$post_user = $row_user['realname'];
if (strlen($post_user) > 9) {
//whack in a line break
$post_user_split = chunk_split($post_user);
$post_user = $post_user_split[0] . $post_user_split[1] . $post_user_split[2] . $post_user_split[3] . $post_user_split[4] . $post_user_split[5] . $post_user_split[6] . $post_user_split[7] . $post_user_split[8] . $post_user_split[9] . $post_user_split[10] . $post_user_split[11] . "<br />" . $post_user_split[12] . $post_user_split[13] . $post_user_split[14] . $post_user_split[15];
}
$post_rankno = $row_user['forum_accesslevel'];
$post_posts = $row_user['forum_posts'];
$post_rank = moderatorlevels($row_user['forum_accesslevel'], $post_posts);
$post_colour = moderatorcolours($row_user['forum_accesslevel'], $post_posts);
$post_bg = backgroundcolours($post_rankno, $post_posts);
if (!empty($row_user['location'])) {
$post_location = "Location: " . $row_user['location'];
}
if ($post_usesig == "on" && !empty($row_user['forum_sig'])) {
$post_sig = "</td></tr><tr><td width='680' height='10' class='bottomall' style='background-color:{$post_bg};'>---<br />" . craptohtml($row_user['forum_sig']);
$post_sigline = "";
} else {
$post_sig = "</td></tr><tr><td class='bottomall' style='background-color:{$post_bg};'> ";
$post_sigline = "";
}
if (empty($row_user[forum_avatar])) {
$avatar = "<img src='http://s3.shastrix.co.uk/forum/avatars/0.png' height='90' width='90' border='0' alt='Avatar' />";
} else {
switch ($row_user['forum_avatartype']) {
case 1:
$ext = ".gif";
break;
case 2:
$ext = ".jpg";
break;
<?php
//get the pm id
$pm_id = $mysqli->real_escape_string($_GET['id']);
if (!is_numeric($pm_id)) {
header("Location:index.php");
exit;
}
//load the pm
$sql_pm = "SELECT pm_to, pm_from, pm_subject, pm_content, pm_timestamp, pm_read FROM forum_pms WHERE pm_id = '{$pm_id}' LIMIT 1";
$request_pm = $mysqli->query($sql_pm) or die($mysqli->error);
$row_pm = $request_pm->fetch_assoc();
$pm_to = $row_pm['pm_to'];
$pm_from = $mysqli->real_escape_string($row_pm['pm_from']);
$pm_subject = $row_pm['pm_subject'];
$pm_content = craptohtml($row_pm['pm_content']);
$pm_timestamp = date("jS F Y H:i:s", strtotime($row_pm['pm_timestamp']));
//check they are the user in the to field
if ($pm_to != $_SESSION['shastrixid']) {
header("Location:?");
exit;
}
//if unread set as read
if ($row_pm[pm_read] == "0") {
$sql_read = "UPDATE forum_pms SET pm_read = '1' WHERE pm_id = '{$pm_id}'";
$update_read = $mysqli->query($sql_read) or die($mysqli->error);
}
//load from details
$sql_user = "******";
$request_user = $mysqli->query($sql_user) or die($mysqli->error);
$row_user = $request_user->fetch_assoc();
$sql_pv = "SELECT entry_timestamp FROM blogs_entries WHERE entry_blog = '{$blog_number}' AND entry_timestamp < '{$mintime}' ORDER BY entry_timestamp DESC LIMIT 1";
$req_pv = $mysqli->query($sql_pv) or die($mysqli->error);
$row_pv = $req_pv->fetch_assoc();
$pv_ts = $row_pv['entry_timestamp'];
$pv_y = date('Y', $pv_ts);
$pv_m = date('m', $pv_ts);
$pv_d = date('d', $pv_ts);
if (!empty($pv_ts)) {
$print_pv = "<a href='index.php?blog={$blog_name}&show=entry&y={$pv_y}&m={$pv_m}&d={$pv_d}'>Previous</a>";
}
//echo $sql_e;
$request_e = $mysqli->query($sql_e) or die($mysqli->error);
while ($row_e = $request_e->fetch_assoc()) {
$e_title = $row_e['entry_title'];
$e_timestamp = $row_e['entry_timestamp'];
$e_text = craptohtml($row_e['entry_text']);
$e_datetime = date("jS F Y, H:i", $e_timestamp);
$e_blog = $mysqli->real_escape_string($row_e['entry_blog']);
$e_id = $mysqli->real_escape_string($row_e['entry_id']);
if (empty($blog_name)) {
$sql_b = "SELECT realname, blog_colour1, blog_colour2 FROM users WHERE number = '{$e_blog}' LIMIT 1";
$req_b = $mysqli->query($sql_b) or die($mysqli->error);
$row_b = $req_b->fetch_assoc();
$b_name = "<strong>" . $row_b['realname'] . "</strong> | ";
$b_link = $row_b['realname'];
$b_colour1 = $row_b['blog_colour1'];
$b_colour2 = $row_b['blog_colour2'];
} else {
$b_link = $blog_name;
$b_colour1 = $blog_colour1;
$b_colour2 = $blog_colour2;
header("Location:?show=addpost&topic={$post_topic}");
exit;
}
//get topic name to put at the top
$sql_topic = "SELECT topic_name, topic_guest FROM forum_topics WHERE topic_id = '{$post_topic}'";
$request_topic = $mysqli->query($sql_topic) or die($mysqli->error);
$row_topic = $request_topic->fetch_assoc();
$topic_name = $row_topic['topic_name'];
//check whether quest posting is enabled
if ($row_topic['topic_guest'] == 0) {
header("Location:?");
exit;
}
$post_text = stripslashes($_POST['post_text']);
$post_text2 = htmlentities($post_text, ENT_QUOTES);
$post_text_preview = craptohtml($post_text);
$usernumber = 0;
$post_userid = 0;
$post_user = "******";
$post_rankno = 0;
$post_rank = moderatorlevels(0, 1);
$post_colour = moderatorcolours(0, 1);
$post_bg = backgroundcolours(0, 1);
$post_scno = semicircle(0, 1);
$post_posts = 1;
$post_sig = "</td></tr><tr><td class='bottomall' style='background-color:{$post_bg}'> ";
$post_sigline = "";
$avatar = "<img src='http://s3.shastrix.co.uk/forum/avatars/guest.jpg' height='90' width='90' border='0' alt='Avatar' />";
//the thing to test they are a real person and not a random bot from somewhere
$test_no = rand(1, 12);
switch ($test_no) {
//whack in a line break
$post_user_split = chunk_split($post_user);
$post_user = $post_user_split[0] . $post_user_split[1] . $post_user_split[2] . $post_user_split[3] . $post_user_split[4] . $post_user_split[5] . $post_user_split[6] . $post_user_split[7] . $post_user_split[8] . $post_user_split[9] . $post_user_split[10] . $post_user_split[11] . "<br />" . $post_user_split[12] . $post_user_split[13] . $post_user_split[14] . $post_user_split[15];
}
if (!empty($row_user['location'])) {
$post_location = "Location: " . $row_user[7] . "<br />";
} else {
$post_location = "";
}
$post_rankno = $row_user['forum_accesslevel'];
$post_posts = $row_user['forum_posts'];
$post_rank = moderatorlevels($row_user['forum_accesslevel'], $post_posts);
$post_colour = moderatorcolours($row_user['forum_accesslevel'], $post_posts);
$post_bg = backgroundcolours($row_user['forum_accesslevel'], $post_posts);
if ($row_post['post_sig'] == 1 && !empty($row_user['forum_sig'])) {
$post_sig = "</td></tr><tr><td width='680' height='10' colspan='3' class='sigbox' style='background-color:{$post_bg};'>---<br />" . craptohtml($row_user[1]);
$post_sigline = "";
} else {
$post_sig = "</td></tr><tr><td colspan='3' class='nosigbox' style='background-color:{$post_bg};'> ";
$post_sigline = "";
}
if (empty($row_user['forum_avatar'])) {
$avatar = "<img src='http://s3.shastrix.co.uk/forum/avatars/0.png' height='90' width='90' border='0' alt='Avatar' />";
} else {
switch ($row_user['forum_avatartype']) {
case 1:
$ext = ".gif";
break;
case 2:
$ext = ".jpg";
break;
\t\t</td>
\t</tr>
</table>
<div style="float:left;">{$print_pv}</div><div style="float:right;">{$print_nx}</div>
EOD;
echo $print_e;
//comments
$sql_e = "SELECT comment_name, comment_timestamp, comment_text, comment_id FROM blogs_comments WHERE comment_entry = '" . $mysqli->real_escape_string($id) . "'";
//echo $sql_e;
$request_e = $mysqli->query($sql_e) or die($mysqli->error);
while ($row_e = $request_e->fetch_assoc()) {
$e_name = $row_e['comment_name'];
$e_timestamp = $row_e['comment_timestamp'];
$e_text = craptohtml($row_e['comment_text']);
$e_datetime = date("jS F Y, H:i", strtotime($e_timestamp));
$e_id = $row_e['comment_id'];
//change this
if ($user_access > 7) {
$e_buttons = "<a href='?blog={$blog_name}&show=commentedit&id={$e_id}&y={$y}&m={$m}'><img src='gfx/edit.png'></a> <a href='?show=commentdelete&id={$e_id}&y={$y}&m={$m}'><img src='gfx/delete.png'></a>";
} else {
$e_buttons = "";
}
$print_e = <<<EOD
<br /><br />
<table width="100%" cellspacing="0" cellpadding="5px" bgcolor="{$blog_colour2}">
\t<tr>
\t\t<td width="80%" class="entry_topleft">
\t\t\t<strong>{$e_name}</strong> | {$e_datetime}
