<ul class="list-inline" style="font-size:80%;color:rgb(100,100,100);"> <?php if ($_post['row']['level'] > 1) { ?> <li><span class="label"><?php echo sc_member_level($_post['row']['level']); ?> </span></li> <?php } ?> <li><?php echo $_post['row']['mktime']; ?> </li> <li><?php echo date('Y-m-d H:i', strtotime($_post['row']['mktime'])); ?> </li> <li><?php echo $_post_reply['num_rows']; ?> 回覆</li> </ul> </div> <?php } while ($_post['row'] = $_post['query']->fetch_assoc()); $_all = sc_get_result("SELECT COUNT(*) FROM `forum` WHERE `title` LIKE '%%%s%%' OR `content` LIKE '%%%s%%'", array(sc_xss_filter($_GET['q']), sc_xss_filter($_GET['q']))); echo sc_page_pagination('forumsearch.php', @$_GET['page'], implode('', $_all['row']), $center['forum']['limit'], '&q=' . sc_xss_filter($_GET['q'])); } $view->render();
if ($_post['num_rows'] <= 0) { header("Location: forum.php"); exit; } if (isset($_GET['reply'])) { if ($_SESSION['Center_UserGroup'] == 0) { header("Location: forumview.php?banned&id=" . $_GET['id']); exit; } } if (isset($_GET['reply']) && isset($_POST['content']) && trim($_POST['content'], " ") != '') { $SQL->query("INSERT INTO `forum_reply` ( `post_id`,`content`, `mktime`, `author`) VALUES ('%s','%s',now(),'%d')", array($_post['row']['id'], sc_xss_filter($_POST['content']), $_SESSION['Center_Id'])); if ($_SESSION['Center_Id'] != $_post['row']['author']) { sc_add_notice(sc_get_headurl() . 'forumview.php?id=' . $_post['row']['id'], $_SESSION['Center_Username'] . '在您的帖子中發表回覆', $_SESSION['Center_Id'], $_post['row']['author']); } sc_tag_member(sc_xss_filter($_POST['content']), sc_get_headurl() . 'forumview.php?id=' . $_post['row']['id'], $_SESSION['Center_Username'] . '在論壇提到你', $_SESSION['Center_Id']); header("Location: forumview.php?replying&id=" . $_GET['id']); } $_block = sc_get_result("SELECT * FROM `forum_block` WHERE `id`='%d'", array($_post['row']['block'])); $limit_row = $center['forum']['limit']; if (isset($_GET['page'])) { $limit_start = abs(intval(($_GET['page'] - 1) * $limit_row)); $_reply = sc_get_result("SELECT * FROM `forum_reply` WHERE `post_id`='%d' ORDER BY `mktime` ASC LIMIT %d,%d", array($_post['row']['id'], $limit_start, $limit_row)); } else { $limit_start = 0; $_reply = sc_get_result("SELECT * FROM `forum_reply` WHERE `post_id`='%d' ORDER BY `mktime` ASC LIMIT %d,%d", array($_post['row']['id'], $limit_start, $limit_row)); } $_author = sc_get_result("SELECT `username` FROM `member` WHERE `id` = '%d'", array($_post['row']['author'])); $view = new View('include/theme/default.html', 'include/nav.php', NULL, $center['site_name'], $_post['row']['title']); $view->addScript("include/js/notice.js"); if (isset($_GET['replying'])) {
<?php if ($_post['row']['level'] > 1) { ?> <li><span class="label"><?php echo sc_member_level($_post['row']['level']); ?> </span></li> <?php } ?> <li><?php echo $_author['row']['username']; ?> </li> <li><?php echo date('Y-m-d H:i', strtotime($_post['row']['mktime'])); ?> </li> <li><?php echo implode('', $_reply['row']); ?> 回覆</li> </ul> </div> <?php } while ($_post['row'] = $_post['query']->fetch_assoc()); $_all_post = sc_get_result("SELECT COUNT(*) FROM `forum` WHERE `title` LIKE '%%%s%%' OR `content` LIKE '%%%s%%' OR `author` LIKE '%%%s%%' {$_block} {$_level} {$_mktime}", array(sc_xss_filter($_GET['q']), sc_xss_filter($_GET['q']), $_GET['author'])); echo sc_page_pagination('forumsearch.php', @$_GET['page'], implode('', $_all_post['row']), $center['forum']['limit'], '&q=' . sc_xss_filter($_GET['q']) . '&author=' . urlencode(sc_namefilter($_GET['author'])) . '&block=' . urlencode(abs($_GET['block'])) . '&level=' . urlencode(abs($_GET['level'])) . '&mktime[]=' . $GET_mktime['0'] . '&mktime[]=' . $GET_mktime['1']); } } $view->render();
