minimum.php 40 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058
  1. <?php
  2. // SSB - Simple Social Board - Simple layout
  3. // (C) Chris Dorman, 2012 - 2020
  4. // License: CC-BY-NC-SA version 3.0
  5. // http://github.com/Pentium44/SSB
  6. //error_reporting(E_ALL);
  7. //ini_set('display_errors', 1);
  8. session_start();
  9. include "config.php";
  10. include "functions.php";
  11. include "bbcode.php";
  12. // check if flatfile database location is populated
  13. if(!file_exists("ssb_db"))
  14. {
  15. mkdir("ssb_db", 0777);
  16. }
  17. if(!file_exists("ssb_db/users"))
  18. {
  19. mkdir("ssb_db/users", 0777);
  20. }
  21. if(!file_exists("ssb_db/posts"))
  22. {
  23. mkdir("ssb_db/posts", 0777);
  24. }
  25. if(!file_exists("ssb_db/uploads"))
  26. {
  27. mkdir("ssb_db/uploads", 0777);
  28. }
  29. if(!file_exists("ssb_db/friends"))
  30. {
  31. mkdir("ssb_db/friends", 0777);
  32. }
  33. $username = $_SESSION['ssb-user'];
  34. //$_SESSION['ssb-topic'] = $ssbtopic;
  35. ?>
  36. <!DOCTYPE html>
  37. <html lang="en-us">
  38. <head>
  39. <title><?php echo htmlentities(stripslashes($ssbtitle)); ?></title>
  40. <meta http-equiv="content-type" content="text/html; charset=utf-8">
  41. <meta name="viewport" content="width=device-width, initial-scale=.55, shrink-to-fit=yes"><meta name="description" content="<?php echo htmlentities($ssbtitle) . " - " . $desc; ?>">
  42. <link rel="stylesheet" type="text/css" href="minimum.css">
  43. </head>
  44. <body <?php if($_GET['do']=="pubmsg" || $_GET['do']=="privmsg") { echo "onload=\"UpdateTimer();\""; } ?>>
  45. <script type="text/javascript">
  46. function wrapBBCode(tag) {
  47. var msgInput = document.getElementById('msg');
  48. var content = msgInput.value;
  49. var selectedContent = content.substring(msgInput.selectionStart, msgInput.selectionEnd);
  50. var beforeContent = content.substring(0, msgInput.selectionStart);
  51. var afterContent = content.substring(msgInput.selectionEnd, content.length);
  52. msgInput.value = beforeContent + '[' + tag + ']' + selectedContent + '[/' + tag + ']' + afterContent;
  53. }
  54. function userTag(tag) {
  55. var msgInput = document.getElementById('msg');
  56. var content = msgInput.value;
  57. var beforeContent = content.substring(0, msgInput.selectionStart);
  58. var afterContent = content.substring(msgInput.selectionEnd, content.length);
  59. msgInput.value = beforeContent + '@' + tag + afterContent;
  60. }
  61. </script>
  62. <div class='contain'>
  63. <div id="navbar">
  64. <?php if(isset($_SESSION['ssb-user']) && isset($_SESSION['ssb-pass'])) { ?>
  65. <a href="minimum.php?forms=post">create post</a> &bull;
  66. <a href="minimum.php?userfeed=<?php echo $username; ?>">your profile</a> &bull;
  67. <a href="minimum.php?do=userctrl">settings</a> &bull;
  68. <a href="minimum.php?do=logout">logout</a><br />
  69. <a href="minimum.php">feed</a> &bull;
  70. <a href="minimum.php?do=friends">friends</a> &bull;
  71. <a href="minimum.php?do=about">about</a> &bull;
  72. <a href="minimum.php?do=users" title="Public users!">users</a>
  73. <?php } else { ?>
  74. <a href="minimum.php?forms=login">login</a> &bull;
  75. <a href="minimum.php?do=about">about</a>
  76. <?php } ?>
  77. </div>
  78. <div class='title'><?php echo $ssbtitle; ?></div>
  79. <?php
  80. if(isset($username) && isset($_SESSION['ssb-pass']) && $_GET['do']!="avatarlocation") {
  81. // PM notifications
  82. $notifications = "ssb_db/friends/" . $username . ".notifications";
  83. $handle = fopen($notifications, "r");
  84. echo "<div class='notifications'>";
  85. echo "<table><tr><td><a class='button' href='?do=clrnote'>Clear notifications</a></td></tr>";
  86. if ($handle) {
  87. while (($line = fgets($handle)) !== false) {
  88. echo "<tr><td>" . $line . "</td></tr>";
  89. }
  90. fclose($handle);
  91. } else {
  92. echo "<tr><td>No notifications</td></tr>";
  93. }
  94. echo "</table></div><br />";
  95. }
  96. if(isset($_GET['forms']))
  97. {
  98. $forms = $_GET['forms'];
  99. $id = $_GET['pid'];
  100. if($forms=="register") {
  101. registerForm();
  102. }
  103. else if($forms=="login") {
  104. loginForm();
  105. }
  106. else if($forms=="friendreq") {
  107. friendReqForm();
  108. }
  109. else if($forms=="changepass") {
  110. changePassForm();
  111. }
  112. else if($forms=="deleteacct") {
  113. deleteAcctForm();
  114. }
  115. else if($forms=="avatarupload") {
  116. uploadAvatarForm();
  117. }
  118. else if($forms=="post")
  119. {
  120. postForm();
  121. }
  122. else if($forms=="clean")
  123. {
  124. cleanForm();
  125. }
  126. else { echo "ERROR: Unknown form-name<br>"; }
  127. }
  128. else if(isset($_GET['notify']))
  129. {
  130. $notify = $_GET['notify'];
  131. if($notify=="1") { echo "Error: User not found"; }
  132. else if($notify=="2") { echo "Error: Incorrect password provided"; }
  133. else if($notify=="3") { echo "Error: Please fill out all the text boxes"; }
  134. else if($notify=="4") { echo "Error: The provided passwords did not match"; }
  135. else if($notify=="5") { echo "Error: Special characters cannot be used in your username"; }
  136. else if($notify=="6") { echo "Error: This username is already in use"; }
  137. else { echo "Error: unknown error... this is quite unusual..."; }
  138. }
  139. else if(isset($_GET['userfeed']))
  140. {
  141. $userid = $_GET['userfeed'];
  142. // Make sure we're friends or is my account.
