0ct0pu5/mylittleforum
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
mylittleforum/includes/thread.inc.php
Heiko August 798d173ccd Fix: a new entry can't be read and a read one can't be new (#144) 
* Fix: a new entry can't be read and a read one can't be new
* Fix: set read or new status in one code block

An entry is either new or read but it can't be both. Decide
the status in one block and use the new read status for registered
users and the old cookie based behaviour for not registered visitors.

fixes #128
2017-01-05 23:10:14 +01:00

300 lines
13 KiB
PHP
Raw Permalink Blame History

<?php
if(!defined('IN_INDEX'))
{
header('Location: ../index.php');
exit;
}
if(isset($_REQUEST['id']))
{
$id = intval($_REQUEST['id']);
}
if(empty($id))
{
header('location: index.php');
exit;
}
if(isset($_SESSION[$settings['session_prefix'].'user_id'])) {
$tmp_user_id = $_SESSION[$settings['session_prefix'].'user_id'];
} else {
$tmp_user_id = 0;
}
if(isset($_SESSION[$settings['session_prefix'].'usersettings']['thread_display'])) $thread_display = $_SESSION[$settings['session_prefix'].'usersettings']['thread_display'];
else $thread_display = 0;
if(isset($_GET['page'])) $page = intval($_GET['page']);
else $page = 1;
if(isset($_GET['order']) && $_GET['order']=='last_reply') $order = 'last_reply';
else $order = 'time';
// tid, subject and category of starting posting:
$result=mysqli_query($connid, "SELECT tid, subject, category FROM ".$db_settings['forum_table']." WHERE id = ".intval($id)." LIMIT 1") or raise_error('database_error',mysqli_error($connid));
if(mysqli_num_rows($result)!=1)
{
header('Location: index.php');
exit;
}
else
{
$data = mysqli_fetch_array($result);
mysqli_free_result($result);
}
// category of this posting accessible by user?
if(is_array($category_ids) && !in_array($data['category'], $category_ids))
{
header("location: index.php");
exit;
}
elseif($data['tid'] != $id)
{
// it wasn't the id of the thread start
header('Location: index.php?mode=thread&id='.$data['tid'].'#p'.$id);
exit;
}
else
{
$tid = $data['tid'];
$smarty->assign("tid",$tid);
if(isset($settings['count_views']) && $settings['count_views'] == 1) @mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=edited, views=views+1 WHERE tid=".$id);
$smarty->assign('page_title',htmlspecialchars($data['subject']));
$smarty->assign('category_name',$categories[$data["category"]]);
// get all postings of thread:
$result = mysqli_query($connid, "SELECT id, pid, tid, ft.user_id, UNIX_TIMESTAMP(ft.time + INTERVAL ".intval($time_difference)." MINUTE) AS disp_time,
UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(edited + INTERVAL ".intval($time_difference)." MINUTE) AS e_time,
UNIX_TIMESTAMP(edited - INTERVAL ".$settings['edit_delay']." MINUTE) AS edited_diff, edited_by, name, email,
subject, hp, location, ip, text, cache_text, tags, show_signature, views, spam, spam_check_status, category, locked, ip,
user_name, user_type, user_email, email_contact, user_hp, user_location, signature, cache_signature, edit_key, rst.user_id AS req_user
FROM ".$db_settings['forum_table']." AS ft
LEFT JOIN ".$db_settings['entry_cache_table']." ON ".$db_settings['entry_cache_table'].".cache_id=ft.id
LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=ft.user_id
LEFT JOIN ".$db_settings['userdata_cache_table']." ON ".$db_settings['userdata_cache_table'].".cache_id=".$db_settings['userdata_table'].".user_id
LEFT JOIN ".$db_settings['read_status_table']." AS rst ON rst.posting_id = ft.id AND rst.user_id = ". intval($tmp_user_id) ."
