Ejemplo n.º 1
0
	private function remove() {
		$v = _request(array('event' => 0));

		if (_empty($v)) {
			return;
		}

		$sql = 'SELECT *
			FROM _events
			WHERE id = ?';
		if (!$row = sql_fieldrow(sql_filter($sql, $event))) {
			_pre('El evento no existe.', true);
		}

		$e_artist = explode(nr(), $artist);
		foreach ($e_artist as $row) {
			$subdomain = get_subdomain($row);

			$sql = 'SELECT *
				FROM _artists
				WHERE subdomain = ?';
			if ($a_row = sql_fieldrow(sql_filter($sql, $subdomain))) {
				$sql = 'DELETE FROM _artists_events
					WHERE a_artist = ?
						AND a_event = ?';
				sql_query(sql_filter($sql, $a_row['ub'], $event));
			}
		}

		return redirect(s_link('events', $row['event_alias']));
	}
Ejemplo n.º 2
0
function prepare_message($message)
{
	global $config;

	// Do some general 'cleanup' first before processing message,
	// e.g. remove excessive newlines(?), smilies(?)
	// Transform \r\n and \r into \n
	$match = array('#\r\n?#', '#sid=[a-z0-9]*?&?#', "#([\n][\s]+){3,}#", '#(script|about|applet|activex|chrome):#i');
	$replace = array(nr(), '', nr(false, 2), "\\1:");
	$message = preg_replace($match, $replace, trim($message));

	$allowed_tags = split(',', $config['allow_html_tags']);

	if (sizeof($allowed_tags))
	{
		$message = preg_replace('#&lt;(\/?)(' . str_replace('*', '.*?', implode('|', $allowed_tags)) . ')&gt;#is', '<$1$2>', $message);
	}

	return $message;
}
Ejemplo n.º 3
0
 function npi_sql_filter()
 {
     if (!($args = func_get_args())) {
         return false;
     }
     $sql = array_shift($args);
     if (is_array($sql)) {
         $sql_ary = w();
         foreach ($sql as $row) {
             $sql_ary[] = npi_sql_filter($row, $args);
         }
         return $sql_ary;
     }
     $count_args = count($args);
     $sql = str_replace('%', '[!]', $sql);
     if (!$count_args || $count_args < 1) {
         return str_replace('[!]', '%', $sql);
     }
     if ($count_args == 1 && is_array($args[0])) {
         $args = $args[0];
     }
     foreach ($args as $i => $arg) {
         $args[$i] = strpos($arg, '/***/') !== false ? $arg : npi_sql_escape($arg);
     }
     foreach ($args as $i => $row) {
         if (strpos($row, 'addquotes') !== false) {
             $e_row = explode(',', $row);
             array_shift($e_row);
             foreach ($e_row as $j => $jr) {
                 $e_row[$j] = "'" . $jr . "'";
             }
             $args[$i] = implode(',', $e_row);
         }
     }
     array_unshift($args, str_replace(w('?? ?'), w("%s '%s'"), $sql));
     // Conditional deletion of lines if input is zero
     if (strpos($args[0], '-- ') !== false) {
         $e_sql = explode(nr(), $args[0]);
         $matches = 0;
         foreach ($e_sql as $i => $row) {
             $e_sql[$i] = str_replace('-- ', '', $row);
             if (strpos($row, '%s')) {
                 $matches++;
             }
             if (strpos($row, '-- ') !== false && !$args[$matches]) {
                 unset($e_sql[$i], $args[$matches]);
             }
         }
         $args[0] = implode($e_sql);
     }
     return str_replace('[!]', '%', hook('sprintf', $args));
 }
Ejemplo n.º 4
0
	public function object() {
		global $auth, $user, $config, $comments, $upload;

		$mode = request_var('mode', '');

		switch ($mode) {
			case 'view':
			case 'fav':
			case 'rsvp':
				$download_id = request_var('download_id', 0);
				if (!$download_id) {
					redirect(s_link('events', $this->v('event_alias')));
				}

				switch ($mode) {
					case 'view':
						$sql = 'SELECT e.*, COUNT(e2.image) AS prev_images
							FROM _events_images e, _events_images e2
							WHERE e.event_id = ?
								AND e.event_id = e2.event_id
								AND e.image = ?
								AND e2.image <= ?
							GROUP BY e.image
							ORDER BY e.image ASC';
						$sql = sql_filter($sql, $this->v('id'), $download_id, $download_id);
						break;
					case 'rsvp':
						$sql = '';
						break;
					default:
						$sql = 'SELECT e2.*
							FROM _events_images e2
							LEFT JOIN _events e ON e.id = e2.event_id
							WHERE e2.event_id = ?
								AND e2.image = ?';
						$sql = sql_filter($sql, $this->v('id'), $download_id);
						break;
				}

				if (!empty($sql)) {
					if (!$imagedata = sql_fieldrow($sql)) {
						redirect(s_link('events', $this->v('event_alias')));
					}
				}

				break;
		}

		switch ($mode) {
			case 'fav':
				if (!$user->is('member')) {
					do_login();
				}

				$sql = 'SELECT *
					FROM _events_fav
					WHERE event_id = ?
						AND image_id = ?
						AND member_id = ?';
				if ($row = sql_fieldrow(sql_filter($sql, $this->v('id'), $imagedata['image'], $user->d('user_id')))) {
					$sql = 'UPDATE _events_fav SET fav_date = ?
						WHERE event_id = ?
							AND image_id = ?';
					sql_query(sql_filter($sql, time(), $this->v('id'), $imagedata['image']));
				} else {
					$sql_insert = array(
						'event_id' => (int) $this->v('id'),
						'image_id' => (int) $imagedata['image'],
						'member_id' => (int) $user->d('user_id'),
						'fav_date' => time()
					);
					sql_insert('events_fav', $sql_insert);
				}

				redirect(s_link('events', $this->v('event_alias'), $imagedata['image'], 'view'));
				break;
			case 'rsvp':
				$choice = array_key(array_keys(request_var('choice', array(0 => ''))), 0);
				$topic_id = $this->v('event_topic');

				if (!$topic_id) {
					fatal_error();
				}

				if (!$choice) {
					redirect(s_link('events', $this->v('event_alias')));
				}

				if (!$user->is('member')) {
					do_login();
				}

				$sql = 'SELECT vd.vote_id
					FROM _poll_options vd, _poll_results vr
					WHERE vd.topic_id = ?
						AND vr.vote_id = vd.vote_id
						AND vr.vote_option_id = ?
					GROUP BY vd.vote_id';
				if (!$vote_id = sql_field(sql_filter($sql, $topic_id, $choice), 'vote_id', 0)) {
					fatal_error();
				}

				$sql = 'SELECT *
					FROM _poll_voters
					WHERE vote_id = ?
						AND vote_user_id = ?';
				if (!sql_fieldrow(sql_filter($sql, $vote_id, $user->d('user_id')))) {
					$sql = 'UPDATE _poll_results SET vote_result = vote_result + 1
						WHERE vote_id = ?
							AND vote_option_id = ?';
					sql_query(sql_filter($sql, $vote_id, $choice));

					$insert_vote = array(
						'vote_id' => (int) $vote_id,
						'vote_user_id' => (int) $user->d('user_id'),
						'vote_user_ip' => $user->ip,
						'vote_cast' => (int) $choice
					);
					sql_insert('poll_voters', $insert_vote);
				}

				redirect(s_link('events', $this->v('event_alias')));
				break;
			case 'view':
			default:
				/**
				* Generate thumbnail for events list.
				*/
				if ($user->is('colab') && !$this->v('images') && _button('create_thumbnail')) {
					$location_large = $config['events_path'] . 'future/' . $this->v('id') . '.jpg';
					$location_mini = $config['events_path'] . 'mini/' . $this->v('id') . '.jpg';

					$x1 = request_var('x1', 0);
					$y1 = request_var('y1', 0);
					$x2 = request_var('x2', 0);
					$y2 = request_var('y2', 0);
					$w = request_var('w', 0);
					$h = request_var('h', 0);

					//Scale the image to the thumb_width set above
					$scale = $config['events_thumb_width'] / $w;
					$cropped = $upload->resizeThumbnailImage($location_mini, $location_large, $w, $h, $x1, $y1, $scale);

					redirect(s_link('events'));
				}

				/**
				* Normal operations
				*/
				$t_offset = request_var('offset', 0);

				if ($mode == 'view') {
					$sql = 'UPDATE _events_images
						SET views = views + 1
						WHERE event_id = ?
							AND image = ?';
					sql_query(sql_filter($sql, $this->v('id'), $imagedata['image']));

					_style('selected', array(
						'IMAGE' => $config['events_url'] . 'gallery/' . $this->v('id') . '/' . $imagedata['image'] . '.jpg',
						'WIDTH' => $imagedata['width'],
						'HEIGHT' => $imagedata['height'],
						'FOOTER' => $imagedata['image_footer'])
					);

					if ($user->is('founder')) {
						_style('selected.update', array(
							'URL' => s_link('async eif'),
							'EID' => $this->v('id'),
							'PID' => $imagedata['image'])
						);
					}

					$is_fav = false;
					if ($user->is('member')) {
						$sql = 'SELECT member_id
							FROM _events_fav
							WHERE event_id = ?
								AND image_id = ?
								AND member_id = ?';
						if (sql_field(sql_filter($sql, $this->v('id'), $imagedata['image'], $user->d('user_id')), 'member_id', 0)) {
							$is_fav = true;
						}
					}

					if (!$is_fav || !$user->is('member')) {
						_style('selected.fav', array(
							'URL' => s_link('events', $this->v('id'), $imagedata['image'], 'fav'))
						);
					}
				} else {
					if (!$t_offset && $user->is('founder')) {
						$sql = 'UPDATE _events SET views = views + 1
							WHERE id = ?';
						sql_query(sql_filter($sql, $this->v('id')));
					}
				}

				$sql = 'SELECT t.topic_id, t.topic_title, t.topic_locked, t.topic_replies, t.topic_time, t.topic_important, t.topic_vote, t.topic_featured, t.topic_points, t.topic_last_post_id, f.forum_alias, f.forum_name, f.forum_locked, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_announce, f.auth_pollcreate, f.auth_vote
					FROM _forum_topics t, _forums f
					WHERE t.topic_id = ?
						AND f.forum_id = t.forum_id';
				if (!$event_topic = sql_fieldrow(sql_filter($sql, $this->v('event_topic')))) {
					fatal_error();
				}

				$mod_auth = $user->is('mod');

				$error = w();
				$forum_id = $event_topic['forum_id'];
				$submit_reply = _button('post');
				$reply = request_var('reply', 0);

				if ($reply) {
					$post_reply = request_var('p', 0);

					$sql = 'SELECT p.*, u.user_id, u.username
						FROM _forum_posts p, _members u
						WHERE p.post_id = ?
							AND u.user_id = p.poster_id
							AND p.post_deleted = 0';
					if (!$post_data = sql_fieldrow(sql_filter($sql, $post_reply))) {
						redirect(s_link('events', $this->v('event_alias')));
					}
				}

