require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
require '../structure/user.php';
require '../structure/poll.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
$poll = new poll($database);
$user->updateLastActive();
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
$id = $_GET['id'];
if (!$poll->pollExists($id)) {
$base->redirect('index.php');
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:IE>
<head>
<meta http-equiv="Expires" content="0">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
<meta name="MSSmartTagsPreventParsing" content="TRUE">
<title><?php
echo $data['wb_title'];
?>
</title>
<link href="../css/main.css" rel="stylesheet" type="text/css" media="all">
<link rel="shortcut icon" href="../img/favicon.ico" />
$user = new user($database);
$forum = new forum($database);
$forum_index = new forum_index($database);
$thread = new thread($database);
$post = new post($database);
$user->updateLastActive();
//get config
$config = $base->loadConfig();
//set some variables that are used a lot throughout the page
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
$f = $_GET['forum'];
$i = $_GET['id'];
//preform basic checks
if (!ctype_digit($f) || !ctype_digit($i) || !$thread->checkExistence($i) || !$thread->canView($i, $username, $rank)) {
$base->redirect('index.php');
}
//if the GOTO field is set, let's skip to the selected post
if (ctype_digit($_GET['goto'])) {
$getPageNum = $thread->getPageNum($_GET['goto'], $i);
if ($getPageNum) {
$base->redirect('viewthread.php?forum=' . $f . '&id=' . $i . '&page=' . $getPageNum . '&highlight=' . $_GET['goto'] . '#' . $_GET['goto']);
}
}
//extract thread details
$detail_query = $database->processQuery("SELECT `id`,`lock`,`sticky`,`title`,`username`,`status`,`content`,`date`,`lastedit`,`qfc`,`moved`,`hidden`,`autohiding` FROM `threads` WHERE `id` = ? LIMIT 1", array($i), true);
//assign data to details[] array
$details['lock'] = $detail_query[0]['lock'];
$details['sticky'] = $detail_query[0]['sticky'];
$details['title'] = stripslashes(htmlentities($detail_query[0]['title']));
$details['username'] = $detail_query[0]['username'];
<?php
require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
require '../structure/user.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
$user->updateLastActive();
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
if ($rank < 4) {
$base->redirect('../index.php');
} elseif (!isset($_GET['id'])) {
$base->redirect('index.php');
} else {
//extract content from selected news post
$data = $database->processQuery("SELECT `title`,`content` FROM `news` WHERE `id` = ?", array($_GET['id']), true);
if ($database->getRowCount() == 0) {
$content = 'No news post exists with the chosen ID. <input type="button" class="button" value="Back" onclick="goBack()" />';
} elseif (!isset($_POST['title']) || !isset($_POST['category']) || !isset($_POST['content'])) {
$content = '
<form action="edit_news.php?id=' . $_GET['id'] . '" method="POST">
<table>
<tr><td>Icon</td><td>
<input type="radio" name="icon" value="1" /> <img src="../img/news/behind_the-scenes_2.gif" width="20" height="20">
<input type="radio" name="icon" value="2" /> <img src="../img/news/fris_kingly_helm.gif" width="20" height="20">
<input type="radio" name="icon" value="3" /> <img src="../img/news/shop_2.gif" width="20" height="20">
<input type="radio" name="icon" value="4" /> <img src="../img/news/technical_3.gif" width="20" height="20">
<input type="radio" name="icon" value="5" /> <img src="../img/news/world.gif" width="20" height="20">
require '../structure/forum.php';
require '../structure/forum.thread.php';
require '../structure/user.php';
$base = new base();
$database = new database($db_host, $db_name, $db_user, $db_password);
$user = new user($database);
$forum = new forum($database);
$thread_obj = new thread($database);
$user->updateLastActive();
//get the user's rank and username, and set the forum variable (less typing)
$username = $user->getUsername($_COOKIE['user'], 0);
$rank = $user->getRank($username);
$f = $_GET['forum'];
//let's also make sure they have the right permissions to view the forum
if ($forum->canView($f, $rank) == false) {
$base->redirect('index.php');
}
//check if a moderator is taking action against threads
if (isset($_POST['action']) && isset($_POST['selection']) && $rank > 2) {
//get all the threads we're going to update
foreach ($_POST['selection'] as $object) {
$threads .= $object . '-';
}
//now send them off to action.php to update all the threads selected
$base->redirect('action.php?forum=' . $f . '&action=' . $_POST['action'] . '&threads=' . $threads);
}
$forum_details = $database->processQuery("SELECT `icon`,`title`,`type` FROM `forums` WHERE `id` = ? LIMIT 1", array($f), true);
//Check existence of the specified forum
if ($database->getRowCount() == 0) {
