The_Master_Chief
asked on
Novice user needs help
I am running Win 2K server SP4 with php installed as well as mysql.
I am hosting with IIS.
the error I get when I open index.php in my browser is this:
Notice: Undefined index: Language in f:\inetpub\wwwroot\library
Notice: Undefined variable: languagebase_dir in f:\inetpub\wwwroot\library
Notice: Undefined variable: language_user in f:\inetpub\wwwroot\library
Notice: Undefined variable: languagebase_dir in f:\inetpub\wwwroot\library
Notice: Undefined variable: language_default in f:\inetpub\wwwroot\library
Warning: main(//variables.php): failed to open stream: Invalid argument in f:\inetpub\wwwroot\library
Fatal error: main(): Failed opening required '//variables.php' (include_path='.;c:\php4\p
I am hosting with IIS.
the error I get when I open index.php in my browser is this:
Notice: Undefined index: Language in f:\inetpub\wwwroot\library
Notice: Undefined variable: languagebase_dir in f:\inetpub\wwwroot\library
Notice: Undefined variable: language_user in f:\inetpub\wwwroot\library
Notice: Undefined variable: languagebase_dir in f:\inetpub\wwwroot\library
Notice: Undefined variable: language_default in f:\inetpub\wwwroot\library
Warning: main(//variables.php): failed to open stream: Invalid argument in f:\inetpub\wwwroot\library
Fatal error: main(): Failed opening required '//variables.php' (include_path='.;c:\php4\p
Michael701
please post your code so we can get more info.
ASKER
<?
##########################
#
# project : phpBazar
# filename : index.php
# purpose : Index (Start) File
#
##########################
# Include Configs & Variables
##########################
require ("library.php");
# The Head-Section
##########################
include ($HEADER);
# The Main-Section
##########################
#echo"<p> \n";
echo" <table align=\"center\" border=\"0\" cellspacing=\"0\" cellpadding=\"1\" width=\"$wel_table_width\"
echo" <tr>\n";
echo" <td class=\"class1\">\n";
echo" <table align=\"center\" border=\"0\" cellspacing=\"0\" cellpadding=\"10\" width=\"100%\">\n";
echo" <tr>\n";
echo" <td class=\"class2\">\n";
include ("$language_dir/welcome.in
echo" </td>\n";
echo" </tr>\n";
echo" </table>\n";
echo" </td>\n";
echo" </tr>\n";
echo" </table>\n";
# The Foot-Section
##########################
include ($FOOTER);
# Browser Detection
##########################
#include ("$language_dir/browser.in
?>
That was the index.php now here is library.php
<?
##########################
#
# project : phpBazar
# filename : library.php
# purpose : Library File
#
##########################
# Include Configs & Variables
##########################
require("config.php");
if ($HTTP_COOKIE_VARS["Langua
$language_user=$HTTP_COOKI
}
$language_dir=$languagebas
if (!is_file("$language_dir/v
require("$language_dir/var
if (is_file("sales.php")) {
include ("sales.php");
require("$language_dir/sal
}
list($USERNAME)=explode(":
if (!strstr("$PHP_SELF","fram
mysql_connect($server, $db_user, $db_pass);
mysql_db_query($database, "INSERT INTO useronline VALUES ('$timestamp','$ip','$PHP_
mysql_close();
}
##########################
# Functions
##########################
function died($message) { //when we die, than with a nice window ;-)
if(!$message) {
$message = "There was an unknown error !";
}
$errormessage=rawurlencode
echo "<script language=\"JavaScript\">
history.back(1);
var winl = (screen.width - 300) / 2;
var wint = (screen.height - 150) / 2;
window.open(\"message.php?
</script>\n";
exit;
}
function memberfield($signup,$field
global $database,$server,$db_user
,$ad_no,$ad_yes;
$retval=false;
mysql_connect($server, $db_user, $db_pass);
$result=mysql_db_query($da
$field=mysql_fetch_array($
if ($field[value]=="yes" && ($signup=="0" || ($signup=="1" && $field[value2]=="yes") || ($signup=="2" && $field[value5]=="yes")) ) { // if enabled
if ($signup=="2") {
// show Memberdetails
if ($field[value3]!="checkbox
if ($fieldname=="homepage") {
if ($value && substr($value,0,7)!="http://") {$value="http://".$value;}
$retval="
<tr>
<td class=\"gbtable2\"><div class=\"maininputleft\">$n
<td class=\"gbtable2\"><div class=\"maininputright\"><
</tr>
";
} else {
$retval="
<tr>
<td class=\"gbtable2\"><div class=\"maininputleft\">$n
<td class=\"gbtable2\"><div class=\"maininputright\">"
</tr>
";
}
} else {
$retval="
<tr>
<td class=\"gbtable2\"><div class=\"maininputleft\">$n
";
if ($value) {
$retval.="
<td class=\"gbtable2\"><img src=\"$image_dir/icons/che
onmouseover=\"window.statu
onmouseout=\"window.status
} else {
$retval.="
<td class=\"gbtable2\"><img src=\"$image_dir/icons/sig
onmouseover=\"window.statu
onmouseout=\"window.status
}
$retval.="
</tr>";
}
} else {
// signup
if (($signup=="1" || $signup=="0") && $field[value5]=="yes") {$publicinfo="$memb_newpub
if ($field[value3]=="text" || $field[value3]=="") {
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><input type=text name=\"$field[name]\" value=\"".htmlspecialchars
</tr>
";
} elseif ($field[value3]=="url") {
if (!$value) {$value="http://";} elseif ($value && substr($value,0,7)!="http://") {$value="http://".$value;}
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><input type=text name=\"$field[name]\" value=\"".htmlspecialchars
</tr>
";
} elseif ($field[value3]=="select")
if (!$value) {
$optionstr.="<option value=\"\">--------</optio
}
if (is_file("./$language_dir/
$filename = "./$language_dir/$field[va
$fd = fopen ($filename, "r");
$optionstr.= str_replace("\"$value\"","
fclose ($fd);
} else {
$options=explode("|",$fiel
for ($i=0; $i<count($options); $i++) {
if (!$signup && $options[$i]=="$value") {$selected="SELECTED";} else {$selected="";}
$optionstr.="<option value=\"".htmlspecialchars
}
}
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><select name=\"$field[name]\">
$optionstr
</select></td>
</tr>
";
} elseif ($field[value3]=="checkbox
if ($signup && $field[value4]) $checked="CHECKED";
if (!$signup && $value) $checked="CHECKED";
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><input type=checkbox name=\"$field[name]\" $checked></td>
</tr>
";
}
}
}
mysql_close();
return $retval;
}
function adfield($cat,$fieldname,$n
global $database,$server,$db_user
$retval=false;
$result=mysql_db_query($da
$field=mysql_fetch_array($
if ($field[value2]=="yes") { // if enabled
if ($field[value3]=="text" || $field[value3]=="url" || $field[value3]=="") {
if (!$value) {$value=$field[value4];}
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><input type=text name=\"in[$field[name]]\" value=\"".htmlspecialchars
</tr>
";
if ($field[value3]=="url") {$retval.="<!--url-->";}
} elseif ($field[value3]=="select")
if (!$value) {
$optionstr.="<option value=\"\">--------</optio
}
if (is_file("./$language_dir/
$filename = "./$language_dir/$field[va
$fd = fopen ($filename, "r");
$optionstr.= str_replace("\"$value\"","
fclose ($fd);
} else {
$options=explode("|",$fiel
for ($i=0; $i<count($options); $i++) {
if (!$signup && $options[$i]=="$value") {$selected="SELECTED";} else {$selected="";}
$optionstr.="<option value=\"".htmlspecialchars
}
}
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><select name=\"in[$field[name]]\">
$optionstr
</select> $field[value5] </td>
</tr>
";
} elseif ($field[value3]=="checkbox
if ($signup && $field[value4]) $checked="CHECKED";
if (!$signup && $value) $checked="CHECKED";
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><input type=checkbox name=\"in[$field[name]]\" $checked></td>
</tr>
";
}
}
return $retval;
}
function adfieldunit($cat,$fieldnam
global $database;
$retval=false;
$result=mysql_db_query($da
$field=mysql_fetch_array($
if ($field[value5]) {$retval=$field[value5];}
return $retval;
}
function searchfield($cat,$fieldnam
global $database,$server,$db_user
$retval=false;
$result=mysql_db_query($da
$field=mysql_fetch_array($
if ($field[value2]=="yes" && $field[value6]!="no") { // if enabled
if ($field[value3]=="text" || $field[value3]=="") {
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><input type=\"text\" name=\"in[$field[name]]\" value=\"".htmlspecialchars
</tr>
";
} elseif ($field[value3]=="select")
if (!$value) {
$optionstr="<option value=\"\">--------</optio
}
if (is_file("./$language_dir/
$filename = "./$language_dir/$field[va
$fd = fopen ($filename, "r");
$optionstr.= str_replace("\"$value\"","
fclose ($fd);
} else {
$options=explode("|",$fiel
for ($i=0; $i<count($options); $i++) {
if (!$signup && $options[$i]=="$value") {$selected="SELECTED";} else {$selected="";}
$optionstr.="<option value=\"".htmlspecialchars
}
}
if ($field[value6]=="minmax")
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><select name=\"in[$field[name]]\">
$optionstr
</select> - <select name=\"in2[$field[name]]\"
$optionstr
</select> $field[value5] </td>
</tr>
";
} else {
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><select name=\"in[$field[name]]\">
$optionstr
</select> $field[value5] </td>
</tr>
";
}
} elseif ($field[value3]=="checkbox
if ($signup && $field[value4]) $checked="CHECKED";
if (!$signup && $value) $checked="CHECKED";
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><input type=checkbox name=\"in[$field[name]]\" $checked></td>
</tr>
";
}
}
return $retval;
}
function logging($db,$uid,$username
global $logging_enable,$database,
if ($logging_enable) {
if ($db) {mysql_connect($server, $db_user, $db_pass);}
mysql_db_query($database, "INSERT INTO logging (timestamp,userid,username
VALUES ('$timestamp','$uid','$use
if ($db) {mysql_close();}
}
}
function getfile($filename) {
$fd = fopen ($filename, "r");
$contents = fread ($fd, filesize ($filename));
fclose ($fd);
return $contents;
}
function addslashesnew($string) {
if (get_magic_quotes_gpc()==1
return $string;
} else {
return addslashes($string);
}
}
function suppr($file) {
$delete = @unlink($file);
if (@file_exists($file)) {
$filesys = eregi_replace("/","\\",$fi
$delete = @system("del $filesys");
if (@file_exists($file)) {
$delete = @chmod ($file, 0775);
$delete = @unlink($file);
$delete = @system("del $filesys");
}
}
}
function dateToTime($date) { //input Format 2000-11-24, output Format: Unixtimestamp
list($y,$m,$d)=explode("-"
return mktime(0,0,0,$m,$d,$y);
}
function dateToStr($date) { //input Format 2000-11-24, output
global $dateformat;
if ($date!="0000-00-00 00:00:00") {
$temp=explode(" ",$date);
list($y,$m,$d)=explode("-"
list($hh,$mm,$ss)=explode(
return date($dateformat,mktime($h
}
}
function str_repeats($input, $mult) { //str_repeat() - replacement (backward-comp.)
