// Fetch some info about the forum
$result = $db->query('SELECT `f`.`forum_name`, ' . '`f`.`redirect_url`, ' . '`f`.`moderators`, ' . '`f`.`num_topics`, ' . '`f`.`sort_by`, ' . '`fp`.`post_topics`, ' . '`lf`.`log_time`, ' . '`f`.`id` AS `forum_id` ' . 'FROM `' . $db->prefix . 'forums` AS `f` ' . 'LEFT JOIN `' . $db->prefix . 'forum_perms` AS `fp` ' . 'ON (`fp`.`forum_id`=`f`.`id` AND `fp`.`group_id`=' . $pun_user['g_id'] . ') ' . 'LEFT JOIN `' . $db->prefix . 'log_forums` AS `lf` ' . 'ON (`lf`.`user_id`=' . $pun_user['id'] . ' AND `lf`.`forum_id`=`f`.`id`) ' . 'WHERE (`fp`.`read_forum` IS NULL OR `fp`.`read_forum`=1) ' . 'AND `f`.`id`=' . $id) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result)) {
wap_message($lang_common['Bad request']);
}
$cur_forum = $db->fetch_assoc($result);
//+ REAL MARK TOPIC AS READ MOD
if (!($pun_user['is_guest'] || $cur_forum['log_time'])) {
$result = $db->query('INSERT INTO `' . $db->prefix . 'log_forums` ' . '(`user_id`, `forum_id`, `log_time`) ' . 'VALUES (' . $pun_user['id'] . ', ' . $cur_forum['forum_id'] . ', ' . $_SERVER['REQUEST_TIME'] . ')') or error('Unable to insert reading_mark info', __FILE__, __LINE__, $db->error());
} else {
$result = $db->query('UPDATE `' . $db->prefix . 'log_forums` ' . 'SET `log_time`=' . $_SERVER['REQUEST_TIME'] . ' ' . 'WHERE `forum_id`=' . $cur_forum['forum_id'] . ' ' . 'AND `user_id`=' . $pun_user['id']) or error('Unable to update reading_mark info', __FILE__, __LINE__, $db->error());
}
//- REAL MARK TOPIC AS READ MOD
// Is this a redirect forum? In that case, redirect!
if ($cur_forum['redirect_url']) {
wap_redirect($cur_forum['redirect_url']);
}
// Sort out who the moderators are and if we are currently a moderator (or an admin)
$mods_array = array();
if ($cur_forum['moderators']) {
$mods_array = unserialize($cur_forum['moderators']);
}
$is_admmod = false;
if ($pun_user['g_id'] == PUN_ADMIN || $pun_user['g_id'] == PUN_MOD && array_key_exists($pun_user['username'], $mods_array)) {
$is_admmod = true;
}
//+ Pagination
// Determine the topic offset (based on $_GET['p'])
$num_pages = ceil($cur_forum['num_topics'] / $pun_user['disp_topics']);
$p = isset($_GET['p']) && 1 < $_GET['p'] && $num_pages >= $_GET['p'] ? (int) $_GET['p'] : 1;
$start_from = $pun_user['disp_topics'] * ($p - 1);
<?php
define('PUN_ROOT', '../');
require_once PUN_ROOT . 'include/common.php';
if (!$pun_user['g_read_board']) {
wap_message($lang_common['No view']);
}
$to = isset($_GET['to']) ? (int) $_GET['to'] : null;
$id = isset($_GET['id']) ? (int) $_GET['id'] : null;
if (null !== $to) {
vote($to, (int) @$_GET['vote']);
$pid = isset($_GET['pid']) ? (int) $_GET['pid'] : null;
if (null === $pid) {
$id = $to;
} else {
wap_redirect('viewtopic.php?pid=' . $pid . '#p' . $pid);
exit;
}
}
// Наличие необходимых данных для работы скрипта
if (null === $id) {
wap_message($lang_common['Bad request']);
}
$q = 'SELECT `group_id`, `username` ' . 'FROM `' . $db->prefix . 'users` ' . 'WHERE `id` = ' . $id;
$q = $db->query($q) or error('Unable to fetch username', __FILE__, __LINE__, $db->error());
// Если пользователя с таким id нет, то чью карму то показывать?