$base->redirect('index.php');
}
<?php
require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
require '../structure/user.php';
require '../structure/msgcenter.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$msgcenter = new msgcenter($database);
$user = new user($database);
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
$id = $_GET['id'];
if (!$user->isLoggedIn()) {
$base->redirect('../index.php');
}
if ($rank < 4) {
$base->redirect('viewmessage.php?id=' . $_GET['convo']);
}
$user->updateLastActive();
if (!$msgcenter->canView($_GET['convo'], $username, $rank)) {
$content = 'You can\'t edit a reply to a non-existent message. <input type="button" class="button" value="Back" onclick="goBack()" />';
} elseif (!isset($_POST['content'])) {
//get current data
$data = $database->processQuery("SELECT `content` FROM `replies` WHERE `id` = ? LIMIT 1", array($id), true);
$content = '
<form action="editreply.php?id=' . $id . '&convo=' . $_GET['convo'] . '" method="POST">
<table>
<tr><td>Message</td><td><textarea name="content" cols="45" rows="20" class="button" maxlength="2000">' . htmlentities($base->remBr(stripslashes($data[0]['content']))) . '</textarea></td></tr>
<tr><td>Done?</td><td><input type="submit" class="button" value="Update Message"></td></tr>
<?php
require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
require '../structure/user.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
$user->updateLastActive();
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
if ($rank < 4) {
$base->redirect('../index.php');
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:IE>
<head>
<meta http-equiv="Expires" content="0">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
<meta name="MSSmartTagsPreventParsing" content="TRUE">
<title><?php
echo $data['wb_title'];
?>
</title>
<link href="../css/basic-3.css" rel="stylesheet" type="text/css" media="all">
<link rel="shortcut icon" href="../img/favicon.ico" />
<?php
include '../includes/google_analytics.html';
<?php
session_start();
require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
require '../structure/user.php';
require '../structure/user.register.php';
require '../includes/recaptchalib.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
//preform basic checks before loading page
if ($user->isLoggedIn()) {
$base->redirect('../index.php');
}
if (!isset($_SESSION['age']) || !isset($_SESSION['country']) || !isset($_SESSION['username']) || !isset($_SESSION['terms'])) {
$base->redirect('index.php');
}
//0: no error
//1: error
$err = 0;
if (isset($_POST['password']) && isset($_POST['password2'])) {
if ($data['use_recaptcha']) {
$resp = recaptcha_check_answer($data['private_key'], $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
$err = 1;
}
}
if ($_POST['password'] != $_POST['password2']) {
$err = 2;
$database = new database($db_host, $db_name, $db_user, $db_password);
$thread = new thread($database);
$base = new base($database);
$user = new user($database);
$user->updateLastActive();
//useful variables
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
$id = $_GET['id'];
//take action then log it
if ($thread->checkExistence($id) && $thread->canView($id, $username, $rank) && $rank > 2) {
$thread_info = $database->processQuery("SELECT `autohiding` FROM `threads` WHERE `id` = ?", array($id), true);
$database->processQuery("UPDATE `threads` SET `autohiding` = ? WHERE `id` = ?", array($thread_info[0]['autohiding'] == 1 ? 0 : 1, $id), false);
$base->appendToFile('../logs.txt', array($username . ' toggled the auto-hide of the thread ' . $id));
} else {
$base->redirect('../viewthread.php?forum=' . $_GET['forum'] . '&id=' . $id . '&goto=start');
}
$redirect = 'http://' . $domain . '/forums/viewthread.php?forum=' . $_GET['forum'] . '&id=' . $id . '&goto=start';
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:IE>
<!-- LeeStrong Runescape Website Source --!>
<!-- Added by HTTrack --><meta http-equiv="content-type" content="text/html;charset=ISO-8859-1"><!-- /Added by HTTrack -->
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
<meta name="MSSmartTagsPreventParsing" content="TRUE">
<meta HTTP-EQUIV="REFRESH" content="3; url=<?php
echo $redirect;
?>
<?php
require '../structure/base.php';
require '../includes/config.php';
require '../structure/database.php';
require '../structure/forum.php';
require '../structure/forum.thread.php';
require '../structure/user.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
$forum = new forum($database);
$thread_obj = new thread($database);
//make sure the user is logged in and the required data is set
if (!$user->isLoggedIn() || !ctype_digit($_REQUEST['forum']) || !ctype_digit($_REQUEST['id'])) {
$base->redirect('index.php');
}
//set some variables that are used a lot throughout the page
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
