<td class="forum_head" align="left" valign="middle">' . (empty($arr_post['post_history']) ? '' . $lang['fe_first_post'] . '' : '' . $lang['fe_post_edited'] . '') . ' By: ' . print_user_stuff($CURUSER) . ' On: ' . date('l jS \\of F Y h:i:s A', TIME_NOW) . ' GMT ' . ($post_title !== '' ? ' ' . $lang['fe_title'] . ': <span style="font-weight: bold;">' . $post_title . '</span>' : '') . ($icon !== '' ? ' <img src="' . $INSTALLER09['pic_base_url'] . 'smilies/' . $icon . '.gif" alt="' . $icon . '" title="' . $icon . '" />' : '') . '</td> <tr> <td class="two" align="left" valign="top" width="120px">' . (empty($arr_post['post_history']) ? ($can_edit ? '<span style="white-space:nowrap;">Desc: ' . ($arr_post['topic_desc'] !== '' ? 'yes' : 'none') . '</span><br />' : '') . '<span style="white-space:nowrap;">' . $lang['fe_title'] . ': ' . ($arr_post['post_title'] !== '' ? 'yes' : 'none') . '</span><br /><span style="white-space:nowrap;">' . $lang['fe_icon'] . ': ' . ($arr_post['icon'] !== '' ? 'yes' : 'none') . '</span><br /><span style="white-space:nowrap;">' . $lang['ep_bb_code'] . ': ' . ($arr_post['bbcode'] !== 'yes' ? 'off' : 'on') . '</span><br />' : ($can_edit ? '<span style="white-space:nowrap;">Topic Name: ' . (isset($_POST['topic_name']) && $_POST['topic_name'] !== $arr_post['topic_name'] ? $changed : $not_changed) . '</span><br /><span style="white-space:nowrap;">Desc: ' . (isset($_POST['topic_desc']) && $_POST['topic_desc'] !== $arr_post['topic_desc'] ? $changed : $not_changed) . '</span><br />' : '') . '<span style="white-space:nowrap;">' . $lang['fe_title'] . ': ' . (isset($_POST['post_title']) && $_POST['post_title'] !== $arr_post['post_title'] ? $changed : $not_changed) . '</span><br /><span style="white-space:nowrap;">' . $lang['fe_icon'] . ': ' . (isset($_POST['icon']) && $_POST['icon'] !== $arr_post['icon'] ? $changed : $not_changed) . '</span><br /><span style="white-space:nowrap;">' . $lang['ep_bb_code'] . ': ' . (isset($_POST['show_bbcode']) && $_POST['show_bbcode'] !== $arr_post['bbcode'] ? $changed : $not_changed) . '</span><br /><span style="white-space:nowrap;">' . $lang['fe_body'] . ': ' . (isset($_POST['body']) && $_POST['body'] !== $arr_post['body'] ? $changed : $not_changed) . '</span><br />') . ' </td> <td class="one" align="left" valign="top">' . ($arr_post['bbcode'] == 'yes' ? format_comment($arr_post['body']) : format_comment_no_bbcode($arr_post['body'])) . '</td> </tr> </table><br />' . $arr_post['post_history']; //=== let the sysop have the power to not show they edited their own post if they wish... if ($show_edited_by == 'no' && $CURUSER['class'] == UC_MAX) { $edit_reason = htmlsafechars($arr_post['edit_reason']); $edited_by = htmlsafechars($arr_post['edited_by']); $edit_date = (int) $arr_post['edit_date']; $post_history = htmlsafechars($arr_post['post_history']); } sql_query('UPDATE posts SET body = ' . sqlesc($body) . ', icon = ' . sqlesc($icon) . ', post_title = ' . sqlesc($post_title) . ', bbcode = ' . sqlesc($show_bbcode) . ', edit_reason = ' . sqlesc($edit_reason) . ', edited_by = ' . sqlesc($edited_by) . ', edit_date = ' . sqlesc($edit_date) . ', post_history = ' . sqlesc($post_history) . ' WHERE id = ' . sqlesc($post_id)); clr_forums_cache($post_id); $mc1->delete_value('forum_posts_' . $CURUSER['id']); //=== update topic stuff if ($can_edit) { sql_query('UPDATE topics SET topic_name = ' . sqlesc($topic_name) . ', topic_desc = ' . sqlesc($topic_desc) . ' WHERE id = ' . sqlesc($topic_id)); } //=== stuff for file uploads if ($CURUSER['class'] >= $min_upload_class) { while (list($key, $name) = each($_FILES['attachment']['name'])) { if (!empty($name)) { $size = intval($_FILES['attachment']['size'][$key]); $type = $_FILES['attachment']['type'][$key]; //=== make sure file is kosher $accepted_file_types = array('application/zip', 'application/x-zip', 'application/rar', 'application/x-rar'); $extension_error = $size_error = 0; //=== allowed file types (2 checks) but still can't really trust it
