Pentium44
/
SSB
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
SSB/index.php

1630 lines
60 KiB
PHP
Executable File
Raw Permalink Blame History

<?php
// SSB - Simple Social Board
// (C) Chris Dorman, 2012 - 2020
// License: CC-BY-NC-SA version 3.0
// http://github.com/Pentium44/SSB
//// For development debug.
//error_reporting(E_ALL);
//ini_set('display_errors', 1);
session_start();
include "config.php";
include "functions.php";
include "bbcode.php";
$loginCheck = checkLogin();
// check if flatfile database location is populated
if(!file_exists("ssb_db"))
{
mkdir("ssb_db", 0777);
}
if(!file_exists("ssb_db/users"))
{
mkdir("ssb_db/users", 0777);
}
if(!file_exists("ssb_db/posts"))
{
mkdir("ssb_db/posts", 0777);
}
if(!file_exists("ssb_db/uploads"))
{
mkdir("ssb_db/uploads", 0777);
}
if(!file_exists("ssb_db/friends"))
{
mkdir("ssb_db/friends", 0777);
}
$username = $_SESSION['ssb-user'];
//$_SESSION['ssb-topic'] = $ssbtopic;
?>
<!DOCTYPE html>
<html lang="en-us">
<head>
<title><?php echo htmlentities(stripslashes($ssbtitle)); ?></title>
<?php
if($_GET['do']!="post" && $_GET['do']!="reply" && $_GET['do']!="react" && $_GET['do']!="avatarupload" && $_GET['do']!="delpost") {
echo '<meta http-equiv="content-type" content="text/html; charset=utf-8">';
}
?>
<meta name="viewport" content="width=device-width, initial-scale=.55, shrink-to-fit=yes"><meta name="description" content="<?php echo htmlentities($ssbtitle) . " - " . $desc; ?>">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body <?php if($_GET['do']=="privmsg") { echo "onload=\"UpdateTimer();\""; } ?>>
<div class="title"><?php echo $ssbtitle; ?></div>
<div class="maincontain">
<table id="containtable">
<tr><td id="navcontainer">
<div id="navbar">
<?php if(isset($_SESSION['ssb-user']) && isset($_SESSION['ssb-pass'])) { ?>
<a style="width:50px;" href="?forms=post" title="Post on your feed!">Make a post</a><br />
<a style="width:50px;" href="?userfeed=<?php echo $username; ?>" title="Your profile!">Profile</a><br />
<a href="index.php">Feed</a><br />
<a href="?do=friends">Friends</a><br />
<a href="?do=about">About</a><br />
<a style="width:50px;" href="?do=users" title="Public users!">Public figures</a><br />
<a style="width:50px;" href="?do=userctrl">Settings</a><br />
<a style="width:50px;" href="?do=logout">Log out</a><br />
<?php } else { ?>
<a href="?forms=login">Login</a><br />
<a href="?do=about">About</a><br />
<?php } ?>
</div>
<?php
if(($loginCheck == true) && $_GET['do']!="avatarlocation" && $_GET['do']!="reply" && $_GET['do']!="post" && $_GET['do']!="react" && $_GET['do']!="delpost") {
// PM notifications
$notifications = "ssb_db/friends/" . $username . ".notifications";
$handle = fopen($notifications, "r");
echo "<table class='notifications'><tr><td>Notifications: <a class='button' onclick=\"userClrNotifications();\">Clear</a></td></tr>";
if ($handle) {
while (($line = fgets($handle)) !== false) {
echo "<tr><td><i class='fa fa-exclamation' aria-hidden='true'></i> " . $line . "</td></tr>";
}
fclose($handle);
} else {
echo "<tr><td>No notifications</td></tr>";
}
echo "</table></td><td class='contain'>";
} else {
echo "</td><td class='contain'>";
}
?>
<?php
if(isset($_GET['forms']))
{
$forms = $_GET['forms'];
$id = $_GET['pid'];
if($forms=="register") {
registerForm();
}
else if($forms=="login") {
loginForm();
}
else if($forms=="friendreq") {
if($loginCheck == true) {
friendReqForm();
} else {
loginForm();
}
}
else if($forms=="changepass") {
if($loginCheck == true) {
changePassForm();
} else {
loginForm();
}
}
else if($forms=="deleteacct") {
if($loginCheck == true) {
deleteAcctForm();
} else {
loginForm();
}
}
else if($forms=="avatarupload") {
if($loginCheck == true) {
uploadAvatarForm();
} else {
loginForm();
}
}
else if($forms=="post") {
if($loginCheck == true) {
postForm();
} else {
loginForm();
}
}
else if($forms=="clean") {
if($loginCheck == true) {
cleanForm();
} else {
loginForm();
}
}
else {
echo "ERROR: Unknown form-name<br>";
}
}
else if(isset($_GET['notify']))
{
$notify = $_GET['notify'];
if($notify=="1") { echo "Error: User not found"; }
else if($notify=="2") { echo "Error: Incorrect password provided"; }
else if($notify=="3") { echo "Error: Please fill out all the text boxes"; }
else if($notify=="4") { echo "Error: The provided passwords did not match"; }
else if($notify=="5") { echo "Error: Special characters cannot be used in your username"; }
else if($notify=="6") { echo "Error: This username is already in use"; }
else if($notify=="7") { echo "Error: Current password incorrect!"; }
else if($notify=="8") { echo "Success! Current password changed!"; }
else { echo "Error: unknown error... this is quite unusual..."; }
}
else if(isset($_GET['userfeed']))
{
$userid = $_GET['userfeed'];
// Make sure we're friends or is my account.
include "ssb_db/users/" . $userid . ".php";
if ($accttype == "private") {
if ($loginCheck == true) {
$friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
include "ssb_db/friends/" . $username . ".php";
for($x = 1; $x <= $friendcount; $x++)
{
// If private, and user is following. Allow
if($userid == ${"friend" . $x}) {
echo "<table><tr><td>";
echo "<div class='avatar' style=\"background-image: url('index.php?do=avatarlocation&user=" . $userid . "');\" title='User Avatar'></div><br />";
// DONE
echo "</td><td>";
echo "<h3>User information</h3>";
echo "Username: " . $userid . "@" . $domain . "<br />";
echo "Full name: " . $user_fullname . "<br />";
echo "<h3>User posts</h3>";
echo "</td></tr></table>";
}
}
// Check if viewing your own profile
if($userid == $username)
{
echo "<table><tr><td>";
// Get user avatar if set
echo "<div class='avatar' style=\"background-image: url('index.php?do=avatarlocation&user=" . $userid . "');\" title='User Avatar'></div><br />";
// DONE
echo "</td><td>";
echo "<h3>User information</h3>";
echo "Username: " . $userid . "@" . $domain . "<br />";
echo "Full name: " . $user_fullname . "<br />";
echo "<h3>User posts</h3>";
echo "</td></tr></table>";
}
// Lets generate the users feed now.
foreach(array_reverse(glob("ssb_db/posts/post_" . $userid . "_" . "*.php")) as $postfile) {
//echo $postfile;
unset($shared); // Keep clean variables
include $postfile;
for($x = 1; $x <= $friendcount; $x++)
{
if($postowner == ${"friend" . $x}) {
echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span class='date'>$postdate &nbsp;&nbsp;";
if(file_exists("ssb_db/posts/$postid.reactcount")) {
$reacts = file_get_contents("ssb_db/posts/$postid.reactcount");
echo "<div class='reacts'><i class='fa fa-heart' style='color: red;'></i> $reacts <div class='react-list'>";
// Pull up users who reacted, and generate dropdown list.
