lanks |
15th August 2009 20:11 |
this is my forum.php
PHP Code:
<? ob_start("ob_gzhandler");
require "include/bittorrent.php";
loggedinorreturn(); parked(); $action = $_GET["action"];
function catch_up() { die("This feature is currently unavailable."); global $CURUSER;
$userid = $CURUSER["id"];
$res = mysql_query("SELECT id, lastpost FROM topics") or sqlerr(__FILE__, __LINE__);
while ($arr = mysql_fetch_assoc($res)) { $topicid = $arr["id"];
$postid = $arr["lastpost"];
$r = mysql_query("SELECT id,lastpostread FROM readposts WHERE userid=$userid and topicid=$topicid") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($r) == 0) mysql_query("INSERT INTO readposts (userid, topicid, lastpostread) VALUES($userid, $topicid, $postid)") or sqlerr(__FILE__, __LINE__);
else { $a = mysql_fetch_assoc($r);
if ($a["lastpostread"] < $postid) mysql_query("UPDATE readposts SET lastpostread=$postid WHERE id=" . $a["id"]) or sqlerr(__FILE__, __LINE__); } } }
//-------- Returns the minimum read/write class levels of a forum
function get_forum_access_levels($forumid) { $res = mysql_query("SELECT minclassread, minclasswrite, minclasscreate FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) != 1) return false;
$arr = mysql_fetch_assoc($res);
return array("read" => $arr["minclassread"], "write" => $arr["minclasswrite"], "create" => $arr["minclasscreate"]); }
//-------- Returns the forum ID of a topic, or false on error
function get_topic_forum($topicid) { $res = mysql_query("SELECT forumid FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) != 1) return false;
$arr = mysql_fetch_row($res);
return $arr[0]; }
//-------- Returns the ID of the last post of a forum
function update_topic_last_post($topicid) { $res = mysql_query("SELECT id FROM posts WHERE topicid=$topicid ORDER BY id DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res) or die("No post found");
$postid = $arr[0];
mysql_query("UPDATE topics SET lastpost=$postid WHERE id=$topicid") or sqlerr(__FILE__, __LINE__); }
function get_forum_last_post($forumid) { $res = mysql_query("SELECT lastpost FROM topics WHERE forumid=$forumid ORDER BY lastpost DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
$postid = $arr[0];
if ($postid) return $postid;
else return 0; }
//-------- Inserts a quick jump menu
function insert_quick_jump_menu($currentforum = 0) { print("<p align=center><form method=get action=? name=jump>\n");
print("<input type=hidden name=action value=viewforum>\n");
print("Quick jump: ");
print("<select name=forumid onchange=\"if(this.options[this.selectedIndex].value != -1){ forms['jump'].submit() }\">\n");
$res = mysql_query("SELECT * FROM forums ORDER BY name") or sqlerr(__FILE__, __LINE__);
while ($arr = mysql_fetch_assoc($res)) { if (get_user_class() >= $arr["minclassread"]) print("<option value=" . $arr["id"] . ($currentforum == $arr["id"] ? " selected>" : ">") . $arr["name"] . "\n"); }
print("</select>\n");
print("<input type=submit value='Go!'>\n");
print("</form>\n</p>"); }
//-------- Inserts a compose frame
function insert_compose_frame($id, $newtopic = true, $quote = false) { global $maxsubjectlength, $CURUSER;
if ($newtopic) { $res = mysql_query("SELECT name FROM forums WHERE id=$id") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res) or die("Bad forum id");
$forumname = $arr["name"];
print("<p align=center>New topic in <a href=?action=viewforum&forumid=$id>$forumname</a> forum</p>\n"); } else { $res = mysql_query("SELECT * FROM topics WHERE id=$id") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res) or stderr("Forum error", "Topic not found.");
$subject = $arr["subject"];
print("<p align=center>Reply to topic: <a href=?action=viewtopic&topicid=$id>$subject</a></p>"); }
begin_frame("Compose", true);
print("<form method=post action=?action=post>\n");
if ($newtopic) print("<input type=hidden name=forumid value=$id>\n");
else print("<input type=hidden name=topicid value=$id>\n");
begin_table();
if ($newtopic) print("<tr><td class=rowhead>Subject</td>" . "<td align=left style='padding: 0px'><input type=text size=100 maxlength=$maxsubjectlength name=subject " . "style='border: 0px; height: 19px'></td></tr>\n");
if ($quote) { $postid = $_GET["postid"]; if (!is_valid_id($postid)) die;
$res = mysql_query("SELECT posts.*, users.username FROM posts LEFT JOIN users ON posts.userid = users.id WHERE posts.id=$postid") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) != 1) stderr("Error", "No post with ID.");
$arr = mysql_fetch_assoc($res); }
print("<tr><td class=rowhead>Body</td><td align=left style='padding: 0px'>" . "<textarea name=body cols=100 rows=20 style='border: 0px'>". ($quote?(("<<<@!1!@>>>")):""). "</textarea></td></tr>\n");
print("<tr><td colspan=2 align=center><input type=submit class=btn value='Submit'></td></tr>\n");
end_table();
print("</form>\n");
print("<p align=center><a href=tags.php target=_blank>Tags</a> | <a href=smilies.php target=_blank>Smilies</a></p>\n");
end_frame();
//------ Get 10 last posts if this is a reply
