function showcomments_avatar($ctype, $cdb, $ccol, $cid, $clink, $seo_root_link = "", $a = "-", $seo_catid = "", $b = "-page-", $rowstart = "", $c = "-", $seo_subject = "") { // Pimped global $settings, $locale, $userdata, $aidlink; if (URL_REWRITE && $seo_root_link != "") { $seo_link = $seo_root_link . $a . $seo_catid . $c . clean_subject_urlrewrite($seo_subject) . ".html"; } // Pimped $link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : ""); $link = preg_replace("^(&|\\?)c_action=(edit|delete)&comment_id=\\d*^", "", $link); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . (int) $_GET['comment_id'] . "' AND comment_name='" . (int) $userdata['user_id'] . "'")) { $result = dbquery("DELETE FROM " . DB_COMMENTS . " WHERE comment_id='" . (int) $_GET['comment_id'] . "'" . (iMODERATOR || iADMIN ? "" : " AND comment_name='" . (int) $userdata['user_id'] . "'")); } redirect($clink); } if ($settings['comments_enabled'] == "1") { if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) { if (iMEMBER) { $comment_name = $userdata['user_id']; } elseif ($settings['guestposts'] == "1") { $comment_name = trim(stripinput($_POST['comment_name'])); $comment_name = preg_replace("(^[0-9]*)", "", $comment_name); if (isnum($comment_name)) { $comment_name = ""; } include_once INCLUDES . "securimage/securimage.php"; $securimage = new Securimage(); if (!isset($_POST['com_captcha_code']) || $securimage->check($_POST['com_captcha_code']) == false) { redirect($link); } } $comment_message = trim(stripinput(censorwords($_POST['comment_message']))); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $comment_updated = false; if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . (int) $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "' AND comment_name='" . (int) $userdata['user_id'] . "' AND comment_hidden='0'")) { if ($comment_message) { $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message=" . _db($comment_message) . " WHERE comment_id='" . (int) $_GET['comment_id'] . "'" . (iMODERATOR || iADMIN ? "" : " AND comment_name='" . (int) $userdata['user_id'] . "'")); $comment_updated = true; } } if ($comment_updated) { $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_id<='" . (int) $_GET['comment_id'] . "' AND comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . "") / 10) - 1) * 10; } redirect($clink . "&c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : "")); } else { if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) { redirect(BASEDIR . "index.php"); } if ($comment_name && $comment_message) { require_once INCLUDES . "flood_include.php"; if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) { $result = dbquery("INSERT INTO " . DB_COMMENTS . " (comment_item_id, comment_type, comment_name, comment_message, comment_datestamp, comment_ip, comment_hidden) VALUES (" . _db($cid) . ", " . _db($ctype) . ", " . _db($comment_name) . ", " . _db($comment_message) . ", '" . time() . "', '" . USER_IP . "', '0')"); } } $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . (int) $cid . "' AND comment_type=" . _db($ctype) . "") / 10) - 1) * 10; redirect($clink . "&c_start=" . $c_start); } } opentable($locale['c100']); echo "<a id='comments' name='comments'></a>"; $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . " AND comment_hidden='0'"); if (!isset($_GET['c_start']) && $c_rows > 10) { $_GET['c_start'] = (ceil($c_rows / 10) - 1) * 10; } if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) { $_GET['c_start'] = 0; } $result = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_datestamp, tcm.comment_message,\r\n\t\t\ttcu.user_name, tcu.user_avatar, tcu.user_id, tcu.user_level, tcu.user_status\r\n\t\t\tFROM " . DB_COMMENTS . " tcm\r\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\tWHERE comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . " AND comment_hidden='0'\r\n\t\t\tORDER BY comment_datestamp ASC LIMIT " . (int) $_GET['c_start'] . ",10"); if (dbrows($result)) { $i = $_GET['c_start'] + 1; if ($c_rows > 10) { echo "<div style='text-align:center;margin-bottom:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&", $seo_root_link, $a, $seo_catid, $b, $rowstart, "-cstart-", $c, $seo_subject) . "</div>\n"; } echo "<table cellpadding='0' cellspacing='1' width='100%' class='tbl-border'>\n"; while ($data = dbarray($result)) { echo "<tr><td class='tbl2' width='10%' align='center'>\n"; if ($data['user_name']) { echo "<span class='comment-name'>" . profile_link($data['comment_name'], $data['user_name'], $data['user_status']) . "</span>\n"; } else { echo "<span class='comment-name'>" . $data['comment_name'] . "</span>\n"; } echo "</td>\n"; echo "<td class='tbl2'>\n<span class='small'>" . $locale['global_071'] . showdate("longdate", $data['comment_datestamp']) . "</span>\n"; echo "<div style='float:right' class='comment_actions'>"; if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) { echo "<!--comment_actions-->\n<a href='" . FUSION_SELF . "?" . FUSION_QUERY . "&c_action=edit&comment_id=" . $data['comment_id'] . "#edit_comment'>" . $locale['c108'] . "</a> |\n"; echo "<a href='" . FUSION_SELF . "?" . FUSION_QUERY . "&c_action=delete&comment_id=" . $data['comment_id'] . "'>" . $locale['c109'] . "</a> |\n"; } echo "<a href='" . FUSION_REQUEST . "#c" . $data['comment_id'] . "' id='c" . $data['comment_id'] . "' name='c" . $data['comment_id'] . "'>#" . $i . "</a></div>\n"; echo "</td>\n"; echo "</tr>\n<tr>\n"; $avatar = $data['user_avatar'] != "" && file_exists(IMAGES_AVA . $data['user_avatar']) ? IMAGES_AVA . $data['user_avatar'] : IMAGES_AVA . "noavatar.jpg"; echo "<td class='tbl1' width='15%'>\n"; echo "<div style='text-align:center;'><img src='" . $avatar . "' width='50' height='50' alt='' /></div><br />\n"; if ($settings['warning_system_comments'] && $data['user_name']) { $points = show_warning_points($data['user_id']); echo "<div class='commentswarnings'>"; echo "<span class='small'><a style='cursor:help;' onclick=\"warning_info();\">" . $locale['WARN200'] . "</a></span> "; echo warning_profile_link("1", $data['user_id'], $points); echo "</div>"; } echo "<span class='small2'>" . $locale['c110'] . number_format(dbcount("(comment_id)", DB_COMMENTS, "comment_name='" . (int) $data['user_id'] . "'")) . "<br />"; echo $locale['c111'] . getuserlevel($data['user_level']) . "</span><br />"; echo "</td>\n"; echo "<td class='tbl2' valign='top'>\n" . nl2br(parseubb(parsesmileys($data['comment_message']))) . "</td>\n</tr>"; $i++; } echo "\n</table>\n"; if ((iMODERATOR || iADMIN) && checkrights("C")) { echo "<div align='right' class='tbl2'><a href='" . ADMIN . "comments.php" . $aidlink . "&ctype={$ctype}&cid={$cid}'>" . $locale['c106'] . "</a></div>\n"; } if ($c_rows > 10) { echo "<br /><div style='text-align:center;margin-top:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&", $seo_root_link, $a, $seo_catid, $b, $rowstart, "-cstart-", $c, $seo_subject) . "</div>\n"; } } else { echo $locale['c101'] . "\n"; } closetable(); opentable($locale['c102']); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $eresult = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcu.user_name FROM " . DB_COMMENTS . " tcm\r\n\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\t\tWHERE comment_id='" . (int) $_GET['comment_id'] . "' AND comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . " AND comment_hidden='0'"); if (dbrows($eresult)) { $edata = dbarray($eresult); if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) { $clink .= "&c_action=edit&comment_id=" . $edata['comment_id']; $comment_message = $edata['comment_message']; } } else { $comment_message = ""; } } else { $comment_message = ""; } if (iMEMBER || $settings['guestposts'] == "1") { require_once INCLUDES . "bbcode_include.php"; echo "<a id='edit_comment' name='edit_comment'></a>\n"; echo "<form name='inputform' method='post' action='" . (URL_REWRITE && $seo_root_link != "" ? $seo_link : $clink) . "'>\n"; // Pimped if (iGUEST) { echo "<div align='center' class='tbl'>\n" . $locale['c104'] . "<br />\n"; echo "<input type='text' name='comment_name' maxlength='30' class='textbox' style='width:360px' />\n"; echo "</div>\n"; } echo "<div align='center' class='tbl'>\n"; echo "<textarea name='comment_message' cols='70' rows='6' class='textbox' style='width:360px'>" . $comment_message . "</textarea><br />\n"; echo display_bbcodes("360px", "comment_message"); if (iGUEST) { echo $locale['global_158'] . "<br />\n"; echo "<img id='com_captcha' src='" . INCLUDES . "securimage/securimage_show.php' alt='' /><br />\n"; echo "<a href='" . INCLUDES . "securimage/securimage_play.php'><img src='" . INCLUDES . "securimage/images/audio_icon.gif' alt='' class='tbl-border' style='margin-bottom:1px' /></a>\n"; echo "<a href='#' onclick=\"document.getElementById('com_captcha').src = '" . INCLUDES . "securimage/securimage_show.php?sid=' + Math.random(); return false\"><img src='" . INCLUDES . "securimage/images/refresh.gif' alt='' class='tbl-border' /></a><br />\n"; echo $locale['global_159'] . "<br />\n<input type='text' name='com_captcha_code' class='textbox' style='width:100px' />\n"; } echo "<br />\n<input type='submit' name='post_comment' value='" . ($comment_message ? $locale['c103'] : $locale['c102']) . "' class='button' />\n"; echo "</div>\n</form>\n"; } else { echo $locale['c105'] . "\n"; } closetable(); } }
if (!isset($_GET['rowstart']) || !isnum($_GET['rowstart'])) { $_GET['rowstart'] = 0; } $result = dbquery("SELECT fp.post_message, fp.post_datestamp, fp.post_edittime, fp.post_author, fp.post_edituser,\n fu.user_name AS user_name, fu.user_status AS user_status, fe.user_name AS edit_name, fe.user_status AS edit_status,\n ft.thread_subject, ff.forum_access\n FROM " . DB_FORUM_THREADS . " ft\n INNER JOIN " . DB_FORUM_POSTS . " fp ON ft.thread_id = fp.thread_id\n INNER JOIN " . DB_FORUMS . " ff ON ff.forum_id = ft.forum_id\n INNER JOIN " . DB_USERS . " fu ON fu.user_id = fp.post_author\n LEFT JOIN " . DB_USERS . " fe ON fe.user_id = fp.post_edituser\n WHERE ft.thread_id=" . $_GET['item_id'] . "\n ORDER BY fp.post_datestamp\n LIMIT " . $_GET['rowstart'] . ",{$posts_per_page}"); $res = FALSE; $i = 0; if (dbrows($result)) { while ($data = dbarray($result)) { if (checkgroup($data['forum_access'])) { $res = TRUE; if ($i == 0) { echo $locale['500'] . " <strong>" . $settings['sitename'] . " :: " . $data['thread_subject'] . "</strong><hr /><br />\n"; } echo "<div style='margin-left:20px'>\n"; echo "<div style='float:left'>" . $locale['501'] . profile_link($data['post_author'], $data['user_name'], $data['user_status']) . $locale['502'] . showdate("forumdate", $data['post_datestamp']) . "</div><div style='float:right'>#" . ($i + 1) . "</div><div style='float:none;clear:both'></div><hr />\n"; echo nl2br(parseubb(parsesmileys($data['post_message']))); if ($data['edit_name'] != '') { echo "<div style='margin-left:20px'>\n<hr />\n"; echo $locale['503'] . profile_link($data['post_edituser'], $data['edit_name'], $data['edit_status']) . $locale['502'] . showdate("forumdate", $data['post_edittime']); echo "</div>\n"; } echo "</div>\n"; echo "<br />\n"; $i++; } } } if (!$res) { redirect($settings['opening_page']); } }
echo "<div style='float:right'><input type='checkbox' name='delete_post[]' value='" . $data['post_id'] . "' /></div>\n"; } echo nl2br(parseubb($message)); echo "<!--sub_forum_post_message-->"; if ($data['attach_id']) { if (in_array($data['attach_ext'], $imagetypes) && @getimagesize(FORUM . "attachments/" . $data['attach_name'])) { echo "\n<hr />\n" . $data['user_name'] . $locale['506'] . "<br /><br />\n" . display_image($data['attach_name']) . "<br />[" . parsebytesize(filesize(FORUM . "attachments/" . $data['attach_name'])) . "]\n"; } else { echo "\n<hr />\n" . $data['user_name'] . $locale['507'] . "<br />\n<a href='" . FUSION_SELF . "?thread_id=" . $_GET['thread_id'] . "&getfile=" . $data['post_id'] . "'>" . $data['attach_name'] . "</a>"; } } if ($data['post_edittime'] != "0") { echo "\n<hr />\n" . $locale['508'] . "<a href='../profile.php?lookup=" . $data['post_edituser'] . "'>" . $data['edit_name'] . "</a>" . $locale['509'] . showdate("forumdate", $data['post_edittime']); } if ($data['post_showsig'] && array_key_exists("user_sig", $data) && $data['user_sig']) { echo "\n<hr />" . nl2br(parseubb(parsesmileys($data['user_sig']), "b|i|u||center|small|url|mail|img|color")); } echo "<!--sub_forum_post--></td>\n</tr>\n"; echo "<tr>\n<td class='tbl2' style='width:140px;white-space:nowrap'>"; if ($settings['forum_ips'] && iMEMBER || iMOD) { echo "<strong>" . $locale['571'] . "</strong>: " . $data['post_ip']; } else { echo " "; } echo "</td>\n<td class='tbl2 forum_thread_userbar'>\n<div style='float:left;white-space:nowrap' class='small'><!--forum_thread_userbar-->\n"; if (array_key_exists("user_web", $data) && $data['user_web']) { if (!strstr($data['user_web'], "http://")) { $urlprefix = "http://"; } else { $urlprefix = ""; }
public function render_reply_form() { global $locale, $userdata, $forum_settings, $defender; $thread_data = $this->thread_info['thread']; if ((!iMOD or !iSUPERADMIN) && $thread_data['thread_locked']) { redirect(INFUSIONS . 'forum/index.php'); } if ($this->getThreadPermission("can_reply")) { add_to_title($locale['global_201'] . $locale['forum_0503']); add_breadcrumb(array('link' => '', 'title' => $locale['forum_0503'])); // field data $post_data = array('post_id' => 0, 'forum_id' => $this->thread_info['thread']['forum_id'], 'thread_id' => $this->thread_info['thread']['thread_id'], 'post_message' => isset($_POST['post_message']) ? form_sanitizer($_POST['post_message'], '', 'post_message') : '', 'post_showsig' => isset($_POST['post_showsig']) ? 1 : 0, 'post_smileys' => isset($_POST['post_smileys']) || isset($_POST['post_message']) && preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $_POST['post_message']) ? 1 : 0, 'post_author' => $userdata['user_id'], 'post_datestamp' => time(), 'post_ip' => USER_IP, 'post_ip_type' => USER_IP_TYPE, 'post_edituser' => 0, 'post_edittime' => 0, 'post_editreason' => '', 'post_hidden' => 0, 'notify_me' => 0, 'post_locked' => $forum_settings['forum_edit_lock'] || isset($_POST['post_locked']) ? 1 : 0); // execute form post actions if (isset($_POST['post_reply'])) { require_once INCLUDES . "flood_include.php"; // all data is sanitized here. if (!flood_control("post_datestamp", DB_FORUM_POSTS, "post_author='" . $userdata['user_id'] . "'")) { // have notice $update_forum_lastpost = FALSE; if ($defender->safe()) { // Prepare forum merging action $last_post_author = dbarray(dbquery("SELECT post_author FROM " . DB_FORUM_POSTS . " WHERE thread_id='" . $thread_data['thread_id'] . "' ORDER BY post_id DESC LIMIT 1")); if ($last_post_author['post_author'] == $post_data['post_author'] && $thread_data['forum_merge']) { $last_message = dbarray(dbquery("SELECT post_id, post_message FROM " . DB_FORUM_POSTS . " WHERE thread_id='" . $thread_data['thread_id'] . "' ORDER BY post_id DESC")); $post_data['post_id'] = $last_message['post_id']; $post_data['post_message'] = $last_message['post_message'] . "\n\n" . $locale['forum_0640'] . " " . showdate("longdate", time()) . ":\n" . $post_data['post_message']; dbquery_insert(DB_FORUM_POSTS, $post_data, 'update', array('primary_key' => 'post_id', 'keep_session' => TRUE)); } else { $update_forum_lastpost = TRUE; dbquery_insert(DB_FORUM_POSTS, $post_data, 'save', array('primary_key' => 'post_id', 'keep_session' => TRUE)); $post_data['post_id'] = dblastid(); if (!defined("FUSION_NULL")) { dbquery("UPDATE " . DB_USERS . " SET user_posts=user_posts+1 WHERE user_id='" . $post_data['post_author'] . "'"); } } // Attach files if permitted if (!empty($_FILES) && is_uploaded_file($_FILES['file_attachments']['tmp_name'][0]) && $this->getThreadPermission("can_upload_attach")) { $upload = form_sanitizer($_FILES['file_attachments'], '', 'file_attachments'); if ($upload['error'] == 0) { foreach ($upload['target_file'] as $arr => $file_name) { $adata = array('thread_id' => $thread_data['thread_id'], 'post_id' => $post_data['post_id'], 'attach_name' => $file_name, 'attach_mime' => $upload['type'][$arr], 'attach_size' => $upload['source_size'][$arr], 'attach_count' => 0); dbquery_insert(DB_FORUM_ATTACHMENTS, $adata, "save", array('keep_session' => TRUE)); } } } // Update stats in forum and threads if ($update_forum_lastpost == TRUE) { // find all parents and update them $list_of_forums = get_all_parent(dbquery_tree(DB_FORUMS, 'forum_id', 'forum_cat'), $thread_data['forum_id']); foreach ($list_of_forums as $fid) { dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . time() . "', forum_postcount=forum_postcount+1, forum_lastpostid='" . $post_data['post_id'] . "', forum_lastuser='******'post_author'] . "' WHERE forum_id='" . $fid . "'"); } // update current forum dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . time() . "', forum_postcount=forum_postcount+1, forum_lastpostid='" . $post_data['post_id'] . "', forum_lastuser='******'post_author'] . "' WHERE forum_id='" . $thread_data['forum_id'] . "'"); // update current thread dbquery("UPDATE " . DB_FORUM_THREADS . " SET thread_lastpost='" . time() . "', thread_lastpostid='" . $post_data['post_id'] . "', thread_postcount=thread_postcount+1, thread_lastuser='******'post_author'] . "' WHERE thread_id='" . $thread_data['thread_id'] . "'"); } if ($forum_settings['thread_notify'] && isset($_POST['notify_me'])) { if (!dbcount("(thread_id)", DB_FORUM_THREAD_NOTIFY, "thread_id='" . $thread_data['thread_id'] . "' AND notify_user='******'post_author'] . "'")) { dbquery("INSERT INTO " . DB_FORUM_THREAD_NOTIFY . " (thread_id, notify_datestamp, notify_user, notify_status) VALUES('" . $thread_data['thread_id'] . "', '" . time() . "', '" . $post_data['post_author'] . "', '1')"); } } if ($defender->safe()) { redirect(INFUSIONS . "forum/postify.php?post=reply&error=0&forum_id=" . intval($post_data['forum_id']) . "&thread_id=" . intval($post_data['thread_id']) . "&post_id=" . intval($post_data['post_id'])); } } } } // template data $form_action = INFUSIONS . "forum/viewthread.php?action=reply&forum_id=" . $thread_data['forum_id'] . "&thread_id=" . $thread_data['thread_id']; // Quote Get if (isset($_GET['quote']) && isnum($_GET['quote'])) { $quote_result = dbquery("SELECT a.post_message, b.user_name\n\t\t\t\t\t\t\t\t\t\tFROM " . DB_FORUM_POSTS . " a\n\t\t\t\t\t\t\t\t\t\tINNER JOIN " . DB_USERS . " b ON a.post_author=b.user_id\n\t\t\t\t\t\t\t\t\t\tWHERE thread_id='" . $thread_data['thread_id'] . "' and post_id='" . $_GET['quote'] . "'"); if (dbrows($quote_result) > 0) { $quote_data = dbarray($quote_result); // do not do this. to silently inject. $post_data['post_message'] = "[quote name=" . $quote_data['user_name'] . " post=" . $_GET['quote'] . "]@" . $quote_data['user_name'] . " - " . strip_bbcodes($quote_data['post_message']) . "[/quote]" . $post_data['post_message']; $form_action .