1365 lines
78 KiB
PHP
1365 lines
78 KiB
PHP
<?php
|
|
if (!defined('IN_INDEX')) {
|
|
header('Location: ../index.php');
|
|
exit;
|
|
}
|
|
|
|
if (empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_posting'] > 0) {
|
|
require('modules/captcha/captcha.php');
|
|
$captcha = new Captcha();
|
|
}
|
|
|
|
// reorder categories if user has a personal category selection (selected categories first):
|
|
if (isset($category_selection)) {
|
|
// put selected cegories in $reordered_categories:
|
|
foreach ($category_selection as $cat) {
|
|
$reordered_categories[$cat] = $categories[$cat];
|
|
}
|
|
// add not selected categories to $reordered_categories:
|
|
while (list($key) = each($categories)) {
|
|
if (empty($reordered_categories[$key])) $reordered_categories[$key] = $categories[$key];
|
|
}
|
|
// assign $reordered_categories:
|
|
$smarty->assign('categories', $reordered_categories);
|
|
}
|
|
|
|
// change category if category of posting is different to current selected category:
|
|
if (isset($_REQUEST['p_category']) && isset($_SESSION[$settings['session_prefix'].'usersettings']['category']) && $_SESSION[$settings['session_prefix'].'usersettings']['category'] > 0 && $_SESSION[$settings['session_prefix'].'usersettings']['category'] != intval($_REQUEST['p_category'])) $_SESSION[$settings['session_prefix'].'usersettings']['category'] = intval($_REQUEST['p_category']);
|
|
|
|
$category = isset($_SESSION[$settings['session_prefix'].'usersettings']['category']) ? intval($_SESSION[$settings['session_prefix'].'usersettings']['category']) : 0;
|
|
|
|
$id = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : 0;
|
|
$back = isset($_REQUEST['back']) ? $_REQUEST['back'] : 'index';
|
|
if ($back != 'entry' && $back != 'thread' && $back != 'index') $back = 'index';
|
|
$posting_mode = isset($_REQUEST['posting_mode']) ? intval($_REQUEST['posting_mode']) : 0; // 0 = post, 1 = edit
|
|
|
|
if (isset($_GET['edit']) && intval($_GET['edit']) > 0) $posting_mode = 1;
|
|
|
|
if (isset($_POST['p_category'])) $p_category = intval($_POST['p_category']);
|
|
else $p_category = 0;
|
|
|
|
// determine mode:
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
// registered user
|
|
if ($posting_mode == 1) {
|
|
// edit
|
|
if (isset($_GET['edit'])) $pu_id = $_GET['edit']; // posting about to edit
|
|
elseif (isset($_POST['id'])) $pu_id = $_POST['id']; // posting edited and submitted
|
|
$pui_result = @mysqli_query($connid, "SELECT user_id FROM ".$db_settings['forum_table']." WHERE id = ". intval($pu_id) ." LIMIT 1") or die(mysqli_error($connid));
|
|
if (mysqli_num_rows($pui_result) == 1) {
|
|
list($posting_user_id) = mysqli_fetch_array($pui_result);
|
|
if (isset($posting_user_id) && intval($posting_user_id) > 0) $smarty->assign('form_type', 1); // posting is by a registered user
|
|
else $smarty->assign('form_type',0); // posting is by an unregistered user
|
|
} else {
|
|
// posting not available
|
|
$smarty->assign('no_authorisation', 'error_posting_unavailable');
|
|
}
|
|
@mysqli_free_result($pui_result);
|
|
} else {
|
|
// new posting:
|
|
$posting_user_id = $_SESSION[$settings['session_prefix'].'user_id'];
|
|
$smarty->assign('form_type', 1);
|
|
}
|
|
} else {
|
|
// unregistered user:
|
|
$smarty->assign('form_type', 0);
|
|
}
|
|
|
|
if (isset($_REQUEST['action'])) $action = $_REQUEST['action'];
|
|
else $action = 'posting';
|
|
|
|
if (isset($_GET['lock'])) $action = 'lock';
|
|
if (isset($_GET['lock_thread'])) $action = 'lock_thread';
|
|
if (isset($_GET['unlock_thread'])) $action = 'unlock_thread';
|
|
if (isset($_GET['edit'])) $action = 'edit';
|
|
if (isset($_GET['report_spam'])) $action = 'report_spam';
|
|
if (isset($_GET['flag_ham'])) $action = 'flag_ham';
|
|
if (isset($_GET['delete_marked'])) $action = 'delete_marked';
|
|
if (isset($_GET['manage_postings'])) $action = 'manage_postings';
|
|
if (isset($_GET['delete_spam'])) $action = 'delete_spam';
|
|
if (isset($_POST['report_spam_submit']) || isset($_POST['report_spam_delete_submit'])) $action = 'report_spam_submit';
|
|
if (isset($_POST['report_flag_ham_submit']) || isset($_POST['flag_ham_submit'])) $action = 'flag_ham_submit';
|
|
if (isset($_POST['delete_marked_submit'])) $action = 'delete_marked_submit';
|
|
if (isset($_POST['delete_spam_submit'])) $action = 'delete_spam_submit';
|
|
if (isset($_POST['save_entry']) || isset($_POST['preview'])) $action = 'posting_submitted';
|
|
if (isset($_REQUEST['mark'])) $action = 'mark';
|
|
if (isset($_GET['move_posting'])) $action = 'move_posting';
|
|
if (isset($_GET['bookmark'])) $action = 'bookmark_posting';
|
|
|
|
// permission to upload images:
|
|
if ($settings['upload_images'] == 1 && isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0) $smarty->assign('upload_images', true);
|
|
elseif ($settings['upload_images'] == 2 && isset($_SESSION[$settings['session_prefix'].'user_id'])) $smarty->assign('upload_images', true);
|
|
elseif ($settings['upload_images'] == 3) $smarty->assign('upload_images', true);
|
|
|
|
if (isset($_REQUEST['delete_posting'])) {
|
|
if (empty($_REQUEST['delete_posting_confirm'])) $action = 'delete_posting';
|
|
else $action = 'delete_posting_confirmed';
|
|
}
|
|
|
|
// clicked on "spam" but should only be deleted without reporting:
|
|
if (isset($_POST['delete_submit'])) {
|
|
$_REQUEST['delete_posting'] = intval($_POST['id']);
|
|
$action = 'delete_posting_confirmed';
|
|
}
|
|
|
|
if (isset($_POST['move_posting_submit']) && isset($_POST['move_posting']) && isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0) {
|
|
$original_thread_result = @mysqli_query($connid, "SELECT tid, pid FROM ".$db_settings['forum_table']." WHERE id = ". intval($_POST['move_posting']) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
|
|
$o_data = mysqli_fetch_array($original_thread_result);
|
|
mysqli_free_result($original_thread_result);
|
|
|
|
if (isset($_POST['move_mode']) && $_POST['move_mode'] == 1 && isset($_POST['move_to'])) {
|
|
// move posting:
|
|
list($count) = @mysqli_fetch_row(mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE id = ". intval($_POST['move_to'])));
|
|
if ($count != 1 || intval($_POST['move_posting']) == intval($_POST['move_to'])) $errors[] = 'invalid_posting_to_move';
|
|
if (empty($errors)) {
|
|
$child_ids = get_child_ids($_POST['move_posting']);
|
|
$move_result = @mysqli_query($connid, "SELECT tid FROM ".$db_settings['forum_table']." WHERE id = ". intval($_POST['move_to']) ." LIMIT 1");
|
|
$data = mysqli_fetch_array($move_result);
|
|
mysqli_free_result($move_result);
|
|
if (intval($o_data['pid']) == 0 && intval($data['tid']) == intval($o_data['tid'])) {
|
|
$errors[] = 'invalid_posting_to_move';
|
|
} else {
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET pid = ". intval($_POST['move_to']) .", tid = ". intval($data['tid']) .", time = time, last_reply = last_reply, edited = edited WHERE id = ". intval($_POST['move_posting']));
|
|
if (is_array($child_ids)) {
|
|
foreach ($child_ids as $id) {
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET tid = ". intval($data['tid']) .", time = time, last_reply = last_reply, edited = edited WHERE id = ". intval($id));
|
|
}
|
|
}
|
|
// set last reply of original thread:
|
|
$last_reply_result = @mysqli_query($connid, "SELECT time FROM ".$db_settings['forum_table']." WHERE tid = ". intval($o_data['tid']) ." ORDER BY time DESC LIMIT 1");
|
|
$field = mysqli_fetch_array($last_reply_result);
|
|
mysqli_free_result($last_reply_result);
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time = time, edited = edited, last_reply = '". $field['time'] ."' WHERE tid = ". intval($o_data['tid']));
|
|
// set last reply of new thread:
|
|
$last_reply_result = @mysqli_query($connid, "SELECT time FROM ".$db_settings['forum_table']." WHERE tid = ". intval($data['tid']) ." ORDER BY time DESC LIMIT 1");
|
|
$field = mysqli_fetch_array($last_reply_result);
|
|
mysqli_free_result($last_reply_result);
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time = time, edited = edited, last_reply = '". $field['time'] ."' WHERE tid = ". intval($data['tid']));
|
|
// set category of new thread:
|
|
$last_reply_result = @mysqli_query($connid, "SELECT category FROM ".$db_settings['forum_table']." WHERE id = ". intval($data['tid']));
|
|
$field = mysqli_fetch_array($last_reply_result);
|
|
mysqli_free_result($last_reply_result);
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET category = ". $field['category'] .", time = time, edited = edited, last_reply = last_reply WHERE tid = ". intval($data['tid']));
