alertMessage($alertmessage, $LANG_GF02['msg182'], $promptform); } else { $poster = DB_getItem($_TABLES['gf_topic'], "name", "id='{$fortopicid}'"); $postdate = COM_getUserDateTimeFormat(DB_getItem($_TABLES['gf_topic'], "date", "id='{$fortopicid}'")); $promptform .= '<div style="padding-top:10px;">' . $LANG_GF03['splitheading'] . '<br>'; $promptform .= '<input type="radio" name="splittype" value="remaining" CHECKED>' . $LANG_GF03['splitopt1'] . '<br>'; $promptform .= '<input type="radio" name="splittype" value="single">' . $LANG_GF03['splitopt2'] . '</div>'; $promptform .= '</div><div style="padding:20 0 5 20px;">'; $promptform .= '<input type="submit" NAME="submit" VALUE="' . $LANG_GF03['movetopic'] . '">'; $promptform .= ' <INPUT TYPE="submit" NAME="submit" VALUE="' . $LANG_GF01['CANCEL'] . '"></div>'; $promptform .= '</FORM></div>'; $alertmessage = sprintf($LANG_GF03['splittopicmsg'], $topictitle, $poster, $postdate[0]); alertMessage($alertmessage, $LANG_GF02['msg182'], $promptform); } } } elseif ($modfunction == 'banip' and forum_modPermission($forum, $_USER['uid'], 'mod_ban') and $fortopicid != 0) { $iptobansql = DB_query("SELECT ip FROM {$_TABLES['gf_topic']} WHERE id='{$fortopicid}'"); $forumpostipnum = DB_fetchArray($iptobansql); if ($forumpostipnum['ip'] == '') { alertMessage($LANG_GF02['msg174']); exit; } $alertmessage = '<p>' . $LANG_GF02['msg68'] . '</p><p>'; $alertmessage .= sprintf($LANG_GF02['msg69'], $forumpostipnum['ip']) . '</p>'; $promptform = '<p><FORM ACTION="' . $_CONF['site_url'] . '/forum/moderation.php" METHOD="POST">'; $promptform .= '<INPUT TYPE="hidden" NAME="hostip" VALUE="' . $forumpostipnum['ip'] . '">'; $promptform .= '<INPUT TYPE="hidden" NAME="confirmbanip" VALUE="1">'; $promptform .= '<INPUT TYPE="hidden" NAME="forum" VALUE="' . $forum . '">'; $promptform .= '<INPUT TYPE="hidden" NAME="fortopicid" VALUE="' . $fortopicid . '">'; $promptform .= '<CENTER><INPUT TYPE="submit" NAME="submit" VALUE="' . $LANG_GF01['CONFIRM'] . '">'; $promptform .= ' <INPUT TYPE="submit" NAME="submit" VALUE="' . $LANG_GF01['CANCEL'] . '">';
function forum_getmodFunctions($showtopic) { global $_USER, $_TABLES, $LANG_GF03, $LANG_GF01, $page; $retval = ''; $options = ''; if (forum_modPermission($showtopic['forum'], $_USER['uid'], 'mod_edit')) { $options .= '<OPTION VALUE="editpost">' . $LANG_GF03['edit']; if ($showtopic['locked'] == 1) { $options .= '<OPTION VALUE="lockedpost">' . $LANG_GF03['lockedpost']; } } if (forum_modPermission($showtopic['forum'], $_USER['uid'], 'mod_delete')) { $options .= '<OPTION VALUE="deletepost">' . $LANG_GF03['delete']; } if (forum_modPermission($showtopic['forum'], $_USER['uid'], 'mod_ban')) { $options .= '<OPTION VALUE="banip">' . $LANG_GF03['ban']; } if ($showtopic['pid'] == 0) { if (forum_modPermission($showtopic['forum'], $_USER['uid'], 'mod_move')) { $options .= '<OPTION VALUE="movetopic">' . $LANG_GF03['move']; } } elseif (forum_modPermission($showtopic['forum'], $_USER['uid'], 'mod_move')) { $options .= '<OPTION VALUE="movetopic">' . $LANG_GF03['split']; } if ($options != '') { $retval .= '<FORM ACTION="moderation.php" METHOD="POST" style="margin:0px;"><SELECT NAME="modfunction">'; $retval .= $options; if ($showtopic['pid'] == 0) { $msgpid = $showtopic['id']; $top = "yes"; } else { $msgpid = $showtopic['pid']; $top = "no"; } $retval .= '</SELECT><INPUT TYPE="hidden" NAME="fortopicid" VALUE="' . $showtopic['id'] . '">'; $retval .= '<INPUT TYPE="hidden" NAME="forum" VALUE="' . $showtopic['forum'] . '">'; $retval .= '<INPUT TYPE="hidden" NAME="msgpid" VALUE="' . $msgpid . '">'; $retval .= '<INPUT TYPE="hidden" NAME="top" VALUE="' . $top . '">'; $retval .= '<INPUT TYPE="hidden" NAME="page" VALUE="' . $page . '">'; $retval .= ' <INPUT TYPE="submit" NAME="submit" VALUE="' . $LANG_GF01['GO'] . '!">'; $retval .= '</FORM>'; } return $retval; }
// | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +---------------------------------------------------------------------------+ // require_once "../lib-common.php"; // Path to your lib-common.php require_once $_CONF['path_html'] . 'forum/include/gf_format.php'; $deleteid = COM_applyFilter($_GET['id'], true); $topic = COM_applyFilter($_GET['topic'], true); COM_errorLog("topic:{$topic}"); $query = DB_query("SELECT uid,forum,date FROM {$_TABLES['gf_topic']} WHERE id={$topic}"); $edittopic = DB_fetchArray($query, false); $editAllowed = false; if (forum_modPermission($edittopic['forum'], $_USER['uid'], 'mod_edit')) { $editAllowed = true; } elseif ($edittopic['uid'] > 1 and $edittopic['uid'] == $_USER['uid']) { // User is trying to edit their topic post - this is allowed if ($edittopic['date'] > 0) { if ($CONF_FORUM['allowed_editwindow'] > 0) { // Check if edit timeframe is still valid $t2 = $CONF_FORUM['allowed_editwindow']; $time = time(); if (time() - $t2 < $edittopic['date']) { $editAllowed = true; } } else { $editAllowed = true; } }
} } $topiclisting->set_var('cat_name', $category['cat_name']); $topiclisting->set_var('category_id', $category['id']); $topiclisting->set_var('forum_name', $category['forum_name']); $topiclisting->set_var('forum_id', $forum); $topiclisting->set_var('imgset', $CONF_FORUM['imgset']); $topiclisting->set_var('LANG_TOPIC', $LANG_GF01['TOPICSUBJECT']); $topiclisting->set_var('LANG_STARTEDBY', $LANG_GF01['STARTEDBY']); $topiclisting->set_var('LANG_REPLIES', $LANG_GF01['REPLIES']); $topiclisting->set_var('LANG_VIEWS', $LANG_GF01['VIEWS']); $topiclisting->set_var('LANG_LASTPOST', $LANG_GF01['LASTPOST']); $topiclisting->set_var('LANG_AUTHOR', $LANG_GF01['AUTHOR']); $topiclisting->set_var('LANG_MSG05', $LANG_GF01['LASTPOST']); $topiclisting->set_var('LANG_newforumposts', $LANG_GF02['msg113']); if ($category['is_readonly'] == 0 or forum_modPermission($forum, $_USER['uid'], 'mod_edit')) { $topiclisting->set_var('LANG_newtopic', $LANG_GF01['NEWTOPIC']); $topiclisting->set_var('newtopiclinktext', $LANG_GF09['newtopic']); $topiclisting->set_var('newtopiclinkimg', gf_getImage('post_newtopic')); $topiclisting->set_var('newtopiclink', "{$_CONF['site_url']}/forum/createtopic.php?method=newtopic&forum={$forum}"); $topiclisting->parse('newtopic_link', 'newtopic_link'); } else { $topiclisting->set_var('LANG_newtopic', ''); $topiclisting->set_var('newtopiclink', '#'); } $displaypostpages = $LANG_GF01['PAGES'] . ':'; // FIXME: is this used anywhere? while ($record = DB_fetchArray($topicResults, false)) { if ($record['replies'] + 1 <= $CONF_FORUM['show_posts_perpage']) { $displaypageslink = ""; $gotomsg = "";
function forum_getmodFunctions($showtopic) { global $_USER, $_CONF, $_TABLES, $LANG_GF03, $LANG_GF01, $page; $retval = ''; $options = ''; if (COM_isAnonUser()) { return $retval; } if (forum_modPermission($showtopic['forum'], $_USER['uid'], 'mod_edit')) { $options .= '<option value="editpost">' . $LANG_GF03['edit'] . '</option>'; if ($showtopic['locked'] == 1) { $options .= '<option value="lockedpost">' . $LANG_GF03['lockedpost'] . '</option>'; } } if (forum_modPermission($showtopic['forum'], $_USER['uid'], 'mod_delete')) { $options .= '<option value="deletepost">' . $LANG_GF03['delete'] . '</option>'; } if (forum_modPermission($showtopic['forum'], $_USER['uid'], 'mod_ban')) { $options .= '<option value="banippost">' . $LANG_GF03['banippost'] . '</option>'; } if (forum_modPermission($showtopic['forum'], $_USER['uid'], 'mod_ban')) { if (function_exists('BAN_for_plugins_check_access') and BAN_for_plugins_check_access()) { $iptobansql = DB_query("SELECT ip FROM {$_TABLES['forum_topic']} WHERE id='{$showtopic['id']}'"); $forumpostipnum = DB_fetchArray($iptobansql); $ip_address = $forumpostipnum['ip']; if ($ip_address != '') { if (BAN_for_plugins_ban_found($ip_address)) { $options .