery("SELECT * FROM ".DB_USERS." WHERE user_name='".$user_name."' AND user_password='".md5($user_pass)."' LIMIT 1");
if (dbrows($result)) {
$data = dbarray($result);
$cookie_value = $data['user_id'].".".$user_pass;
if ($data['user_status'] == 0) {
$cookie_exp = isset($_POST['remember_me']) ? time() + 3600 * 24 * 30 : time() + 3600 * 3;
setcookie(COOKIE_PREFIX."user", $cookie_value, $cookie_exp, "/", "", "0");
redirect(BASEDIR."setuser.php?user=".$data['user_name'], true);
} elseif ($data['user_status'] == 1) {
redirect(BASEDIR."setuser.php?error=1", true);
} elseif ($data['user_status'] == 2) {
redirect(BASEDIR."setuser.php?error=2", true);
} else {
if (isset($_COOKIE[COOKIE_PREFIX.'user'])) {
$cookie_vars = explode(".", $_COOKIE[COOKIE_PREFIX.'user']);
$cookie_1 = isnum($cookie_vars['0']) ? $cookie_vars['0'] : "0";
$cookie_2 = (preg_check("/^[0-9a-z]{32}$/", $cookie_vars['1']) ? $cookie_vars['1'] : "");
$result = dbquery("SELECT * FROM ".DB_USERS." WHERE user_id='$cookie_1' AND user_password='".md5($cookie_2)."' LIMIT 1");
if (dbrows($result)) {
$userdata = dbarray($result);
if ($userdata['user_status'] == 0) {
if ($userdata['user_theme'] != "Default" && file_exists(THEMES.$userdata['user_theme']."/theme.php") && ($settings['userthemes'] == 1 || $userdata['user_level'] >= 102)) {
if (!theme_exists($userdata['user_theme'])) {
echo "<strong>".$settings['sitename']." - ".$locale['global_300'].".</strong><br /><br />\n";
echo $locale['global_301'];
} else {
if (!theme_exists($settings['theme'])) {
echo "<strong>".$settings['sitename']." - ".$locale['global_300'].".</strong><br /><br />\n";
echo $locale['global_301'];
if ($userdata['user_offset'] <> 0) {
$settings['timeoffset'] = $settings['timeoffset'] + $userdata['user_offset'];
if (!isset($_COOKIE[COOKIE_PREFIX.'lastvisit']) || !isnum($_COOKIE[COOKIE_PREFIX.'lastvisit'])) {
$result = dbquery("UPDATE ".DB_USERS." SET user_threads='' WHERE user_id='".$userdata['user_id']."'");
setcookie(COOKIE_PREFIX."lastvisit", $userdata['user_lastvisit'], time() + 3600, "/", "", "0");
$lastvisited = $userdata['user_lastvisit'];
} else {
$lastvisited = $_COOKIE[COOKIE_PREFIX.'lastvisit'];
if ($userdata['user_level'] > 101) {
if (isset($_COOKIE[COOKIE_PREFIX.'admin']) && (!eregi(str_replace("../", "", "/".ADMIN), FUSION_REQUEST) || USER_IP != $userdata['user_ip'])) {
setcookie(COOKIE_PREFIX."admin", "", time() - 7200, "/", "", "0");
} else {
setcookie(COOKIE_PREFIX."user", "", time() - 7200, "/", "", "0");
setcookie(COOKIE_PREFIX."lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", true);
} else {
setcookie(COOKIE_PREFIX."user", "", time() - 7200, "/", "", "0");
setcookie(COOKIE_PREFIX."lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", true);
} else {
if (!theme_exists($settings['theme'])) {
echo "<strong>".$settings['sitename']." - ".$locale['global_300'].".</strong><br /><br />\n";
echo $locale['global_301'];
$userdata = ""; $userdata['user_level'] = 0; $userdata['user_rights'] = ""; $userdata['user_groups'] = "";
// Redirect browser using header or script function
function redirect($location, $script = false) {
if (!$script) {
header("Location: ".str_replace("&", "&", $location));
} else {
echo "<script type='text/javascript'>document.location.href='".str_replace("&", "&", $location)."'</script>\n";
// Clean URL Function, prevents entities in server globals
function cleanurl($url) {
$bad_entities = array("&", "\"", "'", '\"', "\'", "<", ">", "(", ")", "*");
$safe_entities = array("&", "", "", "", "", "", "", "", "", "");
$url = str_replace($bad_entities, $safe_entities, $url);
return $url;
// Strip Input Function, prevents HTML in unwanted places
function stripinput($text) {
if (QUOTES_GPC) $text = stripslashes($text);
$search = array("&", "\"", "'", "\\", '\"', "\'", "<", ">", " ");
$replace = array("&", """, "'", "\", """, "'", "<", ">", " ");
$text = str_replace($search, $replace, $text);
return $text;
// stripslash function, only stripslashes if magic_quotes_gpc is on
function stripslash($text) {
if (QUOTES_GPC) { $text = stripslashes($text); }
return $text;
// stripslash function, add correct number of slashes depending on quotes_gpc
function addslash($text) {
if (!QUOTES_GPC) {
$text = addslashes(addslashes($text));
} else {
$text = addslashes($text);
return $text;
// htmlentities is too agressive so we use this function
function phpentities($text) {
$search = array("&", "\"", "'", "\\", "<", ">");
$replace = array("&", """, "'", "\", "<", ">");
$text = str_replace($search, $replace, $text);
return $text;
// Trim a line of text to a preferred length
function trimlink($text, $length) {
$dec = array("&", "\"", "'", "\\", '\"', "\'", "<", ">");
$enc = array("&", """, "'", "\", """, "'", "<", ">");
$text = str_replace($enc, $dec, $text);
if (strlen($text) > $length) $text = substr($text, 0, ($length-3))."...";
$text = str_replace($dec, $enc, $text);
return $text;
// Validate numeric input
function isnum($value) {
if (!is_array($value)) {
return (preg_match("/^[0-9]+$/", $value));
} else {
return false;
// custom preg-match function
function preg_check($expression, $value) {
if (!is_array($value)) {
return preg_match($expression, $value);
} else {
return false;
// Cache smileys mysql
function cache_smileys() {
global $smiley_cache;
$result = dbquery("SELECT * FROM ".DB_SMILEYS);
if (dbrows($result)) {
$smiley_cache = array();
while ($data = dbarray($result)) {
$smiley_cache[] = array(
"smiley_code" => $data['smiley_code'],
"smiley_image" => $data['smiley_image'],
"smiley_text" => $data['smiley_text']
} else {
$smiley_cache = array();
// Parse smiley bbcode
function parsesmileys($message) {
global $smiley_cache;
if (!preg_match("#(\[code\](.*?)\[/code\]|\[geshi=(.*?)\](.*?)\[/geshi\]|\[php\](.*?)\[/php\])#si", $message)) {
if (!$smiley_cache) { cache_smileys(); }
if (is_array($smiley_cache) && count($smiley_cache)) {
foreach ($smiley_cache as $smiley) {
$smiley_code = preg_quote($smiley['smiley_code']);
$smiley_image = "<img src='".get_image("smiley_".$smiley['smiley_text'])."' alt='".$smiley['smiley_text']."' style='vertical-align:middle;' />";
$message = preg_replace("#{$smiley_code}#si", $smiley_image, $message);
return $message;
// Show smiley icons in comments, forum and other post pages
function displaysmileys($textarea, $form = "inputform") {
global $smiley_cache;
$smileys = ""; $i = 0;
if (!$smiley_cache) { cache_smileys(); }