= "&post_id=" . $_GET['post_id'] . "&quote=" . $_GET['quote']; } else { redirect(INFUSIONS . "forum/index.php"); } } $info = array('title' => $locale['forum_0503'], 'description' => $locale['forum_2000'] . $thread_data['thread_subject'], 'openform' => openform('input_form', 'post', $form_action, array('enctype' => $this->getThreadPermission("can_upload_attach") ? TRUE : FALSE, 'max_tokens' => 1)), 'closeform' => closeform(), 'forum_id_field' => form_hidden('forum_id', "", $post_data['forum_id']), 'thread_id_field' => form_hidden('thread_id', "", $post_data['thread_id']), "forum_field" => "", 'subject_field' => form_hidden('thread_subject', "", $thread_data['thread_subject']), 'message_field' => form_textarea('post_message', $locale['forum_0601'], $post_data['post_message'], array('required' => TRUE, 'error_text' => '', 'autosize' => TRUE, 'no_resize' => TRUE, 'preview' => TRUE, 'form_name' => 'input_form', 'bbcode' => TRUE)), 'delete_field' => '', 'edit_reason_field' => '', 'attachment_field' => $this->getThreadPermission("can_upload_attach") ? form_fileinput('file_attachments[]', $locale['forum_0557'], "", array('input_id' => 'file_attachments', 'upload_path' => INFUSIONS . 'forum/attachments/', 'type' => 'object', 'preview_off' => TRUE, "multiple" => TRUE, "inline" => false, 'max_count' => $forum_settings['forum_attachmax_count'], 'valid_ext' => $forum_settings['forum_attachtypes'], "class" => "m-b-0")) . "\n\t\t\t\t\t\t\t\t <div class='m-b-20'>\n<small>" . sprintf($locale['forum_0559'], parsebytesize($forum_settings['forum_attachmax']), str_replace('|', ', ', $forum_settings['forum_attachtypes']), $forum_settings['forum_attachmax_count']) . "</small>\n</div>\n" : "", "poll_form" => "", 'smileys_field' => form_checkbox('post_smileys', $locale['forum_0622'], $post_data['post_smileys'], array('class' => 'm-b-0')), 'signature_field' => array_key_exists("user_sig", $userdata) && $userdata['user_sig'] ? form_checkbox('post_showsig', $locale['forum_0623'], $post_data['post_showsig'], array('class' => 'm-b-0')) : '', 'sticky_field' => '', 'lock_field' => '', 'hide_edit_field' => '', 'post_locked_field' => '', 'notify_field' => $forum_settings['thread_notify'] ? form_checkbox('notify_me', $locale['forum_0626'], $post_data['notify_me'], array('class' => 'm-b-0')) : '', 'post_buttons' => form_button('post_reply', $locale['forum_0504'], $locale['forum_0504'], array('class' => 'btn-primary')) . form_button('cancel', $locale['cancel'], $locale['cancel'], array('class' => 'btn-default m-l-10')), 'last_posts_reply' => ''); // only in reply if ($forum_settings['forum_last_posts_reply']) { $result = dbquery("\n\t\t\t\tSELECT\n\t\t\t\tp.thread_id, p.post_message, p.post_smileys, p.post_author, p.post_datestamp, p.post_hidden,\n\t\t\t\t\t\t\tu.user_id, u.user_name, u.user_status, u.user_avatar\n\t\t\t\t\t\t\tFROM " . DB_FORUM_POSTS . " p\n\t\t\t\t\t\t\tLEFT JOIN " . DB_USERS . " u ON p.post_author = u.user_id\n\t\t\t\t\t\t\tWHERE p.thread_id='" . $thread_data['thread_id'] . "' AND p.post_hidden='0'\n\t\t\t\t\t\t\tGROUP BY p.post_id\n\t\t\t\t\t\t\tORDER BY p.post_datestamp DESC LIMIT 0," . $forum_settings['posts_per_page']); if (dbrows($result)) { $title = sprintf($locale['forum_0526'], $forum_settings['forum_last_posts_reply']); if ($forum_settings['forum_last_posts_reply'] == "1") { $title = $locale['forum_0525']; } ob_start(); echo "<p><strong>" . $title . "</strong>\n</p>\n"; echo "<table class='table table-responsive'>\n"; $i = $forum_settings['posts_per_page']; while ($data = dbarray($result)) { $message = $data['post_message']; if ($data['post_smileys']) { $message = parsesmileys($message); } $message = parseubb($message); echo "<tr>\n<td class='tbl2 forum_thread_user_name' style='width:10%'><!--forum_thread_user_name-->" . profile_link($data['user_id'], $data['user_name'], $data['user_status']) . "</td>\n"; echo "<td class='tbl2 forum_thread_post_date'>\n"; echo "<div style='float:right' class='small'>\n"; echo $i . ($i == $forum_settings['forum_last_posts_reply'] ? " (" . $locale['forum_0525'] . ")" : ""); echo "</div>\n"; echo "<div class='small'>" . $locale['forum_0524'] . showdate("forumdate", $data['post_datestamp']) . "</div>\n"; echo "</td>\n"; echo "</tr>\n<tr>\n<td valign='top' class='tbl2 forum_thread_user_info' style='width:10%'>\n"; echo display_avatar($data, '50px'); echo "</td>\n<td valign='top' class='tbl1 forum_thread_user_post'>\n"; echo nl2br($message); echo "</td>\n</tr>\n"; $i--; } echo "</table>\n"; $info['last_posts_reply'] = ob_get_contents(); ob_end_clean(); } } postform($info); } else { redirect(INFUSIONS . 'forum/index.php'); } }
// xss injection $result = dbquery("SELECT tn.thread_id FROM " . DB_FORUM_THREAD_NOTIFY . " tn\n INNER JOIN " . DB_FORUM_THREADS . " tt ON tn.thread_id = tt.thread_id\n INNER JOIN " . DB_FORUMS . " tf ON tt.forum_id = tf.forum_id\n WHERE tn.notify_user="******" AND " . groupaccess('forum_access') . " AND tt.thread_hidden='0'"); $rows = dbrows($result); if (!isset($_GET['rowstart']) or !isnum($_GET['rowstart']) or $_GET['rowstart'] > $rows) { $_GET['rowstart'] = 0; } $info['post_rows'] = $rows; if ($rows) { require_once INCLUDES . "mimetypes_include.php"; $info['page_nav'] = $rows > 10 ? makepagenav($_GET['rowstart'], 16, $rows, 3, FUSION_REQUEST, "rowstart") : ""; $result = dbquery("\n SELECT tf.forum_id, tf.forum_name, tf.forum_access, tf.forum_type, tf.forum_mods,\n tn.thread_id, tn.notify_datestamp, tn.notify_user,\n ttc.forum_id AS forum_cat_id, ttc.forum_name AS forum_cat_name,\n tp.post_datestamp, tp.post_message,\n tt.thread_subject, tt.forum_id, tt.thread_lastpost, tt.thread_lastpostid, tt.thread_lastuser, tt.thread_postcount, tt.thread_views, tt.thread_locked,\n tt.thread_author, tt.thread_poll, tt.thread_sticky,\n uc.user_id AS s_user_id, uc.user_name AS author_name, uc.user_status AS author_status, uc.user_avatar AS author_avatar,\n u.user_id, u.user_name as last_user_name, u.user_status as last_user_status, u.user_avatar as last_user_avatar,\n count(v.post_id) AS vote_count,\n count(a1.attach_mime) 'attach_image',\n\t\t\t\tcount(a2.attach_mime) 'attach_files'\n FROM " . DB_FORUM_THREAD_NOTIFY . " tn\n INNER JOIN " . DB_FORUM_THREADS . " tt ON tn.thread_id = tt.thread_id\n INNER JOIN " . DB_FORUMS . " tf ON tt.forum_id = tf.forum_id\n LEFT JOIN " . DB_FORUMS . " ttc ON ttc.forum_id = tf.forum_cat\n LEFT JOIN " . DB_USERS . " uc ON tt.thread_author = uc.user_id\n LEFT JOIN " . DB_USERS . " u ON tt.thread_lastuser = u.user_id\n LEFT JOIN " . DB_FORUM_POSTS . " tp ON tt.thread_id = tp.thread_id\n LEFT JOIN " . DB_FORUM_VOTES . " v ON v.thread_id = tt.thread_id AND tp.post_id = v.post_id\n LEFT JOIN " . DB_FORUM_ATTACHMENTS . " a1 on a1.thread_id = tt.thread_id AND a1.attach_mime IN ('" . implode(",", img_mimeTypes()) . "')\n\t\t\t\tLEFT JOIN " . DB_FORUM_ATTACHMENTS . " a2 on a2.thread_id = tt.thread_id AND a2.attach_mime NOT IN ('" . implode(",", img_mimeTypes()) . "')\n WHERE tn.notify_user="******" AND " . groupaccess('forum_access') . " AND tt.thread_hidden='0'\n GROUP BY tn.thread_id\n ORDER BY tn.notify_datestamp DESC\n LIMIT " . $_GET['rowstart'] . ",16\n "); $i = 0; while ($threads = dbarray($result)) { // opt for moderators. $this->forum_info['moderators'] = \PHPFusion\Forums\Moderator::parse_forum_mods($threads['forum_mods']); $icon = ""; $match_regex = $threads['thread_id'] . "\\|" . $threads['thread_lastpost'] . "\\|" . $threads['forum_id']; if ($threads['thread_lastpost'] > $this->forum_info['lastvisited']) { if (iMEMBER && ($threads['thread_lastuser'] == $userdata['user_id'] || preg_match("(^\\.{$match_regex}\$|\\.{$match_regex}\\.|\\.{$match_regex}\$)", $userdata['user_threads']))) { $icon = "<i class='" . get_forumIcons('thread') . "' title='" . $locale['forum_0261'] . "'></i>"; } else { $icon = "<i class='" . get_forumIcons('new') . "' title='" . $locale['forum_0260'] . "'></i>"; } } $author = array('user_id' => $threads['thread_author'], 'user_name' => $threads['author_name'], 'user_status' => $threads['author_status'], 'user_avatar' => $threads['author_avatar']); $lastuser = array('user_id' => $threads['thread_lastuser'], 'user_name' => $threads['last_user_name'], 'user_status' => $threads['last_user_status'], 'user_avatar' => $threads['last_user_avatar']); $threads += array("thread_link" => array("link" => INFUSIONS . "forum/viewthread.php?thread_id=" . $threads['thread_id'], "title" => $threads['thread_subject']), "forum_type" => $threads['forum_type'], "thread_pages" => makepagenav(0, $forum_settings['posts_per_page'], $threads['thread_postcount'], 3, FORUM . "viewthread.php?thread_id=" . $threads['thread_id'] . "&"), "thread_icons" => array('lock' => $threads['thread_locked'] ? "<i class='" . get_forumIcons('lock') . "' title='" . $locale['forum_0263'] . "'></i>" : '', 'sticky' => $threads['thread_sticky'] ? "<i class='" . get_forumIcons('sticky') . "' title='" . $locale['forum_0103'] . "'></i>" : '', 'poll' => $threads['thread_poll'] ? "<i class='" . get_forumIcons('poll') . "' title='" . $locale['forum_0314'] . "'></i>" : '', 'hot' => $threads['thread_postcount'] >= 20 ? "<i class='" . get_forumIcons('hot') . "' title='" . $locale['forum_0311'] . "'></i>" : '', 'reads' => $threads['thread_views'] >= 20 ? "<i class='" . get_forumIcons('reads') . "' title='" . $locale['forum_0311'] . "'></i>" : '', 'image' => $threads['attach_image'] > 0 ? "<i class='" . get_forumIcons('image') . "' title='" . $locale['forum_0313'] . "'></i>" : '', 'file' => $threads['attach_files'] > 0 ? "<i class='" . get_forumIcons('file') . "' title='" . $locale['forum_0312'] . "'></i>" : '', 'icon' => $icon), "thread_starter" => $locale['forum_0006'] . timer($threads['post_datestamp']) . " " . $locale['by'] . " " . profile_link($author['user_id'], $author['user_name'], $author['user_status']) . "</span>", "thread_author" => $author, "thread_last" => array('avatar' => display_avatar($lastuser, '30px', '', '', ''), 'profile_link' => profile_link($lastuser['user_id'], $lastuser['user_name'], $lastuser['user_status']), 'time' => $threads['post_datestamp'], 'post_message' => parseubb(parsesmileys($threads['post_message'])), "formatted" => "<div class='pull-left'>" . display_avatar($lastuser, '30px', '', '', '') . "</div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class='overflow-hide'>" . $locale['forum_0373'] . " <span class='forum_profile_link'>" . profile_link($lastuser['user_id'], $lastuser['user_name'], $lastuser['user_status']) . "</span><br/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t" . timer($threads['post_datestamp']) . "\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t</div>"), "track_button" => array('link' => FORUM . "index.php?section=tracked&delete=" . $threads['thread_id'], 'title' => $locale['global_058'])); // push $this->forum_info['item'][$threads['thread_id']] = $threads; } }
$msg_send_state = ""; $msg_to_group = ""; $msg_to_group_state = " disabled"; $sendtoall_chk = ""; $disablesmileys_chk = ""; } if (isset($_GET['msg_id']) && isnum($_GET['msg_id'])) { $result = dbquery("SELECT m.message_subject, m.message_message, m.message_smileys, u.user_id, u.user_name FROM " . DB_MESSAGES . " m\n\t\t\tLEFT JOIN " . DB_USERS . " u ON m.message_from=u.user_id\n\t\t\tWHERE message_to='" . $userdata['user_id'] . "' AND message_id='" . $_GET['msg_id'] . "'"); $data = dbarray($result); $_GET['msg_send'] = $data['user_id']; if ($subject == "") { $subject = (!strstr($data['message_subject'], "RE: ") ? "RE: " : "") . $data['message_subject']; } $reply_message = $data['message_message']; if (!$data['message_smileys']) { $reply_message = parsesmileys($reply_message); } } else { $reply_message = ""; } $user_list = ""; $user_types = ""; if (!isset($_POST['chk_sendtoall']) || $_GET['msg_send'] != "0") { $sel = ""; $result = dbquery("SELECT user_id, user_name FROM " . DB_USERS . " WHERE user_status='0' ORDER BY user_level DESC, user_name ASC"); while ($data = dbarray($result)) { if ($data['user_id'] != $userdata['user_id']) { $sel = $_GET['msg_send'] == $data['user_id'] ? " selected='selected'" : ""; $user_list .= "<option value='" . $data['user_id'] . "'{$sel}>" . $data['user_name'] . "</option>\n"; } }
} } } if (isset($_POST['previewpost'])) { if ($subject == "") { $subject = $locale['420']; } if ($message == "") { $previewmessage = $locale['421']; } else { $previewmessage = $message; if ($sig_checked) { $previewmessage = $previewmessage . "\n\n" . $userdata['user_sig']; } if (!$disable_smileys_check) { $previewmessage = parsesmileys($previewmessage); } $previewmessage = parseubb($previewmessage); $previewmessage = nl2br($previewmessage); } //$is_mod = iMOD && iUSER < "102" ? true : false; opentable($locale['400']); echo "<div class='tbl2' style='margin-bottom:5px'><span class='small'><a href='index.php'>" . $settings['sitename'] . "</a> :: " . $caption . "</span></div>\n"; if ($fdata['forum_poll'] && checkgroup($fdata['forum_poll'])) { if (isset($poll_title) && $poll_title && (isset($poll_opts) && is_array($poll_opts))) { echo "<table cellpadding='0' cellspacing='1' width='100%' class='tbl-border' style='margin-bottom:5px'>\n<tr>\n"; echo "<td align='center' class='tbl2'><strong>" . $poll_title . "</strong></td>\n</tr>\n<tr>\n<td class='tbl1'>\n"; echo "<table align='center' cellpadding='0' cellspacing='0'>\n"; foreach ($poll_opts as $poll_option) { echo "<tr>\n<td class='tbl1'><input type='radio' name='poll_option' value='{$i}' style='vertical-align:middle;' /> " . $poll_option . "</td>\n</tr>\n"; $i++;
/** * Formats a string for bbcode and/or smileys. * * Formatting is done according to the supplied settings and the master administration settings. * * @param string $text Raw text with optional bbcode formatting * @param bool $smileys Whether smileys should be used; this is not an override to the master administration setting of * whether to use smileys or not, and that takes precedence. * @param string $cache If specified, this will provide the cache'd id that SMF should use to cache the output if it is suitably large. * * @return string Will return $text as processed for bbcode (if $modSettings['shd_allow_ticket_bbc'] permits) and smileys (if * $modSettings['shd_allow_ticket_smileys'] and $smileys permits) * @since 1.0 */ function shd_format_text($text, $smileys = true, $cache = '') { global $modSettings, $scripturl, $smcFunc; static $smf_disabled = false, $shd_disabled = false; if (empty($modSettings['shd_allow_ticket_bbc'])) { if (!empty($modSettings['shd_allow_wikilinks'])) { shd_parse_wikilinks($text); } if (!empty($modSettings['shd_allow_ticket_smileys']) && $smileys) { parsesmileys($text); } } else { // Figure out what's disabled, if anything, and do a bait'n'switch if ($smf_disabled === false) { $original_tags = parse_bbc(false); $tags = array(); foreach ($original_tags as $smf_tag) { if (!isset($tags[$smf_tag['tag']])) { $tags[$smf_tag['tag']] = true; } } // See what tagz we can haz. if (!empty($modSettings['shd_enabled_bbc'])) { $enabled_tags = explode(',', $modSettings['shd_enabled_bbc']); } else { $enabled_tags = array(false); } $disabled_tags = array_diff(array_keys($tags), $enabled_tags); // this gets us what's present in SMF but not enabled by SD $disabled_tags[] = '_SHD_DUMMY_TAG'; $smf_disabled = isset($modSettings['disabledBBC']) ? $modSettings['disabledBBC'] . ',_SHD_DUMMY_TAG' : '_SHD_DUMMY_TAG'; $shd_disabled = implode(',', $disabled_tags); } // wecanhazbbc if ($shd_disabled == $smf_disabled) { // What SMF and SD have is the same, yay $text = parse_bbc($text, !empty($modSettings['shd_allow_ticket_smileys']) ? $smileys : false, $cache); } else { // first override SMF's disabled set with ours $modSettings['disabledBBC'] = $shd_disabled; parse_bbc(false); $text = parse_bbc($text, !empty($modSettings['shd_allow_ticket_smileys']) ? $smileys : false, $cache); // Now put it back $modSettings['disabledBBC'] = $smf_disabled; parse_bbc(false); } } return $text; }
} $original_data = dbarray(dbquery("select * from " . DB_POSTS . " where thread_id='" . $data['thread_id'] . "' order by post_id asc limit 1")); $timepassed = timePassed($original_data['post_datestamp']); echo "</td>\n\t\t<td width='40%' class='" . $row_color . "'>"; $threadPost = dbarray(dbquery("select * from " . DB_THREADS . " t\n\t\tleft join " . DB_POSTS . " p on p.thread_id=t.thread_id\n\t\twhere t.thread_id='" . $data['thread_id'] . "' order by p.post_id asc limit 1")); $post_res = dbquery("select * from " . DB_PREFIX . "fb_posts where post_id='" . $threadPost['post_id'] . "'"); if (dbrows($post_res)) { $post_data = dbarray($post_res); if ($post_data['post_icon'] && $post_data['post_icon'] !== "page_white.png" && $fb4['post_icons']) { echo "<div style='float:left;'><br /><img src='" . INFUSIONS . "fusionboard4/images/post_icons/" . $post_data['post_icon'] . "' alt='' style='vertical-align:middle;' /> <br /></div>"; } } echo "<a"; if ($fb4['latest_popup']) { $originalpost = dbarray(dbquery("select * from " . DB_POSTS . " where thread_id='" . $data['thread_id'] . "' order by post_id asc limit 1")); $post_message = $originalpost['post_smileys'] == 1 ? parsesmileys($originalpost['post_message']) : $originalpost['post_message']; $post_message = phpentities(nl2br(parseubb($post_message))); echo " title=\"header=[ " . str_replace("]", "]]", str_replace("[", "[[", trimlink($data['thread_subject'], 70))) . "] body=[" . str_replace("]", "]]", str_replace("[", "[[", trimlink($post_message, 150))) . "] delay=[0] fade=[on]\""; } echo " href='" . FORUM . "viewthread.php?thread_id=" . $data['thread_id'] . "' title='" . $data['thread_subject'] . "'\n\t\tstyle='text-decoration:underline; font-size:12px;{$threadbold}'>" . trimlink($data['thread_subject'], 40) . "</a> "; if ($fb4['latest_post']) { echo " <a"; if ($fb4['latest_popup']) { $originalpost = dbarray(dbquery("select * from " . DB_POSTS . " where post_id='" . $data['thread_lastpostid'] . "' order by post_id asc limit 1")); $post = trimlink(nl2br(stripinput(parseubb($originalpost['post_message']))), 200); echo " title='header=[" . $locale['fb615'] . ":] body=[" . $post . "] delay=[0] fade=[on]'"; } echo " href='" . FORUM . "viewthread.php?thread_id=" . $data['thread_id'] . "&pid=" . $data['thread_lastpostid'] . "#post_" . $data['thread_lastpostid'] . "'" . (!$fb4['latest_popup'] ? " title='" . $locale['fb615'] . "'" : "") . " class='small'>(<b>»</b>)</a>"; } echo "<br />\n<a href='" . BASEDIR . "profile.php?lookup=" . $data['original_id'] . "' style='font-size:11px;'>" . showLabel($data['original_id'], false, "panel") . "</a><br />\n\t\t<span style='font-size:10px;'>" . $timepassed . "</span>\n\t\t</td>\n"; echo "<td width='20%' class='" . $row_color . "' style='text-align:right;white-space:nowrap'>\n\t\t" . timePassed($data['thread_lastpost'], false) . "<br />\n\t\tby <a href='" . BASEDIR . "profile.php?lookup=" . $data['thread_lastuser'] . "'>" . showLabel($data['thread_lastuser'], false, "panel") . "</a>";
<?php /*-------------------------------------------------------+ | PHP-Fusion Content Management System | Copyright (C) PHP-Fusion Inc | http://www.php-fusion.co.uk/ +--------------------------------------------------------+ | Filename: user_sig_include.php | Author: Digitanium +--------------------------------------------------------+ | This program is released as free software under the | Affero GPL license. You can redistribute it and/or | modify it under the terms of this license which you | can read by viewing the included agpl.txt or online | at www.gnu.org/licenses/agpl.html. Removal of this | copyright header is strictly prohibited without | written permission from the original author(s). +--------------------------------------------------------*/ if (!defined("IN_FUSION")) { die("Access Denied"); } // Display user field input if ($profile_method == "input") { require_once INCLUDES . "bbcode_include.php"; $options += array("bbcode" => TRUE, "inline" => TRUE, 'form_name' => 'userfieldsform'); $user_fields = form_textarea('user_sig', $locale['uf_sig'], $field_value, $options); } elseif ($profile_method == "display") { // Display in profile $user_fields = array('title' => $locale['uf_sig'], 'value' => $field_value ? parseubb(parsesmileys($field_value)) : $locale['na']); }
