$arr["minclassread"], "write" => $arr["minclasswrite"], "create" => $arr["minclasscreate"]); } //-------- Returns the forum ID of a topic, or false on error function get_topic_forum($topicid) { $res = do_mysql_query("SELECT forumid FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) != 1) return false; $arr = mysql_fetch_row($res); return $arr[0]; } //-------- Returns the ID of the last post of a forum function update_topic_last_post($topicid) { $res = do_mysql_query("SELECT id FROM posts WHERE topicid=$topicid ORDER BY id DESC LIMIT 1") or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_row($res) or die("No post found"); $postid = $arr[0]; $lastpost_txt =''; do_mysql_query("UPDATE topics SET lastpost=$postid, lastpost_txt='$lastpost_txt' WHERE id=$topicid") or sqlerr(__FILE__, __LINE__); } function get_forum_last_post($forumid) { $res = do_mysql_query("SELECT lastpost FROM topics WHERE forumid=$forumid ORDER BY lastpost DESC LIMIT 1") or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_row($res); $postid = $arr[0]; if ($postid) return $postid; else return 0; } //-------- Inserts a quick jump menu function insert_quick_jump_menu($currentforum = 0) { print("

\n"); print("\n"); print( _("Quick jump: ") ); print("\n"); print("\n"); print("
\n

"); } //-------- Inserts a compose frame function insert_compose_frame($id, $newtopic = true, $quote = false) { global $maxsubjectlength, $CURUSER; if ($newtopic) { $res = do_mysql_query("SELECT name FROM forums WHERE id=". (int) $id) or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_assoc($res) or die("Bad forum id"); $forumname = $arr["name"]; print("

New topic in $forumname forum

\n"); } else { $res = do_mysql_query("SELECT * FROM topics WHERE id=$id") or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_assoc($res) or stderr("Forum error", "Topic not found."); $subject = $arr["subject"]; print("

Reply to topic: $subject

"); } begin_frame("Compose", true); print("
\n"); if ($newtopic) print("\n"); else print("\n"); print("\n"); if ($newtopic) print("" . "\n"); if ($quote) { $postid = (int) $_GET["postid"]; if (!is_valid_id($postid)) stderr( _("Error"), _("Invalid ID") ); $res = do_mysql_query("SELECT posts.*, users.username FROM posts LEFT JOIN users ON posts.userid = users.id WHERE posts.id=$postid") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) != 1) stderr( _("Error"), "No post with ID"); $arr = mysql_fetch_assoc($res); } print("\n"); print(""); end_table(); end_table(); print("\n"); end_frame(); //------ Get 10 last posts if this is a reply if (!$newtopic) { $postres = do_mysql_query("SELECT * , UNIX_TIMESTAMP(added) as utadded FROM posts WHERE topicid=$id ORDER BY id DESC LIMIT 10") or sqlerr(__FILE__, __LINE__); begin_frame("10 last posts, in reverse order"); while ($post = mysql_fetch_assoc($postres)) { //-- Get poster details $userres = do_mysql_query("SELECT * FROM users WHERE id=" . $post["userid"] ) or sqlerr(__FILE__, __LINE__); $user = mysql_fetch_assoc($userres); $avatar = ($CURUSER["avatars"] == "yes" ? htmlspecialchars($row["avatar"]) : ""); // $avatar = $user["avatar"]; if (!$avatar) $avatar = $GLOBALS['pic_base_url']."/default_avatar.gif"; $timezone = $post['added']; print("

#" . $post["id"] . " by " . $user["username"] . " at " . $timezone . "