if (is_array($smiley_cache) && count($smiley_cache)) {
foreach ($smiley_cache as $smiley) {
if ($i != 0 && ($i % 10 == 0)) { $smileys .= "<br />\n"; $i++; }
$smileys .= "<img src='".get_image("smiley_".$smiley['smiley_text'])."' alt='".$smiley['smiley_text']."' onclick=\"insertText('".$textarea."', '".$smiley['smiley_code']."', '".$form."');\" />\n";
return $smileys;
// Cache bbcode mysql
function cache_bbcode() {
global $bbcode_cache;
$result = dbquery("SELECT * FROM ".DB_BBCODES." ORDER BY bbcode_order ASC");
if (dbrows($result)) {
$bbcode_cache = array();
while ($data = dbarray($result)) {
$bbcode_cache[] = $data['bbcode_name'];
} else {
$bbcode_cache = array();
// Parse bbcode
function parseubb($text, $selected=false) {
global $bbcode_cache;
if (!$bbcode_cache) { cache_bbcode(); }
if (is_array($bbcode_cache) && count($bbcode_cache)) {
if ($selected) { $sel_bbcodes = explode("|", $selected); }
foreach ($bbcode_cache as $bbcode) {
if ($selected && in_array($bbcode, $sel_bbcodes)) {
if (file_exists(INCLUDES."bbcodes/".$bbcode."_bbcode_include.php")) {
if (file_exists(LOCALE.LOCALESET."bbcodes/".$bbcode.".php")) {
include (LOCALE.LOCALESET."bbcodes/".$bbcode.".php");
} elseif (file_exists(LOCALE."English/bbcodes/".$bbcode.".php")) {
include (LOCALE."English/bbcodes/".$bbcode.".php");
include (INCLUDES."bbcodes/".$bbcode."_bbcode_include.php");
} elseif (!$selected) {
if (file_exists(INCLUDES."bbcodes/".$bbcode."_bbcode_include.php")) {
if (file_exists(LOCALE.LOCALESET."bbcodes/".$bbcode.".php")) {
include (LOCALE.LOCALESET."bbcodes/".$bbcode.".php");
} elseif (file_exists(LOCALE."English/bbcodes/".$bbcode.".php")) {
include (LOCALE."English/bbcodes/".$bbcode.".php");
include (INCLUDES."bbcodes/".$bbcode."_bbcode_include.php");
$text = descript($text, false);
return $text;
// Javascript email encoder by Tyler Akins
function hide_email($email, $title = "", $subject = "") {
if (strpos($email, "@")) {
$parts = explode("@", $email);
$MailLink = "<a href='mailto:".$parts[0]."@".$parts[1];
if ($subject != "") { $MailLink .= "?subject=".urlencode($subject); }
$MailLink .= "'>".($title?$title:$parts[0]."@".$parts[1])."</a>";
$MailLetters = "";
for ($i = 0; $i < strlen($MailLink); $i++) {
$l = substr($MailLink, $i, 1);
if (strpos($MailLetters, $l) === false) {
$p = rand(0, strlen($MailLetters));
$MailLetters = substr($MailLetters, 0, $p).$l.substr($MailLetters, $p, strlen($MailLetters));
$MailLettersEnc = str_replace("\\", "\\\\", $MailLetters);
$MailLettersEnc = str_replace("\"", "\\\"", $MailLettersEnc);
$MailIndexes = "";
for ($i = 0; $i < strlen($MailLink); $i ++) {
$index = strpos($MailLetters, substr($MailLink, $i, 1));
$index += 48;
$MailIndexes .= chr($index);
$MailIndexes = str_replace("\\", "\\\\", $MailIndexes);
$MailIndexes = str_replace("\"", "\\\"", $MailIndexes);
$res = "<script type='text/javascript'>";
$res .= "ML=\"".str_replace("<", "xxxx", $MailLettersEnc)."\";";
$res .= "MI=\"".str_replace("<", "xxxx", $MailIndexes)."\";";
$res .= "ML=ML.replace(/xxxx/g, '<');";
$res .= "MI=MI.replace(/xxxx/g, '<');"; $res .= "OT=\"\";";
$res .= "for(j=0;j < MI.length;j++){";
$res .= "OT+=ML.charAt(MI.charCodeAt(j)-48);";
$res .= "}document.write(OT);";
$res .= "</script>";
return $res;
} else {
return $email;
// Format spaces and tabs in code bb tags
function formatcode($text) {
$text = str_replace(" ", " ", $text);
$text = str_replace(" ", " ", $text);
$text = str_replace("\t", " ", $text);
$text = preg_replace("/^ {1}/m", " ", $text);
return $text;
// Highlights given words in subject
function highlight_words($word, $subject) {
if (is_array($word)) {
$regex_chars = "*|#.+?(){}[]^$/";
for ($j = 0; $j < count($word); $j++) {
for ($i = 0; $i < strlen($regex_chars); $i++) {
$char = substr($regex_chars, $i, 1);
$word[$j] = str_replace($char, '\\'.$char, $word[$j]);
$subject = preg_replace("/(".$word[$j].")/is", "<span style='background-color:yellow;font-weight:bold;padding-left:2px;padding-right:2px'>\\1</span>", $subject);
return $subject;
// This function sanitises news & article submissions
function descript($text, $striptags = true) {
// Convert problematic ascii characters to their true values
$search = array("40","41","58","65","66","67","68","69","70",
$replace = array("(",")",":","a","b","c","d","e","f","g","h",
$entities = count($search);
for ($i=0; $i < $entities; $i++) {
$text = preg_replace("#(&\#)(0*".$search[$i]."+);*#si", $replace[$i], $text);
$text = preg_replace('#(&\#x)([0-9A-F]+);*#si', "", $text);
$text = preg_replace('#(<[^>]+[/\"\'\s])(onmouseover|onmousedown|onmouseup|onmouseout|onmousemove|onclick|ondblclick|onfocus|onload|xmlns)[^>]*>#iU', ">", $text);
$text = preg_replace('#([a-z]*)=([\`\'\"]*)script:#iU', '$1=$2nojscript...', $text);
$text = preg_replace('#([a-z]*)=([\`\'\"]*)javascript:#iU', '$1=$2nojavascript...', $text);
$text = preg_replace('#([a-z]*)=([\'\"]*)vbscript:#iU', '$1=$2novbscript...', $text);
$text = preg_replace('#(<[^>]+)style=([\`\'\"]*).*expression\([^>]*>#iU', "$1>", $text);
$text = preg_replace('#(<[^>]+)style=([\`\'\"]*).*behaviour\([^>]*>#iU', "$1>", $text);
if ($striptags) {
do {
$thistext = $text;
$text = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $text);
} while ($thistext != $text);
return $text;
// Scan image files for malicious code
function verify_image($file) {
$txt = file_get_contents($file);
$image_safe = true;
if (preg_match('#&(quot|lt|gt|nbsp|<?php);#i', $txt)) { $image_safe = false; }
elseif (preg_match("#&\#x([0-9a-f]+);#i", $txt)) { $image_safe = false; }
elseif (preg_match('#&\#([0-9]+);#i', $txt)) { $image_safe = false; }
elseif (preg_match("#([a-z]*)=([\`\'\"]*)script:#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#([a-z]*)=([\`\'\"]*)javascript:#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#([a-z]*)=([\'\"]*)vbscript:#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#(<[^>]+)style=([\`\'\"]*).*expression\([^>]*>#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#(<[^>]+)style=([\`\'\"]*).*behaviour\([^>]*>#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#</*(applet|link|style|script|iframe|frame|frameset)[^>]*>#i", $txt)) { $image_safe = false; }
return $image_safe;
// captcha routines
function make_captcha() {
global $settings;
$captcha_string = ""; $captcha_encode = "";
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for ($i = 0; $i < 5; $i++) {
$captcha_string .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);
