function theme_nameList($names) { foreach ($names as &$name) { $name = '<b' . (isMod($name) ? ' class="nnf_mod"' : '') . '>' . safeHTML($name) . '</b>'; } return implode(', ', $names); }
stderr("Error", "Topic length is limited to {$Multi_forum['configs']['maxsubjectlength']} characters."); } } else { $forumid = get_topic_forum($topicid) or die("Bad topic ID"); } // ------ Make sure sure user has write access in forum $arr = get_forum_access_levels($forumid) or die("Bad forum ID"); if ($CURUSER['class'] < $arr["write"] || $newtopic && $CURUSER['class'] < $arr["create"] && !isMod($forumid, "topic")) { stderr("Error", "Permission denied."); } $body = trim($_POST["body"]); if (empty($body)) { stderr("Error", "No body text."); } $userid = (int) $CURUSER["id"]; if ($Multi_forum['configs']['use_flood_mod'] && $CURUSER['class'] < UC_STAFF && !isMod($forumid, "topic")) { $res = sql_query("SELECT COUNT(id) AS c FROM posts WHERE user_id=" . sqlesc($CURUSER['id']) . " AND added > '" . (TIME_NOW - $Multi_forum['configs']['minutes'] * 60) . "'"); $arr = mysqli_fetch_assoc($res); if ($arr['c'] > $Multi_forum['configs']['limit']) { stderr("Flood", "More than " . $Multi_forum['configs']['limit'] . " posts in the last " . $Multi_forum['configs']['minutes'] . " minutes."); } } if ($newtopic) { $subject = sqlesc($subject); $anonymous = isset($_POST['anonymous']) && $_POST["anonymous"] != "" ? "yes" : "no"; sql_query("INSERT INTO topics (user_id, forum_id, topic_name, anonymous) VALUES(" . sqlesc($userid) . ", " . sqlesc($forumid) . ", {$subject}, " . sqlesc($anonymous) . ")") or sqlerr(__FILE__, __LINE__); $topicid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res or stderr("Error", "No topic ID returned!"); $added = sqlesc(TIME_NOW); $body = sqlesc($body); $anonymous = isset($_POST['anonymous']) && $_POST["anonymous"] != "" ? "yes" : "no"; sql_query("INSERT INTO posts (topic_id, user_id, added, body, anonymous, icon) VALUES(" . sqlesc($topicid) . ", " . sqlesc($userid) . ", {$added}, {$body}, " . sqlesc($anonymous) . "," . sqlesc($posticon) . ")") or sqlerr(__FILE__, __LINE__);
</tbody> </table> </form> <br />";**/ } if ($postid > $lpr && $postadd > TIME_NOW - $INSTALLER09['readpost_expiry']) { if ($lpr) { sql_query("UPDATE read_posts SET last_post_read=" . sqlesc($postid) . " WHERE user_id=" . sqlesc($userid) . " AND topic_id=" . sqlesc($topicid)) or sqlerr(__FILE__, __LINE__); } else { sql_query("INSERT INTO read_posts (user_id, topic_id, last_post_read) VALUES(" . sqlesc($userid) . ", " . sqlesc($topicid) . ", " . sqlesc($postid) . ")") or sqlerr(__FILE__, __LINE__); } } // ------ Mod options if ($CURUSER['class'] >= UC_STAFF || isMod($forumid, "forum")) { require_once FORUM_DIR . "/mod_panel.php"; } // $HTMLOUT .= end_frame(); $HTMLOUT .= "<br /></div></div>"; //$HTMLOUT .= end_main_frame(); if (isMod($topicid)) { $CURUSER['class'] = UC_STAFF; } echo stdhead("Forums :: View Topic: {$subject}", true, $stdhead) . $HTMLOUT . stdfoot($stdfoot); $uploaderror = isset($_GET['uploaderror']) ? htmlsafechars($_GET['uploaderror']) : ''; if (!empty($uploaderror)) { $HTMLOUT .= "<script>alert(\"Upload Failed: {$uploaderror}\nHowever your post was successful saved!\n\nClick 'OK' to continue.\");</script>"; } exit; ?>
function formatText($text, $permalink = '', $post_id = '', $rss = NULL) { //unify carriage returns between Windows / UNIX, and sanitise HTML against injection $text = safeHTML(preg_replace('/\\r\\n?/', "\n", $text)); //these arrays will hold any portions of text that have to be temporarily removed to avoid interference with the //markup processing, i.e code spans / blocks $pre = array(); $code = array(); /* preformatted text (code blocks): -------------------------------------------------------------------------------------------------------------- */ /* example: or: (latex in particular since it uses % as a comment marker) % title $ title ⋮ ⋮ % $ */ while (preg_match('/^(?-s:(\\h*)([%$])(.*?))\\n(.*?)\\n\\h*\\2(["”»]?)$/msu', $text, $m, PREG_OFFSET_CAPTURE)) { //format the code block $pre[] = "<pre><span class=\"ct\">{$m[2][0]}{$m[3][0]}</span>\n" . (strlen($m[1][0]) ? preg_replace("/^\\s{1," . strlen($m[1][0]) . "}/m", '', $m[4][0]) : $m[4][0]) . "\n<span class=\"cb\">{$m[2][0]}</span></pre>"; //replace the code block with a placeholder: //(we will have to remove the code chunks from the source text to avoid the other markup processing from //munging it and then restore the chunks back later) $text = substr_replace($text, "\n&PRE_" . (count($pre) - 1) . ";\n" . $m[5][0], $m[0][1], strlen($m[0][0])); } /* inline code / teletype text: -------------------------------------------------------------------------------------------------------------- */ // example: `code` or ``code`` while (preg_match('/(?<=[\\s\\p{Z}\\p{P}]|^)(`+)(.*?)(?<!`)\\1(?!`)/m', $text, $m, PREG_OFFSET_CAPTURE)) { //format the code block $code[] = '<code>' . $m[1][0] . $m[2][0] . $m[1][0] . '</code>'; //same as with normal code blocks, replace them with a placeholder $text = substr_replace($text, '&CODE_' . (count($code) - 1) . ';', $m[0][1], strlen($m[0][0])); } /* hyperlinks: -------------------------------------------------------------------------------------------------------------- */ //find full URLs and turn into HTML hyperlinks. we also detect e-mail addresses automatically while (preg_match('/(?: ((?:(?:http|ftp)s?|irc)?:\\/\\/) # $1 = protocol | ([a-z0-9\\._%+\\-]+@) # $2 = email name )( # $3 = friendly URL (no protocol) [-\\.\\p{L}\\p{M}\\p{N}]+ # domain (letters, diacritics, numbers & dash only) (?:\\.[\\p{L}\\p{M}\\p{N}]+)+ # TLDs (also letters, diacritics & numbers only) )(?(2)| # email ends here (\\/)? # $4 = slash is excluded from friendly URL (?(4)( # $5 = folders and filename, relative URL (?> # folders and filename "(?!\\/?>|\\s|$)| # ignore the end of an HTML hyperlink \\)(?![:\\.,"”»]?(?:\\s|$))| # ignore brackets on end with punctuation [:\\.,”»](?!\\s|$)| # ignore various characters on the end [^\\s:)\\.,"”»] # the rest, including bookmark )* )?) )/xiu', $text, $m, PREG_OFFSET_CAPTURE, @($m[0][1] + strlen($replace)))) { $text = substr_replace($text, $replace = '<a href="' . ($p = @$m[2][0] ? 'mailto:' . $m[2][0] : ($m[1][0] ? $m[1][0] : 'http://')) . htmlspecialchars($m[3][0] . @$m[4][0] . @$m[5][0], ENT_COMPAT, 'UTF-8', false) . '"' . ($p . $m[3][0] !== FORUM_URL ? ' rel="nofollow external"' : '') . '>' . $m[0][0] . '</a>', $m[0][1], strlen($m[0][0])); } /* inline formatting: -------------------------------------------------------------------------------------------------------------- */ $text = preg_replace(array('/(?<=\\s|^)_(?!_)(.*?)(?<!_)_(?=\\s|$)/m', '/(?<![*\\w])\\*(?!\\*)(.*?)(?<!\\*)\\*(?![*\\w])/'), array('<em>_$1_</em>', '<strong>*$1*</strong>'), $text); /* divider: "---" -------------------------------------------------------------------------------------------------------------- */ $text = preg_replace('/(?:\\n|\\A)\\h*(---+)\\h*(?:\\n?$|\\Z)/m', "\n\n<p class=\"hr\">\$1</p>\n", $text); /* blockquotes: -------------------------------------------------------------------------------------------------------------- */ /* example: “this is the first quote level. “this is the second quote level.” back to the first quote level.” */ do { $text = preg_replace(array('/(?:\\n|\\A)\\h*("(?!\\s+)((?>(?1)|.)*?)\\s*")\\h*(?:\\n?$|\\Z)/msu', '/(?:\\n|\\A)\\h*(“(?!\\s+)((?>(?1)|.)*?)\\s*”)\\h*(?:\\n?$|\\Z)/msu', '/(?:\\n|\\A)\\h*(«(?!