if (!$newtopic) { $postres = mysql_query("SELECT * FROM posts WHERE topicid=$id ORDER BY id DESC LIMIT 10") or sqlerr(__FILE__, __LINE__);
begin_frame("10 last posts, in reverse order");
while ($post = mysql_fetch_assoc($postres)) { //-- Get poster details
$userres = mysql_query("SELECT * FROM users WHERE id=" . $post["userid"] . " LIMIT 1") or sqlerr(__FILE__, __LINE__);
$user = mysql_fetch_assoc($userres);
$avatar = ($CURUSER["avatars"] == "yes" ? htmlspecialchars($user["avatar"]) : ""); // $avatar = $user["avatar"];
if (!$avatar) $avatar = "/pic/default_avatar.gif";
print("<p class=sub>#" . $post["id"] . " by " . $user["username"] . " at " . $post["added"] . " GMT</p>");
begin_table(true);
print("<tr valign=top><td width=150 align=center style='padding: 0px'>" . ($avatar ? "<img width=150 src=$avatar>" : ""). "</td><td class=comment>" . format_comment($post["body"]) . "</td></tr>\n");
end_table();
}
end_frame();
}
insert_quick_jump_menu();
}
//-------- Global variables
$maxsubjectlength = 40; $postsperpage = $CURUSER["postsperpage"]; if (!$postsperpage) $postsperpage = 25;
//-------- Action: New topic
if ($action == "newtopic") { $forumid = $_GET["forumid"];
if (!is_valid_id($forumid)) die;
stdhead("New topic");
begin_main_frame();
insert_compose_frame($forumid);
end_main_frame();
stdfoot();
die; }
//-------- Action: Post
if ($action == "post") { $forumid = 0 + $_POST["forumid"]; $topicid = 0 + $_POST["topicid"];
if (!is_valid_id($forumid) && !is_valid_id($topicid)) stderr("Error", "Bad forum or topic ID.");
$newtopic = $forumid > 0;
$subject = $_POST["subject"];
if ($newtopic) { $subject = trim($subject);
if (!$subject) stderr("Error", "You must enter a subject.");
if (strlen($subject) > $maxsubjectlength) stderr("Error", "Subject is limited to $maxsubjectlength characters."); } else $forumid = get_topic_forum($topicid) or die("Bad topic ID"); if ($CURUSER["forumpost"] == 'no') { stdhead(); stdmsg("Sorry...", "You are not authorized to Post. (See <a href=\"inbox.php#up\">Read Inbox</a>)"); stdfoot(); exit; }
//------ Make sure sure user has write access in forum
$arr = get_forum_access_levels($forumid) or die("Bad forum ID");
if (get_user_class() < $arr["write"] || ($newtopic && get_user_class() < $arr["create"])) stderr("Error", "Permission denied.");
$body = trim($_POST["body"]);
if ($body == "") stderr("Error", "No body text.");
$userid = $CURUSER["id"];
if ($newtopic) { //---- Create topic
$subject = sqlesc($subject);
mysql_query("INSERT INTO topics (userid, forumid, subject) VALUES($userid, $forumid, $subject)") or sqlerr(__FILE__, __LINE__);
$topicid = mysql_insert_id() or stderr("Error", "No topic ID returned"); } else { //---- Make sure topic exists and is unlocked
$res = mysql_query("SELECT * FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res) or die("Topic id n/a");
if ($arr["locked"] == 'yes' && get_user_class() < UC_MODERATOR) stderr("Error", "This topic is locked.");
//---- Get forum ID
$forumid = $arr["forumid"]; }
//------ Insert post
$added = "'" . get_date_time() . "'";
$body = sqlesc($body);
mysql_query("INSERT INTO posts (topicid, userid, added, body) " . "VALUES($topicid, $userid, $added, $body)") or sqlerr(__FILE__, __LINE__);
$postid = mysql_insert_id() or die("Post id n/a");
//------ Update topic last post
update_topic_last_post($topicid);
//------ All done, redirect user to the post
$headerstr = "Location: $BASEURL/forums.php?action=viewtopic&topicid=$topicid&page=last";
if ($newtopic) header($headerstr);
else header("$headerstr#$postid");
die; }
//-------- Action: View topic
if ($action == "viewtopic") { $topicid = $_GET["topicid"];
$page = $_GET["page"];
if (!is_valid_id($topicid)) die;
$userid = $CURUSER["id"];
//------ Get topic info
$res = mysql_query("SELECT * FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res) or stderr("Forum error", "Topic not found");
$locked = ($arr["locked"] == 'yes'); $subject = $arr["subject"]; $sticky = $arr["sticky"] == "yes"; $forumid = $arr["forumid"];
//------ Update hits column
mysql_query("UPDATE topics SET views = views + 1 WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);
//------ Get forum
$res = mysql_query("SELECT * FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res) or die("Forum = NULL");
$forum = $arr["name"];
if ($CURUSER["class"] < $arr["minclassread"]) stderr("Error", "You are not permitted to view this topic.");
//------ Get post count
$res = mysql_query("SELECT COUNT(*) FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
$postcount = $arr[0];
//------ Make page menu
$pagemenu = "<p>\n";
$perpage = $postsperpage;
$pages = ceil($postcount / $perpage);
if ($page[0] == "p") { $findpost = substr($page, 1); $res = mysql_query("SELECT id FROM posts WHERE topicid=$topicid ORDER BY added") or sqlerr(__FILE__, __LINE__); $i = 1; while ($arr = mysql_fetch_row($res)) { if ($arr[0] == $findpost) break; ++$i; } $page = ceil($i / $perpage); }
if ($page == "last") $page = $pages; else { if($page < 1) $page = 1; elseif ($page > $pages) $page = $pages; }
