This repository has been archived by the owner on Jan 26, 2020. It is now read-only.
/
postops.php
128 lines (107 loc) · 4.52 KB
/
postops.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<?php
/*
ThWboard - PHP/MySQL Bulletin Board System
==============================================
(c) 2000-2004 by ThWboard Development Group
download the latest version:
http://www.thwboard.de
This program is free software; you can
redistribute it and/or modify it under the
terms of the GNU General Public License as
published by the Free Software Foundation;
either version 2 of the License, or (at
your option) any later version.
==============================================
*/
include "./inc/header.inc.php";
if(!isset($action))
{
die("denied.");
}
function log_action($action)
{
global $g_user, $post, $REMOTE_ADDR, $PHP_SELF, $pref;
thwb_query( "INSERT INTO ".$pref."adminlog (logtype, logtime, loguser, logip, logscript,
logaction, lognotes) VALUES ('LOG_MOD',
".time().",
'$g_user[username]',
'$REMOTE_ADDR',
'".basename($PHP_SELF)."',
'".addslashes($action)."',
'post id: $post[postid]')" );
}
if( $action == "showip" )
{
$navpath .= "IP anzeigen";
if( $P->has_permission( P_IP ) )
{
$r_post = thwb_query("SELECT postid, postip FROM ".$pref."post WHERE postid=". $post['postid'] );
$post = mysql_fetch_array($r_post);
log_action('reveal ip');
message("IP", "Dieser Post wurde von IP $post[postip] (".gethostbyaddr($post['postip']).") aus erstellt.");
}
else
{
message("Fehler", "Sie haben keine Erlaubnis diese IP einzusehen.");
}
}
elseif( $action == "delete" )
{
$navpath .= "Post/Thread löschen";
$r_post = thwb_query("SELECT postid, userid, posttime FROM ".$pref."post WHERE postid=". $post['postid'] );
$post = mysql_fetch_array($r_post);
if( ($g_user['userid'] == $post['userid'] && $P->has_permission( P_DELPOST )) || $P->has_permission( P_ODELPOST ))
{
//ttt: edit time limit now also applies to post delete
if( $config['editlimit'] && !$P->has_permission( P_ODELPOST ) && !$P->has_permission( P_NOEDITLIMIT ) && ($post['posttime'] + $config['editlimit']) < time() )
message('Fehler', 'Sie können diesen Post nicht mehr löschen, da das Zeitlimit überschritten wurde.');
if( !isset($do_delete) || !$do_delete )
{
$r_thread = thwb_query("SELECT threadid, threadreplies FROM ".$pref."thread WHERE threadid=$thread[threadid]");
$thread = mysql_fetch_array($r_thread);
if( $thread['threadreplies'] < 1 )
{
message(" ", 'Soll dieser Thread wirklich GELÖSCHT werden?<br>
<form name="theform" method="post" action="'.build_link("threadops.php").'">
<input type="hidden" name="action" value="do_delete">
<input type="hidden" name="thread[threadid]" value="' . $thread['threadid'] . '">
<input class="tbbutton" type="submit" name="Submit" value="Löschen >>">
</form>');
}
else
{
message("Bestätigung", '
<form name="theform" method="post" action="'.build_link("postops.php").'">
Möchten Sie diesen Post wirklich löschen?<br><br>
<input type="hidden" name="do_delete" value="1">
<input type="hidden" name="action" value="delete">
<input type="hidden" name="post[postid]" value="' . $post['postid'] . '">
<input class="tbbutton" type="submit" name="Submit" value="Löschen >>">
</form>');
}
}
else
{
// re-get $post
$post = $HTTP_POST_VARS['post'];
if( !($post['postid'] = intval($post['postid'])) )
exit( 'nix da' );
// decrease thread reply count
thwb_query("UPDATE ".$pref."thread SET threadreplies=threadreplies-1 WHERE threadid=$thread[threadid]");
// decrease board post count
thwb_query("UPDATE ".$pref."board SET boardposts=boardposts-1 WHERE boardid=$board[boardid]");
// remove post
thwb_query("DELETE FROM ".$pref."post WHERE postid=$post[postid]");
// display stuff
updatethread($thread['threadid']);
updateboard($board['boardid']);
log_action('delete post');
message("Post wurde gelöscht",
"Post wurde gelöscht.<br><a href=\"".build_link("showtopic.php?thread[threadid]=$thread[threadid]")."\">Zurück zum Thread</a>");
}
}
else
{
message("Fehler", "Sie haben keine Erlaubnis diesen Post zu löschen");
}
}