// Fetch some info about the forum $result = $db->query('SELECT `f`.`forum_name`, ' . '`f`.`redirect_url`, ' . '`f`.`moderators`, ' . '`f`.`num_topics`, ' . '`f`.`sort_by`, ' . '`fp`.`post_topics`, ' . '`lf`.`log_time`, ' . '`f`.`id` AS `forum_id` ' . 'FROM `' . $db->prefix . 'forums` AS `f` ' . 'LEFT JOIN `' . $db->prefix . 'forum_perms` AS `fp` ' . 'ON (`fp`.`forum_id`=`f`.`id` AND `fp`.`group_id`=' . $pun_user['g_id'] . ') ' . 'LEFT JOIN `' . $db->prefix . 'log_forums` AS `lf` ' . 'ON (`lf`.`user_id`=' . $pun_user['id'] . ' AND `lf`.`forum_id`=`f`.`id`) ' . 'WHERE (`fp`.`read_forum` IS NULL OR `fp`.`read_forum`=1) ' . 'AND `f`.`id`=' . $id) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) { wap_message($lang_common['Bad request']); } $cur_forum = $db->fetch_assoc($result); //+ REAL MARK TOPIC AS READ MOD if (!($pun_user['is_guest'] || $cur_forum['log_time'])) { $result = $db->query('INSERT INTO `' . $db->prefix . 'log_forums` ' . '(`user_id`, `forum_id`, `log_time`) ' . 'VALUES (' . $pun_user['id'] . ', ' . $cur_forum['forum_id'] . ', ' . $_SERVER['REQUEST_TIME'] . ')') or error('Unable to insert reading_mark info', __FILE__, __LINE__, $db->error()); } else { $result = $db->query('UPDATE `' . $db->prefix . 'log_forums` ' . 'SET `log_time`=' . $_SERVER['REQUEST_TIME'] . ' ' . 'WHERE `forum_id`=' . $cur_forum['forum_id'] . ' ' . 'AND `user_id`=' . $pun_user['id']) or error('Unable to update reading_mark info', __FILE__, __LINE__, $db->error()); } //- REAL MARK TOPIC AS READ MOD // Is this a redirect forum? In that case, redirect! if ($cur_forum['redirect_url']) { wap_redirect($cur_forum['redirect_url']); } // Sort out who the moderators are and if we are currently a moderator (or an admin) $mods_array = array(); if ($cur_forum['moderators']) { $mods_array = unserialize($cur_forum['moderators']); } $is_admmod = false; if ($pun_user['g_id'] == PUN_ADMIN || $pun_user['g_id'] == PUN_MOD && array_key_exists($pun_user['username'], $mods_array)) { $is_admmod = true; } //+ Pagination // Determine the topic offset (based on $_GET['p']) $num_pages = ceil($cur_forum['num_topics'] / $pun_user['disp_topics']); $p = isset($_GET['p']) && 1 < $_GET['p'] && $num_pages >= $_GET['p'] ? (int) $_GET['p'] : 1; $start_from = $pun_user['disp_topics'] * ($p - 1);
<?php define('PUN_ROOT', '../'); require_once PUN_ROOT . 'include/common.php'; if (!$pun_user['g_read_board']) { wap_message($lang_common['No view']); } $to = isset($_GET['to']) ? (int) $_GET['to'] : null; $id = isset($_GET['id']) ? (int) $_GET['id'] : null; if (null !== $to) { vote($to, (int) @$_GET['vote']); $pid = isset($_GET['pid']) ? (int) $_GET['pid'] : null; if (null === $pid) { $id = $to; } else { wap_redirect('viewtopic.php?pid=' . $pid . '#p' . $pid); exit; } } // Наличие необходимых данных для работы скрипта if (null === $id) { wap_message($lang_common['Bad request']); } $q = 'SELECT `group_id`, `username` ' . 'FROM `' . $db->prefix . 'users` ' . 'WHERE `id` = ' . $id; $q = $db->query($q) or error('Unable to fetch username', __FILE__, __LINE__, $db->error()); // Если пользователя с таким id нет, то чью карму то показывать? // Гостей не учитываем. if (!($user = $db->fetch_assoc($q)) || PUN_GUEST == $user['group_id']) { wap_message($lang_common['Bad request']); } $subQ = '(SELECT COUNT(1) ' . 'FROM `' . $db->prefix . 'karma` ' . 'WHERE `vote` = "-1" ' . 'AND `to` = ' . $id . ')';
\'' . $_SERVER['REQUEST_TIME'] . '\', \'1\' )') or error('Unable to send message', __FILE__, __LINE__, $db->error()); } } else { wap_message($lang_pms['No user']); } $topic_redirect = intval($_POST['topic_redirect']); $from_profile = intval(@$_POST['from_profile']); if ($from_profile) { wap_redirect('profile.php?id=' . $from_profile); } else { if ($topic_redirect) { wap_redirect('viewtopic.php?id=' . $topic_redirect); } else { wap_redirect('message_list.php'); } } } else { $id = isset($_GET['id']) ? intval($_GET['id']) : 0; if ($id > 0) { $result = $db->query('SELECT username FROM ' . $db->prefix . 'users WHERE id=' . $id) or error('Unable to fetch message info', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) { wap_message($lang_common['Bad request']); } list($username) = $db->fetch_row($result); } if (isset($_GET['reply']) || isset($_GET['quote'])) { $r = @intval(@$_GET['reply']); $q = @intval(@$_GET['quote']); // Get message info