/** * Get thread structure when given specific tag id * @param string $tag_id * @param bool|FALSE $filter * @return array */ public static function get_tag_thread($tag_id = '0', $filter = FALSE) { $info = array(); $locale = fusion_get_locale("", FORUM_LOCALE); $forum_settings = ForumServer::get_forum_settings(); $userdata = fusion_get_userdata(); $userdata['user_id'] = !empty($userdata['user_id']) ? (int) intval($userdata['user_id']) : 0; $lastVisited = isset($userdata['user_lastvisit']) && isnum($userdata['user_lastvisit']) ? $userdata['user_lastvisit'] : time(); /** * Get threads with filter conditions (XSS prevention) */ $thread_query = "\n SELECT\n count(t.thread_id) 'thread_max_rows',\n count(a1.attach_id) 'attach_image',\n count(a2.attach_id) 'attach_files'\n FROM " . DB_FORUM_THREADS . " t\n LEFT JOIN " . DB_FORUMS . " tf ON tf.forum_id = t.forum_id\n INNER JOIN " . DB_USERS . " tu1 ON t.thread_author = tu1.user_id\n #LEFT JOIN " . DB_USERS . " tu2 ON t.thread_lastuser = tu2.user_id\n LEFT JOIN " . DB_FORUM_POSTS . " p1 ON p1.thread_id = t.thread_id and p1.post_id = t.thread_lastpostid\n LEFT JOIN " . DB_FORUM_POLLS . " p ON p.thread_id = t.thread_id\n #LEFT JOIN " . DB_FORUM_VOTES . " v ON v.thread_id = t.thread_id AND p1.post_id = v.post_id\n LEFT JOIN " . DB_FORUM_ATTACHMENTS . " a1 on a1.thread_id = t.thread_id AND a1.attach_mime IN ('" . implode(",", img_mimeTypes()) . "')\n LEFT JOIN " . DB_FORUM_ATTACHMENTS . " a2 on a2.thread_id = t.thread_id AND a2.attach_mime NOT IN ('" . implode(",", img_mimeTypes()) . "')\n WHERE " . in_group('t.thread_tags', intval($tag_id), '.') . " AND t.thread_hidden='0' AND " . groupaccess('tf.forum_access') . "\n " . (isset($filter['condition']) ? $filter['condition'] : '') . "\n GROUP BY tf.forum_id\n "; $thread_result = dbquery($thread_query); $thread_rows = dbrows($thread_result); $count = array("thread_max_rows" => 0, "attach_image" => 0, "attach_files" => 0); $info['item'][$tag_id]['forum_threadcount'] = 0; $info['item'][$tag_id]['forum_threadcount_word'] = format_word($count['thread_max_rows'], $locale['fmt_thread']); if ($thread_rows > 0) { $count = dbarray($thread_result); $info['item'][$tag_id]['forum_threadcount'] = 0; $info['item'][$tag_id]['forum_threadcount_word'] = format_word($count['thread_max_rows'], $locale['fmt_thread']); } $info['thread_max_rows'] = $count['thread_max_rows']; if ($info['thread_max_rows'] > 0) { $info['threads']['pagenav'] = ""; $info['threads']['pagenav2'] = ""; // anti-XSS filtered rowstart $_GET['thread_rowstart'] = isset($_GET['thread_rowstart']) && isnum($_GET['thread_rowstart']) && $_GET['thread_rowstart'] <= $count['thread_max_rows'] ? $_GET['thread_rowstart'] : 0; $thread_query = "\n SELECT t.*, tf.forum_type, tf.forum_name, tf.forum_cat,\n tu1.user_name ' author_name', tu1.user_status 'author_status', tu1.user_avatar 'author_avatar',\n tu2.user_name 'last_user_name', tu2.user_status 'last_user_status', tu2.user_avatar 'last_user_avatar',\n p1.post_datestamp, p1.post_message,\n IF (n.thread_id > 0, 1 , 0) 'user_tracked',\n count(v.vote_user) 'thread_rated',\n count(pv.forum_vote_user_id) 'poll_voted',\n p.forum_poll_title,\n count(v.post_id) AS vote_count,\n a1.attach_name, a1.attach_id,\n a2.attach_name, a2.attach_id,\n count(a1.attach_mime) 'attach_image',\n count(a2.attach_mime) 'attach_files',\n min(p2.post_datestamp) 'first_post_datestamp'\n FROM " . DB_FORUM_THREADS . " t\n LEFT JOIN " . DB_FORUMS . " tf ON tf.forum_id = t.forum_id\n INNER JOIN " . DB_USERS . " tu1 ON t.thread_author = tu1.user_id\n LEFT JOIN " . DB_USERS . " tu2 ON t.thread_lastuser = tu2.user_id\n LEFT JOIN " . DB_FORUM_POSTS . " p1 ON p1.thread_id = t.thread_id and p1.post_id = t.thread_lastpostid\n LEFT JOIN " . DB_FORUM_POSTS . " p2 ON p2.thread_id = t.thread_id\n LEFT JOIN " . DB_FORUM_POLLS . " p ON p.thread_id = t.thread_id\n #LEFT JOIN " . DB_FORUM_VOTES . " v ON v.thread_id = t.thread_id AND p1.post_id = v.post_id\n LEFT JOIN " . DB_FORUM_VOTES . " v on v.thread_id = t.thread_id AND v.vote_user='******'user_id'] . "' AND v.forum_id = t.forum_id AND tf.forum_type='4'\n LEFT JOIN " . DB_FORUM_POLL_VOTERS . " pv on pv.thread_id = t.thread_id AND pv.forum_vote_user_id='" . $userdata['user_id'] . "' AND t.thread_poll=1\n LEFT JOIN " . DB_FORUM_ATTACHMENTS . " a1 on a1.thread_id = t.thread_id AND a1.attach_mime IN ('" . implode(",", img_mimeTypes()) . "')\n LEFT JOIN " . DB_FORUM_ATTACHMENTS . " a2 on a2.thread_id = t.thread_id AND a2.attach_mime NOT IN ('" . implode(",", img_mimeTypes()) . "')\n LEFT JOIN " . DB_FORUM_THREAD_NOTIFY . " n on n.thread_id = t.thread_id and n.notify_user = '******'user_id'] . "'\n WHERE " . in_group('t.thread_tags', intval($tag_id), '.') . " AND t.thread_hidden='0' AND " . groupaccess('tf.forum_access') . "\n " . (isset($filter['condition']) ? $filter['condition'] : '') . "\n " . (multilang_table("FO") ? "AND tf.forum_language='" . LANGUAGE . "'" : '') . "\n GROUP BY t.thread_id\n " . (isset($filter['order']) ? $filter['order'] : '') . "\n LIMIT " . intval($_GET['thread_rowstart']) . ", " . $forum_settings['threads_per_page']; $cthread_result = dbquery($thread_query); if (dbrows($cthread_result) > 0) { while ($threads = dbarray($cthread_result)) { $icon = ""; $match_regex = $threads['thread_id'] . "\\|" . $threads['thread_lastpost'] . "\\|" . $threads['forum_id']; if ($threads['thread_lastpost'] > $lastVisited) { if (iMEMBER && ($threads['thread_lastuser'] == $userdata['user_id'] || preg_match("(^\\.{$match_regex}\$|\\.{$match_regex}\\.|\\.{$match_regex}\$)", $userdata['user_threads']))) { $icon = "<i class='" . get_forumIcons('thread') . "' title='" . $locale['forum_0261'] . "'></i>"; } else { $icon = "<i class='" . get_forumIcons('new') . "' title='" . $locale['forum_0260'] . "'></i>"; } } $author = array('user_id' => $threads['thread_author'], 'user_name' => $threads['author_name'], 'user_status' => $threads['author_status'], 'user_avatar' => $threads['author_avatar']); $lastuser = array('user_id' => $threads['thread_lastuser'], 'user_name' => $threads['last_user_name'], 'user_status' => $threads['last_user_status'], 'user_avatar' => $threads['last_user_avatar']); $threads += array("thread_link" => array("link" => FORUM . "viewthread.php?thread_id=" . $threads['thread_id'], "title" => $threads['thread_subject']), "forum_type" => $threads['forum_type'], "thread_pages" => makepagenav(0, $forum_settings['posts_per_page'], $threads['thread_postcount'], 3, FORUM . "viewthread.php?thread_id=" . $threads['thread_id'] . "&"), "thread_icons" => array('lock' => $threads['thread_locked'] ? "<i class='" . self::get_forumIcons('lock') . "' title='" . $locale['forum_0263'] . "'></i>" : '', 'sticky' => $threads['thread_sticky'] ? "<i class='" . self::get_forumIcons('sticky') . "' title='" . $locale['forum_0103'] . "'></i>" : '', 'poll' => $threads['thread_poll'] ? "<i class='" . self::get_forumIcons('poll') . "' title='" . $locale['forum_0314'] . "'></i>" : '', 'hot' => $threads['thread_postcount'] >= 20 ? "<i class='" . self::get_forumIcons('hot') . "' title='" . $locale['forum_0311'] . "'></i>" : '', 'reads' => $threads['thread_views'] >= 20 ? "<i class='" . self::get_forumIcons('reads') . "' title='" . $locale['forum_0311'] . "'></i>" : '', 'image' => $threads['attach_image'] > 0 ? "<i class='" . self::get_forumIcons('image') . "' title='" . $locale['forum_0313'] . "'></i>" : '', 'file' => $threads['attach_files'] > 0 ? "<i class='" . self::get_forumIcons('file') . "' title='" . $locale['forum_0312'] . "'></i>" : '', 'icon' => $icon), "thread_starter" => $locale['forum_0006'] . timer($threads['first_post_datestamp']) . " " . $locale['by'] . " " . profile_link($author['user_id'], $author['user_name'], $author['user_status']) . "</span>", "thread_author" => $author, "thread_last" => array('avatar' => display_avatar($lastuser, '30px', '', '', ''), 'profile_link' => profile_link($lastuser['user_id'], $lastuser['user_name'], $lastuser['user_status']), 'time' => $threads['post_datestamp'], 'post_message' => parseubb(parsesmileys($threads['post_message'])), "formatted" => "<div class='pull-left'>" . display_avatar($lastuser, '30px', '', '', '') . "</div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class='overflow-hide'>" . $locale['forum_0373'] . " <span class='forum_profile_link'>" . profile_link($lastuser['user_id'], $lastuser['user_name'], $lastuser['user_status']) . "</span><br/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t" . timer($threads['post_datestamp']) . "\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t</div>")); if ($threads['thread_sticky']) { $info['threads']['sticky'][$threads['thread_id']] = $threads; } else { $info['threads']['item'][$threads['thread_id']] = $threads; } } } if ($info['thread_max_rows'] > $forum_settings['threads_per_page']) { $info['threads']['pagenav'] = makepagenav($_GET['thread_rowstart'], $forum_settings['threads_per_page'], $info['thread_max_rows'], 3, clean_request("", array("thread_rowstart"), FALSE) . "&", "thread_rowstart"); $info['threads']['pagenav2'] = makepagenav($_GET['thread_rowstart'], $forum_settings['threads_per_page'], $info['thread_max_rows'], 3, clean_request("", array("thread_rowstart"), FALSE) . "&", "thread_rowstart", TRUE); } } return (array) $info; }
echo "</tbody>\n</table>\n"; echo "</div>\n"; } else { echo "<div style='text-align:center'>" . $locale['416'] . "</div>\n"; } closetable(); } else { if ($_GET['page'] == 2) { if (isset($_POST['post_test'])) { $test_message = form_sanitizer($_POST['test_message'], '', 'test_message'); $smileys_checked = isset($_POST['test_smileys']) || preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $test_message) ? " checked='checked'" : ""; if (!defined('FUSION_NULL')) { opentable($locale['417']); echo "<div class='well'>\n"; if (!$smileys_checked) { echo parseubb(parsesmileys($test_message)); } else { echo parseubb($test_message); } echo "</div>\n"; closetable(); } } else { $test_message = ""; $smileys_checked = ""; } include LOCALE . LOCALESET . "comments.php"; opentable($locale['401']); echo $navigation; echo openform('input_form', 'input_form', 'post', FUSION_SELF . $aidlink . "&page=2", array('downtime' => 0)); echo "<table cellspacing='0' cellpadding='0' class='table table-responsive center'>\n<tr>\n";
if (dbrows($result)) { $title = ""; if ($settings['forum_last_posts_reply'] == "1") { $title = $locale['431']; } else { $title = sprintf($locale['432'], $settings['forum_last_posts_reply']); } opentable($title); echo "<div style='max-height:350px;overflow:auto;'>\n"; echo "<table cellpadding='1' cellspacing='1' width='100%' class='tbl-border forum_thread_table'>\n"; $i = $settings['forum_last_posts_reply']; while ($data = dbarray($result)) { $data['user_aliases'] = alias1($data['user_aliases']); $message = $data['post_message']; if ($data['post_smileys']) { $message = parsesmileys($message); } $message = parseubb($message); echo "<tr>\n<td class='tbl2 forum_thread_user_name' style='width:10%'><!--forum_thread_user_name-->" . alias2($data['post_alias'], $data['user_aliases'], $data['user_id'], $data['user_name'], $data['user_status']) . "</td>\n"; echo "<td class='tbl2 forum_thread_post_date'>\n"; echo "<div style='float:right' class='small'>\n"; echo $i . ($i == $settings['forum_last_posts_reply'] ? " (" . $locale['431'] . ")" : ""); echo "</div>\n"; echo "<div class='small'>" . $locale['426'] . showdate("forumdate", $data['post_datestamp']) . "</div>\n"; echo "</td>\n"; echo "</tr>\n<tr>\n<td valign='top' class='tbl2 forum_thread_user_info' style='width:10%'>\n"; if ($data['user_avatar'] && file_exists(IMAGES . "avatars/" . $data['user_avatar']) && $data['user_status'] != 6 && $data['user_status'] != 5 && $data['post_alias'] < 0) { echo "<img src='" . IMAGES . "avatars/" . $data['user_avatar'] . "' alt='" . $locale['567'] . "' /><br /><br />\n"; } elseif ($data['post_alias'] >= 0) { echo "<img src='" . IMAGES . "avatars/noavatar100.png' alt='-' /><br /><br />\n"; echo "<span class='small'>";
function profileValidateSignature(&$value) { global $sourcedir, $modSettings, $smcFunc, $txt; require_once $sourcedir . '/Subs-Post.php'; // Admins can do whatever they hell they want! if (!allowedTo('admin_forum')) { // Load all the signature limits. list($sig_limits, $sig_bbc) = explode(':', $modSettings['signature_settings']); $sig_limits = explode(',', $sig_limits); $disabledTags = !empty($sig_bbc) ? explode(',', $sig_bbc) : array(); $unparsed_signature = strtr(un_htmlspecialchars($value), array("\r" => '', ''' => '\'')); // Too long? if (!empty($sig_limits[1]) && $smcFunc['strlen']($unparsed_signature) > $sig_limits[1]) { $_POST['signature'] = trim(htmlspecialchars($smcFunc['substr']($unparsed_signature, 0, $sig_limits[1]), ENT_QUOTES)); $txt['profile_error_signature_max_length'] = sprintf($txt['profile_error_signature_max_length'], $sig_limits[1]); return 'signature_max_length'; } // Too many lines? if (!empty($sig_limits[2]) && substr_count($unparsed_signature, "\n") >= $sig_limits[2]) { $txt['profile_error_signature_max_lines'] = sprintf($txt['profile_error_signature_max_lines'], $sig_limits[2]); return 'signature_max_lines'; } // Too many images?! if (!empty($sig_limits[3]) && substr_count(strtolower($unparsed_signature), '[img') + substr_count(strtolower($unparsed_signature), '<img') > $sig_limits[3]) { $txt['profile_error_signature_max_image_count'] = sprintf($txt['profile_error_signature_max_image_count'], $sig_limits[3]); return 'signature_max_image_count'; } // What about too many smileys! $smiley_parsed = $unparsed_signature; parsesmileys($smiley_parsed); $smiley_count = substr_count(strtolower($smiley_parsed), '<img') - substr_count(strtolower($unparsed_signature), '<img'); if (!empty($sig_limits[4]) && $sig_limits[4] == -1 && $smiley_count > 0) { return 'signature_allow_smileys'; } elseif (!empty($sig_limits[4]) && $sig_limits[4] > 0 && $smiley_count > $sig_limits[4]) { $txt['profile_error_signature_max_smileys'] = sprintf($txt['profile_error_signature_max_smileys'], $sig_limits[4]); return 'signature_max_smileys'; } // Maybe we are abusing font sizes? if (!empty($sig_limits[7]) && preg_match_all('~\\[size=([\\d\\.]+)?(px|pt|em|x-large|larger)~i', $unparsed_signature, $matches) !== false && isset($matches[2])) { foreach ($matches[1] as $ind => $size) { $limit_broke = 0; // Attempt to allow all sizes of abuse, so to speak. if ($matches[2][$ind] == 'px' && $size > $sig_limits[7]) { $limit_broke = $sig_limits[7] . 'px'; } elseif ($matches[2][$ind] == 'pt' && $size > $sig_limits[7] * 0.75) { $limit_broke = (int) $sig_limits[7] * 0.75 . 'pt'; } elseif ($matches[2][$ind] == 'em' && $size > (double) $sig_limits[7] / 16) { $limit_broke = (double) $sig_limits[7] / 16 . 'em'; } elseif ($matches[2][$ind] != 'px' && $matches[2][$ind] != 'pt' && $matches[2][$ind] != 'em' && $sig_limits[7] < 18) { $limit_broke = 'large'; } if ($limit_broke) { $txt['profile_error_signature_max_font_size'] = sprintf($txt['profile_error_signature_max_font_size'], $limit_broke); return 'signature_max_font_size'; } } } // The difficult one - image sizes! Don't error on this - just fix it. if (!empty($sig_limits[5]) || !empty($sig_limits[6])) { // Get all BBC tags... preg_match_all('~\\[img(\\s+width=([\\d]+))?(\\s+height=([\\d]+))?(\\s+width=([\\d]+))?\\s*\\](?:<br />)*([^<">]+?)(?:<br />)*\\[/img\\]~i', $unparsed_signature, $matches); // ... and all HTML ones. preg_match_all('~<img\\s+src=(?:")?((?:http://|ftp://|https://|ftps://).+?)(?:")?(?:\\s+alt=(?:")?(.*?)(?:")?)?(?:\\s?/)?>~i', $unparsed_signature, $matches2, PREG_PATTERN_ORDER); // And stick the HTML in the BBC. if (!empty($matches2)) { foreach ($matches2[0] as $ind => $dummy) { $matches[0][] = $matches2[0][$ind]; $matches[1][] = ''; $matches[2][] = ''; $matches[3][] = ''; $matches[4][] = ''; $matches[5][] = ''; $matches[6][] = ''; $matches[7][] = $matches2[1][$ind]; } } $replaces = array(); // Try to find all the images! if (!empty($matches)) { foreach ($matches[0] as $key => $image) { $width = -1; $height = -1; // Does it have predefined restraints? Width first. if ($matches[6][$key]) { $matches[2][$key] = $matches[6][$key]; } if ($matches[2][$key] && $sig_limits[5] && $matches[2][$key] > $sig_limits[5]) { $width = $sig_limits[5]; $matches[4][$key] = $matches[4][$key] * ($width / $matches[2][$key]); } elseif ($matches[2][$key]) { $width = $matches[2][$key]; } // ... and height. if ($matches[4][$key] && $sig_limits[6] && $matches[4][$key] > $sig_limits[6]) { $height = $sig_limits[6]; if ($width != -1) { $width = $width * ($height / $matches[4][$key]); } } elseif ($matches[4][$key]) { $height = $matches[4][$key]; } // If the dimensions are still not fixed - we need to check the actual image. if ($width == -1 && $sig_limits[5] || $height == -1 && $sig_limits[6]) { $sizes = url_image_size($matches[7][$key]); if (is_array($sizes)) { // Too wide? if ($sizes[0] > $sig_limits[5] && $sig_limits[5]) { $width = $sig_limits[5]; $sizes[1] = $sizes[1] * ($width / $sizes[0]); } // Too high? if ($sizes[1] > $sig_limits[6] && $sig_limits[6]) { $height = $sig_limits[6]; if ($width == -1) { $width = $sizes[0]; } $width = $width * ($height / $sizes[1]); } elseif ($width != -1) { $height = $sizes[1]; } } } // Did we come up with some changes? If so remake the string. if ($width != -1 || $height != -1) { $replaces[$image] = '[img' . ($width != -1 ? ' width=' . round($width) : '') . ($height != -1 ? ' height=' . round($height) : '') . ']' . $matches[7][$key] . '[/img]'; } } if (!empty($replaces)) { $value = str_replace(array_keys($replaces), array_values($replaces), $value); } } } // Any disabled BBC? $disabledSigBBC = implode('|', $disabledTags); if (!empty($disabledSigBBC)) { if (preg_match('~\\[(' . $disabledSigBBC . ')~i', $unparsed_signature, $matches) !== false && isset($matches[1])) { $disabledTags = array_unique($disabledTags); $txt['profile_error_signature_disabled_bbc'] = sprintf($txt['profile_error_signature_disabled_bbc'], implode(', ', $disabledTags)); return 'signature_disabled_bbc'; } } } preparsecode($value); return true; }