$ret = "";
while ($mult > 0) {
$ret .= $input;
$mult --;
}
return $ret;
}
function isbanned($userid) {
global $ip,$database;
$ban_query = mysql_db_query($database, "SELECT * FROM banned_ips") or died("Database Query Error");
while ($ips = mysql_fetch_row($ban_query
if ($ips["0"] == $ip) {
return 1;
exit;
}
}
if ($userid) { // if $userid is empty IGNORE user_banned_check
$ban_query2 = mysql_db_query($database, "SELECT * FROM banned_users") or died("Database Query Error");
while ($users = mysql_fetch_row($ban_query
if ($users["0"] == $userid) {
return 1;
exit;
}
}
}
return 0;
}
function encode_msg ($msg) {
global $image_dir,$database;
if ($msg) {
$msg = addslashesnew($msg); // Add SQL compatibilty
$msg = str_replace("\n", "<BR>", $msg); // Replace newline with <br>
$result = mysql_db_query($database, "SELECT * FROM smilies") or died("Query Error");
while ($db = mysql_fetch_array($result)
$msg = str_replace($db[code], "<img src=".$image_dir."/smilies
}
}
return $msg;
}
function decode_msg ($msg) {
global $image_dir,$database;
if ($msg) {
# $msg = stripslashes($msg); // Remove SQL compatibilty
$msg = str_replace("<BR>", "\n", $msg); // Replace newline with <br>
$result = mysql_db_query($database, "SELECT * FROM smilies") or died("Query Error");
while ($db = mysql_fetch_array($result)
$msg = str_replace("<img src=".$image_dir."/smilies
}
}
return $msg;
}
function wordwrap_msg($msg, $maxwordlen=40) { // Looooooong String Break
$eachword = explode(" " , eregi_replace("<BR>"," ",$msg)); // temp remove <BR>
for ($i=0; $i<count($eachword); $i++) {
if (strlen($eachword[$i])>$ma
$msg = eregi_replace($eachword[$i
}
}
return $msg;
}
function badwords ($msg,$mod) {
global $database;
$msg=wordwrap_msg($msg);
$eachword = explode(" " , eregi_replace("<BR>"," ",$msg)); // temp remove <BR>
$result = mysql_db_query($database, "SELECT * FROM badwords") or died("Query Error");
while ($db = mysql_fetch_array($result)
for ($i=0; $i<count($eachword); $i++) {
if (is_int(strpos($eachword[$
if ($mod) {
$msg = eregi_replace($eachword[$i
} else {
$msg = eregi_replace($eachword[$i
}
}
}
}
return $msg;
}
function badwordsmail ($msg) {
global $database;
$eachword = explode(" ",$msg);
$result = mysql_db_query($database, "SELECT * FROM badwords") or died("Query Error");
while ($db = mysql_fetch_array($result)
for ($i=0; $i<count($eachword); $i++) {
if (is_int(strpos($eachword[$
$msg = eregi_replace($eachword[$i
}
}
}
return stripslashes($msg);
}
function strip_array ($in) { //foreach()-Replacement !!!
reset($in);
while ($array=each($in)) {
$ckey=$array['key'];
$cvalue=$array['value'];
$cvalue = str_replace("'", "''", $cvalue);
$cvalue = stripslashes($cvalue);
$cvalue = strip_tags($cvalue);
$out[$ckey] = $cvalue;
}
return $out;
}
function open_sales_window($value="
echo "<script language=javascript>
window.open(\"sales_buy.ph
location.replace('classifi
</script>";
}
function ico_email($value,$align="l
global $sales_lang_noaccess,$ad_s
if (!$value) {
echo "<a href=\"sales_buy.php\"
onClick='enterWindow=windo
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/ema
</a>\n";
} else {
echo "<a href=\"sendmail.php?$value
onClick='enterWindow=windo
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/ema
}
}
function ico_icq($value,$align="lef
global $sales_lang_noaccess,$ad_i
if (!$value) {
echo "<a href=\"sales_buy.php\"
onClick='enterWindow=windo
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/icq
</a>\n";
} else {
echo "<a href=\"http://wwp.icq.com/".$value."\" target=\"_blank\"
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/icq
}
}
function ico_url($value,$align="lef
global $sales_lang_noaccess,$ad_g
if (!$value) {
echo "<a href=\"sales_buy.php\"
onClick='enterWindow=windo
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/hom
</a>\n";
} else {
echo "<a href=\"$value\" target=\"_blank\"
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/hom
}
}
function ico_friend($value,$align="
global $ad_sendlink,$image_dir;
echo " <a href=\"sendmail.php?value\
onClick='enterWindow=windo
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/lig
}
function ico_print($value,$align="l
global $ad_print,$image_dir;
echo " <a href=\"javascript:window.p
onClick='javascript:window
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/pri
}
function ico_favorits($value,$align
global $ad_favorits,$image_dir;
echo " <a href=\"favorits.php?$value
onClick='enterWindow=windo
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/che
}
function ico_adrating($value,$align
global $ad_rating,$image_dir;
echo " <a href=\"adrating.php?$value
onClick='enterWindow=windo
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/han
}
function ico_info($value,$align="le
global $ad_member,$image_dir;
echo " <a href=\"members.php?$value\
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/inf
}
# Classes
##########################
class authlib {
function register ($username, $password, $password2, $email, $sex, $acceptterms ,
$newsletter, $firstname, $lastname, $address, $zip, $city, $state, $country,
$phone, $cellphone, $icq, $homepage, $hobbys, $field1, $field2, $field3,
$field4, $field5, $field6, $field7, $field8, $field9, $field10 ) {
global $chat_interface,$chat_enab
$forum_interface,$forum_en
$gender,$genders,$admin_em
$database,$secret,$error,$
if (!$username || !$password || !$password2 || !$email || !$acceptterms) {
return $error[14];
} else {
if (!eregi("^[a-z0-9]+([_\\.-
# if (!eregi("^([a-z0-9]+)(([a-
return $error[4];
}
if ($sex == "") {
return $error[11];
}
if (strlen($username) < 3) {
return $error[1];
}
if (strlen($username) > 20) {
return $error[2];
}
if (!ereg("^[[:alnum:]_-]+$",
return $error[3];
}
if ($password != $password2) {
return $error[0];
}
if (strlen($password) < 3) {
return $error[5];
}
if (strlen($password) > 20) {
return $error[6];
}
if (!ereg("^[[:alnum:]_-]+$",
return $error[7];
}
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$query = mysql_query("select id from login where username = '$username'");
$result = mysql_num_rows($query);
if ($result > 0) {
mysql_close();
return $error[12];
}
$query = mysql_query("select id from userdata where email = '$email'");
$result = mysql_num_rows($query);
if ($result > 0) {
mysql_close();
return $error[13];
}
if ($no_confirmation) {
$is_success_first = mysql_query("insert into userdata (username, email, sex,
newsletter, firstname, lastname, address, zip, city, state, country,
phone, cellphone, icq, homepage, hobbys, field1, field2, field3,
field4, field5, field6, field7, field8, field9, field10, registered )
values ('$username', '$email', '$sex',
'$newsletter', '$firstname', '$lastname', '$address', '$zip', '$city', '$state', '$country',
'$phone', '$cellphone', '$icq', '$homepage', '$hobbys', '$field1', '$field2', '$field3',
'$field4', '$field5', '$field6', '$field7', '$field8', '$field9', '$field10', '$timestamp' )") or died(mysql_error());
if ($is_success_first) {
$is_success_second = mysql_query("insert into login (username, password) values ('$username', '$password')");
if ($is_success_second) {
// only if forum-interface
if ($is_success_second && $forum_database && $forum_enable && $forum_interface) {
include ("$forum_interface");
}
// only if chat-interface
if ($is_success_second && $chat_database && $chat_enable && $chat_interface) {
include ("$chat_interface");
