function send_pm($to, $from, $subject, $message, $smileys = "y")
{
    // Pimped
    global $settings;
    include LOCALE . LOCALESET . "messages.php";
    require_once INCLUDES . "sendmail_include.php";
    require_once INCLUDES . "flood_include.php";
    $msg_settings = dbarray(dbquery("SELECT pm_inbox, pm_email_notify FROM " . DB_MESSAGES_OPTIONS . " WHERE user_id='0'"));
    $error = 0;
    if ($from === "0" || !flood_control("message_datestamp", DB_MESSAGES, "message_from='" . $from . "'")) {
        // Pimped
        $result = dbquery("SELECT u.user_id, u.user_name, u.user_email, mo.pm_email_notify, COUNT(message_id) as message_count FROM " . DB_USERS . " u\r\n\t\t\tLEFT JOIN " . DB_MESSAGES_OPTIONS . " mo USING(user_id)\r\n\t\t\tLEFT JOIN " . DB_MESSAGES . " ON message_to=u.user_id AND message_folder='0'\r\n\t\t\tWHERE u.user_id=" . _db($to) . " GROUP BY u.user_id");
        if (dbrows($result)) {
            $data = dbarray($result);
            $result = dbquery("SELECT user_id, user_name FROM " . DB_USERS . " WHERE user_id=" . _db($from));
            if ($from === "0" || dbrows($result)) {
                // Pimped
                if ($from === "0") {
                    $userdata['user_id'] = "0";
                    $userdata['user_name'] = "System";
                } else {
                    $userdata = dbarray($result);
                }
                if ($to != $from) {
                    if ($msg_settings['pm_inbox'] == "0" || $data['message_count'] + 1 <= $msg_settings['pm_inbox']) {
                        # Pimped: ->
                        $search = array("{SITETITLE}", "{SENDER}", "{RECEIVER}");
                        $replace = array($settings['sitename'], $userdata['user_name'], $data['user_name']);
                        $message = str_replace($search, $replace, $message);
                        $subject = str_replace($search, $replace, $subject);
                        # <-
                        $result = dbquery("INSERT INTO " . DB_MESSAGES . " (message_to, message_from, message_subject, message_message, message_smileys, message_read, message_datestamp, message_folder) VALUES(" . _db($data['user_id']) . ", " . _db($userdata['user_id']) . ", " . _db($subject) . ", " . _db($message) . ", " . _db($smileys) . ", '0', '" . time() . "', '0')");
                        $message_content = str_replace("[SUBJECT]", $subject, $locale['626']);
                        $message_content = str_replace("[USER]", $userdata['user_name'], $message_content);
                        $send_email = isset($data['pm_email_notify']) ? $data['pm_email_notify'] : $msg_settings['pm_email_notify'];
                        if ($send_email == "1") {
                            sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['625'], $data['user_name'] . $message_content);
                        }
                    } else {
                        // Inbox is full
                        $error = 1;
                    }
                } else {
                    // Reciever and sender are the same user
                    $error = 2;
                }
            } else {
                // Sender does not exist in DB
                $error = 3;
            }
        } else {
            // Reciever does not exist in DB
            $error = 4;
        }
    } else {
        // Floodcontrol exceeded
        $error = 5;
    }
    return $error;
}
Esempio n. 2
0
function send_pm($to, $from, $subject, $message, $smileys = "y")
{
    global $settings;
    include LOCALE . LOCALESET . "messages.php";
    require_once INCLUDES . "sendmail_include.php";
    require_once INCLUDES . "flood_include.php";
    $msg_settings = dbarray(dbquery("SELECT pm_inbox, pm_email_notify FROM " . DB_MESSAGES_OPTIONS . " WHERE user_id='0'"));
    $smileys = preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $message) ? "n" : $smileys;
    $error = 0;
    if (!flood_control("message_datestamp", DB_MESSAGES, "message_from='" . $from . "'")) {
        $result = dbquery("SELECT u.user_id, u.user_name, u.user_email, u.user_level, mo.pm_email_notify, COUNT(message_id) as message_count FROM " . DB_USERS . " u\r\n\t\t\tLEFT JOIN " . DB_MESSAGES_OPTIONS . " mo USING(user_id)\r\n\t\t\tLEFT JOIN " . DB_MESSAGES . " ON message_to=u.user_id AND message_folder='0'\r\n\t\t\tWHERE u.user_id='{$to}' GROUP BY u.user_id");
        if (dbrows($result)) {
            $data = dbarray($result);
            $result = dbquery("SELECT user_id, user_name FROM " . DB_USERS . " WHERE user_id='" . $from . "'");
            if (dbrows($result)) {
                $userdata = dbarray($result);
                if ($to != $from) {
                    if ($data['user_id'] == 1 || $data['user_level'] > 101 || $msg_settings['pm_inbox'] == "0" || $data['message_count'] + 1 <= $msg_settings['pm_inbox']) {
                        $result = dbquery("INSERT INTO " . DB_MESSAGES . " (message_to, message_from, message_subject, message_message, message_smileys, message_read, message_datestamp, message_folder) VALUES('" . $data['user_id'] . "','" . $userdata['user_id'] . "','" . $subject . "','" . $message . "','" . $smileys . "','0','" . time() . "','0')");
                        $send_email = isset($data['pm_email_notify']) ? $data['pm_email_notify'] : $msg_settings['pm_email_notify'];
                        if ($send_email == "1") {
                            $message_content = str_replace("[SUBJECT]", $subject, $locale['626']);
                            $message_content = str_replace("[USER]", $userdata['user_name'], $message_content);
                            $template_result = dbquery("SELECT template_key, template_active FROM " . DB_EMAIL_TEMPLATES . " WHERE template_key='PM' LIMIT 1");
                            if (dbrows($template_result)) {
                                $template_data = dbarray($template_result);
                                if ($template_data['template_active'] == "1") {
                                    sendemail_template("PM", $subject, trimlink($message, 150), $userdata['user_name'], $data['user_name'], "", $data['user_email']);
                                } else {
                                    sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['625'], $data['user_name'] . $message_content);
                                }
                            } else {
                                sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['625'], $data['user_name'] . $message_content);
                            }
                        }
                    } else {
                        // Inbox is full
                        $error = 1;
                    }
                } else {
                    // Reciever and sender are the same user
                    $error = 2;
                }
            } else {
                // Sender does not exist in DB
                $error = 3;
            }
        } else {
            // Reciever does not exist in DB
            $error = 4;
        }
    } else {
        // Floodcontrol exceeded
        $error = 5;
    }
    return $error;
}
Esempio n. 3
0
}
$caption = $fdata['forum_cat_name'] . " :: <a href='viewforum.php?forum_id=" . $fdata['forum_id'] . "'>" . $fdata['forum_name'] . "</a>";
if (iMEMBER && isset($_POST['cast_vote']) && (isset($_POST['poll_option']) && isnum($_POST['poll_option']))) {
    $result = dbquery("SELECT * FROM " . DB_FORUM_POLL_VOTERS . " WHERE forum_vote_user_id='" . $userdata['user_id'] . "' AND thread_id='" . $_GET['thread_id'] . "'");
    if (!dbrows($result)) {
        $result = dbquery("UPDATE " . DB_FORUM_POLL_OPTIONS . " SET forum_poll_option_votes=forum_poll_option_votes+1 WHERE thread_id='" . $_GET['thread_id'] . "' AND forum_poll_option_id='" . $_POST['poll_option'] . "'");
        $result = dbquery("UPDATE " . DB_FORUM_POLLS . " SET forum_poll_votes=forum_poll_votes+1 WHERE thread_id='" . $_GET['thread_id'] . "'");
        $result = dbquery("INSERT INTO " . DB_FORUM_POLL_VOTERS . " (thread_id, forum_vote_user_id, forum_vote_user_ip) VALUES ('" . $_GET['thread_id'] . "', '" . $userdata['user_id'] . "', '" . USER_IP . "')");
    }
    redirect(FUSION_SELF . "?thread_id=" . $_GET['thread_id']);
}
if (iMEMBER && $can_reply && !$fdata['thread_locked'] && isset($_POST['postquickreply'])) {
    $message = stripinput(censorwords($_POST['message']));
    if ($message != "") {
        require_once INCLUDES . "flood_include.php";
        if (!flood_control("post_datestamp", DB_POSTS, "post_author='" . $userdata['user_id'] . "'")) {
            $sig = $userdata['user_sig'] ? '1' : '0';
            $smileys = isset($_POST['disable_smileys']) || preg_match("#\\[code\\](.*?)\\[/code\\]#si", $message) ? "0" : "1";
            $result = dbquery("INSERT INTO " . DB_POSTS . " (forum_id, thread_id, post_message, post_showsig, post_smileys, post_author, post_datestamp, post_ip, post_edituser, post_edittime) VALUES ('" . $fdata['forum_id'] . "', '" . $_GET['thread_id'] . "', '{$message}', '{$sig}', '{$smileys}', '" . $userdata['user_id'] . "', '" . time() . "', '" . USER_IP . "', '0', '0')");
            $newpost_id = mysql_insert_id();
            $result = dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . time() . "', forum_postcount=forum_postcount+1, forum_lastuser='" . $userdata['user_id'] . "' WHERE forum_id='" . $fdata['forum_id'] . "'");
            $result = dbquery("UPDATE " . DB_THREADS . " SET thread_lastpost='" . time() . "', thread_lastpostid='" . $newpost_id . "', thread_postcount=thread_postcount+1, thread_lastuser='" . $userdata['user_id'] . "' WHERE thread_id='" . $_GET['thread_id'] . "'");
            $result = dbquery("UPDATE " . DB_USERS . " SET user_posts=user_posts+1 WHERE user_id='" . $userdata['user_id'] . "'");
            redirect("postify.php?post=reply&error=0&forum_id=" . $fdata['forum_id'] . "&thread_id=" . $_GET['thread_id'] . "&post_id={$newpost_id}");
        } else {
            redirect("viewthread.php?thread_id=" . $_GET['thread_id']);
        }
    }
}
$rows = dbcount("(thread_id)", DB_POSTS, "thread_id='" . $_GET['thread_id'] . "'");
$last_post = dbarray(dbquery("SELECT post_id FROM " . DB_POSTS . " WHERE thread_id='" . $_GET['thread_id'] . "' ORDER BY post_datestamp DESC LIMIT 1"));
Esempio n. 4
0
         }
     }
     $archive_shout_message = str_replace("\n", " ", $_POST['archive_shout_message']);
     $archive_shout_message = preg_replace("/^(.{255}).*\$/", "\$1", $archive_shout_message);
     $archive_shout_message = trim(stripinput(censorwords($archive_shout_message)));
     if (iMEMBER && (isset($_GET['action']) && $_GET['action'] == "edit") && (isset($_GET['shout_id']) && isnum($_GET['shout_id']))) {
         $comment_updated = false;
         if (iADMIN && checkrights("S") || iMEMBER && dbcount("(shout_id)", DB_SHOUTBOX, "shout_id='" . $_GET['shout_id'] . "' AND shout_name='" . $userdata['user_id'] . "' AND shout_hidden='0'")) {
             if ($archive_shout_message) {
                 $result = dbquery("UPDATE " . DB_SHOUTBOX . " SET shout_message='{$archive_shout_message}' WHERE shout_id='" . $_GET['shout_id'] . "'" . (iADMIN ? "" : " AND shout_name='" . $userdata['user_id'] . "'"));
             }
         }
         redirect(FUSION_SELF);
     } elseif ($archive_shout_name && $archive_shout_message) {
         require_once INCLUDES . "flood_include.php";
         if (!flood_control("shout_datestamp", DB_SHOUTBOX, "shout_ip='" . USER_IP . "'")) {
             $result = dbquery("INSERT INTO " . DB_SHOUTBOX . " (shout_name, shout_message, shout_datestamp, shout_ip, shout_ip_type, shout_hidden" . (multilang_table("SB") ? ", shout_language)" : ")") . " VALUES ('{$archive_shout_name}', '{$archive_shout_message}', '" . time() . "', '" . USER_IP . "', '" . USER_IP_TYPE . "', '0'" . (multilang_table("SB") ? ", '" . LANGUAGE . "')" : ")"));
         }
         redirect(FUSION_SELF);
     }
 }
 if (iMEMBER && (isset($_GET['action']) && $_GET['action'] == "edit") && (isset($_GET['shout_id']) && isnum($_GET['shout_id']))) {
     $esresult = dbquery("SELECT ts.shout_id, ts.shout_name, ts.shout_message, tu.user_id, tu.user_name\r\n\t\t\tFROM " . DB_SHOUTBOX . " ts\r\n\t\t\tLEFT JOIN " . DB_USERS . " tu ON ts.shout_name=tu.user_id\r\n\t\t\t" . (multilang_table("SB") ? "WHERE shout_language='" . LANGUAGE . "' AND" : "WHERE") . " ts.shout_id='" . $_GET['shout_id'] . "' AND shout_hidden='0'");
     if (dbrows($esresult)) {
         $esdata = dbarray($esresult);
         if (iADMIN && checkrights("S") || iMEMBER && $esdata['shout_name'] == $userdata['user_id'] && isset($esdata['user_name'])) {
             if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['shout_id']) && isnum($_GET['shout_id']))) {
                 $edit_url = "?action=edit&amp;shout_id=" . $esdata['shout_id'];
             } else {
                 $edit_url = "";
             }
Esempio n. 5
0
 public function render_edit_form()
 {
     global $locale, $userdata, $forum_settings, $defender;
     $thread_data = $this->thread_info['thread'];
     if ((!iMOD or !iSUPERADMIN) && $thread_data['thread_locked']) {
         redirect(INFUSIONS . 'forum/index.php');
     }
     if (isset($_GET['post_id']) && isnum($_GET['post_id'])) {
         add_to_title($locale['global_201'] . $locale['forum_0503']);
         add_breadcrumb(array('link' => '', 'title' => $locale['forum_0503']));
         $result = dbquery("SELECT tp.*, tt.thread_subject, tt.thread_poll, tt.thread_author, tt.thread_locked, MIN(tp2.post_id) AS first_post\n\t\t\t\tFROM " . DB_FORUM_POSTS . " tp\n\t\t\t\tINNER JOIN " . DB_FORUM_THREADS . " tt on tp.thread_id=tt.thread_id\n\t\t\t\tINNER JOIN " . DB_FORUM_POSTS . " tp2 on tp.thread_id=tp2.thread_id\n\t\t\t\tWHERE tp.post_id='" . intval($_GET['post_id']) . "' AND tp.thread_id='" . intval($thread_data['thread_id']) . "' AND tp.forum_id='" . intval($thread_data['forum_id']) . "'\n\t\t\t\tGROUP BY tp2.post_id\n\t\t\t\t");
         if (dbrows($result) > 0) {
             $post_data = dbarray($result);
             if ((iMOD or iSUPERADMIN) || $this->getThreadPermission("can_reply") && $post_data['post_author'] == $userdata['user_id']) {
                 $is_first_post = $post_data['post_id'] == $this->thread_info['post_firstpost'] ? TRUE : FALSE;
                 // no edit if locked
                 if ($post_data['post_locked'] && !iMOD) {
                     redirect(INFUSIONS . "forum/postify.php?post=edit&error=5&forum_id=" . $thread_data['forum_id'] . "&thread_id=" . $thread_data['thread_id'] . "&post_id=" . $post_data['post_id']);
                 }
                 // no edit if time limit reached
                 if (!iMOD && ($forum_settings['forum_edit_timelimit'] > 0 && time() - $forum_settings['forum_edit_timelimit'] * 60 > $post_data['post_datestamp'])) {
                     redirect(INFUSIONS . "forum/postify.php?post=edit&error=6&forum_id=" . $thread_data['forum_id'] . "&thread_id=" . $thread_data['thread_id'] . "&post_id=" . $post_data['post_id']);
                 }
                 // execute form post actions
                 if (isset($_POST['post_edit'])) {
                     require_once INCLUDES . "flood_include.php";
                     // all data is sanitized here.