$quoted_member = $arr_quote['username'] == '' ? '' . $lang['pr_lost_member'] . '' : htmlsafechars($arr_quote['username']); } //== $body = '[quote=' . $quoted_member . ($quote > 0 ? ' | post=' . $quote : '') . ($key > 0 ? ' | key=' . $key : '') . ']' . htmlsafechars($arr_quote['body']) . '[/quote]'; if ($arr_quote['staff_lock'] != 0) { stderr($lang['gl_error'], '' . $lang['pr_this_post_is_staff_locked_nomod_nodel'] . ''); } } if (isset($_POST['button']) && $_POST['button'] == 'Post') { //=== make sure they are posting something if ($body === '') { stderr($lang['gl_error'], $lang['fe_no_body_txt']); } $ip = $CURUSER['ip'] == '' ? htmlsafechars($_SERVER['REMOTE_ADDR']) : $CURUSER['ip']; sql_query('INSERT INTO `posts` (`topic_id`, `user_id`, `added`, `body`, `icon`, `post_title`, `bbcode`, `ip` , `anonymous`) VALUES (' . sqlesc($topic_id) . ', ' . sqlesc($CURUSER['id']) . ', ' . TIME_NOW . ', ' . sqlesc($body) . ', ' . sqlesc($icon) . ', ' . sqlesc($post_title) . ', ' . sqlesc($bb_code) . ', ' . sqlesc($ip) . ', ' . sqlesc($anonymous) . ')'); clr_forums_cache($arr['real_forum_id']); $mc1->delete_value('forum_posts_' . $CURUSER['id']); $post_id = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res; sql_query('UPDATE topics SET last_post=' . sqlesc($post_id) . ', post_count = post_count + 1 WHERE id=' . sqlesc($topic_id)); sql_query('UPDATE `forums` SET post_count = post_count +1 WHERE id =' . sqlesc($arr['real_forum_id'])); sql_query("UPDATE usersachiev SET forumposts=forumposts+1 WHERE id=" . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__); if ($INSTALLER09['autoshout_on'] == 1) { $message = $CURUSER['username'] . " " . $lang['pr_replied_to_topic'] . " [url={$INSTALLER09['baseurl']}/forums.php?action=view_topic&topic_id={$topic_id}&page=last]{$topic_name}[/url]"; if (!in_array($arr['real_forum_id'], $INSTALLER09['staff_forums'])) { autoshout($message); $mc1->delete_value('shoutbox_'); } } if ($INSTALLER09['seedbonus_on'] == 1) { sql_query("UPDATE users SET seedbonus = seedbonus+" . sqlesc($INSTALLER09['bonus_per_post']) . " WHERE id = " . sqlesc($CURUSER['id']) . "") or sqlerr(__FILE__, __LINE__); $update['seedbonus'] = $CURUSER['seedbonus'] + $INSTALLER09['bonus_per_post'];
//=== get post count of topic $res_count = sql_query('SELECT post_count, forum_id, poll_id FROM topics WHERE id = ' . sqlesc($topic_id)); $arr_count = mysqli_fetch_assoc($res_count); //=== delete all the stuff sql_query('DELETE FROM subscriptions WHERE topic_id = ' . sqlesc($topic_id)); sql_query('DELETE FROM forum_poll WHERE id = ' . sqlesc($arr_count['poll_id'])); sql_query('DELETE FROM forum_poll_votes WHERE poll_id = ' . sqlesc($arr_count['poll_id'])); sql_query('DELETE FROM topics WHERE id = ' . sqlesc($topic_id)); sql_query('DELETE FROM posts WHERE topic_id = ' . sqlesc($topic_id)); clr_forums_cache($topic_id); //=== should I delete attachments? or let the members have a management page? or do it in cleanup? sql_query('UPDATE forums SET post_count = post_count - ' . sqlesc($arr_count['post_count']) . ', topic_count = topic_count - 1 WHERE id = ' . sqlesc($arr_count['forum_id'])); header('Location: forums.php'); die; } break; //=== un_delete_topic //=== un_delete_topic case 'un_delete_topic': sql_query('UPDATE topics SET status = \'ok\' WHERE id = ' . sqlesc($topic_id)); //=== get post count of topic $res_count = sql_query('SELECT post_count FROM topics WHERE id = ' . sqlesc($topic_id)); $arr_count = mysqli_fetch_row($res_count); //=== should I delete attachments? or let the members have a management page? or do it in cleanup? sql_query('UPDATE forums SET post_count = post_count + ' . sqlesc($arr_count[0]) . ', topic_count = topic_count + 1 WHERE id = ' . sqlesc($arr_count['forum_id'])); clr_forums_cache($topic_id); header('Location: forums.php?action=view_topic&topic_id=' . $topic_id); die; break; } //=== ends switch