|
|
if (isset($back) && $back == 'thread') header('Location: index.php?mode=thread&id='.intval($_POST['move_posting']));
|
|
else header('Location: index.php?id='.intval($_POST['move_posting']));
|
|
exit;
|
|
}
|
|
}
|
|
if (!empty($errors)) {
|
|
$smarty->assign('errors', $errors);
|
|
$action = 'move_posting';
|
|
}
|
|
} else {
|
|
// make self-contained thread:
|
|
$child_ids = get_child_ids($_POST['move_posting']);
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET pid = 0, tid = ". intval($_POST['move_posting']) .", time = time, last_reply = last_reply, edited = edited WHERE id = ". intval($_POST['move_posting']));
|
|
if (is_array($child_ids)) {
|
|
foreach ($child_ids as $id) {
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET tid = ". intval($_POST['move_posting']) .", time = time, last_reply = last_reply, edited = edited WHERE id = ". intval($id));
|
|
}
|
|
}
|
|
// set last reply of original thread:
|
|
$last_reply_result = @mysqli_query($connid, "SELECT time FROM ".$db_settings['forum_table']." WHERE tid = ". intval($o_data['tid']) ." ORDER BY time DESC LIMIT 1");
|
|
$field = mysqli_fetch_array($last_reply_result);
|
|
mysqli_free_result($last_reply_result);
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time = time, edited = edited, last_reply = '". $field['time'] ."' WHERE tid = ". intval($o_data['tid']));
|
|
// set last reply of new thread:
|
|
$last_reply_result = @mysqli_query($connid, "SELECT time FROM ".$db_settings['forum_table']." WHERE tid = ". intval($_POST['move_posting']) ." ORDER BY time DESC LIMIT 1");
|
|
$field = mysqli_fetch_array($last_reply_result);
|
|
mysqli_free_result($last_reply_result);
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time = time, edited = edited, last_reply = '".$field['time'] ."' WHERE tid = ". intval($_POST['move_posting']));
|
|
if (isset($back) && $back == 'thread') header('Location: index.php?mode=thread&id='.intval($_POST['move_posting']));
|
|
else header('Location: index.php?id='.intval($_POST['move_posting']));
|
|
exit;
|
|
}
|
|
}
|
|
|
|
// smilies:
|
|
if ($settings['smilies'] == 1 && ($action == 'posting' || $action == 'edit' || $action == 'posting_submitted')) {
|
|
$smiley_result = @mysqli_query($connid, "SELECT id, file, code_1, code_2, code_3, code_4, code_5, title FROM ".$db_settings['smilies_table']." ORDER BY order_id ASC") or raise_error('database_error', mysqli_error($connid));
|
|
$i = 0;
|
|
while ($row = mysqli_fetch_array($smiley_result)) {
|
|
$smilies[$i]['id'] = $row['id'];
|
|
$smilies[$i]['file'] = $row['file'];
|
|
$smilies[$i]['code'] = $row['code_1'];
|
|
$smilies[$i]['title'] = $row['title'];
|
|
$i++;
|
|
}
|
|
mysqli_free_result($smiley_result);
|
|
if (isset($smilies)) {
|
|
$smarty->assign('smilies',$smilies);
|
|
$smarty->assign('smilies_count',count($smilies));
|
|
}
|
|
}
|
|
|
|
// checkavailable languages for the syntax highlighter:
|
|
if ($settings['bbcode'] == 1 && $settings['bbcode_code'] == 1 && $settings['syntax_highlighter'] == 1) {
|
|
// get available language schemas:
|
|
$handle = opendir('./modules/geshi/geshi');
|
|
while ($file = readdir($handle)) {
|
|
if (strrchr($file, ".") == ".php") {
|
|
$available_languages[] = substr($file, 0, strrpos($file, '.'));
|
|
}
|
|
}
|
|
closedir($handle);
|
|
if (isset($available_languages)) {
|
|
natcasesort($available_languages);
|
|
$smarty->assign('code_languages', $available_languages);
|
|
}
|
|
}
|
|
|
|
if (isset($_POST['mark_submit']) && isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0) {
|
|
if (isset($_POST['mark_mode'])) {
|
|
switch ($_POST['mark_mode']) {
|
|
case 1:
|
|
if (intval($_POST['days']) > 0) {
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET marked = 1 WHERE marked = 0 AND last_reply < (NOW() - INTERVAL ". intval($_POST['days']) ." DAY)");
|
|
}
|
|
break;
|
|
case 2:
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET marked = 1");
|
|
break;
|
|
case 3:
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET marked = 0");
|
|
break;
|
|
}
|
|
}
|
|
header('Location: index.php?mode=index');
|
|
exit;
|
|
}
|
|
|
|
if (isset($_POST['lock_submit']) && isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0) {
|
|
if (isset($_POST['lock_mode'])) {
|
|
switch($_POST['lock_mode']) {
|
|
case 1:
|
|
if (intval($_POST['days']) > 0) {
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET locked = 1 WHERE locked = 0 AND last_reply < (NOW() - INTERVAL ". intval($_POST['days']) ." DAY)");
|
|
}
|
|
break;
|
|
case 2:
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET locked = 1");
|
|
break;
|
|
case 3:
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET locked = 0");
|
|
break;
|
|
}
|
|
}
|
|
header('Location: index.php?mode=index');
|
|
exit;
|
|
}
|
|
|
|
switch($action) {
|
|
case 'bookmark_posting':
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
$user_id = intval($_SESSION[$settings['session_prefix'].'user_id']);
|
|
$result = @mysqli_query($connid, "SELECT TRUE AS 'exists' FROM ".$db_settings['bookmark_table']." WHERE user_id = ". intval($user_id) ." AND posting_id = ". intval($_GET['bookmark']) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
|
|
$exists = mysqli_fetch_row ($result);
|
|
mysqli_free_result($result);
|
|
if (isset($exists) && intval($exists) == 1) {
|
|
@mysqli_query($connid, "DELETE FROM ".$db_settings['bookmark_table']." WHERE `user_id`= ".intval($user_id)." AND `posting_id` = ".intval($_GET['bookmark'])." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
|
|
} else {
|
|
@mysqli_query($connid, "INSERT INTO ".$db_settings['bookmark_table']."(order_id, user_id, posting_id, subject)
|
|
SELECT COALESCE(MAX(`order_id`), 0) + 1, ". intval($user_id) .", ". intval($_GET['bookmark']) .",
|
|
(SELECT `subject` FROM ".$db_settings['forum_table']." WHERE ".$db_settings['forum_table'].".id = ". intval($_GET['bookmark']).")
|
|
FROM ".$db_settings['bookmark_table']." WHERE user_id= ". intval($user_id)) or raise_error('database_error', mysqli_error($connid));
|
|
}
|
|
header("location: index.php?mode=".$back."&id=".intval($_GET['bookmark']));
|
|
}
|
|
break;
|
|
case 'mark':
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0) {
|
|
$id = intval($_REQUEST['mark']);
|
|
$mark_result = @mysqli_query($connid, "SELECT marked FROM ".$db_settings['forum_table']." WHERE id=". $id ." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
|
|
$field = mysqli_fetch_array($mark_result);
|
|
mysqli_free_result($mark_result);
|
|
if ($field['marked'] == 0) $marked = 1; else $marked = 0;
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time = time, last_reply = last_reply, edited = edited, marked = ". $marked ." WHERE id = ". $id);
|
|
|
|
if (isset($_POST['method']) && $_POST['method'] == 'ajax') {
|
|
header('Content-Type: application/xml; charset=UTF-8');
|
|
echo '<?xml version="1.0"?>';
|
|
?><mark><action><?php echo $marked; ?></action></mark><?php
|
|
} else {
|
|
if (isset($_GET['back'])) header('Location: index.php?id='.intval($_GET['back']));
|
|
else header('Location: index.php?mode=index');
|
|
}
|
|
exit;
|
|
} else {
|
|
header('Location: index.php?mode=index');
|
|
exit;
|
|
}
|
|
break;
|
|
case 'posting':
|
|
if ($settings['forum_readonly'] == 1) {
|
|
$subnav_link = array('mode' => 'index', 'name' => 'forum_index_link', 'title' => 'forum_index_link_title');
|
|
$smarty->assign("subnav_link", $subnav_link);
|
|
$smarty->assign('no_authorisation', 'no_auth_readonly');
|
|
$smarty->assign('subtemplate', 'posting.inc.tpl');
|
|
} elseif ($settings['entries_by_users_only'] != 0 && empty($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
// is user authorisized to post messages?
|
|
$back = '&back=posting';
|
|
if (isset($id) && $id > 0) $back .= '&id='.$id;
|
|
header('Location: index.php?mode=login&login_message=registered_users_only'.$back);
|
|
exit;
|
|
} else {
|
|
if ($id == 0) {
|
|
// new posting
|
|
$link_name = 'back_to_index_link';
|
|
$link_title = 'back_to_index_link_title';
|
|
$smarty->assign('p_category', $category);
|
|
$subnav_link = array('mode' => $back, 'id' => $id, 'title' => $link_title, 'name' => $link_name);
|
|
} else {
|
|
// reply
|
|
// get data of message:
|
|
$result = mysqli_query($connid, "SELECT tid, pid, name, user_name, ".$db_settings['forum_table'].".user_id, subject, category, text, locked
|
|
FROM ".$db_settings['forum_table']."