= '<option value="banip">' . $LANG_GF03['banipremove'] . '</option>'; } else { $options .= '<option value="banip">' . $LANG_GF03['banip'] . '</option>'; } } } } if ($showtopic['pid'] == 0) { if (forum_modPermission($showtopic['forum'], $_USER['uid'], 'mod_move')) { $options .= '<option value="movetopic">' . $LANG_GF03['move'] . '</option>'; } } elseif (forum_modPermission($showtopic['forum'], $_USER['uid'], 'mod_move')) { $options .= '<option value="movetopic">' . $LANG_GF03['split'] . '</option>'; } if ($options != '') { $retval .= '<select name="modfunction">'; $retval .= $options; if ($showtopic['pid'] == 0) { $msgpid = $showtopic['id']; $top = "yes"; } else { $msgpid = $showtopic['pid']; $top = "no"; } $retval .= '</select> '; $retval .= '<input type="submit" name="submit" value="' . $LANG_GF01['GO'] . '!"' . XHTML . '>'; $retval .= '<input type="hidden" name="fortopicid" value="' . $showtopic['id'] . '"' . XHTML . '>'; $retval .= '<input type="hidden" name="forum" value="' . $showtopic['forum'] . '"' . XHTML . '>'; $retval .= '<input type="hidden" name="msgpid" value="' . $msgpid . '"' . XHTML . '>'; $retval .= '<input type="hidden" name="top" value="' . $top . '"' . XHTML . '>'; $retval .= '<input type="hidden" name="page" value="' . $page . '"' . XHTML . '>'; } return $retval; }
function forum_getmodFunctions($showtopic) { global $_USER, $_CONF, $_TABLES, $LANG_GF03, $LANG_GF01, $page; $retval = ''; $options = ''; if (COM_isAnonUser()) { return $retval; } if (forum_modPermission($showtopic['forum'], $_USER['uid'], 'mod_edit')) { $options .= '<option value="editpost">' . $LANG_GF03['edit'] . '</option>'; if ($showtopic['locked'] == 1) { $options .= '<option value="lockedpost">' . $LANG_GF03['lockedpost'] . '</option>'; } } if (forum_modPermission($showtopic['forum'], $_USER['uid'], 'mod_delete')) { $options .= '<option value="deletepost">' . $LANG_GF03['delete'] . '</option>'; } if (forum_modPermission($showtopic['forum'], $_USER['uid'], 'mod_ban')) { $options .= '<option value="banip">' . $LANG_GF03['ban'] . '</option>'; } if ($showtopic['pid'] == 0) { if (forum_modPermission($showtopic['forum'], $_USER['uid'], 'mod_move')) { $options .= '<option value="movetopic">' . $LANG_GF03['move'] . '</option>'; } } elseif (forum_modPermission($showtopic['forum'], $_USER['uid'], 'mod_move')) { $options .= '<option value="movetopic">' . $LANG_GF03['split'] . '</option>'; } if ($options != '') { $retval .= '<form action="' . $_CONF['site_url'] . '/forum/moderation.php" method="post" style="margin:0px;"><div><select name="modfunction">'; $retval .= $options; if ($showtopic['pid'] == 0) { $msgpid = $showtopic['id']; $top = "yes"; } else { $msgpid = $showtopic['pid']; $top = "no"; } $retval .= '</select> '; $retval .= '<input type="submit" name="submit" value="' . $LANG_GF01['GO'] . '!"' . XHTML . '>'; $retval .= '<input type="hidden" name="fortopicid" value="' . $showtopic['id'] . '"' . XHTML . '>'; $retval .= '<input type="hidden" name="forum" value="' . $showtopic['forum'] . '"' . XHTML . '>'; $retval .= '<input type="hidden" name="msgpid" value="' . $msgpid . '"' . XHTML . '>'; $retval .= '<input type="hidden" name="top" value="' . $top . '"' . XHTML . '>'; $retval .= '<input type="hidden" name="page" value="' . $page . '"' . XHTML . '>'; $retval .= '</div></form>'; } return $retval; }
