function theme_nameList($names)
{
foreach ($names as &$name) {
$name = '<b' . (isMod($name) ? ' class="nnf_mod"' : '') . '>' . safeHTML($name) . '</b>';
}
return implode(', ', $names);
}
stderr("Error", "Topic length is limited to {$Multi_forum['configs']['maxsubjectlength']} characters.");
}
} else {
$forumid = get_topic_forum($topicid) or die("Bad topic ID");
}
// ------ Make sure sure user has write access in forum
$arr = get_forum_access_levels($forumid) or die("Bad forum ID");
if ($CURUSER['class'] < $arr["write"] || $newtopic && $CURUSER['class'] < $arr["create"] && !isMod($forumid, "topic")) {
stderr("Error", "Permission denied.");
}
$body = trim($_POST["body"]);
if (empty($body)) {
stderr("Error", "No body text.");
}
$userid = (int) $CURUSER["id"];
if ($Multi_forum['configs']['use_flood_mod'] && $CURUSER['class'] < UC_STAFF && !isMod($forumid, "topic")) {
$res = sql_query("SELECT COUNT(id) AS c FROM posts WHERE user_id=" . sqlesc($CURUSER['id']) . " AND added > '" . (TIME_NOW - $Multi_forum['configs']['minutes'] * 60) . "'");
$arr = mysqli_fetch_assoc($res);
if ($arr['c'] > $Multi_forum['configs']['limit']) {
stderr("Flood", "More than " . $Multi_forum['configs']['limit'] . " posts in the last " . $Multi_forum['configs']['minutes'] . " minutes.");
}
}
if ($newtopic) {
$subject = sqlesc($subject);
$anonymous = isset($_POST['anonymous']) && $_POST["anonymous"] != "" ? "yes" : "no";
sql_query("INSERT INTO topics (user_id, forum_id, topic_name, anonymous) VALUES(" . sqlesc($userid) . ", " . sqlesc($forumid) . ", {$subject}, " . sqlesc($anonymous) . ")") or sqlerr(__FILE__, __LINE__);
$topicid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res or stderr("Error", "No topic ID returned!");
$added = sqlesc(TIME_NOW);
$body = sqlesc($body);
$anonymous = isset($_POST['anonymous']) && $_POST["anonymous"] != "" ? "yes" : "no";
sql_query("INSERT INTO posts (topic_id, user_id, added, body, anonymous, icon) VALUES(" . sqlesc($topicid) . ", " . sqlesc($userid) . ", {$added}, {$body}, " . sqlesc($anonymous) . "," . sqlesc($posticon) . ")") or sqlerr(__FILE__, __LINE__);
</tbody>
</table>
</form>
<br />";**/
}
if ($postid > $lpr && $postadd > TIME_NOW - $INSTALLER09['readpost_expiry']) {
if ($lpr) {
sql_query("UPDATE read_posts SET last_post_read=" . sqlesc($postid) . " WHERE user_id=" . sqlesc($userid) . " AND topic_id=" . sqlesc($topicid)) or sqlerr(__FILE__, __LINE__);
} else {
sql_query("INSERT INTO read_posts (user_id, topic_id, last_post_read) VALUES(" . sqlesc($userid) . ", " . sqlesc($topicid) . ", " . sqlesc($postid) . ")") or sqlerr(__FILE__, __LINE__);
}
}
// ------ Mod options
if ($CURUSER['class'] >= UC_STAFF || isMod($forumid, "forum")) {
require_once FORUM_DIR . "/mod_panel.php";
}
// $HTMLOUT .= end_frame();
$HTMLOUT .= "<br /></div></div>";
//$HTMLOUT .= end_main_frame();
if (isMod($topicid)) {
$CURUSER['class'] = UC_STAFF;
}
echo stdhead("Forums :: View Topic: {$subject}", true, $stdhead) . $HTMLOUT . stdfoot($stdfoot);
$uploaderror = isset($_GET['uploaderror']) ? htmlsafechars($_GET['uploaderror']) : '';
if (!empty($uploaderror)) {
$HTMLOUT .= "<script>alert(\"Upload Failed: {$uploaderror}\nHowever your post was successful saved!\n\nClick 'OK' to continue.\");</script>";
}
exit;
?>
function formatText($text, $permalink = '', $post_id = '', $rss = NULL)
{
//unify carriage returns between Windows / UNIX, and sanitise HTML against injection
$text = safeHTML(preg_replace('/\\r\\n?/', "\n", $text));
//these arrays will hold any portions of text that have to be temporarily removed to avoid interference with the
//markup processing, i.e code spans / blocks
$pre = array();
$code = array();
/* preformatted text (code blocks):
-------------------------------------------------------------------------------------------------------------- */
/* example: or: (latex in particular since it uses % as a comment marker)
% title $ title
⋮ ⋮
% $
*/
while (preg_match('/^(?-s:(\\h*)([%$])(.*?))\\n(.*?)\\n\\h*\\2(["”»]?)$/msu', $text, $m, PREG_OFFSET_CAPTURE)) {
//format the code block
$pre[] = "<pre><span class=\"ct\">{$m[2][0]}{$m[3][0]}</span>\n" . (strlen($m[1][0]) ? preg_replace("/^\\s{1," . strlen($m[1][0]) . "}/m", '', $m[4][0]) : $m[4][0]) . "\n<span class=\"cb\">{$m[2][0]}</span></pre>";
//replace the code block with a placeholder:
//(we will have to remove the code chunks from the source text to avoid the other markup processing from
//munging it and then restore the chunks back later)
$text = substr_replace($text, "\n&PRE_" . (count($pre) - 1) . ";\n" . $m[5][0], $m[0][1], strlen($m[0][0]));
}
/* inline code / teletype text:
-------------------------------------------------------------------------------------------------------------- */
// example: `code` or ``code``
while (preg_match('/(?<=[\\s\\p{Z}\\p{P}]|^)(`+)(.*?)(?<!`)\\1(?!`)/m', $text, $m, PREG_OFFSET_CAPTURE)) {
//format the code block
$code[] = '<code>' . $m[1][0] . $m[2][0] . $m[1][0] . '</code>';
//same as with normal code blocks, replace them with a placeholder
$text = substr_replace($text, '&CODE_' . (count($code) - 1) . ';', $m[0][1], strlen($m[0][0]));
}
/* hyperlinks:
-------------------------------------------------------------------------------------------------------------- */
//find full URLs and turn into HTML hyperlinks. we also detect e-mail addresses automatically
while (preg_match('/(?:
((?:(?:http|ftp)s?|irc)?:\\/\\/) # $1 = protocol
| ([a-z0-9\\._%+\\-]+@) # $2 = email name
)( # $3 = friendly URL (no protocol)
[-\\.\\p{L}\\p{M}\\p{N}]+ # domain (letters, diacritics, numbers & dash only)
(?:\\.[\\p{L}\\p{M}\\p{N}]+)+ # TLDs (also letters, diacritics & numbers only)
)(?(2)| # email ends here
(\\/)? # $4 = slash is excluded from friendly URL
(?(4)( # $5 = folders and filename, relative URL
(?> # folders and filename
"(?!\\/?>|\\s|$)| # ignore the end of an HTML hyperlink
\\)(?![:\\.,"”»]?(?:\\s|$))| # ignore brackets on end with punctuation
[:\\.,”»](?!\\s|$)| # ignore various characters on the end
[^\\s:)\\.,"”»] # the rest, including bookmark
)*
)?)
)/xiu', $text, $m, PREG_OFFSET_CAPTURE, @($m[0][1] + strlen($replace)))) {
$text = substr_replace($text, $replace = '<a href="' . ($p = @$m[2][0] ? 'mailto:' . $m[2][0] : ($m[1][0] ? $m[1][0] : 'http://')) . htmlspecialchars($m[3][0] . @$m[4][0] . @$m[5][0], ENT_COMPAT, 'UTF-8', false) . '"' . ($p . $m[3][0] !== FORUM_URL ? ' rel="nofollow external"' : '') . '>' . $m[0][0] . '</a>', $m[0][1], strlen($m[0][0]));
}
/* inline formatting:
-------------------------------------------------------------------------------------------------------------- */
$text = preg_replace(array('/(?<=\\s|^)_(?!_)(.*?)(?<!_)_(?=\\s|$)/m', '/(?<![*\\w])\\*(?!\\*)(.*?)(?<!\\*)\\*(?![*\\w])/'), array('<em>_$1_</em>', '<strong>*$1*</strong>'), $text);
/* divider: "---"
-------------------------------------------------------------------------------------------------------------- */
$text = preg_replace('/(?:\\n|\\A)\\h*(---+)\\h*(?:\\n?$|\\Z)/m', "\n\n<p class=\"hr\">\$1</p>\n", $text);
/* blockquotes:
-------------------------------------------------------------------------------------------------------------- */
/* example:
“this is the first quote level.
“this is the second quote level.”
back to the first quote level.”
*/
do {
$text = preg_replace(array('/(?:\\n|\\A)\\h*("(?!\\s+)((?>(?1)|.)*?)\\s*")\\h*(?:\\n?$|\\Z)/msu', '/(?:\\n|\\A)\\h*(“(?!\\s+)((?>(?1)|.)*?)\\s*”)\\h*(?:\\n?$|\\Z)/msu', '/(?:\\n|\\A)\\h*(«(?!\\s+)((?>(?1)|.)*?)\\s*»)\\h*(?:\\n?$|\\Z)/msu'), "\n\n<blockquote>\n\n" . "<span class=\"ql\">“</span>\n\$2\n<span class=\"qr\">”</span>\n\n" . "</blockquote>\n", $text, -1, $c);
} while ($c);
//remove the extra linebreaks addeded between our theme quotes
//(required so that extra `<br />`s don’t get added!)
$text = preg_replace(array('/“<\\/span>\\n(?!\\n)/', '/\\n<span class="qr">/'), array('“</span>', '<span class="qr">'), $text);
/* name references:
-------------------------------------------------------------------------------------------------------------- */
//name references (e.g. "@bob") will link back to the last reply in the thread made by that person.
//this requires that the whole RSS thread is passed to this function to refer to
if (!is_null($rss)) {
//first, produce a list of all authors in the thread
$names = array();
foreach ($rss->channel->xpath('./item/author') as $name) {
$names[] = $name[0];
}
$names = array_unique($names);
//remove duplicates
$names = array_map('strtolower', $names);
//set all to lowercase
$names = array_map('safeHTML', $names);
//HTML encode names as they will be in the source text
//sort the list of names Z-A so that longer names and names with spaces occur first,
//this is so that we don’t choose "Bob" over "Bob Monkhouse" when matching names
rsort($names);
//find all possible name references in the text:
//(that is, any "@" followed by text up to the end of a line. note that this means that what might be
//matched may include additional text that *isn't* part of the name, e.g. "@bob How are you?")
$offset = 0;
while (preg_match('/(?:^|\\s+)(@.+)/m', $text, $m, PREG_OFFSET_CAPTURE, $offset)) {
//check each of the known names in the thread and see if one fits the source text reference
//e.g. does "@bob How are you?" begin with "bob"
foreach ($names as $name) {
if (stripos($m[1][0], $name) === 1) {
//locate the last post made by that author in the thread to link to
foreach ($rss->channel->item as $item) {
if (safeHTML(strtolower($item->author)) == $name) {
//replace the reference with the link to the post
$text = substr_replace($text, '<a href="' . safeHTML($item->link) . '"' . (isMod($name) ? ' class="nnf_mod"' : '') . '>' . substr($m[1][0], 0, strlen($name) + 1) . '</a>', $m[1][1], strlen($name) + 1);
//move on to the next reference, no need to check any further names for this one
$offset = $m[1][1] + strlen($name) + strlen($item->link) + 15 + 1;
break 2;
}
}
}
}
//failing any match, continue searching
//(avoid getting stuck in an infinite loop)
$offset = $m[1][1] + 1;
}
}
/* titles
-------------------------------------------------------------------------------------------------------------- */
//example: :: title
$replace = '';
$titles = array();
while (preg_match('/(?:\\n|\\A)(::.*)(?:\\n?$|\\Z)/mu', $text, $m, PREG_OFFSET_CAPTURE, @($m[0][1] + strlen($replace)))) {
//generate a unique HTML ID for the title:
//flatten the title text into a URL-safe string of [a-z0-9_]
$translit = safeTransliterate(strip_tags($m[1][0]));
//if a title already exsits with that ID, append a number until an available ID is found.
$c = 0;
do {
$id = $translit . ($c++ ? '_' . ($c - 1) : '');
} while (in_array($id, $titles));
//add the current ID to the list of used IDs
$titles[] = $id;
//remove hyperlinks in the title (since the title will be a hyperlink too)
//if a user-link is present, keep the mod class if present
$m[1][0] = preg_replace('/<a href="[^"]+"( class="nnf_mod")?>(.*?)<\\/a>/', "<b\$1>\$2</b>", $m[1][0]);
//create the replacement HTML, including an anchor link
$text = substr_replace($text, $replace = "\n\n<h2 id=\"{$post_id}::{$id}\">" . "<a href=\"" . safeHTML($permalink) . "#{$post_id}::{$id}\">" . $m[1][0] . "</a>" . "</h2>\n", $m[0][1], strlen($m[0][0]));
}
/* finalise:
-------------------------------------------------------------------------------------------------------------- */
//add paragraph tags between blank lines
foreach (preg_split('/\\n{2,}/', safeTrim($text), -1, PREG_SPLIT_NO_EMPTY) as $chunk) {
//if not a blockquote, title, hr or pre-block, wrap in a paragraph
if (!preg_match('/^<\\/?(?:bl|h2|p)|^&PRE_/', $chunk)) {
$chunk = "<p>\n" . str_replace("\n", "<br />\n", $chunk) . "\n</p>";
}
$text = @($result .= "\n{$chunk}");
}
//restore code spans/blocks
foreach ($code as $i => $html) {
$text = str_replace("&CODE_{$i};", $html, $text);
}
foreach ($pre as $i => $html) {
$text = str_replace("&PRE_{$i};", $html, $text);
}
return $text;
}
$HTMLOUT = '';
$HTMLOUT .= '<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta charset="' . charset() . '" />
<title>ERROR</title>
</head><body>
<h1 style="text-align:center;">Error</h1>
<p style="text-align:center;">How did you get here? silly rabbit Trix are for kids!.</p>
</body></html>';
echo $HTMLOUT;
exit;
}
// -------- Action: Edit Forum
$forumid = (int) $_GET["forumid"];
if ($CURUSER['class'] >= MAX_CLASS || isMod($forumid, "forum")) {
if (!is_valid_id($forumid)) {
stderr('Error', 'Invalid ID!');
}
$res = sql_query("SELECT name, description, min_class_read, min_class_write, min_class_create FROM forums WHERE id=" . sqlesc($forumid)) or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($res) == 0) {
stderr('Error', 'No forum found with that ID!');
}
$forum = mysqli_fetch_assoc($res);
if ($INSTALLER09['forums_online'] == 0) {
$HTMLOUT .= stdmsg('Warning', 'Forums are currently in maintainance mode');
}
$HTMLOUT .= begin_main_frame();
$HTMLOUT .= begin_frame("Edit Forum", "center");
$HTMLOUT .= "<form method='post' action='{$INSTALLER09['baseurl']}/forums.php?action=updateforum&forumid={$forumid}'>\n";
$HTMLOUT .= begin_table();
<?php
require_once '../config.php';
require_once '../functions.php';
require_once 'mod_functions.php';
if (!isMod()) {
die('Only mods can access this page.');
}
include '_header.php';
echoHeader('Add New Sprite');
if (isset($_POST['submit'], $_POST['img_name'], $_POST['comment'])) {
if ($_FILES['file']['error'] > 0) {
// echo $_FILES["file"]["error"] . '<br />';
echo '<div class="error">There was an error!</div>';
} else {
if ($_FILES['file']['size'] > 1048576) {
echo '<div class="error">The file size it too large!</div>';
} else {
$imageData = file_get_contents($_FILES['file']['tmp_name']);
$im = imagecreatefromstring($imageData);
if ($im == false) {
echo '<div class="error">There was an error creating the image!</div>';
} else {
$base64Image = cleanSql(base64_encode($imageData));
$imgName = cleanSql(trim(str_replace(array(chr(0), '<', '>', '.', '/', '\\'), '', $_POST['img_name'])));
$comment = cleanSql($_POST['comment']);
$uid = (int) $_SESSION['userid'];
if (empty($imgName)) {
echo '<div class="error">Image name was empty!</div>';
} else {
mysql_query("\n\t\t\t\t\tINSERT INTO `new_images` (\n\t\t\t\t\t\t`uid`, `image_data`, `image_name`, `comment`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t'{$uid}', '{$base64Image}', '{$imgName}', '{$comment}'\n\t\t\t\t\t)\n\t\t\t\t");
//index number of the replies, accounting for which page we are on
$no = (PAGE - 1) * FORUM_POSTS;
foreach ($thread as &$reply) {
//has the reply been deleted (blanked)?
if ($reply->xpath("category[text()='deleted']")) {
$item->addClass('.', 'deleted');
}
//apply the data to the template (a reply)
$item->set(array('./@id' => substr(strstr($reply->link, '#'), 1), 'time.nnf_reply-time' => date(DATE_FORMAT, strtotime($reply->pubDate)), 'time.nnf_reply-time@datetime' => gmdate('r', strtotime($reply->pubDate)), 'a.nnf_reply-number' => sprintf(THEME_REPLYNO, ++$no), 'a.nnf_reply-number@href' => '?page=' . PAGE . strstr($reply->link, '#'), '.nnf_reply-author' => $reply->author, 'a.nnf_reply-append@href' => '?append=' . substr(strstr($reply->link, '#'), 1) . '#append', 'a.nnf_reply-delete@href' => '?delete=' . substr(strstr($reply->link, '#'), 1)))->setHTML('.nnf_reply-text', $reply->description);
//is this reply from the person who started the thread?
if (strtolower($reply->author) == strtolower($author)) {
$item->addClass('.', 'op');
}
//if the user who made the reply is a mod, also mark the whole post as by a mod
//(you might want to style any posts made by a mod differently)
if (isMod($reply->author)) {
$item->addClass('., .nnf_reply-author', 'mod');
}
//if the current user in the curent forum can append/delete the current reply:
if (CAN_REPLY && (IS_MOD || !HTTP_AUTH || strtolower(NAME) == strtolower($reply->author) && (!FORUM_LOCK || FORUM_LOCK == 'threads' || IS_MEMBER))) {
$item->remove(array('.nnf_reply-append' => $reply->xpath("category[text()='deleted']"), '.nnf_reply-delete' => $reply->xpath("category[text()='deleted']") && !IS_MOD));
} else {
$item->remove('.nnf_reply-append, .nnf_reply-delete');
}
$item->next();
}
} else {
$template->remove('#nnf_replies');
}
/* reply form
---------------------------------------------------------------------------------------------------------------------- */
$template->remove('#nnf_folders');
}
/* threads
---------------------------------------------------------------------------------------------------------------------- */
if ($threads || @$stickies) {
//do the page links (stickies are not included in the count as they appear on all pages)
theme_pageList($template, '', $PAGE, $PAGES);
//slice the full list into the current page
$threads = array_merge($stickies, array_slice($threads, ($PAGE - 1) * FORUM_THREADS, FORUM_THREADS));
//get the dummy list-item to repeat (removes it and takes a copy)
$item = $template->repeat('.nnf_thread');
//generate the list of threads with data, for the template
foreach ($threads as $file) {
if ($xml = @simplexml_load_file($file)) {
if ($last =& $xml->channel->item[0]) {
$item->set(array('a.nnf_thread-name' => $xml->channel->title, 'a.nnf_thread-name@href' => url(PATH_URL, pathinfo($file, PATHINFO_FILENAME)), '.nnf_thread-replies' => count($xml->channel->item) - 1, 'a.nnf_thread-post@href' => substr($last->link, strpos($last->link, '/', 9)), 'time.nnf_thread-time' => date(DATE_FORMAT, strtotime($last->pubDate)), 'time.nnf_thread-time@datetime' => date('c', strtotime($last->pubDate)), '.nnf_thread-author' => $last->author))->remove(array('.nnf_thread-locked' => !$xml->channel->xpath('category[.="locked"]'), './@class' => !in_array($file, $stickies) ? 'nnf_sticky' : false, '.nnf_thread-sticky' => !in_array($file, $stickies) || $xml->channel->xpath('category[.="locked"]'), '.nnf_thread-author@class' => !isMod($last->author) ? 'nnf_mod' : false))->next();
}
}
}
} else {
//no threads, remove the template stuff
$template->remove('#nnf_threads');
}
/* new thread form
---------------------------------------------------------------------------------------------------------------------- */
if (CAN_POST) {
$template->set(array('input#nnf_title-field@value' => TITLE, 'input#nnf_title-field@maxlength' => SIZE_TITLE, 'input#nnf_name-field-http@value' => NAME, 'input#nnf_name-field@value' => NAME, 'input#nnf_name-field@maxlength' => SIZE_NAME, 'input#nnf_pass-field@value' => PASS, 'input#nnf_pass-field@maxlength' => SIZE_PASS, 'textarea#nnf_text-field' => TEXT, 'textarea#nnf_text-field@maxlength' => SIZE_TEXT))->remove(AUTH_HTTP ? '#nnf_name, #nnf_pass, #nnf_email, #nnf_error-none' : '#nnf_name-http, #nnf_error-none-http')->remove(FORUM_NEWBIES ? '#nnf_error-newbies' : '#nnf_error-none')->remove(array('#nnf_error-none, #nnf_error-none-http, #nnf_error-newbies' => FORM_SUBMIT, '#nnf_error-auth' => !FORM_SUBMIT || !TITLE || !TEXT || !NAME || !PASS || AUTH, '#nnf_error-pass' => !FORM_SUBMIT || !TITLE || !TEXT || !NAME || PASS, '#nnf_error-name' => !FORM_SUBMIT || !TITLE || !TEXT || NAME, '#nnf_error-text' => !FORM_SUBMIT || !TITLE || TEXT, '#nnf_error-title' => !FORM_SUBMIT || TITLE));
}
//call the theme-specific templating function, in 'theme.php', before outputting
theme_custom($template);
exit($template);
<meta charset="' . charset() . '" />
<title>ERROR</title>
</head><body>
<h1 style="text-align:center;">Error</h1>
<p style="text-align:center;">How did you get here? silly rabbit Trix are for kids!.</p>
</body></html>';
echo $HTMLOUT;
exit;
}
$topicid = (int) $_GET['topicid'];
if (!is_valid_id($topicid)) {
stderr('Error', 'Invalid ID');
}
$r = sql_query("SELECT t.id, t.topic_name " . ($Multi_forum['configs']['use_poll_mod'] ? ",t.poll_id" : "") . ",t.forum_id,(SELECT COUNT(p.id) FROM posts as p where p.topic_id=" . sqlesc($topicid) . ") AS posts FROM topics as t WHERE t.id=" . sqlesc($topicid)) or sqlerr(__FILE__, __LINE__);
$a = mysqli_fetch_assoc($r) or stderr("Error", "No topic was found");
if ($CURUSER["class"] >= UC_STAFF || isMod($a["forum_id"], "forum")) {
$sure = isset($_GET['sure']) && (int) $_GET['sure'];
if (!$sure) {
stderr("Sanity check...", "You are about to delete topic " . htmlsafechars($a["topic_name"]) . ". Click <a href='{$INSTALLER09['baseurl']}/forums.php?action=deletetopic&topicid={$topicid}&sure=1'>here</a> if you are sure.");
} else {
write_log("topicdelete", "Topic <b>" . htmlsafechars($a["topic_name"]) . "</b> was deleted by <a href='{$INSTALLER09['baseurl']}/userdetails.php?id=" . (int) $CURUSER['id'] . "'>" . htmlsafechars($CURUSER['username']) . "</a>.");
if ($Multi_forum['configs']['use_attachment_mod']) {
$res = sql_query("SELECT attachments.filename " . "FROM posts " . "LEFT JOIN attachments ON attachments.postid = posts.id " . "WHERE posts.topic_id = " . sqlesc($topicid)) or sqlerr(__FILE__, __LINE__);
while ($arr = mysqli_fetch_assoc($res)) {
if (!empty($arr['filename']) && is_file($Multi_forum['configs']['attachment_dir'] . "/" . $arr['filename'])) {
unlink($Multi_forum['configs']['attachment_dir'] . "/" . $arr['filename']);
}
}
}
sql_query("DELETE posts, topics " . ($Multi_forum['configs']['use_attachment_mod'] ? ", attachments, attachmentdownloads " : "") . ($Multi_forum['configs']['use_poll_mod'] ? ", postpolls, postpollanswers " : "") . "FROM topics " . "LEFT JOIN posts ON posts.topic_id = topics.id " . ($Multi_forum['configs']['use_attachment_mod'] ? "LEFT JOIN attachments ON attachments.postid = posts.id " . "LEFT JOIN attachmentdownloads ON attachmentdownloads.fileid = attachments.id " : "") . ($Multi_forum['configs']['use_poll_mod'] ? "LEFT JOIN postpolls ON postpolls.id = topics.pollid " . "LEFT JOIN postpollanswers ON postpollanswers.pollid = postpolls.id " : "") . "WHERE topics.id=" . sqlesc($topicid)) or sqlerr(__FILE__, __LINE__);
header('Location: ' . $INSTALLER09['baseurl'] . '/forums.php?action=viewforum&forumid=' . (int) $a["forumid"]);
<title>ERROR</title>
</head><body>
<h1 style="text-align:center;">Error</h1>
<p style="text-align:center;">How did you get here? silly rabbit Trix are for kids!.</p>
</body></html>';
echo $HTMLOUT;
exit;
}
// -------- Action: Delete post
$postid = (int) $_GET['postid'];
if (!is_valid_id($postid)) {
stderr('Error', 'Invalid ID');
}
$res = sql_query("SELECT p.topic_id " . ($Multi_forum['configs']['use_attachment_mod'] ? ", a.filename" : "") . ", t.forum_id, (SELECT COUNT(id) FROM posts WHERE topic_id=p.topic_id) AS posts_count, " . "(SELECT MAX(id) FROM posts WHERE topic_id=p.topic_id AND id < p.id) AS p_id " . "FROM posts AS p " . "LEFT JOIN topics as t on t.id=p.topic_id " . ($Multi_forum['configs']['use_attachment_mod'] ? "LEFT JOIN attachments AS a ON a.postid = p.id " : "") . "WHERE p.id=" . sqlesc($postid)) or sqlerr(__FILE__, __LINE__);
$arr = mysqli_fetch_assoc($res) or stderr("Error", "Post not found");
if (isMod($arr["forumid"], "forum") || $CURUSER['class'] >= UC_STAFF) {
$topicid = (int) $arr['topic_id'];
if ($arr['posts_count'] < 2) {
stderr("Error", "Can't delete post; it is the only post of the topic. You should<br /><a href='{$INSTALLER09['baseurl']}/forums.php?action=deletetopic&topicid={$topicid}'>delete the topic</a> instead.");
}
$redirtopost = is_valid_id($arr['p_id']) ? "&page=p" . $arr['p_id'] . "#p" . $arr['p_id'] : '';
$sure = (int) isset($_GET['sure']) && (int) $_GET['sure'];
if (!$sure) {
stderr("Sanity check...", "You are about to delete a post. Click <a href='{$INSTALLER09['baseurl']}/forums.php?action=deletepost&postid={$postid}&sure=1'>here</a> if you are sure.");
}
sql_query("DELETE posts.* " . ($Multi_forum['configs']['use_attachment_mod'] ? ", attachments.*, attachmentdownloads.* " : "") . "FROM posts " . ($Multi_forum['configs']['use_attachment_mod'] ? "LEFT JOIN attachments ON attachments.postid = posts.id " . "LEFT JOIN attachmentdownloads ON attachmentdownloads.fileid = attachments.id " : "") . "WHERE posts.id=" . sqlesc($postid)) or sqlerr(__FILE__, __LINE__);
if ($Multi_forum['configs']['use_attachment_mod'] && !empty($arr['filename'])) {
$filename = $Multi_forum['configs']['attachment_dir'] . "/" . $arr['filename'];
if (is_file($filename)) {
unlink($filename);
}
******
*/
if (!defined('IN_INSTALLER09_FORUM')) {
$HTMLOUT = '';
$HTMLOUT .= '<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta charset="' . charset() . '" />
<title>ERROR</title>
</head><body>
<h1 style="text-align:center;">Error</h1>
<p style="text-align:center;">How did you get here? silly rabbit Trix are for kids!.</p>
</body></html>';
echo $HTMLOUT;
exit;
}
if ($CURUSER['class'] >= UC_STAFF || isMod($forumid, "forum")) {
$HTMLOUT .= "<form method='post' action='forums.php'>\r\n\t <input type='hidden' name='action' value='updatetopic' />\r\n\t <input type='hidden' name='topicid' value='{$topicid}' />";
/*$HTMLOUT .= begin_table();*/
$HTMLOUT .= "<table class='table table-hover table-bordered'>\r\n\t <tr>\r\n\t <td colspan='2' class='colhead'>Staff options</td>\r\n\t </tr>\r\n\t <tr>\r\n\t <td class='rowhead' width='1%'>Sticky</td>\r\n\t <td>\r\n\t <select name='sticky'>\r\n\t <option value='yes'" . ($sticky ? " selected='selected'" : '') . ">Yes</option>\r\n\t <option value='no' " . (!$sticky ? " selected='selected'" : '') . ">No</option>\r\n\t </select>\r\n\t </td>\r\n\t </tr>\r\n\t <tr>\r\n\t <td class='rowhead'>Locked</td>\r\n\t <td>\r\n\t <select name='locked'>\r\n\t <option value='yes'" . ($locked ? " selected='selected'" : '') . ">Yes</option>\r\n\t <option value='no'" . (!$locked ? " selected='selected'" : '') . ">No</option>\r\n\t </select>\r\n\t </td>\r\n\t </tr>\r\n\t <tr>\r\n\t <td class='rowhead'>Topic name</td>\r\n\t <td>\r\n\t <input type='text' name='topic_name' size='60' maxlength='{$Multi_forum['configs']['maxsubjectlength']}' value='" . htmlsafechars($subject) . "' />\r\n\t </td>\r\n\t </tr>\r\n\t <tr>\r\n\t <td class='rowhead'>Move topic</td>\r\n\t <td>\r\n\t <select name='new_forumid'>";
$res = sql_query("SELECT id, name, min_class_write FROM forums ORDER BY name") or sqlerr(__FILE__, __LINE__);
while ($arr = mysqli_fetch_assoc($res)) {
if ($CURUSER['class'] >= $arr["min_class_write"]) {
$HTMLOUT .= '<option value="' . (int) $arr["id"] . '"' . ($arr["id"] == $forumid ? ' selected="selected"' : '') . '>' . htmlsafechars($arr["name"]) . '</option>';
}
}
$HTMLOUT .= "</select>\r\n\t </td></tr>\r\n\t <tr>\r\n\t <td class='rowhead' style='white-space:nowrap;'>Delete topic</td>\r\n\t <td>\r\n <select name='delete'>\r\n\t <option value='no' selected='selected'>No</option>\r\n\t <option value='yes'>Yes</option>\r\n\t </select>\r\n\t <br />\r\n\t <b>Note:</b> Any changes made to the topic won't take effect if you select 'yes'\r\n\t </td>\r\n\t </tr>\r\n\t <tr>\r\n\t <td colspan='2' align='center'>\r\n\t <input type='submit' class='btn btn-primary' value='Update Topic' />\r\n\t </td>\r\n\t </tr>";
$HTMLOUT .= "</table>";
/*$HTMLOUT .= end_table();*/
$HTMLOUT .= "</form>";
}
function show_forums($forid, $subforums = false, $sfa = "", $mods_array = "", $show_mods = false)
{
global $CURUSER, $INSTALLER09, $Multi_forum;
$mods_array = forummods();
$htmlout = '';
$forums_res = sql_query("SELECT f.id, f.name, f.description, f.post_count, f.topic_count, f.min_class_read, p.added, p.topic_id, p.anonymous, p.user_id, p.id AS pid, u.id AS uid, u.username, u.class, u.donor, u.enabled, u.warned, u.chatpost, u.leechwarn, u.pirate, u.king, t.topic_name, t.last_post, r.last_post_read " . "FROM forums AS f " . "LEFT JOIN posts AS p ON p.id = (SELECT MAX(last_post) FROM topics WHERE forum_id = f.id) " . "LEFT JOIN users AS u ON u.id = p.user_id " . "LEFT JOIN topics AS t ON t.id = p.topic_id " . "LEFT JOIN read_posts AS r ON r.user_id = " . sqlesc($CURUSER['id']) . " AND r.topic_id = p.topic_id " . "WHERE " . ($subforums == false ? "f.forum_id = " . sqlesc($forid) . " AND f.place =-1 ORDER BY f.forum_id ASC" : "f.place=" . sqlesc($forid) . " ORDER BY f.id ASC") . "") or sqlerr(__FILE__, __LINE__);
$htmlout .= begin_f_main_table();
while ($forums_arr = mysqli_fetch_assoc($forums_res)) {
if ($CURUSER['class'] < $forums_arr["min_class_read"]) {
continue;
}
$forumid = (int) $forums_arr["id"];
$lastpostid = (int) $forums_arr['last_post'];
$user_stuff = $forums_arr;
$user_stuff['id'] = (int) $forums_arr['uid'];
if ($subforums == false && !empty($sfa[$forumid])) {
if ($sfa[$forumid]['last_post']['postid'] > $forums_arr['pid']) {
if ($sfa[$forumid]['last_post']["anonymous"] == "yes") {
if ($CURUSER['class'] < UC_STAFF && $sfa[$forumid]['last_post']['user_id'] != $CURUSER['id']) {
$lastpost1 = "Anonymous<br />";
} else {
$lastpost1 = "Anonymous[<a href='{$INSTALLER09['baseurl']}/userdetails.php?id=" . (int) $sfa[$forumid]['last_--post']['userid'] . "'><b>" . htmlsafechars($sfa[$forumid]['last_post']['user']) . "</b></a>]<br />";
}
} elseif ($sfa[$forumid]['last_post']["anonymous"] == "no") {
$lastpost1 = "<a href='{$INSTALLER09['baseurl']}/userdetails.php?id=" . (int) $sfa[$forumid]['last_post']['userid'] . "'><b>" . htmlsafechars($sfa[$forumid]['last_post']['user']) . "</b></a><br />";
}
$lastpost = "" . get_date($sfa[$forumid]['last_post']['added'], 'LONG', 1, 0) . "<br />" . "by {$lastpost1}" . "in <a href='{$INSTALLER09['baseurl']}/forums.php?action=viewtopic&topicid=" . (int) $sfa[$forumid]['last_post']['topic'] . "&page=p" . (int) $sfa[$forumid]['last_post']['post_id'] . "#p" . (int) $sfa[$forumid]['last_post']['post_id'] . "'><b>" . htmlsafechars($sfa[$forumid]['last_post']['tname']) . "</b></a>";
} elseif ($sfa[$forumid]['last_post']['postid'] < $forums_arr['pid']) {
if ($forums_arr["anonymous"] == "yes") {
if ($CURUSER['class'] < UC_STAFF && $forums_arr["user_id"] != $CURUSER["id"]) {
$lastpost2 = "Anonymous<br />";
} else {
$lastpost2 = "Anonymous[<a href='{$INSTALLER09['baseurl']}/userdetails.php?id=" . (int) $forums_arr["user_id"] . "'><b>" . format_username($user_stuff, true) . "</b></a>]<br />";
}
} elseif ($forums_arr["anonymous"] == "no") {
$lastpost2 = "<a href='{$INSTALLER09['baseurl']}/userdetails.php?id=" . (int) $forums_arr["user_id"] . "'><b>" . format_username($user_stuff, true) . "</b></a><br />";
}
$lastpost = "" . get_date($forums_arr["added"], 'LONG', 1, 0) . "<br />" . "by {$lastpost2}" . "in <a href='{$INSTALLER09['baseurl']}/forums.php?action=viewtopic&topicid=" . (int) $forums_arr["topic_id"] . "&page=p{$lastpostid}#p{$lastpostid}'><b>" . htmlsafechars($forums_arr['topic_name']) . "</b></a>";
} else {
$lastpost = "N/A";
}
} else {
if (is_valid_id($forums_arr['pid'])) {
if ($forums_arr["anonymous"] == "yes") {
if ($CURUSER['class'] < UC_STAFF && $forums_arr["user_id"] != $CURUSER["id"]) {
$lastpost = "" . get_date($forums_arr["added"], 'LONG', 1, 0) . "<br />" . "by <i>Anonymous</i><br />" . "in <a href='" . $INSTALLER09['baseurl'] . "/forums.php?action=viewtopic&topicid=" . (int) $forums_arr["topic_id"] . "&page=p{$lastpostid}#p{$lastpostid}'><b>" . htmlsafechars($forums_arr['topic_name']) . "</b></a>";
} else {
$lastpost = "" . get_date($forums_arr["added"], 'LONG', 1, 0) . "<br />" . "by <i>Anonymous[</i><a href='{$INSTALLER09['baseurl']}/userdetails.php?id=" . (int) $forums_arr["user_id"] . "'><b>" . format_username($user_stuff, true) . "</b></a>]<br />" . "in <a href='{$INSTALLER09['baseurl']}/forums.php??action=viewtopic&topicid=" . (int) $forums_arr["topic_id"] . "&page=p{$lastpostid}#p{$lastpostid}'><b>" . htmlsafechars($forums_arr['topic_name']) . "</b></a>";
}
} else {
$lastpost = "<span class='smalltext'><a href='{$INSTALLER09['baseurl']}/forums.php?action=viewtopic&topicid=" . (int) $forums_arr["topic_id"] . "&page=p{$lastpostid}#p{$lastpostid}'>" . htmlsafechars($forums_arr['topic_name']) . "</a><br />" . "" . get_date($forums_arr["added"], 'LONG', 1, 0) . "<br />" . "by <a href='{$INSTALLER09['baseurl']}/userdetails.php?id=" . (int) $forums_arr["user_id"] . "'>" . format_username($user_stuff, true) . "</a> ";
}
} else {
$lastpost = "N/A";
}
}
$image_to_use = $forums_arr['added'] > TIME_NOW - $INSTALLER09['readpost_expiry'] ? (int) $forums_arr['pid'] > $forums_arr['last_post_read'] : 0;
if (is_valid_id($forums_arr['pid'])) {
$img = $image_to_use ? '<span class="forum_status forum_on ajax_mark_read" title="Forum Contains New Posts" ></span>' : '<span class="forum_status forum_off ajax_mark_read" title="Forum Contains No New Posts" ></span>';
} else {
$img = "<span class='forum_status forum_offlock ajax_mark_read' title='Forum Contains No Posts' ></span>";
}
if ($subforums == false && !empty($sfa[$forumid])) {
list($subposts, $subtopics) = get_count($sfa[$forumid]["count"]);
$topics = $forums_arr["topic_count"] + $subtopics;
$posts = $forums_arr["post_count"] + $subposts;
} else {
$topics = (int) $forums_arr["topic_count"];
$posts = (int) $forums_arr["post_count"];
}
$htmlout .= "\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td class=row align='center' valign='middle' width='1%'>" . $img . "</td>\n\t\t\t\t\t\t<td class=row valign='middle' width='50%'>\n\t\t\t\t\t\t<strong><a href='{$INSTALLER09['baseurl']}/forums.php?action=viewforum&forumid=" . $forumid . "'><b>" . htmlsafechars($forums_arr["name"]) . "</b></a></strong>\n";
if ($CURUSER['class'] >= UC_ADMINISTRATOR || isMod($forumid, "forum")) {
$htmlout .= " <font class='small'><a class='altlink' href='{$INSTALLER09['baseurl']}/forums.php?action=editforum&forumid=" . $forumid . "'><span class='btn btn-default btn-xs'><i class='fa fa-pencil-square-o'></i>\n\t\t Edit</span></a>  <a class='altlink' href='{$INSTALLER09['baseurl']}/forums.php?action=deleteforum&forumid=" . $forumid . "'><span class='btn btn-default btn-xs'><i class='fa fa-eraser'></i>\n\t\t Delete</span></a></font>";
}
if (!empty($forums_arr["description"])) {
$htmlout .= "<br />" . htmlsafechars($forums_arr["description"]) . "";
}
if ($subforums == false && !empty($sfa[$forumid])) {
$htmlout .= "<br/>" . subforums($sfa[$forumid]["topics"]);
}
if ($show_mods == true && isset($mods_array[$forumid])) {
$htmlout .= "<br/>" . showMods($mods_array[$forumid]);
}
$htmlout .= "</td>\n<td class=row valign='top' style='white-space: nowrap' width= '8%'>\n<span class='badge'>" . number_format($posts) . "</span> Posts</br>\n<span class='badge'>" . number_format($topics) . "</span> Topics\n</td>\n\t\t\t<td class=row valign='top' align='right' style='white-space: nowrap'>" . $lastpost . "</td>\n\t\t</tr>\n\t\t";
}
$htmlout .= "</table><br />";
$htmlout .= end_f_body_div();
$htmlout .= end_f_main_div();
return $htmlout;
}
function show_forums($forid, $subforums = false, $sfa = "", $mods_array = "", $show_mods = false)
{
global $CURUSER, $TBDEV;
$htmlout = '';
$forums_res = mysql_query("SELECT f.id, f.name, f.description, f.postcount, f.topiccount, f.minclassread, p.added, p.topicid, p.anonymous, p.userid, p.id AS pid, u.username, t.subject, t.lastpost, r.lastpostread " . "FROM forums AS f " . "LEFT JOIN posts AS p ON p.id = (SELECT MAX(lastpost) FROM topics WHERE forumid = f.id) " . "LEFT JOIN users AS u ON u.id = p.userid " . "LEFT JOIN topics AS t ON t.id = p.topicid " . "LEFT JOIN readposts AS r ON r.userid = " . sqlesc($CURUSER['id']) . " AND r.topicid = p.topicid " . "WHERE " . ($subforums == false ? "f.forid = {$forid} AND f.place =-1 ORDER BY f.forid ASC" : "f.place={$forid} ORDER BY f.id ASC") . "") or sqlerr(__FILE__, __LINE__);
while ($forums_arr = mysql_fetch_assoc($forums_res)) {
if ($CURUSER['class'] < $forums_arr["minclassread"]) {
continue;
}
$forumid = (int) $forums_arr["id"];
$lastpostid = (int) $forums_arr['lastpost'];
if ($subforums == false && !empty($sfa[$forumid])) {
if ($sfa[$forumid]['lastpost']['postid'] > $forums_arr['pid']) {
if ($sfa[$forumid]['lastpost']["anonymous"] == "yes") {
if ($CURUSER['class'] < UC_MODERATOR && $sfa[$forumid]['lastpost']['userid'] != $CURUSER['id']) {
$lastpost1 = "Anonymous<br />";
} else {
$lastpost1 = "Anonymous(<a href='{$TBDEV['baseurl']}/userdetails.php?id=" . (int) $sfa[$forumid]['lastpost']['userid'] . "'><b>" . htmlspecialchars($sfa[$forumid]['lastpost']['user']) . "</b></a>)<br />";
}
} elseif ($sfa[$forumid]['lastpost']["anonymous"] == "no") {
$lastpost1 = "<a href='{$TBDEV['baseurl']}/userdetails.php?id=" . (int) $sfa[$forumid]['lastpost']['userid'] . "'><b>" . htmlspecialchars($sfa[$forumid]['lastpost']['user']) . "</b></a><br />";
}
$lastpost = "" . get_date($sfa[$forumid]['lastpost']['added'], 'LONG', 1, 0) . "<br />" . "by {$lastpost1}" . "in <a href='" . $_SERVER['PHP_SELF'] . "?action=viewtopic&topicid=" . (int) $sfa[$forumid]['lastpost']['topic'] . "&page=p" . $sfa[$forumid]['lastpost']['postid'] . "#p" . $sfa[$forumid]['lastpost']['postid'] . "'><b>" . htmlspecialchars($sfa[$forumid]['lastpost']['tname']) . "</b></a>";
} elseif ($sfa[$forumid]['lastpost']['postid'] < $forums_arr['pid']) {
if ($forums_arr["anonymous"] == "yes") {
if ($CURUSER['class'] < UC_MODERATOR && $forums_arr["userid"] != $CURUSER["id"]) {
$lastpost2 = "Anonymous<br />";
} else {
$lastpost2 = "Anonymous(<a href='{$TBDEV['baseurl']}/userdetails.php?id=" . (int) $forums_arr["userid"] . "'><b>" . htmlspecialchars($forums_arr['username']) . "</b></a>)<br />";
}
} elseif ($forums_arr["anonymous"] == "no") {
$lastpost2 = "<a href='{$TBDEV['baseurl']}/userdetails.php?id=" . (int) $forums_arr["userid"] . "'><b>" . htmlspecialchars($forums_arr['username']) . "</b></a><br />";
}
$lastpost = "" . get_date($forums_arr["added"], 'LONG', 1, 0) . "<br />" . "by {$lastpost2}" . "in <a href='" . $_SERVER['PHP_SELF'] . "?action=viewtopic&topicid=" . (int) $forums_arr["topicid"] . "&page=p{$lastpostid}#p{$lastpostid}'><b>" . htmlspecialchars($forums_arr['subject']) . "</b></a>";
} else {
$lastpost = "N/A";
}
} else {
if (is_valid_id($forums_arr['pid'])) {
if ($forums_arr["anonymous"] == "yes") {
if ($CURUSER['class'] < UC_MODERATOR && $forums_arr["userid"] != $CURUSER["id"]) {
$lastpost = "" . get_date($forums_arr["added"], 'LONG', 1, 0) . "<br />" . "by <i>Anonymous</i><br />" . "in <a href='" . $_SERVER['PHP_SELF'] . "?action=viewtopic&topicid=" . (int) $forums_arr["topicid"] . "&page=p{$lastpostid}#p{$lastpostid}'><b>" . htmlspecialchars($forums_arr['subject']) . "</b></a>";
} else {
$lastpost = "" . get_date($forums_arr["added"], 'LONG', 1, 0) . "<br />" . "by <i>Anonymous</i>(<a href='{$TBDEV['baseurl']}/userdetails.php?id=" . (int) $forums_arr["userid"] . "'><b>" . htmlspecialchars($forums_arr['username']) . "</b></a>)<br />" . "in <a href='" . $_SERVER['PHP_SELF'] . "?action=viewtopic&topicid=" . (int) $forums_arr["topicid"] . "&page=p{$lastpostid}#p{$lastpostid}'><b>" . htmlspecialchars($forums_arr['subject']) . "</b></a>";
}
} else {
$lastpost = "" . get_date($forums_arr["added"], 'LONG', 1, 0) . "<br />" . "by <a href='{$TBDEV['baseurl']}/userdetails.php?id=" . (int) $forums_arr["userid"] . "'><b>" . htmlspecialchars($forums_arr['username']) . "</b></a><br />" . "in <a href='" . $_SERVER['PHP_SELF'] . "?action=viewtopic&topicid=" . (int) $forums_arr["topicid"] . "&page=p{$lastpostid}#p{$lastpostid}'><b>" . htmlspecialchars($forums_arr['subject']) . "</b></a>";
}
} else {
$lastpost = "N/A";
}
}
if (is_valid_id($forums_arr['pid'])) {
$img = 'unlocked' . ($forums_arr['added'] > time() - $TBDEV['readpost_expiry'] ? (int) $forums_arr['pid'] > $forums_arr['lastpostread'] : 0 ? 'new' : '');
} else {
$img = "unlocked";
}
if ($subforums == false && !empty($sfa[$forumid])) {
list($subposts, $subtopics) = get_count($sfa[$forumid]["count"]);
$topics = $forums_arr["topiccount"] + $subtopics;
$posts = $forums_arr["postcount"] + $subposts;
} else {
$topics = $forums_arr["topiccount"];
$posts = $forums_arr["postcount"];
}
$htmlout .= "<tr>\r\n\t\t\t<td align='left'>\r\n\t\t\t\t<table border='0' cellspacing='0' cellpadding='0' style='border:none;'>\r\n\t\t\t\t\t<tr>\r\n\t\t\t\t\t\t<td class='embedded' style='padding-right: 5px'><img src='" . $TBDEV['pic_base_url'] . $img . ".gif' alt='' /></td>\r\n\t\t\t\t\t\t<td class='embedded'>\r\n\t\t\t\t\t\t\t<a href='" . $_SERVER['PHP_SELF'] . "?action=viewforum&forumid=" . $forumid . "'><b>" . htmlspecialchars($forums_arr["name"]) . "</b></a>";
if ($CURUSER['class'] >= UC_ADMINISTRATOR || isMod($forumid)) {
$htmlout .= " <font class='small'>[<a class='altlink' href='" . $_SERVER['PHP_SELF'] . "?action=editforum&forumid=" . $forumid . "'>Edit</a>][<a class='altlink' href='" . $_SERVER['PHP_SELF'] . "?action=deleteforum&forumid=" . $forumid . "'>Delete</a>]</font>";
}
if (!empty($forums_arr["description"])) {
$htmlout .= "<br />" . htmlspecialchars($forums_arr["description"]);
}
if ($subforums == false && !empty($sfa[$forumid])) {
$htmlout .= "<br/>" . subforums($sfa[$forumid]["topics"]);
}
if ($show_mods == true && isset($mods_array[$forumid])) {
$htmlout .= "<br/>" . showMods($mods_array[$forumid]);
}
$htmlout .= "</td>\r\n\t\t\t\t\t</tr>\r\n\t\t\t\t</table>\r\n\t\t\t</td>\r\n\t\t\t<td align='center'>" . number_format($topics) . "</td>\r\n\t\t\t<td align='center'>" . number_format($posts) . "</td>\r\n\t\t\t<td align='left' nowrap='nowrap'>" . $lastpost . "</td>\r\n\t\t</tr>";
}
return $htmlout;
}
function show_forums($forid, $subforums = false, $sfa = "", $show_mods = false)
{
global $CURUSER, $pic_base_url, $READPOST_EXPIRY, $DEFAULTBASEURL, $ss_uri, $forummods;
$forums_res = sql_query("SELECT f.id, f.name, f.description, f.postcount, f.topiccount, f.minclassread, p.added, p.topicid, p.userid, p.id AS pid, u.username, t.subject, t.lastpost, r.lastpostread " . "FROM forums AS f " . "LEFT JOIN posts AS p ON p.id = (SELECT MAX(lastpost) FROM topics WHERE forumid = f.id) " . "LEFT JOIN users AS u ON u.id = p.userid " . "LEFT JOIN topics AS t ON t.id = p.topicid " . "LEFT JOIN readposts AS r ON r.userid = " . sqlesc($CURUSER['id']) . " AND r.topicid = p.topicid " . "WHERE " . ($subforums == false ? "f.forid = {$forid} AND f.place =-1 ORDER BY f.forid ASC" : "f.place={$forid} ORDER BY f.id ASC") . "") or sqlerr(__FILE__, __LINE__);
while ($forums_arr = mysql_fetch_assoc($forums_res)) {
if ($CURUSER['class'] < $forums_arr["minclassread"]) {
continue;
}
$forumid = (int) $forums_arr["id"];
$lastpostid = (int) $forums_arr['lastpost'];
if ($subforums == false && !empty($sfa[$forumid])) {
if ($sfa[$forumid]['lastpost']['postid'] > $forums_arr['pid']) {
$lastpost = "" . $sfa[$forumid]['lastpost']['added'] . "<br />" . "by <a href='{$DEFAULTBASEURL}/userdetails.php?id=" . (int) $sfa[$forumid]['lastpost']['userid'] . "'><b>" . safeChar($sfa[$forumid]['lastpost']['user']) . "</b></a><br />" . "in <a href='" . $_SERVER['PHP_SELF'] . "?action=viewtopic&topicid=" . (int) $sfa[$forumid]['lastpost']['topic'] . "&page=p" . $sfa[$forumid]['lastpost']['postid'] . "#p" . $sfa[$forumid]['lastpost']['postid'] . "'><b>" . safeChar($sfa[$forumid]['lastpost']['tname']) . "</b></a>";
} elseif ($sfa[$forumid]['lastpost']['postid'] < $forums_arr['pid']) {
$lastpost = "" . $forums_arr["added"] . "<br />" . "by <a href='{$DEFAULTBASEURL}/userdetails.php?id=" . (int) $forums_arr["userid"] . "'><b>" . safeChar($forums_arr['username']) . "</b></a><br />" . "in <a href='" . $_SERVER['PHP_SELF'] . "?action=viewtopic&topicid=" . (int) $forums_arr["topicid"] . "&page=p{$lastpostid}#p{$lastpostid}'><b>" . safeChar($forums_arr['subject']) . "</b></a>";
} else {
$lastpost = "N/A";
}
} else {
if (is_valid_id($forums_arr['pid'])) {
$lastpost = "" . $forums_arr["added"] . "<br />" . "by <a href='{$DEFAULTBASEURL}/userdetails.php?id=" . (int) $forums_arr["userid"] . "'><b>" . safeChar($forums_arr['username']) . "</b></a><br />" . "in <a href='" . $_SERVER['PHP_SELF'] . "?action=viewtopic&topicid=" . (int) $forums_arr["topicid"] . "&page=p{$lastpostid}#p{$lastpostid}'><b>" . safeChar($forums_arr['subject']) . "</b></a>";
} else {
$lastpost = "N/A";
}
}
if (is_valid_id($forums_arr['pid'])) {
$img = 'unlocked' . ($forums_arr['added'] > get_date_time(gmtime() - $READPOST_EXPIRY) ? (int) $forums_arr['pid'] > $forums_arr['lastpostread'] : 0 ? 'new' : '');
} else {
$img = "unlocked";
}
if ($subforums == false && !empty($sfa[$forumid])) {
list($subposts, $subtopics) = get_count($sfa[$forumid]["count"]);
$topics = $forums_arr["topiccount"] + $subtopics;
$posts = $forums_arr["postcount"] + $subposts;
} else {
$topics = $forums_arr["topiccount"];
$posts = $forums_arr["postcount"];
}
?>
<tr>
<td align='left' style="border:none;">
<table border=0 cellspacing=0 cellpadding=0 style="border:none;">
<tr>
<td class=embedded style='padding-right: 5px'><img src="themes/<?php
echo $ss_uri . "/forum/" . $img;
?>
.png" /></td>
<td class=embedded>
<a href='<?php
echo $_SERVER['PHP_SELF'];
?>
?action=viewforum&forumid=<?php
echo $forumid;
?>
'><b><?php
echo safeChar($forums_arr["name"]);
?>
</b></a><?php
if ($CURUSER['class'] >= UC_ADMINISTRATOR || isMod($forumid)) {
?>
<font class='small'>[<a class='altlink' href='<?php
echo $_SERVER['PHP_SELF'];
?>
?action=editforum&forumid=<?php
echo $forumid;
?>
'>Edit</a>][<a class='altlink' href='<?php
echo $_SERVER['PHP_SELF'];
?>
?action=deleteforum&forumid=<?php
echo $forumid;
?>
'>Delete</a>]</font><?php
}
if (!empty($forums_arr["description"])) {
?>
<br /><?php
echo safeChar($forums_arr["description"]);
}
if ($subforums == false && !empty($sfa[$forumid])) {
echo "<br/>" . subforums($sfa[$forumid]["topics"]);
}
if ($show_mods == true && isset($forummods[$forumid])) {
print "<br/>" . showMods($forummods[$forumid]);
}
?>
</td>
</tr>
</table>
</td>
<td align='center'><?php
echo number_format($topics);
?>
</td>
<td align='center'><?php
echo number_format($posts);
?>
</td>
<td align='left' nowrap="nowrap"><?php
echo $lastpost;
?>
</td>
</tr><?php
}
}
}
/* access rights
---------------------------------------------------------------------------------------------------------------------- */
//get the lock status of the current forum we’re in:
//"threads" - only users in "mods.txt" / "members.txt" can start threads, but anybody can reply
//"posts" - only users in "mods.txt" / "members.txt" can start threads or reply
define('FORUM_LOCK', trim(@file_get_contents('locked.txt')));
//get the list of moderators:
//(`file` returns NULL if the file doesn’t exist; casting that to an array creates an array with a blank element, and
//`array_filter` removes blank elements, including blank lines in the text file; we could use the `FILE_SKIP_EMPTY_LINES`
//flag, but `array_filter` kills two birds with one stone since we don’t have to check if the file exists beforehand.)
$MODS = array('GLOBAL' => array_filter((array) @file(FORUM_ROOT . '/mods.txt', FILE_IGNORE_NEW_LINES)), 'LOCAL' => PATH ? array_filter((array) @file('mods.txt', FILE_IGNORE_NEW_LINES)) : array());
//get the list (if any) of users allowed to access this current forum
$MEMBERS = array_filter((array) @file('members.txt', FILE_IGNORE_NEW_LINES));
//is the current user a moderator in this forum?
define('IS_MOD', isMod(NAME));
//is the current user a member of this forum?
define('IS_MEMBER', isMember(NAME));
//can the current user post new threads in the current forum?
//(posting replies is dependent on the the thread -- if locked -- so tested in 'thread.php')
define('CAN_POST', FORUM_ENABLED && (IS_MOD || IS_MEMBER || !FORUM_LOCK));
/* send HTTP headers
====================================================================================================================== */
//if enabled, enforce HTTPS
if (FORUM_HTTPS) {
if (@$_SERVER['HTTPS'] == 'on') {
//if forced-HTTPS is on and a HTTPS connection is being used, send the 30-day HSTS header
//see <en.wikipedia.org/wiki/Strict_Transport_Security> for more details
header('Strict-Transport-Security: max-age=2592000');
} else {
//if forced-HTTPS is on and a HTTPS connection is not being used, redirect to the HTTPS version of the current page
<?php
if (isLoggedIn() && isMod()) {
if (isset($_POST['add'])) {
if (!isValidSessionkey()) {
die("Hack attempt blocked.");
}
$title = makeSafeSQL($_POST['title']);
$content = makeSafeSQL($_POST['content']);
sqlQuery("INSERT INTO \"news\" (\"Author\",\"Title\",\"Content\") VALUES(" . $me->id . ",'{$title}','{$content}')");
header("Location: index.php");
exit;
}
?>
<div class="title">[Mod] Add News</div>
<div class="block">
<div class="blocktitle">Post</div>
<div class="blockcontent">
<form method="post" action="index.php?page=mod_news">
<p>Title:<br /><input type="text" name="title" class="halfwidth" /></p>
<p>Contents:<br /><textarea name="content"></textarea></p>
<?php
echoHiddenSessionkey();
?>
<input type="submit" name="add" value="Add" />
</form>
</div>
</div>
<?php
} else {
header("Location: index.php");
<p style="text-align:center;">How did you get here? silly rabbit Trix are for kids!.</p>
</body></html>';
echo $HTMLOUT;
exit;
}
$topicid = isset($_GET['topicid']) ? (int) $_GET['topicid'] : (isset($_POST['topicid']) ? (int) $_POST['topicid'] : 0);
if (!is_valid_id($topicid)) {
stderr('Error...', 'Invalid topic ID!');
}
$topic_res = sql_query('SELECT t.sticky, t.locked, t.topic_name, t.forum_id, f.min_class_write, ' . '(SELECT COUNT(id) FROM posts WHERE topic_id = t.id) As post_count ' . 'FROM topics AS t ' . 'LEFT JOIN forums AS f ON f.id = t.forum_id ' . 'WHERE t.id=' . sqlesc($topicid)) or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($topic_res) == 0) {
stderr('Error...', 'No topic with that ID!');
}
$topic_arr = mysqli_fetch_assoc($topic_res);
if (isMod($topic_arr["forum_id"]) || $CURUSER['class'] >= UC_STAFF) {
if ($CURUSER['class'] < $topic_arr['min_class_write'] && !isMod($topic_arr["forum_id"], "topic")) {
stderr('Error...', 'You are not allowed to edit this topic.');
}
$forumid = (int) $topic_arr['forum_id'];
$subject = htmlsafechars($topic_arr['topic_name']);
if ((isset($_GET['delete']) ? htmlsafechars($_GET['delete']) : (isset($_POST['delete']) ? htmlsafechars($_POST['delete']) : '')) == 'yes') {
if ((isset($_GET['sure']) ? htmlsafechars($_GET['sure']) : (isset($_POST['sure']) ? htmlsafechars($_POST['sure']) : '')) != 'yes') {
stderr("Sanity check...", "You are about to delete this topic: <b>" . $subject . "</b>. Click <a href='{$INSTALLER09['baseurl']}/forums.php?action={$action}&topicid={$topicid}&delete=yes&sure=yes'>here</a> if you are sure.");
}
write_log("topicdelete", "Topic <b>" . $subject . "</b> was deleted by <a href='{$INSTALLER09['baseurl']}/userdetails.php?id=" . (int) $CURUSER['id'] . "'>" . htmlsafechars($CURUSER['username']) . "</a>.");
if ($Multi_forum['configs']['use_attachment_mod']) {
$res = sql_query("SELECT attachments.filename " . "FROM posts " . "LEFT JOIN attachments ON attachments.postid = posts.id " . "WHERE posts.topicid=" . sqlesc($topicid)) or sqlerr(__FILE__, __LINE__);
while ($arr = mysqli_fetch_assoc($res)) {
if (!empty($arr['filename']) && is_file($Multi_forum['configs']['attachment_dir'] . "/" . $arr['filename'])) {
unlink($Multi_forum['configs']['attachment_dir'] . "/" . $arr['filename']);
}
//get the lock status of the current forum we’re in:
//"threads" - only users in "mods.txt" / "members.txt" can start threads, but anybody can reply
//"news" - as above, but the forum is listed by original posting date (descending), not last-reply date
//"posts" - only users in "mods.txt" / "members.txt" can start threads or reply
define('FORUM_LOCK', trim(@file_get_contents('locked.txt')));
//get the list of moderators:
//(`file` returns NULL if the file doesn’t exist; casting that to an array creates an array with a blank element, and
// `array_filter` removes blank elements, including blank lines in the text file; we could use the `FILE_SKIP_EMPTY_LINES`
// flag, but `array_filter` kills two birds with one stone since we don’t have to check if the file exists beforehand.)
$MODS = array('GLOBAL' => array_filter((array) @file(FORUM_ROOT . DIRECTORY_SEPARATOR . 'mods.txt', FILE_IGNORE_NEW_LINES)), 'LOCAL' => PATH ? array_filter((array) @file('mods.txt', FILE_IGNORE_NEW_LINES)) : array());
//get the list (if any) of users allowed to access this current forum
$MEMBERS = array_filter((array) @file('members.txt', FILE_IGNORE_NEW_LINES));
//is the current user the site admin? (first name in the root 'mods.txt')
define('IS_ADMIN', AUTH && isAdmin(NAME));
//is the current user a moderator in this forum?
define('IS_MOD', AUTH && isMod(NAME));
//is the current user a member of this forum?
define('IS_MEMBER', AUTH && isMember(NAME));
/* theme & translation
====================================================================================================================== */
/* load the theme configuration
---------------------------------------------------------------------------------------------------------------------- */
//shorthand to the server-side location of the particular theme folder (this gets used a lot)
define('THEME_ROOT', FORUM_ROOT . DIRECTORY_SEPARATOR . 'themes' . DIRECTORY_SEPARATOR . FORUM_THEME . DIRECTORY_SEPARATOR);
//load the theme-specific functions
@(include THEME_ROOT . 'theme.php') or (require FORUM_LIB . 'error_theme.php');
//load the user’s theme configuration, if it exists
@(include THEME_ROOT . 'theme.config.php');
//include the theme defaults
@(include THEME_ROOT . 'theme.config.default.php') or (require FORUM_LIB . 'error_configtheme.php');
/* load translations and select one
//<stackoverflow.com/questions/2119686/sorting-an-array-of-simplexml-objects/2120569#2120569>
foreach ($thread as &$node) {
$sort[] = strtotime($node->pubDate);
}
array_multisort($sort, SORT_ASC, $thread);
//do the page links
theme_pageList($template, $FILE, $PAGE, $PAGES);
//slice the full list into the current page
$thread = array_slice($thread, ($PAGE - 1) * FORUM_POSTS, FORUM_POSTS);
//get the dummy list-item to repeat (removes it and takes a copy)
$item = $template->repeat('.nnf_reply');
//index number of the replies, accounting for which page we are on
$no = ($PAGE - 1) * FORUM_POSTS;
//apply the data to the template (a reply)
foreach ($thread as &$reply) {
$item->set(array('./@id' => substr(strstr($reply->link, '#'), 1), 'time.nnf_reply-time' => date(DATE_FORMAT, strtotime($reply->pubDate)), 'time.nnf_reply-time@datetime' => gmdate('r', strtotime($reply->pubDate)), '.nnf_reply-author' => $reply->author, 'a.nnf_reply-number' => sprintf(THEME_REPLYNO, ++$no), 'a.nnf_reply-number@href' => url('thread', PATH_URL, $FILE, $PAGE) . strstr($reply->link, '#'), 'a.nnf_reply-append@href' => url('append', PATH_URL, $FILE, $PAGE, substr(strstr($reply->link, '#'), 1)) . '#append', 'a.nnf_reply-delete@href' => url('delete', PATH_URL, $FILE, $PAGE, substr(strstr($reply->link, '#'), 1))))->remove(array('./@class' => $reply->xpath('category[.="deleted"]') ? false : 'nnf_deleted'))->remove(array('./@class' => strtolower($reply->author) == strtolower($author) ? false : 'nnf_op'))->remove(array('./@class, .nnf_reply-author@class' => isMod($reply->author) ? false : 'mod'))->remove(array('.nnf_reply-append, .nnf_reply-delete' => !(CAN_REPLY && (IS_MOD || !AUTH_HTTP || strtolower(NAME) == strtolower($reply->author) && (!FORUM_LOCK || FORUM_LOCK == 'threads' || IS_MEMBER))), '.nnf_reply-append' => $reply->xpath('category[.="deleted"]'), '.nnf_reply-delete' => $reply->xpath('category[.="deleted"]') && !IS_MOD));
//insert the post-text, dealing with an invalid HTML error
try {
$item->setValue('.nnf_reply-text', $reply->description, true);
$item->remove(array('./@class' => 'nnf_error'));
} catch (Exception $e) {
//if the HTML was invalid, replace with the corruption message
$item->setValue('.nnf_reply-text', THEME_HTML_ERROR, true);
//remove the append button
$item->remove('.nnf_reply-append');
}
$item->next();
}
}
/* reply form
---------------------------------------------------------------------------------------------------------------------- */
$threads = array_merge($stickies, array_slice($threads, ($PAGE - 1) * FORUM_THREADS, FORUM_THREADS));
//get the dummy list-item to repeat (removes it and takes a copy)
$item = $template->repeat('.nnf_thread');
//generate the list of threads with data, for the template
foreach ($threads as $file) {
if ($xml = @simplexml_load_file($file)) {
//is the thread sticky?
if (in_array($file, $stickies)) {
$item->addClass('.', 'sticky');
}
//get the last post in the thread
$last =& $xml->channel->item[0];
//apply the data to the template
$item->set(array('a.nnf_thread-name' => $xml->channel->title, 'a.nnf_thread-name@href' => pathinfo($file, PATHINFO_FILENAME), '.nnf_thread-replies' => count($xml->channel->item) - 1, 'a.nnf_thread-post@href' => substr($last->link, strpos($last->link, '/', 9)), 'time.nnf_thread-time' => date(DATE_FORMAT, strtotime($last->pubDate)), 'time.nnf_thread-time@datetime' => date('c', strtotime($last->pubDate)), '.nnf_thread-author' => $last->author))->remove(array('.nnf_thread-locked' => !$xml->channel->xpath("category[.='locked']"), '.nnf_thread-sticky' => !in_array($file, $stickies) || $xml->channel->xpath("category[.='locked']")));
//is the last post author a mod?
if (isMod($last->author)) {
$item->addClass('.nnf_thread-author', 'mod');
}
//attach the templated sub-forum item to the list
$item->next();
}
}
} else {
//no threads, remove the template stuff
$template->remove('#nnf_threads');
}
/* new thread form
---------------------------------------------------------------------------------------------------------------------- */
if (CAN_POST) {
$template->set(array('input#nnf_title-field@value' => TITLE, 'input#nnf_name-field-http@value' => NAME, 'input#nnf_name-field@value' => NAME, 'input#nnf_pass-field@value' => PASS, 'textarea#nnf_text-field' => TEXT, 'input#nnf_title-field@maxlength' => SIZE_TITLE, 'input#nnf_name-field@maxlength' => SIZE_NAME, 'input#nnf_pass-field@maxlength' => SIZE_PASS, 'textarea#nnf_text-field@maxlength' => SIZE_TEXT))->remove(HTTP_AUTH ? '#nnf_name, #nnf_pass, #nnf_email, #nnf_error-none' : '#nnf_name-http, #nnf_error-none-http')->remove(FORUM_NEWBIES ? '#nnf_error-newbies' : '#nnf_error-none')->remove(array('#nnf_error-none, #nnf_error-none-http, #nnf_error-newbies' => !empty($_POST), '#nnf_error-auth' => empty($_POST) || !TITLE || !TEXT || !NAME || !PASS || AUTH, '#nnf_error-pass' => empty($_POST) || !TITLE || !TEXT || !NAME || PASS, '#nnf_error-name' => empty($_POST) || !TITLE || !TEXT || NAME, '#nnf_error-text' => empty($_POST) || !TITLE || TEXT, '#nnf_error-title' => empty($_POST) || TITLE));
}
<p style="text-align:center;">How did you get here? silly rabbit Trix are for kids!.</p>
</body></html>';
echo $HTMLOUT;
exit;
}
// -------- Action: Edit post
$postid = (int) $_GET["postid"];
if (!is_valid_id($postid)) {
stderr('Error', 'Invalid ID!');
}
$res = sql_query("SELECT p.user_id, p.topic_id, p.icon, p.body, t.locked, t.forum_id " . "FROM posts AS p " . "LEFT JOIN topics AS t ON t.id = p.topic_id " . "WHERE p.id = " . sqlesc($postid)) or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($res) == 0) {
stderr("Error", "No post with that ID!");
}
$arr = mysqli_fetch_assoc($res);
if (($CURUSER["id"] != $arr["user_id"] || $arr["locked"] == 'yes') && $CURUSER['class'] < UC_STAFF && !isMod($arr["forum_id"], "forum")) {
stderr("Error", "Access Denied!");
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$body = trim(htmlsafechars($_POST['body']));
$posticon = isset($_POST["iconid"]) ? 0 + $_POST["iconid"] : 0;
if (empty($body)) {
stderr("Error", "Body cannot be empty!");
}
if (!isset($_POST['lasteditedby'])) {
sql_query("UPDATE posts SET body=" . sqlesc($body) . ", edit_date=" . TIME_NOW . ", edited_by=" . sqlesc($CURUSER['id']) . ", icon=" . sqlesc($posticon) . " WHERE id=" . sqlesc($postid)) or sqlerr(__FILE__, __LINE__);
} else {
sql_query("UPDATE posts SET body=" . sqlesc($body) . ", icon=" . sqlesc($posticon) . " WHERE id=" . sqlesc($postid)) or sqlerr(__FILE__, __LINE__);
}
header("Location: {$INSTALLER09['baseurl']}/forums.php?action=viewtopic&topicid=" . (int) $arr['topic_id'] . "&page=p{$postid}#p{$postid}");
exit;