}
}
}
$mailto = "$email";
$subject = "$mail_msg[0]";
$message = "$mail_msg[1]$username\n\n
$from = "From: $admin_email\r\nReply-to: $admin_email\r\n";
@mail($mailto, $subject, $message, $from);
if ($auto_login) {
$login=$this->login($usern
if ($login!="2") {
$retval="$error[15]";
} else {
$retval=3;
}
}
} else {
$hash = substr(md5($secret.$userna
$is_success = mysql_query("insert into confirm values
('$hash', '$username', '$password', '$email', '$sex', now(),
'$newsletter', '$firstname', '$lastname', '$address', '$zip', '$city', '$state',
'$country', '$phone', '$cellphone', '$icq', '$homepage', '$hobbys', '$field1',
'$field2', '$field3', '$field4', '$field5', '$field6', '$field7', '$field8',
'$field9', '$field10')") or died(mysql_error());
mysql_close();
if (!$is_success) {
return $error[16];
}
$confirmurl = ("$url_to_start" . "/confirm.php?hash=" . "$hash" . "&nick=" . "$username");
$aolconfirmurl = ("AOL: <A HREF=\" $url_to_start" . "/confirm.php?hash=" . "$hash" . "&nick=" . "$username \">CLICK HERE</A>");
$mailto = "$email";
$subject = "$mail_msg[0]";
if (strstr($mailto,"aol")) { // For AOL-Users
$message = "$mail_msg[1]$username\n\n
} else {
$message = "$mail_msg[1]$username\n\n
}
$from = "From: $admin_email\r\nReply-to: $admin_email\r\n";
@mail($mailto, $subject, $message, $from);
}
logging("1","","$username"
if ($reg_notify) {
$mailto = "$reg_notify";
$subject = "NOTIFY $mail_msg[0]";
$message = "$mail_msg[8]$username\n$m
$from = "From: $admin_email\r\nReply-to: $admin_email\r\n";
@mail($mailto, $subject, $message, $from);
}
return 2;
}
}
function login ($username, $password) {
global $server,$db_user,$db_pass,
if (!$username || !$password) {
return $error[14];
}
else {
if (!eregi("^[[:alnum:]_-]+$"
return $error[3];
}
if (!eregi("^[[:alnum:]_-]+$"
return $error[7];
}
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$md5password=md5($password
$query = mysql_query("select id from login where username = '$username' and (password = '$password' OR password = '$md5password')");
$result = mysql_num_rows($query);
$query2 = mysql_query("select level from userdata where username = '$username'");
$result2 = mysql_num_rows($query2);
mysql_close();
if ($result < 1) {
logging("1","","$username"
return $error[26]; //Not found
}
else {
list ($id) = mysql_fetch_row($query);
list ($level) = mysql_fetch_row($query2);
$password = md5($password);
$hash = md5($username.$password.$l
$cookietime=$timestamp+(36
setcookie("phpBazar", "$username:$password:$hash
logging("1","","$username"
return 2;
}
}
}
function is_logged () {
global $phpBazar, $secret;
$session_vars = explode(":", $phpBazar);
$hash = md5($session_vars[0].$sess
if ($hash != $session_vars[2]) {
return false;
} else {
if ($session_vars[4]>7) {$moderator=true;} // Moderator Check
return array($session_vars[0], $session_vars[3], $moderator, $session_vars[1]);
}
}
function logout () {
global $cookiepath,$phpBazar;
$session_vars = explode(":", $phpBazar);
setcookie("phpBazar", "", "0", "$cookiepath");
logging("1","","$session_v
}
function edit_retrieve ($id) {
global $admin_email,$url_to_start
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$query = mysql_query("select * from userdata where id = '$id'");
mysql_close();
list ($id, $username, $email, $sex, $newsletter, $level, $votes, $lastvotedate, $ads,
$lastaddate, $firstname, $lastname, $address, $zip, $city, $state, $country,
$phone, $cellphone, $icq, $homepage, $hobbys, $field1, $field2, $field3,
$field4, $field5, $field6, $field7, $field8, $field9, $field10) = mysql_fetch_row($query);
return array($email, $sex, $newsletter, $level, $votes, $lastvotedate, $ads,
$lastaddate, $firstname, $lastname, $address, $zip, $city, $state, $country,
$phone, $cellphone, $icq, $homepage, $hobbys, $field1, $field2, $field3,
$field4, $field5, $field6, $field7, $field8, $field9, $field10);
}
function edit ($id, $sex, $newsletter, $firstname, $lastname, $address, $zip, $city, $state, $country,
$phone, $cellphone, $icq, $homepage, $hobbys, $field1, $field2, $field3, $field4,
$field5, $field6, $field7, $field8, $field9, $field10 ) {
global $gender,$genders,$server,$
# if ($firstname && (!eregi("^[a-z ]+$", $firstname))) {
# return $error[8];
# }
# if ($lastname && (!eregi("^[[:alnum:]_-]+$"
# return $error[8];
# }
if (ereg("[^0-9]", $icq)) {
return $error[10];
}
if ($sex == "") {
return $error[11];
}
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$query = mysql_query("update userdata set sex = '$sex',
newsletter = '$newsletter',
firstname = '$firstname',
lastname = '$lastname',
address = '$address',
zip = '$zip',
city = '$city',
state = '$state',
country = '$country',
phone = '$phone',
cellphone = '$cellphone',
icq = '$icq',
homepage = '$homepage',
hobbys = '$hobbys',
field1 = '$field1',
field2 = '$field2',
field3 = '$field3',
field4 = '$field4',
field5 = '$field5',
field6 = '$field6',
field7 = '$field7',
field8 = '$field8',
field9 = '$field9',
field10 = '$field10'
where id = '$id'");
mysql_close();
logging("1","$id","","AUTH
if (!$query) {
$error[20];
}
return 2;
}
function confirm ($hash, $username) {
global $chat_interface,$chat_enab
$forum_interface,$forum_en
$confirm_mail,$conf_notify
$database,$secret,$error,$
if (!$hash || !$username) {
return $error[14];
}
else {
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$query = mysql_query("select * from confirm where mdhash = '$hash' AND username = '$username'");
$result = mysql_num_rows($query);
if ($result < 1) {
mysql_close();
return $error[15];
}
list($hd,$username,$passwo
$lastname,$address,$zip,$c
$homepage,$hobbys,$field1,
$field7,$field8,$field9,$f
//calculate a possible id-difference, if only login-data will deleted
$result = mysql_query("SELECT * FROM userdata");
$tmpid1 = mysql_num_rows($result);
$result = mysql_query("SELECT * FROM login");
$tmpid2 = mysql_num_rows($result);
if ($tmpid1 != $tmpid2) {
$diff = $tmpid1-$tmpid2;
for ($i = 0; $i < $diff; $i++) {
mysql_query("insert into login (username, password) values ('$timestamp', '$timestamp')");
}
}
// end id-difference
$is_success_first = mysql_query("insert into userdata (username, email, sex,
newsletter, firstname, lastname, address, zip, city, state, country,
phone, cellphone, icq, homepage, hobbys, field1, field2, field3,
field4, field5, field6, field7, field8, field9, field10, registered )
values ('$username', '$email', '$sex',
'$newsletter', '$firstname', '$lastname', '$address', '$zip', '$city', '$state', '$country',
'$phone', '$cellphone', '$icq', '$homepage', '$hobbys', '$field1', '$field2', '$field3',
'$field4', '$field5', '$field6', '$field7', '$field8', '$field9', '$field10', '$timestamp' )") or died(mysql_error());
if ($is_success_first) {
$is_success_second = mysql_query("insert into login (username, password) values ('$username', '$password')");
if ($is_success_second) {
$is_success_third = mysql_query("delete from confirm where username = '$username'");
// only if forum-interface
if ($is_success_second && $forum_database && $forum_enable && $forum_interface) {
include ("$forum_interface");
}
// only if chat-interface
if ($is_success_second && $chat_database && $chat_enable && $chat_interface) {
include ("$chat_interface");
}
}
}
mysql_close();
if (!$is_success_first) {
return $error[16];
}
if (!$is_success_second) {
# Registration Error
return $error[17];