while ($topicRec = DB_fetchArray($result)) { //$intervalTime = $mytimer->stopTimer(); //COM_errorLog("Topic Display Time: $intervalTime"); if ($CONF_FORUM['show_anonymous_posts'] == 0 and $topicRec['uid'] == 1) { $display .= '<div class="pluginAlert" style="padding:10px;margin:10px;">' . $LANG_GF02['msg300'] . '</div>'; break; //Do nothing - but this way I don't always have to do this check } else { $display .= showtopic($topicRec, $mode, $onetwo, $page); $onetwo = $onetwo == 1 ? 2 : 1; } } if ($mode != 'preview') { $topic_footer = COM_newTemplate($CONF_FORUM['path_layout'] . 'forum/layout'); $topic_footer->set_file(array('topicfooter' => 'topicfooter.thtml', 'new' => 'links/newtopic.thtml', 'reply' => 'links/replytopic.thtml')); if ($viewtopic['is_readonly'] == 0 or forum_modPermission($viewtopic['forum'], $_USER['uid'], 'mod_edit')) { $newtopiclink = "{$_CONF['site_url']}/forum/createtopic.php?method=newtopic&forum={$forum}"; $newtopiclinktext = $LANG_GF09['newtopic']; $topic_footer->set_var('layout_url', $CONF_FORUM['layout_url']); $topicDisplayTime = $mytimer->stopTimer(); $topic_footer->set_var('page_generated_time', sprintf($LANG_GF02['msg179'], $topicDisplayTime)); $topic_footer->set_var('newtopiclink', $newtopiclink); $topic_footer->set_var('newtopiclinkimg', gf_getImage('post_newtopic')); $topic_footer->set_var('newtopiclinktext', $newtopiclinktext); $topic_footer->set_var('LANG_newtopic', $LANG_GF01['NEWTOPIC']); $topic_footer->parse('newtopic_link', 'new'); if ($viewtopic['locked'] != 1) { $replytopiclink = "{$_CONF['site_url']}/forum/createtopic.php?method=postreply&forum={$forum}&id={$replytopic_id}"; $topic_footer->set_var('replytopiclink', $replytopiclink); $topic_footer->set_var('replytopiclinkimg', gf_getImage('post_reply')); $topic_footer->set_var('replytopiclinktext', $LANG_GF09['replytopic']);
function FF_saveTopic($forumData, $postData, $action) { global $_CONF, $_TABLES, $_FF_CONF, $_USER, $LANG03, $LANG_GF01, $LANG_GF02; $retval = ''; $uploadErrors = ''; $msg = ''; $errorMessages = ''; $email = ''; $forumfiles = array(); $okToSave = true; $dt = new Date('now', $_USER['tzid']); $date = $dt->toUnix(); $REMOTE_ADDR = $_SERVER['REMOTE_ADDR']; if (COM_isAnonUser()) { $uid = 1; } else { $uid = $_USER['uid']; } // verify postmode is allowed if (strtolower($postData['postmode']) == 'html') { if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) { $postData['postmode'] = 'html'; } else { $postData['postmode'] = 'text'; } } // is forum readonly? if ($forumData['is_readonly'] == 1) { // Check if this user has moderation rights now to allow a post to a locked topic if (!forum_modPermission($forumData['forum'], $uid, 'mod_edit')) { _ff_accessError(); } } if ($action == 'saveedit') { // does the forum match the forum id of the posted data? if ($forumData['forum'] != 0 && $forumData['forum'] != $postData['forum']) { _ff_accessError(); } $editid = COM_applyFilter($postData['editid'], true); $forum = COM_applyFilter($postData['forum'], true); $editAllowed = false; if (forum_modPermission($forumData['forum'], $_USER['uid'], 'mod_edit')) { $editAllowed = true; } else { if ($_FF_CONF['allowed_editwindow'] > 0) { $t1 = DB_getItem($_TABLES['ff_topic'], 'date', "id=" . (int) $postData['id']); $t2 = $_FF_CONF['allowed_editwindow']; $time = time(); if (time() - $t2 < $t1) { $editAllowed = true; } } else { $editAllowed = true; } } if ($postData['editpid'] < 1 && trim($postData['subject']) == '') { $retval .= FF_BlockMessage('', $LANG_GF02['msg18'], false); $okToSave = false; } elseif (!$editAllowed) { $link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . (int) $postData['$id']; $retval .= _ff_alertMessage('', $LANG_GF02['msg189'], sprintf($LANG_GF02['msg187'], $link)); $okToSave = false; } } else { if (!COM_isAnonUser() && $_FF_CONF['use_sfs']) { $email = isset($_USER['email']) ? $_USER['email'] : ''; } } if (isset($postData['name']) && $postData['name'] != '') { $name = _ff_preparefordb(@htmlspecialchars(strip_tags(trim(COM_checkWords(USER_sanitizeName($postData['name'])))), ENT_QUOTES, COM_getEncodingt()), 'text'); $name = urldecode($name); } else { $okToSave = false; $errorMessages .