|
|
LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id = ".$db_settings['forum_table'].".user_id
|
|
WHERE id = ". intval($id)) or raise_error('database_error', mysqli_error($connid));
|
|
if (mysqli_num_rows($result) == 1) {
|
|
$field = mysqli_fetch_array($result);
|
|
mysqli_free_result($result);
|
|
|
|
if ($field['locked'] > 0) {
|
|
$smarty->assign('no_authorisation', 'posting_locked_no_reply');
|
|
} else {
|
|
$smarty->assign('subject', htmlspecialchars($field['subject']));
|
|
$smarty->assign('p_category', $field['category']);
|
|
$text = $field['text'];
|
|
$text = quote_reply($text);
|
|
$smarty->assign('text', htmlspecialchars($text));
|
|
$smarty->assign('quote', true);
|
|
}
|
|
|
|
$link_name = 'back_to_entry_link';
|
|
$link_title = 'back_to_entry_link_title';
|
|
if ($field['user_id'] > 0) {
|
|
if (!$field['user_name']) $smarty->assign('name_repl_subnav', $lang['unknown_user']);
|
|
else $smarty->assign('name_repl_subnav', htmlspecialchars($field['user_name']));
|
|
}
|
|
else $smarty->assign('name_repl_subnav', htmlspecialchars($field['name']));
|
|
|
|
if (empty($back) || isset($back) && $back == 'entry') {
|
|
$subnav_link = array('id' => $id, 'title' => $link_title, 'name' => $link_name);
|
|
} elseif (isset($back) && $back=='index') {
|
|
$subnav_link = array('mode' => 'index', 'name' => 'thread_entry_back_link', 'title' => 'thread_entry_back_title');
|
|
} else {
|
|
$subnav_link = array('mode' => $back, 'id' => $id, 'title' => $link_title, 'name' => $link_name);
|
|
}
|
|
} else {
|
|
$subnav_link = array('mode' => $back, 'title' => 'forum_index_link_title', 'name' => 'forum_index_link');
|
|
$smarty->assign('no_authorisation', 'error_posting_unavailable');
|
|
}
|
|
}
|
|
|
|
if ($settings['remember_userdata'] && isset($_COOKIE[$settings['session_prefix'].'userdata'])) {
|
|
$cookie_parts = explode("|", $_COOKIE[$settings['session_prefix'].'userdata']);
|
|
$smarty->assign('name', htmlspecialchars(urldecode($cookie_parts[0])));
|
|
if (isset($cookie_parts[1])) $smarty->assign('email', htmlspecialchars(urldecode($cookie_parts[1])));
|
|
if (isset($cookie_parts[2])) $smarty->assign('hp', htmlspecialchars(urldecode($cookie_parts[2])));
|
|
if (isset($cookie_parts[3])) $smarty->assign('location', htmlspecialchars(urldecode($cookie_parts[3])));
|
|
$smarty->assign('setcookie', 1);
|
|
$smarty->assign('cookie', true);
|
|
}
|
|
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
list($signature) = @mysqli_fetch_row(mysqli_query($connid, "SELECT signature FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id'])));
|
|
if (!empty($signature)) {
|
|
$smarty->assign('signature', true);
|
|
$smarty->assign('show_signature', 1);
|
|
}
|
|
}
|
|
|
|
$smarty->assign("uniqid", uniqid(''));
|
|
$smarty->assign('posting_mode', 0);
|
|
$smarty->assign('id', intval($id));
|
|
$smarty->assign('back', htmlspecialchars($back));
|
|
$smarty->assign('action', htmlspecialchars($action));
|
|
if ($settings['terms_of_use_agreement'] == 1 && empty($_SESSION[$settings['session_prefix'].'user_id'])) $smarty->assign('terms_of_use_agreement', true);
|
|
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_id']) || $settings['email_notification_unregistered'] == 1) $smarty->assign('provide_email_notification', true);
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0 && (empty($id) || $posting_mode == 1 && $pid == 0)) $smarty->assign('provide_sticky', true);
|
|
|
|
$smarty->assign("subnav_link", $subnav_link);
|
|
$_SESSION[$settings['session_prefix'].'formtime'] = TIMESTAMP;
|
|
$smarty->assign('subtemplate', 'posting.inc.tpl');
|
|
}
|
|
break;
|
|
case 'posting_submitted':
|
|
if ($settings['forum_readonly'] == 1) {
|
|
$subnav_link = array('mode' => 'index', 'name' => 'forum_index_link', 'title' => 'forum_index_link_title');
|
|
$smarty->assign("subnav_link", $subnav_link);
|
|
$smarty->assign('no_authorisation', 'no_auth_readonly');
|
|
$smarty->assign('subtemplate', 'posting.inc.tpl');
|
|
} elseif ($settings['entries_by_users_only'] != 0 && empty($_SESSION[$settings['session_prefix'].'user_name'])) {
|
|
if (isset($_POST['text'])) {
|
|
$smarty->assign('no_authorisation', 'no_auth_session_expired');
|
|
$smarty->assign('text', htmlspecialchars($_POST['text']));
|
|
} else {
|
|
$smarty->assign('no_authorisation', 'no_auth_post_reg_users');
|
|
}
|
|
$smarty->assign('subtemplate', 'posting.inc.tpl');
|
|
} else {
|
|
if (isset($_POST['posting_mode'])) $posting_mode = intval($_POST['posting_mode']);
|
|
else $posting_mode = 0;
|
|
|
|
// clear edit keys
|
|
if ($settings['user_edit'] == 2 && $settings['edit_max_time_period'] > 0) {
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time = time, last_reply = last_reply, edited = edited, edit_key = '' WHERE time < (NOW() - INTERVAL ". intval($settings['edit_max_time_period']) ." MINUTE)");
|
|
}
|
|
|
|
// import, trim and complete data:
|
|
$uniqid = isset($_POST['uniqid']) ? trim($_POST['uniqid']) : '';
|
|
$pid = isset($_POST['pid']) ? intval($_POST['pid']) : 0;
|
|
$subject = isset($_POST['subject']) ? trim($_POST['subject']) : '';
|
|
$text = isset($_POST['text']) ? trim($_POST['text']) : '';
|
|
$email_notification = isset($_POST['email_notification']) && intval($_POST['email_notification'] == 1) ? 1 : 0;
|
|
$email = isset($_POST['email']) ? trim($_POST['email']) : '';
|
|
$hp = isset($_POST['hp']) ? trim($_POST['hp']) : '';
|
|
$location = isset($_POST['location']) ? trim($_POST['location']) : '';
|
|
$name = isset($_POST['name']) ? trim($_POST['name']) : '';
|
|
if (empty($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
$setcookie = isset($_POST['setcookie']) && intval($_POST['setcookie'] == 1) ? 1 : 0;
|
|
$terms_of_use_agree = isset($_POST['terms_of_use_agree']) && intval($_POST['terms_of_use_agree'] == 1) ? 1 : 0;
|
|
} else {
|
|
$show_signature = isset($_POST['show_signature']) && intval($_POST['show_signature']==1) ? 1 : 0;
|
|
}
|
|
|
|
$sticky = isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0 && isset($_POST['sticky']) && intval($_POST['sticky'] == 1) ? 1 : 0;
|
|
if ($id != 0 && $posting_mode == 0 || $posting_mode == 1 && $pid > 0) {
|
|
// get category of parent posting:
|
|
$c_result = @mysqli_query($connid, "SELECT category FROM ".$db_settings['forum_table']." WHERE id = ". intval($id)) or raise_error('database_error', mysqli_error($connid));
|
|
$c_data = mysqli_fetch_array($c_result);
|
|
$p_category = $c_data['category'];
|
|
mysqli_free_result($c_result);
|
|
}
|
|
// end trim and complete data
|
|
|
|
if ($posting_mode == 0) {
|
|
// new message
|
|
if (empty($uniqid)) {
|
|
$errors[] = 'error_invalid_form';
|
|
} else {
|
|
// double entry?
|
|
list($double_entry_count) = @mysqli_fetch_row(@mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE uniqid = '". mysqli_real_escape_string($connid, $uniqid) ."' AND time > (NOW()-INTERVAL 1 HOUR)"));
|
|
if ($double_entry_count > 0) {
|
|
header("Location: index.php?mode=index");
|
|
exit;
|
|
}
|
|
}
|
|
|
|
if (empty($errors)) {
|
|
// check form session and time used to complete the form:
|
|
if (empty($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
if (empty($_SESSION[$settings['session_prefix'].'formtime'])) $errors[] = 'error_invalid_form';
|
|
else {
|
|
$time_need = TIMESTAMP - intval($_SESSION[$settings['session_prefix'].'formtime']);
|
|
if ($time_need < 10) $errors[] = 'error_form_sent_too_fast';
|
|
elseif ($time_need > 10800) $errors[] = 'error_form_sent_too_slow';
|
|
unset($_SESSION[$settings['session_prefix'].'formtime']);
|
|
}
|
|
}
|
|
}
|
|
|
|
if (empty($errors)) {
|
|
// flood prevention:
|
|
if (empty($_SESSION[$settings['session_prefix'].'user_id']) && isset($_POST['save_entry'])) {
|
|
list($flood_count) = @mysqli_fetch_row(@mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = 0 AND ip = '". mysqli_real_escape_string($connid, $_SERVER['REMOTE_ADDR']) ."' AND time > (NOW()-INTERVAL ". $settings['flood_prevention_minutes'] ." MINUTE)"));
|
|
if ($flood_count > 0) {
|
|
$smarty->assign('minutes', $settings['flood_prevention_minutes']);
|
|
$errors[] = 'error_repeated_posting';
|
|
}
|
|
}
|
|
}
|
|
|
|
// is it a registered user?
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
$user_id = $_SESSION[$settings['session_prefix'].'user_id'];
|
|
$name = $_SESSION[$settings['session_prefix'].'user_name'];
|
|
} else {
|
|
$user_id = 0;
|
|
$show_signature = 0;
|
|
}
|
|
|
|
// get thread ID if reply:
|
|
if ($id != 0) {
|
|
$tid_result = @mysqli_query($connid, "SELECT tid, name, user_name, ".$db_settings['forum_table'].".user_id, category, locked
|
|
FROM ".$db_settings['forum_table']."
|
|
LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id = ". $db_settings['forum_table'] .".user_id
|
|
WHERE id = ". intval($id)) or raise_error('database_error', mysqli_error($connid));
|
|
if (mysqli_num_rows($tid_result) != 1) {
|
|
$errors[] = 'error_posting_unavailable';
|
|
} else {
|
|
$field = mysqli_fetch_array($tid_result);
|
|
mysqli_free_result($tid_result);
|
|
if ($field['locked'] != 0) $errors[] = 'posting_locked_no_reply';
|
|
if($field['category'] !=0 && !in_array($field['category'], $category_ids)) $errors[] = 'error_invalid_category';
|
|
$thread = $field['tid'];
|
|
if ($field['user_id'] > 0) {
|
|
if (!$field['user_name']) $smarty->assign('name_repl_subnav', $lang['unknown_user']);
|
|
else $smarty->assign('name_repl_subnav', htmlspecialchars($field['user_name']));
|
|
}
|
|
else $smarty->assign('name_repl_subnav', htmlspecialchars($field['name']));
|
|
$link_name = 'back_to_entry_link';
|
|
$link_title = 'back_to_entry_link_title';
|
|
}
|
|
} else {
|
|
$thread = 0;
|
|
$link_name = 'back_to_index_link';
|
|
$link_title = 'back_to_index_link_title';
|
|
}
|
|
|
|
if (isset($link_title)) {
|
|
if ($back == 'entry') $subnav_link = array('id' => $id, 'title' => $link_title, 'name' => $link_name);
|
|
else $subnav_link = array('mode' => $back, 'id' => $id, 'title' => $link_title, 'name' => $link_name);
|
|
} else {
|
|
$subnav_link = array('mode' => 'index', 'name' => 'forum_index_link', 'title' => 'forum_index_link_title');
|
|
}
|
|
$smarty->assign('subnav_link', $subnav_link);
|
|
} elseif ($posting_mode == 1) {
|
|
// edit message
|
|
$edit_result = mysqli_query($connid, "SELECT ".$db_settings['forum_table'].".user_id, name, user_name, locked, UNIX_TIMESTAMP(time) AS time FROM ".$db_settings['forum_table']."