\\s+)((?>(?1)|.)*?)\\s*»)\\h*(?:\\n?$|\\Z)/msu'), "\n\n<blockquote>\n\n" . "<span class=\"ql\">“</span>\n\$2\n<span class=\"qr\">”</span>\n\n" . "</blockquote>\n", $text, -1, $c); } while ($c); //remove the extra linebreaks addeded between our theme quotes //(required so that extra `<br />`s don’t get added!) $text = preg_replace(array('/“<\\/span>\\n(?!\\n)/', '/\\n<span class="qr">/'), array('“</span>', '<span class="qr">'), $text); /* name references: -------------------------------------------------------------------------------------------------------------- */ //name references (e.g. "@bob") will link back to the last reply in the thread made by that person. //this requires that the whole RSS thread is passed to this function to refer to if (!is_null($rss)) { //first, produce a list of all authors in the thread $names = array(); foreach ($rss->channel->xpath('./item/author') as $name) { $names[] = $name[0]; } $names = array_unique($names); //remove duplicates $names = array_map('strtolower', $names); //set all to lowercase $names = array_map('safeHTML', $names); //HTML encode names as they will be in the source text //sort the list of names Z-A so that longer names and names with spaces occur first, //this is so that we don’t choose "Bob" over "Bob Monkhouse" when matching names rsort($names); //find all possible name references in the text: //(that is, any "@" followed by text up to the end of a line. note that this means that what might be //matched may include additional text that *isn't* part of the name, e.g. "@bob How are you?") $offset = 0; while (preg_match('/(?:^|\\s+)(@.+)/m', $text, $m, PREG_OFFSET_CAPTURE, $offset)) { //check each of the known names in the thread and see if one fits the source text reference //e.g. does "@bob How are you?" begin with "bob" foreach ($names as $name) { if (stripos($m[1][0], $name) === 1) { //locate the last post made by that author in the thread to link to foreach ($rss->channel->item as $item) { if (safeHTML(strtolower($item->author)) == $name) { //replace the reference with the link to the post $text = substr_replace($text, '<a href="' . safeHTML($item->link) . '"' . (isMod($name) ? ' class="nnf_mod"' : '') . '>' . substr($m[1][0], 0, strlen($name) + 1) . '</a>', $m[1][1], strlen($name) + 1); //move on to the next reference, no need to check any further names for this one $offset = $m[1][1] + strlen($name) + strlen($item->link) + 15 + 1; break 2; } } } } //failing any match, continue searching //(avoid getting stuck in an infinite loop) $offset = $m[1][1] + 1; } } /* titles -------------------------------------------------------------------------------------------------------------- */ //example: :: title $replace = ''; $titles = array(); while (preg_match('/(?:\\n|\\A)(::.*)(?:\\n?$|\\Z)/mu', $text, $m, PREG_OFFSET_CAPTURE, @($m[0][1] + strlen($replace)))) { //generate a unique HTML ID for the title: //flatten the title text into a URL-safe string of [a-z0-9_] $translit = safeTransliterate(strip_tags($m[1][0])); //if a title already exsits with that ID, append a number until an available ID is found. $c = 0; do { $id = $translit . ($c++ ? '_' . ($c - 1) : ''); } while (in_array($id, $titles)); //add the current ID to the list of used IDs $titles[] = $id; //remove hyperlinks in the title (since the title will be a hyperlink too) //if a user-link is present, keep the mod class if present $m[1][0] = preg_replace('/<a href="[^"]+"( class="nnf_mod")?>(.*?)<\\/a>/', "<b\$1>\$2</b>", $m[1][0]); //create the replacement HTML, including an anchor link $text = substr_replace($text, $replace = "\n\n<h2 id=\"{$post_id}::{$id}\">" . "<a href=\"" . safeHTML($permalink) . "#{$post_id}::{$id}\">" . $m[1][0] . "</a>" . "</h2>\n", $m[0][1], strlen($m[0][0])); } /* finalise: -------------------------------------------------------------------------------------------------------------- */ //add paragraph tags between blank lines foreach (preg_split('/\\n{2,}/', safeTrim($text), -1, PREG_SPLIT_NO_EMPTY) as $chunk) { //if not a blockquote, title, hr or pre-block, wrap in a paragraph if (!preg_match('/^<\\/?(?:bl|h2|p)|^&PRE_/', $chunk)) { $chunk = "<p>\n" . str_replace("\n", "<br />\n", $chunk) . "\n</p>"; } $text = @($result .= "\n{$chunk}"); } //restore code spans/blocks foreach ($code as $i => $html) { $text = str_replace("&CODE_{$i};", $html, $text); } foreach ($pre as $i => $html) { $text = str_replace("&PRE_{$i};", $html, $text); } return $text; }
$HTMLOUT = ''; $HTMLOUT .= '<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" lang="en"> <head> <meta charset="' . charset() . '" /> <title>ERROR</title> </head><body> <h1 style="text-align:center;">Error</h1> <p style="text-align:center;">How did you get here? silly rabbit Trix are for kids!.</p> </body></html>'; echo $HTMLOUT; exit; } // -------- Action: Edit Forum $forumid = (int) $_GET["forumid"]; if ($CURUSER['class'] >= MAX_CLASS || isMod($forumid, "forum")) { if (!is_valid_id($forumid)) { stderr('Error', 'Invalid ID!'); } $res = sql_query("SELECT name, description, min_class_read, min_class_write, min_class_create FROM forums WHERE id=" . sqlesc($forumid)) or sqlerr(__FILE__, __LINE__); if (mysqli_num_rows($res) == 0) { stderr('Error', 'No forum found with that ID!'); } $forum = mysqli_fetch_assoc($res); if ($INSTALLER09['forums_online'] == 0) { $HTMLOUT .= stdmsg('Warning', 'Forums are currently in maintainance mode'); } $HTMLOUT .= begin_main_frame(); $HTMLOUT .= begin_frame("Edit Forum", "center"); $HTMLOUT .= "<form method='post' action='{$INSTALLER09['baseurl']}/forums.php?action=updateforum&forumid={$forumid}'>\n"; $HTMLOUT .= begin_table();
<?php require_once '../config.php'; require_once '../functions.php'; require_once 'mod_functions.php'; if (!isMod()) { die('Only mods can access this page.'); } include '_header.php'; echoHeader('Add New Sprite'); if (isset($_POST['submit'], $_POST['img_name'], $_POST['comment'])) { if ($_FILES['file']['error'] > 0) { // echo $_FILES["file"]["error"] . '<br />'; echo '<div class="error">There was an error!</div>'; } else { if ($_FILES['file']['size'] > 1048576) { echo '<div class="error">The file size it too large!</div>'; } else { $imageData = file_get_contents($_FILES['file']['tmp_name']); $im = imagecreatefromstring($imageData); if ($im == false) { echo '<div class="error">There was an error creating the image!</div>'; } else { $base64Image = cleanSql(base64_encode($imageData)); $imgName = cleanSql(trim(str_replace(array(chr(0), '<', '>', '.', '/', '\\'), '', $_POST['img_name']))); $comment = cleanSql($_POST['comment']); $uid = (int) $_SESSION['userid']; if (empty($imgName)) { echo '<div class="error">Image name was empty!</div>'; } else { mysql_query("\n\t\t\t\t\tINSERT INTO `new_images` (\n\t\t\t\t\t\t`uid`, `image_data`, `image_name`, `comment`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t'{$uid}', '{$base64Image}', '{$imgName}', '{$comment}'\n\t\t\t\t\t)\n\t\t\t\t");
