From dbed08926baf869bb9a71776cf315eab1212a794 Mon Sep 17 00:00:00 2001
From: deepend <deepend@tilde.club>
Date: Tue, 23 Jan 2024 00:56:21 -0700
Subject: [PATCH 1/6] fix forum

---
 src/forum/recent.php | 142 ++++++++++++++++++++---------------------
 src/forum/unread.php | 147 ++++++++++++++++++++++---------------------
 2 files changed, 146 insertions(+), 143 deletions(-)

diff --git a/src/forum/recent.php b/src/forum/recent.php
index 32b473b9..261ada8e 100644
--- a/src/forum/recent.php
+++ b/src/forum/recent.php
@@ -13,100 +13,100 @@
  */
 
 // Config File
-$prevFolder = "../";
+	$prevFolder = "../";
 
-require_once($prevFolder."_setup.php");
+	require_once($prevFolder . "_setup.php");
 
-$breadcrumbObj->setTitle("Recent Posts");
-$breadcrumbObj->addCrumb("Home", MAIN_ROOT);
-$breadcrumbObj->addCrumb("Forum", MAIN_ROOT."forum");
-$breadcrumbObj->addCrumb("Recent Posts");
+	$breadcrumbObj->setTitle("Recent Posts");
+	$breadcrumbObj->addCrumb("Home", MAIN_ROOT);
+	$breadcrumbObj->addCrumb("Forum", MAIN_ROOT . "forum");
+	$breadcrumbObj->addCrumb("Recent Posts");
 
-$PAGE_NAME = "Recent Forum Posts - ";
+	$PAGE_NAME = "Recent Forum Posts - ";
 
-require_once(BASE_DIRECTORY."forum/templates/_header.php");
+	require_once(BASE_DIRECTORY . "forum/templates/_header.php");
 
 
-$NUM_PER_PAGE = $websiteInfo['forum_postsperpage'];
-if($member->select($_SESSION['btUsername']) && $member->authorizeLogin($_SESSION['btPassword'])) {
-	$memberInfo = $member->get_info_filtered();
-	$LOGGED_IN = true;
-	$NUM_PER_PAGE = $memberInfo['postsperpage'];
-}
-
-if($NUM_PER_PAGE == 0) {
-	$NUM_PER_PAGE = 25;
-}
-
+	$NUM_PER_PAGE = $websiteInfo['forum_postsperpage'];
+	if ($member->select($_SESSION['btUsername']) && $member->authorizeLogin($_SESSION['btPassword'])) {
+		$memberInfo = $member->get_info_filtered();
+		$LOGGED_IN = true;
+		$NUM_PER_PAGE = $memberInfo['postsperpage'];
+	}
 
-$accessableTopicsSQL = "SELECT forumtopic_id, forumboard_id FROM ".$dbprefix."forum_topic";
-$result = $mysqli->query($accessableTopicsSQL);
-while($row = $result->fetch_assoc()) {
-	$boardObj->select($row['forumboard_id']);
-	if($boardObj->memberHasAccess($memberInfo)) {
-		$arrTopics[] = $row['forumtopic_id'];
+	if ($NUM_PER_PAGE == 0) {
+		$NUM_PER_PAGE = 25;
 	}
-}
 
-$topicsFilterSQL = "('".implode("','", $arrTopics)."')";
+	$arrTopics = [];
 
-$totalPostsSQL = $mysqli->query("SELECT COUNT(*) as totalPosts FROM ".$dbprefix."forum_post WHERE forumtopic_id IN ".$topicsFilterSQL." ORDER BY dateposted");
-$totalPosts = $totalPostsSQL->fetch_assoc();
-$totalPosts = $totalPosts['totalPosts'];
+	$accessableTopicsSQL = "SELECT forumtopic_id, forumboard_id FROM " . $dbprefix . "forum_topic";
+	$result = $mysqli->query($accessableTopicsSQL);
+	while ($row = $result->fetch_assoc()) {
+		$boardObj->select($row['forumboard_id']);
+		if ($boardObj->memberHasAccess($memberInfo)) {
+			$arrTopics[] = $row['forumtopic_id'];
+		}
+	}
 
-if(!isset($_GET['pID']) || !is_numeric($_GET['pID'])) {
-	$intOffset = 0;
-	$_GET['pID'] = 1;
-}
-else {
-	$intOffset = $NUM_PER_PAGE*($_GET['pID']-1);
-}
+	$topicsFilterSQL = "('" . implode("','", $arrTopics) . "')";
 
+	$totalPostsSQL = $mysqli->query("SELECT COUNT(*) as totalPosts FROM " . $dbprefix . "forum_post WHERE forumtopic_id IN " . $topicsFilterSQL . " ORDER BY dateposted");
+	$totalPosts = $totalPostsSQL->fetch_assoc();
+	$totalPosts = $totalPosts['totalPosts'];
 
+	if (!isset($_GET['pID']) || !is_numeric($_GET['pID'])) {
+		$intOffset = 0;
+		$_GET['pID'] = 1;
+	} else {
+		$intOffset = $NUM_PER_PAGE * ($_GET['pID'] - 1);
+	}
 // Count Pages
-$NUM_OF_PAGES = ceil($totalPosts/$NUM_PER_PAGE);
+	$NUM_OF_PAGES = ceil($totalPosts / $NUM_PER_PAGE);
+
+	if ($NUM_OF_PAGES == 0) {
+		$NUM_OF_PAGES = 1;
+	}
 
-if($NUM_OF_PAGES == 0) {
-	$NUM_OF_PAGES = 1;	
-}
 
+	$pageSelector = new PageSelector();
+	$pageSelector->setPages($NUM_OF_PAGES);
+	$pageSelector->setCurrentPage($_GET['pID']);
+	$pageSelector->setLink(MAIN_ROOT . "forum/recent.php?pID=");
 
-$pageSelector = new PageSelector();
-$pageSelector->setPages($NUM_OF_PAGES);
-$pageSelector->setCurrentPage($_GET['pID']);
-$pageSelector->setLink(MAIN_ROOT."forum/recent.php?pID=");
+	echo "<div style='position: relative; overflow: auto'>";
+	$pageSelector->show();
+	echo "</div>";
 
-echo "<div style='position: relative; overflow: auto'>";
-$pageSelector->show();
-echo "</div>";
+	if ($NUM_OF_PAGES == 1) {
+		echo "<br><br>";
+	}
 
-if($NUM_OF_PAGES == 1) { echo "<br><br>"; }
+	$query = "SELECT * FROM " . $dbprefix . "forum_post WHERE forumtopic_id IN " . $topicsFilterSQL . " ORDER BY dateposted DESC LIMIT " . $intOffset . ", " . $NUM_PER_PAGE;
+	$result = $mysqli->query($query);
 
-$query = "SELECT * FROM ".$dbprefix."forum_post WHERE forumtopic_id IN ".$topicsFilterSQL." ORDER BY dateposted DESC LIMIT ".$intOffset.", ".$NUM_PER_PAGE;
-$result = $mysqli->query($query);
+	$count = 0;
+	while ($row = $result->fetch_assoc()) {
+		$count++;
+		$boardObj->objPost->select($row['forumpost_id']);
+		$topicInfo = $boardObj->objPost->getTopicInfo(true);
+		$boardObj->select($topicInfo['forumboard_id']);
 
-$count = 0;
-while($row = $result->fetch_assoc()) {
-	$count++;
-	$boardObj->objPost->select($row['forumpost_id']);
-	$topicInfo = $boardObj->objPost->getTopicInfo(true);
-	$boardObj->select($topicInfo['forumboard_id']);
+		echo "<div class='largeFont' style='position:relative;'><b>" . $boardObj->getLink(true) . " - " . $boardObj->objPost->getLink(true) . "</b></div>";
+		$boardObj->objPost->show(true);
 
-	echo "<div class='largeFont' style='position:relative;'><b>".$boardObj->getLink(true)." - ".$boardObj->objPost->getLink(true)."</b></div>";
-	$boardObj->objPost->show(true);
-	
-	if($count != $result->num_rows) {
-		echo "<br><div class='dottedLine'></div><br>";
+		if ($count != $result->num_rows) {
+			echo "<br><div class='dottedLine'></div><br>";
+		}
 	}
-}
 
-echo "<div style='position: relative; overflow: auto'>";
-$pageSelector->show();
-echo "</div>";
+	echo "<div style='position: relative; overflow: auto'>";
+	$pageSelector->show();
+	echo "</div>";
 
-if($result->num_rows == 0) {
+	if ($result->num_rows == 0) {
 
-	echo "
+		echo "
 		
 		<div class='shadedBox' style='width: 45%; margin-left: auto; margin-right: auto'>
 			<p align='center' class='main'>
@@ -115,7 +115,7 @@
 		</div>
 	
 	";
-	
-}
 
-require_once(BASE_DIRECTORY."forum/templates/_footer.php");
\ No newline at end of file
+	}
+
+	require_once(BASE_DIRECTORY . "forum/templates/_footer.php");
\ No newline at end of file
diff --git a/src/forum/unread.php b/src/forum/unread.php
index 32116401..bd3c4c88 100644
--- a/src/forum/unread.php
+++ b/src/forum/unread.php
@@ -1,4 +1,4 @@
-<?php 
+<?php
 
 /*
  * BlueThrust Clan Scripts
@@ -15,103 +15,106 @@
 // Config File
 
 
-$prevFolder = "../";
+	$prevFolder = "../";
 
-require_once($prevFolder."_setup.php");
+	require_once($prevFolder . "_setup.php");
 
-$breadcrumbObj->setTitle("Unread Posts");
-$breadcrumbObj->addCrumb("Home", MAIN_ROOT);
-$breadcrumbObj->addCrumb("Forum", MAIN_ROOT."forum");
-$breadcrumbObj->addCrumb("Unread Posts");
+	$breadcrumbObj->setTitle("Unread Posts");
+	$breadcrumbObj->addCrumb("Home", MAIN_ROOT);
+	$breadcrumbObj->addCrumb("Forum", MAIN_ROOT . "forum");
+	$breadcrumbObj->addCrumb("Unread Posts");
 
-$PAGE_NAME = "Recent Forum Posts - ";
+	$PAGE_NAME = "Recent Forum Posts - ";
 
-require_once(BASE_DIRECTORY."forum/templates/_header.php");
+	require_once(BASE_DIRECTORY . "forum/templates/_header.php");
+
+	$memberInfo = array("member_id" => 0);
+	$NUM_PER_PAGE = $websiteInfo['forum_postsperpage'];
+	if ($member->select($_SESSION['btUsername']) && $member->authorizeLogin($_SESSION['btPassword'])) {
+		$memberInfo = $member->get_info_filtered();
+		$LOGGED_IN = true;
+		$NUM_PER_PAGE = $memberInfo['postsperpage'];
+	}
 
-$memberInfo = array("member_id" => 0);
-$NUM_PER_PAGE = $websiteInfo['forum_postsperpage'];
-if($member->select($_SESSION['btUsername']) && $member->authorizeLogin($_SESSION['btPassword'])) {
-	$memberInfo = $member->get_info_filtered();
-	$LOGGED_IN = true;
-	$NUM_PER_PAGE = $memberInfo['postsperpage'];
-}
 
+	if ($NUM_PER_PAGE == 0) {
+		$NUM_PER_PAGE = 25;
+	}
 
-if($NUM_PER_PAGE == 0) {
-	$NUM_PER_PAGE = 25;
-}
 
+	$seenTopicsSQL = "SELECT forumtopic_id FROM " . $dbprefix . "forum_topicseen WHERE member_id = '" . $memberInfo['member_id'] . "'";
 
-$seenTopicsSQL = "SELECT forumtopic_id FROM ".$dbprefix."forum_topicseen WHERE member_id = '".$memberInfo['member_id']."'";
+	$arrTopics = [];
 
-$accessableTopicsSQL = "SELECT forumtopic_id, forumboard_id FROM ".$dbprefix."forum_topic WHERE forumtopic_id NOT IN (".$seenTopicsSQL.")";
-$result = $mysqli->query($accessableTopicsSQL);
-while($row = $result->fetch_assoc()) {
-	$boardObj->select($row['forumboard_id']);
-	if($boardObj->memberHasAccess($memberInfo)) {
-		$arrTopics[] = $row['forumtopic_id'];
+	$accessableTopicsSQL = "SELECT forumtopic_id, forumboard_id FROM " . $dbprefix . "forum_topic WHERE forumtopic_id NOT IN (" . $seenTopicsSQL . ")";
+	$result = $mysqli->query($accessableTopicsSQL);
+	while ($row = $result->fetch_assoc()) {
+		$boardObj->select($row['forumboard_id']);
+		if ($boardObj->memberHasAccess($memberInfo)) {
+			$arrTopics[] = $row['forumtopic_id'];
+		}
 	}
-}
 
-$topicsFilterSQL = "('".implode("','", $arrTopics)."')";
+	$topicsFilterSQL = "('" . implode("','", $arrTopics) . "')";
 
-$totalPostsSQL = $mysqli->query("SELECT COUNT(*) as totalPosts FROM ".$dbprefix."forum_post WHERE forumtopic_id IN ".$topicsFilterSQL." ORDER BY dateposted");
-$totalPosts = $totalPostsSQL->fetch_assoc();
-$totalPosts = $totalPosts['totalPosts'];
+	$totalPostsSQL = $mysqli->query("SELECT COUNT(*) as totalPosts FROM " . $dbprefix . "forum_post WHERE forumtopic_id IN " . $topicsFilterSQL . " ORDER BY dateposted");
+	$totalPosts = $totalPostsSQL->fetch_assoc();
+	$totalPosts = $totalPosts['totalPosts'];
 
-if(!isset($_GET['pID']) || !is_numeric($_GET['pID'])) {
-	$intOffset = 0;
-	$_GET['pID'] = 1;
-}
-else {
-	$intOffset = $NUM_PER_PAGE*($_GET['pID']-1);
-}
+	if (!isset($_GET['pID']) || !is_numeric($_GET['pID'])) {
+		$intOffset = 0;
+		$_GET['pID'] = 1;
+	} else {
+		$intOffset = $NUM_PER_PAGE * ($_GET['pID'] - 1);
+	}
 
 
 // Count Pages
-$NUM_OF_PAGES = ceil($totalPosts/$NUM_PER_PAGE);
+	$NUM_OF_PAGES = ceil($totalPosts / $NUM_PER_PAGE);
 
-if($NUM_OF_PAGES == 0) {
-	$NUM_OF_PAGES = 1;	
-}
+	if ($NUM_OF_PAGES == 0) {
+		$NUM_OF_PAGES = 1;
+	}
 
 
-$pageSelector = new PageSelector();
-$pageSelector->setPages($NUM_OF_PAGES);
-$pageSelector->setCurrentPage($_GET['pID']);
-$pageSelector->setLink(MAIN_ROOT."forum/recent.php?pID=");
+	$pageSelector = new PageSelector();
+	$pageSelector->setPages($NUM_OF_PAGES);
+	$pageSelector->setCurrentPage($_GET['pID']);
+	$pageSelector->setLink(MAIN_ROOT . "forum/recent.php?pID=");
 