|
|
LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id = ". $db_settings['forum_table'] .".user_id
|
|
WHERE id = ". intval($id)) or raise_error('database_error', mysqli_error($connid));
|
|
if (mysqli_num_rows($edit_result) != 1) $errors[] = 'error_posting_unavailable';
|
|
$field = mysqli_fetch_array($edit_result);
|
|
mysqli_free_result($edit_result);
|
|
|
|
if (empty($errors)) {
|
|
if (empty($name) && $field['user_id'] > 0) $name = $field['user_name'];
|
|
if ($field['user_id'] == 0) $subnav_name = $field['name'];
|
|
elseif ($field['user_id'] > 0 && isset($name)) $subnav_name = $name;
|
|
else $subnav_name = $lang['unknown_user'];
|
|
|
|
$subnav_link = array('mode' => $back, 'id' => $id, 'title' => 'back_to_entry_link_title', 'name' => 'back_to_entry_link');
|
|
$smarty->assign('subnav_link', $subnav_link);
|
|
$smarty->assign('name_repl_subnav', htmlspecialchars($subnav_name));
|
|
|
|
if ($settings['edit_max_time_period'] > 0 && (empty($_SESSION[$settings['session_prefix'].'user_type']) || isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] == 0)) {
|
|
$minutes_left_to_edit = round((($field['time'] + $settings['edit_max_time_period'] * 60) - TIMESTAMP) / 60);
|
|
if ($minutes_left_to_edit >= 0) $smarty->assign('minutes_left_to_edit', $minutes_left_to_edit);
|
|
}
|
|
}
|
|
}
|
|
|
|
// check data:
|
|
if (isset($_POST['tags']) && isset($_SESSION[$settings['session_prefix'].'user_type']) && ($_SESSION[$settings['session_prefix'].'user_type'] > 0)) {
|
|
$tags = trim($_POST['tags']);
|
|
if (my_strlen($tags, $lang['charset']) > 253) $errors[] = 'error_tags_too_long';
|
|
|
|
if ($tags != '') {
|
|
$s_tags = str_replace(';', '', $tags);
|
|
$s_tags = str_replace('"', '', $s_tags);
|
|
$s_tags_array=explode(',', $s_tags);
|
|
$s_tags = ';';
|
|
foreach ($s_tags_array as $tag) {
|
|
unset($too_long_word);
|
|
$too_long_word = too_long_word($tag,$settings['text_word_maxlength'], $lang['word_delimiters']);
|
|
if ($too_long_word) { $errors[] = 'error_word_too_long'; break; }
|
|
$s_tags .= trim($tag).';';
|
|
}
|
|
}
|
|
else $s_tags = '';
|
|
}
|
|
else $s_tags = '';
|
|
|
|
|
|
if ($posting_mode == 1) {
|
|
$edit_result = mysqli_query($connid, "SELECT tid, pid, name, user_id, email, hp, location, subject, text, tags, category, email_notification, show_signature, sticky, locked, UNIX_TIMESTAMP(time) AS time, edit_key FROM ".$db_settings['forum_table']." WHERE id = ". intval($id)) or raise_error('database_error', mysqli_error($connid));
|
|
$field = mysqli_fetch_array($edit_result);
|
|
mysqli_free_result($edit_result);
|
|
$pid = $field['pid'];
|
|
|
|
// authorisatin check:
|
|
$authorization = get_edit_authorization($id, $field['user_id'], $field['edit_key'], $field['time'], $field['locked']);
|
|
if ($authorization['edit'] != true) {
|
|
$errors[] = 'no_authorization_edit';
|
|
}
|
|
}
|
|
|
|
if ($posting_mode == 1 && empty($errors)) {
|
|
// e-mail available for notification?
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
if ($field['user_id'] == 0 && empty($email) && isset($email_notification) && $email_notification == 1) $errors[] = 'error_no_email_to_notify';
|
|
}
|
|
}
|
|
|
|
if (empty($errors)) {
|
|
// category check:
|
|
if ($id == 0 && $categories != false && empty($categories[$p_category])) $errors[] = 'error_invalid_category';
|
|
|
|
// name reserved?
|
|
$result = mysqli_query($connid, "SELECT user_id, user_name FROM ".$db_settings['userdata_table']." WHERE lower(user_name) = '". mysqli_real_escape_string($connid, my_strtolower($name, $lang['charset'])) ."'") or raise_error('database_error', mysqli_error($connid));
|
|
if (mysqli_num_rows($result) > 0) {
|
|
if (empty($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
$errors[] = 'error_name_reserved';
|
|
} elseif (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
$data = mysqli_fetch_array($result);
|
|
if (isset($posting_user_id) && $data['user_id'] != $posting_user_id) $errors[] = 'error_name_reserved';
|
|
}
|
|
}
|
|
mysqli_free_result($result);
|
|
|
|
// check for not accepted words:
|
|
$joined_message = my_strtolower($name.' '.$email.' '.$hp.' '.$location.' '.$subject.' '.$text, $lang['charset']);
|
|
$not_accepted_words = get_not_accepted_words($joined_message);
|
|
if ($not_accepted_words != false) {
|
|
$not_accepted_words_listing = implode(', ', $not_accepted_words);
|
|
if (count($not_accepted_words) == 1) {
|
|
$smarty->assign('not_accepted_word', htmlspecialchars($not_accepted_words_listing));
|
|
$errors[] = 'error_not_accepted_word';
|
|
} else {
|
|
$smarty->assign('not_accepted_words', htmlspecialchars($not_accepted_words_listing));
|
|
$errors[] = 'error_not_accepted_words';
|
|
}
|
|
}
|
|
|
|
if (empty($_SESSION[$settings['session_prefix'].'user_id']) || ($posting_mode == 1 && $field['user_id'] == 0)) {
|
|
if (empty($name)) $errors[] = 'error_no_name';
|
|
if (contains_special_characters($name)) $errors[] = 'error_username_invalid_chars';
|
|
if (!empty($name) && !empty($subject) && my_strtolower($name, $lang['charset']) == my_strtolower($subject, $lang['charset'])) $errors[] = 'error_name_like_subject';
|
|
if (my_strlen($name, $lang['charset']) > $settings['username_maxlength']) $errors[] = 'error_name_too_long';
|
|
if (my_strlen($email,$lang['charset']) > $settings['email_maxlength']) $errors[] = 'error_email_too_long';
|
|
if (isset($hp) && my_strlen($hp, $lang['charset']) > $settings['hp_maxlength']) $errors[] = 'error_hp_too_long';
|
|
if (my_strlen($location, $lang['charset']) > $settings['location_maxlength']) $errors[] = 'error_location_too_long';
|
|
}
|
|
|
|
if (isset($email) && $email != '' && !is_valid_email($email)) $errors[] = 'error_email_wrong';
|
|
if (isset($hp) && $hp != '' && !is_valid_url($hp)) $errors[] = 'error_hp_wrong';
|
|
if (empty($email) && isset($email_notification) && $email_notification == 1 && !isset($_SESSION[$settings['session_prefix'].'user_id'])) $errors[] = 'error_no_email_to_notify';
|
|
if (empty($subject)) $errors[] = 'error_no_subject';
|
|
if (empty($text) && $settings['empty_postings_possible'] == 0) $errors[] = 'error_no_text';
|
|
if (my_strlen($subject, $lang['charset']) > $settings['subject_maxlength']) $errors[] = 'error_subject_too_long';
|
|
if (my_strlen($text, $lang['charset']) > $settings['text_maxlength']) $errors[] = 'error_text_too_long';
|
|
$smarty->assign('text_length', my_strlen($text, $lang['charset']));
|
|
|
|
// check for too long words:
|
|
if (empty($too_long_word) && empty($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
$too_long_word = too_long_word($name, $settings['name_word_maxlength'], $lang['word_delimiters']);
|
|
if ($too_long_word) $errors[] = 'error_word_too_long';
|
|
}
|
|
if (empty($too_long_word) && empty($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
$too_long_word = too_long_word($location,$settings['location_word_maxlength'], $lang['word_delimiters']);
|
|
if ($too_long_word) $errors[] = 'error_word_too_long';
|
|
}
|
|
if (empty($too_long_word)) {
|
|
$too_long_word = too_long_word($subject, $settings['subject_word_maxlength'], $lang['word_delimiters']);
|
|
if ($too_long_word) $errors[] = 'error_word_too_long';
|
|
}
|
|
|
|
// format text and hide allowed tags:
|
|
$check_text = html_format($text);
|
|
$check_text = preg_replace("#\<pre(.+?)\>(.+?)\</pre\>#is", "", $check_text);
|
|
$check_text = strip_tags($check_text);
|
|
|
|
if (empty($too_long_word)) {
|
|
$too_long_word = too_long_word($check_text, $settings['text_word_maxlength'], $lang['word_delimiters']);
|
|
if ($too_long_word) $errors[] = 'error_word_too_long';
|
|
}
|
|
if (empty($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
if ($settings['terms_of_use_agreement'] == 1 && $terms_of_use_agree != 1) $errors[] = 'terms_of_use_error_posting';
|
|
}
|
|
}
|
|
|
|
// CAPTCHA check:
|
|
if (empty($errors) && isset($_POST['save_entry']) && empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_posting'] > 0) {
|
|
if ($settings['captcha_posting'] == 2) {
|
|
if (empty($_SESSION['captcha_session']) || empty($_POST['captcha_code']) || $captcha->check_captcha($_SESSION['captcha_session'], $_POST['captcha_code']) != true) $errors[] = 'captcha_check_failed';
|
|
} else {
|
|
if (empty($_SESSION['captcha_session']) || empty($_POST['captcha_code']) || $captcha->check_math_captcha($_SESSION['captcha_session'][2], $_POST['captcha_code']) != true) $errors[] = 'captcha_check_failed';
|
|
}
|
|
unset($_SESSION['captcha_session']);
|
|
}
|
|
|
|
// default values for flagging spam:
|
|
$spam = 0;
|
|
$spam_check_status = 0;
|
|
|
|
// Akismet spam check:
|
|
if (empty($errors) && $settings['akismet_key'] != '' && $settings['akismet_entry_check'] == 1 && isset($_POST['save_entry'])) {
|
|
if (empty($_SESSION[$settings['session_prefix'].'user_id']) || isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] == 0 && $settings['akismet_check_registered'] == 1) {
|
|
require('modules/akismet/akismet.class.php');
|
|
// fetch user data if registered user:
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
$akismet_userdata_result = @mysqli_query($connid, "SELECT user_email, user_hp FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id']) ." LIMIT 1") or die(mysqli_error($connid));
|
|
$akismet_userdata_data = mysqli_fetch_array($akismet_userdata_result);
|
|
mysqli_free_result($akismet_userdata_result);
|
|
if ($akismet_userdata_data['user_hp'] != '') $check_posting['website'] = $akismet_userdata_data['user_hp'];
|
|
} else {
|
|
if ($email != '') $check_posting['email'] = $email;
|
|
if ($hp != '') $check_posting['website'] = $hp;
|
|
}
|
|
$check_posting['author'] = $name;
|
|
$check_posting['body'] = $text;
|
|
$akismet = new Akismet($settings['forum_address'], $settings['akismet_key'], $check_posting);
|
|
// test for errors
|
|
if ($akismet->errorsExist()) {
|
|
// returns true if any errors exist