} $SQL->query("UPDATE `forum` SET `title` = '%s', `content` = '%s',`block`='%d',`level`='%d' WHERE `id` = '%d' AND `author` = '%d'", array(htmlspecialchars($_POST['title']), sc_xss_filter($_POST['content']), abs($_POST['block']), abs($_POST['level']), $_GET['id'], $_SESSION['Center_Id'])); header("Location: forumview.php?editok&id=" . $_post['row']['id']); } } elseif (isset($_GET['reply'])) { if (isset($_GET['post'])) { header("Location: forum.php"); exit; } $_reply = sc_get_result("SELECT * FROM `forum_reply` WHERE `id` = '%d' AND `author` = '%d'", array($_GET['id'], $_SESSION['Center_Id'])); if ($_reply['num_rows'] <= 0) { header("Location: forum.php"); exit; } if (isset($_POST['content']) && trim(strip_tags($_POST['content']), " ") != '') { $SQL->query("UPDATE `forum_reply` SET `content` = '%s' WHERE `id` = '%d' AND `author` = '%d'", array(sc_xss_filter($_POST['content']), $_GET['id'], $_SESSION['Center_Id'])); header("Location: forumview.php?editok&id=" . $_reply['row']['post_id']); } } else { header("Location: forum.php"); exit; } $view = new View('include/theme/default.html', 'include/nav.php', NULL, $center['site_name'], '論壇編輯'); $view->addScript("include/js/notice.js"); $view->addCSS("include/js/cleditor/jquery.cleditor.css"); $view->addScript("include/js/cleditor/jquery.cleditor.min.js"); $view->addScript("include/js/cleditor/jquery.cleditor.table.js"); ?> <script> $(function(){ $("#cleditor").cleditor({width:'99%', height:300, useCSS:true})[0].focus();
} else { $register = 0; } if (isset($_POST['compress'])) { $compress = 1; } else { $compress = 0; } if (isset($_POST['forum_captcha'])) { $forum_captcha = 1; } else { $forum_captcha = 0; } $config = '../config.php'; $config_sample = '../config-sample.php'; $put_config = vsprintf(file_get_contents($config_sample), array(addslashes($_POST['site_name']), $register, $_POST['mail'], abs($_POST['public']), abs($_POST['avatar_max_size']), $compress, abs($_POST['quality']), $forum_captcha, abs($_POST['forum_limit']), sc_xss_filter($_POST['member_message']))); file_put_contents($config, $put_config); $_GET['ok'] = true; require '../config.php'; } $view = new View('theme/admin_default.html', 'admin/nav.php', '', $center['site_name'], '系統設定', true); if (isset($_GET['ok'])) { ?> <div class="alert alert-success">編輯成功!</div> <?php } ?> <script> $(function(){ $('input[name="quality"]').on('change keyup', function(){ $('#quality_percent').html($(this).val()+' %');
} $SQL->query("UPDATE `forum` SET `title` = '%s', `content` = '%s',`block`='%d',`level`='%d' WHERE `id` = '%d'", array(htmlspecialchars($_POST['title']), sc_xss_filter($_POST['content']), abs($_POST['block']), abs($_POST['level']), $_GET['id'])); header("Location: forumview.php?editok&id=" . $_post['row']['id']); } } elseif (isset($_GET['reply'])) { if (isset($_GET['post'])) { header("Location: forum.php"); exit; } $_reply = sc_get_result("SELECT * FROM `forum_reply` WHERE `id` = '%d'", array($_GET['id'])); if ($_reply['num_rows'] <= 0) { header("Location: forum.php"); exit; } if (isset($_POST['content']) && trim(strip_tags($_POST['content']), " ") != '') { $SQL->query("UPDATE `forum_reply` SET `content` = '%s' WHERE `id` = '%d'", array(sc_xss_filter($_POST['content']), $_GET['id'])); header("Location: forumview.php?editok&id=" . $_reply['row']['post_id']); } } else { header("Location: forum.php"); exit; } $view = new View('theme/admin_default.html', 'admin/nav.php', '', $center['site_name'], '論壇編輯', true); $view->addCSS("../include/js/cleditor/jquery.cleditor.css"); $view->addScript("../include/js/cleditor/jquery.cleditor.min.js"); $view->addScript("../include/js/cleditor/jquery.cleditor.table.js"); ?> <script> $(function(){ $("#cleditor").cleditor({width:'99%', height:300, useCSS:true})[0].focus(); });
function sc_add_forum_post($_title, $_content, $_block, $_id, $_level) { global $SQL; $SQL->query("INSERT INTO `forum` (`title`, `content`,`block`, `level`, `mktime`, `author`) VALUES ('%s', '%s','%d', '%d', now(),'%d')", array(htmlspecialchars($_title), sc_xss_filter($_content), abs($_block), abs($_level), abs($_id))); return 1; }