} $tpl = load_template('search_results.tpl'); echo $tpl->render(array('forum_actions' => $forum_actions, 'index_link' => panther_link($panther_url['index']), 'lang_common' => $lang_common, 'search_link' => panther_link($panther_url['search']), 'show_as' => $show_as, 'lang_search' => $lang_search, 'lang_topic' => $lang_topic, 'lang_forum' => $lang_forum, 'pagination' => paginate($num_pages, $p, $panther_url['search_pagination'], array($search_id)), 'crumbs_text' => $crumbs_text, 'results' => $results, 'panther_config' => $panther_config)); require PANTHER_ROOT . 'footer.php'; } else { message($lang_search['No hits']); } } ($hook = get_extensions('search_form_before_header')) ? eval($hook) : null; $page_title = array($panther_config['o_board_title'], $lang_search['Search']); $focus_element = array('search', 'keywords'); define('PANTHER_ACTIVE_PAGE', 'search'); require PANTHER_ROOT . 'header.php'; $data = array(':gid' => $panther_user['g_id']); $categories = $forums = array(); $ps = $db->run('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.password, f.redirect_url, f.parent_forum FROM ' . $db->prefix . 'categories AS c INNER JOIN ' . $db->prefix . 'forums AS f ON c.id=f.cat_id LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=:gid) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.redirect_url IS NULL ORDER BY c.disp_position, c.id, f.disp_position', $data); foreach ($ps as $cur_forum) { if ($cur_forum['password'] != '') { if (check_forum_login_cookie($cur_forum['fid'], $cur_forum['password'], true) === false) { continue; } } if (!isset($catgeories[$cur_forum['cid']])) { // A new category since last iteration? $categories[$cur_forum['cid']] = array('name' => $cur_forum['cat_name'], 'id' => $cur_forum['cid']); } $forums[] = array('parent_forum' => $cur_forum['parent_forum'], 'category_id' => $cur_forum['cid'], 'id' => $cur_forum['fid'], 'name' => $cur_forum['forum_name']); } $tpl = load_template('search.tpl'); echo $tpl->render(array('lang_search' => $lang_search, 'lang_common' => $lang_common, 'form_action' => panther_link($panther_url['search']), 'panther_config' => $panther_config, 'panther_user' => $panther_user, 'search_all_forums' => $panther_config['o_search_all_forums'] == '1' || $panther_user['is_admmod'] ? true : false, 'categories' => $categories, 'forums' => $forums)); require PANTHER_ROOT . 'footer.php';
} // Do we have permission to edit this post? if (($panther_user['g_edit_posts'] == '0' || $cur_post['poster_id'] != $panther_user['id'] || $cur_post['closed'] == '1' || $panther_user['g_deledit_interval'] != 0 && time() - $cur_post['pposted'] > $panther_user['g_deledit_interval']) && !$is_admmod) { message($lang_common['No permission'], false, '403 Forbidden'); } if ($is_admmod && (!$panther_user['is_admin'] && (in_array($cur_post['poster_id'], get_admin_ids()) && $panther_user['g_mod_edit_admin_posts'] == '0'))) { message($lang_common['No permission'], false, '403 Forbidden'); } // Load the post.php language file require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/post.php'; check_posting_ban(); if ($cur_post['archived'] == '1') { message($lang_post['Topic archived']); } if ($cur_post['password'] != '') { check_forum_login_cookie($cur_post['fid'], $cur_post['password']); } // Start with a clean slate $errors = array(); if (isset($_POST['form_sent'])) { // Make sure they got here from the site confirm_referrer('edit.php'); // If it's a topic it must contain a subject if ($can_edit_subject) { $subject = isset($_POST['req_subject']) ? panther_trim($_POST['req_subject']) : ''; if ($panther_config['o_censoring'] == '1') { $censored_subject = panther_trim(censor_words($subject)); } if ($subject == '') { $errors[] = $lang_post['No subject']; } else {
} else { $ps = $db->run('SELECT pf.forum_name AS parent, f.parent_forum, f.protected, t.subject, t.poster, t.closed, t.archived, t.question, t.num_replies, t.sticky, t.first_post_id, t.last_post, p.type, p.options, p.votes, p.voters, p.posted, f.id AS forum_id, f.forum_name, f.use_reputation, f.moderators, f.password, fp.post_replies, fp.download, 0 AS is_subscribed FROM ' . $db->prefix . 'topics AS t INNER JOIN ' . $db->prefix . 'forums AS f ON f.id=t.forum_id LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=:gid) LEFT JOIN ' . $db->prefix . 'forums AS pf ON f.parent_forum=pf.id LEFT JOIN ' . $db->prefix . 'polls AS p ON t.id=p.topic_id WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=:tid AND t.moved_to IS NULL AND t.approved=1 AND t.deleted=0', $data); } if (!$ps->rowCount()) { message($lang_common['Bad request'], false, '404 Not Found'); } else { $cur_topic = $ps->fetch(); } // Sort out who the moderators are and if we are currently a moderator (or an admin) $mods_array = $cur_topic['moderators'] != '' ? unserialize($cur_topic['moderators']) : array(); $is_admmod = $panther_user['is_admin'] || ($panther_user['g_moderator'] == '1' && $panther_user['g_global_moderator'] || isset($mods_array[$panther_user['username']])) ? true : false; if ($is_admmod) { $admin_ids = get_admin_ids(); } if ($cur_topic['password'] != '') { check_forum_login_cookie($cur_topic['forum_id'], $cur_topic['password']); } if ($cur_topic['protected'] == '1' && $panther_user['username'] != $cur_topic['poster'] && !$is_admmod) { message($lang_common['No permission']); } if ($panther_config['o_archiving'] == '1' && $cur_topic['archived'] == '0') { if ($cur_topic['archived'] !== '2') { $archive_rules = unserialize($panther_config['o_archive_rules']); $cur_topic['archived'] = check_archive_rules($archive_rules, $id); } } // Add/update this topic in our list of tracked topics if (!$panther_user['is_guest']) { $tracked_topics = get_tracked_topics(); $tracked_topics['topics'][$id] = time(); set_tracked_topics($tracked_topics);
} if ($panther_user['g_read_board'] == '0') { message($lang_common['No view'], false, '403 Forbidden'); } $id = isset($_POST['poll_id']) ? intval($_POST['poll_id']) : 0; if ($id < 1) { message($lang_common['Bad request'], false, '404 Not Found'); } $data = array(':id' => $id, ':gid' => $panther_user['g_id']); $ps = $db->run('SELECT f.id, f.moderators, f.password, f.redirect_url, fp.post_replies, fp.post_topics, t.subject, t.closed, t.archived, p.id AS pid, p.type, p.options, p.voters, p.votes FROM ' . $db->prefix . 'polls AS p INNER JOIN ' . $db->prefix . 'topics AS t ON p.topic_id=t.id INNER JOIN ' . $db->prefix . 'forums AS f ON f.id=t.forum_id LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=:gid) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=:id', $data); if (!$ps->rowCount()) { message($lang_common['Bad request'], false, '404 Not Found'); } $cur_poll = $ps->fetch(); if ($cur_poll['password'] != '') { check_forum_login_cookie($cur_poll['id'], $cur_poll['password']); } $mods_array = $cur_poll['moderators'] != '' ? unserialize($cur_poll['moderators']) : array(); $is_admmod = $panther_user['is_admin'] || ($panther_user['g_moderator'] == '1' && $panther_user['g_global_moderator'] || array_key_exists($panther_user['username'], $mods_array)) ? true : false; // Make sure we have permission to vote if (($cur_poll['post_replies'] == '' && $panther_user['g_post_replies'] == '0' || $cur_poll['post_replies'] == '0' || $panther_user['is_guest'] || $cur_poll['closed'] == '1') && !$is_admmod || $cur_poll['archived'] == '1') { message($lang_common['No permission'], false, '403 Forbidden'); } require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/poll.php'; if (isset($_POST['form_sent'])) { confirm_referrer('viewtopic.php'); $options = $cur_poll['options'] != '' ? unserialize($cur_poll['options']) : array(); $voters = $cur_poll['voters'] != '' ? unserialize($cur_poll['voters']) : array(); $votes = $cur_poll['votes'] != '' ? unserialize($cur_poll['votes']) : array(); ($hook = get_extensions('poll_vote_before_validation')) ? eval($hook) : null; if (in_array($panther_user['id'], $voters)) {
message(sprintf($lang_misc['Host info 1'], $ip) . ' | ' . sprintf($lang_misc['Host info 2'], @gethostbyaddr($ip))); } // All other functions require moderator/admin access $fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0; if ($fid < 1) { message($lang_common['Bad request'], false, '404 Not Found'); } $data = array(':id' => $fid); $ps = $db->select('forums', 'moderators, password', $data, 'id=:id'); $cur_forum = $ps->fetch(); $mods_array = $cur_forum['moderators'] != '' ? unserialize($cur_forum['moderators']) : array(); if (!$panther_user['is_admin'] && ($panther_user['g_moderator'] == '0' || !$panther_user['g_global_moderator'] && !array_key_exists($panther_user['username'], $mods_array))) { message($lang_common['No permission'], false, '403 Forbidden'); } if ($cur_forum['password'] != '') { check_forum_login_cookie($fid, $cur_forum['password']); } // Get topic/forum tracking data $tracked_topics = get_tracked_topics(); // Load the misc.php language file require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/misc.php'; ($hook = get_extensions('moderate_after_tracked_topics')) ? eval($hook) : null; // All other topic moderation features require a topic ID in GET if (isset($_GET['tid'])) { $tid = intval($_GET['tid']); if ($tid < 1) { message($lang_common['Bad request'], false, '404 Not Found'); } // Fetch some info about the topic $data = array(':gid' => $panther_user['g_id'], ':fid' => $fid, ':tid' => $tid); $ps = $db->run('SELECT t.subject, t.num_replies, t.first_post_id, f.id AS forum_id, f.forum_name FROM ' . $db->prefix . 'topics AS t INNER JOIN ' . $db->prefix . 'forums AS f ON f.id=t.forum_id LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=:gid) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id=:fid AND t.id=:tid AND t.moved_to IS NULL', $data);
message($lang_common['Bad request']); } require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/poll.php'; $data = array(':gid' => $panther_user['g_id'], ':tid' => $id); // Fetch some info about the topic and the forum $ps = $db->run('SELECT f.moderators, f.password, f.redirect_url, f.id AS fid, t.archived, t.closed, t.subject, t.poster, t.question, p.type, p.options, p.id AS pid FROM ' . $db->prefix . 'topics AS t INNER JOIN ' . $db->prefix . 'forums AS f ON f.id=t.forum_id INNER JOIN ' . $db->prefix . 'polls AS p ON t.id=p.topic_id LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=:gid) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.question!=\'\' AND t.id=:tid', $data); if (!$ps->rowCount()) { message($lang_common['Bad request']); } $cur_topic = $ps->fetch(); // Is this a redirect forum? In that case, abort! if ($cur_topic['redirect_url'] != '' || $cur_topic['question'] == '') { message($lang_common['Bad request']); } if ($cur_topic['password'] != '') { check_forum_login_cookie($id, $cur_topic['password']); } $mods_array = $cur_topic['moderators'] != '' ? unserialize($cur_topic['moderators']) : array(); $is_admmod = $panther_user['is_admin'] || ($panther_user['g_moderator'] == '1' && $panther_user['g_global_moderator'] || array_key_exists($panther_user['username'], $mods_array)) ? true : false; $options = $cur_topic['options'] != '' ? unserialize($cur_topic['options']) : array(); if ($cur_topic['archived'] == '1') { message($lang_common['No permission']); } if (isset($_GET['edit'])) { // Do we have permission to edit this poll? if ($cur_topic['poster'] != $panther_user['username'] && $cur_topic['closed'] == '1' && !$is_admmod) { message($lang_common['No permission']); } $errors = array(); if (isset($_POST['form_sent'])) { confirm_referrer('poll_misc.php');
if ($panther_config['o_feed_ttl'] > 0 && ($forum_sql == '' || $forum_name != '' && !isset($_GET['nfid']))) { $cache_id = 'feed' . sha1($panther_user['g_id'] . '|' . $lang_common['lang_identifier'] . '|' . ($order_posted ? '1' : '0') . ($forum_name == '' ? '' : '|' . $fids[0])); } // Load cached feed if (isset($cache_id) && file_exists(FORUM_CACHE_DIR . 'cache_' . $cache_id . '.php')) { include FORUM_CACHE_DIR . 'cache_' . $cache_id . '.php'; } $now = time(); if (!isset($feed) || $cache_expire < $now) { // Setup the feed $feed = array('title' => $panther_config['o_board_title'] . $forum_name, 'link' => panther_link($panther_url['index']), 'description' => sprintf($lang_common['RSS description'], $panther_config['o_board_title']), 'items' => array(), 'type' => 'topics'); // Fetch $show topics $select = array_merge($select, $data); $ps = $db->run('SELECT t.id, t.poster, t.subject, t.forum_id, t.posted, t.last_post, t.last_poster, p.message, p.hide_smilies, u.email_setting, u.email, p.poster_id, p.poster_email FROM ' . $db->prefix . 'topics AS t INNER JOIN ' . $db->prefix . 'posts AS p ON p.id=' . ($order_posted ? 't.first_post_id' : 't.last_post_id') . ' INNER JOIN ' . $db->prefix . 'users AS u ON u.id=p.poster_id LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id=?) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.moved_to IS NULL' . $forum_sql . ' ORDER BY ' . ($order_posted ? 't.posted' : 't.last_post') . ' DESC LIMIT ' . (isset($cache_id) ? 50 : $show), $select); foreach ($ps as $cur_topic) { if ($panther_forums[$cur_topic['forum_id']]['password'] != '' && check_forum_login_cookie($cur_topic['forum_id'], $panther_forums[$cur_topic['forum_id']]['password'], true) === false || $panther_forums[$cur_topic['forum_id']]['protected'] == '1' && !$panther_user['is_admmod']) { continue; } if ($panther_config['o_censoring'] == '1') { $cur_topic['subject'] = censor_words($cur_topic['subject']); } $cur_topic['message'] = $parser->parse_message($cur_topic['message'], $cur_topic['hide_smilies']); $item = array('id' => $cur_topic['id'], 'title' => $cur_topic['subject'], 'link' => panther_htmlspecialchars_decode(panther_link($panther_url[$order_posted ? 'topic' : 'topic_new_posts'], array($cur_topic['id'], url_friendly($cur_topic['subject'])))), 'description' => $cur_topic['message'], 'author' => array('name' => $order_posted ? $cur_topic['poster'] : $cur_topic['last_poster']), 'pubdate' => $order_posted ? $cur_topic['posted'] : $cur_topic['last_post']); if ($cur_topic['poster_id'] > 1) { if ($cur_topic['email_setting'] == '0' && !$panther_user['is_guest']) { $item['author']['email'] = $cur_topic['email']; } $item['author']['uri'] = panther_link($panther_url['profile'], array($cur_topic['poster_id'])); } else { if ($cur_topic['poster_email'] != '' && !$panther_user['is_guest']) { $item['author']['email'] = $cur_topic['poster_email'];
$data = array(':id' => $id); $ps = $db->select('announcements', 'forum_id', $data, 'id=:id'); $afid = $ps->fetchColumn(); $data = array(':id' => $id); if ($afid == 0) { $data[':fid'] = $fid; $ps = $db->run('SELECT a.subject, a.forum_id, g.g_image, g.g_user_title, g.g_id, a.user_id, a.message, u.email_setting, u.email, u.use_gravatar, u.group_id, u.num_posts, u.username, u.title, u.url, u.location, u.registered, f.forum_name, f.parent_forum, u.reputation, f.id AS fid, f.password, pf.forum_name AS parent FROM ' . $db->prefix . 'announcements AS a INNER JOIN ' . $db->prefix . 'users AS u ON u.id=a.user_id INNER JOIN ' . $db->prefix . 'forums AS f ON f.id=:fid INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id INNER JOIN ' . $db->prefix . 'posts AS p ON p.poster_id=a.user_id LEFT JOIN ' . $db->prefix . 'forums AS pf ON f.parent_forum=pf.id WHERE a.id=:id', $data); } else { $ps = $db->run('SELECT a.subject, a.forum_id, g.g_image, g.g_user_title, g.g_id, a.user_id, a.message, u.email_setting, u.email, u.use_gravatar, u.group_id, u.num_posts, u.username, u.title, u.url, u.location, u.registered, f.forum_name, f.parent_forum, u.reputation, f.id AS fid, f.password, pf.forum_name AS parent FROM ' . $db->prefix . 'announcements AS a INNER JOIN ' . $db->prefix . 'users AS u ON u.id=a.user_id INNER JOIN ' . $db->prefix . 'forums AS f ON f.id=a.forum_id INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id INNER JOIN ' . $db->prefix . 'posts AS p ON p.poster_id=a.user_id LEFT JOIN ' . $db->prefix . 'forums AS pf ON f.parent_forum=pf.id WHERE a.id=:id', $data); } if (!$ps->rowCount()) { message($lang_common['Bad request'], false, '404 Not Found'); } $cur_announcement = $ps->fetch(); if ($cur_announcement['password'] != '') { check_forum_login_cookie($cur_announcement['fid'], $cur_announcement['password']); } $user_avatar = ''; $user_info = $user_contacts = $post_actions = array(); if ($panther_user['is_admmod'] == '1' && $panther_user['g_mod_cp'] == '1' || $panther_user['is_admin']) { $post_actions[] = array('class' => 'delete', 'href' => panther_link($panther_url['delete_announcement'], array($id)), 'title' => $lang_topic['Delete']); $post_actions[] = array('class' => 'edit', 'href' => panther_link($panther_url['edit_announcement'], array($id)), 'title' => $lang_topic['Edit']); } $cur_announcement['user_title'] = get_title($cur_announcement); if ($panther_config['o_censoring'] == '1') { $cur_announcement['user_title'] = censor_words($cur_announcement['user_title']); } if ($panther_config['o_avatars'] == '1' && $panther_user['show_avatars'] != '0') { $user_avatar = generate_avatar_markup($cur_announcement['user_id'], $cur_announcement['email'], $cur_announcement['use_gravatar']); } // We only show location, register date, post count and the contact links if "Show user info" is enabled