|
|
if ($akismet->isError(AKISMET_INVALID_KEY)) {
|
|
if ($settings['save_spam'] == 0) $errors[] = 'error_akismet_api_key';
|
|
else $spam_check_status = 3;
|
|
} elseif ($akismet->isError(AKISMET_RESPONSE_FAILED)) {
|
|
if ($settings['save_spam'] == 0) $errors[] = 'error_akismet_connection';
|
|
else $spam_check_status = 2;
|
|
} elseif ($akismet->isError(AKISMET_SERVER_NOT_FOUND)) {
|
|
if ($settings['save_spam'] == 0) $errors[] = 'error_akismet_connection';
|
|
else $spam_check_status = 2;
|
|
}
|
|
} else {
|
|
// No errors, check for spam
|
|
if ($akismet->isSpam()) {
|
|
if ($settings['save_spam'] == 0) $errors[] = 'error_spam_suspicion';
|
|
else $spam = 1;
|
|
} else {
|
|
$spam_check_status = 1;
|
|
}
|
|
}
|
|
}
|
|
} // end check data
|
|
|
|
if (empty($errors)) {
|
|
// save new posting:
|
|
if (isset($_POST['save_entry']) && $posting_mode == 0) {
|
|
if ($settings['entries_by_users_only'] != 0 && empty($_SESSION[$settings['session_prefix'].'user_name'])) die('No autorisation!');
|
|
|
|
// if editing own postings by unregistered users, generate edit_key:
|
|
if (empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['user_edit'] == 2) {
|
|
$edit_key = random_string(32);
|
|
$edit_key_hash = generate_pw_hash($edit_key);
|
|
} else {
|
|
$edit_key = '';
|
|
$edit_key_hash = '';
|
|
}
|
|
|
|
$locked = $spam == 0 ? 0 : 1;
|
|
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_id'])) $savename = '';
|
|
else $savename = $name;
|
|
|
|
@mysqli_query($connid, "INSERT INTO ".$db_settings['forum_table']." (pid, tid, uniqid, time, last_reply, user_id, name, subject, email, hp, location, ip, text, tags, show_signature, email_notification, category, locked, sticky, spam, spam_check_status, edit_key) VALUES (". intval($id) .", ". intval($thread) .", '". mysqli_real_escape_string($connid, $uniqid) ."', NOW(), NOW(),". intval($user_id) .", '". mysqli_real_escape_string($connid, $savename) ."', '". mysqli_real_escape_string($connid, $subject) ."', '". mysqli_real_escape_string($connid, $email) ."', '". mysqli_real_escape_string($connid, $hp) ."', '". mysqli_real_escape_string($connid, $location) ."', '". mysqli_real_escape_string($connid, $_SERVER["REMOTE_ADDR"]) ."', '". mysqli_real_escape_string($connid, $text) ."', '". mysqli_real_escape_string($connid, $s_tags) ."', ". intval($show_signature) .", ". intval($email_notification) .", ". intval($p_category) .", ". intval($locked) .", ". intval($sticky) .", ". intval($spam) .", ". intval($spam_check_status) .", '". mysqli_real_escape_string($connid, $edit_key_hash) ."')") or raise_error('database_error', mysqli_error($connid));
|
|
|
|
if ($id == 0) {
|
|
// new thread, set thread id:
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET tid = id, time = time WHERE id = LAST_INSERT_ID()") or raise_error('database_error', mysqli_error($connid));
|
|
}
|
|
// reply, set last reply:
|
|
if ($id != 0 && $spam == 0) {
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time = time, last_reply = NOW() WHERE tid = ". $thread) or raise_error('database_error', mysqli_error($connid));
|
|
}
|
|
// get last entry:
|
|
$result_new = mysqli_query($connid, "SELECT tid, pid, id FROM ".$db_settings['forum_table']." WHERE id = LAST_INSERT_ID()");
|
|
$new_data = mysqli_fetch_array($result_new);
|
|
mysqli_free_result($result_new);
|
|
|
|
// if editing own postings by unregistered users, set set cookie/session with edit_key:
|
|
if (empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['user_edit'] == 2 && isset($edit_key) && $edit_key != '') {
|
|
$_SESSION[$settings['session_prefix'].'edit_keys'][$new_data['id']] = $edit_key;
|
|
}
|
|
|
|
// lock thread if auto_lock is enabled and there are more than the maximum number of entries in the thread:
|
|
if ($settings['auto_lock'] > 0 && $new_data['pid'] != 0) {
|
|
list($thread_count) = mysqli_fetch_row(mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE tid = ". intval($new_data['tid'])));
|
|
if ($thread_count >= $settings['auto_lock']) @mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time = time, last_reply = last_reply, edited = edited, locked = 1 WHERE tid = ". intval($new_data['tid']));
|
|
}
|
|
|
|
// load e-mail strings from language file:
|
|
$smarty->configLoad($settings['language_file'], 'emails');
|
|
$lang = $smarty->getConfigVars();
|
|
if ($language_file != $settings['language_file']) setlocale(LC_ALL, $lang['locale']);
|
|
|
|
// e-mail notification:
|
|
if ($spam == 0) emailNotification2ParentAuthor($new_data['id']);
|
|
|
|
// e-mail notification to admins and mods
|
|
if ($spam == 0) emailNotification2ModsAndAdmins($new_data['id']);
|
|
|
|
// set userdata cookie:
|
|
if ($settings['remember_userdata'] && isset($setcookie) && $setcookie == 1) {
|
|
$cookie_data = urlencode($name).'|'.urlencode($email).'|'.urlencode($hp).'|'.urlencode($location);
|
|
setcookie($settings['session_prefix'].'userdata', $cookie_data, TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days']));
|
|
}
|
|
if (isset($back) && $back == 'thread') header('Location: index.php?mode=thread&id='.$new_data['id'].'#p'.$new_data['id']);
|
|
else header('Location: index.php?id='.$new_data['id']);
|
|
exit;
|
|
} elseif (isset($_POST['save_entry']) && $posting_mode == 1) {
|
|
// save edited posting:
|
|
$tid_result = @mysqli_query($connid, "SELECT pid, tid, name, location, user_id, category, subject, text FROM ".$db_settings['forum_table']." WHERE id = ". intval($id)) or raise_error('database_error', mysqli_error($connid));
|
|
$field = mysqli_fetch_array($tid_result);
|
|
mysqli_free_result($tid_result);
|
|
|
|
// set category if not initial posting:
|
|
if ($field['pid'] != 0) {
|
|
$p_category = intval($field['category']);
|
|
}
|
|
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] == 2 && $settings['dont_reg_edit_by_admin'] == 1 || isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] == 1 && $settings['dont_reg_edit_by_mod'] == 1 || ($field['text'] == $text && $field['subject'] == $subject && ($field['user_id'] > 0 || $field['name'] == $name && $field['location'] == $location) && isset($_SESSION[$settings['session_prefix'].'user_type']) && ($_SESSION[$settings['session_prefix'].'user_type'] == 2 && $settings['dont_reg_edit_by_admin'] == 1 || $_SESSION[$settings['session_prefix'].'user_type'] == 1 && $settings['dont_reg_edit_by_mod'] == 1))) {
|
|
// unnoticed editing for admins and mods
|
|
$edited_query = 'edited';
|
|
$edited_by_query = 'edited_by';
|
|
$locked_query = 'locked';
|
|
} elseif (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
$edited_query = 'NOW()';
|
|
$edited_by_query = intval($_SESSION[$settings['session_prefix'].'user_id']);
|
|
$locked_query = 'locked';
|
|
} else {
|
|
$edited_query = 'NOW()';
|
|
$edited_by_query = 0;
|
|
$locked_query = $spam == 0 ? 'locked' : 1;
|
|
}
|
|
|
|
if( $field['user_id'] > 0) {
|
|
// posting of a registered user edited
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time = time, last_reply = last_reply, edited = ". $edited_query .", edited_by = ".$edited_by_query.", subject = '". mysqli_real_escape_string($connid, $subject) ."', category = ". intval($p_category) .", email = '". mysqli_real_escape_string($connid, $email) ."', hp = '". mysqli_real_escape_string($connid, $hp) ."', location = '". mysqli_real_escape_string($connid, $location) ."', text = '". mysqli_real_escape_string($connid, $text) ."', tags = '". mysqli_real_escape_string($connid, $s_tags) ."', email_notification = ". intval($email_notification) .", show_signature = ". intval($show_signature) ." ". ((isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0) ? ", sticky = ". intval($sticky) : "") ." WHERE id = ". intval($id));
|
|
} else {
|
|
// posting of a not registed user edited
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time = time, last_reply = last_reply, edited = ". $edited_query .", edited_by = ". intval($edited_by_query) .", name = '". mysqli_real_escape_string($connid, $name) ."', subject = '". mysqli_real_escape_string($connid, $subject) ."', category = ". intval($p_category) .", email = '". mysqli_real_escape_string($connid, $email) ."', hp = '". mysqli_real_escape_string($connid, $hp) ."', location = '". mysqli_real_escape_string($connid, $location) ."', text = '". mysqli_real_escape_string($connid, $text) ."', tags = '". mysqli_real_escape_string($connid, $s_tags) ."', email_notification = ". intval($email_notification) .", show_signature = ". intval($show_signature) .", locked = ". $locked_query .", sticky = ". intval($sticky) .", spam = ". intval($spam) .", spam_check_status = ". intval($spam_check_status) ." WHERE id = ". intval($id)) or die(mysqli_error($connid));
|
|
}
|
|
$category_update_result = mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time = time, last_reply = last_reply, edited = edited, category = ". intval($p_category) ." WHERE tid = ". intval($field['tid']));
|
|
@mysqli_query($connid, "DELETE FROM ".$db_settings['entry_cache_table']." WHERE cache_id = ". intval($id));
|
|
header('location: index.php?mode='.$back.'&id='.$id);
|
|
exit;
|
|
}
|
|
}
|
|
|
|
// preview:
|
|
if (isset($_POST['preview']) && empty($errors)) {
|
|
$smarty->assign('preview', true);
|
|
if (isset($posting_user_id) && intval($posting_user_id) > 0) {
|
|
$pr_result = @mysqli_query($connid, "SELECT email_contact, user_hp, user_location, signature FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($posting_user_id)." LIMIT 1") or die(mysqli_error($connid));
|
|
$pr_data = mysqli_fetch_array($pr_result);
|
|
mysqli_free_result($pr_result);
|
|
if ($pr_data['email_contact'] != 0) $smarty->assign('email', true);
|
|
if (trim($pr_data['user_hp']) != '') {
|
|
$smarty->assign('preview_hp', htmlspecialchars(add_http_if_no_protocol($pr_data['user_hp'])));
|
|
}
|
|
