$color = $_POST["color"]; if ($color == 0 || get_hl_color($color)) { sql_query("UPDATE topics SET hlcolor=" . sqlesc($color) . " WHERE id=" . sqlesc($topicid)) or sqlerr(__FILE__, __LINE__); } $forumid = get_single_value("topics", "forumid", "WHERE id=" . sqlesc($topicid)); $forum_last_replied_topic_row = $Cache->get_value('forum_' . $forumid . '_last_replied_topic_content'); if ($forum_last_replied_topic_row && $forum_last_replied_topic_row['id'] == $topicid) { $Cache->delete_value('forum_' . $forumid . '_last_replied_topic_content'); } header("Location: {$_POST['returnto']}"); die; } //-------- Action: Set sticky on/off if ($action == "setsticky") { $topicid = 0 + $_POST["topicid"]; $ismod = is_forum_moderator($topicid, 'topic'); if (!topicid || get_user_class() < $postmanage_class && !$ismod) { permissiondenied(); } $sticky = sqlesc($_POST["sticky"]); sql_query("UPDATE topics SET sticky={$sticky} WHERE id={$topicid}") or sqlerr(__FILE__, __LINE__); header("Location: {$_POST['returnto']}"); die; } //-------- Action: View forum if ($action == "viewforum") { $forumid = 0 + $_GET["forumid"]; int_check($forumid, true); $userid = 0 + $CURUSER["id"]; //------ Get forum name, moderators $row = get_forum_row($forumid);
function insert_compose_frame($id, $type = 'new') { global $maxsubjectlength, $CURUSER; global $lang_forums; $hassubject = false; $hasmodechoose = false; $subject = ""; $body = ""; print "<form id=\"compose\" method=\"post\" name=\"compose\" action=\"?action=post\">\n"; switch ($type) { case 'new': $forumname = get_single_value("forums", "name", "WHERE id=" . sqlesc($id)); $forummode = get_single_value("forums", "casinomode", "WHERE id=" . sqlesc($id)); $forummodeclass = get_single_value("forums", "casinoclass", "WHERE id=" . sqlesc($id)); $title = $lang_forums['text_new_topic_in'] . " <a href=\"" . htmlspecialchars("?action=viewforum&forumid=" . $id) . "\">" . htmlspecialchars($forumname) . "</a> " . $lang_forums['text_forum']; $hassubject = true; if ($forummode && (get_user_class() >= $forummodeclass || is_forum_moderator($id, 'forum'))) { $hasmodechoose = true; } break; case 'reply': $topicname = get_single_value("topics", "subject", "WHERE id=" . sqlesc($id)); $title = $lang_forums['text_reply_to_topic'] . " <a href=\"" . htmlspecialchars("?action=viewtopic&topicid=" . $id) . "\">" . htmlspecialchars($topicname) . "</a> "; break; case 'quote': $topicid = get_single_value("posts", "topicid", "WHERE id=" . sqlesc($id)); $topicmode = get_single_value("topics", "casinomode", "WHERE id=" . sqlesc($topicid)) == "yes"; $topicname = get_single_value("topics", "subject", "WHERE id=" . sqlesc($topicid)); $title = $lang_forums['text_reply_to_topic'] . " <a href=\"" . htmlspecialchars("?action=viewtopic&topicid=" . $topicid) . "\">" . htmlspecialchars($topicname) . "</a> "; $res = sql_query("SELECT posts.body, users.username FROM posts LEFT JOIN users ON posts.userid = users.id WHERE posts.id={$id}") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) != 1) { stderr($lang_forums['std_error'], $lang_forums['std_no_post_id']); } $arr = mysql_fetch_assoc($res); if (!$topicmode) { $body = "[quote=" . htmlspecialchars($arr["username"]) . "]" . htmlspecialchars(unesc($arr["body"])) . "[/quote]"; } else { $body = "[quote=" . htmlspecialchars($arr["username"]) . "]" . "[/quote]"; } $id = $topicid; $type = 'reply'; break; case 'edit': $res = sql_query("SELECT topicid, body FROM posts WHERE id=" . sqlesc($id) . " LIMIT 1") or sqlerr(__FILE__, __LINE__); $row = mysql_fetch_array($res); $topicid = $row['topicid']; $firstpost = get_single_value("posts", "MIN(id)", "WHERE topicid=" . sqlesc($topicid)); if ($firstpost == $id) { $subject = get_single_value("topics", "subject", "WHERE id=" . sqlesc($topicid)); $hassubject = true; $forumid = get_single_value("topics", "forumid", "WHERE id=" . sqlesc($topicid)); $forummode = get_single_value("forums", "casinomode", "WHERE id=" . sqlesc($forumid)); $forummodeclass = get_single_value("forums", "casinoclass", "WHERE id=" . sqlesc($forumid)); if ($forummode && (get_user_class() >= $forummodeclass || is_forum_moderator($forumid, 'forum'))) { $hasmodechoose = true; } } $body = htmlspecialchars(unesc($row["body"])); $title = $lang_forums['text_edit_post']; break; default: die; } print "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\" />"; print "<input type=\"hidden\" name=\"type\" value=\"" . $type . "\" />"; begin_compose($title, $type, $body, $hassubject, $subject, 100, $hasmodechoose); end_compose(); print "</form>"; }
function is_forum_moderator($id, $in = 'post') { global $CURUSER; switch ($in) { case 'post': $res = sql_query("SELECT topicid FROM posts WHERE id={$id}") or sqlerr(__FILE__, __LINE__); if ($arr = mysql_fetch_array($res)) { if (is_forum_moderator($arr['topicid'], 'topic')) { return true; } } return false; break; case 'topic': $modcount = sql_query("SELECT COUNT(forummods.userid) FROM forummods LEFT JOIN topics ON forummods.forumid = topics.forumid WHERE topics.id={$id} AND forummods.userid=" . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_array($modcount); if ($arr[0]) { return true; } else { return false; } break; case 'forum': $modcount = get_row_count("forummods", "WHERE forumid={$id} AND userid=" . sqlesc($CURUSER['id'])); if ($modcount) { return true; } else { return false; } break; default: return false; } }