// If action=new, we redirect to the first new post (if any) $result = $db->query('SELECT MIN(id) FROM ' . $db->prefix . 'posts WHERE topic_id=' . $id . ' AND posted>' . $pun_user['last_visit']) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); $first_new_post_id = $db->result($result); if ($first_new_post_id) { wap_redirect('viewtopic.php?pid=' . $first_new_post_id . '#p' . $first_new_post_id); } else { // If there is no new post, we go to the last post wap_redirect('viewtopic.php?id=' . $id . '&action=last'); } } else { if ($action == 'last') { // If action=last, we redirect to the last post $result = $db->query('SELECT MAX(id) FROM ' . $db->prefix . 'posts WHERE topic_id=' . $id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); $last_post_id = $db->result($result); if ($last_post_id) { wap_redirect('viewtopic.php?pid=' . $last_post_id . '#p' . $last_post_id); } } } } // Fetch some info about the topic if (!$pun_user['is_guest']) { $result = $db->query('SELECT t.subject,t.has_poll, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, fp.file_download, s.user_id AS is_subscribed, lt.log_time FROM ' . $db->prefix . 'topics AS t INNER JOIN ' . $db->prefix . 'forums AS f ON f.id=t.forum_id LEFT JOIN ' . $db->prefix . 'subscriptions AS s ON (t.id=s.topic_id AND s.user_id=' . $pun_user['id'] . ') LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=' . $pun_user['g_id'] . ') LEFT JOIN ' . $db->prefix . 'log_topics AS lt ON (lt.user_id=' . $pun_user['id'] . ' AND lt.topic_id=t.id) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=' . $id . ' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error()); } else { $result = $db->query('SELECT t.subject,t.has_poll, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, fp.file_download, 0 FROM ' . $db->prefix . 'topics AS t INNER JOIN ' . $db->prefix . 'forums AS f ON f.id=t.forum_id LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=' . $pun_user['g_id'] . ') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=' . $id . ' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error()); } if (!$db->num_rows($result)) { wap_message($lang_common['Bad request']); } $cur_topic = $db->fetch_assoc($result); // REAL MARK TOPIC AS READ MOD BEGIN
// Do we have permission to edit this post? if ((!$pun_user['g_delete_posts'] || !$pun_user['g_delete_topics'] && $is_topic_post || $cur_post['poster_id'] != $pun_user['id'] || $cur_post['closed'] == 1) && !$is_admmod) { wap_message($lang_common['No permission']); } if (isset($_POST['delete'])) { require_once PUN_ROOT . 'include/search_idx.php'; if ($is_topic_post) { // Delete the topic and all of it's posts delete_topic($cur_post['tid']); update_forum($cur_post['fid']); generate_rss(); wap_redirect('viewforum.php?id=' . $cur_post['fid']); } else { // Delete just this one post delete_post($id, $cur_post['tid']); update_forum($cur_post['fid']); wap_redirect('viewtopic.php?id=' . $cur_post['tid']); } } // Load the delete.php language file require_once PUN_ROOT . 'lang/' . $pun_user['language'] . '/delete.php'; require_once PUN_ROOT . 'wap/header.php'; require_once PUN_ROOT . 'include/parser.php'; //parser.php будет использоваться в шаблоне. $page_title = $pun_config['o_board_title'] . ' / ' . $lang_delete['Delete post']; $cur_post['message'] = parse_message($cur_post['message'], $cur_post['hide_smilies'], $id); $smarty->assign('page_title', $page_title); $smarty->assign('cur_post', $cur_post); $smarty->assign('id', $id); $smarty->assign('lang_delete', $lang_delete); $smarty->display('delete.tpl');