$offset = $page * $perpage - $perpage;
for ($i = 1; $i <= $pages; ++$i) { if ($i == $page) $pagemenu .= "<font class=gray><b>$i</b></font>\n";
else $pagemenu .= "<a href=?action=viewtopic&topicid=$topicid&page=$i><b>$i</b></a>\n"; }
if ($page == 1) $pagemenu .= "<font class=gray><b><< Prev</b></font>";
else $pagemenu .= "<a href=?action=viewtopic&topicid=$topicid&page=" . ($page - 1) . "><b><< Prev</b></a>";
$pagemenu .= " ";
if ($page == $pages) $pagemenu .= "<font class=gray><b>Next >></b></font></p>\n";
else $pagemenu .= "<a href=?action=viewtopic&topicid=$topicid&page=" . ($page + 1) . "><b>Next >></b></a></p>\n";
//------ Get posts
$res = mysql_query("SELECT * FROM posts WHERE topicid=$topicid ORDER BY id LIMIT $offset,$perpage") or sqlerr(__FILE__, __LINE__);
stdhead("View topic");
print("<a name=top><h1><a href=?action=viewforum&forumid=$forumid>$forum</a> > $subject</h1>\n");
print($pagemenu);
//------ Print table
begin_main_frame();
begin_frame();
$pc = mysql_num_rows($res);
$pn = 0;
$r = mysql_query("SELECT lastpostread FROM readposts WHERE userid=" . $CURUSER["id"] . " AND topicid=$topicid") or sqlerr(__FILE__, __LINE__);
$a = mysql_fetch_row($r);
$lpr = $a[0];
if (!$lpr) mysql_query("INSERT INTO readposts (userid, topicid) VALUES($userid, $topicid)") or sqlerr(__FILE__, __LINE__);
while ($arr = mysql_fetch_assoc($res)) { ++$pn;
$postid = $arr["id"];
$posterid = $arr["userid"];
$added = $arr["added"] . " GMT (" . (get_elapsed_time(sql_timestamp_to_unix_timestamp($arr["added"]))) . " ago)";
//---- Get poster details
$res2 = mysql_query("SELECT username,class,avatar,donor,title,enabled,warned FROM users WHERE id=$posterid") or sqlerr(__FILE__, __LINE__);
$arr2 = mysql_fetch_assoc($res2);
$postername = $arr2["username"];
if ($postername == "") { $by = "unknown[$posterid]";
$avatar = ""; } else { // if ($arr2["enabled"] == "yes") $avatar = ($CURUSER["avatars"] == "yes" ? htmlspecialchars($arr2["avatar"]) : ""); // else // $avatar = "/pic/disabled_avatar.gif";
$title = $arr2["title"];
if (!$title) $title = get_user_class_name($arr2["class"]);
$by = "<a href=userdetails.php?id=$posterid><b>$postername</b></a>" . ($arr2["donor"] == "yes" ? "<img src=". "/pic/star.gif alt='Donor'>" : "") . ($arr2["enabled"] == "no" ? "<img src=". "/pic/disabled.gif alt=\"This account is disabled\" style='margin-left: 2px'>" : ($arr2["warned"] == "yes" ? "<a href=rules.php#warning class=altlink><img src=/pic/warned.gif alt=\"Warned\" border=0></a>" : "")) . " ($title)"; }
if (!$avatar) $avatar = "/pic/default_avatar.gif";
print("<a name=$postid>\n");
if ($pn == $pc) { print("<a name=last>\n"); if ($postid > $lpr) mysql_query("UPDATE readposts SET lastpostread=$postid WHERE userid=$userid AND topicid=$topicid") or sqlerr(__FILE__, __LINE__); }
print("<p class=sub><table border=0 cellspacing=0 cellpadding=0><tr><td class=embedded width=99%>#$postid by $by at $added");
if (!$locked || get_user_class() >= UC_MODERATOR) print(" - [<a href=?action=quotepost&topicid=$topicid&postid=$postid><b>Quote</b></a>]");
if (($CURUSER["id"] == $posterid && !$locked) || get_user_class() >= UC_MODERATOR) print(" - [<a href=?action=editpost&postid=$postid><b>Edit</b></a>]");
if (get_user_class() >= UC_MODERATOR) print(" - [<a href=?action=deletepost&postid=$postid><b>Delete</b></a>]");
print("</td><td class=embedded width=1%><a href=#top><img src=/pic/top.gif border=0 alt='Top'></a></td></tr>");
print("</table></p>\n");
begin_table(true);
$body = format_comment($arr["body"]);
if (is_valid_id($arr['editedby'])) { $res2 = mysql_query("SELECT username FROM users WHERE id=$arr[editedby]"); if (mysql_num_rows($res2) == 1) { $arr2 = mysql_fetch_assoc($res2); $body .= "<p><font size=1 class=small>Last edited by <a href=userdetails.php?id=$arr[editedby]><b>$arr2[username]</b></a> at $arr[editedat] GMT</font></p>\n"; } }
print("<tr valign=top><td width=150 align=center style='padding: 0px'>" . ($avatar ? "<img width=150 src=\"$avatar\">" : ""). "</td><td class=comment>$body</td></tr>\n");
end_table(); }
//------ Mod options
if (get_user_class() >= UC_MODERATOR) { attach_frame();
$res = mysql_query("SELECT id,name,minclasswrite FROM forums ORDER BY name") or sqlerr(__FILE__, __LINE__); print("<table border=0 cellspacing=0 cellpadding=0>\n");
print("<form method=post action=?action=setsticky>\n"); print("<input type=hidden name=topicid value=$topicid>\n"); print("<input type=hidden name=returnto value=$BASEURL$_SERVER[REQUEST_URI]>\n"); print("<tr><td class=embedded align=right>Sticky:</td>\n"); print("<td class=embedded><input type=radio name=sticky value='yes' " . ($sticky ? " checked" : "") . "> Yes <input type=radio name=sticky value='no' " . (!$sticky ? " checked" : "") . "> No\n"); print("<input type=submit value='Set'></td></tr>"); print("</form>\n");
