public function getForum($params)
{
$id = isset($params['id']) ? intval($params['id']) : -1;
if (!isset($params['mode'])) {
$params['mode'] = 'all';
}
$foruminfo = fetch_forum($id);
if ($id != -1) {
if (!$foruminfo) {
return $this->notFound();
}
if (!can_view_forum($foruminfo)) {
return $this->notAllowed();
}
}
if ($params['mode'] != 'all') {
$foruminfo = array();
}
if (in_array($params['mode'], array('subforums', 'all'))) {
$foruminfo['subforums'] = fetch_subforum_list($id);
}
if (in_array($params['mode'], array('threads', 'all'))) {
$perpage = isset($params['perpage']) ? intval($params['perpage']) : 10;
$page = isset($params['page']) ? intval($params['page']) : 1;
$foruminfo['threads'] = fetch_threads($id, $perpage, $page);
}
return $this->encodeOutput($foruminfo);
}
$forumid = intval($forumid);
// just to be safe
$forumquery = dbquery("SELECT * FROM forums WHERE id = {$forumid}");
if (mysql_num_rows($forumquery) == 0) {
print "No forum with this ID exists.<br><a href='index.php'>Return to the main page</a>";
} else {
$foruminfo = dbrow($forumquery);
$getlastread = dbquery("SELECT * FROM forumread WHERE forum = {$forumid} AND user = {$s[user][userid]}");
if (dbrows($getlastread) == 0) {
$lastread = 0;
} else {
$getit = dbrow($getlastread);
$lastread = $getit[lastread];
}
//if ($s[user][powerlevel] < $foruminfo[view_power]) {
if (!can_view_forum($foruminfo)) {
print "You're not allowed to view this forum.<br><a href='index.php'>Return to the main page</a>";
} else {
$threadcountr = dbquery("SELECT COUNT(id) FROM threads WHERE forum = {$forumid} AND stickied = 0");
$getit = dbrow($threadcountr);
$threadcount = $getit['COUNT(id)'];
$pagecount = ceil($threadcount / $threadspp);
$pagenum = 1;
if (isset($_GET['page']) && is_numeric($_GET['page'])) {
$pagenum = intval($_GET[page]);
}
if ($pagenum > $pagecount) {
$pagenum = $pagecount;
}
if ($pagenum < 1) {
$pagenum = 1;
if (!defined('IN_TBB')) {
die;
}
$forumid = $_GET['id'];
if (!is_numeric($forumid)) {
print "Invalid forum ID.<br><a href='index.php'>Return to the main page</a>";
} else {
$forumid = intval($forumid);
// just to be safe
$forumquery = dbquery("SELECT * FROM forums WHERE id = {$forumid}");
if (mysql_num_rows($forumquery) == 0) {
print "No forum with this ID exists.<br><a href='index.php'>Return to the main page</a>";
} else {
$foruminfo = dbrow($forumquery);
if ($s[user][powerlevel] < $foruminfo[thread_power] || !can_view_forum($foruminfo)) {
print "You're not allowed to create threads in this forum.<br><a href='index.php'>Return to the main page</a>";
} else {
// if it returns a non-blank string, it's an error
// if it returns a thread id (check with is_numeric) the thread has been created successfully
// if it returns nothing, just show the form
$result = create_thread();
if (is_numeric($result)) {
header("Location: index.php?showthread={$result}");
} else {
if ($result != '') {
print '<b>The following errors occurred while creating your thread:<br>' . $result . '</b><br>Your post data has been saved.<hr>';
}
if (isset($_POST['preview'])) {
print "<b>Preview:</b>";
$posttext = getpost($_POST['text'], true, true, false);
if (!defined('IN_TBB')) {
die;
}
$threadid = $_GET['id'];
if (!is_numeric($threadid)) {
print "Invalid thread ID.<br><a href='index.php'>Return to the main page</a>";
} else {
$threadid = intval($threadid);
// just to be safe
$threadquery = dbquery("SELECT * FROM threads WHERE id = {$threadid}");
if (mysql_num_rows($threadquery) == 0) {
print "No thread with this ID exists. This thread may have been deleted.<br><a href='index.php'>Return to the main page</a>";
} else {
$threadinfo = dbrow($threadquery);
$foruminfo = dbrow(dbquery("SELECT * FROM forums WHERE id = {$threadinfo['forum']}"));
if ($s[user][powerlevel] < $foruminfo[reply_power] || !can_view_forum($foruminfo)) {
print "You're not allowed to reply to threads in this forum.<br><a href='index.php?showthread={$threadid}'>Return to the thread</a>";
} elseif ($threadinfo[locked] && $s[user][powerlevel] < $foruminfo[mod_power]) {
print "This thread has been locked.<br><a href='index.php?showthread={$threadid}'>Return to the thread</a>";
} else {
// if it returns a non-blank string, it's an error
// if it returns true (check with ===) the reply has been posted successfully
// if it returns nothing, just show the form
$result = post_reply();
if ($result === true) {
$postid = mysql_insert_id();
header("Location: index.php?showthread={$threadid}&post={$postid}#post{$postid}");
} else {
if ($result != '') {
print '<b>The following errors occurred while posting your reply:<br>' . $result . '</b><br>Your post data has been saved.<hr>';
}
$addthem = array();
$time = time();
while ($row = dbrow($getflist)) {
$addthem[] = "({$row['id']},{$s[user][userid]},{$time})";
}
dbquery("INSERT INTO forumread (forum,user,lastread) VALUES " . implode(', ', $addthem));
}
$getcategories = dbquery("SELECT * FROM categories WHERE power <= {$s[user][powerlevel]} ORDER BY `order`");
while ($row = dbrow($getcategories)) {
print "<b>{$row['name']}</b>";
print "<table class='styled' style='width: 90%; max-width: 800px'>";
print "<tr class='header'><td style='width: 32px'></td><td>Forum:</td><td style='width: 10%'>Posts:</td><td style='width: 30%'>Last Post:</td></tr>";
$getforums = dbquery("SELECT forums.*, users.username, users.powerlevel FROM forums LEFT JOIN users ON forums.lastposterid=users.userid WHERE view_power <= {$s[user][powerlevel]} AND category = {$row['id']} ORDER BY `order`");
$alternating = true;
while ($forum = dbrow($getforums)) {
if (!can_view_forum($forum)) {
continue;
}
$getlastread = dbquery("SELECT * FROM forumread WHERE forum = {$forum['id']} AND user = {$s[user][userid]}");
if (dbrows($getlastread) == 0) {
$lastread = 0;
} else {
$getit = dbrow($getlastread);
$lastread = $getit[lastread];
}
$checkagain = dbquery("SELECT COUNT(user) FROM threadread WHERE forum = {$forum['id']} AND user = {$s[user][userid]}");
$getit = dbrow($checkagain);
$readcount = $getit['COUNT(user)'];
$checkunread = dbquery("SELECT COUNT(id) FROM threads WHERE forum = {$forum['id']} AND lastpostdate > {$lastread}");
$getit = dbrow($checkunread);
$totalcount = $getit['COUNT(id)'];