for ($i = 0; $i < 31; $i++) {
$captcha_encode .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);
$result = mysql_query("INSERT INTO ".DB_PREFIX."captcha (captcha_datestamp, captcha_ip, captcha_encode, captcha_string) VALUES('".time()."', '".USER_IP."', '$captcha_encode', '$captcha_string')");
if ($settings['validation_method'] == "image") {
return "<input type='hidden' name='captcha_encode' value='".$captcha_encode."' /><img src='".INCLUDES."captcha_include.php?captcha_code=".$captcha_encode."' alt='' />\n";
} else {
return "<input type='hidden' name='captcha_encode' value='".$captcha_encode."' /><strong>".$captcha_string."</strong>\n";
function check_captcha($captchs_encode, $captcha_string) {
if (preg_check("/^[0-9A-Za-z]+$/", $captchs_encode) && preg_check("/^[0-9A-Za-z]+$/", $captcha_string)) {
$result = dbquery("SELECT * FROM ".DB_CAPTCHA." WHERE captcha_ip='".USER_IP."' AND captcha_encode='".$captchs_encode."' AND captcha_string='".$captcha_string."'");
if (dbrows($result)) {
$result = dbquery("DELETE FROM ".DB_CAPTCHA." WHERE captcha_ip='".USER_IP."' AND captcha_encode='".$captchs_encode."' AND captcha_string='".$captcha_string."'");
return true;
} else {
return false;
} else {
return false;
// Replace offensive words with the defined replacement word
function censorwords($text) {
global $settings;
if ($settings['bad_words_enabled'] == "1" && $settings['bad_words'] != "" ) {
$word_list = explode("\r\n", $settings['bad_words']);
for ($i=0; $i < count($word_list); $i++) {
if ($word_list[$i] != "") $text = preg_replace("/".$word_list[$i]."/si", $settings['bad_word_replace'], $text);
return $text;
// Display the user's level
function getuserlevel($userlevel) {
global $locale;
if ($userlevel == 101) { return $locale['user1'];
} elseif ($userlevel == 102) { return $locale['user2'];
} elseif ($userlevel == 103) { return $locale['user3'];
} elseif ($userlevel == 108) { return $locale['user4']; }
// Check if Administrator has correct rights assigned
function checkrights($right) {
if (iADMIN && in_array($right, explode(".", iUSER_RIGHTS))) {
return true;
} else {
return false;
// Check if user is assigned to the specified user group
function checkgroup($group) {
if (iSUPERADMIN) { return true; }
elseif (iADMIN && ($group == "0" || $group == "101" || $group == "102")) { return true;
} elseif (iMEMBER && ($group == "0" || $group == "101")) { return true;
} elseif (iGUEST && $group == "0") { return true;
} elseif (iMEMBER && in_array($group, explode(".", iUSER_GROUPS))) {
return true;
} else {
return false;
// Cache groups mysql
function cache_groups() {
global $groups_cache;
$result = dbquery("SELECT * FROM ".DB_USER_GROUPS." ORDER BY group_id ASC");
if (dbrows($result)) {
$groups_cache = array();
while ($data = dbarray($result)) {
$groups_cache[] = $data;
} else {
$groups_cache = array();
// Compile access levels & user group array
function getusergroups() {
global $locale, $groups_cache;
$groups_array = array(
array("0", $locale['user0']),
array("101", $locale['user1']),
array("102", $locale['user2']),
array("103", $locale['user3']),
array("108", $locale['user4'])
if (!$groups_cache) { cache_groups(); }
if (is_array($groups_cache) && count($groups_cache)) {
foreach ($groups_cache as $group) {
array_push($groups_array, array($group['group_id'], $group['group_name']));
return $groups_array;
// Get the name of the access level or user group
function getgroupname($group_id, $return_desc = false) {
global $locale, $groups_cache;
if ($group_id == "0") { return $locale['user0'];
} elseif ($group_id == "101") { return $locale['user1']; exit;
} elseif ($group_id == "102") { return $locale['user2']; exit;
} elseif ($group_id == "103") { return $locale['user3']; exit;
} elseif ($group_id == "108") { return $locale['user4']; exit;
} else {
if (!$groups_cache) { cache_groups(); }
if (is_array($groups_cache) && count($groups_cache)) {
foreach ($groups_cache as $group) {
if ($group_id == $group['group_id']) { return ($return_desc ? ($group['group_description'] ? $group['group_description'] : '-') : $group['group_name']); exit; }
function groupaccess($field) {
if (iGUEST) { return "$field = '0'";
} elseif (iSUPERADMIN) { return "1 = 1";
} elseif (iADMIN) { $res = "($field='0' OR $field='101' OR $field='102'";
} elseif (iMEMBER) { $res = "($field='0' OR $field='101'";
if (iUSER_GROUPS != "" && !iSUPERADMIN) { $res .= " OR $field='".str_replace(".", "' OR $field='", iUSER_GROUPS)."'"; }
$res .= ")";
return $res;
// Create a list of files or folders and store them in an array
function makefilelist($folder, $filter, $sort=true, $type="files") {
$res = array();
$filter = explode("|", $filter);
$temp = opendir($folder);
while ($file = readdir($temp)) {
if ($type == "files" && !in_array($file, $filter)) {
if (!is_dir($folder.$file)) { $res[] = $file; }
} elseif ($type == "folders" && !in_array($file, $filter)) {
if (is_dir($folder.$file)) { $res[] = $file; }
if ($sort) { sort($res); }
return $res;
// Create a selection list from an array created by makefilelist()
function makefileopts($files, $selected = "") {
$res = "";
for ($i = 0; $i < count($files); $i++) {
$sel = ($selected == $files[$i] ? " selected='selected'" : "");
$res .= "<option value='".$files[$i]."'$sel>".$files[$i]."</option>\n";
return $res;
function makepagenav($start, $count, $total, $range = 0, $link = "") {
global $locale;
if ($link == "") { $link = FUSION_SELF."?"; }
$pg_cnt = ceil($total / $count);
if ($pg_cnt <= 1) { return ""; }
$idx_back = $start - $count;
$idx_next = $start + $count;
$cur_page = ceil(($start + 1) / $count);
$res = $locale['global_092']." ".$cur_page.$locale['global_093'].$pg_cnt.": ";
if($idx_back >= 0) {
if($cur_page > ($range + 1)) {
$res .= "<a href='".$link."rowstart=0'>1</a>...";
$idx_fst = max($cur_page - $range, 1);
$idx_lst = min($cur_page + $range, $pg_cnt);
if ($range == 0) {
$idx_fst = 1;
$idx_lst = $pg_cnt;
for ($i = $idx_fst; $i <= $idx_lst; $i++) {
$offset_page = ($i - 1) * $count;
if ($i == $cur_page) {
$res .= "<span><strong>".$i."</strong></span>";
} else {
$res .= "<a href='".$link."rowstart=".$offset_page."'>".$i."</a>";
if ($idx_next < $total) {
if ($cur_page < ($pg_cnt - $range)) {
$res .= "...<a href='".$link."rowstart=".($pg_cnt - 1) * $count."'>".$pg_cnt."</a>\n";
return "<div class='pagenav'>\n".$res."</div>\n";
// Format the date & time accordingly
function showdate($format, $val) {
global $settings;
