Пример #1
0
function forum_edit_replay($id, $bid, $tid)
{
    global $db;
    $thread = $db->fetch_assoc('SELECT `threadID`, `bID`, `threadname`, a.boardparentID, ' . DB_PRE . 'ecp_forum_threads.closed,userID, comment, attachs,postname, adatum, 
									    a.editcom,a.editmocom,a.rightsread, a.commentsperpost, a.moneyperpost, a.boardparentID, 
									    a.name, a.attachments, a.attachmaxsize, a.postcom, a.attachfiles, b.rightsread as parentRead 
									    FROM ' . DB_PRE . 'ecp_forum_threads 
									    LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (bID = a.boardID) 
									    LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (b.boardID = a.boardparentID) 
									    LEFT JOIN ' . DB_PRE . 'ecp_forum_comments ON (comID = ' . $id . ')
									    WHERE threadID = ' . $tid . ' AND bID = ' . $bid);
    if (@$_SESSION['userID'] and find_access($thread['rightsread']) and find_access($thread['parentRead']) and (find_access($thread['editcom']) and $_SESSION['userID'] == $thread['userID'] or find_access($thread['editmocom'])) and $db->errorNum() == 0) {
        if (isset($_POST['comment'])) {
            if ($_POST['comment'] == '' or isset($_POST['username']) and $_POST['username'] == '' or isset($_POST['title']) and $_POST['title'] == '') {
                table(ERROR, NOT_NEED_ALL_INPUTS);
                $tpl = new smarty();
                $tpl->assign('func', 'edit');
                $tpl->assign('func2', '&comID=' . $id);
                $tpl->assign('comment', $_POST['comment']);
                if ($db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND adatum < ' . $thread['adatum'] . ' ORDER BY adatum ASC') == 0) {
                    $tpl->assign('title', $thread['threadname']);
                }
                if ($thread['userID'] == 0) {
                    $tpl->assign('username', $thread['postname']);
                }
                ob_start();
                if ($thread['attachments'] and $thread['attachmaxsize']) {
                    $attachs = $db->result(DB_PRE . 'ecp_forum_attachments', 'COUNT(attachID)', 'mID = ' . $id . ' AND tID = ' . $tid);
                    if ($thread['attachments'] > $attachs) {
                        $rand = get_random_string(16, 2);
                        $tpl->assign('attach', find_access($thread['attachfiles']));
                        $tpl->assign('maxsize', $thread['attachmaxsize']);
                        $tpl->assign('rand', $rand);
                        $tpl->assign('sid', session_name() . '=' . session_id());
                        $tpl->assign('maxuploads', $thread['attachments'] - $attachs);
                        $tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'] - $attachs, goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO));
                        $_SESSION['forum']['attach'][$bid] = $rand;
                    }
                }
                $tpl->assign('quote', true);
                $tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html');
                $content = ob_get_contents();
                ob_end_clean();
                main_content(FORUM_POST_EDIT, $content, '', 1);
            } else {
                if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_forum_comments SET postname = \'%s\', comment = \'%s\', edits =edits +1, editdatum = %d, edituserID = %d WHERE comID = %d', strsave(htmlspecialchars(@$_POST['username'])), strsave(comment_save($_POST['comment'])), time(), @(int) $_SESSION['userID'], $id))) {
                    if (find_access($thread['attachfiles'])) {
                        if (UPLOAD_METHOD == 'old') {
                            $maxattach = $thread['attachments'] - $db->result(DB_PRE . 'ecp_forum_attachments', 'COUNT(attachID)', 'bID = ' . $bid . ' AND mID = ' . $id);
                            foreach ($_FILES as $key => $value) {
                                if ($_FILES[$key] == '' or $maxattach <= 0 or $_FILES[$key]['size'] > $thread['attachmaxsize']) {
                                    continue;
                                }
                                $mine = getMimeType($_FILES[$key]['tmp_name'], $_FILES[$key]['name']);
                                if ($mine == 'application/zip' or $mine == 'application/x-rar-compressed' or $mine == 'image/bmp' or $mine == 'image/gif' or $mine == 'image/jpeg' or $mine == 'image/png' or $mine == 'application/pdf' or $mine == 'text/plain' or $mine == 'text/css' or $mine == 'text/html') {
                                    $sha1 = sha1_file($_FILES[$key]['tmp_name']);
                                    if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_forum_attachments (`bID`, `userID`, `name`, `size`, `strname`, uploadzeit, IP, tID, mID) VALUES (%d, %d, \'%s\', %d, \'%s\', %d, \'%s\', %d, %d)', $bid, @(int) $_SESSION['userID'], strsave($_FILES[$key]['name']), (int) $_FILES[$key]['size'], $sha1, time(), $_SERVER['REMOTE_ADDR'], $tid, $id))) {
                                        move_uploaded_file($_FILES[$key]['tmp_name'], 'uploads/forum/' . $db->last_id() . '_' . $sha1);
                                        umask(0);
                                        chmod('uploads/forum/' . $db->last_id() . '_' . $sha1, CHMOD);
                                        $db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET anhaenge = 1 WHERE threadID = ' . $tid);
                                        $db->query('UPDATE ' . DB_PRE . 'ecp_forum_comments SET attachs = 1 WHERE comID = ' . $id);
                                    }
                                    $maxattach--;
                                }
                            }
                        } else {
                            $db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_forum_attachments SET `tID` = %d, `mID` = %d WHERE validation = \'%s\' AND bID = %d', $id, $comid, strsave($_GET['rand']), $bid));
                            if ($db->affekt_rows()) {
                                $db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET anhaenge = 1 WHERE threadID = ' . $id);
                                $db->query('UPDATE ' . DB_PRE . 'ecp_forum_comments SET attachs = 1 WHERE comID = ' . $comid);
                            }
                        }
                    }
                    if ($db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND adatum < ' . $thread['adatum'] . ' ORDER BY adatum ASC') == 0) {
                        $db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET threadname = \'' . strsave(htmlspecialchars($_POST['title'])) . '\', vonname = \'' . strsave(htmlspecialchars(@$_POST['username'])) . '\' WHERE threadID = ' . $tid);
                    }
                    $last = $db->fetch_assoc('SELECT userID,postname,adatum, tID FROM ' . DB_PRE . 'ecp_forum_comments WHERE boardID = ' . $bid . ' ORDER BY adatum DESC LIMIT 1');
                    $db->query('UPDATE ' . DB_PRE . 'ecp_forum_boards SET `lastpostuserID` =  ' . (int) $last['userID'] . ', `lastpostuser` = \'' . $last['postname'] . '\', `lastpost` = ' . (int) $last['adatum'] . ', lastthreadID = ' . (int) $last['tID'] . ' WHERE (boardID = ' . $bid . ' OR boardID = ' . $thread['boardparentID'] . ')');
                    $last = $db->fetch_assoc('SELECT userID,postname,adatum FROM ' . DB_PRE . 'ecp_forum_comments WHERE tID = ' . $tid . ' ORDER BY adatum DESC LIMIT 1');
                    $db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET `lastuserID` =  ' . $last['userID'] . ', `lastusername` = \'' . $last['postname'] . '\', `lastreplay` = ' . $last['adatum'] . ' WHERE threadID = ' . $tid);
                    unset($_SESSION['forum']['attach'][$bid]);
                    $anzahl = $db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND boardID =' . $bid . ' AND adatum < ' . $thread['adatum']);
                    header1('?section=forum&action=thread&boardID=' . $bid . '&threadID=' . $tid . '&page=' . (ceil(($anzahl - 1) / LIMIT_FORUM_COMMENTS) + 1) . '#com_' . $id);
                }
            }
        } else {
            $tpl = new smarty();
            $tpl->assign('comment', htmlspecialchars($thread['comment']));
            $tpl->assign('func', 'edit');
            $tpl->assign('func2', '&comID=' . $id);
            if ($db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND adatum < ' . $thread['adatum'] . ' ORDER BY adatum ASC') == 0) {
                $tpl->assign('title', $thread['threadname']);
            }
            if ($thread['userID'] == 0) {
                $tpl->assign('username', $thread['postname']);
            }
            ob_start();
            if ($thread['attachments'] and $thread['attachmaxsize']) {
                $attachs = $db->result(DB_PRE . 'ecp_forum_attachments', 'COUNT(attachID)', 'mID = ' . $id . ' AND tID = ' . $tid);
                if ($thread['attachments'] > $attachs) {
                    $rand = get_random_string(16, 2);
                    $tpl->assign('attach', find_access($thread['attachfiles']));
                    $tpl->assign('maxsize', $thread['attachmaxsize']);
                    $tpl->assign('rand', $rand);
                    $tpl->assign('sid', session_name() . '=' . session_id());
                    $tpl->assign('maxuploads', $thread['attachments'] - $attachs);
                    $tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'] - $attachs, goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO));
                    $_SESSION['forum']['attach'][$bid] = $rand;
                }
            }
            $tpl->assign('quote', true);
            $tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html');
            $content = ob_get_contents();
            ob_end_clean();
            main_content(FORUM_POST_EDIT, $content, '', 1);
        }
    } else {
        table(ERROR, ACCESS_DENIED);
    }
}
Пример #2
0
function gallery_viewpic($id)
{
    global $db;
    $image = $db->fetch_assoc('SELECT gID, katename, b.access as kateacces, a.access as access, name, images, cID, folder, filename, uploaded, c.beschreibung, klicks, c.userID, username FROM ' . DB_PRE . 'ecp_gallery_images AS c LEFT JOIN ' . DB_PRE . 'ecp_gallery as a ON (gID = galleryID) LEFT JOIN ' . DB_PRE . 'ecp_user ON ID=c.userID LEFT JOIN ' . DB_PRE . 'ecp_gallery_kate as b ON (cID = kateID) WHERE imageID = ' . $id);
    if (isset($image['uploaded']) and find_access($image['access']) and find_access($image['kateacces'])) {
        if (!isset($_SESSION['gallery'][$id])) {
            $db->query('UPDATE ' . DB_PRE . 'ecp_gallery_images SET klicks=klicks+1 WHERE imageID = ' . $id);
            $_SESSION['gallery'][$id] = true;
        }
        $tpl = new smarty();
        $image['uploaded'] = date(LONG_DATE, $image['uploaded']);
        $tpl->assign('pfad', '<a href="?section=gallery">' . GALLERY . '</a> <img src="templates/' . DESIGN . '/images/pfeil_o.gif" alt="" /> <a href="?section=gallery&action=kate&id=' . $image['cID'] . '">' . $image['katename'] . '</a> <img src="templates/' . DESIGN . '/images/pfeil_o.gif" alt="" /> <a href="?section=gallery&action=gallery&id=' . $image['gID'] . '">' . $image['name'] . '</a>');
        $tpl->assign('vorID', @$db->result(DB_PRE . 'ecp_gallery_images', 'imageID', 'gID = ' . $image['gID'] . ' AND imageID < ' . $id . ' ORDER BY imageID DESC LIMIT 1'));
        $tpl->assign('nachID', @$db->result(DB_PRE . 'ecp_gallery_images', 'imageID', 'gID = ' . $image['gID'] . ' AND imageID > ' . $id . ' ORDER BY imageID ASC LIMIT 1'));
        foreach ($image as $key => $value) {
            $tpl->assign($key, $value);
        }
        ob_start();
        $tpl->display(DESIGN . '/tpl/gallery/view_pic.html');
        $content = ob_get_contents();
        ob_end_clean();
        main_content(GALLERY, '<div id="display_pic">' . $content . '</div>', '', 1);
    } else {
        table(ERROR, NO_ENTRIES_ID);
    }
}
Пример #3
0
                if ($db->query('DELETE FROM ' . DB_PRE . 'ecp_forum_abo WHERE thID = ' . (int) $_GET['id'] . ' AND userID = ' . $_SESSION['userID'])) {
                    echo 0;
                }
            } else {
                if ($db->query('INSERT INTO ' . DB_PRE . 'ecp_forum_abo (`thID`, `boID`, `userID`) VALUES (' . (int) $_GET['id'] . ', ' . $array['bID'] . ', ' . $_SESSION['userID'] . ')')) {
                    echo 1;
                }
            }
        } else {
            echo htmlentities(ACCESS_DENIED);
        }
        break;
    case 'thread_vote':
        $thread = $db->fetch_assoc('SELECT `threadID`, `bID`, a.isforum, a.closed as forumclosed,
												 a.rightsread, b.rightsread as parentRead FROM ' . DB_PRE . 'ecp_forum_threads LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (bID = a.boardID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (b.boardID = a.boardparentID) WHERE threadID = ' . (int) $_GET['id']);
        if (find_access($thread['rightsread']) and find_access($thread['parentRead']) and $thread['isforum'] and isset($_SESSION['userID'])) {
            if ($db->result(DB_PRE . 'ecp_forum_ratings', 'COUNT(rateID)', 'userID = ' . $_SESSION['userID'] . ' AND tID = ' . (int) $_GET['id'])) {
                echo html_ajax_convert(FORUM_RATING_ALLREADY);
            } else {
                if ((int) $_GET['wert'] < 1 or (int) $_GET['wert'] > 5) {
                    echo html_ajax_convert(FORUM_RATING_WRONG);
                } else {
                    if ($db->query('INSERT INTO ' . DB_PRE . 'ecp_forum_ratings (`userID`, `tID`, `bID`, `wert`) VALUES (' . $_SESSION['userID'] . ', ' . (int) $_GET['id'] . ', ' . $thread['bID'] . ', ' . (int) $_GET['wert'] . ')')) {
                        $array = $db->fetch_assoc('SELECT COUNT(rateID) as anzahl, AVG(wert) as mittel FROM ' . DB_PRE . 'ecp_forum_ratings WHERE tID = ' . (int) $_GET['id']);
                        echo get_forum_rating($array['mittel']);
                        $db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET  rating = ' . $array['mittel'] . ', ratingvotes = ' . $array['anzahl'] . ' WHERE threadID = ' . (int) $_GET['id']);
                    }
                }
            }
        } else {
            echo html_ajax_convert(NO_ACCESS_RIGHTS);