                     if (!flood_control("post_datestamp", DB_FORUM_POSTS, "post_author='" . $userdata['user_id'] . "'")) {
                         // have notice
                         $post_data = array('forum_id' => $thread_data['forum_id'], 'thread_id' => $thread_data['thread_id'], 'post_id' => $post_data['post_id'], "thread_subject" => "", 'post_message' => form_sanitizer($_POST['post_message'], '', 'post_message'), 'post_showsig' => isset($_POST['post_showsig']) ? 1 : 0, 'post_smileys' => isset($_POST['post_smileys']) || isset($_POST['post_message']) && preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $_POST['post_message']) ? 1 : 0, 'post_author' => $userdata['user_id'], 'post_datestamp' => $post_data['post_datestamp'], 'post_ip' => USER_IP, 'post_ip_type' => USER_IP_TYPE, 'post_edituser' => $userdata['user_id'], 'post_edittime' => time(), 'post_editreason' => form_sanitizer($_POST['post_editreason'], '', 'post_editreason'), 'post_hidden' => 0, 'notify_me' => 0, 'post_locked' => $forum_settings['forum_edit_lock'] || isset($_POST['post_locked']) ? 1 : 0);
                         // require thread_subject if first post
                         if ($is_first_post == TRUE) {
                             $post_data['thread_subject'] = form_sanitizer($_POST['thread_subject'], '', 'thread_subject');
                         }
                         if ($defender->safe()) {
                             // Prepare forum merging action
                             $last_post_author = dbarray(dbquery("SELECT post_author FROM " . DB_FORUM_POSTS . " WHERE thread_id='" . $thread_data['thread_id'] . "' ORDER BY post_id DESC LIMIT 1"));
                             if ($last_post_author == $post_data['post_author'] && $thread_data['forum_merge']) {
                                 $last_message = dbarray(dbquery("SELECT post_id, post_message FROM " . DB_FORUM_POSTS . " WHERE thread_id='" . $thread_data['thread_id'] . "' ORDER BY post_id DESC"));
                                 $post_data['post_id'] = $last_message['post_id'];
                                 $post_data['post_message'] = $last_message['post_message'] . "\n\n" . $locale['forum_0640'] . " " . showdate("longdate", time()) . ":\n" . $post_data['post_message'];
                                 dbquery_insert(DB_FORUM_POSTS, $post_data, 'update', array('primary_key' => 'post_id', 'keep_session' => TRUE));
                             } else {
                                 dbquery_insert(DB_FORUM_POSTS, $post_data, 'update', array('primary_key' => 'post_id', 'keep_session' => TRUE));
                             }
                             // Delete attachments if there is any
                             foreach ($_POST as $key => $value) {
                                 if (!strstr($key, "delete_attach")) {
                                     continue;
                                 }
                                 $key = str_replace("delete_attach_", "", $key);
                                 $result = dbquery("SELECT * FROM " . DB_FORUM_ATTACHMENTS . " WHERE post_id='" . $post_data['post_id'] . "' AND attach_id='" . (isnum($key) ? $key : 0) . "'");
                                 if (dbrows($result) != 0 && $value) {
                                     $adata = dbarray($result);
                                     unlink(FORUM . "attachments/" . $adata['attach_name']);
                                     dbquery("DELETE FROM " . DB_FORUM_ATTACHMENTS . " WHERE post_id='" . $post_data['post_id'] . "' AND attach_id='" . (isnum($key) ? $key : 0) . "'");
                                 }
                             }
                             if (!empty($_FILES) && is_uploaded_file($_FILES['file_attachments']['tmp_name'][0]) && $this->getThreadPermission("can_upload_attach")) {
                                 $upload = form_sanitizer($_FILES['file_attachments'], '', 'file_attachments');
                                 if ($upload['error'] == 0) {
                                     foreach ($upload['target_file'] as $arr => $file_name) {
                                         $attachment = array('thread_id' => $thread_data['thread_id'], 'post_id' => $post_data['post_id'], 'attach_name' => $file_name, 'attach_mime' => $upload['type'][$arr], 'attach_size' => $upload['source_size'][$arr], 'attach_count' => '0');
                                         dbquery_insert(DB_FORUM_ATTACHMENTS, $attachment, 'save', array('keep_session' => TRUE));
                                     }
                                 }
                             }
                             if ($defender->safe()) {
                                 redirect(INFUSIONS . "forum/postify.php?post=edit&error=0&amp;forum_id=" . intval($post_data['forum_id']) . "&amp;thread_id=" . intval($post_data['thread_id']) . "&amp;post_id=" . intval($post_data['post_id']));
                             }
                         }
                     }
                 }
                 // template data
                 $form_action = INFUSIONS . "forum/viewthread.php?action=edit&amp;forum_id=" . $thread_data['forum_id'] . "&amp;thread_id=" . $thread_data['thread_id'] . "&amp;post_id=" . $_GET['post_id'];
                 // get attachment.
                 $attachments = array();
                 $attach_rows = 0;
                 if ($this->getThreadPermission("can_upload_attach") && !empty($this->thread_info['post_items'][$post_data['post_id']]['post_attachments'])) {
                     // need id
                     $a_result = dbquery("SELECT * FROM " . DB_FORUM_ATTACHMENTS . " WHERE post_id='" . intval($post_data['post_id']) . "' AND thread_id='" . intval($thread_data['thread_id']) . "'");
                     $attach_rows = dbrows($a_result);
                     if ($attach_rows > 0) {
                         while ($a_data = dbarray($a_result)) {
                             $attachments[] = $a_data;
                         }
                     }
                 }
                 $info = array('title' => $locale['forum_0507'], 'description' => $locale['forum_2000'] . $thread_data['thread_subject'], 'openform' => openform('input_form', 'post', $form_action, array('enctype' => $this->getThreadPermission("can_upload_attach") ? TRUE : FALSE)), 'closeform' => closeform(), 'forum_id_field' => form_hidden('forum_id', '', $post_data['forum_id']), 'thread_id_field' => form_hidden('thread_id', '', $post_data['thread_id']), "forum_field" => "", 'subject_field' => $this->thread_info['post_firstpost'] == $_GET['post_id'] ? form_text('thread_subject', $locale['forum_0600'], $thread_data['thread_subject'], array('required' => TRUE, 'placeholder' => $locale['forum_2001'], "class" => 'm-t-20 m-b-20')) : form_hidden("thread_subject", "", $thread_data['thread_subject']), 'message_field' => form_textarea('post_message', $locale['forum_0601'], $post_data['post_message'], array('required' => TRUE, 'autosize' => TRUE, 'no_resize' => TRUE, 'preview' => TRUE, 'form_name' => 'input_form', 'bbcode' => TRUE)), 'delete_field' => form_checkbox('delete', $locale['forum_0624'], '', array('class' => 'm-b-0')), 'edit_reason_field' => form_text('post_editreason', $locale['forum_0611'], $post_data['post_editreason'], array('placeholder' => '', 'class' => 'm-t-20 m-b-20')), 'attachment_field' => $this->getThreadPermission("can_upload_attach") ? form_fileinput('file_attachments[]', $locale['forum_0557'], "", array('input_id' => 'file_attachments', 'upload_path' => INFUSIONS . 'forum/attachments/', 'type' => 'object', 'preview_off' => TRUE, 'multiple' => TRUE, 'max_count' => $attach_rows > 0 ? $forum_settings['forum_attachmax_count'] - $attach_rows : $forum_settings['forum_attachmax_count'], 'valid_ext' => $forum_settings['forum_attachtypes'])) . "\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t <div class='m-b-20'>\n<small>" . sprintf($locale['forum_0559'], parsebytesize($forum_settings['forum_attachmax']), str_replace('|', ', ', $forum_settings['forum_attachtypes']), $forum_settings['forum_attachmax_count']) . "</small>\n</div>\n" : "", "poll_form" => "", 'smileys_field' => form_checkbox('post_smileys', $locale['forum_0622'], $post_data['post_smileys'], array('class' => 'm-b-0')), 'signature_field' => array_key_exists("user_sig", $userdata) && $userdata['user_sig'] ? form_checkbox('post_showsig', $locale['forum_0623'], $post_data['post_showsig'], array('class' => 'm-b-0')) : '', 'sticky_field' => (iMOD || iSUPERADMIN) && $is_first_post ? form_checkbox('thread_sticky', $locale['forum_0620'], $thread_data['thread_sticky'], array('class' => 'm-b-0')) : '', 'lock_field' => iMOD || iSUPERADMIN ? form_checkbox('thread_locked', $locale['forum_0621'], $thread_data['thread_locked'], array('class' => 'm-b-0')) : '', 'hide_edit_field' => form_checkbox('hide_edit', $locale['forum_0627'], '', array('class' => 'm-b-0')), 'post_locked_field' => iMOD || iSUPERADMIN ? form_checkbox('post_locked', $locale['forum_0628'], $post_data['post_locked'], array('class' => 'm-b-0')) : '', 'notify_field' => '', 'post_buttons' => form_button('post_edit', $locale['forum_0504'], $locale['forum_0504'], array('class' => 'btn-primary')) . form_button('cancel', $locale['cancel'], $locale['cancel'], array('class' => 'btn-default m-l-10')), 'last_posts_reply' => '');
                 $a_info = '';
                 if (!empty($attachments)) {
                     foreach ($attachments as $a_data) {
                         $a_info .= "<label><input type='checkbox' name='delete_attach_" . $a_data['attach_id'] . "' value='1' /> " . $locale['forum_0625'] . "</label>\n" . "<a href='" . INFUSIONS . "forum/attachments/" . $a_data['attach_name'] . "'>" . $a_data['attach_name'] . "</a> [" . parsebytesize($a_data['attach_size']) . "]\n" . "<br/>\n";
                     }
                     $info['attachment_field'] = $a_info . $info['attachment_field'];
                 }
                 postform($info);
             } else {
                 redirect(INFUSIONS . 'forum/index.php');
                 // no access
             }
         } else {
             redirect(INFUSIONS . "forum/postify.php?post=edit&error=4&forum_id=" . $thread_data['forum_id'] . "&thread_id=" . $thread_data['thread_id'] . "&post_id=" . $_GET['post_id']);
         }
     } else {
         redirect(INFUSIONS . 'forum/index.php');
     }
 }
Esempio n. 6
0
                             } else {
                                 sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['625'], $data['user_name'] . $message_content);
                             }
                         } else {
                             sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['625'], $data['user_name'] . $message_content);
                         }
                     }
                 }
             }
         } else {
             redirect(FUSION_SELF . "?folder=inbox");
         }
     }
 } elseif (isnum($_GET['msg_send'])) {
     require_once INCLUDES . "flood_include.php";
     if (!flood_control("message_datestamp", DB_MESSAGES, "message_from='" . $userdata['user_id'] . "'")) {
         $result = dbquery("SELECT u.user_id, u.user_name, u.user_email, u.user_level, mo.pm_email_notify, s.pm_inbox, COUNT(message_id) as message_count\n\t\t\t\tFROM " . DB_USERS . " u\n\t\t\t\tLEFT JOIN " . DB_MESSAGES_OPTIONS . " mo USING(user_id)\n\t\t\t\tLEFT JOIN " . DB_MESSAGES_OPTIONS . " s ON s.user_id='0'\n\t\t\t\tLEFT JOIN " . DB_MESSAGES . " ON message_to=u.user_id AND message_folder='0'\n\t\t\t\tWHERE u.user_id='" . $_GET['msg_send'] . "' GROUP BY u.user_id");
         if (dbrows($result)) {
             $data = dbarray($result);
             if ($data['user_id'] != $userdata['user_id']) {
                 if ($data['user_id'] == 1 || $data['user_level'] > 101 || $data['pm_inbox'] == "0" || $data['message_count'] + 1 <= $data['pm_inbox']) {
                     $result = dbquery("INSERT INTO " . DB_MESSAGES . " (message_to, message_from, message_subject, message_message, message_smileys, message_read, message_datestamp, message_folder) VALUES('" . $data['user_id'] . "','" . $userdata['user_id'] . "','" . $subject . "','" . $message . "','" . $smileys . "','0','" . time() . "','0')");
                     $send_email = isset($data['pm_email_notify']) ? $data['pm_email_notify'] : $msg_settings['pm_email_notify'];
                     if ($send_email == "1") {
                         $message_content = str_replace("[SUBJECT]", $subject, $locale['626']);
                         $message_content = str_replace("[USER]", $userdata['user_name'], $message_content);
                         $template_result = dbquery("SELECT template_key, template_active FROM " . DB_EMAIL_TEMPLATES . " WHERE template_key='PM' LIMIT 1");
                         if (dbrows($template_result)) {
                             $template_data = dbarray($template_result);
                             if ($template_data['template_active'] == "1") {
                                 sendemail_template("PM", $subject, trimlink($message, 150), $userdata['user_name'], $data['user_name'], "", $data['user_email']);
Esempio n. 7
0
/**
 * @param $comment_type - abbr or short ID
 * @param $comment_db - Current Application DB - DB_BLOG for example.
 * @param $comment_col - current sql primary key column - 'blog_id' for example
 * @param $comment_item_id - current sql primary key value '$_GET['blog_id']' for example
 * @param $clink - current page link 'FUSION_SELF' is ok.