echo "<div class='attachments-list'>" . $a_images . "</div>\n"; echo "</div>\n"; } } if ($data['post_edittime'] != "0") { echo "\n<hr />\n<span class='small'>" . $locale['508'] . profile_link($data['post_edituser'], $data['edit_name'], $data['edit_status']) . $locale['509'] . showdate("forumdate", $data['post_edittime']) . "</span>\n"; if ($data['post_editreason'] != "" && iMEMBER) { $edit_reason = true; echo "<br /><div class='edit_reason'><a id='reason_pid_" . $data['post_id'] . "' rel='" . $data['post_id'] . "' class='reason_button small' href='#reason_div_pid_" . $data['post_id'] . "'>"; echo "<strong>" . $locale['508a'] . "</strong>"; echo "</a>\n"; echo "<div id='reason_div_pid_" . $data['post_id'] . "' class='reason_div small'>" . $data['post_editreason'] . "</div></div>\n"; } } if ($data['post_showsig'] && isset($data['user_sig']) && $data['user_sig'] && $data['user_status'] != 6 && $data['user_status'] != 5) { echo "\n<hr /><div class='forum_sig'>" . nl2br(parseubb(parsesmileys($data['user_sig']), "b|i|u||center|small|url|mail|img|color")) . "</div>\n"; } echo "<!--sub_forum_post--></td>\n</tr>\n"; echo "<tr>\n<td class='tbl2 forum_thread_ip' style='width:140px;white-space:nowrap'>"; if ($settings['forum_ips'] && iMEMBER || iMOD) { echo "<strong>" . $locale['571'] . "</strong>: " . $data['post_ip']; } else { echo " "; } echo "</td>\n<td class='tbl2 forum_thread_userbar'>\n<div style='float:left;white-space:nowrap' class='small'><!--forum_thread_userbar-->\n"; if (isset($data['user_web']) && $data['user_web'] && (iADMIN || $data['user_status'] != 6 && $data['user_status'] != 5)) { echo "<a href='" . $data['user_web'] . "' target='_blank'><img src='" . get_image("web") . "' alt='" . $data['user_web'] . "' style='border:0;vertical-align:middle' /></a>"; } if (iMEMBER && $data['user_id'] != $userdata['user_id'] && (iADMIN || $data['user_status'] != 6 && $data['user_status'] != 5)) { echo "<a href='" . BASEDIR . "messages.php?msg_send=" . $data['user_id'] . "'><img src='" . get_image("pm") . "' alt='" . $locale['572'] . "' style='border:0;vertical-align:middle' /></a>\n"; }
function showcomments($ctype, $cdb, $ccol, $cid, $clink) { global $settings, $locale, $userdata, $aidlink; $link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : ""); $link = preg_replace("^(&|\\?)c_action=(edit|delete)&comment_id=\\d*^", "", $link); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) { $result = dbquery("DELETE FROM " . DB_COMMENTS . " WHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : " AND comment_name='" . $userdata['user_id'] . "'")); } redirect($clink); } if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) { if (iMEMBER) { $comment_name = $userdata['user_id']; } elseif ($settings['guestposts'] == "1") { $comment_name = trim(stripinput($_POST['comment_name'])); $comment_name = preg_replace("(^[0-9]*)", "", $comment_name); if (isnum($comment_name)) { $comment_name = ""; } include_once INCLUDES . "securimage/securimage.php"; $securimage = new Securimage(); if (!isset($_POST['com_captcha_code']) || $securimage->check($_POST['com_captcha_code']) == false) { redirect($link); } } $comment_message = trim(stripinput(censorwords($_POST['comment_message']))); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $comment_updated = false; if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) { if ($comment_message) { $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='{$comment_message}' WHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : " AND comment_name='" . $userdata['user_id'] . "'")); $comment_updated = true; } } if ($comment_updated) { $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_id<='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'") / 10) - 1) * 10; } redirect($clink . "&rstart=" . (isset($c_start) && isnum($c_start) ? $c_start : "")); } else { if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) { redirect(BASEDIR . "index.php"); } if ($comment_name && $comment_message) { require_once INCLUDES . "flood_include.php"; if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) { $result = dbquery("INSERT INTO " . DB_COMMENTS . " (comment_item_id, comment_type, comment_name, comment_message, comment_datestamp, comment_ip) VALUES ('{$cid}', '{$ctype}', '{$comment_name}', '{$comment_message}', '" . time() . "', '" . USER_IP . "')"); } } $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'") / 10) - 1) * 10; redirect($clink . "&rstart=" . $c_start); } } opentable($locale['c100']); echo "<a id='comments' name='comments'></a>"; $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='{$cid}' AND comment_type='{$ctype}'"); if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) { $_GET['c_start'] = 0; } $result = dbquery("SELECT tcm.*,user_name FROM " . DB_COMMENTS . " tcm\n\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\tWHERE comment_item_id='{$cid}' AND comment_type='{$ctype}'\n\t\tORDER BY comment_datestamp ASC LIMIT " . $_GET['c_start'] . ",10"); if (dbrows($result)) { $i = $_GET['c_start'] + 1; if ($c_rows > 10) { echo "<div style='text-align:center;margin-bottom:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&") . "</div>\n"; } while ($data = dbarray($result)) { echo "<div class='tbl2'>\n"; if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) { echo "<div style='float:right' class='comment_actions'><!--comment_actions-->\n<a href='" . FUSION_REQUEST . "&c_action=edit&comment_id=" . $data['comment_id'] . "#edit_comment'>" . $locale['c108'] . "</a> |\n"; echo "<a href='" . FUSION_REQUEST . "&c_action=delete&comment_id=" . $data['comment_id'] . "'>" . $locale['c109'] . "</a>\n</div>\n"; } echo "<a href='" . FUSION_REQUEST . "#c" . $data['comment_id'] . "' id='c" . $data['comment_id'] . "' name='c" . $data['comment_id'] . "'>#" . $i . "</a> | "; if ($data['user_name']) { echo "<span class='comment-name'><a href='" . BASEDIR . "profile.php?lookup=" . $data['comment_name'] . "'>" . $data['user_name'] . "</a></span>\n"; } else { echo "<span class='comment-name'>" . $data['comment_name'] . "</span>\n"; } echo "<span class='small'>" . $locale['global_071'] . showdate("longdate", $data['comment_datestamp']) . "</span>\n"; echo "</div>\n<div class='tbl1 comment_message'><!--comment_message-->" . nl2br(parseubb(parsesmileys($data['comment_message']))) . "</div>\n"; $i++; } if (iADMIN && checkrights("C")) { echo "<div align='right' class='tbl2'><a href='" . ADMIN . "comments.php" . $aidlink . "&ctype={$ctype}&cid={$cid}'>" . $locale['c106'] . "</a></div>\n"; } if ($c_rows > 10) { echo "<div style='text-align:center;margin-top:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&") . "</div>\n"; } } else { echo $locale['c101'] . "\n"; } closetable(); opentable($locale['c102']); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $eresult = dbquery("SELECT tcm.*,user_name FROM " . DB_COMMENTS . " tcm\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'"); if (dbrows($eresult)) { $edata = dbarray($eresult); if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) { $clink .= "&c_action=edit&comment_id=" . $edata['comment_id']; $comment_message = $edata['comment_message']; } } else { $comment_message = ""; } } else { $comment_message = ""; } if (iMEMBER || $settings['guestposts'] == "1") { require_once INCLUDES . "bbcode_include.php"; echo "<a id='edit_comment' name='edit_comment'></a>\n"; echo "<form name='inputform' method='post' action='" . $clink . "'>\n"; if (iGUEST) { echo "<div align='center' class='tbl'>\n" . $locale['c104'] . "<br />\n"; echo "<input type='text' name='comment_name' maxlength='30' class='textbox' style='width:360px' />\n"; echo "</div>\n"; } echo "<div align='center' class='tbl'>\n"; echo "<textarea name='comment_message' cols='70' rows='6' class='textbox' style='width:360px'>" . $comment_message . "</textarea><br />\n"; echo display_bbcodes("360px", "comment_message"); if (iGUEST) { echo $locale['global_158'] . "<br />\n"; echo "<img id='com_captcha' src='" . INCLUDES . "securimage/securimage_show.php' alt='' /><br />\n"; echo "<a href='" . INCLUDES . "securimage/securimage_play.php'><img src='" . INCLUDES . "securimage/images/audio_icon.gif' alt='' class='tbl-border' style='margin-bottom:1px' /></a>\n"; echo "<a href='#' onclick=\"document.getElementById('com_captcha').src = '" . INCLUDES . "securimage/securimage_show.php?sid=' + Math.random(); return false\"><img src='" . INCLUDES . "securimage/images/refresh.gif' alt='' class='tbl-border' /></a><br />\n"; echo $locale['global_159'] . "<br />\n<input type='text' name='com_captcha_code' class='textbox' style='width:100px' />\n"; } echo "<br />\n<input type='submit' name='post_comment' value='" . ($comment_message ? $locale['c103'] : $locale['c102']) . "' class='button' />\n"; echo "</div>\n</form>\n"; } else { echo $locale['c105'] . "\n"; } closetable(); }
/** * @param $comment_type - abbr or short ID * @param $comment_db - Current Application DB - DB_BLOG for example. * @param $comment_col - current sql primary key column - 'blog_id' for example * @param $comment_item_id - current sql primary key value '$_GET['blog_id']' for example * @param $clink - current page link 'FUSION_SELF' is ok. */ function showcomments($comment_type, $comment_db, $comment_col, $comment_item_id, $clink) { global $settings, $locale, $userdata, $aidlink; $link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : ""); $link = preg_replace("^(&|\\?)c_action=(edit|delete)&comment_id=\\d*^", "", $link); $_GET['comment'] = isset($_GET['comment']) && isnum($_GET['comment']) ? $_GET['comment'] : 0; $cpp = $settings['comments_per_page']; if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) { $result = dbquery("DELETE FROM " . DB_COMMENTS . "\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\n\t\t\t\tAND comment_name='" . $userdata['user_id'] . "'")); } redirect($clink . ($settings['comments_sorting'] == "ASC" ? "" : "&c_start=0")); } if ($settings['comments_enabled'] == "1") { if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) { if (!iMEMBER && $settings['guestpost'] == 1) { if (!isset($_POST['comment_name'])) { redirect($link); } if (isnum($_POST['comment_name'])) { $_POST['comment_name'] = ''; } $_CAPTCHA_IS_VALID = FALSE; include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_check.php"; if (!isset($_POST['captcha_code']) || $_CAPTCHA_IS_VALID == FALSE) { redirect($link); } } $comment_data = array('comment_id' => isset($_GET['comment_id']) && isnum($_GET['comment_id']) ? $_GET['comment_id'] : 0, 'comment_name' => iMEMBER ? $userdata['user_id'] : form_sanitizer($_POST['comment_name'], '', 'comment_name'), 'comment_message' => form_sanitizer($_POST['comment_message'], '', 'comment_message'), 'comment_datestamp' => time(), 'comment_item_id' => $comment_item_id, 'comment_type' => $comment_type, 'comment_cat' => 0, 'comment_ip' => USER_IP, 'comment_ip_type' => USER_IP_TYPE, 'comment_hidden' => 0); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && $comment_data['comment_id']) { $comment_updated = FALSE; if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $comment_data['comment_id'] . "' \n\t\t\t\tAND comment_item_id='" . $comment_item_id . "'\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\tAND comment_type='" . $comment_type . "' \n\t\t\t\tAND comment_name='" . $userdata['user_id'] . "' \n\t\t\t\tAND comment_hidden='0'")) { dbquery_insert(DB_COMMENTS, $comment_data, 'update'); if ($comment_data['comment_message']) { $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='" . $comment_data['comment_message'] . "'\n \t\t\t\t\t\t\t\t\t WHERE comment_id='" . $_GET['comment_id'] . "' " . (iADMIN ? "" : "AND comment_name='" . $userdata['user_id'] . "'")); if ($result) { $comment_updated = TRUE; } } } if ($comment_updated) { if ($settings['comments_sorting'] == "ASC") { $c_operator = "<="; } else { $c_operator = ">="; } $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_id" . $c_operator . "'" . $comment_data['comment_id'] . "'\n\t\t\t\t\t\t\t\tAND comment_item_id='" . $comment_item_id . "'\n\t\t\t\t\t\t\t\tAND comment_type='" . $comment_type . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; } redirect($clink . "&c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : "")); } else { if (!dbcount("(" . $comment_col . ")", $comment_db, $comment_col . "='" . $comment_item_id . "'")) { redirect(BASEDIR . "index.php"); } $id = 0; if ($comment_data['comment_name'] && $comment_data['comment_message']) { require_once INCLUDES . "flood_include.php"; if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) { dbquery_insert(DB_COMMENTS, $comment_data, 'save'); $id = dblastid(); } } if ($settings['comments_sorting'] == "ASC") { $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; } else { $c_start = 0; } //if (!$settings['site_seo']) { redirect($clink . "&c_start=" . $c_start . "#c" . $id); //} } } $c_arr = array("c_con" => array(), "c_info" => array("c_makepagenav" => FALSE, "admin_link" => FALSE)); $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "' AND comment_hidden='0'"); if (!isset($_GET['c_start']) && $c_rows > $cpp) { $_GET['c_start'] = (ceil($c_rows / $cpp) - 1) * $cpp; } if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) { $_GET['c_start'] = 0; } $result = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcm.comment_datestamp,\n\t\t\t\t\ttcu.user_id, tcu.user_name, tcu.user_avatar, tcu.user_status\n\t\t\t\t\tFROM " . DB_COMMENTS . " tcm\n\t\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\t\t\t\tWHERE comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "' AND comment_hidden='0'\n\t\t\t\t\tORDER BY comment_datestamp " . $settings['comments_sorting'] . " LIMIT " . $_GET['c_start'] . "," . $cpp); if (dbrows($result) > 0) { $i = $settings['comments_sorting'] == "ASC" ? $_GET['c_start'] + 1 : $c_rows - $_GET['c_start']; if ($c_rows > $cpp) { $c_arr['c_info']['c_makepagenav'] = makepagenav($_GET['c_start'], $cpp, $c_rows, 3, $clink . "&", "c_start"); } while ($data = dbarray($result)) { $c_arr['c_con'][$i]['comment_id'] = $data['comment_id']; $c_arr['c_con'][$i]['edit_dell'] = FALSE; $c_arr['c_con'][$i]['i'] = $i; if ($data['user_name']) { $c_arr['c_con'][$i]['comment_name'] = profile_link($data['comment_name'], $data['user_name'], $data['user_status'], 'strong text-dark'); } else { $c_arr['c_con'][$i]['comment_name'] = $data['comment_name']; } $c_arr['c_con'][$i]['user_avatar'] = display_avatar($data, '35px', '', true, 'img-rounded'); $c_arr['c_con'][$i]['user'] = array('user_id' => $data['user_id'], 'user_name' => $data['user_name'], 'user_avatar' => $avatar = $data['user_avatar'] !== '' && file_exists(IMAGES . 'avatars/' . $data['user_avatar']) ? IMAGES . 'avatars/' . $data['user_avatar'] : IMAGES . "avatars/noavatar50.png", 'user_status' => $data['user_status']); $c_arr['c_con'][$i]['comment_datestamp'] = showdate('shortdate', $data['comment_datestamp']); $c_arr['c_con'][$i]['comment_time'] = timer($data['comment_datestamp']); $c_arr['c_con'][$i]['comment_message'] = "<!--comment_message-->\n" . nl2br(parseubb(parsesmileys($data['comment_message']))); if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) { $edit_link = clean_request('c_action=edit&comment_id=' . $data['comment_id'], array('c_action', 'comment_id'), false) . "#edit_comment"; $delete_link = clean_request('c_action=delete&comment_id=' . $data['comment_id'], array('c_action', 'comment_id'), false); $c_arr['c_con'][$i]['edit_link'] = array('link' => $edit_link, 'name' => $locale['c108']); $c_arr['c_con'][$i]['delete_link'] = array('link' => $delete_link, 'name' => $locale['c109']); $c_arr['c_con'][$i]['edit_dell'] = "<!--comment_actions-->\n"; $c_arr['c_con'][$i]['edit_dell'] .= "<div class='btn-group'>"; $c_arr['c_con'][$i]['edit_dell'] .= "<a class='btn btn-xs btn-default' href='" . $edit_link . "'>"; $c_arr['c_con'][$i]['edit_dell'] .= $locale['c108'] . "</a>\n"; $c_arr['c_con'][$i]['edit_dell'] .= "<a class='btn btn-xs btn-default' href='" . $delete_link . "' onclick=\"return confirm('" . $locale['c110'] . "');\">"; $c_arr['c_con'][$i]['edit_dell'] .= "<i class='fa fa-trash'></i> " . $locale['c109'] . "</a>"; $c_arr['c_con'][$i]['edit_dell'] .= "</div>\n"; } $settings['comments_sorting'] == "ASC" ? $i++ : $i--; } if (iADMIN && checkrights("C")) { $c_arr['c_info']['admin_link'] = "<!--comment_admin-->\n"; $c_arr['c_info']['admin_link'] .= "<a href='" . ADMIN . "comments.php" . $aidlink . "&ctype=" . $comment_type . "&comment_item_id=" . $comment_item_id . "'>" . $locale['c106'] . "</a>"; } } opentable($locale['c102']); $comment_message = ""; if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $eresult = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcu.user_name\n\t\t\t\tFROM " . DB_COMMENTS . " tcm\n\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $comment_item_id . "'\n\t\t\t\tAND comment_type='" . $comment_type . "' AND comment_hidden='0'"); if (dbrows($eresult) > 0) { $edata = dbarray($eresult); if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) { $clink .= "&c_action=edit&comment_id=" . $edata['comment_id']; $comment_message = $edata['comment_message']; } } else { $comment_message = ""; } } if (iMEMBER || $settings['guestposts'] == "1") { require_once INCLUDES . "bbcode_include.php"; echo "<a id='edit_comment' name='edit_comment'></a>\n"; echo openform('inputform', 'post', $clink, array('class' => 'm-b-20', 'max_tokens' => 1)); if (iGUEST) { echo form_text('comment_name', $locale['c104'], '', array('max_length' => 30)); } echo form_textarea('comment_message', '', $comment_message, array('required' => 1, 'autosize' => 1, 'form_name' => 'inputform', 'bbcode' => 1)); if (iGUEST && (!isset($_CAPTCHA_HIDE_INPUT) || isset($_CAPTCHA_HIDE_INPUT) && !$_CAPTCHA_HIDE_INPUT)) { $_CAPTCHA_HIDE_INPUT = FALSE; echo "<div style='width:360px; margin:10px auto;'>"; echo $locale['global_150'] . "<br />\n"; include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_display.php"; if (!$_CAPTCHA_HIDE_INPUT) { echo "<br />\n<label for='captcha_code'>" . $locale['global_151'] . "</label>"; echo "<br />\n<input type='text' id='captcha_code' name='captcha_code' class='textbox' autocomplete='off' style='width:100px' />\n"; } echo "</div>\n"; } echo form_button('post_comment', $comment_message ? $locale['c103'] : $locale['c102'], $comment_message ? $locale['c103'] : $locale['c102'], array('class' => 'btn-success m-t-10')); echo closeform(); } else { echo "<div class='well'>\n"; echo $locale['c105'] . "\n"; echo "</div>\n"; } closetable(); echo "<a id='comments' name='comments'></a>"; render_comments($c_arr['c_con'], $c_arr['c_info']); } }
echo "<br/>\n<textarea name='notes_content' id='notes_content' class='textbox' cols='20' rows='4' style='width:140px'></textarea><br />\n"; echo "" . display_bbcodes("150px;", "notes_content", "notes_form", "smiley|b|u|url") . ""; echo "<input type='submit' id='notes_submit' name='notes_submit' class='button' value='" . $locale['note_02'] . "' />\n"; echo "</form>\n"; echo "</div><br />\n"; $result = dbquery("SELECT note_id, note_name, note_text, note_datestamp FROM " . DB_ADMIN_NOTES . " ORDER BY note_id DESC"); echo "<div class='admin_notes' id='notes_q'>"; echo "<div id='note_loading'></div>\n"; while ($data = dbarray($result)) { echo "<div style='float:left' class='admin_note'>"; echo "<strong>" . $data['note_name'] . "</strong> "; echo "<a id='" . $data['note_id'] . "' href='" . FUSION_SELF . "?id=" . $data['note_id'] . "'>"; echo "<img class='loding' src='" . get_image("cancel") . "' title='" . $locale['note_03'] . "?' alt='" . $locale['note_03'] . "?' style='border:0;margin:0;vertical-align:bottom;' />"; echo "</a><img src='' alt='' style='height:16px;width:0px;' /><br />"; echo "<div class='shoutboxdate'>" . showdate("%d %b %H:%M", $data['note_datestamp']) . "</div>"; echo "<div class='notify'>" . parseubb(parsesmileys($data['note_text']), "b|i|u|url") . "</div>"; echo "</div>"; } echo "</div>"; closeside(); if (isset($_POST['submit']) && @$_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest') { $content = trim(stripinput($_POST['content'])); $name = trim(stripinput($_POST['name'])); $ins = dbquery("INSERT INTO " . DB_ADMIN_NOTES . " (note_text, note_name, note_datestamp) VALUES (" . _db($content) . ", " . _db($name) . ", '" . time() . "')"); } elseif (isset($_GET['id']) && @$_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest') { $id = trim(stripinput($_GET['id'])); $delete = dbquery("DELETE FROM " . DB_ADMIN_NOTES . " WHERE note_id=" . _db($id)); return $locale['note_04']; } } require_once TEMPLATES . "footer.php";