  143. include "ssb_db/users/" . $userid . ".php";
  144. if ($accttype == "private") {
  145. if (isset($_SESSION['ssb-user']) || isset($_SESSION['ssb-pass'])) {
  146. $friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
  147. include "ssb_db/friends/" . $username . ".php";
  148. for($x = 1; $x <= $friendcount; $x++)
  149. {
  150. // If private, and user is following. Allow
  151. if($userid == ${"friend" . $x}) {
  152. echo "<table><tr><td>";
  153. echo "<div class='avatar' style=\"background-image: url('index.php?do=avatarlocation&user=" . $userid . "');\" title='User Avatar'></div><br />";
  154. // DONE
  155. echo "</td><td>";
  156. echo "<h3>User information</h3>";
  157. echo "Username: " . $userid . "@" . $domain . "<br />";
  158. echo "Full name: " . $user_fullname . "<br />";
  159. echo "<h3>User posts</h3>";
  160. echo "</td></tr></table>";
  161. }
  162. }
  163. // Check if viewing your own profile
  164. if($userid == $username)
  165. {
  166. echo "<table><tr><td>";
  167. // Get user avatar if set
  168. echo "<div class='avatar' style=\"background-image: url('index.php?do=avatarlocation&user=" . $userid . "');\" title='User Avatar'></div><br />";
  169. // DONE
  170. echo "</td><td>";
  171. echo "<h3>User information</h3>";
  172. echo "Username: " . $userid . "@" . $domain . "<br />";
  173. echo "Full name: " . $user_fullname . "<br />";
  174. echo "<h3>User posts</h3>";
  175. echo "</td></tr></table>";
  176. }
  177. // Lets generate the users feed now.
  178. foreach(array_reverse(glob("ssb_db/posts/post_" . $userid . "_" . "*.php")) as $postfile) {
  179. //echo $postfile;
  180. include $postfile;
  181. for($x = 1; $x <= $friendcount; $x++)
  182. {
  183. if($postowner == ${"friend" . $x}) {
  184. echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span style='font-size: 11px; padding-left: 6px; color: #808080;'>$postdate</span><br /><a href='minimum.php?view=$postid&user=$postowner'>&nbsp;reply</a></h3></td></tr></table>";
  185. echo "" . bbcode_format($postcontent) . "";
  186. echo "</div><br />\n";
  187. }
  188. }
  189. if($postowner == $username)
  190. {
  191. echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span style='font-size: 11px; padding-left: 6px; color: #808080;'>$postdate</span><br /><a href='minimum.php?view=$postid&user=$postowner'>&nbsp;reply</a> &bull; <a href='minimum.php?do=delpost&user=$username&pid=$postid'>delete post</i></a></h3></td></tr></table>";
  192. echo "" . bbcode_format($postcontent) . "";
  193. echo "</div><br />\n";
  194. }
  195. }
  196. echo "<!-- Gen done...-->";
  197. }
  198. }
  199. else
  200. {
  201. echo "<h3>User information</h3>";
  202. echo "<table><tr><td>";
  203. // Get user avatar if set
  204. if(isset($user_avatar)) { echo "<img class='avatar' src='ssb_db/uploads/" . $user_avatar . "' title='User Avatar'><br />"; }
  205. // DONE
  206. echo "</td><td>";
  207. // If not friend, allow to send friend request from right here!
  208. $friend = 0;
  209. $friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
  210. include "ssb_db/friends/" . $username . ".php";
  211. for($x = 1; $x <= $friendcount; $x++)
  212. {
  213. // If private, and user is following. Allow
  214. if($userid == ${"friend" . $x}) {
  215. $friend = 1;
  216. }
  217. }
  218. if($friend!=1) {
  219. echo "<a class='button' href='minimum.php?do=sendfr&user=$userid'>Send friend request</a><br /><br />";
  220. }
  221. echo "Username: " . $userid . "@" . $domain . "<br />";
  222. echo "Full name: " . $user_fullname;
  223. echo "</td></tr></table>";
  224. foreach(array_reverse(glob("ssb_db/posts/post_" . $userid . "_" . "*.php")) as $postfile) {
  225. //echo $postfile;
  226. include $postfile;
  227. echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span style='font-size: 11px; padding-left: 6px; color: #808080;'>$postdate</span><br /><a href='minimum.php?view=$postid&user=$postowner'>&nbsp;reply</a></h3></td></tr></table>";
  228. echo "" . bbcode_format($postcontent) . "";
  229. echo "</div><br />\n";
  230. }
  231. }
  232. }
  233. else if(isset($_GET['view']) && isset($_GET['user']))
  234. {
  235. $puser = $_GET['user'];
  236. $id = $_GET['view'];
  237. $postc = file_get_contents("ssb_db/posts/reply_" . $puser . "_" . $id . ".count");
  238. include "ssb_db/posts/post_" . $puser . "_" . $id . ".php";
  239. echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span style='font-size: 11px; padding-left: 6px; color: #808080;'>$postdate</span></h3></td></tr></table>";
  240. echo "" . bbcode_format($postcontent) . "";
  241. echo "</div><br />\n";
  242. for($x = 1; $x <= $postc; $x++) {
  243. $reply_content = ${"reply" . $x};
  244. $reply_user = ${"reply" . $x . "_user"};
  245. $reply_date = ${"reply" . $x . "_date"};
  246. echo "<div class='reply'>";
  247. echo "<table><tr><td><div class='avatar_small' style='background-image: url(\"index.php?do=avatarlocation&user=$reply_user\");' title='User Avatar'></div></td><td><h4><a onclick=\"userTag('$reply_user');\">$reply_user</a><span style='font-size: 8px; padding-left: 6px; color: #808080;'>$reply_date</span></h4></td></tr></table>";
  248. echo "<div class='reply_content'>" . bbcode_format($reply_content) . "</div>";
  249. echo "</div>\n";
  250. }
  251. echo "<br />";
  252. if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) {
  253. echo "Login to reply...";
  254. } else {
  255. $friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
  256. include "ssb_db/friends/" . $username . ".php";
  257. for($x = 1; $x <= $friendcount; $x++)
  258. {
  259. if($puser == ${"friend" . $x}) {
  260. $z = "1";
  261. replyForm($id, $puser);
  262. }
  263. }
  264. // Its you dummy
  265. if($puser == $username) {
  266. $z = "1";
  267. replyForm($id, $puser);
  268. }
  269. if(!isset($z))
  270. {
  271. echo "Not following! Follow to reply...<br />";
  272. }
  273. }
  274. }
  275. else if(isset($_GET['do']))
  276. {
  277. $do = $_GET['do'];
  278. if($do=="post")
  279. {
  280. if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
  281. $date = date("YmdHis"); // timestamp in year, month, date, hour, minute, and second.