 */
function showcomments($comment_type, $comment_db, $comment_col, $comment_item_id, $clink)
{
    global $settings, $locale, $userdata, $aidlink;
    $link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : "");
    $link = preg_replace("^(&amp;|\\?)c_action=(edit|delete)&amp;comment_id=\\d*^", "", $link);
    $_GET['comment'] = isset($_GET['comment']) && isnum($_GET['comment']) ? $_GET['comment'] : 0;
    $cpp = $settings['comments_per_page'];
    if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
        if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) {
            $result = dbquery("DELETE FROM " . DB_COMMENTS . "\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\n\t\t\t\tAND comment_name='" . $userdata['user_id'] . "'"));
        }
        redirect($clink . ($settings['comments_sorting'] == "ASC" ? "" : "&amp;c_start=0"));
    }
    if ($settings['comments_enabled'] == "1") {
        if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) {
            if (!iMEMBER && $settings['guestpost'] == 1) {
                if (!isset($_POST['comment_name'])) {
                    redirect($link);
                }
                if (isnum($_POST['comment_name'])) {
                    $_POST['comment_name'] = '';
                }
                $_CAPTCHA_IS_VALID = FALSE;
                include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_check.php";
                if (!isset($_POST['captcha_code']) || $_CAPTCHA_IS_VALID == FALSE) {
                    redirect($link);
                }
            }
            $comment_data = array('comment_id' => isset($_GET['comment_id']) && isnum($_GET['comment_id']) ? $_GET['comment_id'] : 0, 'comment_name' => iMEMBER ? $userdata['user_id'] : form_sanitizer($_POST['comment_name'], '', 'comment_name'), 'comment_message' => form_sanitizer($_POST['comment_message'], '', 'comment_message'), 'comment_datestamp' => time(), 'comment_item_id' => $comment_item_id, 'comment_type' => $comment_type, 'comment_cat' => 0, 'comment_ip' => USER_IP, 'comment_ip_type' => USER_IP_TYPE, 'comment_hidden' => 0);
            if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && $comment_data['comment_id']) {
                $comment_updated = FALSE;
                if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $comment_data['comment_id'] . "' \n\t\t\t\tAND comment_item_id='" . $comment_item_id . "'\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\tAND comment_type='" . $comment_type . "' \n\t\t\t\tAND comment_name='" . $userdata['user_id'] . "' \n\t\t\t\tAND comment_hidden='0'")) {
                    dbquery_insert(DB_COMMENTS, $comment_data, 'update');
                    if ($comment_data['comment_message']) {
                        $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='" . $comment_data['comment_message'] . "'\n  \t\t\t\t\t\t\t\t\t   WHERE comment_id='" . $_GET['comment_id'] . "' " . (iADMIN ? "" : "AND comment_name='" . $userdata['user_id'] . "'"));
                        if ($result) {
                            $comment_updated = TRUE;
                        }
                    }
                }
                if ($comment_updated) {
                    if ($settings['comments_sorting'] == "ASC") {
                        $c_operator = "<=";
                    } else {
                        $c_operator = ">=";
                    }
                    $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_id" . $c_operator . "'" . $comment_data['comment_id'] . "'\n\t\t\t\t\t\t\t\tAND comment_item_id='" . $comment_item_id . "'\n\t\t\t\t\t\t\t\tAND comment_type='" . $comment_type . "'");
                    $c_start = (ceil($c_count / $cpp) - 1) * $cpp;
                }
                redirect($clink . "&amp;c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : ""));
            } else {
                if (!dbcount("(" . $comment_col . ")", $comment_db, $comment_col . "='" . $comment_item_id . "'")) {
                    redirect(BASEDIR . "index.php");
                }
                $id = 0;
                if ($comment_data['comment_name'] && $comment_data['comment_message']) {
                    require_once INCLUDES . "flood_include.php";
                    if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) {
                        dbquery_insert(DB_COMMENTS, $comment_data, 'save');
                        $id = dblastid();
                    }
                }
                if ($settings['comments_sorting'] == "ASC") {
                    $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "'");
                    $c_start = (ceil($c_count / $cpp) - 1) * $cpp;
                } else {
                    $c_start = 0;
                }
                //if (!$settings['site_seo']) {
                redirect($clink . "&amp;c_start=" . $c_start . "#c" . $id);
                //}
            }
        }
        $c_arr = array("c_con" => array(), "c_info" => array("c_makepagenav" => FALSE, "admin_link" => FALSE));
        $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "' AND comment_hidden='0'");
        if (!isset($_GET['c_start']) && $c_rows > $cpp) {
            $_GET['c_start'] = (ceil($c_rows / $cpp) - 1) * $cpp;
        }
        if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) {
            $_GET['c_start'] = 0;
        }
        $result = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcm.comment_datestamp,\n\t\t\t\t\ttcu.user_id, tcu.user_name, tcu.user_avatar, tcu.user_status\n\t\t\t\t\tFROM " . DB_COMMENTS . " tcm\n\t\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\t\t\t\tWHERE comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "' AND comment_hidden='0'\n\t\t\t\t\tORDER BY comment_datestamp " . $settings['comments_sorting'] . " LIMIT " . $_GET['c_start'] . "," . $cpp);
        if (dbrows($result) > 0) {
            $i = $settings['comments_sorting'] == "ASC" ? $_GET['c_start'] + 1 : $c_rows - $_GET['c_start'];
            if ($c_rows > $cpp) {
                $c_arr['c_info']['c_makepagenav'] = makepagenav($_GET['c_start'], $cpp, $c_rows, 3, $clink . "&amp;", "c_start");
            }
            while ($data = dbarray($result)) {
                $c_arr['c_con'][$i]['comment_id'] = $data['comment_id'];
                $c_arr['c_con'][$i]['edit_dell'] = FALSE;
                $c_arr['c_con'][$i]['i'] = $i;
                if ($data['user_name']) {
                    $c_arr['c_con'][$i]['comment_name'] = profile_link($data['comment_name'], $data['user_name'], $data['user_status'], 'strong text-dark');
                } else {
                    $c_arr['c_con'][$i]['comment_name'] = $data['comment_name'];
                }
                $c_arr['c_con'][$i]['user_avatar'] = display_avatar($data, '35px', '', true, 'img-rounded');
                $c_arr['c_con'][$i]['user'] = array('user_id' => $data['user_id'], 'user_name' => $data['user_name'], 'user_avatar' => $avatar = $data['user_avatar'] !== '' && file_exists(IMAGES . 'avatars/' . $data['user_avatar']) ? IMAGES . 'avatars/' . $data['user_avatar'] : IMAGES . "avatars/noavatar50.png", 'user_status' => $data['user_status']);
                $c_arr['c_con'][$i]['comment_datestamp'] = showdate('shortdate', $data['comment_datestamp']);
                $c_arr['c_con'][$i]['comment_time'] = timer($data['comment_datestamp']);
                $c_arr['c_con'][$i]['comment_message'] = "<!--comment_message-->\n" . nl2br(parseubb(parsesmileys($data['comment_message'])));
                if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) {
                    $edit_link = clean_request('c_action=edit&comment_id=' . $data['comment_id'], array('c_action', 'comment_id'), false) . "#edit_comment";
                    $delete_link = clean_request('c_action=delete&comment_id=' . $data['comment_id'], array('c_action', 'comment_id'), false);
                    $c_arr['c_con'][$i]['edit_link'] = array('link' => $edit_link, 'name' => $locale['c108']);
                    $c_arr['c_con'][$i]['delete_link'] = array('link' => $delete_link, 'name' => $locale['c109']);
                    $c_arr['c_con'][$i]['edit_dell'] = "<!--comment_actions-->\n";
                    $c_arr['c_con'][$i]['edit_dell'] .= "<div class='btn-group'>";
                    $c_arr['c_con'][$i]['edit_dell'] .= "<a class='btn btn-xs btn-default' href='" . $edit_link . "'>";
                    $c_arr['c_con'][$i]['edit_dell'] .= $locale['c108'] . "</a>\n";
                    $c_arr['c_con'][$i]['edit_dell'] .= "<a class='btn btn-xs btn-default' href='" . $delete_link . "' onclick=\"return confirm('" . $locale['c110'] . "');\">";
                    $c_arr['c_con'][$i]['edit_dell'] .= "<i class='fa fa-trash'></i> " . $locale['c109'] . "</a>";
                    $c_arr['c_con'][$i]['edit_dell'] .= "</div>\n";
                }
                $settings['comments_sorting'] == "ASC" ? $i++ : $i--;
            }
            if (iADMIN && checkrights("C")) {
                $c_arr['c_info']['admin_link'] = "<!--comment_admin-->\n";
                $c_arr['c_info']['admin_link'] .= "<a href='" . ADMIN . "comments.php" . $aidlink . "&amp;ctype=" . $comment_type . "&amp;comment_item_id=" . $comment_item_id . "'>" . $locale['c106'] . "</a>";
            }
        }
        opentable($locale['c102']);
        $comment_message = "";
        if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
            $eresult = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcu.user_name\n\t\t\t\tFROM " . DB_COMMENTS . " tcm\n\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $comment_item_id . "'\n\t\t\t\tAND comment_type='" . $comment_type . "' AND comment_hidden='0'");
            if (dbrows($eresult) > 0) {
                $edata = dbarray($eresult);
                if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) {
                    $clink .= "&amp;c_action=edit&amp;comment_id=" . $edata['comment_id'];
                    $comment_message = $edata['comment_message'];
                }
            } else {
                $comment_message = "";
            }
        }
        if (iMEMBER || $settings['guestposts'] == "1") {
            require_once INCLUDES . "bbcode_include.php";
            echo "<a id='edit_comment' name='edit_comment'></a>\n";
            echo openform('inputform', 'post', $clink, array('class' => 'm-b-20', 'max_tokens' => 1));
            if (iGUEST) {
                echo form_text('comment_name', $locale['c104'], '', array('max_length' => 30));
            }
            echo form_textarea('comment_message', '', $comment_message, array('required' => 1, 'autosize' => 1, 'form_name' => 'inputform', 'bbcode' => 1));
            if (iGUEST && (!isset($_CAPTCHA_HIDE_INPUT) || isset($_CAPTCHA_HIDE_INPUT) && !$_CAPTCHA_HIDE_INPUT)) {
                $_CAPTCHA_HIDE_INPUT = FALSE;
                echo "<div style='width:360px; margin:10px auto;'>";
                echo $locale['global_150'] . "<br />\n";
                include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_display.php";
                if (!$_CAPTCHA_HIDE_INPUT) {
                    echo "<br />\n<label for='captcha_code'>" . $locale['global_151'] . "</label>";
                    echo "<br />\n<input type='text' id='captcha_code' name='captcha_code' class='textbox' autocomplete='off' style='width:100px' />\n";
                }
                echo "</div>\n";
            }
            echo form_button('post_comment', $comment_message ? $locale['c103'] : $locale['c102'], $comment_message ? $locale['c103'] : $locale['c102'], array('class' => 'btn-success m-t-10'));
            echo closeform();
        } else {
            echo "<div class='well'>\n";
            echo $locale['c105'] . "\n";
            echo "</div>\n";
        }
        closetable();
        echo "<a id='comments' name='comments'></a>";
        render_comments($c_arr['c_con'], $c_arr['c_info']);
    }
}
Esempio n. 8
0
function showcomments($ctype, $cdb, $ccol, $cid, $clink)
{
    global $settings, $locale, $userdata, $aidlink;
    $link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : "");
    $link = preg_replace("^(&amp;|\\?)c_action=(edit|delete)&amp;comment_id=\\d*^", "", $link);
    $cpp = $settings['comments_per_page'];
    if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
        if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) {
            $result = dbquery("DELETE FROM " . DB_COMMENTS . "\r\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\r\n\t\t\t\t\tAND comment_name='" . $userdata['user_id'] . "'"));
        }
        redirect($clink . ($settings['comments_sorting'] == "ASC" ? "" : "&amp;c_start=0"));
    }
    if ($settings['comments_enabled'] == "1") {
        if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) {
            if (iMEMBER) {
                $comment_name = $userdata['user_id'];
            } elseif ($settings['guestposts'] == "1") {
                if (!isset($_POST['comment_name'])) {
                    redirect($link);
                }
                $comment_name = trim(stripinput($_POST['comment_name']));
                $comment_name = preg_replace("(^[+0-9\\s]*)", "", $comment_name);
                if (isnum($comment_name)) {
                    $comment_name = "";
                }
                $_CAPTCHA_IS_VALID = FALSE;
                include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_check.php";
                if (!isset($_POST['captcha_code']) || $_CAPTCHA_IS_VALID == FALSE) {
                    redirect($link);
                }
            }
            $comment_message = trim(stripinput(censorwords($_POST['comment_message'])));
            if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
                $comment_updated = FALSE;
                if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\tAND comment_type='" . $ctype . "' AND comment_name='" . $userdata['user_id'] . "'\r\n\t\t\t\t\t\tAND comment_hidden='0'")) {
                    if ($comment_message) {
                        $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='" . $comment_message . "'\r\n\t\t\t\t\t\t\t\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\r\n\t\t\t\t\t\t\t\t\t\t\tAND comment_name='" . $userdata['user_id'] . "'"));
                        $comment_updated = TRUE;
                    }
                }
                if ($comment_updated) {
                    if ($settings['comments_sorting'] == "ASC") {
                        $c_operator = "<=";
                    } else {
                        $c_operator = ">=";
                    }
                    $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_id" . $c_operator . "'" . $_GET['comment_id'] . "'\r\n\t\t\t\t\t\t\t\tAND comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\t\t\tAND comment_type='" . $ctype . "'");
                    $c_start = (ceil($c_count / $cpp) - 1) * $cpp;
                }
                redirect($clink . "&amp;c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : ""));
            } else {
                if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) {
                    redirect(BASEDIR . "index.php");
                }
                if ($comment_name && $comment_message) {
                    require_once INCLUDES . "flood_include.php";
                    if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) {
                        $result = dbquery("INSERT INTO " . DB_COMMENTS . " (\r\n\t\t\t\t\t\t\t\tcomment_item_id, comment_type, comment_name, comment_message, comment_datestamp,\r\n\t\t\t\t\t\t\t\tcomment_ip, comment_ip_type, comment_hidden\r\n\t\t\t\t\t\t\t) VALUES (\r\n\t\t\t\t\t\t\t\t'" . $cid . "', '" . $ctype . "', '" . $comment_name . "', '" . $comment_message . "', '" . time() . "',\r\n\t\t\t\t\t\t\t\t'" . USER_IP . "', '" . USER_IP_TYPE . "', '0'\r\n\t\t\t\t\t\t\t)");
                    }
                }
                if ($settings['comments_sorting'] == "ASC") {
                    $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\t\t\t\t\tAND comment_type='" . $ctype . "'");
                    $c_start = (ceil($c_count / $cpp) - 1) * $cpp;
                } else {
                    $c_start = 0;
                }
                redirect($clink . "&amp;c_start=" . $c_start);
            }
        }
        $c_arr = array("c_con" => array(), "c_info" => array("c_makepagenav" => FALSE, "admin_link" => FALSE));
        $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\t\tAND comment_type='" . $ctype . "' AND comment_hidden='0'");
        if (!isset($_GET['c_start']) && $c_rows > $cpp) {
            $_GET['c_start'] = (ceil($c_rows / $cpp) - 1) * $cpp;
        }
