function insert_compose_frame($id, $type = 'new') { global $maxsubjectlength, $CURUSER; global $lang_forums; $hassubject = false; $hasmodechoose = false; $subject = ""; $body = ""; print "<form id=\"compose\" method=\"post\" name=\"compose\" action=\"?action=post\">\n"; switch ($type) { case 'new': $forumname = get_single_value("forums", "name", "WHERE id=" . sqlesc($id)); $forummode = get_single_value("forums", "casinomode", "WHERE id=" . sqlesc($id)); $forummodeclass = get_single_value("forums", "casinoclass", "WHERE id=" . sqlesc($id)); $title = $lang_forums['text_new_topic_in'] . " <a href=\"" . htmlspecialchars("?action=viewforum&forumid=" . $id) . "\">" . htmlspecialchars($forumname) . "</a> " . $lang_forums['text_forum']; $hassubject = true; if ($forummode && (get_user_class() >= $forummodeclass || is_forum_moderator($id, 'forum'))) { $hasmodechoose = true; } break; case 'reply': $topicname = get_single_value("topics", "subject", "WHERE id=" . sqlesc($id)); $title = $lang_forums['text_reply_to_topic'] . " <a href=\"" . htmlspecialchars("?action=viewtopic&topicid=" . $id) . "\">" . htmlspecialchars($topicname) . "</a> "; break; case 'quote': $topicid = get_single_value("posts", "topicid", "WHERE id=" . sqlesc($id)); $topicmode = get_single_value("topics", "casinomode", "WHERE id=" . sqlesc($topicid)) == "yes"; $topicname = get_single_value("topics", "subject", "WHERE id=" . sqlesc($topicid)); $title = $lang_forums['text_reply_to_topic'] . " <a href=\"" . htmlspecialchars("?action=viewtopic&topicid=" . $topicid) . "\">" . htmlspecialchars($topicname) . "</a> "; $res = sql_query("SELECT posts.body, users.username FROM posts LEFT JOIN users ON posts.userid = users.id WHERE posts.id={$id}") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) != 1) { stderr($lang_forums['std_error'], $lang_forums['std_no_post_id']); } $arr = mysql_fetch_assoc($res); if (!$topicmode) { $body = "[quote=" . htmlspecialchars($arr["username"]) . "]" . htmlspecialchars(unesc($arr["body"])) . "[/quote]"; } else { $body = "[quote=" . htmlspecialchars($arr["username"]) . "]" . "[/quote]"; } $id = $topicid; $type = 'reply'; break; case 'edit': $res = sql_query("SELECT topicid, body FROM posts WHERE id=" . sqlesc($id) . " LIMIT 1") or sqlerr(__FILE__, __LINE__); $row = mysql_fetch_array($res); $topicid = $row['topicid']; $firstpost = get_single_value("posts", "MIN(id)", "WHERE topicid=" . sqlesc($topicid)); if ($firstpost == $id) { $subject = get_single_value("topics", "subject", "WHERE id=" . sqlesc($topicid)); $hassubject = true; $forumid = get_single_value("topics", "forumid", "WHERE id=" . sqlesc($topicid)); $forummode = get_single_value("forums", "casinomode", "WHERE id=" . sqlesc($forumid)); $forummodeclass = get_single_value("forums", "casinoclass", "WHERE id=" . sqlesc($forumid)); if ($forummode && (get_user_class() >= $forummodeclass || is_forum_moderator($forumid, 'forum'))) { $hasmodechoose = true; } } $body = htmlspecialchars(unesc($row["body"])); $title = $lang_forums['text_edit_post']; break; default: die; } print "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\" />"; print "<input type=\"hidden\" name=\"type\" value=\"" . $type . "\" />"; begin_compose($title, $type, $body, $hassubject, $subject, 100, $hasmodechoose); end_compose(); print "</form>"; }
$body .= $msga[msg] . "\n\n-------- [url=userdetails.php?id=" . $CURUSER["id"] . "]" . $CURUSER["username"] . "[/url][i] Wrote at " . date("Y-m-d H:i:s") . ":[/i] --------\n"; $subject = $msga['subject']; if (preg_match('/^Re:\\s/', $subject)) { $subject = preg_replace('/^Re:\\s(.*)$/', 'Re(2): \\1', $subject); } elseif (preg_match('/^Re\\([0-9]*\\):\\s/', $msga['subject'])) { $replycount = (int) preg_replace('/^Re\\(([0-9]*)\\):\\s/', '\\1', $subject); $replycount++; $subject = preg_replace('/^Re\\(([0-9]*)\\):\\s(.