//index number of the replies, accounting for which page we are on $no = (PAGE - 1) * FORUM_POSTS; foreach ($thread as &$reply) { //has the reply been deleted (blanked)? if ($reply->xpath("category[text()='deleted']")) { $item->addClass('.', 'deleted'); } //apply the data to the template (a reply) $item->set(array('./@id' => substr(strstr($reply->link, '#'), 1), 'time.nnf_reply-time' => date(DATE_FORMAT, strtotime($reply->pubDate)), 'time.nnf_reply-time@datetime' => gmdate('r', strtotime($reply->pubDate)), 'a.nnf_reply-number' => sprintf(THEME_REPLYNO, ++$no), 'a.nnf_reply-number@href' => '?page=' . PAGE . strstr($reply->link, '#'), '.nnf_reply-author' => $reply->author, 'a.nnf_reply-append@href' => '?append=' . substr(strstr($reply->link, '#'), 1) . '#append', 'a.nnf_reply-delete@href' => '?delete=' . substr(strstr($reply->link, '#'), 1)))->setHTML('.nnf_reply-text', $reply->description); //is this reply from the person who started the thread? if (strtolower($reply->author) == strtolower($author)) { $item->addClass('.', 'op'); } //if the user who made the reply is a mod, also mark the whole post as by a mod //(you might want to style any posts made by a mod differently) if (isMod($reply->author)) { $item->addClass('., .nnf_reply-author', 'mod'); } //if the current user in the curent forum can append/delete the current reply: if (CAN_REPLY && (IS_MOD || !HTTP_AUTH || strtolower(NAME) == strtolower($reply->author) && (!FORUM_LOCK || FORUM_LOCK == 'threads' || IS_MEMBER))) { $item->remove(array('.nnf_reply-append' => $reply->xpath("category[text()='deleted']"), '.nnf_reply-delete' => $reply->xpath("category[text()='deleted']") && !IS_MOD)); } else { $item->remove('.nnf_reply-append, .nnf_reply-delete'); } $item->next(); } } else { $template->remove('#nnf_replies'); } /* reply form ---------------------------------------------------------------------------------------------------------------------- */
$template->remove('#nnf_folders'); } /* threads ---------------------------------------------------------------------------------------------------------------------- */ if ($threads || @$stickies) { //do the page links (stickies are not included in the count as they appear on all pages) theme_pageList($template, '', $PAGE, $PAGES); //slice the full list into the current page $threads = array_merge($stickies, array_slice($threads, ($PAGE - 1) * FORUM_THREADS, FORUM_THREADS)); //get the dummy list-item to repeat (removes it and takes a copy) $item = $template->repeat('.nnf_thread'); //generate the list of threads with data, for the template foreach ($threads as $file) { if ($xml = @simplexml_load_file($file)) { if ($last =& $xml->channel->item[0]) { $item->set(array('a.nnf_thread-name' => $xml->channel->title, 'a.nnf_thread-name@href' => url(PATH_URL, pathinfo($file, PATHINFO_FILENAME)), '.nnf_thread-replies' => count($xml->channel->item) - 1, 'a.nnf_thread-post@href' => substr($last->link, strpos($last->link, '/', 9)), 'time.nnf_thread-time' => date(DATE_FORMAT, strtotime($last->pubDate)), 'time.nnf_thread-time@datetime' => date('c', strtotime($last->pubDate)), '.nnf_thread-author' => $last->author))->remove(array('.nnf_thread-locked' => !$xml->channel->xpath('category[.="locked"]'), './@class' => !in_array($file, $stickies) ? 'nnf_sticky' : false, '.nnf_thread-sticky' => !in_array($file, $stickies) || $xml->channel->xpath('category[.="locked"]'), '.nnf_thread-author@class' => !isMod($last->author) ? 'nnf_mod' : false))->next(); } } } } else { //no threads, remove the template stuff $template->remove('#nnf_threads'); } /* new thread form ---------------------------------------------------------------------------------------------------------------------- */ if (CAN_POST) { $template->set(array('input#nnf_title-field@value' => TITLE, 'input#nnf_title-field@maxlength' => SIZE_TITLE, 'input#nnf_name-field-http@value' => NAME, 'input#nnf_name-field@value' => NAME, 'input#nnf_name-field@maxlength' => SIZE_NAME, 'input#nnf_pass-field@value' => PASS, 'input#nnf_pass-field@maxlength' => SIZE_PASS, 'textarea#nnf_text-field' => TEXT, 'textarea#nnf_text-field@maxlength' => SIZE_TEXT))->remove(AUTH_HTTP ? '#nnf_name, #nnf_pass, #nnf_email, #nnf_error-none' : '#nnf_name-http, #nnf_error-none-http')->remove(FORUM_NEWBIES ? '#nnf_error-newbies' : '#nnf_error-none')->remove(array('#nnf_error-none, #nnf_error-none-http, #nnf_error-newbies' => FORM_SUBMIT, '#nnf_error-auth' => !FORM_SUBMIT || !TITLE || !TEXT || !NAME || !PASS || AUTH, '#nnf_error-pass' => !FORM_SUBMIT || !TITLE || !TEXT || !NAME || PASS, '#nnf_error-name' => !FORM_SUBMIT || !TITLE || !TEXT || NAME, '#nnf_error-text' => !FORM_SUBMIT || !TITLE || TEXT, '#nnf_error-title' => !FORM_SUBMIT || TITLE)); } //call the theme-specific templating function, in 'theme.php', before outputting theme_custom($template); exit($template);
<meta charset="' . charset() . '" /> <title>ERROR</title> </head><body> <h1 style="text-align:center;">Error</h1> <p style="text-align:center;">How did you get here? silly rabbit Trix are for kids!.</p> </body></html>'; echo $HTMLOUT; exit; } $topicid = (int) $_GET['topicid']; if (!is_valid_id($topicid)) { stderr('Error', 'Invalid ID'); } $r = sql_query("SELECT t.id, t.topic_name " . ($Multi_forum['configs']['use_poll_mod'] ? ",t.poll_id" : "") . ",t.forum_id,(SELECT COUNT(p.id) FROM posts as p where p.topic_id=" . sqlesc($topicid) . ") AS posts FROM topics as t WHERE t.id=" . sqlesc($topicid)) or sqlerr(__FILE__, __LINE__); $a = mysqli_fetch_assoc($r) or stderr("Error", "No topic was found"); if ($CURUSER["class"] >= UC_STAFF || isMod($a["forum_id"], "forum")) { $sure = isset($_GET['sure']) && (int) $_GET['sure']; if (!$sure) { stderr("Sanity check...", "You are about to delete topic " . htmlsafechars($a["topic_name"]) . ". Click <a href='{$INSTALLER09['baseurl']}/forums.php?action=deletetopic&topicid={$topicid}&sure=1'>here</a> if you are sure."); } else { write_log("topicdelete", "Topic <b>" . htmlsafechars($a["topic_name"]) . "</b> was deleted by <a href='{$INSTALLER09['baseurl']}/userdetails.php?id=" . (int) $CURUSER['id'] . "'>" . htmlsafechars($CURUSER['username']) . "</a>."); if ($Multi_forum['configs']['use_attachment_mod']) { $res = sql_query("SELECT attachments.filename " . "FROM posts " . "LEFT JOIN attachments ON attachments.postid = posts.id " . "WHERE posts.topic_id = " . sqlesc($topicid)) or sqlerr(__FILE__, __LINE__); while ($arr = mysqli_fetch_assoc($res)) { if (!empty($arr['filename']) && is_file($Multi_forum['configs']['attachment_dir'] . "/" . $arr['filename'])) { unlink($Multi_forum['configs']['attachment_dir'] . "/" . $arr['filename']); } } } sql_query("DELETE posts, topics " . ($Multi_forum['configs']['use_attachment_mod'] ? ", attachments, attachmentdownloads " : "") . ($Multi_forum['configs']['use_poll_mod'] ? ", postpolls, postpollanswers " : "") . "FROM topics " . "LEFT JOIN posts ON posts.topic_id = topics.id " . ($Multi_forum['configs']['use_attachment_mod'] ? "LEFT JOIN attachments ON attachments.postid = posts.id " . "LEFT JOIN attachmentdownloads ON attachmentdownloads.fileid = attachments.id " : "") . ($Multi_forum['configs']['use_poll_mod'] ? "LEFT JOIN postpolls ON postpolls.id = topics.pollid " . "LEFT JOIN postpollanswers ON postpollanswers.pollid = postpolls.id " : "") . "WHERE topics.id=" . sqlesc($topicid)) or sqlerr(__FILE__, __LINE__); header('Location: ' . $INSTALLER09['baseurl'] . '/forums.php?action=viewforum&forumid=' . (int) $a["forumid"]);