        if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) {
            $_GET['c_start'] = 0;
        }
        $result = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcm.comment_datestamp,\r\n\t\t\t\t\ttcu.user_id, tcu.user_name, tcu.user_avatar, tcu.user_status\r\n\t\t\tFROM " . DB_COMMENTS . " tcm\r\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\tWHERE comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "' AND comment_hidden='0'\r\n\t\t\tORDER BY comment_datestamp " . $settings['comments_sorting'] . " LIMIT " . $_GET['c_start'] . "," . $cpp);
        if (dbrows($result)) {
            $i = $settings['comments_sorting'] == "ASC" ? $_GET['c_start'] + 1 : $c_rows - $_GET['c_start'];
            if ($c_rows > $cpp) {
                $c_arr['c_info']['c_makepagenav'] = makepagenav($_GET['c_start'], $cpp, $c_rows, 3, $clink . "&amp;", "c_start");
            }
            while ($data = dbarray($result)) {
                $c_arr['c_con'][$i]['comment_id'] = $data['comment_id'];
                $c_arr['c_con'][$i]['edit_dell'] = FALSE;
                $c_arr['c_con'][$i]['i'] = $i;
                if ($data['user_name']) {
                    $c_arr['c_con'][$i]['comment_name'] = profile_link($data['comment_name'], $data['user_name'], $data['user_status']);
                } else {
                    $c_arr['c_con'][$i]['comment_name'] = $data['comment_name'];
                }
                //Add user avatar in comments new feature in v7.02.04
                $c_arr['c_con'][$i]['user_avatar'] = display_avatar($data, '80px');
                $c_arr['c_con'][$i]['comment_datestamp'] = $locale['global_071'] . showdate("longdate", $data['comment_datestamp']);
                $c_arr['c_con'][$i]['comment_message'] = "<!--comment_message-->\n" . nl2br(parseubb(parsesmileys($data['comment_message'])));
                if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) {
                    $c_arr['c_con'][$i]['edit_dell'] = "<!--comment_actions-->\n";
                    $c_arr['c_con'][$i]['edit_dell'] .= "<a href='" . FUSION_REQUEST . "&amp;c_action=edit&amp;comment_id=" . $data['comment_id'] . "#edit_comment'>";
                    $c_arr['c_con'][$i]['edit_dell'] .= $locale['c108'] . "</a> |\n";
                    $c_arr['c_con'][$i]['edit_dell'] .= "<a href='" . FUSION_REQUEST . "&amp;c_action=delete&amp;comment_id=" . $data['comment_id'] . "' onclick=\"return confirm('" . $locale['c110'] . "');\">";
                    $c_arr['c_con'][$i]['edit_dell'] .= $locale['c109'] . "</a>";
                }
                $settings['comments_sorting'] == "ASC" ? $i++ : $i--;
            }
            if (iADMIN && checkrights("C")) {
                $c_arr['c_info']['admin_link'] = "<!--comment_admin-->\n";
                $c_arr['c_info']['admin_link'] .= "<a href='" . ADMIN . "comments.php" . $aidlink . "&amp;ctype=" . $ctype . "&amp;cid=" . $cid . "'>" . $locale['c106'] . "</a>";
            }
        }
        // Render comments
        echo "<a id='comments' name='comments'></a>";
        render_comments($c_arr['c_con'], $c_arr['c_info']);
        // Add / edit comment
        opentable($locale['c102']);
        if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
            $eresult = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcu.user_name\r\n\t\t\t\tFROM " . DB_COMMENTS . " tcm\r\n\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "'\r\n\t\t\t\t\tAND comment_type='" . $ctype . "' AND comment_hidden='0'");
            if (dbrows($eresult)) {
                $edata = dbarray($eresult);
                if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) {
                    $clink .= "&amp;c_action=edit&amp;comment_id=" . $edata['comment_id'];
                    $comment_message = $edata['comment_message'];
                }
            } else {
                $comment_message = "";
            }
        } else {
            $comment_message = "";
        }
        if (iMEMBER || $settings['guestposts'] == "1") {
            require_once INCLUDES . "bbcode_include.php";
            echo "<a id='edit_comment' name='edit_comment'></a>\n";
            echo openform('inputform', 'inputform', 'post', $clink);
            if (iGUEST) {
                echo "<div align='center' class='tbl'>\n" . $locale['c104'] . "<br />\n";
                echo "<input type='text' name='comment_name' maxlength='30' class='textbox' style='width:360px' />\n";
                echo "</div>\n";
            }
            echo "<div class='row'>\n";
            echo "<div class='col-xs-12 col-sm-12 col-md-12 col-lg-12'>\n";
            echo form_textarea('', 'comment_message', 'comment_message', $comment_message, array('required' => 1));
            echo display_bbcodes("360px", "comment_message");
            if (iGUEST && (!isset($_CAPTCHA_HIDE_INPUT) || isset($_CAPTCHA_HIDE_INPUT) && !$_CAPTCHA_HIDE_INPUT)) {
                $_CAPTCHA_HIDE_INPUT = FALSE;
                echo "<div style='width:360px; margin:10px auto;'>";
                echo $locale['global_150'] . "<br />\n";
                include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_display.php";
                if (!$_CAPTCHA_HIDE_INPUT) {
                    echo "<br />\n<label for='captcha_code'>" . $locale['global_151'] . "</label>";
                    echo "<br />\n<input type='text' id='captcha_code' name='captcha_code' class='textbox' autocomplete='off' style='width:100px' />\n";
                }
                echo "</div>\n";
            }
            echo form_button($comment_message ? $locale['c103'] : $locale['c102'], 'post_comment', 'post_comment', $comment_message ? $locale['c103'] : $locale['c102'], array('class' => 'btn btn-primary m-t-10'));
            echo "</div>\n</div>\n";
            echo closeform();
        } else {
            echo $locale['c105'] . "\n";
        }
        closetable();
    }
}
Esempio n. 9
0
function showcomments($ctype, $cdb, $ccol, $cid, $clink)
{
    global $settings, $locale, $userdata, $aidlink;
    $link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : "");
    $link = preg_replace("^(&amp;|\\?)c_action=(edit|delete)&amp;comment_id=\\d*^", "", $link);
    if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
        if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) {
            $result = dbquery("DELETE FROM " . DB_COMMENTS . " WHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : " AND comment_name='" . $userdata['user_id'] . "'"));
        }
        redirect($clink);
    }
    if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) {
        if (iMEMBER) {
            $comment_name = $userdata['user_id'];
        } elseif ($settings['guestposts'] == "1") {
            $comment_name = trim(stripinput($_POST['comment_name']));
            $comment_name = preg_replace("(^[0-9]*)", "", $comment_name);
            if (isnum($comment_name)) {
                $comment_name = "";
            }
            include_once INCLUDES . "securimage/securimage.php";
            $securimage = new Securimage();
            if (!isset($_POST['com_captcha_code']) || $securimage->check($_POST['com_captcha_code']) == false) {
                redirect($link);
            }
        }
        $comment_message = trim(stripinput(censorwords($_POST['comment_message'])));
        if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
            $comment_updated = false;
            if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) {
                if ($comment_message) {
                    $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='{$comment_message}' WHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : " AND comment_name='" . $userdata['user_id'] . "'"));
                    $comment_updated = true;
                }
            }
            if ($comment_updated) {
                $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_id<='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'") / 10) - 1) * 10;
            }
            redirect($clink . "&amp;rstart=" . (isset($c_start) && isnum($c_start) ? $c_start : ""));
        } else {
            if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) {
                redirect(BASEDIR . "index.php");
            }
            if ($comment_name && $comment_message) {
                require_once INCLUDES . "flood_include.php";
                if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) {
                    $result = dbquery("INSERT INTO " . DB_COMMENTS . " (comment_item_id, comment_type, comment_name, comment_message, comment_datestamp, comment_ip) VALUES ('{$cid}', '{$ctype}', '{$comment_name}', '{$comment_message}', '" . time() . "', '" . USER_IP . "')");
                }
            }
            $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'") / 10) - 1) * 10;
            redirect($clink . "&amp;rstart=" . $c_start);
        }
    }
    opentable($locale['c100']);
    echo "<a id='comments' name='comments'></a>";
    $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='{$cid}' AND comment_type='{$ctype}'");
    if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) {
        $_GET['c_start'] = 0;
    }
    $result = dbquery("SELECT tcm.*,user_name FROM " . DB_COMMENTS . " tcm\n\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\tWHERE comment_item_id='{$cid}' AND comment_type='{$ctype}'\n\t\tORDER BY comment_datestamp ASC LIMIT " . $_GET['c_start'] . ",10");
    if (dbrows($result)) {
        $i = $_GET['c_start'] + 1;
        if ($c_rows > 10) {
            echo "<div style='text-align:center;margin-bottom:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&amp;") . "</div>\n";
        }
        while ($data = dbarray($result)) {
            echo "<div class='tbl2'>\n";
            if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) {
                echo "<div style='float:right' class='comment_actions'><!--comment_actions-->\n<a href='" . FUSION_REQUEST . "&amp;c_action=edit&amp;comment_id=" . $data['comment_id'] . "#edit_comment'>" . $locale['c108'] . "</a> |\n";
                echo "<a href='" . FUSION_REQUEST . "&amp;c_action=delete&amp;comment_id=" . $data['comment_id'] . "'>" . $locale['c109'] . "</a>\n</div>\n";
            }
            echo "<a href='" . FUSION_REQUEST . "#c" . $data['comment_id'] . "' id='c" . $data['comment_id'] . "' name='c" . $data['comment_id'] . "'>#" . $i . "</a> | ";
            if ($data['user_name']) {
                echo "<span class='comment-name'><a href='" . BASEDIR . "profile.php?lookup=" . $data['comment_name'] . "'>" . $data['user_name'] . "</a></span>\n";
            } else {
                echo "<span class='comment-name'>" . $data['comment_name'] . "</span>\n";
            }
            echo "<span class='small'>" . $locale['global_071'] . showdate("longdate", $data['comment_datestamp']) . "</span>\n";
            echo "</div>\n<div class='tbl1 comment_message'><!--comment_message-->" . nl2br(parseubb(parsesmileys($data['comment_message']))) . "</div>\n";
            $i++;
        }
        if (iADMIN && checkrights("C")) {
            echo "<div align='right' class='tbl2'><a href='" . ADMIN . "comments.php" . $aidlink . "&amp;ctype={$ctype}&amp;cid={$cid}'>" . $locale['c106'] . "</a></div>\n";
        }
        if ($c_rows > 10) {
            echo "<div style='text-align:center;margin-top:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&amp;") . "</div>\n";
        }
    } else {
        echo $locale['c101'] . "\n";
    }
    closetable();
    opentable($locale['c102']);
    if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
        $eresult = dbquery("SELECT tcm.*,user_name FROM " . DB_COMMENTS . " tcm\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'");
        if (dbrows($eresult)) {
            $edata = dbarray($eresult);
            if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) {
                $clink .= "&amp;c_action=edit&amp;comment_id=" . $edata['comment_id'];
                $comment_message = $edata['comment_message'];
            }
        } else {
            $comment_message = "";
        }
    } else {
        $comment_message = "";
    }
    if (iMEMBER || $settings['guestposts'] == "1") {
        require_once INCLUDES . "bbcode_include.php";
        echo "<a id='edit_comment' name='edit_comment'></a>\n";
        echo "<form name='inputform' method='post' action='" . $clink . "'>\n";
        if (iGUEST) {
            echo "<div align='center' class='tbl'>\n" . $locale['c104'] . "<br />\n";
            echo "<input type='text' name='comment_name' maxlength='30' class='textbox' style='width:360px' />\n";
            echo "</div>\n";
        }
        echo "<div align='center' class='tbl'>\n";
        echo "<textarea name='comment_message' cols='70' rows='6' class='textbox' style='width:360px'>" . $comment_message . "</textarea><br />\n";
        echo display_bbcodes("360px", "comment_message");
        if (iGUEST) {
            echo $locale['global_158'] . "<br />\n";
            echo "<img id='com_captcha' src='" . INCLUDES . "securimage/securimage_show.php' alt='' /><br />\n";
            echo "<a href='" . INCLUDES . "securimage/securimage_play.php'><img src='" . INCLUDES . "securimage/images/audio_icon.gif' alt='' class='tbl-border' style='margin-bottom:1px' /></a>\n";
            echo "<a href='#' onclick=\"document.getElementById('com_captcha').src = '" . INCLUDES . "securimage/securimage_show.php?sid=' + Math.random(); return false\"><img src='" . INCLUDES . "securimage/images/refresh.gif' alt='' class='tbl-border' /></a><br />\n";
            echo $locale['global_159'] . "<br />\n<input type='text' name='com_captcha_code' class='textbox' style='width:100px' />\n";
        }
        echo "<br />\n<input type='submit' name='post_comment' value='" . ($comment_message ? $locale['c103'] : $locale['c102']) . "' class='button' />\n";
        echo "</div>\n</form>\n";
    } else {
        echo $locale['c105'] . "\n";
    }
    closetable();
}
function showcomments_avatar($ctype, $cdb, $ccol, $cid, $clink, $seo_root_link = "", $a = "-", $seo_catid = "", $b = "-page-", $rowstart = "", $c = "-", $seo_subject = "")
{
    // Pimped
    global $settings, $locale, $userdata, $aidlink;
    if (URL_REWRITE && $seo_root_link != "") {
        $seo_link = $seo_root_link . $a . $seo_catid . $c . clean_subject_urlrewrite($seo_subject) . ".html";
    }
    // Pimped
    $link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : "");
    $link = preg_replace("^(&amp;|\\?)c_action=(edit|delete)&amp;comment_id=\\d*^", "", $link);
    if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
        if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . (int) $_GET['comment_id'] . "' AND comment_name='" . (int) $userdata['user_id'] . "'")) {
            $result = dbquery("DELETE FROM " . DB_COMMENTS . " WHERE comment_id='" . (int) $_GET['comment_id'] . "'" . (iMODERATOR || iADMIN ? "" : " AND comment_name='" . (int) $userdata['user_id'] . "'"));
        }
        redirect($clink);
    }
    if ($settings['comments_enabled'] == "1") {
        if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) {
            if (iMEMBER) {
                $comment_name = $userdata['user_id'];
            } elseif ($settings['guestposts'] == "1") {
                $comment_name = trim(stripinput($_POST['comment_name']));
                $comment_name = preg_replace("(^[0-9]*)", "", $comment_name);
                if (isnum($comment_name)) {
                    $comment_name = "";
                }
                include_once INCLUDES . "securimage/securimage.php";
                $securimage = new Securimage();
                if (!isset($_POST['com_captcha_code']) || $securimage->check($_POST['com_captcha_code']) == false) {
                    redirect($link);
                }
            }
            $comment_message = trim(stripinput(censorwords($_POST['comment_message'])));
            if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
                $comment_updated = false;
                if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . (int) $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "' AND comment_name='" . (int) $userdata['user_id'] . "' AND comment_hidden='0'")) {
                    if ($comment_message) {
                        $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message=" . _db($comment_message) . " WHERE comment_id='" . (int) $_GET['comment_id'] . "'" . (iMODERATOR || iADMIN ? "" : " AND comment_name='" . (int) $userdata['user_id'] . "'"));
                        $comment_updated = true;
                    }
                }
                if ($comment_updated) {