WHERE tid = ".$tid.$display_spam_query_and." ORDER BY ft.time ASC") or raise_error('database_error',mysqli_error($connid));
if(mysqli_num_rows($result) > 0)
{
while($data = mysqli_fetch_array($result))
{
$new_read[] = $data['id'];
// tags:
unset($tags_array);
$tags = $data['tags'];
if($tags!='')
{
$tags_help_array = explode(';',$tags);
$i=0;
foreach($tags_help_array as $tag)
{
if($tag!='')
{
if(my_strpos($tag, ' ', 0, $lang['charset'])) $tag_escaped='"'.$tag.'"';
else $tag_escaped = $tag;
$tags_array[$i]['escaped'] = urlencode($tag_escaped);
$tags_array[$i]['display'] = htmlspecialchars($tag);
$i++;
}
}
if(isset($tags_array)) $data['tags'] = $tags_array;
}
$data['formated_time'] = format_time($lang['time_format_full'],$data['disp_time']);
$ago['days'] = floor((TIMESTAMP - $data['time'])/86400);
$ago['hours'] = floor(((TIMESTAMP - $data['time'])/3600)-($ago['days']*24));
$ago['minutes'] = floor(((TIMESTAMP - $data['time'])/60)-($ago['hours']*60+$ago['days']*1440));
if($ago['hours']>12) $ago['days_rounded'] = $ago['days'] + 1;
else $ago['days_rounded'] = $ago['days'];
$data['ago'] = $ago;
if($data['user_id']>0)
{
if(!$data['user_name']) $data['name'] = $lang['unknown_user'];
else $data['name'] = htmlspecialchars($data['user_name']);
}
else $data['name'] = htmlspecialchars($data['name']);
$data['subject'] = htmlspecialchars($data['subject']);
$authorization = get_edit_authorization($data['id'], $data['user_id'], $data['edit_key'], $data['time'], $data['locked']);
if($authorization['edit']==true) $data['options']['edit']=true;
if($authorization['delete']==true) $data['options']['delete']=true;
if($data['user_id'] > 0) {
$data['email'] = $data['user_email'];
$data['location'] = $data['user_location'];
$data['hp'] = $data['user_hp'];
if($settings['avatars']==2){
$avatarInfo = getAvatar($data['user_id']);
$avatar['image'] = $avatarInfo === false ? false : $avatarInfo[2];
if(isset($avatar) && $avatar['image'] !== false) {
$image_info = getimagesize($avatar['image']);
$avatar['width'] = $image_info[0];
$avatar['height'] = $image_info[1];
$data['avatar'] = $avatar;
unset($avatar);
}
}
}
else {
$data["email_contact"]=1;
}
if($data['edited_diff'] > 0 && $data["edited_diff"] > $data["time"] && $settings['show_if_edited'] == 1)
{
$data['edited'] = true;
$data['formated_edit_time'] = format_time($lang['time_format_full'],$data['e_time']);
if($data['user_id'] == $data['edited_by']) $data['edited_by'] = $data['name'];
else
{
$edited_result = @mysqli_query($connid, "SELECT user_name FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($data['edited_by'])." LIMIT 1");
$edited_data = mysqli_fetch_array($edited_result);
@mysqli_free_result($edited_result);
if(!$edited_data['user_name']) $data['edited_by'] = $lang['unknown_user'];
else $data['edited_by'] = htmlspecialchars($edited_data['user_name']);
}
}
if($data['cache_text']=='')
{
// no cached text so parse it and cache it:
$data['posting'] = html_format($data['text']);
// make sure not to make a double entry:
@mysqli_query($connid, "DELETE FROM ".$db_settings['entry_cache_table']." WHERE cache_id=".intval($data['id']));
@mysqli_query($connid, "INSERT INTO ".$db_settings['entry_cache_table']." (cache_id, cache_text) VALUES (".intval($data['id']).",'".mysqli_real_escape_string($connid, $data['posting'])."')");
}
else
{
$data['posting'] = $data['cache_text'];
}
if(isset($data['signature']) && $data['signature'] != '' && $data["show_signature"]==1)
{
// user has a signature and wants it to be displaed in this posting. Check if it's already cached:
if($data['cache_signature']!='')
{
$data['signature'] = $data['cache_signature'];
}
else
{
$s_result = @mysqli_query($connid, "SELECT cache_signature FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($data['user_id'])." LIMIT 1");
$s_data = mysqli_fetch_array($s_result);
if($s_data['cache_signature']!='')
{
$data['signature'] = $s_data['cache_signature'];
}
else
{
$data['signature'] = signature_format($data['signature']);