$reactlist = fopen("ssb_db/posts/$postid.reacted", "r");
if($reactlist) {
while (($reactor = fgets($reactlist)) !== false) {
echo "<b>$reactor</b>";
}
fclose($reactlist);
}
echo "</div></div>";
}
if(isset($shared) && $shared == "1")
{
echo "<br />Originally posted by $origowner";
}
echo "</span></h3></td></tr></table>";
echo "" . bbcode_format($postcontent) . "";
// Footer
echo "<div class='post-footer'>";
echo "<a style='padding-top: 6px;' onclick=\"userReact('" . $postowner . "','" . $postid . "');\" class='button'><i class='fa fa-heart'></i>&nbsp;React</a>";
echo "<a style='padding-top: 6px;' href='index.php?view=$postid&user=$postowner' class='button'><i class='fa fa-comment'></i>&nbsp;Comment</a>";
echo "<a style='padding-top: 6px;' href='index.php?do=share&pid=$postid&user=$postowner' class='button'><i class='fa fa-share'></i>&nbsp;Share</a>";
echo "<br />"; // line break
if(file_exists("ssb_db/posts/reply_" . $postowner . "_" . $postid . ".count")) {
$postcount = file_get_contents("ssb_db/posts/reply_" . $postowner . "_" . $postid . ".count");
// If there's a reply, show them.
if($postcount == 0) {
echo "no replies";
} else if($postcount == 1) {
echo "$postcount reply";
} else if ($postcount > 0) {
echo "$postcount replies";
}
}
echo " &bull; ";
// Show reaction count in footer as well.
if(file_exists("ssb_db/posts/" . $postid . ".reactcount")) {
$reactcount = file_get_contents("ssb_db/posts/" . $postid . ".reactcount");
if($reactcount == 1) {
echo "$reactcount reaction";
} else if ($reactcount > 0) {
echo "$reactcount reactions";
}
} else {
echo "no reactions";
}
echo "</div></div><br />\n";
}
}
if($postowner == $username)
{
echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span class='date'>$postdate &nbsp;&nbsp;";
if(file_exists("ssb_db/posts/$postid.reactcount")) {
$reacts = file_get_contents("ssb_db/posts/$postid.reactcount");
echo "<div class='reacts'><i class='fa fa-heart' style='color: red;'></i> $reacts <div class='react-list'>";
// Pull up users who reacted, and generate dropdown list.
$reactlist = fopen("ssb_db/posts/$postid.reacted", "r");
if($reactlist) {
while (($reactor = fgets($reactlist)) !== false) {
echo "<b>$reactor</b>";
}
fclose($reactlist);
}
echo "</div></div>";
}
if(isset($shared) && $shared == "1")
{
echo "<br />Originally posted by $origowner";
}
echo "</span></h3></td></tr></table>";
echo "" . bbcode_format($postcontent) . "";
// Footer
echo "<div class='post-footer'>";
echo "<a style='padding-top: 6px;' onclick=\"userReact('" . $postowner . "','" . $postid . "');\" class='button'><i class='fa fa-heart'></i>&nbsp;React</a>";
echo "<a style='padding-top: 6px;' href='index.php?view=$postid&user=$postowner' class='button'><i class='fa fa-comment'></i>&nbsp;Comment</a>";
echo "<a style='padding-top: 6px;' href='index.php?do=delpost&user=$username&pid=$postid' class='button'><i class='fa fa-trash-o'></i>&nbsp;Delete</a>";
echo "<br />"; // line break
if(file_exists("ssb_db/posts/reply_" . $postowner . "_" . $postid . ".count")) {
$postcount = file_get_contents("ssb_db/posts/reply_" . $postowner . "_" . $postid . ".count");
// If there's a reply, show them.
if($postcount == 0) {
echo "no replies";
} else if($postcount == 1) {
echo "$postcount reply";
} else if ($postcount > 0) {
echo "$postcount replies";
}
}
echo " &bull; ";
// Show reaction count in footer as well.
if(file_exists("ssb_db/posts/" . $postid . ".reactcount")) {
$reactcount = file_get_contents("ssb_db/posts/" . $postid . ".reactcount");
if($reactcount == 1) {
echo "$reactcount reaction";
} else if ($reactcount > 0) {
echo "$reactcount reactions";
}
} else {
echo "no reactions";
}
echo "</div></div><br />\n";
}
}
echo "<!-- Gen done...-->";
}
}
else
{
echo "<h3>User information</h3>";
echo "<table><tr><td>";
echo "<div class='avatar' style=\"background-image: url('index.php?do=avatarlocation&user=$userid');\" title='User Avatar'></div>";
// DONE
echo "</td><td>";
// If not friend, allow to send friend request from right here!
$friend = 0;
$friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
include "ssb_db/friends/" . $username . ".php";
for($x = 1; $x <= $friendcount; $x++)
{
// If private, and user is following. Allow
if($userid == ${"friend" . $x}) {
$friend = 1;
}
}
if($friend!=1) {
echo "<a class='button' href='index.php?do=sendfr&user=$userid'>Send friend request</a><br /><br />";
}
echo "Username: " . $userid . "@" . $domain . "<br />";
echo "Full name: " . $user_fullname;
echo "</td></tr></table>";
foreach(array_reverse(glob("ssb_db/posts/post_" . $userid . "_" . "*.php")) as $postfile) {
include $postfile;
unset($shared);
echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span class='date'>$postdate &nbsp;&nbsp;";
if(file_exists("ssb_db/posts/$postid.reactcount")) {
$reacts = file_get_contents("ssb_db/posts/$postid.reactcount");
echo "<div class='reacts'><i class='fa fa-heart' style='color: red;'></i> $reacts <div class='react-list'>";
// Pull up users who reacted, and generate dropdown list.
$reactlist = fopen("ssb_db/posts/$postid.reacted", "r");
if($reactlist) {
while (($reactor = fgets($reactlist)) !== false) {
echo "<b>$reactor</b>";
}
fclose($reactlist);
}
echo "</div></div>";
}
if(isset($shared) && $shared == "1")
{
echo "<br />Originally posted by $origowner";
}
echo "</span></h3></td></tr></table>";
echo "" . bbcode_format($postcontent) . "";
// Footer
echo "<div class='post-footer'>";
echo "<a style='padding-top: 6px;' onclick=\"userReact('" . $postowner . "','" . $postid . "');\" class='button'><i class='fa fa-heart'></i>&nbsp;React</a>";
echo "<a style='padding-top: 6px;' href='index.php?view=$postid&user=$postowner' class='button'><i class='fa fa-comment'></i>&nbsp;Comment</a>";
echo "<a style='padding-top: 6px;' href='index.php?do=share&pid=$postid&user=$postowner' class='button'><i class='fa fa-share'></i>&nbsp;Share</a>";
echo "<br />"; // line break
if(file_exists("ssb_db/posts/reply_" . $postowner . "_" . $postid . ".count")) {
$postcount = file_get_contents("ssb_db/posts/reply_" . $postowner . "_" . $postid . ".count");
// If there's a reply, show them.
if($postcount == 0) {
echo "no replies";
} else if($postcount == 1) {
echo "$postcount reply";
} else if ($postcount > 0) {
echo "$postcount replies";
}
}
echo " &bull; ";
// Show reaction count in footer as well.
if(file_exists("ssb_db/posts/" . $postid . ".reactcount")) {
$reactcount = file_get_contents("ssb_db/posts/" . $postid . ".reactcount");
if($reactcount == 1) {
echo "$reactcount reaction";
} else if ($reactcount > 0) {
echo "$reactcount reactions";
}
} else {
echo "no reactions";
}
echo "</div></div><br />\n";
}
echo "<!-- Gen done...-->";
}
}
else if(isset($_GET['view']) && isset($_GET['user']))
{
$puser = $_GET['user'];
$id = $_GET['view'];
$postc = file_get_contents("ssb_db/posts/reply_" . $puser . "_" . $id . ".count");
include "ssb_db/posts/post_" . $puser . "_" . $id . ".php";
echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span class='date'>$postdate &nbsp;&nbsp;";
if(file_exists("ssb_db/posts/$postid.reactcount")) {
$reacts = file_get_contents("ssb_db/posts/$postid.reactcount");
echo "<div class='reacts'><i class='fa fa-heart' style='color: red;'></i> $reacts <div class='react-list'>";
// Pull up users who reacted, and generate dropdown list.