-echo "<div style='position: relative; overflow: auto'>";
-$pageSelector->show();
-echo "</div>";
+	echo "<div style='position: relative; overflow: auto'>";
+	$pageSelector->show();
+	echo "</div>";
 
-if($NUM_OF_PAGES == 1) { echo "<br><br>"; }
+	if ($NUM_OF_PAGES == 1) {
+		echo "<br><br>";
+	}
 
-$query = "SELECT * FROM ".$dbprefix."forum_post WHERE forumtopic_id IN ".$topicsFilterSQL." ORDER BY dateposted DESC LIMIT ".$intOffset.", ".$NUM_PER_PAGE;
-$result = $mysqli->query($query);
+	$query = "SELECT * FROM " . $dbprefix . "forum_post WHERE forumtopic_id IN " . $topicsFilterSQL . " ORDER BY dateposted DESC LIMIT " . $intOffset . ", " . $NUM_PER_PAGE;
+	$result = $mysqli->query($query);
 
-$count = 0;
-while($row = $result->fetch_assoc()) {
-	$count++;
-	$boardObj->objPost->select($row['forumpost_id']);
-	$topicInfo = $boardObj->objPost->getTopicInfo(true);
-	$boardObj->select($topicInfo['forumboard_id']);
+	$count = 0;
+	while ($row = $result->fetch_assoc()) {
+		$count++;
+		$boardObj->objPost->select($row['forumpost_id']);
+		$topicInfo = $boardObj->objPost->getTopicInfo(true);
+		$boardObj->select($topicInfo['forumboard_id']);
 
-	echo "<div class='largeFont' style='position:relative;'><b>".$boardObj->getLink(true)." - ".$boardObj->objPost->getLink(true)."</b></div>";
-	$boardObj->objPost->show(true);
-	
-	if($count != $result->num_rows) {
-		echo "<br><div class='dottedLine'></div><br>";
+		echo "<div class='largeFont' style='position:relative;'><b>" . $boardObj->getLink(true) . " - " . $boardObj->objPost->getLink(true) . "</b></div>";
+		$boardObj->objPost->show(true);
+
+		if ($count != $result->num_rows) {
+			echo "<br><div class='dottedLine'></div><br>";
+		}
 	}
-}
 
-echo "<div style='position: relative; overflow: auto'>";
-$pageSelector->show();
-echo "</div>";
+	echo "<div style='position: relative; overflow: auto'>";
+	$pageSelector->show();
+	echo "</div>";
 
-if($result->num_rows == 0) {
+	if ($result->num_rows == 0) {
 
-	echo "
+		echo "
 		
 		<div class='shadedBox' style='width: 45%; margin-left: auto; margin-right: auto'>
 			<p align='center' class='main'>
@@ -120,8 +123,8 @@
 		</div>
 	
 	";
-	
-}
+
+	}
 
 
-require_once(BASE_DIRECTORY."forum/templates/_footer.php");
\ No newline at end of file
+	require_once(BASE_DIRECTORY . "forum/templates/_footer.php");
\ No newline at end of file

From f91357e14102b67bd52a33d5d6a658383519bd0f Mon Sep 17 00:00:00 2001
From: deepend <deepend@tilde.club>
Date: Tue, 23 Jan 2024 00:59:08 -0700
Subject: [PATCH 2/6] fix polls

---
 src/members/include/polls/createpoll.php      | 494 +++++++++---------
 .../include/polls/include/addoption.php       | 219 ++++----
 2 files changed, 350 insertions(+), 363 deletions(-)

diff --git a/src/members/include/polls/createpoll.php b/src/members/include/polls/createpoll.php
index 219338fe..e1f1a9d7 100644
--- a/src/members/include/polls/createpoll.php
+++ b/src/members/include/polls/createpoll.php
@@ -1,128 +1,124 @@
 <?php
 
-/*
- * BlueThrust Clan Scripts
- * Copyright 2014
- *
- * Author: Bluethrust Web Development
- * E-mail: support@bluethrust.com
- * Website: http://www.bluethrust.com
- *
- * License: http://www.bluethrust.com/license.php
- *
- */
-
-if(!isset($member) || substr($_SERVER['PHP_SELF'], -11) != "console.php") {
-	exit();
-}
-else {
-	$memberInfo = $member->get_info();
-	$consoleObj->select($_GET['cID']);
-	if(!$member->hasAccess($consoleObj)) {
+	/*
+	 * BlueThrust Clan Scripts
+	 * Copyright 2014
+	 *
+	 * Author: Bluethrust Web Development
+	 * E-mail: support@bluethrust.com
+	 * Website: http://www.bluethrust.com
+	 *
+	 * License: http://www.bluethrust.com/license.php
+	 *
+	 */
+
+	if (!isset($member) || substr($_SERVER['PHP_SELF'], -11) != "console.php") {
 		exit();
+	} else {
+		$memberInfo = $member->get_info();
+		$consoleObj->select($_GET['cID']);
+		if (!$member->hasAccess($consoleObj)) {
+			exit();
+		}
 	}
-}
 
-require_once("../classes/access.php");
-require_once("../classes/poll.php");
+	require_once("../classes/access.php");
+	require_once("../classes/poll.php");
 
-$cID = $_GET['cID'];
+	$cID = $_GET['cID'];
 
-$dispError = "";
-$countErrors = 0;
+	$dispError = "";
+	$countErrors = 0;
 
 
+	$pollObj = new Poll($mysqli);
+	$accessObj = $pollObj->objAccess;
 
-$pollObj = new Poll($mysqli);
-$accessObj = $pollObj->objAccess;
 
+	if (isset($_POST['accessCacheID'])) {
+		$accessObj->cacheID = $_POST['accessCacheID'];
+	}
 
-if(isset($_POST['accessCacheID'])) {
-	$accessObj->cacheID = $_POST['accessCacheID'];
-}
+	$_SESSION['btAccessCacheTables'][$accessObj->cacheID] = json_encode($accessObj->arrAccessTables);
+	$_SESSION['btAccessCacheTypes'][$accessObj->cacheID] = json_encode($accessObj->arrAccessTypes);
 
-$_SESSION['btAccessCacheTables'][$accessObj->cacheID] = json_encode($accessObj->arrAccessTables);
-$_SESSION['btAccessCacheTypes'][$accessObj->cacheID] = json_encode($accessObj->arrAccessTypes);
+	$arrPostSelected = array();
 
-$arrPostSelected = array();
+	if (!empty($_POST['submit'])) {
 
-if ( ! empty($_POST['submit']) ) {
-	
-	// Check Question
-	if(trim($_POST['pollquestion']) == "") {
-		$countErrors++;
-		$dispError .= "&nbsp&nbsp;&nbsp;<b>&middot;</b> Your poll question may not be blank.<br>";
-	}
-	
-	// Check Access Types
-	$arrCheckAccessTypes = array("members", "memberslimited", "public");
-	if(!in_array($_POST['accesstype'], $arrCheckAccessTypes)) {
-		$countErrors++;
-		$dispError .= "&nbsp&nbsp;&nbsp;<b>&middot;</b> You selected an invalid access type.<br>";		
-	}
-	
+		// Check Question
+		if (trim($_POST['pollquestion']) == "") {
+			$countErrors++;
+			$dispError .= "&nbsp&nbsp;&nbsp;<b>&middot;</b> Your poll question may not be blank.<br>";
+		}
 
-	// Check Result Visibility
-	$arrCheckVisTypes = array("open", "votedonly", "pollend", "never");
-	if(!in_array($_POST['resultvisibility'], $arrCheckVisTypes)) {
-		$countErrors++;
-		$dispError .= "&nbsp&nbsp;&nbsp;<b>&middot;</b> You selected an invalid result visibility type.<br>";		
-	}
-	
-	// Check Max Votes
-	
-	if($_POST['maxvotes'] != "" && (!is_numeric($_POST['maxvotes']) || $_POST['maxvotes'] < 0)) {
-		$countErrors++;
-		$dispError .= "&nbsp&nbsp;&nbsp;<b>&middot;</b> Max votes per user must be a value greater than zero.<br>";
-	}
-	
-	// Check Poll End
-	
-	if($_POST['enddate'] != "forever" && $_POST['enddate'] != "choose") {
-		$countErrors++;
-		$dispError .= "&nbsp&nbsp;&nbsp;<b>&middot;</b> You selected an invalid poll end date.<br>";
-	}
-	elseif($_POST['enddate'] == "choose" && (!is_numeric($_POST['realenddate']) || $_POST['realenddate'] <= 0)) {
-		$countErrors++;
-		$dispError .= "&nbsp&nbsp;&nbsp;<b>&middot;</b> You selected an invalid poll end date.<br>";
-	}
-	
-	
-	
-	if($countErrors == 0) {
-		
-		$setEndDate = 0;
-		if($_POST['enddate'] == "choose") {
-			$setEndDate = $_POST['realenddate']/1000;
-			$tempYear = date("Y", $setEndDate);
-			$tempMonth = date("n", $setEndDate);
-			$tempDay = date("j", $setEndDate);
-			$tempHour = $_POST['endhour'];
-			if($_POST['endAMPM'] == "PM") {
-				$tempHour += 12;	
-			}
-			
-			$setEndDate = mktime($tempHour, $_POST['endminute'], 0, $tempMonth, $tempDay, $tempYear);	
+		// Check Access Types
+		$arrCheckAccessTypes = array("members", "memberslimited", "public");
+		if (!in_array($_POST['accesstype'], $arrCheckAccessTypes)) {
+			$countErrors++;
+			$dispError .= "&nbsp&nbsp;&nbsp;<b>&middot;</b> You selected an invalid access type.<br>";
 		}
-		
-		
-		$_POST['multivote'] = ($_POST['multivote'] != 1) ? 0 : 1;
-		$_POST['displayvoters'] = ($_POST['displayvoters'] != 1) ? 0 : 1;
-		
-		$arrColumns = array("member_id", "question", "accesstype", "multivote", "displayvoters", "resultvisibility", "maxvotes", "pollend", "dateposted");
-		$arrValues = array($memberInfo['member_id'], $_POST['pollquestion'], $_POST['accesstype'], $_POST['multivote'], $_POST['displayvoters'], $_POST['resultvisibility'], $_POST['maxvotes'], $setEndDate, time());
-		
-		if($pollObj->addNew($arrColumns, $arrValues)) {
-			$pollObj->cacheID = $_POST['pollCacheID'];
-			$pollObj->savePollOptions();
-			
-			if($_POST['accesstype'] == "memberslimited") {
-				$accessObj->cacheID = $_POST['accessCacheID'];
-				$accessObj->arrAccessFor = array("keyName" => "poll_id", "keyValue" => $pollObj->get_info("poll_id"));
-				$accessObj->saveAccess();
+
+
+		// Check Result Visibility
+		$arrCheckVisTypes = array("open", "votedonly", "pollend", "never");
+		if (!in_array($_POST['resultvisibility'], $arrCheckVisTypes)) {
+			$countErrors++;
+			$dispError .= "&nbsp&nbsp;&nbsp;<b>&middot;</b> You selected an invalid result visibility type.<br>";
+		}
+
+		// Check Max Votes
+
+		if ($_POST['maxvotes'] != "" && (!is_numeric($_POST['maxvotes']) || $_POST['maxvotes'] < 0)) {
+			$countErrors++;
+			$dispError .= "&nbsp&nbsp;&nbsp;<b>&middot;</b> Max votes per user must be a value greater than zero.<br>";
+		}
+
+		// Check Poll End
+
+		if ($_POST['enddate'] != "forever" && $_POST['enddate'] != "choose") {
+			$countErrors++;
+			$dispError .= "&nbsp&nbsp;&nbsp;<b>&middot;</b> You selected an invalid poll end date.<br>";
+		} elseif ($_POST['enddate'] == "choose" && (!is_numeric($_POST['realenddate']) || $_POST['realenddate'] <= 0)) {
+			$countErrors++;
+			$dispError .= "&nbsp&nbsp;&nbsp;<b>&middot;</b> You selected an invalid poll end date.<br>";
+		}
+
+
+		if ($countErrors == 0) {
+
+			$setEndDate = 0;
+			if ($_POST['enddate'] == "choose") {
+				$setEndDate = $_POST['realenddate'] / 1000;
+				$tempYear = date("Y", $setEndDate);
+				$tempMonth = date("n", $setEndDate);
+				$tempDay = date("j", $setEndDate);
+				$tempHour = $_POST['endhour'];
+				if ($_POST['endAMPM'] == "PM") {
+					$tempHour += 12;
+				}
+
+				$setEndDate = mktime($tempHour, $_POST['endminute'], 0, $tempMonth, $tempDay, $tempYear);
 			}
-			
-			echo "
+
+
+			$_POST['multivote'] = ($_POST['multivote'] != 1) ? 0 : 1;
+			$_POST['displayvoters'] = ($_POST['displayvoters'] != 1) ? 0 : 1;
+
+			$arrColumns = array("member_id", "question", "accesstype", "multivote", "displayvoters", "resultvisibility", "maxvotes", "pollend", "dateposted");
+			$arrValues = array($memberInfo['member_id'], $_POST['pollquestion'], $_POST['accesstype'], $_POST['multivote'], $_POST['displayvoters'], $_POST['resultvisibility'], $_POST['maxvotes'], $setEndDate, time());
+
+			if ($pollObj->addNew($arrColumns, $arrValues)) {
+				$pollObj->cacheID = $_POST['pollCacheID'];
+				$pollObj->savePollOptions();
+
+				if ($_POST['accesstype'] == "memberslimited") {
+					$accessObj->cacheID = $_POST['accessCacheID'];
+					$accessObj->arrAccessFor = array("keyName" => "poll_id", "keyValue" => $pollObj->get_info("poll_id"));
+					$accessObj->saveAccess();
+				}
+
+				echo "
 				<div style='display: none' id='successBox'>
 					<p align='center'>
 						Successfully created a new poll!
@@ -130,56 +126,54 @@
 				</div>
 				
