<?php require_once 'hibbity/dbinfo.php'; if (USER_LEVEL < IMAGE_EDIT) { exit; } $x = mysql_real_escape_string($_POST['x']); $y = mysql_real_escape_string($_POST['y']); $width = mysql_real_escape_string($_POST['width']); $height = mysql_real_escape_string($_POST['height']); $text = strip_tags(mysql_real_escape_string($_POST['text'])); $new = mysql_real_escape_string($_POST['new']); $id = mysql_real_escape_string($_POST['id']); $user_id = mysql_real_escape_string($_POST['user_id']); $image_id = mysql_real_escape_string($_POST['image_id']); if ($new == 'true') { $sql = "INSERT INTO `notes`\n\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t \timage_id,\n\t\t\t\t\t\t\t \tuser_id,\n\t\t\t\t\t\t\t \tx,\n\t\t\t\t\t\t\t \ty,\n\t\t\t\t\t\t\t \twidth,\n\t\t\t\t\t\t\t \theight,\n\t\t\t\t\t\t\t\tnote\n\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t \t" . $image_id . ",\n\t\t\t\t\t\t\t \t" . $user_id . ",\n\t\t\t\t\t\t\t\t" . $x . ",\n\t\t\t\t\t\t\t\t" . $y . ",\n\t\t\t\t\t\t\t\t" . $width . ",\n\t\t\t\t\t\t\t\t" . $height . ",\n\t\t\t\t\t\t\t\t'" . $text . "'\n\t\t\t\t\t\t\t)"; } else { $sql = "INSERT `note_histories`\n\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t \tnote_id,\n\t\t\t\t\t\t\t\timage_id,\n\t\t\t\t\t\t\t \tuser_id,\n\t\t\t\t\t\t\t \tx,\n\t\t\t\t\t\t\t \ty,\n\t\t\t\t\t\t\t \twidth,\n\t\t\t\t\t\t\t \theight,\n\t\t\t\t\t\t\t\tnote\n\t\t\t\t\t\t\t)\n\t\t\tSELECT id,\n\t\t\t\t\timage_id,\n\t\t\t\t\tuser_id,\n\t\t\t\t\tx,\n\t\t\t\t\ty,\n\t\t\t\t\twidth,\n\t\t\t\t\theight,\n\t\t\t\t\tnote\n\t\t\tFROM `notes`\n\t\t\tWHERE id = " . $id; mysql_query($sql); $sql = "UPDATE `notes` SET\n\t\t\t\t\t\t\tuser_id = " . $user_id . ",\n\t\t\t\t\t\t\tx = " . $x . ",\n\t\t\t\t\t\t\ty = " . $y . ",\n\t\t\t\t\t\t\twidth = " . $width . ",\n\t\t\t\t\t\t\theight = " . $height . ",\n\t\t\t\t\t\t\tnote = '" . $text . "'\n\t\t\t\t\t\t\t\n\t\t\t\t\t\tWHERE `id` = " . $id; } mysql_query($sql); echo schmancy(nl2br(stripcslashes($text)), 'tn');
</span> <span class="time"> <abbr class="time" title="<?php echo date('D M j h:m:s', strtotime($run_block['posted'])); ?> "><?php echo fuzzy_time($run_block['posted']); ?> </abbr> </span> </span> <div class="content"> <p> <?php echo schmancy(stripslashes(nl2br($run_block['comment'])), 'comment'); ?> </p> </div> <div class="actions"> <span class="self"> </span> <span class="pointquote"> </span> </div> </li> <?php } ?> </ol>
</span> <span class="time"> <abbr class="time" title="<?php echo date('D M j h:m:s', strtotime($run_block['posted'])); ?> "><?php echo fuzzy_time($run['posted_at']); ?> </abbr> </span> </span> <div class="content forum"> <p> <?php echo schmancy($post); ?> </p> <br /><br /><br /> <span class="grey"> <?php if ($run['user_id'] == $_COOKIE['user_id'] || isadmin($_COOKIE['user_id'])) { echo '<a href="' . BASE_URL . '/forum/edit/' . $run['id'] . '">Edit</a> | '; } ?> <a class="quote" id="quote-<?php echo $run['id']; ?> ">Quote</a> </span> </div>