				$is_auth = $auth->forum(AUTH_ALL, $forum_id, $event_topic);
				$u_event_alias = s_link('events', $this->v('event_alias'));
				$u_event_publish = ($reply) ? s_link('events', $this->v('event_alias'), $post_reply, 'reply') : $u_event_alias;

				if ($submit_reply) {
					$auth_key = 'auth_reply';

					if (((!$is_auth['auth_view'] || !$is_auth['auth_read'])) || !$is_auth[$auth_key]) {
						if (!$user->is('member')) {
							do_login();
						}

						$can_reply_closed = $auth->option(array('forum', 'topics', 'delete'));

						if (!$can_reply_closed && ($event_topic['forum_locked'] || $event_topic['topic_locked'])) {
							$error[] = 'TOPIC_LOCKED';
						}

						if (sizeof($error)) {
							redirect($u_event_alias);
						}
					}

					$post_message = request_var('message', '', true);

					if ($reply) {
						$post_reply_message = request_var('reply_message', '', true);
					}

					// Check message
					if (empty($post_message)) {
						$error[] = 'EMPTY_MESSAGE';
					}

					if (sizeof($error)) {
						redirect($u_event_alias);
					}

					if (!$mod_auth) {
						$sql = 'SELECT MAX(post_time) AS last_post_time
							FROM _forum_posts
							WHERE poster_id = ?';
						if ($last_post_time = sql_field(sql_filter($sql, $user->d('user_id')))) {
							if (intval($last_post_time) > 0 && ($current_time - intval($last_post_time)) < intval($config['flood_interval'])) {
								$error[] = 'FLOOD_ERROR';
							}
						}
					}

					if (sizeof($error)) {
						redirect($u_event_alias);
					}

					$update_topic = w();

					if (strstr($post_message, '-Anuncio-') && $user->is('mod')) {
						$topic_announce = 1;
						$post_message = str_replace('-Anuncio-', '', $post_message);
						$update_topic['topic_announce'] = $topic_announce;
					}

					if (strstr($post_message, '-Cerrado-') && $user->is('mod')) {
						$topic_locked = 1;
						$post_message = str_replace('-Cerrado-', '', $post_message);
						$update_topic['topic_locked'] = $topic_locked;
					}

					$post_message = $comments->prepare($post_message);

					if ($reply && $post_reply_message != '') {
						$post_reply_message = preg_replace('#(^|[\n ]|\()(http|https|ftp)://([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)(gif|jpg|jpeg|png)#ie', '', $post_reply_message);
					}

					if ($reply && empty($post_reply_message)) {
						$post_reply_message = '...';
					}

					if ($reply && $post_reply_message != '') {
						$post_message = '<blockquote><strong>' . $post_data['username'] . "</strong>" . nr(false, 2) . $post_reply_message . '</blockquote><br /> ' . $post_message;
					} else {
						$reply = 0;
					}

					$insert_data = array(
						'topic_id' => (int) $this->v('event_topic'),
						'forum_id' => (int) $forum_id,
						'poster_id' => (int) $user->d('user_id'),
						'post_time' => time(),
						'poster_ip' => $user->ip,
						'post_text' => $post_message,
						'post_np' => ''
					);
					if ($reply) {
						$insert_data['post_reply'] = $post_reply;
					}

					$post_id = sql_insert('forum_posts', $insert_data);

					$user->delete_unread(UH_T, $this->v('event_topic'));
					$user->save_unread(UH_T, $this->v('event_topic'));

					//
					$a_list = forum_for_team_list($forum_id);
					if (count($a_list)) {
						$sql_delete_unread = 'DELETE FROM _members_unread
							WHERE element = ?
								AND item = ?
								AND user_id NOT IN (??)';
						sql_query(sql_filter($sql, 8, $this->v('event_topic'), implode(', ', $a_list)));
					}

					$update_topic['topic_last_post_id'] = $post_id;

					if ($topic_locked) {
						topic_feature($topic_id, 0);
					}

					$sql = 'UPDATE _forums SET forum_posts = forum_posts + 1, forum_last_topic_id = ?
						WHERE forum_id = ?';
					sql_query(sql_filter($sql, $this->v('event_topic'), $forum_id));

					$sql = 'UPDATE _forum_topics SET topic_replies = topic_replies + 1, ' . sql_build('UPDATE', $update_topic) . sql_filter('
						WHERE topic_id = ?', $this->v('event_topic'));
					sql_query($sql);

					$sql = 'UPDATE _members SET user_posts = user_posts + 1
						WHERE user_id = ?';
					sql_query(sql_filter($sql, $user->d('user_id')));

					redirect($u_event_alias);
				}

				// Get event thumbnails
				$t_per_page = 18;

				if ($mode == 'view' && $download_id) {
					$val = 1;

					$sql = 'SELECT MAX(image) AS total
						FROM _events_images
						WHERE event_id = ?';
					if ($maximage = sql_field(sql_filter($sql, $this->v('id')), 'total', 0)) {
						$val = ($download_id == $maximage) ? 2 : 1;
					}

					$t_offset = floor(($imagedata['prev_images'] - $val) / $t_per_page) * $t_per_page;
				}

				if ($this->v('images')) {
					$exception_sql = (isset($download_id) && $download_id) ? sql_filter(' AND g.image <> ? ', $download_id) : '';

					$sql = 'SELECT g.*
						FROM _events e, _events_images g
						WHERE e.id = ?
							AND e.id = g.event_id ' .
							$exception_sql . '
						ORDER BY g.image ASC
						LIMIT ??, ??';
					if (!$result = sql_rowset(sql_filter($sql, $this->v('id'), $t_offset, $t_per_page))) {
						redirect(s_link('events', $this->v('id')));
					}

					build_num_pagination(s_link('events', $this->v('id'), 's%d'), $this->v('images'), $t_per_page, $t_offset, 'IMG_');

					_style('thumbnails');

					foreach ($result as $row) {
						_style('thumbnails.item', array(
							'URL' => s_link('events', $this->v('event_alias'), $row['image'], 'view'),
							'IMAGE' => $config['events_url'] . 'gallery/' . $this->v('id') . '/thumbnails/' . $row['image'] . '.jpg',
							'RIMAGE' => $config['events_url'] . 'gallery/' . $this->v('id') . '/' . $row['image'] . '.jpg',
							'FOOTER' => $row['image_footer'],
							'WIDTH' => $row['width'],
							'HEIGHT' => $row['height'])
						);
					}

					// Credits
					$sql = 'SELECT *
						FROM _events_colab c, _members m
						WHERE c.colab_event = ?
							AND c.colab_uid = m.user_id
						ORDER BY m.username';
					if ($result = sql_rowset(sql_filter($sql, $this->v('id')))) {
						_style('collab');

						foreach ($result as $row) {
							_style('collab.row', array(
								'PROFILE' => s_link('m', $row['username_base']),
								'USERNAME' => $row['username'])
							);
						}
					}
				} else {
					_style('event_flyer', array(
						'IMAGE_SRC' => $config['events_url'] . 'future/' . $this->v('id') . '.jpg?u=' . $this->v('event_update'))
					);

					$location_mini = $config['events_path'] . 'mini/' . $this->v('id') . '.jpg';

					if ($user->is('colab') && !$this->v('images') && !@file_exists($location_mini)) {
						$large_filepath = $config['events_path'] . 'future/' . $this->v('id') . '.jpg';

						_style('event_flyer.thumbnail', array(
							'ACTION' => $u_event_alias,
							'SCALE' => ($config['events_thumb_height'] / $config['events_thumb_width']),
							'THUMB_WIDTH' => $config['events_thumb_width'],
							'THUMB_HEIGHT' => $config['events_thumb_height'],
							'LARGE_WIDTH' => $upload->getWidth($large_filepath),
							'LARGE_HEIGHT' => $upload->getHeight($large_filepath)
						));
					}
				}

				list($d, $m, $y) = explode(' ', gmdate('j n Y', time() + $user->timezone + $user->dst));
				$midnight = gmmktime(0, 0, 0, $m, $d, $y) - $user->timezone - $user->dst;

				$event_date = $user->format_date($this->v('date'), 'j F Y \a \l\a\s H:i') . ' horas.';

				if ($this->v('date') >= $midnight) {
					if ($this->v('date') >= $midnight && $this->v('date') < $midnight + 86400) {
						$event_date_format = lang('event_today');
					} else if ($this->v('date') >= $midnight + 86400 && $this->v('date') < $midnight + (86400 * 2)) {
						$event_date_format = lang('event_tomorrow');
					} else {
						$event_date_format = sprintf(lang('event_after'), $event_date);
					}
				} else {
					if ($this->v('date') >= ($midnight - 86400)) {
						$event_date_format = lang('event_yesterday');
					} else {
						$event_date_format = sprintf(lang('event_before'), $event_date);
					}
				}

				v_style(array(
					'EVENT_NAME' => $this->v('title'),
					'EVENT_DATE' => $event_date_format,
					'EVENT_URL' => $u_event_alias,
					'EVENT_PUBLISH' => $u_event_publish)
				);

				$posts_offset = request_var('ps', 0);
				$topic_id = $this->v('event_topic');

				// START RSVP
				if ($topic_id) {
					$sql = 'SELECT vd.vote_id, vd.vote_text, vd.vote_start, vd.vote_length, vr.vote_option_id, vr.vote_option_text, vr.vote_result
						FROM _poll_options vd, _poll_results vr
						WHERE vd.topic_id = ?
							AND vr.vote_id = vd.vote_id
						ORDER BY vr.vote_option_order, vr.vote_option_id ASC';
					if ($vote_info = sql_rowset(sql_filter($sql, $topic_id))) {
						$sql = 'SELECT vote_id
							FROM _poll_voters
							WHERE vote_id = ?
								AND vote_user_id = ?';
						$user_voted = sql_field(sql_filter($sql, $vote_info[0]['vote_id'], $user->d('user_id')), 'vote_id', 0);
						$poll_expired = ($vote_info[0]['vote_length']) ? (($vote_info[0]['vote_start'] + $vote_info[0]['vote_length'] < time()) ? true : false) : false;

						_style('poll', array(
							'POLL_TITLE' => $vote_info[0]['vote_text'])
						);

						if ($user_voted || $poll_expired) {
							_style('poll.results');

							foreach ($vote_info as $row) {
								if ($this->v('date') >= $midnight) {
									$caption = ($row['vote_result'] == 1) ? lang('rsvp_future_one') : lang('rsvp_future_more');
								} else {
									$caption = ($row['vote_result'] == 1) ? lang('rsvp_past_one') : lang('rsvp_past_more');
								}

								_style('poll.results.item', array(
									'CAPTION' => $caption,
									'RESULT' => $row['vote_result'])
								);
								break;
							}
						} else {
							_style('poll.options', array(
								'S_VOTE_ACTION' => s_link('events', $this->v('event_alias'), 1, 'rsvp'))
							);

							foreach ($vote_info as $row) {
								$caption = ($this->v('date') >= $midnight) ? lang('rsvp_future') : lang('rsvp_past');