 				<script type='text/javascript'>
-					popupDialog('Create a Poll', '".$MAIN_ROOT."members', 'successBox');
+					popupDialog('Create a Poll', '" . $MAIN_ROOT . "members', 'successBox');
 				</script>			
 			";
-			
+
+			} else {
+				$countErrors++;
+				$dispError .= "&nbsp;&nbsp;&nbsp;<b>&middot;</b> Unable to save information to the database.  Please contact the website administrator.<br>";
+			}
 		}
-		else {
-			$countErrors++;
-			$dispError .= "&nbsp;&nbsp;&nbsp;<b>&middot;</b> Unable to save information to the database.  Please contact the website administrator.<br>";
+
+
+		if ($countErrors > 0) {
+
+			$_POST = filterArray($_POST);
+			$_POST['submit'] = false;
+
+			$arrPostSelected['accesstype']['limited'] = ($_POST['accesstype'] == "memberslimited") ? " selected" : "";
+			$arrPostSelected['accesstype']['public'] = ($_POST['accesstype'] == "public") ? " selected" : "";
+
+			$arrPostSelected['multivote'] = (isset($_POST['multivote']) && $_POST['multivote'] == 1) ? " checked" : "";
+			$arrPostSelected['displayvoters'] = (isset($_POST['displayvoters']) && $_POST['displayvoters'] == 1) ? " checked" : "";
+
+			$arrPostSelected['resultvisibility']['votedonly'] = ($_POST['resultvisibility'] == "votedonly") ? " selected" : "";
+			$arrPostSelected['resultvisibility']['pollend'] = ($_POST['resultvisibility'] == "pollend") ? " selected" : "";
+			$arrPostSelected['resultvisibility']['never'] = ($_POST['resultvisibility'] == "never") ? " selected" : "";
+
+			$arrPostSelected['pollend']['choose'] = ($_POST['enddate'] == "choose") ? " selected" : "";
+			$arrPostSelected['pollend']['forever'] = ($_POST['enddate'] == "forever") ? " selected" : "";
+
+			$arrPostSelected['endAMPM'] = ($_POST['endAMPM'] == "PM") ? " selected" : "";
+
 		}
+
+
 	}
-	
-	
-	if($countErrors > 0) {
-		
-		$_POST = filterArray($_POST);
-		$_POST['submit'] = false;
-		
-		$arrPostSelected['accesstype']['limited'] = ($_POST['accesstype'] == "memberslimited") ? " selected" : "";
-		$arrPostSelected['accesstype']['public'] = ($_POST['accesstype'] == "public") ? " selected" : "";
-		
-		$arrPostSelected['multivote'] = ($_POST['multivote'] == 1) ? " checked" : "";
-		$arrPostSelected['displayvoters'] = ($_POST['displayvoters'] == 1) ? " checked" : "";
-		
-		
-		$arrPostSelected['resultvisibility']['votedonly'] = ($_POST['resultvisibility'] == "votedonly") ? " selected" : "";
-		$arrPostSelected['resultvisibility']['pollend'] = ($_POST['resultvisibility'] == "pollend") ? " selected" : "";
-		$arrPostSelected['resultvisibility']['never'] = ($_POST['resultvisibility'] == "never") ? " selected" : "";
-		
-		$arrPostSelected['pollend']['choose'] = ($_POST['enddate'] == "choose") ? " selected" : "";
-		$arrPostSelected['pollend']['forever'] = ($_POST['enddate'] == "forever") ? " selected" : "";
-		
-		$arrPostSelected['endAMPM'] = ($_POST['endAMPM'] == "PM") ? " selected" : "";
-		
-	}
-	
-	
-}
 
 
-$addMenuItemCID = $consoleObj->findConsoleIDByName("Add Menu Item");
-if ( empty($_POST['submit']) ) {	
-	
-	echo "
+	$addMenuItemCID = $consoleObj->findConsoleIDByName("Add Menu Item");
+	if (empty($_POST['submit'])) {
+
+		echo "
 	
 		<div class='formDiv'>
 		
 		";
-	
-	
-	if($dispError != "") {
+
+	}
+	if ($dispError != "") {
 		echo "
 		<div class='errorDiv'>
 		<strong>Unable to create poll because the following errors occurred:</strong><br><br>
@@ -187,106 +181,102 @@
 		</div>
 		";
 		$pollOptionCacheID = $_POST['pollCacheID'];
+	} else {
+		$pollOptionCacheID = md5(time() . uniqid());
+		$_SESSION['btPollOptionCache'][$pollOptionCacheID] = array();
 	}
-	else {
-		$pollOptionCacheID = md5(time().uniqid());
-		$_SESSION['btPollOptionCache'][$pollOptionCacheID] = array();		
-	}
-	
-	
-	
+
+
 	$hourOptions = "";
-	for($i=12; $i>=1; $i--) {
+	for ($i = 12; $i >= 1; $i--) {
 		$tempNum = str_pad($i, 2, "0", STR_PAD_LEFT);
 		$dispSelected = "";
-		if(isset($_POST['endhour']) && $_POST['endhour'] == $i) {
+		if (isset($_POST['endhour']) && $_POST['endhour'] == $i) {
 			$dispSelected = " selected";
 		}
-		
-		$hourOptions .= "<option value='".$i."'".$dispSelected.">".$tempNum."</option>";
+
+		$hourOptions .= "<option value='" . $i . "'" . $dispSelected . ">" . $tempNum . "</option>";
 	}
-	
+
 	$minuteOptions = "";
-	for($i=0; $i<=59; $i++) {
+	for ($i = 0; $i <= 59; $i++) {
 		$tempNum = str_pad($i, 2, "0", STR_PAD_LEFT);
-		
+
 		$dispSelected = "";
-		if(isset($_POST['endminute']) && $_POST['endminute'] == $i) {
-			$dispSelected = " selected";	
+		if (isset($_POST['endminute']) && $_POST['endminute'] == $i) {
+			$dispSelected = " selected";
 		}
-		
-		$minuteOptions .= "<option value='".$i."'".$dispSelected.">".$tempNum."</option>";	
+
+		$minuteOptions .= "<option value='" . $i . "'" . $dispSelected . ">" . $tempNum . "</option>";
 	}
 
-	
-	
+
 	echo "
-		
-			<form action='".$MAIN_ROOT."members/console.php?cID=".$cID."' method='post'>
-			Use the form below to add a poll.  You can display polls in menus by going to the <a href='".$MAIN_ROOT."members/console.php?cID=".$addMenuItemCID."'>Add Menu Item</a> page.		
-			<table class='formTable'>
-				<tr>
-					<td class='formLabel' valign='top'>Question:</td>
-					<td class='main'><textarea name='pollquestion' class='textBox' style='width: 60%; height: 30px'>".$_POST['pollquestion']."</textarea></td>
-				</tr>
-				<tr>
-					<td class='formLabel'>Access:</td>
-					<td class='main'>
-						<select name='accesstype' id='accessType' class='textBox'>
-							<option value='members'>Members Only</option>
-							<option value='memberslimited'".$arrPostSelected['accesstype']['limited'].">Limited Members</option>
-							<option value='public'".$arrPostSelected['accesstype']['public'].">Public</option>
-						</select>
-					</td>
-				</tr>
-				<tr>
-					<td class='formLabel'>Multi-Vote: <a href='javascript:void(0)' onmouseover=\"showToolTip('Select the checkbox to allow users to vote on more than one option at a time.')\" onmouseout=\"hideToolTip()\">(?)</a></td>
-					<td class='main'>
-						<input type='checkbox' name='multivote' value='1'".$arrPostSelected['multivote'].">
-					</td>
-				</tr>
-				<tr>
-					<td class='formLabel'>Display Voters: <a href='javascript:void(0)' onmouseover=\"showToolTip('Select the checkbox to show who voted for which option.')\" onmouseout=\"hideToolTip()\">(?)</a></td>
-					<td class='main'><input type='checkbox' name='displayvoters' value='1'".$arrPostSelected['displayvoters']."></td>
-				</tr>
-				<tr>
-					<td class='formLabel'>Result Visibility:</td>
-					<td class='main'>
-						<select name='resultvisibility' class='textBox'>
-							<option value='open'>Show Always</option>
-							<option value='votedonly'".$arrPostSelected['resultvisibility']['votedonly'].">Show only after voted</option>
-							<option value='pollend'".$arrPostSelected['resultvisibility']['pollend'].">Show only when poll ends</option>
-							<option value='never'".$arrPostSelected['resultvisibility']['never'].">Don't reveal results</option>
-						</select>
-					</td>
-				</tr>
-				<tr>
-					<td class='formLabel'>Max votes per user: <a href='javascript:void(0)' onmouseover=\"showToolTip('Leave blank or 0 for unlimited votes.')\" onmouseout=\"hideToolTip()\">(?)</a></td>
-					<td class='main'>
-						<input type='text' name='maxvotes' value='".$_POST['maxvotes']."' class='textBox' style='width: 10%'>
-					</td>
-				</tr>
-				<tr>
-					<td class='formLabel' valign='top'>Run poll until:</td>
-					<td class='main'>
-						<select name='enddate' id='endDatePick' class='textBox'>
-							<option value=''>Select</option>
-							<option value='choose'".$arrPostSelected['pollend']['choose'].">Choose Date</option>
-							<option value='forever'".$arrPostSelected['pollend']['forever'].">Forever</option>
-						</select>
-						<div id='pickEndDateDiv' style='display: none'>
-							<br>
-							<input type='text' id='jqEndDate' name='fakeenddate' value='".$_POST['fakeenddate']."' class='textBox' readonly='readonly' style='cursor: pointer'>
-							<p>
-							<select class='textBox' name='endhour'>".$hourOptions."</select> : 
-							<select class='textBox' name='endminute'>".$minuteOptions."</select>
-							<select class='textBox' name='endAMPM'><option value='AM'>AM</option><option value='PM'".$arrPostSelected['endAMPM'].">PM</option></select>
-							</p>
-							<input type='hidden' name='realenddate' id='realEndDate'>
-						</div>
-					</td>
-				</tr>
-			</table>
+ 	<form action='" . $MAIN_ROOT . "members/console.php?cID=" . $cID . "' method='post'>
+    Use the form below to add a poll.  You can display polls in menus by going to the <a href='" . $MAIN_ROOT . "members/console.php?cID=" . $addMenuItemCID . "'>Add Menu Item</a> page.        
+    <table class='formTable'>
+        <tr>
+            <td class='formLabel' valign='top'>Question:</td>
+            <td class='main'><textarea name='pollquestion' class='textBox' style='width: 60%; height: 30px'>" . (isset($_POST['pollquestion']) ? htmlspecialchars($_POST['pollquestion']) : '') . "</textarea></td>
+        </tr>
+    <tr>
+        <td class='formLabel'>Access:</td>
+        <td class='main'>
+            <select name='accesstype' id='accessType' class='textBox'>
+                <option value='members'>Members Only</option>
+                <option value='memberslimited'" . (isset($arrPostSelected['accesstype']['limited']) ? $arrPostSelected['accesstype']['limited'] : '') . ">Limited Members</option>
+                <option value='public'" . (isset($arrPostSelected['accesstype']['public']) ? $arrPostSelected['accesstype']['public'] : '') . ">Public</option>
+            </select>
+        </td>
+    </tr>
+    <tr>
+        <td class='formLabel'>Multi-Vote: <a href='javascript:void(0)' onmouseover=\"showToolTip('Select the checkbox to allow users to vote on more than one option at a time.')\" onmouseout=\"hideToolTip()\">(?)</a></td>
+        <td class='main'>
+            <input type='checkbox' name='multivote' value='1'" . (isset($arrPostSelected['multivote']) ? $arrPostSelected['multivote'] : '') . ">
+        </td>
+    </tr>
+    <tr>
+        <td class='formLabel'>Display Voters: <a href='javascript:void(0)' onmouseover=\"showToolTip('Select the checkbox to show who voted for which option.')\" onmouseout=\"hideToolTip()\">(?)</a></td>
+        <td class='main'><input type='checkbox' name='displayvoters' value='1'" . (isset($arrPostSelected['displayvoters']) ? $arrPostSelected['displayvoters'] : '') . "></td>
+    </tr>
+    <tr>
+        <td class='formLabel'>Result Visibility:</td>
+        <td class='main'>
+            <select name='resultvisibility' class='textBox'>
+                <option value='open'>Show Always</option>
+                <option value='votedonly'" . (isset($arrPostSelected['resultvisibility']['votedonly']) ? $arrPostSelected['resultvisibility']['votedonly'] : '') . ">Show only after voted</option>
+                <option value='pollend'" . (isset($arrPostSelected['resultvisibility']['pollend']) ? $arrPostSelected['resultvisibility']['pollend'] : '') . ">Show only when poll ends</option>
+                <option value='never'" . (isset($arrPostSelected['resultvisibility']['never']) ? $arrPostSelected['resultvisibility']['never'] : '') . ">Don't reveal results</option>
+            </select>
+        </td>
+    </tr>
+        <tr>
+            <td class='formLabel'>Max votes per user: <a href='javascript:void(0)' onmouseover=\"showToolTip('Leave blank or 0 for unlimited votes.')\" onmouseout=\"hideToolTip()\">(?)</a></td>
+            <td class='main'>
+                <input type='text' name='maxvotes' value='" . (isset($_POST['maxvotes']) ? $_POST['maxvotes'] : '') . "' class='textBox' style='width: 10%'>
+            </td>
+        </tr>
+    <tr>
+        <td class='formLabel' valign='top'>Run poll until:</td>
+        <td class='main'>
+            <select name='enddate' id='endDatePick' class='textBox'>
+                <option value=''>Select</option>
+                <option value='choose'" . (isset($arrPostSelected['pollend']['choose']) ? $arrPostSelected['pollend']['choose'] : '') . ">Choose Date</option>
+                <option value='forever'" . (isset($arrPostSelected['pollend']['forever']) ? $arrPostSelected['pollend']['forever'] : '') . ">Forever</option>
+            </select>
+            <div id='pickEndDateDiv' style='display: none'>
+                <br>
+                <input type='text' id='jqEndDate' name='fakeenddate' value='" . (isset($_POST['fakeenddate']) ? $_POST['fakeenddate'] : '') . "' class='textBox' readonly='readonly' style='cursor: pointer'>
+                <p>
+                <select class='textBox' name='endhour'>" . $hourOptions . "</select> : 
+                <select class='textBox' name='endminute'>" . $minuteOptions . "</select>
+                <select class='textBox' name='endAMPM'><option value='AM'>AM</option><option value='PM'" . (isset($arrPostSelected['endAMPM']) ? $arrPostSelected['endAMPM'] : '') . ">PM</option></select>
+                </p>
+                <input type='hidden' name='realenddate' id='realEndDate'>
+            </div>
+        </td>
+    </tr>
+    </table>
 			
 			<div id='accessDiv' style='margin-bottom: 50px'>
 				<div class='main' style='margin: 20px auto; width: 95%'>
@@ -295,22 +285,22 @@
 				</div>
 	
 					";
-					
-					$accessObj->rankAccessDiv = "rankAccessList";
-					$accessObj->dispSetRankAccess();
-	
-				echo "
+
+	$accessObj->rankAccessDiv = "rankAccessList";
+	$accessObj->dispSetRankAccess();
+
+	echo "
 				
 					<div class='main' style='margin: 20px auto; width: 95%'>
 						<div class='dottedLine'><b>Member Access:</b></div>
 						<p style='margin: 3px 0px;padding-left: 3px'>Use this section to set whether a specific member is allowed to access this poll.</p>
 					</div>
 				";
-				
-					$accessObj->memberAccessDiv = "memberAccessList";
-					$accessObj->dispSetMemberAccess();
-				
-			echo "	
+
+	$accessObj->memberAccessDiv = "memberAccessList";
+	$accessObj->dispSetMemberAccess();
+
+	echo "	
 			</div>
 			
 			<div class='dottedLine main' style='margin-top: 20px; width: 95%; margin-left: auto; margin-right: auto'>
@@ -331,7 +321,7 @@
 			
 			<div id='loadingSpiral' class='loadingSpiral'>
 				<p align='center'>
-					<img src='".$MAIN_ROOT."themes/".$THEME."/images/loading-spiral.gif'><br>Loading
+					<img src='" . $MAIN_ROOT . "themes/" . $THEME . "/images/loading-spiral.gif'><br>Loading
 				</p>
 			</div>
 			
