Exemple #1
0
function api_get_body($body, $status = 1)
{
    if ($status == 3) {
        $msgbody = '<font color="red">censored</font>';
    } else {
        if ($status == 2) {
            $msgbody = '';
            // message deleted
        } else {
            $msgbody = render_for_display($body);
        }
    }
    return $msgbody;
}
Exemple #2
0
             $msgbody = translit($row['body'], $translit_done);
             if (!is_null($msgbody) && strlen($msgbody) > 0 && !is_null($prefix) && strlen($prefix) > 0) {
                 $msgbody = $prefix . ' ' . str_replace("\n", "\n" . $prefix . ' ', $msgbody);
             }
             $msgbody = render_for_display($msgbody);
         } else {
             $msgbody = '';
             $subject = '<h3><I><font color="gray" size="14 pt"><del>This message has been deleted</del></font></I></h3>';
         }
     } else {
         $translit_done = false;
         $msgbody = translit($row['body'], $translit_done);
         if (!is_null($msgbody) && strlen($msgbody) > 0 && !is_null($prefix) && strlen($prefix) > 0) {
             $msgbody = $prefix . ' ' . str_replace("\n", "\n" . $prefix . ' ', $msgbody);
         }
         $msgbody = render_for_display($msgbody);
     }
 }
 $content_to_compare = $row['compare_to'];
 $start = '';
 $author = $author;
 $id = $row['id'];
 $msg_id = $row['msg_id'];
 $parent = $row['parent'];
 if (!is_null($parent)) {
     mysql_free_result($result);
     $query = 'SELECT u.username, u.moder, p.subject, p.closed as post_closed, p.auth, p.status, p.parent, CONVERT_TZ(p.created, \'' . $server_tz . '\', \'' . $prop_tz . ':00\') as created, p.body, p.author, u.id from confa_users u, confa_posts p where u.id=p.author and p.id=' . $parent;
     $result = mysql_query($query) or die('error to request parent message');
     if (mysql_num_rows($result) != 0) {
         $row = mysql_fetch_assoc($result) or die('error to fetch parent row');
         $proceeded = false;
Exemple #3
0
function post($subj, $body, $re = 0, $msg_id = 0, $ticket = "", $nsfw = false, $to)
{
    global $err_login, $logged_in, $ban, $ip, $agent, $user_id, $content_nsfw;
    $err = validate($subj, $body, $to);
    if (strlen($err) != 0) {
        return $err;
    } else {
        if (!$logged_in || $ban) {
            // just in case
            return "User not logged in or banned from forum";
        }
    }
    $chars = 0;
    $content_flags = 0;
    if (!is_null($body) && strlen($body) != 0) {
        $chars = strlen(utf8_decode($body));
        $length = strlen($body);
        if (stristr(render_for_display($body), "<img style")) {
            $content_flags |= 2;
        }
        $new_body = render_for_db($body);
        $has_video = false;
        before_bbcode($body, $has_video);
        if ($has_video || preg_match('/id="[a-z]*-video"/', $new_body)) {
            $content_flags |= 4;
        }
        $ibody = '\'' . mysql_escape_string($new_body) . '\'';
    } else {
        $ibody = "''";
    }
    if (isset($nsfw) && $nsfw !== false) {
        $content_flags |= $content_nsfw;
    }
    if (isset($to)) {
        $query = 'SELECT id from confa_users where username=\'' . mysql_escape_string($to) . '\' and status != 2';
        $result = mysql_query($query);
        if (!$result) {
            mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
            return 'Query failed';
        }
        $row = mysql_fetch_assoc($result);
        $to_id = $row['id'];
        if (is_null($to_id)) {
            return "No such recipient";
        }
    }
    if (strlen($ticket) > 0) {
        $query = 'INSERT into confa_tickets(ticket) values(\'' . $ticket . '\')';
        $result = mysql_query($query);
        if (!$result) {
            mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
            return 'This is duplicated post (ticket ' . $ticket . ')';
        }
    }
    if (isset($to_id)) {
        // send pmail
        $query = 'INSERT INTO confa_pm(sender, receiver, subject, body, chars) values(' . $user_id . ', ' . $to_id . ', \'' . mysql_escape_string($subj) . '\', ' . $ibody . ', ' . $chars . ')';
        $result = mysql_query($query);
        if (!$result) {
            mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
            return 'Query failed';
        }
        $id = mysql_insert_id();
        update_new_pm_count($to_id);
        return array("id" => $id);
    } else {
        if (isset($msg_id) && $msg_id > 0) {
            // update existing post
            $query = 'SELECT p.subject, p.body, p.status, p.author, p.created, p.thread_id, p.level, p.closed as post_closed, p.id, t.closed as thread_closed, ( select max(page) from confa_threads) - t.page + 1 as page from confa_posts p, confa_threads t where t.id=p.thread_id and p.id=' . $msg_id;
            $result = mysql_query($query);
            if (!$result) {
                mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                return 'Query failed';
            }
            if (mysql_num_rows($result) == 0) {
                return "Message not found";
            }
            $row = mysql_fetch_assoc($result);
            $thread_id = $row['thread_id'];
            $old_subject = $row['subject'];
            $old_body = $row['body'];
            $closed = !is_null($row['post_closed']) && $row['post_closed'] > 0 || !is_null($row['thread_closed']) && $row['thread_closed'] > 0;
            if ($closed || $row['status'] != 1 || !can_edit_post($row['author'], $row['created'], $user_id, $msg_id)) {
                return 'Modifications to this post are not allowed.';
            }
            if (strcmp($old_subject, $subj) != 0 || strcmp($old_body, $new_body) != 0) {
                // create a new version
                $query = 'INSERT INTO confa_versions (parent, subject, body, created, chars, IP, user_agent, views, content_flags) ' . ' SELECT id, subject, body, IF(ISNULL(modified), created, modified), chars, IP, user_agent, views, content_flags FROM confa_posts WHERE id=' . $msg_id;
                $result = mysql_query($query);
                if (!$result) {
                    mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                    return 'Query failed';
                }
            }
            // update post
            $query = 'UPDATE confa_posts SET subject=\'' . mysql_escape_string($subj) . '\',body=' . $ibody . ',modified=now(),ip=' . $ip . ',user_agent=' . $agent . ',content_flags=' . $content_flags . ', chars=' . $chars . ',views=0 WHERE id=' . $msg_id;
            $result = mysql_query($query);
            if (!$result) {
                mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                return 'Query failed';
            }
            return array("id" => $msg_id);
        } else {
            if ($re == 0) {
                // create new thread
                $query = 'select sum(counter) as cnt, page from confa_threads group by page desc limit 1';
                $result = mysql_query($query);
                if (!$result) {
                    mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                    return 'Query failed';
                }
                $row = mysql_fetch_assoc($result);
                $last_page = $row['page'];
                if ($row['cnt'] > 200) {
                    $last_page++;
                }
                if (is_null($last_page)) {
                    $last_page = 1;
                }
                $query = 'INSERT INTO confa_threads(author, page) values(' . $user_id . ', ' . $last_page . ')';
                $result = mysql_query($query);
                if (!$result) {
                    mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                    return 'Query failed';
                }
                $thread_id = mysql_insert_id();
                $query = 'INSERT INTO confa_posts(status, parent, author, subject, body, created, thread_id, chars, auth, ip, user_agent, content_flags) values(1, 0, ' . $user_id . ',\'' . mysql_escape_string($subj) . '\', ' . $ibody . ', now(), ' . $thread_id . ', ' . $chars . ', 1, ' . $ip . ', ' . $agent . ', ' . $content_flags . ')';
                $result = mysql_query($query);
                if (!$result) {
                    mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                    return 'Query failed';
                }
                $id = mysql_insert_id();
                $query = "UPDATE confa_users set status = 1 where id=" . $user_id;
                $result = mysql_query($query);
                if (!$result) {
                    mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                    return 'Query failed';
                }
                return array("id" => $id, "thread_id" => $thread_id);
            } else {
                // respond to an existing post
                $query = 'SELECT p.thread_id, p.level, p.closed as post_closed, p.id, t.closed as thread_closed, ( select max(page) from confa_threads) - t.page + 1 as page from confa_posts p, confa_threads t where t.id=p.thread_id and p.id=' . $re;
                $result = mysql_query($query);
                if (!$result) {
                    mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                    return 'Query failed';
                }
                if (mysql_num_rows($result) != 0) {
                    $row = mysql_fetch_assoc($result);
                    if (!is_null($row['post_closed']) && $row['post_closed'] > 0 || !is_null($row['thread_closed']) && $row['thread_closed'] > 0) {
                        return 'Replies to this post are disabled.';
                    }
                    $msg_page = $row['page'];
                    if (is_null($msg_page)) {
                        $msg_page = 1;
                    }
                    $thread_id = $row['thread_id'];
                    $level = $row['level'];
                    $level++;
                    $query = 'UPDATE confa_threads set counter=counter+1 where id=' . $thread_id;
                    $result = mysql_query($query);
                    if (!$result) {
                        mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                        return 'Query failed';
                    }
                } else {
                    return 'Cannot find parent for msg=' . $re;
                }
                $query = 'INSERT INTO confa_posts(status, parent, level, author, subject, body, created, thread_id, chars, auth, ip, user_agent, content_flags) values( 1, ' . $re . ', ' . $level . ', ' . $user_id . ',\'' . mysql_escape_string($subj) . '\', ' . $ibody . ', now(), ' . $thread_id . ', ' . $chars . ', 1, ' . $ip . ', ' . $agent . ', ' . $content_flags . ')';
                $result = mysql_query($query);
                if (!$result) {
                    mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                    return 'Query failed';
                }
                $id = mysql_insert_id();
                // wtf is this for?
                $query = "UPDATE confa_users set status = 1 where id=" . $user_id;
                $result = mysql_query($query);
                if (!$result) {
                    mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                    return 'Query failed';
                }
                return array("id" => $id);
            }
        }
    }
    return "";
}