if ($format == "shortdate" || $format == "longdate" || $format == "forumdate") {
return strftime($settings[$format], $val + ($settings['timeoffset']*3600));
} else {
return strftime($format, $val + ($settings['timeoffset'] * 3600));
// Translate bytes into kb, mb, gb or tb by CrappoMan
function parsebytesize($size, $digits = 2, $dir = false) {
$kb = 1024; $mb = 1024 * $kb; $gb= 1024 * $mb; $tb = 1024 * $gb;
if (($size == 0) && ($dir)) { return "Empty"; }
elseif ($size < $kb) { return $size."Bytes"; }
elseif ($size < $mb) { return round($size / $kb,$digits)."Kb"; }
elseif ($size < $gb) { return round($size / $mb,$digits)."Mb"; }
elseif ($size < $tb) { return round($size / $gb,$digits)."Gb"; }
else { return round($size / $tb, $digits)."Tb"; }
// User level, Admin Rights & User Group definitions
define("iGUEST", $userdata['user_level'] == 0 ? 1 : 0);
define("iMEMBER", $userdata['user_level'] >= 101 ? 1 : 0);
define("iADMIN", $userdata['user_level'] >= 102 ? 1 : 0);
define("iSUPERADMIN", $userdata['user_level'] == 103 ? 1 : 0);
define("iUSER", $userdata['user_level']);
define("iUSER_RIGHTS", $userdata['user_rights']);
define("iUSER_GROUPS", substr($userdata['user_groups'], 1));
if (iADMIN) {
define("iAUTH", substr($userdata['user_password'], 16, 32));
$aidlink = "?aid=".iAUTH;
function check_rang($userek_id)
global $db_prefix;
$ddd = dbarray(dbquery("SELECT user_rang from ".$db_prefix."users WHERE user_id='".$userek_id."'"));
if ($ddd['user_rang']=="")
$points = dbarray(dbquery("SELECT points_normal,points_bonus,points_punishment FROM ".$db_prefix."users WHERE user_id ='".$userek_id."'"));
$points_total = $points['points_normal'] + $points['points_bonus'] - $points['points_punishment'];
$bbb = dbarray(dbquery("SELECT rang_name from ".$db_prefix."eps_rangs WHERE rang_points<=".$points_total." ORDER BY rang_points DESC LIMIT 1"));
return $bbb['rang_name'];
} else return $ddd['user_rang'];
function show_points($userek_id)
global $db_prefix;
$eee = dbarray(dbquery("SELECT user_points from ".$db_prefix."users WHERE user_id='".$userek_id."'"));
if ($eee['user_points']<1)
$points = dbarray(dbquery("SELECT points_normal,points_bonus,points_punishment FROM ".$db_prefix."users WHERE user_id=".$userek_id.""));
return $points['points_normal'] + $points['points_bonus'] - $points['points_punishment'];
} else return $eee['user_points'];
function points($i){
switch ($i) {
case 'f':
echo $id_points = 1;
case 's':
$id_points = 2;
case 'l':
$id_points = 3;
case 'a':
$id_points = 4;
case 'n':
$id_points = 5;
return dbresult(dbquery("SELECT point_ammount FROM ".DB_EPS_POINTS." WHERE point_id ='".$id_points."'"),0);
include INCLUDES."system_images.php";
Jeżeli nie masz zbyt wielu userów, którym chcesz dać te rangi, to polecam połączenie 2 modów - Nick mod, oraz Admin Rank.
W Nick modzie dodajesz grupy userów i przydzielasz ich do jakiej grupy chcesz. Następnie edytujesz profil usera i w polu Admin Rank dodajesz mu obrazek, który ma być wyświetlany.
Niestety ja mam dużo userów...
A teraz:
| PHP-Fusion Content Management System
| Copyright (C) 2002 - 2008 Nick Jones
| Filename: maincore.php
| Author: Nick Jones (Digitanium)
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
if (eregi("maincore.php", $_SERVER['PHP_SELF'])) { die(); }
// Calculate script start/end time
function get_microtime() {
list($usec, $sec) = explode(" ", microtime());
return ((float)$usec + (float)$sec);
// Define script start time
define("START_TIME", get_microtime());
// Prevent any possible XSS attacks via $_GET.
foreach ($_GET as $check_url) {
if (!is_array($check_url)) {
$check_url = str_replace("\"", "", $check_url);
if ((eregi("<[^>]*script*\"?[^>]*>", $check_url)) || (eregi("<[^>]*object*\"?[^>]*>", $check_url)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $check_url)) || (eregi("<[^>]*applet*\"?[^>]*>", $check_url)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $check_url)) || (eregi("<[^>]*style*\"?[^>]*>", $check_url)) ||
(eregi("<[^>]*form*\"?[^>]*>", $check_url)) || (eregi("\([^>]*\"?[^)]*\)", $check_url)) ||
(eregi("\"", $check_url))) {
die ();
// Start Output Buffering
//ob_start("ob_gzhandler"); //Uncomment this line to enable output compression.
// Locate config.php and set the basedir path
$folder_level = ""; $i = 0;
while (!file_exists($folder_level."config.php")) {
$folder_level .= "../"; $i++;
if ($i == 5) { die("Config file not found"); }
require_once $folder_level."config.php";
define("BASEDIR", $folder_level);
// If config.php is empty, activate setup.php script
if (!isset($db_name)) { redirect("setup.php"); }
// Multisite definitions
require_once BASEDIR."includes/multisite_include.php";
// Establish mySQL database connection
$link = dbconnect($db_host, $db_user, $db_pass, $db_name);
// Fetch the Site Settings from the database and store them in the $settings variable
$settings = dbarray(dbquery("SELECT * FROM ".DB_SETTINGS));
// Sanitise $_SERVER globals
$_SERVER['PHP_SELF'] = cleanurl($_SERVER['PHP_SELF']);
$_SERVER['REQUEST_URI'] = isset($_SERVER['REQUEST_URI']) ? cleanurl($_SERVER['REQUEST_URI']) : "";
$PHP_SELF = cleanurl($_SERVER['PHP_SELF']);
// Common definitions
define("IN_FUSION", TRUE);
define("FUSION_SELF", basename($_SERVER['PHP_SELF']));
define("QUOTES_GPC", (ini_get('magic_quotes_gpc') ? TRUE : FALSE));
// Path definitions
define("ADMIN", BASEDIR."administration/");
define("IMAGES", BASEDIR."images/");
define("IMAGES_A", IMAGES."articles/");
define("IMAGES_N", IMAGES."news/");
define("IMAGES_NC", IMAGES."news_cats/");
define("RANKS", IMAGES."ranks/");
define("INCLUDES", BASEDIR."includes/");
define("LOCALE", BASEDIR."locale/");
define("LOCALESET", $settings['locale']."/");
define("FORUM", BASEDIR."forum/");
define("INFUSIONS", BASEDIR."infusions/");
define("PHOTOS", IMAGES."photoalbum/");
define("THEMES", BASEDIR."themes/");
// Predefine mysql_cache variables
$smiley_cache = ""; $bbcode_cache = ""; $groups_cache = ""; $forum_rank_cache = ""; $forum_mod_rank_cache = "";
// MySQL database functions
function dbquery($query) {
$result = @mysql_query($query);
if (!$result) {
echo mysql_error();
return false;
} else {
return $result;
function dbcount($field, $table, $conditions = "") {
$cond = ($conditions ? " WHERE ".$conditions : "");
$result = @mysql_query("SELECT Count".$field." FROM ".$table.$cond);
if (!$result) {
echo mysql_error();
return false;
} else {
$rows = mysql_result($result, 0);
return $rows;