  282. $titledate = date("m-d-Y h:i:sa"); // time stamp for people to read xD
  283. if(isset($_FILES["file"]["name"]) && isset($username)) {
  284. $uploaded = array(); // empty array for upload names
  285. // File selected, upload!
  286. for($i=0; $i<count($_FILES["file"]["name"]); $i++)
  287. {
  288. $allowedExts = array("gif", "jpeg", "jpg", "png", "bmp", "ico", "GIF", "JPEG", "JPG", "PNG", "BMP", "ICO");
  289. $temp = explode(".", $_FILES["file"]["name"][$i]);
  290. $extension = end($temp);
  291. if ((($_FILES["file"]["type"][$i] == "image/gif")
  292. || ($_FILES["file"]["type"][$i] == "image/x-gif")
  293. || ($_FILES["file"]["type"][$i] == "image/jpeg")
  294. || ($_FILES["file"]["type"][$i] == "image/x-jpeg")
  295. || ($_FILES["file"]["type"][$i] == "image/x-jpg")
  296. || ($_FILES["file"]["type"][$i] == "image/jpg")
  297. || ($_FILES["file"]["type"][$i] == "image/pjpeg")
  298. || ($_FILES["file"]["type"][$i] == "image/x-png")
  299. || ($_FILES["file"]["type"][$i] == "image/bmp")
  300. || ($_FILES["file"]["type"][$i] == "image/x-icon")
  301. || ($_FILES["file"]["type"][$i] == "application/octet-stream")
  302. // || ($_FILES["file"]["type"][$i] == "video/mp4")
  303. // || ($_FILES["file"]["type"][$i] == "video/ogg")
  304. // || ($_FILES["file"]["type"][$i] == "video/webm")
  305. // || ($_FILES["file"]["type"][$i] == "video/x-flv")
  306. // || ($_FILES["file"]["type"][$i] == "video/mp4v-es")
  307. || ($_FILES["file"]["type"][$i] == "image/png")
  308. || ($_FILES["file"]["type"][$i] == ""))
  309. && ($_FILES["file"]["size"][$i] < $user_max_upload)
  310. && in_array($extension, $allowedExts))
  311. {
  312. if ($_FILES["file"]["error"][$i] > 0)
  313. {
  314. echo $_FILES["file"]["name"][$i] . " - Return Code: " . $_FILES["file"]["error"][$i] . "<br />";
  315. }
  316. else
  317. {
  318. if(file_exists("ssb_db/uploads/" . $_FILES["file"]["name"][$i]))
  319. {
  320. echo "Error: " . $_FILES["file"]["name"][$i] . " exists.<br />";
  321. }
  322. else
  323. {
  324. $randstring = getRandString("32");
  325. move_uploaded_file($_FILES["file"]["tmp_name"][$i],
  326. "ssb_db/uploads/" . $randstring . "." . $extension);
  327. array_push($uploaded, $randstring . "." . $extension);
  328. echo "Success: " . $_FILES["file"]["name"][$i] . " (" . tomb($_FILES["file"]["size"][$i]) . ") uploaded...<br />";
  329. //rename("ssb_db/uploads/" . $FILES["file"]["name"][$i], "ssb_db/uploads/" . $username . "_" . $date . $extension);
  330. }
  331. }
  332. }
  333. else
  334. {
  335. // Check if there was actually an issue
  336. if($_FILES["file"]["size"] == "0") {
  337. echo "Error: " . $_FILES["file"]["name"][$i] . " is too large, or is a invalid filetype";
  338. }
  339. }
  340. } // end of for loop
  341. $srchcont = stripslashes(htmlentities($_POST['body']));
  342. $srchcont .= " "; // doesn't find tag if there's not a fucking whitespace
  343. $checkForUserTag = searchForUserTag($srchcont);
  344. $taggedUser = substr($checkForUserTag, 1, -1);
  345. if(file_exists("ssb_db/users/" . $taggedUser . ".name")) {
  346. if($taggedUser!=$postowner) {
  347. $tagged_notifications = file_get_contents("ssb_db/friends/" . $taggedUser . ".notifications");
  348. file_put_contents("ssb_db/friends/" . $taggedUser . ".notifications", "<b>$username</b> <a href='index.php?view=$pid&user=$postowner'>tagged you in a comment</a>\n" . $tagged_notifications);
  349. }
  350. }
  351. $body = nl2br(htmlentities(stripcslashes($_POST['body'])));
  352. //$username = stripcslashes(htmlentities($username));
  353. include "ssb_db/users/" . $username . ".php";
  354. $post_file = "ssb_db/posts/post_" . $username . "_" . $date . ".php";
  355. $post_attachments = "<br />";
  356. $post_string = "<?php\n\$postowner = \"" . $username . "\";\$postid=\"" . $date . "\";\$postdate=\"" . $titledate . "\";\$postcontent = \"" . $body . "<br />";
  357. $attachments = array();
  358. foreach($uploaded as &$upload)
  359. {
  360. if(file_exists("ssb_db/uploads/" . $upload)) {
  361. array_push($attachments, "<div class='attachment'><a href='ssb_db/uploads/" . $upload . "'><img src='ssb_db/uploads/" . $upload . "'></a></div>");
  362. }
  363. }
  364. foreach($attachments as &$attachvar)
  365. {
  366. $post_attachments .= $attachvar;
  367. }
  368. $post_string_end = "\";\n?>\n";
  369. file_put_contents($post_file, $post_string . $post_attachments . $post_string_end);
  370. file_put_contents("ssb_db/posts/" . $date . ".post", "post_" . $username . "_" . $date . ".php");
  371. file_put_contents("ssb_db/posts/reply_" . $username . "_" . $date . ".count", "0");
  372. echo "Post processed... Redirecting in 3 seconds, if redirection fails, <a href=\"minimum.php?view=$date&user=$username\">Click Here</a><br />";
  373. //header( "refresh: 3; url=?view=$date&user=$username" );
  374. }
  375. else
  376. {
  377. echo "ERROR: Missing post data! Select an image to upload or let us know whats up!<br />";
  378. }
  379. }
  380. }
  381. if($do=="avatarupload")
  382. {
  383. if(isset($_FILES["file"]["name"]) && isset($username)) {
  384. $date = date("YmdHis"); // timestamp in year, month, date, hour, minute, and second.