// cache signature:
$xxx = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($data['user_id'])) or die(mysqli_error($connid));
list($row_count) = mysqli_fetch_row($xxx);
#echo 'row count: '.$row_count.' user_id: '.$data['user_id'].'<br />';
if($row_count==1)
{
@mysqli_query($connid, "UPDATE ".$db_settings['userdata_cache_table']." SET cache_signature='".mysqli_real_escape_string($connid, $data['signature'])."' WHERE cache_id=".intval($data['user_id']));
}
else
{
@mysqli_query($connid, "DELETE FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($data['user_id']));
@mysqli_query($connid, "INSERT INTO ".$db_settings['userdata_cache_table']." (cache_id, cache_signature, cache_profile) VALUES (".intval($data['user_id']).",'".mysqli_real_escape_string($connid, $data['signature'])."','')");
}
}
}
}
else
{
unset($data['signature']);
}
if(empty($data["email_contact"])) $data["email_contact"]=0;
if($data['hp']!='')
{
$data['hp'] = add_http_if_no_protocol($data['hp']);
}
if($data['email']!='' && $data['email_contact']==1) $data['email']=true;
else $data['email']=false;
if($data['location'] != '') $data['location']=htmlspecialchars($data['location']);
if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0)
{
$data['options']['move'] = true;
$data['options']['lock'] = true;
}
if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0 && $settings['akismet_key']!='' && $settings['akismet_entry_check']==1 && $data['spam']==0 && $data['spam_check_status']>0) $data['options']['report_spam']=true;
if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0 && $data['spam']==1) $data['options']['flag_ham']=true;
if($settings['count_views'] == 1)
{
$views = $data['views']-1; // this subtracts the first view by the author after posting
if($views<0) $views=0; // prevents negative number of views
$data['views'] = $views;
}
else $data['views']=0;
if(isset($_SESSION[$settings['session_prefix'].'user_id'])) {
// bookmark handling
$user_id = $_SESSION[$settings['session_prefix'].'user_id'];
$bookmark_result = mysqli_query($connid, "SELECT TRUE AS 'bookmark' FROM ".$db_settings['bookmark_table']." WHERE `user_id` = ".intval($user_id)." AND `posting_id` = ".intval($data['id'])."") or raise_error('database_error',mysqli_error($connid));
$bookmark = mysqli_fetch_row($bookmark_result);
mysqli_free_result($bookmark_result);
if (isset($bookmark) && intval($bookmark) == 1) {
$data['bookmarkedby'] = intval($user_id);
$data['options']['delete_bookmark'] = true;
}
else
$data['options']['add_bookmark'] = true;
// read-status handling
$rstatus = save_read_status($connid, $user_id, $data['id']);
}
if ($data['req_user'] !== NULL and is_numeric($data['req_user'])) {
$data['is_read'] = true;
$data['new'] = false;
} else {
if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
$data['is_read'] = false;
$data['new'] = true;
} else {
if (isset($_SESSION[$settings['session_prefix'].'usersettings']['newtime']) && $_SESSION[$settings['session_prefix'].'usersettings']['newtime'] < $data['time'] || ($last_visit && ($data['last_reply'] > $last_visit or $data['time'] > $last_visit))) {
$data['is_read'] = false;
$data['new'] = true;
} else {
$data['is_read'] = true;
$data['new'] = false;
}
}
}
$data_array[$data["id"]] = $data;
$child_array[$data["pid"]][] = $data["id"];
}
mysqli_free_result($result);
}
else
{
header("location: index.php");
exit;
}
$subnav_link = array('mode'=>'index', 'name'=>'thread_entry_back_link', 'title'=>'thread_entry_back_title');
$smarty->assign('id',$id);
$smarty->assign('data',$data_array);
if(isset($child_array)) $smarty->assign('child_array', $child_array);
$smarty->assign('subnav_link',$subnav_link);
$smarty->assign('page',$page);
$smarty->assign('order',$order);
$smarty->assign('category',$category);
if($thread_display==0) $smarty->assign('subtemplate','thread.inc.tpl');
else $smarty->assign('subtemplate','thread_linear.inc.tpl');
$template = 'main.tpl';
}
?>
Reference in a new issue View git blame Copy permalink