function dbresult($query, $row) {
$result = @mysql_result($query, $row);
if (!$result) {
echo mysql_error();
return false;
} else {
return $result;
function dbrows($query) {
$result = @mysql_num_rows($query);
return $result;
function dbarray($query) {
$result = @mysql_fetch_assoc($query);
if (!$result) {
echo mysql_error();
return false;
} else {
return $result;
function dbarraynum($query) {
$result = @mysql_fetch_row($query);
if (!$result) {
echo mysql_error();
return false;
} else {
return $result;
function dbconnect($db_host, $db_user, $db_pass, $db_name) {
$db_connect = @mysql_connect($db_host, $db_user, $db_pass);
$db_select = @mysql_select_db($db_name);
if (!$db_connect) {
die("<div style='font-family:Verdana;font-size:11px;text-align:center;'><b>Unable to establish connection to MySQL</b><br />".mysql_errno()." : ".mysql_error()."</div>");
} elseif (!$db_select) {
die("<div style='font-family:Verdana;font-size:11px;text-align:center;'><b>Unable to select MySQL database</b><br />".mysql_errno()." : ".mysql_error()."</div>");
// Initialise the $locale array
$locale = array();
// Load the Global language file
include LOCALE.LOCALESET."global.php";
// Check if users full or partial ip is blacklisted
$sub_ip1 = substr(USER_IP, 0, strlen(USER_IP) - strlen(strrchr(USER_IP, ".")));
$sub_ip2 = substr($sub_ip1, 0, strlen($sub_ip1) - strlen(strrchr($sub_ip1, ".")));
if (dbcount("(*)", DB_BLACKLIST, "blacklist_ip='".USER_IP."' OR blacklist_ip='$sub_ip1' OR blacklist_ip='$sub_ip2'")) {
// PHP-Fusion user cookie functions
if (!isset($_COOKIE[COOKIE_PREFIX.'visited'])) {
$result = dbquery("UPDATE ".DB_SETTINGS." SET counter=counter+1");
setcookie(COOKIE_PREFIX."visited", "yes", time() + 31536000, "/", "", "0");
//check that site or user theme exists
function theme_exists($theme) {
if (!file_exists(THEMES) || !is_dir(THEMES)) {
return false;
} else if (file_exists(THEMES.$theme."/theme.php") && file_exists(THEMES.$theme."/styles.css")) {
define("THEME", THEMES.$theme."/");
return true;
} else {
$dh = opendir(THEMES);
while (false !== ($entry = readdir($dh))) {
if ($entry != "." && $entry != ".." && is_dir(THEMES.$entry)) {
if (file_exists(THEMES.$entry."/theme.php") && file_exists(THEMES.$entry."/styles.css")) {
define("THEME", THEMES.$entry."/");
return true;
if (!defined("THEME")) {
return false;
if (isset($_POST['login']) && isset($_POST['user_name']) && isset($_POST['user_pass'])) {
$user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
$user_pass = md5($_POST['user_pass']);
$result = dbquery("SELECT * FROM ".DB_USERS." WHERE user_name='".$user_name."' AND user_password='".md5($user_pass)."' LIMIT 1");
if (dbrows($result)) {
$data = dbarray($result);
$cookie_value = $data['user_id'].".".$user_pass;
if ($data['user_status'] == 0) {
$cookie_exp = isset($_POST['remember_me']) ? time() + 3600 * 24 * 30 : time() + 3600 * 3;
setcookie(COOKIE_PREFIX."user", $cookie_value, $cookie_exp, "/", "", "0");
redirect(BASEDIR."setuser.php?user=".$data['user_name'], true);
} elseif ($data['user_status'] == 1) {
redirect(BASEDIR."setuser.php?error=1", true);
} elseif ($data['user_status'] == 2) {
redirect(BASEDIR."setuser.php?error=2", true);
} else {
if (isset($_COOKIE[COOKIE_PREFIX.'user'])) {
$cookie_vars = explode(".", $_COOKIE[COOKIE_PREFIX.'user']);
$cookie_1 = isnum($cookie_vars['0']) ? $cookie_vars['0'] : "0";
$cookie_2 = (preg_check("/^[0-9a-z]{32}$/", $cookie_vars['1']) ? $cookie_vars['1'] : "");
$result = dbquery("SELECT * FROM ".DB_USERS." WHERE user_id='$cookie_1' AND user_password='".md5($cookie_2)."' LIMIT 1");
if (dbrows($result)) {
$userdata = dbarray($result);
if ($userdata['user_status'] == 0) {
if ($userdata['user_theme'] != "Default" && file_exists(THEMES.$userdata['user_theme']."/theme.php") && ($settings['userthemes'] == 1 || $userdata['user_level'] >= 102)) {
if (!theme_exists($userdata['user_theme'])) {
echo "<strong>".$settings['sitename']." - ".$locale['global_300'].".</strong><br /><br />\n";
echo $locale['global_301'];
} else {
if (!theme_exists($settings['theme'])) {
echo "<strong>".$settings['sitename']." - ".$locale['global_300'].".</strong><br /><br />\n";
echo $locale['global_301'];
if ($userdata['user_offset'] <> 0) {
$settings['timeoffset'] = $settings['timeoffset'] + $userdata['user_offset'];
if (!isset($_COOKIE[COOKIE_PREFIX.'lastvisit']) || !isnum($_COOKIE[COOKIE_PREFIX.'lastvisit'])) {
$result = dbquery("UPDATE ".DB_USERS." SET user_threads='' WHERE user_id='".$userdata['user_id']."'");
setcookie(COOKIE_PREFIX."lastvisit", $userdata['user_lastvisit'], time() + 3600, "/", "", "0");
$lastvisited = $userdata['user_lastvisit'];
} else {
$lastvisited = $_COOKIE[COOKIE_PREFIX.'lastvisit'];
if ($userdata['user_level'] > 101) {
if (isset($_COOKIE[COOKIE_PREFIX.'admin']) && (!eregi(str_replace("../", "", "/".ADMIN), FUSION_REQUEST) || USER_IP != $userdata['user_ip'])) {
setcookie(COOKIE_PREFIX."admin", "", time() - 7200, "/", "", "0");
} else {
setcookie(COOKIE_PREFIX."user", "", time() - 7200, "/", "", "0");
setcookie(COOKIE_PREFIX."lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", true);
} else {
setcookie(COOKIE_PREFIX."user", "", time() - 7200, "/", "", "0");
setcookie(COOKIE_PREFIX."lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", true);
} else {
if (!theme_exists($settings['theme'])) {
echo "<strong>".$settings['sitename']." - ".$locale['global_300'].".</strong><br /><br />\n";
echo $locale['global_301'];
$userdata = ""; $userdata['user_level'] = 0; $userdata['user_rights'] = ""; $userdata['user_groups'] = "";
// Redirect browser using header or script function
function redirect($location, $script = false) {
if (!$script) {
header("Location: ".str_replace("&", "&", $location));
} else {
echo "<script type='text/javascript'>document.location.href='".str_replace("&", "&", $location)."'</script>\n";
// Clean URL Function, prevents entities in server globals
function cleanurl($url) {
$bad_entities = array("&", "\"", "'", '\"', "\'", "<", ">", "(", ")", "*");
$safe_entities = array("&", "", "", "", "", "", "", "", "", "");
$url = str_replace($bad_entities, $safe_entities, $url);
return $url;
// Strip Input Function, prevents HTML in unwanted places
function stripinput($text) {
if (QUOTES_GPC) $text = stripslashes($text);
$search = array("&", "\"", "'", "\\", '\"', "\'", "<", ">", " ");
$replace = array("&", """, "'", "\", """, "'", "<", ">", " ");
$text = str_replace($search, $replace, $text);