$stick = intval($_GET['stick']); if ($stick < 1) { wap_message($lang_common['Bad request']); } $db->query('UPDATE `' . $db->prefix . 'topics` SET sticky=1 WHERE id=' . $stick . ' AND forum_id=' . $fid) or error('Unable to stick topic', __FILE__, __LINE__, $db->error()); wap_redirect('viewtopic.php?id=' . $stick); } else { if (isset($_GET['unstick'])) { // Unstick a topic //confirm_referrer('viewtopic.php'); $unstick = intval($_GET['unstick']); if ($unstick < 1) { wap_message($lang_common['Bad request']); } $db->query('UPDATE ' . $db->prefix . 'topics SET sticky=0 WHERE id=' . $unstick . ' AND forum_id=' . $fid) or error('Unable to unstick topic', __FILE__, __LINE__, $db->error()); wap_redirect('viewtopic.php?id=' . $unstick); } } } } // No specific forum moderation action was specified in the query string, so we'll display the moderator forum // Load the viewforum.php language file require PUN_ROOT . 'lang/' . $pun_user['language'] . '/forum.php'; // Fetch some info about the forum $result = $db->query('SELECT f.forum_name, f.redirect_url, f.num_topics FROM ' . $db->prefix . 'forums AS f LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=' . $pun_user['g_id'] . ') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id=' . $fid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) { wap_message($lang_common['Bad request']); } $cur_forum = $db->fetch_assoc($result); // Is this a redirect forum? In that case, abort! if ($cur_forum['redirect_url']) {
$result = $db->query('SELECT group_id FROM ' . $db->prefix . 'users WHERE id=' . $id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); $group_id = $db->result($result); if ($group_id < PUN_GUEST) { $result = $db->query('SELECT id, moderators FROM ' . $db->prefix . 'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error()); while ($cur_forum = $db->fetch_assoc($result)) { $cur_moderators = $cur_forum['moderators'] ? unserialize($cur_forum['moderators']) : array(); if (in_array($id, $cur_moderators)) { unset($cur_moderators[$old_username]); $cur_moderators[$form['username']] = $id; ksort($cur_moderators); $db->query('UPDATE ' . $db->prefix . 'forums SET moderators=\'' . $db->escape(serialize($cur_moderators)) . '\' WHERE id=' . $cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); } } } } wap_redirect('profile.php?section=' . htmlspecialchars($_GET['section']) . '&id=' . $id); } } } } } } } } } // REAL MARK TOPIC AS READ MOD BEGIN $result = $db->query('SELECT u.username, u.email, u.title, u.realname, u.url, u.sex, u.birthday, u.jabber, u.icq, u.msn, u.aim, u.yahoo, u.location, u.use_avatar, u.signature, u.disp_topics, u.disp_posts, u.email_setting, u.save_pass, u.notify_with_post, u.show_smilies, u.show_img, u.show_img_sig, u.show_avatars, u.show_sig, u.timezone, u.language, u.style_wap, u.num_posts, u.num_files, u.file_bonus, u.last_post, u.registered, u.registration_ip, u.admin_note, g.g_id, g.g_user_title, u.mark_after, u.show_bbpanel_qpost FROM ' . $db->prefix . 'users AS u LEFT JOIN ' . $db->prefix . 'groups AS g ON g.g_id=u.group_id WHERE u.id=' . $id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); // REAL MARK TOPIC AS READ MOD END if (!$db->num_rows($result)) { wap_message($lang_common['Bad request']); }
<?php define('PUN_ROOT', '../'); require PUN_ROOT . 'include/functions.php'; wap_redirect($_GET['r']);