*)$/', 'Re(' . $replycount . '): \\2', $subject); } else { $subject = "Re: " . $msga['subject']; } $subject = htmlspecialchars($subject); } stdhead($lang_sendmessage['head_send_message'], false); begin_main_frame(); print "<form id=compose name=\"compose\" method=post action=takemessage.php>"; print "<input type=hidden name=receiver value=" . $receiver . ">"; if ($_GET["returnto"] || $_SERVER["HTTP_REFERER"]) { print "<input type=hidden name=returnto value=\"" . (htmlspecialchars($_GET["returnto"]) ? htmlspecialchars($_GET["returnto"]) : htmlspecialchars($_SERVER["HTTP_REFERER"])) . "\">"; } $title = $lang_sendmessage['text_message_to'] . get_username($receiver); begin_compose($title, $replyto ? "reply" : "new", $body, true, $subject); print "<tr><td class=toolbox colspan=2 align=center>"; if ($replyto) { print "<input type=checkbox name='delete' value='yes' " . ($CURUSER['deletepms'] == 'yes' ? " checked" : "") . ">" . $lang_sendmessage['checkbox_delete_message_replying_to'] . "<input type=hidden name=origmsg value=" . $replyto . ">"; } print "<input type=checkbox name='save' value='yes' " . ($CURUSER['savepms'] == 'yes' ? " checked" : "") . ">" . $lang_sendmessage['checkbox_save_message_to_sendbox']; print "</td></tr>"; end_compose(); end_main_frame(); stdfoot();
$title = htmlspecialchars($_POST['subject']); if ($title == "") { stderr($lang_fun['std_error'], $lang_fun['std_title_is_empty']); } $body = sqlesc($body); $title = sqlesc($title); sql_query("UPDATE fun SET body={$body}, title={$title} WHERE id=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__); $Cache->delete_value('current_fun_content'); $Cache->delete_value('current_fun', true); header("Location: " . get_protocol_prefix() . "{$BASEURL}/index.php"); } else { stdhead($lang_fun['head_edit_fun']); begin_main_frame(); $title = $lang_fun['text_edit_fun']; print "<form id=compose method=post name=\"compose\" action=?action=edit&id=" . $id . ">\n"; begin_compose($title, 'edit', $arr['body'], true, $arr['title']); end_compose(); end_main_frame(); } stdfoot(); } if ($action == 'ban') { if (get_user_class() < $funmanage_class) { permissiondenied(); } $id = 0 + $_GET["id"]; int_check($id, true); $res = sql_query("SELECT * FROM fun WHERE id={$id}") or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_array($res); if (!$arr) { stderr($lang_fun['std_error'], $lang_fun['std_invalid_id']);
$url = "details.php?id={$parent_id}"; } else { if ($type == "offer") { $url = "offers.php?id={$parent_id}&off_details=1"; } else { if ($type == "request") { $url = "viewrequest.php?id={$parent_id}&req_details=1"; } } } stdhead($lang_comment['head_edit_comment_to'] . "\"" . $arr["name"] . "\""); begin_main_frame(); $title = $lang_comment['head_edit_comment_to'] . "<a href={$url}>" . htmlspecialchars($arr["name"]) . "</a>"; print "<form id=compose method=post name=\"compose\" action=\"comment.php?action=edit&cid={$commentid}&type={$type}\">\n"; print "<input type=\"hidden\" name=\"returnto\" value=\"" . htmlspecialchars($_SERVER["HTTP_REFERER"]) . "\" />\n"; begin_compose($title, "edit", htmlspecialchars(unesc($arr["text"])), false); end_compose(); print "</form>"; end_main_frame(); stdfoot(); die; } elseif ($action == "delete") { if (get_user_class() < $commanage_class) { stderr($lang_comment['std_error'], $lang_comment['std_permission_denied']); } $commentid = 0 + $_GET["cid"]; $sure = $_GET["sure"]; int_check($commentid, true); if (!$sure) { $referer = $_SERVER["HTTP_REFERER"]; stderr($lang_comment['std_delete_comment'], $lang_comment['std_delete_comment_note'] . "<a href=comment.php?action=delete&cid={$commentid}&sure=1&type={$type}" . ($referer ? "&returnto=" . rawurlencode($referer) : "") . $lang_comment['std_here_if_sure'], false);
sql_query("UPDATE news SET body={$body}, title={$title}, notify={$notify} WHERE id=" . sqlesc($newsid)) or sqlerr(__FILE__, __LINE__); $Cache->delete_value('recent_news', true); header("Location: " . get_protocol_prefix() . "{$BASEURL}/index.php"); } else { stdhead($lang_news['head_edit_site_news']); begin_main_frame(); $body = $arr["body"]; $subject = htmlspecialchars($arr['title']); $title = $lang_news['text_edit_site_news']; print "<form id=\"compose\" name=\"compose\" method=\"post\" action=\"" . htmlspecialchars("?action=edit&newsid=" . $newsid) . "\">"; print "<input type=\"hidden\" name=\"returnto\" value=\"" . $returnto . "\" />"; begin_compose($title, "edit", $body, true, $subject); print "<tr><td class=\"toolbox\" align=\"center\" colspan=\"2\"><input type=\"checkbox\" name=\"notify\" value=\"yes\" " . ($arr['notify'] == 'yes' ? " checked=\"checked\"" : "") . " />" . $lang_news['text_notify_users_of_this'] . "</td></tr>\n"; end_compose(); end_main_frame(); stdfoot(); die; } } // Other Actions and followup //////////////////////////////////////////// stdhead($lang_news['head_site_news']); begin_main_frame(); $title = $lang_news['text_submit_news_item']; print "<form id=\"compose\" method=\"post\" name=\"compose\" action=\"?action=add\">\n"; begin_compose($title, 'new'); print "<tr><td class=\"toolbox\" align=\"center\" colspan=\"2\"><input type=\"checkbox\" name=\"notify\" value=\"yes\" />" . $lang_news['text_notify_users_of_this'] . "</td></tr>\n"; end_compose(); print "</form>"; end_main_frame(); stdfoot(); die;
?> "> <?php } ?> <input type=hidden name=receiver value=<?php echo $receiver; ?> > <input type=hidden name=answeringto value=<?php echo $answeringto; ?> > <?php $title = $lang_staffbox['text_answering_to'] . "<a href=\"staffbox.php?action=viewpm&pmid=" . $staffmsg['id'] . "\">" . htmlspecialchars($staffmsg['subject']) . "</a>" . $lang_staffbox['text_sent_by'] . get_username($staffmsg['sender']); begin_compose($title, "reply", "", false); end_compose(); print "</form>"; end_main_frame(); stdfoot(); } ////////////////////////// // TAKE ANSWER // ////////////////////////// if ($action == "takeanswer") { if ($_SERVER["REQUEST_METHOD"] != "POST") { die; } if (get_user_class() < $staffmem_class) { permissiondenied(); }
function insert_compose_frame($id, $type = 'new') { global $maxsubjectlength, $CURUSER; global $lang_forums; $hassubject = false; $subject = ""; $body = ""; print("<form id=\"compose\" method=\"post\" name=\"compose\" action=\"?action=post\">\n"); switch ($type){ case 'new': { $forumname = get_single_value("forums","name","WHERE id=".sqlesc($id)); $title = $lang_forums['text_new_topic_in']." <a href=\"".htmlspecialchars("?action=viewforum&forumid=".$id)."\">".htmlspecialchars($forumname)."</a> ".$lang_forums['text_forum']; $hassubject = true; if($id == 5)$subject = "【悬赏***麦粒】【求*****】"; break; } case 'reply': { $topicname = get_single_value("topics","subject","WHERE id=".sqlesc($id)); $title = $lang_forums['text_reply_to_topic']." <a href=\"".htmlspecialchars("?action=viewtopic&topicid=".$id)."\">".htmlspecialchars($topicname)."</a> "; break; } case 'quote': { $topicid=get_single_value("posts","topicid","WHERE id=".sqlesc($id)); $topicname = get_single_value("topics","subject","WHERE id=".sqlesc($topicid)); $title = $lang_forums['text_reply_to_topic']." <a href=\"".htmlspecialchars("?action=viewtopic&topicid=".$topicid)."\">".htmlspecialchars($topicname)."</a> "; $res = sql_query("SELECT posts.body, users.username FROM posts LEFT JOIN users ON posts.userid = users.id WHERE posts.id=$id") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) != 1) stderr($lang_forums['std_error'], $lang_forums['std_no_post_id']); $arr = mysql_fetch_assoc($res); $arr["body"] = preg_replace('/\[(@)([^\]]*?)\]/','[b]@$2[/b]',$arr["body"]); $body = "[quote=".htmlspecialchars($arr["username"])."]".htmlspecialchars(unesc($arr["body"]))."[/quote]"; $id = $topicid; $type = 'quote'; break; } case 'edit': { $res = sql_query("SELECT topicid, body FROM posts WHERE id=".sqlesc($id)." LIMIT 1") or sqlerr(__FILE__, __LINE__); $row = mysql_fetch_array($res); $topicid=$row['topicid']; $firstpost = get_single_value("posts","MIN(id)", "WHERE topicid=".sqlesc($topicid)); if ($firstpost == $id){ $subject = get_single_value("topics","subject","WHERE id=".sqlesc($topicid)); $onlyauthor = get_single_value("topics","onlyauthor","WHERE id=".sqlesc($topicid)); $hassubject = true; } $body = htmlspecialchars(unesc($row["body"])); $title = $lang_forums['text_edit_post']; break; } default: { die; } } print("<input type=\"hidden\" name=\"id\" value=\"".$id."\" />"); print("<input type=\"hidden\" name=\"type\" value=\"".$type."\" />"); begin_compose($title, $type, $body, $hassubject, $subject,$maxsubjectlength, $onlyauthor); end_compose(); print("</form>"); }
<?php require "include/bittorrent.php"; dbconn(); require_once get_langfile_path(); loggedinorreturn(); stdhead($lang_contactstaff['head_contact_staff'], false); begin_main_frame(); print "<form id=compose method=post name=\"compose\" action=takecontact.php>"; if ($_GET["returnto"] || $_SERVER["HTTP_REFERER"]) { print "<input type=hidden name=returnto value=\"" . (htmlspecialchars($_GET["returnto"]) ? htmlspecialchars($_GET["returnto"]) : htmlspecialchars($_SERVER["HTTP_REFERER"])) . "\">"; } begin_compose($lang_contactstaff['text_message_to_staff'], "new"); end_compose(); print "</form>"; end_main_frame(); stdfoot();