function forum_edit_replay($id, $bid, $tid)
{
global $db;
$thread = $db->fetch_assoc('SELECT `threadID`, `bID`, `threadname`, a.boardparentID, ' . DB_PRE . 'ecp_forum_threads.closed,userID, comment, attachs,postname, adatum,
a.editcom,a.editmocom,a.rightsread, a.commentsperpost, a.moneyperpost, a.boardparentID,
a.name, a.attachments, a.attachmaxsize, a.postcom, a.attachfiles, b.rightsread as parentRead
FROM ' . DB_PRE . 'ecp_forum_threads
LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (bID = a.boardID)
LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (b.boardID = a.boardparentID)
LEFT JOIN ' . DB_PRE . 'ecp_forum_comments ON (comID = ' . $id . ')
WHERE threadID = ' . $tid . ' AND bID = ' . $bid);
if (@$_SESSION['userID'] and find_access($thread['rightsread']) and find_access($thread['parentRead']) and (find_access($thread['editcom']) and $_SESSION['userID'] == $thread['userID'] or find_access($thread['editmocom'])) and $db->errorNum() == 0) {
if (isset($_POST['comment'])) {
if ($_POST['comment'] == '' or isset($_POST['username']) and $_POST['username'] == '' or isset($_POST['title']) and $_POST['title'] == '') {
table(ERROR, NOT_NEED_ALL_INPUTS);
$tpl = new smarty();
$tpl->assign('func', 'edit');
$tpl->assign('func2', '&comID=' . $id);
$tpl->assign('comment', $_POST['comment']);
if ($db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND adatum < ' . $thread['adatum'] . ' ORDER BY adatum ASC') == 0) {
$tpl->assign('title', $thread['threadname']);
}
if ($thread['userID'] == 0) {
$tpl->assign('username', $thread['postname']);
}
ob_start();
if ($thread['attachments'] and $thread['attachmaxsize']) {
$attachs = $db->result(DB_PRE . 'ecp_forum_attachments', 'COUNT(attachID)', 'mID = ' . $id . ' AND tID = ' . $tid);
if ($thread['attachments'] > $attachs) {
$rand = get_random_string(16, 2);
$tpl->assign('attach', find_access($thread['attachfiles']));
$tpl->assign('maxsize', $thread['attachmaxsize']);
$tpl->assign('rand', $rand);
$tpl->assign('sid', session_name() . '=' . session_id());
$tpl->assign('maxuploads', $thread['attachments'] - $attachs);
$tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'] - $attachs, goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO));
$_SESSION['forum']['attach'][$bid] = $rand;
}
}
$tpl->assign('quote', true);
$tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html');
$content = ob_get_contents();
ob_end_clean();
main_content(FORUM_POST_EDIT, $content, '', 1);
} else {
if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_forum_comments SET postname = \'%s\', comment = \'%s\', edits =edits +1, editdatum = %d, edituserID = %d WHERE comID = %d', strsave(htmlspecialchars(@$_POST['username'])), strsave(comment_save($_POST['comment'])), time(), @(int) $_SESSION['userID'], $id))) {
if (find_access($thread['attachfiles'])) {
if (UPLOAD_METHOD == 'old') {
$maxattach = $thread['attachments'] - $db->result(DB_PRE . 'ecp_forum_attachments', 'COUNT(attachID)', 'bID = ' . $bid . ' AND mID = ' . $id);
foreach ($_FILES as $key => $value) {
if ($_FILES[$key] == '' or $maxattach <= 0 or $_FILES[$key]['size'] > $thread['attachmaxsize']) {
continue;
}
$mine = getMimeType($_FILES[$key]['tmp_name'], $_FILES[$key]['name']);
if ($mine == 'application/zip' or $mine == 'application/x-rar-compressed' or $mine == 'image/bmp' or $mine == 'image/gif' or $mine == 'image/jpeg' or $mine == 'image/png' or $mine == 'application/pdf' or $mine == 'text/plain' or $mine == 'text/css' or $mine == 'text/html') {
$sha1 = sha1_file($_FILES[$key]['tmp_name']);
if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_forum_attachments (`bID`, `userID`, `name`, `size`, `strname`, uploadzeit, IP, tID, mID) VALUES (%d, %d, \'%s\', %d, \'%s\', %d, \'%s\', %d, %d)', $bid, @(int) $_SESSION['userID'], strsave($_FILES[$key]['name']), (int) $_FILES[$key]['size'], $sha1, time(), $_SERVER['REMOTE_ADDR'], $tid, $id))) {