}
if (!$is_success_third) {
# Alert, Purge Account!!!
return 2;
}
logging("1","","$username"
$retval=2;
if ($auto_login) {
$login=$this->login($usern
if ($login!="2") {
$retval="$error[15]";
} else {
$retval=3;
}
}
if ($conf_notify) {
$mailto = "$conf_notify";
$subject = "NOTIFY $mail_msg[0]";
$message = "$mail_msg[8]$username\n$m
$from = "From: $admin_email\r\nReply-to: $admin_email\r\n";
@mail($mailto, $subject, $message, $from);
}
if ($confirm_mail) {
$mailto = "$email";
$subject = "NOTIFY $mail_msg[9]";
$message = "$mail_msg[10]$username\n\
$from = "From: $admin_email\r\nReply-to: $admin_email\r\n";
@mail($mailto, $subject, $message, $from);
}
return $retval;
}
}
function lostpwd ($email) {
global $admin_email,$url_to_start
if (!$email) {
return $error[14];
}
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$query = mysql_query("select login.password, login.username from login, userdata where userdata.email = '$email' and login.id = userdata.id");
$result = mysql_num_rows($query);
mysql_close();
if ($result < 1) {
return $error[19];
}
list($password, $username) = mysql_fetch_row($query);
$confirmurl = ("$url_to_start" . "/confirm.php?hash=" . "$hash" . "&username=" . "$username");
$mailto = "$email";
$subject = "$mail_msg[12]";
$message = "$mail_msg[13]$username\n\
$from = "From: $admin_email\r\nReply-to: $admin_email\r\n";
@mail($mailto, $subject, $message, $from);
logging("1","","$username"
return 2;
}
function chemail ($id, $email, $email2) {
global $admin_email,$url_to_start
if ($email != $email2) {
return $error[14];
}
else {
if (!eregi("^([a-z0-9]+)([._-
return $error[4];
}
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$query = mysql_query("select id from userdata where email = '$email'");
$result = mysql_num_rows($query);
if ($result > 0) {
list($id_from_db) = mysql_fetch_row($query);
if ($id_from_db != $id) {
mysql_close();
return $error[13];
}
return $error[23];
}
$mdhash = substr(md5($id.$email.$sec
$query = mysql_query("insert into confirm_email values ('$id', '$email', '$mdhash', now())");
if (!$query) {
mysql_close();
$error[20];
}
$confirmurl = ("$url_to_start" . "/confirm_email.php?mdhash
$mailto = "$email";
$subject = "$mail_msg[16]";
$message = "$mail_msg[17]\n\n$confirm
$from = "From: $admin_email\r\nReply-to: $admin_email\r\n";
@mail($mailto, $subject, $message, $from);
logging("1","$id","","AUTH
return 2;
}
}
function confirm_email($id, $email, $mdhash) {
global $server,$db_user,$db_pass,
if (!$id || !$email || !$mdhash) {
return $error[14];
}
else {
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$query = mysql_query("select * from confirm_email where id = '$id' AND email = '$email' AND mdhash = '$mdhash'");
$result = mysql_num_rows($query);
if ($result < 1) {
mysql_close();
return $error[15];
}
$update = mysql_query("update userdata set email = '$email' where id = '$id'");
$delete = mysql_query("delete from confirm_email where email = '$email'");
mysql_close();
logging("1","$id","","AUTH
return 2;
}
}
function confirm_ad($id, $hash) {
global $server,$db_user,$db_pass,
if (!$id || !$hash) {
return $error[14];
}
else {
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$query = mysql_query("select * from ads where id = '$id' AND timeoutnotify = '$hash'");
$result = mysql_num_rows($query);
if ($result < 1) {
mysql_close();
return $error[15];
}
$update = mysql_query("update ads set timeoutnotify = '',timeoutdays = timeoutdays+$timeoutconfir
mysql_close();
return 2;
}
}
function chpass ($id, $password, $password2) {
global $server,$db_user,$db_pass,
if ($password != $password2) {
return $error[0];
}
else {
if (strlen($password) < 3) {
return $error[5];
}
if (strlen($password) > 20) {
return $error[6];
}
if (!ereg("^[[:alnum:]_-]+$",
return $error[7];
}
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$query = mysql_query("update login set password = '$password' where id = '$id'");
mysql_close();
if (!$query) {
return $error[21];
}
logging("1","$id","","AUTH
return 2;
}
}
function delete($id) {
global $server,$db_user,$db_pass,
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$delstring="deleted_".$tim
if ($really_del_memb) { //if set really delete it
$query = mysql_query("update ads set deleted='1' where userid = '$id'");
$query = mysql_query("delete from login where id = '$id'");
$query = mysql_query("delete from userdata where id = '$id'");
} else { // or only overwrite the password :-) better
$query = mysql_query("update ads set deleted='1' where userid = '$id'");
$query = mysql_query("update login set password='$delstring' where id = '$id'");
}
mysql_close();
logging("1","$id","","AUTH
return 2;
}
}
$authlib = new authlib;
?>
##########################
#
# project : phpBazar
# filename : index.php
# purpose : Index (Start) File
#
##########################
# Include Configs & Variables
##########################
require ("library.php");
# The Head-Section
##########################
include ($HEADER);
# The Main-Section
##########################
#echo"<p> \n";
echo" <table align=\"center\" border=\"0\" cellspacing=\"0\" cellpadding=\"1\" width=\"$wel_table_width\"
echo" <tr>\n";
echo" <td class=\"class1\">\n";
echo" <table align=\"center\" border=\"0\" cellspacing=\"0\" cellpadding=\"10\" width=\"100%\">\n";
echo" <tr>\n";
echo" <td class=\"class2\">\n";
include ("$language_dir/welcome.in
echo" </td>\n";
echo" </tr>\n";
echo" </table>\n";
echo" </td>\n";
echo" </tr>\n";
echo" </table>\n";
# The Foot-Section
##########################
include ($FOOTER);
# Browser Detection
##########################
#include ("$language_dir/browser.in
?>
That was the index.php now here is library.php
<?
##########################
#
# project : phpBazar
# filename : library.php
# purpose : Library File
#
##########################
# Include Configs & Variables
##########################
require("config.php");
if ($HTTP_COOKIE_VARS["Langua
$language_user=$HTTP_COOKI
}
$language_dir=$languagebas
if (!is_file("$language_dir/v
require("$language_dir/var
if (is_file("sales.php")) {
include ("sales.php");
require("$language_dir/sal
}
list($USERNAME)=explode(":
if (!strstr("$PHP_SELF","fram
mysql_connect($server, $db_user, $db_pass);
mysql_db_query($database, "INSERT INTO useronline VALUES ('$timestamp','$ip','$PHP_
mysql_close();
}
##########################
# Functions
##########################
function died($message) { //when we die, than with a nice window ;-)
if(!$message) {
$message = "There was an unknown error !";
}
$errormessage=rawurlencode
echo "<script language=\"JavaScript\">
history.back(1);
var winl = (screen.width - 300) / 2;
var wint = (screen.height - 150) / 2;
window.open(\"message.php?