= $LANG_GF02['invalid_name'] . '<br />'; } // speed limit check if (!SEC_hasRights('forum.edit')) { COM_clearSpeedlimit($_FF_CONF['post_speedlimit'], 'forum'); $last = COM_checkSpeedlimit('forum'); if ($last > 0) { $errorMessages .= sprintf($LANG_GF01['SPEEDLIMIT'], $last, $_FF_CONF['post_speedlimit']) . '<br/>'; $okToSave = false; } } // standard edit checks if (strlen(trim($postData['name'])) < $_FF_CONF['min_username_length'] || strlen(trim($postData['subject'])) < $_FF_CONF['min_subject_length'] || strlen(trim($postData['comment'])) < $_FF_CONF['min_comment_length']) { $errorMessages .= $LANG_GF02['msg18'] . '<br/>'; $okToSave = false; } // CAPTCHA check if (function_exists('plugin_itemPreSave_captcha') && $okToSave == true) { if (!isset($postData['captcha'])) { $postData['captcha'] = ''; } $msg = plugin_itemPreSave_captcha('forum', $postData['captcha']); if ($msg != '') { $errorMessages .= $msg . '<br/>'; $okToSave = false; } } // spamx check if ($_FF_CONF['use_spamx_filter'] == 1 && $okToSave == true) { // Check for SPAM $spamcheck = '<h1>' . $postData['subject'] . '</h1><p>' . $postData['comment'] . '</p>'; $result = PLG_checkforSpam($spamcheck, $_CONF['spamx']); // Now check the result and redirect to index.php if spam action was taken if ($result > 0) { // then tell them to get lost ... $errorMessages .= $LANG_GF02['spam_detected']; $okToSave = false; } } if ($_FF_CONF['use_sfs'] == 1 && COM_isAnonUser() && function_exists('plugin_itemPreSave_spamx')) { $spamCheckData = array('username' => $postData['name'], 'email' => $email, 'ip' => $REMOTE_ADDR); $msg = plugin_itemPreSave_spamx('forum', $spamCheckData); if ($msg) { $errorMessages .= $msg; $okToSave = false; } } if ($okToSave == false) { $retval .= _ff_alertMessage($errorMessages, $LANG_GF01['ERROR'], ' '); return array(false, $retval); } if ($okToSave == true) { if (!isset($postData['postmode_switch'])) { $postData['postmode_switch'] = 0; } $postmode = _ff_chkpostmode($postData['postmode'], $postData['postmode_switch']); // validate postmode if ($postmode == 'html' || $postmode == 'HTML') { if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) { $postmode = 'html'; } else { $postmode = 'text'; } } $subject = _ff_preparefordb(strip_tags($postData['subject']), 'text'); $comment = _ff_preparefordb($postData['comment'], $postmode); $mood = isset($postData['mood']) ? COM_applyFilter($postData['mood']) : ''; $id = COM_applyFilter($postData['id'], true); $forum = COM_applyFilter($postData['forum'], true); $notify = isset($postData['notify']) ? COM_applyFilter($postData['notify']) : ''; $status = 0; if (isset($postData['disable_bbcode']) && $postData['disable_bbcode'] == 1) { $status += DISABLE_BBCODE; } if (isset($postData['disable_smilies']) && $postData['disable_smilies'] == 1) { $status += DISABLE_SMILIES; } if (isset($postData['disable_urlparse']) && $postData['disable_urlparse'] == 1) { $status += DISABLE_URLPARSE; } // If user has moderator edit rights only $locked = 0; $sticky = 0; if (isset($postData['modedit']) && $postData['modedit'] == 1) { if (isset($postData['locked_switch']) && $postData['locked_switch'] == 1) { $locked = 1; } if (isset($postData['sticky_switch']) && $postData['sticky_switch'] == 1) { $sticky = 1; } } if ($action == 'savetopic') { $fields = "forum,name,email,date,lastupdated,subject,comment,postmode,ip,mood,uid,pid,sticky,locked,status"; $sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) "; $sql .= "VALUES (" . (int) $forum . "," . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'" . DB_escapeString($date) . "'," . "'" . $subject . "'," . "'" . $comment . "'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . "0," . (int) $sticky . "," . (int) $locked . "," . (int) $status . ")"; DB_query($sql); // Find the id of the last inserted topic list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} ")); $savedPostID = $lastid; $topicPID = $lastid; /* Check for any uploaded files - during add of new topic */ $uploadErrors = _ff_check4files($lastid); // Check and see if there are no [file] bbcode tags in content and reset the show_inline value // This is needed in case user had used the file bbcode tag and then removed it $imagerecs = ''; $imagerecs = implode(',', $forumfiles); $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid . " "; if ($imagerecs != '') { $sql .= "AND id NOT IN ({$imagerecs})"; } DB_query($sql); // Update forums record DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, topic_count=topic_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum); if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) { DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $lastid); } DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0"); } else { if ($action == 'savereply') { $fields = "name,email,date,subject,comment,postmode,ip,mood,uid,pid,forum,status"; $sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) "; $sql .= "VALUES (" . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'{$subject}'," . "'{$comment}'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . (int) $id . "," . (int) $forum . "," . (int) $status . ")"; DB_query($sql); // Find the id of the last inserted topic list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} ")); $savedPostID = $lastid; $topicPID = $id; /* Check for any uploaded files - during adding reply post */ $uploadErrors = _ff_check4files($lastid); // Check and see if there are no [file] bbcode tags in content and reset the show_inline value // This is needed in case user had used the file bbcode tag and then removed it $imagerecs = ''; $imagerecs = implode(',', $forumfiles); $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid; if ($imagerecs != '') { $sql .= " AND id NOT IN ({$imagerecs})"; } DB_query($sql); DB_query("UPDATE {$_TABLES['ff_topic']} SET replies=replies+1, lastupdated='" . DB_escapeString($date) . "',last_reply_rec=" . (int) $lastid . " WHERE id=" . (int) $id); DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum); if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) { DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $id); } DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0"); } elseif ($action == 'saveedit') { $sql = "UPDATE {$_TABLES['ff_topic']} SET " . "subject='{$subject}'," . "comment='{$comment}'," . "postmode='" . DB_escapeString($postmode) . "'," . "mood='" . DB_escapeString($mood) . "'," . "sticky=" . (int) $sticky . "," . "locked=" . (int) $locked . "," . "status=" . (int) $status . " " . "WHERE (id=" . (int) $editid . ")"; DB_query($sql); /* Check for any uploaded files - during save of edit */ $uploadErrors = _ff_check4files($editid); // Check and see if there are no [file] bbcode tags in content and reset the show_inline value // This is needed in case user had used the file bbcode tag and then removed it $imagerecs = ''; $imagerecs = implode(',', $forumfiles); $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $editid . " "; if ($imagerecs != '') { $sql .