$reactlist = fopen("ssb_db/posts/$postid.reacted", "r");
if($reactlist) {
while (($reactor = fgets($reactlist)) !== false) {
echo "<b>$reactor</b>";
}
fclose($reactlist);
}
echo "</div></div>";
}
if(isset($shared) && $shared == "1")
{
echo "<br />Originally posted by $origowner";
}
echo "</span></h3></td></tr></table>";
echo "" . bbcode_format($postcontent) . "";
// Footer
echo "<a style='padding-top: 6px;' onclick=\"userReact('" . $postowner . "','" . $postid . "');\" class='button'><i class='fa fa-heart'></i>&nbsp;React</a>";
echo "<a style='padding-top: 6px;' href='index.php?do=share&pid=$postid&user=$postowner' class='button'><i class='fa fa-share'></i>&nbsp;Share</a>";
echo "</div><br />\n";
for($x = 1; $x <= $postc; $x++) {
$reply_content = ${"reply" . $x};
$reply_user = ${"reply" . $x . "_user"};
$reply_date = ${"reply" . $x . "_date"};
echo "<div class='reply'>";
echo "<table><tr><td><div class='avatar_small' style='background-image: url(\"index.php?do=avatarlocation&user=$reply_user\");' title='User Avatar'></div></td><td><h4>$reply_user <a onclick=\"userTag('$reply_user');\"><i class='fa fa-tag'></i></a> <span style='font-size: 8px; padding-left: 6px; color: #808080;'>$reply_date</span></h4></td></tr></table>";
echo "<div class='reply_content'>" . bbcode_format($reply_content) . "</div>";
echo "</div>\n";
}
echo "<br />";
if ($loginCheck != true) {
echo "Login to reply...";
} else {
$friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
include "ssb_db/friends/" . $username . ".php";
for($x = 1; $x <= $friendcount; $x++)
{
if($puser == ${"friend" . $x}) {
$z = "1";
replyForm($id, $puser);
}
}
// Its you dummy
if($puser == $username) {
$z = "1";
replyForm($id, $puser);
}
if(!isset($z))
{
echo "Not following! Follow to reply...<br />";
}
}
}
else if(isset($_GET['do']))
{
$do = $_GET['do'];
if($do=="post")
{
if ($loginCheck != true) { loginForm(); } else {
$date = date("YmdHis"); // timestamp in year, month, date, hour, minute, and second.
$titledate = date("m-d-Y h:i:sa"); // time stamp for people to read xD
if(isset($_FILES["file"]["name"]) && isset($username)) {
$uploaded = array(); // empty array for upload file names
$uploaded_name = array(); // empty array for upload names
// File selected, upload!
for($i=0; $i<count($_FILES["file"]["name"]); $i++)
{
$allowedExts = array("gif", "jpeg", "jpg", "png", "bmp", "ico", "GIF", "JPEG", "JPG", "PNG", "BMP", "ICO", "mp4", "MP4");
$temp = explode(".", $_FILES["file"]["name"][$i]);
$extension = end($temp);
if ((($_FILES["file"]["type"][$i] == "image/gif")
|| ($_FILES["file"]["type"][$i] == "image/x-gif")
|| ($_FILES["file"]["type"][$i] == "image/jpeg")
|| ($_FILES["file"]["type"][$i] == "image/x-jpeg")
|| ($_FILES["file"]["type"][$i] == "image/x-jpg")
|| ($_FILES["file"]["type"][$i] == "image/jpg")
|| ($_FILES["file"]["type"][$i] == "image/pjpeg")
|| ($_FILES["file"]["type"][$i] == "image/x-png")
|| ($_FILES["file"]["type"][$i] == "image/bmp")
|| ($_FILES["file"]["type"][$i] == "image/x-icon")
|| ($_FILES["file"]["type"][$i] == "application/octet-stream")
|| ($_FILES["file"]["type"][$i] == "video/mp4")
// || ($_FILES["file"]["type"][$i] == "video/ogg")
// || ($_FILES["file"]["type"][$i] == "video/webm")
// || ($_FILES["file"]["type"][$i] == "video/x-flv")
// || ($_FILES["file"]["type"][$i] == "video/mp4v-es")
|| ($_FILES["file"]["type"][$i] == "image/png")
|| ($_FILES["file"]["type"][$i] == ""))
&& ($_FILES["file"]["size"][$i] < $user_max_upload)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"][$i] > 0)
{
echo $_FILES["file"]["name"][$i] . " - Return Code: " . $_FILES["file"]["error"][$i] . "<br />";
}
else
{
if(file_exists("ssb_db/uploads/" . $_FILES["file"]["name"][$i]))
{
echo "Error: " . $_FILES["file"]["name"][$i] . " exists.<br />";
}
else
{
$randstring = getRandString("32");
move_uploaded_file($_FILES["file"]["tmp_name"][$i],
"ssb_db/uploads/" . $randstring . "." . $extension);
array_push($uploaded, $randstring . "." . $extension);
array_push($uploaded_name, pathinfo($_FILES["file"]["name"][$i], PATHINFO_FILENAME));
echo "Success: " . $_FILES["file"]["name"][$i] . " (" . tomb($_FILES["file"]["size"][$i]) . ") uploaded...<br />";
//rename("ssb_db/uploads/" . $FILES["file"]["name"][$i], "ssb_db/uploads/" . $username . "_" . $date . $extension);
}
}
}
else
{
// Check if there was actually an issue
if($_FILES["file"]["size"] == "0") {
echo "Error: " . $_FILES["file"]["name"][$i] . " is too large, or is a invalid filetype";
}
}
} // end of for loop
$srchcont = stripslashes(htmlentities($_POST['body']));
$srchcont .= " "; // doesn't find tag if there's not a fucking whitespace
$checkForUserTag = searchForUserTag($srchcont);
$taggedUser = substr($checkForUserTag, 1, -1);
if(file_exists("ssb_db/users/" . $taggedUser . ".name")) {
if($taggedUser!=$postowner) {
$tagged_notifications = file_get_contents("ssb_db/friends/" . $taggedUser . ".notifications");
file_put_contents("ssb_db/friends/" . $taggedUser . ".notifications", "<b>$username</b> <a href='index.php?view=$date&user=$username'>tagged you in a post</a>\n" . $tagged_notifications);
}
}
$body = nl2br(htmlentities(stripcslashes($_POST['body'])));
//$username = stripcslashes(htmlentities($username));
include "ssb_db/users/" . $username . ".php";
$post_file = "ssb_db/posts/post_" . $username . "_" . $date . ".php";
$post_attachments = "<br />";
$post_string = "<?php\n\$postowner = \"" . $username . "\";\$postid=\"" . $date . "\";\$postdate=\"" . $titledate . "\";\$postcontent = \"" . $body . "<br />";
$attachments = array();
$fileCount = 0;
foreach($uploaded as &$upload)
{
if(file_exists("ssb_db/uploads/" . $upload)) {
$ext = pathinfo("ssb_db/uploads/ . $upload", PATHINFO_EXTENSION);
if($ext == "mp4" || $ext == "MP4") {
array_push($attachments, "<div class='attachment'>" . $uploaded_name[$fileCount] . "<video width='560' height='315' controls><source src='ssb_db/uploads/$upload' type='video/mp4'>HTML5 video not supported :(</video></div>");
}
else
{
array_push($attachments, "<div class='attachment'><a href='ssb_db/uploads/" . $upload . "'><img src='ssb_db/uploads/" . $upload . "'></a></div>");
}
}
$fileCount++; // Add it up
}
foreach($attachments as &$attachvar)
{
$post_attachments .= $attachvar;
}
$post_string_end = "\";\n?>\n";
file_put_contents($post_file, $post_string . $post_attachments . $post_string_end);
file_put_contents("ssb_db/posts/" . $date . ".post", "post_" . $username . "_" . $date . ".php");
file_put_contents("ssb_db/posts/reply_" . $username . "_" . $date . ".count", "0");
echo "Post processed... if redirection fails, <a href=\"?view=$date&user=$username\">Click Here</a><br />";
header("Location: index.php?view=$date&user=$username");
}
else
{
echo "ERROR: Missing post data! Select an image to upload or let us know whats up!<br />";
}
}
}
if($do=="avatarupload")
{
if(isset($_FILES["file"]["name"]) && ($loginCheck == true)) {
$date = date("YmdHis"); // timestamp in year, month, date, hour, minute, and second.