return $text;
// stripslash function, only stripslashes if magic_quotes_gpc is on
function stripslash($text) {
if (QUOTES_GPC) { $text = stripslashes($text); }
return $text;
// stripslash function, add correct number of slashes depending on quotes_gpc
function addslash($text) {
if (!QUOTES_GPC) {
$text = addslashes(addslashes($text));
} else {
$text = addslashes($text);
return $text;
// htmlentities is too agressive so we use this function
function phpentities($text) {
$search = array("&", "\"", "'", "\\", "<", ">");
$replace = array("&", """, "'", "\", "<", ">");
$text = str_replace($search, $replace, $text);
return $text;
// Trim a line of text to a preferred length
function trimlink($text, $length) {
$dec = array("&", "\"", "'", "\\", '\"', "\'", "<", ">");
$enc = array("&", """, "'", "\", """, "'", "<", ">");
$text = str_replace($enc, $dec, $text);
if (strlen($text) > $length) $text = substr($text, 0, ($length-3))."...";
$text = str_replace($dec, $enc, $text);
return $text;
// Validate numeric input
function isnum($value) {
if (!is_array($value)) {
return (preg_match("/^[0-9]+$/", $value));
} else {
return false;
// custom preg-match function
function preg_check($expression, $value) {
if (!is_array($value)) {
return preg_match($expression, $value);
} else {
return false;
// Cache smileys mysql
function cache_smileys() {
global $smiley_cache;
$result = dbquery("SELECT * FROM ".DB_SMILEYS);
if (dbrows($result)) {
$smiley_cache = array();
while ($data = dbarray($result)) {
$smiley_cache[] = array(
"smiley_code" => $data['smiley_code'],
"smiley_image" => $data['smiley_image'],
"smiley_text" => $data['smiley_text']
} else {
$smiley_cache = array();
// Parse smiley bbcode
function parsesmileys($message) {
global $smiley_cache;
if (!preg_match("#(\[code\](.*?)\[/code\]|\[geshi=(.*?)\](.*?)\[/geshi\]|\[php\](.*?)\[/php\])#si", $message)) {
if (!$smiley_cache) { cache_smileys(); }
if (is_array($smiley_cache) && count($smiley_cache)) {
foreach ($smiley_cache as $smiley) {
$smiley_code = preg_quote($smiley['smiley_code']);
$smiley_image = "<img src='".get_image("smiley_".$smiley['smiley_text'])."' alt='".$smiley['smiley_text']."' style='vertical-align:middle;' />";
$message = preg_replace("#{$smiley_code}#si", $smiley_image, $message);
return $message;
// Show smiley icons in comments, forum and other post pages
function displaysmileys($textarea, $form = "inputform") {
global $smiley_cache;
$smileys = ""; $i = 0;
if (!$smiley_cache) { cache_smileys(); }
if (is_array($smiley_cache) && count($smiley_cache)) {
foreach ($smiley_cache as $smiley) {
if ($i != 0 && ($i % 10 == 0)) { $smileys .= "<br />\n"; $i++; }
$smileys .= "<img src='".get_image("smiley_".$smiley['smiley_text'])."' alt='".$smiley['smiley_text']."' onclick=\"insertText('".$textarea."', '".$smiley['smiley_code']."', '".$form."');\" />\n";
return $smileys;
// Cache bbcode mysql
function cache_bbcode() {
global $bbcode_cache;
$result = dbquery("SELECT * FROM ".DB_BBCODES." ORDER BY bbcode_order ASC");
if (dbrows($result)) {
$bbcode_cache = array();
while ($data = dbarray($result)) {
$bbcode_cache[] = $data['bbcode_name'];
} else {
$bbcode_cache = array();
// Parse bbcode
function parseubb($text, $selected=false) {
global $bbcode_cache;
if (!$bbcode_cache) { cache_bbcode(); }
if (is_array($bbcode_cache) && count($bbcode_cache)) {
if ($selected) { $sel_bbcodes = explode("|", $selected); }
foreach ($bbcode_cache as $bbcode) {
if ($selected && in_array($bbcode, $sel_bbcodes)) {
if (file_exists(INCLUDES."bbcodes/".$bbcode."_bbcode_include.php")) {
if (file_exists(LOCALE.LOCALESET."bbcodes/".$bbcode.".php")) {
include (LOCALE.LOCALESET."bbcodes/".$bbcode.".php");
} elseif (file_exists(LOCALE."English/bbcodes/".$bbcode.".php")) {
include (LOCALE."English/bbcodes/".$bbcode.".php");
include (INCLUDES."bbcodes/".$bbcode."_bbcode_include.php");
} elseif (!$selected) {
if (file_exists(INCLUDES."bbcodes/".$bbcode."_bbcode_include.php")) {
if (file_exists(LOCALE.LOCALESET."bbcodes/".$bbcode.".php")) {
include (LOCALE.LOCALESET."bbcodes/".$bbcode.".php");
} elseif (file_exists(LOCALE."English/bbcodes/".$bbcode.".php")) {
include (LOCALE."English/bbcodes/".$bbcode.".php");
include (INCLUDES."bbcodes/".$bbcode."_bbcode_include.php");
$text = descript($text, false);
return $text;
// Javascript email encoder by Tyler Akins
function hide_email($email, $title = "", $subject = "") {
if (strpos($email, "@")) {
$parts = explode("@", $email);
$MailLink = "<a href='mailto:".$parts[0]."@".$parts[1];
if ($subject != "") { $MailLink .= "?subject=".urlencode($subject); }
$MailLink .= "'>".($title?$title:$parts[0]."@".$parts[1])."</a>";
$MailLetters = "";
for ($i = 0; $i < strlen($MailLink); $i++) {
$l = substr($MailLink, $i, 1);
if (strpos($MailLetters, $l) === false) {
$p = rand(0, strlen($MailLetters));
$MailLetters = substr($MailLetters, 0, $p).$l.substr($MailLetters, $p, strlen($MailLetters));
$MailLettersEnc = str_replace("\\", "\\\\", $MailLetters);
$MailLettersEnc = str_replace("\"", "\\\"", $MailLettersEnc);
$MailIndexes = "";
for ($i = 0; $i < strlen($MailLink); $i ++) {
$index = strpos($MailLetters, substr($MailLink, $i, 1));
$index += 48;
$MailIndexes .= chr($index);
$MailIndexes = str_replace("\\", "\\\\", $MailIndexes);
$MailIndexes = str_replace("\"", "\\\"", $MailIndexes);
$res = "<script type='text/javascript'>";
$res .= "ML=\"".str_replace("<", "xxxx", $MailLettersEnc)."\";";
$res .= "MI=\"".str_replace("<", "xxxx", $MailIndexes)."\";";
$res .= "ML=ML.replace(/xxxx/g, '<');";
$res .= "MI=MI.replace(/xxxx/g, '<');"; $res .= "OT=\"\";";
$res .= "for(j=0;j < MI.length;j++){";
$res .= "OT+=ML.charAt(MI.charCodeAt(j)-48);";
$res .= "}document.write(OT);";
$res .= "</script>";
return $res;
} else {
return $email;
// Format spaces and tabs in code bb tags
function formatcode($text) {
$text = str_replace(" ", " ", $text);
$text = str_replace(" ", " ", $text);
$text = str_replace("\t", " ", $text);
$text = preg_replace("/^ {1}/m", " ", $text);
return $text;
// Highlights given words in subject
function highlight_words($word, $subject) {
if (is_array($word)) {
$regex_chars = "*|#.+?(){}[]^$/";
for ($j = 0; $j < count($word); $j++) {
for ($i = 0; $i < strlen($regex_chars); $i++) {
$char = substr($regex_chars, $i, 1);
$word[$j] = str_replace($char, '\\'.$char, $word[$j]);
$subject = preg_replace("/(".$word[$j].")/is", "<span style='background-color:yellow;font-weight:bold;padding-left:2px;padding-right:2px'>\\1</span>", $subject);