move_uploaded_file($_FILES[$key]['tmp_name'], 'uploads/forum/' . $db->last_id() . '_' . $sha1);
umask(0);
chmod('uploads/forum/' . $db->last_id() . '_' . $sha1, CHMOD);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET anhaenge = 1 WHERE threadID = ' . $tid);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_comments SET attachs = 1 WHERE comID = ' . $id);
}
$maxattach--;
}
}
} else {
$db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_forum_attachments SET `tID` = %d, `mID` = %d WHERE validation = \'%s\' AND bID = %d', $id, $comid, strsave($_GET['rand']), $bid));
if ($db->affekt_rows()) {
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET anhaenge = 1 WHERE threadID = ' . $id);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_comments SET attachs = 1 WHERE comID = ' . $comid);
}
}
}
if ($db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND adatum < ' . $thread['adatum'] . ' ORDER BY adatum ASC') == 0) {
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET threadname = \'' . strsave(htmlspecialchars($_POST['title'])) . '\', vonname = \'' . strsave(htmlspecialchars(@$_POST['username'])) . '\' WHERE threadID = ' . $tid);
}
$last = $db->fetch_assoc('SELECT userID,postname,adatum, tID FROM ' . DB_PRE . 'ecp_forum_comments WHERE boardID = ' . $bid . ' ORDER BY adatum DESC LIMIT 1');
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_boards SET `lastpostuserID` = ' . (int) $last['userID'] . ', `lastpostuser` = \'' . $last['postname'] . '\', `lastpost` = ' . (int) $last['adatum'] . ', lastthreadID = ' . (int) $last['tID'] . ' WHERE (boardID = ' . $bid . ' OR boardID = ' . $thread['boardparentID'] . ')');
$last = $db->fetch_assoc('SELECT userID,postname,adatum FROM ' . DB_PRE . 'ecp_forum_comments WHERE tID = ' . $tid . ' ORDER BY adatum DESC LIMIT 1');
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET `lastuserID` = ' . $last['userID'] . ', `lastusername` = \'' . $last['postname'] . '\', `lastreplay` = ' . $last['adatum'] . ' WHERE threadID = ' . $tid);
unset($_SESSION['forum']['attach'][$bid]);
$anzahl = $db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND boardID =' . $bid . ' AND adatum < ' . $thread['adatum']);
header1('?section=forum&action=thread&boardID=' . $bid . '&threadID=' . $tid . '&page=' . (ceil(($anzahl - 1) / LIMIT_FORUM_COMMENTS) + 1) . '#com_' . $id);
}
}
} else {
$tpl = new smarty();
$tpl->assign('comment', htmlspecialchars($thread['comment']));
$tpl->assign('func', 'edit');
$tpl->assign('func2', '&comID=' . $id);
if ($db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND adatum < ' . $thread['adatum'] . ' ORDER BY adatum ASC') == 0) {
$tpl->assign('title', $thread['threadname']);
}
if ($thread['userID'] == 0) {
$tpl->assign('username', $thread['postname']);
}
ob_start();
if ($thread['attachments'] and $thread['attachmaxsize']) {
$attachs = $db->result(DB_PRE . 'ecp_forum_attachments', 'COUNT(attachID)', 'mID = ' . $id . ' AND tID = ' . $tid);
if ($thread['attachments'] > $attachs) {
$rand = get_random_string(16, 2);
$tpl->assign('attach', find_access($thread['attachfiles']));
$tpl->assign('maxsize', $thread['attachmaxsize']);
$tpl->assign('rand', $rand);
$tpl->assign('sid', session_name() . '=' . session_id());
$tpl->assign('maxuploads', $thread['attachments'] - $attachs);
$tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'] - $attachs, goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO));
$_SESSION['forum']['attach'][$bid] = $rand;
}
}
$tpl->assign('quote', true);
$tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html');
$content = ob_get_contents();
ob_end_clean();
main_content(FORUM_POST_EDIT, $content, '', 1);