print("<form method=post action=?action=setlocked>\n"); print("<input type=hidden name=topicid value=$topicid>\n"); print("<input type=hidden name=returnto value=$BASEURL$_SERVER[REQUEST_URI]>\n"); print("<tr><td class=embedded align=right>Locked:</td>\n"); print("<td class=embedded><input type=radio name=locked value='yes' " . ($locked ? " checked" : "") . "> Yes <input type=radio name=locked value='no' " . (!$locked ? " checked" : "") . "> No\n"); print("<input type=submit value='Set'></td></tr>"); print("</form>\n");
print("<form method=post action=?action=renametopic>\n"); print("<input type=hidden name=topicid value=$topicid>\n"); print("<input type=hidden name=returnto value=$BASEURL$_SERVER[REQUEST_URI]>\n"); print("<tr><td class=embedded align=right>Rename topic:</td><td class=embedded><input type=text name=subject size=60 maxlength=$maxsubjectlength value=\"" . htmlspecialchars($subject) . "\">\n"); print("<input type=submit value='Okay'></td></tr>"); print("</form>\n");
print("<form method=post action=?action=movetopic&topicid=$topicid>\n"); print("<tr><td class=embedded>Move this thread to: </td><td class=embedded><select name=forumid>");
while ($arr = mysql_fetch_assoc($res)) if ($arr["id"] != $forumid && get_user_class() >= $arr["minclasswrite"]) print("<option value=" . $arr["id"] . ">" . $arr["name"] . "\n");
print("</select> <input type=submit value='Okay'></form></td></tr>\n"); print("<tr><td class=embedded>Delete topic</td><td class=embedded>\n"); print("<form method=get action=/forums>\n"); print("<input type=hidden name=action value=deletetopic>\n"); print("<input type=hidden name=topicid value=$topicid>\n"); print("<input type=hidden name=forumid value=$forumid>\n"); print("<input type=checkbox name=sure value=1>I'm sure\n"); print("<input type=submit value='Okay'>\n"); print("</form>\n"); print("</td></tr>\n"); print("</table>\n"); }
end_frame();
end_main_frame();
print($pagemenu);
if ($locked && get_user_class() < UC_MODERATOR) print("<p>This topic is locked; no new posts are allowed.</p>\n");
else { $arr = get_forum_access_levels($forumid) or die;
if (get_user_class() < $arr["write"]) print("<p><i>You are not permitted to post in this forum.</i></p>\n");
else $maypost = true; }
//------ "View unread" / "Add reply" buttons
print("<p><table class=main border=0 cellspacing=0 cellpadding=0><tr>\n"); print("<td class=embedded><form method=get action=?>\n"); print("<input type=hidden name=action value=viewunread>\n"); print("<input type=submit value='View Unread' class=btn>\n"); print("</form></td>\n");
if ($maypost) { print("<td class=embedded style='padding-left: 10px'><form method=get action=?>\n"); print("<input type=hidden name=action value=reply>\n"); print("<input type=hidden name=topicid value=$topicid>\n"); print("<input type=submit value='Add Reply' class=btn>\n"); print("</form></td>\n"); } print("</tr></table></p>\n");
//------ Forum quick jump drop-down
insert_quick_jump_menu($forumid);
stdfoot();
die; }
//-------- Action: Quote
if ($action == "quotepost") { $topicid = $_GET["topicid"];
if (!is_valid_id($topicid)) stderr("Error", "Invalid topic ID.");
stdhead("Post reply");
begin_main_frame();
insert_compose_frame($topicid, false, true);
end_main_frame();
stdfoot();
die; }
//-------- Action: Reply
if ($action == "reply") { $topicid = $_GET["topicid"];
if (!is_valid_id($topicid)) die;
stdhead("Post reply");
begin_main_frame();
insert_compose_frame($topicid, false);
end_main_frame();
stdfoot();
die; }
//-------- Action: Move topic
if ($action == "movetopic") { $forumid = $_POST["forumid"];
$topicid = $_GET["topicid"];
if (!is_valid_id($forumid) || !is_valid_id($topicid) || get_user_class() < UC_MODERATOR) die;
// Make sure topic and forum is valid
$res = @mysql_query("SELECT minclasswrite FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) != 1) stderr("Error", "Forum not found.");
$arr = mysql_fetch_row($res);
if (get_user_class() < $arr[0]) die;
$res = @mysql_query("SELECT subject,forumid FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) != 1) stderr("Error", "Topic not found.");
$arr = mysql_fetch_assoc($res);
if ($arr["forumid"] != $forumid) @mysql_query("UPDATE topics SET forumid=$forumid WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);
// Redirect to forum page
header("Location: $BASEURL/forums.php?action=viewforum&forumid=$forumid");
die; }
//-------- Action: Delete topic
if ($action == "deletetopic") { $topicid = $_GET["topicid"]; $forumid = $_GET["forumid"];
if (!is_valid_id($topicid) || get_user_class() < UC_MODERATOR) die;
$sure = $_GET["sure"];
if (!$sure) { stderr("Delete topic", "Sanity check: You are about to delete a topic. Click\n" . "<a href=?action=deletetopic&topicid=$topicid&sure=1>here</a> if you are sure."); }
mysql_query("DELETE FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);
mysql_query("DELETE FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__);
header("Location: $BASEURL/forums.php?action=viewforum&forumid=$forumid");
die; }
//-------- Action: Edit post
if ($action == "editpost") { $postid = $_GET["postid"];
if (!is_valid_id($postid)) die;
$res = mysql_query("SELECT * FROM posts WHERE id=$postid") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) != 1) stderr("Error", "No post with ID.");
$arr = mysql_fetch_assoc($res);
$res2 = mysql_query("SELECT locked FROM topics WHERE id = " . $arr["topicid"]) or sqlerr(__FILE__, __LINE__); $arr2 = mysql_fetch_assoc($res2);
if (mysql_num_rows($res) != 1) stderr("Error", "No topic associated with post ID.");
$locked = ($arr2["locked"] == 'yes');
if (($CURUSER["id"] != $arr["userid"] || $locked) && get_user_class() < UC_MODERATOR) stderr("Error", "Denied!");
if ($_SERVER['REQUEST_METHOD'] == 'POST') { $body = $_POST['body'];
if ($body == "") stderr("Error", "Body cannot be empty!");
$body = sqlesc($body);
$editedat = sqlesc(get_date_time());
mysql_query("UPDATE posts SET body=$body, editedat=$editedat, editedby=$CURUSER[id] WHERE id=$postid") or sqlerr(__FILE__, __LINE__);
$returnto = $_POST["returnto"];
if ($returnto != "") { $returnto .= "&page=p$postid#$postid"; header("Location: $returnto"); } else stderr("Success", "Post was edited successfully."); }
stdhead();
print("<h1>Edit Post</h1>\n");
print("<form method=post action=?action=editpost&postid=$postid>\n"); print("<input type=hidden name=returnto value=\"" . htmlspecialchars($_SERVER["HTTP_REFERER"]) . "\">\n");
print("<table border=1 cellspacing=0 cellpadding=5>\n");
print("<tr><td style='padding: 0px'><textarea name=body cols=100 rows=20 style='border: 0px'>" . htmlspecialchars($arr["body"]) . "</textarea></td></tr>\n");
print("<tr><td align=center><input type=submit value='Okay' class=btn></td></tr>\n");
print("</table>\n");
print("</form>\n");
stdfoot();
die; }
//-------- Action: Delete post
if ($action == "deletepost") { $postid = $_GET["postid"];
$sure = $_GET["sure"];
if (get_user_class() < UC_MODERATOR || !is_valid_id($postid)) die;
//------- Get topic id
$res = mysql_query("SELECT topicid FROM posts WHERE id=$postid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res) or stderr("Error", "Post not found");
$topicid = $arr[0];
//------- We can not delete the post if it is the only one of the topic
$res = mysql_query("SELECT COUNT(*) FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
if ($arr[0] < 2) stderr("Error", "Can't delete post; it is the only post of the topic. You should\n" . "<a href=?action=deletetopic&topicid=$topicid&sure=1>delete the topic</a> instead.\n");
//------- Get the id of the last post before the one we're deleting
$res = mysql_query("SELECT id FROM posts WHERE topicid=$topicid AND id < $postid ORDER BY id DESC LIMIT 1") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) == 0) $redirtopost = ""; else { $arr = mysql_fetch_row($res); $redirtopost = "&page=p$arr[0]#$arr[0]"; }
//------- Make sure we know what we do :-)
if (!$sure) { stderr("Delete post", "Sanity check: You are about to delete a post. Click\n" . "<a href=?action=deletepost&postid=$postid&sure=1>here</a> if you are sure."); }
//------- Delete post
mysql_query("DELETE FROM posts WHERE id=$postid") or sqlerr(__FILE__, __LINE__);
//------- Update topic
update_topic_last_post($topicid);
header("Location: $BASEURL/forums.php?action=viewtopic&topicid=$topicid$redirtopost");
die; }
//-------- Action: Lock topic
if ($action == "locktopic") { $forumid = $_GET["forumid"]; $topicid = $_GET["topicid"]; $page = $_GET["page"];
if (!is_valid_id($topicid) || get_user_class() < UC_MODERATOR) die;
mysql_query("UPDATE topics SET locked='yes' WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);
header("Location: $BASEURL/forums.php?action=viewforum&forumid=$forumid&page=$page");
die; }
//-------- Action: Unlock topic
if ($action == "unlocktopic") { $forumid = $_GET["forumid"];
$topicid = $_GET["topicid"];
$page = $_GET["page"];
if (!is_valid_id($topicid) || get_user_class() < UC_MODERATOR) die;
mysql_query("UPDATE topics SET locked='no' WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);
header("Location: $BASEURL/forums.php?action=viewforum&forumid=$forumid&page=$page");
die; }
//-------- Action: Set locked on/off
if ($action == "setlocked") { $topicid = 0 + $_POST["topicid"];
if (!$topicid || get_user_class() < UC_MODERATOR) die;
$locked = sqlesc($_POST["locked"]); mysql_query("UPDATE topics SET locked=$locked WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);
header("Location: $_POST[returnto]");
die; }
//-------- Action: Set sticky on/off
if ($action == "setsticky") { $topicid = 0 + $_POST["topicid"];
if (!$topicid || get_user_class() < UC_MODERATOR) die;
$sticky = sqlesc($_POST["sticky"]); mysql_query("UPDATE topics SET sticky=$sticky WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);
header("Location: $_POST[returnto]");
die; }
//-------- Action: Rename topic
if ($action == 'renametopic') { if (get_user_class() < UC_MODERATOR) die;
$topicid = $_POST['topicid'];
if (!is_valid_id($topicid)) die;
$subject = $_POST['subject'];
if ($subject == '') stderr('Error', 'You must enter a new title!');
$subject = sqlesc($subject);
mysql_query("UPDATE topics SET subject=$subject WHERE id=$topicid") or sqlerr();
$returnto = $_POST['returnto'];
if ($returnto) header("Location: $returnto");
die; }
//-------- Action: View forum
if ($action == "viewforum") { $forumid = $_GET["forumid"];
if (!is_valid_id($forumid)) die;
$page = $_GET["page"];
$userid = $CURUSER["id"];
//------ Get forum name
$res = mysql_query("SELECT name, minclassread FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res) or die;
$forumname = $arr["name"];
if (get_user_class() < $arr["minclassread"]) die("Not permitted");
//------ Page links
//------ Get topic count
$perpage = $CURUSER["topicsperpage"]; if (!$perpage) $perpage = 20;
$res = mysql_query("SELECT COUNT(*) FROM topics WHERE forumid=$forumid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
$num = $arr[0];
if ($page == 0) $page = 1;
$first = ($page * $perpage) - $perpage + 1;
$last = $first + $perpage - 1;
if ($last > $num) $last = $num;
$pages = floor($num / $perpage);
if ($perpage * $pages < $num) ++$pages;
//------ Build menu
$menu = "<p align=center><b>\n";
$lastspace = false;
for ($i = 1; $i <= $pages; ++$i) { if ($i == $page) $menu .= "<font class=gray>$i</font>\n";
elseif ($i > 3 && ($i < $pages - 2) && ($page - $i > 3 || $i - $page > 3)) { if ($lastspace) continue;
$menu .= "... \n";
$lastspace = true; }
else { $menu .= "<a href=?action=viewforum&forumid=$forumid&page=$i>$i</a>\n";
$lastspace = false; } if ($i < $pages) $menu .= "</b>|<b>\n"; }
$menu .= "\n";
if ($page == 1) $menu .= "<font class=gray><< Prev</font>";
else $menu .= "<a href=?action=viewforum&forumid=$forumid&page=" . ($page - 1) . "><< Prev</a>";
$menu .= " ";
if ($last == $num) $menu .= "<font class=gray>Next >></font>";
else $menu .= "<a href=?action=viewforum&forumid=$forumid&page=" . ($page + 1) . ">Next >></a>";
$menu .= "</b></p>\n";
$offset = $first - 1;
//------ Get topics data
$topicsres = mysql_query("SELECT * FROM topics WHERE forumid=$forumid ORDER BY sticky, lastpost DESC LIMIT $offset,$perpage") or stderr("SQL Error", mysql_error());
stdhead("Forum");
$numtopics = mysql_num_rows($topicsres);
print("<h1>$forumname</h1>\n");
if ($numtopics > 0) { print($menu);
print("<table border=1 cellspacing=0 cellpadding=5>");
print("<tr><td class=colhead align=left>Topic</td><td class=colhead>Replies</td><td class=colhead>Views</td>\n" . "<td class=colhead align=left>Author</td><td class=colhead align=left>Last post</td>\n");
print("</tr>\n");
while ($topicarr = mysql_fetch_assoc($topicsres)) { $topicid = $topicarr["id"];
$topic_userid = $topicarr["userid"];
$topic_views = $topicarr["views"];
$views = number_format($topic_views);
$locked = $topicarr["locked"] == "yes";
$sticky = $topicarr["sticky"] == "yes";
//---- Get reply count
$res = mysql_query("SELECT COUNT(*) FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
$posts = $arr[0];
$replies = max(0, $posts - 1);
$tpages = floor($posts / $postsperpage);
if ($tpages * $postsperpage != $posts) ++$tpages;
if ($tpages > 1) { $topicpages = " (<img src=/pic/multipage.gif>";
for ($i = 1; $i <= $tpages; ++$i) $topicpages .= " <a href=?action=viewtopic&topicid=$topicid&page=$i>$i</a>";
$topicpages .= ")"; } else $topicpages = "";
//---- Get userID and date of last post
$res = mysql_query("SELECT * FROM posts WHERE topicid=$topicid ORDER BY id DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
$lppostid = 0 + $arr["id"];
$lpuserid = 0 + $arr["userid"];
$lpadded = "<nobr>" . $arr["added"] . "</nobr>";
//------ Get name of last poster
$res = mysql_query("SELECT * FROM users WHERE id=$lpuserid") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 1) { $arr = mysql_fetch_assoc($res);
$lpusername = "<a href=userdetails.php?id=$lpuserid><b>$arr[username]</b></a>"; } else $lpusername = "unknown[$topic_userid]";
//------ Get author
$res = mysql_query("SELECT username FROM users WHERE id=$topic_userid") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 1) { $arr = mysql_fetch_assoc($res);
$lpauthor = "<a href=userdetails.php?id=$topic_userid><b>$arr[username]</b></a>"; } else $lpauthor = "unknown[$topic_userid]";
//---- Print row
$r = mysql_query("SELECT lastpostread FROM readposts WHERE userid=$userid AND topicid=$topicid") or sqlerr(__FILE__, __LINE__);
$a = mysql_fetch_row($r);
$new = !$a || $lppostid > $a[0];
$topicpic = ($locked ? ($new ? "lockednew" : "locked") : ($new ? "unlockednew" : "unlocked"));
$subject = ($sticky ? "Sticky: " : "") . "<a href=?action=viewtopic&topicid=$topicid><b>" . encodehtml($topicarr["subject"]) . "</b></a>$topicpages";
print("<tr><td align=left><table border=0 cellspacing=0 cellpadding=0><tr>" . "<td class=embedded style='padding-right: 5px'><img src=/pic/$topicpic.gif>" . "</td><td class=embedded align=left>\n" . "$subject</td></tr></table></td><td align=right>$replies</td>\n" . "<td align=right>$views</td><td align=left>$lpauthor</td>\n" . "<td align=left>$lpaddedby $lpusername</td>\n");
print("</tr>\n"); } // while
print("</table>\n");
print($menu);
} // if else print("<p align=center>No topics found</p>\n");
print("<p><table class=main border=0 cellspacing=0 cellpadding=0><tr valing=center>\n");
print("<td class=embedded><img src=/pic/unlockednew.gif style='margin-right: 5px'></td><td class=embedded>New posts</td>\n");
print("<td class=embedded><img src=/pic/locked.gif style='margin-left: 10px; margin-right: 5px'>" . "</td><td class=embedded>Locked topic</td>\n");
print("</tr></table></p>\n");
$arr = get_forum_access_levels($forumid) or die;
$maypost = get_user_class() >= $arr["write"] && get_user_class() >= $arr["create"];
if (!$maypost) print("<p><i>You are not permitted to start new topics in this forum.</i></p>\n");
print("<p><table border=0 class=main cellspacing=0 cellpadding=0><tr>\n");
print("<td class=embedded><form method=get action=?><input type=hidden " . "name=action value=viewunread><input type=submit value='View unread' class=btn></form></td>\n");
if ($maypost) print("<td class=embedded><form method=get action=?><input type=hidden " . "name=action value=newtopic><input type=hidden name=forumid " . "value=$forumid><input type=submit value='New topic' class=btn style='margin-left: 10px'></form></td>\n");
print("</tr></table></p>\n");
insert_quick_jump_menu($forumid);
stdfoot();
die; }
//-------- Action: View unread posts
if ($action == "viewunread") { die("This feature is currently unavailable."); $userid = $CURUSER['id'];
$maxresults = 25;
$res = mysql_query("SELECT id, forumid, subject, lastpost FROM topics ORDER BY lastpost") or sqlerr(__FILE__, __LINE__);
stdhead();
print("<h1>Topics with unread posts</h1>\n");
$n = 0;
$uc = get_user_class();
while ($arr = mysql_fetch_assoc($res)) { $topicid = $arr['id'];
$forumid = $arr['forumid'];
//---- Check if post is read $r = mysql_query("SELECT lastpostread FROM readposts WHERE userid=$userid AND topicid=$topicid") or sqlerr(__FILE__, __LINE__);
$a = mysql_fetch_row($r);
if ($a && $a[0] == $arr['lastpost']) continue;
//---- Check access & get forum name $r = mysql_query("SELECT name, minclassread FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);
$a = mysql_fetch_assoc($r);
if ($uc < $a['minclassread']) continue;
++$n;
if ($n > $maxresults) break;
$forumname = $a['name'];
if ($n == 1) { print("<table border=1 cellspacing=0 cellpadding=5>\n");
print("<tr><td class=colhead align=left>Topic</td><td class=colhead align=left>Forum</td></tr>\n"); }
print("<tr><td align=left><table border=0 cellspacing=0 cellpadding=0><tr><td class=embedded>" . "<img src=/pic/unlockednew.gif style='margin-right: 5px'></td><td class=embedded>" . "<a href=?action=viewtopic&topicid=$topicid&page=last#last><b>" . htmlspecialchars($arr["subject"]) . "</b></a></td></tr></table></td><td align=left><a href=?action=viewforum&forumid=$forumid><b>$forumname</b></a></td></tr>\n"); } if ($n > 0) { print("</table>\n");
if ($n > $maxresults) print("<p>More than $maxresults items found, displaying first $maxresults.</p>\n");
print("<p><a href=?catchup><b>Catch up</b></a></p>\n"); } else print("<b>Nothing found</b>");
stdfoot();
die; }
if ($action == "search") { stdhead("Forum Search"); print("<h1>Forum Search (<font color=red>BETA</font>)</h1>\n"); $keywords = trim($_GET["keywords"]); if ($keywords != "") { $perpage = 50; $page = max(1, 0 + $_GET["page"]); $ekeywords = sqlesc($keywords); print("<p><b>Searched for \"" . htmlspecialchars($keywords) . "\"</b></p>\n"); $res = mysql_query("SELECT COUNT(*) FROM posts WHERE MATCH (body) AGAINST ($ekeywords)") or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_row($res); $hits = 0 + $arr[0]; if ($hits == 0) print("<p><b>Sorry, nothing found!</b></p>"); else { $pages = 0 + ceil($hits / $perpage); if ($page > $pages) $page = $pages; for ($i = 1; $i <= $pages; ++$i) if ($page == $i) $pagemenu1 .= "<font class=gray><b>$i</b></font>\n"; else $pagemenu1 .= "<a href=\"/forums?action=search&keywords=" . htmlspecialchars($keywords) . "&page=$i\"><b>$i</b></a>\n"; if ($page == 1) $pagemenu2 = "<font class=gray><b><< Prev</b></font>\n"; else $pagemenu2 = "<a href=\"/forums?action=search&keywords=" . htmlspecialchars($keywords) . "&page=" . ($page - 1) . "\"><b><< Prev</b></a>\n"; $pagemenu2 .= " \n"; if ($page == $pages) $pagemenu2 .= "<font class=gray><b>Next >></b></font>\n"; else $pagemenu2 .