for($i=0; $i<count($_FILES["file"]["name"]); $i++)
{
$allowedExts = array("gif", "jpeg", "jpg", "png", "bmp", "ico", "png");
$temp = explode(".", $_FILES["file"]["name"][$i]);
$extension = end($temp);
if ((($_FILES["file"]["type"][$i] == "image/gif")
|| ($_FILES["file"]["type"][$i] == "image/x-gif")
|| ($_FILES["file"]["type"][$i] == "image/jpeg")
|| ($_FILES["file"]["type"][$i] == "image/x-jpeg")
|| ($_FILES["file"]["type"][$i] == "image/x-jpg")
|| ($_FILES["file"]["type"][$i] == "image/jpg")
|| ($_FILES["file"]["type"][$i] == "image/pjpeg")
|| ($_FILES["file"]["type"][$i] == "image/x-png")
|| ($_FILES["file"]["type"][$i] == "image/bmp")
|| ($_FILES["file"]["type"][$i] == "image/x-icon")
|| ($_FILES["file"]["type"][$i] == "image/png")
|| ($_FILES["file"]["type"][$i] == ""))
&& ($_FILES["file"]["size"][$i] < $user_max_upload)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"][$i] > 0)
{
echo $_FILES["file"]["name"][$i] . " - Return Code: " . $_FILES["file"]["error"][$i] . "<br>";
}
else
{
if(file_exists("ssb_db/uploads/" . $_FILES["file"]["name"][$i]))
{
echo "Error: " . $_FILES["file"]["name"][$i] . " exists.<br>";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"][$i],
"ssb_db/uploads/" . $username . "_" . $date . "." . $extension);
$oldcontent = file_get_contents("ssb_db/users/" . $username . ".php");
file_put_contents("ssb_db/users/" . $username . ".php", $oldcontent . "<?php \$user_avatar = \"" . $username . "_" . $date . "." . $extension . "\"; ?>\n");
echo "Avatar uploaded and set! <a href='index.php'>Redirecting</a> in 3 seconds...";
header("refresh: 3;url=index.php");
}
}
} else {
echo "Error: " . $_FILES["file"]["name"][$i] . " is too large, or is a invalid filetype";
}
}
}
}
if($do=="reply")
{
if ($loginCheck != true) { loginForm(); } else {
if(!isset($_GET['pid']) or !file_exists("ssb_db/posts/" . $_GET['pid'] . ".post")) { echo "ERROR: Post ID is not set, or invalid"; } else {
if(isset($_POST['reply']) && isset($username) && $_POST['body']!="")
{
$pid = $_GET['pid'];
$post_file_name = file_get_contents("ssb_db/posts/$pid.post");
include "ssb_db/posts/" . $post_file_name;
$srchcont = stripslashes(htmlentities($_POST['body']));
$srchcont .= " ";
$checkForUserTag = searchForUserTag($srchcont);
$taggedUser = substr($checkForUserTag, 1, -1);
if(file_exists("ssb_db/users/" . $taggedUser . ".name")) {
if($taggedUser!=$postowner) {
$tagged_notifications = file_get_contents("ssb_db/friends/" . $taggedUser . ".notifications");
file_put_contents("ssb_db/friends/" . $taggedUser . ".notifications", "<b>$username</b> <a href='index.php?view=$pid&user=$postowner'>tagged you in a comment</a>\n" . $tagged_notifications);
}
}
$replydate = date("m-d-Y h:i:sa"); // time stamp for people to read xD
$body = nl2br(htmlentities(stripcslashes($_POST['body'])));
//$username = stripcslashes(htmlentities($username));
$old_content = file_get_contents("ssb_db/posts/" . $post_file_name);
$reply_count = file_get_contents("ssb_db/posts/reply_" . $postowner . "_" . $pid . ".count");
$reply_count = $reply_count+1;
$post_string = "<?php \n\$reply" . $reply_count . " = \"" . $body . "\";\$reply" . $reply_count . "_user = \"" . $username . "\"; \$reply" . $reply_count . "_date = \"" . $replydate . "\";\n?>\n";
file_put_contents("ssb_db/posts/" . $post_file_name, $old_content . $post_string);
file_put_contents("ssb_db/posts/reply_" . $postowner . "_" . $pid . ".count", $reply_count);
if($username!=$postowner) {
$owner_notifications = file_get_contents("ssb_db/friends/" . $postowner . ".notifications");
file_put_contents("ssb_db/friends/" . $postowner . ".notifications", "<b>$username</b> <a href='index.php?view=$pid&user=$postowner'>replied to your post</a>\n" . $owner_notifications);
}
echo "If you're seeing this; redirection failed: <a href=\"?view=$pid&user=$postowner\">Click Here</a><br>";
header("Location:index.php?view=$pid&user=$postowner");
}
else
{
echo "ERROR: Missing form data<br>";
}
}
}
}
if($do=="delpost")
{
if ($loginCheck != true) { loginForm(); } else {
if(isset($_GET['user']) && $_GET['user']!="" && isset($_GET['pid']) && $_GET['pid']!="") {
if(file_exists("ssb_db/posts/post_" . stripslashes($_GET['user']) . "_" . stripslashes($_GET['pid']) . ".php") && $username == stripslashes($_GET['user'])) {
$postuser = $_GET['user'];
$pid = $_GET['pid'];
unlink("ssb_db/posts/" . $pid . ".post");
unlink("ssb_db/posts/post_" . $postuser . "_" . $pid . ".php");
unlink("ssb_db/posts/reply_" . $postuser . "_" . $pid . ".count");
flush();
header("refresh: 0;url=index.php");
exit;
} else { echo "ERROR: post doesn't exist or YOU ARE NOT THE OWNER OF SAID POST... THIS incident has been recorded!"; file_put_contents("ssb_db/log.txt", "Post deletion error: IP <" . $_SERVER['REMOTE_ADDR'] . "> post not found or not users post: post_" . $postuser . "_" . $pid . ".php\n"); }
} else { echo "ERROR: USER and PID variables not set!"; }
}
}
if($do=="share")
{
if ($loginCheck != true) { loginForm(); } else {
if(isset($_GET['user']) && $_GET['user']!="" && isset($_GET['pid']) && $_GET['pid']!="") {
if(file_exists("ssb_db/posts/post_" . stripslashes($_GET['user']) . "_" . stripslashes($_GET['pid']) . ".php")) {
$postuser = stripslashes($_GET['user']);
$pid = stripslashes($_GET['pid']);
$date = date("YmdHis"); // timestamp in year, month, date, hour, minute, and second.