</script>\n";
exit;
}
function memberfield($signup,$field
global $database,$server,$db_user
,$ad_no,$ad_yes;
$retval=false;
mysql_connect($server, $db_user, $db_pass);
$result=mysql_db_query($da
$field=mysql_fetch_array($
if ($field[value]=="yes" && ($signup=="0" || ($signup=="1" && $field[value2]=="yes") || ($signup=="2" && $field[value5]=="yes")) ) { // if enabled
if ($signup=="2") {
// show Memberdetails
if ($field[value3]!="checkbox
if ($fieldname=="homepage") {
if ($value && substr($value,0,7)!="http://") {$value="http://".$value;}
$retval="
<tr>
<td class=\"gbtable2\"><div class=\"maininputleft\">$n
<td class=\"gbtable2\"><div class=\"maininputright\"><
</tr>
";
} else {
$retval="
<tr>
<td class=\"gbtable2\"><div class=\"maininputleft\">$n
<td class=\"gbtable2\"><div class=\"maininputright\">"
</tr>
";
}
} else {
$retval="
<tr>
<td class=\"gbtable2\"><div class=\"maininputleft\">$n
";
if ($value) {
$retval.="
<td class=\"gbtable2\"><img src=\"$image_dir/icons/che
onmouseover=\"window.statu
onmouseout=\"window.status
} else {
$retval.="
<td class=\"gbtable2\"><img src=\"$image_dir/icons/sig
onmouseover=\"window.statu
onmouseout=\"window.status
}
$retval.="
</tr>";
}
} else {
// signup
if (($signup=="1" || $signup=="0") && $field[value5]=="yes") {$publicinfo="$memb_newpub
if ($field[value3]=="text" || $field[value3]=="") {
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><input type=text name=\"$field[name]\" value=\"".htmlspecialchars
</tr>
";
} elseif ($field[value3]=="url") {
if (!$value) {$value="http://";} elseif ($value && substr($value,0,7)!="http://") {$value="http://".$value;}
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><input type=text name=\"$field[name]\" value=\"".htmlspecialchars
</tr>
";
} elseif ($field[value3]=="select")
if (!$value) {
$optionstr.="<option value=\"\">--------</optio
}
if (is_file("./$language_dir/
$filename = "./$language_dir/$field[va
$fd = fopen ($filename, "r");
$optionstr.= str_replace("\"$value\"","
fclose ($fd);
} else {
$options=explode("|",$fiel
for ($i=0; $i<count($options); $i++) {
if (!$signup && $options[$i]=="$value") {$selected="SELECTED";} else {$selected="";}
$optionstr.="<option value=\"".htmlspecialchars
}
}
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><select name=\"$field[name]\">
$optionstr
</select></td>
</tr>
";
} elseif ($field[value3]=="checkbox
if ($signup && $field[value4]) $checked="CHECKED";
if (!$signup && $value) $checked="CHECKED";
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><input type=checkbox name=\"$field[name]\" $checked></td>
</tr>
";
}
}
}
mysql_close();
return $retval;
}
function adfield($cat,$fieldname,$n
global $database,$server,$db_user
$retval=false;
$result=mysql_db_query($da
$field=mysql_fetch_array($
if ($field[value2]=="yes") { // if enabled
if ($field[value3]=="text" || $field[value3]=="url" || $field[value3]=="") {
if (!$value) {$value=$field[value4];}
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><input type=text name=\"in[$field[name]]\" value=\"".htmlspecialchars
</tr>
";
if ($field[value3]=="url") {$retval.="<!--url-->";}
} elseif ($field[value3]=="select")
if (!$value) {
$optionstr.="<option value=\"\">--------</optio
}
if (is_file("./$language_dir/
$filename = "./$language_dir/$field[va
$fd = fopen ($filename, "r");
$optionstr.= str_replace("\"$value\"","
fclose ($fd);
} else {
$options=explode("|",$fiel
for ($i=0; $i<count($options); $i++) {
if (!$signup && $options[$i]=="$value") {$selected="SELECTED";} else {$selected="";}
$optionstr.="<option value=\"".htmlspecialchars
}
}
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><select name=\"in[$field[name]]\">
$optionstr
</select> $field[value5] </td>
</tr>
";
} elseif ($field[value3]=="checkbox
if ($signup && $field[value4]) $checked="CHECKED";
if (!$signup && $value) $checked="CHECKED";
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><input type=checkbox name=\"in[$field[name]]\" $checked></td>
</tr>
";
}
}
return $retval;
}
function adfieldunit($cat,$fieldnam
global $database;
$retval=false;
$result=mysql_db_query($da
$field=mysql_fetch_array($
if ($field[value5]) {$retval=$field[value5];}
return $retval;
}
function searchfield($cat,$fieldnam
global $database,$server,$db_user
$retval=false;
$result=mysql_db_query($da
$field=mysql_fetch_array($
if ($field[value2]=="yes" && $field[value6]!="no") { // if enabled
if ($field[value3]=="text" || $field[value3]=="") {
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><input type=\"text\" name=\"in[$field[name]]\" value=\"".htmlspecialchars
</tr>
";
} elseif ($field[value3]=="select")
if (!$value) {
$optionstr="<option value=\"\">--------</optio
}
if (is_file("./$language_dir/
$filename = "./$language_dir/$field[va
$fd = fopen ($filename, "r");
$optionstr.= str_replace("\"$value\"","
fclose ($fd);
} else {
$options=explode("|",$fiel
for ($i=0; $i<count($options); $i++) {
if (!$signup && $options[$i]=="$value") {$selected="SELECTED";} else {$selected="";}
$optionstr.="<option value=\"".htmlspecialchars
}
}
if ($field[value6]=="minmax")
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><select name=\"in[$field[name]]\">
$optionstr
</select> - <select name=\"in2[$field[name]]\"
$optionstr
</select> $field[value5] </td>
</tr>
";
} else {
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><select name=\"in[$field[name]]\">
$optionstr
</select> $field[value5] </td>
</tr>
";
}
} elseif ($field[value3]=="checkbox
if ($signup && $field[value4]) $checked="CHECKED";
if (!$signup && $value) $checked="CHECKED";
$retval="
<tr>
<td><div class=\"maininputleft\">$n
<td><input type=checkbox name=\"in[$field[name]]\" $checked></td>
</tr>
";
}
}
return $retval;
}
function logging($db,$uid,$username
global $logging_enable,$database,
if ($logging_enable) {
if ($db) {mysql_connect($server, $db_user, $db_pass);}
mysql_db_query($database, "INSERT INTO logging (timestamp,userid,username
VALUES ('$timestamp','$uid','$use
if ($db) {mysql_close();}
}
}
function getfile($filename) {
$fd = fopen ($filename, "r");
$contents = fread ($fd, filesize ($filename));
fclose ($fd);
return $contents;
}
function addslashesnew($string) {
if (get_magic_quotes_gpc()==1
return $string;
} else {
return addslashes($string);
}
}
function suppr($file) {
$delete = @unlink($file);
if (@file_exists($file)) {
$filesys = eregi_replace("/","\\",$fi
$delete = @system("del $filesys");
if (@file_exists($file)) {
$delete = @chmod ($file, 0775);
$delete = @unlink($file);
$delete = @system("del $filesys");
}
}
}
function dateToTime($date) { //input Format 2000-11-24, output Format: Unixtimestamp
list($y,$m,$d)=explode("-"
return mktime(0,0,0,$m,$d,$y);
}
function dateToStr($date) { //input Format 2000-11-24, output
global $dateformat;
if ($date!="0000-00-00 00:00:00") {
$temp=explode(" ",$date);
list($y,$m,$d)=explode("-"
list($hh,$mm,$ss)=explode(
return date($dateformat,mktime($h
}
}
function str_repeats($input, $mult) { //str_repeat() - replacement (backward-comp.)
$ret = "";
while ($mult > 0) {
$ret .= $input;
$mult --;
}
return $ret;
}
function isbanned($userid) {
global $ip,$database;
$ban_query = mysql_db_query($database, "SELECT * FROM banned_ips") or died("Database Query Error");
while ($ips = mysql_fetch_row($ban_query
if ($ips["0"] == $ip) {
return 1;
exit;
}
}
if ($userid) { // if $userid is empty IGNORE user_banned_check
$ban_query2 = mysql_db_query($database, "SELECT * FROM banned_users") or died("Database Query Error");
while ($users = mysql_fetch_row($ban_query
if ($users["0"] == $userid) {
return 1;
exit;
}
}
}
return 0;
}
function encode_msg ($msg) {
global $image_dir,$database;
if ($msg) {
$msg = addslashesnew($msg); // Add SQL compatibilty
$msg = str_replace("\n", "<BR>", $msg); // Replace newline with <br>
$result = mysql_db_query($database, "SELECT * FROM smilies") or died("Query Error");
while ($db = mysql_fetch_array($result)
$msg = str_replace($db[code], "<img src=".$image_dir."/smilies
}
}
return $msg;
}
function decode_msg ($msg) {
global $image_dir,$database;
if ($msg) {
# $msg = stripslashes($msg); // Remove SQL compatibilty
$msg = str_replace("<BR>", "\n", $msg); // Replace newline with <br>
$result = mysql_db_query($database, "SELECT * FROM smilies") or died("Query Error");
while ($db = mysql_fetch_array($result)
$msg = str_replace("<img src=".$image_dir."/smilies
}
}
return $msg;
}
function wordwrap_msg($msg, $maxwordlen=40) { // Looooooong String Break
$eachword = explode(" " , eregi_replace("<BR>"," ",$msg)); // temp remove <BR>
for ($i=0; $i<count($eachword); $i++) {
if (strlen($eachword[$i])>$ma
$msg = eregi_replace($eachword[$i
}
}
return $msg;
}
function badwords ($msg,$mod) {
global $database;
$msg=wordwrap_msg($msg);
$eachword = explode(" " , eregi_replace("<BR>"," ",$msg)); // temp remove <BR>
$result = mysql_db_query($database, "SELECT * FROM badwords") or died("Query Error");
while ($db = mysql_fetch_array($result)
for ($i=0; $i<count($eachword); $i++) {
if (is_int(strpos($eachword[$
if ($mod) {
$msg = eregi_replace($eachword[$i
} else {
$msg = eregi_replace($eachword[$i
}
}
}
}
return $msg;
}
function badwordsmail ($msg) {
global $database;
$eachword = explode(" ",$msg);
$result = mysql_db_query($database, "SELECT * FROM badwords") or died("Query Error");
while ($db = mysql_fetch_array($result)
for ($i=0; $i<count($eachword); $i++) {
if (is_int(strpos($eachword[$
$msg = eregi_replace($eachword[$i
}
}
}
return stripslashes($msg);
}
function strip_array ($in) { //foreach()-Replacement !!!