// Гостей не учитываем.
if (!($user = $db->fetch_assoc($q)) || PUN_GUEST == $user['group_id']) {
wap_message($lang_common['Bad request']);
}
$subQ = '(SELECT COUNT(1) ' . 'FROM `' . $db->prefix . 'karma` ' . 'WHERE `vote` = "-1" ' . 'AND `to` = ' . $id . ')';
\'' . $_SERVER['REQUEST_TIME'] . '\',
\'1\'
)') or error('Unable to send message', __FILE__, __LINE__, $db->error());
}
} else {
wap_message($lang_pms['No user']);
}
$topic_redirect = intval($_POST['topic_redirect']);
$from_profile = intval(@$_POST['from_profile']);
if ($from_profile) {
wap_redirect('profile.php?id=' . $from_profile);
} else {
if ($topic_redirect) {
wap_redirect('viewtopic.php?id=' . $topic_redirect);
} else {
wap_redirect('message_list.php');
}
}
} else {
$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
if ($id > 0) {
$result = $db->query('SELECT username FROM ' . $db->prefix . 'users WHERE id=' . $id) or error('Unable to fetch message info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result)) {
wap_message($lang_common['Bad request']);
}
list($username) = $db->fetch_row($result);
}
if (isset($_GET['reply']) || isset($_GET['quote'])) {
$r = @intval(@$_GET['reply']);
$q = @intval(@$_GET['quote']);
// Get message info
// If action=new, we redirect to the first new post (if any)
$result = $db->query('SELECT MIN(id) FROM ' . $db->prefix . 'posts WHERE topic_id=' . $id . ' AND posted>' . $pun_user['last_visit']) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
$first_new_post_id = $db->result($result);
if ($first_new_post_id) {
wap_redirect('viewtopic.php?pid=' . $first_new_post_id . '#p' . $first_new_post_id);
} else {
// If there is no new post, we go to the last post
wap_redirect('viewtopic.php?id=' . $id . '&action=last');
}
} else {
if ($action == 'last') {
// If action=last, we redirect to the last post
$result = $db->query('SELECT MAX(id) FROM ' . $db->prefix . 'posts WHERE topic_id=' . $id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
$last_post_id = $db->result($result);
if ($last_post_id) {
wap_redirect('viewtopic.php?pid=' . $last_post_id . '#p' . $last_post_id);
}
}
}
}
// Fetch some info about the topic
if (!$pun_user['is_guest']) {
$result = $db->query('SELECT t.subject,t.has_poll, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, fp.file_download, s.user_id AS is_subscribed, lt.log_time FROM ' . $db->prefix . 'topics AS t INNER JOIN ' . $db->prefix . 'forums AS f ON f.id=t.forum_id LEFT JOIN ' . $db->prefix . 'subscriptions AS s ON (t.id=s.topic_id AND s.user_id=' . $pun_user['id'] . ') LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=' . $pun_user['g_id'] . ') LEFT JOIN ' . $db->prefix . 'log_topics AS lt ON (lt.user_id=' . $pun_user['id'] . ' AND lt.topic_id=t.id) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=' . $id . ' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
} else {
$result = $db->query('SELECT t.subject,t.has_poll, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, fp.file_download, 0 FROM ' . $db->prefix . 'topics AS t INNER JOIN ' . $db->prefix . 'forums AS f ON f.id=t.forum_id LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=' . $pun_user['g_id'] . ') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=' . $id . ' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
}
if (!$db->num_rows($result)) {
wap_message($lang_common['Bad request']);
}
$cur_topic = $db->fetch_assoc($result);
// REAL MARK TOPIC AS READ MOD BEGIN
// Do we have permission to edit this post?
if ((!$pun_user['g_delete_posts'] || !$pun_user['g_delete_topics'] && $is_topic_post || $cur_post['poster_id'] != $pun_user['id'] || $cur_post['closed'] == 1) && !$is_admmod) {
wap_message($lang_common['No permission']);
}
if (isset($_POST['delete'])) {
require_once PUN_ROOT . 'include/search_idx.php';
if ($is_topic_post) {
// Delete the topic and all of it's posts
delete_topic($cur_post['tid']);
update_forum($cur_post['fid']);
generate_rss();
wap_redirect('viewforum.php?id=' . $cur_post['fid']);
} else {
// Delete just this one post
delete_post($id, $cur_post['tid']);
update_forum($cur_post['fid']);
wap_redirect('viewtopic.php?id=' . $cur_post['tid']);
}
}
// Load the delete.php language file
require_once PUN_ROOT . 'lang/' . $pun_user['language'] . '/delete.php';
require_once PUN_ROOT . 'wap/header.php';
require_once PUN_ROOT . 'include/parser.php';
//parser.php будет использоваться в шаблоне.