$f = $_REQUEST['forum'];
$thread = $_REQUEST['id'];
//make sure they are posting in a forum where they have permission
if ($user->checkMute($username) || !$thread_obj->canView($thread, $username, $rank) || !$thread_obj->canReply($thread, $rank)) {
$base->redirect('index.php');
}
//floodlimit time
$flood_limit = $database->processQuery("SELECT `floodlimit` FROM `config` LIMIT 1", array(), true);
//get the user's last post (time)
$last_post = $database->processQuery("SELECT `lastpost` FROM `users` WHERE `username` = ? LIMIT 1", array($username), true);
if (isset($_POST['message'])) {
<?php
session_start();
require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
require '../structure/user.php';
require '../structure/user.register.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
$register = new user_register($database);
//preform basic checks before loading page
if ($user->isLoggedIn()) {
$base->redirect('../index.php');
}
//lets check if they already have three accounts (max # of accs per ip)
$database->processQuery("SELECT * FROM `users` WHERE `ip` = ?", array($_SERVER['REMOTE_ADDR']), false);
//0: no error 1: error
$err = $database->getRowCount() >= 3 ? 2 : 0;
if (isset($_POST['age']) && isset($_POST['country'])) {
if (!in_array($_POST['age'], array('Below 13', '13-18', '19-24', '25-30', '31-36', '36-39', '40+')) || !ctype_digit($_POST['country'])) {
$err = 1;
} else {
$_SESSION['age'] = $_POST['age'];
$_SESSION['country'] = $_POST['country'];
$base->redirect('username.php');
}
} else {
$register->clear();
}
<?php
require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
require '../structure/user.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
$user->updateLastActive();
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
if ($rank < 4) {
$base->redirect('../index.php');
} else {
//extract a list of forums, other than the one it's currently in
$query_forums = $database->processQuery("SELECT `id`,`title` FROM `forums` ORDER BY `id` ASC", array(), true);
if (!isset($_POST['title']) || !isset($_POST['category']) || !isset($_POST['content'])) {
$content = '
<form action="add_news.php" method="POST">
<table>
<tr><td>Icon</td><td>
<input type="radio" name="icon" value="1" /> <img src="../img/news/behind_the-scenes_2.gif" width="20" height="20">
<input type="radio" name="icon" value="2" /> <img src="../img/news/fris_kingly_helm.gif" width="20" height="20">
<input type="radio" name="icon" value="3" /> <img src="../img/news/shop_2.gif" width="20" height="20">
<input type="radio" name="icon" value="4" /> <img src="../img/news/technical_3.gif" width="20" height="20">
<input type="radio" name="icon" value="5" /> <img src="../img/news/world.gif" width="20" height="20">
<input type="radio" name="icon" value="6" /> <img src="../img/news/green_cauldron.gif" width="20" height="20">
<input type="radio" name="icon" value="7" /> <img src="../img/news/goblin.gif" width="20" height="20">
<input type="radio" name="icon" value="8" /> <img src="../img/news/scroll.gif" width="20" height="20">
<input type="radio" name="icon" value="9" /> <img src="../img/news/mail.gif" width="20" height="20">
echo $_GET['action'];
?>
">
<input type="hidden" name="threads" value="<?php
echo $_GET['threads'];
?>
">
</form>
<?php
} else {
foreach ($threads as $thread) {
moveThread($thread, $_GET['moveto'], $database);
$base->appendToFile('logs.txt', array($username . ' moved the thread ' . $thread . ' to ' . $_GET['moveto']));
}
$base->redirect('viewforum.php?forum=' . $_GET['moveto']);
}
} else {
foreach ($threads as $thread) {
switch ($action) {
case 1:
$forum_thread->hideThread($thread, $rank);
$base->appendToFile('logs.txt', array($username . ' hid/un-hid the thread ' . $thread));
break;
case 2:
$forum_thread->lock($thread, $rank);
$base->appendToFile('logs.txt', array($username . ' locked the thread ' . $thread));
break;
case 4:
setAutoHide($thread, $database, $rank);
$base->appendToFile('logs.txt', array($username . ' toggled auto-hide hide on the thread ' . $thread));
<?php
require '../includes/config.php';
require '../structure/database.php';
require '../structure/forum.php';
require '../structure/base.php';
require '../structure/user.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
$forum = new forum($database);
$user->updateLastActive();
//make sure the user is logged in and required data is set
if (!ctype_digit($_REQUEST['forum']) || !$user->isLoggedIn()) {
$base->redirect('index.php');
}
//set some variables that are used a lot throughout the page
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
$f = $_REQUEST['forum'];
//make sure they are posting in a forum where they have permission
if ($user->checkMute($username) || !$forum->canView($f, $rank) || !$forum->canCreate($f, $rank)) {
$base->redirect('index.php');
}
//floodlimit time