reset($in);
while ($array=each($in)) {
$ckey=$array['key'];
$cvalue=$array['value'];
$cvalue = str_replace("'", "''", $cvalue);
$cvalue = stripslashes($cvalue);
$cvalue = strip_tags($cvalue);
$out[$ckey] = $cvalue;
}
return $out;
}
function open_sales_window($value="
echo "<script language=javascript>
window.open(\"sales_buy.ph
location.replace('classifi
</script>";
}
function ico_email($value,$align="l
global $sales_lang_noaccess,$ad_s
if (!$value) {
echo "<a href=\"sales_buy.php\"
onClick='enterWindow=windo
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/ema
</a>\n";
} else {
echo "<a href=\"sendmail.php?$value
onClick='enterWindow=windo
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/ema
}
}
function ico_icq($value,$align="lef
global $sales_lang_noaccess,$ad_i
if (!$value) {
echo "<a href=\"sales_buy.php\"
onClick='enterWindow=windo
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/icq
</a>\n";
} else {
echo "<a href=\"http://wwp.icq.com/".$value."\" target=\"_blank\"
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/icq
}
}
function ico_url($value,$align="lef
global $sales_lang_noaccess,$ad_g
if (!$value) {
echo "<a href=\"sales_buy.php\"
onClick='enterWindow=windo
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/hom
</a>\n";
} else {
echo "<a href=\"$value\" target=\"_blank\"
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/hom
}
}
function ico_friend($value,$align="
global $ad_sendlink,$image_dir;
echo " <a href=\"sendmail.php?value\
onClick='enterWindow=windo
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/lig
}
function ico_print($value,$align="l
global $ad_print,$image_dir;
echo " <a href=\"javascript:window.p
onClick='javascript:window
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/pri
}
function ico_favorits($value,$align
global $ad_favorits,$image_dir;
echo " <a href=\"favorits.php?$value
onClick='enterWindow=windo
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/che
}
function ico_adrating($value,$align
global $ad_rating,$image_dir;
echo " <a href=\"adrating.php?$value
onClick='enterWindow=windo
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/han
}
function ico_info($value,$align="le
global $ad_member,$image_dir;
echo " <a href=\"members.php?$value\
onmouseover=\"window.statu
onmouseout=\"window.status
<img src=\"$image_dir/icons/inf
}
# Classes
##########################
class authlib {
function register ($username, $password, $password2, $email, $sex, $acceptterms ,
$newsletter, $firstname, $lastname, $address, $zip, $city, $state, $country,
$phone, $cellphone, $icq, $homepage, $hobbys, $field1, $field2, $field3,
$field4, $field5, $field6, $field7, $field8, $field9, $field10 ) {
global $chat_interface,$chat_enab
$forum_interface,$forum_en
$gender,$genders,$admin_em
$database,$secret,$error,$
if (!$username || !$password || !$password2 || !$email || !$acceptterms) {
return $error[14];
} else {
if (!eregi("^[a-z0-9]+([_\\.-
# if (!eregi("^([a-z0-9]+)(([a-
return $error[4];
}
if ($sex == "") {
return $error[11];
}
if (strlen($username) < 3) {
return $error[1];
}
if (strlen($username) > 20) {
return $error[2];
}
if (!ereg("^[[:alnum:]_-]+$",
return $error[3];
}
if ($password != $password2) {
return $error[0];
}
if (strlen($password) < 3) {
return $error[5];
}
if (strlen($password) > 20) {
return $error[6];
}
if (!ereg("^[[:alnum:]_-]+$",
return $error[7];
}
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$query = mysql_query("select id from login where username = '$username'");
$result = mysql_num_rows($query);
if ($result > 0) {
mysql_close();
return $error[12];
}
$query = mysql_query("select id from userdata where email = '$email'");
$result = mysql_num_rows($query);
if ($result > 0) {
mysql_close();
return $error[13];
}
if ($no_confirmation) {
$is_success_first = mysql_query("insert into userdata (username, email, sex,
newsletter, firstname, lastname, address, zip, city, state, country,
phone, cellphone, icq, homepage, hobbys, field1, field2, field3,
field4, field5, field6, field7, field8, field9, field10, registered )
values ('$username', '$email', '$sex',
'$newsletter', '$firstname', '$lastname', '$address', '$zip', '$city', '$state', '$country',
'$phone', '$cellphone', '$icq', '$homepage', '$hobbys', '$field1', '$field2', '$field3',
'$field4', '$field5', '$field6', '$field7', '$field8', '$field9', '$field10', '$timestamp' )") or died(mysql_error());
if ($is_success_first) {
$is_success_second = mysql_query("insert into login (username, password) values ('$username', '$password')");
if ($is_success_second) {
// only if forum-interface
if ($is_success_second && $forum_database && $forum_enable && $forum_interface) {
include ("$forum_interface");
}
// only if chat-interface
if ($is_success_second && $chat_database && $chat_enable && $chat_interface) {
include ("$chat_interface");
}
}
}
$mailto = "$email";
$subject = "$mail_msg[0]";
$message = "$mail_msg[1]$username\n\n
$from = "From: $admin_email\r\nReply-to: $admin_email\r\n";
@mail($mailto, $subject, $message, $from);
if ($auto_login) {
$login=$this->login($usern
if ($login!="2") {
$retval="$error[15]";
} else {
$retval=3;
}
}
} else {
$hash = substr(md5($secret.$userna
$is_success = mysql_query("insert into confirm values
('$hash', '$username', '$password', '$email', '$sex', now(),
'$newsletter', '$firstname', '$lastname', '$address', '$zip', '$city', '$state',
'$country', '$phone', '$cellphone', '$icq', '$homepage', '$hobbys', '$field1',
'$field2', '$field3', '$field4', '$field5', '$field6', '$field7', '$field8',
'$field9', '$field10')") or died(mysql_error());
mysql_close();
if (!$is_success) {
return $error[16];
}
$confirmurl = ("$url_to_start" . "/confirm.php?hash=" . "$hash" . "&nick=" . "$username");
$aolconfirmurl = ("AOL: <A HREF=\" $url_to_start" . "/confirm.php?hash=" . "$hash" . "&nick=" . "$username \">CLICK HERE</A>");
$mailto = "$email";
$subject = "$mail_msg[0]";
if (strstr($mailto,"aol")) { // For AOL-Users
$message = "$mail_msg[1]$username\n\n
} else {
$message = "$mail_msg[1]$username\n\n
}
$from = "From: $admin_email\r\nReply-to: $admin_email\r\n";
@mail($mailto, $subject, $message, $from);
}
logging("1","","$username"
if ($reg_notify) {
$mailto = "$reg_notify";
$subject = "NOTIFY $mail_msg[0]";
$message = "$mail_msg[8]$username\n$m
$from = "From: $admin_email\r\nReply-to: $admin_email\r\n";
@mail($mailto, $subject, $message, $from);
}
return 2;
}
}
function login ($username, $password) {
global $server,$db_user,$db_pass,
if (!$username || !$password) {
return $error[14];
}
else {
if (!eregi("^[[:alnum:]_-]+$"
return $error[3];
}
if (!eregi("^[[:alnum:]_-]+$"
return $error[7];
}
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$md5password=md5($password
$query = mysql_query("select id from login where username = '$username' and (password = '$password' OR password = '$md5password')");
$result = mysql_num_rows($query);
$query2 = mysql_query("select level from userdata where username = '$username'");
$result2 = mysql_num_rows($query2);
mysql_close();
if ($result < 1) {
logging("1","","$username"
return $error[26]; //Not found
}
else {
list ($id) = mysql_fetch_row($query);
list ($level) = mysql_fetch_row($query2);
$password = md5($password);
$hash = md5($username.$password.$l
$cookietime=$timestamp+(36
setcookie("phpBazar", "$username:$password:$hash
logging("1","","$username"
return 2;
}
}
}
function is_logged () {
global $phpBazar, $secret;
$session_vars = explode(":", $phpBazar);
$hash = md5($session_vars[0].$sess
if ($hash != $session_vars[2]) {
return false;
} else {
if ($session_vars[4]>7) {$moderator=true;} // Moderator Check
return array($session_vars[0], $session_vars[3], $moderator, $session_vars[1]);
}
}
function logout () {
global $cookiepath,$phpBazar;
$session_vars = explode(":", $phpBazar);
setcookie("phpBazar", "", "0", "$cookiepath");
logging("1","","$session_v
}
function edit_retrieve ($id) {
global $admin_email,$url_to_start
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$query = mysql_query("select * from userdata where id = '$id'");
mysql_close();
list ($id, $username, $email, $sex, $newsletter, $level, $votes, $lastvotedate, $ads,
$lastaddate, $firstname, $lastname, $address, $zip, $city, $state, $country,
$phone, $cellphone, $icq, $homepage, $hobbys, $field1, $field2, $field3,
$field4, $field5, $field6, $field7, $field8, $field9, $field10) = mysql_fetch_row($query);