$titledate = date("m-d-Y h:i:sa"); // time stamp for people to read xD
include("ssb_db/friends/" . $username . ".php");
include("ssb_db/posts/post_" . $postuser . "_" . $pid . ".php");
if($accttype == "public") {
$post_file = "ssb_db/posts/post_" . $username . "_" . $date . ".php";
$post_attachments = "<br />";
$post_string = "<?php\n\$postowner = \"" . $username . "\";\$postid=\"" . $date . "\";\$postdate=\"" . $titledate . "\";\$shared = \"1\";\$origowner = \"" . $postowner . "\";\$postcontent = \"" . $postcontent;
$post_string_end = "\";\n?>\n";
$notification = file_get_contents("ssb_db/friends/" . $postuser . ".notifications");
file_put_contents("ssb_db/friends/" . $postuser . ".notifications", "<b>$username</b> <a href='index.php?view=$date&user=$username'>shared your post</a>\n" . $notification);
file_put_contents($post_file, $post_string . $post_attachments . $post_string_end);
file_put_contents("ssb_db/posts/" . $date . ".post", "post_" . $username . "_" . $date . ".php");
file_put_contents("ssb_db/posts/reply_" . $username . "_" . $date . ".count", "0");
flush();
header("refresh: 0;url=index.php");
exit;
} else {
$friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
for($x = 1; $x <= $friendcount; $x++)
{
if($postowner == ${"friend" . $x}) {
$foundfriend = 1;
$post_file = "ssb_db/posts/post_" . $username . "_" . $date . ".php";
$post_attachments = "<br />";
$post_string = "<?php\n\$postowner = \"" . $username . "\";\$postid=\"" . $date . "\";\$postdate=\"" . $titledate . "\";\$shared = \"1\";\$origowner = \"" . $postowner . "\";\$postcontent = \"" . $postcontent;
$post_string_end = "\";\n?>\n";
$notification = file_get_contents("ssb_db/friends/" . $postuser . ".notifications");
file_put_contents("ssb_db/friends/" . $postuser . ".notifications", "<b>$username</b> <a href='index.php?view=$date&user=$username'>shared your post</a>\n" . $notification);
file_put_contents($post_file, $post_string . $post_attachments . $post_string_end);
file_put_contents("ssb_db/posts/" . $date . ".post", "post_" . $username . "_" . $date . ".php");
file_put_contents("ssb_db/posts/reply_" . $username . "_" . $date . ".count", "0");
flush();
header("refresh: 0;url=index.php");
exit;
}
}
}
} else { echo "ERROR: post doesn't exist or YOU ARE NOT THE OWNER OF SAID POST... THIS incident has been recorded!"; file_put_contents("ssb_db/log.txt", "Post deletion error: IP <" . $_SERVER['REMOTE_ADDR'] . "> post not found or not users post: post_" . $postuser . "_" . $pid . ".php\n"); }
} else { echo "ERROR: USER and PID variables not set!"; }
}
}
if($do=="react")
{
if ($loginCheck != true) { loginForm(); } else {
if(isset($_GET['user']) && $_GET['user']!="" && isset($_GET['pid']) && $_GET['pid']!="") {
if(file_exists("ssb_db/posts/post_" . stripslashes($_GET['user']) . "_" . stripslashes($_GET['pid']) . ".php")) {
$postuser = $_GET['user'];
$pid = $_GET['pid'];
$handle = fopen("ssb_db/posts/$pid.reacted", "r");
if ($handle) {
while (($line = fgets($handle)) !== false) {
$line = str_replace(array("\n", "\r"), '', $line);
if($line == $username) {
echo "You've already reacted to this post... <a href='index.php?view=$pid&user=$postuser'>redirecting</a>";
header("refresh: 3;url=index.php?view=$pid&user=$postuser");
exit;
}
}
fclose($handle);
} else {
echo "<!-- Haven't reacted, continuing -->";
}
if(file_exists("ssb_db/posts/$pid.reacted")) {
$reactedPrev = file_get_contents("ssb_db/posts/$pid.reacted");
file_put_contents("ssb_db/posts/$pid.reacted", $reactedPrev . $username . "\n"); // You reacted
} else {
file_put_contents("ssb_db/posts/$pid.reacted", $username . "\n"); // First react
}
if(file_exists("ssb_db/posts/$pid.reactcount")) {
$reactCount = file_get_contents("ssb_db/posts/$pid.reactcount");
$reactCurrent = $reactCount + 1;
file_put_contents("ssb_db/posts/$pid.reactcount", $reactCurrent); // You reacted
} else {
file_put_contents("ssb_db/posts/$pid.reactcount", "1"); // First react
}
// Don't send yourself a notification, you know you liked your own post ;)
if($postuser != $username) {
$owner_notifications = file_get_contents("ssb_db/friends/" . $postuser . ".notifications");
file_put_contents("ssb_db/friends/" . $postuser . ".notifications", "<b>$username</b> loved your <a href='index.php?view=$pid&user=$postuser'>post</a>\n" . $owner_notifications);
}
echo "Reacted! <a href='index.php'>Redirecting</a> in 1 second...";
header("Location:index.php");
exit;
} else { echo "ERROR: post doesn't exist..."; }
} else { echo "ERROR: USER and PID variables not set!"; }
}
}
if($do=="clrnote")
{
if ($loginCheck != true) { loginForm(); } else {
unlink("ssb_db/friends/" . $username . ".notifications");
header("Location: index.php");
exit;
}
}
if($do=="clrpending")
{
if ($loginCheck != true) { loginForm(); } else {
unlink("ssb_db/friends/" . $username . ".pending");
header("Location: index.php?do=friends");
exit;
}
}
// Server admin can just delete ssb_db
/*if($do=="clean")
{
if($_POST['password']!="" && $_POST['password']==$pw)
{
$db_content = glob("ssb_db/" . '*', GLOB_MARK);
foreach($db_content as $file)
{
unlink($file);
}
rmdir("ssb_db");
echo "Database Cleaned<br>";
}
else
{
echo "ERROR: Wrong Password<br>";
}
}*/
// grab session values and send friend request functions.