<title>ERROR</title> </head><body> <h1 style="text-align:center;">Error</h1> <p style="text-align:center;">How did you get here? silly rabbit Trix are for kids!.</p> </body></html>'; echo $HTMLOUT; exit; } // -------- Action: Delete post $postid = (int) $_GET['postid']; if (!is_valid_id($postid)) { stderr('Error', 'Invalid ID'); } $res = sql_query("SELECT p.topic_id " . ($Multi_forum['configs']['use_attachment_mod'] ? ", a.filename" : "") . ", t.forum_id, (SELECT COUNT(id) FROM posts WHERE topic_id=p.topic_id) AS posts_count, " . "(SELECT MAX(id) FROM posts WHERE topic_id=p.topic_id AND id < p.id) AS p_id " . "FROM posts AS p " . "LEFT JOIN topics as t on t.id=p.topic_id " . ($Multi_forum['configs']['use_attachment_mod'] ? "LEFT JOIN attachments AS a ON a.postid = p.id " : "") . "WHERE p.id=" . sqlesc($postid)) or sqlerr(__FILE__, __LINE__); $arr = mysqli_fetch_assoc($res) or stderr("Error", "Post not found"); if (isMod($arr["forumid"], "forum") || $CURUSER['class'] >= UC_STAFF) { $topicid = (int) $arr['topic_id']; if ($arr['posts_count'] < 2) { stderr("Error", "Can't delete post; it is the only post of the topic. You should<br /><a href='{$INSTALLER09['baseurl']}/forums.php?action=deletetopic&topicid={$topicid}'>delete the topic</a> instead."); } $redirtopost = is_valid_id($arr['p_id']) ? "&page=p" . $arr['p_id'] . "#p" . $arr['p_id'] : ''; $sure = (int) isset($_GET['sure']) && (int) $_GET['sure']; if (!$sure) { stderr("Sanity check...", "You are about to delete a post. Click <a href='{$INSTALLER09['baseurl']}/forums.php?action=deletepost&postid={$postid}&sure=1'>here</a> if you are sure."); } sql_query("DELETE posts.* " . ($Multi_forum['configs']['use_attachment_mod'] ? ", attachments.*, attachmentdownloads.* " : "") . "FROM posts " . ($Multi_forum['configs']['use_attachment_mod'] ? "LEFT JOIN attachments ON attachments.postid = posts.id " . "LEFT JOIN attachmentdownloads ON attachmentdownloads.fileid = attachments.id " : "") . "WHERE posts.id=" . sqlesc($postid)) or sqlerr(__FILE__, __LINE__); if ($Multi_forum['configs']['use_attachment_mod'] && !empty($arr['filename'])) { $filename = $Multi_forum['configs']['attachment_dir'] . "/" . $arr['filename']; if (is_file($filename)) { unlink($filename); }
****** */ if (!defined('IN_INSTALLER09_FORUM')) { $HTMLOUT = ''; $HTMLOUT .= '<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" lang="en"> <head> <meta charset="' . charset() . '" /> <title>ERROR</title> </head><body> <h1 style="text-align:center;">Error</h1> <p style="text-align:center;">How did you get here? silly rabbit Trix are for kids!.</p> </body></html>'; echo $HTMLOUT; exit; } if ($CURUSER['class'] >= UC_STAFF || isMod($forumid, "forum")) { $HTMLOUT .= "<form method='post' action='forums.php'>\r\n\t <input type='hidden' name='action' value='updatetopic' />\r\n\t <input type='hidden' name='topicid' value='{$topicid}' />"; /*$HTMLOUT .= begin_table();*/ $HTMLOUT .= "<table class='table table-hover table-bordered'>\r\n\t <tr>\r\n\t <td colspan='2' class='colhead'>Staff options</td>\r\n\t </tr>\r\n\t <tr>\r\n\t <td class='rowhead' width='1%'>Sticky</td>\r\n\t <td>\r\n\t <select name='sticky'>\r\n\t <option value='yes'" . ($sticky ? " selected='selected'" : '') . ">Yes</option>\r\n\t <option value='no' " . (!$sticky ? " selected='selected'" : '') . ">No</option>\r\n\t </select>\r\n\t </td>\r\n\t </tr>\r\n\t <tr>\r\n\t <td class='rowhead'>Locked</td>\r\n\t <td>\r\n\t <select name='locked'>\r\n\t <option value='yes'" . ($locked ? " selected='selected'" : '') . ">Yes</option>\r\n\t <option value='no'" . (!$locked ? " selected='selected'" : '') . ">No</option>\r\n\t </select>\r\n\t </td>\r\n\t </tr>\r\n\t <tr>\r\n\t <td class='rowhead'>Topic name</td>\r\n\t <td>\r\n\t <input type='text' name='topic_name' size='60' maxlength='{$Multi_forum['configs']['maxsubjectlength']}' value='" . htmlsafechars($subject) . "' />\r\n\t </td>\r\n\t </tr>\r\n\t <tr>\r\n\t <td class='rowhead'>Move topic</td>\r\n\t <td>\r\n\t <select name='new_forumid'>"; $res = sql_query("SELECT id, name, min_class_write FROM forums ORDER BY name") or sqlerr(__FILE__, __LINE__); while ($arr = mysqli_fetch_assoc($res)) { if ($CURUSER['class'] >= $arr["min_class_write"]) { $HTMLOUT .= '<option value="' . (int) $arr["id"] . '"' . ($arr["id"] == $forumid ? ' selected="selected"' : '') . '>' . htmlsafechars($arr["name"]) . '</option>'; } } $HTMLOUT .= "</select>\r\n\t </td></tr>\r\n\t <tr>\r\n\t <td class='rowhead' style='white-space:nowrap;'>Delete topic</td>\r\n\t <td>\r\n <select name='delete'>\r\n\t <option value='no' selected='selected'>No</option>\r\n\t <option value='yes'>Yes</option>\r\n\t </select>\r\n\t <br />\r\n\t <b>Note:</b> Any changes made to the topic won't take effect if you select 'yes'\r\n\t </td>\r\n\t </tr>\r\n\t <tr>\r\n\t <td colspan='2' align='center'>\r\n\t <input type='submit' class='btn btn-primary' value='Update Topic' />\r\n\t </td>\r\n\t </tr>"; $HTMLOUT .= "</table>"; /*$HTMLOUT .= end_table();*/ $HTMLOUT .= "</form>"; }
function show_forums($forid, $subforums = false, $sfa = "", $mods_array = "", $show_mods = false) { global $CURUSER, $INSTALLER09, $Multi_forum; $mods_array = forummods(); $htmlout = ''; $forums_res = sql_query("SELECT f.id, f.name, f.description, f.post_count, f.topic_count, f.min_class_read, p.added, p.topic_id, p.anonymous, p.user_id, p.id AS pid, u.id AS uid, u.username, u.class, u.donor, u.enabled, u.warned, u.chatpost, u.leechwarn, u.pirate, u.king, t.topic_name, t.last_post, r.last_post_read " . "FROM forums AS f " . "LEFT JOIN posts AS p ON p.id = (SELECT MAX(last_post) FROM topics WHERE forum_id = f.id) " . "LEFT JOIN users AS u ON u.id = p.user_id " . "LEFT JOIN topics AS t ON t.id = p.topic_id " . "LEFT JOIN read_posts AS r ON r.user_id = " . sqlesc($CURUSER['id']) . " AND r.topic_id = p.topic_id " . "WHERE " . ($subforums == false ? "f.forum_id = " . sqlesc($forid) . " AND f.place =-1 ORDER BY f.forum_id ASC" : "f.place=" . sqlesc($forid) . " ORDER BY f.id ASC") . "") or sqlerr(__FILE__, __LINE__); $htmlout .= begin_f_main_table(); while ($forums_arr = mysqli_fetch_assoc($forums_res)) { if ($CURUSER['class'] < $forums_arr["min_class_read"]) { continue; } $forumid = (int) $forums_arr["id"]; $lastpostid = (int) $forums_arr['last_post']; $user_stuff = $forums_arr; $user_stuff['id'] = (int) $forums_arr['uid']; if ($subforums == false && !empty($sfa[$forumid])) { if ($sfa[$forumid]['last_post']['postid'] > $forums_arr['pid']) { if ($sfa[$forumid]['last_post']["anonymous"] == "yes") { if ($CURUSER['class'] < UC_STAFF && $sfa[$forumid]['last_post']['user_id'] != $CURUSER['id']) { $lastpost1 = "Anonymous<br />"; } else { $lastpost1 = "Anonymous[<a href='{$INSTALLER09['baseurl']}/userdetails.php?id=" . (int) $sfa[$forumid]['last_--post']['userid'] . "'><b>" . htmlsafechars($sfa[$forumid]['last_post']['user']) . "</b></a>]<br />"; } } elseif ($sfa[$forumid]['last_post']["anonymous"] == "no") { $lastpost1 = "<a href='{$INSTALLER09['baseurl']}/userdetails.php?id=" . (int) $sfa[$forumid]['last_post']['userid'] . "'><b>" . htmlsafechars($sfa[$forumid]['last_post']['user']) . "</b></a><br />"; } $lastpost = "" . get_date($sfa[$forumid]['last_post']['added'], 'LONG', 1, 0) . "<br />" . "by {$lastpost1}" . "in <a href='{$INSTALLER09['baseurl']}/forums.php?action=viewtopic&topicid=" . (int) $sfa[$forumid]['last_post']['topic'] . "&page=p" . (int) $sfa[$forumid]['last_post']['post_id'] . "#p" . (int) $sfa[$forumid]['last_post']['post_id'] . "'><b>" . htmlsafechars($sfa[$forumid]['last_post']['tname']) . "</b></a>"; } elseif ($sfa[$forumid]['last_post']['postid'] < $forums_arr['pid']) { if ($forums_arr["anonymous"] == "yes") { if ($CURUSER['class'] < UC_STAFF && $forums_arr["user_id"] != $CURUSER["id"]) { $lastpost2 = "Anonymous<br />"; } else { $lastpost2 = "Anonymous[<a href='{$INSTALLER09['baseurl']}/userdetails.php?id=" . (int) $forums_arr["user_id"] . "'><b>" . format_username($user_stuff, true) . "</b></a>]<br />"; } } elseif ($forums_arr["anonymous"] == "no") { $lastpost2 = "<a href='{$INSTALLER09['baseurl']}/userdetails.php?id=" . (int) $forums_arr["user_id"] . "'><b>" . format_username($user_stuff, true) . "</b></a><br />"; } $lastpost = "" . get_date($forums_arr["added"], 'LONG', 1, 0) . "<br />" . "by {$lastpost2}" . "in <a href='{$INSTALLER09['baseurl']}/forums.php?action=viewtopic&topicid=" . (int) $forums_arr["topic_id"] . "&page=p{$lastpostid}#p{$lastpostid}'><b>" . htmlsafechars($forums_arr['topic_name']) . "</b></a>"; } else { $lastpost = "N/A"; } } else { if (is_valid_id($forums_arr['pid'])) { if ($forums_arr["anonymous"] == "yes") { if ($CURUSER['class'] < UC_STAFF && $forums_arr["user_id"] != $CURUSER["id"]) { $lastpost = "" . get_date($forums_arr["added"], 'LONG', 1, 0) . "<br />" . "by <i>Anonymous</i><br />" . "in <a href='" . $INSTALLER09['baseurl'] . "/forums.php?action=viewtopic&topicid=" . (int) $forums_arr["topic_id"] . "&page=p{$lastpostid}#p{$lastpostid}'><b>" . htmlsafechars($forums_arr['topic_name']) . "</b></a>"; } else { $lastpost = "" . get_date($forums_arr["added"], 'LONG', 1, 0) . "<br />" . "by <i>Anonymous[</i><a href='{$INSTALLER09['baseurl']}/userdetails.php?id=" . (int) $forums_arr["user_id"] . "'><b>" . format_username($user_stuff, true) . "</b></a>]<br />" . "in <a href='{$INSTALLER09['baseurl']}/forums.php??action=viewtopic&topicid=" . (int) $forums_arr["topic_id"] . "&page=p{$lastpostid}#p{$lastpostid}'><b>" . htmlsafechars($forums_arr['topic_name']) . "</b></a>"; } } else { $lastpost = "<span class='smalltext'><a href='{$INSTALLER09['baseurl']}/forums.php?action=viewtopic&topicid=" . (int) $forums_arr["topic_id"] . "&page=p{$lastpostid}#p{$lastpostid}'>" . htmlsafechars($forums_arr['topic_name']) . "</a><br />" . "" . get_date($forums_arr["added"], 'LONG', 1, 0) . "<br />" . "by <a href='{$INSTALLER09['baseurl']}/userdetails.php?id=" . (int) $forums_arr["user_id"] . "'>" . format_username($user_stuff, true) . "</a> "; } } else { $lastpost = "N/A"; } } $image_to_use = $forums_arr['added'] > TIME_NOW - $INSTALLER09['readpost_expiry'] ? (int) $forums_arr['pid'] > $forums_arr['last_post_read'] : 0; if (is_valid_id($forums_arr['pid'])) { $img = $image_to_use ? '<span class="forum_status forum_on ajax_mark_read" title="Forum Contains New Posts" ></span>' : '<span class="forum_status forum_off ajax_mark_read" title="Forum Contains No New Posts" ></span>'; } else { $img = "<span class='forum_status forum_offlock ajax_mark_read' title='Forum Contains No Posts' ></span>"; } if ($subforums == false && !empty($sfa[$forumid])) { list($subposts, $subtopics) = get_count($sfa[$forumid]["count"]); $topics = $forums_arr["topic_count"] + $subtopics; $posts = $forums_arr["post_count"] + $subposts; } else { $topics = (int) $forums_arr["topic_count"]; $posts = (int) $forums_arr["post_count"]; } $htmlout .= "\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td class=row align='center' valign='middle' width='1%'>" . $img . "</td>\n\t\t\t\t\t\t<td class=row valign='middle' width='50%'>\n\t\t\t\t\t\t<strong><a href='{$INSTALLER09['baseurl']}/forums.php?action=viewforum&forumid=" . $forumid . "'><b>" . htmlsafechars($forums_arr["name"]) . "</b></a></strong>\n"; if ($CURUSER['class'] >= UC_ADMINISTRATOR || isMod($forumid, "forum")) { $htmlout .= " <font class='small'><a class='altlink' href='{$INSTALLER09['baseurl']}/forums.php?action=editforum&forumid=" . $forumid . "'><span class='btn btn-default btn-xs'><i class='fa fa-pencil-square-o'></i>\n\t\t Edit</span></a>  <a class='altlink' href='{$INSTALLER09['baseurl']}/forums.php?action=deleteforum&forumid=" . $forumid . "'><span class='btn btn-default btn-xs'><i class='fa fa-eraser'></i>\n\t\t Delete</span></a></font>"; } if (!empty($forums_arr["description"])) { $htmlout .= "<br />" . htmlsafechars($forums_arr["description"]) . ""; } if ($subforums == false && !empty($sfa[$forumid])) { $htmlout .= "<br/>" . subforums($sfa[$forumid]["topics"]); } if ($show_mods == true && isset($mods_array[$forumid])) { $htmlout .= "<br/>" . showMods($mods_array[$forumid]); } $htmlout .= "</td>\n<td class=row valign='top' style='white-space: nowrap' width= '8%'>\n<span class='badge'>" . number_format($posts) . "</span> Posts</br>\n<span class='badge'>" . number_format($topics) . "</span> Topics\n</td>\n\t\t\t<td class=row valign='top' align='right' style='white-space: nowrap'>" . $lastpost . "</td>\n\t\t</tr>\n\t\t"; } $htmlout .= "</table><br />"; $htmlout .= end_f_body_div(); $htmlout .= end_f_main_div(); return $htmlout; }
function show_forums($forid, $subforums = false, $sfa = "", $mods_array = "", $show_mods = false) { global $CURUSER, $TBDEV; $htmlout = ''; $forums_res = mysql_query("SELECT f.id, f.name, f.description, f.postcount, f.topiccount, f.minclassread, p.added, p.topicid, p.anonymous, p.userid, p.id AS pid, u.username, t.subject, t.lastpost, r.lastpostread " . "FROM forums AS f " . "LEFT JOIN posts AS p ON p.id = (SELECT MAX(lastpost) FROM topics WHERE forumid = f.id) " . "LEFT JOIN users AS u ON u.id = p.userid " . "LEFT JOIN topics AS t ON t.id = p.topicid " . "LEFT JOIN readposts AS r ON r.userid = " . sqlesc($CURUSER['id']) . " AND r.topicid = p.topicid " . "WHERE " . ($subforums == false ? "f.forid = {$forid} AND f.place =-1 ORDER BY f.forid ASC" : "f.place={$forid} ORDER BY f.id ASC") . "") or sqlerr(__FILE__, __LINE__); while ($forums_arr = mysql_fetch_assoc($forums_res)) { if ($CURUSER['class'] < $forums_arr["minclassread"]) { continue; } $forumid = (int) $forums_arr["id"]; $lastpostid = (int) $forums_arr['lastpost']; if ($subforums == false && !empty($sfa[$forumid])) { if ($sfa[$forumid]['lastpost']['postid'] > $forums_arr['pid']) { if ($sfa[$forumid]['lastpost']["anonymous"] == "yes") { if ($CURUSER['class'] < UC_MODERATOR && $sfa[$forumid]['lastpost']['userid'] != $CURUSER['id']) { $lastpost1 = "Anonymous<br />"; } else { $lastpost1 = "Anonymous(<a href='{$TBDEV['baseurl']}/userdetails.php?id=" . (int) $sfa[$forumid]['lastpost']['userid'] . "'><b>" . htmlspecialchars($sfa[$forumid]['lastpost']['user']) . "</b></a>)<br />"; } } elseif ($sfa[$forumid]['lastpost']["anonymous"] == "no") { $lastpost1 = "<a href='{$TBDEV['baseurl']}/userdetails.php?id=" . (int) $sfa[$forumid]['lastpost']['userid'] . "'><b>" . htmlspecialchars($sfa[$forumid]['lastpost']['user']) . "</b></a><br />"; } $lastpost = "" . get_date($sfa[$forumid]['lastpost']['added'], 'LONG', 1, 0) . "<br />" . "by {$lastpost1}" . "in <a href='" . $_SERVER['PHP_SELF'] . "?action=viewtopic&topicid=" . (int) $sfa[$forumid]['lastpost']['topic'] . "&page=p" . $sfa[$forumid]['lastpost']['postid'] . "#p" . $sfa[$forumid]['lastpost']['postid'] . "'><b>" . htmlspecialchars($sfa[$forumid]['lastpost']['tname']) . "</b></a>"; } elseif ($sfa[$forumid]['lastpost']['postid'] < $forums_arr['pid']) { if ($forums_arr["anonymous"] == "yes") { if ($CURUSER['class'] < UC_MODERATOR && $forums_arr["userid"] != $CURUSER["id"]) { $lastpost2 = "Anonymous<br />"; } else { $lastpost2 = "Anonymous(<a href='{$TBDEV['baseurl']}/userdetails.php?id=" . (int) $forums_arr["userid"] . "'><b>" . htmlspecialchars($forums_arr['username']) . "</b></a>)<br />"; } } elseif ($forums_arr["anonymous"] == "no") { $lastpost2 = "<a href='{$TBDEV['baseurl']}/userdetails.php?id=" . (int) $forums_arr["userid"] . "'><b>" . htmlspecialchars($forums_arr['username']) . "</b></a><br />"; } $lastpost = "" . get_date($forums_arr["added"], 