$flood_limit = $database->processQuery("SELECT `floodlimit` FROM `config` LIMIT 1", array(), true);
//get the user's last post (time)
$last_post = $database->processQuery("SELECT `lastpost` FROM `users` WHERE `username` = ? LIMIT 1", array($username), true);
if (isset($_POST['cancel'])) {
$base->redirect('viewforum.php?forum=' . $f);
}
<?php
require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base();
if (isset($_POST['qfc'])) {
$thread = $database->processQuery("SELECT `id`,`parent` FROM `threads` WHERE `qfc` = ? LIMIT 1", array($_POST['qfc']), true);
if ($database->getRowCount() >= 1) {
$base->redirect('viewthread.php?forum=' . $thread[0]['parent'] . '&id=' . $thread[0]['id']);
}
}
$base->redirect('index.php');
<?php
require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
require '../structure/user.php';
require '../structure/poll.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
$poll = new poll($database);
$user->updateLastActive();
$username = $user->getUsername($_COOKIE['user'], 2);
$id = $_POST['id'];
if (!$poll->canVote($id, $username) || !$poll->optionExists($id, $_POST['option'])) {
$base->redirect('index.php');
} else {
$database->processQuery("INSERT INTO `votes` VALUES (null, ?, ?, ?)", array($_POST['option'], $id, $username), false);
}
$base->redirect('results.php?id=' . $id);
<?php
session_start();
require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
require '../structure/user.php';
require '../structure/user.register.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
$register = new user_register($database);
//preform basic checks before loading page
if ($user->isLoggedIn()) {
$base->redirect('../index.php');
}
if (!isset($_SESSION['age']) || !isset($_SESSION['country']) || !isset($_SESSION['username'])) {
$base->redirect('index.php');
}
//0: no error
//1: error
$err = 0;
if (isset($_POST['agree'])) {
$_SESSION['terms'] = true;
$base->redirect('password.php');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- saved from url=(0034)https://secure.rs-2007.com/create/ -->
<html>
<head>
<?php
require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
require '../structure/user.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
$user->updateLastActive();
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
if ($rank < 4) {
$base->redirect('../index.php');
}
if (!isset($_POST['title']) || !isset($_POST['content'])) {
$content = '
<form action="addstory.php" method="POST">
<table>
<tr><td>Notice</td><td>Put square brackets ([]) around a letter to make a fancy letter icon. E.G: [s]</td></tr>
<tr><td>Title</td><td><input type="text" class="button" name="title" maxlength="50"></td></tr>
<tr><td>Content</td><td><textarea name="content" class="button" cols="60" rows="35"></textarea></td></tr>
<tr><td>Done?</td><td><input type="submit" class="button" value="Add"> <input type="submit" name="preview" class="button" value="Preview"></td></tr>
</table>
</form>';
} elseif (isset($_POST['preview'])) {
$content = '<center><input type="button" class="button" value="Back" onclick="goBack()" /></center><br/>' . $base->addSpecials(stripslashes(nl2br($_POST['content'])), '../img/varrock/lores/');
} else {
//insert the new story
$database->processQuery("INSERT INTO `stories` VALUES (null, ?, ?)", array($_POST['title'], nl2br($_POST['content'])), false);
//log it
<?php
require '../../includes/config.php';
require '../../structure/database.php';
require '../../structure/forum.php';
require '../../structure/forum.post.php';
require '../../structure/base.php';
require '../../structure/user.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$post = new post($database);
$base = new base($database);
$user = new user($database);
$user->updateLastActive();
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
//take action then log it
if ($rank > 2) {
$post->hidePost($_GET['pid'], $rank);
}
$base->appendToFile('../logs.txt', array($username . ' hid the post ' . $_GET['pid']));
$base->redirect('../viewthread.php?forum=' . $_GET['forum'] . '&id=' . $_GET['id'] . '&goto=' . $_GET['pid']);
<?php
session_start();
require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
require '../structure/user.php';
require '../structure/user.register.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
$register = new user_register($database);
//preform basic checks before loading page
if ($user->isLoggedIn()) {
$base->redirect('../index.php');
}
if (!isset($_SESSION['age']) || !isset($_SESSION['country'])) {
$base->redirect('index.php');
}
//0: no error
//1: error
$err = 0;
if (isset($_POST['username'])) {
if (!$register->validateUsername(trim($_POST['username']))) {
$err = 1;
} else {
$_SESSION['username'] = $_POST['username'];
$base->redirect('terms.php');
}
}
?>
require '../includes/config.php';
require '../structure/database.php';
require '../structure/forum.php';