"); begin_table(true); print("\n"); end_table(); } end_frame(); } insert_quick_jump_menu(); } //-------- Action: New topic if ($action == "newtopic") { $forumid = (int) $_GET["forumid"]; if (!is_valid_id($forumid)) stderr( _("Error"), "Unknown ID"); stdhead("New topic"); begin_main_frame(); insert_compose_frame($forumid); end_main_frame(); stdfoot(); } //-------- Action: Post if ($action == "post") { $forumid = (int) $_POST["forumid"]; $topicid = (int) $_POST["topicid"]; if (!is_valid_id($forumid) && !is_valid_id($topicid)) stderr( _("Error"), "Bad forum or topic ID."); $newtopic = $forumid > 0; $subject = $_POST["subject"]; if ($newtopic) { $subject = trim($subject); if (!$subject) stderr( _("Error"), "You must enter a subject."); if (strlen($subject) > $maxsubjectlength) stderr( _("Error"), "Subject is limited to $maxsubjectlength characters."); } else $forumid = get_topic_forum($topicid) or die("Bad topic ID"); //------ Make sure sure user has write access in forum $arr = get_forum_access_levels($forumid) or die("Bad forum ID"); if (get_user_class() < $arr["write"] || ($newtopic && get_user_class() < $arr["create"])) stderr( _("Error"), _("Permission denied.")); $body = trim($_POST["body"]); if ($body == "") stderr( _("Error"), "No body text."); $userid = $CURUSER["id"]; if ($newtopic) { //---- Create topic $subject = sqlesc( htmlspecialchars($subject) ); do_mysql_query("UPDATE LOW_PRIORITY forums SET postcount=postcount+1, topiccount=topiccount+1 WHERE forumid=".$forumid); do_mysql_query("INSERT INTO topics (userid, forumid, subject) VALUES($userid, $forumid, $subject)") or sqlerr(__FILE__, __LINE__); $topicid = mysql_insert_id() or stderr( _("Error"), "No topic ID returned"); } else { //---- Make sure topic exists and is unlocked $res = do_mysql_query("SELECT * FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_assoc($res) or die("Topic id n/a"); if ($arr["locked"] == 'yes' && get_user_class() < UC_MODERATOR) stderr( _("Error"), "This topic is locked."); //---- Get forum ID $forumid = $arr["forumid"]; } //------ Insert post $body_parsed = format_comment($body); $body_parsed = mysql_escape_string($body_parsed); $body = mysql_escape_string($body); $insert_post_sql = sprintf("INSERT INTO posts (topicid, userid, added, body, body_parsed) VALUES (%u,%u, NOW(), '%s', '%s')", $topicid, $userid, $body, $body_parsed); do_mysql_query($insert_post_sql) or sqlerr(__FILE__, __LINE__); $postid = mysql_insert_id() or die("Post id n/a"); $lastpost = "".get_date_time()."
" . "by ".$CURUSER['username']."
" . "in ".$arr['subject']."
"; // Update forum lastpost string (saves quite some queries instead of saving the id) do_mysql_query("UPDATE LOW_PRIORITY forums SET postcount=postcount+1, lastpost_txt='".mysql_escape_string($lastpost)."' WHERE id=".$forumid); //------ Update topic last post $lastpost_txt = ''.get_date_time().'
by '."'; do_mysql_query("UPDATE topics SET lastpost=$postid, lastpost_txt='$lastpost_txt' WHERE id=$topicid") or sqlerr(__FILE__, __LINE__); //update_topic_last_post($topicid); // Update user post count $sql_update_post = sprintf('UPDATE LOW_PRIORITY users SET posts=posts+1 WHERE id=%u', $CURUSER['id']); do_mysql_query($sql_update_post); //Update topic reply counter do_mysql_query("UPDATE topics SET replies=replies+1 WHERE id=".$topicid); //------ All done, redirect user to the post $headerstr = "Location: ".$GLOBALS['DEFAULTBASEURL']."/forums.php?action=viewtopic&topicid=$topicid&page=last"; if ($newtopic) header($headerstr); else header("$headerstr#$postid"); die; } //-------- Action: View topic if ($action == "viewtopic") { $topicid = (int) $_GET["topicid"]; $page = (int) $_GET["page"]; if (!is_valid_id($topicid)) stderr( _("Error"), "Unknown ID"); $userid = $CURUSER["id"]; //------ Get topic info $res = do_mysql_query("SELECT t.*, IF(t.locked = 'yes', 1, 0) as topic_locked, IF(t.sticky = 'yes', 1, 0) as topic_sticky, f.name as forum_name, f.minclassread as forum_minclassread FROM topics t LEFT JOIN forums f ON t.forumid = f.id WHERE t.id=".$topicid) or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_assoc($res) or stderr("Forum error", "Topic not found"); $locked = $arr['topic_locked']; $subject = $arr["subject"]; $sticky = $arr['topic_sticky']; $forumid = $arr["forumid"]; $forum = $arr['forum_name']; //------ Update hits column do_mysql_query("UPDATE LOW_PRIORITY topics SET views = views + 1 WHERE id=".$topicid) or sqlerr(__FILE__, __LINE__); if ($CURUSER["class"] < $arr["forum_minclassread"]) stderr( _("Error"), "You are not permitted to view this topic."); //------ Get post count // $res = do_mysql_query("SELECT COUNT(*) FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__); //$arr = mysql_fetch_row($res); $postcount = $arr['replies']; //------ Make page menu $pagemenu = "