if (trim($pr_data['user_location']) != '') $smarty->assign('preview_location', htmlspecialchars($pr_data['user_location']));
|
|
if (trim($pr_data['signature']) != '') $smarty->assign('preview_signature', signature_format($pr_data['signature']));
|
|
if ($pr_data['signature'] != '') {
|
|
$smarty->assign('signature', true);
|
|
$smarty->assign('show_signature', $show_signature);
|
|
}
|
|
$smarty->assign('provide_email_notification', true);
|
|
} else {
|
|
$smarty->assign('email', htmlspecialchars($email));
|
|
if (trim($hp) != '') {
|
|
$smarty->assign('preview_hp', htmlspecialchars(add_http_if_no_protocol($hp)));
|
|
}
|
|
$smarty->assign('hp', htmlspecialchars($hp));
|
|
$smarty->assign('location', htmlspecialchars($location));
|
|
$smarty->assign('preview_location', htmlspecialchars($location));
|
|
if ($settings['email_notification_unregistered']) $smarty->assign('provide_email_notification', true);
|
|
}
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0 && (empty($id) || $posting_mode == 1 && $pid == 0)) $smarty->assign('provide_sticky', true);
|
|
// current time:
|
|
list($preview_time) = mysqli_fetch_row(mysqli_query($connid, "SELECT UNIX_TIMESTAMP(NOW() + INTERVAL ". $time_difference ." MINUTE)"));
|
|
$smarty->assign('preview_timestamp', $preview_time);
|
|
$preview_formated_time = format_time($lang['time_format_full'], $preview_time);
|
|
$smarty->assign('preview_formated_time', $preview_formated_time);
|
|
$smarty->assign('uniqid', htmlspecialchars($uniqid));
|
|
$smarty->assign('posting_mode', intval($posting_mode));
|
|
$smarty->assign('id', intval($id));
|
|
$smarty->assign('pid', intval($pid));
|
|
$smarty->assign('back', htmlspecialchars($back));
|
|
$smarty->assign('name', htmlspecialchars($name));
|
|
$smarty->assign('subject', htmlspecialchars($subject));
|
|
$smarty->assign('text', htmlspecialchars($text));
|
|
if (isset($tags)) $smarty->assign('tags', htmlspecialchars($tags));
|
|
if (isset($p_category)) $smarty->assign('p_category', intval($p_category));
|
|
if (isset($setcookie)) $smarty->assign('setcookie', intval($setcookie));
|
|
$smarty->assign('email_notification', intval($email_notification));
|
|
$smarty->assign('sticky', intval($sticky));
|
|
$smarty->assign('preview_name', htmlspecialchars($name));
|
|
$preview_text = html_format($text);
|
|
if($settings['terms_of_use_agreement'] == 1 && empty($_SESSION[$settings['session_prefix'].'user_id'])) $smarty->assign("terms_of_use_agreement", true);
|
|
if(isset($terms_of_use_agree)) $smarty->assign('terms_of_use_agree', intval($terms_of_use_agree));
|
|
$smarty->assign('preview_text', $preview_text);
|
|
$smarty->assign('preview_subject', htmlspecialchars($subject));
|
|
$_SESSION[$settings['session_prefix'].'formtime'] = TIMESTAMP - 7; // 7 seconds credit for preview
|
|
$smarty->assign('subtemplate', 'posting.inc.tpl');
|
|
}
|
|
|
|
if (isset($errors)) {
|
|
if (isset($show_signature)) $smarty->assign('show_signature', $show_signature);
|
|
if (isset($posting_user_id) && intval($posting_user_id) > 0) {
|
|
list($signature) = @mysqli_fetch_row(mysqli_query($connid, "SELECT signature FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($posting_user_id)));
|
|
if (!empty($signature)) {
|
|
$smarty->assign('signature', true);
|
|
$smarty->assign('show_signature', $show_signature);
|
|
}
|
|
}
|
|
$smarty->assign('id', intval($id));
|
|
$smarty->assign('pid', intval($pid));
|
|
$smarty->assign('errors', $errors);
|
|
if (isset($too_long_word)) $smarty->assign('word', $too_long_word);
|
|
$smarty->assign('uniqid', htmlspecialchars($uniqid));
|
|
$smarty->assign('back', htmlspecialchars($back));
|
|
$smarty->assign('posting_mode', intval($posting_mode));
|
|
if (isset($name)) $smarty->assign('name', htmlspecialchars($name));
|
|
$smarty->assign('email', htmlspecialchars($email));
|
|
$smarty->assign('hp', htmlspecialchars($hp));
|
|
$smarty->assign('location', htmlspecialchars($location));
|
|
$smarty->assign('subject', htmlspecialchars($subject));
|
|
$smarty->assign('text', htmlspecialchars($text));
|
|
if (isset($tags)) $smarty->assign('tags', htmlspecialchars($tags));
|
|
if (isset($p_category)) $smarty->assign('p_category', intval($p_category));
|
|
if (isset($setcookie)) $smarty->assign('setcookie', intval($setcookie));
|
|
$smarty->assign('email_notification', intval($email_notification));
|
|
$smarty->assign('sticky', intval($sticky));
|
|
if ((isset($posting_user_id) && intval($posting_user_id) > 0) || $settings['email_notification_unregistered'] == 1) $smarty->assign('provide_email_notification', true);
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0 && (empty($id) || $posting_mode == 1 && $pid == 0)) $smarty->assign('provide_sticky', true);
|
|
if ($settings['terms_of_use_agreement'] == 1 && empty($_SESSION[$settings['session_prefix'].'user_id'])) $smarty->assign("terms_of_use_agreement", true);
|
|
if (isset($terms_of_use_agree)) $smarty->assign('terms_of_use_agree', intval($terms_of_use_agree));
|
|
$_SESSION[$settings['session_prefix'].'formtime'] = TIMESTAMP - 7; // 7 seconds credit (form already sent)
|
|
$smarty->assign('subtemplate', 'posting.inc.tpl');
|
|
}
|
|
}
|
|
break;
|
|
case 'edit':
|
|
if ($settings['forum_readonly'] == 1) {
|
|
$subnav_link = array('mode' => 'index', 'name' => 'forum_index_link', 'title' => 'forum_index_link_title');
|
|
$smarty->assign("subnav_link", $subnav_link);
|
|
$smarty->assign('no_authorisation', 'no_auth_readonly');
|
|
$smarty->assign('subtemplate', 'posting.inc.tpl');
|
|
break;
|
|
}
|
|
|
|
$id = intval($_GET['edit']);
|
|
$edit_result = @mysqli_query($connid, "SELECT tid, pid, name, user_name, ".$db_settings['forum_table'].".user_id, email, hp, location, subject, UNIX_TIMESTAMP(time) AS time, text, tags, category, email_notification, show_signature, sticky, locked, edit_key
|
|
FROM ".$db_settings['forum_table']."
|
|
LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id = ".$db_settings['forum_table'].".user_id
|
|
WHERE id = ". intval($id)) or raise_error('database_error', mysqli_error($connid));
|
|
if (mysqli_num_rows($edit_result) != 1) {
|
|
$smarty->assign('no_authorisation', 'error_posting_unavailable');
|
|
$subnav_link = array('mode' => 'index', 'name' => 'thread_entry_back_link', 'title' => 'thread_entry_back_title');
|
|
$smarty->assign("subnav_link", $subnav_link);
|
|
$smarty->assign('subtemplate', 'posting.inc.tpl');
|
|
break;
|
|
}
|
|
|
|
$field = mysqli_fetch_array($edit_result);
|
|
mysqli_free_result($edit_result);
|
|
|
|
// authorisatin check:
|
|
$authorization = get_edit_authorization($id, $field['user_id'], $field['edit_key'], $field['time'], $field['locked']);
|
|
if ($authorization['edit'] != true) {
|
|
$smarty->assign('no_authorisation', 'no_authorization_edit');
|
|
} elseif ($authorization['edit'] == true) {
|
|
$tags = htmlspecialchars($field['tags']);
|
|
$tags_array = explode(';', $tags);
|
|
foreach ($tags_array as $tag) {
|
|
if (trim($tag) != '') $tags_array2[] = $tag;
|
|
}
|
|
if (isset($tags_array2)) $tags = implode(', ', $tags_array2);
|
|
else $tags = '';
|
|
|
|
// if posting is by a registered user, check if he has signature
|
|
if($field['user_id'] > 0) {
|
|
list($signature) = @mysqli_fetch_row(mysqli_query($connid, "SELECT signature FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($field['user_id'])));
|
|
if (!empty($signature)) {
|
|
$smarty->assign('signature', true);
|
|
$smarty->assign('show_signature', $field['show_signature']);
|
|
}
|
|
}
|
|
|
|
if ($settings['edit_max_time_period'] > 0 && (empty($_SESSION[$settings['session_prefix'].'user_type']) || isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] == 0)) {
|
|
$minutes_left_to_edit = round((($field['time'] + $settings['edit_max_time_period'] * 60) - TIMESTAMP) / 60);
|
|
$smarty->assign('minutes_left_to_edit', $minutes_left_to_edit);
|
|
}
|
|
|
|
$smarty->assign('id', intval($id));
|
|
$smarty->assign('pid', intval($field['pid']));
|
|
$smarty->assign('name', htmlspecialchars($field['name']));
|
|
$smarty->assign('email', htmlspecialchars($field['email']));
|
|
$smarty->assign('hp', htmlspecialchars($field['hp']));
|
|
$smarty->assign('location', htmlspecialchars($field['location']));
|
|
$smarty->assign('subject', htmlspecialchars($field['subject']));
|
|
$smarty->assign('text', htmlspecialchars($field['text']));
|
|
$smarty->assign('tags', $tags);
|
|
$smarty->assign('p_category', $field['category']);
|
|
$smarty->assign('email_notification', $field['email_notification']);
|
|
$smarty->assign('sticky', $field['sticky']);
|
|
$smarty->assign('back', $back);
|
|
$smarty->assign('posting_mode', 1);
|
|
if ($settings['terms_of_use_agreement'] == 1 && empty($_SESSION[$settings['session_prefix'].'user_id'])) $smarty->assign("terms_of_use_agreement", true);
|
|
}
|
|
|
|
if ($field['user_id'] > 0) {
|
|
if (!$field['user_name']) $smarty->assign('name_repl_subnav', $lang['unknown_user']);
|
|
else $smarty->assign('name_repl_subnav', htmlspecialchars($field['user_name']));
|
|
}
|
|
else $smarty->assign('name_repl_subnav', htmlspecialchars($field['name']));
|
|
|
|
if ($field['user_id'] > 0 || $settings['email_notification_unregistered']) $smarty->assign('provide_email_notification', true);
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0 && (empty($id) || $posting_mode == 1 && $field['pid'] == 0)) $smarty->assign('provide_sticky', true);
|
|
|
|
$subnav_link = array('mode' => $back, 'id' => $id, 'title' => 'back_to_entry_link_title', 'name' => 'back_to_entry_link');
|
|
$smarty->assign('subnav_link', $subnav_link);
|
|
$smarty->assign('subtemplate', 'posting.inc.tpl');
|
|
break;
|
|
case 'delete_posting':
|
|
$delete_check_result = @mysqli_query($connid, "SELECT pid, name, user_name, subject, ".$db_settings['forum_table'].".user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, locked, edit_key
|
|
FROM ".$db_settings['forum_table']."