  385. for($i=0; $i<count($_FILES["file"]["name"]); $i++)
  386. {
  387. $allowedExts = array("gif", "jpeg", "jpg", "png", "bmp", "ico", "png");
  388. $temp = explode(".", $_FILES["file"]["name"][$i]);
  389. $extension = end($temp);
  390. if ((($_FILES["file"]["type"][$i] == "image/gif")
  391. || ($_FILES["file"]["type"][$i] == "image/x-gif")
  392. || ($_FILES["file"]["type"][$i] == "image/jpeg")
  393. || ($_FILES["file"]["type"][$i] == "image/x-jpeg")
  394. || ($_FILES["file"]["type"][$i] == "image/x-jpg")
  395. || ($_FILES["file"]["type"][$i] == "image/jpg")
  396. || ($_FILES["file"]["type"][$i] == "image/pjpeg")
  397. || ($_FILES["file"]["type"][$i] == "image/x-png")
  398. || ($_FILES["file"]["type"][$i] == "image/bmp")
  399. || ($_FILES["file"]["type"][$i] == "image/x-icon")
  400. || ($_FILES["file"]["type"][$i] == "image/png")
  401. || ($_FILES["file"]["type"][$i] == ""))
  402. && ($_FILES["file"]["size"][$i] < $user_max_upload)
  403. && in_array($extension, $allowedExts))
  404. {
  405. if ($_FILES["file"]["error"][$i] > 0)
  406. {
  407. echo $_FILES["file"]["name"][$i] . " - Return Code: " . $_FILES["file"]["error"][$i] . "<br>";
  408. }
  409. else
  410. {
  411. if(file_exists("ssb_db/uploads/" . $_FILES["file"]["name"][$i]))
  412. {
  413. echo "Error: " . $_FILES["file"]["name"][$i] . " exists.<br>";
  414. }
  415. else
  416. {
  417. move_uploaded_file($_FILES["file"]["tmp_name"][$i],
  418. "ssb_db/uploads/" . $username . "_" . $date . "." . $extension);
  419. $oldcontent = file_get_contents("ssb_db/users/" . $username . ".php");
  420. file_put_contents("ssb_db/users/" . $username . ".php", $oldcontent . "<?php \$user_avatar = \"" . $username . "_" . $date . "." . $extension . "\"; ?>\n");
  421. echo "Avatar uploaded and set! <a href='minimum.php'>Redirecting</a> in 3 seconds...";
  422. header("refresh: 3;url=minimum.php");
  423. }
  424. }
  425. } else {
  426. echo "Error: " . $_FILES["file"]["name"][$i] . " is too large, or is a invalid filetype";
  427. }
  428. }
  429. }
  430. }
  431. if($do=="users")
  432. {
  433. if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
  434. include "ssb_db/users/" . $username . ".php";
  435. echo "<h2>Community</h2>";
  436. foreach(array_reverse(glob("ssb_db/users/"."*.name")) as $userfile) {
  437. $userhandle = file_get_contents($userfile);
  438. include "ssb_db/users/" . $userhandle . ".php";
  439. if($accttype == "public") {
  440. echo "<div class='attachment'>";
  441. echo "<a href='minimum.php?userfeed=$userhandle'>$userhandle</a>";
  442. echo "</div>";
  443. }
  444. }
  445. }
  446. }
  447. if($do=="reply")
  448. {
  449. if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
  450. if(!isset($_GET['pid']) or !file_exists("ssb_db/posts/" . $_GET['pid'] . ".post")) { echo "ERROR: Post ID is not set, or invalid"; } else {
  451. if(isset($_POST['reply']) && isset($username) && $_POST['body']!="")
  452. {
  453. $pid = $_GET['pid'];
  454. $post_file_name = file_get_contents("ssb_db/posts/$pid.post");
  455. include "ssb_db/posts/" . $post_file_name;
  456. $srchcont = stripslashes(htmlentities($_POST['body']));
  457. $srchcont .= " ";
  458. $checkForUserTag = searchForUserTag($srchcont);
  459. $taggedUser = substr($checkForUserTag, 1, -1);
  460. if(file_exists("ssb_db/users/" . $taggedUser . ".name")) {
  461. if($taggedUser!=$postowner) {
  462. $tagged_notifications = file_get_contents("ssb_db/friends/" . $taggedUser . ".notifications");
  463. file_put_contents("ssb_db/friends/" . $taggedUser . ".notifications", "<b>$username</b> <a href='index.php?view=$pid&user=$postowner'>tagged you in a comment</a>\n" . $tagged_notifications);
  464. }
  465. }
  466. $replydate = date("m-d-Y h:i:sa"); // time stamp for people to read xD
  467. $body = nl2br(htmlentities(stripcslashes($_POST['body'])));
  468. //$username = stripcslashes(htmlentities($username));
  469. $old_content = file_get_contents("ssb_db/posts/" . $post_file_name);
  470. $reply_count = file_get_contents("ssb_db/posts/reply_" . $postowner . "_" . $pid . ".count");
  471. $reply_count = $reply_count+1;