\PHPFusion\ImageRepo::setImage("smiley_" . $smiley['smiley_text'], $smiley_path); } } if ($_POST['editor'] == 'html') { $text = parsesmileys(nl2br(html_entity_decode(stripslashes($text)))); if (isset($_POST['mode']) && $_POST['mode'] == 'admin') { $images = str_replace('../../../', '', IMAGES); $text = str_replace(IMAGES, $images, $text); $text = str_replace(IMAGES_N, $images, $text); $text = parse_imageDir($text, $prefix_ . "images/"); } echo html_entity_decode($text, ENT_QUOTES, $locale['charset']) ?: "<p class='text-center'>" . $locale['nopreview'] . "</p>\n"; } elseif ($_POST['editor'] == 'bbcode') { $text = parseubb(parsesmileys($text)); if (isset($_POST['mode']) && $_POST['mode'] == 'admin') { $images = str_replace('../../../', '', IMAGES); $text = str_replace(IMAGES, $images, $text); $text = str_replace(IMAGES_N, $images, $text); $text = parse_imageDir($text, $prefix_ . "images/"); } echo html_entity_decode($text, ENT_QUOTES, $locale['charset']) ?: "<p class='text-center'>" . $locale['nopreview'] . "</p>\n"; } else { $text = parsesmileys($text); if (isset($_POST['mode']) && $_POST['mode'] == 'admin') { $images = str_replace('../../../', '', IMAGES); $text = str_replace(IMAGES, $images, $text); $text = str_replace(IMAGES_N, $images, $text); } echo parse_imageDir(nl2br(html_entity_decode($text, ENT_QUOTES, $locale['charset']))) ?: "<p class='text-center'>" . $locale['nopreview'] . "</p>\n"; } echo "</div>\n";
echo "<div class='shoutboxname' >"; if ($data['user_name']) { echo "<span class='side'>" . profile_link($data['shout_name'], $data['user_name'], $data['user_status']) . "</span>\n"; } else { echo $data['shout_name'] . "\n"; } echo "</div>\n"; echo "<div class='shoutboxdate'>" . showdate("shortdate", $data['shout_datestamp']) . "</div>"; if ($settings['warning_system_shoutbox']) { $points = show_warning_points($data['user_id']); echo "<div class='shoutboxwarnings'>"; echo "<span class='small'><a style='cursor:help;' onclick=\"warning_info();\">" . $locale['WARN200'] . "</a></span> "; echo warning_profile_link("1", $data['user_id'], $points); echo "</div>"; } echo "<div class='shoutbox' style='clear:left;'>" . sbwrap(parseubb(parsesmileys($data['shout_message']), "b|i|u|url|color")) . "</div>\n"; if ((iMODERATOR || iADMIN) && checkrights("S") || iMEMBER && $data['shout_name'] == $userdata['user_id'] && isset($data['user_name'])) { echo "[<a href='" . $link . $sep . "s_action=edit&shout_id=" . $data['shout_id'] . "#edit_shout" . "' class='side'>" . $locale['global_076'] . "</a>]\n"; echo "[<a href='" . $link . $sep . "s_action=delete&shout_id=" . $data['shout_id'] . "' class='side'>" . $locale['global_157'] . "</a>]<br />\n"; } $i++; if ($i != $numrows) { echo "<br />\n"; } } if ($numrows > $settings['numofshouts']) { echo "<div style='text-align:center'>\n<a href='" . INFUSIONS . "shoutbox_panel/shoutbox_archive.php' class='side'>" . $locale['global_155'] . "</a>\n</div>\n"; } } else { echo "<div>" . $locale['global_156'] . "</div>\n"; }
echo "<p>\n<form action='include/do_did.php?did=" . $download->id . "' method='post'>\n<div align='center'>" . $locale['PDP210'] . ": <b>" . $locale['PDP205'][$data['vote_opt']] . "</b><br />\n\t<input type='submit' name='del_vote' class='button'" . " value='" . $locale['PDP209'] . "' />\n</div>\n</form>\n"; } } elseif (dbrows($res) == 0) { echo "<p>" . $locale['PDP208']; } closetable(); /**************************************************************************** * COMMENTS */ opentable($locale['PDP021']); $res = dbquery("SELECT comment_user_name, comment_smileys,\n\tcomment_text, user_id, comment_id, comment_timestamp\n\tFROM " . DB_PDP_COMMENTS . "\n\tWHERE download_id='" . $download->id . "'\n\tORDER BY comment_timestamp ASC"); $count_comments = $count = dbrows($res); while ($data = dbarray($res)) { $name = $data['comment_user_name']; if ($data['comment_smileys'] == "1") { $text = parsesmileys($data['comment_text']); } else { $text = $data['comment_text']; } $text = parseubb($text); if ($data['user_id']) { $name = '<a href="' . BASEDIR . 'profile.php?lookup=' . $data['user_id'] . '">' . $name . '</a>'; } else { $name = '<strong>' . $name . '</strong>'; } echo ' <div class="comment" id="comm' . $data['comment_id'] . '"> <span class="comment-name">' . $name . '</a></span> <span class="small">' . $locale['PDP031'] . showdate('shortdate', $data['comment_timestamp']) . '</span> <p> ' . $text . '
/** * Format html code and add bbcode if $bbcode = true * @param string $text * @param boolean $bbcodes * @return string */ function htmlformat($text, $bbcodes = false) { $text = htmlentities($text, ENT_QUOTES, 'UTF-8'); $text = nl2br($text); if ($bbcodes) { $text = bbcodes($text); $text = parsesmileys($text); } return $text; }
if ($print_files != '') { echo "<br />"; } echo "\n<fieldset class='forum_attachments'>"; echo "<legend class='forum_attachments_legend'>" . profile_link($data['user_id'], $data['user_name'], $data['user_status']) . ($count_images > 1 ? $locale['506b'] : $locale['506']) . "</legend>"; echo "<div class='forum_attachments_content'>" . $print_images . "</div>"; echo "</fieldset>\n"; } } } if ($data['post_edittime'] != "0") { echo "\n<fieldset class='forum_edit'>\n" . $locale['508'] . profile_link($data['post_edituser'], $data['edit_name'], $data['edit_status']) . $locale['509'] . showdate("forumdate", $data['post_edittime']) . "</fieldset>"; // Pimped: added profile_link() } if ($data['post_showsig'] && isset($data['user_sig']) && $data['user_sig']) { echo "\n<fieldset class='forum_signatur'>\r\n\t\t\t<legend class='forum_signatur_legend'>" . $locale['507d'] . "</legend>" . nl2br(parseubb(parsesmileys($data['user_sig']), "b|i|u||center|small|url|mail|img|color")) . "\r\n\t\t\t</fieldset>"; } echo "<!--sub_forum_post--></td>\n</tr>\n"; // Pimped: Post Ratings -> if ($settings['forum_post_ratings']) { $show = post_ratings_show($data['post_id']); $do = ''; if (iMEMBER && $userdata['user_id'] !== $data['user_id']) { $do .= "<span id='rb_" . $data['post_id'] . "'>"; $do .= post_ratings_do($data['post_id'], $userdata['user_id'], $data['post_author'], false); $do .= "</span> "; } if ($do != '' || $show != '') { echo "<tr>\n<td class='tbl2'>\n</td>\n<td class='tbl2'>"; echo "<div align='left'>\n"; echo $show;
/** Custom data formatter */ function parseInfo($data) { global $locale, $dl_settings; $download_image = ''; if ($data['download_image'] && $dl_settings['download_screenshot'] == "1") { $hiRes_image_path = get_download_image_path($data['download_image'], $data['download_image_thumb'], TRUE); $lowRes_image_path = get_download_image_path($data['download_image'], $data['download_image_thumb'], FALSE); $download_image = "<a href='" . INFUSIONS . "downloads/downloads.php?download_id=" . $data['download_id'] . "'>" . thumbnail($lowRes_image_path, '100px') . "</a>"; } return array('download_anchor' => "<a name='download_" . $data['download_id'] . "' id='download_" . $data['download_id'] . "'></a>", 'download_description_short' => nl2br(parseubb(parsesmileys(html_entity_decode(stripslashes($data['download_description_short']))))), 'download_description' => nl2br(parseubb(parsesmileys(html_entity_decode(stripslashes($data['download_description']))))), 'download_link' => INFUSIONS . "downloads/downloads.php?download_id=" . $data['download_id'], 'download_category_link' => "<a href='" . INFUSIONS . "downloads/downloads.php?cat_id=" . $data['download_cat'] . "'>" . $data['download_cat_name'] . "</a>\n", 'download_readmore_link' => "<a href='" . INFUSIONS . "downloads/downloads.php?download_id=" . $data['download_id'] . "'>" . $locale['download_1006'] . "</a>\n", 'download_title' => stripslashes($data['download_title']), 'download_image' => $download_image, 'download_thumb' => get_download_image_path($data['download_image'], $data['download_image_thumb'], FALSE), "download_count" => format_word($data['download_count'], $locale['fmt_download']), "download_comments" => format_word($data['count_comment'], $locale['fmt_comment']), 'download_sum_rating' => format_word($data['sum_rating'], $locale['fmt_rating']), 'download_count_votes' => format_word($data['count_votes'], $locale['fmt_vote']), 'download_user_avatar' => display_avatar($data, '25px', '', TRUE, 'img-rounded'), 'download_user_link' => profile_link($data['user_id'], $data['user_name'], $data['user_status'], 'strong'), 'download_post_time' => showdate('shortdate', $data['download_datestamp']), 'download_post_time2' => $locale['global_049'] . " " . timer($data['download_datestamp']), 'download_file_link' => file_exists(DOWNLOADS . '/files/' . $data['download_file']) ? INFUSIONS . "downloads/downloads.php?file_id=" . $data['download_id'] : ''); }
function parse_bbc($message, $smileys = true, $cache_id = '', $parse_tags = array()) { global $txt, $scripturl, $context, $modSettings, $user_info, $smcFunc; static $bbc_codes = array(), $itemcodes = array(), $no_autolink_tags = array(); static $disabled; // Don't waste cycles if ($message === '') { return ''; } // Never show smileys for wireless clients. More bytes, can't see it anyway :P. if (WIRELESS) { $smileys = false; } elseif ($smileys !== null && ($smileys == '1' || $smileys == '0')) { $smileys = (bool) $smileys; } if (empty($modSettings['enableBBC']) && $message !== false) { if ($smileys === true) { parsesmileys($message); } return $message; } // Just in case it wasn't determined yet whether UTF-8 is enabled. if (!isset($context['utf8'])) { $context['utf8'] = (empty($modSettings['global_character_set']) ? $txt['lang_character_set'] : $modSettings['global_character_set']) === 'UTF-8'; } // If we are not doing every tag then we don't cache this run. if (!empty($parse_tags) && !empty($bbc_codes)) { $temp_bbc = $bbc_codes; $bbc_codes = array(); } // Ohara youtube embed $message = OYTE_Preparse($message); // Sift out the bbc for a performance improvement. if (empty($bbc_codes) || $message === false || !empty($parse_tags)) { if (!empty($modSettings['disabledBBC'])) { $temp = explode(',', strtolower($modSettings['disabledBBC'])); foreach ($temp as $tag) { $disabled[trim($tag)] = true; } } if (empty($modSettings['enableEmbeddedFlash'])) { $disabled['flash'] = true; } /* The following bbc are formatted as an array, with keys as follows: tag: the tag's name - should be lowercase! type: one of... - (missing): [tag]parsed content[/tag] - unparsed_equals: [tag=xyz]parsed content[/tag] - parsed_equals: [tag=parsed data]parsed content[/tag] - unparsed_content: [tag]unparsed content[/tag] - closed: [tag], [tag/], [tag /] - unparsed_commas: [tag=1,2,3]parsed content[/tag] - unparsed_commas_content: [tag=1,2,3]unparsed content[/tag] - unparsed_equals_content: [tag=...]unparsed content[/tag] parameters: an optional array of parameters, for the form [tag abc=123]content[/tag]. The array is an associative array where the keys are the parameter names, and the values are an array which may contain the following: - match: a regular expression to validate and match the value. - quoted: true if the value should be quoted. - validate: callback to evaluate on the data, which is $data. - value: a string in which to replace $1 with the data. either it or validate may be used, not both. - optional: true if the parameter is optional. test: a regular expression to test immediately after the tag's '=', ' ' or ']'. Typically, should have a \] at the end. Optional. content: only available for unparsed_content, closed, unparsed_commas_content, and unparsed_equals_content. $1 is replaced with the content of the tag. Parameters are replaced in the form {param}. For unparsed_commas_content, $2, $3, ..., $n are replaced. before: only when content is not used, to go before any content. For unparsed_equals, $1 is replaced with the value. For unparsed_commas, $1, $2, ..., $n are replaced. after: similar to before in every way, except that it is used when the tag is closed. disabled_content: used in place of content when the tag is disabled. For closed, default is '', otherwise it is '$1' if block_level is false, '<div>$1</div>' elsewise. disabled_before: used in place of before when disabled. Defaults to '<div>' if block_level, '' if not. disabled_after: used in place of after when disabled. Defaults to '</div>' if block_level, '' if not. block_level: set to true the tag is a "block level" tag, similar to HTML. Block level tags cannot be nested inside tags that are not block level, and will not be implicitly closed as easily. One break following a block level tag may also be removed. trim: if set, and 'inside' whitespace after the begin tag will be removed. If set to 'outside', whitespace after the end tag will meet the same fate. validate: except when type is missing or 'closed', a callback to validate the data as $data. Depending on the tag's type, $data may be a string or an array of strings (corresponding to the replacement.) quoted: when type is 'unparsed_equals' or 'parsed_equals' only, may be not set, 'optional', or 'required' corresponding to if the content may be quoted. This allows the parser to read [tag="abc]def[esdf]"] properly. require_parents: an array of tag names, or not set. If set, the enclosing tag *must* be one of the listed tags, or parsing won't occur. require_children: similar to require_parents, if set children won't be parsed if they are not in the list. disallow_children: similar to, but very different from, require_children, if it is set the listed tags will not be parsed inside the tag. parsed_tags_allowed: an array restricting what BBC can be in the parsed_equals parameter, if desired. */ $codes = array(array('tag' => 'abbr', 'type' => 'unparsed_equals', 'before' => '<abbr title="$1">', 'after' => '</abbr>', 'quoted' => 'optional', 'disabled_after' => ' ($1)'), array('tag' => 'acronym', 'type' => 'unparsed_equals', 'before' => '<acronym title="$1">', 'after' => '</acronym>', 'quoted' => 'optional', 'disabled_after' => ' ($1)'), array('tag' => 'anchor', 'type' => 'unparsed_equals', 'test' => '[#]?([A-Za-z][A-Za-z0-9_\\-]*)\\]', 'before' => '<span id="post_$1">', 'after' => '</span>'), array('tag' => 'b', 'before' => '<strong>', 'after' => '</strong>'), array('tag' => 'bdo', 'type' => 'unparsed_equals', 'before' => '<bdo dir="$1">', 'after' => '</bdo>', 'test' => '(rtl|ltr)\\]', 'block_level' => true), array('tag' => 'black', 'before' => '<span style="color: black;" class="bbc_color">', 'after' => '</span>'), array('tag' => 'blue', 'before' => '<span style="color: blue;" class="bbc_color">', 'after' => '</span>'), array('tag' => 'br', 'type' => 'closed', 'content' => '<br />'), array('tag' => 'center', 'before' => '<div align="center">', 'after' => '</div>', 'block_level' => true), array('tag' => 'code', 'type' => 'unparsed_content', 'content' => '<div class="codeheader">' . $txt['code'] . ': <a href="javascript:void(0);" onclick="return smfSelectText(this);" class="codeoperation">' . $txt['code_select'] . '</a></div>' . ($context['browser']['is_gecko'] || $context['browser']['is_opera'] ? '<pre style="margin: 0; padding: 0;">' : '') . '<code class="bbc_code">$1</code>' . ($context['browser']['is_gecko'] || $context['browser']['is_opera'] ? '</pre>' : ''), 'validate' => isset($disabled['code']) ? null : create_function('&$tag, &$data, $disabled', ' global $context; if (!isset($disabled[\'code\'])) { $php_parts = preg_split(\'~(<\\?php|\\?>)~\', $data, -1, PREG_SPLIT_DELIM_CAPTURE); for ($php_i = 0, $php_n = count($php_parts); $php_i < $php_n; $php_i++) { // Do PHP code coloring? if ($php_parts[$php_i] != \'<?php\') continue; $php_string = \'\'; while ($php_i + 1 < count($php_parts) && $php_parts[$php_i] != \'?>\') { $php_string .= $php_parts[$php_i]; $php_parts[$php_i++] = \'\'; } $php_parts[$php_i] = highlight_php_code($php_string . $php_parts[$php_i]); } // Fix the PHP code stuff... $data = str_replace("<pre style=\\"display: inline;\\">\\t</pre>", "\\t", implode(\'\', $php_parts)); // Older browsers are annoying, aren\'t they? if ($context[\'browser\'][\'is_ie4\'] || $context[\'browser\'][\'is_ie5\'] || $context[\'browser\'][\'is_ie5.5\']) $data = str_replace("\\t", "<pre style=\\"display: inline;\\">\\t</pre>", $data); else $data = str_replace("\\t", "<span style=\\"white-space: pre;\\">\\t</span>", $data); // Recent Opera bug requiring temporary fix. &nsbp; is needed before </code> to avoid broken selection. if ($context[\'browser\'][\'is_opera\']) $data .= \' \'; }'), 'block_level' => true), array('tag' => 'code', 'type' => 'unparsed_equals_content', 'content' => '<div class="codeheader">' . $txt['code'] . ': ($2) <a href="#" onclick="return smfSelectText(this);" class="codeoperation">' . $txt['code_select'] . '</a></div>' . ($context['browser']['is_gecko'] || $context['browser']['is_opera'] ? '<pre style="margin: 0; padding: 0;">' : '') . '<code class="bbc_code">$1</code>' . ($context['browser']['is_gecko'] || $context['browser']['is_opera'] ? '</pre>' : ''), 'validate' => isset($disabled['code']) ? null : create_function('&$tag, &$data, $disabled', ' global $context; if (!isset($disabled[\'code\'])) { $php_parts = preg_split(\'~(<\\?php|\\?>)~\', $data[0], -1, PREG_SPLIT_DELIM_CAPTURE); for ($php_i = 0, $php_n = count($php_parts); $php_i < $php_n; $php_i++) { // Do PHP code coloring? if ($php_parts[$php_i] != \'<?php\') continue; $php_string = \'\'; while ($php_i + 1 < count($php_parts) && $php_parts[$php_i] != \'?>\') { $php_string .= $php_parts[$php_i]; $php_parts[$php_i++] = \'\'; } $php_parts[$php_i] = highlight_php_code($php_string . $php_parts[$php_i]); } // Fix the PHP code stuff... $data[0] = str_replace("<pre style=\\"display: inline;\\">\\t</pre>", "\\t", implode(\'\', $php_parts)); // Older browsers are annoying, aren\'t they? if ($context[\'browser\'][\'is_ie4\'] || $context[\'browser\'][\'is_ie5\'] || $context[\'browser\'][\'is_ie5.5\']) $data[0] = str_replace("\\t", "<pre style=\\"display: inline;\\">\\t</pre>", $data[0]); else $data[0] = str_replace("\\t", "<span style=\\"white-space: pre;\\">\\t</span>", $data[0]); // Recent Opera bug requiring temporary fix. &nsbp; is needed before </code> to avoid broken selection. if ($context[\'browser\'][\'is_opera\']) $data[0] .= \' \'; }'), 'block_level' => true), array('tag' => 'color', 'type' => 'unparsed_equals', 'test' => '(#[\\da-fA-F]{3}|#[\\da-fA-F]{6}|[A-Za-z]{1,20}|rgb\\(\\d{1,3}, ?\\d{1,3}, ?\\d{1,3}\\))\\]', 'before' => '<span style="color: $1;" class="bbc_color">', 'after' => '</span>'), array('tag' => 'email', 'type' => 'unparsed_content', 'content' => '<a href="mailto:$1" class="bbc_email">$1</a>', 'validate' => create_function('&$tag, &$data, $disabled', '$data = strtr($data, array(\'<br />\' => \'\'));')), array('tag' => 'email', 'type' => 'unparsed_equals', 'before' => '<a href="mailto:$1" class="bbc_email">', 'after' => '</a>', 'disallow_children' => array('email', 'ftp', 'url', 'iurl'), 'disabled_after' => ' ($1)'), array('tag' => 'flash', 'type' => 'unparsed_commas_content', 'test' => '\\d+,\\d+\\]', 'content' => $context['browser']['is_ie'] && !