-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy pathnew_announcement.php
121 lines (120 loc) · 5.04 KB
/
new_announcement.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<?php
/**
* https://github.com/Bigjoos/
* Licence Info: GPL
* Copyright (C) 2010 U-232 v.3
* A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon.
* Project Leaders: Mindless, putyn.
*
*/
require_once (dirname(__FILE__).DIRECTORY_SEPARATOR.'include'.DIRECTORY_SEPARATOR.'bittorrent.php');
require_once (INCL_DIR.'user_functions.php');
require_once INCL_DIR.'bbcode_functions.php';
dbconn(false);
loggedinorreturn();
$lang = array_merge(load_language('global'));
if ($CURUSER['class'] < UC_ADMINISTRATOR) stderr('Error', 'Your not authorised');
$stdfoot = array(
/** include js **/
'js' => array(
'shout'
)
);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//== The expiry days.
$days = array(
array(
7,
'7 Days'
) ,
array(
14,
'14 Days'
) ,
array(
21,
'21 Days'
) ,
array(
28,
'28 Days'
) ,
array(
56,
'2 Months'
)
);
//== Usersearch POST data...
$n_pms = (isset($_POST['n_pms']) ? (int)$_POST['n_pms'] : 0);
$ann_query = (isset($_POST['ann_query']) ? trim($_POST['ann_query']) : '');
$ann_hash = (isset($_POST['ann_hash']) ? trim($_POST['ann_hash']) : '');
if (hashit($ann_query, $n_pms) != $ann_hash) die(); // Validate POST...
if (!preg_match('/\\ASELECT.+?FROM.+?WHERE.+?\\z/', $ann_query)) stderr('Error', 'Misformed Query');
if (!$n_pms) stderr('Error', 'No recipients');
//== Preview POST data ...
$body = trim((isset($_POST['msg']) ? $_POST['msg'] : ''));
$subject = trim((isset($_POST['subject']) ? $_POST['subject'] : ''));
$expiry = 0 + (isset($_POST['expiry']) ? $_POST['expiry'] : 0);
if ((isset($_POST['buttonval']) AND $_POST['buttonval'] == 'Submit')) {
//== Check values before inserting into row...
if (empty($body)) stderr('Error', 'No body to announcement');
if (empty($subject)) stderr('Error', 'No subject to announcement');
unset($flag);
reset($days);
foreach ($days as $x) if ($expiry == $x[0]) $flag = 1;
if (!isset($flag)) stderr('Error', 'Invalid expiry selection');
$expires = TIME_NOW + (86400 * $expiry); // 86400 seconds in one day.
$created = TIME_NOW;
$query = sprintf('INSERT INTO announcement_main '.'(owner_id, created, expires, sql_query, subject, body) '.'VALUES (%s, %s, %s, %s, %s, %s)', sqlesc($CURUSER['id']) , sqlesc($created) , sqlesc($expires) , sqlesc($ann_query) , sqlesc($subject) , sqlesc($body));
sql_query($query);
if (mysqli_affected_rows($GLOBALS["___mysqli_ston"])) stderr('Success', 'Announcement was successfully created');
stderr('Error', 'Contact an administrator');
}
echo stdhead("Create Announcement", false);
$HTMLOUT = "";
$HTMLOUT.= "<table class='main' width='750' border='0' cellspacing='0' cellpadding='0'>
<tr>
<td class='embedded'><div align='center'>
<h1>Create Announcement for ".($n_pms)." user".($n_pms > 1 ? 's' : '')." !</h1>";
$HTMLOUT.= "<form name='compose' method='post' action='{$INSTALLER09['baseurl']}/new_announcement.php'>
<table border='1' cellspacing='0' cellpadding='5'>
<tr>
<td colspan='2'><b>Subject: </b>
<input name='subject' type='text' size='76' value='".htmlsafechars($subject)."' /></td>
</tr>
<tr><td colspan='2'><div align='center'>
".textbbcode("compose", "msg", $body)."
</div></td></tr>";
$HTMLOUT.= "<tr><td colspan='2' align='center'>";
$HTMLOUT.= "<select name='expiry'>";
reset($days);
foreach ($days as $x) $HTMLOUT.= '<option value="'.$x[0].'"'.(($expiry == $x[0] ? '' : '')).'>'.$x[1].'</option>';
$HTMLOUT.= "</select>
<input type='submit' name='buttonval' value='Preview' class='btn' />
<input type='submit' name='buttonval' value='Submit' class='btn' />
</td></tr></table>
<input type='hidden' name='n_pms' value='".$n_pms."' />
<input type='hidden' name='ann_query' value='".$ann_query."' />
<input type='hidden' name='ann_hash' value='".$ann_hash."' />
</form><br /><br />
</div></td></tr></table>";
if ($body) {
$newtime = TIME_NOW + (86400 * $expiry);
$HTMLOUT.= "<table width='700' class='main' border='0' cellspacing='1' cellpadding='1'>
<tr><td bgcolor='#663366' align='center' valign='baseline'><h2><font color='white'>Announcement:
".htmlsafechars($subject)."</font></h2></td></tr>
<tr><td class='text'>
".format_comment($body)."<br /><hr />Expires: ".get_date($newtime, 'DATE')."";
$HTMLOUT.= "</td></tr></table>";
}
} else { // Shouldn't be here
header("HTTP/1.0 404 Not Found");
$HTMLOUT = "";
$HTMLOUT.= "<html><h1>Not Found</h1><p>The requested URL ".htmlsafechars($_SERVER['SCRIPT_NAME'], strrpos($_SERVER['SCRIPT_NAME'], '/') + 1)." was not found on this server.</p>
<hr />
<address>{$_SERVER['SERVER_SOFTWARE']} Server at {$INSTALLER09['baseurl']} Port 80</address></body></html>\n";
echo $HTMLOUT;
die();
}
echo $HTMLOUT.stdfoot($stdfoot);
?>