return array($email, $sex, $newsletter, $level, $votes, $lastvotedate, $ads,
$lastaddate, $firstname, $lastname, $address, $zip, $city, $state, $country,
$phone, $cellphone, $icq, $homepage, $hobbys, $field1, $field2, $field3,
$field4, $field5, $field6, $field7, $field8, $field9, $field10);
}
function edit ($id, $sex, $newsletter, $firstname, $lastname, $address, $zip, $city, $state, $country,
$phone, $cellphone, $icq, $homepage, $hobbys, $field1, $field2, $field3, $field4,
$field5, $field6, $field7, $field8, $field9, $field10 ) {
global $gender,$genders,$server,$
# if ($firstname && (!eregi("^[a-z ]+$", $firstname))) {
# return $error[8];
# }
# if ($lastname && (!eregi("^[[:alnum:]_-]+$"
# return $error[8];
# }
if (ereg("[^0-9]", $icq)) {
return $error[10];
}
if ($sex == "") {
return $error[11];
}
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$query = mysql_query("update userdata set sex = '$sex',
newsletter = '$newsletter',
firstname = '$firstname',
lastname = '$lastname',
address = '$address',
zip = '$zip',
city = '$city',
state = '$state',
country = '$country',
phone = '$phone',
cellphone = '$cellphone',
icq = '$icq',
homepage = '$homepage',
hobbys = '$hobbys',
field1 = '$field1',
field2 = '$field2',
field3 = '$field3',
field4 = '$field4',
field5 = '$field5',
field6 = '$field6',
field7 = '$field7',
field8 = '$field8',
field9 = '$field9',
field10 = '$field10'
where id = '$id'");
mysql_close();
logging("1","$id","","AUTH
if (!$query) {
$error[20];
}
return 2;
}
function confirm ($hash, $username) {
global $chat_interface,$chat_enab
$forum_interface,$forum_en
$confirm_mail,$conf_notify
$database,$secret,$error,$
if (!$hash || !$username) {
return $error[14];
}
else {
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$query = mysql_query("select * from confirm where mdhash = '$hash' AND username = '$username'");
$result = mysql_num_rows($query);
if ($result < 1) {
mysql_close();
return $error[15];
}
list($hd,$username,$passwo
$lastname,$address,$zip,$c
$homepage,$hobbys,$field1,
$field7,$field8,$field9,$f
//calculate a possible id-difference, if only login-data will deleted
$result = mysql_query("SELECT * FROM userdata");
$tmpid1 = mysql_num_rows($result);
$result = mysql_query("SELECT * FROM login");
$tmpid2 = mysql_num_rows($result);
if ($tmpid1 != $tmpid2) {
$diff = $tmpid1-$tmpid2;
for ($i = 0; $i < $diff; $i++) {
mysql_query("insert into login (username, password) values ('$timestamp', '$timestamp')");
}
}
// end id-difference
$is_success_first = mysql_query("insert into userdata (username, email, sex,
newsletter, firstname, lastname, address, zip, city, state, country,
phone, cellphone, icq, homepage, hobbys, field1, field2, field3,
field4, field5, field6, field7, field8, field9, field10, registered )
values ('$username', '$email', '$sex',
'$newsletter', '$firstname', '$lastname', '$address', '$zip', '$city', '$state', '$country',
'$phone', '$cellphone', '$icq', '$homepage', '$hobbys', '$field1', '$field2', '$field3',
'$field4', '$field5', '$field6', '$field7', '$field8', '$field9', '$field10', '$timestamp' )") or died(mysql_error());
if ($is_success_first) {
$is_success_second = mysql_query("insert into login (username, password) values ('$username', '$password')");
if ($is_success_second) {
$is_success_third = mysql_query("delete from confirm where username = '$username'");
// only if forum-interface
if ($is_success_second && $forum_database && $forum_enable && $forum_interface) {
include ("$forum_interface");
}
// only if chat-interface
if ($is_success_second && $chat_database && $chat_enable && $chat_interface) {
include ("$chat_interface");
}
}
}
mysql_close();
if (!$is_success_first) {
return $error[16];
}
if (!$is_success_second) {
# Registration Error
return $error[17];
}
if (!$is_success_third) {
# Alert, Purge Account!!!
return 2;
}
logging("1","","$username"
$retval=2;
if ($auto_login) {
$login=$this->login($usern
if ($login!="2") {
$retval="$error[15]";
} else {
$retval=3;
}
}
if ($conf_notify) {
$mailto = "$conf_notify";
$subject = "NOTIFY $mail_msg[0]";
$message = "$mail_msg[8]$username\n$m
$from = "From: $admin_email\r\nReply-to: $admin_email\r\n";
@mail($mailto, $subject, $message, $from);
}
if ($confirm_mail) {
$mailto = "$email";
$subject = "NOTIFY $mail_msg[9]";
$message = "$mail_msg[10]$username\n\
$from = "From: $admin_email\r\nReply-to: $admin_email\r\n";
@mail($mailto, $subject, $message, $from);
}
return $retval;
}
}
function lostpwd ($email) {
global $admin_email,$url_to_start
if (!$email) {
return $error[14];
}
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$query = mysql_query("select login.password, login.username from login, userdata where userdata.email = '$email' and login.id = userdata.id");
$result = mysql_num_rows($query);
mysql_close();
if ($result < 1) {
return $error[19];
}
list($password, $username) = mysql_fetch_row($query);
$confirmurl = ("$url_to_start" . "/confirm.php?hash=" . "$hash" . "&username=" . "$username");
$mailto = "$email";
$subject = "$mail_msg[12]";
$message = "$mail_msg[13]$username\n\
$from = "From: $admin_email\r\nReply-to: $admin_email\r\n";
@mail($mailto, $subject, $message, $from);
logging("1","","$username"
return 2;
}
function chemail ($id, $email, $email2) {
global $admin_email,$url_to_start
if ($email != $email2) {
return $error[14];
}
else {
if (!eregi("^([a-z0-9]+)([._-
return $error[4];
}
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$query = mysql_query("select id from userdata where email = '$email'");
$result = mysql_num_rows($query);
if ($result > 0) {
list($id_from_db) = mysql_fetch_row($query);
if ($id_from_db != $id) {
mysql_close();
return $error[13];
}
return $error[23];
}
$mdhash = substr(md5($id.$email.$sec
$query = mysql_query("insert into confirm_email values ('$id', '$email', '$mdhash', now())");
if (!$query) {
mysql_close();
$error[20];
}
$confirmurl = ("$url_to_start" . "/confirm_email.php?mdhash
$mailto = "$email";
$subject = "$mail_msg[16]";
$message = "$mail_msg[17]\n\n$confirm
$from = "From: $admin_email\r\nReply-to: $admin_email\r\n";
@mail($mailto, $subject, $message, $from);
logging("1","$id","","AUTH
return 2;
}
}
function confirm_email($id, $email, $mdhash) {
global $server,$db_user,$db_pass,
if (!$id || !$email || !$mdhash) {
return $error[14];
}
else {
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$query = mysql_query("select * from confirm_email where id = '$id' AND email = '$email' AND mdhash = '$mdhash'");
$result = mysql_num_rows($query);
if ($result < 1) {
mysql_close();
return $error[15];
}
$update = mysql_query("update userdata set email = '$email' where id = '$id'");
$delete = mysql_query("delete from confirm_email where email = '$email'");
mysql_close();
logging("1","$id","","AUTH
return 2;
}
}
function confirm_ad($id, $hash) {
global $server,$db_user,$db_pass,
if (!$id || !$hash) {
return $error[14];
}
else {
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$query = mysql_query("select * from ads where id = '$id' AND timeoutnotify = '$hash'");
$result = mysql_num_rows($query);
if ($result < 1) {
mysql_close();
return $error[15];
}
$update = mysql_query("update ads set timeoutnotify = '',timeoutdays = timeoutdays+$timeoutconfir
mysql_close();
return 2;
}
}
function chpass ($id, $password, $password2) {
global $server,$db_user,$db_pass,
if ($password != $password2) {
return $error[0];
}
else {
if (strlen($password) < 3) {
return $error[5];
}
if (strlen($password) > 20) {
return $error[6];
}
if (!ereg("^[[:alnum:]_-]+$",
return $error[7];
}
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$query = mysql_query("update login set password = '$password' where id = '$id'");
mysql_close();
if (!$query) {
return $error[21];
}
logging("1","$id","","AUTH
return 2;
}
}
function delete($id) {
global $server,$db_user,$db_pass,
mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database)
$delstring="deleted_".$tim
if ($really_del_memb) { //if set really delete it
$query = mysql_query("update ads set deleted='1' where userid = '$id'");
$query = mysql_query("delete from login where id = '$id'");
$query = mysql_query("delete from userdata where id = '$id'");
} else { // or only overwrite the password :-) better
$query = mysql_query("update ads set deleted='1' where userid = '$id'");
$query = mysql_query("update login set password='$delstring' where id = '$id'");
}
mysql_close();
logging("1","$id","","AUTH
return 2;
}
}
$authlib = new authlib;
?>
the code is a bit old isnt it?