'LONG', 1, 0) . "<br />" . "by {$lastpost2}" . "in <a href='" . $_SERVER['PHP_SELF'] . "?action=viewtopic&topicid=" . (int) $forums_arr["topicid"] . "&page=p{$lastpostid}#p{$lastpostid}'><b>" . htmlspecialchars($forums_arr['subject']) . "</b></a>"; } else { $lastpost = "N/A"; } } else { if (is_valid_id($forums_arr['pid'])) { if ($forums_arr["anonymous"] == "yes") { if ($CURUSER['class'] < UC_MODERATOR && $forums_arr["userid"] != $CURUSER["id"]) { $lastpost = "" . get_date($forums_arr["added"], 'LONG', 1, 0) . "<br />" . "by <i>Anonymous</i><br />" . "in <a href='" . $_SERVER['PHP_SELF'] . "?action=viewtopic&topicid=" . (int) $forums_arr["topicid"] . "&page=p{$lastpostid}#p{$lastpostid}'><b>" . htmlspecialchars($forums_arr['subject']) . "</b></a>"; } else { $lastpost = "" . get_date($forums_arr["added"], 'LONG', 1, 0) . "<br />" . "by <i>Anonymous</i>(<a href='{$TBDEV['baseurl']}/userdetails.php?id=" . (int) $forums_arr["userid"] . "'><b>" . htmlspecialchars($forums_arr['username']) . "</b></a>)<br />" . "in <a href='" . $_SERVER['PHP_SELF'] . "?action=viewtopic&topicid=" . (int) $forums_arr["topicid"] . "&page=p{$lastpostid}#p{$lastpostid}'><b>" . htmlspecialchars($forums_arr['subject']) . "</b></a>"; } } else { $lastpost = "" . get_date($forums_arr["added"], 'LONG', 1, 0) . "<br />" . "by <a href='{$TBDEV['baseurl']}/userdetails.php?id=" . (int) $forums_arr["userid"] . "'><b>" . htmlspecialchars($forums_arr['username']) . "</b></a><br />" . "in <a href='" . $_SERVER['PHP_SELF'] . "?action=viewtopic&topicid=" . (int) $forums_arr["topicid"] . "&page=p{$lastpostid}#p{$lastpostid}'><b>" . htmlspecialchars($forums_arr['subject']) . "</b></a>"; } } else { $lastpost = "N/A"; } } if (is_valid_id($forums_arr['pid'])) { $img = 'unlocked' . ($forums_arr['added'] > time() - $TBDEV['readpost_expiry'] ? (int) $forums_arr['pid'] > $forums_arr['lastpostread'] : 0 ? 'new' : ''); } else { $img = "unlocked"; } if ($subforums == false && !empty($sfa[$forumid])) { list($subposts, $subtopics) = get_count($sfa[$forumid]["count"]); $topics = $forums_arr["topiccount"] + $subtopics; $posts = $forums_arr["postcount"] + $subposts; } else { $topics = $forums_arr["topiccount"]; $posts = $forums_arr["postcount"]; } $htmlout .= "<tr>\r\n\t\t\t<td align='left'>\r\n\t\t\t\t<table border='0' cellspacing='0' cellpadding='0' style='border:none;'>\r\n\t\t\t\t\t<tr>\r\n\t\t\t\t\t\t<td class='embedded' style='padding-right: 5px'><img src='" . $TBDEV['pic_base_url'] . $img . ".gif' alt='' /></td>\r\n\t\t\t\t\t\t<td class='embedded'>\r\n\t\t\t\t\t\t\t<a href='" . $_SERVER['PHP_SELF'] . "?action=viewforum&forumid=" . $forumid . "'><b>" . htmlspecialchars($forums_arr["name"]) . "</b></a>"; if ($CURUSER['class'] >= UC_ADMINISTRATOR || isMod($forumid)) { $htmlout .= " <font class='small'>[<a class='altlink' href='" . $_SERVER['PHP_SELF'] . "?action=editforum&forumid=" . $forumid . "'>Edit</a>][<a class='altlink' href='" . $_SERVER['PHP_SELF'] . "?action=deleteforum&forumid=" . $forumid . "'>Delete</a>]</font>"; } if (!empty($forums_arr["description"])) { $htmlout .= "<br />" . htmlspecialchars($forums_arr["description"]); } if ($subforums == false && !empty($sfa[$forumid])) { $htmlout .= "<br/>" . subforums($sfa[$forumid]["topics"]); } if ($show_mods == true && isset($mods_array[$forumid])) { $htmlout .= "<br/>" . showMods($mods_array[$forumid]); } $htmlout .= "</td>\r\n\t\t\t\t\t</tr>\r\n\t\t\t\t</table>\r\n\t\t\t</td>\r\n\t\t\t<td align='center'>" . number_format($topics) . "</td>\r\n\t\t\t<td align='center'>" . number_format($posts) . "</td>\r\n\t\t\t<td align='left' nowrap='nowrap'>" . $lastpost . "</td>\r\n\t\t</tr>"; } return $htmlout; }
function show_forums($forid, $subforums = false, $sfa = "", $show_mods = false) { global $CURUSER, $pic_base_url, $READPOST_EXPIRY, $DEFAULTBASEURL, $ss_uri, $forummods; $forums_res = sql_query("SELECT f.id, f.name, f.description, f.postcount, f.topiccount, f.minclassread, p.added, p.topicid, p.userid, p.id AS pid, u.username, t.subject, t.lastpost, r.lastpostread " . "FROM forums AS f " . "LEFT JOIN posts AS p ON p.id = (SELECT MAX(lastpost) FROM topics WHERE forumid = f.id) " . "LEFT JOIN users AS u ON u.id = p.userid " . "LEFT JOIN topics AS t ON t.id = p.topicid " . "LEFT JOIN readposts AS r ON r.userid = " . sqlesc($CURUSER['id']) . " AND r.topicid = p.topicid " . "WHERE " . ($subforums == false ? "f.forid = {$forid} AND f.place =-1 ORDER BY f.forid ASC" : "f.place={$forid} ORDER BY f.id ASC") . "") or sqlerr(__FILE__, __LINE__); while ($forums_arr = mysql_fetch_assoc($forums_res)) { if ($CURUSER['class'] < $forums_arr["minclassread"]) { continue; } $forumid = (int) $forums_arr["id"]; $lastpostid = (int) $forums_arr['lastpost']; if ($subforums == false && !empty($sfa[$forumid])) { if ($sfa[$forumid]['lastpost']['postid'] > $forums_arr['pid']) { $lastpost = "" . $sfa[$forumid]['lastpost']['added'] . "<br />" . "by <a href='{$DEFAULTBASEURL}/userdetails.php?id=" . (int) $sfa[$forumid]['lastpost']['userid'] . "'><b>" . safeChar($sfa[$forumid]['lastpost']['user']) . "</b></a><br />" . "in <a href='" . $_SERVER['PHP_SELF'] . "?action=viewtopic&topicid=" . (int) $sfa[$forumid]['lastpost']['topic'] . "&page=p" . $sfa[$forumid]['lastpost']['postid'] . "#p" . $sfa[$forumid]['lastpost']['postid'] . "'><b>" . safeChar($sfa[$forumid]['lastpost']['tname']) . "</b></a>"; } elseif ($sfa[$forumid]['lastpost']['postid'] < $forums_arr['pid']) { $lastpost = "" . $forums_arr["added"] . "<br />" . "by <a href='{$DEFAULTBASEURL}/userdetails.php?id=" . (int) $forums_arr["userid"] . "'><b>" . safeChar($forums_arr['username']) . "</b></a><br />" . "in <a href='" . $_SERVER['PHP_SELF'] . "?action=viewtopic&topicid=" . (int) $forums_arr["topicid"] . "&page=p{$lastpostid}#p{$lastpostid}'><b>" . safeChar($forums_arr['subject']) . "</b></a>"; } else { $lastpost = "N/A"; } } else { if (is_valid_id($forums_arr['pid'])) { $lastpost = "" . $forums_arr["added"] . "<br />" . "by <a href='{$DEFAULTBASEURL}/userdetails.php?id=" . (int) $forums_arr["userid"] . "'><b>" . safeChar($forums_arr['username']) . "</b></a><br />" . "in <a href='" . $_SERVER['PHP_SELF'] . "?action=viewtopic&topicid=" . (int) $forums_arr["topicid"] . "&page=p{$lastpostid}#p{$lastpostid}'><b>" . safeChar($forums_arr['subject']) . "</b></a>"; } else { $lastpost = "N/A"; } } if (is_valid_id($forums_arr['pid'])) { $img = 'unlocked' . ($forums_arr['added'] > get_date_time(gmtime() - $READPOST_EXPIRY) ? (int) $forums_arr['pid'] > $forums_arr['lastpostread'] : 0 ? 'new' : ''); } else { $img = "unlocked"; } if ($subforums == false && !empty($sfa[$forumid])) { list($subposts, $subtopics) = get_count($sfa[$forumid]["count"]); $topics = $forums_arr["topiccount"] + $subtopics; $posts = $forums_arr["postcount"] + $subposts; } else { $topics = $forums_arr["topiccount"]; $posts = $forums_arr["postcount"]; } ?> <tr> <td align='left' style="border:none;"> <table border=0 cellspacing=0 cellpadding=0 style="border:none;"> <tr> <td class=embedded style='padding-right: 5px'><img src="themes/<?php echo $ss_uri . "/forum/" . $img; ?> .png" /></td> <td class=embedded> <a href='<?php echo $_SERVER['PHP_SELF']; ?> ?action=viewforum&forumid=<?php echo $forumid; ?> '><b><?php echo safeChar($forums_arr["name"]); ?> </b></a><?php if ($CURUSER['class'] >= UC_ADMINISTRATOR || isMod($forumid)) { ?> <font class='small'>[<a class='altlink' href='<?php echo $_SERVER['PHP_SELF']; ?> ?action=editforum&forumid=<?php echo $forumid; ?> '>Edit</a>][<a class='altlink' href='<?php echo $_SERVER['PHP_SELF']; ?> ?action=deleteforum&forumid=<?php echo $forumid; ?> '>Delete</a>]</font><?php } if (!empty($forums_arr["description"])) { ?> <br /><?php echo safeChar($forums_arr["description"]); } if ($subforums == false && !empty($sfa[$forumid])) { echo "<br/>" . subforums($sfa[$forumid]["topics"]); } if ($show_mods == true && isset($forummods[$forumid])) { print "<br/>" . showMods($forummods[$forumid]); } ?> </td> </tr> </table> </td> <td align='center'><?php echo number_format($topics); ?> </td> <td align='center'><?php echo number_format($posts); ?> </td> <td align='left' nowrap="nowrap"><?php echo $lastpost; ?> </td> </tr><?php } }
} /* access rights ---------------------------------------------------------------------------------------------------------------------- */ //get the lock status of the current forum we’re in: //"threads" - only users in "mods.txt" / "members.txt" can start threads, but anybody can reply //"posts" - only users in "mods.txt" / "members.txt" can start threads or reply define('FORUM_LOCK', trim(@file_get_contents('locked.txt'))); //get the list of moderators: //(`file` returns NULL if the file doesn’t exist; casting that to an array creates an array with a blank element, and //`array_filter` removes blank elements, including blank lines in the text file; we could use the `FILE_SKIP_EMPTY_LINES` //flag, but `array_filter` kills two birds with one stone since we don’t have to check if the file exists beforehand.) $MODS = array('GLOBAL' => array_filter((array) @file(FORUM_ROOT . '/mods.txt', FILE_IGNORE_NEW_LINES)), 'LOCAL' => PATH ? array_filter((array) @file('mods.txt', FILE_IGNORE_NEW_LINES)) : array()); //get the list (if any) of users allowed to access this current forum $MEMBERS = array_filter((array) @file('members.txt', FILE_IGNORE_NEW_LINES)); //is the current user a moderator in this forum? define('IS_MOD', isMod(NAME)); //is the current user a member of this forum? define('IS_MEMBER', isMember(NAME)); //can the current user post new threads in the current forum? //(posting replies is dependent on the the thread -- if locked -- so tested in 'thread.php') define('CAN_POST', FORUM_ENABLED && (IS_MOD || IS_MEMBER || !FORUM_LOCK)); /* send HTTP headers ====================================================================================================================== */ //if enabled, enforce HTTPS if (FORUM_HTTPS) { if (@$_SERVER['HTTPS'] == 'on') { //if forced-HTTPS is on and a HTTPS connection is being used, send the 30-day HSTS header //see <en.wikipedia.org/wiki/Strict_Transport_Security> for more details header('Strict-Transport-Security: max-age=2592000'); } else { //if forced-HTTPS is on and a HTTPS connection is not being used, redirect to the HTTPS version of the current page
<?php if (isLoggedIn() && isMod()) { if (isset($_POST['add'])) { if (!isValidSessionkey()) { die("Hack attempt blocked."); } $title = makeSafeSQL($_POST['title']); $content = makeSafeSQL($_POST['content']); sqlQuery("INSERT INTO \"news\" (\"Author\",\"Title\",\"Content\") VALUES(" . $me->id . ",'{$title}','{$content}')"); header("Location: index.php"); exit; } ?> <div class="title">[Mod] Add News</div> <div class="block"> <div class="blocktitle">Post</div> <div class="blockcontent"> <form method="post" action="index.php?page=mod_news"> <p>Title:<br /><input type="text" name="title" class="halfwidth" /></p> <p>Contents:<br /><textarea name="content"></textarea></p> <?php echoHiddenSessionkey(); ?> <input type="submit" name="add" value="Add" /> </form> </div> </div> <?php } else { header("Location: index.php");
<p style="text-align:center;">How did you get here? silly rabbit Trix are for kids!.</p> </body></html>'; echo $HTMLOUT; exit; } $topicid = isset($_GET['topicid']) ? (int) $_GET['topicid'] : (isset($_POST['topicid']) ? (int) $_POST['topicid'] : 0); if (!is_valid_id($topicid)) { stderr('Error...', 'Invalid topic ID!'); } $topic_res = sql_query('SELECT t.sticky, t.locked, t.topic_name, t.forum_id, f.min_class_write, ' . '(SELECT COUNT(id) FROM posts WHERE topic_id = t.id) As post_count ' . 'FROM topics AS t ' . 'LEFT JOIN forums AS f ON f.id = t.forum_id ' . 'WHERE t.id=' . sqlesc($topicid)) or sqlerr(__FILE__, __LINE__); if (mysqli_num_rows($topic_res) == 0) { stderr('Error...', 'No topic with that ID!'); } $topic_arr = mysqli_fetch_assoc($topic_res); if (isMod($topic_arr["forum_id"]) || $CURUSER['class'] >= UC_STAFF) { if ($CURUSER['class'] < $topic_arr['min_class_write'] && !isMod($topic_arr["forum_id"], "topic")) { stderr('Error...', 'You are not allowed to edit this topic.'); } $forumid = (int) $topic_arr['forum_id']; $subject = htmlsafechars($topic_arr['topic_name']); if ((isset($_GET['delete']) ? htmlsafechars($_GET['delete']) : (isset($_POST['delete']) ? htmlsafechars($_POST['delete']) : '')) == 'yes') { if ((isset($_GET['sure']) ? htmlsafechars($_GET['sure']) : (isset($_POST['sure']) ? htmlsafechars($_POST['sure']) : '')) != 'yes') { stderr("Sanity check...", "You are about to delete this topic: <b>" . $subject . "</b>. Click <a href='{$INSTALLER09['baseurl']}/forums.php?action={$action}&topicid={$topicid}&delete=yes&sure=yes'>here</a> if you are sure."); } write_log("topicdelete", "Topic <b>" . $subject . "</b> was deleted by <a href='{$INSTALLER09['baseurl']}/userdetails.php?id=" . (int) $CURUSER['id'] . "'>" . htmlsafechars($CURUSER['username']) . "</a>."); if ($Multi_forum['configs']['use_attachment_mod']) { $res = sql_query("SELECT attachments.filename " . "FROM posts " . "LEFT JOIN attachments ON attachments.postid = posts.id " . "WHERE posts.topicid=" . sqlesc($topicid)) or sqlerr(__FILE__, __LINE__); while ($arr = mysqli_fetch_assoc($res)) { if (!empty($arr['filename']) && is_file($Multi_forum['configs']['attachment_dir'] . "/" . $arr['filename'])) { unlink($Multi_forum['configs']['attachment_dir'] . "/" . $arr['filename']); }
//get the lock status of the current forum we’re in: //"threads" - only users in "mods.txt" / "members.txt" can start threads, but anybody can reply //"news" - as above, but the forum is listed by original posting date (descending), not last-reply date //"posts" - only users in "mods.txt" / "members.txt" can start threads or reply define('FORUM_LOCK', trim(@file_get_contents('locked.txt'))); //get the list of moderators: //(`file` returns NULL if the file doesn’t exist; casting that to an array creates an array with a blank element, and // `array_filter` removes blank elements, including blank lines in the text file; we could use the `FILE_SKIP_EMPTY_LINES` // flag, but `array_filter` kills two birds with one stone since we don’t have to check if the file exists beforehand.) $MODS = array('GLOBAL' => array_filter((array) @file(FORUM_ROOT . DIRECTORY_SEPARATOR . 'mods.txt', FILE_IGNORE_NEW_LINES)), 'LOCAL' => PATH ? array_filter((array) @file('mods.txt', FILE_IGNORE_NEW_LINES)) : array()); //get the list (if any) of users allowed to access this current forum $MEMBERS = array_filter((array) @file('members.txt', FILE_IGNORE_NEW_LINES)); //is the current user the site admin? (first name in the root 'mods.txt') define('IS_ADMIN', AUTH && isAdmin(NAME)); //is the current user a moderator in this forum? define('IS_MOD', AUTH && isMod(NAME)); //is the current user a member of this forum? define('IS_MEMBER', AUTH && isMember(NAME)); /* theme & translation ====================================================================================================================== */ /* load the theme configuration ---------------------------------------------------------------------------------------------------------------------- */ //shorthand to the server-side location of the particular theme folder (this gets used a lot) define('THEME_ROOT', FORUM_ROOT . DIRECTORY_SEPARATOR . 'themes' . DIRECTORY_SEPARATOR . FORUM_THEME . DIRECTORY_SEPARATOR); //load the theme-specific functions @(include THEME_ROOT . 'theme.php') or (require FORUM_LIB . 'error_theme.php'); //load the user’s theme configuration, if it exists @(include THEME_ROOT . 'theme.config.php'); //include the theme defaults @(include THEME_ROOT . 'theme.config.default.php') or (require FORUM_LIB . 'error_configtheme.php'); /* load translations and select one
//<stackoverflow.com/questions/2119686/sorting-an-array-of-simplexml-objects/2120569#2120569> foreach ($thread as &$node) { $sort[] = strtotime($node->pubDate); } array_multisort($sort, SORT_ASC, $thread); //do the page links theme_pageList($template, $FILE, $PAGE, $PAGES); //slice the full list into the current page $thread = array_slice($thread, ($PAGE - 1) * FORUM_POSTS, FORUM_POSTS); //get the dummy list-item to repeat (removes it and takes a copy) $item = $template->repeat('.nnf_reply'); //index number of the replies, accounting for which page we are on $no = ($PAGE - 1) * FORUM_POSTS; //apply the data to the template (a reply) foreach ($thread as &$reply) { $item->set(array('./@id' => substr(strstr($reply->link, '#'), 1), 'time.nnf_reply-time' => date(DATE_FORMAT, strtotime($reply->pubDate)), 'time.nnf_reply-time@datetime' => gmdate('r', strtotime($reply->pubDate)), '.nnf_reply-author' => $reply->author, 'a.nnf_reply-number' => sprintf(THEME_REPLYNO, ++$no), 'a.nnf_reply-number@href' => url('thread', PATH_URL, $FILE, $PAGE) . strstr($reply->link, '#'), 'a.nnf_reply-append@href' => url('append', PATH_URL, $FILE, $PAGE, substr(strstr($reply->link, '#'), 1)) . '#append', 'a.nnf_reply-delete@href' => url('delete', PATH_URL, $FILE, $PAGE, substr(strstr($reply->link, '#'), 1))))->remove(array('./@class' => $reply->xpath('category[.="deleted"]') ? false : 'nnf_deleted'))->remove(array('./@class' => strtolower($reply->author) == strtolower($author) ? false : 'nnf_op'))->remove(array('./@class, .nnf_reply-author@class' => isMod($reply->author) ? false : 'mod'))->remove(array('.nnf_reply-append, .nnf_reply-delete' => !(CAN_REPLY && (IS_MOD || !AUTH_HTTP || strtolower(NAME) == strtolower($reply->author) && (!FORUM_LOCK || FORUM_LOCK == 'threads' || IS_MEMBER))), '.nnf_reply-append' => $reply->xpath('category[.="deleted"]'), '.nnf_reply-delete' => $reply->xpath('category[.="deleted"]') && !IS_MOD)); //insert the post-text, dealing with an invalid HTML error try { $item->setValue('.nnf_reply-text', $reply->description, true); $item->remove(array('./@class' => 'nnf_error')); } catch (Exception $e) { //if the HTML was invalid, replace with the corruption message $item->setValue('.nnf_reply-text', THEME_HTML_ERROR, true); //remove the append button $item->remove('.nnf_reply-append'); } $item->next(); } } /* reply form ---------------------------------------------------------------------------------------------------------------------- */
$threads = array_merge($stickies, array_slice($threads, ($PAGE - 1) * FORUM_THREADS, FORUM_THREADS)); //get the dummy list-item to repeat (removes it and takes a copy) $item = $template->repeat('.nnf_thread'); //generate the list of threads with data, for the template foreach ($threads as $file) { if ($xml = @simplexml_load_file($file)) { //is the thread sticky? if (in_array($file, $stickies)) { $item->addClass('.', 'sticky'); } //get the last post in the thread $last =& $xml->channel->item[0]; //apply the data to the template $item->set(array('a.nnf_thread-name' => $xml->channel->title, 'a.nnf_thread-name@href' => pathinfo($file, PATHINFO_FILENAME), '.nnf_thread-replies' => count($xml->channel->item) - 1, 'a.nnf_thread-post@href' => substr($last->link, strpos($last->link, '/', 9)), 'time.nnf_thread-time' => date(DATE_FORMAT, strtotime($last->pubDate)), 'time.nnf_thread-time@datetime' => date('c', strtotime($last->pubDate)), '.nnf_thread-author' => $last->author))->remove(array('.nnf_thread-locked' => !$xml->channel->xpath("category[.='locked']"), '.nnf_thread-sticky' => !in_array($file, $stickies) || $xml->channel->xpath("category[.='locked']"))); //is the last post author a mod? if (isMod($last->author)) { $item->addClass('.nnf_thread-author', 'mod'); } //attach the templated sub-forum item to the list $item->next(); } } } else { //no threads, remove the template stuff $template->remove('#nnf_threads'); } /* new thread form ---------------------------------------------------------------------------------------------------------------------- */ if (CAN_POST) { $template->set(array('input#nnf_title-field@value' => TITLE, 'input#nnf_name-field-http@value' => NAME, 'input#nnf_name-field@value' => NAME, 'input#nnf_pass-field@value' => PASS, 'textarea#nnf_text-field' => TEXT, 'input#nnf_title-field@maxlength' => SIZE_TITLE, 'input#nnf_name-field@maxlength' => SIZE_NAME, 'input#nnf_pass-field@maxlength' => SIZE_PASS, 'textarea#nnf_text-field@maxlength' => SIZE_TEXT))->remove(HTTP_AUTH ? '#nnf_name, #nnf_pass, #nnf_email, #nnf_error-none' : '#nnf_name-http, #nnf_error-none-http')->remove(FORUM_NEWBIES ? '#nnf_error-newbies' : '#nnf_error-none')->remove(array('#nnf_error-none, #nnf_error-none-http, #nnf_error-newbies' => !empty($_POST), '#nnf_error-auth' => empty($_POST) || !TITLE || !TEXT || !NAME || !PASS || AUTH, '#nnf_error-pass' => empty($_POST) || !TITLE || !TEXT || !NAME || PASS, '#nnf_error-name' => empty($_POST) || !TITLE || !TEXT || NAME, '#nnf_error-text' => empty($_POST) || !TITLE || TEXT, '#nnf_error-title' => empty($_POST) || TITLE)); }
<p style="text-align:center;">How did you get here? silly rabbit Trix are for kids!.</p> </body></html>'; echo $HTMLOUT; exit; } // -------- Action: Edit post $postid = (int) $_GET["postid"]; if (!is_valid_id($postid)) { stderr('Error', 'Invalid ID!'); } $res = sql_query("SELECT p.user_id, p.topic_id, p.icon, p.body, t.locked, t.forum_id " . "FROM posts AS p " . "LEFT JOIN topics AS t ON t.id = p.topic_id " . "WHERE p.id = " . sqlesc($postid)) or sqlerr(__FILE__, __LINE__); if (mysqli_num_rows($res) == 0) { stderr("Error", "No post with that ID!"); } $arr = mysqli_fetch_assoc($res); if (($CURUSER["id"] != $arr["user_id"] || $arr["locked"] == 'yes') && $CURUSER['class'] < UC_STAFF && !isMod($arr["forum_id"], "forum")) { stderr("Error", "Access Denied!"); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $body = trim(htmlsafechars($_POST['body'])); $posticon = isset($_POST["iconid"]) ? 0 + $_POST["iconid"] : 0; if (empty($body)) { stderr("Error", "Body cannot be empty!"); } if (!isset($_POST['lasteditedby'])) { sql_query("UPDATE posts SET body=" . sqlesc($body) . ", edit_date=" . TIME_NOW . ", edited_by=" . sqlesc($CURUSER['id']) . ", icon=" . sqlesc($posticon) . " WHERE id=" . sqlesc($postid)) or sqlerr(__FILE__, __LINE__); } else { sql_query("UPDATE posts SET body=" . sqlesc($body) . ", icon=" . sqlesc($posticon) . " WHERE id=" . sqlesc($postid)) or sqlerr(__FILE__, __LINE__); } header("Location: {$INSTALLER09['baseurl']}/forums.php?action=viewtopic&topicid=" . (int) $arr['topic_id'] . "&page=p{$postid}#p{$postid}"); exit;