  472. $post_string = "<?php \n\$reply" . $reply_count . " = \"" . $body . "\";\$reply" . $reply_count . "_user = \"" . $username . "\"; \$reply" . $reply_count . "_date = \"" . $replydate . "\";\n?>\n";
  473. file_put_contents("ssb_db/posts/" . $post_file_name, $old_content . $post_string);
  474. file_put_contents("ssb_db/posts/reply_" . $postowner . "_" . $pid . ".count", $reply_count);
  475. if($username!=$postowner) {
  476. $owner_notifications = file_get_contents("ssb_db/friends/" . $postowner . ".notifications");
  477. file_put_contents("ssb_db/friends/" . $postowner . ".notifications", "<b>$username</b> <a href='index.php?view=$pid&user=$postowner'>replied to your post</a>\n" . $owner_notifications);
  478. }
  479. echo "If you're seeing this; redirection failed: <a href=\"?view=$pid&user=$postowner\">Click Here</a><br>";
  480. header( "Location: minimum.php?view=$pid&user=$postowner" );
  481. }
  482. else
  483. {
  484. echo "ERROR: Missing form data<br>";
  485. }
  486. }
  487. }
  488. }
  489. if($do=="delpost")
  490. {
  491. if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
  492. include "ssb_db/users/" . $username . ".php";
  493. if($user_password === $_SESSION['ssb-pass']) {
  494. if(isset($_GET['user']) && $_GET['user']!="" && isset($_GET['pid']) && $_GET['pid']!="") {
  495. if(file_exists("ssb_db/posts/post_" . stripslashes($_GET['user']) . "_" . stripslashes($_GET['pid']) . ".php") && $username == stripslashes($_GET['user'])) {
  496. $postuser = $_GET['user'];
  497. $pid = $_GET['pid'];
  498. unlink("ssb_db/posts/" . $pid . ".post");
  499. unlink("ssb_db/posts/post_" . $postuser . "_" . $pid . ".php");
  500. unlink("ssb_db/posts/reply_" . $postuser . "_" . $pid . ".count");
  501. echo "Post successfully deleted! <a href='index.php'>redirecting</a> in 3 seconds...<br />";
  502. header("refresh: 3;url=minimum.php");
  503. exit;
  504. } else { echo "ERROR: post doesn't exist or YOU ARE NOT THE OWNER OF SAID POST... THIS incident has been recorded!"; file_put_contents("ssb_db/log.txt", "Post deletion error: IP <" . $_SERVER['REMOTE_ADDR'] . "> post not found or not users post: post_" . $postuser . "_" . $pid . ".php\n"); }
  505. } else { echo "ERROR: USER and PID variables not set!"; }
  506. } else { echo "ERROR: PASSWORD FOR USER INCORRECT! IP LOGGED!"; file_put_contents("ssb_db/log.txt", "PASS MISMATCH: IP <" . $_SERVER['REMOTE_ADDR'] . "> Cookie spoofing detected from remote client!!!\n"); }
  507. }
  508. }
  509. if($do=="clrnote")
  510. {
  511. if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
  512. include "ssb_db/users/" . $username . ".php";
  513. if($user_password === $_SESSION['ssb-pass']) {
  514. unlink("ssb_db/friends/" . $username . ".notifications");
  515. header("Location: minimum.php");
  516. exit;
  517. } else { echo "ERROR: PASSWORD FROM COOKIE INCORRECT! IP RECORDED!"; file_put_contents("ssb_db/log.txt", "PASS MISMATCH: IP <" . $_SERVER['REMOTE_ADDR'] . "> Cookie spoofing detected from remote client!!!\n"); }
  518. }
  519. }
  520. if($do=="clrpending")
  521. {
  522. if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
  523. include "ssb_db/users/" . $username . ".php";
  524. if($user_password === $_SESSION['ssb-pass']) {
  525. unlink("ssb_db/friends/" . $username . ".pending");
  526. header("Location: minimum.php?do=friends");
  527. exit;
  528. } else { echo "ERROR: PASSWORD FROM COOKIE INCORRECT! IP RECORDED!"; file_put_contents("ssb_db/log.txt", "PASS MISMATCH: IP <" . $_SERVER['REMOTE_ADDR'] . "> Cookie spoofing detected from remote client!!!\n"); }
  529. }
  530. }
  531. // Server admin can just delete ssb_db
  532. /*if($do=="clean")
  533. {
  534. if($_POST['password']!="" && $_POST['password']==$pw)
  535. {
  536. $db_content = glob("ssb_db/" . '*', GLOB_MARK);
  537. foreach($db_content as $file)
  538. {
  539. unlink($file);
  540. }
  541. rmdir("ssb_db");
  542. echo "Database Cleaned<br>";
  543. }
  544. else
  545. {
  546. echo "ERROR: Wrong Password<br>";
  547. }
  548. }*/
  549. // grab session values and send friend request functions.