								_style('poll.options.item', array(
									'ID' => $row['vote_option_id'],
									'CAPTION' => $caption)
								);
								break;
							}
						}
					}
				}
				// END RSVP

				$sql = 'SELECT p.*, u.user_id, u.username, u.username_base, u.user_avatar, u.user_posts, u.user_gender, u.user_rank
					FROM _forum_posts p, _members u
					WHERE p.topic_id = ?
						AND u.user_id = p.poster_id
						AND p.post_deleted = 0
					ORDER BY p.post_time DESC
					LIMIT ??, ??';
				if (!$messages = sql_rowset(sql_filter($sql, $topic_id, $posts_offset, $config['posts_per_page']))) {
					redirect(s_link('events', $this->v('event_alias')));
				}

				if (!$posts_offset) {
					//unset($messages[0]);
				}

				$i = 0;
				foreach ($messages as $row) {
					if (!$i) {
						$controls = w();
						$user_profile = w();
						$unset_user_profile = array('user_id', 'user_posts', 'user_gender');

						_style('messages');
					}

					if ($user->is('member')) {
						$controls[$row['post_id']]['reply'] = s_link('events', $this->v('event_alias'), $row['post_id'], 'reply');

						if ($mod_auth) {
							$controls[$row['post_id']]['edit'] = s_link('acp', array('forums_post_modify', 'msg_id' => $row['post_id']));
							$controls[$row['post_id']]['delete'] = s_link('acp', array('forums_post_delete', 'msg_id' => $row['post_id']));
						}
					}

					$user_profile[$row['user_id']] = $comments->user_profile($row, '', $unset_user_profile);

					$data = array(
						'POST_ID' => $row['post_id'],
						'DATETIME' => $user->format_date($row['post_time']),
						'MESSAGE' => $comments->parse_message($row['post_text']),
						'PLAYING' => $row['post_np'],
						'DELETED' => $row['post_deleted']
					);

					foreach ($user_profile[$row['user_id']] as $key => $value) {
						$data[strtoupper($key)] = $value;
					}

					_style('messages.row', $data);

					if (isset($controls[$row['post_id']])) {
						_style('messages.row.controls');

						foreach ($controls[$row['post_id']] as $item => $url) {
							_style('messages.row.controls.' . $item, array(
								'URL' => $url)
							);
						}
					}

					$i++;
				}

				build_num_pagination(s_link('events', $this->v('event_alias'), 'ps%d'), $event_topic['topic_replies'], $config['posts_per_page'], $posts_offset, 'MSG_');

				$publish_ref = ($posts_offset) ? s_link('events', $this->v('event_alias'), 's' . $t_offset) : s_link('events', $this->v('event_alias'));

				// Posting box
				if ($user->is('member')) {
					_style('publish', array(
						'REF' => $publish_ref)
					);

					if ($reply) {
						if (empty($post_reply_message)) {
							$post_reply_message = $comments->remove_quotes($post_data['post_text']);
						}

						if (!empty($post_reply_message)) {
							$rx = array('#(^|[\n ]|\()(http|https|ftp)://([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)(gif|jpg|jpeg|png)#is', '#\[yt:[0-9a-zA-Z\-\=\_]+\]#is', '#\[sb\]#is', '#\[\/sb\]#is');
							$post_reply_message = preg_replace($rx, '', $post_reply_message);
						}

						if (empty($post_reply_message)) {
							$post_reply_message = '...';
						}

						_style('publish.reply', array(
							'MESSAGE' => $post_reply_message)
						);
					}
				}

				break;
		}

		$this->_title = $this->v('title');
		$this->_template = 'events.view';

		return true;
	}
Ejemplo n.º 5
0
	public function _email() {
		if ($this->make) {
			return;
		}

		if (empty($this->data['email'])) {
			fatal_error();
		}

		if (!$this->auth['user']) {
			do_login();
		}

		global $user, $config;

		$error_msg = '';
		$subject = '';
		$message = '';
		$current_time = time();

		if (_button()) {
			$subject = request_var('subject', '');
			$message = request_var('message', '', true);

			if (empty($subject) || empty($message)) {
				$error_msg .= (($error_msg != '') ? '<br />' : '') . lang('fields_empty');
			}

			if (empty($error_msg)) {
				$sql = 'UPDATE _artists SET last_email = ?, last_email_user = ?
					WHERE ub = ?';
				sql_query(sql_filter($sql, $current_time, $user->d('user_id'), $this->data['ub']));

				$emailer = new emailer($config['smtp_delivery']);

				$emailer->from($user->d('user_email'));

				$email_headers = 'X-AntiAbuse: User_id - ' . $user->d('user_id') . nr();
				$email_headers .= 'X-AntiAbuse: Username - ' . $user->d('username') . nr();
				$email_headers .= 'X-AntiAbuse: User IP - ' . $user->ip . nr();

				$emailer->use_template('mmg_send_email', $config['default_lang']);
				$emailer->email_address($this->data['email']);
				$emailer->set_subject($subject);
				$emailer->extra_headers($email_headers);

				$emailer->assign_vars(array(
					'SITENAME' => $config['sitename'],
					'BOARD_EMAIL' => $config['board_email'],
					'FROM_USERNAME' => $user->d('username'),
					'UB_NAME' => $this->data['name'],
					'MESSAGE' => $message
				));
				$emailer->send();
				$emailer->reset();

				redirect(s_link('a', $this->data['subdomain']));
			}
		}

		if ($error_msg != '') {
			_style('error');
		}

		v_style(array(
			'ERROR_MESSAGE' => $error_msg,

			'SUBJECT' => $subject,
			'MESSAGE' => $message)
		);

		return;
	}
Ejemplo n.º 6
0
	public function _home() {
		global $config, $user, $cache, $upload;

		$error = w();

		if (_button()) {
			$filepath = $config['events_path'];
			$filepath_1 = $filepath . 'future/';
			$filepath_2 = $filepath_1 . 'thumbnails/';

			$f = $upload->process($filepath_1, 'event_image', 'jpg');

			if (!sizeof($upload->error) && $f !== false) {
				$img = sql_total('_events');

				// Create vars
				$event_name = request_var('event_name', '');
				$event_artists = request_var('event_artists', '', true);
				$event_year = request_var('event_year', 0);
				$event_month = request_var('event_month', 0);
				$event_day = request_var('event_day', 0);
				$event_hours = request_var('event_hours', 0);
				$event_minutes = request_var('event_minutes', 0);
				$event_current_topic = request_var('event_current_topic', 0);

				$v_date = gmmktime($event_hours, $event_minutes, 0, $event_month, $event_day, $event_year) - $user->timezone - $user->dst;

				foreach ($f as $row) {
					$xa = $upload->resize($row, $filepath_1, $filepath_1, $img, array(600, 400), false, false, true);
					if ($xa === false) {
						continue;
					}
					$xb = $upload->resize($row, $filepath_1, $filepath_2, $img, array(100, 75), false, false);

					$event_alias = friendly($event_name);

					$insert = array(
						'event_alias' => $event_alias,
						'title' => $event_name,
						'archive' => '',
						'date' => (int) $v_date,
						'event_update' => time()
					);
					$event_id = sql_insert('events', $insert);

					//
					$artists_ary = explode(nr(), $event_artists);
					foreach ($artists_ary as $row) {
						$subdomain = get_subdomain($row);

						$sql = 'SELECT *
							FROM _artists
							WHERE subdomain = ?';
						if ($a_row = sql_fieldrow(sql_filter($sql, $subdomain))) {
							$sql = 'SELECT *
								FROM _artists_events
								WHERE a_artist = ?
									AND a_event = ?';
							if (!sql_fieldrow(sql_filter($sql, $a_row['ub'], $event_id))) {
								$sql_insert = array(
									'a_artist' => $a_row['ub'],
									'a_event' => $event_id
								);
								sql_insert('artists_events', $sql_insert);
							}
						}
					}

					// Alice: Create topic
					$event_url = $config['events_url'] . 'future/' . $img  . '.jpg';

					$post_message = 'Evento publicado';
					$post_time = time();
					$forum_id = 21;
					$poster_id = 1433;

					$sql = 'SELECT *
						FROM _forum_topics
						WHERE topic_id = ?';
					if (!$row_current_topic = sql_fieldrow(sql_filter($sql, $event_current_topic))) {
						$insert = array(
							'topic_title' => $event_name,
							'topic_poster' => $poster_id,
							'topic_time' => $post_time,
							'forum_id' => $forum_id,
							'topic_locked' => 0,
							'topic_announce' => 0,
							'topic_important' => 0,
							'topic_vote' => 1,
							'topic_featured' => 1,
							'topic_points' => 1
						);
						$topic_id = sql_insert('forum_topics', $insert);

						$event_current_topic = 0;
					} else {
						$topic_id = $event_current_topic;

						$post_message .= ' en la secci&oacute;n de eventos';

						$sql = 'UPDATE _forum_topics SET topic_title = ?
							WHERE topic_id = ?';
						sql_query(sql_filter($sql, $event_name, $topic_id));
					}

					$post_message .= '.';

					$insert = array(
						'topic_id' => (int) $topic_id,
						'forum_id' => $forum_id,
						'poster_id' => $poster_id,
						'post_time' => $post_time,
						'poster_ip' => $user->ip,
						'post_text' => $post_message,
						'post_np' => ''
					);
					$post_id = sql_insert('forum_posts', $insert);

					$sql = 'UPDATE _events SET event_topic = ?
						WHERE id = ?';
					sql_query(sql_filter($sql, $topic_id, $event_id));

					$insert = array(
						'topic_id' => (int) $topic_id,
						'vote_text' => '&iquest;Asistir&aacute;s a ' . $event_name . '?',
						'vote_start' => time(),
						'vote_length' => (int) ($poll_length * 86400)
					);
					$poll_id = sql_insert('poll_options', $insert);

					$poll_options = array(1 => 'Si asistir&eacute;');

					foreach ($poll_options as $option_id => $option_text) {
						$sql_insert = array(
							'vote_id' => (int) $poll_id,
							'vote_option_id' => (int) $option_id,
							'vote_option_text' => $option_text,
							'vote_result' => 0
						);
						sql_insert('poll_results', $sql_insert);

						$poll_option_id++;
					}

					$sql = 'UPDATE _forums SET forum_posts = forum_posts + 1, forum_last_topic_id = ?' . ((!$event_current_topic) ? ', forum_topics = forum_topics + 1 ' : '') . '
						WHERE forum_id = ?';
					sql_query(sql_filter($sql, $topic_id, $forum_id));

					$sql = 'UPDATE _forum_topics SET topic_first_post_id = ?, topic_last_post_id = ?
						WHERE topic_id = ?';
					sql_query(sql_filter($sql, $post_id, $post_id, $topic_id));

					$sql = 'UPDATE _members SET user_posts = user_posts + 1
						WHERE user_id = ?';
					sql_query(sql_filter($sql, $poster_id));

