function api_get_body($body, $status = 1) { if ($status == 3) { $msgbody = '<font color="red">censored</font>'; } else { if ($status == 2) { $msgbody = ''; // message deleted } else { $msgbody = render_for_display($body); } } return $msgbody; }
$msgbody = translit($row['body'], $translit_done); if (!is_null($msgbody) && strlen($msgbody) > 0 && !is_null($prefix) && strlen($prefix) > 0) { $msgbody = $prefix . ' ' . str_replace("\n", "\n" . $prefix . ' ', $msgbody); } $msgbody = render_for_display($msgbody); } else { $msgbody = ''; $subject = '<h3><I><font color="gray" size="14 pt"><del>This message has been deleted</del></font></I></h3>'; } } else { $translit_done = false; $msgbody = translit($row['body'], $translit_done); if (!is_null($msgbody) && strlen($msgbody) > 0 && !is_null($prefix) && strlen($prefix) > 0) { $msgbody = $prefix . ' ' . str_replace("\n", "\n" . $prefix . ' ', $msgbody); } $msgbody = render_for_display($msgbody); } } $content_to_compare = $row['compare_to']; $start = ''; $author = $author; $id = $row['id']; $msg_id = $row['msg_id']; $parent = $row['parent']; if (!is_null($parent)) { mysql_free_result($result); $query = 'SELECT u.username, u.moder, p.subject, p.closed as post_closed, p.auth, p.status, p.parent, CONVERT_TZ(p.created, \'' . $server_tz . '\', \'' . $prop_tz . ':00\') as created, p.body, p.author, u.id from confa_users u, confa_posts p where u.id=p.author and p.id=' . $parent; $result = mysql_query($query) or die('error to request parent message'); if (mysql_num_rows($result) != 0) { $row = mysql_fetch_assoc($result) or die('error to fetch parent row'); $proceeded = false;
function post($subj, $body, $re = 0, $msg_id = 0, $ticket = "", $nsfw = false, $to) { global $err_login, $logged_in, $ban, $ip, $agent, $user_id, $content_nsfw; $err = validate($subj, $body, $to); if (strlen($err) != 0) { return $err; } else { if (!$logged_in || $ban) { // just in case return "User not logged in or banned from forum"; } } $chars = 0; $content_flags = 0; if (!is_null($body) && strlen($body) != 0) { $chars = strlen(utf8_decode($body)); $length = strlen($body); if (stristr(render_for_display($body), "<img style")) { $content_flags |= 2; } $new_body = render_for_db($body); $has_video = false; before_bbcode($body, $has_video); if ($has_video || preg_match('/id="[a-z]*-video"/', $new_body)) { $content_flags |= 4; } $ibody = '\'' . mysql_escape_string($new_body) . '\''; } else { $ibody = "''"; } if (isset($nsfw) && $nsfw !== false) { $content_flags |= $content_nsfw; } if (isset($to)) { $query = 'SELECT id from confa_users where username=\'' . mysql_escape_string($to) . '\' and status != 2'; $result = mysql_query($query); if (!$result) { mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query); return 'Query failed'; } $row = mysql_fetch_assoc($result); $to_id = $row['id']; if (is_null($to_id)) { return "No such recipient"; } } if (strlen($ticket) > 0) { $query = 'INSERT into confa_tickets(ticket) values(\'' . $ticket . '\')'; $result = mysql_query($query); if (!$result) { mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query); return 'This is duplicated post (ticket ' . $ticket . ')'; } } if (isset($to_id)) { // send pmail $query = 'INSERT INTO confa_pm(sender, receiver, subject, body, chars) values(' . $user_id . ', ' . $to_id . ', \'' . mysql_escape_string($subj) . '\', ' . $ibody . ', ' . $chars . ')'; $result = mysql_query($query); if (!$result) { mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query); return 'Query failed'; } $id = mysql_insert_id(); update_new_pm_count($to_id); return array("id" => $id); } else { if (isset($msg_id) && $msg_id > 0) { // update existing post $query = 'SELECT p.subject, p.body, p.status, p.author, p.created, p.thread_id, p.level, p.closed as post_closed, p.id, t.closed as thread_closed, ( select max(page) from confa_threads) - t.page + 1 as page from confa_posts p, confa_threads t where t.id=p.thread_id and p.id=' . $msg_id; $result = mysql_query($query); if (!