  550. if($do=="sendfr") {
  551. if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
  552. if(isset($_POST['user']) || isset($_GET['user'])) {
  553. //check if user exists first lol
  554. if(isset($_POST['user'])) {
  555. $givenUser = htmlentities(stripcslashes($_POST['user']));
  556. } else {
  557. $givenUser = htmlentities(stripcslashes($_GET['user']));
  558. }
  559. //check if user exists first lol
  560. if(file_exists("ssb_db/users/" . $givenUser . ".php")) {
  561. include "ssb_db/users/" . $givenUser . ".php";
  562. if($accttype == "private") {
  563. sendFriendRequest($_SESSION['ssb-user'], $givenUser);
  564. echo "Follow request sent to " . $givenUser . " <a href='minimum.php?do=friends'>redirecting</a> in 3 seconds";
  565. header("refresh: 3;url=minimum.php?do=friends");
  566. } else if($accttype == "public") {
  567. acceptPublicFriendRequest($username, $givenUser);
  568. header("Location: minimum.php?do=friends");
  569. } else {
  570. echo "ERROR: Issues parsing account type...";
  571. }
  572. } else {
  573. echo "Error: Provided username does not exist in the database!";
  574. }
  575. } else {
  576. echo "Error: users not set in GET value...";
  577. }
  578. }
  579. }
  580. if($do=="accfr") {
  581. if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
  582. if(isset($_GET['user']) && isset($_GET['friend'])) {
  583. acceptFriendRequest(stripslashes($_GET['user']), stripslashes($_GET['friend']));
  584. echo "Accepted friend request from " . htmlentities(stripslashes($_GET['friend'])) . " <a href='minimum.php?do=friends'>redirecting</a> in 3 seconds";
  585. header("refresh: 3;url=minimum.php?do=friends");
  586. } else {
  587. echo "Error: users not set in GET &amp; SESSION value...";
  588. }
  589. }
  590. }
  591. if($do=="userctrl")
  592. {
  593. if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
  594. // Beginning of user control panel
  595. echo "<h3>User control panel</h3>";
  596. echo "<a class='button' href='minimum.php?forms=changepass'>Change password</a><br />";
  597. echo "<a class='button' href='minimum.php?forms=avatarupload'>Upload avatar</a><br />";
  598. }
  599. }
  600. if($do=="changepass")
  601. {
  602. if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
  603. // Beginning password change
  604. // inputs
  605. $oldPassInput = htmlentities(stripslashes($_POST['oldpass']));
  606. $newPassInput = htmlentities(stripslashes($_POST['password']));
  607. $passwordAgainInput = htmlentities(stripslashes($_POST['password_again']));
  608. include "ssb_db/users/" . $username . ".php";
  609. if(sha1(md5($oldPassInput)) == $user_password) {
  610. if($newPassInput == $passwordAgainInput) {
  611. $oldcontent = file_get_contents("ssb_db/users/" . $username . ".php");
  612. $passString = "<?php \$user_password = \"" . sha1(md5($newPassInput)) . "\"; ?>\n";
  613. file_put_contents("ssb_db/users/" . $username . ".php", $oldcontent . $passString);
  614. echo "Password changed, <a href='minimum.php'>redirecting</a> in 3 seconds";
  615. $_SESSION['ssb-user'] = null;
  616. $_SESSION['ssb-pass'] = null;
  617. header("refresh: 3;url=minimum.php");
  618. }
  619. } else { echo "ERROR: password incorrect! IP recorded for constant monitoring of possible bots!"; file_put_contents("ssb_db/log.txt", "PASS MISMATCH: IP <" . $_SERVER['REMOTE_ADDR'] . "> Cookie spoofing detected from remote client!!!\n"); }
  620. }
  621. }
  622. if($do=="privmsg")
  623. {
  624. if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
  625. //check if friend is set
  626. if(!isset($_GET['friend'])) { echo "ERROR: No username defined!"; exit(1); } else {
  627. // set friend username
  628. $friendNick = htmlentities(stripslashes($_GET['friend']));
  629. $friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
  630. include "ssb_db/friends/" . $username . ".php";
  631. for($x = 1; $x <= $friendcount; $x++)
  632. {
  633. if($friendNick == ${"friend" . $x}) {
  634. ?>
  635. <script language="javascript" type="text/javascript">
  636. <!--
  637. var httpObject = null;
  638. var link = "";
  639. var timerID = 0;
  640. var friendNick = "<?php echo $friendNick; ?>";
  641. var nickName = "<?php echo $_SESSION['ssb-user']; ?>";
  642. var userColor = "<?php echo $_SESSION['ssb-color'];; ?>";
  643. // Get the HTTP Object
  644. function getHTTPObject() {
  645. if (window.ActiveXObject) return new ActiveXObject("Microsoft.XMLHTTP");
  646. else if (window.XMLHttpRequest) return new XMLHttpRequest();
  647. else {
  648. alert("Your browser does not support AJAX.");
  649. return null;
  650. }
  651. }
  652. // Change the value of the outputText field
  653. function setHtml() {
  654. if(ajaxVar.readyState == 4){
  655. var response = ajaxVar.responseText;
  656. var msgBox = document.getElementById("msgs");
  657. msgBox.innerHTML += response;
  658. msgBox.scrollTop = msgBox.scrollHeight;
  659. }
  660. }
  661. // Change the value of the outputText field
  662. function setAll() {
  663. if(ajaxVar.readyState == 4){
  664. var response = ajaxVar.responseText;
  665. var msgBox = document.getElementById("msgs");
  666. msgBox.innerHTML = response;
  667. msgBox.scrollTop = msgBox.scrollHeight;
  668. }
  669. }
  670. // Implement business logic
  671. function serverWrite() {
  672. ajaxVar = getHTTPObject();
  673. if (ajaxVar != null) {
  674. link = "chatserver.php?nick="+nickName+"&friend="+friendNick+"&msg="+document.getElementById('msg').value;
  675. ajaxVar.open("GET", link , true);
