0ct0pu5/mylittleforum
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
mylittleforum/includes/entry.inc.php

331 lines
14 KiB
PHP
Raw Permalink Blame History

<?php
if(!defined('IN_INDEX'))
{
header('Location: ../index.php');
exit;
}
if(isset($_REQUEST['id'])) $id = intval($_REQUEST['id']);
else
{
header('Location: index.php');
exit;
}
if(isset($_GET['page'])) $page = intval($_GET['page']);
else $page = 1;
if(isset($_GET['order']) && $_GET['order']=='last_reply') $order = 'last_reply';
else $order = 'time';
if(isset($_SESSION[$settings['session_prefix'].'user_id'])) {
$tmp_user_id = $_SESSION[$settings['session_prefix'].'user_id'];
} else {
$tmp_user_id = 0;
}
if(isset($id) && $id > 0)
{
$result=@mysqli_query($connid, "SELECT id, pid, tid, ft.user_id, UNIX_TIMESTAMP(ft.time + INTERVAL ".$time_difference." MINUTE) AS disp_time,
UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(edited + INTERVAL ".$time_difference." MINUTE) AS edit_time,
UNIX_TIMESTAMP(edited - INTERVAL ".$settings['edit_delay']." MINUTE) AS edited_diff, edited_by, name, email,
subject, hp, location, ip, text, cache_text, tags, show_signature, category, locked, views, spam, spam_check_status, edit_key,
user_name, user_type, user_email, email_contact, user_hp, user_location, signature, cache_signature, rst.user_id AS req_user
FROM ".$db_settings['forum_table']." AS ft
LEFT JOIN ".$db_settings['entry_cache_table']." ON ".$db_settings['entry_cache_table'].".cache_id=ft.id
LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=ft.user_id
LEFT JOIN ".$db_settings['userdata_cache_table']." ON ".$db_settings['userdata_cache_table'].".cache_id=".$db_settings['userdata_table'].".user_id
LEFT JOIN ".$db_settings['read_status_table']." AS rst ON rst.posting_id = ft.id AND rst.user_id = ". intval($tmp_user_id) ."
WHERE id = ".$id) or raise_error('database_error',mysqli_error($connid));
if(mysqli_num_rows($result) == 1)
{
$entrydata = mysqli_fetch_array($result);
mysqli_free_result($result);
$entrydata['formated_time'] = format_time($lang['time_format_full'],$entrydata['disp_time']);
// category of this posting accessible by user?
if(is_array($category_ids) && !in_array($entrydata['category'], $category_ids))
{
header("Location: index.php");
exit;
}
if(isset($_SESSION[$settings['session_prefix'].'user_id'])) {
// bookmark handling
$user_id = $_SESSION[$settings['session_prefix'].'user_id'];
$bookmark_result = mysqli_query($connid, "SELECT TRUE AS 'bookmark' FROM ".$db_settings['bookmark_table']." WHERE `user_id` = ".intval($user_id)." AND `posting_id` = ".intval($id)."") or raise_error('database_error',mysqli_error($connid));
$bookmark = mysqli_fetch_row($bookmark_result);
mysqli_free_result($bookmark_result);
if (isset($bookmark) && intval($bookmark) == 1)
$entrydata['bookmarkedby'] = intval($user_id);
// read-status handling
$rstatus = save_read_status($connid, $user_id, $id);
}
if ($entrydata['req_user'] !== NULL and is_numeric($entrydata['req_user'])) {
$entrydata['is_read'] = true;
} else {
$entrydata['is_read'] = false;
}
$smarty->assign('is_read', $entrydata['is_read']);
if(isset($settings['count_views']) && $settings['count_views'] == 1) mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=edited, views=views+1 WHERE id=".$id);
if($entrydata['user_id'] > 0) {
if($settings['avatars']==2) {
$avatarInfo = getAvatar($entrydata['user_id']);
$avatar['image'] = $avatarInfo === false ? false : $avatarInfo[2];
if(isset($avatar) && $avatar['image'] !== false) {
$image_info = getimagesize($avatar['image']);
$avatar['width'] = $image_info[0];
$avatar['height'] = $image_info[1];
$smarty->assign('avatar', $avatar);
}
}
$entrydata['email'] = $entrydata['user_email'];
#$entrydata['email_contact'] = $userdata['email_contact'];
$entrydata['location'] = $entrydata['user_location'];
$entrydata['hp'] = $entrydata['user_hp'];
}
else
$entrydata['email_contact']=1;
}
else
{
header("Location: index.php");
exit;
}
}
else
{
header("Location: index.php");
exit;
}
if($entrydata['cache_text']=='')
{
// no cached text so parse it and cache it:
$ftext = html_format($entrydata['text']);
// make sure not to make a double entry:
@mysqli_query($connid, "DELETE FROM ".$db_settings['entry_cache_table']." WHERE cache_id=".intval($entrydata['id']));
@mysqli_query($connid, "INSERT INTO ".$db_settings['entry_cache_table']." (cache_id, cache_text) VALUES (".intval($entrydata['id']).",'".mysqli_real_escape_string($connid, $ftext)."')");
}
else
{
$ftext = $entrydata['cache_text'];
}
if(isset($_REQUEST['ajax_preview']))
{
header('Content-Type: application/xml; charset=UTF-8');
echo '<?xml version="1.0"?>';
?><posting><content><![CDATA[<?php echo $ftext; ?>]]></content><locked><?php echo $entrydata['locked']; ?></locked></posting><?php
exit;
}
// thread-data:
$thread = $entrydata['tid'];
if($entrydata['spam']==1) $display_spam_query_and='';
$result = mysqli_query($connid, "SELECT id, pid, tid, ft.user_id, UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(ft.time + INTERVAL ".$time_difference." MINUTE) AS disp_time,
UNIX_TIMESTAMP(last_reply) AS last_reply, name, user_name, subject, category, marked, text, spam, rst.user_id AS req_user FROM ".$db_settings['forum_table']." AS ft
LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=ft.user_id
LEFT JOIN ".$db_settings['read_status_table']." AS rst ON rst.posting_id = ft.id AND rst.user_id = ". intval($tmp_user_id) ."