= "AND id NOT IN ({$imagerecs})"; } DB_query($sql); $topicPID = DB_getITEM($_TABLES['ff_topic'], "pid", "id=" . (int) $editid); if ($topicPID == 0) { $topicPID = $editid; } $savedPostID = $editid; if ($postData['silentedit'] != 1) { DB_query("UPDATE {$_TABLES['ff_topic']} SET lastupdated='" . DB_escapeString($date) . "' WHERE id=" . (int) $topicPID); //Remove any lastviewed records in the log so that the new updated topic indicator will appear DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0"); } if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $editid)) { DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $topicPID); } $topicparent = $topicPID; } } COM_updateSpeedLimit('forum'); PLG_itemSaved($savedPostID, 'forum'); CACHE_remove_instance('forumcb'); if (!COM_isAnonUser()) { //NOTIFY - Checkbox variable in form set to "on" when checked and they don't already have subscribed to forum or topic $nid = -$topicPID; $currentForumNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id=0 AND uid=" . (int) $uid); $currentTopicNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($topicPID) . "' AND uid=" . (int) $uid); $currentTopicUnNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($nid) . "' AND uid=" . (int) $uid); $forum_name = DB_getItem($_TABLES['ff_forums'], 'forum_name', 'forum_id=' . (int) $forum); $topic_name = $subject; if ($notify == 'on' and ($currentForumNotifyRecID < 1 and $currentTopicNotifyRecID < 1)) { $sql = "INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) "; $sql .= "VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($topicPID) . "','" . $subject . "'," . (int) $uid . ",now() )"; DB_query($sql); } elseif ($notify == 'on' and $currentTopicUnNotifyRecID > 1) { // Had un-subcribed to topic and now wants to subscribe DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE sub_id=" . (int) $currentTopicUnNotifyRecID); } elseif ($notify == '' and $currentTopicNotifyRecID > 1) { // Subscribed to topic - but does not want to be notified anymore DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'"); } elseif ($notify == '' and $currentForumNotifyRecID > 1) { // Subscribed to forum - but does not want to be notified about this topic DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'"); DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($nid) . "'"); DB_query("INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($nid) . "','" . $subject . "'," . (int) $uid . ",now() )"); } } if ($action != 'saveedit') { _ff_chknotifications($forum, $savedPostID, $uid); } $link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topicPID . '&topic=' . $savedPostID . '#' . $savedPostID; if ($uploadErrors != '') { $autorefresh = false; } else { $autorefresh = true; } $retval .= FF_statusMessage($uploadErrors . $LANG_GF02['msg19'], $link, $LANG_GF02['msg19'], false, '', $autorefresh); } else { $retval .= _ff_alertMessage($LANG_GF02['msg18']); } return array(true, $retval); }
$topicnavbar->set_var('hidden_method', ''); $topicnavbar->set_var('page', $page); $topicnavbar->set_var('LANG_bhelp', $LANG_GF01['b_help']); $topicnavbar->set_var('LANG_ihelp', $LANG_GF01['i_help']); $topicnavbar->set_var('LANG_uhelp', $LANG_GF01['u_help']); $topicnavbar->set_var('LANG_qhelp', $LANG_GF01['q_help']); $topicnavbar->set_var('LANG_chelp', $LANG_GF01['c_help']); $topicnavbar->set_var('LANG_lhelp', $LANG_GF01['l_help']); $topicnavbar->set_var('LANG_ohelp', $LANG_GF01['o_help']); $topicnavbar->set_var('LANG_phelp', $LANG_GF01['p_help']); $topicnavbar->set_var('LANG_whelp', $LANG_GF01['w_help']); $topicnavbar->set_var('LANG_ahelp', $LANG_GF01['a_help']); $topicnavbar->set_var('LANG_shelp', $LANG_GF01['s_help']); $topicnavbar->set_var('LANG_fhelp', $LANG_GF01['f_help']); $topicnavbar->set_var('LANG_hhelp', $LANG_GF01['h_help']); if (!COM_isAnonUser() and forum_modPermission($forum, $_USER['uid'], 'mod_edit')) { $editmoderator = TRUE; $topicnavbar->set_var('hidden_modedit', '1'); } else { $topicnavbar->set_var('hidden_modedit', '0'); $editmoderator = FALSE; } if ($method == 'newtopic') { $postmessage = $LANG_GF02['PostTopic']; $topicnavbar->set_var('hidden_method', 'newtopic'); $editpid = 0; } elseif ($method == 'postreply') { $postmessage = $LANG_GF02['PostReply']; $topicnavbar->set_var('hidden_method', 'postreply'); if ($preview != 'Preview') { $subject = $LANG_GF01['RE'] . $subject;