@@ -348,8 +338,8 @@
 			</p>
 			
 		</div>
-		<input type='hidden' name='accessCacheID' value='".$accessObj->cacheID."'>
-		<input type='hidden' name='pollCacheID' value='".$pollOptionCacheID."'>
+		<input type='hidden' name='accessCacheID' value='" . $accessObj->cacheID . "'>
+		<input type='hidden' name='pollCacheID' value='" . $pollOptionCacheID . "'>
 		</form>
 		<div id='addModifyOptionDiv' style='display: none'></div>
 		<script type='text/javascript'>
@@ -372,7 +362,7 @@
 			
 				$('#btnAddOption').click(function() {
 				
-					$.post('".$MAIN_ROOT."members/include/polls/include/addoption.php', { cacheID: '".$pollOptionCacheID."' }, function(data) {
+					$.post('" . $MAIN_ROOT . "members/include/polls/include/addoption.php', { cacheID: '" . $pollOptionCacheID . "' }, function(data) {
 						$('#addModifyOptionDiv').html(data);
 	
 						$('#addModifyOptionDiv').dialog({
@@ -385,7 +375,7 @@
 							buttons: {
 								'Add': function() {
 									
-									$.post('".$MAIN_ROOT."members/include/polls/include/addoption.php', { cacheID: '".$pollOptionCacheID."', submit: 'add', optionValue: $('#optionValue').val(), optionColor: $('#optionColor').val(), optionOrder: $('#optionOrder').val(), optionOrderBeforeAfter: $('#optionOrderBeforeAfter').val() }, function(data) {
+									$.post('" . $MAIN_ROOT . "members/include/polls/include/addoption.php', { cacheID: '" . $pollOptionCacheID . "', submit: 'add', optionValue: $('#optionValue').val(), optionColor: $('#optionColor').val(), optionOrder: $('#optionOrder').val(), optionOrderBeforeAfter: $('#optionOrderBeforeAfter').val() }, function(data) {
 									
 										postData = JSON.parse(data);
 
@@ -428,9 +418,9 @@
 					changeMonth: true,
 					changeYear: true,
 					dateFormat: 'M d, yy',
-					minDate: new Date(".date("Y").", ".(date("n")-1).", ".date("d")."),
-					maxDate: new Date(".(date("Y")+20).",12,31),
-					yearRange: '".date("Y").":".(date("Y")+20)."',
+					minDate: new Date(" . date("Y") . ", " . (date("n") - 1) . ", " . date("d") . "),
+					maxDate: new Date(" . (date("Y") + 20) . ",12,31),
+					yearRange: '" . date("Y") . ":" . (date("Y") + 20) . "',
 					altField: '#realEndDate',
 					altFormat: '@'
 				});
@@ -454,7 +444,7 @@ function reloadOptionCache() {
 				
 					$('#loadingSpiral').show();
 					$('#pollOptions').hide();
-					$.post('".$MAIN_ROOT."members/include/polls/include/optioncache.php', { cacheID: '".$pollOptionCacheID."' }, function(data) {
+					$.post('" . $MAIN_ROOT . "members/include/polls/include/optioncache.php', { cacheID: '" . $pollOptionCacheID . "' }, function(data) {
 						$('#loadingSpiral').hide();
 						$('#pollOptions').html(data);
 						
@@ -470,5 +460,3 @@ function reloadOptionCache() {
 			
 		</script>		
 	";
-	
-}
\ No newline at end of file
diff --git a/src/members/include/polls/include/addoption.php b/src/members/include/polls/include/addoption.php
index efcb38ed..62b7dde4 100644
--- a/src/members/include/polls/include/addoption.php
+++ b/src/members/include/polls/include/addoption.php
@@ -1,105 +1,104 @@
 <?php
 
 /*
- * BlueThrust Clan Scripts
- * Copyright 2014
- *
- * Author: Bluethrust Web Development
- * E-mail: support@bluethrust.com
- * Website: http://www.bluethrust.com
- *
- * License: http://www.bluethrust.com/license.php
- *
- */
-
-
-require_once("../../../../_setup.php");
-require_once("../../../../classes/member.php");
-require_once("../../../../classes/poll.php");
+* BlueThrust Clan Scripts
+* Copyright 2014
+*
+* Author: Bluethrust Web Development
+* E-mail: support@bluethrust.com
+* Website: http://www.bluethrust.com
+*
+* License: http://www.bluethrust.com/license.php
+*
+*/
+
+
+	require_once("../../../../_setup.php");
+	require_once("../../../../classes/member.php");
+	require_once("../../../../classes/poll.php");
 
 // Start Page
 
-$consoleObj = new ConsoleOption($mysqli);
-$member = new Member($mysqli);
-$member->select($_SESSION['btUsername']);
+	$consoleObj = new ConsoleOption($mysqli);
+	$member = new Member($mysqli);
+	$member->select($_SESSION['btUsername']);
 
 
+	$createPollCID = $consoleObj->findConsoleIDByName("Create a Poll");
+	$consoleObj->select($createPollCID);
+	$blnConsoleCheck1 = $member->hasAccess($consoleObj);
 
-$createPollCID = $consoleObj->findConsoleIDByName("Create a Poll");
-$consoleObj->select($createPollCID);
-$blnConsoleCheck1 = $member->hasAccess($consoleObj);
+	$managePollsCID = $consoleObj->findConsoleIDByName("Manage Polls");
+	$consoleObj->select($managePollsCID);
+	$blnConsoleCheck2 = $member->hasAccess($consoleObj);
 
-$managePollsCID = $consoleObj->findConsoleIDByName("Manage Polls");
-$consoleObj->select($managePollsCID);
-$blnConsoleCheck2 = $member->hasAccess($consoleObj);
 
+	$blnConsoleCheck = $blnConsoleCheck1 || $blnConsoleCheck2;
 
-$blnConsoleCheck = $blnConsoleCheck1 || $blnConsoleCheck2;
 
-
-$pollObj = new Poll($mysqli);
+	$pollObj = new Poll($mysqli);
 
 // Check Login
-$LOGIN_FAIL = true;
-if($member->authorizeLogin($_SESSION['btPassword']) && $blnConsoleCheck) {
-	
-	$pollObj->cacheID = $_POST['cacheID'];
-	
-	if ( ! empty($_POST['submit']) ) {
-		
-		$arrNewOption = array();
-		$arrErrors = array();
-		$arrReturn = array();
-		
-		
-		// Check Value
-		if(trim($_POST['optionValue']) == "") {
-			$arrErrors[] = "Option value may not be blank.";
-		}
-		
-		
-		// Check Color
-		if(trim($_POST['optionColor']) == "") {
-			$_POST['optionColor'] = "#FFFFFF";	
-		}
-		
-		// Check Display Order
-		
-		if(count($_SESSION['btPollOptionCache'][$pollObj->cacheID]) > 0 && (!is_numeric($_POST['optionOrder']) || !isset($_POST['optionOrder']) || ($_POST['optionOrderBeforeAfter'] != "before" && $_POST['optionOrderBeforeAfter'] != "after"))) {
-			$arrErrors[] = "You selected an invalid display order.";
-		}	
-		
-		if(count($arrErrors) == 0) {
+	$LOGIN_FAIL = true;
+	if ($member->authorizeLogin($_SESSION['btPassword']) && $blnConsoleCheck) {
 
-			$newSortNum = $pollObj->makeCacheRoom($_POST['optionOrderBeforeAfter'], $_POST['optionOrder']);
-			
-			$arrReturn['result'] = "success";
-			$arrReturn['info'] = $newSortNum;
-			
-			$arrNewOption['value'] = $_POST['optionValue'];
-			$arrNewOption['color'] = $_POST['optionColor'];
-			
-			
-			$_SESSION['btPollOptionCache'][$pollObj->cacheID][$newSortNum] = $arrNewOption;
+		$pollObj->cacheID = $_POST['cacheID'];
 
-			$pollObj->resortCacheOrder();
-			
-		}
-		
-		if(count($arrErrors) > 0) {
-			
-			$arrReturn['result'] = "fail";
-			$arrReturn['errors'] = $arrErrors;
-			
+		if (!empty($_POST['submit'])) {
+
+			$arrNewOption = array();
+			$arrErrors = array();
+			$arrReturn = array();
+
+
+			// Check Value
+			if (trim($_POST['optionValue']) == "") {
+				$arrErrors[] = "Option value may not be blank.";
+			}
+
+
+			// Check Color
+			if (trim($_POST['optionColor']) == "") {
+				$_POST['optionColor'] = "#FFFFFF";
+			}
+
+			// Check Display Order
+
+			if (count($_SESSION['btPollOptionCache'][$pollObj->cacheID]) > 0 && (!is_numeric($_POST['optionOrder']) || !isset($_POST['optionOrder']) || ($_POST['optionOrderBeforeAfter'] != "before" && $_POST['optionOrderBeforeAfter'] != "after"))) {
+				$arrErrors[] = "You selected an invalid display order.";
+			}
+
+			if (count($arrErrors) == 0) {
+
+				$newSortNum = $pollObj->makeCacheRoom($_POST['optionOrderBeforeAfter'], $_POST['optionOrder']);
+
+				$arrReturn['result'] = "success";
+				$arrReturn['info'] = $newSortNum;
+
+				$arrNewOption['value'] = $_POST['optionValue'];
+				$arrNewOption['color'] = $_POST['optionColor'];
+
+
+				$_SESSION['btPollOptionCache'][$pollObj->cacheID][$newSortNum] = $arrNewOption;
+
+				$pollObj->resortCacheOrder();
+
+			}
+
+			if (count($arrErrors) > 0) {
+
+				$arrReturn['result'] = "fail";
+				$arrReturn['errors'] = $arrErrors;
+
+			}
+
+			header('Content-Type: application/json');
+			echo json_encode($arrReturn);
 		}
-		
-		
-		echo json_encode($arrReturn);
-	}
-	
-	
-	if ( empty($_POST['submit']) ) {
-		echo "	
+
+
+		if (empty($_POST['submit'])) {
+			echo "	
 		
 			<script type='text/javascript'>
 				$(document).ready(function() {
@@ -122,32 +121,32 @@
 				</tr>
 				
 			";
-		
-		if(count($_SESSION['btPollOptionCache'][$pollObj->cacheID]) > 0) {
-			
-			foreach($_SESSION['btPollOptionCache'][$pollObj->cacheID] as $key=>$optionInfo) {
-	
-				$displayOrder .= "<option value='".$key."'>".$optionInfo['value']."</option>";
-				
+
+			if (count($_SESSION['btPollOptionCache'][$pollObj->cacheID]) > 0) {
+
+				$displayOrder = "";  // Initialize $displayOrder as an empty string
+
+				foreach ($_SESSION['btPollOptionCache'][$pollObj->cacheID] as $key => $optionInfo) {
+					$displayOrder .= "<option value='" . $key . "'>" . $optionInfo['value'] . "</option>";
+				}
+
+				echo "
+        <tr>
+            <td class='main'><b>Display Order:</b></td>
+            <td class='main'>
+                <select id='optionOrderBeforeAfter' class='textBox'>
+                    <option value='before'>Before</option><option value='after'>After</option>
+                </select>
+                <br>
+                <select id='optionOrder' class='textBox'>
+                " . $displayOrder . "
+                </select>
+    ";
 			}
-			
+
 			echo "
-				<tr>
-					<td class='main'><b>Display Order:</b></td>
-					<td class='main'>
-						<select id='optionOrderBeforeAfter' class='textBox'>
-							<option value='before'>Before</option><option value='after'>After</option>
-						</select>
-						<br>
-						<select id='optionOrder' class='textBox'>
-						".$displayOrder."
-						</select>
-			";
+    </table>
+";
+
 		}
-		
-		echo "
-			</table>
-		";
-		
-	}
-}
\ No newline at end of file
+	}
\ No newline at end of file

From 794601abf8fb74e34a58b394fb6e9a22c2c6de51 Mon Sep 17 00:00:00 2001
From: deepend <deepend@tilde.club>
Date: Tue, 23 Jan 2024 01:01:01 -0700
Subject: [PATCH 3/6] fix privatemessages

---
 src/classes/pmfolder.php                      | 147 +++++-----
 src/classes/privatemessage.php                | 218 +++++++-------
 .../include/privatemessages/addfolder.php     | 197 +++++++------
 src/members/privatemessages/compose.php       | 269 +++++++++---------
 4 files changed, 414 insertions(+), 417 deletions(-)

diff --git a/src/classes/pmfolder.php b/src/classes/pmfolder.php
index 193caba8..778bd9a3 100644
--- a/src/classes/pmfolder.php
+++ b/src/classes/pmfolder.php
@@ -1,122 +1,129 @@
 <?php
 
 	require_once("basicsort.php");
-	
-	
-	class PMFolder extends BasicSort {
-	
+
+
+	class PMFolder extends BasicSort
+	{
+
 		const INBOX_ID = 0;
 		const SENTBOX_ID = -1;
 		const TRASH_ID = -2;
-		
+
 		public $intMemberID;
-				
-		public function __construct($sqlConnection) {
-	
+
+		public function __aaaaaaaaaaaaaaaaaaaaaaaaaaaaaconstruct($sqlConnection)
+		{
+
 			$this->MySQL = $sqlConnection;
 			$this->strTableKey = "pmfolder_id";
-			$this->strTableName = $this->MySQL->get_tablePrefix()."privatemessage_folders";
+			$this->strTableName = $this->MySQL->get_tablePrefix() . "privatemessage_folders";
 			$this->intMemberID = 0;
-			
+
 			//$this->strAssociateKeyName = "pm_id";
 			//$this->strAssociateTableName = $this->MySQL->get_tablePrefix()."privatemessages";
-			
+
 			$this->strCategoryKey = "member_id";
-			
+
 		}
-		
-		public function select($intIDNum, $numericIDOnly = true) {
+
+		public function select($intIDNum, $numericIDOnly = true)
+		{
+			$returnVal = false; // Initialize $returnVal
 			$arrSpecialFolders = array("Inbox" => self::INBOX_ID, "Sent Messages" => self::SENTBOX_ID, "Trash" => self::TRASH_ID);
-			if(in_array($intIDNum, $arrSpecialFolders)) {
+
+			if (in_array($intIDNum, $arrSpecialFolders)) {
 				$this->arrObjInfo['name'] = array_search($intIDNum, $arrSpecialFolders);
 				$this->intTableKeyValue = $intIDNum;
-
-			}
-			else {
-				$returnVal = parent::select($intIDNum, numericIDOnly);	
+			} else {
+				$returnVal = parent::select($intIDNum, $numericIDOnly); // Corrected typo here
 			}
-			
+
 			return $returnVal;
 		}
-	
-		function isMemberFolder() {
+
+
+		function isMemberFolder()
+		{
 