\n"; $perpage = $postsperpage; $pages = ceil($postcount / $perpage); if ($page[0] == "p") { $findpost = substr($page, 1); $res = do_mysql_query("SELECT id FROM posts WHERE topicid=$topicid ORDER BY added") or sqlerr(__FILE__, __LINE__); $i = 1; while ($arr = mysql_fetch_row($res)) { if ($arr[0] == $findpost) break; ++$i; } $page = ceil($i / $perpage); } if ($page == "last") $page = $pages; else { if($page < 1) $page = 1; elseif ($page > $pages) $page = $pages; } $offset = $page * $perpage - $perpage; if($offset < 0) $offset = 0; for ($i = 1; $i <= $pages; ++$i) { if ($i == $page) $pagemenu .= "$i\n"; else $pagemenu .= "$i\n"; } if ($page == 1) $pagemenu .= "
<< Prev"; else $pagemenu .= "
<< Prev"; $pagemenu .= "   "; $pagemenu .= "Search | Catch up\n"; $pagemenu .= "   "; if ($page == $pages) $pagemenu .= "Next >>

\n"; else $pagemenu .= "Next >>

\n"; //------ Get posts $get_posts_sql = sprintf('SELECT p.*, u.signatureinfo_parsed, u.username, u.downloaded, u.uploaded, u.enabled, u.class, u.title, u.warned, u.showemail, u.email, u.avatar, IF(u.downloaded > 0, ROUND(u.uploaded / u.downloaded,3), \'---\') as ratio, DATE_FORMAT(u.added, "%%a, %%b %%d %%Y ") as user_added, u.website, u.showwebsite, UNIX_TIMESTAMP(p.added) as utadded, UNIX_TIMESTAMP(p.editedat) as uteditedat, u2.id as edit_id, u2.username as edit_user, p.editedat as edit_date FROM posts p LEFT JOIN users u ON p.userid = u.id LEFT JOIN users u2 ON p.editedby = u2.id WHERE topicid=%u ORDER BY id LIMIT %u,%u', $topicid, $offset, $perpage); //echo $get_posts_sql; //$res = do_mysql_query("SELECT *,UNIX_TIMESTAMP(added) as utadded,UNIX_TIMESTAMP(editedat) as uteditedat FROM posts WHERE topicid=$topicid ORDER BY id LIMIT $offset,$perpage") or sqlerr(__FILE__, __LINE__); $res = do_mysql_query($get_posts_sql); stdhead("View topic"); print("

$forum > $subject

\n"); print($pagemenu); //------ Print table begin_main_frame(); begin_frame(); $pc = mysql_num_rows($res); $pn = 0; $r = do_mysql_query("SELECT lastpostread FROM readposts WHERE userid=" . $CURUSER["id"] . " AND topicid=$topicid") or sqlerr(__FILE__, __LINE__); $a = mysql_fetch_row($r); $lpr = $a[0]; if (!$lpr) do_mysql_query("INSERT INTO readposts (userid, topicid) VALUES($userid, $topicid)") or sqlerr(__FILE__, __LINE__); while ($arr = mysql_fetch_assoc($res)) { ++$pn; $postid = $arr["id"]; $posterid = $arr["userid"]; $timezone = $arr['added']; $added = $timezone . " (" . (get_elapsed_time($arr["utadded"])) . " ago)"; /* SIGNATURE MOD */ $signatureinfo = $arr["signatureinfo_parsed"]; /* END */ /* if ($arr2["downloaded"] > 0) { $ratio = number_format($arr["uploaded"] / $arr["downloaded"], 3); $ratio = "$ratio"; } else if ($arr["uploaded"] > 0) $ratio = "Inf."; else $ratio = "---"; */ $ratio = ''.$arr['ratio'].''; $postername = $arr["username"]; if (is_null($postername)) { if($posterid == 0) $by = 'System'; else $by = "unknown[$posterid]"; $avatar = ""; } else { $avatar = ($CURUSER["avatars"] == "yes" ? htmlspecialchars($arr["avatar"]) : ""); $title = $arr["title"]; if (!$title) $title = get_user_class_name($arr["class"]); $by = "$postername" . ($arr["donor"] == "yes" ? "Donor" : "") . ($arr["enabled"] == "no" ? "\"This" : ($arr["warned"] == "yes" ? "\"Warned\"" : "")) . " ($title)"; } if (!$avatar) $avatar = $GLOBALS['pic_base_url']."default_avatar.gif"; print("\n"); if ($pn == $pc) { print("\n"); if ($postid > $lpr) do_mysql_query("UPDATE LOW_PRIORITY readposts SET lastpostread=$postid WHERE userid=$userid AND topicid=$topicid") or sqlerr(__FILE__, __LINE__); } print("

