$ok = isset($_POST['ok']) ? $_POST['ok'] : 0; // Id del Post $id = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : 0; if ($id <= 0) { redirect_header('./', 2, __('Please specify a post id to delete!', 'bxpress')); die; } $post = new bXPost($id); if ($post->isNew()) { redirect_header('./', 2, __('Specified post does not exists!', 'bxpress')); die; } $topic = new bXTopic($post->topic()); $forum = new bXForum($post->forum()); // Verificamos que el usuario tenga permiso if (!$xoopsUser || !$forum->isAllowed($xoopsUser->getGroups(), 'delete')) { redirect_header('topic.php?pid=' . $id . '#p' . $id, 2, __('Sorry, you don\'t have permission to do this action!', 'bxpress')); die; } // Verificamos si el usuario tiene permiso de eliminación para el post if ($xoopsUser->uid() != $post->user() && (!$xoopsUser->isAdmin() && !$forum->isModerator($xoopsUser->uid()))) { redirect_header('topic.php?pid=' . $id . '#p' . $id, 2, __('Sorry, you don\'t have permission to do this action!', 'bxpress')); die; } if ($ok) { if (!$xoopsSecurity->check()) { redirect_header('topic.php?pid=' . $id . '#p' . $id, 2, __('Session token expired!', 'bxpress')); die; } if ($post->id() == bXFunctions::getFirstId($topic->id())) { $ret = $topic->delete();
redirect_header('./', 2, __('Specified topic is not valid!', 'bxpress')); die; } $topic = new bXTopic($id); if ($topic->isNew()) { redirect_header('./', 2, __('Specified topic does not exists!', 'bxpress')); die; } //Determinamos de el mensaje esta aprobado y si el usuario es administrador o moderador $forum = new bXForum($topic->forum()); if (!$topic->approved() && (!$xoopsUser->isAdmin() || !$forum->isModerator($xoopsUser->uid()))) { redirect_header('./', 2, __('This topic has not been approved yet!', 'bxpress')); die; } $forum = new bXForum($topic->forum()); if (!$forum->isAllowed($xoopsUser ? $xoopsUser->getGroups() : XOOPS_GROUP_ANONYMOUS, 'view')) { redirect_header('./', 2, __('Sorry, you don\'t have permission to view this forum!', 'bxpress')); die; } if (!isset($_SESSION['topics_viewed'])) { $topic->addView(); $topic->save(); $_SESSION['topics_viewed'] = array(); $_SESSION['topics_viewed'][] = $topic->id(); } else { if (!in_array($topic->id(), $_SESSION['topics_viewed'])) { $topic->addView(); $topic->save(); $_SESSION['topics_viewed'][] = $topic->id(); } }
$create = true; } else { $topic = new bXTopic($tid); if ($topic->isNew()) { redirect_header('./', 2, __('Specified topic does not exists!', 'bxpress')); die; } $forum = new bXForum($topic->forum()); $retlink = './topic.php?id=' . $topic->id(); $create = false; } if ($forum->isNew()) { redirect_header('./', 2, __('Specified forum does not exists!', 'bxpress')); die; } if (!$forum->isAllowed($xoopsUser ? $xoopsUser->getGroups() : XOOPS_GROUP_ANONYMOUS, $fid > 0 ? 'topic' : 'reply')) { redirect_header($retlink, 2, __('You do not have permission to do this!', 'bxpress')); die; } switch ($op) { case 'post': foreach ($_POST as $k => $v) { ${$k} = $v; } if (!$xoopsSecurity->check()) { redirect_header('./' . ($create ? 'forum.php?id=' . $forum->id() : 'topic.php?id=' . $topic->id()), 2, __('Session token expired!', 'bxpress')); die; } $myts =& MyTextSanitizer::getInstance(); if ($create) { $topic = new bXTopic();
if ($forum->isNew()) { redirect_header(BB_URL, 2, __('Specified forum does not exists!', 'bxpress')); die; } /** * Check if module is inactive */ $isModerator = $xoopsUser && ($xoopsUser->isAdmin() || $forum->isModerator($xoopsUser->uid())); if (!$forum->active && !$isModerator) { RMUris::redirect_with_message(__('This forum is closed and you don\'t have permissions to view it', 'bxpress'), BX_URL, RMMSG_WARN); } /** * Comprobamos que el usuario actual tenga permisos * de acceso al foro */ if (!$forum->isAllowed($xoopsUser ? $xoopsUser->getGroups() : array(0, XOOPS_GROUP_ANONYMOUS), BXPRESS_PERM_VIEW)) { RMUris::redirect_with_message(__('You are not allowed to view this forum!', 'bxpress'), BX_URL, RMMSG_WARN); die; } /** * Cargamos los temas */ $tbl1 = $db->prefix("mod_bxpress_topics"); $tbl2 = $db->prefix("mod_bxpress_forumtopics"); $sql = "SELECT COUNT(*) FROM {$tbl1} WHERE id_forum='" . $forum->id() . "' AND approved='1'"; list($num) = $db->fetchRow($db->queryF($sql)); $page = isset($_REQUEST['pag']) ? $_REQUEST['pag'] : ''; $limit = $xoopsModuleConfig['topicperpage'] > 0 ? $xoopsModuleConfig['topicperpage'] : 15; if ($page > 0) { $page -= 1; }
include '../../mainfile.php'; $op = rmc_server_Var($_REQUEST, 'op', ''); $id = rmc_server_Var($_REQUEST, 'id', 0); if ($id <= 0) { redirect_header('./', 2, __('No post has been specified!', 'bxpress')); die; } $post = new bXPost($id); if ($post->isNew()) { redirect_header('./', 2, __('Specified post does not exists!', 'bxpress')); die; } $topic = new bXTopic($post->topic()); $forum = new bXForum($topic->forum()); // Verificamos si el usuario tiene permisos de edición en el foro if (!$xoopsUser || !$forum->isAllowed($xoopsUser->getGroups(), 'edit')) { redirect_header('topic.php?pid=' . $id . '#p' . $id, 2, __('You don\'t have permission to edit this post!', 'bxpress')); die; } // Verificamos si el usuario tiene permiso de edición para el post if ($xoopsUser->uid() != $post->user() && (!$xoopsUser->isAdmin() && !$forum->isModerator($xoopsUser->uid()))) { redirect_header('topic.php?pid=' . $id . '#p' . $id, 2, __('You don\'t have permission to edit this post!', 'bxpress')); die; } switch ($op) { case 'post': foreach ($_POST as $k => $v) { ${$k} = $v; } if (!$xoopsSecurity->check()) { redirect_header('edit.php?id=' . $id, 2, __('Session token expired!', 'bxpress'));