  676. ajaxVar.onreadystatechange = setHtml;
  677. ajaxVar.send(null);
  678. }
  679. }
  680. function getInput() {
  681. // Send the server function the input
  682. var userInput = document.getElementById('msg');
  683. serverWrite(userInput.value);
  684. // Clean out the input values
  685. var msgBar = document.getElementById("msg");
  686. msgBar.value = "";
  687. msgBar.focus();
  688. }
  689. // Implement business logic
  690. function serverReload() {
  691. ajaxVar = getHTTPObject();
  692. //var randomnumber=Math.floor(Math.random()*10000);
  693. if (ajaxVar != null) {
  694. link = "chatserver.php?get=<?php echo $friendNick; ?>";
  695. ajaxVar.open("GET", link , true);
  696. ajaxVar.onreadystatechange = setAll;
  697. ajaxVar.send(null);
  698. }
  699. }
  700. function UpdateTimer() {
  701. serverReload();
  702. setTimeout(UpdateTimer, 1000);
  703. }
  704. function keypressed(e) {
  705. if(e.keyCode=='13'){
  706. getInput();
  707. }
  708. }
  709. //-->
  710. </script>
  711. <div class="replycontain">
  712. <?php
  713. // Header
  714. include "ssb_db/users/" . $friendNick . ".php";
  715. echo "<h3><a href='?userfeed=" . $friendNick . "'>" . $friendNick . ": " . $user_fullname . "</a></h3>";
  716. ?>
  717. <div id="msgs">
  718. <?php
  719. echo "<div class=\"msgbox\">";
  720. echo "</div>";
  721. ?>
  722. </div>
  723. <div id="msgbox" style="padding-left: 6px;" onkeyup="keypressed(event);">
  724. <button onclick="javascript:wrapBBCode('i');">Italic</button>
  725. <button onclick="javascript:wrapBBCode('u');">Underline</button>
  726. <button onclick="javascript:wrapBBCode('b');">Bold</button>
  727. <button onclick="javascript:wrapBBCode('img');">Image</button>
  728. <button onclick="javascript:wrapBBCode('url');">URL</button><br />
  729. <textarea style="width: 98%;" name="msg" id="msg"></textarea>
  730. <button style="width: 50px;" onclick="getInput();">Send</button>
  731. </div>
  732. </div>
  733. <?php
  734. } // Check friend end
  735. } // Check loop end
  736. } // GET friend set end
  737. } // session check end
  738. } // function end
  739. if($do=="about")
  740. {
  741. echo "<h2>About</h2>";
  742. echo "<div class='dllink'><a class='button' href='download/securespace-v1.0.0.apk'>Download for Android!</a></div>";
  743. echo $desc;
  744. echo "<br /><br />";
  745. echo "$ssbtitle statistics: ";
  746. getUserCount();
  747. echo "; ";
  748. getPostCount();
  749. echo "; ";
  750. getUploadFileCount();
  751. }
  752. if($do=="friends")
  753. {
  754. if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
  755. $friendpend = "ssb_db/friends/" . $username . ".pending";
  756. $handle = fopen($friendpend, "r");
  757. echo "<h3>Friend requests</h3> <a class='button' href='?do=clrpending'>Clear history</a> <a class='button' href='?forms=friendreq'>Send friend request</a>";
  758. echo "<div class='notifications'>";
  759. if ($handle) {
  760. while (($line = fgets($handle)) !== false) {
  761. echo "Pending friend request from " . $line . "! <a class='button' href='?do=accfr&friend=" . $line . "&user=" . $username . "'>Accept</a><br />";
  762. }
  763. fclose($handle);
  764. } else {
  765. echo "No pending friend requests<br />";
  766. }
  767. echo "</div>";
  768. // Friends list if you have any.
  769. echo "<h3>Friends list</h3><br />";
  770. $friendc = file_get_contents("ssb_db/friends/" . $username . ".count");
  771. if($friendc == "0")
  772. {
  773. echo "<b style='color:red;'>We're sorry... no friends found on your user account...</b>";
  774. }
  775. else
  776. {
  777. $friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
  778. include "ssb_db/friends/" . $username . ".php";
  779. echo "<table class='friendslist'>";
  780. for($x = 1; $x <= $friendcount; $x++)
  781. {
  782. if(isset(${"friend" . $x})) {
  783. echo "<tr><td>" . ${"friend" . $x} . "</td><td><a class='button' href='?userfeed=" . ${"friend" . $x} . "'>View user profile</a></td><td><a class='button' href='?do=privmsg&friend=" . ${"friend" . $x} . "'>Private message</a></td></tr>";
  784. }
  785. }
  786. echo "</table>";
  787. }
  788. }
  789. }
  790. if($do=="login")
  791. {
  792. $username = $_POST['username'];
  793. if(file_exists("ssb_db/users/$username.php")) {
  794. include_once("ssb_db/users/$username.php");
  795. if($user_password==sha1(md5($_POST['password']))) {
  796. $pass = $user_password;
  797. $user = $username;
  798. $color = $user_color;
  799. $_SESSION['ssb-user'] = $user;
  800. $_SESSION['ssb-pass'] = $pass;
  801. $_SESSION['ssb-color'] = $color;
  802. header("Location: minimum.php");
  803. } else {
  804. echo "Wrong password!";
  805. }
  806. } else {
  807. echo "User $username not found!";
  808. }
  809. }
  810. // Push user avatar to specific avatar image location
  811. if($do=="avatarlocation")
  812. {
  813. if(isset($_GET['user'])) {
  814. $user = htmlentities(stripslashes($_GET['user']));
  815. include "ssb_db/users/" . $user . ".php";
  816. if(file_exists("ssb_db/uploads/" . $user_avatar)) {
  817. echo "Direct to: ssb_db/uploads/" . $user_avatar;
  818. header("Location: ssb_db/uploads/" . $user_avatar . "");
  819. exit;
  820. } else {
  821. echo "Direct to: data/defaultprofile.png";
  822. header("Location: data/defaultprofile.png");
  823. exit;
  824. }
  825. } else {
  826. echo "User is NOT set!";
  827. }
  828. }
  829. if($do=="logout")
  830. {
  831. $_SESSION['ssb-user'] = null;
  832. $_SESSION['ssb-pass'] = null;