$page_title = $pun_config['o_board_title'] . ' / ' . $lang_delete['Delete post'];
$cur_post['message'] = parse_message($cur_post['message'], $cur_post['hide_smilies'], $id);
$smarty->assign('page_title', $page_title);
$smarty->assign('cur_post', $cur_post);
$smarty->assign('id', $id);
$smarty->assign('lang_delete', $lang_delete);
$smarty->display('delete.tpl');
$stick = intval($_GET['stick']);
if ($stick < 1) {
wap_message($lang_common['Bad request']);
}
$db->query('UPDATE `' . $db->prefix . 'topics` SET sticky=1 WHERE id=' . $stick . ' AND forum_id=' . $fid) or error('Unable to stick topic', __FILE__, __LINE__, $db->error());
wap_redirect('viewtopic.php?id=' . $stick);
} else {
if (isset($_GET['unstick'])) {
// Unstick a topic
//confirm_referrer('viewtopic.php');
$unstick = intval($_GET['unstick']);
if ($unstick < 1) {
wap_message($lang_common['Bad request']);
}
$db->query('UPDATE ' . $db->prefix . 'topics SET sticky=0 WHERE id=' . $unstick . ' AND forum_id=' . $fid) or error('Unable to unstick topic', __FILE__, __LINE__, $db->error());
wap_redirect('viewtopic.php?id=' . $unstick);
}
}
}
}
// No specific forum moderation action was specified in the query string, so we'll display the moderator forum
// Load the viewforum.php language file
require PUN_ROOT . 'lang/' . $pun_user['language'] . '/forum.php';
// Fetch some info about the forum
$result = $db->query('SELECT f.forum_name, f.redirect_url, f.num_topics FROM ' . $db->prefix . 'forums AS f LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=' . $pun_user['g_id'] . ') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id=' . $fid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result)) {
wap_message($lang_common['Bad request']);
}
$cur_forum = $db->fetch_assoc($result);
// Is this a redirect forum? In that case, abort!
if ($cur_forum['redirect_url']) {
$result = $db->query('SELECT group_id FROM ' . $db->prefix . 'users WHERE id=' . $id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
$group_id = $db->result($result);
if ($group_id < PUN_GUEST) {
$result = $db->query('SELECT id, moderators FROM ' . $db->prefix . 'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
while ($cur_forum = $db->fetch_assoc($result)) {
$cur_moderators = $cur_forum['moderators'] ? unserialize($cur_forum['moderators']) : array();
if (in_array($id, $cur_moderators)) {
unset($cur_moderators[$old_username]);
$cur_moderators[$form['username']] = $id;
ksort($cur_moderators);
$db->query('UPDATE ' . $db->prefix . 'forums SET moderators=\'' . $db->escape(serialize($cur_moderators)) . '\' WHERE id=' . $cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error());
}
}
}
}
wap_redirect('profile.php?section=' . htmlspecialchars($_GET['section']) . '&id=' . $id);
}
}
}
}
}
}
}
}
}
// REAL MARK TOPIC AS READ MOD BEGIN
$result = $db->query('SELECT u.username, u.email, u.title, u.realname, u.url, u.sex, u.birthday, u.jabber, u.icq, u.msn, u.aim, u.yahoo, u.location, u.use_avatar, u.signature, u.disp_topics, u.disp_posts, u.email_setting, u.save_pass, u.notify_with_post, u.show_smilies, u.show_img, u.show_img_sig, u.show_avatars, u.show_sig, u.timezone, u.language, u.style_wap, u.num_posts, u.num_files, u.file_bonus, u.last_post, u.registered, u.registration_ip, u.admin_note, g.g_id, g.g_user_title, u.mark_after, u.show_bbpanel_qpost FROM ' . $db->prefix . 'users AS u LEFT JOIN ' . $db->prefix . 'groups AS g ON g.g_id=u.group_id WHERE u.id=' . $id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
// REAL MARK TOPIC AS READ MOD END
if (!$db->num_rows($result)) {
wap_message($lang_common['Bad request']);
}
<?php
define('PUN_ROOT', '../');
require PUN_ROOT . 'include/functions.php';
wap_redirect($_GET['r']);
wap_message($lang_common['Bad request']);
}
$result = $db->query('SELECT 1 FROM ' . $db->prefix . 'subscriptions WHERE user_id=' . $pun_user['id'] . ' AND topic_id=' . $topic_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result)) {
wap_message($lang_misc['Already subscribed']);
}