WHERE tid = ".$thread.$display_spam_query_and." ORDER BY time ASC");
if(!$result) raise_error('database_error',mysqli_error($connid));
while($data = mysqli_fetch_array($result))
{
if($data['user_id']>0)
{
if(!$data['user_name']) $data['name'] = $lang['unknown_user'];
else $data['name'] = htmlspecialchars($data['user_name']);
}
else $data['name'] = htmlspecialchars($data['name']);
$data['subject'] = htmlspecialchars($data['subject']);
$data['formated_time'] = format_time($lang['time_format'],$data['disp_time']);
// set read or new status of messages
$data = getMessageStatus($data, $last_visit);
if($data['text']=='') $data['no_text'] = true;
unset($data['text']);
if(isset($categories[$data['category']]) && $categories[$data['category']]!='') $data['category_name']=$categories[$data["category"]];
$data_array[$data['id']] = $data;
$child_array[$data['pid']][] = $data['id'];
if($data['pid']==$id) $direct_replies[] = $data['id'];
$last = $data['id'];
if($data['pid']>$last) $last = $data['id'];
}
if(isset($child_array))
{
$smarty->assign('child_array',$child_array);
get_thread_items($child_array, $entrydata['tid'], $entrydata['id']);
$thread_items_count = count($thread_items);
if($thread_items_count>1)
{
foreach($thread_items as $key => $val)
{
if($val==$entrydata['id']) $current_key = $key;
}
if($entrydata['id']!=$thread_items[0]) $smarty->assign('link_rel_first', 'index.php?id='.$thread_items[0]);
if(isset($thread_items[$current_key-1])) $smarty->assign('link_rel_prev', 'index.php?id='.$thread_items[$current_key-1]);
if(isset($thread_items[$current_key+1])) $smarty->assign('link_rel_next', 'index.php?id='.$thread_items[$current_key+1]);
if($entrydata['id']!=$thread_items[$thread_items_count-1]) $smarty->assign('link_rel_last', 'index.php?id='.$thread_items[$thread_items_count-1]);
}
}
mysqli_free_result($result);
// tags:
$tags = $entrydata['tags'];
if($tags!='')
{
$tags_help_array = explode(';',$tags);
$i=0;
foreach($tags_help_array as $tag)
{
if($tag!='')
{
if(my_strpos($tag, ' ', 0, $lang['charset'])) $tag_escaped='"'.$tag.'"';
else $tag_escaped = $tag;
$tags_array[$i]['escaped'] = urlencode($tag_escaped);
$tags_array[$i]['display'] = htmlspecialchars($tag);
$keywords[] = htmlspecialchars($tag);
$i++;
}
}
if(isset($tags_array)) $smarty->assign('tags',$tags_array);
if(isset($keywords)) $smarty->assign('keywords',implode(', ',$keywords));
}
$category = $category;
$smarty->assign('id',intval($entrydata['id']));
$smarty->assign('tid',intval($entrydata['tid']));
$smarty->assign('pid',intval($entrydata['pid']));
$smarty->assign('posting_user_id', intval($entrydata['user_id']));
$smarty->assign('page_title',htmlspecialchars($entrydata['subject']));
$smarty->assign('subject',htmlspecialchars($entrydata['subject']));
if($entrydata['user_id']>0)
{
if(!$entrydata['user_name']) $name = $lang['unknown_user'];
else $name = htmlspecialchars($entrydata['user_name']);
}
else $name = htmlspecialchars($entrydata['name']);
$smarty->assign('name',$name);
$smarty->assign('user_type', htmlspecialchars($entrydata['user_type']));
$smarty->assign('disp_time', htmlspecialchars($entrydata['disp_time']));
$smarty->assign('formated_time', htmlspecialchars($entrydata['formated_time']));
$smarty->assign('locked', htmlspecialchars($entrydata['locked']));
$ago['days'] = floor((TIMESTAMP - $entrydata['time'])/86400);
$ago['hours'] = floor(((TIMESTAMP - $entrydata['time'])/3600)-($ago['days']*24));
$ago['minutes'] = floor(((TIMESTAMP - $entrydata['time'])/60)-($ago['hours']*60+$ago['days']*1440));
if($ago['hours']>12) $ago['days_rounded'] = $ago['days'] + 1;
else $ago['days_rounded'] = $ago['days'];
$smarty->assign('ago',$ago);
$authorization = get_edit_authorization($id, $entrydata['user_id'], $entrydata['edit_key'], $entrydata['time'], $entrydata['locked']);
if($authorization['edit']==true) $options['edit'] = true;
if($authorization['delete']==true) $options['delete'] = true;
if(isset($direct_replies)) $smarty->assign('direct_replies',$direct_replies);
if($settings['count_views'] == 1)
{