					// Notify
					$user->save_unread(UH_T, $topic_id);

					redirect(s_link('events', $event_alias));
				}
			}

			_style('error', array(
				'MESSAGE' => parse_error($upload->error))
			);
		}

		$sql = 'SELECT topic_id, topic_title
			FROM _forum_topics t
			LEFT OUTER JOIN _events e ON t.topic_id = e.event_topic
			WHERE e.event_topic IS NULL
				AND forum_id = 21
			ORDER BY topic_time DESC';
		$topics = sql_rowset($sql);

		foreach ($topics as $i => $row) {
			if (!$i) _style('topics');

			_style('topics.row', array(
				'TOPIC_ID' => $row['topic_id'],
				'TOPIC_TITLE' => $row['topic_title'])
			);
		}

		return;
	}
Ejemplo n.º 7
0
	public function check_ref($block_ud = false, $auto_block = false) {
		global $config;

		$url = (getenv('HTTP_REFERER')) ? trim(getenv('HTTP_REFERER')) : v_server('HTTP_REFERER');
		$url = $this->clean_value($url);
		if ($url == '') {
			return;
		}

		$domain = explode('?', str_replace(array('http://', 'https://'), '', $url));
		$domain = trim($domain[0]);
		$domain = explode('/', $domain);
		$excref = $domain[0] . '/' . $domain[1];
		$domain = trim($domain[0]);

		if (($domain == '') || preg_match('#^.*?' . $config['server_name'] . '.*?$#i', $domain)) {
			return;
		}

		if (is_array($this->config['exclude_refs'])) {
			$this->config['exclude_refs'] = $this->config['exclude_refs'][0];
		}

		if ($this->config['exclude_refs'] != '') {
			$this->config['exclude_refs'] = explode(nr(), $this->config['exclude_refs']);

			foreach ($this->config['exclude_refs'] as $e_domain) {
				if (strstr($e_domain, 'www.')) {
					$this->config['exclude_refs'][] = str_replace('www.', '', $e_domain);
				}
			}
		}

		if (in_array($excref, $this->config['exclude_refs'])) {
			return;
		}

		$not_allowed_ref = true;
		if (in_array($excref, $this->config['exclude_refs'])) {
			$domain = $excref;
			$not_allowed_ref = false;
		}

		$request = $this->clean_value(v_server('REQUEST_URI'));
		$auto_block = ($auto_block) ? 1 : 0;

		$insert = true;
		$update = false;
		$banned = false;
		$group_id = '';
		$datetime = time();

		$sql = 'SELECT *
			FROM _ref
			WHERE domain = ?
				OR url = ?
			ORDER BY url';
		$result = sql_rowset(sql_filter($sql, $domain, $url));

		foreach ($result as $row) {
			if ($group_id == '') {
				$group_id = $row['group_id'];
			}

			if ($row['banned']) {
				$banned = true;
			}

			if (($row['url'] == $url) && !$update) {
				$sql_banned = '';
				$update = true;
				$insert = false;

				if (!$banned) {
					$sql_banned = ", banned = " . intval($auto_block);
				}

				$sql = 'UPDATE _ref SET request = ?' . $sql_banned . ', views = views + 1, last_datetime = ?, last_ip = ?
					WHERE domain = ?
						AND url = ?';
				sql_query(sql_filter($sql, $request, $datetime, $user_ip, $domain, $url));
			}
		}

		if ($insert) {
			if ($group_id == '') {
				$group_id = md5(uniqid(time()));
			}

			$sql_insert = array(
				'group_id' => $group_id,
				'domain' => $domain,
				'url' => $url,
				'request' => $request,
				'banned' => $auto_block,
				'views' => 1,
				'datetime' => $datetime,
				'last_datetime' => $datetime,
				'last_ip' => $user_ip
			);
			sql_insert('ref', $sql_insert);
		}

		if ($not_allowed_ref) {
			if ($banned) {
				fatal_error();
			}

			if ($block_ud) {
				redirect(s_link());
			}
		}

		return;
	}
Ejemplo n.º 8
0
	public function parse_message($message, $a_class = '') {
		$this->message = ' ' . $message . ' ';
		unset($message);

		$this->parse_flash();
		$this->parse_youtube();
		$this->parse_images();
		$this->parse_url();
		$this->parse_bbcode();
		$this->parse_smilies();
		$this->a_links($a_class);
		$this->d_links();
		$this->members_profile();
		$this->members_icon();
		$this->replace_blockquote();

		return str_replace(nr(), '<br />', substr($this->message, 1, -1));
	}
Ejemplo n.º 9
0
function fatal_error($mode = '404', $bp_message = '') {
	global $user, $config;

	$current_page = _page();
	$error = 'La p&aacute;gina <strong>' . $current_page . '</strong> ';

	$username = (@method_exists($user, 'd')) ? $user->d('username') : '';
	$bp_message .= nr(false, 2) . $current_page . nr(false, 2) . $username;

	switch ($mode) {
		case 'mysql':
			if (isset($config['default_lang']) && isset($user->lang)) {
				// Send email notification
				$emailer = new emailer();

				$emailer->from('info');
				$emailer->set_subject('MySQL error');
				$emailer->use_template('mcp_delete', $config['default_lang']);
				$emailer->email_address('*****@*****.**');

				$emailer->assign_vars(array(
					'MESSAGE' => $bp_message,
					'TIME' => $user->format_date(time(), 'r'))
				);
				//$emailer->send();
				$emailer->reset();
			} else {
				$email_message = $bp_message . nr(false, 2) . date('r');
				$email_headers = "From: info@rockrepublik.net\nReturn-Path: " . $config['board_email'] . "\nMessage-ID: <" . md5(uniqid(time())) . "@" . $config['server_name'] . ">\nMIME-Version: 1.0\nContent-type: text/plain; charset=iso-8859-1\nContent-transfer-encoding: 8bit\nDate: " . date('r', time()) . "\nX-Priority: 3\nX-MSMail-Priority: Normal\n";
				//$result = @mail('*****@*****.**', 'MySQL error', preg_replace("#(?<!\r)\n#s", "\n", $email_message), $email_headers, "-f{$config['board_email']}");
			}

			$title = 'Error del sistema';
			$error .= 'tiene un error';
			break;
		case '600':
			$title = 'Origen inv&aacute;lido';
			$error .= 'no puede ser accesada porque no se reconoce su IP de origen.';

			@error_log('[php client empty ip] File does not exist: ' . $current_page, 0);
			break;
		default:
			$title = 'Archivo no encontrado';
			$error .= 'no existe';
			$bp_message = '';

			status("404 Not Found");

			@error_log('[php client ' . $user->ip . ($user->d('username') ? ' - ' . $user->d('username') : '') . '] File does not exist: ' . $current_page, 0);
			break;
	}

	if ($mode != '600') {
		$error .= ', puedes regresar a<br /><a href="/">p&aacute;gina de inicio de Rock Republik</a> para encontrar informaci&oacute;n.';

		if (!empty($bp_message)) {
			$error .= '<br /><br />' . $bp_message;
		}
	}

	sql_close();

	$replaces = array(
		'PAGE_TITLE' => $title,
		'PAGE_MESSAGE' => $error
	);

	echo exception('error', $replaces);
	exit;
}
Ejemplo n.º 10
0
	public function _home() {
		global $config, $user, $cache;

		if (!_button()) {
			return false;
		}

		$request = _request(array('name' => '', 'local' => 0, 'location' => '', 'genre' => '', 'email' => '', 'www' => '', 'mods' => ''));
		$request->subdomain = get_subdomain($request->name);

		if (!$request->name) {
			_pre('Ingresa el nombre del artista.', true);
		}

		$sql_insert = array(
			'a_active' => 1,
			'subdomain' => $request->subdomain,
			'name' => $request->name,
			'local' => (int) $request->local,
			'datetime' => time(),
			'location' => $request->location,
			'genre' => $requeset->genre,
			'email' => $request->email,
			'www' => str_replace('http://', '', $request->www)
		);
		$artist_id = sql_insert('artists', $sql_insert);

		// Cache
		$cache->delete('ub_list a_records ai_records a_recent');
		set_config('max_artists', $config['max_artists'] + 1);

		// Create directories
		artist_check($artist_id);

		artist_check($artist_id . ' gallery');
		artist_check($artist_id . ' media');
		artist_check($artist_id . ' thumbnails');
		artist_check($artist_id . ' x1');

		// Mods
		if (!empty($request->mods)) {
			$usernames = w();

			$a_mods = explode(nr(), $request->mods);
			foreach ($a_mods as $each) {
				$username_base = get_username_base($each);

				$sql = 'SELECT *
					FROM _members
					WHERE username_base = ?
						AND user_type <> ?
						AND user_id <> ?';
				if (!$userdata = sql_fieldrow(sql_filter($sql, $username_base, USER_INACTIVE, 1))) {
					continue;
				}

				$sql_insert = array(
					'ub' => $artist_id,
					'user_id' => $userdata['user_id']
				);
				sql_insert('artists_auth', $sql_insert);

				//
				$update = array('user_type' => USER_ARTIST, 'user_auth_control' => 1);

				if (!$userdata['user_rank']) {
					$update['user_rank'] = (int) $config['default_a_rank'];
				}

				$sql = 'UPDATE _members SET ??
					WHERE user_id = ?
						AND user_type NOT IN (??, ??)';
				sql_query(sql_filter($sql, sql_build('UPDATE', $update), $userdata['user_id'], USER_INACTIVE, USER_FOUNDER));
			}

			redirect(s_link('a', $subdomain));
		}
	}
Ejemplo n.º 11
0
	public function _home() {
		global $config, $user, $cache;

		if (!_button()) {
			return;
		}

		$v = _request(array('name' => '', 'base' => '', 'genre' => '', 'start' => 0, 'end' => 0, 'day' => 0, 'dj' => ''));

		$sql = 'SELECT show_id
			FROM _radio
			WHERE show_base = ?';
		if ($row = sql_fieldrow(sql_filter($sql, $v->base))) {
			//_pre('El programa ya existe', true);
		}

		$time_start = mktime($v->start - $user->d('user_timezone'), 0, 0, 0, 0, 0);
		$time_end = mktime($v->end - $user->d('user_timezone'), 0, 0, 0, 0, 0);

		$v->start = date('H', $time_start);
		$v->end = date('H', $time_end);

		$dj_list = $v->dj;
		unset($v->dj);

		foreach ($v as $vv => $d) {
			$v->{'show_' . $vv} = $d;
			unset($v->$vv);
		}

		$show_id = sql_insert('radio', $v);

		$e_dj = explode(nr(), $dj_list);
		foreach ($e_dj as $rowu) {
			$rowu = get_username_base($rowu);

			$sql = 'SELECT *
				FROM _members
				WHERE username = ?';
			if ($row = sql_fieldrow(sql_filter($sql, $rowu))) {
				$sql_insert = array(
					'dj_show' => $show_id,
					'dj_uid' => $row['user_id']
				);
				sql_insert('radio_dj', $sql_insert);