return $subject;
// This function sanitises news & article submissions
function descript($text, $striptags = true) {
// Convert problematic ascii characters to their true values
$search = array("40","41","58","65","66","67","68","69","70",
$replace = array("(",")",":","a","b","c","d","e","f","g","h",
$entities = count($search);
for ($i=0; $i < $entities; $i++) {
$text = preg_replace("#(&\#)(0*".$search[$i]."+);*#si", $replace[$i], $text);
$text = preg_replace('#(&\#x)([0-9A-F]+);*#si', "", $text);
$text = preg_replace('#(<[^>]+[/\"\'\s])(onmouseover|onmousedown|onmouseup|onmouseout|onmousemove|onclick|ondblclick|onfocus|onload|xmlns)[^>]*>#iU', ">", $text);
$text = preg_replace('#([a-z]*)=([\`\'\"]*)script:#iU', '$1=$2nojscript...', $text);
$text = preg_replace('#([a-z]*)=([\`\'\"]*)javascript:#iU', '$1=$2nojavascript...', $text);
$text = preg_replace('#([a-z]*)=([\'\"]*)vbscript:#iU', '$1=$2novbscript...', $text);
$text = preg_replace('#(<[^>]+)style=([\`\'\"]*).*expression\([^>]*>#iU', "$1>", $text);
$text = preg_replace('#(<[^>]+)style=([\`\'\"]*).*behaviour\([^>]*>#iU', "$1>", $text);
if ($striptags) {
do {
$thistext = $text;
$text = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $text);
} while ($thistext != $text);
return $text;
// Scan image files for malicious code
function verify_image($file) {
$txt = file_get_contents($file);
$image_safe = true;
if (preg_match('#&(quot|lt|gt|nbsp|<?php);#i', $txt)) { $image_safe = false; }
elseif (preg_match("#&\#x([0-9a-f]+);#i", $txt)) { $image_safe = false; }
elseif (preg_match('#&\#([0-9]+);#i', $txt)) { $image_safe = false; }
elseif (preg_match("#([a-z]*)=([\`\'\"]*)script:#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#([a-z]*)=([\`\'\"]*)javascript:#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#([a-z]*)=([\'\"]*)vbscript:#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#(<[^>]+)style=([\`\'\"]*).*expression\([^>]*>#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#(<[^>]+)style=([\`\'\"]*).*behaviour\([^>]*>#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#</*(applet|link|style|script|iframe|frame|frameset)[^>]*>#i", $txt)) { $image_safe = false; }
return $image_safe;
// captcha routines
function make_captcha() {
global $settings;
$captcha_string = ""; $captcha_encode = "";
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for ($i = 0; $i < 5; $i++) {
$captcha_string .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);
for ($i = 0; $i < 31; $i++) {
$captcha_encode .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);
$result = mysql_query("INSERT INTO ".DB_PREFIX."captcha (captcha_datestamp, captcha_ip, captcha_encode, captcha_string) VALUES('".time()."', '".USER_IP."', '$captcha_encode', '$captcha_string')");
if ($settings['validation_method'] == "image") {
return "<input type='hidden' name='captcha_encode' value='".$captcha_encode."' /><img src='".INCLUDES."captcha_include.php?captcha_code=".$captcha_encode."' alt='' />\n";
} else {
return "<input type='hidden' name='captcha_encode' value='".$captcha_encode."' /><strong>".$captcha_string."</strong>\n";
function check_captcha($captchs_encode, $captcha_string) {
if (preg_check("/^[0-9A-Za-z]+$/", $captchs_encode) && preg_check("/^[0-9A-Za-z]+$/", $captcha_string)) {
$result = dbquery("SELECT * FROM ".DB_CAPTCHA." WHERE captcha_ip='".USER_IP."' AND captcha_encode='".$captchs_encode."' AND captcha_string='".$captcha_string."'");
if (dbrows($result)) {
$result = dbquery("DELETE FROM ".DB_CAPTCHA." WHERE captcha_ip='".USER_IP."' AND captcha_encode='".$captchs_encode."' AND captcha_string='".$captcha_string."'");
return true;
} else {
return false;
} else {
return false;
// Replace offensive words with the defined replacement word
function censorwords($text) {
global $settings;
if ($settings['bad_words_enabled'] == "1" && $settings['bad_words'] != "" ) {
$word_list = explode("\r\n", $settings['bad_words']);
for ($i=0; $i < count($word_list); $i++) {
if ($word_list[$i] != "") $text = preg_replace("/".$word_list[$i]."/si", $settings['bad_word_replace'], $text);
return $text;
// Display the user's level
function getuserlevel($userlevel) {
global $locale;
if ($userlevel == 101) { return $locale['user1'];
} elseif ($userlevel == 102) { return $locale['user2'];
} elseif ($userlevel == 103) { return $locale['user3'];
} elseif ($userlevel == 108) { return $locale['user4']; }
// Check if Administrator has correct rights assigned
function checkrights($right) {
if (iADMIN && in_array($right, explode(".", iUSER_RIGHTS))) {
return true;
} else {
return false;
// Check if user is assigned to the specified user group
function checkgroup($group) {
if (iSUPERADMIN) { return true; }
elseif (iADMIN && ($group == "0" || $group == "101" || $group == "102")) { return true;
} elseif (iMEMBER && ($group == "0" || $group == "101")) { return true;
} elseif (iGUEST && $group == "0") { return true;
} elseif (iMEMBER && in_array($group, explode(".", iUSER_GROUPS))) {
return true;
} else {
return false;
// Cache groups mysql
function cache_groups() {
global $groups_cache;
$result = dbquery("SELECT * FROM ".DB_USER_GROUPS." ORDER BY group_id ASC");
if (dbrows($result)) {
$groups_cache = array();
while ($data = dbarray($result)) {
$groups_cache[] = $data;
} else {
$groups_cache = array();
// Compile access levels & user group array
function getusergroups() {
global $locale, $groups_cache;
$groups_array = array(
array("0", $locale['user0']),
array("101", $locale['user1']),
array("102", $locale['user2']),
array("103", $locale['user3']),
array("108", $locale['user4'])
if (!$groups_cache) { cache_groups(); }
if (is_array($groups_cache) && count($groups_cache)) {
foreach ($groups_cache as $group) {
array_push($groups_array, array($group['group_id'], $group['group_name']));
return $groups_array;
// Get the name of the access level or user group
function getgroupname($group_id, $return_desc = false) {
global $locale, $groups_cache;
if ($group_id == "0") { return $locale['user0'];
} elseif ($group_id == "101") { return $locale['user1']; exit;
} elseif ($group_id == "102") { return $locale['user2']; exit;
} elseif ($group_id == "103") { return $locale['user3']; exit;
} elseif ($group_id == "108") { return $locale['user4']; exit;
} else {
if (!$groups_cache) { cache_groups(); }
if (is_array($groups_cache) && count($groups_cache)) {