$context['browser']['is_mac_ie'] ? '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="$2" height="$3"><param name="movie" value="$1" /><param name="play" value="true" /><param name="loop" value="true" /><param name="quality" value="high" /><param name="AllowScriptAccess" value="never" /><embed src="$1" width="$2" height="$3" play="true" loop="true" quality="high" AllowScriptAccess="never" /><noembed><a href="$1" target="_blank" class="new_win">$1</a></noembed></object>' : '<embed type="application/x-shockwave-flash" src="$1" width="$2" height="$3" play="true" loop="true" quality="high" AllowScriptAccess="never" /><noembed><a href="$1" target="_blank" class="new_win">$1</a></noembed>', 'validate' => create_function('&$tag, &$data, $disabled', ' if (isset($disabled[\'url\'])) $tag[\'content\'] = \'$1\'; elseif (strpos($data[0], \'http://\') !== 0 && strpos($data[0], \'https://\') !== 0) $data[0] = \'http://\' . $data[0]; '), 'disabled_content' => '<a href="$1" target="_blank" class="new_win">$1</a>'), array('tag' => 'font', 'type' => 'unparsed_equals', 'test' => '[A-Za-z0-9_,\\-\\s]+?\\]', 'before' => '<span style="font-family: $1;" class="bbc_font">', 'after' => '</span>'), array('tag' => 'ftp', 'type' => 'unparsed_content', 'content' => '<a href="$1" class="bbc_ftp new_win" target="_blank">$1</a>', 'validate' => create_function('&$tag, &$data, $disabled', ' $data = strtr($data, array(\'<br />\' => \'\')); if (strpos($data, \'ftp://\') !== 0 && strpos($data, \'ftps://\') !== 0) $data = \'ftp://\' . $data; ')), array('tag' => 'ftp', 'type' => 'unparsed_equals', 'before' => '<a href="$1" class="bbc_ftp new_win" target="_blank">', 'after' => '</a>', 'validate' => create_function('&$tag, &$data, $disabled', ' if (strpos($data, \'ftp://\') !== 0 && strpos($data, \'ftps://\') !== 0) $data = \'ftp://\' . $data; '), 'disallow_children' => array('email', 'ftp', 'url', 'iurl'), 'disabled_after' => ' ($1)'), array('tag' => 'glow', 'type' => 'unparsed_commas', 'test' => '[#0-9a-zA-Z\\-]{3,12},([012]\\d{1,2}|\\d{1,2})(,[^]]+)?\\]', 'before' => $context['browser']['is_ie'] ? '<table border="0" cellpadding="0" cellspacing="0" style="display: inline; vertical-align: middle; font: inherit;"><tr><td style="filter: Glow(color=$1, strength=$2); font: inherit;">' : '<span style="text-shadow: $1 1px 1px 1px">', 'after' => $context['browser']['is_ie'] ? '</td></tr></table> ' : '</span>'), array('tag' => 'green', 'before' => '<span style="color: green;" class="bbc_color">', 'after' => '</span>'), array('tag' => 'html', 'type' => 'unparsed_content', 'content' => '$1', 'block_level' => true, 'disabled_content' => '$1'), array('tag' => 'hr', 'type' => 'closed', 'content' => '<hr />', 'block_level' => true), array('tag' => 'i', 'before' => '<em>', 'after' => '</em>'), array('tag' => 'img', 'type' => 'unparsed_content', 'parameters' => array('alt' => array('optional' => true), 'width' => array('optional' => true, 'value' => ' width="$1"', 'match' => '(\\d+)'), 'height' => array('optional' => true, 'value' => ' height="$1"', 'match' => '(\\d+)')), 'content' => '<img src="$1" alt="{alt}"{width}{height} class="bbc_img resized" />', 'validate' => create_function('&$tag, &$data, $disabled', ' $data = strtr($data, array(\'<br />\' => \'\')); if (strpos($data, \'http://\') !== 0 && strpos($data, \'https://\') !== 0) $data = \'http://\' . $data; '), 'disabled_content' => '($1)'), array('tag' => 'img', 'type' => 'unparsed_content', 'content' => '<img src="$1" alt="" class="bbc_img" />', 'validate' => create_function('&$tag, &$data, $disabled', ' $data = strtr($data, array(\'<br />\' => \'\')); if (strpos($data, \'http://\') !== 0 && strpos($data, \'https://\') !== 0) $data = \'http://\' . $data; '), 'disabled_content' => '($1)'), array('tag' => 'iurl', 'type' => 'unparsed_content', 'content' => '<a href="$1" class="bbc_link">$1</a>', 'validate' => create_function('&$tag, &$data, $disabled', ' $data = strtr($data, array(\'<br />\' => \'\')); if (strpos($data, \'http://\') !== 0 && strpos($data, \'https://\') !== 0) $data = \'http://\' . $data; ')), array('tag' => 'iurl', 'type' => 'unparsed_equals', 'before' => '<a href="$1" class="bbc_link">', 'after' => '</a>', 'validate' => create_function('&$tag, &$data, $disabled', ' if (substr($data, 0, 1) == \'#\') $data = \'#post_\' . substr($data, 1); elseif (strpos($data, \'http://\') !== 0 && strpos($data, \'https://\') !== 0) $data = \'http://\' . $data; '), 'disallow_children' => array('email', 'ftp', 'url', 'iurl'), 'disabled_after' => ' ($1)'), array('tag' => 'left', 'before' => '<div style="text-align: left;">', 'after' => '</div>', 'block_level' => true), array('tag' => 'li', 'before' => '<li>', 'after' => '</li>', 'trim' => 'outside', 'require_parents' => array('list'), 'block_level' => true, 'disabled_before' => '', 'disabled_after' => '<br />'), array('tag' => 'list', 'before' => '<ul class="bbc_list">', 'after' => '</ul>', 'trim' => 'inside', 'require_children' => array('li', 'list'), 'block_level' => true), array('tag' => 'list', 'parameters' => array('type' => array('match' => '(none|disc|circle|square|decimal|decimal-leading-zero|lower-roman|upper-roman|lower-alpha|upper-alpha|lower-greek|lower-latin|upper-latin|hebrew|armenian|georgian|cjk-ideographic|hiragana|katakana|hiragana-iroha|katakana-iroha)')), 'before' => '<ul class="bbc_list" style="list-style-type: {type};">', 'after' => '</ul>', 'trim' => 'inside', 'require_children' => array('li'), 'block_level' => true), array('tag' => 'ltr', 'before' => '<div dir="ltr">', 'after' => '</div>', 'block_level' => true), array('tag' => 'me', 'type' => 'unparsed_equals', 'before' => '<div class="meaction">* $1 ', 'after' => '</div>', 'quoted' => 'optional', 'block_level' => true, 'disabled_before' => '/me ', 'disabled_after' => '<br />'), array('tag' => 'move', 'before' => '<marquee>', 'after' => '</marquee>', 'block_level' => true, 'disallow_children' => array('move')), array('tag' => 'nobbc', 'type' => 'unparsed_content', 'content' => '$1'), array('tag' => 'php', 'type' => 'unparsed_content', 'content' => '<span class="phpcode">$1</span>', 'validate' => isset($disabled['php']) ? null : create_function('&$tag, &$data, $disabled', ' if (!isset($disabled[\'php\'])) { $add_begin = substr(trim($data), 0, 5) != \'<?\'; $data = highlight_php_code($add_begin ? \'<?php \' . $data . \'?>\' : $data); if ($add_begin) $data = preg_replace(array(\'~^(.+?)<\\?.{0,40}?php(?: |\\s)~\', \'~\\?>((?:</(font|span)>)*)$~\'), \'$1\', $data, 2); }'), 'block_level' => false, 'disabled_content' => '$1'), array('tag' => 'pre', 'before' => '<pre>', 'after' => '</pre>'), array('tag' => 'quote', 'before' => '<div class="quoteheader"><div class="topslice_quote">' . $txt['quote'] . '</div></div><blockquote>', 'after' => '</blockquote><div class="quotefooter"><div class="botslice_quote"></div></div>', 'block_level' => true), array('tag' => 'quote', 'parameters' => array('author' => array('match' => '(.{1,192}?)', 'quoted' => true)), 'before' => '<div class="quoteheader"><div class="topslice_quote">' . $txt['quote_from'] . ': {author}</div></div><blockquote>', 'after' => '</blockquote><div class="quotefooter"><div class="botslice_quote"></div></div>', 'block_level' => true), array('tag' => 'quote', 'type' => 'parsed_equals', 'before' => '<div class="quoteheader"><div class="topslice_quote">' . $txt['quote_from'] . ': $1</div></div><blockquote>', 'after' => '</blockquote><div class="quotefooter"><div class="botslice_quote"></div></div>', 'quoted' => 'optional', 'parsed_tags_allowed' => array('url', 'iurl', 'ftp'), 'block_level' => true), array('tag' => 'quote', 'parameters' => array('author' => array('match' => '([^<>]{1,192}?)'), 'link' => array('match' => '(?:board=\\d+;)?((?:topic|threadid)=[\\dmsg#\\./]{1,40}(?:;start=[\\dmsg#\\./]{1,40})?|action=profile;u=\\d+)'), 'date' => array('match' => '(\\d+)', 'validate' => 'timeformat')), 'before' => '<div class="quoteheader"><div class="topslice_quote"><a href="' . $scripturl . '?{link}">' . $txt['quote_from'] . ': {author} ' . $txt['search_on'] . ' {date}</a></div></div><blockquote>', 'after' => '</blockquote><div class="quotefooter"><div class="botslice_quote"></div></div>', 'block_level' => true), array('tag' => 'quote', 'parameters' => array('author' => array('match' => '(.{1,192}?)')), 'before' => '<div class="quoteheader"><div class="topslice_quote">' . $txt['quote_from'] . ': {author}</div></div><blockquote>', 'after' => '</blockquote><div class="quotefooter"><div class="botslice_quote"></div></div>', 'block_level' => true), array('tag' => 'red', 'before' => '<span style="color: red;" class="bbc_color">', 'after' => '</span>'), array('tag' => 'right', 'before' => '<div style="text-align: right;">', 'after' => '</div>', 'block_level' => true), array('tag' => 'rtl', 'before' => '<div dir="rtl">', 'after' => '</div>', 'block_level' => true), array('tag' => 's', 'before' => '<del>', 'after' => '</del>'), array('tag' => 'shadow', 'type' => 'unparsed_commas', 'test' => '[#0-9a-zA-Z\\-]{3,12},(left|right|top|bottom|[0123]\\d{0,2})\\]', 'before' => $context['browser']['is_ie'] ? '<span style="display: inline-block; filter: Shadow(color=$1, direction=$2); height: 1.2em;">' : '<span style="text-shadow: $1 $2">', 'after' => '</span>', 'validate' => $context['browser']['is_ie'] ? create_function('&$tag, &$data, $disabled', ' if ($data[1] == \'left\') $data[1] = 270; elseif ($data[1] == \'right\') $data[1] = 90; elseif ($data[1] == \'top\') $data[1] = 0; elseif ($data[1] == \'bottom\') $data[1] = 180; else $data[1] = (int) $data[1];') : create_function('&$tag, &$data, $disabled', ' if ($data[1] == \'top\' || (is_numeric($data[1]) && $data[1] < 50)) $data[1] = \'0 -2px 1px\'; elseif ($data[1] == \'right\' || (is_numeric($data[1]) && $data[1] < 100)) $data[1] = \'2px 0 1px\'; elseif ($data[1] == \'bottom\' || (is_numeric($data[1]) && $data[1] < 190)) $data[1] = \'0 2px 1px\'; elseif ($data[1] == \'left\' || (is_numeric($data[1]) && $data[1] < 280)) $data[1] = \'-2px 0 1px\'; else $data[1] = \'1px 1px 1px\';')), array('tag' => 'size', 'type' => 'unparsed_equals', 'test' => '([1-9][\\d]?p[xt]|small(?:er)?|large[r]?|x[x]?-(?:small|large)|medium|(0\\.[1-9]|[1-9](\\.[\\d][\\d]?)?)?em)\\]', 'before' => '<span style="font-size: $1;" class="bbc_size">', 'after' => '</span>'), array('tag' => 'size', 'type' => 'unparsed_equals', 'test' => '[1-7]\\]', 'before' => '<span style="font-size: $1;" class="bbc_size">', 'after' => '</span>', 'validate' => create_function('&$tag, &$data, $disabled', ' $sizes = array(1 => 0.7, 2 => 1.0, 3 => 1.35, 4 => 1.45, 5 => 2.0, 6 => 2.65, 7 => 3.95); $data = $sizes[$data] . \'em\';')), array('tag' => 'sub', 'before' => '<sub>', 'after' => '</sub>'), array('tag' => 'sup', 'before' => '<sup>', 'after' => '</sup>'), array('tag' => 'table', 'before' => '<table class="bbc_table">', 'after' => '</table>', 'trim' => 'inside', 'require_children' => array('tr'), 'block_level' => true), array('tag' => 'td', 'before' => '<td>', 'after' => '</td>', 'require_parents' => array('tr'), 'trim' => 'outside', 'block_level' => true, 'disabled_before' => '', 'disabled_after' => ''), array('tag' => 'time', 'type' => 'unparsed_content', 'content' => '$1', 'validate' => create_function('&$tag, &$data, $disabled', ' if (is_numeric($data)) $data = timeformat($data); else $tag[\'content\'] = \'[time]$1[/time]\';')), array('tag' => 'tr', 'before' => '<tr>', 'after' => '</tr>', 'require_parents' => array('table'), 'require_children' => array('td'), 'trim' => 'both', 'block_level' => true, 'disabled_before' => '', 'disabled_after' => ''), array('tag' => 'tt', 'before' => '<tt class="bbc_tt">', 'after' => '</tt>'), array('tag' => 'u', 'before' => '<span class="bbc_u">', 'after' => '</span>'), array('tag' => 'url', 'type' => 'unparsed_content', 'content' => '<a href="$1" class="bbc_link" target="_blank">$1</a>', 'validate' => create_function('&$tag, &$data, $disabled', ' $data = strtr($data, array(\'<br />\' => \'\')); if (strpos($data, \'http://\') !== 0 && strpos($data, \'https://\') !== 0) $data = \'http://\' . $data; ')), array('tag' => 'url', 'type' => 'unparsed_equals', 'before' => '<a href="$1" class="bbc_link" target="_blank">', 'after' => '</a>', 'validate' => create_function('&$tag, &$data, $disabled', ' if (strpos($data, \'http://\') !== 0 && strpos($data, \'https://\') !== 0) $data = \'http://\' . $data; '), 'disallow_children' => array('email', 'ftp', 'url', 'iurl'), 'disabled_after' => ' ($1)'), array('tag' => 'white', 'before' => '<span style="color: white;" class="bbc_color">', 'after' => '</span>'), array('tag' => 'nsfw', 'before' => '<figure class="nsfw"><figcaption><span><strong>NSFW</strong> content. </span><a>Click to show.</a></figcaption><div class="holder" style="display:none;">', 'after' => '</div></figure>'), array('tag' => 'video', 'type' => 'unparsed_content', 'content' => '<video controls autoplay loop muted style="max-width:100%; height:auto; margin:10px 10px 10px 0;" ><source src="$1" /></video>')); // Let mods add new BBC without hassle. call_integration_hook('integrate_bbc_codes', array(&$codes)); // This is mainly for the bbc manager, so it's easy to add tags above. Custom BBC should be added above this line. if ($message === false) { if (isset($temp_bbc)) { $bbc_codes = $temp_bbc; } return $codes; } // So the parser won't skip them. $itemcodes = array('*' => 'disc', '@' => 'disc', '+' => 'square', 'x' => 'square', '#' => 'square', 'o' => 'circle', 'O' => 'circle', '0' => 'circle'); if (!isset($disabled['li']) && !isset($disabled['list'])) { foreach ($itemcodes as $c => $dummy) { $bbc_codes[$c] = array(); } } // Inside these tags autolink is not recommendable. $no_autolink_tags = array('url', 'iurl', 'ftp', 'email'); // Shhhh! if (!isset($disabled['color'])) { $codes[] = array('tag' => 'chrissy', 'before' => '<span style="color: #cc0099;">', 'after' => ' :-*</span>'); $codes[] = array('tag' => 'kissy', 'before' => '<span style="color: #cc0099;">', 'after' => ' :-*</span>'); } // BBC [you] tag. ;) $codes[] = array('tag' => 'you', 'type' => 'closed', 'content' => !$context['user']['is_guest'] ? $context['user']['name'] : (!empty($txt[28]) ? $txt[28] : $txt['guest'])); foreach ($codes as $code) { // If we are not doing every tag only do ones we are interested in. if (empty($parse_tags) || in_array($code['tag'], $parse_tags)) { $bbc_codes[substr($code['tag'], 0, 1)][] = $code; } } $codes = null; } // Shall we take the time to cache this? if ($cache_id != '' && !empty($modSettings['cache_enable']) && ($modSettings['cache_enable'] >= 2 && strlen($message) > 1000 || strlen($message) > 2400) && empty($parse_tags)) { // It's likely this will change if the message is modified. $cache_key = 'parse:' . $cache_id . '-' . md5(md5($message) . '-' . $smileys . (empty($disabled) ? '' : implode(',', array_keys($disabled))) . serialize($context['browser']) . $txt['lang_locale'] . $user_info['time_offset'] . $user_info['time_format']); if (($temp = cache_get_data($cache_key, 240)) != null) { return $temp; } $cache_t = microtime(); } if ($smileys === 'print') { // [glow], [shadow], and [move] can't really be printed. $disabled['glow'] = true; $disabled['shadow'] = true; $disabled['move'] = true; // Colors can't well be displayed... supposed to be black and white. $disabled['color'] = true; $disabled['black'] = true; $disabled['blue'] = true; $disabled['white'] = true; $disabled['red'] = true; $disabled['green'] = true; $disabled['me'] = true; // Color coding doesn't make sense. $disabled['php'] = true; // Links are useless on paper... just show the link. $disabled['ftp'] = true; $disabled['url'] = true; $disabled['iurl'] = true; $disabled['email'] = true; $disabled['flash'] = true; // !!! Change maybe? if (!isset($_GET['images'])) { $disabled['img'] = true; } // !!! Interface/setting to add more? } $open_tags = array(); $message = strtr($message, array("\n" => '<br />')); // The non-breaking-space looks a bit different each time. $non_breaking_space = $context['utf8'] ? $context['server']['complex_preg_chars'] ? '\\x{A0}' : "Â " : '\\xA0'; // This saves time by doing our break long words checks here. if (!empty($modSettings['fixLongWords']) && $modSettings['fixLongWords'] > 5) { if ($context['browser']['is_gecko'] || $context['browser']['is_konqueror']) { $breaker = '<span style="margin: 0 -0.5ex 0 0;"> </span>'; } elseif ($context['browser']['is_opera']) { $breaker = '<span style="margin: 0 -0.65ex 0 -1px;"> </span>'; } else { $breaker = '<span style="width: 0; margin: 0 -0.6ex 0 -1px;"> </span>'; } // PCRE will not be happy if we don't give it a short. $modSettings['fixLongWords'] = (int) min(65535, $modSettings['fixLongWords']); } $pos = -1; while ($pos !== false) { $last_pos = isset($last_pos) ? max($pos, $last_pos) : $pos; $pos = strpos($message, '[', $pos + 1); // Failsafe. if ($pos === false || $last_pos > $pos) { $pos = strlen($message) + 1; } // Can't have a one letter smiley, URL, or email! (sorry.) if ($last_pos < $pos - 1) { // Make sure the $last_pos is not negative. $last_pos = max($last_pos, 0); // Pick a block of data to do some raw fixing on. $data = substr($message, $last_pos, $pos - $last_pos); // Take care of some HTML! if (!empty($modSettings['enablePostHTML']) && strpos($data, '<') !== false) { $data = preg_replace('~<a\\s+href=((?:")?)((?:https?://|ftps?://|mailto:)\\S+?)\\1>~i', '[url=$2]', $data); $data = preg_replace('~</a>~i', '[/url]', $data); // <br /> should be empty. $empty_tags = array('br', 'hr'); foreach ($empty_tags as $tag) { $data = str_replace(array('<' . $tag . '>', '<' . $tag . '/>', '<' . $tag . ' />'), '[' . $tag . ' /]', $data); } // b, u, i, s, pre... basic tags. $closable_tags = array('b', 'u', 'i', 's', 'em', 'ins', 'del', 'pre', 'blockquote'); foreach ($closable_tags as $tag) { $diff = substr_count($data, '<' . $tag . '>') - substr_count($data, '</' . $tag . '>'); $data = strtr($data, array('<' . $tag . '>' => '<' . $tag . '>', '</' . $tag . '>' => '</' . $tag . '>')); if ($diff > 0) { $data = substr($data, 0, -1) . str_repeat('</' . $tag . '>', $diff) . substr($data, -1); } } // Do <img ... /> - with security... action= -> action-. preg_match_all('~<img\\s+src=((?:")?)((?:https?://|ftps?://)\\S+?)\\1(?:\\s+alt=(".*?"|\\S*?))?(?:\\s?/)?>~i', $data, $matches, PREG_PATTERN_ORDER); if (!empty($matches[0])) { $replaces = array(); foreach ($matches[2] as $match => $imgtag) { $alt = empty($matches[3][$match]) ? '' : ' alt=' . preg_replace('~^"|"$~', '', $matches[3][$match]); // Remove action= from the URL - no funny business, now. if (preg_match('~action(=|%3d)(?!dlattach)~i', $imgtag) != 0) { $imgtag = preg_replace('~action(?:=|%3d)(?!dlattach)~i', 'action-', $imgtag); } // Check if the image is larger than allowed. if (!empty($modSettings['max_image_width']) && !empty($modSettings['max_image_height'])) { list($width, $height) = url_image_size($imgtag); if (!empty($modSettings['max_image_width']) && $width > $modSettings['max_image_width']) { $height = (int) ($modSettings['max_image_width'] * $height / $width); $width = $modSettings['max_image_width']; } if (!empty($modSettings['max_image_height']) && $height > $modSettings['max_image_height']) { $width = (int) ($modSettings['max_image_height'] * $width / $height); $height = $modSettings['max_image_height']; } // Set the new image tag. $replaces[$matches[0][$match]] = '[img width=' . $width . ' height=' . $height . $alt . ']' . $imgtag . '[/img]'; } else { $replaces[$matches[0][$match]] = '[img' . $alt . ']' . $imgtag . '[/img]'; } } $data = strtr($data, $replaces); } } if (!empty($modSettings['autoLinkUrls'])) { // Are we inside tags that should be auto linked? $no_autolink_area = false; if (!empty($open_tags)) { foreach ($open_tags as $open_tag) { if (in_array($open_tag['tag'], $no_autolink_tags)) { $no_autolink_area = true; } } } // Don't go backwards. //!!! Don't think is the real solution.... $lastAutoPos = isset($lastAutoPos) ? $lastAutoPos : 0; if ($pos < $lastAutoPos) { $no_autolink_area = true; } $lastAutoPos = $pos; if (!$no_autolink_area) { // Parse any URLs.... have to get rid of the @ problems some things cause... stupid email addresses. if (!isset($disabled['url']) && (strpos($data, '://') !== false || strpos($data, 'www.') !== false) && strpos($data, '[url') === false) { // Switch out quotes really quick because they can cause problems. $data = strtr($data, array(''' => '\'', ' ' => $context['utf8'] ? "Â " : " ", '"' => '>">', '"' => '<"<', '<' => '<lt<')); // Only do this if the preg survives. if (is_string($result = preg_replace(array('~(?<=[\\s>\\.(;\'"]|^)((?:http|https)://[\\w\\-_%@:|]+(?:\\.[\\w\\-_%]+)*(?::\\d+)?(?:/[\\w\\-_\\~%\\.@!,\\?&;=#(){}+:\'\\\\]*)*[/\\w\\-_\\~%@\\?;=#}\\\\])~i', '~(?<=[\\s>\\.(;\'"]|^)((?:ftp|ftps)://[\\w\\-_%@:|]+(?:\\.[\\w\\-_%]+)*(?::\\d+)?(?:/[\\w\\-_\\~%\\.@,\\?&;=#(){}+:\'\\\\]*)*[/\\w\\-_\\~%@\\?;=#}\\\\])~i', '~(?<=[\\s>(\'<]|^)(www(?:\\.[\\w\\-_]+)+(?::\\d+)?(?:/[\\w\\-_\\~%\\.@!,\\?&;=#(){}+:\'\\\\]*)*[/\\w\\-_\\~%@\\?;=#}\\\\])~i'), array('[url]$1[/url]', '[ftp]$1[/ftp]', '[url=http://$1]$1[/url]'), $data))) { $data = $result; } $data = strtr($data, array('\'' => ''', $context['utf8'] ? "Â " : " " => ' ', '>">' => '"', '<"<' => '"', '<lt<' => '<')); } // Next, emails... if (!isset($disabled['email']) && strpos($data, '@') !== false && strpos($data, '[email') === false) { $data = preg_replace('~(?<=[\\?\\s' . $non_breaking_space . '\\[\\]()*\\\\;>]|^)([\\w\\-\\.]{1,80}@[\\w\\-]+\\.[\\w\\-\\.]+[\\w\\-])(?=[?,\\s' . $non_breaking_space . '\\[\\]()*\\\\]|$|<br />| |>|<|"|'|\\.(?:\\.|;| |\\s|$|<br />))~' . ($context['utf8'] ? 'u' : ''), '[email]$1[/email]', $data); $data = preg_replace('~(?<=<br />)([\\w\\-\\.]{1,80}@[\\w\\-]+\\.[\\w\\-\\.]+[\\w\\-])(?=[?\\.,;\\s' . $non_breaking_space . '\\[\\]()*\\\\]|$|<br />| |>|<|"|')~' . ($context['utf8'] ? 'u' : ''), '[email]$1[/email]', $data); } } } $data = strtr($data, array("\t" => ' ')); if (!empty($modSettings['fixLongWords']) && $modSettings['fixLongWords'] > 5) { // The idea is, find words xx long, and then replace them with xx + space + more. if ($smcFunc['strlen']($data) > $modSettings['fixLongWords']) { // This is done in a roundabout way because $breaker has "long words" :P. $data = strtr($data, array($breaker => '< >', ' ' => $context['utf8'] ? "Â " : " ")); $data = preg_replace_callback('~(?<=[>;:!? ' . $non_breaking_space . '\\]()]|^)([\\w' . ($context['utf8'] ? '\\pL' : '') . '\\.]{' . $modSettings['fixLongWords'] . ',})~' . ($context['utf8'] ? 'u' : ''), 'word_break__preg_callback', $data); $data = strtr($data, array('< >' => $breaker, $context['utf8'] ? "Â " : " " => ' ')); } } // If it wasn't changed, no copying or other boring stuff has to happen! if ($data != substr($message, $last_pos, $pos - $last_pos)) { $message = substr($message, 0, $last_pos) . $data . substr($message, $pos); // Since we changed it, look again in case we added or removed a tag. But we don't want to skip any. $old_pos = strlen($data) + $last_pos; $pos = strpos($message, '[', $last_pos); $pos = $pos === false ? $old_pos : min($pos, $old_pos); } } // Are we there yet? Are we there yet? if ($pos >= strlen($message) - 1) { break; } $tags = strtolower(substr($message, $pos + 1, 1)); if ($tags == '/' && !empty($open_tags)) { $pos2 = strpos($message, ']', $pos + 1); if ($pos2 == $pos + 2) { continue; } $look_for = strtolower(substr($message, $pos + 2, $pos2 - $pos - 2)); $to_close = array(); $block_level = null; do { $tag = array_pop($open_tags); if (!$tag) { break; } if (!empty($tag['block_level'])) { // Only find out if we need to. if ($block_level === false) { array_push($open_tags, $tag); break; } // The idea is, if we are LOOKING for a block level tag, we can close them on the way. if (strlen($look_for) > 0 && isset($bbc_codes[$look_for[0]])) { foreach ($bbc_codes[$look_for[0]] as $temp) { if ($temp['tag'] == $look_for) { $block_level = !empty($temp['block_level']); break; } } } if ($block_level !== true) { $block_level = false; array_push($open_tags, $tag); break; } } $to_close[] = $tag; } while ($tag['tag'] != $look_for); // Did we just eat through everything and not find it? if (empty($open_tags) && (empty($tag) || $tag['tag'] != $look_for)) { $open_tags = $to_close; continue; } elseif (!empty($to_close) && $tag['tag'] != $look_for) { if ($block_level === null && isset($look_for[0], $bbc_codes[$look_for[0]])) { foreach ($bbc_codes[$look_for[0]] as $temp) { if ($temp['tag'] == $look_for) { $block_level = !empty($temp['block_level']); break; } } } // We're not looking for a block level tag (or maybe even a tag that exists...) if (!$block_level) { foreach ($to_close as $tag) { array_push($open_tags, $tag); } continue; } } foreach ($to_close as $tag) { $message = substr($message, 0, $pos) . "\n" . $tag['after'] . "\n" . substr($message, $pos2 + 1); $pos += strlen($tag['after']) + 2; $pos2 = $pos - 1; // See the comment at the end of the big loop - just eating whitespace ;). if (!empty($tag['block_level']) && substr($message, $pos, 6) == '<br />') { $message = substr($message, 0, $pos) . substr($message, $pos + 6); } if (!empty($tag['trim']) && $tag['trim'] != 'inside' && preg_match('~(<br />| |\\s)*~', substr($message, $pos), $matches) != 0) { $message = substr($message, 0, $pos) . substr($message, $pos + strlen($matches[0])); } } if (!empty($to_close)) { $to_close = array(); $pos--; } continue; } // No tags for this character, so just keep going (fastest possible course.) if (!isset($bbc_codes[$tags])) { continue; } $inside = empty($open_tags) ? null : $open_tags[count($open_tags) - 1]; $tag = null; foreach ($bbc_codes[$tags] as $possible) { // Not a match? if (strtolower(substr($message, $pos + 1, strlen($possible['tag']))) != $possible['tag']) { continue; } $next_c = substr($message, $pos + 1 + strlen($possible['tag']), 1); // A test validation? if (isset($possible['test']) && preg_match('~^' . $possible['test'] . '~', substr($message, $pos + 1 + strlen($possible['tag']) + 1)) == 0) { continue; } elseif (!empty($possible['parameters'])) { if ($next_c != ' ') { continue; } } elseif (isset($possible['type'])) { // Do we need an equal sign? if (in_array($possible['type'], array('unparsed_equals', 'unparsed_commas', 'unparsed_commas_content', 'unparsed_equals_content', 'parsed_equals')) && $next_c != '=') { continue; } // Maybe we just want a /... if ($possible['type'] == 'closed' && $next_c != ']' && substr($message, $pos + 1 + strlen($possible['tag']), 2) != '/]' && substr($message, $pos + 1 + strlen($possible['tag']), 3) != ' /]') { continue; } // An immediate ]? if ($possible['type'] == 'unparsed_content' && $next_c != ']') { continue; } } elseif ($next_c != ']') { continue; } // Check allowed tree? if (isset($possible['require_parents']) && ($inside === null || !in_array($inside['tag'], $possible['require_parents']))) { continue; } elseif (isset($inside['require_children']) && !in_array($possible['tag'], $inside['require_children'])) { continue; } elseif (isset($inside['disallow_children']) && in_array($possible['tag'], $inside['disallow_children'])) { continue; } $pos1 = $pos + 1 + strlen($possible['tag']) + 1; // Quotes can have alternate styling, we do this php-side due to all the permutations of quotes. if ($possible['tag'] == 'quote') { // Start with standard $quote_alt = false; foreach ($open_tags as $open_quote) { // Every parent quote this quote has flips the styling if ($open_quote['tag'] == 'quote') { $quote_alt = !$quote_alt; } } // Add a class to the quote to style alternating blockquotes $possible['before'] = strtr($possible['before'], array('<blockquote>' => '<blockquote class="bbc_' . ($quote_alt ? 'alternate' : 'standard') . '_quote">')); } // This is long, but it makes things much easier and cleaner. if (!empty($possible['parameters'])) { $preg = array(); foreach ($possible['parameters'] as $p => $info) { $preg[] = '(\\s+' . $p . '=' . (empty($info['quoted']) ? '' : '"') . (isset($info['match']) ? $info['match'] : '(.+?)') . (empty($info['quoted']) ? '' : '"') . ')' . (empty($info['optional']) ? '' : '?'); } // Okay, this may look ugly and it is, but it's not going to happen much and it is the best way of allowing any order of parameters but still parsing them right. $match = false; $orders = permute($preg); foreach ($orders as $p) { if (preg_match('~^' . implode('', $p) . '\\]~i', substr($message, $pos1 - 1), $matches) != 0) { $match = true; break; } } // Didn't match our parameter list, try the next possible. if (!$match) { continue; } $params = array(); for ($i = 1, $n = count($matches); $i < $n; $i += 2) { $key = strtok(ltrim($matches[$i]), '='); if (isset($possible['parameters'][$key]['value'])) { $params['{' . $key . '}'] = strtr($possible['parameters'][$key]['value'], array('$1' => $matches[$i + 1])); } elseif (isset($possible['parameters'][$key]['validate'])) { $params['{' . $key . '}'] = $possible['parameters'][$key]['validate']($matches[$i + 1]); } else { $params['{' . $key . '}'] = $matches[$i + 1]; } // Just to make sure: replace any $ or { so they can't interpolate wrongly. $params['{' . $key . '}'] = strtr($params['{' . $key . '}'], array('$' => '$', '{' => '{')); } foreach ($possible['parameters'] as $p => $info) { if (!isset($params['{' . $p . '}'])) { $params['{' . $p . '}'] = ''; } } $tag = $possible; // Put the parameters into the string. if (isset($tag['before'])) { $tag['before'] = strtr($tag['before'], $params); } if (isset($tag['after'])) { $tag['after'] = strtr($tag['after'], $params); } if (isset($tag['content'])) { $tag['content'] = strtr($tag['content'], $params); } $pos1 += strlen($matches[0]) - 1; } else { $tag = $possible; } break; } // Item codes are complicated buggers... they are implicit [li]s and can make [list]s! if ($smileys !== false && $tag === null && isset($itemcodes[substr($message, $pos + 1, 1)]) && substr($message, $pos + 2, 1) == ']' && !isset($disabled['list']) && !isset($disabled['li'])) { if (substr($message, $pos + 1, 1) == '0' && !in_array(substr($message, $pos - 1, 1), array(';', ' ', "\t", '>'))) { continue; } $tag = $itemcodes[substr($message, $pos + 1, 1)]; // First let's set up the tree: it needs to be in a list, or after an li. if ($inside === null || $inside['tag'] != 'list' && $inside['tag'] != 'li') { $open_tags[] = array('tag' => 'list', 'after' => '</ul>', 'block_level' => true, 'require_children' => array('li'), 'disallow_children' => isset($inside['disallow_children']) ? $inside['disallow_children'] : null); $code = '<ul class="bbc_list">'; } elseif ($inside['tag'] == 'li') { array_pop($open_tags); $code = '</li>'; } else { $code = ''; } // Now we open a new tag. $open_tags[] = array('tag' => 'li', 'after' => '</li>', 'trim' => 'outside', 'block_level' => true, 'disallow_children' => isset($inside['disallow_children']) ? $inside['disallow_children'] : null); // First, open the tag... $code .= '<li' . ($tag == '' ? '' : ' type="' . $tag . '"') . '>'; $message = substr($message, 0, $pos) . "\n" . $code . "\n" . substr($message, $pos + 3); $pos += strlen($code) - 1 + 2; // Next, find the next break (if any.) If there's more itemcode after it, keep it going - otherwise close! $pos2 = strpos($message, '<br />', $pos); $pos3 = strpos($message, '[/', $pos); if ($pos2 !== false && ($pos2 <= $pos3 || $pos3 === false)) { preg_match('~^(<br />| |\\s|\\[)+~', substr($message, $pos2 + 6), $matches); $message = substr($message, 0, $pos2) . "\n" . (!empty($matches[0]) && substr($matches[0], -1) == '[' ? '[/li]' : '[/li][/list]') . "\n" . substr($message, $pos2); $open_tags[count($open_tags) - 2]['after'] = '</ul>'; } else { // Move the li over, because we're not sure what we'll hit. $open_tags[count($open_tags) - 1]['after'] = ''; $open_tags[count($open_tags) - 2]['after'] = '</li></ul>'; } continue; } // Implicitly close lists and tables if something other than what's required is in them. This is needed for itemcode. if ($tag === null && $inside !== null && !empty($inside['require_children'])) { array_pop($open_tags); $message = substr($message, 0, $pos) . "\n" . $inside['after'] . "\n" . substr($message, $pos); $pos += strlen($inside['after']) - 1 + 2; } // No tag? Keep looking, then. Silly people using brackets without actual tags. if ($tag === null) { continue; } // Propagate the list to the child (so wrapping the disallowed tag won't work either.) if (isset($inside['disallow_children'])) { $tag['disallow_children'] = isset($tag['disallow_children']) ? array_unique(array_merge($tag['disallow_children'], $inside['disallow_children'])) : $inside['disallow_children']; } // Is this tag disabled? if (isset($disabled[$tag['tag']])) { if (!isset($tag['disabled_before']) && !isset($tag['disabled_after']) && !isset($tag['disabled_content'])) { $tag['before'] = !empty($tag['block_level']) ? '<div>' : ''; $tag['after'] = !empty($tag['block_level']) ? '</div>' : ''; $tag['content'] = isset($tag['type']) && $tag['type'] == 'closed' ? '' : (!empty($tag['block_level']) ? '<div>$1</div>' : '$1'); } elseif (isset($tag['disabled_before']) || isset($tag['disabled_after'])) { $tag['before'] = isset($tag['disabled_before']) ? $tag['disabled_before'] : (!empty($tag['block_level']) ? '<div>' : ''); $tag['after'] = isset($tag['disabled_after']) ? $tag['disabled_after'] : (!empty($tag['block_level']) ? '</div>' : ''); } else { $tag['content'] = $tag['disabled_content']; } } // The only special case is 'html', which doesn't need to close things. if (!empty($tag['block_level']) && $tag['tag'] != 'html' && empty($inside['block_level'])) { $n = count($open_tags) - 1; while (empty($open_tags[$n]['block_level']) && $n >= 0) { $n--; } // Close all the non block level tags so this tag isn't surrounded by them. for ($i = count($open_tags) - 1; $i > $n; $i--) { $message = substr($message, 0, $pos) . "\n" . $open_tags[$i]['after'] . "\n" . substr($message, $pos); $pos += strlen($open_tags[$i]['after']) + 2; $pos1 += strlen($open_tags[$i]['after']) + 2; // Trim or eat trailing stuff... see comment at the end of the big loop. if (!empty($open_tags[$i]['block_level']) && substr($message, $pos, 6) == '<br />') { $message = substr($message, 0, $pos) . substr($message, $pos + 6); } if (!empty($open_tags[$i]['trim']) && $tag['trim'] != 'inside' && preg_match('~(<br />| |\\s)*~', substr($message, $pos), $matches) != 0) { $message = substr($message, 0, $pos) . substr($message, $pos + strlen($matches[0])); } array_pop($open_tags); } } // No type means 'parsed_content'. if (!isset($tag['type'])) { // !!! Check for end tag first, so people can say "I like that [i] tag"? $open_tags[] = $tag; $message = substr($message, 0, $pos) . "\n" . $tag['before'] . "\n" . substr($message, $pos1); $pos += strlen($tag['before']) - 1 + 2; } elseif ($tag['type'] == 'unparsed_content') { $pos2 = stripos($message, '[/' . substr($message, $pos + 1, strlen($tag['tag'])) . ']', $pos1); if ($pos2 === false) { continue; } $data = substr($message, $pos1, $pos2 - $pos1); if (!empty($tag['block_level']) && substr($data, 0, 6) == '<br />') { $data = substr($data, 6); } if (isset($tag['validate'])) { $tag['validate']($tag, $data, $disabled); } $code = strtr($tag['content'], array('$1' => $data)); $message = substr($message, 0, $pos) . "\n" . $code . "\n" . substr($message, $pos2 + 3 + strlen($tag['tag'])); $pos += strlen($code) - 1 + 2; $last_pos = $pos + 1; } elseif ($tag['type'] == 'unparsed_equals_content') { // The value may be quoted for some tags - check. if (isset($tag['quoted'])) { $quoted = substr($message, $pos1, 6) == '"'; if ($tag['quoted'] != 'optional' && !$quoted) { continue; } if ($quoted) { $pos1 += 6; } } else { $quoted = false; } $pos2 = strpos($message, $quoted == false ? ']' : '"]', $pos1); if ($pos2 === false) { continue; } $pos3 = stripos($message, '[/' . substr($message, $pos + 1, strlen($tag['tag'])) . ']', $pos2); if ($pos3 === false) { continue; } $data = array(substr($message, $pos2 + ($quoted == false ? 1 : 7), $pos3 - ($pos2 + ($quoted == false ? 1 : 7))), substr($message, $pos1, $pos2 - $pos1)); if (!empty($tag['block_level']) && substr($data[0], 0, 6) == '<br />') { $data[0] = substr($data[0], 6); } // Validation for my parking, please! if (isset($tag['validate'])) { $tag['validate']($tag, $data, $disabled); } $code = strtr($tag['content'], array('$1' => $data[0], '$2' => $data[1])); $message = substr($message, 0, $pos) . "\n" . $code . "\n" . substr($message, $pos3 + 3 + strlen($tag['tag'])); $pos += strlen($code) - 1 + 2; } elseif ($tag['type'] == 'closed') { $pos2 = strpos($message, ']', $pos); $message = substr($message, 0, $pos) . "\n" . $tag['content'] . "\n" . substr($message, $pos2 + 1); $pos += strlen($tag['content']) - 1 + 2; } elseif ($tag['type'] == 'unparsed_commas_content') { $pos2 = strpos($message, ']', $pos1); if ($pos2 === false) { continue; } $pos3 = stripos($message, '[/' . substr($message, $pos + 1, strlen($tag['tag'])) . ']', $pos2); if ($pos3 === false) { continue; } // We want $1 to be the content, and the rest to be csv. $data = explode(',', ',' . substr($message, $pos1, $pos2 - $pos1)); $data[0] = substr($message, $pos2 + 1, $pos3 - $pos2 - 1); if (isset($tag['validate'])) { $tag['validate']($tag, $data, $disabled); } $code = $tag['content']; foreach ($data as $k => $d) { $code = strtr($code, array('$' . ($k + 1) => trim($d))); } $message = substr($message, 0, $pos) . "\n" . $code . "\n" . substr($message, $pos3 + 3 + strlen($tag['tag'])); $pos += strlen($code) - 1 + 2; } elseif ($tag['type'] == 'unparsed_commas') { $pos2 = strpos($message, ']', $pos1); if ($pos2 === false) { continue; } $data = explode(',', substr($message, $pos1, $pos2 - $pos1)); if (isset($tag['validate'])) { $tag['validate']($tag, $data, $disabled); } // Fix after, for disabled code mainly. foreach ($data as $k => $d) { $tag['after'] = strtr($tag['after'], array('$' . ($k + 1) => trim($d))); } $open_tags[] = $tag; // Replace them out, $1, $2, $3, $4, etc. $code = $tag['before']; foreach ($data as $k => $d) { $code = strtr($code, array('$' . ($k + 1) => trim($d))); } $message = substr($message, 0, $pos) . "\n" . $code . "\n" . substr($message, $pos2 + 1); $pos += strlen($code) - 1 + 2; } elseif ($tag['type'] == 'unparsed_equals' || $tag['type'] == 'parsed_equals') { // The value may be quoted for some tags - check. if (isset($tag['quoted'])) { $quoted = substr($message, $pos1, 6) == '"'; if ($tag['quoted'] != 'optional' && !$quoted) { continue; } if ($quoted) { $pos1 += 6; } } else { $quoted = false; } $pos2 = strpos($message, $quoted == false ? ']' : '"]', $pos1); if ($pos2 === false) { continue; } $data = substr($message, $pos1, $pos2 - $pos1); // Validation for my parking, please! if (isset($tag['validate'])) { $tag['validate']($tag, $data, $disabled); } // For parsed content, we must recurse to avoid security problems. if ($tag['type'] != 'unparsed_equals') { $data = parse_bbc($data, !empty($tag['parsed_tags_allowed']) ? false : true, '', !empty($tag['parsed_tags_allowed']) ? $tag['parsed_tags_allowed'] : array()); } $tag['after'] = strtr($tag['after'], array('$1' => $data)); $open_tags[] = $tag; $code = strtr($tag['before'], array('$1' => $data)); $message = substr($message, 0, $pos) . "\n" . $code . "\n" . substr($message, $pos2 + ($quoted == false ? 1 : 7)); $pos += strlen($code) - 1 + 2; } // If this is block level, eat any breaks after it. if (!empty($tag['block_level']) && substr($message, $pos + 1, 6) == '<br />') { $message = substr($message, 0, $pos + 1) . substr($message, $pos + 7); } // Are we trimming outside this tag? if (!empty($tag['trim']) && $tag['trim'] != 'outside' && preg_match('~(<br />| |\\s)*~', substr($message, $pos + 1), $matches) != 0) { $message = substr($message, 0, $pos + 1) . substr($message, $pos + 1 + strlen($matches[0])); } } // Close any remaining tags. while ($tag = array_pop($open_tags)) { $message .= "\n" . $tag['after'] . "\n"; } // Parse the smileys within the parts where it can be done safely. if ($smileys === true) { $message_parts = explode("\n", $message); for ($i = 0, $n = count($message_parts); $i < $n; $i += 2) { parsesmileys($message_parts[$i]); } $message = implode('', $message_parts); } else { $message = strtr($message, array("\n" => '')); } if (substr($message, 0, 1) == ' ') { $message = ' ' . substr($message, 1); } // Cleanup whitespace. $message = strtr($message, array(' ' => ' ', "\r" => '', "\n" => '<br />', '<br /> ' => '<br /> ', ' ' => "\n")); // Cache the output if it took some time... if (isset($cache_key, $cache_t) && array_sum(explode(' ', microtime())) - array_sum(explode(' ', $cache_t)) > 0.05) { cache_put_data($cache_key, $message, 240); } // If this was a force parse revert if needed. if (!empty($parse_tags)) { if (empty($temp_bbc)) { $bbc_codes = array(); } else { $bbc_codes = $temp_bbc; unset($temp_bbc); } } return $message; }