wap_message($lang_common['Bad request']); } $result = $db->query('SELECT 1 FROM ' . $db->prefix . 'subscriptions WHERE user_id=' . $pun_user['id'] . ' AND topic_id=' . $topic_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result)) { wap_message($lang_misc['Already subscribed']); } $db->query('INSERT INTO ' . $db->prefix . 'subscriptions (user_id, topic_id) VALUES(' . $pun_user['id'] . ' ,' . $topic_id . ')') or error('Unable to add subscription', __FILE__, __LINE__, $db->error()); wap_redirect('viewtopic.php?id=' . $topic_id); } else { if (isset($_GET['unsubscribe'])) { if ($pun_user['is_guest'] || $pun_config['o_subscriptions'] != 1) { wap_message($lang_common['No permission']); } $topic_id = intval($_GET['unsubscribe']); if ($topic_id < 1) { wap_message($lang_common['Bad request']); } $result = $db->query('SELECT 1 FROM ' . $db->prefix . 'subscriptions WHERE user_id=' . $pun_user['id'] . ' AND topic_id=' . $topic_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) { wap_message($lang_misc['Not subscribed']); } $db->query('DELETE FROM ' . $db->prefix . 'subscriptions WHERE user_id=' . $pun_user['id'] . ' AND topic_id=' . $topic_id) or error('Unable to remove subscription', __FILE__, __LINE__, $db->error()); wap_redirect('viewtopic.php?id=' . $topic_id); } else { wap_message($lang_common['Bad request']); } } } } } }
wap_redirect('message_list.php?box=' . intval($_POST['box'])); } else { $page_title = $pun_config['o_board_title'] . ' / ' . $lang_pms['Multidelete']; $idlist = is_array($_POST['delete_messages']) ? array_map('intval', $_POST['delete_messages']) : array(); $smarty->assign('page_title', $page_title); $smarty->assign('lang_pms', $lang_pms); $smarty->assign('idlist_str', implode(',', array_values($idlist))); //$smarty->assign('', $); $smarty->display('message_list.delete_messages.tpl'); exit; } } else { if (isset($_GET['action']) && $_GET['action'] == 'markall') { $db->query('UPDATE ' . $db->prefix . 'messages SET showed=1 WHERE owner=' . $pun_user['id']) or error('Unable to update message status', __FILE__, __LINE__, $db->error()); //$p = (!isset($_GET['p']) || $_GET['p'] <= 1) ? 1 : $_GET['p']; wap_redirect('message_list.php?box=' . $box . '&p=' . $p); } } $page_title = $pun_config['o_board_title'] . ' / ' . $lang_pms['Private Messages'] . ' - ' . $name; $smarty->assign('page_title', $page_title); if ($box < 2) { // Get message count $result = $db->query('SELECT COUNT(1) FROM ' . $db->prefix . 'messages WHERE status=' . $box . ' AND owner=' . $pun_user['id']) or error('Unable to count messages', __FILE__, __LINE__, $db->error()); list($num_messages) = $db->fetch_row($result); //What page are we on? $num_pages = ceil($num_messages / $pun_config['o_pms_mess_per_page']); $p = isset($_GET['p']) && 1 < $_GET['p'] && $num_pages >= $_GET['p'] ? (int) $_GET['p'] : 1; $start_from = $pun_config['o_pms_mess_per_page'] * ($p - 1); if (@$_GET['action'] != 'all') { $limit = 'LIMIT ' . $start_from . ',' . $pun_config['o_pms_mess_per_page']; }
require PUN_ROOT . 'lang/' . $pun_user['language'] . '/pms.php'; require PUN_ROOT . 'lang/' . $pun_user['language'] . '/delete.php'; // Fetch some info from the message we are deleting $result = $db->query('SELECT * FROM ' . $db->prefix . 'messages WHERE id=' . $id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) { wap_message($lang_common['Bad request']); } $cur_post = $db->fetch_assoc($result); // Check permissions if ($cur_post['owner'] != $pun_user['id']) { wap_message($lang_common['No permission']); } if (isset($_POST['delete'])) { //confirm_referrer('message_delete.php'); // Delete message $db->query('DELETE FROM ' . $db->prefix . 'messages WHERE id=' . $id) or error('Unable to fetch online list', __FILE__, __LINE__, $db->error()); // Redirect wap_redirect('message_list.php?box=' . intval($_POST['box']) . '&p=' . intval($_POST['p'])); } else { $page_title = $pun_config['o_board_title'] . ' / ' . $lang_pms['Delete message']; require_once PUN_ROOT . 'wap/header.php'; include_once PUN_ROOT . 'include/parser.php'; $cur_post['message'] = parse_message($cur_post['message'], !$cur_post['smileys'], $cur_post['id']); $smarty->assign('page_title', $page_title); $smarty->assign('lang_pms', $lang_pms); $smarty->assign('id', $id); $smarty->assign('cur_post', $cur_post); $smarty->assign('lang_delete', $lang_delete); //$smarty->assign('', $); $smarty->display('message_delete.tpl'); }
