public function getForum($params) { $id = isset($params['id']) ? intval($params['id']) : -1; if (!isset($params['mode'])) { $params['mode'] = 'all'; } $foruminfo = fetch_forum($id); if ($id != -1) { if (!$foruminfo) { return $this->notFound(); } if (!can_view_forum($foruminfo)) { return $this->notAllowed(); } } if ($params['mode'] != 'all') { $foruminfo = array(); } if (in_array($params['mode'], array('subforums', 'all'))) { $foruminfo['subforums'] = fetch_subforum_list($id); } if (in_array($params['mode'], array('threads', 'all'))) { $perpage = isset($params['perpage']) ? intval($params['perpage']) : 10; $page = isset($params['page']) ? intval($params['page']) : 1; $foruminfo['threads'] = fetch_threads($id, $perpage, $page); } return $this->encodeOutput($foruminfo); }
$forumid = intval($forumid); // just to be safe $forumquery = dbquery("SELECT * FROM forums WHERE id = {$forumid}"); if (mysql_num_rows($forumquery) == 0) { print "No forum with this ID exists.<br><a href='index.php'>Return to the main page</a>"; } else { $foruminfo = dbrow($forumquery); $getlastread = dbquery("SELECT * FROM forumread WHERE forum = {$forumid} AND user = {$s[user][userid]}"); if (dbrows($getlastread) == 0) { $lastread = 0; } else { $getit = dbrow($getlastread); $lastread = $getit[lastread]; } //if ($s[user][powerlevel] < $foruminfo[view_power]) { if (!can_view_forum($foruminfo)) { print "You're not allowed to view this forum.<br><a href='index.php'>Return to the main page</a>"; } else { $threadcountr = dbquery("SELECT COUNT(id) FROM threads WHERE forum = {$forumid} AND stickied = 0"); $getit = dbrow($threadcountr); $threadcount = $getit['COUNT(id)']; $pagecount = ceil($threadcount / $threadspp); $pagenum = 1; if (isset($_GET['page']) && is_numeric($_GET['page'])) { $pagenum = intval($_GET[page]); } if ($pagenum > $pagecount) { $pagenum = $pagecount; } if ($pagenum < 1) { $pagenum = 1;
if (!defined('IN_TBB')) { die; } $forumid = $_GET['id']; if (!is_numeric($forumid)) { print "Invalid forum ID.<br><a href='index.php'>Return to the main page</a>"; } else { $forumid = intval($forumid); // just to be safe $forumquery = dbquery("SELECT * FROM forums WHERE id = {$forumid}"); if (mysql_num_rows($forumquery) == 0) { print "No forum with this ID exists.<br><a href='index.php'>Return to the main page</a>"; } else { $foruminfo = dbrow($forumquery); if ($s[user][powerlevel] < $foruminfo[thread_power] || !can_view_forum($foruminfo)) { print "You're not allowed to create threads in this forum.<br><a href='index.php'>Return to the main page</a>"; } else { // if it returns a non-blank string, it's an error // if it returns a thread id (check with is_numeric) the thread has been created successfully // if it returns nothing, just show the form $result = create_thread(); if (is_numeric($result)) { header("Location: index.php?showthread={$result}"); } else { if ($result != '') { print '<b>The following errors occurred while creating your thread:<br>' . $result . '</b><br>Your post data has been saved.<hr>'; } if (isset($_POST['preview'])) { print "<b>Preview:</b>"; $posttext = getpost($_POST['text'], true, true, false);
if (!defined('IN_TBB')) { die; } $threadid = $_GET['id']; if (!is_numeric($threadid)) { print "Invalid thread ID.<br><a href='index.php'>Return to the main page</a>"; } else { $threadid = intval($threadid); // just to be safe $threadquery = dbquery("SELECT * FROM threads WHERE id = {$threadid}"); if (mysql_num_rows($threadquery) == 0) { print "No thread with this ID exists. This thread may have been deleted.<br><a href='index.php'>Return to the main page</a>"; } else { $threadinfo = dbrow($threadquery); $foruminfo = dbrow(dbquery("SELECT * FROM forums WHERE id = {$threadinfo['forum']}")); if ($s[user][powerlevel] < $foruminfo[reply_power] || !can_view_forum($foruminfo)) { print "You're not allowed to reply to threads in this forum.<br><a href='index.php?showthread={$threadid}'>Return to the thread</a>"; } elseif ($threadinfo[locked] && $s[user][powerlevel] < $foruminfo[mod_power]) { print "This thread has been locked.<br><a href='index.php?showthread={$threadid}'>Return to the thread</a>"; } else { // if it returns a non-blank string, it's an error // if it returns true (check with ===) the reply has been posted successfully // if it returns nothing, just show the form $result = post_reply(); if ($result === true) { $postid = mysql_insert_id(); header("Location: index.php?showthread={$threadid}&post={$postid}#post{$postid}"); } else { if ($result != '') { print '<b>The following errors occurred while posting your reply:<br>' . $result . '</b><br>Your post data has been saved.<hr>'; }
$addthem = array(); $time = time(); while ($row = dbrow($getflist)) { $addthem[] = "({$row['id']},{$s[user][userid]},{$time})"; } dbquery("INSERT INTO forumread (forum,user,lastread) VALUES " . implode(', ', $addthem)); } $getcategories = dbquery("SELECT * FROM categories WHERE power <= {$s[user][powerlevel]} ORDER BY `order`"); while ($row = dbrow($getcategories)) { print "<b>{$row['name']}</b>"; print "<table class='styled' style='width: 90%; max-width: 800px'>"; print "<tr class='header'><td style='width: 32px'></td><td>Forum:</td><td style='width: 10%'>Posts:</td><td style='width: 30%'>Last Post:</td></tr>"; $getforums = dbquery("SELECT forums.*, users.username, users.powerlevel FROM forums LEFT JOIN users ON forums.lastposterid=users.userid WHERE view_power <= {$s[user][powerlevel]} AND category = {$row['id']} ORDER BY `order`"); $alternating = true; while ($forum = dbrow($getforums)) { if (!can_view_forum($forum)) { continue; } $getlastread = dbquery("SELECT * FROM forumread WHERE forum = {$forum['id']} AND user = {$s[user][userid]}"); if (dbrows($getlastread) == 0) { $lastread = 0; } else { $getit = dbrow($getlastread); $lastread = $getit[lastread]; } $checkagain = dbquery("SELECT COUNT(user) FROM threadread WHERE forum = {$forum['id']} AND user = {$s[user][userid]}"); $getit = dbrow($checkagain); $readcount = $getit['COUNT(user)']; $checkunread = dbquery("SELECT COUNT(id) FROM threads WHERE forum = {$forum['id']} AND lastpostdate > {$lastread}"); $getit = dbrow($checkunread); $totalcount = $getit['COUNT(id)'];