$result) { mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query); return 'Query failed'; } if (mysql_num_rows($result) == 0) { return "Message not found"; } $row = mysql_fetch_assoc($result); $thread_id = $row['thread_id']; $old_subject = $row['subject']; $old_body = $row['body']; $closed = !is_null($row['post_closed']) && $row['post_closed'] > 0 || !is_null($row['thread_closed']) && $row['thread_closed'] > 0; if ($closed || $row['status'] != 1 || !can_edit_post($row['author'], $row['created'], $user_id, $msg_id)) { return 'Modifications to this post are not allowed.'; } if (strcmp($old_subject, $subj) != 0 || strcmp($old_body, $new_body) != 0) { // create a new version $query = 'INSERT INTO confa_versions (parent, subject, body, created, chars, IP, user_agent, views, content_flags) ' . ' SELECT id, subject, body, IF(ISNULL(modified), created, modified), chars, IP, user_agent, views, content_flags FROM confa_posts WHERE id=' . $msg_id; $result = mysql_query($query); if (!$result) { mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query); return 'Query failed'; } } // update post $query = 'UPDATE confa_posts SET subject=\'' . mysql_escape_string($subj) . '\',body=' . $ibody . ',modified=now(),ip=' . $ip . ',user_agent=' . $agent . ',content_flags=' . $content_flags . ', chars=' . $chars . ',views=0 WHERE id=' . $msg_id; $result = mysql_query($query); if (!$result) { mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query); return 'Query failed'; } return array("id" => $msg_id); } else { if ($re == 0) { // create new thread $query = 'select sum(counter) as cnt, page from confa_threads group by page desc limit 1'; $result = mysql_query($query); if (!$result) { mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query); return 'Query failed'; } $row = mysql_fetch_assoc($result); $last_page = $row['page']; if ($row['cnt'] > 200) { $last_page++; } if (is_null($last_page)) { $last_page = 1; } $query = 'INSERT INTO confa_threads(author, page) values(' . $user_id . ', ' . $last_page . ')'; $result = mysql_query($query); if (!$result) { mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query); return 'Query failed'; } $thread_id = mysql_insert_id(); $query = 'INSERT INTO confa_posts(status, parent, author, subject, body, created, thread_id, chars, auth, ip, user_agent, content_flags) values(1, 0, ' . $user_id . ',\'' . mysql_escape_string($subj) . '\', ' . $ibody . ', now(), ' . $thread_id . ', ' . $chars . ', 1, ' . $ip . ', ' . $agent . ', ' . $content_flags . ')'; $result = mysql_query($query); if (!$result) { mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query); return 'Query failed'; } $id = mysql_insert_id(); $query = "UPDATE confa_users set status = 1 where id=" . $user_id; $result = mysql_query($query); if (!$result) { mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query); return 'Query failed'; } return array("id" => $id, "thread_id" => $thread_id); } else { // respond to an existing post $query = 'SELECT p.thread_id, p.level, p.closed as post_closed, p.id, t.closed as thread_closed, ( select max(page) from confa_threads) - t.page + 1 as page from confa_posts p, confa_threads t where t.id=p.thread_id and p.id=' . $re; $result = mysql_query($query); if (!$result) { mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query); return 'Query failed'; } if (mysql_num_rows($result) != 0) { $row = mysql_fetch_assoc($result); if (!is_null($row['post_closed']) && $row['post_closed'] > 0 || !is_null($row['thread_closed']) && $row['thread_closed'] > 0) { return 'Replies to this post are disabled.'; } $msg_page = $row['page']; if (is_null($msg_page)) { $msg_page = 1; } $thread_id = $row['thread_id']; $level = $row['level']; $level++; $query = 'UPDATE confa_threads set counter=counter+1 where id=' . $thread_id; $result = mysql_query($query); if (!$result) { mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query); return 'Query failed'; } } else { return 'Cannot find parent for msg=' . $re; } $query = 'INSERT INTO confa_posts(status, parent, level, author, subject, body, created, thread_id, chars, auth, ip, user_agent, content_flags) values( 1, ' . $re . ', ' . $level . ', ' . $user_id . ',\'' . mysql_escape_string($subj) . '\', ' . $ibody . ', now(), ' . $thread_id . ', ' . $chars . ', 1, ' . $ip . ', ' . $agent . ', ' . $content_flags . ')'; $result = mysql_query($query); if (!$result) { mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query); return 'Query failed'; } $id = mysql_insert_id(); // wtf is this for? $query = "UPDATE confa_users set status = 1 where id=" . $user_id; $result = mysql_query($query); if (!$result) { mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query); return 'Query failed'; } return array("id" => $id); } } } return ""; }