|
|
LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id = ".$db_settings['forum_table'].".user_id
|
|
WHERE id = ". intval($_REQUEST['delete_posting'])) or raise_error('database_error', mysqli_error($connid));
|
|
$field = mysqli_fetch_array($delete_check_result);
|
|
mysqli_free_result($delete_check_result);
|
|
|
|
if ($field['user_id'] > 0) {
|
|
if (!$field['user_name']) $field['name'] = $lang['unknown_user'];
|
|
else $field['name'] = $field['user_name'];
|
|
}
|
|
|
|
$authorization = get_edit_authorization(intval($_REQUEST['delete_posting']), $field['user_id'], $field['edit_key'], $field['time'], $field['locked']);
|
|
|
|
if ($authorization['delete'] == true) {
|
|
$smarty->assign('id', intval($_REQUEST['delete_posting']));
|
|
$smarty->assign('pid', intval($field['pid']));
|
|
$smarty->assign('name', htmlspecialchars($field['name']));
|
|
$smarty->assign('subject', htmlspecialchars($field['subject']));
|
|
$smarty->assign('formated_time', format_time($lang['time_format_full'], $field['disp_time']));
|
|
if (isset($_REQUEST['back']) && ($_REQUEST['back'] == 'entry' || $_REQUEST['back'] == 'thread' || $_REQUEST['back'] == 'index')) $smarty->assign('back', htmlspecialchars($_REQUEST['back']));
|
|
$smarty->assign('category', $category);
|
|
$smarty->assign('posting_mode', 1);
|
|
} else {
|
|
$smarty->assign('no_authorisation','no_authorisation_delete');
|
|
}
|
|
$smarty->assign('name_repl_subnav',htmlspecialchars($field['name']));
|
|
$backlink = 'entry';
|
|
$subnav_link = array('mode' => $back, 'id' => intval($_REQUEST['delete_posting']), 'title' => 'back_to_entry_link_title', 'name' => 'back_to_entry_link');
|
|
$smarty->assign("subnav_link", $subnav_link);
|
|
$smarty->assign('subtemplate', 'posting_delete.inc.tpl');
|
|
break;
|
|
case 'delete_posting_confirmed':
|
|
$delete_check_result = mysqli_query($connid, "SELECT pid, name, subject, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, locked, edit_key FROM ".$db_settings['forum_table']." WHERE id = ". intval($_REQUEST['delete_posting'])) or raise_error('database_error', mysqli_error($connid));
|
|
$field = mysqli_fetch_array($delete_check_result);
|
|
mysqli_free_result($delete_check_result);
|
|
$authorization = get_edit_authorization(intval($_REQUEST['delete_posting']), $field['user_id'], $field['edit_key'], $field['time'], $field['locked']);
|
|
if ($authorization['delete'] == true) {
|
|
if (isset($_REQUEST['back'])) {
|
|
$result = @mysqli_query($connid, "SELECT pid FROM ".$db_settings['forum_table']." WHERE id=". intval($_REQUEST['delete_posting']) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
|
|
if (mysqli_num_rows($result) == 1) {
|
|
$data = mysqli_fetch_array($result);
|
|
if ($data['pid'] != 0) $pid = $data['pid'];
|
|
}
|
|
}
|
|
delete_posting_recursive($_REQUEST['delete_posting']);
|
|
if (isset($_REQUEST['back']) && $_REQUEST['back'] == 'entry' && isset($pid)) header('Location: index.php?id='.$pid);
|
|
elseif (isset($_REQUEST['back']) && $_REQUEST['back'] == 'thread' && isset($pid)) header('Location: index.php?mode=thread&id='.$pid);
|
|
else header('Location: index.php?mode=index');
|
|
exit;
|
|
} else {
|
|
$smarty->assign('no_authorisation','no_authorisation_delete');
|
|
}
|
|
if ($field['name']) $smarty->assign('name_repl_subnav', htmlspecialchars($field['name']));
|
|
else $smarty->assign('name_repl_subnav', $lang['unknown_user']);
|
|
$backlink = 'entry';
|
|
$subnav_link = array('mode' => $back, 'id' => $id, 'title' => 'back_to_entry_link_title', 'name' => 'back_to_entry_link');
|
|
$smarty->assign("subnav_link", $subnav_link);
|
|
$smarty->assign('subtemplate', 'posting_delete.inc.tpl');
|
|
break;
|
|
case 'delete_marked':
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0) {
|
|
// OK.
|
|
} else {
|
|
$smarty->assign('no_authorisation', 'no_authorisation');
|
|
}
|
|
$subnav_link = array('mode' => 'index', 'title' => 'back_to_index_link_title', 'name' => 'back_to_index_link');
|
|
$smarty->assign("subnav_link", $subnav_link);
|
|
$smarty->assign('subtemplate', 'posting_delete_marked.inc.tpl');
|
|
break;
|
|
case 'delete_marked_submit':
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0) {
|
|
$result = mysqli_query($connid, "SELECT id FROM ".$db_settings['forum_table']." WHERE marked = 1") or raise_error('database_error', mysqli_error($connid));
|
|
while ($data = mysqli_fetch_array($result)) {
|
|
delete_posting_recursive($data['id']);
|
|
}
|
|
mysqli_free_result($result);
|
|
}
|
|
header('Location: index.php?mode=index');
|
|
exit;
|
|
break;
|
|
case 'move_posting':
|
|
if (isset($_REQUEST['move_posting']) && intval($_REQUEST['move_posting']) > 0) {
|
|
$move_result = @mysqli_query($connid, "SELECT pid, name, user_name, subject, ".$db_settings['forum_table'].".user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, locked, edit_key
|
|
FROM ".$db_settings['forum_table']."
|
|
LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id = ".$db_settings['forum_table'].".user_id
|
|
WHERE id = ". intval($_REQUEST['move_posting'])) or raise_error('database_error', mysqli_error($connid));
|
|
$field = mysqli_fetch_array($move_result);
|
|
if (mysqli_num_rows($move_result) == 1) {
|
|
if ($field['user_id'] > 0) {
|
|
if (!$field['user_name']) $field['name'] = $lang['unknown_user'];
|
|
else $field['name'] = $field['user_name'];
|
|
}
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0) {
|
|
$smarty->assign('move_posting', intval($_REQUEST['move_posting']));
|
|
if ($field['pid'] == 0) $smarty->assign('posting_type', 0);
|
|
else $smarty->assign('posting_type', 1);
|
|
} else {
|
|
$smarty->assign('no_authorisation', 'no_authorisation');
|
|
}
|
|
$smarty->assign('name', htmlspecialchars($field['name']));
|
|
$smarty->assign('subject', htmlspecialchars($field['subject']));
|
|
$smarty->assign('formated_time', format_time($lang['time_format_full'], $field['disp_time']));
|
|
$smarty->assign('name_repl_subnav', htmlspecialchars($field['name']));
|
|
$subnav_link = array('mode' => $back, 'id' => intval($_REQUEST['move_posting']), 'title' => 'back_to_entry_link_title', 'name' => 'back_to_entry_link');
|
|
$smarty->assign("back", $back);
|
|
$smarty->assign("subnav_link", $subnav_link);
|
|
$smarty->assign('subtemplate', 'posting_move.inc.tpl');
|
|
} else {
|
|
header('Location: index.php?mode=index');
|
|
exit;
|
|
}
|
|
mysqli_free_result($move_result);
|
|
}
|
|
break;
|
|
case 'manage_postings':
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0) {
|
|
// OK.
|
|
} else {
|
|
$smarty->assign('no_authorisation', 'no_authorisation');
|
|
}
|
|
$subnav_link = array('mode' => 'index', 'title' => 'back_to_index_link_title', 'name' => 'back_to_index_link');
|
|
$smarty->assign("subnav_link", $subnav_link);
|
|
$smarty->assign('subtemplate', 'posting_manage_postings.inc.tpl');
|
|
break;
|
|
case 'delete_spam':
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0) {
|
|
// OK.
|
|
} else {
|
|
$smarty->assign('no_authorisation', 'no_authorisation');
|
|
}
|
|
$subnav_link = array('mode' => 'index', 'id' => $id, 'title' => 'back_to_index_link_title', 'name' => 'back_to_index_link');
|
|
$smarty->assign("subnav_link", $subnav_link);
|
|
$smarty->assign('subtemplate', 'posting_delete_spam.inc.tpl');
|
|
break;
|
|
case 'delete_spam_submit':
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0) {
|
|
$result = mysqli_query($connid, "SELECT id FROM ".$db_settings['forum_table']." WHERE spam = 1") or raise_error('database_error', mysqli_error($connid));
|
|
while ($data = mysqli_fetch_array($result)) {
|
|
delete_posting_recursive($data['id']);
|
|
}
|
|
mysqli_free_result($result);
|
|
}
|
|
header('Location: index.php?mode=index');
|
|
exit;
|
|
break;
|
|
case 'report_spam':
|
|
$id = intval($_GET['report_spam']);
|
|
$delete_result = mysqli_query($connid, "SELECT tid, pid, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, user_id, name, subject, category, spam, spam_check_status FROM ".$db_settings['forum_table']." WHERE id = ". $id ." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
|
|
$field = mysqli_fetch_array($delete_result);
|
|
if (mysqli_num_rows($delete_result) == 1) {
|
|
// fetch user data if registered user:
|
|
if ($field['user_id'] > 0) {
|
|
$userdata_result = @mysqli_query($connid, "SELECT user_name FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($field['user_id']) ." LIMIT 1") or die(mysqli_error($connid));
|
|
$userdata = mysqli_fetch_array($userdata_result);
|
|
mysqli_free_result($userdata_result);
|
|
$field['name'] = $userdata['user_name'];
|
|
}
|
|
if (empty($_SESSION[$settings['session_prefix'].'user_type']) || $_SESSION[$settings['session_prefix'].'user_type'] != 1 && $_SESSION[$settings['session_prefix'].'user_type'] != 2) {
|
|
$smarty->assign('no_authorisation', 'no_auth_delete');
|
|
} else {
|
|
$smarty->assign('id', intval($id));
|
|
$smarty->assign('pid', intval($field['pid']));
|
|
$smarty->assign('name', htmlspecialchars($field['name']));
|
|
$smarty->assign('subject', htmlspecialchars($field['subject']));
|
|
$smarty->assign('disp_time', htmlspecialchars($field['disp_time']));
|
|
$smarty->assign('spam', intval($field['spam']));
|
|
$smarty->assign('spam_check_status', intval($field['spam_check_status']));
|
|
$smarty->assign('back', $back);
|
|
$smarty->assign('category', $category);
|
|
$smarty->assign('posting_mode', 1);
|
|
}
|
|
if ($field['name']) $smarty->assign('name_repl_subnav', htmlspecialchars($field['name']));
|
|
else $smarty->assign('name_repl_subnav', $lang['unknown_user']);
|
|
$subnav_link = array('mode' => $back, 'id' => $id, 'title' => 'back_to_entry_link_title', 'name' => 'back_to_entry_link');
|
|
}
|
|
else $subnav_link = array('mode'=>'index', 'name'=>'forum_index_link', 'title'=>'forum_index_link_title');
|
|
$smarty->assign("subnav_link",$subnav_link);
|
|
$smarty->assign('subtemplate','posting_report_spam.inc.tpl');
|
|
mysqli_free_result($delete_result);
|
|
break;
|
|
case 'report_spam_submit':
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0) {
|
|
if ($settings['akismet_key'] != '' && $settings['akismet_entry_check'] == 1) {
|
|
$result = mysqli_query($connid, "SELECT user_id, name, email, hp, subject, location, text FROM ".$db_settings['forum_table']." WHERE id = ". intval($id) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
