$color = $_POST["color"];
if ($color == 0 || get_hl_color($color)) {
sql_query("UPDATE topics SET hlcolor=" . sqlesc($color) . " WHERE id=" . sqlesc($topicid)) or sqlerr(__FILE__, __LINE__);
}
$forumid = get_single_value("topics", "forumid", "WHERE id=" . sqlesc($topicid));
$forum_last_replied_topic_row = $Cache->get_value('forum_' . $forumid . '_last_replied_topic_content');
if ($forum_last_replied_topic_row && $forum_last_replied_topic_row['id'] == $topicid) {
$Cache->delete_value('forum_' . $forumid . '_last_replied_topic_content');
}
header("Location: {$_POST['returnto']}");
die;
}
//-------- Action: Set sticky on/off
if ($action == "setsticky") {
$topicid = 0 + $_POST["topicid"];
$ismod = is_forum_moderator($topicid, 'topic');
if (!topicid || get_user_class() < $postmanage_class && !$ismod) {
permissiondenied();
}
$sticky = sqlesc($_POST["sticky"]);
sql_query("UPDATE topics SET sticky={$sticky} WHERE id={$topicid}") or sqlerr(__FILE__, __LINE__);
header("Location: {$_POST['returnto']}");
die;
}
//-------- Action: View forum
if ($action == "viewforum") {
$forumid = 0 + $_GET["forumid"];
int_check($forumid, true);
$userid = 0 + $CURUSER["id"];
//------ Get forum name, moderators
$row = get_forum_row($forumid);
function insert_compose_frame($id, $type = 'new')
{
global $maxsubjectlength, $CURUSER;
global $lang_forums;
$hassubject = false;
$hasmodechoose = false;
$subject = "";
$body = "";
print "<form id=\"compose\" method=\"post\" name=\"compose\" action=\"?action=post\">\n";
switch ($type) {
case 'new':
$forumname = get_single_value("forums", "name", "WHERE id=" . sqlesc($id));
$forummode = get_single_value("forums", "casinomode", "WHERE id=" . sqlesc($id));
$forummodeclass = get_single_value("forums", "casinoclass", "WHERE id=" . sqlesc($id));
$title = $lang_forums['text_new_topic_in'] . " <a href=\"" . htmlspecialchars("?action=viewforum&forumid=" . $id) . "\">" . htmlspecialchars($forumname) . "</a> " . $lang_forums['text_forum'];
$hassubject = true;
if ($forummode && (get_user_class() >= $forummodeclass || is_forum_moderator($id, 'forum'))) {
$hasmodechoose = true;
}
break;
case 'reply':
$topicname = get_single_value("topics", "subject", "WHERE id=" . sqlesc($id));
$title = $lang_forums['text_reply_to_topic'] . " <a href=\"" . htmlspecialchars("?action=viewtopic&topicid=" . $id) . "\">" . htmlspecialchars($topicname) . "</a> ";
break;
case 'quote':
$topicid = get_single_value("posts", "topicid", "WHERE id=" . sqlesc($id));
$topicmode = get_single_value("topics", "casinomode", "WHERE id=" . sqlesc($topicid)) == "yes";
$topicname = get_single_value("topics", "subject", "WHERE id=" . sqlesc($topicid));
$title = $lang_forums['text_reply_to_topic'] . " <a href=\"" . htmlspecialchars("?action=viewtopic&topicid=" . $topicid) . "\">" . htmlspecialchars($topicname) . "</a> ";
$res = sql_query("SELECT posts.body, users.username FROM posts LEFT JOIN users ON posts.userid = users.id WHERE posts.id={$id}") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) != 1) {
stderr($lang_forums['std_error'], $lang_forums['std_no_post_id']);
}
$arr = mysql_fetch_assoc($res);
if (!$topicmode) {
$body = "[quote=" . htmlspecialchars($arr["username"]) . "]" . htmlspecialchars(unesc($arr["body"])) . "[/quote]";
} else {
$body = "[quote=" . htmlspecialchars($arr["username"]) . "]" . "[/quote]";
}
$id = $topicid;
$type = 'reply';
break;
case 'edit':
$res = sql_query("SELECT topicid, body FROM posts WHERE id=" . sqlesc($id) . " LIMIT 1") or sqlerr(__FILE__, __LINE__);
$row = mysql_fetch_array($res);
$topicid = $row['topicid'];
$firstpost = get_single_value("posts", "MIN(id)", "WHERE topicid=" . sqlesc($topicid));
if ($firstpost == $id) {
$subject = get_single_value("topics", "subject", "WHERE id=" . sqlesc($topicid));
$hassubject = true;
$forumid = get_single_value("topics", "forumid", "WHERE id=" . sqlesc($topicid));
$forummode = get_single_value("forums", "casinomode", "WHERE id=" . sqlesc($forumid));
$forummodeclass = get_single_value("forums", "casinoclass", "WHERE id=" . sqlesc($forumid));
if ($forummode && (get_user_class() >= $forummodeclass || is_forum_moderator($forumid, 'forum'))) {
$hasmodechoose = true;
}
}
$body = htmlspecialchars(unesc($row["body"]));
$title = $lang_forums['text_edit_post'];
break;
default:
die;
}
print "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\" />";
print "<input type=\"hidden\" name=\"type\" value=\"" . $type . "\" />";
begin_compose($title, $type, $body, $hassubject, $subject, 100, $hasmodechoose);
end_compose();
print "</form>";
}
function is_forum_moderator($id, $in = 'post')
{
global $CURUSER;
switch ($in) {
case 'post':
$res = sql_query("SELECT topicid FROM posts WHERE id={$id}") or sqlerr(__FILE__, __LINE__);
if ($arr = mysql_fetch_array($res)) {
if (is_forum_moderator($arr['topicid'], 'topic')) {
return true;
}
}
return false;
break;
case 'topic':
$modcount = sql_query("SELECT COUNT(forummods.userid) FROM forummods LEFT JOIN topics ON forummods.forumid = topics.forumid WHERE topics.id={$id} AND forummods.userid=" . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_array($modcount);
if ($arr[0]) {
return true;
} else {
return false;
}
break;
case 'forum':
$modcount = get_row_count("forummods", "WHERE forumid={$id} AND userid=" . sqlesc($CURUSER['id']));
if ($modcount) {
return true;
} else {
return false;
}
break;
default:
return false;
}
}