$i = 0; $result = dbquery("SELECT s.shout_id, s.shout_name, s.shout_message, s.shout_datestamp, s.shout_ip, u.user_id, u.user_name, u.user_avatar, u.user_status\r\n\t\t\t\tFROM " . DB_SHOUTBOX . " s\r\n\t\t\t\tLEFT JOIN " . DB_USERS . " u ON s.shout_name=u.user_id\r\n\t\t\t\tORDER BY shout_datestamp DESC LIMIT " . $_GET['rowstart'] . ",20"); echo "<div class='list-group'>\n"; while ($data = dbarray($result)) { echo "<div class='list-group-item' style='min-height:100px;'>\n"; echo "<div class='pull-left m-r-10'>" . display_avatar($data, '80px') . "</div>\n"; echo "<div class='comment-name'>"; echo $data['user_name'] ? "<span class='slink'>" . profile_link($data['user_id'], $data['user_name'], $data['user_status']) . "</span>" : $data['shout_name']; echo "</span>\n"; echo "<span class='small'>" . $locale['SB_on_date'] . showdate("longdate", $data['shout_datestamp']) . "</div>\n"; echo "<div class='m-t-5'><small>\n"; echo "<a href='" . FUSION_SELF . $aidlink . "&action=edit&shout_id=" . $data['shout_id'] . "'>" . $locale['SB_edit'] . "</a> -\n"; echo "<a href='" . FUSION_SELF . $aidlink . "&action=delete&shout_id=" . $data['shout_id'] . "' onclick=\"return confirm('" . $locale['SB_warning_shout'] . "');\">" . $locale['SB_delete'] . "</a> -\n"; echo "<strong>" . $locale['SB_userip'] . $data['shout_ip'] . "</strong>\n"; echo "</small>\n</div>\n"; echo str_replace("<br />", "", parseubb(parsesmileys($data['shout_message']), "b|i|u|url|color")) . "<br />\n"; echo "</div>\n"; } echo "</div>\n"; echo "<div align='center' style='margin-top:5px;'>\n" . makePageNav($_GET['rowstart'], 20, $rows, 3, FUSION_SELF . $aidlink . "&") . "\n</div>\n"; } else { echo "<div style='text-align:center'><br />\n" . $locale['SB_no_msgs'] . "<br /><br />\n</div>\n"; } closetable(); } } else { require_once INCLUDES . "infusions_include.php"; if (isset($_POST['sb_settings'])) { if (isset($_POST['visible_shouts']) && isnum($_POST['visible_shouts'])) { $setting = set_setting("visible_shouts", $_POST['visible_shouts'], "shoutbox_panel"); }
echo "<br /><input type='submit' name='post_archive_shout' value='" . $locale['SB_shout'] . "' class='button' />\n"; echo "</div>\n</form>\n<br />\n"; } else { echo "<div style='text-align:center'>" . $locale['SB_login_req'] . "</div>\n"; } $rows = dbcount("(shout_id)", DB_SHOUTBOX, "shout_hidden='0'"); if (!isset($_GET['rowstart']) || !isnum($_GET['rowstart'])) { $_GET['rowstart'] = 0; } if ($rows != 0) { $result = dbquery("SELECT s.shout_id, s.shout_name, s.shout_message, s.shout_datestamp, u.user_id, u.user_name, u.user_status\r\n\t\tFROM " . DB_SHOUTBOX . " s\r\n\t\tLEFT JOIN " . DB_USERS . " u ON s.shout_name=u.user_id\r\n\t\t" . (multilang_table("SB") ? "WHERE shout_language='" . LANGUAGE . "' AND" : "WHERE") . " s.shout_hidden='0'\r\n\t\tORDER BY s.shout_datestamp DESC LIMIT " . $_GET['rowstart'] . ",20"); while ($data = dbarray($result)) { echo "<div class='tbl2'>\n"; if (iADMIN && checkrights("S") || iMEMBER && $data['shout_name'] == $userdata['user_id'] && isset($data['user_name'])) { echo "<div style='float:right'>\n<a href='" . FUSION_SELF . "?action=edit&shout_id=" . $data['shout_id'] . "'>" . $locale['SB_edit'] . "</a> |\n"; echo "<a href='" . FUSION_SELF . "?action=delete&shout_id=" . $data['shout_id'] . "'>" . $locale['SB_delete'] . "</a>\n</div>\n"; } if ($data['user_name']) { echo "<span class='comment-name'><span class='slink'>" . profile_link($data['user_id'], $data['user_name'], $data['user_status']) . "</span>\n</span>\n"; } else { echo "<span class='comment-name'>" . $data['shout_name'] . "</span>\n"; } echo "<span class='small'>" . showdate("longdate", $data['shout_datestamp']) . "</span>"; echo "</div>\n<div class='tbl1'>\n" . sbawrap(parseubb(parsesmileys($data['shout_message']), "b|i|u|url|color")) . "</div>\n"; } } else { echo "<div style='text-align:center'><br />\n" . $locale['SB_no_msgs'] . "<br /><br />\n</div>\n"; } closetable(); echo "<div align='center' style='margin-top:5px;'>\n" . makepagenav($_GET['rowstart'], 20, $rows, 3, FUSION_SELF . "?") . "\n</div>\n"; require_once THEMES . "templates/footer.php";
function showcomments($ctype, $cdb, $ccol, $cid, $clink) { global $settings, $locale, $userdata, $aidlink; $link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : ""); $link = preg_replace("^(&|\\?)c_action=(edit|delete)&comment_id=\\d*^", "", $link); $cpp = $settings['comments_per_page']; if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) { $result = dbquery("DELETE FROM " . DB_COMMENTS . "\r\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\r\n\t\t\t\t\tAND comment_name='" . $userdata['user_id'] . "'")); } redirect($clink . ($settings['comments_sorting'] == "ASC" ? "" : "&c_start=0")); } if ($settings['comments_enabled'] == "1") { if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) { if (iMEMBER) { $comment_name = $userdata['user_id']; } elseif ($settings['guestposts'] == "1") { if (!isset($_POST['comment_name'])) { redirect($link); } $comment_name = trim(stripinput($_POST['comment_name'])); $comment_name = preg_replace("(^[+0-9\\s]*)", "", $comment_name); if (isnum($comment_name)) { $comment_name = ""; } $_CAPTCHA_IS_VALID = FALSE; include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_check.php"; if (!isset($_POST['captcha_code']) || $_CAPTCHA_IS_VALID == FALSE) { redirect($link); } } $comment_message = trim(stripinput(censorwords($_POST['comment_message']))); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $comment_updated = FALSE; if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\tAND comment_type='" . $ctype . "' AND comment_name='" . $userdata['user_id'] . "'\r\n\t\t\t\t\t\tAND comment_hidden='0'")) { if ($comment_message) { $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='" . $comment_message . "'\r\n\t\t\t\t\t\t\t\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\r\n\t\t\t\t\t\t\t\t\t\t\tAND comment_name='" . $userdata['user_id'] . "'")); $comment_updated = TRUE; } } if ($comment_updated) { if ($settings['comments_sorting'] == "ASC") { $c_operator = "<="; } else { $c_operator = ">="; } $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_id" . $c_operator . "'" . $_GET['comment_id'] . "'\r\n\t\t\t\t\t\t\t\tAND comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\t\t\tAND comment_type='" . $ctype . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; } redirect($clink . "&c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : "")); } else { if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) { redirect(BASEDIR . "index.php"); } if ($comment_name && $comment_message) { require_once INCLUDES . "flood_include.php"; if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) { $result = dbquery("INSERT INTO " . DB_COMMENTS . " (\r\n\t\t\t\t\t\t\t\tcomment_item_id, comment_type, comment_name, comment_message, comment_datestamp,\r\n\t\t\t\t\t\t\t\tcomment_ip, comment_ip_type, comment_hidden\r\n\t\t\t\t\t\t\t) VALUES (\r\n\t\t\t\t\t\t\t\t'" . $cid . "', '" . $ctype . "', '" . $comment_name . "', '" . $comment_message . "', '" . time() . "',\r\n\t\t\t\t\t\t\t\t'" . USER_IP . "', '" . USER_IP_TYPE . "', '0'\r\n\t\t\t\t\t\t\t)"); } } if ($settings['comments_sorting'] == "ASC") { $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\t\t\t\t\tAND comment_type='" . $ctype . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; } else { $c_start = 0; } redirect($clink . "&c_start=" . $c_start); } } $c_arr = array("c_con" => array(), "c_info" => array("c_makepagenav" => FALSE, "admin_link" => FALSE)); $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\t\tAND comment_type='" . $ctype . "' AND comment_hidden='0'"); if (!isset($_GET['c_start']) && $c_rows > $cpp) { $_GET['c_start'] = (ceil($c_rows / $cpp) - 1) * $cpp; } if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) { $_GET['c_start'] = 0; } $result = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcm.comment_datestamp,\r\n\t\t\t\t\ttcu.user_id, tcu.user_name, tcu.user_avatar, tcu.user_status\r\n\t\t\tFROM " . DB_COMMENTS . " tcm\r\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\tWHERE comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "' AND comment_hidden='0'\r\n\t\t\tORDER BY comment_datestamp " . $settings['comments_sorting'] . " LIMIT " . $_GET['c_start'] . "," . $cpp); if (dbrows($result)) { $i = $settings['comments_sorting'] == "ASC" ? $_GET['c_start'] + 1 : $c_rows - $_GET['c_start']; if ($c_rows > $cpp) { $c_arr['c_info']['c_makepagenav'] = makepagenav($_GET['c_start'], $cpp, $c_rows, 3, $clink . "&", "c_start"); } while ($data = dbarray($result)) { $c_arr['c_con'][$i]['comment_id'] = $data['comment_id']; $c_arr['c_con'][$i]['edit_dell'] = FALSE; $c_arr['c_con'][$i]['i'] = $i; if ($data['user_name']) { $c_arr['c_con'][$i]['comment_name'] = profile_link($data['comment_name'], $data['user_name'], $data['user_status']); } else { $c_arr['c_con'][$i]['comment_name'] = $data['comment_name']; } //Add user avatar in comments new feature in v7.02.04 $c_arr['c_con'][$i]['user_avatar'] = display_avatar($data, '80px'); $c_arr['c_con'][$i]['comment_datestamp'] = $locale['global_071'] . showdate("longdate", $data['comment_datestamp']); $c_arr['c_con'][$i]['comment_message'] = "<!--comment_message-->\n" . nl2br(parseubb(parsesmileys($data['comment_message']))); if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) { $c_arr['c_con'][$i]['edit_dell'] = "<!--comment_actions-->\n"; $c_arr['c_con'][$i]['edit_dell'] .= "<a href='" . FUSION_REQUEST . "&c_action=edit&comment_id=" . $data['comment_id'] . "#edit_comment'>"; $c_arr['c_con'][$i]['edit_dell'] .= $locale['c108'] . "</a> |\n"; $c_arr['c_con'][$i]['edit_dell'] .= "<a href='" . FUSION_REQUEST . "&c_action=delete&comment_id=" . $data['comment_id'] . "' onclick=\"return confirm('" . $locale['c110'] . "');\">"; $c_arr['c_con'][$i]['edit_dell'] .= $locale['c109'] . "</a>"; } $settings['comments_sorting'] == "ASC" ? $i++ : $i--; } if (iADMIN && checkrights("C")) { $c_arr['c_info']['admin_link'] = "<!--comment_admin-->\n"; $c_arr['c_info']['admin_link'] .= "<a href='" . ADMIN . "comments.php" . $aidlink . "&ctype=" . $ctype . "&cid=" . $cid . "'>" . $locale['c106'] . "</a>"; } } // Render comments echo "<a id='comments' name='comments'></a>"; render_comments($c_arr['c_con'], $c_arr['c_info']); // Add / edit comment opentable($locale['c102']); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $eresult = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcu.user_name\r\n\t\t\t\tFROM " . DB_COMMENTS . " tcm\r\n\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "'\r\n\t\t\t\t\tAND comment_type='" . $ctype . "' AND comment_hidden='0'"); if (dbrows($eresult)) { $edata = dbarray($eresult); if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) { $clink .= "&c_action=edit&comment_id=" . $edata['comment_id']; $comment_message = $edata['comment_message']; } } else { $comment_message = ""; } } else { $comment_message = ""; } if (iMEMBER || $settings['guestposts'] == "1") { require_once INCLUDES . "bbcode_include.php"; echo "<a id='edit_comment' name='edit_comment'></a>\n"; echo openform('inputform', 'inputform', 'post', $clink); if (iGUEST) { echo "<div align='center' class='tbl'>\n" . $locale['c104'] . "<br />\n"; echo "<input type='text' name='comment_name' maxlength='30' class='textbox' style='width:360px' />\n"; echo "</div>\n"; } echo "<div class='row'>\n"; echo "<div class='col-xs-12 col-sm-12 col-md-12 col-lg-12'>\n"; echo form_textarea('', 'comment_message', 'comment_message', $comment_message, array('required' => 1)); echo display_bbcodes("360px", "comment_message"); if (iGUEST && (!isset($_CAPTCHA_HIDE_INPUT) || isset($_CAPTCHA_HIDE_INPUT) && !$_CAPTCHA_HIDE_INPUT)) { $_CAPTCHA_HIDE_INPUT = FALSE; echo "<div style='width:360px; margin:10px auto;'>"; echo $locale['global_150'] . "<br />\n"; include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_display.php"; if (!$_CAPTCHA_HIDE_INPUT) { echo "<br />\n<label for='captcha_code'>" . $locale['global_151'] . "</label>"; echo "<br />\n<input type='text' id='captcha_code' name='captcha_code' class='textbox' autocomplete='off' style='width:100px' />\n"; } echo "</div>\n"; } echo form_button($comment_message ? $locale['c103'] : $locale['c102'], 'post_comment', 'post_comment', $comment_message ? $locale['c103'] : $locale['c102'], array('class' => 'btn btn-primary m-t-10')); echo "</div>\n</div>\n"; echo closeform(); } else { echo $locale['c105'] . "\n"; } closetable(); } }
$a_files .= "<a href='" . FUSION_SELF . "?thread_id=" . $_GET['thread_id'] . "&getfile=" . $a_data['attach_id'] . "'>" . $a_data['attach_name'] . "</a> [<span class='small'>" . parsebytesize(filesize(FORUM . "attachments/" . $a_data['attach_name'])) . " / " . $count . "</span>]\n"; $i_files++; } } if ($a_files) { echo "<br /><br /><fieldset style='border:1px solid #ccc;width:320px;'>\n\t\t\t\t<legend>" . $locale['fb568'] . "</legend>\n\t\t\t\t<div style='padding:3px;width:320px;'>{$a_files}</div>\n\t\t\t</fieldset><br />\n"; } if ($a_images) { if (!$a_files) { echo "<br /><br />\n"; } echo "<fieldset style='border:1px solid #ccc;width:320px;'>\n\t\t\t\t<legend>" . $locale['fb567'] . "</legend>\n\t\t\t\t<div style='padding:3px;width:320px;'>{$a_images}</div>\n\t\t\t</fieldset><br />\n"; } } if ($data['post_showsig'] && array_key_exists("user_sig", $data) && $data['user_sig']) { echo "\n<div class='tbl-border' style='height:2px;overflow:hidden; margin-top:5px; margin-bottom:5px;width:320px;'> </div>" . nl2br(parseubb(parsesmileys($data['user_sig']), "b|i|u||center|small|url|mail|img|color")); } if ((dbrows(dbquery("select * from " . DB_PREFIX . "fb_rate where rate_post='" . $data['post_id'] . "'")) || iMEMBER && $userdata['user_id'] !== $data['user_id']) && $fb4['show_ratings']) { echo "<br /><br />\n"; } echo "<!--sub_forum_post--></td>\n</tr>\n"; echo "<tr>\n<td class='tbl2' style='white-space:nowrap;font-size:9px;padding:8px;whitespace:no-wrap;'>"; postRatings($data['post_id']); echo "</td>\n<td class='tbl2' align='right' style='width:1%;height:1px;padding:8px;' nowrap='nowrap'>"; if (iMEMBER) { showRatings($data['post_id'], $userdata['user_id'], $data['post_author'], false); } if (iMEMBER && ($can_post || $can_reply) && !$fb4['buttons']) { if ($userdata['user_id'] !== $data['user_id']) { echo ":: "; }
add_to_head("<script type='text/javascript'>\n\n\t/* <![CDATA[ */\n\n\tjQuery(document).ready(function(){\n\t\tjQuery('a.tozoom').colorbox();\n\t});\n\n\t/* ]]>*/\n\n\t</script>\n"); $result = dbquery("SELECT td.*,\n\t\t\t\ttc.download_cat_id, tc.download_cat_access, tc.download_cat_name,\n\t\t\t\ttu.user_id, tu.user_name, tu.user_status\n\t\t\tFROM " . DB_DOWNLOADS . " td\n\t\t\tLEFT JOIN " . DB_DOWNLOAD_CATS . " tc ON td.download_cat=tc.download_cat_id\n\t\t\tLEFT JOIN " . DB_USERS . " tu ON td.download_user=tu.user_id\n\t\t\tWHERE download_id='" . $_GET['download_id'] . "'"); if (dbrows($result)) { $data = dbarray($result); if (!checkgroup($data['download_cat_access'])) { redirect(FUSION_SELF); } opentable($locale['400'] . ": " . $data['download_title']); echo "<!--pre_download_details-->\n"; echo "<div class='tbl-border' style='margin-bottom:10px; padding:3px;'>\n"; echo "<div class='forum-caption' style='text-align:left;'>\n"; echo "<a href='" . FUSION_SELF . "'>" . $locale['417'] . "</a> > <a href='" . FUSION_SELF . "?cat_id=" . $data['download_cat'] . "'>" . $data['download_cat_name'] . "</a> > <strong>" . $data['download_title'] . "</strong>"; echo "</div>\n</div>\n"; echo "<table width='100%' cellpadding='0' cellspacing='1' class='tbl-border center'>\n"; echo "<tr>\n<td class='tbl1' colspan='2'><h2>" . $data['download_title'] . " " . $data['download_version'] . "</h2><hr /></td></tr>\n"; echo "<tr>\n<td class='tbl1' style='vertical-align:top;'>" . ($data['download_description'] != "" ? nl2br(parseubb(parsesmileys($data['download_description']))) : nl2br(stripslashes($data['download_description_short']))) . "</td>"; echo "<td class='tbl1' style='width:20%;text-align:center;vertical-align:top;'>"; echo "<table width='100%' cellpadding='0' cellspacing='1' class='tbl-border center'>\n"; if ($data['download_homepage'] != "") { if (!strstr($data['download_homepage'], "http://") && !strstr($data['download_homepage'], "https://")) { $urlprefix = "http://"; } else { $urlprefix = ""; } echo "<tr><td class='tbl2' style='text-align:center;'>"; echo "<img src='" . get_image("homepage") . "' alt='" . $locale['418'] . "' /><br />"; echo "<a href='" . $urlprefix . $data['download_homepage'] . "' title='" . $urlprefix . $data['download_homepage'] . "' target='_blank'>" . $locale['418'] . "</a>"; echo "</td>\n</tr>\n"; } if ($settings['download_screenshot'] && $data['download_image'] != "") { echo "<tr>\n";