				$sql = 'SELECT *
					FROM _team_members
					WHERE team_id = 4
						AND member_id = ?';
				if (!$row2 = sql_fieldrow(sql_filter($sql, $row['user_id']))) {
					$sql_insert = array(
						'team_id' => 4,
						'member_id' =>  $row['user_id'],
						'real_name' => '',
						'member_mod' => 0
					);
					sql_insert('team_members', $sql_insert);
				}
			}
		}

		$cache->delete('team_members');

		return;
	}
Ejemplo n.º 12
0
	public function _home() {
		global $config, $user, $cache;

		$ftp = new ftp();

		if (!$ftp->ftp_connect($config['broadcast_host'])) {
			_pre('Can not connect', true);
		}

		if (!$ftp->ftp_login($config['broadcast_username'], $config['broadcast_password'])) {
			$ftp->ftp_quit();
			_pre('Can not login', true);
		}

		$cds_file = ROOT . 'interfase/cds/schedule_playlist.txt';

		// Submit
		if (_button()) {
			$hours = request_var('hours', array('' => ''));

			$build = '';
			foreach ($hours as $hour => $play) {
				$build .= ((!empty($build)) ? nr(1) : '') . trim($hour) . ':' . trim($play);
			}

			if ($fp = @fopen($cds_file, 'w')) {
				@flock($fp, LOCK_EX);
				fputs($fp, $build);
				@flock($fp, LOCK_UN);
				fclose($fp);

				_chmod($cds_file, $config['mask']);

				if ($ftp->ftp_put('/Schedule/schedule_playlist.txt', $cds_file)) {
					echo '<h1>El archivo fue procesado correctamente.</h1>';
				} else {
					echo '<h1>Error al procesar, intenta nuevamente.</h1>';
				}
			} else {
				echo 'Error de escritura en archivo local.';
			}

			echo '<br />';
		}

		if (!@file_exists($cds_file)) {
			fatal_error();
		}

		$cds = @file($cds_file);

		$filelist = $ftp->ftp_nlist('/Schedule');
		echo '<pre>';
		print_r($filelist);
		echo '</pre>';

		foreach ($cds as $item)
		{
			$e_item = array_map('trim', explode(':', $item));
			if (!empty($e_item[0]))
			{
				echo sumhour($e_item[0]) . ' <input type="text" name="hours[' . $e_item[0] . ']" value="' . $e_item[1] . '" size="100"' . ((oclock($e_item[0])) ? 'class="highlight"' : '') . ' /><br />' . nr();
			}
		}

		$ftp->ftp_quit();

		return true;
	}
Ejemplo n.º 13
0
	public function _home() {
		global $config, $user, $cache, $comments;

		if (!_button()) {
			return false;
		}

		$post_mode = request_var('post_mode', 0);
		$post_subject = request_var('post_subject', '');
		$post_message = request_var('post_message', '', true);
		$post_skip = request_var('post_skip', '', true);
		$post_reply = request_var('post_reply', 0);

		$post_message = $comments->prepare($post_message);

		$skip_list = '';
		if (!empty($post_skip)) {
			$e_skip = explode(nr(), $post_skip);

			foreach ($e_skip as $i => $row) {
				$row = get_username_base($row);
				$e_skip[$i] = "'" . sql_escape($row) . "'";
			}

			$sql = 'SELECT user_id
				FROM _members
				WHERE username_base IN (' . _implode(',', $e_skip) . ')';
			$user_skip = sql_rowset($sql, false, 'user_id');

			$skip_list = ' AND u.user_id NOT IN (' . _implode(', ', $user_skip) . ') ';
		}

		switch ($post_mode) {
			case 1:
				$sql = 'SELECT u.user_id, u.username
					FROM _members u
					WHERE u.user_type <> 2
						AND u.user_id NOT IN (SELECT ban_userid FROM _banlist)
						AND u.user_id <> ?' . $skip_list . '
					ORDER BY u.username';
				break;
			case 2:
				$sql = 'SELECT u.user_id, u.username
					FROM _members u
					WHERE u.user_type = 6
						AND u.user_id NOT IN (SELECT ban_userid FROM _banlist)
						AND u.user_id <> ' . $skip_list . '
					ORDER BY u.username';
				break;
			case 3:
				$sql = 'SELECT u.user_id, u.username
					FROM _members_friends b, _members u
					WHERE b.buddy_id = ' . $skip_list . '
						AND b.user_id = u.user_id
						AND u.user_id NOT IN (SELECT ban_userid FROM _banlist)
					ORDER BY u.username';
				break;
		}
		$result = sql_rowset(sql_filter($sql, $user->d('user_id')));

		foreach ($result as $row) {
			$row_message = str_replace('[username]', $row['username'], $post_message);

			$insert = array(
				'privmsgs_subject' => $post_subject,
				'privmsgs_from_userid' => (int) $user->d('user_id'),
				'privmsgs_to_userid' => (int) $row['user_id'],
				'privmsgs_date' => $user->time,
				'msg_ip' => $user->ip,
				'msg_can_reply' => (int) $post_reply,
				'privmsgs_mass' => 1,
				'privmsgs_text' => $row_message
			);
			$dc_id = sql_insert('dc', $insert);

			$sql = 'UPDATE _dc SET parent_id = ?, last_msg_id = ?, msg_deleted = ?
				WHERE msg_id = ?';
			sql_query(sql_filter($sql, $dc_id, $dc_id, $user->d('user_id'), $dc_id));

			$user->save_unread(UH_NOTE, $dc_id, 0, $row['user_id']);

			echo $row['username'] . '<br />';
			flush();
		}

		return;
	}
Ejemplo n.º 14
0
	function output() {
		global $user;

		$umode = strtoupper($this->mode);

		$items = '';
		foreach ($this->xml as $item)
		{
			$items .= "\t" . '<item>
		' . (isset($item['author']) ? '<author>' . $item['author'] . '</author>' : '') . '
		<title><![CDATA[' . html_entity_decode_utf8($item['title']) . ']]></title>
		<link>' . $item['link'] . '</link>
		<guid>' . $item['link'] . '</guid>
		<description><![CDATA[' . html_entity_decode_utf8($item['description']) . ']]></description>
		<pubDate>' . date('D, d M Y H:i:s \G\M\T', $item['pubdate']) . '</pubDate>
	</item>' . nr();
		}

		header('Content-type: text/xml');
		echo '<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0">
<channel>
	<title>' . html_entity_decode_utf8(lang('rss_' . $umode)) . '</title>
	<link>http://www.rockrepublik.net/</link>
	<description><![CDATA[' . html_entity_decode_utf8(lang('rss_desc_' . $umode)) . ']]></description>
	<lastBuildDate>' . date('D, d M Y H:i:s \G\M\T', $this->xml[0]['pubdate']) . '</lastBuildDate>
	<webMaster>info@rockrepublik.net</webMaster>
' . $items . '</channel>
</rss>';

		sql_close();
		exit;
	}
Ejemplo n.º 15
0
	public function run() {
		global $config, $auth, $user, $comments;

		$topic_id = request_var('t', 0);
		$post_id = request_var('p', 0);

		if (!$topic_id && !$post_id) {
			fatal_error();
		}

		//
		// Get topic data
		//
		if ($post_id) {
			$sql_from = ', _forum_posts p, _forum_posts p2, _members m ';
			$sql_where = sql_filter('p.post_id = ? AND p.poster_id = m.user_id AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_id <= ?', $post_id, $post_id);
			$sql_count = ', p.post_text, m.username AS reply_username, COUNT(p2.post_id) AS prev_posts, p.post_deleted';
			$sql_order = ' GROUP BY p.post_id, t.topic_id, t.topic_title, t.topic_locked, t.topic_replies, t.topic_time, t.topic_important, t.topic_vote, t.topic_last_post_id, f.forum_name, f.forum_locked, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_announce, f.auth_pollcreate, f.auth_vote ORDER BY p.post_id ASC';
		} else {
			$sql_from = $sql_count = $sql_order = '';
			$sql_where = sql_filter('t.topic_id = ?', $topic_id);
		}

		$sql = 'SELECT t.*, f.*' . $sql_count . '
			FROM _forum_topics t, _forums f' . $sql_from . '
			WHERE ' . $sql_where . ' AND f.forum_id = t.forum_id' . $sql_order;
		if (!$topic_data = sql_fieldrow($sql)) {
			fatal_error();
		}

		switch ($topic_data['forum_alias']) {
			case 'events':
				$sql = 'SELECT event_alias
					FROM _events
					WHERE event_topic = ?';
				if ($event_alias = sql_field(sql_filter($sql, $topic_data['topic_id']), 'event_alias', '')) {
					redirect(s_link('events', $event_alias));
				}
				break;
		}

		//
		// Hide deleted posts
		if (isset($topic_data['post_deleted']) && $topic_data['post_deleted']) {
			fatal_error();
		}

		//
		// Check mod auth
		$mod_auth = $user->is('mod');

		//
		// Init vars
		//
		$forum_id = (int) $topic_data['forum_id'];
		$topic_id = (int) $topic_data['topic_id'];
		$topic_url = s_link('topic', $topic_id);

		$reply = request_var('reply', 0);
		$start = request_var('offset', 0);
		$submit_reply = _button('post');
		$submit_vote = _button('vote');

		$post_message = '';
		$post_reply_message = '';
		$post_np = '';
		$current_time = time();

		$error = $is_auth = w();

		if (!$post_id && $reply) {
			$reply = 0;
		}

		//
		// Start member auth
		//
		$is_auth = $auth->forum(AUTH_ALL, $forum_id, $topic_data);

		if ($submit_reply || $submit_vote) {
			$auth_key = ($submit_reply) ? 'auth_reply' : 'auth_vote';

			if (((!$is_auth['auth_view'] || !$is_auth['auth_read'])) || !$is_auth[$auth_key]) {
				if (!$user->is('member')) {
					do_login();
				}

				$can_reply_closed = $auth->option(w('forum topics delete'));

				if (!$can_reply_closed && ($topic_data['forum_locked'] || $topic_data['topic_locked'])) {
					$error[] = 'TOPIC_LOCKED';

					if ($submit_vote && !$topic_data['topic_vote']) {
						$error[] = 'POST_HAS_NO_POLL';
					}
				}

				if (!sizeof($error)) {
					redirect($topic_url);
				}
			}

			if (!sizeof($error)) {
				if ($submit_vote) {
					$vote_option = request_var('vote_id', 0);

					if ($vote_option) {
						$sql = 'SELECT vd.vote_id
							FROM _poll_options vd, _poll_results vr
							WHERE vd.topic_id = ?
								AND vr.vote_id = vd.vote_id
								AND vr.vote_option_id = ?
							GROUP BY vd.vote_id';
						if ($vote_id = sql_field(sql_filter($sql, $topic_id, $vote_option), 'vote_id', 0)) {
							$sql = 'SELECT *
								FROM _poll_voters
								WHERE vote_id = ?
									AND vote_user_id = ?';
							if (!sql_fieldrow(sql_filter($sql, $vote_id, $user->d('user_id')))) {
								$sql = 'UPDATE _poll_results SET vote_result = vote_result + 1
									WHERE vote_id = ?
										AND vote_option_id = ?';
								sql_query(sql_filter($sql, $vote_id, $vote_option));

								$insert_vote = array(
									'vote_id' => (int) $vote_id,
									'vote_user_id' => (int) $user->d('user_id'),
									'vote_user_ip' => $user->ip,
									'vote_cast' => (int) $vote_option
								);
								sql_insert('poll_voters', $insert_vote);
							}
						}
					}

					redirect(s_link('topic', $topic_id));
				} else {
					$post_message = request_var('message', '', true);
					$post_np = request_var('np', '');

					if ($reply) {
						$post_reply_message = request_var('reply_message', '', true);
					}

					// Check message
					if (empty($post_message)) {
						$error[] = 'EMPTY_MESSAGE';
					}

					if (!sizeof($error) && !$mod_auth)
					{
						$sql = 'SELECT MAX(post_time) AS last_post_time
							FROM _forum_posts
							WHERE poster_id = ?';
						if ($last_post_time = sql_field(sql_filter($sql, $user->d('user_id')))) {
							if (intval($last_post_time) > 0 && ($current_time - intval($last_post_time)) < intval($config['flood_interval'])) {
								$error[] = 'FLOOD_ERROR';
							}
						}
					}

					if (!sizeof($error)) {
						$update_topic = w();

						if (strstr($post_message, '-Anuncio-') && $user->is('mod')) {
							$topic_announce = 1;
							$post_message = str_replace('-Anuncio-', '', $post_message);
							$update_topic['topic_announce'] = $topic_announce;
						}

						if (strstr($post_message, '-Cerrado-') && $user->is('mod')) {
							$topic_locked = 1;
							$post_message = str_replace('-Cerrado-', '', $post_message);
							$update_topic['topic_locked'] = $topic_locked;
						}

						$post_message = $comments->prepare($post_message);

						if ($reply && $post_reply_message != '') {
							$post_reply_message = preg_replace('#(^|[\n ]|\()(http|https|ftp)://([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)(gif|jpg|jpeg|png)#ie', '', $post_reply_message);
						}

						if ($reply && empty($post_reply_message)) {
							$post_reply_message = '...';
						}

						if ($reply && $post_reply_message != '') {
							$post_message = '<blockquote><strong>' . $topic_data['reply_username'] . "</strong>" . nr(false, 2) . $post_reply_message . '</blockquote><br /> ' . $post_message;
						} else {
							$reply = 0;
						}

						$insert_data = array(
							'topic_id' => (int) $topic_id,
							'forum_id' => (int) $forum_id,
							'poster_id' => (int) $user->d('user_id'),
							'post_time' => (int) $current_time,
							'poster_ip' => $user->ip,
							'post_text' => $post_message,
							'post_np' => $post_np
						);
						if ($reply) {
							$insert_data['post_reply'] = $post_id;
						}

						$post_id = sql_insert('forum_posts', $insert_data);

						$user->delete_unread(UH_T, $topic_id);
						$user->save_unread(UH_T, $topic_id);

						if (!in_array($forum_id, forum_for_team_array()) && $topic_data['topic_points']) {
							//$user->points_add(1);
						}

						//
						$a_list = forum_for_team_list($forum_id);
						if (count($a_list)) {
							$sql_delete_unread = 'DELETE FROM _members_unread
								WHERE element = ?
									AND item = ?
									AND user_id NOT IN (??)';
							sql_query(sql_filter($sql_delete_unread, 8, $topic_id, implode(', ', $a_list)));
						}

						$update_topic['topic_last_post_id'] = $post_id;

						if ($topic_locked) {
							topic_feature($topic_id, 0);
						}

						$sql = 'UPDATE _forums SET forum_posts = forum_posts + 1, forum_last_topic_id = ?
							WHERE forum_id = ?';
						sql_query(sql_filter($sql, $topic_id, $forum_id));

						$sql = 'UPDATE _forum_topics SET topic_replies = topic_replies + 1, ' . sql_build('UPDATE', $update_topic) . sql_filter('
							WHERE topic_id = ?', $topic_id);
						sql_query($sql);

						$sql = 'UPDATE _members SET user_posts = user_posts + 1
							WHERE user_id = ?';
						sql_query(sql_filter($sql, $user->d('user_id')));

						redirect(s_link('post', $post_id) . '#' . $post_id);
					}
				}
			}
		}

		if (!$is_auth['auth_view'] || !$is_auth['auth_read']) {
			if (!$user->is('member')) {
				do_login();
			}

			fatal_error();
		}

		if ($post_id) {
			$start = floor(($topic_data['prev_posts'] - 1) / (int) $config['posts_per_page']) * (int) $config['posts_per_page'];
			$user->d('user_topic_order', 0);
		}

		if ($user->is('member')) {
			//
			// Is user watching this topic?
			//
			$sql = 'SELECT notify_status
				FROM _forum_topics_fav
				WHERE topic_id = ?
					AND user_id = ?';
			if (!sql_field(sql_filter($sql, $topic_id, $user->d('user_id')), 'notify_status')) {
				if (_button('watch')) {
					$sql_insert = array(
						'user_id' => $user->d('user_id'),
						'topic_id' => $topic_id,
						'notify_status' => 0
					);
					sql_insert('forum_topics_fav', $sql_insert);

					redirect($topic_url . (($start) ? 's' . $start . '/' : ''));
				}

				_style('watch_topic');
			}
		}

		//
		// Get all data for the topic
		//
		$get_post_id = ($reply) ? 'post_id' : 'topic_id';
		$get_post_data['p.' . $get_post_id] = ${$get_post_id};

		if (!$user->is('founder')) {
			$get_post_data['p.post_deleted'] = 0;
		}

		$sql = 'SELECT p.*, u.user_id, u.username, u.username_base, u.user_avatar, u.user_posts, u.user_gender, u.user_rank, u.user_sig
			FROM _forum_posts p, _members u
			WHERE u.user_id = p.poster_id
				AND p.post_deleted = 0
				AND ' . sql_build('SELECT', $get_post_data) . '
			ORDER BY p.post_time ' . (($user->d('user_topic_order')) ? 'DESC' : 'ASC') .
			((!$reply) ? ' LIMIT ' . (int) $start . ', ' . (int) $config['posts_per_page'] : '');
		if (!$messages = sql_rowset($sql)) {
			if ($topic_data['topic_replies'] + 1) {
				fatal_error();
			}

			redirect(s_link('topic', $topic_id));
		}

		//
		// Re-count topic replies
		//
		if ($user->is('founder')) {
			$sql = 'SELECT COUNT(p.post_id) AS total
				FROM _forum_posts p, _members u
				WHERE p.topic_id = ?
					AND u.user_id = p.poster_id';
			if ($total = sql_field(sql_filter($sql, $topic_id), 'total')) {
				$topic_data['topic_replies2'] = $total - 1;
			}
		}

		//
		// Update the topic views
		//
		if (!$start && !$user->is('founder')) {
			$sql = 'UPDATE _forum_topics
				SET topic_views = topic_views + 1
				WHERE topic_id = ?';
			sql_query(sql_filter($sql, $topic_id));
		}

		//
		// If the topic contains a poll, then process it
		//
		if ($topic_data['topic_vote']) {
			$sql = 'SELECT vd.vote_id, vd.vote_text, vd.vote_start, vd.vote_length, vr.vote_option_id, vr.vote_option_text, vr.vote_result
				FROM _poll_options vd, _poll_results vr
				WHERE vd.topic_id = ?
					AND vr.vote_id = vd.vote_id
				ORDER BY vr.vote_option_order, vr.vote_option_id ASC';
			if ($vote_info = sql_rowset(sql_filter($sql, $topic_id))) {
				$sql = 'SELECT vote_id
					FROM _poll_voters
					WHERE vote_id = ?
						AND vote_user_id = ?';
				$user_voted = sql_field(sql_filter($sql, $vote_info[0]['vote_id'], $user->d('user_id')), 'vote_id', 0);

				$poll_expired = ($vote_info[0]['vote_length']) ? (($vote_info[0]['vote_start'] + $vote_info[0]['vote_length'] < $current_time) ? true : 0) : 0;

				_style('poll', array(
					'POLL_TITLE' => $vote_info[0]['vote_text'])
				);

				if ($user_voted || $poll_expired || !$is_auth['auth_vote'] || $topic_data['topic_locked']) {
					$vote_results_sum = 0;
					foreach ($vote_info as $row) {
						$vote_results_sum += $row['vote_result'];
					}

					_style('poll.results');

					foreach ($vote_info as $row) {
						$vote_percent = ($vote_results_sum > 0) ? $row['vote_result'] / $vote_results_sum : 0;

						_style('poll.results.item', array(
							'CAPTION' => $row['vote_option_text'],
							'RESULT' => $row['vote_result'],
							'PERCENT' => sprintf("%.1d", ($vote_percent * 100)))
						);
					}
				} else {
					_style('poll.options', array(
						'S_VOTE_ACTION' => $topic_url)
					);

					foreach ($vote_info as $row) {
						_style('poll.options.item', array(
							'POLL_OPTION_ID' => $row['vote_option_id'],
							'POLL_OPTION_CAPTION' => $row['vote_option_text'])
						);
					}
				}
			}
		}

		//
		// Advanced auth
		//

		$controls = $user_profile = w();
		$unset_user_profile = w('user_id user_posts user_gender');

		_style('posts');

		foreach ($messages as $row) {
			if ($user->is('member')) {
				$poster = ($row['user_id'] != GUEST) ? $row['username'] : (($row['post_username'] != '') ? $row['post_username'] : lang('guest'));

				$controls[$row['post_id']]['reply'] = s_link('post', $row['post_id'], 'reply');

				if ($mod_auth) {
					$controls[$row['post_id']]['edit'] = s_link('acp', array('forums_post_modify', 'msg_id' => $row['post_id']));
					$controls[$row['post_id']]['delete'] = s_link('acp', array('forums_post_delete', 'msg_id' => $row['post_id']));
				}
			}

			$user_profile[$row['user_id']] = $comments->user_profile($row, '', $unset_user_profile);

			$data = array(
				'POST_ID' => $row['post_id'],
				'POST_DATE' => $user->format_date($row['post_time']),
				'MESSAGE' => $comments->parse_message($row['post_text']),
				'PLAYING' => $row['post_np'],
				'DELETED' => $row['post_deleted'],
				'UNREAD' => 0
			);

			foreach ($user_profile[$row['user_id']] as $key => $value) {
				$data[strtoupper($key)] = $value;
			}

			_style('posts.item', $data);
			_style('posts.item.' . (($row['user_id'] != GUEST) ? 'username' : 'guestuser'));

			if (isset($controls[$row['post_id']])) {
				_style('posts.item.controls');

				foreach ($controls[$row['post_id']] as $item => $url) {
					_style('posts.item.controls.'.$item, array('URL' => $url));
				}
			}
		}

		//
		// Display Member topic auth
		//
		/*
		if ($mod_auth) {
			$mod = array((($topic_data['topic_important']) ? 'important' : 'normal'), 'delete', 'move', ((!$topic_data['topic_locked']) ? 'lock' : 'unlock'), 'split', 'merge');

			$mod_topic = w();
			foreach ($mod as $item) {
				if ($auth->option(array('forum', 'topics', $item))) {
					$mod_topic[strtoupper($item)] = s_link('acp', array('topic', topic' => $topic_id, 'mode' => $item));
				}
			}

			if (sizeof($mod_topic)) {
				_style('auth');

				foreach ($mod_topic as $k => $v) {
					_style('auth.item', array(
						'URL' => $v,
						'LANG' => lang($k . '_topic'))
					);
				}
			}
		}
		*/
		build_num_pagination($topic_url . 's%d/', ($topic_data['topic_replies'] + 1), $config['posts_per_page'], $start, '', 'TOPIC_');

		//
		// Posting box
		if (sizeof($error)) {
			_style('post_error', array(
				'MESSAGE' => parse_error($error))
			);
		}

		$can_reply_closed = $auth->option(array('forum', 'topics', 'delete'));

		if ((!$topic_data['forum_locked'] && !$topic_data['topic_locked']) || $can_reply_closed) {
			if ($user->is('member')) {
				if ($is_auth['auth_reply']) {
					$s_post_action = (($reply) ? s_link('post', $post_id, 'reply') : $topic_url) . '#e';

					_style('post_box', array(
						'MESSAGE' => $post_message,
						'NP' => $post_np,
						'S_POST_ACTION' => $s_post_action)
					);

					if ($reply) {
						if (empty($post_reply_message)) {
							$post_reply_message = $comments->remove_quotes($topic_data['post_text']);
						}

						if (!empty($post_reply_message)) {
							$rx = array('#(^|[\n ]|\()(http|https|ftp)://([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)(gif|jpg|jpeg|png)#is', '#\[yt:[0-9a-zA-Z\-\=\_]+\]#is', '#\[sb\]#is', '#\[\/sb\]#is');
							$post_reply_message = preg_replace($rx, '', $post_reply_message);
						}

						if (empty($post_reply_message)) {
							$post_reply_message = '...';
						}

						_style('post_box.reply', array(
							'MESSAGE' => $post_reply_message)
						);
					}
				}
			}
		}

		// MOD: Featured topic
		if ($user->is('mod')) {
			$v_lang = ($topic_data['topic_featured']) ? 'REM' : 'ADD';

			_style('feature', array(
				'U_FEAT' => s_link('acp', array('forums_topic_feature', 'msg_id', $topic_data['topic_id'])),
				'V_LANG' => lang('topic_featured_' . $v_lang))
			);
		}

		//
		// Send vars to template
		//
		v_style(array(
			'FORUM_NAME' => $topic_data['forum_name'],
			'TOPIC_TITLE' => $topic_data['topic_title'],
			'TOPIC_REPLIES' => $topic_data['topic_replies'],

			'S_TOPIC_ACTION' => $topic_url . (($start) ? 's' . $start . '/' : ''),
			'U_VIEW_FORUM' => s_link('forum', $topic_data['forum_alias']))
		);

		$layout_file = 'topic';
		if (@file_exists('./template/custom/topics_' . $forum_id . '.htm')) {
			$layout_file = 'custom/topics_' . $forum_id;
		}

		if (@file_exists('./template/custom/topic_' . $topic_id . '.htm')) {
			$layout_file = 'custom/topic_' . $topic_id;
		}

		$this->_title = $topic_data['topic_title'];
		$this->_template = $layout_file;

		return;
	}
Ejemplo n.º 16
0
	public function extra_headers($headers) {
		$this->extra_headers .= trim($headers) . nr();
	}
Ejemplo n.º 17
0
	public function registry($action, $uid = false) {
		$method = preg_replace('#^(INSERT|UPDATE|DELETE) (.*?)$#is', '\1', $action);
		$method = strtolower($method);
		
		if (!in_array($method, w('insert update delete'))) {
			return;
		}
		
		if (!$whitelist = get_file(XFS.XCOR . 'store/sql_history')) {
			return;
		}
		
		if (!count($whitelist)) {
			return;
		}
		
		$action = str_replace(array(nr(), "\t", nr(true)), array('', '', ' '), $action);
		$table = preg_replace('#^(INSERT\ INTO|UPDATE|DELETE\ FROM) (\_[a-z\_]+) (.*?)$#is', '\2', $action);
		
		if (!in_array($table, $whitelist)) {
			return;
		}
		
		$actions = '';
		switch ($method) {
			case 'insert':
				if (!preg_match('#^INSERT INTO (\_[a-z\_]+) \((.*?)\) VALUES \((.*?)\)$#is', $action, $s_action)) {
					return;
				}
				
				$keys = array_map('trim', explode(',', $s_action[2]));
				$values = array_map('trim', explode(',', $s_action[3]));
				
				foreach ($values as $i => $row) {
					$values[$i] = preg_replace('#^\'(.*?)\'$#i', '\1', $row);
				}
				
				if (count($keys) != count($values)) {
					return;
				}
				
				$query = array(
					'table' => $s_action[1],
					'query' => array_combine($keys, $values)
				);
				break;
			case 'update':
				if (!preg_match('#^UPDATE (\_[a-z\_]+) SET (.*?) WHERE (.*?)$#is', $action, $s_action)) {
					return;
				}
				
				$all = array(
					'set' => array_map('trim', explode(',', $s_action[2])),
					'where' => array_map('trim', explode('AND', $s_action[3]))
				);
				
				foreach ($all as $j => $v) {
					foreach ($v as $i => $row) {
						$v_row = array_map('trim', explode('=', $row));
						
						$all[$j][$v_row[0]] = preg_replace('#^\'(.*?)\'$#i', '\1', $v_row[1]);
						unset($all[$j][$i]);
					}
				}
				
				$query = array(
					'table' => $s_action[1],
					'set' => $all['set'],
					'where' => $all['where']
				);
				break;
			case 'delete':
				if (!preg_match('#^DELETE FROM (\_[a-z\_]+) WHERE (.*?)$#is', $action, $s_action)) {
					return;
				}
				
				$all = array('where' => array_map('trim', explode('AND', $s_action[2])));
				
				foreach ($all as $j => $v) {
					foreach ($v as $i => $row) {
						$v_row = array_map('trim', explode('=', $row));
						
						$all[$j][$v_row[0]] = preg_replace('#^\'(.*?)\'$#i', '\1', $v_row[1]);
						unset($all[$j][$i]);
					}
				}
				
				$query = array(
					'table' => $s_action[1],
					'where' => $all['where']
				);
				break;
		}
		
		global $user;
		
		$sql_insert = array(
			'time' => time(),
			'uid' => $user->d('user_id'),
			'method' => $method,
			'actions' => json_encode($query)
		);
		$sql = 'INSERT INTO _log' . $this->build('INSERT', prefix('log', $sql_insert));
		$this->query($sql);
		
		return;
	}
Ejemplo n.º 18
0
}

$is_firefox = (strstr($user->browser, 'Gecko')) ? true : false;
$is_ie = (strstr($user->browser, 'IE')) ? true : false;

if (strstr($user->browser, 'compatible') || $is_firefox) {
	ob_start('ob_gzhandler');
}

// Headers
#header('Cache-Control: private, no-cache="set-cookie", pre-check=0, post-check=0');
#header('Pragma: no-cache');
#header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 60) . ' GMT');
header('Content-type: text/css; charset=utf-8');
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + (60 * 60 * 24 * 30)) . ' GMT');

v_style(array(
	'FF' => $is_firefox,
	'IE' => $is_ie)
);

$template->set_filenames(array(
	'body' => 'css/' . $filename . '.css')
);
$template->assign_var_from_handle('EXT', 'body');

sql_close();

echo preg_replace('/\s\s+/', ' ', str_replace(array(nr(1), nr(), "\t"), '', preg_replace('!/\*.*?\*/!s', '', $template->vars['EXT'])));
exit;
Ejemplo n.º 19
-2
	public function run() {
		global $config, $auth, $user, $comments, $cache;

		$forum_id = request_var('f', '');
		$start = request_var('offset', 0);
		$submit_topic = _button('post');

		if (empty($forum_id)) {
			fatal_error();
		}

		$is_int_forumid = false;
		if (preg_match('#^(\d+)$#is', $forum_id)) {
			$is_int_forumid = true;
			$forum_id = intval($forum_id);

			$sql = 'SELECT *
				FROM _forums
				WHERE forum_id = ?';
			$sql = sql_filter($sql, $forum_id);
		} else {
			$sql = 'SELECT *
				FROM _forums
				WHERE forum_alias = ?';
			$sql = sql_filter($sql, $forum_id);
		}

		if (!$forum_row = sql_fieldrow($sql)) {
			fatal_error();
		}

		if ($is_int_forumid) {
			redirect(s_link('forum', $forum_row['forum_alias']), true);
		}

		$forum_id = $forum_row['forum_id'];

		//
		// Start auth check
		//
		$is_auth = w();
		$is_auth = $auth->forum(AUTH_ALL, $forum_id, $forum_row);

		if (!$is_auth['auth_view'] || !$is_auth['auth_read']) {
			if (!$user->is('member')) {
				do_login();
			}

			fatal_error();
		}

		$error_msg = '';
		$post_title = '';
		$post_message = '';
		$post_np = '';
		$poll_title = '';
		$poll_options = '';
		$poll_length = '';
		$current_time = time();

		if ($submit_topic) {
			$topic_important = _button('topictype');
			$auth_key = ($topic_important) ? 'auth_announce' : 'auth_post';

			if ($forum_row['forum_locked'] && !$is_auth['auth_mod']) {
				$error_msg .= (($error_msg != '') ? '<br />' : '') . lang('forum_locked');
			}

			if (!$is_auth[$auth_key]) {
				if (!$user->is('member')) {
					do_login();
				}

				if (empty($error_msg)) {
					redirect($topic_url);
				}
			}

			if (empty($error_msg)) {
				$post_title = request_var('topic_title', '');
				$post_message = request_var('message', '', true);
				$post_np = request_var('np', '', true);
				$poll_title = '';
				$poll_options = '';
				$poll_length = 0;

				if ($is_auth['auth_pollcreate']) {
					$poll_title = request_var('poll_title', '');
					$poll_options = request_var('poll_options', '');
					$poll_length = request_var('poll_length', 0);
				}

				// Check subject
				if (empty($post_title)) {
					$error_msg .= (($error_msg != '') ? '<br />' : '') . lang('empty_subject');
				}

				// Check message
				if (empty($post_message)) {
					$error_msg .= (($error_msg != '') ? '<br />' : '') . lang('empty_message');
				}

				if (!empty($poll_options)) {
					$real_poll_options = w();
					$poll_options = explode(nr(), $poll_options);

					foreach ($poll_options as $option) {
						if ($option != '') {
							$real_poll_options[] = $option;
						}
					}