$views = $entrydata['views']-1; // this subtracts the first view by the author after posting
if($views<0) $views=0; // prevents negative number of views
$smarty->assign('views',$entrydata['views']);
}
$smarty->assign('ip',$entrydata['ip']);
if($entrydata['spam']==1) $smarty->assign('spam',true);
if (isset($categories[$entrydata["category"]]) && $categories[$entrydata['category']]!='')
{
$smarty->assign('category_name',$categories[$entrydata["category"]]);
}
if(empty($entrydata['email_contact'])) $entrydata["email_contact"]=0;
if ($entrydata['hp']!='')
{
$entrydata['hp'] = add_http_if_no_protocol($entrydata['hp']);
$smarty->assign('hp',$entrydata["hp"]);
}
if($entrydata['email']!='' && $entrydata["email_contact"]==1) $smarty->assign('email',true);
if($entrydata['location'] != '') $smarty->assign('location',htmlspecialchars($entrydata['location']));
$subnav_link = array('mode'=>'index', 'name'=>'thread_entry_back_link', 'title'=>'thread_entry_back_title');
// edited:
if($entrydata["edited_diff"] > 0 && $entrydata["edited_diff"] > $entrydata["time"] && $settings['show_if_edited'] == 1)
{
$smarty->assign('edited',true);
$smarty->assign('edit_time', htmlspecialchars($entrydata['edit_time']));
$entrydata['formated_edit_time'] = format_time($lang['time_format_full'],$entrydata['edit_time']);
$smarty->assign('formated_edit_time', htmlspecialchars($entrydata['formated_edit_time']));
if($entrydata['user_id'] == $entrydata['edited_by']) $edited_by = $name;
else
{
$result = @mysqli_query($connid, "SELECT user_name FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($entrydata['edited_by'])." LIMIT 1");
$edited_data = mysqli_fetch_array($result);
@mysqli_free_result($result);
if(!$edited_data['user_name']) $edited_by = $lang['unknown_user'];
else $edited_by = htmlspecialchars($edited_data['user_name']);
}
$smarty->assign('edited_by',$edited_by);
}
if(isset($entrydata['signature']) && $entrydata['signature'] != '' && $entrydata["show_signature"]==1)
{
// user has a signature and wants it to be displayed in this posting. Check if it's already cached:
if($entrydata['cache_signature']!='')
{
$smarty->assign('signature',$entrydata['cache_signature']);
}
else
{
$signature = signature_format($entrydata['signature']);
// cache signature:
list($row_count) = @mysqli_fetch_row(mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($entrydata['user_id'])));
if($row_count==1)
{
mysqli_query($connid, "UPDATE ".$db_settings['userdata_cache_table']." SET cache_signature='".mysqli_real_escape_string($connid, $signature)."' WHERE cache_id=".intval($entrydata['user_id']));
}
else
{
@mysqli_query($connid, "DELETE FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($entrydata['user_id']));
@mysqli_query($connid, "INSERT INTO ".$db_settings['userdata_cache_table']." (cache_id, cache_signature, cache_profile) VALUES (".intval($entrydata['user_id']).",'".mysqli_real_escape_string($connid, $signature)."','')");
}
$smarty->assign('signature',$signature);
}
}
if(isset($branch)) $smarty->assign('branch',$branch);
if(isset($data_array)) $smarty->assign("data",$data_array);
$smarty->assign('posting',$ftext);
$smarty->assign('subnav_link',$subnav_link);
$smarty->assign('page',$page);
$smarty->assign('order',$order);
$smarty->assign('category',$category);
if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0) {
$options['move'] = true;
$options['lock'] = true;
}
if(isset($_SESSION[$settings['session_prefix'].'user_id'])) {
if (isset($entrydata['bookmarkedby']))
$options['delete_bookmark'] = true;
else
$options['add_bookmark'] = true;
}
if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0 && $settings['akismet_key']!='' && $settings['akismet_entry_check']==1 && $entrydata['spam']==0 && $entrydata['spam_check_status']>0) $options['report_spam'] = true;
if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0 && $entrydata['spam']==1) $options['flag_ham'] = true;
if(isset($options)) $smarty->assign('options', $options);
$smarty->assign('subtemplate','entry.inc.tpl');
$template = 'main.tpl';
?>
Reference in a new issue View git blame Copy permalink