$ok = isset($_POST['ok']) ? $_POST['ok'] : 0;
// Id del Post
$id = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : 0;
if ($id <= 0) {
redirect_header('./', 2, __('Please specify a post id to delete!', 'bxpress'));
die;
}
$post = new bXPost($id);
if ($post->isNew()) {
redirect_header('./', 2, __('Specified post does not exists!', 'bxpress'));
die;
}
$topic = new bXTopic($post->topic());
$forum = new bXForum($post->forum());
// Verificamos que el usuario tenga permiso
if (!$xoopsUser || !$forum->isAllowed($xoopsUser->getGroups(), 'delete')) {
redirect_header('topic.php?pid=' . $id . '#p' . $id, 2, __('Sorry, you don\'t have permission to do this action!', 'bxpress'));
die;
}
// Verificamos si el usuario tiene permiso de eliminación para el post
if ($xoopsUser->uid() != $post->user() && (!$xoopsUser->isAdmin() && !$forum->isModerator($xoopsUser->uid()))) {
redirect_header('topic.php?pid=' . $id . '#p' . $id, 2, __('Sorry, you don\'t have permission to do this action!', 'bxpress'));
die;
}
if ($ok) {
if (!$xoopsSecurity->check()) {
redirect_header('topic.php?pid=' . $id . '#p' . $id, 2, __('Session token expired!', 'bxpress'));
die;
}
if ($post->id() == bXFunctions::getFirstId($topic->id())) {
$ret = $topic->delete();
redirect_header('./', 2, __('Specified topic is not valid!', 'bxpress'));
die;
}
$topic = new bXTopic($id);
if ($topic->isNew()) {
redirect_header('./', 2, __('Specified topic does not exists!', 'bxpress'));
die;
}
//Determinamos de el mensaje esta aprobado y si el usuario es administrador o moderador
$forum = new bXForum($topic->forum());
if (!$topic->approved() && (!$xoopsUser->isAdmin() || !$forum->isModerator($xoopsUser->uid()))) {
redirect_header('./', 2, __('This topic has not been approved yet!', 'bxpress'));
die;
}
$forum = new bXForum($topic->forum());
if (!$forum->isAllowed($xoopsUser ? $xoopsUser->getGroups() : XOOPS_GROUP_ANONYMOUS, 'view')) {
redirect_header('./', 2, __('Sorry, you don\'t have permission to view this forum!', 'bxpress'));
die;
}
if (!isset($_SESSION['topics_viewed'])) {
$topic->addView();
$topic->save();
$_SESSION['topics_viewed'] = array();
$_SESSION['topics_viewed'][] = $topic->id();
} else {
if (!in_array($topic->id(), $_SESSION['topics_viewed'])) {
$topic->addView();
$topic->save();
$_SESSION['topics_viewed'][] = $topic->id();
}
}
$create = true;
} else {
$topic = new bXTopic($tid);
if ($topic->isNew()) {
redirect_header('./', 2, __('Specified topic does not exists!', 'bxpress'));
die;
}
$forum = new bXForum($topic->forum());
$retlink = './topic.php?id=' . $topic->id();
$create = false;
}
if ($forum->isNew()) {
redirect_header('./', 2, __('Specified forum does not exists!', 'bxpress'));
die;
}
if (!$forum->isAllowed($xoopsUser ? $xoopsUser->getGroups() : XOOPS_GROUP_ANONYMOUS, $fid > 0 ? 'topic' : 'reply')) {
redirect_header($retlink, 2, __('You do not have permission to do this!', 'bxpress'));
die;
}
switch ($op) {
case 'post':
foreach ($_POST as $k => $v) {
${$k} = $v;
}
if (!$xoopsSecurity->check()) {
redirect_header('./' . ($create ? 'forum.php?id=' . $forum->id() : 'topic.php?id=' . $topic->id()), 2, __('Session token expired!', 'bxpress'));
die;
}
$myts =& MyTextSanitizer::getInstance();
if ($create) {
$topic = new bXTopic();
if ($forum->isNew()) {
redirect_header(BB_URL, 2, __('Specified forum does not exists!', 'bxpress'));
die;
}
/**
* Check if module is inactive
*/
$isModerator = $xoopsUser && ($xoopsUser->isAdmin() || $forum->isModerator($xoopsUser->uid()));
if (!$forum->active && !$isModerator) {
RMUris::redirect_with_message(__('This forum is closed and you don\'t have permissions to view it', 'bxpress'), BX_URL, RMMSG_WARN);
}
/**
* Comprobamos que el usuario actual tenga permisos
* de acceso al foro
*/
if (!$forum->isAllowed($xoopsUser ? $xoopsUser->getGroups() : array(0, XOOPS_GROUP_ANONYMOUS), BXPRESS_PERM_VIEW)) {
RMUris::redirect_with_message(__('You are not allowed to view this forum!', 'bxpress'), BX_URL, RMMSG_WARN);
die;
}
/**
* Cargamos los temas
*/
$tbl1 = $db->prefix("mod_bxpress_topics");
$tbl2 = $db->prefix("mod_bxpress_forumtopics");
$sql = "SELECT COUNT(*) FROM {$tbl1} WHERE id_forum='" . $forum->id() . "' AND approved='1'";
list($num) = $db->fetchRow($db->queryF($sql));
$page = isset($_REQUEST['pag']) ? $_REQUEST['pag'] : '';
$limit = $xoopsModuleConfig['topicperpage'] > 0 ? $xoopsModuleConfig['topicperpage'] : 15;
if ($page > 0) {
$page -= 1;
}
include '../../mainfile.php';
$op = rmc_server_Var($_REQUEST, 'op', '');
$id = rmc_server_Var($_REQUEST, 'id', 0);
if ($id <= 0) {
redirect_header('./', 2, __('No post has been specified!', 'bxpress'));
die;
}
$post = new bXPost($id);
if ($post->isNew()) {
redirect_header('./', 2, __('Specified post does not exists!', 'bxpress'));
die;
}
$topic = new bXTopic($post->topic());
$forum = new bXForum($topic->forum());
// Verificamos si el usuario tiene permisos de edición en el foro
if (!$xoopsUser || !$forum->isAllowed($xoopsUser->getGroups(), 'edit')) {
redirect_header('topic.php?pid=' . $id . '#p' . $id, 2, __('You don\'t have permission to edit this post!', 'bxpress'));
die;
}
// Verificamos si el usuario tiene permiso de edición para el post
if ($xoopsUser->uid() != $post->user() && (!$xoopsUser->isAdmin() && !$forum->isModerator($xoopsUser->uid()))) {
redirect_header('topic.php?pid=' . $id . '#p' . $id, 2, __('You don\'t have permission to edit this post!', 'bxpress'));
die;
}
switch ($op) {
case 'post':
foreach ($_POST as $k => $v) {
${$k} = $v;
}
if (!$xoopsSecurity->check()) {
redirect_header('edit.php?id=' . $id, 2, __('Session token expired!', 'bxpress'));