Subject
Body"); textbbcode("compose","body",($quote?(("[quote=".htmlspecialchars($arr["username"])."]".htmlspecialchars(unesc($arr["body"]))."[/quote]")):"")); print("
" . ($avatar ? "" : ""). "" . $post["body_parsed"] . "
"); print("
#$postid by $by at $added"); if (!$locked || get_user_class() >= UC_MODERATOR) print(" - [Quote]"); if (($CURUSER["id"] == $posterid && !$locked) || get_user_class() >= UC_MODERATOR) print(" - [Edit]"); if (get_user_class() >= UC_MODERATOR) print(" - [Delete]"); print("Top

\n"); begin_table(true); //$body = format_comment($arr["body"]); $body = $arr['body_parsed']; if ($arr['edit_id'] > 0) { $timezone = $arr['edit_date']; $body .= "

Last edited by ".$arr['edit_user']." at $timezone

\n"; } if ($signatureinfo && $CURUSER["showsig"] == "yes" ) { $body .= "


$signatureinfo

\n"; } $join = $arr['user_added']; $stats = "Joined: ".$join; $stats .= "
Ratio: $ratio

\n"; print("" .($avatar ? "" : ""). "

$stats$body\n"); $info = "

  "; if ($CURUSER["showemail"] == "yes" && $CURUSER['email']) $info .= "  "; if ($CURUSER["showwebsite"] == "yes" && $CURUSER['website']) $info .= "  "; $info .= "

\n"; print("Back to top$info\n"); end_table(); } //------ Mod options if (get_user_class() >= UC_MODERATOR) { attach_frame(); $res = do_mysql_query("SELECT id,name,minclasswrite FROM forums ORDER BY name") or sqlerr(__FILE__, __LINE__); print("\n"); print("\n"); print("\n"); print("\n"); print("\n"); print(""); print("\n"); print("\n"); print("\n"); print("\n"); print("\n"); print(""); print("\n"); print("\n"); print("\n"); print("\n"); print(""); print("\n"); print("\n"); print("\n"); print("\n"); print("
Sticky: Yes No\n"); print("
Locked: Yes No\n"); print("
Rename topic:\n"); print("
Move this thread to: 
Delete topic\n"); print("
\n"); print("\n"); print("\n"); print("I'm sure\n"); print("\n"); print("
\n"); print("
\n"); } end_frame(); end_main_frame(); print($pagemenu); if ($locked && get_user_class() < UC_MODERATOR) print("

This topic is locked; no new posts are allowed.

\n"); else { $arr = get_forum_access_levels($forumid) or die; if (get_user_class() < $arr["write"]) print("

You are not permitted to post in this forum.

\n"); else $maypost = true; } //------ "View unread" / "Add reply" buttons print("

\n"); print("\n"); if ($maypost) { print("\n"); } print("
\n"); print("\n"); print("\n"); print("
\n"); print("\n"); print("\n"); print("\n"); print("

\n"); //------ Forum quick jump drop-down insert_quick_jump_menu($forumid); stdfoot(); die; } //-------- Action: Quote if ($action == "quotepost") { $topicid = (int) $_GET["topicid"]; if (!is_valid_id($topicid)) stderr( _("Error"), "Invalid topic ID"); stdhead("Post reply"); begin_main_frame(); insert_compose_frame($topicid, false, true); end_main_frame(); stdfoot(); die; } //-------- Action: Reply if ($action == "reply") { $topicid = (int) $_GET["topicid"]; if (!is_valid_id($topicid)) stderr( _("Error") , "Invalid topicid"); stdhead("Post reply"); begin_main_frame(); insert_compose_frame($topicid, false); end_main_frame(); stdfoot(); die; } //-------- Action: Move topic if ($action == "movetopic") { $forumid = (int) $_POST["forumid"]; $topicid = (int) $_GET["topicid"]; if (!is_valid_id($forumid) || !is_valid_id($topicid) || get_user_class() < UC_MODERATOR) stderr( _("Error"),_("Permission denied")); // Make sure topic and forum is valid $res = @do_mysql_query("SELECT minclasswrite FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) != 1) stderr( _("Error"), "Forum not found."); $arr = mysql_fetch_row($res); if (get_user_class() < $arr[0]) stderr( _("Error"),_("Permission denied")); $res = @do_mysql_query("SELECT subject,forumid FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) != 1) stderr( _("Error"), "Topic not found."); $arr = mysql_fetch_assoc($res); if ($arr["forumid"] != $forumid) @do_mysql_query("UPDATE topics SET forumid=$forumid WHERE id=$topicid") or sqlerr(__FILE__, __LINE__); // Redirect to forum page header("Location: forums.php?action=viewforum&forumid=$forumid"); die; } //-------- Action: Delete topic if ($action == "deletetopic") { $topicid = (int) $_GET["topicid"]; $forumid = (int) $_GET["forumid"]; if (!is_valid_id($topicid) || get_user_class() < UC_MODERATOR) stderr( _("Error"),_("Permission denied")); $sure = (int) $_GET["sure"]; if (!$sure) { stderr("Delete topic", "Sanity check: You are about to delete a topic. Click\n" . "here if you are sure."); } do_mysql_query("DELETE FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__); do_mysql_query("DELETE FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__); do_mysql_query("UPDATE LOW_PRIORITY forums SET topiccount=topiccount-1 WHERE id=".$forumid); if(!$forumid) header("Location: forums.php"); else header("Location: forums.php?action=viewforum&forumid=$forumid"); die; } //-------- Action: Edit post if ($action == "editpost") { $postid = (int) $_GET["postid"]; if (!is_valid_id($postid)) stderr( _("Error"), _("Invalid ID") ); $res = do_mysql_query("SELECT * FROM posts WHERE id=$postid") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) != 1) stderr( _("Error"), "No post with ID $postid."); $arr = mysql_fetch_assoc($res); $res2 = do_mysql_query("SELECT locked FROM topics WHERE id = " . $arr["topicid"]) or sqlerr(__FILE__, __LINE__); $arr2 = mysql_fetch_assoc($res2); if (mysql_num_rows($res) != 1) stderr( _("Error"), "No topic associated with post ID."); $locked = ($arr2["locked"] == 'yes'); if (($CURUSER["id"] != $arr["userid"] || $locked) && get_user_class() < UC_MODERATOR) stderr( _("Error"), "Denied!"); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $body = $_POST['body']; if ($body == "") stderr( _("Error"), "Body cannot be empty!"); $body_parsed = format_comment($body); $body_parsed = mysql_escape_string($body_parsed); $body = mysql_escape_string($body); do_mysql_query("UPDATE posts SET body='$body', body_parsed='$body_parsed', editedat=NOW(), editedby=$CURUSER[id] WHERE id=$postid") or sqlerr(__FILE__, __LINE__); $returnto = htmlspecialchars($_POST["returnto"]); if ($returnto != "") { $returnto .= "&page=p$postid#$postid"; header("Location: $returnto"); } else stderr("Success", "Post was edited successfully."); } stdhead(); print("

Edit Post

\n"); print("
\n"); print("\n"); print("\n"); print("\n"); print("\n"); print("
\n"); textbbcode("editpost","body","$arr[body]"); print("
\n"); print("
\n"); stdfoot(); die; } //-------- Action: Delete post if ($action == "deletepost") { $postid = (int) $_GET["postid"]; $sure = (int) $_GET["sure"]; if (get_user_class() < UC_MODERATOR || !is_valid_id($postid)) stderr( _("Error"),_("Permission denied")); //------- Get topic id $res = do_mysql_query("SELECT topicid FROM posts WHERE id=$postid") or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_row($res) or stderr( _("Error"), "Post not found"); $topicid = $arr[0]; //------- We can not delete the post if it is the only one of the topic $res = do_mysql_query("SELECT COUNT(*) FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_row($res); if ($arr[0] < 2) stderr( _("Error"), "Can't delete post; it is the only post of the topic. You should\n" . "delete the topic instead.\n"); /* //------- Get the id of the last post before the one we're deleting $res = do_mysql_query("SELECT id FROM posts WHERE topicid=$topicid AND id < $postid ORDER BY id DESC LIMIT 1") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) == 0) $redirtopost = ""; else { $arr = mysql_fetch_row($res); $redirtopost = "&page=p$arr[0]#$arr[0]"; } */ //------- Make sure we know what we do :-) if (!$sure) { stderr("Delete post", "Sanity check: You are about to delete a post. Click\n" . "here if you are sure."); } //------- Delete post do_mysql_query("DELETE FROM posts WHERE id=$postid") or sqlerr(__FILE__, __LINE__); //Update topic reply counter do_mysql_query("UPDATE topics SET replies=replies-1 WHERE topicid=".$topicid); //------- Update topic //update_topic_last_post($topicid); header("Location: forums.php?action=viewtopic&topicid=$topicid$redirtopost"); die; } //-------- Action: Lock topic if ($action == "locktopic") { $forumid = (int) $_GET["forumid"]; $topicid = (int) $_GET["topicid"]; $page = (int) $_GET["page"]; if (!is_valid_id($topicid) || get_user_class() < UC_MODERATOR) stderr( _("Error"),_("Permission denied")); do_mysql_query("UPDATE topics SET locked='yes' WHERE id=$topicid") or sqlerr(__FILE__, __LINE__); header("Location: forums.php?action=viewforum&forumid=$forumid&page=$page"); die; } //-------- Action: Unlock topic if ($action == "unlocktopic") { $forumid = (int) $_GET["forumid"]; $topicid = (int) $_GET["topicid"]; $page = (int) $_GET["page"]; if (!is_valid_id($topicid) || get_user_class() < UC_MODERATOR) die; do_mysql_query("UPDATE topics SET locked='no' WHERE id=$topicid") or sqlerr(__FILE__, __LINE__); header("Location: forums.php?action=viewforum&forumid=$forumid&page=$page"); die; } //-------- Action: Set locked on/off if ($action == "setlocked") { $topicid = (int) $_POST["topicid"]; if (!$topicid || get_user_class() < UC_MODERATOR) stderr( _("Error"),_("Permission denied")); $locked = sqlesc($_POST["locked"]); do_mysql_query("UPDATE topics SET locked=$locked WHERE id=$topicid") or sqlerr(__FILE__, __LINE__); header("Location: $_POST[returnto]"); die; } //-------- Action: Set sticky on/off if ($action == "setsticky") { $topicid = (int) $_POST["topicid"]; if (!$topicid || get_user_class() < UC_MODERATOR) stderr( _("Error"),_("Permission denied")); $sticky = sqlesc($_POST["sticky"]); do_mysql_query("UPDATE topics SET sticky=$sticky WHERE id=$topicid") or sqlerr(__FILE__, __LINE__); header("Location: $_POST[returnto]"); die; } //-------- Action: Rename topic if ($action == 'renametopic') { if( get_user_class() < UC_MODERATOR) stderr( _("Error"),_("Permission denied")); $topicid = (int) $_POST['topicid']; if (!is_valid_id($topicid)) stderr( _("Error"),"Invalid ID"); $subject = htmlspecialchars($_POST['subject']); if ($subject == '') stderr('Error', 'You must enter a new title!'); $subject = sqlesc($subject); do_mysql_query("UPDATE topics SET subject=$subject WHERE id=$topicid") or sqlerr(); $returnto = '?action=viewtopic&topicid='.$topicid; if ($returnto) header("Location: $returnto"); die; } //-------- Action: View forum if ($action == "viewforum") { $forumid = (int) $_GET["forumid"]; if (!is_valid_id($forumid)) stderr( _("Error"),"Invalid ID"); $page = (int) $_GET["page"]; $userid = $CURUSER["id"]; //------ Get forum name $res = do_mysql_query("SELECT name, minclassread, topiccount FROM forums WHERE id=".$forumid) or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_assoc($res) or die; $forumname = $arr["name"]; if (get_user_class() < $arr["minclassread"]) stderr( _("Error"),_("Permission denied")); //------ Get topic count $perpage = $CURUSER["topicsperpage"]; if (!$perpage) $perpage = 20; /* $res = do_mysql_query("SELECT COUNT(*) FROM topics WHERE forumid=$forumid") or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_row($res); $num = $arr[0]; */ $num = $arr['topiccount']; if ($page == 0) $page = 1; $first = ($page * $perpage) - $perpage + 1; $last = $first + $perpage - 1; if ($last > $num) $last = $num; $pages = floor($num / $perpage); if ($perpage * $pages < $num) ++$pages; //------ Build menu $menu = "