 			$returnVal = false;
-			if(($this->intTableKeyValue != "" && $this->arrObjInfo['member_id'] == $this->intMemberID) || ($this->intTableKeyValue == 0 || $this->intTableKeyValue == -1 || $this->intTableKeyValue == -2)) {
-				$returnVal = true;	
+			if (($this->intTableKeyValue != "" && $this->arrObjInfo['member_id'] == $this->intMemberID) || ($this->intTableKeyValue == 0 || $this->intTableKeyValue == -1 || $this->intTableKeyValue == -2)) {
+				$returnVal = true;
 			}
-			
+
 			return $returnVal;
 		}
-				
-		
-		function listFolders($memberID=0) {
 
-			if($memberID != 0) {
+
+		function listFolders($memberID = 0)
+		{
+
+			if ($memberID != 0) {
 				$this->intMemberID = $memberID;
 			}
-			
+
 			$returnArr = array();
-			if(isset($this->intMemberID) && is_numeric($this->intMemberID)) {
+			if (isset($this->intMemberID) && is_numeric($this->intMemberID)) {
 
-				$result = $this->MySQL->query("SELECT * FROM ".$this->MySQL->get_tablePrefix()."privatemessage_folders WHERE member_id = '".$this->intMemberID."' ORDER BY sortnum");
-				while($row = $result->fetch_assoc()) {
-					$returnArr[$row['pmfolder_id']] = $row['name'];					
+				$result = $this->MySQL->query("SELECT * FROM " . $this->MySQL->get_tablePrefix() . "privatemessage_folders WHERE member_id = '" . $this->intMemberID . "' ORDER BY sortnum");
+				while ($row = $result->fetch_assoc()) {
+					$returnArr[$row['pmfolder_id']] = $row['name'];
 				}
-				
+
 			}
-						
+
 			return $returnArr;
-			
+
 		}
-		
-		function getFolderContents() {
-			
+
+		function getFolderContents()
+		{
+
 			$arrPM = array();
-			$arrMultiPM = array();			
-			
-			if($this->intTableKeyValue !== "" && $this->intMemberID != 0) {
-				$pmTable = $this->MySQL->get_tablePrefix()."privatemessages";
-				$pmMultiTable = $this->MySQL->get_tablePrefix()."privatemessage_members";
-				
-				if($this->intTableKeyValue == -1) {
-					$filterSQL = "senderfolder_id = '".$this->intTableKeyValue."' AND sender_id = '".$this->intMemberID."' AND deletesender = '0'";	
-				}
-				else {
-					$filterSQL = "receiver_id = '".$this->intMemberID."' AND receiverfolder_id = '".$this->intTableKeyValue."' AND deletereceiver = '0'";
+			$arrMultiPM = array();
+
+			if ($this->intTableKeyValue !== "" && $this->intMemberID != 0) {
+				$pmTable = $this->MySQL->get_tablePrefix() . "privatemessages";
+				$pmMultiTable = $this->MySQL->get_tablePrefix() . "privatemessage_members";
+
+				if ($this->intTableKeyValue == -1) {
+					$filterSQL = "senderfolder_id = '" . $this->intTableKeyValue . "' AND sender_id = '" . $this->intMemberID . "' AND deletesender = '0'";
+				} else {
+					$filterSQL = "receiver_id = '" . $this->intMemberID . "' AND receiverfolder_id = '" . $this->intTableKeyValue . "' AND deletereceiver = '0'";
 				}
-				
-				
+
+
 				//echo "SELECT pm_id, datesent FROM ".$pmTable." WHERE (senderfolder_id = '".$this->intTableKeyValue."' AND sender_id = '".$this->intMemberID."' AND deletesender = '0') OR (receiver_id = '".$this->intMemberID."' AND receiverfolder_id = '".$this->intTableKeyValue."' AND deletereceiver = '0')";
-				$result = $this->MySQL->query("SELECT pm_id, datesent FROM ".$pmTable." WHERE ".$filterSQL);
-				while($row = $result->fetch_assoc()) {
+				$result = $this->MySQL->query("SELECT pm_id, datesent FROM " . $pmTable . " WHERE " . $filterSQL);
+				while ($row = $result->fetch_assoc()) {
 					$arrPM[$row['pm_id']] = $row['datesent'];
 				}
-				
-				$result = $this->MySQL->query("SELECT ".$pmMultiTable.".pmmember_id, ".$pmMultiTable.".pm_id, ".$pmTable.".datesent FROM ".$pmTable.", ".$pmMultiTable." WHERE ".$pmMultiTable.".pm_id = ".$pmTable.".pm_id AND ".$pmMultiTable.".pmfolder_id = '".$this->intTableKeyValue."' AND ".$pmMultiTable.".deletestatus = '0' AND ".$pmMultiTable.".member_id = '".$this->intMemberID."'");
-				while($row = $result->fetch_assoc()) {
+
+				$result = $this->MySQL->query("SELECT " . $pmMultiTable . ".pmmember_id, " . $pmMultiTable . ".pm_id, " . $pmTable . ".datesent FROM " . $pmTable . ", " . $pmMultiTable . " WHERE " . $pmMultiTable . ".pm_id = " . $pmTable . ".pm_id AND " . $pmMultiTable . ".pmfolder_id = '" . $this->intTableKeyValue . "' AND " . $pmMultiTable . ".deletestatus = '0' AND " . $pmMultiTable . ".member_id = '" . $this->intMemberID . "'");
+				while ($row = $result->fetch_assoc()) {
 
 					$arrPM[$row['pm_id']] = $row['datesent'];
 					$arrMultiPM[$row['pm_id']] = $row['pmmember_id'];
-					
+
 				}
-				
+
 				arsort($arrPM);
-				
+
 			}
-			
+
 			$returnArr = array($arrPM, $arrMultiPM);
-			
+
 			return $returnArr;
 		}
-		
-		
-		/** Used to select special folders (Inbox, Sent, Trash) */
-		function setFolder($folderID) {
-			if(is_numeric($folderID)) {
+
+
+/** Used to select special folders (Inbox, Sent, Trash) */
+		function setFolder($folderID)
+		{
+			if (is_numeric($folderID)) {
 				$this->intTableKeyValue = $folderID;
 			}
 		}
-		
-	
+
+
 	}
\ No newline at end of file
diff --git a/src/classes/privatemessage.php b/src/classes/privatemessage.php
index 7118c68e..b10c2472 100644
--- a/src/classes/privatemessage.php
+++ b/src/classes/privatemessage.php
@@ -1,124 +1,122 @@
 <?php
 
-require_once("basicorder.php");
-require_once("member.php");
-require_once("rankcategory.php");
-require_once("squad.php");
-require_once("tournament.php");
-
-class PrivateMessage extends BasicOrder {
-	
-	public $multiMemPMObj;
-	public $memberObj;
-	public $rankCatObj;
-	public $squadObj;
-	public $tournamentObj;
-	
-	public function __construct($sqlConnection) {
-
-		$this->MySQL = $sqlConnection;
-		$this->strTableKey = "pm_id";
-		$this->strTableName = $this->MySQL->get_tablePrefix()."privatemessages";
-		
-		$this->strAssociateTableName = $this->MySQL->get_tablePrefix()."privatemessage_members";
-		$this->strAssociateKeyName = "pmmember_id";
-		
-		
-		$this->multiMemPMObj = new Basic($sqlConnection, "privatemessage_members", "pmmember_id");
-		
-		$this->memberObj = new Member($sqlConnection);
-		$this->rankCatObj = new RankCategory($sqlConnection);
-		$this->squadObj = new Squad($sqlConnection);
-		$this->tournamentObj = new Tournament($sqlConnection);
-	}
-	
-	
-	public function getRecipients($blnNameOnly=false) {
-		global $MAIN_ROOT;
-		$arrGroups = array();
-		
-		if($this->intTableKeyValue != "" && $this->arrObjInfo['receiver_id'] == 0) {
-			$arrGroups['list'] = array();
+	require_once("basicorder.php");
+	require_once("member.php");
+	require_once("rankcategory.php");
+	require_once("squad.php");
+	require_once("tournament.php");
+
+	class PrivateMessage extends BasicOrder
+	{
+
+		public $multiMemPMObj;
+		public $memberObj;
+		public $rankCatObj;
+		public $squadObj;
+		public $tournamentObj;
+
+		public function __construct($sqlConnection)
+		{
+
+			$this->MySQL = $sqlConnection;
+			$this->strTableKey = "pm_id";
+			$this->strTableName = $this->MySQL->get_tablePrefix() . "privatemessages";
+
+			$this->strAssociateTableName = $this->MySQL->get_tablePrefix() . "privatemessage_members";
+			$this->strAssociateKeyName = "pmmember_id";
+
+
+			$this->multiMemPMObj = new Basic($sqlConnection, "privatemessage_members", "pmmember_id");
+
+			$this->memberObj = new Member($sqlConnection);
+			$this->rankCatObj = new RankCategory($sqlConnection);
+			$this->squadObj = new Squad($sqlConnection);
+			$this->tournamentObj = new Tournament($sqlConnection);
+		}
+
+
+		public function getRecipients($blnNameOnly = false)
+		{
+			global $MAIN_ROOT;
+			$arrGroups = array();
+			$arrGroups['list'] = array();  // Initialize 'list' to ensure it's always set
 			$arrGroups['rank'] = array();
 			$arrGroups['squad'] = array();
 			$arrGroups['tournament'] = array();
 			$arrGroups['rankcategory'] = array();
-			
-			$result = $this->MySQL->query("SELECT * FROM ".$this->MySQL->get_tablePrefix()."privatemessage_members WHERE pm_id = '".$this->intTableKeyValue."'");
-			while($row = $result->fetch_assoc()) {
-				if($row['grouptype'] != "" && !in_array($row['group_id'], $arrGroups[$row['grouptype']])) {
-					$arrGroups[$row['grouptype']][] = $row['group_id'];
-					$dispName = "";
-					
-					switch($row['grouptype']) {
-						case "rankcategory":
-							$dispName = ($this->rankCatObj->select($row['group_id'])) ? $this->rankCatObj->get_info_filtered("name")." - Category" : "";
-							break;
-						case "rank":
-							$dispName = ($this->memberObj->objRank->select($row['group_id'])) ? $this->memberObj->objRank->get_info_filtered("name")." - Rank" : "";
-							break;
-						case "squad":
-							$dispName = ($this->squadObj->select($row['group_id'])) ? "<a href='".$MAIN_ROOT."squads/profile.php?sID=".$row['group_id']."'>".$this->squadObj->get_info_filtered("name")." Members</a>" : "";
-							break;
-						case "tournament":
-							$dispName = ($this->tournamentObj->select($row['group_id'])) ? "<a href='".$MAIN_ROOT."tournaments/view.php?tID=".$row['group_id']."'>".$this->tournamentObj->get_info_filtered("name")." Players</a>" : "";
-							break;
-					}
 
-					if($dispName != "" && !$blnNameOnly) {
-						$arrGroups['list'][$row['pmmember_id']] = $row['member_id'];
-					}
-					elseif($dispName != "") {
-						$arrGroups['list'][] = $dispName;
+			if ($this->intTableKeyValue != "" && $this->arrObjInfo['receiver_id'] == 0) {
+				$result = $this->MySQL->query("SELECT * FROM " . $this->MySQL->get_tablePrefix() . "privatemessage_members WHERE pm_id = '" . $this->intTableKeyValue . "'");
+				while ($row = $result->fetch_assoc()) {
+					if ($row['grouptype'] != "" && !in_array($row['group_id'], $arrGroups[$row['grouptype']])) {
+						$arrGroups[$row['grouptype']][] = $row['group_id'];
+						$dispName = "";
+
+						switch ($row['grouptype']) {
+							case "rankcategory":
+								$dispName = ($this->rankCatObj->select($row['group_id'])) ? $this->rankCatObj->get_info_filtered("name") . " - Category" : "";
+								break;
+							case "rank":
+								$dispName = ($this->memberObj->objRank->select($row['group_id'])) ? $this->memberObj->objRank->get_info_filtered("name") . " - Rank" : "";
+								break;
+							case "squad":
+								$dispName = ($this->squadObj->select($row['group_id'])) ? "<a href='" . $MAIN_ROOT . "squads/profile.php?sID=" . $row['group_id'] . "'>" . $this->squadObj->get_info_filtered("name") . " Members</a>" : "";
+								break;
+							case "tournament":
+								$dispName = ($this->tournamentObj->select($row['group_id'])) ? "<a href='" . $MAIN_ROOT . "tournaments/view.php?tID=" . $row['group_id'] . "'>" . $this->tournamentObj->get_info_filtered("name") . " Players</a>" : "";
+								break;
+						}
+
+						if ($dispName != "" && !$blnNameOnly) {
+							$arrGroups['list'][$row['pmmember_id']] = $row['member_id'];
+						} elseif ($dispName != "") {
+							$arrGroups['list'][] = $dispName;
+						}
+
+					} elseif ($row['grouptype'] == "") {
+						$this->memberObj->select($row['member_id']);
+						if ($blnNameOnly) {
+							$arrGroups['list'][] = $this->memberObj->getMemberLink();
+						} else {
+							$arrGroups['list'][] = $row['member_id'];
+						}
 					}
-					
 				}
-				elseif($row['grouptype'] == "") {
-					$this->memberObj->select($row['member_id']);
-					if($blnNameOnly) {
-						$arrGroups['list'][] = $this->memberObj->getMemberLink();
-					}
-					else {
-						$arrGroups['list'][] = $row['member_id'];
-					}
+
+				// Check if 'list' is set and not empty before trying to implode
+				if ($blnNameOnly && !empty($arrGroups['list'])) {
+					$arrGroups['list'] = implode(", ", $arrGroups['list']);
 				}
+
+				return $arrGroups['list'];
 			}
-			
-			if($blnNameOnly) {
-				$arrGroups['list'] = implode(", ", $arrGroups['list']);	
-			}
-		
+
 		}
-		
-		return $arrGroups['list'];
-		
-	}
-	
-	/** Gets folder based on Member ID */
-	function getFolder($memberID, $multiPM=false) {
-		
-		$returnVal = "";
-		
-		if($this->intTableKeyValue != "") {
-			
-			$arrRecipients = $this->getRecipients();
-			
-			if($this->arrObjInfo['sender_id'] == $memberID && !$multiPM) {
-				$returnVal = $this->arrObjInfo['senderfolder_id'];
-			}
-			elseif($this->arrObjInfo['receiver_id'] == $memberID && !$multiPM) {
-				$returnVal = $this->arrObjInfo['receiverfolder_id'];
-			}
-			elseif($this->arrObjInfo['receiver_id'] == 0 && in_array($memberID, $arrRecipients)) {
-				$tempKey = array_search($memberID, $arrRecipients);
-				$this->multiMemPMObj->select($tempKey);
-				
-				$returnVal = $this->multiMemPMObj->get_info("pmfolder_id");
+
+/** Gets folder based on Member ID */
+		function getFolder($memberID, $multiPM = false)
+		{
+
+			$returnVal = "";
+
+			if ($this->intTableKeyValue != "") {
+
+				$arrRecipients = $this->getRecipients();
+
+				if ($this->arrObjInfo['sender_id'] == $memberID && !$multiPM) {
+					$returnVal = $this->arrObjInfo['senderfolder_id'];
+				} elseif ($this->arrObjInfo['receiver_id'] == $memberID && !$multiPM) {
+					$returnVal = $this->arrObjInfo['receiverfolder_id'];
+				} elseif ($this->arrObjInfo['receiver_id'] == 0 && in_array($memberID, $arrRecipients)) {
+					$tempKey = array_search($memberID, $arrRecipients);
+					$this->multiMemPMObj->select($tempKey);
+
+					$returnVal = $this->multiMemPMObj->get_info("pmfolder_id");
+				}
+
 			}
-							
+
+			return $returnVal;
 		}
-		
-		return $returnVal;
-	}
-	
-}
\ No newline at end of file
+
+	}
\ No newline at end of file
diff --git a/src/members/include/privatemessages/addfolder.php b/src/members/include/privatemessages/addfolder.php
index 7012be06..373f603e 100644
--- a/src/members/include/privatemessages/addfolder.php
+++ b/src/members/include/privatemessages/addfolder.php
@@ -12,130 +12,127 @@
  *
  */
 
