"><?php echo $ForumName; ?> </a> > <?php echo $ThreadTitle; ?> </div> <div class="linkbox"> <?php echo $Pages; ?> </div> <?php if (!$ThreadInfo['IsLocked'] || check_perms('site_moderate_forums')) { if (Forums::check_forumperm($ForumID, 'Write') && !$LoggedUser['DisablePosting']) { View::parse('generic/reply/quickreply.php', array('InputTitle' => 'Post reply', 'InputName' => 'thread', 'InputID' => $ThreadID, 'ForumID' => $ForumID, 'TextareaCols' => 90)); } } if (check_perms('site_moderate_forums')) { G::$DB->query("\n\t\t\tSELECT ID, AuthorID, AddedTime, Body\n\t\t\tFROM forums_topic_notes\n\t\t\tWHERE TopicID = {$ThreadID}\n\t\t\tORDER BY ID ASC"); $Notes = G::$DB->to_array(); ?> <br /> <h3 id="thread_notes">Thread notes</h3> <a href="#" onclick="$('#thread_notes_table').gtoggle(); return false;" class="brackets">Toggle</a> <form action="forums.php" method="post"> <input type="hidden" name="action" value="take_topic_notes" /> <input type="hidden" name="auth" value="<?php echo $LoggedUser['AuthKey']; ?> " />
} $ForumName = display_str($Forums[$ForumID]['Name']); if (!Forums::check_forumperm($ForumID)) { error(403); } // Start printing View::show_header('Forums > ' . $Forums[$ForumID]['Name'], '', $IsDonorForum ? 'donor' : ''); ?> <div class="thin"> <h2><a href="forums.php">Forums</a> > <?php echo $ForumName; ?> </h2> <div class="linkbox"> <?php if (Forums::check_forumperm($ForumID, 'Write') && Forums::check_forumperm($ForumID, 'Create')) { ?> <a href="forums.php?action=new&forumid=<?php echo $ForumID; ?> " class="brackets">New thread</a> <?php } ?> <a href="#" onclick="$('#searchforum').gtoggle(); this.innerHTML = (this.innerHTML == 'Search this forum' ? 'Hide search' : 'Search this forum'); return false;" class="brackets">Search this forum</a> <div id="searchforum" class="hidden center"> <div style="display: inline-block;"> <h3>Search this forum:</h3> <form class="search_form" name="forum" action="forums.php" method="get"> <table cellpadding="6" cellspacing="1" border="0" class="layout border"> <tr>
if (isset($_GET['pp'])) { $PerPage = $_GET['pp']; } elseif (isset($LoggedUser['PostsPerPage'])) { $PerPage = $LoggedUser['PostsPerPage']; } else { $PerPage = POSTS_PER_PAGE; } //---------- Get some data to start processing // Thread information, constant across all pages $ThreadInfo = Forums::get_thread_info($ThreadID, true, true); if ($ThreadInfo === null) { json_die('failure', 'no such thread exists'); } $ForumID = $ThreadInfo['ForumID']; // Make sure they're allowed to look at the page if (!Forums::check_forumperm($ForumID)) { print json_encode(array('status' => 'failure')); die; } //Post links utilize the catalogue & key params to prevent issues with custom posts per page if ($ThreadInfo['Posts'] > $PerPage) { if (isset($_GET['post']) && is_number($_GET['post'])) { $PostNum = $_GET['post']; } elseif (isset($_GET['postid']) && is_number($_GET['postid'])) { $DB->query("\n\t\t\tSELECT COUNT(ID)\n\t\t\tFROM forums_posts\n\t\t\tWHERE TopicID = {$ThreadID}\n\t\t\t\tAND ID <= {$_GET['postid']}"); list($PostNum) = $DB->next_record(); } else { $PostNum = 1; } } else { $PostNum = 1;
} $Body = $_POST['body']; if (!empty($LoggedUser['DisablePosting'])) { error('Your posting privileges have been removed.'); } $TopicID = $_POST['thread']; $ThreadInfo = Forums::get_thread_info($TopicID); if ($ThreadInfo === null) { error(404); } $ForumID = $ThreadInfo['ForumID']; $SQLTime = sqltime(); if (!Forums::check_forumperm($ForumID)) { error(403); } if (!Forums::check_forumperm($ForumID, 'Write') || $LoggedUser['DisablePosting'] || $ThreadInfo['IsLocked'] == '1' && !check_perms('site_moderate_forums')) { error(403); } if (isset($_POST['subscribe']) && Subscriptions::has_subscribed($TopicID) === false) { Subscriptions::subscribe($TopicID); } //Now lets handle the special case of merging posts, we can skip bumping the thread and all that fun if ($ThreadInfo['LastPostAuthorID'] == $LoggedUser['ID'] && (!check_perms('site_forums_double_post') && !in_array($ForumID, $ForumsDoublePost) || isset($_POST['merge']))) { //Get the id for this post in the database to append $DB->query("\n\t\tSELECT ID, Body\n\t\tFROM forums_posts\n\t\tWHERE TopicID = '{$TopicID}'\n\t\t\tAND AuthorID = '" . $LoggedUser['ID'] . "'\n\t\tORDER BY ID DESC\n\t\tLIMIT 1"); list($PostID, $OldBody) = $DB->next_record(MYSQLI_NUM, false); //Edit the post $DB->query("\n\t\tUPDATE forums_posts\n\t\tSET\n\t\t\tBody = CONCAT(Body,'\n\n" . db_string($Body) . "'),\n\t\t\tEditedUserID = '" . $LoggedUser['ID'] . "',\n\t\t\tEditedTime = '{$SQLTime}'\n\t\tWHERE ID = '{$PostID}'"); //Store edit history $DB->query("\n\t\tINSERT INTO comments_edits\n\t\t\t(Page, PostID, EditUser, EditTime, Body)\n\t\tVALUES\n\t\t\t('forums', {$PostID}, " . $LoggedUser['ID'] . ", '{$SQLTime}', '" . db_string($OldBody) . "')"); $Cache->delete_value("forums_edits_{$PostID}");
/* New post page This is the page that's loaded if someone wants to make a new topic. Information to be expected in $_GET: forumid: The ID of the forum that it's being posted in */ $ForumID = $_GET['forumid']; if (!is_number($ForumID)) { error(404); } $Forum = Forums::get_forum_info($ForumID); if ($Forum === false) { error(404); } if (!Forums::check_forumperm($ForumID, 'Write') || !Forums::check_forumperm($ForumID, 'Create')) { error(403); } View::show_header('Forums > ' . $Forum['Name'] . ' > New Topic', 'comments,bbcode,jquery.validate,form_validate'); ?> <div class="thin"> <h2><a href="forums.php">Forums</a> > <a href="forums.php?action=viewforum&forumid=<?php echo $ForumID; ?> "><?php echo $Forum['Name']; ?> </a> > <span id="newthreadtitle">New Topic</span></h2> <div class="hidden" id="newthreadpreview"> <div class="linkbox"> <div class="center">
</td> </tr> <tr> <td><strong>Forums:</strong></td> <td> <table id="forum_search_cat_list" class="cat_list layout"> <?php // List of forums $Open = false; $LastCategoryID = -1; $Columns = 0; $i = 0; foreach ($Forums as $Forum) { if (!Forums::check_forumperm($Forum['ID'])) { continue; } $Columns++; if ($Forum['CategoryID'] != $LastCategoryID) { $LastCategoryID = $Forum['CategoryID']; if ($Open) { if ($Columns % 5) { ?> <td colspan="<?php echo 5 - $Columns % 5; ?> "></td> <?php } ?>
error('Your posting privileges have been removed.'); } // Variables for database input $UserID = $LoggedUser['ID']; $Body = $_POST['body']; //Don't URL Decode $PostID = $_POST['post']; $Key = $_POST['key']; $SQLTime = sqltime(); $DoPM = isset($_POST['pm']) ? $_POST['pm'] : 0; // Mainly $DB->query("\n\tSELECT\n\t\tp.Body,\n\t\tp.AuthorID,\n\t\tp.TopicID,\n\t\tt.IsLocked,\n\t\tt.ForumID,\n\t\tf.MinClassWrite,\n\t\tCEIL((\n\t\t\tSELECT COUNT(p2.ID)\n\t\t\tFROM forums_posts AS p2\n\t\t\tWHERE p2.TopicID = p.TopicID\n\t\t\t\tAND p2.ID <= '{$PostID}'\n\t\t\t) / " . POSTS_PER_PAGE . "\n\t\t) AS Page\n\tFROM forums_posts AS p\n\t\tJOIN forums_topics AS t ON p.TopicID = t.ID\n\t\tJOIN forums AS f ON t.ForumID = f.ID\n\tWHERE p.ID = '{$PostID}'"); list($OldBody, $AuthorID, $TopicID, $IsLocked, $ForumID, $MinClassWrite, $Page) = $DB->next_record(); // Make sure they aren't trying to edit posts they shouldn't // We use die() here instead of error() because whatever we spit out is displayed to the user in the box where his forum post is if (!Forums::check_forumperm($ForumID, 'Write') || $IsLocked && !check_perms('site_moderate_forums')) { error('Either the thread is locked, or you lack the permission to edit this post.', true); } if ($UserID != $AuthorID && !check_perms('site_moderate_forums')) { error(403, true); } if ($LoggedUser['DisablePosting']) { error('Your posting privileges have been removed.', true); } if (!$DB->has_results()) { error(404, true); } // Send a PM to the user to notify them of the edit if ($UserID != $AuthorID && $DoPM) { $PMSubject = "Your post #{$PostID} has been edited"; $PMurl = site_url() . "forums.php?action=viewthread&postid={$PostID}#post{$PostID}";