$db->query('INSERT INTO ' . $db->prefix . 'subscriptions (user_id, topic_id) VALUES(' . $pun_user['id'] . ' ,' . $topic_id . ')') or error('Unable to add subscription', __FILE__, __LINE__, $db->error());
wap_redirect('viewtopic.php?id=' . $topic_id);
} else {
if (isset($_GET['unsubscribe'])) {
if ($pun_user['is_guest'] || $pun_config['o_subscriptions'] != 1) {
wap_message($lang_common['No permission']);
}
$topic_id = intval($_GET['unsubscribe']);
if ($topic_id < 1) {
wap_message($lang_common['Bad request']);
}
$result = $db->query('SELECT 1 FROM ' . $db->prefix . 'subscriptions WHERE user_id=' . $pun_user['id'] . ' AND topic_id=' . $topic_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result)) {
wap_message($lang_misc['Not subscribed']);
}
$db->query('DELETE FROM ' . $db->prefix . 'subscriptions WHERE user_id=' . $pun_user['id'] . ' AND topic_id=' . $topic_id) or error('Unable to remove subscription', __FILE__, __LINE__, $db->error());
wap_redirect('viewtopic.php?id=' . $topic_id);
} else {
wap_message($lang_common['Bad request']);
}
}
}
}
}
}
wap_redirect('message_list.php?box=' . intval($_POST['box']));
} else {
$page_title = $pun_config['o_board_title'] . ' / ' . $lang_pms['Multidelete'];
$idlist = is_array($_POST['delete_messages']) ? array_map('intval', $_POST['delete_messages']) : array();
$smarty->assign('page_title', $page_title);
$smarty->assign('lang_pms', $lang_pms);
$smarty->assign('idlist_str', implode(',', array_values($idlist)));
//$smarty->assign('', $);
$smarty->display('message_list.delete_messages.tpl');
exit;
}
} else {
if (isset($_GET['action']) && $_GET['action'] == 'markall') {
$db->query('UPDATE ' . $db->prefix . 'messages SET showed=1 WHERE owner=' . $pun_user['id']) or error('Unable to update message status', __FILE__, __LINE__, $db->error());
//$p = (!isset($_GET['p']) || $_GET['p'] <= 1) ? 1 : $_GET['p'];
wap_redirect('message_list.php?box=' . $box . '&p=' . $p);
}
}
$page_title = $pun_config['o_board_title'] . ' / ' . $lang_pms['Private Messages'] . ' - ' . $name;
$smarty->assign('page_title', $page_title);
if ($box < 2) {
// Get message count
$result = $db->query('SELECT COUNT(1) FROM ' . $db->prefix . 'messages WHERE status=' . $box . ' AND owner=' . $pun_user['id']) or error('Unable to count messages', __FILE__, __LINE__, $db->error());
list($num_messages) = $db->fetch_row($result);
//What page are we on?
$num_pages = ceil($num_messages / $pun_config['o_pms_mess_per_page']);
$p = isset($_GET['p']) && 1 < $_GET['p'] && $num_pages >= $_GET['p'] ? (int) $_GET['p'] : 1;
$start_from = $pun_config['o_pms_mess_per_page'] * ($p - 1);
if (@$_GET['action'] != 'all') {
$limit = 'LIMIT ' . $start_from . ',' . $pun_config['o_pms_mess_per_page'];
}
require PUN_ROOT . 'lang/' . $pun_user['language'] . '/pms.php';
require PUN_ROOT . 'lang/' . $pun_user['language'] . '/delete.php';
// Fetch some info from the message we are deleting
$result = $db->query('SELECT * FROM ' . $db->prefix . 'messages WHERE id=' . $id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result)) {
wap_message($lang_common['Bad request']);
}
$cur_post = $db->fetch_assoc($result);
// Check permissions
if ($cur_post['owner'] != $pun_user['id']) {
wap_message($lang_common['No permission']);
}
if (isset($_POST['delete'])) {
//confirm_referrer('message_delete.php');
// Delete message
$db->query('DELETE FROM ' . $db->prefix . 'messages WHERE id=' . $id) or error('Unable to fetch online list', __FILE__, __LINE__, $db->error());
// Redirect
wap_redirect('message_list.php?box=' . intval($_POST['box']) . '&p=' . intval($_POST['p']));
} else {
$page_title = $pun_config['o_board_title'] . ' / ' . $lang_pms['Delete message'];
require_once PUN_ROOT . 'wap/header.php';
include_once PUN_ROOT . 'include/parser.php';
$cur_post['message'] = parse_message($cur_post['message'], !$cur_post['smileys'], $cur_post['id']);
$smarty->assign('page_title', $page_title);
$smarty->assign('lang_pms', $lang_pms);
$smarty->assign('id', $id);
$smarty->assign('cur_post', $cur_post);