-if(!isset($member) || substr($_SERVER['PHP_SELF'], -11) != "console.php") {
-	exit();
-}
-else {
-	$memberInfo = $member->get_info();
-	$consoleObj->select($_GET['cID']);
-	if(!$member->hasAccess($consoleObj)) {
+	if (!isset($member) || substr($_SERVER['PHP_SELF'], -11) != "console.php") {
 		exit();
+	} else {
+		$memberInfo = $member->get_info();
+		$consoleObj->select($_GET['cID']);
+		if (!$member->hasAccess($consoleObj)) {
+			exit();
+		}
 	}
-}
 
-require_once("../classes/pmfolder.php");
+	require_once("../classes/pmfolder.php");
 
-$pmFolderObj = new PMFolder($mysqli);
-$cID = $_GET['cID'];
+	$pmFolderObj = new PMFolder($mysqli);
+	$cID = $_GET['cID'];
 
-$dispError = "";
-$countErrors = 0;
+	$dispError = "";
+	$countErrors = 0;
 
-if ( ! empty($_POST['submit']) ) {
-	
-	// Check Folder Name
-	if(trim($_POST['foldername']) == "") {
-		$dispError = "&nbsp;&nbsp;&nbsp;<b>&middot;</b> Your folder name may not be blank.";	
-		$countErrors++;
-	}
-	
-	// Check Folder Order
-	$pmFolderObj->setCategoryKeyValue($memberInfo['member_id']);
-	$intNewOrderSpot = $pmFolderObj->validateOrder($_POST['folderorder'], $_POST['beforeafter']);
-	
-	if($intNewOrderSpot === false) {
-		$countErrors++;
-		$dispError .= "&nbsp;&nbsp;&nbsp;<b>&middot;</b> You selected an invalid folder order.<br>";
-	}
-	
-	if($countErrors == 0) {
-		$arrColumns = array("member_id", "name", "sortnum");
-		$arrValues = array($memberInfo['member_id'], $_POST['foldername'], $intNewOrderSpot);
-		
-		if($pmFolderObj->addNew($arrColumns, $arrValues)) {
-			
-			$folderInfo = $pmFolderObj->get_info_filtered();
-			
-			echo "
+	if (!empty($_POST['submit'])) {
+
+		// Check Folder Name
+		if (trim($_POST['foldername']) == "") {
+			$dispError = "&nbsp;&nbsp;&nbsp;<b>&middot;</b> Your folder name may not be blank.";
+			$countErrors++;
+		}
+
+		// Check Folder Order
+		$pmFolderObj->setCategoryKeyValue($memberInfo['member_id']);
+		$intNewOrderSpot = $pmFolderObj->validateOrder($_POST['folderorder'], $_POST['beforeafter']);
+
+		if ($intNewOrderSpot === false) {
+			$countErrors++;
+			$dispError .= "&nbsp;&nbsp;&nbsp;<b>&middot;</b> You selected an invalid folder order.<br>";
+		}
+
+		if ($countErrors == 0) {
+			$arrColumns = array("member_id", "name", "sortnum");
+			$arrValues = array($memberInfo['member_id'], $_POST['foldername'], $intNewOrderSpot);
+
+			if ($pmFolderObj->addNew($arrColumns, $arrValues)) {
+
+				$folderInfo = $pmFolderObj->get_info_filtered();
+
+				echo "
 			<div style='display: none' id='successBox'>
 				<p align='center'>
-					Successfully Added New PM Folder: <b>".$folderInfo['name']."</b>!
+					Successfully Added New PM Folder: <b>" . $folderInfo['name'] . "</b>!
 				</p>
 			</div>
 			
 			<script type='text/javascript'>
-				popupDialog('Add PM Folder', '".$MAIN_ROOT."members', 'successBox');
+				popupDialog('Add PM Folder', '" . $MAIN_ROOT . "members', 'successBox');
 			</script>
 			";
-			
-			$pmFolderObj->resortOrder();
+
+				$pmFolderObj->resortOrder();
+			} else {
+				$countErrors++;
+				$dispError .= "&nbsp;&nbsp;&nbsp;<b>&middot;</b> Unable to save folder to the database.  Please contact the website administrator.<br>";
+			}
+
 		}
-		else {
-			$countErrors++;
-			$dispError .= "&nbsp;&nbsp;&nbsp;<b>&middot;</b> Unable to save folder to the database.  Please contact the website administrator.<br>";	
+
+
+		if ($countErrors > 0) {
+			$_POST = filterArray($_POST);
+			$_POST['submit'] = false;
 		}
-		
-	}
-	
-	
-	
-	if($countErrors > 0) {		
-		$_POST = filterArray($_POST);
-		$_POST['submit'] = false;
-	}
-	
-	
-}
 
-if ( empty($_POST['submit']) ) {
 
-	$arrFolders = $pmFolderObj->listFolders($memberInfo['member_id']);
-	$folderOptions = "";
-	foreach($arrFolders as $folderID => $folderName) {
-		$folderOptions .= "<option value='".$folderID."'>".filterText($folderName)."</option>";		
-	}
-	
-	if($folderOptions == "") {
-		$folderOptions = "<option value='first'>(first folder)</option>";	
 	}
-	
-	
-	echo "
-		<form action='".$MAIN_ROOT."members/console.php?cID=".$cID."' method='post'>
-			<div class='formDiv'>
-		";	
 
-	if($dispError != "") {
+	if (empty($_POST['submit'])) {
+
+		$arrFolders = $pmFolderObj->listFolders($memberInfo['member_id']);
+		$folderOptions = "";
+		foreach ($arrFolders as $folderID => $folderName) {
+			$folderOptions .= "<option value='" . $folderID . "'>" . filterText($folderName) . "</option>";
+		}
+
+		if ($folderOptions == "") {
+			$folderOptions = "<option value='first'>(first folder)</option>";
+		}
+
+
 		echo "
+		<form action='" . $MAIN_ROOT . "members/console.php?cID=" . $cID . "' method='post'>
+			<div class='formDiv'>
+		";
+
+		if ($dispError != "") {
+			echo "
 		<div class='errorDiv'>
 		<strong>Unable to add folder because the following errors occurred:</strong><br><br>
 		$dispError
 		</div>
 		";
-	}
+		}
 
-	echo "
-				Use the form below to add new folder for your private messages.
-				<table class='formTable'>
-					<tr>
-						<td class='formLabel'>Folder Name:</td>
-						<td class='main'><input type='text' name='foldername' value='".$_POST['foldername']."' class='textBox'></td>
-					</tr>
-					<tr>
-						<td class='formLabel' valign='top'>Display Order:</td>
-						<td class='main'>
-							<select name='beforeafter' class='textBox'><option value='before'>Before</option><option value='after'>After</option></select><br>
-							<select name='folderorder' class='textBox'>".$folderOptions."</select>
-						</td>
-					</tr>
-					<tr>
-						<td class='main' colspan='2' align='center'><br>
-							<input type='submit' name='submit' class='submitButton' value='Add Folder'>
-						</td>
-					</tr>
-				</table>
-				<br>
-			</div>
-		</form>
-	";
-}
\ No newline at end of file
+		echo "
+    Use the form below to add new folder for your private messages.
+    <table class='formTable'>
+        <tr>
+            <td class='formLabel'>Folder Name:</td>
+            <td class='main'><input type='text' name='foldername' value='" . (isset($_POST['foldername']) ? $_POST['foldername'] : '') . "' class='textBox'></td>
+        </tr>
+        <tr>
+            <td class='formLabel' valign='top'>Display Order:</td>
+            <td class='main'>
+                <select name='beforeafter' class='textBox'><option value='before'>Before</option><option value='after'>After</option></select><br>
+                <select name='folderorder' class='textBox'>" . $folderOptions . "</select>
+            </td>
+        </tr>
+        <tr>
+            <td class='main' colspan='2' align='center'><br>
+                <input type='submit' name='submit' class='submitButton' value='Add Folder'>
+            </td>
+        </tr>
+    </table>
+    <br>
+</div>
+</form>
+";
+	}
\ No newline at end of file
diff --git a/src/members/privatemessages/compose.php b/src/members/privatemessages/compose.php
index e8c229f6..6a567a42 100644
--- a/src/members/privatemessages/compose.php
+++ b/src/members/privatemessages/compose.php
@@ -12,36 +12,35 @@
  *
  */
 
-require_once("../../_setup.php");
+	require_once("../../_setup.php");
 
 
 // Delete expired compose list sessions
-foreach($_SESSION['btComposeList'] as $key => $arr) {
-	if(time() > $arr['exptime']) {
-		unset($_SESSION['btComposeList'][$key]);
+	foreach ($_SESSION['btComposeList'] as $key => $arr) {
+		if (time() > $arr['exptime']) {
+			unset($_SESSION['btComposeList'][$key]);
+		}
 	}
-}
 
 
 // Start Page
-$consoleObj = new ConsoleOption($mysqli);
-
-$cID = $consoleObj->findConsoleIDByName("Private Messages");
-$consoleObj->select($cID);
-$consoleInfo = $consoleObj->get_info_filtered();
-$consoleTitle = $consoleInfo['pagetitle'];
+	$consoleObj = new ConsoleOption($mysqli);
 
+	$cID = $consoleObj->findConsoleIDByName("Private Messages");
+	$consoleObj->select($cID);
+	$consoleInfo = $consoleObj->get_info_filtered();
+	$consoleTitle = $consoleInfo['pagetitle'];
 
 
-$member = new Member($mysqli);
-$member->select($_SESSION['btUsername']);
+	$member = new Member($mysqli);
+	$member->select($_SESSION['btUsername']);
 
 
-$PAGE_NAME = "Compose Message - ".$consoleTitle." - ";
-$dispBreadCrumb = "<a href='".MAIN_ROOT."'>Home</a> > <a href='".MAIN_ROOT."members'>My Account</a> > <a href='".MAIN_ROOT."members/console.php?cID=".$cID."'>".$consoleTitle."</a> > Compose Message";
-$EXTERNAL_JAVASCRIPT .= "
-<script type='text/javascript' src='".MAIN_ROOT."members/js/console.js'></script>
-<script type='text/javascript' src='".MAIN_ROOT."members/js/main.js'></script>
+	$PAGE_NAME = "Compose Message - " . $consoleTitle . " - ";
+	$dispBreadCrumb = "<a href='" . MAIN_ROOT . "'>Home</a> > <a href='" . MAIN_ROOT . "members'>My Account</a> > <a href='" . MAIN_ROOT . "members/console.php?cID=" . $cID . "'>" . $consoleTitle . "</a> > Compose Message";
+	$EXTERNAL_JAVASCRIPT .= "
+<script type='text/javascript' src='" . MAIN_ROOT . "members/js/console.js'></script>
+<script type='text/javascript' src='" . MAIN_ROOT . "members/js/main.js'></script>
 
 <style>
 	.ui-autocomplete {
@@ -51,138 +50,134 @@
 </style>
 ";
 
-$prevFolder = "../../";
-require_once(BASE_DIRECTORY."themes/".$THEME."/_header.php");
+	$prevFolder = "../../";
+	require_once(BASE_DIRECTORY . "themes/" . $THEME . "/_header.php");
 
 
-$breadcrumbObj->setTitle("Compose Message");
-$breadcrumbObj->addCrumb("Home", MAIN_ROOT);
-$breadcrumbObj->addCrumb("My Account", MAIN_ROOT."members");
-$breadcrumbObj->addCrumb($consoleTitle, MAIN_ROOT."members/console.php?cID=".$cID);
-$breadcrumbObj->addCrumb("Compose Message");
-require_once(BASE_DIRECTORY."include/breadcrumb.php");
+	$breadcrumbObj->setTitle("Compose Message");
+	$breadcrumbObj->addCrumb("Home", MAIN_ROOT);
+	$breadcrumbObj->addCrumb("My Account", MAIN_ROOT . "members");
+	$breadcrumbObj->addCrumb($consoleTitle, MAIN_ROOT . "members/console.php?cID=" . $cID);
+	$breadcrumbObj->addCrumb("Compose Message");
+	require_once(BASE_DIRECTORY . "include/breadcrumb.php");
 
-$pmObj = new BasicOrder($mysqli, "privatemessages", "pm_id");
-$rankCatObj = new RankCategory($mysqli);
-$squadObj = new Squad($mysqli);
-$tournamentObj = new Tournament($mysqli);
-$multiMemPMObj = new Basic($mysqli, "privatemessage_members", "pmmember_id");
+	$pmObj = new BasicOrder($mysqli, "privatemessages", "pm_id");
+	$rankCatObj = new RankCategory($mysqli);
+	$squadObj = new Squad($mysqli);
+	$tournamentObj = new Tournament($mysqli);
+	$multiMemPMObj = new Basic($mysqli, "privatemessage_members", "pmmember_id");
 
-$pmObj->set_assocTableName("privatemessage_members");
-$pmObj->set_assocTableKey("member_id");
+	$pmObj->set_assocTableName("privatemessage_members");
+	$pmObj->set_assocTableKey("member_id");
 