                    $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_id<='" . (int) $_GET['comment_id'] . "' AND comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . "") / 10) - 1) * 10;
                }
                redirect($clink . "&amp;c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : ""));
            } else {
                if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) {
                    redirect(BASEDIR . "index.php");
                }
                if ($comment_name && $comment_message) {
                    require_once INCLUDES . "flood_include.php";
                    if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) {
                        $result = dbquery("INSERT INTO " . DB_COMMENTS . " (comment_item_id, comment_type, comment_name, comment_message, comment_datestamp, comment_ip, comment_hidden) VALUES (" . _db($cid) . ", " . _db($ctype) . ", " . _db($comment_name) . ", " . _db($comment_message) . ", '" . time() . "', '" . USER_IP . "', '0')");
                    }
                }
                $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . (int) $cid . "' AND comment_type=" . _db($ctype) . "") / 10) - 1) * 10;
                redirect($clink . "&amp;c_start=" . $c_start);
            }
        }
        opentable($locale['c100']);
        echo "<a id='comments' name='comments'></a>";
        $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . " AND comment_hidden='0'");
        if (!isset($_GET['c_start']) && $c_rows > 10) {
            $_GET['c_start'] = (ceil($c_rows / 10) - 1) * 10;
        }
        if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) {
            $_GET['c_start'] = 0;
        }
        $result = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_datestamp, tcm.comment_message,\r\n\t\t\ttcu.user_name, tcu.user_avatar, tcu.user_id, tcu.user_level, tcu.user_status\r\n\t\t\tFROM " . DB_COMMENTS . " tcm\r\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\tWHERE comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . " AND comment_hidden='0'\r\n\t\t\tORDER BY comment_datestamp ASC LIMIT " . (int) $_GET['c_start'] . ",10");
        if (dbrows($result)) {
            $i = $_GET['c_start'] + 1;
            if ($c_rows > 10) {
                echo "<div style='text-align:center;margin-bottom:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&amp;", $seo_root_link, $a, $seo_catid, $b, $rowstart, "-cstart-", $c, $seo_subject) . "</div>\n";
            }
            echo "<table cellpadding='0' cellspacing='1' width='100%' class='tbl-border'>\n";
            while ($data = dbarray($result)) {
                echo "<tr><td class='tbl2' width='10%' align='center'>\n";
                if ($data['user_name']) {
                    echo "<span class='comment-name'>" . profile_link($data['comment_name'], $data['user_name'], $data['user_status']) . "</span>\n";
                } else {
                    echo "<span class='comment-name'>" . $data['comment_name'] . "</span>\n";
                }
                echo "</td>\n";
                echo "<td class='tbl2'>\n<span class='small'>" . $locale['global_071'] . showdate("longdate", $data['comment_datestamp']) . "</span>\n";
                echo "<div style='float:right' class='comment_actions'>";
                if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) {
                    echo "<!--comment_actions-->\n<a href='" . FUSION_SELF . "?" . FUSION_QUERY . "&amp;c_action=edit&amp;comment_id=" . $data['comment_id'] . "#edit_comment'>" . $locale['c108'] . "</a> |\n";
                    echo "<a href='" . FUSION_SELF . "?" . FUSION_QUERY . "&amp;c_action=delete&amp;comment_id=" . $data['comment_id'] . "'>" . $locale['c109'] . "</a> |\n";
                }
                echo "<a href='" . FUSION_REQUEST . "#c" . $data['comment_id'] . "' id='c" . $data['comment_id'] . "' name='c" . $data['comment_id'] . "'>#" . $i . "</a></div>\n";
                echo "</td>\n";
                echo "</tr>\n<tr>\n";
                $avatar = $data['user_avatar'] != "" && file_exists(IMAGES_AVA . $data['user_avatar']) ? IMAGES_AVA . $data['user_avatar'] : IMAGES_AVA . "noavatar.jpg";
                echo "<td class='tbl1' width='15%'>\n";
                echo "<div style='text-align:center;'><img src='" . $avatar . "' width='50' height='50' alt='' /></div><br />\n";
                if ($settings['warning_system_comments'] && $data['user_name']) {
                    $points = show_warning_points($data['user_id']);
                    echo "<div class='commentswarnings'>";
                    echo "<span class='small'><a style='cursor:help;' onclick=\"warning_info();\">" . $locale['WARN200'] . "</a></span> ";
                    echo warning_profile_link("1", $data['user_id'], $points);
                    echo "</div>";
                }
                echo "<span class='small2'>" . $locale['c110'] . number_format(dbcount("(comment_id)", DB_COMMENTS, "comment_name='" . (int) $data['user_id'] . "'")) . "<br />";
                echo $locale['c111'] . getuserlevel($data['user_level']) . "</span><br />";
                echo "</td>\n";
                echo "<td class='tbl2' valign='top'>\n" . nl2br(parseubb(parsesmileys($data['comment_message']))) . "</td>\n</tr>";
                $i++;
            }
            echo "\n</table>\n";
            if ((iMODERATOR || iADMIN) && checkrights("C")) {
                echo "<div align='right' class='tbl2'><a href='" . ADMIN . "comments.php" . $aidlink . "&amp;ctype={$ctype}&amp;cid={$cid}'>" . $locale['c106'] . "</a></div>\n";
            }
            if ($c_rows > 10) {
                echo "<br /><div style='text-align:center;margin-top:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&amp;", $seo_root_link, $a, $seo_catid, $b, $rowstart, "-cstart-", $c, $seo_subject) . "</div>\n";
            }
        } else {
            echo $locale['c101'] . "\n";
        }
        closetable();
        opentable($locale['c102']);
        if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
            $eresult = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcu.user_name FROM " . DB_COMMENTS . " tcm\r\n\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\t\tWHERE comment_id='" . (int) $_GET['comment_id'] . "' AND comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . " AND comment_hidden='0'");
            if (dbrows($eresult)) {
                $edata = dbarray($eresult);
                if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) {
                    $clink .= "&amp;c_action=edit&amp;comment_id=" . $edata['comment_id'];
                    $comment_message = $edata['comment_message'];
                }
            } else {
                $comment_message = "";
            }
        } else {
            $comment_message = "";
        }
        if (iMEMBER || $settings['guestposts'] == "1") {
            require_once INCLUDES . "bbcode_include.php";
            echo "<a id='edit_comment' name='edit_comment'></a>\n";
            echo "<form name='inputform' method='post' action='" . (URL_REWRITE && $seo_root_link != "" ? $seo_link : $clink) . "'>\n";
            // Pimped
            if (iGUEST) {
                echo "<div align='center' class='tbl'>\n" . $locale['c104'] . "<br />\n";
                echo "<input type='text' name='comment_name' maxlength='30' class='textbox' style='width:360px' />\n";
                echo "</div>\n";
            }
            echo "<div align='center' class='tbl'>\n";
            echo "<textarea name='comment_message' cols='70' rows='6' class='textbox' style='width:360px'>" . $comment_message . "</textarea><br />\n";
            echo display_bbcodes("360px", "comment_message");
            if (iGUEST) {
                echo $locale['global_158'] . "<br />\n";
                echo "<img id='com_captcha' src='" . INCLUDES . "securimage/securimage_show.php' alt='' /><br />\n";
                echo "<a href='" . INCLUDES . "securimage/securimage_play.php'><img src='" . INCLUDES . "securimage/images/audio_icon.gif' alt='' class='tbl-border' style='margin-bottom:1px' /></a>\n";
                echo "<a href='#' onclick=\"document.getElementById('com_captcha').src = '" . INCLUDES . "securimage/securimage_show.php?sid=' + Math.random(); return false\"><img src='" . INCLUDES . "securimage/images/refresh.gif' alt='' class='tbl-border' /></a><br />\n";
                echo $locale['global_159'] . "<br />\n<input type='text' name='com_captcha_code' class='textbox' style='width:100px' />\n";
            }
            echo "<br />\n<input type='submit' name='post_comment' value='" . ($comment_message ? $locale['c103'] : $locale['c102']) . "' class='button' />\n";
            echo "</div>\n</form>\n";
        } else {
            echo $locale['c105'] . "\n";
        }
        closetable();
    }
}
Esempio n. 11
0
 /**
  * New thread
  */
 public function set_newThreadInfo()
 {
     $userdata = fusion_get_userdata();
     $locale = fusion_get_locale("", FORUM_LOCALE);
     $locale += fusion_get_locale("", FORUM_TAGS_LOCALE);
     $forum_settings = ForumServer::get_forum_settings();
     // @todo: Reduce lines and optimize further
     if (iMEMBER) {
         // New thread directly to a specified forum
         if (!empty($_GET['forum_id']) && ForumServer::verify_forum($_GET['forum_id'])) {
             add_to_title($locale['forum_0000']);
             add_to_meta("description", $locale['forum_0000']);
             add_breadcrumb(array("link" => FORUM . "index.php", "title" => $locale['forum_0000']));
             add_to_title($locale['global_201'] . $locale['forum_0057']);
             $forum_data = dbarray(dbquery("SELECT f.*, f2.forum_name AS forum_cat_name\n\t\t\t\tFROM " . DB_FORUMS . " f\n\t\t\t\tLEFT JOIN " . DB_FORUMS . " f2 ON f.forum_cat=f2.forum_id\n\t\t\t\tWHERE f.forum_id='" . intval($_GET['forum_id']) . "'\n\t\t\t\tAND " . groupaccess('f.forum_access') . "\n\t\t\t\t"));
             if ($forum_data['forum_type'] == 1) {
                 redirect(INFUSIONS . "forum/index.php");
             }
             // Use the new permission settings
             self::setPermission($forum_data);
             $forum_data['lock_edit'] = $forum_settings['forum_edit_lock'];
             if (self::getPermission("can_post") && self::getPermission("can_access")) {
                 add_breadcrumb(array('link' => INFUSIONS . 'forum/index.php?viewforum&amp;forum_id=' . $forum_data['forum_id'] . '&amp;parent_id=' . $forum_data['forum_cat'], 'title' => $forum_data['forum_name']));
                 add_breadcrumb(array('link' => INFUSIONS . 'forum/index.php?viewforum&amp;forum_id=' . $forum_data['forum_id'] . '&amp;parent_id=' . $forum_data['forum_cat'], 'title' => $locale['forum_0057']));
                 /**
                  * Generate a poll form
                  */
                 $poll_form = "";
                 if (self::getPermission("can_create_poll")) {
                     // initial data to push downwards
                     $pollData = array('thread_id' => 0, 'forum_poll_title' => !empty($_POST['forum_poll_title']) ? form_sanitizer($_POST['forum_poll_title'], '', 'forum_poll_title') : '', 'forum_poll_start' => time(), 'forum_poll_length' => 2, 'forum_poll_votes' => 0);
                     // counter of lengths
                     $option_data[1] = "";
                     $option_data[2] = "";
                     // Do a validation if checked add_poll
                     if (isset($_POST['add_poll'])) {
                         $pollData = array('thread_id' => 0, 'forum_poll_title' => isset($_POST['forum_poll_title']) ? form_sanitizer($_POST['forum_poll_title'], '', 'forum_poll_title') : '', 'forum_poll_start' => time(), 'forum_poll_length' => count($option_data), 'forum_poll_votes' => 0);
                         // calculate poll lengths
                         if (!empty($_POST['poll_options']) && is_array($_POST['poll_options'])) {
                             foreach ($_POST['poll_options'] as $i => $value) {
                                 $option_data[$i] = form_sanitizer($value, '', "poll_options[{$i}]");
                             }
                         }
                     }
                     if (isset($_POST['add_poll_option']) && isset($_POST['poll_options'])) {
                         // reindex the whole array with blank values.
                         foreach ($_POST['poll_options'] as $i => $value) {
                             $option_data[$i] = form_sanitizer($value, '', "poll_options[{$i}]");
                         }
                         if (\defender::safe()) {
                             $option_data = array_values(array_filter($option_data));
                             array_unshift($option_data, NULL);
                             unset($option_data[0]);
                             $pollData['forum_poll_length'] = count($option_data);
                         }
                         array_push($option_data, '');
                     }
                     $poll_field = '';
                     $poll_field['poll_field'] = form_text('forum_poll_title', $locale['forum_0604'], $pollData['forum_poll_title'], array('max_length' => 255, 'placeholder' => $locale['forum_0604a'], 'inline' => TRUE, 'required' => TRUE));
                     for ($i = 1; $i <= count($option_data); $i++) {
                         $poll_field['poll_field'] .= form_text("poll_options[{$i}]", sprintf($locale['forum_0606'], $i), $option_data[$i], array('max_length' => 255, 'placeholder' => $locale['forum_0605'], 'inline' => TRUE, 'required' => $i <= 2 ? TRUE : FALSE));
                     }
                     $poll_field['poll_field'] .= "<div class='col-xs-12 col-sm-offset-3'>\n";
                     $poll_field['poll_field'] .= form_button('add_poll_option', $locale['forum_0608'], $locale['forum_0608'], array('class' => 'btn-primary btn-sm'));
                     $poll_field['poll_field'] .= "</div>\n";
                     $info = array('title' => $locale['forum_0366'], 'description' => $locale['forum_0630'], 'field' => $poll_field);
                     ob_start();
                     echo form_checkbox("add_poll", $locale['forum_0366'], isset($_POST['add_poll']) ? TRUE : FALSE, array('reverse_label' => TRUE));
                     echo "<div id='poll_form' class='poll-form' style='display:none;'>\n";
                     echo "<div class='well clearfix'>\n";
                     echo "<!--pre_form-->\n";
                     echo $info['field']['poll_field'];
                     echo "</div>\n";
                     echo "</div>\n";
                     $poll_form = ob_get_contents();
                     ob_end_clean();
                 }
                 $thread_data = array('forum_id' => $forum_data['forum_id'], 'thread_id' => 0, 'thread_subject' => isset($_POST['thread_subject']) ? form_sanitizer($_POST['thread_subject'], '', 'thread_subject') : '', 'thread_tags' => isset($_POST['thread_tags']) ? form_sanitizer($_POST['thread_tags'], '', 'thread_tags') : '', 'thread_author' => $userdata['user_id'], 'thread_views' => 0, 'thread_lastpost' => time(), 'thread_lastpostid' => 0, 'thread_lastuser' => $userdata['user_id'], 'thread_postcount' => 1, 'thread_poll' => 0, 'thread_sticky' => isset($_POST['thread_sticky']) ? 1 : 0, 'thread_locked' => isset($_POST['thread_sticky']) ? 1 : 0, 'thread_hidden' => 0);
                 $post_data = array('forum_id' => $forum_data['forum_id'], 'forum_cat' => $forum_data['forum_cat'], 'thread_id' => 0, 'post_id' => 0, 'post_message' => isset($_POST['post_message']) ? form_sanitizer($_POST['post_message'], '', 'post_message') : '', 'post_showsig' => isset($_POST['post_showsig']) ? 1 : 0, 'post_smileys' => !isset($_POST['post_smileys']) || isset($_POST['post_message']) && preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $_POST['post_message']) ? 0 : 1, 'post_author' => $userdata['user_id'], 'post_datestamp' => time(), 'post_ip' => USER_IP, 'post_ip_type' => USER_IP_TYPE, 'post_edituser' => 0, 'post_edittime' => 0, 'post_editreason' => '', 'post_hidden' => 0, 'notify_me' => isset($_POST['notify_me']) ? 1 : 0, 'post_locked' => 0);
                 // Execute post new thread
                 if (isset($_POST['post_newthread']) && \defender::safe()) {
                     require_once INCLUDES . "flood_include.php";
                     // all data is sanitized here.
                     if (!flood_control("post_datestamp", DB_FORUM_POSTS, "post_author='" . $userdata['user_id'] . "'")) {
                         // have notice
                         if (\defender::safe()) {
                             // create a new thread.
                             dbquery_insert(DB_FORUM_THREADS, $thread_data, 'save', array('primary_key' => 'thread_id', 'keep_session' => TRUE));
                             $post_data['thread_id'] = dblastid();
                             $pollData['thread_id'] = dblastid();
                             dbquery_insert(DB_FORUM_POSTS, $post_data, 'save', array('primary_key' => 'post_id', 'keep_session' => TRUE));
                             $post_data['post_id'] = dblastid();
                             // Attach files if permitted
                             if (!empty($_FILES) && is_uploaded_file($_FILES['file_attachments']['tmp_name'][0]) && self::getPermission("can_upload_attach")) {
                                 $upload = form_sanitizer($_FILES['file_attachments'], '', 'file_attachments');
                                 if ($upload['error'] == 0) {
                                     foreach ($upload['target_file'] as $arr => $file_name) {
                                         $attach_data = array('thread_id' => $post_data['thread_id'], 'post_id' => $post_data['post_id'], 'attach_name' => $file_name, 'attach_mime' => $upload['type'][$arr], 'attach_size' => $upload['source_size'][$arr], 'attach_count' => '0');
                                         dbquery_insert(DB_FORUM_ATTACHMENTS, $attach_data, "save", array('keep_session' => TRUE));
                                     }
                                 }
                             }
                             dbquery("UPDATE " . DB_USERS . " SET user_posts=user_posts+1 WHERE user_id='" . intval($post_data['post_author']) . "'");
                             // Update stats in forum and threads
                             // find all parents and update them
                             $list_of_forums = get_all_parent(dbquery_tree(DB_FORUMS, 'forum_id', 'forum_cat'), $post_data['forum_id']);
                             if (is_array($list_of_forums)) {
                                 foreach ($list_of_forums as $forum_id) {
                                     $forum_update_sql = "\n                                        UPDATE " . DB_FORUMS . " SET forum_lastpost='" . intval($post_data['post_datestamp']) . "',\n                                        forum_postcount=forum_postcount+1,\n                                        forum_threadcount=forum_threadcount+1,\n                                        forum_lastpostid='" . intval($post_data['post_id']) . "',\n                                        forum_lastuser='" . intval($post_data['post_author']) . "' WHERE forum_id='" . intval($forum_id) . "'\n                                        ";
                                     dbquery($forum_update_sql);
                                 }
                             }
                             // update current forum
                             dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . $post_data['post_datestamp'] . "', forum_postcount=forum_postcount+1, forum_threadcount=forum_threadcount+1, forum_lastpostid='" . $post_data['post_id'] . "', forum_lastuser='" . $post_data['post_author'] . "' WHERE forum_id='" . $post_data['forum_id'] . "'");
                             // update current thread
                             dbquery("UPDATE " . DB_FORUM_THREADS . " SET thread_lastpost='" . $post_data['post_datestamp'] . "', thread_lastpostid='" . $post_data['post_id'] . "', thread_lastuser='" . $post_data['post_author'] . "' WHERE thread_id='" . $post_data['thread_id'] . "'");
                             // set notify
                             if ($forum_settings['thread_notify'] && isset($_POST['notify_me']) && $post_data['thread_id']) {
                                 if (!dbcount("(thread_id)", DB_FORUM_THREAD_NOTIFY, "thread_id='" . $post_data['thread_id'] . "' AND notify_user='" . $post_data['post_author'] . "'")) {
                                     dbquery("INSERT INTO " . DB_FORUM_THREAD_NOTIFY . " (thread_id, notify_datestamp, notify_user, notify_status) VALUES('" . $post_data['thread_id'] . "', '" . $post_data['post_datestamp'] . "', '" . $post_data['post_author'] . "', '1')");
                                 }
                             }
                             // Add poll if exist
                             if (!empty($option_data) && isset($_POST['add_poll'])) {
                                 dbquery_insert(DB_FORUM_POLLS, $pollData, 'save');
                                 $poll_option_data['thread_id'] = $pollData['thread_id'];
                                 $i = 1;
                                 foreach ($option_data as $option_text) {
                                     if ($option_text) {
                                         $poll_option_data['forum_poll_option_id'] = $i;
                                         $poll_option_data['forum_poll_option_text'] = $option_text;
                                         $poll_option_data['forum_poll_option_votes'] = 0;
                                         dbquery_insert(DB_FORUM_POLL_OPTIONS, $poll_option_data, 'save');
                                         $i++;
                                     }
                                 }
                                 dbquery("UPDATE " . DB_FORUM_THREADS . " SET thread_poll='1' WHERE thread_id='" . $pollData['thread_id'] . "'");
                             }
                         }
                         if (\defender::safe()) {
                             redirect(INFUSIONS . "forum/postify.php?post=new&error=0&amp;forum_id=" . intval($post_data['forum_id']) . "&amp;parent_id=" . intval($post_data['forum_cat']) . "&amp;thread_id=" . intval($post_data['thread_id'] . ""));
                         }
                     }
                 }
                 $this->info = array('title' => $locale['forum_0057'], 'description' => '', 'openform' => openform('input_form', 'post', FORUM . "newthread.php?forum_id=" . $post_data['forum_id'], array('enctype' => self::getPermission("can_upload_attach"))), 'closeform' => closeform(), 'forum_id_field' => '', 'thread_id_field' => '', "forum_field" => "", 'subject_field' => form_text('thread_subject', $locale['forum_0600'], $thread_data['thread_subject'], array('required' => 1, 'placeholder' => $locale['forum_2001'], 'error_text' => '', 'class' => 'm-t-20 m-b-20')), 'tags_field' => form_select('thread_tags[]', $locale['forum_tag_0100'], $thread_data['thread_tags'], array('options' => $this->tag()->get_TagOpts(TRUE), 'width' => '100%', 'multiple' => TRUE, 'delimiter' => '.', 'max_select' => 3)), 'message_field' => form_textarea('post_message', $locale['forum_0601'], $post_data['post_message'], array('required' => 1, 'error_text' => '', 'autosize' => 1, 'no_resize' => 1, 'preview' => 1, 'form_name' => 'input_form', 'bbcode' => 1)), 'attachment_field' => self::getPermission("can_upload_attach") ? form_fileinput('file_attachments[]', $locale['forum_0557'], "", array('input_id' => 'file_attachments', 'upload_path' => INFUSIONS . 'forum/attachments/', 'type' => 'object', 'preview_off' => TRUE, "multiple" => TRUE, "inline" => FALSE, 'max_count' => $forum_settings['forum_attachmax_count'], 'valid_ext' => $forum_settings['forum_attachtypes'], "class" => "m-b-0")) . " <div class='m-b-20'>\n<small>\n                            " . sprintf($locale['forum_0559'], parsebytesize($forum_settings['forum_attachmax']), str_replace('|', ', ', $forum_settings['forum_attachtypes']), $forum_settings['forum_attachmax_count']) . "</small>\n</div>\n" : "", 'poll_form' => $poll_form, 'smileys_field' => form_checkbox('post_smileys', $locale['forum_0622'], $post_data['post_smileys'], array('class' => 'm-b-0', 'reverse_label' => TRUE)), 'signature_field' => array_key_exists("user_sig", $userdata) && $userdata['user_sig'] ? form_checkbox('post_showsig', $locale['forum_0623'], $post_data['post_showsig'], array('class' => 'm-b-0', 'reverse_label' => TRUE)) : '', 'sticky_field' => iMOD || iSUPERADMIN ? form_checkbox('thread_sticky', $locale['forum_0620'], $thread_data['thread_sticky'], array('class' => 'm-b-0', 'reverse_label' => TRUE)) : '', 'lock_field' => iMOD || iSUPERADMIN ? form_checkbox('thread_locked', $locale['forum_0621'], $thread_data['thread_locked'], array('class' => 'm-b-0', 'reverse_label' => TRUE)) : '', 'edit_reason_field' => '', 'delete_field' => '', 'hide_edit_field' => '', 'post_locked_field' => '', 'notify_field' => $forum_settings['thread_notify'] ? form_checkbox('notify_me', $locale['forum_0626'], $post_data['notify_me'], array('class' => 'm-b-0', 'reverse_label' => TRUE)) : '', 'post_buttons' => form_button('post_newthread', $locale['forum_0057'], $locale['forum_0057'], array('class' => 'btn-primary btn-sm')) . form_button('cancel', $locale['cancel'], $locale['cancel'], array('class' => 'btn-default btn-sm m-l-10')), 'last_posts_reply' => '');
                 // add a jquery to toggle the poll form
                 add_to_jquery("\n                        if (\$('#add_poll').is(':checked')) {\n                            \$('#poll_form').show();\n                        } else {\n                            \$('#poll_form').hide();\n                        }\n                        \$('#add_poll').bind('click', function() {\n                            if (\$(this).is(':checked')) {\n                                \$('#poll_form').slideDown();\n                            } else {\n                                \$('#poll_form').slideUp();\n                            }\n                        });\n                    ");
             } else {
                 redirect(FORUM . "index.php");
             }
         } else {
             /*
              * Quick New Forum Posting.
              * Does not require to run permissions.
              * Does not contain forum poll.
              * Does not contain attachment
              */
             if (!dbcount("(forum_id)", DB_FORUMS, "forum_type !='1'")) {
                 redirect(INFUSIONS . "forum/index.php");
             }
             if (!dbcount("(forum_id)", DB_FORUMS, "forum_language ='" . LANGUAGE . "'")) {
                 redirect(INFUSIONS . "forum/index.php");
             }
             add_breadcrumb(array("link" => FORUM . "newthread.php?forum_id=0", "title" => $locale['forum_0057']));
             $thread_data = array('forum_id' => isset($_POST['forum_id']) ? form_sanitizer($_POST['forum_id'], 0, "forum_id") : 0, 'thread_id' => 0, 'thread_subject' => isset($_POST['thread_subject']) ? form_sanitizer($_POST['thread_subject'], '', 'thread_subject') : '', 'thread_tags' => isset($_POST['thread_tags']) ? form_sanitizer($_POST['thread_tags'], '', 'thread_tags') : '', 'thread_author' => $userdata['user_id'], 'thread_views' => 0, 'thread_lastpost' => time(), 'thread_lastpostid' => 0, 'thread_lastuser' => $userdata['user_id'], 'thread_postcount' => 1, 'thread_poll' => 0, 'thread_sticky' => isset($_POST['thread_sticky']) ? TRUE : FALSE, 'thread_locked' => isset($_POST['thread_sticky']) ? TRUE : FALSE, 'thread_hidden' => 0);
             $post_data = array('forum_id' => isset($_POST['forum_id']) ? form_sanitizer($_POST['forum_id'], 0, "forum_id") : 0, "forum_cat" => 0, 'thread_id' => 0, 'post_id' => 0, 'post_message' => isset($_POST['post_message']) ? form_sanitizer($_POST['post_message'], '', 'post_message') : '', 'post_showsig' => isset($_POST['post_showsig']) ? TRUE : FALSE, 'post_smileys' => !isset($_POST['post_smileys']) || isset($_POST['post_message']) && preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $_POST['post_message']) ? FALSE : TRUE, 'post_author' => $userdata['user_id'], 'post_datestamp' => time(), 'post_ip' => USER_IP, 'post_ip_type' => USER_IP_TYPE, 'post_edituser' => 0, 'post_edittime' => 0, 'post_editreason' => '', 'post_hidden' => 0, 'notify_me' => isset($_POST['notify_me']) ? TRUE : FALSE, 'post_locked' => 0);
             // go for a new thread posting.
             // check data
             // and validate
             // do not run attach, and do not run poll.
             if (isset($_POST['post_newthread']) && \defender::safe()) {
                 require_once INCLUDES . "flood_include.php";
                 // all data is sanitized here.
                 if (!flood_control("post_datestamp", DB_FORUM_POSTS, "post_author='" . $userdata['user_id'] . "'")) {
                     // have notice
                     if (ForumServer::verify_forum($thread_data['forum_id'])) {
                         $forum_data = dbarray(dbquery("SELECT f.*, f2.forum_name AS forum_cat_name\n                            FROM " . DB_FORUMS . " f\n                            LEFT JOIN " . DB_FORUMS . " f2 ON f.forum_cat=f2.forum_id\n                            WHERE f.forum_id='" . intval($thread_data['forum_id']) . "'\n                            AND " . groupaccess('f.forum_access') . "\n                            "));
                         if ($forum_data['forum_type'] == 1) {
                             redirect(INFUSIONS . "forum/index.php");
                         }
                         // Use the new permission settings
                         self::setPermission($forum_data);
                         $forum_data['lock_edit'] = $forum_settings['forum_edit_lock'];
                         if (self::getPermission("can_post") && self::getPermission("can_access")) {
                             $post_data['forum_cat'] = $forum_data['forum_cat'];
                             // create a new thread.
                             dbquery_insert(DB_FORUM_THREADS, $thread_data, 'save', array('primary_key' => 'thread_id', 'keep_session' => TRUE));
                             $post_data['thread_id'] = dblastid();
                             dbquery_insert(DB_FORUM_POSTS, $post_data, 'save', array('primary_key' => 'post_id', 'keep_session' => TRUE));
                             $post_data['post_id'] = dblastid();
                             dbquery("UPDATE " . DB_USERS . " SET user_posts=user_posts+1 WHERE user_id='" . $post_data['post_author'] . "'");
                             // Update stats in forum and threads
                             // find all parents and update them
                             $list_of_forums = get_all_parent(dbquery_tree(DB_FORUMS, 'forum_id', 'forum_cat'), $post_data['forum_id']);
                             foreach ($list_of_forums as $fid) {
                                 dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . time() . "', forum_postcount=forum_postcount+1, forum_threadcount=forum_threadcount+1, forum_lastpostid='" . $post_data['post_id'] . "', forum_lastuser='" . $post_data['post_author'] . "' WHERE forum_id='" . $fid . "'");
                             }
                             // update current forum
                             dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost=''" . time() . "'', forum_postcount=forum_postcount+1, forum_threadcount=forum_threadcount+1, forum_lastpostid='" . $post_data['post_id'] . "', forum_lastuser='" . $post_data['post_author'] . "' WHERE forum_id='" . $post_data['forum_id'] . "'");
                             // update current thread
                             dbquery("UPDATE " . DB_FORUM_THREADS . " SET thread_lastpost=''" . time() . "'', thread_lastpostid='" . $post_data['post_id'] . "', thread_lastuser='" . $post_data['post_author'] . "' WHERE thread_id='" . $post_data['thread_id'] . "'");
                             // set notify
                             if ($forum_settings['thread_notify'] && isset($_POST['notify_me']) && $post_data['thread_id']) {
                                 if (!dbcount("(thread_id)", DB_FORUM_THREAD_NOTIFY, "thread_id='" . $post_data['thread_id'] . "' AND notify_user='" . $post_data['post_author'] . "'")) {
                                     dbquery("INSERT INTO " . DB_FORUM_THREAD_NOTIFY . " (thread_id, notify_datestamp, notify_user, notify_status) VALUES('" . $post_data['thread_id'] . "', '" . time() . "', '" . $post_data['post_author'] . "', 1)");
                                 }
                             }
                             if (\defender::safe()) {
                                 redirect(INFUSIONS . "forum/postify.php?post=new&error=0&amp;forum_id=" . intval($post_data['forum_id']) . "&amp;parent_id=" . intval($post_data['forum_cat']) . "&amp;thread_id=" . intval($post_data['thread_id'] . ""));
                             }
                         } else {
                             addNotice("danger", $locale['forum_0186']);
                         }
                     } else {
                         addNotice("danger", $locale['forum_0187']);
                         redirect(INFUSIONS . "forum/index.php");
                     }
                 }
             }
             //Disable all parents
             $disabled_opts = array();
             $disable_query = "\n                SELECT forum_id FROM " . DB_FORUMS . " WHERE forum_type='1'\n                " . (multilang_table("FO") ? "AND forum_language='" . LANGUAGE . "'" : "") . "\n                ";
             $disable_query = dbquery(" {$disable_query} ");
             if (dbrows($disable_query) > 0) {
                 while ($d_forum = dbarray($disable_query)) {
                     $disabled_opts = $d_forum['forum_id'];
                 }
             }
             $this->info = array('title' => $locale['forum_0057'], 'description' => '', 'openform' => openform('input_form', 'post', FORUM . "newthread.php", array('enctype' => FALSE)), 'closeform' => closeform(), 'forum_id_field' => '', 'thread_id_field' => '', 'forum_field' => form_select_tree("forum_id", $locale['forum_0395'], $thread_data['forum_id'], array("required" => TRUE, "width" => "320px", "no_root" => TRUE, "disable_opts" => $disabled_opts, "query" => multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "'" : ""), DB_FORUMS, "forum_name", "forum_id", "forum_cat"), 'subject_field' => form_text('thread_subject', $locale['forum_0600'], $thread_data['thread_subject'], array('required' => 1, 'placeholder' => $locale['forum_2001'], 'error_text' => '', 'class' => 'm-t-20 m-b-20')), 'tags_field' => form_select('thread_tags[]', $locale['forum_tag_0100'], $thread_data['thread_tags'], array('options' => $this->tag()->get_TagOpts(), 'width' => '100%', 'multiple' => TRUE, 'delimiter' => '.', 'max_select' => 3)), 'message_field' => form_textarea('post_message', $locale['forum_0601'], $post_data['post_message'], array('required' => 1, 'error_text' => '', 'autosize' => 1, 'no_resize' => 1, 'preview' => 1, 'form_name' => 'input_form', 'bbcode' => 1)), 'attachment_field' => "", 'poll_form' => "", 'smileys_field' => form_checkbox('post_smileys', $locale['forum_0622'], $post_data['post_smileys'], array('class' => 'm-b-0', 'reverse_label' => TRUE)), 'signature_field' => array_key_exists("user_sig", $userdata) && $userdata['user_sig'] ? form_checkbox('post_showsig', $locale['forum_0623'], $post_data['post_showsig'], array('class' => 'm-b-0', 'reverse_label' => TRUE)) : '', 'sticky_field' => iSUPERADMIN ? form_checkbox('thread_sticky', $locale['forum_0620'], $thread_data['thread_sticky'], array('class' => 'm-b-0', 'reverse_label' => TRUE)) : '', 'lock_field' => iSUPERADMIN ? form_checkbox('thread_locked', $locale['forum_0621'], $thread_data['thread_locked'], array('class' => 'm-b-0', 'reverse_label' => TRUE)) : '', 'edit_reason_field' => '', 'delete_field' => '', 'hide_edit_field' => '', 'post_locked_field' => '', 'notify_field' => $forum_settings['thread_notify'] ? form_checkbox('notify_me', $locale['forum_0626'], $post_data['notify_me'], array('class' => 'm-b-0', 'reverse_label' => TRUE)) : '', 'post_buttons' => form_button('post_newthread', $locale['forum_0057'], $locale['forum_0057'], array('class' => 'btn-primary btn-sm')) . form_button('cancel', $locale['cancel'], $locale['cancel'], array('class' => 'btn-default btn-sm m-l-10')), 'last_posts_reply' => '');
         }
     } else {
         redirect(INFUSIONS . 'forum/index.php');
     }
 }
Esempio n. 12
0
 public static function send_pm($to, $from, $subject, $message, $smileys = 'y', $to_group = FALSE, $save_sent = TRUE)
 {
     include LOCALE . LOCALESET . "messages.php";
     require_once INCLUDES . "sendmail_include.php";
     require_once INCLUDES . "flood_include.php";
     $strict = FALSE;
     $locale = array();
     $group_name = getgroupname($to);
     $to = isnum($to) || !empty($group_name) ? $to : 0;
     $from = isnum($from) ? $from : 0;
     $smileys = preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $message) ? "n" : $smileys;
     if (!$to_group) {
         // send to user
         $pmStatus = self::get_pm_settings($to);
         $myStatus = self::get_pm_settings($from);
         if (!flood_control("message_datestamp", DB_MESSAGES, "message_from='" . intval($from) . "'")) {
             // find receipient
             $result = dbquery("SELECT u.user_id, u.user_name, u.user_email, u.user_level,\n\t\t\t\tCOUNT(m.message_id) 'message_count'\n\t\t\t\tFROM " . DB_USERS . " u\n\t\t\t\tLEFT JOIN " . DB_MESSAGES . " m ON m.message_user=u.user_id and message_folder='0'\n\t\t\t\tWHERE u.user_id='" . intval($to) . "' GROUP BY u.user_id\n\t\t\t\t");
             if (dbrows($result) > 0) {
                 $data = dbarray($result);
                 $result2 = dbquery("SELECT user_id, user_name FROM " . DB_USERS . " WHERE user_id='" . intval($from) . "'");
                 if (dbrows($result2) > 0) {
                     $userdata = dbarray($result2);
                     if ($to != $from) {
                         if ($data['user_id'] == 1 || $data['user_level'] < USER_LEVEL_MEMBER || !$pmStatus['user_inbox'] || $data['message_count'] + 1 <= $pmStatus['user_inbox']) {
                             $inputData = array("message_id" => 0, "message_to" => $to, "message_user" => $to, "message_from" => $from, "message_subject" => $subject, "message_message" => $message, "message_smileys" => $smileys, "message_read" => 0, "message_datestamp" => time(), "message_folder" => 0);
                             dbquery_insert(DB_MESSAGES, $inputData, "save");
                             // this will flood the inbox when message is sent to group. -- fixed
                             if ($myStatus['user_pm_save_sent'] == '2' && $save_sent == TRUE) {
                                 // user_outbox.
                                 $cdata = dbarray(dbquery("SELECT COUNT(message_id) AS outbox_count, MIN(message_id) AS last_message FROM\n\t\t\t\t\t\t\t\t\t" . DB_MESSAGES . " WHERE message_to='" . $userdata['user_id'] . "' AND message_user='" . $userdata['user_id'] . "' AND message_folder='1' GROUP BY message_to"));
                                 // check my outbox limit and if surpass, remove oldest message
                                 if ($myStatus['user_outbox'] != "0" && $cdata['outbox_count'] + 1 > $myStatus['user_outbox']) {
                                     dbquery("DELETE FROM " . DB_MESSAGES . " WHERE message_id='" . $cdata['last_message'] . "' AND message_to='" . $userdata['user_id'] . "'");
                                 }
                                 $inputData['message_user'] = $userdata['user_id'];
                                 $inputData['message_folder'] = 1;
                                 $inputData['message_from'] = $to;
                                 $inputData['message_to'] = $userdata['user_id'];
                                 dbquery_insert(DB_MESSAGES, $inputData, "save");
                             }
                             $send_email = $pmStatus['user_pm_email_notify'];
                             if ($send_email == "2") {
                                 $message_content = str_replace("[SUBJECT]", $subject, $locale['626']);
                                 $message_content = str_replace("[USER]", $userdata['user_name'], $message_content);
                                 $template_result = dbquery("SELECT template_key, template_active FROM " . DB_EMAIL_TEMPLATES . " WHERE template_key='PM' LIMIT 1");
                                 if (dbrows($template_result)) {
                                     $template_data = dbarray($template_result);
                                     if ($template_data['template_active'] == "1") {
                                         sendemail_template("PM", $subject, trimlink($message, 150), $userdata['user_name'], $data['user_name'], "", $data['user_email']);
                                     } else {
                                         sendemail($data['user_name'], $data['user_email'], fusion_get_settings("siteusername"), fusion_get_settings("siteemail"), $locale['625'], $data['user_name'] . $message_content);
                                     }
                                 } else {
                                     sendemail($data['user_name'], $data['user_email'], fusion_get_settings("siteusername"), fusion_get_settings("siteemail"), $locale['625'], $data['user_name'] . $message_content);
                                 }
                             }
                         } else {
                             // Inbox is full
                             if ($strict) {
                                 die("User inbox is full. Try delete it or upgrade it to 102 or 103 status");
                             }
                             \defender::stop();
                             addNotice("danger", $locale['628']);
                         }
                     }
                 } else {
                     // Sender does not exist in DB
                     if ($strict) {
                         die("Sender User ID does not exist in DB. Sequence Aborted.");
                     }
                     \defender::stop();
                     addNotice("danger", $locale['482']);
                 }
             } else {
                 \defender::stop();
                 if ($strict) {
                     die("Message Recepient User ID is invalid");
                 }
                 addNotice("danger", $locale['482']);
             }
         } else {
             if ($strict) {
                 die("You are flooding, send_pm halted");
             }
             \defender::stop();
             addNotice("danger", sprintf($locale['487'], fusion_get_settings("flood_interval")));
         }
     } else {
         $result = NULL;
         if ($to <= -101 && $to >= -103) {
             // -101, -102, -103 only
             $result = dbquery("SELECT user_id from " . DB_USERS . " WHERE user_level <='" . intval($to) . "' AND user_status='0'");
         } else {
             // ## --- deprecate -- WHERE user_groups REGEXP('^\\\.{$to}$|\\\.{$to}\\\.|\\\.{$to}$') #
             $result = dbquery("SELECT user_id FROM " . DB_USERS . " WHERE " . in_group("user_groups", $to) . " AND user_status='0'");
         }
         if (dbrows($result) > 0) {
             while ($data = dbarray($result)) {
                 self::send_pm($data['user_id'], $from, $subject, $message, $smileys, FALSE, FALSE);
             }
         } else {
             \defender::stop();
             addNotice("danger", $locale['492']);
         }
     }
 }
Esempio n. 13
0
 /**
  * Handle post of Quick Reply Form
  */
 private function handle_quick_reply()
 {
     $forum_settings = $this->get_forum_settings();
     $locale = fusion_get_locale();
     $userdata = fusion_get_userdata();
     if (isset($_POST['post_quick_reply'])) {
         if ($this->getThreadPermission("can_reply") && \defender::safe()) {
             $this->thread_data = $this->thread_info['thread'];
             require_once INCLUDES . "flood_include.php";
             if (!flood_control("post_datestamp", DB_FORUM_POSTS, "post_author='" . $userdata['user_id'] . "'")) {
                 // have notice
                 $post_data = array('post_id' => 0, 'forum_id' => $this->thread_data['forum_id'], 'thread_id' => $this->thread_data['thread_id'], 'post_message' => form_sanitizer($_POST['post_message'], '', 'post_message'), 'post_showsig' => isset($_POST['post_showsig']) ? 1 : 0, 'post_smileys' => isset($_POST['post_smileys']) || preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $_POST['post_message']) ? 1 : 0, 'post_author' => $userdata['user_id'], 'post_datestamp' => time(), 'post_ip' => USER_IP, 'post_ip_type' => USER_IP_TYPE, 'post_edituser' => 0, 'post_edittime' => 0, 'post_editreason' => '', 'post_hidden' => 0, 'post_locked' => $forum_settings['forum_edit_lock'] || isset($_POST['post_locked']) ? 1 : 0);
                 if (\defender::safe()) {
                     // post message is invalid or whatever is invalid
                     $update_forum_lastpost = FALSE;
                     // Prepare forum merging action
                     $last_post_author = dbarray(dbquery("SELECT post_author FROM " . DB_FORUM_POSTS . " WHERE thread_id='" . $this->thread_data['thread_id'] . "' ORDER BY post_id DESC LIMIT 1"));
                     if ($last_post_author['post_author'] == $post_data['post_author'] && $this->thread_data['forum_merge']) {
                         $last_message = dbarray(dbquery("SELECT post_id, post_message FROM " . DB_FORUM_POSTS . " WHERE thread_id='" . $this->thread_data['thread_id'] . "' ORDER BY post_id DESC"));
                         $post_data['post_id'] = $last_message['post_id'];
                         $post_data['post_message'] = $last_message['post_message'] . "\n\n" . $locale['forum_0640'] . " " . showdate("longdate", time()) . ":\n" . $post_data['post_message'];
                         dbquery_insert(DB_FORUM_POSTS, $post_data, 'update', array('primary_key' => 'post_id'));
                     } else {
                         $update_forum_lastpost = TRUE;
                         dbquery_insert(DB_FORUM_POSTS, $post_data, 'save', array('primary_key' => 'post_id'));
                         $post_data['post_id'] = dblastid();
                         dbquery("UPDATE " . DB_USERS . " SET user_posts=user_posts+1 WHERE user_id='" . $post_data['post_author'] . "'");
                     }
                     // Update stats in forum and threads
                     if ($update_forum_lastpost) {
                         // find all parents and update them
                         $list_of_forums = get_all_parent(dbquery_tree(DB_FORUMS, 'forum_id', 'forum_cat'), $this->thread_data['forum_id']);
                         if (!empty($list_of_forums)) {
                             foreach ($list_of_forums as $fid) {
                                 dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . time() . "', forum_postcount=forum_postcount+1, forum_lastpostid='" . $post_data['post_id'] . "', forum_lastuser='" . $post_data['post_author'] . "' WHERE forum_id='" . $fid . "'");
                             }
                         }
                         // update current forum
                         dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . time() . "', forum_postcount=forum_postcount+1, forum_lastpostid='" . $post_data['post_id'] . "', forum_lastuser='" . $post_data['post_author'] . "' WHERE forum_id='" . $this->thread_data['forum_id'] . "'");
                         // update current thread
                         dbquery("UPDATE " . DB_FORUM_THREADS . " SET thread_lastpost='" . time() . "', thread_lastpostid='" . $post_data['post_id'] . "', thread_postcount=thread_postcount+1, thread_lastuser='" . $post_data['post_author'] . "' WHERE thread_id='" . $this->thread_data['thread_id'] . "'");
                     }
                     // set notify
                     if ($forum_settings['thread_notify'] == TRUE && isset($_POST['notify_me']) && $this->thread_data['thread_id']) {
                         if (!dbcount("(thread_id)", DB_FORUM_THREAD_NOTIFY, "thread_id='" . $this->thread_data['thread_id'] . "' AND notify_user='" . $post_data['post_author'] . "'")) {
                             dbquery("INSERT INTO " . DB_FORUM_THREAD_NOTIFY . " (thread_id, notify_datestamp, notify_user, notify_status) VALUES('" . $this->thread_data['thread_id'] . "', '" . time() . "', '" . $post_data['post_author'] . "', '1')");
                         }
                     }
                 }
                 redirect(INFUSIONS . "forum/postify.php?post=reply&error=0&amp;forum_id=" . intval($post_data['forum_id']) . "&amp;thread_id=" . intval($post_data['thread_id']) . "&amp;post_id=" . intval($post_data['post_id']));
             }
         }
     }
 }
Esempio n. 14
0
function showcomments($ctype, $cdb, $ccol, $cid, $clink, $ingroup)
{
    global $settings, $locale, $userdata, $aidlink;
    if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
        $eresult = dbquery("SELECT tcm.*,user_name FROM " . DB_COMMENTS . " tcm\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'");
        if (dbrows($eresult)) {
            $edata = dbarray($eresult);
            if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) {
                $clink .= "&amp;c_action=edit&amp;comment_id=" . $edata['comment_id'];
                $comment_message = $edata['comment_message'];
            }
        } else {
            $comment_message = "";
        }
    } else {
        $comment_message = "";
    }
    if (iMEMBER && $ingroup) {
        add_to_head("<script type='text/javascript'>window.onload=setTimeout(\"hideall()\", 250);\n\t\tfunction hideall(){\n\t\t\tdocument.getElementById('bbcode').style.display='none';\n\t\t}\n\t\tfunction showhide(msg_id) {\n\t\t   document.getElementById(msg_id).style.display = document.getElementById(msg_id).style.display == 'none' ? 'block' : 'none';\n\t\t}</script>\n");
        require_once INCLUDES . "bbcode_include.php";
        echo "<a id='edit_comment' name='edit_comment'></a>\n";
        echo "<form name='inputform' method='post' action='" . $clink . "'>\n";
        echo "<div align='center'>\n";
        echo "<textarea name='comment_message' rows='2' class='textbox' style='width:90%'>" . $comment_message . "</textarea><br />\n";
        echo "<input type='submit' name='post_comment' value='" . $locale['uc283'] . "' class='button' /> :: <a onClick='showhide(\"bbcode\")'>" . $locale['uc285'] . "</a>\n";
        echo "<div id='bbcode'><br />" . display_bbcodes("360px", "comment_message") . "</div>\n";
        echo "</div>\n</form>\n";
    } else {
        echo "<div align='center'>" . $locale['uc289'] . "</div>\n";
    }
    echo "</td>\n</tr>\n";
    echo "<tr>\n<td class='tbl1' style='padding:6px;'>\n";
    if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
        if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) {
            $result = dbquery("DELETE FROM " . DB_COMMENTS . " WHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : " AND comment_name='" . $userdata['user_id'] . "'"));
        }
        redirect($clink);
    }
    if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) {
        if (iMEMBER) {
            $comment_name = $userdata['user_id'];
        } elseif ($settings['guestposts'] == "1") {
            $comment_name = trim(stripinput($_POST['comment_name']));
            $comment_name = preg_replace("(^[0-9]*)", "", $comment_name);
            if (isnum($comment_name)) {
                $comment_name = "";
            }
        }
        $comment_message = trim(stripinput(censorwords($_POST['comment_message'])));
        if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
            $comment_updated = false;
            if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) {
                if ($comment_message) {
                    $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='{$comment_message}' WHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : " AND comment_name='" . $userdata['user_id'] . "'"));
                    $comment_updated = true;
                }
            }
            if ($comment_updated) {
                $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_id<='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'") / 10) - 1) * 10;
            }
            redirect($clink . "&amp;rstart=" . (isset($c_start) && isnum($c_start) ? $c_start : ""));
        } else {
            if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) {
                redirect(BASEDIR . "index.php");
            }
            if ($comment_name && $comment_message) {
                require_once INCLUDES . "flood_include.php";
                if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) {
                    $result = dbquery("INSERT INTO " . DB_COMMENTS . " (comment_item_id, comment_type, comment_name, comment_message, comment_datestamp, comment_ip) VALUES ('{$cid}', '{$ctype}', '{$comment_name}', '{$comment_message}', '" . time() . "', '" . USER_IP . "')");
                }
            }
            $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'") / 10) - 1) * 10;
            redirect($clink . "&amp;rstart=" . $c_start);
        }
    }
    echo "<a id='comments' name='comments'></a>";
    $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='{$cid}' AND comment_type='{$ctype}'");
    if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) {
        $_GET['c_start'] = 0;
    }
    $result = dbquery("SELECT tcm.*,tcu.* FROM " . DB_COMMENTS . " tcm\n\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\tWHERE comment_item_id='{$cid}' AND comment_type='{$ctype}'\n\t\tORDER BY comment_datestamp DESC LIMIT " . $_GET['c_start'] . ",10");
    if (dbrows($result)) {
        $i = $_GET['c_start'] + 1;
        if ($c_rows > 10) {
            echo "<div style='text-align:center;margin-bottom:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&amp;") . "</div>\n";
        }
        echo "<table width='100%' cellspacing='1' cellpadding='0'>\n";
        while ($data = dbarray($result)) {
            echo "<tr><td class='tbl2' rowspan='2' width='1'>\n";
            if ($data['user_avatar']) {
                list($width, $height) = getimagesize(IMAGES . "avatars/" . $data['user_avatar']);
                $new_width = 70;
                $new_height = $height * ($new_width / $height);
                echo "<img src='" . IMAGES . "avatars/" . $data['user_avatar'] . "' alt='' style='width:" . $new_width . "px;height:" . $new_height . "px'>\n";
            } else {
                echo "<img src='" . IMAGES . "noav.gif' alt='' style='width:70px;height:70px'>\n";
            }
            echo "</td>\n<td class='tbl2' style='height:30px;'>";
            if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) {
                echo "<div style='float:right'>\n<a href='" . FUSION_REQUEST . "&amp;c_action=edit&amp;comment_id=" . $data['comment_id'] . "#edit_comment'>" . $locale['c108'] . "</a> |\n";
                echo "<a href='" . FUSION_REQUEST . "&amp;c_action=delete&amp;comment_id=" . $data['comment_id'] . "'>" . $locale['c109'] . "</a>\n</div>\n";
            }
            echo "<a href='" . FUSION_REQUEST . "#c" . $data['comment_id'] . "' id='c" . $data['comment_id'] . "' name='c" . $data['comment_id'] . "'>#" . $i . "</a> | ";
            echo "<a href='" . BASEDIR . "profile.php?lookup=" . $data['comment_name'] . "'>" . showLabel($data['comment_name']) . "</a>\n";
            echo "<span class='small'>" . timepassed($data['comment_datestamp']) . "</span></td></tr>\n<tr><td class='tbl1' style='vertical-align:top;'>\n";
            echo nl2br(parseubb(parsesmileys($data['comment_message']))) . "</td></tr>\n";
            $i++;
        }
        echo "</table>";
        if (iADMIN && checkrights("C")) {
            echo "<div align='right' class='tbl2'><a href='" . ADMIN . "comments.php" . $aidlink . "&amp;ctype={$ctype}&amp;cid={$cid}'>" . $locale['c106'] . "</a></div>\n";
        }
        if ($c_rows > 10) {
            echo "<div style='text-align:center;margin-top:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&amp;") . "</div>\n";
        }
    } else {
        echo $locale['uc284'] . "\n";
    }
}
Esempio n. 15
0
 /**
  * Display Comments
  * @param $comment_type
  * @param $comment_db
  * @param $comment_col
  * @param $comment_item_id
  * @param $clink
  */
 public function showComments($comment_type, $comment_db, $comment_col, $comment_item_id, $clink)
 {
     global $aidlink;
     $locale = fusion_get_locale();
     $locale += fusion_get_locale('', LOCALE . LOCALESET . "user_fields.php");
     $cpp = $this->settings['comments_per_page'];
     $comment_data = array('comment_id' => isset($_GET['comment_id']) && isnum($_GET['comment_id']) ? $_GET['comment_id'] : 0, 'comment_name' => '', 'comment_message' => '', 'comment_datestamp' => time(), 'comment_item_id' => $comment_item_id, 'comment_type' => $comment_type, 'comment_cat' => 0, 'comment_ip' => USER_IP, 'comment_ip_type' => USER_IP_TYPE, 'comment_hidden' => 0);
     /** Delete */
     if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
         if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $this->userdata['user_id'] . "'")) {
             $result = dbquery("\n                DELETE FROM " . DB_COMMENTS . "\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\n\t\t\t\tAND comment_name='" . $this->userdata['user_id'] . "'"));
         }
         redirect($clink . ($this->settings['comments_sorting'] == "ASC" ? "" : "&amp;c_start=0"));
     }
     if ($this->settings['comments_enabled'] == "1") {
         $this->c_arr['c_info']['comments_count'] = format_word(0, $this->locale['fmt_comment']);
         // Handle Comment Posts
         if ((iMEMBER || $this->settings['guestposts']) && isset($_POST['post_comment'])) {
             if (!iMEMBER && $this->settings['guestposts']) {
                 // Process Captchas
                 $_CAPTCHA_IS_VALID = FALSE;
                 include INCLUDES . "captchas/" . $this->settings['captcha'] . "/captcha_check.php";
                 if (!isset($_POST['captcha_code']) && $_CAPTCHA_IS_VALID == FALSE) {
                     \defender::stop();
                     addNotice("danger", $locale['u194']);
                 }
             }
             $comment_data = array('comment_id' => isset($_GET['comment_id']) && isnum($_GET['comment_id']) ? $_GET['comment_id'] : 0, 'comment_name' => iMEMBER ? $this->userdata['user_id'] : form_sanitizer($_POST['comment_name'], '', 'comment_name'), 'comment_message' => form_sanitizer($_POST['comment_message'], '', 'comment_message'), 'comment_datestamp' => time(), 'comment_item_id' => $comment_item_id, 'comment_type' => $comment_type, 'comment_cat' => form_sanitizer($_POST['comment_cat'], 0, 'comment_cat'), 'comment_ip' => USER_IP, 'comment_ip_type' => USER_IP_TYPE, 'comment_hidden' => 0);
             if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && $comment_data['comment_id']) {
                 // Update comment
                 if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $comment_data['comment_id'] . "'\n                        AND comment_item_id='" . $comment_item_id . "'\n                        AND comment_type='" . $comment_type . "'\n                        AND comment_name='" . $this->userdata['user_id'] . "'\n                        AND comment_hidden='0'") && \defender::safe()) {
                     $c_name_query = "SELECT comment_name FROM " . DB_COMMENTS . " WHERE comment_id='" . $comment_data['comment_id'] . "'";
                     $comment_data['comment_name'] = dbresult(dbquery($c_name_query), 0);
                     dbquery_insert(DB_COMMENTS, $comment_data, 'update');
                     if ($this->settings['comments_sorting'] == "ASC") {
                         $c_operator = "<=";
                     } else {
                         $c_operator = ">=";
                     }
                     $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_id" . $c_operator . "'" . $comment_data['comment_id'] . "'\n                            AND comment_item_id='" . $comment_item_id . "'\n                            AND comment_type='" . $comment_type . "'");
                     $c_start = (ceil($c_count / $cpp) - 1) * $cpp;
                     addNotice("success", $locale['global_027']);
                     redirect(self::format_clink($clink) . "&amp;c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : ""));
                 }
             } else {
                 // Save New comment
                 if (!dbcount("(" . $comment_col . ")", $comment_db, $comment_col . "='" . $comment_item_id . "'")) {
                     redirect(BASEDIR . "index.php");
                 }
                 if (\defender::safe()) {
                     $c_start = 0;
                     $id = 0;
                     if ($comment_data['comment_name'] && $comment_data['comment_message']) {
                         require_once INCLUDES . "flood_include.php";
                         if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) {
                             dbquery_insert(DB_COMMENTS, $comment_data, 'save');
                             $id = dblastid();
                             if ($this->settings['comments_sorting'] == "ASC") {
                                 $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "'");
                                 $c_start = (ceil($c_count / $cpp) - 1) * $cpp;
                             }
                         }
                         redirect(self::format_clink($clink) . "&amp;c_start=" . $c_start . "#c" . $id);
                     }
                 }
             }
         }
         $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "' AND comment_hidden='0'");
         if (!isset($_GET['c_start']) && $c_rows > $cpp) {
             $_GET['c_start'] = (ceil($c_rows / $cpp) - 1) * $cpp;
         }
         if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) {
             $_GET['c_start'] = 0;
         }
         $comment_query = "\n            SELECT tcm.*, tcu.user_id, tcu.user_name, tcu.user_avatar, tcu.user_status\n            FROM " . DB_COMMENTS . " tcm\n            LEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n            WHERE comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "' AND comment_hidden='0'\n            ORDER BY comment_datestamp " . $this->settings['comments_sorting'] . ", comment_cat DESC";
         $query = dbquery($comment_query);
         if (dbrows($query) > 0) {
             $i = $this->settings['comments_sorting'] == "ASC" ? $_GET['c_start'] + 1 : $c_rows - $_GET['c_start'];
             if ($c_rows > $cpp) {
                 $this->c_arr['c_info']['c_makepagenav'] = makepagenav($_GET['c_start'], $cpp, $c_rows, 3, $clink . "&amp;", "c_start");
             }
             if (iADMIN && checkrights("C")) {
                 $this->c_arr['c_info']['admin_link'] = "<!--comment_admin-->\n";
                 $this->c_arr['c_info']['admin_link'] .= "<a href='" . ADMIN . "comments.php" . $aidlink . "&amp;ctype=" . $comment_type . "&amp;comment_item_id=" . $comment_item_id . "'>" . $this->locale['c106'] . "</a>";
             }
             while ($row = dbarray($query)) {
                 $actions = array("edit_dell" => "", "edit_link" => "", "delete_link" => "");
                 if (iADMIN && checkrights("C") || iMEMBER && $row['comment_name'] == $this->userdata['user_id'] && isset($row['user_name'])) {
                     $edit_link = clean_request('c_action=edit&comment_id=' . $row['comment_id'], array('c_action', 'comment_id'), false) . "#edit_comment";
                     $delete_link = clean_request('c_action=delete&comment_id=' . $row['comment_id'], array('c_action', 'comment_id'), false);
                     $comment_actions = "<!---comment_actions--><div class='btn-group'>\n                        <a class='btn btn-xs btn-default' href='{$edit_link}'>" . $this->locale['c108'] . "</a>\n                        <a class='btn btn-xs btn-default' href='{$delete_link}' onclick=\"return confirm('" . $this->locale['c110'] . "');\"><i class='fa fa-trash'></i>" . $this->locale['c109'] . "</a>\n                        </div><!---//comment_actions-->\n                    ";
                     $actions = array("edit_link" => array('link' => $edit_link, 'name' => $this->locale['c108']), "delete_link" => array('link' => $delete_link, 'name' => $this->locale['c109']), "edit_dell" => $comment_actions);
                 }
                 $reply_form = "";
                 if (isset($_GET['comment_reply']) && $_GET['comment_reply'] == $row['comment_id']) {
                     $locale = fusion_get_locale();
                     $comment_data['comment_cat'] = $row['comment_id'];
                     $reply_form = openform("comments_reply_form", "post", FUSION_REQUEST, array("class" => "comments_reply_form"));
                     if (iGUEST) {
                         $reply_form .= form_text('comment_name', fusion_get_locale('c104'), $comment_data['comment_name'], array('max_length' => 30));
                     }
                     $reply_form .= form_hidden("comment_cat", "", $comment_data['comment_cat']);
                     $reply_form .= form_textarea("comment_message", "", $comment_data['comment_message'], array("tinymce" => "simple", "type" => fusion_get_settings("tinymce_enabled") ? "tinymce" : "bbcode", "input_id" => "comment_message-" . $i, "required" => true));
                     if (iGUEST && (!isset($_CAPTCHA_HIDE_INPUT) || isset($_CAPTCHA_HIDE_INPUT) && !$_CAPTCHA_HIDE_INPUT)) {
                         $_CAPTCHA_HIDE_INPUT = FALSE;
                         $reply_form .= "<div class='m-t-10 m-b-10'>";
                         $reply_form .= "<label class='col-xs-12 col-sm-3'>" . $locale['global_150'] . "</label><div class='col-xs-12 col-sm-9'>\n";
                         ob_start();
                         include INCLUDES . "captchas/" . $this->settings['captcha'] . "/captcha_display.php";
                         $reply_form .= ob_get_contents();
                         ob_end_clean();
                         if (!$_CAPTCHA_HIDE_INPUT) {
                             $reply_form .= "<br />\n<label for='captcha_code'>" . $locale['global_151'] . "</label>";
                             $reply_form .= "<br />\n<input type='text' id='captcha_code' name='captcha_code' class='textbox' autocomplete='off' style='width:100px' />\n";
                         }
                         $reply_form .= "</div>\n";
                         $reply_form .= "</div>\n";
                     }
                     $reply_form .= form_button('post_comment', $locale['c102'], $locale['c102'], array('class' => 'btn-success m-t-10'));
                     $reply_form .= closeform();
                 }
                 /** formats $row */
                 $row = array("comment_id" => $row['comment_id'], "comment_cat" => $row['comment_cat'], "i" => $i, "user_avatar" => display_avatar($row, '50px', '', false, 'img-rounded'), "user" => array("user_id" => $row['user_id'], "user_name" => $row['user_name'], "user_avatar" => $row['user_avatar'], "status" => $row['user_status']), "reply_link" => clean_request("comment_reply=" . $row['comment_id'], array("comment_reply"), false), "reply_form" => $reply_form, "comment_datestamp" => showdate('shortdate', $row['comment_datestamp']), "comment_time" => timer($row['comment_datestamp']), "comment_message" => "<!--comment_message-->\n" . nl2br(parseubb(parsesmileys($row['comment_message']))) . "<!--//comment_message-->\n", "comment_name" => $row['user_name'] ? profile_link($row['comment_name'], $row['user_name'], $row['user_status'], 'strong text-dark') : $row['comment_name']);
                 $row += $actions;
                 $id = $row['comment_id'];
                 $parent_id = $row['comment_cat'] === NULL ? "0" : $row['comment_cat'];
                 $data[$id] = $row;
                 $this->c_arr['c_con'][$parent_id][$id] = $row;
                 $this->settings['comments_sorting'] == "ASC" ? $i++ : $i--;
             }
             // Paginate the array
             $this->c_arr['c_con'][0] = array_chunk($this->c_arr['c_con'][0], $cpp, true);
             // Pass cpp settings
             $this->c_arr['c_info']['comments_per_page'] = $cpp;
             $this->c_arr['c_info']['comments_count'] = format_word(number_format($i - 1, 0), $this->locale['fmt_comment']);
         }
         echo "<a id='comments' name='comments'></a>";
         render_comments($this->c_arr['c_con'], $this->c_arr['c_info']);
         render_comments_form($comment_type, $clink, $comment_item_id, isset($_CAPTCHA_HIDE_INPUT) ? $_CAPTCHA_HIDE_INPUT : FALSE);
     }
 }