if (!$upl_conf['p_view']) { wap_message($lang_common['No permission']); } if (!$upl_conf['p_globalview']) { // check if user can access this file $result = $db->query('SELECT uid FROM ' . $db->prefix . 'uploaded WHERE file=\'' . $db->escape($file_name) . '\' AND uid = ' . $pun_user['id'] . ' LIMIT 1') or error('Error getting this file', __FILE__, __LINE__, $db->error()); if (!$db->fetch_assoc($result)) { wap_message($lang_common['No permission']); } } // update number of downloads $result = $db->query('UPDATE ' . $db->prefix . 'uploaded SET downs=downs+1 WHERE file=\'' . $db->escape($file_name) . '\' LIMIT 1') or error($lang_uploads['Err counter'], __FILE__, __LINE__, $db->error()); if (!is_file(PUN_ROOT . 'uploaded/' . $file_name)) { wap_message($lang_common['Bad request']); } else { wap_redirect(PUN_ROOT . 'uploaded/' . $file_name); } exit; } ////////////////////////////////////////////////////// $result = $db->query('SELECT id,type,exts FROM ' . $db->prefix . 'uploads_types') or error('Unable to get types', __FILE__, __LINE__, $db->error()); $exts = ''; $cats = $ids = array(); while ($ar = $db->fetch_assoc($result)) { $exts .= $ar['exts'] . ' '; $cats[] .= $ar['type']; $ids[] .= $ar['id']; } ///////////////////////////////// $exts = trim($exts); // now we have all file types in one string
$mail_tpl = trim(file_get_contents(PUN_ROOT . 'lang/' . $pun_user['language'] . '/mail_templates/welcome.tpl')); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_subject = str_replace('<board_title>', $pun_config['o_board_title'], $mail_subject); $mail_message = str_replace('<base_url>', $pun_config['o_base_url'] . '/', $mail_message); $mail_message = str_replace('<username>', $username, $mail_message); $mail_message = str_replace('<password>', $password1, $mail_message); $mail_message = str_replace('<login_url>', $pun_config['o_base_url'] . '/login.php', $mail_message); $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'] . ' ' . $lang_common['Mailer'], $mail_message); pun_mail($email1, $mail_subject, $mail_message); wap_message($lang_register['Reg e-mail'] . ' <a href="mailto:' . $pun_config['o_admin_email'] . '">' . $pun_config['o_admin_email'] . '</a>.', true); } pun_setcookie($new_uid, $password_hash, $save_pass ? $now + 31536000 : 0); wap_redirect('index.php'); } } } $languages = array(); $d = dir(PUN_ROOT . 'lang'); while (($entry = $d->read()) !== false) { if ($entry[0] != '.' && is_dir(PUN_ROOT . 'lang/' . $entry) && file_exists(PUN_ROOT . 'lang/' . $entry . '/common.php')) { $languages[] = $entry; } } $d->close(); $page_title = $pun_config['o_board_title'] . ' / ' . $lang_register['Register']; $smarty->assign('page_title', $page_title); $smarty->assign('lang_register', $lang_register); $smarty->assign('lang_profile', $lang_profile);
// Final search results $search_results = implode(',', $search_ids); // Fill an array with our results and search properties $temp['search_results'] = $search_results; $temp['num_hits'] = $num_hits; $temp['sort_by'] = $sort_by; $temp['sort_dir'] = $sort_dir; $temp['show_as'] = $show_as; $temp = serialize($temp); $search_id = mt_rand(1, mt_getrandmax()); $ident = $pun_user['is_guest'] ? get_remote_address() : $pun_user['username']; $db->query('INSERT INTO ' . $db->prefix . 'search_cache (id, ident, search_data) VALUES(' . $search_id . ', \'' . $db->escape($ident) . '\', \'' . $db->escape($temp) . '\')') or error('Unable to insert search results', __FILE__, __LINE__, $db->error()); if ($_GET['action'] != 'show_new' && $_GET['action'] != 'show_24h') { $db->close(); // Redirect the user to the cached result page wap_redirect('search.php?search_id=' . $search_id); } } // Fetch results to display if ($search_results) { switch ($sort_by) { case 1: $sort_by_sql = $show_as == 'topics' ? 't.poster' : 'p.poster'; break; case 2: $sort_by_sql = 't.subject'; break; case 3: $sort_by_sql = 't.forum_id'; break; case 4: