$post_user = $row_user['realname']; if (strlen($post_user) > 9) { //whack in a line break $post_user_split = chunk_split($post_user); $post_user = $post_user_split[0] . $post_user_split[1] . $post_user_split[2] . $post_user_split[3] . $post_user_split[4] . $post_user_split[5] . $post_user_split[6] . $post_user_split[7] . $post_user_split[8] . $post_user_split[9] . $post_user_split[10] . $post_user_split[11] . "<br />" . $post_user_split[12] . $post_user_split[13] . $post_user_split[14] . $post_user_split[15]; } $post_rankno = $row_user['forum_accesslevel']; $post_posts = $row_user['forum_posts']; $post_rank = moderatorlevels($row_user['forum_accesslevel'], $post_posts); $post_colour = moderatorcolours($row_user['forum_accesslevel'], $post_posts); $post_bg = backgroundcolours($post_rankno, $post_posts); if (!empty($row_user['location'])) { $post_location = "Location: " . $row_user['location']; } if ($post_usesig == "on" && !empty($row_user['forum_sig'])) { $post_sig = "</td></tr><tr><td width='680' height='10' class='bottomall' style='background-color:{$post_bg};'>---<br />" . craptohtml($row_user['forum_sig']); $post_sigline = ""; } else { $post_sig = "</td></tr><tr><td class='bottomall' style='background-color:{$post_bg};'> "; $post_sigline = ""; } if (empty($row_user[forum_avatar])) { $avatar = "<img src='http://s3.shastrix.co.uk/forum/avatars/0.png' height='90' width='90' border='0' alt='Avatar' />"; } else { switch ($row_user['forum_avatartype']) { case 1: $ext = ".gif"; break; case 2: $ext = ".jpg"; break;
<?php //get the pm id $pm_id = $mysqli->real_escape_string($_GET['id']); if (!is_numeric($pm_id)) { header("Location:index.php"); exit; } //load the pm $sql_pm = "SELECT pm_to, pm_from, pm_subject, pm_content, pm_timestamp, pm_read FROM forum_pms WHERE pm_id = '{$pm_id}' LIMIT 1"; $request_pm = $mysqli->query($sql_pm) or die($mysqli->error); $row_pm = $request_pm->fetch_assoc(); $pm_to = $row_pm['pm_to']; $pm_from = $mysqli->real_escape_string($row_pm['pm_from']); $pm_subject = $row_pm['pm_subject']; $pm_content = craptohtml($row_pm['pm_content']); $pm_timestamp = date("jS F Y H:i:s", strtotime($row_pm['pm_timestamp'])); //check they are the user in the to field if ($pm_to != $_SESSION['shastrixid']) { header("Location:?"); exit; } //if unread set as read if ($row_pm[pm_read] == "0") { $sql_read = "UPDATE forum_pms SET pm_read = '1' WHERE pm_id = '{$pm_id}'"; $update_read = $mysqli->query($sql_read) or die($mysqli->error); } //load from details $sql_user = "******"; $request_user = $mysqli->query($sql_user) or die($mysqli->error); $row_user = $request_user->fetch_assoc();
$sql_pv = "SELECT entry_timestamp FROM blogs_entries WHERE entry_blog = '{$blog_number}' AND entry_timestamp < '{$mintime}' ORDER BY entry_timestamp DESC LIMIT 1"; $req_pv = $mysqli->query($sql_pv) or die($mysqli->error); $row_pv = $req_pv->fetch_assoc(); $pv_ts = $row_pv['entry_timestamp']; $pv_y = date('Y', $pv_ts); $pv_m = date('m', $pv_ts); $pv_d = date('d', $pv_ts); if (!empty($pv_ts)) { $print_pv = "<a href='index.php?blog={$blog_name}&show=entry&y={$pv_y}&m={$pv_m}&d={$pv_d}'>Previous</a>"; } //echo $sql_e; $request_e = $mysqli->query($sql_e) or die($mysqli->error); while ($row_e = $request_e->fetch_assoc()) { $e_title = $row_e['entry_title']; $e_timestamp = $row_e['entry_timestamp']; $e_text = craptohtml($row_e['entry_text']); $e_datetime = date("jS F Y, H:i", $e_timestamp); $e_blog = $mysqli->real_escape_string($row_e['entry_blog']); $e_id = $mysqli->real_escape_string($row_e['entry_id']); if (empty($blog_name)) { $sql_b = "SELECT realname, blog_colour1, blog_colour2 FROM users WHERE number = '{$e_blog}' LIMIT 1"; $req_b = $mysqli->query($sql_b) or die($mysqli->error); $row_b = $req_b->fetch_assoc(); $b_name = "<strong>" . $row_b['realname'] . "</strong> | "; $b_link = $row_b['realname']; $b_colour1 = $row_b['blog_colour1']; $b_colour2 = $row_b['blog_colour2']; } else { $b_link = $blog_name; $b_colour1 = $blog_colour1; $b_colour2 = $blog_colour2;
header("Location:?show=addpost&topic={$post_topic}"); exit; } //get topic name to put at the top $sql_topic = "SELECT topic_name, topic_guest FROM forum_topics WHERE topic_id = '{$post_topic}'"; $request_topic = $mysqli->query($sql_topic) or die($mysqli->error); $row_topic = $request_topic->fetch_assoc(); $topic_name = $row_topic['topic_name']; //check whether quest posting is enabled if ($row_topic['topic_guest'] == 0) { header("Location:?"); exit; } $post_text = stripslashes($_POST['post_text']); $post_text2 = htmlentities($post_text, ENT_QUOTES); $post_text_preview = craptohtml($post_text); $usernumber = 0; $post_userid = 0; $post_user = "******"; $post_rankno = 0; $post_rank = moderatorlevels(0, 1); $post_colour = moderatorcolours(0, 1); $post_bg = backgroundcolours(0, 1); $post_scno = semicircle(0, 1); $post_posts = 1; $post_sig = "</td></tr><tr><td class='bottomall' style='background-color:{$post_bg}'> "; $post_sigline = ""; $avatar = "<img src='http://s3.shastrix.co.uk/forum/avatars/guest.jpg' height='90' width='90' border='0' alt='Avatar' />"; //the thing to test they are a real person and not a random bot from somewhere $test_no = rand(1, 12); switch ($test_no) {
//whack in a line break $post_user_split = chunk_split($post_user); $post_user = $post_user_split[0] . $post_user_split[1] . $post_user_split[2] . $post_user_split[3] . $post_user_split[4] . $post_user_split[5] . $post_user_split[6] . $post_user_split[7] . $post_user_split[8] . $post_user_split[9] . $post_user_split[10] . $post_user_split[11] . "<br />" . $post_user_split[12] . $post_user_split[13] . $post_user_split[14] . $post_user_split[15]; } if (!empty($row_user['location'])) { $post_location = "Location: " . $row_user[7] . "<br />"; } else { $post_location = ""; } $post_rankno = $row_user['forum_accesslevel']; $post_posts = $row_user['forum_posts']; $post_rank = moderatorlevels($row_user['forum_accesslevel'], $post_posts); $post_colour = moderatorcolours($row_user['forum_accesslevel'], $post_posts); $post_bg = backgroundcolours($row_user['forum_accesslevel'], $post_posts); if ($row_post['post_sig'] == 1 && !empty($row_user['forum_sig'])) { $post_sig = "</td></tr><tr><td width='680' height='10' colspan='3' class='sigbox' style='background-color:{$post_bg};'>---<br />" . craptohtml($row_user[1]); $post_sigline = ""; } else { $post_sig = "</td></tr><tr><td colspan='3' class='nosigbox' style='background-color:{$post_bg};'> "; $post_sigline = ""; } if (empty($row_user['forum_avatar'])) { $avatar = "<img src='http://s3.shastrix.co.uk/forum/avatars/0.png' height='90' width='90' border='0' alt='Avatar' />"; } else { switch ($row_user['forum_avatartype']) { case 1: $ext = ".gif"; break; case 2: $ext = ".jpg"; break;
\t\t</td> \t</tr> </table> <div style="float:left;">{$print_pv}</div><div style="float:right;">{$print_nx}</div> EOD; echo $print_e; //comments $sql_e = "SELECT comment_name, comment_timestamp, comment_text, comment_id FROM blogs_comments WHERE comment_entry = '" . $mysqli->real_escape_string($id) . "'"; //echo $sql_e; $request_e = $mysqli->query($sql_e) or die($mysqli->error); while ($row_e = $request_e->fetch_assoc()) { $e_name = $row_e['comment_name']; $e_timestamp = $row_e['comment_timestamp']; $e_text = craptohtml($row_e['comment_text']); $e_datetime = date("jS F Y, H:i", strtotime($e_timestamp)); $e_id = $row_e['comment_id']; //change this if ($user_access > 7) { $e_buttons = "<a href='?blog={$blog_name}&show=commentedit&id={$e_id}&y={$y}&m={$m}'><img src='gfx/edit.png'></a> <a href='?show=commentdelete&id={$e_id}&y={$y}&m={$m}'><img src='gfx/delete.png'></a>"; } else { $e_buttons = ""; } $print_e = <<<EOD <br /><br /> <table width="100%" cellspacing="0" cellpadding="5px" bgcolor="{$blog_colour2}"> \t<tr> \t\t<td width="80%" class="entry_topleft"> \t\t\t<strong>{$e_name}</strong> | {$e_datetime}