$smarty->assign('lang_delete', $lang_delete);
//$smarty->assign('', $);
$smarty->display('message_delete.tpl');
}
if (!$upl_conf['p_view']) {
wap_message($lang_common['No permission']);
}
if (!$upl_conf['p_globalview']) {
// check if user can access this file
$result = $db->query('SELECT uid FROM ' . $db->prefix . 'uploaded WHERE file=\'' . $db->escape($file_name) . '\' AND uid = ' . $pun_user['id'] . ' LIMIT 1') or error('Error getting this file', __FILE__, __LINE__, $db->error());
if (!$db->fetch_assoc($result)) {
wap_message($lang_common['No permission']);
}
}
// update number of downloads
$result = $db->query('UPDATE ' . $db->prefix . 'uploaded SET downs=downs+1 WHERE file=\'' . $db->escape($file_name) . '\' LIMIT 1') or error($lang_uploads['Err counter'], __FILE__, __LINE__, $db->error());
if (!is_file(PUN_ROOT . 'uploaded/' . $file_name)) {
wap_message($lang_common['Bad request']);
} else {
wap_redirect(PUN_ROOT . 'uploaded/' . $file_name);
}
exit;
}
//////////////////////////////////////////////////////
$result = $db->query('SELECT id,type,exts FROM ' . $db->prefix . 'uploads_types') or error('Unable to get types', __FILE__, __LINE__, $db->error());
$exts = '';
$cats = $ids = array();
while ($ar = $db->fetch_assoc($result)) {
$exts .= $ar['exts'] . ' ';
$cats[] .= $ar['type'];
$ids[] .= $ar['id'];
}
/////////////////////////////////
$exts = trim($exts);
// now we have all file types in one string
$mail_tpl = trim(file_get_contents(PUN_ROOT . 'lang/' . $pun_user['language'] . '/mail_templates/welcome.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_subject = str_replace('<board_title>', $pun_config['o_board_title'], $mail_subject);
$mail_message = str_replace('<base_url>', $pun_config['o_base_url'] . '/', $mail_message);
$mail_message = str_replace('<username>', $username, $mail_message);
$mail_message = str_replace('<password>', $password1, $mail_message);
$mail_message = str_replace('<login_url>', $pun_config['o_base_url'] . '/login.php', $mail_message);
$mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'] . ' ' . $lang_common['Mailer'], $mail_message);
pun_mail($email1, $mail_subject, $mail_message);
wap_message($lang_register['Reg e-mail'] . ' <a href="mailto:' . $pun_config['o_admin_email'] . '">' . $pun_config['o_admin_email'] . '</a>.', true);
}
pun_setcookie($new_uid, $password_hash, $save_pass ? $now + 31536000 : 0);
wap_redirect('index.php');
}
}
}
$languages = array();
$d = dir(PUN_ROOT . 'lang');
while (($entry = $d->read()) !== false) {
if ($entry[0] != '.' && is_dir(PUN_ROOT . 'lang/' . $entry) && file_exists(PUN_ROOT . 'lang/' . $entry . '/common.php')) {
$languages[] = $entry;
}
}
$d->close();
$page_title = $pun_config['o_board_title'] . ' / ' . $lang_register['Register'];
$smarty->assign('page_title', $page_title);
$smarty->assign('lang_register', $lang_register);
$smarty->assign('lang_profile', $lang_profile);
// Final search results
$search_results = implode(',', $search_ids);
// Fill an array with our results and search properties
$temp['search_results'] = $search_results;
$temp['num_hits'] = $num_hits;
$temp['sort_by'] = $sort_by;
$temp['sort_dir'] = $sort_dir;
$temp['show_as'] = $show_as;
$temp = serialize($temp);
$search_id = mt_rand(1, mt_getrandmax());
$ident = $pun_user['is_guest'] ? get_remote_address() : $pun_user['username'];
$db->query('INSERT INTO ' . $db->prefix . 'search_cache (id, ident, search_data) VALUES(' . $search_id . ', \'' . $db->escape($ident) . '\', \'' . $db->escape($temp) . '\')') or error('Unable to insert search results', __FILE__, __LINE__, $db->error());
if ($_GET['action'] != 'show_new' && $_GET['action'] != 'show_24h') {
$db->close();
// Redirect the user to the cached result page
wap_redirect('search.php?search_id=' . $search_id);
}
}
// Fetch results to display
if ($search_results) {
switch ($sort_by) {
case 1:
$sort_by_sql = $show_as == 'topics' ? 't.poster' : 'p.poster';
break;
case 2:
$sort_by_sql = 't.subject';
break;
case 3:
$sort_by_sql = 't.forum_id';
break;
case 4:
