if ($title == "") { stderr($lang_fun['std_error'], $lang_fun['std_title_is_empty']); } $body = sqlesc($body); $title = sqlesc($title); sql_query("UPDATE fun SET body={$body}, title={$title} WHERE id=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__); $Cache->delete_value('current_fun_content'); $Cache->delete_value('current_fun', true); header("Location: " . get_protocol_prefix() . "{$BASEURL}/index.php"); } else { stdhead($lang_fun['head_edit_fun']); begin_main_frame(); $title = $lang_fun['text_edit_fun']; print "<form id=compose method=post name=\"compose\" action=?action=edit&id=" . $id . ">\n"; begin_compose($title, 'edit', $arr['body'], true, $arr['title']); end_compose(); end_main_frame(); } stdfoot(); } if ($action == 'ban') { if (get_user_class() < $funmanage_class) { permissiondenied(); } $id = 0 + $_GET["id"]; int_check($id, true); $res = sql_query("SELECT * FROM fun WHERE id={$id}") or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_array($res); if (!$arr) { stderr($lang_fun['std_error'], $lang_fun['std_invalid_id']); }
function insert_compose_frame($id, $type = 'new') { global $maxsubjectlength, $CURUSER; global $lang_forums; $hassubject = false; $hasmodechoose = false; $subject = ""; $body = ""; print "<form id=\"compose\" method=\"post\" name=\"compose\" action=\"?action=post\">\n"; switch ($type) { case 'new': $forumname = get_single_value("forums", "name", "WHERE id=" . sqlesc($id)); $forummode = get_single_value("forums", "casinomode", "WHERE id=" . sqlesc($id)); $forummodeclass = get_single_value("forums", "casinoclass", "WHERE id=" . sqlesc($id)); $title = $lang_forums['text_new_topic_in'] . " <a href=\"" . htmlspecialchars("?action=viewforum&forumid=" . $id) . "\">" . htmlspecialchars($forumname) . "</a> " . $lang_forums['text_forum']; $hassubject = true; if ($forummode && (get_user_class() >= $forummodeclass || is_forum_moderator($id, 'forum'))) { $hasmodechoose = true; } break; case 'reply': $topicname = get_single_value("topics", "subject", "WHERE id=" . sqlesc($id)); $title = $lang_forums['text_reply_to_topic'] . " <a href=\"" . htmlspecialchars("?action=viewtopic&topicid=" . $id) . "\">" . htmlspecialchars($topicname) . "</a> "; break; case 'quote': $topicid = get_single_value("posts", "topicid", "WHERE id=" . sqlesc($id)); $topicmode = get_single_value("topics", "casinomode", "WHERE id=" . sqlesc($topicid)) == "yes"; $topicname = get_single_value("topics", "subject", "WHERE id=" . sqlesc($topicid)); $title = $lang_forums['text_reply_to_topic'] . " <a href=\"" . htmlspecialchars("?action=viewtopic&topicid=" . $topicid) . "\">" . htmlspecialchars($topicname) . "</a> "; $res = sql_query("SELECT posts.body, users.username FROM posts LEFT JOIN users ON posts.userid = users.id WHERE posts.id={$id}") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) != 1) { stderr($lang_forums['std_error'], $lang_forums['std_no_post_id']); } $arr = mysql_fetch_assoc($res); if (!$topicmode) { $body = "[quote=" . htmlspecialchars($arr["username"]) . "]" . htmlspecialchars(unesc($arr["body"])) . "[/quote]"; } else { $body = "[quote=" . htmlspecialchars($arr["username"]) . "]" . "[/quote]"; } $id = $topicid; $type = 'reply'; break; case 'edit': $res = sql_query("SELECT topicid, body FROM posts WHERE id=" . sqlesc($id) . " LIMIT 1") or sqlerr(__FILE__, __LINE__); $row = mysql_fetch_array($res); $topicid = $row['topicid']; $firstpost = get_single_value("posts", "MIN(id)", "WHERE topicid=" . sqlesc($topicid)); if ($firstpost == $id) { $subject = get_single_value("topics", "subject", "WHERE id=" . sqlesc($topicid)); $hassubject = true; $forumid = get_single_value("topics", "forumid", "WHERE id=" . sqlesc($topicid)); $forummode = get_single_value("forums", "casinomode", "WHERE id=" . sqlesc($forumid)); $forummodeclass = get_single_value("forums", "casinoclass", "WHERE id=" . sqlesc($forumid)); if ($forummode && (get_user_class() >= $forummodeclass || is_forum_moderator($forumid, 'forum'))) { $hasmodechoose = true; } } $body = htmlspecialchars(unesc($row["body"])); $title = $lang_forums['text_edit_post']; break; default: die; } print "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\" />"; print "<input type=\"hidden\" name=\"type\" value=\"" . $type . "\" />"; begin_compose($title, $type, $body, $hassubject, $subject, 100, $hasmodechoose); end_compose(); print "</form>"; }
function insert_compose_frame($id, $type = 'new') { global $maxsubjectlength, $CURUSER; global $lang_forums; $hassubject = false; $subject = ""; $body = ""; print("<form id=\"compose\" method=\"post\" name=\"compose\" action=\"?action=post\">\n"); switch ($type){ case 'new': { $forumname = get_single_value("forums","name","WHERE id=".sqlesc($id)); $title = $lang_forums['text_new_topic_in']." <a href=\"".htmlspecialchars("?action=viewforum&forumid=".$id)."\">".htmlspecialchars($forumname)."</a> ".$lang_forums['text_forum']; $hassubject = true; if($id == 5)$subject = "【悬赏***麦粒】【求*****】"; break; } case 'reply': { $topicname = get_single_value("topics","subject","WHERE id=".sqlesc($id)); $title = $lang_forums['text_reply_to_topic']." <a href=\"".htmlspecialchars("?action=viewtopic&topicid=".$id)."\">".htmlspecialchars($topicname)."</a> "; break; } case 'quote': { $topicid=get_single_value("posts","topicid","WHERE id=".sqlesc($id)); $topicname = get_single_value("topics","subject","WHERE id=".sqlesc($topicid)); $title = $lang_forums['text_reply_to_topic']." <a href=\"".htmlspecialchars("?action=viewtopic&topicid=".$topicid)."\">".htmlspecialchars($topicname)."</a> "; $res = sql_query("SELECT posts.body, users.username FROM posts LEFT JOIN users ON posts.userid = users.id WHERE posts.id=$id") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) != 1) stderr($lang_forums['std_error'], $lang_forums['std_no_post_id']); $arr = mysql_fetch_assoc($res); $arr["body"] = preg_replace('/\[(@)([^\]]*?)\]/','[b]@$2[/b]',$arr["body"]); $body = "[quote=".htmlspecialchars($arr["username"])."]".htmlspecialchars(unesc($arr["body"]))."[/quote]"; $id = $topicid; $type = 'quote'; break; } case 'edit': { $res = sql_query("SELECT topicid, body FROM posts WHERE id=".sqlesc($id)." LIMIT 1") or sqlerr(__FILE__, __LINE__); $row = mysql_fetch_array($res); $topicid=$row['topicid']; $firstpost = get_single_value("posts","MIN(id)", "WHERE topicid=".sqlesc($topicid)); if ($firstpost == $id){ $subject = get_single_value("topics","subject","WHERE id=".sqlesc($topicid)); $onlyauthor = get_single_value("topics","onlyauthor","WHERE id=".sqlesc($topicid)); $hassubject = true; } $body = htmlspecialchars(unesc($row["body"])); $title = $lang_forums['text_edit_post']; break; } default: { die; } } print("<input type=\"hidden\" name=\"id\" value=\"".$id."\" />"); print("<input type=\"hidden\" name=\"type\" value=\"".$type."\" />"); begin_compose($title, $type, $body, $hassubject, $subject,$maxsubjectlength, $onlyauthor); end_compose(); print("</form>"); }