  833. header("Location: minimum.php?forms=login");
  834. }
  835. if($do=="register")
  836. {
  837. if($_POST['username']!="" && $_POST['password']!="" && $_POST['password-again']!="" && $_POST['fullname']!="" && isset($_POST['acct'])) {
  838. if($_POST['password']==$_POST['password-again']) {
  839. if(!preg_match('/[^a-z0-9]/i', $_POST['username'])) {
  840. if(!file_exists("ssb_db/users/" . $_POST['username'] . ".php")) {
  841. $colors = array("0000ff", "9900cc", "0080ff", "008000", "ededed");
  842. $acct = $_POST['acct'];
  843. file_put_contents("ssb_db/users/" . stripslashes(htmlentities($_POST['username'])) . ".php", "<?php\n\$accttype = \"" . $acct . "\";\n\$user_password = \"" . sha1(md5($_POST['password'])) . "\";\n \$user_color = \"" . $colors[array_rand($colors)] . "\"; \$user_fullname = \"" . stripslashes(htmlentities($_POST['fullname'])) . "\"; \$user_avatar = \"../../data/defaultprofile.png\"; \n?>");
  844. file_put_contents("ssb_db/users/" . stripslashes(htmlentities($_POST['username'])) . ".name", stripslashes(htmlentities($_POST['username'])));
  845. file_put_contents("ssb_db/users/" . stripslashes(htmlentities($_POST['username'])) . ".postnumber", "0");
  846. file_put_contents("ssb_db/friends/" . stripslashes(htmlentities($_POST['username'])) . ".count", "0");
  847. file_put_contents("ssb_db/friends/" . stripslashes(htmlentities($_POST['username'])) . ".php", "<?php ?>\n");
  848. header("Location: minimum.php");
  849. } else {
  850. header("Location: minimum.php?notify=6");
  851. }
  852. } else {
  853. header("Location: minimum.php?notify=5");
  854. }
  855. } else {
  856. header("Location: minimum.php?notify=4");
  857. }
  858. } else {
  859. header("Location: minimum.php?notify=3");
  860. }
  861. header("Location: minimum.php");
  862. }
  863. }
  864. else if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass']))
  865. {
  866. loginForm();
  867. }
  868. else
  869. {
  870. // Watch feed, lets generate pages while we're at it
  871. $pagecall = $_GET['page'];
  872. $postcount = 1;
  873. if(isset($pagecall) && $pagecall!="")
  874. {
  875. if($pagecall == "1")
  876. {
  877. $poststart = $postcount;
  878. }
  879. else
  880. {
  881. $poststart = ($pagecall - 1) * 15; // 15 posts per page
  882. }
  883. }
  884. else
  885. {
  886. $poststart = $postcount;
  887. }
  888. // Lets actually generate some feed now.
  889. foreach(array_reverse(glob("ssb_db/posts/*.post")) as $postfile) {
  890. $postphp = file_get_contents($postfile);
  891. include "ssb_db/posts/$postphp";
  892. $friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
  893. include "ssb_db/friends/" . $username . ".php";
  894. for($x = 1; $x <= $friendcount; $x++)
  895. {
  896. if($postowner == ${"friend" . $x}) {
  897. // Found a post, post count goes up!
  898. $postcount++;
  899. if($poststart == "1" && $postcount < ($poststart + 15)) {
  900. echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span style='font-size: 11px; padding-left: 6px; color: #808080;'>$postdate</span><br /><a href='minimum.php?view=$postid&user=$postowner'>reply</a></h3></td></tr></table>";
  901. echo "" . bbcode_format($postcontent) . "";
  902. echo "</div><br />\n";
  903. }
  904. if($poststart > "1" && $postcount > $poststart && $postcount < ($poststart + 15)) {
  905. echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span style='font-size: 11px; padding-left: 6px; color: #808080;'>$postdate</span><br /><a href='minimum.php?view=$postid&user=$postowner'>reply</a></h3></td></tr></table>";
  906. echo "" . bbcode_format($postcontent) . "";
  907. echo "</div><br />\n";
  908. }
  909. }
  910. }
  911. if($postowner == $username)
  912. {
  913. // Found a post, post count goes up!
  914. $postcount++;
  915. if($poststart == "1" && $postcount < ($poststart + 15)) {
  916. echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span style='font-size: 11px; padding-left: 6px; color: #808080;'>$postdate</span><br /><a href='minimum.php?view=$postid&user=$postowner'>reply</a> &bull; <a href='minimum.php?do=delpost&user=$username&pid=$postid'>delete post</a></h3></td></tr></table>";
  917. echo "" . bbcode_format($postcontent) . "";
  918. echo "</div><br />\n";
  919. }
  920. if($poststart > "1" && $postcount > $poststart && $postcount < ($poststart + 15)) {
  921. echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span style='font-size: 11px; padding-left: 6px; color: #808080;'>$postdate</span><br /><a href='minimum.php?view=$postid&user=$postowner'>reply</a> &bull; <a href='minimum.php?do=delpost&user=$username&pid=$postid'>delete post</a></h3></td></tr></table>";
  922. echo "" . bbcode_format($postcontent) . "";
  923. echo "</div><br />\n";
  924. }
  925. }
  926. }
  927. // Page button generation
  928. echo "<div class='page-controls'>";
  929. if($poststart > "1") {
  930. $prevpage = $poststart / 15;
  931. echo "<a href='minimum.php?page=$prevpage'>Prev page</a>";
  932. }
  933. if($poststart == "1" && $postcount > ($poststart + 15)) {
  934. echo "<a href='minimum.php?page=2'>Next page</i></a>";
  935. }
  936. if($poststart > "1" && $postcount > ($poststart + 15)) {
  937. $nextpage = ($poststart / 15) + 2;
  938. echo "&bull; <a href='minimum.php?page=$nextpage'>Next page</i></a>";
  939. }
  940. echo "</div>";
  941. }
  942. ?>
  943. <br /><br />
  944. <center style="background-color: #555555; padding 3px;">Powered By SSB <?php echo $version; ?></center>
  945. </div> <!-- main contain -->
  946. </body>
  947. </html>