 // Check Login
-$LOGIN_FAIL = true;
-if($member->authorizeLogin($_SESSION['btPassword']) && $member->hasAccess($consoleObj)) {
-
-	$memberInfo = $member->get_info_filtered();
-	$formObj = new Form();
-	
-	
-	require_once(BASE_DIRECTORY."members/privatemessages/include/compose_submit.php");
-	require_once(BASE_DIRECTORY."members/privatemessages/include/compose_setup.php");
-	
-	$i = 1;
-	$arrComponents = array(
-		"tomember" => array(
-			"type" => "custom",
-			"display_name" => "To",
-			"html" => "<div class='pmComposeTextBox'>
+	$LOGIN_FAIL = true;
+	if ($member->authorizeLogin($_SESSION['btPassword']) && $member->hasAccess($consoleObj)) {
+
+		$memberInfo = $member->get_info_filtered();
+		$formObj = new Form();
+
+
+		require_once(BASE_DIRECTORY . "members/privatemessages/include/compose_submit.php");
+		require_once(BASE_DIRECTORY . "members/privatemessages/include/compose_setup.php");
+
+		$i = 1;
+		$arrComponents = array(
+			"tomember" => array(
+				"type" => "custom",
+				"display_name" => "To",
+				"html" => "<div class='pmComposeTextBox'>
 									<div id='composeList' style='float: left'>
 										<div id='composeTextBox' style='float: left'><input type='text' id='tomember' name='tomember' class='textBox'></div>
 									</div>
 									<div style='clear: both'></div>
 								</div>",
-			"sortorder" => $i++,
-		
-		),
-		"subject" => array(
-			"type" => "text",
-			"display_name" => "Subject",
-			"attributes" => array("class" => "formInput textBox bigTextBox"),
-			"sortorder" => $i++,
-			"value" => $_POST['subject']
-		),
-		"message" => array(
-			"type" => "textarea",
-			"display_name" => "Message",
-			"sortorder" => $i++,
-			"attributes" => array("class" => "formInput textBox", "rows" => "8", "cols" => "50"),
-			"validate" => array("NOT_BLANK")
-		),
-		"submit" => array(
-			"type" => "submit",
-			"value" => "Send Message",
-			"attributes" => array("class" => "submitButton formSubmitButton"),
-			"sortorder" => $i++	
-		),
-		"pmsessionid" => array(
+				"sortorder" => $i++,
+
+			),
+			"subject" => array(
+				"type" => "text",
+				"display_name" => "Subject",
+				"attributes" => array("class" => "formInput textBox bigTextBox"),
+				"sortorder" => $i++,
+				"value" => isset($_POST['subject']) ? $_POST['subject'] : ''
+			),
+
+			"message" => array(
+				"type" => "textarea",
+				"display_name" => "Message",
+				"sortorder" => $i++,
+				"attributes" => array("class" => "formInput textBox", "rows" => "8", "cols" => "50"),
+				"validate" => array("NOT_BLANK")
+			),
+			"submit" => array(
+				"type" => "submit",
+				"value" => "Send Message",
+				"attributes" => array("class" => "submitButton formSubmitButton"),
+				"sortorder" => $i++
+			),
+			"pmsessionid" => array(
+				"type" => "hidden",
+				"value" => $pmSessionID,
+				"hidden" => true,
+				"sortorder" => $i++
+			)
+
+		);
+
+
+		if (isset($_GET['threadID']) && is_numeric($_GET['threadID'])) {
+			$replyPMID = $_GET['threadID'];
+		} else {
+			$replyPMID = 0;
+		}
+
+
+		$arrComponents['replypmid'] = array(
 			"type" => "hidden",
-			"value" => $pmSessionID,
+			"value" => $replyPMID,
 			"hidden" => true,
 			"sortorder" => $i++
-		)
-	
-	);
-	
-	
-	if(isset($_GET['threadID']) && is_numeric($_GET['threadID'])) {
-		$replyPMID = $_GET['threadID'];
-	}
-	else {
-		$replyPMID = 0;
-	}
-	
-	
-	$arrComponents['replypmid'] = array(
-		"type" => "hidden",
-		"value" => $replyPMID,
-		"hidden" => true,
-		"sortorder" => $i++
-	);
-	
-	
-	// Send as Email
-	$emailPMCID = $consoleObj->findConsoleIDByName("Email Private Messages");
-	$consoleObj->select($emailPMCID);
-	if($member->hasAccess($consoleObj)) {
-				
-		$formObj->addComponentSortSpace(2, $arrComponents);
-		$arrComponents = $formObj->components;
-		
-		$arrComponents['emailpm'] = array(
-			"type" => "checkbox",
-			"value" => 1,
-			"sortorder" => 2,
-			"display_name" => "Send as E-mail",
-			"tooltip" => "Checking this box will force an e-mail to be sent to the member(s) as well.",
-			"attributes" => array("class" => "formInput")
 		);
-				
+
+
+		// Send as Email
+		$emailPMCID = $consoleObj->findConsoleIDByName("Email Private Messages");
+		$consoleObj->select($emailPMCID);
+		if ($member->hasAccess($consoleObj)) {
+
+			$formObj->addComponentSortSpace(2, $arrComponents);
+			$arrComponents = $formObj->components;
+
+			$arrComponents['emailpm'] = array(
+				"type" => "checkbox",
+				"value" => 1,
+				"sortorder" => 2,
+				"display_name" => "Send as E-mail",
+				"tooltip" => "Checking this box will force an e-mail to be sent to the member(s) as well.",
+				"attributes" => array("class" => "formInput")
+			);
+
+		}
+		$consoleObj->select($cID);
+
+		$setupFormArgs = array(
+			"name" => "console-" . $cID . "-compose",
+			"components" => $arrComponents,
+			"saveMessage" => "Successfully Sent Private Message!",
+			"attributes" => array("action" => MAIN_ROOT . "members/privatemessages/compose.php", "method" => "post"),
+			"description" => "Use the form below to send a private message.<br><br><b><u>Extra Information:</u></b><br>You may send private messages in batches to squads, tournaments, or ranks by typing in their associated name.  Typing in a squad name, tournament title or rank name will send to that group.<br><br>",
+			"embedJS" => $composePageJS
+		);
+
+
+		require_once(BASE_DIRECTORY . "members/console.form.php");
+
+
+	} else {
+
+		die("<script type='text/javascript'>window.location = '" . MAIN_ROOT . "login.php';</script>");
+
 	}
-	$consoleObj->select($cID);
-	
-	$setupFormArgs = array(
-		"name" => "console-".$cID."-compose",
-		"components" => $arrComponents,
-		"saveMessage" => "Successfully Sent Private Message!",
-		"attributes" => array("action" => MAIN_ROOT."members/privatemessages/compose.php", "method" => "post"),
-		"description" => "Use the form below to send a private message.<br><br><b><u>Extra Information:</u></b><br>You may send private messages in batches to squads, tournaments, or ranks by typing in their associated name.  Typing in a squad name, tournament title or rank name will send to that group.<br><br>",
-		"embedJS" => $composePageJS
-	);
-	
-	
-	
-	require_once(BASE_DIRECTORY."members/console.form.php");
-	
-	
-}
-else {
-
-	die("<script type='text/javascript'>window.location = '".MAIN_ROOT."login.php';</script>");
-
-}
-
-
-
-require_once(BASE_DIRECTORY."themes/".$THEME."/_footer.php");
\ No newline at end of file
+
+

From 85f879f49d9f30bedc0df399623b6664af02c171 Mon Sep 17 00:00:00 2001
From: deepend <deepend@tilde.club>
Date: Tue, 23 Jan 2024 01:23:37 -0700
Subject: [PATCH 4/6] fix worldclocks

---
 .../include/worldclocks/manageclocks.php      | 32 ++++++++-----------
 1 file changed, 14 insertions(+), 18 deletions(-)

diff --git a/src/members/include/worldclocks/manageclocks.php b/src/members/include/worldclocks/manageclocks.php
index 74292375..16c39ee3 100644
--- a/src/members/include/worldclocks/manageclocks.php
+++ b/src/members/include/worldclocks/manageclocks.php
@@ -13,33 +13,29 @@
 	 */
 
 
-
-	if(!isset($member) || substr($_SERVER['PHP_SELF'], -11) != "console.php") {
+	if (!isset($member) || substr($_SERVER['PHP_SELF'], -11) != "console.php") {
 		exit();
-	}
-	else {	
+	} else {
 		$memberInfo = $member->get_info_filtered();
 		$consoleObj->select($_GET['cID']);
-		if(!$member->hasAccess($consoleObj)) {
+		if (!$member->hasAccess($consoleObj)) {
 			exit();
 		}
-		
+
 	}
-	
-	
+
+
 	$objManageList = new btOrderManageList($clockObj);
-	$objManageList->strMainListLink = BASE_DIRECTORY."members/include/worldclocks/main.php";
+	$objManageList->strMainListLink = BASE_DIRECTORY . "members/include/worldclocks/main.php";
+
 
-	
-	if($_GET['clockID'] != "" && $clockObj->select($_GET['clockID']) && $_GET['action'] == "edit") {
+	if (isset($_GET['clockID']) && $_GET['clockID'] != "" && $clockObj->select($_GET['clockID']) && isset($_GET['action']) && $_GET['action'] == "edit") {
 		$clockInfo = $clockObj->get_info_filtered();
-		require_once(BASE_DIRECTORY."members/include/worldclocks/edit.php");
-	}
-	elseif($_GET['action'] == "delete" && $clockObj->select($_POST['itemID'])) {
+		require_once(BASE_DIRECTORY . "members/include/worldclocks/edit.php");
+	} elseif (isset($_GET['action']) && $_GET['action'] == "delete" && isset($_POST['itemID']) && $clockObj->select($_POST['itemID'])) {
 		$info = $clockObj->get_info_filtered();
 		$objManageList->strDeleteName = $info['name'];
-		$objManageList->strDeletePostVarID = "clockID";	
-	}
-	elseif($_GET['action'] != "move") {
-		require_once($objManageList->strMainListLink);	
+		$objManageList->strDeletePostVarID = "clockID";
+	} elseif (!isset($_GET['action']) || $_GET['action'] != "move") {
+		require_once($objManageList->strMainListLink);
 	}
\ No newline at end of file

From 390f6450c9136165a9a8156a1dee22f58f8758c2 Mon Sep 17 00:00:00 2001
From: deepend <deepend@tilde.club>
Date: Tue, 23 Jan 2024 01:32:38 -0700
Subject: [PATCH 5/6] fix worldclocks

---
 .../include/worldclocks/manageclocks.php      | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/members/include/worldclocks/manageclocks.php b/src/members/include/worldclocks/manageclocks.php
index 16c39ee3..e8482ad9 100644
--- a/src/members/include/worldclocks/manageclocks.php
+++ b/src/members/include/worldclocks/manageclocks.php
@@ -1,16 +1,16 @@
 <?php
 
-	/*
-	 * BlueThrust Clan Scripts
-	 * Copyright 2014
-	 *
-	 * Author: Bluethrust Web Development
-	 * E-mail: support@bluethrust.com
-	 * Website: http://www.bluethrust.com
-	 *
-	 * License: http://www.bluethrust.com/license.php
-	 *
-	 */
+/*
+ * BlueThrust Clan Scripts
+ * Copyright 2014
+ *
+ * Author: Bluethrust Web Development
+ * E-mail: support@bluethrust.com
+ * Website: http://www.bluethrust.com
+ *
+ * License: http://www.bluethrust.com/license.php
+ *
+ */
 
 
 	if (!isset($member) || substr($_SERVER['PHP_SELF'], -11) != "console.php") {

From b84d32872b9ca0f1a68804a1de035c9bcd448c23 Mon Sep 17 00:00:00 2001
From: deepend <deepend@tilde.club>
Date: Tue, 23 Jan 2024 01:35:38 -0700
Subject: [PATCH 6/6] fix console managelist

---
 src/members/console.managelist.list.php | 177 ++++++++++++------------
 src/members/console.managelist.php      | 164 +++++++++++-----------
 2 files changed, 168 insertions(+), 173 deletions(-)

diff --git a/src/members/console.managelist.list.php b/src/members/console.managelist.list.php
index 4b4c3557..8dd3f0fd 100644
--- a/src/members/console.managelist.list.php
+++ b/src/members/console.managelist.list.php
@@ -1,129 +1,134 @@
 <?php
 
-	/*
-	 * BlueThrust Clan Scripts
-	 * Copyright 2014
-	 *
-	 * Author: Bluethrust Web Development
-	 * E-mail: support@bluethrust.com
-	 * Website: http://www.bluethrust.com
-	 *
-	 * License: http://www.bluethrust.com/license.php
-	 *
-	 */
-
-	if(!defined("LOGGED_IN") || !LOGGED_IN) { 
-		
+/*
+ * BlueThrust Clan Scripts
+ * Copyright 2014
+ *
+ * Author: Bluethrust Web Development
+ * E-mail: support@bluethrust.com
+ * Website: http://www.bluethrust.com
+ *
+ * License: http://www.bluethrust.com/license.php
+ *
+ */
+
+	if (!defined("LOGGED_IN") || !LOGGED_IN) {
+
 		$setupManageListArgs = json_decode($_POST['listArgs'], true);
 
 		require_once("../_setup.php");
 
-		
+
+		require_once("../_setup.php");
+
 		$member = new Member($mysqli);
 		$member->select($_SESSION['btUsername']);
-		
+
 		$consoleObj = new ConsoleOption($mysqli);
-		if(!$consoleObj->select($setupManageListArgs['console_id'])) {
+		$setupManageListArgs = json_decode($_POST['listArgs'], true);
+
+		if (!$consoleObj->select($setupManageListArgs['console_id'])) {
 			exit();
 		}
-		
-		if(!$member->authorizeLogin($_SESSION['btPassword']) || !$member->hasAccess($consoleObj)) {
-			exit();	
+
+		if (!$member->authorizeLogin($_SESSION['btPassword']) || !$member->hasAccess($consoleObj)) {
+			exit();
+		}
+
+// Ensure that 'actions' key exists and is an array
+		$actionsWidth = 0;
+		$titleWidth = 100;
+		if (isset($setupManageListArgs['actions']) && is_array($setupManageListArgs['actions'])) {
+			$actionsWidth = count($setupManageListArgs['actions']) * 6;
+			$titleWidth = 100 - $actionsWidth;
 		}
-		
-		$actionsWidth = count($setupManageListArgs['actions'])*6;
-		$titleWidth = 100-($actionsWidth);
 	}
 
-	
 	echo "
 	
 		<table class='formTable' style='border-spacing: 0px; margin-top: 0px'>
 
 	";
 
-		$counter = 0;
-		foreach($setupManageListArgs['items'] as $itemInfo) {
+	$counter = 0;
+	foreach ($setupManageListArgs['items'] as $itemInfo) {
 
-			if($itemInfo['type'] == "listitem") {
-			
-				if($counter == 1) {
-					$addCSS = " alternateBGColor";
-					$counter = 0;
-				}
-				else {
-					$addCSS = "";
-					$counter = 1;
-				}
-				
-				echo "
+		if ($itemInfo['type'] == "listitem") {
+
+			if ($counter == 1) {
+				$addCSS = " alternateBGColor";
+				$counter = 0;
+			} else {
+				$addCSS = "";
+				$counter = 1;
+			}
+
+			echo "
 					<tr>
-						<td class='main manageList dottedLine".$addCSS."' style='width: ".$titleWidth."%; padding-left: 10px'><b><a href='".$itemInfo['edit_link']."'>".$itemInfo['display_name']."</a></b></td>	
-					
-					";
-				
-				foreach($setupManageListArgs['actions'] as $actionTypes) {
-					$dispAction = "";
-					switch($actionTypes) {
-						case "moveup":
-							$dispAction = !in_array("moveup", $itemInfo['actions']) ? "" : "<a href='javascript:void(0)' onclick=\"moveItem('up', '".$itemInfo['item_id']."')\" title='Move Up'><img src='".$MAIN_ROOT."themes/".$THEME."/images/buttons/uparrow.png' class='manageListActionButton'></a>";
-							break;
-						case "movedown":
-							$dispAction = !in_array("movedown", $itemInfo['actions']) ? "" : "<a href='javascript:void(0)' onclick=\"moveItem('down', '".$itemInfo['item_id']."')\" title='Move Down'><img src='".$MAIN_ROOT."themes/".$THEME."/images/buttons/downarrow.png' class='manageListActionButton'></a>";
-							break;
-						case "edit":
-							$dispAction = "<a href='".$itemInfo['edit_link']."' title='Edit'><img src='".$MAIN_ROOT."themes/".$THEME."/images/buttons/edit.png' class='manageListActionButton'></a>";
-							break;
-						case "delete":
-							$dispAction = "<a href='javascript:void(0)' onclick=\"deleteItem('".$itemInfo['item_id']."')\" title='Delete'><img src='".$MAIN_ROOT."themes/".$THEME."/images/buttons/delete.png' class='manageListActionButton'></a>";
-							break;
-						default:
-							$dispAction = call_user_func_array($actionTypes, array($itemInfo['item_id']));	
-					}
+						<td class='main manageList dottedLine" . $addCSS . "' style='width: " . $titleWidth . "%; padding-left: 10px'><b><a href='" . $itemInfo['edit_link'] . "'>" . $itemInfo['display_name'] . "</a></b></td>	
 					