}
} else {
table(ERROR, ACCESS_DENIED);
}
}
function gallery_viewpic($id)
{
global $db;
$image = $db->fetch_assoc('SELECT gID, katename, b.access as kateacces, a.access as access, name, images, cID, folder, filename, uploaded, c.beschreibung, klicks, c.userID, username FROM ' . DB_PRE . 'ecp_gallery_images AS c LEFT JOIN ' . DB_PRE . 'ecp_gallery as a ON (gID = galleryID) LEFT JOIN ' . DB_PRE . 'ecp_user ON ID=c.userID LEFT JOIN ' . DB_PRE . 'ecp_gallery_kate as b ON (cID = kateID) WHERE imageID = ' . $id);
if (isset($image['uploaded']) and find_access($image['access']) and find_access($image['kateacces'])) {
if (!isset($_SESSION['gallery'][$id])) {
$db->query('UPDATE ' . DB_PRE . 'ecp_gallery_images SET klicks=klicks+1 WHERE imageID = ' . $id);
$_SESSION['gallery'][$id] = true;
}
$tpl = new smarty();
$image['uploaded'] = date(LONG_DATE, $image['uploaded']);
$tpl->assign('pfad', '<a href="?section=gallery">' . GALLERY . '</a> <img src="templates/' . DESIGN . '/images/pfeil_o.gif" alt="" /> <a href="?section=gallery&action=kate&id=' . $image['cID'] . '">' . $image['katename'] . '</a> <img src="templates/' . DESIGN . '/images/pfeil_o.gif" alt="" /> <a href="?section=gallery&action=gallery&id=' . $image['gID'] . '">' . $image['name'] . '</a>');
$tpl->assign('vorID', @$db->result(DB_PRE . 'ecp_gallery_images', 'imageID', 'gID = ' . $image['gID'] . ' AND imageID < ' . $id . ' ORDER BY imageID DESC LIMIT 1'));
$tpl->assign('nachID', @$db->result(DB_PRE . 'ecp_gallery_images', 'imageID', 'gID = ' . $image['gID'] . ' AND imageID > ' . $id . ' ORDER BY imageID ASC LIMIT 1'));
foreach ($image as $key => $value) {
$tpl->assign($key, $value);
}
ob_start();
$tpl->display(DESIGN . '/tpl/gallery/view_pic.html');
$content = ob_get_contents();
ob_end_clean();
main_content(GALLERY, '<div id="display_pic">' . $content . '</div>', '', 1);
} else {
table(ERROR, NO_ENTRIES_ID);
}
}
if ($db->query('DELETE FROM ' . DB_PRE . 'ecp_forum_abo WHERE thID = ' . (int) $_GET['id'] . ' AND userID = ' . $_SESSION['userID'])) {
echo 0;
}
} else {
if ($db->query('INSERT INTO ' . DB_PRE . 'ecp_forum_abo (`thID`, `boID`, `userID`) VALUES (' . (int) $_GET['id'] . ', ' . $array['bID'] . ', ' . $_SESSION['userID'] . ')')) {
echo 1;
}
}
} else {
echo htmlentities(ACCESS_DENIED);
}
break;
case 'thread_vote':
$thread = $db->fetch_assoc('SELECT `threadID`, `bID`, a.isforum, a.closed as forumclosed,
a.rightsread, b.rightsread as parentRead FROM ' . DB_PRE . 'ecp_forum_threads LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (bID = a.boardID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (b.boardID = a.boardparentID) WHERE threadID = ' . (int) $_GET['id']);
if (find_access($thread['rightsread']) and find_access($thread['parentRead']) and $thread['isforum'] and isset($_SESSION['userID'])) {
if ($db->result(DB_PRE . 'ecp_forum_ratings', 'COUNT(rateID)', 'userID = ' . $_SESSION['userID'] . ' AND tID = ' . (int) $_GET['id'])) {
echo html_ajax_convert(FORUM_RATING_ALLREADY);
} else {
if ((int) $_GET['wert'] < 1 or (int) $_GET['wert'] > 5) {
echo html_ajax_convert(FORUM_RATING_WRONG);
} else {
if ($db->query('INSERT INTO ' . DB_PRE . 'ecp_forum_ratings (`userID`, `tID`, `bID`, `wert`) VALUES (' . $_SESSION['userID'] . ', ' . (int) $_GET['id'] . ', ' . $thread['bID'] . ', ' . (int) $_GET['wert'] . ')')) {
$array = $db->fetch_assoc('SELECT COUNT(rateID) as anzahl, AVG(wert) as mittel FROM ' . DB_PRE . 'ecp_forum_ratings WHERE tID = ' . (int) $_GET['id']);
echo get_forum_rating($array['mittel']);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET rating = ' . $array['mittel'] . ', ratingvotes = ' . $array['anzahl'] . ' WHERE threadID = ' . (int) $_GET['id']);
}
}
}
} else {
echo html_ajax_convert(NO_ACCESS_RIGHTS);