\n"; $lastspace = false; for ($i = 1; $i <= $pages; ++$i) { if ($i == $page) $menu .= "$i\n"; elseif ($i > 3 && ($i < $pages - 2) && ($page - $i > 3 || $i - $page > 3)) { if ($lastspace) continue; $menu .= "... \n"; $lastspace = true; } else { $menu .= "$i\n"; $lastspace = false; } if ($i < $pages) $menu .= "|\n"; } $menu .= "
\n"; if ($page == 1) $menu .= "<< Prev"; else $menu .= "<< Prev"; $menu .= "   "; $menu .= "Search | Catch up\n"; $menu .= "   "; if ($last == $num) $menu .= "Next >>"; else $menu .= "Next >>"; $menu .= "

\n"; $offset = $first - 1; //------ Get topics data $topicsres = do_mysql_query("SELECT t.*, u.id as user_id, u.username as user_name FROM topics t LEFT JOIN users u ON t.userid = u.id WHERE t.forumid=$forumid ORDER BY t.sticky, t.lastpost DESC LIMIT $offset,$perpage") or stderr("SQL Error", mysql_error()); stdhead("Forum"); $numtopics = mysql_num_rows($topicsres); print("

$forumname

\n"); if ($numtopics > 0) { print($menu); print(""); print("\n" . "\n"); print("\n"); while ($topicarr = mysql_fetch_assoc($topicsres)) { $topicid = $topicarr["id"]; $topic_userid = $topicarr["userid"]; $topic_views = $topicarr["views"]; $locked = $topicarr["locked"] == "yes"; $sticky = $topicarr["sticky"] == "yes"; $posts = $topicarr['replies']; $replies = max(0, $posts); $tpages = floor($posts / $postsperpage); if ($tpages * $postsperpage != $posts) ++$tpages; if ($tpages > 1) { $topicpages = " ("; for ($i = 1; $i <= $tpages; ++$i) $topicpages .= " $i"; $topicpages .= ")"; } else $topicpages = ""; //---- Print row $r = do_mysql_query("SELECT lastpostread FROM readposts WHERE userid=$userid AND topicid=$topicid") or sqlerr(__FILE__, __LINE__); $a = mysql_fetch_row($r); $new = !$a || $lppostid > $a[0]; $topicpic = ($locked ? ($new ? "lockednew" : "locked") : ($new ? "unlockednew" : "unlocked")); $subject = ($sticky ? "Sticky: " : "") . "" . encodehtml($topicarr["subject"]) . "$topicpages"; print("\n" . "\n" . "\n"); print("\n"); } // while print("
TopicRepliesViewsAuthorLast post
" . "
" . "\n" . "$subject
$replies$topic_views".$topicarr['user_name']."".$topicarr['lastpost_txt']."
\n"); print($menu); } // if else print("

No topics found

\n"); print("

\n"); print("\n"); print("\n"); print("
New posts" . "Locked topic

\n"); $arr = get_forum_access_levels($forumid) or die; $maypost = get_user_class() >= $arr["write"] && get_user_class() >= $arr["create"]; if (!$maypost) print("

You are not permitted to start new topics in this forum.