					$sizeof_poll_options = sizeof($real_poll_options);

					if ($sizeof_poll_options < 2) {
						$error_msg .= (($error_msg != '') ? '<br />' : '') . lang('few_poll_options');
					} else if ($sizeof_poll_options > $config['max_poll_options']) {
						$error_msg .= (($error_msg != '') ? '<br />' : '') . lang('many_poll_options');
					} else if ($poll_title == '') {
						$error_msg .= (($error_msg != '') ? '<br />' : '') . lang('empty_poll_title');
					}
				}

				if (empty($error_msg) && !$is_auth['auth_mod']) {
					$sql = 'SELECT MAX(post_time) AS last_post_time
						FROM _forum_posts
						WHERE poster_id = ?';
					if ($last_post_time = sql_field(sql_filter($sql, $user->d('user_id')))) {
						if (intval($last_post_time) > 0 && ($current_time - intval($last_post_time)) < intval($config['flood_interval'])) {
							$error_msg .= (($error_msg != '') ? '<br />' : '') . lang('flood_error');
						}
					}
				}

				if (empty($error_msg)) {
					$topic_announce = 0;
					$topic_locked = 0;

					if ((strstr($post_message, '-Anuncio-') && $user->is('all')) || in_array($forum_id, array(15, 16, 17))) {
						$topic_announce = 1;
						$post_message = str_replace('-Anuncio-', '', $post_message);
					}

					if (strstr($post_message, '-Cerrado-') && $user->is('mod')) {
						$topic_locked = 1;
						$post_message = str_replace('-Cerrado-', '', $post_message);
					}

					$post_message = $comments->prepare($post_message);
					$topic_vote = (!empty($poll_title) && $sizeof_poll_options >= 2) ? 1 : 0;

					if (!$user->is('founder')) {
						$post_title = strnoupper($post_title);
					}

					$insert_data['TOPIC'] = array(
						'topic_title' => $post_title,
						'topic_poster' => (int) $user->d('user_id'),
						'topic_time' => (int) $current_time,
						'forum_id' => (int) $forum_id,
						'topic_locked' => $topic_locked,
						'topic_announce' => $topic_announce,
						'topic_important' => (int) $topic_important,
						'topic_vote' => (int) $topic_vote,
						'topic_featured' => 1,
						'topic_points' => 1
					);
					$topic_id = sql_insert('forum_topics', $insert_data['TOPIC']);

					$insert_data['POST'] = array(
						'topic_id' => (int) $topic_id,
						'forum_id' => (int) $forum_id,
						'poster_id' => (int) $user->d('user_id'),
						'post_time' => (int) $current_time,
						'poster_ip' => $user->ip,
						'post_text' => $post_message,
						'post_np' => $post_np
					);
					$post_id = sql_insert('forum_posts', $insert_data['POST']);

					if ($topic_vote) {
						$insert_data['POLL'] = array(
							'topic_id' => (int) $topic_id,
							'vote_text' => $poll_title,
							'vote_start' => (int) $current_time,
							'vote_length' => (int) ($poll_length * 86400)
						);
						$poll_id = sql_insert('poll_options', $insert_data['POLL']);

						$poll_option_id = 1;
						foreach ($real_poll_options as $option) {
							$insert_data['POLLRESULTS'] = array(
								'vote_id' => (int) $poll_id,
								'vote_option_id' => (int) $poll_option_id,
								'vote_option_text' => $option,
								'vote_result' => 0
							);
							sql_insert('poll_results', $insert_data['POLLRESULTS']);

							$poll_option_id++;
						}

						if ($forum_id == $config['main_poll_f']) {
							$cache->delete('last_poll_id');
						}
					}

					$user->save_unread(UH_T, $topic_id);

					if (!in_array($forum_id, forum_for_team_array())) {
						//$user->points_add(2);
					}

					$a_list = forum_for_team_list($forum_id);
					if (count($a_list)) {
						$sql_delete_unread = 'DELETE FROM _members_unread
							WHERE element = ?
								AND item = ?
								AND user_id NOT IN (??)';
						sql_query(sql_filter($sql_delete_unread, 8, $topic_id, implode(', ', $a_list)));
					}

					if (count($a_list) || in_array($forum_id, array(20, 39))) {
						topic_feature($topic_id, 0);
						topic_arkane($topic_id, 0);
					}

					$sql = 'UPDATE _forums SET forum_posts = forum_posts + 1, forum_last_topic_id = ?, forum_topics = forum_topics + 1
						WHERE forum_id = ?';
					sql_query(sql_filter($sql, $topic_id, $forum_id));

					$sql = 'UPDATE _forum_topics SET topic_first_post_id = ?, topic_last_post_id = ?
						WHERE topic_id = ?';
					sql_query(sql_filter($sql, $post_id, $post_id, $topic_id));

					$sql = 'UPDATE _members SET user_posts = user_posts + 1
						WHERE user_id = ?';
					sql_query(sql_filter($sql, $user->d('user_id')));

					redirect(s_link('topic', $topic_id));
				}
			}
		}
		//
		// End Submit
		//

		$topics_count = ($forum_row['forum_topics']) ? $forum_row['forum_topics'] : 1;

		$topics = new stdClass();
		$total = new stdClass();

		//
		// All announcement data
		//
		$sql = 'SELECT t.*, u.user_id, u.username, u.username_base, u2.user_id as user_id2, u2.username as username2, u2.username_base as username_base2, p.post_time, p.post_username as post_username2
			FROM _forum_topics t, _members u, _forum_posts p, _members u2
			WHERE t.forum_id = ?
				AND t.topic_poster = u.user_id
				AND p.post_id = t.topic_last_post_id
				AND p.poster_id = u2.user_id
				AND t.topic_announce = 1
			ORDER BY t.topic_last_post_id DESC';
		$topics->important = sql_rowset(sql_filter($sql, $forum_id));
		$total->important = (is_array($topics->important)) ? count($topics->important) : 0;

		//
		// Grab all the topics data for this forum
		//
		$sql = 'SELECT t.*, u.user_id, u.username, u.username_base, u2.user_id as user_id2, u2.username as username2, u2.username_base as username_base2, p.post_username, p2.post_username AS post_username2, p2.post_time
			FROM _forum_topics t, _members u, _forum_posts p, _forum_posts p2, _members u2
			WHERE t.forum_id = ?
				AND t.topic_poster = u.user_id
				AND p.post_id = t.topic_first_post_id
				AND p2.post_id = t.topic_last_post_id
				AND u2.user_id = p2.poster_id
				AND t.topic_announce = 0
			ORDER BY t.topic_important DESC, /*t.topic_last_post_id*/p2.post_time DESC
			LIMIT ??, ??';
		$topics->normal = sql_rowset(sql_filter($sql, $forum_id, $start, $config['topics_per_page']));
		$total->normal = (is_array($topics->normal)) ? count($topics->normal) : 0;

		//
		// Total topics ...
		//
		//$total_topics += $total_announcements;
		//$total_topics = $total->important + $total->normal;

		//
		// Post URL generation for templating vars
		//
		if ($is_auth['auth_post'] || $is_auth['auth_mod']) {
			_style('topic_create', array(
				'L_POST_NEW_TOPIC' => ($forum_row['forum_locked']) ? lang('forum_locked') : lang('post_newtopic'))
			);
		}

		//
		// Dump out the page header and load viewforum template
		//
		v_style(array(
			'FORUM_ID' => $forum_id,
			'FORUM_NAME' => $forum_row['forum_name'],
			'U_VIEW_FORUM' => s_link('forum', $forum_row['forum_alias']))
		);
		//
		// End header
		//

		//
		// Let's build the topics
		//
		$i = 0;
		foreach ($topics as $alias => $list) {
			foreach ($list as $j => $row) {
				if (!$i) {
					_style('topics');

					$topics_count -= $total->important;

					build_num_pagination(s_link('forum', $forum_row['forum_alias'], 's%d'), $topics_count, $config['topics_per_page'], $start, '', 'TOPICS_');
				}

				if (!$j) {
					_style('topics.alias', array(
						'NAME' => lang('topic_' . $alias),
						'SHOW' => ($total->important && $total->normal > 1))
					);
				}

				$row = (object) $row;

				if ($row->user_id != GUEST) {
					$row->author = '<a  href="' . s_link('m', $row->username_base2) . '">' . $row->username2 . '</a>';
				} else {
					$row->author = '<span>*' . (($row->post_username2 != '') ? $row->post_username2 : lang('guest')) . '</span>';
				}

				if ($row->user_id2 != GUEST) {
					$row->poster = '<a href="' . s_link('m', $row->username_base2) . '">' . $row->username2 . '</a>';
				} else {
					$row->poster = '<span>*' . (($row->post_username2 != '') ? $row->post_username2 : lang('guest')) . '</span>';
				}

				_style('topics.alias.row', array(
					'FORUM_ID' => $forum_id,
					'TOPIC_ID' => $row->topic_id,
					'TOPIC_AUTHOR' => $row->author,
					'REPLIES' => $row->topic_replies,
					'VIEWS' => ($user->is('founder')) ? $row->topic_views : '',

					'TOPIC_TITLE' => $row->topic_title,
					'TOPIC_CREATION_TIME' => $user->format_date($row->topic_time),
					'LAST_POST_TIME' => $user->format_date($row->post_time),
					'LAST_POST_AUTHOR' => $row->poster,
					'U_TOPIC' => s_link('topic', $row->topic_id))
				);

				$i++;
			}
		}

		if (!$topics_count) {
			if ($start) {
				redirect(s_link('forum', $forum_row['forum_alias']), true);
			}
			_style('no_topics');
		}

		//
		// Posting box
		//
		if (!empty($error_msg) || (!$is_auth['auth_mod'] && $forum_row['forum_locked']) || (!$is_auth['auth_post'] && $forum_row['auth_post'] == AUTH_REG) || $is_auth['auth_post']) {
			if ($is_auth['auth_post']) {
				if (!empty($poll_options)) {
					$poll_options = implode(nr(), $poll_options);
				}

				_style('publish', array(
					'S_POST_ACTION' => s_link('forum', $forum_row['forum_alias']),

					'TOPIC_TITLE' => $post_title,
					'MESSAGE' => $post_message,
					'NP' => $post_np,

					'POLL_TITLE' => $poll_title,
					'POLL_OPTIONS' => $poll_options,
					'POLL_LENGTH' => $poll_length)
				);

				if ($is_auth['auth_pollcreate']) {
					_style('publish.poll');

					if (empty($poll_options)) {
						_style('publish.poll.hide');
					}
				}
			}

			if (!empty($error_msg)) {
				_style('publish.alert', array(
					'MESSAGE' => $error_msg)
				);
			}
		}

		$layout_file = 'topics';

		$use_m_template = 'custom/forum_' . $forum_id;
		if (@file_exists(ROOT . 'template/' . $use_m_template . '.htm')) {
			$layout_file = $use_m_template;
		}

		$this->_title = $forum_row['forum_name'];
		$this->_template = $layout_file;

		return;
	}