-					echo "
-						<td align='center' class='main manageList dottedLine".$addCSS."' style='width: 6%;'>".$dispAction."</td>	
 					";
+
+			foreach ($setupManageListArgs['actions'] as $actionTypes) {
+				$dispAction = "";
+				switch ($actionTypes) {
+					case "moveup":
+						$dispAction = !in_array("moveup", $itemInfo['actions']) ? "" : "<a href='javascript:void(0)' onclick=\"moveItem('up', '" . $itemInfo['item_id'] . "')\" title='Move Up'><img src='" . $MAIN_ROOT . "themes/" . $THEME . "/images/buttons/uparrow.png' class='manageListActionButton'></a>";
+						break;
+					case "movedown":
+						$dispAction = !in_array("movedown", $itemInfo['actions']) ? "" : "<a href='javascript:void(0)' onclick=\"moveItem('down', '" . $itemInfo['item_id'] . "')\" title='Move Down'><img src='" . $MAIN_ROOT . "themes/" . $THEME . "/images/buttons/downarrow.png' class='manageListActionButton'></a>";
+						break;
+					case "edit":
+						$dispAction = "<a href='" . $itemInfo['edit_link'] . "' title='Edit'><img src='" . $MAIN_ROOT . "themes/" . $THEME . "/images/buttons/edit.png' class='manageListActionButton'></a>";
+						break;
+					case "delete":
+						$dispAction = "<a href='javascript:void(0)' onclick=\"deleteItem('" . $itemInfo['item_id'] . "')\" title='Delete'><img src='" . $MAIN_ROOT . "themes/" . $THEME . "/images/buttons/delete.png' class='manageListActionButton'></a>";
+						break;
+					default:
+						$dispAction = call_user_func_array($actionTypes, array($itemInfo['item_id']));
 				}
-				
-						
-				echo "</tr>";
-				
-			}
-			else { // Category Title
-				
-				$dispAddItemToCategory = ($itemInfo['add_to_cat_link'] == "") ? "" : "<a href='".$itemInfo['add_to_cat_link']."'><img src='".$MAIN_ROOT."themes/".$THEME."images/buttons/add.png' class='manageListActionButton'></a>";
-				
+
 				echo "
+						<td align='center' class='main manageList dottedLine" . $addCSS . "' style='width: 6%;'>" . $dispAction . "</td>	
+					";
+			}
+
+
+			echo "</tr>";
+
+		} else { // Category Title
+
+			$dispAddItemToCategory = ($itemInfo['add_to_cat_link'] == "") ? "" : "<a href='" . $itemInfo['add_to_cat_link'] . "'><img src='" . $MAIN_ROOT . "themes/" . $THEME . "images/buttons/add.png' class='manageListActionButton'></a>";
+
+			echo "
 					<tr>
-						<td class='main manageList dottedLine' style='width: ".$titleWidth."%'></td>
-						<td class='manageList dottedLine' colspan='".count($setupManageListArgs['actions'])."' align='center'>".$dispAddItemToCategory."</td>
+						<td class='main manageList dottedLine' style='width: " . $titleWidth . "%'></td>
+						<td class='manageList dottedLine' colspan='" . count($setupManageListArgs['actions']) . "' align='center'>" . $dispAddItemToCategory . "</td>
 					</tr>
 				";
-				
-			}
+
 		}
-	
+	}
+
 	echo "
 		</table>
 	
 	";
-	
-	if(count($setupManageListArgs['items']) == 0) {
 
-		if(substr($setupManageListArgs['item_title'],-1) == ":") {
-			$noItemName = substr($setupManageListArgs['item_title'], 0, strlen($setupManageListArgs['item_title'])-1);
-		}
-		elseif($setupManageListArgs['item_title'] == "") {
-			$noItemName = "item";	
+	if (count($setupManageListArgs['items']) == 0) {
+
+		if (substr($setupManageListArgs['item_title'], -1) == ":") {
+			$noItemName = substr($setupManageListArgs['item_title'], 0, strlen($setupManageListArgs['item_title']) - 1);
+		} elseif ($setupManageListArgs['item_title'] == "") {
+			$noItemName = "item";
 		}
-		
+
 		echo "
 			<div class='shadedBox' style='margin-left: auto; margin-right: auto; width: 45%; margin-top: 20px'>
 				<p class='main' align='center'>
-					<i>No ".strtolower($noItemName)."s added yet!</i>
+					<i>No " . strtolower($noItemName) . "s added yet!</i>
 				</p>
 			</div>
 		";
-		
+
 	}
\ No newline at end of file
diff --git a/src/members/console.managelist.php b/src/members/console.managelist.php
index 08b3fd02..0962b4c5 100644
--- a/src/members/console.managelist.php
+++ b/src/members/console.managelist.php
@@ -1,112 +1,103 @@
 <?php
 
-	/*
-	 * BlueThrust Clan Scripts
-	 * Copyright 2014
-	 *
-	 * Author: Bluethrust Web Development
-	 * E-mail: support@bluethrust.com
-	 * Website: http://www.bluethrust.com
-	 *
-	 * License: http://www.bluethrust.com/license.php
-	 *
-	 */
-
-	if(!defined("LOGGED_IN") || !LOGGED_IN) { die("<script type='text/javascript'>window.location = '".$MAIN_ROOT."'</script>"); }
-	
-	
-	$actionsWidth = count($setupManageListArgs['actions'])*6;
-	$titleWidth = 100-($actionsWidth);
-	
-	
+/*
+ * BlueThrust Clan Scripts
+ * Copyright 2014
+ *
+ * Author: Bluethrust Web Development
+ * E-mail: support@bluethrust.com
+ * Website: http://www.bluethrust.com
+ *
+ * License: http://www.bluethrust.com/license.php
+ *
+ */
+
+	if (!defined("LOGGED_IN") || !LOGGED_IN) {
+		die("<script type='text/javascript'>window.location = '" . $MAIN_ROOT . "'</script>");
+	}
+
+
+	$actionsWidth = count($setupManageListArgs['actions']) * 6;
+	$titleWidth = 100 - ($actionsWidth);
+
+
 	// Setup default values if not given
-	$actionsTitleName = ($setupManageListArgs['action_title'] == "") ? "Actions:" : $setupManageListArgs['action_title'];
-	$itemTitleName = ($setupManageListArgs['item_title'] == "") ? "Item:" : $setupManageListArgs['item_title'];
-	
-	$dispAddNewLink = (!isset($setupManageListArgs['add_new_link']['url']) || $setupManageListArgs['add_new_link']['url'] == "") ? "" : "&raquo; <a href='".$setupManageListArgs['add_new_link']['url']."'>".$setupManageListArgs['add_new_link']['name']."</a> &laquo;";
-	
-	$setupManageListArgs['list_div_name'] = ($setupManageListArgs['list_div_name'] == "") ? "manageListDiv" : $setupManageListArgs['list_div_name'];
-	
-	$setupManageListArgs['loading_spiral'] = ($setupManageListArgs['loading_spiral'] == "") ? "manageListLoadingSpiral" : $setupManageListArgs['loading_spiral'];
-	
-	
-	
-	
+	$actionsTitleName = $setupManageListArgs['action_title'] ?? "Actions:";
+	$itemTitleName = $setupManageListArgs['item_title'] ?? "Item:";
+
+	$dispAddNewLink = (!isset($setupManageListArgs['add_new_link']['url']) || $setupManageListArgs['add_new_link']['url'] == "") ? "" : "&raquo; <a href='" . $setupManageListArgs['add_new_link']['url'] . "'>" . $setupManageListArgs['add_new_link']['name'] . "</a> &laquo;";
+
+	$setupManageListArgs['list_div_name'] = $setupManageListArgs['list_div_name'] ?? "manageListDiv";
+	$setupManageListArgs['loading_spiral'] = $setupManageListArgs['loading_spiral'] ?? "manageListLoadingSpiral";
+
+
 	// Display Manage List
-	
+
 	echo "
 
 		<table class='formTable'>
 			<tr>
-				<td colspan='2' align='right'>".$dispAddNewLink."<br><br></td>
+				<td colspan='2' align='right'>" . $dispAddNewLink . "<br><br></td>
 			</tr>
 			<tr>
-				<td class='formTitle' style='width: ".$titleWidth."%'>".$itemTitleName."</td>
-				<td class='formTitle' style='width: ".$actionsWidth."%'>".$actionsTitleName."</td>
+				<td class='formTitle' style='width: " . $titleWidth . "%'>" . $itemTitleName . "</td>
+				<td class='formTitle' style='width: " . $actionsWidth . "%'>" . $actionsTitleName . "</td>
 			</tr>
 		</table>
 		
-		<div class='loadingSpiral' id='".$setupManageListArgs['loading_spiral']."'><p align='center'><img src='".$MAIN_ROOT."themes/".$THEME."/images/loading-spiral.gif'><br>Loading...</p></div>
+		<div class='loadingSpiral' id='" . $setupManageListArgs['loading_spiral'] . "'><p align='center'><img src='" . $MAIN_ROOT . "themes/" . $THEME . "/images/loading-spiral.gif'><br>Loading...</p></div>
 		
-		<div id='".$setupManageListArgs['list_div_name']."'>
+		<div id='" . $setupManageListArgs['list_div_name'] . "'>
 	";
-		
-		require_once("console.managelist.list.php");
-		
+
+	require_once("console.managelist.list.php");
+	$moveLink = $setupManageListArgs['move_link'] ?? "defaultMoveLink.php"; // Replace 'defaultMoveLink.php' with your default link
 	echo "</div>
 	
 	
 		<div id='confirmDeleteDialog'></div>
 		<script type='text/javascript'>
 		
-			function moveItem(move_dir, item_id) {
-		
-				$(document).ready(function() {
-				
-					$('#".$setupManageListArgs['loading_spiral']."').show();
-					$('#".$setupManageListArgs['list_div_name']."').fadeOut(250);
-					//".$setupManageListArgs['move_link']."
-					$.post('".$MAIN_ROOT."members/console.managelist.move.php?cID=".filterText($_GET['cID'])."', { itemID: item_id, moveDir: move_dir }, function(data) {
-					
-						$('#".$setupManageListArgs['loading_spiral']."').hide();
-						$('#".$setupManageListArgs['list_div_name']."').html(data).fadeIn(250);
-						
-					});
-					
-				
-				});
-			
-			}
+    function moveItem(move_dir, item_id) {
+        $(document).ready(function() {
+            $('#" . $setupManageListArgs['loading_spiral'] . "').show();
+            $('#" . $setupManageListArgs['list_div_name'] . "').fadeOut(250);
+            $.post('" . $moveLink . "', { itemID: item_id, moveDir: move_dir }, function(data) {
+                $('#" . $setupManageListArgs['loading_spiral'] . "').hide();
+                $('#" . $setupManageListArgs['list_div_name'] . "').html(data).fadeIn(250);
+            });
+        });
+    }
 			
 			function deleteItem(item_id) {
 			
 				$(document).ready(function() {
 				
 			";
-	
-			if(!$setupManageListArgs['confirm_delete']) {
 
-				echo "
-					$('#".$setupManageListArgs['loading_spiral']."').show();
-					$('#".$setupManageListArgs['list_div_name']."').fadeOut(250);
+	if (!$setupManageListArgs['confirm_delete']) {
+
+		echo "
+					$('#" . $setupManageListArgs['loading_spiral'] . "').show();
+					$('#" . $setupManageListArgs['list_div_name'] . "').fadeOut(250);
 				";
-				
-			}
-			
-	
-			echo "
+
+	}
+
+
+	echo "
 					
-					$.post('".$setupManageListArgs['delete_link']."', { itemID: item_id }, function(data) {
+					$.post('" . $setupManageListArgs['delete_link'] . "', { itemID: item_id }, function(data) {
 					
 					";
 
-					if($setupManageListArgs['confirm_delete']) {
-						
-						echo "
+	if ($setupManageListArgs['confirm_delete']) {
+
+		echo "
 							$('#confirmDeleteDialog').html(data);
 							$('#confirmDeleteDialog').dialog({
 								
-								title: '".$consoleInfo['pagetitle']." - Delete',
+								title: '" . $consoleInfo['pagetitle'] . " - Delete',
 								width: 400,
 								modal: true,
 								zIndex: 9999,
@@ -115,13 +106,13 @@ function deleteItem(item_id) {
 								buttons: {
 									'Yes': function() {
 										
-										$('#".$setupManageListArgs['loading_spiral']."').show();
-										$('#".$setupManageListArgs['list_div_name']."').fadeOut(250);
+										$('#" . $setupManageListArgs['loading_spiral'] . "').show();
+										$('#" . $setupManageListArgs['list_div_name'] . "').fadeOut(250);
 										$(this).dialog('close');
 										
-										$.post('".$setupManageListArgs['delete_link']."', { itemID: item_id, confirm: 1 }, function(data1) {
-											$('#".$setupManageListArgs['loading_spiral']."').hide();
-											$('#".$setupManageListArgs['list_div_name']."').html(data1).fadeIn(250);
+										$.post('" . $setupManageListArgs['delete_link'] . "', { itemID: item_id, confirm: 1 }, function(data1) {
+											$('#" . $setupManageListArgs['loading_spiral'] . "').hide();
+											$('#" . $setupManageListArgs['list_div_name'] . "').html(data1).fadeIn(250);
 										});
 									
 									},
@@ -134,16 +125,15 @@ function deleteItem(item_id) {
 								
 							});
 						";
-						
-					}
-					else {
-						echo "
-							$('#".$setupManageListArgs['loading_spiral']."').hide();
-							$('#".$setupManageListArgs['list_div_name']."').html(data).fadeIn(250);
+
+	} else {
+		echo "
+							$('#" . $setupManageListArgs['loading_spiral'] . "').hide();
+							$('#" . $setupManageListArgs['list_div_name'] . "').html(data).fadeIn(250);
 						";
-					}
-						
-				echo "	
+	}
+
+	echo "	
 					});