if($do=="sendfr") {
if ($loginCheck != true) { loginForm(); } else {
if(isset($_POST['user']) || isset($_GET['user'])) {
//check if user exists first lol
if(isset($_POST['user'])) {
$givenUser = htmlentities(stripcslashes($_POST['user']));
} else {
$givenUser = htmlentities(stripcslashes($_GET['user']));
}
//check if user exists first lol
if(file_exists("ssb_db/users/" . $givenUser . ".php")) {
include "ssb_db/users/" . $givenUser . ".php";
if($accttype == "private") {
sendFriendRequest($_SESSION['ssb-user'], $givenUser);
echo "Follow request sent to " . $givenUser . " <a href='?do=friends'>redirecting</a> in 3 seconds";
header("refresh: 3;url=?do=friends");
} else if($accttype == "public") {
acceptPublicFriendRequest($username, $givenUser);
header("Location: ?do=friends");
} else {
echo "ERROR: Issues parsing account type...";
}
} else {
echo "Error: Provided username does not exist in the database!";
}
} else {
echo "Error: users not set in GET value...";
}
}
}
if($do=="accfr")
{
if ($loginCheck != true) { loginForm(); } else {
if(isset($_GET['user']) && isset($_GET['friend'])) {
acceptFriendRequest(stripslashes($_GET['user']), stripslashes($_GET['friend']));
echo "Accepted friend request from " . htmlentities(stripslashes($_GET['friend'])) . " <a href='?do=friends'>redirecting</a> in 3 seconds";
header("refresh: 3;url=?do=friends");
} else {
echo "Error: users not set in GET &amp; SESSION value...";
}
}
}
if($do=="userctrl")
{
if ($loginCheck != true) { loginForm(); } else {
// Beginning of user control panel
echo "<h3>User control panel</h3>";
echo "<a class='button' href='?forms=changepass'>Change password</a><br />";
echo "<a class='button' href='?forms=avatarupload'>Upload avatar</a><br />";
}
}
if($do=="changepass")
{
if ($loginCheck != true) { loginForm(); } else {
// Beginning password change
// inputs
$oldPassInput = htmlentities(stripslashes($_POST['oldpass']));
$newPassInput = htmlentities(stripslashes($_POST['password']));
$passwordAgainInput = htmlentities(stripslashes($_POST['password_again']));
include "ssb_db/users/" . $username . ".php";
if(sha1(md5($oldPassInput)) == $user_password) {
if($newPassInput == $passwordAgainInput) {
$oldcontent = file_get_contents("ssb_db/users/" . $username . ".php");
$passString = "<?php \$user_password = \"" . sha1(md5($newPassInput)) . "\"; ?>\n";
file_put_contents("ssb_db/users/" . $username . ".php", $oldcontent . $passString);
echo "Password changed, <a href='index.php'>redirecting</a> in 3 seconds";
$_SESSION['ssb-user'] = null;
$_SESSION['ssb-pass'] = null;
header("refresh: 3;url=index.php");
}
} else { echo "ERROR: password incorrect! IP recorded for constant monitoring of possible bots!"; file_put_contents("ssb_db/log.txt", "PASS MISMATCH: IP <" . $_SERVER['REMOTE_ADDR'] . "> Cookie spoofing detected from remote client!!!\n"); }
}
}
if($do=="privmsg")
{
if ($loginCheck != true) { loginForm(); } else {
//check if friend is set
if(!isset($_GET['friend'])) { echo "ERROR: No username defined!"; exit(1); } else {
// set friend username
$friendNick = htmlentities(stripslashes($_GET['friend']));
$friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
include "ssb_db/friends/" . $username . ".php";
for($x = 1; $x <= $friendcount; $x++)
{
if($friendNick == ${"friend" . $x}) {
?>
<script language="javascript" type="text/javascript">
<!--
var httpObject = null;
var link = "";
var timerID = 0;
var friendNick = "<?php echo $friendNick; ?>";
var nickName = "<?php echo $_SESSION['ssb-user']; ?>";
var userColor = "<?php echo $_SESSION['ssb-color'];; ?>";
// Change the value of the outputText field
function setHtml() {
if(ajaxVar.readyState == 4){
var response = ajaxVar.responseText;
var msgBox = document.getElementById("msgs");
msgBox.innerHTML += response;
msgBox.scrollTop = msgBox.scrollHeight;
}
}
// Change the value of the outputText field
function setAll() {
if(ajaxVar.readyState == 4){
var response = ajaxVar.responseText;
var msgBox = document.getElementById("msgs");
msgBox.innerHTML = response;
msgBox.scrollTop = msgBox.scrollHeight;
}
}
// Implement business logic
function serverWrite() {
ajaxVar = getHTTPObject();
if (ajaxVar != null) {
link = "chatserver.php?nick="+nickName+"&friend="+friendNick+"&msg="+document.getElementById('msg').value;
ajaxVar.open("GET", link , true);
ajaxVar.onreadystatechange = setHtml;
ajaxVar.send(null);
}
}
function getInput() {
// Send the server function the input
var userInput = document.getElementById('msg');
serverWrite(userInput.value);
// Clean out the input values
var msgBar = document.getElementById("msg");
msgBar.value = "";
msgBar.focus();
}
// Implement business logic
function serverReload() {
ajaxVar = getHTTPObject();
//var randomnumber=Math.floor(Math.random()*10000);
if (ajaxVar != null) {
link = "chatserver.php?get=<?php echo $friendNick; ?>";
ajaxVar.open("GET", link , true);
ajaxVar.onreadystatechange = setAll;
ajaxVar.send(null);
}
}
function UpdateTimer() {
serverReload();
setTimeout(UpdateTimer, 1000);
}
function keypressed(e) {
if(e.keyCode=='13'){
getInput();
}
}
//-->
</script>
<div class="replycontain">
<?php
// Header
include "ssb_db/users/" . $friendNick . ".php";
echo "<h3><a href='?userfeed=" . $friendNick . "'>" . $friendNick . ": " . $user_fullname . "</a></h3>";
?>
<div id="msgs">
<?php
echo "<div class=\"msgbox\">";
echo "</div>";
?>
</div>
<div id="msgbox" onkeyup="keypressed(event);">
<button onclick="javascript:wrapBBCode('i');">Italic</button>
<button onclick="javascript:wrapBBCode('u');">Underline</button>
<button onclick="javascript:wrapBBCode('b');">Bold</button>
<button onclick="javascript:wrapBBCode('img');">Image</button>
<button onclick="javascript:wrapBBCode('url');">URL</button><br />
<textarea style="width: 98%;" name="msg" id="msg"></textarea>
<button style="width: 50px;" onclick="getInput();">Send</button>
</div>
</div>
<?php
} // Check friend end
} // Check loop end
} // GET friend set end
} // session check end
} // function end
if($do=="msghist")
{
if ($loginCheck != true) { loginForm(); } else {
//check if friend is set
if(!isset($_GET['friend'])) { echo "ERROR: No username defined!"; exit(1); } else {
// set friend username
$friendNick = htmlentities(stripslashes($_GET['friend']));
$friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
include "ssb_db/friends/" . $username . ".php";
for($x = 1; $x <= $friendcount; $x++)
{
if($friendNick == ${"friend" . $x}) {
?>
<script language="javascript" type="text/javascript">
<!--
var httpObject = null;
var link = "chatserver.php?get=<?php echo $friendNick; ?>";
var timerID = 0;
var friendNick = "<?php echo $friendNick; ?>";
var nickName = "<?php echo $_SESSION['ssb-user']; ?>";
var userColor = "<?php echo $_SESSION['ssb-color'];; ?>";
// Change the value of the outputText field
function setAll() {
if(ajaxVar.readyState == 4){
var response = ajaxVar.responseText;
var msgBox = document.getElementById("msgs");
msgBox.innerHTML = response;
msgBox.scrollTop = msgBox.scrollHeight;
}
}
function serverLoad() {
ajaxVar = getHTTPObject();
//var randomnumber=Math.floor(Math.random()*10000);
if (ajaxVar != null) {
ajaxVar.open("GET", link , true);
ajaxVar.onreadystatechange = setAll;
ajaxVar.send(null);
}
}
window.addEventListener('load', function () {
serverLoad();
});
//-->
</script>
<div class="replycontain">
<?php
// Header
include "ssb_db/users/" . $friendNick . ".php";
echo "<h3><a href='?userfeed=" . $friendNick . "'>" . $friendNick . ": Message history</a></h3>";
?>
<div id="msgs">
<?php
echo "<div class=\"msgbox\" style=\"overflow-y: scroll;\">";
echo "</div>";
?>
</div>
</div>
<?php
} // Check friend end
} // Check loop end
} // GET friend set end
} // session check end
} // function end
// Push user avatar to specific avatar image location
if($do=="avatarlocation")
{
if(isset($_GET['user'])) {
$user = htmlentities(stripslashes($_GET['user']));
include "ssb_db/users/" . $user . ".php";
if(file_exists("ssb_db/uploads/" . $user_avatar)) {
echo "Direct to: ssb_db/uploads/" . $user_avatar;
header("Location: ssb_db/uploads/" . $user_avatar . "");
exit;
} else {
echo "Direct to: data/defaultprofile.png";
header("Location: data/defaultprofile.png");
exit;
}
} else {
echo "User is NOT set!";
}
}
if($do=="about")
{
echo "<h2>About</h2>";
echo "<div class='dllink'><a class='button' href='download/secure-space-v1.0.0.apk'>Download for Android!</a></div>";
echo "<p>" . $desc;
echo "<br /><br />";
echo "$ssbtitle statistics: ";
getUserCount();
echo "; ";
getPostCount();
echo "; ";
getUploadFileCount();
echo "</p>";
}
if($do=="users")
{
if ($loginCheck != true) { loginForm(); } else {
echo "<h2>Community</h2>";
foreach(array_reverse(glob("ssb_db/users/"."*.name")) as $userfile) {
$userhandle = file_get_contents($userfile);
include "ssb_db/users/" . $userhandle . ".php";
if($accttype == "public") {
echo "<table class='friendslist'><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$userhandle');\" title='User Avatar'></td>";
echo "<td><a class='button' href='index.php?userfeed=$userhandle'>$userhandle</a> ~ $user_fullname</td>";
echo "</td></tr></table>";
}
}
}
}
if($do=="friends")
{
if ($loginCheck != true) { loginForm(); } else {
// Friends panel
echo "<h3>Friends</h3><a href='?do=users' class='button'>Public users</a> <a class='button' href='?forms=friendreq'>Send friend request</a>";
// Friends list if you have any.