= "<a href=\"/forums?action=search&keywords=" . htmlspecialchars($keywords) . "&page=" . ($page + 1) . "\"><b>Next >></b></a>\n"; $offset = ($page * $perpage) - $perpage; $res = mysql_query("SELECT id, topicid,userid,added FROM posts WHERE MATCH (body) AGAINST ($ekeywords) LIMIT $offset,$perpage") or sqlerr(__FILE__, __LINE__); $num = mysql_num_rows($res); print("<p>$pagemenu1$pagemenu2</p>"); print("<table border=1 cellspacing=0 cellpadding=5>\n"); print("<tr><td class=colhead>Post</td><td class=colhead align=left>Topic</td><td class=colhead align=left>Forum</td><td class=colhead align=left>Posted by</td></tr>\n"); for ($i = 0; $i < $num; ++$i) { $post = mysql_fetch_assoc($res); $res2 = mysql_query("SELECT forumid, subject FROM topics WHERE id=$post[topicid]") or sqlerr(__FILE__, __LINE__); $topic = mysql_fetch_assoc($res2); $res2 = mysql_query("SELECT name,minclassread FROM forums WHERE id=$topic[forumid]") or sqlerr(__FILE__, __LINE__); $forum = mysql_fetch_assoc($res2); if ($forum["name"] == "" || $forum["minclassread"] > $CURUSER["class"]) { --$hits; continue; } $res2 = mysql_query("SELECT username FROM users WHERE id=$post[userid]") or sqlerr(__FILE__, __LINE__); $user = mysql_fetch_assoc($res2); if ($user["username"] == "") $user["username"] = "[$post[userid]]"; print("<tr><td>$post[id]</td><td align=left><a href=?action=viewtopic&topicid=$post[topicid]&page=p$post[id]#$post[id]><b>" . htmlspecialchars($topic["subject"]) . "</b></a></td><td align=left><a href=?action=viewforum&forumid=$topic[forumid]><b>" . htmlspecialchars($forum["name"]) . "</b></a><td align=left><a href=userdetails.php?id=$post[userid]><b>$user[username]</b></a>at $post[added]</tr>\n"); } print("</table>\n"); print("<p>$pagemenu2$pagemenu1</p>"); print("<p>Found $hits post" . ($hits != 1 ? "s" : "") . ".</p>"); print("<p><b>Search again</b></p>\n"); } } print("<form method=get action=/forums?>\n"); print("<input type=hidden name=action value=search>\n"); print("<table border=1 cellspacing=0 cellpadding=5>\n"); print("<tr><td class=rowhead>Key words</td><td align=left><input type=text size=55 name=keywords value=\"" . htmlspecialchars($keywords) . "\">\n" . "<font class=small size=-1>Enter one or more words to search for.Very common words and words with less than 3 characters are ignored.</font></td></tr>\n"); print("<tr><td align=center colspan=2><input type=submit value='Search' class=btn></td></tr>\n"); print("</table>\n</form>\n"); stdfoot(); die; }
//-------- Handle unknown action
if ($action != "") stderr("Forum Error", "Unknown action.");
//-------- Default action: View forums
if (isset($_GET["catchup"])) catch_up();
//-------- Get forums
$forums_res = mysql_query("SELECT * FROM forums ORDER BY sort, name") or sqlerr(__FILE__, __LINE__);
stdhead("Forums");
print("<h1>Forums</h1>\n");
print("<table border=1 cellspacing=0 cellpadding=5>\n");
print("<tr><td class=colhead align=left>Forum</td><td class=colhead align=right>Topics</td>" . "<td class=colhead align=right>Posts</td>" . "<td class=colhead align=left>Last post</td></tr>\n");
while ($forums_arr = mysql_fetch_assoc($forums_res)) { if (get_user_class() < $forums_arr["minclassread"]) continue;
$forumid = $forums_arr["id"];
$forumname = htmlspecialchars($forums_arr["name"]);
$forumdescription = htmlspecialchars($forums_arr["description"]);
$topiccount = number_format($forums_arr["topiccount"]);
$postcount = number_format($forums_arr["postcount"]); /* while ($topicids_arr = mysql_fetch_assoc($topicids_res)) { $topicid = $topicids_arr['id'];
$postcount_res = mysql_query("SELECT COUNT(*) FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__);
$postcount_arr = mysql_fetch_row($postcount_res);
$postcount += $postcount_arr[0]; }
$postcount = number_format($postcount); */ // Find last post ID
$lastpostid = get_forum_last_post($forumid);
// Get last post info
$post_res = mysql_query("SELECT added,topicid,userid FROM posts WHERE id=$lastpostid") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($post_res) == 1) { $post_arr = mysql_fetch_assoc($post_res) or die("Bad forum last_post");
$lastposterid = $post_arr["userid"];
$lastpostdate = $post_arr["added"];
$lasttopicid = $post_arr["topicid"];
$user_res = mysql_query("SELECT username FROM users WHERE id=$lastposterid") or sqlerr(__FILE__, __LINE__);
$user_arr = mysql_fetch_assoc($user_res);
$lastposter = htmlspecialchars($user_arr['username']);
$topic_res = mysql_query("SELECT subject FROM topics WHERE id=$lasttopicid") or sqlerr(__FILE__, __LINE__);
$topic_arr = mysql_fetch_assoc($topic_res);
$lasttopic = htmlspecialchars($topic_arr['subject']);
$lastpost = "<nobr>$lastpostdate" . "by <a href=userdetails.php?id=$lastposterid><b>$lastposter</b></a>" . "in <a href=?action=viewtopic&topicid=$lasttopicid&page=p$lastpostid#$lastpostid><b>$lasttopic</b></a></nobr>";
$r = mysql_query("SELECT lastpostread FROM readposts WHERE userid=$CURUSER[id] AND topicid=$lasttopicid") or sqlerr(__FILE__, __LINE__);
$a = mysql_fetch_row($r);
if ($a && $a[0] >= $lastpostid) $img = "unlocked"; else $img = "unlockednew"; } else { $lastpost = "N/A"; $img = "unlocked"; } print("<tr><td align=left><table border=0 cellspacing=0 cellpadding=0><tr><td class=embedded style='padding-right: 5px'><img src=". "/pic/$img.gif></td><td class=embedded><a href=?action=viewforum&forumid=$forumid><b>$forumname</b></a>\n" . "$forumdescription</td></tr></table></td><td align=right>$topiccount</td></td><td align=right>$postcount</td>" . "<td align=left>$lastpost</td></tr>\n"); }
print("</table>\n");
print("<p align=center><a href=?action=search><b>Search</b></a> | <a href=?action=viewunread><b>View unread</b></a> | <a href=?catchup><b>Catch up</b></a></p>");
stdfoot(); ?>
|