\n"); print("

\n"); print("\n"); if ($maypost) print("\n"); print("

\n"); insert_quick_jump_menu($forumid); stdfoot(); die; } //-------- Action: View unread posts if ($action == "viewunread") { $userid = $CURUSER['id']; $maxresults = 25; $res = do_mysql_query("SELECT id, forumid, subject, lastpost FROM topics ORDER BY lastpost") or sqlerr(__FILE__, __LINE__); stdhead(); print("

Topics with unread posts

\n"); $n = 0; $uc = get_user_class(); while ($arr = mysql_fetch_assoc($res)) { $topicid = $arr['id']; $forumid = $arr['forumid']; //---- Check if post is read $r = do_mysql_query("SELECT lastpostread FROM readposts WHERE userid=$userid AND topicid=$topicid") or sqlerr(__FILE__, __LINE__); $a = mysql_fetch_row($r); if ($a && $a[0] == $arr['lastpost']) continue; //---- Check access & get forum name $r = do_mysql_query("SELECT name, minclassread FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__); $a = mysql_fetch_assoc($r); if ($uc < $a['minclassread']) continue; ++$n; if ($n > $maxresults) break; $forumname = $a['name']; if ($n == 1) { print("\n"); print("\n"); } print("\n"); } if ($n > 0) { print("
TopicForum
" . "" . "" . htmlspecialchars($arr["subject"]) . "
$forumname
\n"); if ($n > $maxresults) print("

More than $maxresults items found, displaying first $maxresults.

\n"); print("

Catch up

\n"); } else print("Nothing found"); stdfoot(); die; } if ($action == "search") { stdhead("Forum Search"); print("

Forum Search

\n"); $keywords = trim($_GET["keywords"]); if ($keywords != "") { print("

Query: " . htmlspecialchars($keywords) . "

\n"); $maxresults = 50; $res = do_mysql_query("SELECT id,topicid,userid,added FROM posts WHERE MATCH (body) AGAINST (" . sqlesc($keywords) . ") LIMIT " . ($maxresults + 1)) or sqlerr(__FILE__, __LINE__); // search and display results... $num = mysql_num_rows($res); if ($num > $maxresults) { $num = $maxresults; print("

Found more than $maxresults posts; displaying first $num.

\n"); } if ($num == 0) print("

Sorry, nothing found!

"); else { print("

\n"); print("\n"); for ($i = 0; $i < $num; ++$i) { $post = mysql_fetch_assoc($res); $res2 = do_mysql_query("SELECT forumid, subject FROM topics WHERE id=$post[topicid]") or sqlerr(__FILE__, __LINE__); $topic = mysql_fetch_assoc($res2); $res2 = do_mysql_query("SELECT name,minclassread FROM forums WHERE id=$topic[forumid]") or sqlerr(__FILE__, __LINE__); $forum = mysql_fetch_assoc($res2); if ($forum["name"] == "" || $forum["minclassread"] > $CURUSER["class"]) continue; $res2 = do_mysql_query("SELECT username FROM users WHERE id=$post[userid]") or sqlerr(__FILE__, __LINE__); $user = mysql_fetch_assoc($res2); if ($user["username"] == "") $user["username"] = "[$post[userid]]"; print("\n"); } print("
PostTopicForumPosted by
$post[id]" . htmlspecialchars($topic["subject"]) . "" . htmlspecialchars($forum["name"]) . "$user[username]
at $post[added]

\n"); print("

Search again

\n"); } } print("
\n"); print("\n"); print("\n"); print("\n"); print("\n"); print("
Key words
\n" . "Enter one or more words to search for.
\n
\n"); stdfoot(); die; } //-------- Handle unknown action if ($action != "") stderr("Forum Error", "Unknown action."); //-------- Default action: View forums if (isset($_GET["catchup"])) catch_up(); //-------- Get forums $forums_res = do_mysql_query("SELECT id,name,description,topiccount,postcount,minclassread, IF(lastpost_txt = '', 'N/A', lastpost_txt) as lastpost_str FROM forums ORDER BY sort, name") or sqlerr(__FILE__, __LINE__); stdhead("Forums"); print("

Forums

\n"); print("\n"); print("" . "" . "\n"); while ($forums_arr = mysql_fetch_assoc($forums_res)) { if (get_user_class() < $forums_arr["minclassread"]) continue; $forumid = $forums_arr["id"]; $forumname = htmlspecialchars($forums_arr["name"]); $forumdescription = htmlspecialchars($forums_arr["description"]); $topiccount = $forums_arr["topiccount"]; $postcount = $forums_arr["postcount"]; $img = "unlocked"; print("" . "\n"); } print("
ForumTopicsPostsLast post
$forumname
\n" . "$forumdescription
$topiccount$postcount".$forums_arr['lastpost_str']."
\n"); print("

Search | View unread | Catch up

"); stdfoot(); ?>