|
|
$data = mysqli_fetch_array($result);
|
|
if (mysqli_num_rows($result) == 1) {
|
|
// fetch user data if registered user:
|
|
if ($data['user_id'] > 0) {
|
|
$akismet_userdata_result = @mysqli_query($connid, "SELECT user_name, user_email, user_hp FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($data['user_id']) ." LIMIT 1") or die(mysqli_error($connid));
|
|
$akismet_userdata_data = mysqli_fetch_array($akismet_userdata_result);
|
|
mysqli_free_result($akismet_userdata_result);
|
|
$check_posting['author'] = $akismet_userdata_data['user_name'];
|
|
if ($akismet_userdata_data['user_hp'] != '') $check_posting['website'] = $akismet_userdata_data['user_hp'];
|
|
} else {
|
|
$check_posting['author'] = $data['name'];
|
|
if ($data['email'] != '') $check_posting['email'] = $data['email'];
|
|
if ($data['hp'] != '') $check_posting['website'] = $data['hp'];
|
|
}
|
|
$check_posting['body'] = $data['text'];
|
|
require('modules/akismet/akismet.class.php');
|
|
$akismet = new Akismet($settings['forum_address'], $settings['akismet_key'], $check_posting);
|
|
if (!$akismet->errorsExist()) {
|
|
$akismet->submitSpam();
|
|
}
|
|
}
|
|
mysqli_free_result($result);
|
|
}
|
|
if (isset($_POST['report_spam_delete_submit'])) {
|
|
delete_posting_recursive($id);
|
|
header('location: index.php?mode=index');
|
|
exit;
|
|
} else {
|
|
header('location: index.php?id='.$id);
|
|
exit;
|
|
}
|
|
}
|
|
else die('No authorisation!');
|
|
break;
|
|
case 'flag_ham':
|
|
$id = intval($_GET['flag_ham']);
|
|
$result = mysqli_query($connid, "SELECT tid, pid, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, user_id, name, subject, category, spam, spam_check_status FROM ".$db_settings['forum_table']." WHERE id = ". $id ." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
|
|
$field = mysqli_fetch_array($result);
|
|
if (mysqli_num_rows($result) == 1) {
|
|
// fetch user data if registered user:
|
|
if ($field['user_id'] > 0) {
|
|
$userdata_result = @mysqli_query($connid, "SELECT user_name FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($field['user_id']) ." LIMIT 1") or die(mysqli_error($connid));
|
|
$userdata = mysqli_fetch_array($userdata_result);
|
|
mysqli_free_result($userdata_result);
|
|
$field['name'] = $userdata['user_name'];
|
|
}
|
|
if(empty($_SESSION[$settings['session_prefix'].'user_type']) || $_SESSION[$settings['session_prefix'].'user_type'] !=1 && $_SESSION[$settings['session_prefix'].'user_type'] != 2) {
|
|
$smarty->assign('no_authorisation', 'no_auth_delete');
|
|
} else {
|
|
$smarty->assign('id', intval($id));
|
|
$smarty->assign('pid', intval($field['pid']));
|
|
$smarty->assign('name', htmlspecialchars($field['name']));
|
|
$smarty->assign('subject', htmlspecialchars($field['subject']));
|
|
$smarty->assign('disp_time', htmlspecialchars($field['disp_time']));
|
|
$smarty->assign('spam', intval($field['spam']));
|
|
$smarty->assign('spam_check_status', intval($field['spam_check_status']));
|
|
$smarty->assign('back', $back);
|
|
$smarty->assign('category', $category);
|
|
$smarty->assign('posting_mode', 1);
|
|
}
|
|
if($field['name']) $smarty->assign('name_repl_subnav', htmlspecialchars($field['name']));
|
|
else $smarty->assign('name_repl_subnav',$lang['unknown_user']);
|
|
$subnav_link = array('mode' => $back, 'id' => $id, 'title' => 'back_to_entry_link_title', 'name' => 'back_to_entry_link');
|
|
}
|
|
else $subnav_link = array('mode' => 'index', 'name' => 'forum_index_link', 'title' => 'forum_index_link_title');
|
|
$smarty->assign("subnav_link",$subnav_link);
|
|
$smarty->assign('subtemplate','posting_flag_ham.inc.tpl');
|
|
mysqli_free_result($result);
|
|
break;
|
|
case 'flag_ham_submit':
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0) {
|
|
$result = mysqli_query($connid, "SELECT tid, user_id, name, email, hp, subject, location, text FROM ".$db_settings['forum_table']." WHERE id = ". intval($id) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
|
|
$data = mysqli_fetch_array($result);
|
|
if (mysqli_num_rows($result) == 1) {
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time = time, last_reply = last_reply, edited = edited, locked = 0, spam = 0, spam_check_status = 0 WHERE id = ". intval($id));
|
|
|
|
// set last reply time of thread as it wasn't set in spam status:
|
|
$last_reply_result = @mysqli_query($connid, "SELECT time FROM ".$db_settings['forum_table']." WHERE tid = ". intval($data['tid']) ." ORDER BY time DESC LIMIT 1") or raise_error('database_error', mysqli_error($connid));
|
|
$field = mysqli_fetch_array($last_reply_result);
|
|
mysqli_free_result($last_reply_result);
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time = time, last_reply = '".$field['time'] ."' WHERE tid = ". intval($data['tid']));
|
|
|
|
// load e-mail strings from language file:
|
|
$smarty->configLoad($settings['language_file'], 'emails');
|
|
$lang = $smarty->getConfigVars();
|
|
if ($language_file != $settings['language_file']) setlocale(LC_ALL, $lang['locale']);
|
|
|
|
// send confirm mails as they haven't been seent in spam status: (2nd parameter "true" adds a delayed message)
|
|
emailNotification2ParentAuthor($id, true);
|
|
emailNotification2ModsAndAdmins($id, true);
|
|
|
|
if (isset($_POST['report_flag_ham_submit']) && $settings['akismet_key'] != '' && $settings['akismet_entry_check'] == 1) {
|
|
// fetch user data if registered user:
|
|
if ($data['user_id'] > 0) {
|
|
$akismet_userdata_result = @mysqli_query($connid, "SELECT user_name, user_email, user_hp FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($data['user_id']) ." LIMIT 1") or die(mysqli_error($connid));
|
|
$akismet_userdata_data = mysqli_fetch_array($akismet_userdata_result);
|
|
mysqli_free_result($akismet_userdata_result);
|
|
$check_posting['author'] = $akismet_userdata_data['user_name'];
|
|
if ($akismet_userdata_data['user_hp'] != '') $check_posting['website'] = $akismet_userdata_data['user_hp'];
|
|
} else {
|
|
$check_posting['author'] = $data['name'];
|
|
if ($data['email'] != '') $check_posting['email'] = $data['email'];
|
|
if ($data['hp'] != '') $check_posting['website'] = $data['hp'];
|
|
}
|
|
$check_posting['body'] = $data['text'];
|
|
require('modules/akismet/akismet.class.php');
|
|
$akismet = new Akismet($settings['forum_address'], $settings['akismet_key'], $check_posting);
|
|
if (!$akismet->errorsExist()) {
|
|
$akismet->submitHam();
|
|
}
|
|
}
|
|
header('Location: index.php?id='.$id);
|
|
} else {
|
|
header('Location: index.php?mode=index');
|
|
}
|
|
exit;
|
|
}
|
|
else die('No authorisation!');
|
|
break;
|
|
case 'lock':
|
|
// lock/unlock posting if user is authorized:
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_id']) && $_SESSION[$settings['session_prefix']."user_type"] == 2 || isset($_GET['lock']) && isset($_SESSION[$settings['session_prefix'].'user_id']) && $_SESSION[$settings['session_prefix']."user_type"] == 1) {
|
|
$id = intval($_GET['lock']);
|
|
$lock_result = mysqli_query($connid, "SELECT locked FROM ".$db_settings['forum_table']." WHERE id = ". $id ." LIMIT 1");
|
|
if (!$lock_result) raise_error('database_error', mysqli_error($connid));
|
|
$field = mysqli_fetch_array($lock_result);
|
|
mysqli_free_result($lock_result);
|
|
if ($field['locked'] == 0) mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time = time, last_reply = last_reply, edited = edited, locked = 1 WHERE id = ". intval($id));
|
|
else mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time = time, last_reply = last_reply, edited = edited, locked = 0 WHERE id = ". intval($id));
|
|
}
|
|
header("location: index.php?mode=".$back."&id=".$id);
|
|
exit;
|
|
break;
|
|
case 'lock_thread':
|
|
// lock thread if user is authorized:
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_id']) && $_SESSION[$settings['session_prefix']."user_type"] == 2 || isset($_GET['lock_thread']) && isset($_SESSION[$settings['session_prefix'].'user_id']) && $_SESSION[$settings['session_prefix']."user_type"] == 1) {
|
|
$id = intval($_GET['lock_thread']);
|
|
$lock_result = mysqli_query($connid, "SELECT tid FROM ".$db_settings['forum_table']." WHERE id = ". $id ." LIMIT 1");
|
|
if (!$lock_result) raise_error('database_error', mysqli_error($connid));
|
|
$field = mysqli_fetch_array($lock_result);
|
|
mysqli_free_result($lock_result);
|
|
mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time = time, last_reply = last_reply, edited = edited, locked = 1 WHERE tid = ". intval($field['tid']));
|
|
}
|
|
header("location: index.php?mode=".$back."&id=".$id);
|
|
exit;
|
|
break;
|
|
case 'unlock_thread':
|
|
// unlock thread if user is authorized:
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_id']) && $_SESSION[$settings['session_prefix']."user_type"] == 2 || isset($_GET['unlock_thread']) && isset($_SESSION[$settings['session_prefix'].'user_id']) && $_SESSION[$settings['session_prefix']."user_type"] == 1) {
|
|
$id = intval($_GET['unlock_thread']);
|
|
$lock_result = mysqli_query($connid, "SELECT tid FROM ".$db_settings['forum_table']." WHERE id = ". $id ." LIMIT 1");
|
|
if (!$lock_result) raise_error('database_error', mysqli_error($connid));
|
|
$field = mysqli_fetch_array($lock_result);
|
|
mysqli_free_result($lock_result);
|
|
mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time = time, last_reply = last_reply, edited = edited, locked = 0 WHERE tid = ". intval($field['tid']));
|
|
}
|
|
header("location: index.php?mode=".$back."&id=".$id);
|
|
exit;
|
|
break;
|
|
}
|
|
|
|
// CAPTCHA:
|
|
if (empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_posting'] > 0) {
|
|
if ($settings['captcha_posting'] == 2) {
|
|
$_SESSION['captcha_session'] = $captcha->generate_code();
|
|
} else {
|
|
$_SESSION['captcha_session'] = $captcha->generate_math_captcha();
|
|
$captcha_tpl['number_1'] = $_SESSION['captcha_session'][0];
|
|
$captcha_tpl['number_2'] = $_SESSION['captcha_session'][1];
|
|
}
|
|
$captcha_tpl['type'] = $settings['captcha_posting'];
|
|
$smarty->assign('captcha',$captcha_tpl);
|
|
}
|
|
|
|
if (empty($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
$session['name'] = session_name();
|
|
$session['id'] = session_id();
|
|
$smarty->assign('session',$session);
|
|
}
|
|
|
|
$template = 'main.tpl';
|
|
?>
|