foreach ($groups_cache as $group) {
if ($group_id == $group['group_id']) { return ($return_desc ? ($group['group_description'] ? $group['group_description'] : '-') : $group['group_name']); exit; }
return "N/A";
function groupaccess($field) {
if (iGUEST) { return "$field = '0'";
} elseif (iSUPERADMIN) { return "1 = 1";
} elseif (iADMIN) { $res = "($field='0' OR $field='101' OR $field='102'";
} elseif (iMEMBER) { $res = "($field='0' OR $field='101'";
if (iUSER_GROUPS != "" && !iSUPERADMIN) { $res .= " OR $field='".str_replace(".", "' OR $field='", iUSER_GROUPS)."'"; }
$res .= ")";
return $res;
// Create a list of files or folders and store them in an array
function makefilelist($folder, $filter, $sort=true, $type="files") {
$res = array();
$filter = explode("|", $filter);
$temp = opendir($folder);
while ($file = readdir($temp)) {
if ($type == "files" && !in_array($file, $filter)) {
if (!is_dir($folder.$file)) { $res[] = $file; }
} elseif ($type == "folders" && !in_array($file, $filter)) {
if (is_dir($folder.$file)) { $res[] = $file; }
if ($sort) { sort($res); }
return $res;
// Create a selection list from an array created by makefilelist()
function makefileopts($files, $selected = "") {
$res = "";
for ($i = 0; $i < count($files); $i++) {
$sel = ($selected == $files[$i] ? " selected='selected'" : "");
$res .= "<option value='".$files[$i]."'$sel>".$files[$i]."</option>\n";
return $res;
function makepagenav($start, $count, $total, $range = 0, $link = "") {
global $locale;
if ($link == "") { $link = FUSION_SELF."?"; }
$pg_cnt = ceil($total / $count);
if ($pg_cnt <= 1) { return ""; }
$idx_back = $start - $count;
$idx_next = $start + $count;
$cur_page = ceil(($start + 1) / $count);
$res = $locale['global_092']." ".$cur_page.$locale['global_093'].$pg_cnt.": ";
if($idx_back >= 0) {
if($cur_page > ($range + 1)) {
$res .= "<a href='".$link."rowstart=0'>1</a>...";
$idx_fst = max($cur_page - $range, 1);
$idx_lst = min($cur_page + $range, $pg_cnt);
if ($range == 0) {
$idx_fst = 1;
$idx_lst = $pg_cnt;
for ($i = $idx_fst; $i <= $idx_lst; $i++) {
$offset_page = ($i - 1) * $count;
if ($i == $cur_page) {
$res .= "<span><strong>".$i."</strong></span>";
} else {
$res .= "<a href='".$link."rowstart=".$offset_page."'>".$i."</a>";
if ($idx_next < $total) {
if ($cur_page < ($pg_cnt - $range)) {
$res .= "...<a href='".$link."rowstart=".($pg_cnt - 1) * $count."'>".$pg_cnt."</a>\n";
return "<div class='pagenav'>\n".$res."</div>\n";
// Format the date & time accordingly
function showdate($format, $val) {
global $settings;
if ($format == "shortdate" || $format == "longdate" || $format == "forumdate") {
return strftime($settings[$format], $val + ($settings['timeoffset']*3600));
} else {
return strftime($format, $val + ($settings['timeoffset'] * 3600));
// Translate bytes into kb, mb, gb or tb by CrappoMan
function parsebytesize($size, $digits = 2, $dir = false) {
$kb = 1024; $mb = 1024 * $kb; $gb= 1024 * $mb; $tb = 1024 * $gb;
if (($size == 0) && ($dir)) { return "Empty"; }
elseif ($size < $kb) { return $size."Bytes"; }
elseif ($size < $mb) { return round($size / $kb,$digits)."Kb"; }
elseif ($size < $gb) { return round($size / $mb,$digits)."Mb"; }
elseif ($size < $tb) { return round($size / $gb,$digits)."Gb"; }
else { return round($size / $tb, $digits)."Tb"; }
// User level, Admin Rights & User Group definitions
define("iGUEST", $userdata['user_level'] == 0 ? 1 : 0);
define("iMEMBER", $userdata['user_level'] >= 101 ? 1 : 0);
define("iADMIN", $userdata['user_level'] >= 102 ? 1 : 0);
define("iSUPERADMIN", $userdata['user_level'] == 103 ? 1 : 0);
define("iUSER", $userdata['user_level']);
define("iUSER_RIGHTS", $userdata['user_rights']);
define("iUSER_GROUPS", substr($userdata['user_groups'], 1));
if (iADMIN) {
define("iAUTH", substr($userdata['user_password'], 16, 32));
$aidlink = "?aid=".iAUTH;
function check_rang($userek_id)
global $db_prefix;
$ddd = dbarray(dbquery("SELECT user_rang from ".$db_prefix."users WHERE user_id='".$userek_id."'"));
if ($ddd['user_rang']=="")
$points = dbarray(dbquery("SELECT points_normal,points_bonus,points_punishment FROM ".$db_prefix."users WHERE user_id ='".$userek_id."'"));
$points_total = $points['points_normal'] + $points['points_bonus'] - $points['points_punishment'];
$bbb = dbarray(dbquery("SELECT rang_name from ".$db_prefix."eps_rangs WHERE rang_points<=".$points_total." ORDER BY rang_points DESC LIMIT 1"));
return $bbb['rang_name'];
} else return $ddd['user_rang'];
function show_points($userek_id)
global $db_prefix;
$eee = dbarray(dbquery("SELECT user_points from ".$db_prefix."users WHERE user_id='".$userek_id."'"));
if ($eee['user_points']<1)
$points = dbarray(dbquery("SELECT points_normal,points_bonus,points_punishment FROM ".$db_prefix."users WHERE user_id=".$userek_id.""));
return $points['points_normal'] + $points['points_bonus'] - $points['points_punishment'];
} else return $eee['user_points'];
function points($i){
switch ($i) {
case 'f':
echo $id_points = 1;
case 's':
$id_points = 2;
case 'l':
$id_points = 3;
case 'a':
$id_points = 4;
case 'n':
$id_points = 5;
return dbresult(dbquery("SELECT point_ammount FROM ".DB_EPS_POINTS." WHERE point_id ='".$id_points."'"),0);
include INCLUDES."system_images.php";
@eldiablo Wielkie thx ![Grin](../images/smiley/grin.gif)
Śmiga super!
Tylko pytanie co zrobić jak zrobiłem 2 grupę i też chcę jej dać prawa w PA ? ;D
Jeżeli ktoś by mógł podać pliki jakie należy edytować to nawet sam bym spróbował wykonać ten modzik.
Wiadomość doklejona:
Udało mi się dodać, nowy "level" użytkownika w tym przypadku jest to Redaktor (nazwę można zmienić w pliku local/Polish/global.php).
W załączniku gotowe pliki do podmiany. Pliki modyfikowane z najnowszej paczki PHP-Fusion 7.1.01. Pliki z folderu files, należy wrzucić na serwer. Kiedy program zapyta czy zastąpić istniejące klikamy Tak. I to wszystko. Mam nadzieje, że się przyda.
Nie wiem czy sam to wymyśliłeś ale pachnie mi to kodem który Podałem w tym temacie http://www.php-fu...ost_126540
rozwiązanie jest nowatorskie !
Do tego zacytuje !!! UWAGA !!!
Sposób przedstawiony przez DJPromo NIE jest bezpieczny!
Tak stworzona nowa ranga osób - czyli grupa osób - może mieć dostęp do zasobów dostępnych dla Admina. Krócej: taka osoba może mieć niepowołany dostęp do strony. Mogą wystąpić także inne problemy.
To tak dla zrozumienia pokazany kod jest dla testów i przemyśleń jak to wtedy można było zrobić to na tyle wyjaśnień.