$move_to_topic = isset($_POST['mergetopic']) ? COM_applyFilter($_POST['mergetopic'], true) : 0; $splittype = ''; $move_to_forum = DB_getItem($_TABLES['ff_topic'], 'forum', 'id=' . (int) $move_to_topic); if ($move_to_forum == '') { moderator_error(ACCESS_DENIED); } if (!forum_modPermission($move_to_forum, $_USER['uid'], 'mod_move')) { moderator_error(ACCESS_DENIED); } if ($splittype != 'single' && $splittype != 'remaining') { $splittype = ''; } $pageBody .= moderator_mergePost($topic_id, $topic_parent_id, $forum_id, $move_to_forum, $move_to_topic, $splittype); break; case 'confirmbanip': if (!forum_modPermission($forum_id, $_USER['uid'], 'mod_ban')) { moderator_error(ACCESS_DENIED); } if ($topic_id == 0) { moderator_error(ERROR_TOPIC_ID); } $hostip = isset($_POST['hostip']) ? COM_applyFilter($_POST['hostip']) : ''; $pageBody .= moderator_banIP($topic_id, $topic_parent_id, $forum_id, $hostip); break; default: $pageBody .= alertMessage($LANG_GF02['msg71'], '', '', true); break; } } // Display Common headers $display = FF_siteHeader();
$topicnavbar->set_var('hidden_method', ''); $topicnavbar->set_var('page', $page); $topicnavbar->set_var('LANG_bhelp', $LANG_GF01['b_help']); $topicnavbar->set_var('LANG_ihelp', $LANG_GF01['i_help']); $topicnavbar->set_var('LANG_uhelp', $LANG_GF01['u_help']); $topicnavbar->set_var('LANG_qhelp', $LANG_GF01['q_help']); $topicnavbar->set_var('LANG_chelp', $LANG_GF01['c_help']); $topicnavbar->set_var('LANG_lhelp', $LANG_GF01['l_help']); $topicnavbar->set_var('LANG_ohelp', $LANG_GF01['o_help']); $topicnavbar->set_var('LANG_phelp', $LANG_GF01['p_help']); $topicnavbar->set_var('LANG_whelp', $LANG_GF01['w_help']); $topicnavbar->set_var('LANG_ahelp', $LANG_GF01['a_help']); $topicnavbar->set_var('LANG_shelp', $LANG_GF01['s_help']); $topicnavbar->set_var('LANG_fhelp', $LANG_GF01['f_help']); $topicnavbar->set_var('LANG_hhelp', $LANG_GF01['h_help']); if (!COM_isAnonUser() and forum_modPermission($forum, $_USER['uid'], 'mod_edit') or SEC_inGroup('Root')) { $editmoderator = TRUE; $topicnavbar->set_var('hidden_modedit', '1'); } else { $topicnavbar->set_var('hidden_modedit', '0'); $editmoderator = FALSE; } if ($method == 'newtopic') { $postmessage = $LANG_GF02['PostTopic']; $topicnavbar->set_var('hidden_method', 'newtopic'); $editpid = 0; } elseif ($method == 'postreply') { $postmessage = $LANG_GF02['PostReply']; $topicnavbar->set_var('hidden_method', 'postreply'); if ($preview != 'Preview') { $subject = $LANG_GF01['RE'] . $subject;
if (!in_array('forum', $_PLUGINS)) { exit; } USES_forum_functions(); USES_forum_format(); $deleteid = COM_applyFilter($_GET['id'], true); $topic = COM_applyFilter($_GET['topic'], true); $query = DB_query("SELECT uid,forum,date FROM {$_TABLES['ff_topic']} WHERE id=" . (int) $topic); $edittopic = DB_fetchArray($query, false); $editAllowed = false; if (COM_isAnonUser()) { $uid = 1; } else { $uid = $_USER['uid']; } if (forum_modPermission($edittopic['forum'], $uid, 'mod_edit')) { $editAllowed = true; } elseif ($edittopic['uid'] > 1 and $edittopic['uid'] == $uid) { // User is trying to edit their topic post - this is allowed if ($edittopic['date'] > 0) { if ($_FF_CONF['allowed_editwindow'] > 0) { // Check if edit timeframe is still valid $t2 = $_FF_CONF['allowed_editwindow']; $time = time(); if (time() - $t2 < $edittopic['date']) { $editAllowed = true; } } else { $editAllowed = true; } }