$db = new DB("messages"); $db->setColPrefix("message_"); $db->sender = USER_ID; $db->receiver = $this->uid; $db->content = $_POST['msg']; $db->added = time(); $db->insert(); } catch (Exception $e) { echo error(_t($e->getMessage())); } } if ($this->uid != 0) { ?> <div class="reply"> <form method="post"> <input type="hidden" name="secure_input" value="<?php echo $_SESSION['secure_token_last']; ?> "> <div style="float:left; width: 460px; padding-left: 120px;"> <?php echo bbeditor("msg", 5, 52); ?> </div> <input type="submit" name="reply"> </form> </div> <?php }
?> " /> <tr> <td><?php echo _t("Subject:"); ?> </td> <td><input type="text" name="subject" value="<?php echo isset($_POST['subject']) ? $_POST['subject'] : ""; ?> " size="50"></td> </tr> <tr><td></td> <td> <?php echo bbeditor("content", 15, 80, isset($_POST['content']) ? $_POST['content'] : ""); ?> </td> </tr> <tr><td></td><td> <input type="submit" name="create" value="<?php echo _t("Create topic"); ?> " /> <input type="submit" name="preview" value="<?php echo _t("Preview"); ?> " /> </td> </tr> </table> </form>
echo _t("FAQ"); ?> </option><option value="rules"><?php echo _t("Rules"); ?> </option></select></td> <td width="50px"><?php echo _t("Language"); ?> </td> <td><select name="lang"><?php echo getLanguages(); ?> </select></td> </tr> <tr> <td colspan="6"><?php echo bbeditor("content", 25, 110); ?> </td> </tr> <tr> <td colspan="5"> <input type="submit" name="create" value="<?php echo _t("Create document"); ?> " /> </td> </tr> </table> </form>
echo htmlformat($db->subject); ?> </h4><br /> <form method="post"> <input type="hidden" name="secure_input" value="<?php echo $_SESSION['secure_token_last']; ?> "> <?php echo _t("Subject"); ?> : <input type="text" name="subject" size="50" value="<?php echo $db->subject; ?> "><br /> <?php echo bbeditor("content", 17, 70, $db->content); ?> <input type="submit" name="save" value="<?php echo _t("Save"); ?> " /> <input type="submit" name="preview" value="<?php echo _t("Preview"); ?> " /> </form> <?php } catch (Exception $e) { echo error(_t($e->getMessage())); }
$db = new DB("rules"); $db->setColPrefix("rule_"); $db->select("rule_lang = '" . $db->escape($_GET['lang']) . "'"); if (!$db->numRows()) { throw new Exception("Language not found"); } $db->nextRecord(); } if ($this->type == "faq") { echo "<h4>" . _t("Editing FAQ") . "</h4>"; } else { if ($this->type == "rules") { echo "<h4>" . _t("Editing Rules") . "</h4>"; } } ?> <form method="post"> <?php echo bbeditor("content", 25, 110, $db->content); ?> <br /> <input type="submit" name="save" value="<?php echo _t("Save"); ?> " /> </form> <?php } catch (Exception $e) { echo error(_t($e->getMessage())); }
?> <h4><?php echo _t("Composing news post"); ?> </h4><br /> <form method="post"> <input type="hidden" name="secure_input" value="<?php echo $_SESSION['secure_token_last']; ?> "> <?php echo _t("Subject"); ?> : <input type="text" name="subject" size="50" value=""><br /> <?php echo bbeditor("content", 17, 70); ?> <input type="submit" name="compose" value="<?php echo _t("Publish"); ?> " /> <input type="submit" name="preview" value="<?php echo _t("Preview"); ?> " /> </form> <?php } catch (Exception $e) { echo error(_t($e->getMessage())); }
$this->setSidebar(true); ?> <h4><?php echo _t("Open new support ticket"); ?> </h4> <form method="post"> <table> <tr> <td>Subject:</td> <td><input type="text" name="subject" size="40" /></td> </tr> <tr> <td colspan="2"><?php echo bbeditor("message", 12, 70); ?> </td> </tr> <tr> <td colspan="2"><input type="submit" name="open" value="<?php echo _t("Open ticket"); ?> "></td> </tr> </table> </form> <?php if (isset($_POST['open'])) { try {
public function actionPost() { $userId = $this->userId; $i = 0; $action = ''; foreach ($_GET as $var => $val) { if ($i == 1) { $action .= "&" . $var . "=" . $val; } if ($val == 'post') { $action .= "+" . $val; $i = 1; } } $table_name = "forum_threads"; $table1_name = "forum_posts"; $table2_name = "forum_module"; if (isset($_GET['subaction'])) { $subaction = escape($_GET['subaction']); } global $urlRequestRoot, $moduleFolder, $cmsFolder, $templateFolder, $sourceFolder; $temp = $urlRequestRoot . "/" . $cmsFolder . "/" . $moduleFolder . "/forum/images"; require_once "{$sourceFolder}/{$moduleFolder}/forum/bbeditor.php"; require_once "{$sourceFolder}/{$moduleFolder}/forum/bbparser.php"; $q = "SELECT * FROM `{$table2_name}` WHERE `page_modulecomponentid`='{$this->moduleComponentId}' LIMIT 1"; $res = mysql_query($q); $rows = mysql_fetch_array($res); $access_level = $rows['forum_moderated']; if ($access_level) { $approve = 0; $access = "moderated"; } else { $approve = 1; $access = "public"; } $moderator = getPermissions($this->userId, getPageIdFromModuleComponentId("forum", $this->moduleComponentId), "moderate"); if ($moderator) { $approve = 1; } if (isset($_POST['post'])) { if ($subaction == "create_thread" || $subaction == "") { if (!$_POST['subject'] || !$_POST['message']) { $editor = bbeditor(); return "You did not fill all the fields!" . $editor; } else { $datetime = date("Y-m-d H:i:s"); $message = $_POST['message']; $subject = addslashes(htmlspecialchars($_POST['subject'])); $message = addslashes(htmlspecialchars(parsenewline(nl2br($message)))); if (isset($_POST['sticky']) && $moderator) { $category = "sticky"; } else { $category = "general"; } $query = "SELECT MAX(`forum_thread_id`) AS MAX FROM `forum_threads`"; $result = mysql_query($query); $row1 = mysql_fetch_assoc($result); $threadid = $row1['MAX'] + 1; $sql = "INSERT INTO `{$table_name}`(`forum_thread_id` ,`page_modulecomponentid` ,`forum_thread_category` ,`forum_access_status` ," . "`forum_thread_topic` ,`forum_detail` ,`forum_thread_user_id` ,`forum_thread_datetime` ,`forum_post_approve` ," . "`forum_thread_viewcount` ,`forum_thread_last_post_userid` ,`forum_thread_lastpost_date`)" . " VALUES('{$threadid}', '{$this->moduleComponentId}', '{$category}', '{$access}', '{$subject}', '{$message}'," . " '{$userId}', '{$datetime}', '{$approve}', '1','{$userId}', '{$datetime}')"; $result = mysql_query($sql) or displayerror(mysql_error() . "Create New Thread failed L:550"); if ($result) { $sql1 = "SELECT * FROM `{$table2_name}` WHERE `page_modulecomponentid`='{$this->moduleComponentId}' LIMIT 1"; $result1 = mysql_query($sql1); $rows1 = mysql_fetch_array($result1); $total_thread_count = $rows['total_thread_count']; // count more value $net_thread_count = $total_thread_count + 1; $sql2 = "UPDATE `{$table2_name}` SET `total_thread_count`='{$net_thread_count}', `last_post_userid`='{$userId}'," . " `last_post_datetime`='{$datetime}' WHERE `page_modulecomponentid`='{$this->moduleComponentId}' LIMIT 1"; $result2 = mysql_query($sql2); if ($access == "moderated" && !$moderator) { displayinfo("You have successfully created a new thread.It will be published after getting the moderator's approval." . "<br />"); } else { displayinfo("You have successfully created a new thread.<br />"); } } else { displayerror("Sorry! Your thread could not be created now. Please try again later!"); } return $this->actionView(); } } else { if ($subaction == "post_reply") { if (!$_POST['subject'] || !$_POST['message']) { $editor = bbeditor(); return "You did not fill all the fields!" . $editor; } else { $forum_id = escape($_GET['thread_id']); $datetime = date("Y-m-d H:i:s"); $message = $_POST['message']; $subject = addslashes(htmlspecialchars($_POST['subject'])); $message = addslashes(htmlspecialchars(parsenewline(nl2br($message)))); $sql7 = "SELECT MAX(`forum_post_id`) AS Maxpost_id FROM `{$table1_name}` WHERE `forum_thread_id` = '{$forum_id}'"; $res = mysql_query($sql7); $rows = mysql_fetch_array($res); // add + 1 to highest answer number and keep it in variable name "$Max_id". if there no answer yet set it = 1 if ($rows) { $Max_id = $rows['Maxpost_id'] + 1; } else { $Max_id = 1; } $sql = "INSERT INTO `{$table1_name}`( `page_modulecomponentid` , `forum_thread_id` , `forum_post_id` , `forum_post_user_id` , `forum_post_title` , " . "`forum_post_content` , `forum_post_datetime` , `forum_post_approve` ) VALUES( '{$this->moduleComponentId}','{$forum_id}', '{$Max_id}'," . " '{$userId}', '{$subject}', '{$message}', '{$datetime}', '{$approve}')"; $result = mysql_query($sql) or displayerror(mysql_error() . "Post failed L:594"); if ($result) { $sql1 = "SELECT * FROM `{$table_name}` WHERE `page_modulecomponentid`='{$this->moduleComponentId}' AND `forum_thread_id`={$forum_id}" . " LIMIT 1"; $result1 = mysql_query($sql1); $rows1 = mysql_fetch_array($result1); $sql2 = "UPDATE `{$table_name}` SET `forum_thread_last_post_userid`='{$userId}', " . "`forum_thread_lastpost_date`='{$datetime}' " . "WHERE `page_modulecomponentid`='{$this->moduleComponentId}' AND `forum_thread_id`='{$forum_id}' LIMIT 1"; $result2 = mysql_query($sql2); $sql3 = "SELECT * FROM `{$table2_name}` WHERE `page_modulecomponentid`='{$this->moduleComponentId}' LIMIT 1"; $result3 = mysql_query($sql3); $rows3 = mysql_fetch_array($result3); $sql4 = "UPDATE `{$table2_name}` SET `last_post_userid`='{$userId}', " . "`last_post_datetime`='{$datetime}' WHERE `page_modulecomponentid`='{$this->moduleComponentId}' LIMIT 1"; $result4 = mysql_query($sql4); if ($rows1['forum_access_status'] == "moderated" && !$moderator) { displayinfo("You have successfully posted your reply.It will be published after getting the moderator's approval." . "<br />"); } else { displayinfo("You have successfully posted your reply!"); } } else { displayerror("Sorry! Your reply could not be posted now. Please try again later!"); } $forumHtml = ''; $thread_id = $forum_id; $sql = "SELECT * FROM `{$table_name}` WHERE `forum_thread_id`='{$thread_id}' AND `page_modulecomponentid`='{$this->moduleComponentId}' LIMIT 1"; $result1 = mysql_query($sql); $rows = mysql_fetch_array($result1); $threadUserId = $rows['forum_thread_user_id']; $forum_topic = parseubb(parsesmileys($rows['forum_thread_topic'])); $forum_detail = parseubb(parsesmileys($rows['forum_detail'])); $name = getUserName($rows['forum_thread_user_id']); $posts = $this->getTotalPosts($rows['forum_thread_user_id']); $reg_date = $this->getRegDateFromUserID($rows['forum_thread_user_id']); $forumHtml = $this->forumHtml($rows, 'threadHead'); if ($rows['forum_post_approve'] == 1) { $forumHtml .= $this->forumHtml($rows, 'threadMain'); } $sql2 = "SELECT * FROM `{$table1_name}` WHERE `forum_thread_id`='{$thread_id}' AND `forum_post_approve` = 1 AND `page_modulecomponentid`='{$this->moduleComponentId}' ORDER BY `forum_post_id` ASC"; $result2 = mysql_query($sql2); while ($rows = mysql_fetch_array($result2)) { $forumHtml .= $this->forumHtml($rows, 'threadMain', 1); } $sql3 = "SELECT `forum_thread_viewcount` FROM `{$table_name}` WHERE `forum_thread_id`='{$thread_id}' AND `page_modulecomponentid`='{$this->moduleComponentId}'"; $result3 = mysql_query($sql3); $rows = mysql_fetch_array($result3); $view = $rows['forum_thread_viewcount']; // count more value $addview = $view + 1; $sql5 = "UPDATE `{$table_name}` SET `forum_thread_viewcount`='{$addview}' WHERE forum_thread_id='{$thread_id}' AND `page_modulecomponentid`='{$this->moduleComponentId}' LIMIT 1"; $result5 = mysql_query($sql5); $forumHtml .= '</table> '; return $forumHtml; } } } } else { if (isset($_POST['preview'])) { $message = escape($_POST['message']); $subject = addslashes(htmlspecialchars($_POST['subject'])); $text = $message; $message = nl2br($message); $message = parseubb(parsesmileys(addslashes(htmlspecialchars(parsenewline($message))))); $editor = bbeditor($action, $subject, $text); return "<b>Subject :</b> " . $subject . "<br><b>Message :</b><br> " . $message . $editor; } else { if (isset($_GET['thread_id'])) { $editor = bbeditor($action); return $editor; } else { $editor = bbeditor($action); return $editor; } } } }
?> </option> <option value='1' <?php echo $db->status == 1 ? "SELECTED" : ""; ?> ><?php echo _t("Solved"); ?> </option> </select><br /> <input type="hidden" name="secure_input" value="<?php echo $_SESSION['secure_token_last']; ?> "> <?php echo bbeditor("message", 7, 70); ?> <br /> <input type="submit" name="reply" value="<?php echo _t("Reply"); ?> "> </form> <div id="conv"> <?php if (isset($_POST['reply'])) { try { if ($_POST['secure_input'] != $_SESSION['secure_token']) { throw new Exception("Wrong secured token"); } if (!empty($_POST['message'])) {
</tbody> </table> </td> </table> <br /> <h4><?php echo _t("Comments"); ?> </h4> <form method="post"> <input type="hidden" name="secure_input" value="<?php echo $_SESSION['secure_token_last']; ?> "> <?php echo bbeditor("content"); ?> <input type="submit" name="comment" value="<?php echo _t("Comment"); ?> " /> </form> <div id="conv"> <?php if (isset($_POST['comment'])) { try { if ($_POST['secure_input'] != $_SESSION['secure_token']) { throw new Exception("Wrong secured token"); } if (empty($_POST['content'])) { throw new Exception("cannot post a comment without a content");
} if ($acl->Access("x")) { $allowed = true; } if (!$allowed) { throw new Exception("Not owner, access denied"); } ?> <form method="post"> <input type="hidden" name="secure_input" value="<?php echo $_SESSION['secure_token_last']; ?> "> <input type="hidden" name="topic_id" value="<?php echo $db->post_topic; ?> " /> <?php echo bbeditor("content", 15, 80, $db->post_content); ?> <br /> <input type="submit" name="reply" value="<?php echo _t("Save"); ?> " /> </form> <?php } catch (Exception $e) { echo error($e->getMessage()); }
<input type="hidden" name="id" value="<?php echo $db->id; ?> "> <table> <tr> <td width="120px">Title</td> <td><input type="text" name="title" value="<?php echo $db->title; ?> " size="30"></td> </tr> <tr> <td width="120px">Description</td> <td><?php echo bbeditor("description", 10, 85, $db->description); ?> </td> </tr> <tr> <td width="120px">Type</td> <td> <select name="type"> <?php foreach ($types as $id => $title) { echo "<option value='{$id}' " . ($db->type == $id ? "SELECTED" : "") . ">" . _t($title) . "</option>"; } ?> </select> </td> </tr>
default: $msg = "<font color='red'>" . _t("unsolved") . "</font>"; break; case 1: $msg = "<font color='green'>" . _t("solved") . "</font>"; break; } ?> <h4><?php echo $db->subject; ?>: <?php echo $msg; ?></h4> <form method="post"> <select name="status"> <option value='0' <?php echo ($db->status == 0 ? "SELECTED" : "") ?>><?php echo _t("Unsolved") ?></option> <option value='1' <?php echo ($db->status == 1 ? "SELECTED" : "") ?>><?php echo _t("Solved") ?></option> </select><br /> <input type="hidden" name="secure_input" value="<?php echo $_SESSION['secure_token_last'] ?>"> <?php echo bbeditor("message", 7, 70) ?><br /> <input type="submit" name="reply" value="<?php echo _t("Reply") ?>"> </form> <div id="conv"> <?php if (isset($_POST['reply'])) { try { if ($_POST['secure_input'] != $_SESSION['secure_token']) throw new Exception("Wrong secured token"); if (!empty($_POST['message'])) { $db = new DB("support_messages"); $db->setColPrefix("message_"); $db->user = USER_ID; $db->added = time();
</a> </td></tr> </tbody> </table> <br /> <h4><?php echo _t("Comments"); ?> </h4> <form method="post"> <input type="hidden" name="secure_input" value="<?php echo $_SESSION['secure_token_last']; ?> "> <?php echo bbeditor("content", 5, 52); ?> <input type="submit" name="comment" value="<?php echo _t("Comment"); ?> " /> </form> <div id="conv"> <?php if (isset($_POST['comment'])) { try { if ($_POST['secure_input'] != $_SESSION['secure_token']) { throw new Exception("Wrong secured token"); } if (empty($_POST['content'])) { throw new Exception("cannot post a comment without a content");
header("location: " . page("admin", "bonus")); } catch (Exception $e) { echo error(_t($e->getMessage())); } } ?> <form method="post"> <table> <tr> <td width="120px">Title</td> <td><input type="text" name="title" size="30"></td> </tr> <tr> <td width="120px">Description</td> <td><?php echo bbeditor("description", 10, 85); ?> </td> </tr> <tr> <td width="120px">Type</td> <td> <select name="type"> <?php foreach ($types as $id => $title) { echo "<option value='{$id}'>" . _t($title) . "</option>"; } ?> </select> </td> </tr>