require '../structure/forum.thread.php';
require '../structure/base.php';
require '../structure/user.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
$forum = new forum($database);
$thread_obj = new thread($database);
$user->updateLastActive();
//make sure required data is in the correct format AND they're logged in
if (!$user->isLoggedIn() || !ctype_digit($_REQUEST['forum']) || !ctype_digit($_REQUEST['id']) || !ctype_digit($_REQUEST['type']) || !ctype_digit($_REQUEST['pid']) && $_REQUEST['type'] == 1) {
$base->redirect('index.php');
}
//set some variables that are used a lot throughout the page
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
$f = $_REQUEST['forum'];
$thread = $_REQUEST['id'];
//instead of typing it a million times, we're going to set our redirect url
$redirect = 'viewthread.php?forum=' . $f . '&id=' . $thread;
//make sure they are posting in a forum where they have permission
if ($user->checkMute($username) || !$thread_obj->canView($thread, $username, $rank) || !$thread_obj->canReply($thread, $rank)) {
$base->redirect($redirect);
}
//extract content for the set type
$data = $_REQUEST['type'] == 1 ? $database->processQuery("SELECT `content`,`username`,`status` FROM `posts` WHERE `id` = ?", array($_REQUEST['pid']), true) : $database->processQuery("SELECT `username`,`content`,`status`,`title` FROM `threads` WHERE `id` = ?", array($thread), true);
//check if they have permission to edit the thread/post
<?php
require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
require '../structure/user.php';
require '../structure/msgcenter.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
$msgcenter = new msgcenter($database);
$user->updateLastActive();
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
if ($rank < 4 || !$msgcenter->canView($_GET['id'], $username, $rank)) {
$base->redirect('viewmessage.php?id=' . $_GET['id']);
} else {
$database->processQuery("DELETE FROM `replies` WHERE `conversation` = ?", array($_GET['id']), false);
$database->processQuery("DELETE FROM `messages` WHERE `id` = ?", array($_GET['id']), false);
$base->redirect('index.php');
}
<?php
require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
require '../structure/user.php';
require '../structure/msgcenter.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$msgcenter = new msgcenter($database);
$user = new user($database);
if (!$user->isLoggedIn()) {
$base->redirect('../index.php');
}
$user->updateLastActive();
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
$id = $_GET['id'];
if (!$msgcenter->canCreate($username, $rank) || $user->checkMute($username)) {
$content = 'You can\'t create a new conversation. <input type="button" class="button" value="Back" onclick="goBack()" />';
} elseif (!isset($_POST['title']) || !isset($_POST['reply'])) {
$content = '
<form action="create.php" method="POST">
<table>
<tr><td>Title</td><td align="left"><input type="text" class="button" name="title" maxlength="50"></td></tr>';
if ($rank > 3) {
$content .= '<tr><td>Mass Message</td><td align="left"><input type="checkbox" name="mass_message" id="mass"></td></tr><tr><td>Receiver</td><td align="left"><input type="text" class="button" name="receiver" id="receiver" maxlength="12"></td></tr>';
}
$content .= '
<tr><td>Message</td><td><textarea name="reply" class="button" cols="45" rows="20" maxlength="2000"></textarea></td></tr>
<tr><td></td><td align="left"><input type="submit" class="button" value="Create"></td></tr>
<?php
require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
require '../structure/user.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
$user->updateLastActive();
$username = $user->getUsername($_COOKIE['user'], 2);
$rank = $user->getRank($username);
if ($rank < 4) {
$base->redirect('../index.php');
} elseif (!isset($_GET['id'])) {
$base->redirect('index.php');
} else {
//id of the story we're editing
$id = $_GET['id'];
//extract content from selected news post
$data = $database->processQuery("SELECT `title`,`content` FROM `stories` WHERE `id` = ?", array($id), true);
if ($database->getRowCount() == 0) {
$content = 'No story exists with the chosen ID. <input type="button" class="button" value="Back" onclick="goBack()" />';
} elseif (!isset($_POST['title']) || !isset($_POST['content'])) {
$content = '
<form action="editstory.php?id=' . $id . '" method="POST">
<table>
<tr><td>Title</td><td><input type="text" class="button" name="title" maxlength="50" value="' . stripslashes($data[0]['title']) . '"></td></tr>
<tr><td>Content</td><td><textarea name="content" class="button" cols="60" rows="35">' . $base->remBr(stripslashes($data[0]['content'])) . '</textarea></td></tr>
<tr><td>Done?</td><td><input type="submit" class="button" value="Update"> <input type="submit" name="preview" class="button" value="Preview"></td></tr>
</table>