echo "<br />";
$friendc = file_get_contents("ssb_db/friends/" . $username . ".count");
if($friendc == "0")
{
echo "<b style='color:red;'>We're sorry... no friends found on your user account...</b>";
}
else
{
$friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
include "ssb_db/friends/" . $username . ".php";
echo "<table class='friendslist'>";
for($x = 1; $x <= $friendcount; $x++)
{
if(isset(${"friend" . $x}) && file_exists("ssb_db/users/" . ${"friend" . $x} . ".php")) {
echo "<tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=" . ${"friend" . $x} . "');\" title='User Avatar'></div></td><td><a class='button' href='index.php?userfeed=" . ${"friend" . $x} . "'>" . ${"friend" . $x} . "</a></td><td><a class='button' href='?do=privmsg&friend=" . ${"friend" . $x} . "'>Private message</a>&nbsp;&nbsp;<a href='?do=msghist&friend=" . ${"friend" . $x} . "' class='button'>Message history</a></td></tr>";
}
}
echo "</table>";
}
}
}
if($do=="login")
{
$username = $_POST['username'];
if(file_exists("ssb_db/users/$username.php")) {
include_once("ssb_db/users/$username.php");
if($user_password==sha1(md5($_POST['password']))) {
$pass = $user_password;
$user = $username;
$color = $user_color;
$_SESSION['ssb-user'] = $user;
$_SESSION['ssb-pass'] = $pass;
$_SESSION['ssb-color'] = $color;
header("Location: index.php");
} else {
echo "Wrong password!";
}
} else {
echo "User $username not found!";
}
}
if($do=="logout")
{
$_SESSION['ssb-user'] = null;
$_SESSION['ssb-pass'] = null;
header("Location: index.php?forms=login");
}
if($do=="register")
{
if($_POST['username']!="" && $_POST['password']!="" && $_POST['password-again']!="" && $_POST['fullname']!="" && isset($_POST['acct'])) {
if($_POST['password']==$_POST['password-again']) {
if(!preg_match('/[^a-z0-9]/i', $_POST['username'])) {
if(!file_exists("ssb_db/users/" . $_POST['username'] . ".php")) {
$colors = array("0000ff", "9900cc", "0080ff", "008000", "ededed");
$acct = $_POST['acct'];
file_put_contents("ssb_db/users/" . stripslashes(htmlentities($_POST['username'])) . ".php", "<?php\n\$accttype = \"" . $acct . "\";\n\$user_password = \"" . sha1(md5($_POST['password'])) . "\";\n \$user_color = \"" . $colors[array_rand($colors)] . "\"; \$user_fullname = \"" . stripslashes(htmlentities($_POST['fullname'])) . "\"; \$user_avatar = \"../../data/defaultprofile.png\"; \n?>");
file_put_contents("ssb_db/users/" . stripslashes(htmlentities($_POST['username'])) . ".name", stripslashes(htmlentities($_POST['username'])));
file_put_contents("ssb_db/users/" . stripslashes(htmlentities($_POST['username'])) . ".postnumber", "0");
file_put_contents("ssb_db/friends/" . stripslashes(htmlentities($_POST['username'])) . ".count", "0");
file_put_contents("ssb_db/friends/" . stripslashes(htmlentities($_POST['username'])) . ".php", "<?php ?>\n");
header("Location: index.php");
} else {
header("Location: index.php?notify=6");
}
} else {
header("Location: index.php?notify=5");
}
} else {
header("Location: index.php?notify=4");
}
} else {
header("Location: index.php?notify=3");
}
echo "<b>ERROR!</b>: Something weird just happened... please try registering again!!!...";
//header("Location: index.php");
}
}
else if ($loginCheck != true)
{
loginForm();
}
else
{
// Watch feed, lets generate pages while we're at it
$pagecall = $_GET['page'];
$postcount = 1;
if(isset($pagecall) && $pagecall!="")
{
if($pagecall == "1")
{
$poststart = $postcount;
}
else
{
$poststart = ($pagecall - 1) * 15; // 15 posts per page
}
}
else
{
$poststart = $postcount;
}
// Lets actually generate some feed now.
foreach(array_reverse(glob("ssb_db/posts/*.post")) as $postfile) {
unset($shared); // make sure its not being carried over after loop.
$postphp = file_get_contents($postfile);
include "ssb_db/posts/$postphp";
$friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
include "ssb_db/friends/" . $username . ".php";
for($x = 1; $x <= $friendcount; $x++)
{
if($postowner == ${"friend" . $x}) {
// Found a post, post count goes up!
$postcount++;
if($poststart == "1" && $postcount < ($poststart + 15)) {
echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span class='date'>$postdate &nbsp;&nbsp;";
if(file_exists("ssb_db/posts/$postid.reactcount")) {
$reacts = file_get_contents("ssb_db/posts/$postid.reactcount");
echo "<div class='reacts'><i class='fa fa-heart' style='color: red;'></i> $reacts <div class='react-list'>";
// Pull up users who reacted, and generate dropdown list.
$reactlist = fopen("ssb_db/posts/$postid.reacted", "r");
if($reactlist) {
while (($reactor = fgets($reactlist)) !== false) {
echo "<b>$reactor</b>";
}
fclose($reactlist);
}
echo "</div></div>";
}
if(isset($shared) && $shared == "1")
{
echo "<br />Originally posted by $origowner";
}
echo "</span></h3></td></tr></table>";
echo "" . bbcode_format($postcontent) . "";
// Footer
echo "<div class='post-footer'>";
echo "<a style='padding-top: 6px;' onclick=\"userReact('" . $postowner . "','" . $postid . "');\" class='button'><i class='fa fa-heart'></i>&nbsp;React</a>";
echo "<a style='padding-top: 6px;' href='index.php?view=$postid&user=$postowner' class='button'><i class='fa fa-comment'></i>&nbsp;Comment</a>";
echo "<a style='padding-top: 6px;' href='index.php?do=share&pid=$postid&user=$postowner' class='button'><i class='fa fa-share'></i>&nbsp;Share</a>";
echo "<br />"; // line break
if(file_exists("ssb_db/posts/reply_" . $postowner . "_" . $postid . ".count")) {
$pcount = file_get_contents("ssb_db/posts/reply_" . $postowner . "_" . $postid . ".count");
// If there's a reply, show them.
if($pcount == 0) {
echo "no replies";
} else if($pcount == 1) {
echo "$pcount reply";
} else if ($pcount > 0) {
echo "$pcount replies";
}
}
echo " &bull; ";
// Show reaction count in footer as well.
if(file_exists("ssb_db/posts/" . $postid . ".reactcount")) {
$reactcount = file_get_contents("ssb_db/posts/" . $postid . ".reactcount");
if($reactcount == 1) {
echo "$reactcount reaction";
} else if ($reactcount > 0) {
echo "$reactcount reactions";
}
} else {
echo "no reactions";
}
echo "</div></div><br />\n";
}
if($poststart > "1" && $postcount > $poststart && $postcount < ($poststart + 15)) {
echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span class='date'>$postdate &nbsp;&nbsp;";
if(file_exists("ssb_db/posts/$postid.reactcount")) {
$reacts = file_get_contents("ssb_db/posts/$postid.reactcount");
echo "<div class='reacts'><i class='fa fa-heart' style='color: red;'></i> $reacts <div class='react-list'>";
// Pull up users who reacted, and generate dropdown list.