$HTTP_COOKIE_VARS and $PHP_SELF? I'm usinf PHP4 and these have changed to $_COOKIE and $_SERVER['PHP_SELF'], I'm not sure about the cookies but $php_self definately doesnt work any more.
$HTTP_COOKIE_VARS and $PHP_SELF? I'm usinf PHP4 and these have changed to $_COOKIE and $_SERVER['PHP_SELF'], I'm not sure about the cookies but $php_self definately doesnt work any more.
also try changing mysql_db_query(....) calls to mysql_query(...) calls
the code is indeed old... because mysql_db_query(...) has been deprecated since PHP 4.0.6
the code is indeed old... because mysql_db_query(...) has been deprecated since PHP 4.0.6
$PHP_SELF certainly does still work. I am on 4.2.X and I use it all the time.
Alan
Alan
I've got php 4.3.4, which I had to upgrade to because of email with attachments not working properly with windows, and $PHP_SELF doesnt work on that.
So since it has been dropped on this version at least, your code will not cease to work when php it is upgraded.(unless you switch globals on)
QUOTE: www.php.net
Perhaps the most controversial change in PHP is when the default value for the PHP directive register_globals went from ON to OFF in PHP 4.2.0.
Since PHP 4.1.0, superglobal arrays such as $_GET , $_POST, and $_SERVER, etc
So since it has been dropped on this version at least, your code will not cease to work when php it is upgraded.(unless you switch globals on)
QUOTE: www.php.net
Perhaps the most controversial change in PHP is when the default value for the PHP directive register_globals went from ON to OFF in PHP 4.2.0.
Since PHP 4.1.0, superglobal arrays such as $_GET , $_POST, and $_SERVER, etc
I am also on 4.3.4 although mine is unix. Perhaps we do have globals turned on because $PHP_SELF still works for me.
Alan
Alan
Oooo! bad security risk, What variable to you use to keep track of valid sessions? I'll just add this into the url and I'll have direct access to areas only accessible to people who log in.
<I had second thoughts about putting an example here as I dont want people to start cracking peoples websites>
<I had second thoughts about putting an example here as I dont want people to start cracking peoples websites>
Check your config.php, from the second notice of your thread, it seems your library.php can get the variable $languagebase_dir.
So it makes $language_dir wrong too. It leads to the fatal error to open the "variables.php" file:
"Fatal error: main(): Failed opening required '//variables.php' "
So it makes $language_dir wrong too. It leads to the fatal error to open the "variables.php" file:
"Fatal error: main(): Failed opening required '//variables.php' "
you need to declare all variables in the php version u are using => either pick another version, or declare the variables (var thing;), or find if there is a configuration option to prevent this mess (i don't think there is but needs to be checked)
why on earth do you have such a big complicated, and fairly deprecated code (if not completely) if you are a novice user ?
why on earth do you have such a big complicated, and fairly deprecated code (if not completely) if you are a novice user ?
ASKER
Yes, I am a novice user. You know I am probbly going to guve up in this question as I should probably know more about php before posting. Well I will give my points to whoever thinks they deserve it most I guess. How would I go about giving the points to all of you?
Sorry, it was my typo, it should be "can't" but not "can" in my last thread:
"it seems your library.php can't get the variable "
I think you must be using other people's php codes or download some package to install? Maybe you can ask for other similar php package to replace yours.
"it seems your library.php can't get the variable "
I think you must be using other people's php codes or download some package to install? Maybe you can ask for other similar php package to replace yours.
hi master, forget about those points.
if u are ready to script this by yourself and if you can explain exactly what you need, i'll be delighted to point out the usefull pages, how-to's and functions that could help you... at least those i know of...
in this case, i guess nobody around will be that much interested so you may jsut try alexb_orgAThotmailDOTcom
if u are ready to script this by yourself and if you can explain exactly what you need, i'll be delighted to point out the usefull pages, how-to's and functions that could help you... at least those i know of...
in this case, i guess nobody around will be that much interested so you may jsut try alexb_orgAThotmailDOTcom
skullnobrains: hei! are you allowed to post your e-mail address? I guess not, but you could at least play fair
power_wong: have you made your first steps to php? if you're in trouble, here's a tip for you: if you ask more specific questions, you will receive more specific answers; all you need to do is try
power_wong: have you made your first steps to php? if you're in trouble, here's a tip for you: if you ask more specific questions, you will receive more specific answers; all you need to do is try
The rule said email is allowed to be shown in profile, not sure about in the thread.
I don't understand what you mean, cj, I am helping The_Master_Chief to solve the problem of "Fatal error: main(): Failed opening required '//variables.php' " but not in trouble or asking question.
???
I don't understand what you mean, cj, I am helping The_Master_Chief to solve the problem of "Fatal error: main(): Failed opening required '//variables.php' " but not in trouble or asking question.
???
sorry for not scrolling up correctly nad seeing a different ID :-&
I do hope you'll forgive me
I do hope you'll forgive me
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
alan wrote
<< As for your problem, most of those messages are simply saying that some of the variables you are using aren't being properly initialized. >>
nice to see somebody else notices though the reason you invoke is different and may be the correct one.
that's constructive at least
Comment from gicutza_cj
skullnobrains: hei! are you allowed to post your e-mail address? I guess not, but you could at least play fair
1) check before you flame !!!
as far as i read, it is not forbidden and i don't really see why it should be since i'm the one to expose my own email to spammers and some silly people.
if it is let me know(moderator), accept my excuses(the thread) and i won't do it more.
2) what the hell are u talking about playing fair ?
i'm NOT PLAYING, i am just simply trying to help. if you want my points, tell the moderator you can have them as long as you leave me alone from now on.
3) the reason for which i did put my email in is written black on white and i don't think anybody around would be very interested by a series of tips for newbies and adapted to master's needs. if you are, send a mail.
4) this is master's thread and as allan pointed out you're not being much help flaming around and i have to loose my time answering.
<< As for your problem, most of those messages are simply saying that some of the variables you are using aren't being properly initialized. >>
nice to see somebody else notices though the reason you invoke is different and may be the correct one.
that's constructive at least
Comment from gicutza_cj
skullnobrains: hei! are you allowed to post your e-mail address? I guess not, but you could at least play fair
1) check before you flame !!!
as far as i read, it is not forbidden and i don't really see why it should be since i'm the one to expose my own email to spammers and some silly people.
if it is let me know(moderator), accept my excuses(the thread) and i won't do it more.
2) what the hell are u talking about playing fair ?
i'm NOT PLAYING, i am just simply trying to help. if you want my points, tell the moderator you can have them as long as you leave me alone from now on.
3) the reason for which i did put my email in is written black on white and i don't think anybody around would be very interested by a series of tips for newbies and adapted to master's needs. if you are, send a mail.
4) this is master's thread and as allan pointed out you're not being much help flaming around and i have to loose my time answering.