$reactlist = fopen("ssb_db/posts/$postid.reacted", "r");
if($reactlist) {
while (($reactor = fgets($reactlist)) !== false) {
echo "<b>$reactor</b>";
}
fclose($reactlist);
}
echo "</div></div>";
}
if(isset($shared) && $shared == "1")
{
echo "<br />Originally posted by $origowner";
}
echo "</span></h3></td></tr></table>";
echo "" . bbcode_format($postcontent) . "";
// Footer
echo "<div class='post-footer'>";
echo "<a style='padding-top: 6px;' onclick=\"userReact('" . $postowner . "','" . $postid . "');\" class='button'><i class='fa fa-heart'></i>&nbsp;React</a>";
echo "<a style='padding-top: 6px;' href='index.php?view=$postid&user=$postowner' class='button'><i class='fa fa-comment'></i>&nbsp;Comment</a>";
echo "<a style='padding-top: 6px;' href='index.php?do=share&pid=$postid&user=$postowner' class='button'><i class='fa fa-share'></i>&nbsp;Share</a>";
echo "<br />"; // line break
if(file_exists("ssb_db/posts/reply_" . $postowner . "_" . $postid . ".count")) {
$pcount = file_get_contents("ssb_db/posts/reply_" . $postowner . "_" . $postid . ".count");
// If there's a reply, show them.
if($pcount == 0) {
echo "no replies";
} else if($pcount == 1) {
echo "$pcount reply";
} else if ($pcount > 0) {
echo "$pcount replies";
}
}
echo " &bull; ";
// Show reaction count in footer as well.
if(file_exists("ssb_db/posts/" . $postid . ".reactcount")) {
$reactcount = file_get_contents("ssb_db/posts/" . $postid . ".reactcount");
if($reactcount == 1) {
echo "$reactcount reaction";
} else if ($reactcount > 0) {
echo "$reactcount reactions";
}
} else {
echo "no reactions";
}
echo "</div></div><br />\n";
}
}
}
if($postowner == $username)
{
// Found a post, post count goes up!
$postcount++;
if($poststart == "1" && $postcount < ($poststart + 15)) {
echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span class='date'>$postdate &nbsp;&nbsp;";
if(file_exists("ssb_db/posts/$postid.reactcount")) {
$reacts = file_get_contents("ssb_db/posts/$postid.reactcount");
echo "<div class='reacts'><i class='fa fa-heart' style='color: red;'></i> $reacts <div class='react-list'>";
// Pull up users who reacted, and generate dropdown list.
$reactlist = fopen("ssb_db/posts/$postid.reacted", "r");
if($reactlist) {
while (($reactor = fgets($reactlist)) !== false) {
echo "<b>$reactor</b>";
}
fclose($reactlist);
}
echo "</div></div>";
}
if(isset($shared) && $shared == "1")
{
echo "<br />Originally posted by $origowner";
}
echo "</span></h3></td></tr></table>";
echo "" . bbcode_format($postcontent) . "";
// Footer
echo "<div class='post-footer'>";
echo "<a style='padding-top: 6px;' onclick=\"userReact('" . $postowner . "','" . $postid . "');\" class='button'><i class='fa fa-heart'></i>&nbsp;React</a>";
echo "<a style='padding-top: 6px;' href='index.php?view=$postid&user=$postowner' class='button'><i class='fa fa-comment'></i>&nbsp;Comment</a>";
echo "<a style='padding-top: 6px;' href='index.php?do=delpost&user=$username&pid=$postid' class='button'><i class='fa fa-trash-o'></i>&nbsp;Delete</a>";
echo "<br />"; // line break
if(file_exists("ssb_db/posts/reply_" . $postowner . "_" . $postid . ".count")) {
$pcount = file_get_contents("ssb_db/posts/reply_" . $postowner . "_" . $postid . ".count");
// If there's a reply, show them.
if($pcount == 0) {
echo "no replies";
} else if($pcount == 1) {
echo "$pcount reply";
} else if ($pcount > 0) {
echo "$pcount replies";
}
}
echo " &bull; ";
// Show reaction count in footer as well.
if(file_exists("ssb_db/posts/" . $postid . ".reactcount")) {
$reactcount = file_get_contents("ssb_db/posts/" . $postid . ".reactcount");
if($reactcount == 1) {
echo "$reactcount reaction";
} else if ($reactcount > 0) {
echo "$reactcount reactions";
}
} else {
echo "no reactions";
}
echo "</div></div><br />\n";
}
if($poststart > "1" && $postcount > $poststart && $postcount < ($poststart + 15)) {
echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span class='date'>$postdate &nbsp;&nbsp;";
if(file_exists("ssb_db/posts/$postid.reactcount")) {
$reacts = file_get_contents("ssb_db/posts/$postid.reactcount");
echo "<div class='reacts'><i class='fa fa-heart' style='color: red;'></i> $reacts <div class='react-list'>";
// Pull up users who reacted, and generate dropdown list.
$reactlist = fopen("ssb_db/posts/$postid.reacted", "r");
if($reactlist) {
while (($reactor = fgets($reactlist)) !== false) {
echo "<b>$reactor</b>";
}
fclose($reactlist);
}
echo "</div></div>";
}
echo "</span></h3></td></tr></table>";
echo "" . bbcode_format($postcontent) . "";
// Footer
echo "<div class='post-footer'>";
echo "<a style='padding-top: 6px;' onclick=\"userReact('" . $postowner . "','" . $postid . "');\" class='button'><i class='fa fa-heart'></i>&nbsp;React</a>";
echo "<a style='padding-top: 6px;' href='index.php?view=$postid&user=$postowner' class='button'><i class='fa fa-comment'></i>&nbsp;Comment</a>";
echo "<a style='padding-top: 6px;' href='index.php?do=delpost&user=$username&pid=$postid' class='button'><i class='fa fa-trash-o'></i>&nbsp;Delete</a>";
echo "<br />"; // line break
if(file_exists("ssb_db/posts/reply_" . $postowner . "_" . $postid . ".count")) {
$pcount = file_get_contents("ssb_db/posts/reply_" . $postowner . "_" . $postid . ".count");
// If there's a reply, show them.
if($pcount == 0) {
echo "no replies";
} else if($pcount == 1) {
echo "$pcount reply";
} else if ($pcount > 0) {
echo "$pcount replies";
}
}
echo " &bull; ";
// Show reaction count in footer as well.
if(file_exists("ssb_db/posts/" . $postid . ".reactcount")) {
$reactcount = file_get_contents("ssb_db/posts/" . $postid . ".reactcount");
if($reactcount == 1) {
echo "$reactcount reaction";
} else if ($reactcount > 0) {
echo "$reactcount reactions";
}
} else {
echo "no reactions";
}
echo "</div></div><br />\n";
}
}
}
// Page button generation
echo "<div class='page-controls'>";
if($poststart > "1") {
$prevpage = $poststart / 15;
echo "<a href='index.php?page=$prevpage'><i class='fa fa-arrow-left'></i> &nbsp; Prev page</a>";
}
echo "&nbsp;&nbsp;&nbsp;";
if($poststart == "1" && $postcount > ($poststart + 15)) {
echo "<a href='index.php?page=2'>Next page &nbsp; <i class='fa fa-arrow-right'></i></a>";
}
if($poststart > "1" && $postcount > ($poststart + 15)) {
$nextpage = ($poststart / 15) + 2;
echo "<a href='index.php?page=$nextpage'>Next page &nbsp; <i class='fa fa-arrow-right'></i></a>";
}
echo "</div>";
}
?>
</td></tr></table>
<div id="footer">Powered By SSB <?php echo $version; ?></div>
</div>
<!-- functions -->
<script type="text/javascript" src="data/main.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink