function send_pm($to, $from, $subject, $message, $smileys = "y") { // Pimped global $settings; include LOCALE . LOCALESET . "messages.php"; require_once INCLUDES . "sendmail_include.php"; require_once INCLUDES . "flood_include.php"; $msg_settings = dbarray(dbquery("SELECT pm_inbox, pm_email_notify FROM " . DB_MESSAGES_OPTIONS . " WHERE user_id='0'")); $error = 0; if ($from === "0" || !flood_control("message_datestamp", DB_MESSAGES, "message_from='" . $from . "'")) { // Pimped $result = dbquery("SELECT u.user_id, u.user_name, u.user_email, mo.pm_email_notify, COUNT(message_id) as message_count FROM " . DB_USERS . " u\r\n\t\t\tLEFT JOIN " . DB_MESSAGES_OPTIONS . " mo USING(user_id)\r\n\t\t\tLEFT JOIN " . DB_MESSAGES . " ON message_to=u.user_id AND message_folder='0'\r\n\t\t\tWHERE u.user_id=" . _db($to) . " GROUP BY u.user_id"); if (dbrows($result)) { $data = dbarray($result); $result = dbquery("SELECT user_id, user_name FROM " . DB_USERS . " WHERE user_id=" . _db($from)); if ($from === "0" || dbrows($result)) { // Pimped if ($from === "0") { $userdata['user_id'] = "0"; $userdata['user_name'] = "System"; } else { $userdata = dbarray($result); } if ($to != $from) { if ($msg_settings['pm_inbox'] == "0" || $data['message_count'] + 1 <= $msg_settings['pm_inbox']) { # Pimped: -> $search = array("{SITETITLE}", "{SENDER}", "{RECEIVER}"); $replace = array($settings['sitename'], $userdata['user_name'], $data['user_name']); $message = str_replace($search, $replace, $message); $subject = str_replace($search, $replace, $subject); # <- $result = dbquery("INSERT INTO " . DB_MESSAGES . " (message_to, message_from, message_subject, message_message, message_smileys, message_read, message_datestamp, message_folder) VALUES(" . _db($data['user_id']) . ", " . _db($userdata['user_id']) . ", " . _db($subject) . ", " . _db($message) . ", " . _db($smileys) . ", '0', '" . time() . "', '0')"); $message_content = str_replace("[SUBJECT]", $subject, $locale['626']); $message_content = str_replace("[USER]", $userdata['user_name'], $message_content); $send_email = isset($data['pm_email_notify']) ? $data['pm_email_notify'] : $msg_settings['pm_email_notify']; if ($send_email == "1") { sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['625'], $data['user_name'] . $message_content); } } else { // Inbox is full $error = 1; } } else { // Reciever and sender are the same user $error = 2; } } else { // Sender does not exist in DB $error = 3; } } else { // Reciever does not exist in DB $error = 4; } } else { // Floodcontrol exceeded $error = 5; } return $error; }
function send_pm($to, $from, $subject, $message, $smileys = "y") { global $settings; include LOCALE . LOCALESET . "messages.php"; require_once INCLUDES . "sendmail_include.php"; require_once INCLUDES . "flood_include.php"; $msg_settings = dbarray(dbquery("SELECT pm_inbox, pm_email_notify FROM " . DB_MESSAGES_OPTIONS . " WHERE user_id='0'")); $smileys = preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $message) ? "n" : $smileys; $error = 0; if (!flood_control("message_datestamp", DB_MESSAGES, "message_from='" . $from . "'")) { $result = dbquery("SELECT u.user_id, u.user_name, u.user_email, u.user_level, mo.pm_email_notify, COUNT(message_id) as message_count FROM " . DB_USERS . " u\r\n\t\t\tLEFT JOIN " . DB_MESSAGES_OPTIONS . " mo USING(user_id)\r\n\t\t\tLEFT JOIN " . DB_MESSAGES . " ON message_to=u.user_id AND message_folder='0'\r\n\t\t\tWHERE u.user_id='{$to}' GROUP BY u.user_id"); if (dbrows($result)) { $data = dbarray($result); $result = dbquery("SELECT user_id, user_name FROM " . DB_USERS . " WHERE user_id='" . $from . "'"); if (dbrows($result)) { $userdata = dbarray($result); if ($to != $from) { if ($data['user_id'] == 1 || $data['user_level'] > 101 || $msg_settings['pm_inbox'] == "0" || $data['message_count'] + 1 <= $msg_settings['pm_inbox']) { $result = dbquery("INSERT INTO " . DB_MESSAGES . " (message_to, message_from, message_subject, message_message, message_smileys, message_read, message_datestamp, message_folder) VALUES('" . $data['user_id'] . "','" . $userdata['user_id'] . "','" . $subject . "','" . $message . "','" . $smileys . "','0','" . time() . "','0')"); $send_email = isset($data['pm_email_notify']) ? $data['pm_email_notify'] : $msg_settings['pm_email_notify']; if ($send_email == "1") { $message_content = str_replace("[SUBJECT]", $subject, $locale['626']); $message_content = str_replace("[USER]", $userdata['user_name'], $message_content); $template_result = dbquery("SELECT template_key, template_active FROM " . DB_EMAIL_TEMPLATES . " WHERE template_key='PM' LIMIT 1"); if (dbrows($template_result)) { $template_data = dbarray($template_result); if ($template_data['template_active'] == "1") { sendemail_template("PM", $subject, trimlink($message, 150), $userdata['user_name'], $data['user_name'], "", $data['user_email']); } else { sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['625'], $data['user_name'] . $message_content); } } else { sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['625'], $data['user_name'] . $message_content); } } } else { // Inbox is full $error = 1; } } else { // Reciever and sender are the same user $error = 2; } } else { // Sender does not exist in DB $error = 3; } } else { // Reciever does not exist in DB $error = 4; } } else { // Floodcontrol exceeded $error = 5; } return $error; }
} $caption = $fdata['forum_cat_name'] . " :: <a href='viewforum.php?forum_id=" . $fdata['forum_id'] . "'>" . $fdata['forum_name'] . "</a>"; if (iMEMBER && isset($_POST['cast_vote']) && (isset($_POST['poll_option']) && isnum($_POST['poll_option']))) { $result = dbquery("SELECT * FROM " . DB_FORUM_POLL_VOTERS . " WHERE forum_vote_user_id='" . $userdata['user_id'] . "' AND thread_id='" . $_GET['thread_id'] . "'"); if (!dbrows($result)) { $result = dbquery("UPDATE " . DB_FORUM_POLL_OPTIONS . " SET forum_poll_option_votes=forum_poll_option_votes+1 WHERE thread_id='" . $_GET['thread_id'] . "' AND forum_poll_option_id='" . $_POST['poll_option'] . "'"); $result = dbquery("UPDATE " . DB_FORUM_POLLS . " SET forum_poll_votes=forum_poll_votes+1 WHERE thread_id='" . $_GET['thread_id'] . "'"); $result = dbquery("INSERT INTO " . DB_FORUM_POLL_VOTERS . " (thread_id, forum_vote_user_id, forum_vote_user_ip) VALUES ('" . $_GET['thread_id'] . "', '" . $userdata['user_id'] . "', '" . USER_IP . "')"); } redirect(FUSION_SELF . "?thread_id=" . $_GET['thread_id']); } if (iMEMBER && $can_reply && !$fdata['thread_locked'] && isset($_POST['postquickreply'])) { $message = stripinput(censorwords($_POST['message'])); if ($message != "") { require_once INCLUDES . "flood_include.php"; if (!flood_control("post_datestamp", DB_POSTS, "post_author='" . $userdata['user_id'] . "'")) { $sig = $userdata['user_sig'] ? '1' : '0'; $smileys = isset($_POST['disable_smileys']) || preg_match("#\\[code\\](.*?)\\[/code\\]#si", $message) ? "0" : "1"; $result = dbquery("INSERT INTO " . DB_POSTS . " (forum_id, thread_id, post_message, post_showsig, post_smileys, post_author, post_datestamp, post_ip, post_edituser, post_edittime) VALUES ('" . $fdata['forum_id'] . "', '" . $_GET['thread_id'] . "', '{$message}', '{$sig}', '{$smileys}', '" . $userdata['user_id'] . "', '" . time() . "', '" . USER_IP . "', '0', '0')"); $newpost_id = mysql_insert_id(); $result = dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . time() . "', forum_postcount=forum_postcount+1, forum_lastuser='******'user_id'] . "' WHERE forum_id='" . $fdata['forum_id'] . "'"); $result = dbquery("UPDATE " . DB_THREADS . " SET thread_lastpost='" . time() . "', thread_lastpostid='" . $newpost_id . "', thread_postcount=thread_postcount+1, thread_lastuser='******'user_id'] . "' WHERE thread_id='" . $_GET['thread_id'] . "'"); $result = dbquery("UPDATE " . DB_USERS . " SET user_posts=user_posts+1 WHERE user_id='" . $userdata['user_id'] . "'"); redirect("postify.php?post=reply&error=0&forum_id=" . $fdata['forum_id'] . "&thread_id=" . $_GET['thread_id'] . "&post_id={$newpost_id}"); } else { redirect("viewthread.php?thread_id=" . $_GET['thread_id']); } } } $rows = dbcount("(thread_id)", DB_POSTS, "thread_id='" . $_GET['thread_id'] . "'"); $last_post = dbarray(dbquery("SELECT post_id FROM " . DB_POSTS . " WHERE thread_id='" . $_GET['thread_id'] . "' ORDER BY post_datestamp DESC LIMIT 1"));
} } $archive_shout_message = str_replace("\n", " ", $_POST['archive_shout_message']); $archive_shout_message = preg_replace("/^(.{255}).*\$/", "\$1", $archive_shout_message); $archive_shout_message = trim(stripinput(censorwords($archive_shout_message))); if (iMEMBER && (isset($_GET['action']) && $_GET['action'] == "edit") && (isset($_GET['shout_id']) && isnum($_GET['shout_id']))) { $comment_updated = false; if (iADMIN && checkrights("S") || iMEMBER && dbcount("(shout_id)", DB_SHOUTBOX, "shout_id='" . $_GET['shout_id'] . "' AND shout_name='" . $userdata['user_id'] . "' AND shout_hidden='0'")) { if ($archive_shout_message) { $result = dbquery("UPDATE " . DB_SHOUTBOX . " SET shout_message='{$archive_shout_message}' WHERE shout_id='" . $_GET['shout_id'] . "'" . (iADMIN ? "" : " AND shout_name='" . $userdata['user_id'] . "'")); } } redirect(FUSION_SELF); } elseif ($archive_shout_name && $archive_shout_message) { require_once INCLUDES . "flood_include.php"; if (!flood_control("shout_datestamp", DB_SHOUTBOX, "shout_ip='" . USER_IP . "'")) { $result = dbquery("INSERT INTO " . DB_SHOUTBOX . " (shout_name, shout_message, shout_datestamp, shout_ip, shout_ip_type, shout_hidden" . (multilang_table("SB") ? ", shout_language)" : ")") . " VALUES ('{$archive_shout_name}', '{$archive_shout_message}', '" . time() . "', '" . USER_IP . "', '" . USER_IP_TYPE . "', '0'" . (multilang_table("SB") ? ", '" . LANGUAGE . "')" : ")")); } redirect(FUSION_SELF); } } if (iMEMBER && (isset($_GET['action']) && $_GET['action'] == "edit") && (isset($_GET['shout_id']) && isnum($_GET['shout_id']))) { $esresult = dbquery("SELECT ts.shout_id, ts.shout_name, ts.shout_message, tu.user_id, tu.user_name\r\n\t\t\tFROM " . DB_SHOUTBOX . " ts\r\n\t\t\tLEFT JOIN " . DB_USERS . " tu ON ts.shout_name=tu.user_id\r\n\t\t\t" . (multilang_table("SB") ? "WHERE shout_language='" . LANGUAGE . "' AND" : "WHERE") . " ts.shout_id='" . $_GET['shout_id'] . "' AND shout_hidden='0'"); if (dbrows($esresult)) { $esdata = dbarray($esresult); if (iADMIN && checkrights("S") || iMEMBER && $esdata['shout_name'] == $userdata['user_id'] && isset($esdata['user_name'])) { if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['shout_id']) && isnum($_GET['shout_id']))) { $edit_url = "?action=edit&shout_id=" . $esdata['shout_id']; } else { $edit_url = ""; }
public function render_edit_form() { global $locale, $userdata, $forum_settings, $defender; $thread_data = $this->thread_info['thread']; if ((!iMOD or !iSUPERADMIN) && $thread_data['thread_locked']) { redirect(INFUSIONS . 'forum/index.php'); } if (isset($_GET['post_id']) && isnum($_GET['post_id'])) { add_to_title($locale['global_201'] . $locale['forum_0503']); add_breadcrumb(array('link' => '', 'title' => $locale['forum_0503'])); $result = dbquery("SELECT tp.*, tt.thread_subject, tt.thread_poll, tt.thread_author, tt.thread_locked, MIN(tp2.post_id) AS first_post\n\t\t\t\tFROM " . DB_FORUM_POSTS . " tp\n\t\t\t\tINNER JOIN " . DB_FORUM_THREADS . " tt on tp.thread_id=tt.thread_id\n\t\t\t\tINNER JOIN " . DB_FORUM_POSTS . " tp2 on tp.thread_id=tp2.thread_id\n\t\t\t\tWHERE tp.post_id='" . intval($_GET['post_id']) . "' AND tp.thread_id='" . intval($thread_data['thread_id']) . "' AND tp.forum_id='" . intval($thread_data['forum_id']) . "'\n\t\t\t\tGROUP BY tp2.post_id\n\t\t\t\t"); if (dbrows($result) > 0) { $post_data = dbarray($result); if ((iMOD or iSUPERADMIN) || $this->getThreadPermission("can_reply") && $post_data['post_author'] == $userdata['user_id']) { $is_first_post = $post_data['post_id'] == $this->thread_info['post_firstpost'] ? TRUE : FALSE; // no edit if locked if ($post_data['post_locked'] && !iMOD) { redirect(INFUSIONS . "forum/postify.php?post=edit&error=5&forum_id=" . $thread_data['forum_id'] . "&thread_id=" . $thread_data['thread_id'] . "&post_id=" . $post_data['post_id']); } // no edit if time limit reached if (!iMOD && ($forum_settings['forum_edit_timelimit'] > 0 && time() - $forum_settings['forum_edit_timelimit'] * 60 > $post_data['post_datestamp'])) { redirect(INFUSIONS . "forum/postify.php?post=edit&error=6&forum_id=" . $thread_data['forum_id'] . "&thread_id=" . $thread_data['thread_id'] . "&post_id=" . $post_data['post_id']); } // execute form post actions if (isset($_POST['post_edit'])) { require_once INCLUDES . "flood_include.php"; // all data is sanitized here. if (!flood_control("post_datestamp", DB_FORUM_POSTS, "post_author='" . $userdata['user_id'] . "'")) { // have notice $post_data = array('forum_id' => $thread_data['forum_id'], 'thread_id' => $thread_data['thread_id'], 'post_id' => $post_data['post_id'], "thread_subject" => "", 'post_message' => form_sanitizer($_POST['post_message'], '', 'post_message'), 'post_showsig' => isset($_POST['post_showsig']) ? 1 : 0, 'post_smileys' => isset($_POST['post_smileys']) || isset($_POST['post_message']) && preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $_POST['post_message']) ? 1 : 0, 'post_author' => $userdata['user_id'], 'post_datestamp' => $post_data['post_datestamp'], 'post_ip' => USER_IP, 'post_ip_type' => USER_IP_TYPE, 'post_edituser' => $userdata['user_id'], 'post_edittime' => time(), 'post_editreason' => form_sanitizer($_POST['post_editreason'], '', 'post_editreason'), 'post_hidden' => 0, 'notify_me' => 0, 'post_locked' => $forum_settings['forum_edit_lock'] || isset($_POST['post_locked']) ? 1 : 0); // require thread_subject if first post if ($is_first_post == TRUE) { $post_data['thread_subject'] = form_sanitizer($_POST['thread_subject'], '', 'thread_subject'); } if ($defender->safe()) { // Prepare forum merging action $last_post_author = dbarray(dbquery("SELECT post_author FROM " . DB_FORUM_POSTS . " WHERE thread_id='" . $thread_data['thread_id'] . "' ORDER BY post_id DESC LIMIT 1")); if ($last_post_author == $post_data['post_author'] && $thread_data['forum_merge']) { $last_message = dbarray(dbquery("SELECT post_id, post_message FROM " . DB_FORUM_POSTS . " WHERE thread_id='" . $thread_data['thread_id'] . "' ORDER BY post_id DESC")); $post_data['post_id'] = $last_message['post_id']; $post_data['post_message'] = $last_message['post_message'] . "\n\n" . $locale['forum_0640'] . " " . showdate("longdate", time()) . ":\n" . $post_data['post_message']; dbquery_insert(DB_FORUM_POSTS, $post_data, 'update', array('primary_key' => 'post_id', 'keep_session' => TRUE)); } else { dbquery_insert(DB_FORUM_POSTS, $post_data, 'update', array('primary_key' => 'post_id', 'keep_session' => TRUE)); } // Delete attachments if there is any foreach ($_POST as $key => $value) { if (!strstr($key, "delete_attach")) { continue; } $key = str_replace("delete_attach_", "", $key); $result = dbquery("SELECT * FROM " . DB_FORUM_ATTACHMENTS . " WHERE post_id='" . $post_data['post_id'] . "' AND attach_id='" . (isnum($key) ? $key : 0) . "'"); if (dbrows($result) != 0 && $value) { $adata = dbarray($result); unlink(FORUM . "attachments/" . $adata['attach_name']); dbquery("DELETE FROM " . DB_FORUM_ATTACHMENTS . " WHERE post_id='" . $post_data['post_id'] . "' AND attach_id='" . (isnum($key) ? $key : 0) . "'"); } } if (!empty($_FILES) && is_uploaded_file($_FILES['file_attachments']['tmp_name'][0]) && $this->getThreadPermission("can_upload_attach")) { $upload = form_sanitizer($_FILES['file_attachments'], '', 'file_attachments'); if ($upload['error'] == 0) { foreach ($upload['target_file'] as $arr => $file_name) { $attachment = array('thread_id' => $thread_data['thread_id'], 'post_id' => $post_data['post_id'], 'attach_name' => $file_name, 'attach_mime' => $upload['type'][$arr], 'attach_size' => $upload['source_size'][$arr], 'attach_count' => '0'); dbquery_insert(DB_FORUM_ATTACHMENTS, $attachment, 'save', array('keep_session' => TRUE)); } } } if ($defender->safe()) { redirect(INFUSIONS . "forum/postify.php?post=edit&error=0&forum_id=" . intval($post_data['forum_id']) . "&thread_id=" . intval($post_data['thread_id']) . "&post_id=" . intval($post_data['post_id'])); } } } } // template data $form_action = INFUSIONS . "forum/viewthread.php?action=edit&forum_id=" . $thread_data['forum_id'] . "&thread_id=" . $thread_data['thread_id'] . "&post_id=" . $_GET['post_id']; // get attachment. $attachments = array(); $attach_rows = 0; if ($this->getThreadPermission("can_upload_attach") && !empty($this->thread_info['post_items'][$post_data['post_id']]['post_attachments'])) { // need id $a_result = dbquery("SELECT * FROM " . DB_FORUM_ATTACHMENTS . " WHERE post_id='" . intval($post_data['post_id']) . "' AND thread_id='" . intval($thread_data['thread_id']) . "'"); $attach_rows = dbrows($a_result); if ($attach_rows > 0) { while ($a_data = dbarray($a_result)) { $attachments[] = $a_data; } } } $info = array('title' => $locale['forum_0507'], 'description' => $locale['forum_2000'] . $thread_data['thread_subject'], 'openform' => openform('input_form', 'post', $form_action, array('enctype' => $this->getThreadPermission("can_upload_attach") ? TRUE : FALSE)), 'closeform' => closeform(), 'forum_id_field' => form_hidden('forum_id', '', $post_data['forum_id']), 'thread_id_field' => form_hidden('thread_id', '', $post_data['thread_id']), "forum_field" => "", 'subject_field' => $this->thread_info['post_firstpost'] == $_GET['post_id'] ? form_text('thread_subject', $locale['forum_0600'], $thread_data['thread_subject'], array('required' => TRUE, 'placeholder' => $locale['forum_2001'], "class" => 'm-t-20 m-b-20')) : form_hidden("thread_subject", "", $thread_data['thread_subject']), 'message_field' => form_textarea('post_message', $locale['forum_0601'], $post_data['post_message'], array('required' => TRUE, 'autosize' => TRUE, 'no_resize' => TRUE, 'preview' => TRUE, 'form_name' => 'input_form', 'bbcode' => TRUE)), 'delete_field' => form_checkbox('delete', $locale['forum_0624'], '', array('class' => 'm-b-0')), 'edit_reason_field' => form_text('post_editreason', $locale['forum_0611'], $post_data['post_editreason'], array('placeholder' => '', 'class' => 'm-t-20 m-b-20')), 'attachment_field' => $this->getThreadPermission("can_upload_attach") ? form_fileinput('file_attachments[]', $locale['forum_0557'], "", array('input_id' => 'file_attachments', 'upload_path' => INFUSIONS . 'forum/attachments/', 'type' => 'object', 'preview_off' => TRUE, 'multiple' => TRUE, 'max_count' => $attach_rows > 0 ? $forum_settings['forum_attachmax_count'] - $attach_rows : $forum_settings['forum_attachmax_count'], 'valid_ext' => $forum_settings['forum_attachtypes'])) . "\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t <div class='m-b-20'>\n<small>" . sprintf($locale['forum_0559'], parsebytesize($forum_settings['forum_attachmax']), str_replace('|', ', ', $forum_settings['forum_attachtypes']), $forum_settings['forum_attachmax_count']) . "</small>\n</div>\n" : "", "poll_form" => "", 'smileys_field' => form_checkbox('post_smileys', $locale['forum_0622'], $post_data['post_smileys'], array('class' => 'm-b-0')), 'signature_field' => array_key_exists("user_sig", $userdata) && $userdata['user_sig'] ? form_checkbox('post_showsig', $locale['forum_0623'], $post_data['post_showsig'], array('class' => 'm-b-0')) : '', 'sticky_field' => (iMOD || iSUPERADMIN) && $is_first_post ? form_checkbox('thread_sticky', $locale['forum_0620'], $thread_data['thread_sticky'], array('class' => 'm-b-0')) : '', 'lock_field' => iMOD || iSUPERADMIN ? form_checkbox('thread_locked', $locale['forum_0621'], $thread_data['thread_locked'], array('class' => 'm-b-0')) : '', 'hide_edit_field' => form_checkbox('hide_edit', $locale['forum_0627'], '', array('class' => 'm-b-0')), 'post_locked_field' => iMOD || iSUPERADMIN ? form_checkbox('post_locked', $locale['forum_0628'], $post_data['post_locked'], array('class' => 'm-b-0')) : '', 'notify_field' => '', 'post_buttons' => form_button('post_edit', $locale['forum_0504'], $locale['forum_0504'], array('class' => 'btn-primary')) . form_button('cancel', $locale['cancel'], $locale['cancel'], array('class' => 'btn-default m-l-10')), 'last_posts_reply' => ''); $a_info = ''; if (!empty($attachments)) { foreach ($attachments as $a_data) { $a_info .= "<label><input type='checkbox' name='delete_attach_" . $a_data['attach_id'] . "' value='1' /> " . $locale['forum_0625'] . "</label>\n" . "<a href='" . INFUSIONS . "forum/attachments/" . $a_data['attach_name'] . "'>" . $a_data['attach_name'] . "</a> [" . parsebytesize($a_data['attach_size']) . "]\n" . "<br/>\n"; } $info['attachment_field'] = $a_info . $info['attachment_field']; } postform($info); } else { redirect(INFUSIONS . 'forum/index.php'); // no access } } else { redirect(INFUSIONS . "forum/postify.php?post=edit&error=4&forum_id=" . $thread_data['forum_id'] . "&thread_id=" . $thread_data['thread_id'] . "&post_id=" . $_GET['post_id']); } } else { redirect(INFUSIONS . 'forum/index.php'); } }
} else { sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['625'], $data['user_name'] . $message_content); } } else { sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['625'], $data['user_name'] . $message_content); } } } } } else { redirect(FUSION_SELF . "?folder=inbox"); } } } elseif (isnum($_GET['msg_send'])) { require_once INCLUDES . "flood_include.php"; if (!flood_control("message_datestamp", DB_MESSAGES, "message_from='" . $userdata['user_id'] . "'")) { $result = dbquery("SELECT u.user_id, u.user_name, u.user_email, u.user_level, mo.pm_email_notify, s.pm_inbox, COUNT(message_id) as message_count\n\t\t\t\tFROM " . DB_USERS . " u\n\t\t\t\tLEFT JOIN " . DB_MESSAGES_OPTIONS . " mo USING(user_id)\n\t\t\t\tLEFT JOIN " . DB_MESSAGES_OPTIONS . " s ON s.user_id='0'\n\t\t\t\tLEFT JOIN " . DB_MESSAGES . " ON message_to=u.user_id AND message_folder='0'\n\t\t\t\tWHERE u.user_id='" . $_GET['msg_send'] . "' GROUP BY u.user_id"); if (dbrows($result)) { $data = dbarray($result); if ($data['user_id'] != $userdata['user_id']) { if ($data['user_id'] == 1 || $data['user_level'] > 101 || $data['pm_inbox'] == "0" || $data['message_count'] + 1 <= $data['pm_inbox']) { $result = dbquery("INSERT INTO " . DB_MESSAGES . " (message_to, message_from, message_subject, message_message, message_smileys, message_read, message_datestamp, message_folder) VALUES('" . $data['user_id'] . "','" . $userdata['user_id'] . "','" . $subject . "','" . $message . "','" . $smileys . "','0','" . time() . "','0')"); $send_email = isset($data['pm_email_notify']) ? $data['pm_email_notify'] : $msg_settings['pm_email_notify']; if ($send_email == "1") { $message_content = str_replace("[SUBJECT]", $subject, $locale['626']); $message_content = str_replace("[USER]", $userdata['user_name'], $message_content); $template_result = dbquery("SELECT template_key, template_active FROM " . DB_EMAIL_TEMPLATES . " WHERE template_key='PM' LIMIT 1"); if (dbrows($template_result)) { $template_data = dbarray($template_result); if ($template_data['template_active'] == "1") { sendemail_template("PM", $subject, trimlink($message, 150), $userdata['user_name'], $data['user_name'], "", $data['user_email']);
/** * @param $comment_type - abbr or short ID * @param $comment_db - Current Application DB - DB_BLOG for example. * @param $comment_col - current sql primary key column - 'blog_id' for example * @param $comment_item_id - current sql primary key value '$_GET['blog_id']' for example * @param $clink - current page link 'FUSION_SELF' is ok. */ function showcomments($comment_type, $comment_db, $comment_col, $comment_item_id, $clink) { global $settings, $locale, $userdata, $aidlink; $link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : ""); $link = preg_replace("^(&|\\?)c_action=(edit|delete)&comment_id=\\d*^", "", $link); $_GET['comment'] = isset($_GET['comment']) && isnum($_GET['comment']) ? $_GET['comment'] : 0; $cpp = $settings['comments_per_page']; if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) { $result = dbquery("DELETE FROM " . DB_COMMENTS . "\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\n\t\t\t\tAND comment_name='" . $userdata['user_id'] . "'")); } redirect($clink . ($settings['comments_sorting'] == "ASC" ? "" : "&c_start=0")); } if ($settings['comments_enabled'] == "1") { if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) { if (!iMEMBER && $settings['guestpost'] == 1) { if (!isset($_POST['comment_name'])) { redirect($link); } if (isnum($_POST['comment_name'])) { $_POST['comment_name'] = ''; } $_CAPTCHA_IS_VALID = FALSE; include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_check.php"; if (!isset($_POST['captcha_code']) || $_CAPTCHA_IS_VALID == FALSE) { redirect($link); } } $comment_data = array('comment_id' => isset($_GET['comment_id']) && isnum($_GET['comment_id']) ? $_GET['comment_id'] : 0, 'comment_name' => iMEMBER ? $userdata['user_id'] : form_sanitizer($_POST['comment_name'], '', 'comment_name'), 'comment_message' => form_sanitizer($_POST['comment_message'], '', 'comment_message'), 'comment_datestamp' => time(), 'comment_item_id' => $comment_item_id, 'comment_type' => $comment_type, 'comment_cat' => 0, 'comment_ip' => USER_IP, 'comment_ip_type' => USER_IP_TYPE, 'comment_hidden' => 0); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && $comment_data['comment_id']) { $comment_updated = FALSE; if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $comment_data['comment_id'] . "' \n\t\t\t\tAND comment_item_id='" . $comment_item_id . "'\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\tAND comment_type='" . $comment_type . "' \n\t\t\t\tAND comment_name='" . $userdata['user_id'] . "' \n\t\t\t\tAND comment_hidden='0'")) { dbquery_insert(DB_COMMENTS, $comment_data, 'update'); if ($comment_data['comment_message']) { $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='" . $comment_data['comment_message'] . "'\n \t\t\t\t\t\t\t\t\t WHERE comment_id='" . $_GET['comment_id'] . "' " . (iADMIN ? "" : "AND comment_name='" . $userdata['user_id'] . "'")); if ($result) { $comment_updated = TRUE; } } } if ($comment_updated) { if ($settings['comments_sorting'] == "ASC") { $c_operator = "<="; } else { $c_operator = ">="; } $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_id" . $c_operator . "'" . $comment_data['comment_id'] . "'\n\t\t\t\t\t\t\t\tAND comment_item_id='" . $comment_item_id . "'\n\t\t\t\t\t\t\t\tAND comment_type='" . $comment_type . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; } redirect($clink . "&c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : "")); } else { if (!dbcount("(" . $comment_col . ")", $comment_db, $comment_col . "='" . $comment_item_id . "'")) { redirect(BASEDIR . "index.php"); } $id = 0; if ($comment_data['comment_name'] && $comment_data['comment_message']) { require_once INCLUDES . "flood_include.php"; if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) { dbquery_insert(DB_COMMENTS, $comment_data, 'save'); $id = dblastid(); } } if ($settings['comments_sorting'] == "ASC") { $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; } else { $c_start = 0; } //if (!$settings['site_seo']) { redirect($clink . "&c_start=" . $c_start . "#c" . $id); //} } } $c_arr = array("c_con" => array(), "c_info" => array("c_makepagenav" => FALSE, "admin_link" => FALSE)); $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "' AND comment_hidden='0'"); if (!isset($_GET['c_start']) && $c_rows > $cpp) { $_GET['c_start'] = (ceil($c_rows / $cpp) - 1) * $cpp; } if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) { $_GET['c_start'] = 0; } $result = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcm.comment_datestamp,\n\t\t\t\t\ttcu.user_id, tcu.user_name, tcu.user_avatar, tcu.user_status\n\t\t\t\t\tFROM " . DB_COMMENTS . " tcm\n\t\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\t\t\t\tWHERE comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "' AND comment_hidden='0'\n\t\t\t\t\tORDER BY comment_datestamp " . $settings['comments_sorting'] . " LIMIT " . $_GET['c_start'] . "," . $cpp); if (dbrows($result) > 0) { $i = $settings['comments_sorting'] == "ASC" ? $_GET['c_start'] + 1 : $c_rows - $_GET['c_start']; if ($c_rows > $cpp) { $c_arr['c_info']['c_makepagenav'] = makepagenav($_GET['c_start'], $cpp, $c_rows, 3, $clink . "&", "c_start"); } while ($data = dbarray($result)) { $c_arr['c_con'][$i]['comment_id'] = $data['comment_id']; $c_arr['c_con'][$i]['edit_dell'] = FALSE; $c_arr['c_con'][$i]['i'] = $i; if ($data['user_name']) { $c_arr['c_con'][$i]['comment_name'] = profile_link($data['comment_name'], $data['user_name'], $data['user_status'], 'strong text-dark'); } else { $c_arr['c_con'][$i]['comment_name'] = $data['comment_name']; } $c_arr['c_con'][$i]['user_avatar'] = display_avatar($data, '35px', '', true, 'img-rounded'); $c_arr['c_con'][$i]['user'] = array('user_id' => $data['user_id'], 'user_name' => $data['user_name'], 'user_avatar' => $avatar = $data['user_avatar'] !== '' && file_exists(IMAGES . 'avatars/' . $data['user_avatar']) ? IMAGES . 'avatars/' . $data['user_avatar'] : IMAGES . "avatars/noavatar50.png", 'user_status' => $data['user_status']); $c_arr['c_con'][$i]['comment_datestamp'] = showdate('shortdate', $data['comment_datestamp']); $c_arr['c_con'][$i]['comment_time'] = timer($data['comment_datestamp']); $c_arr['c_con'][$i]['comment_message'] = "<!--comment_message-->\n" . nl2br(parseubb(parsesmileys($data['comment_message']))); if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) { $edit_link = clean_request('c_action=edit&comment_id=' . $data['comment_id'], array('c_action', 'comment_id'), false) . "#edit_comment"; $delete_link = clean_request('c_action=delete&comment_id=' . $data['comment_id'], array('c_action', 'comment_id'), false); $c_arr['c_con'][$i]['edit_link'] = array('link' => $edit_link, 'name' => $locale['c108']); $c_arr['c_con'][$i]['delete_link'] = array('link' => $delete_link, 'name' => $locale['c109']); $c_arr['c_con'][$i]['edit_dell'] = "<!--comment_actions-->\n"; $c_arr['c_con'][$i]['edit_dell'] .= "<div class='btn-group'>"; $c_arr['c_con'][$i]['edit_dell'] .= "<a class='btn btn-xs btn-default' href='" . $edit_link . "'>"; $c_arr['c_con'][$i]['edit_dell'] .= $locale['c108'] . "</a>\n"; $c_arr['c_con'][$i]['edit_dell'] .= "<a class='btn btn-xs btn-default' href='" . $delete_link . "' onclick=\"return confirm('" . $locale['c110'] . "');\">"; $c_arr['c_con'][$i]['edit_dell'] .= "<i class='fa fa-trash'></i> " . $locale['c109'] . "</a>"; $c_arr['c_con'][$i]['edit_dell'] .= "</div>\n"; } $settings['comments_sorting'] == "ASC" ? $i++ : $i--; } if (iADMIN && checkrights("C")) { $c_arr['c_info']['admin_link'] = "<!--comment_admin-->\n"; $c_arr['c_info']['admin_link'] .= "<a href='" . ADMIN . "comments.php" . $aidlink . "&ctype=" . $comment_type . "&comment_item_id=" . $comment_item_id . "'>" . $locale['c106'] . "</a>"; } } opentable($locale['c102']); $comment_message = ""; if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $eresult = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcu.user_name\n\t\t\t\tFROM " . DB_COMMENTS . " tcm\n\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $comment_item_id . "'\n\t\t\t\tAND comment_type='" . $comment_type . "' AND comment_hidden='0'"); if (dbrows($eresult) > 0) { $edata = dbarray($eresult); if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) { $clink .= "&c_action=edit&comment_id=" . $edata['comment_id']; $comment_message = $edata['comment_message']; } } else { $comment_message = ""; } } if (iMEMBER || $settings['guestposts'] == "1") { require_once INCLUDES . "bbcode_include.php"; echo "<a id='edit_comment' name='edit_comment'></a>\n"; echo openform('inputform', 'post', $clink, array('class' => 'm-b-20', 'max_tokens' => 1)); if (iGUEST) { echo form_text('comment_name', $locale['c104'], '', array('max_length' => 30)); } echo form_textarea('comment_message', '', $comment_message, array('required' => 1, 'autosize' => 1, 'form_name' => 'inputform', 'bbcode' => 1)); if (iGUEST && (!isset($_CAPTCHA_HIDE_INPUT) || isset($_CAPTCHA_HIDE_INPUT) && !$_CAPTCHA_HIDE_INPUT)) { $_CAPTCHA_HIDE_INPUT = FALSE; echo "<div style='width:360px; margin:10px auto;'>"; echo $locale['global_150'] . "<br />\n"; include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_display.php"; if (!$_CAPTCHA_HIDE_INPUT) { echo "<br />\n<label for='captcha_code'>" . $locale['global_151'] . "</label>"; echo "<br />\n<input type='text' id='captcha_code' name='captcha_code' class='textbox' autocomplete='off' style='width:100px' />\n"; } echo "</div>\n"; } echo form_button('post_comment', $comment_message ? $locale['c103'] : $locale['c102'], $comment_message ? $locale['c103'] : $locale['c102'], array('class' => 'btn-success m-t-10')); echo closeform(); } else { echo "<div class='well'>\n"; echo $locale['c105'] . "\n"; echo "</div>\n"; } closetable(); echo "<a id='comments' name='comments'></a>"; render_comments($c_arr['c_con'], $c_arr['c_info']); } }
function showcomments($ctype, $cdb, $ccol, $cid, $clink) { global $settings, $locale, $userdata, $aidlink; $link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : ""); $link = preg_replace("^(&|\\?)c_action=(edit|delete)&comment_id=\\d*^", "", $link); $cpp = $settings['comments_per_page']; if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) { $result = dbquery("DELETE FROM " . DB_COMMENTS . "\r\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\r\n\t\t\t\t\tAND comment_name='" . $userdata['user_id'] . "'")); } redirect($clink . ($settings['comments_sorting'] == "ASC" ? "" : "&c_start=0")); } if ($settings['comments_enabled'] == "1") { if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) { if (iMEMBER) { $comment_name = $userdata['user_id']; } elseif ($settings['guestposts'] == "1") { if (!isset($_POST['comment_name'])) { redirect($link); } $comment_name = trim(stripinput($_POST['comment_name'])); $comment_name = preg_replace("(^[+0-9\\s]*)", "", $comment_name); if (isnum($comment_name)) { $comment_name = ""; } $_CAPTCHA_IS_VALID = FALSE; include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_check.php"; if (!isset($_POST['captcha_code']) || $_CAPTCHA_IS_VALID == FALSE) { redirect($link); } } $comment_message = trim(stripinput(censorwords($_POST['comment_message']))); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $comment_updated = FALSE; if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\tAND comment_type='" . $ctype . "' AND comment_name='" . $userdata['user_id'] . "'\r\n\t\t\t\t\t\tAND comment_hidden='0'")) { if ($comment_message) { $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='" . $comment_message . "'\r\n\t\t\t\t\t\t\t\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\r\n\t\t\t\t\t\t\t\t\t\t\tAND comment_name='" . $userdata['user_id'] . "'")); $comment_updated = TRUE; } } if ($comment_updated) { if ($settings['comments_sorting'] == "ASC") { $c_operator = "<="; } else { $c_operator = ">="; } $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_id" . $c_operator . "'" . $_GET['comment_id'] . "'\r\n\t\t\t\t\t\t\t\tAND comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\t\t\tAND comment_type='" . $ctype . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; } redirect($clink . "&c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : "")); } else { if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) { redirect(BASEDIR . "index.php"); } if ($comment_name && $comment_message) { require_once INCLUDES . "flood_include.php"; if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) { $result = dbquery("INSERT INTO " . DB_COMMENTS . " (\r\n\t\t\t\t\t\t\t\tcomment_item_id, comment_type, comment_name, comment_message, comment_datestamp,\r\n\t\t\t\t\t\t\t\tcomment_ip, comment_ip_type, comment_hidden\r\n\t\t\t\t\t\t\t) VALUES (\r\n\t\t\t\t\t\t\t\t'" . $cid . "', '" . $ctype . "', '" . $comment_name . "', '" . $comment_message . "', '" . time() . "',\r\n\t\t\t\t\t\t\t\t'" . USER_IP . "', '" . USER_IP_TYPE . "', '0'\r\n\t\t\t\t\t\t\t)"); } } if ($settings['comments_sorting'] == "ASC") { $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\t\t\t\t\tAND comment_type='" . $ctype . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; } else { $c_start = 0; } redirect($clink . "&c_start=" . $c_start); } } $c_arr = array("c_con" => array(), "c_info" => array("c_makepagenav" => FALSE, "admin_link" => FALSE)); $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\t\tAND comment_type='" . $ctype . "' AND comment_hidden='0'"); if (!isset($_GET['c_start']) && $c_rows > $cpp) { $_GET['c_start'] = (ceil($c_rows / $cpp) - 1) * $cpp; } if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) { $_GET['c_start'] = 0; } $result = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcm.comment_datestamp,\r\n\t\t\t\t\ttcu.user_id, tcu.user_name, tcu.user_avatar, tcu.user_status\r\n\t\t\tFROM " . DB_COMMENTS . " tcm\r\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\tWHERE comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "' AND comment_hidden='0'\r\n\t\t\tORDER BY comment_datestamp " . $settings['comments_sorting'] . " LIMIT " . $_GET['c_start'] . "," . $cpp); if (dbrows($result)) { $i = $settings['comments_sorting'] == "ASC" ? $_GET['c_start'] + 1 : $c_rows - $_GET['c_start']; if ($c_rows > $cpp) { $c_arr['c_info']['c_makepagenav'] = makepagenav($_GET['c_start'], $cpp, $c_rows, 3, $clink . "&", "c_start"); } while ($data = dbarray($result)) { $c_arr['c_con'][$i]['comment_id'] = $data['comment_id']; $c_arr['c_con'][$i]['edit_dell'] = FALSE; $c_arr['c_con'][$i]['i'] = $i; if ($data['user_name']) { $c_arr['c_con'][$i]['comment_name'] = profile_link($data['comment_name'], $data['user_name'], $data['user_status']); } else { $c_arr['c_con'][$i]['comment_name'] = $data['comment_name']; } //Add user avatar in comments new feature in v7.02.04 $c_arr['c_con'][$i]['user_avatar'] = display_avatar($data, '80px'); $c_arr['c_con'][$i]['comment_datestamp'] = $locale['global_071'] . showdate("longdate", $data['comment_datestamp']); $c_arr['c_con'][$i]['comment_message'] = "<!--comment_message-->\n" . nl2br(parseubb(parsesmileys($data['comment_message']))); if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) { $c_arr['c_con'][$i]['edit_dell'] = "<!--comment_actions-->\n"; $c_arr['c_con'][$i]['edit_dell'] .= "<a href='" . FUSION_REQUEST . "&c_action=edit&comment_id=" . $data['comment_id'] . "#edit_comment'>"; $c_arr['c_con'][$i]['edit_dell'] .= $locale['c108'] . "</a> |\n"; $c_arr['c_con'][$i]['edit_dell'] .= "<a href='" . FUSION_REQUEST . "&c_action=delete&comment_id=" . $data['comment_id'] . "' onclick=\"return confirm('" . $locale['c110'] . "');\">"; $c_arr['c_con'][$i]['edit_dell'] .= $locale['c109'] . "</a>"; } $settings['comments_sorting'] == "ASC" ? $i++ : $i--; } if (iADMIN && checkrights("C")) { $c_arr['c_info']['admin_link'] = "<!--comment_admin-->\n"; $c_arr['c_info']['admin_link'] .= "<a href='" . ADMIN . "comments.php" . $aidlink . "&ctype=" . $ctype . "&cid=" . $cid . "'>" . $locale['c106'] . "</a>"; } } // Render comments echo "<a id='comments' name='comments'></a>"; render_comments($c_arr['c_con'], $c_arr['c_info']); // Add / edit comment opentable($locale['c102']); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $eresult = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcu.user_name\r\n\t\t\t\tFROM " . DB_COMMENTS . " tcm\r\n\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "'\r\n\t\t\t\t\tAND comment_type='" . $ctype . "' AND comment_hidden='0'"); if (dbrows($eresult)) { $edata = dbarray($eresult); if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) { $clink .= "&c_action=edit&comment_id=" . $edata['comment_id']; $comment_message = $edata['comment_message']; } } else { $comment_message = ""; } } else { $comment_message = ""; } if (iMEMBER || $settings['guestposts'] == "1") { require_once INCLUDES . "bbcode_include.php"; echo "<a id='edit_comment' name='edit_comment'></a>\n"; echo openform('inputform', 'inputform', 'post', $clink); if (iGUEST) { echo "<div align='center' class='tbl'>\n" . $locale['c104'] . "<br />\n"; echo "<input type='text' name='comment_name' maxlength='30' class='textbox' style='width:360px' />\n"; echo "</div>\n"; } echo "<div class='row'>\n"; echo "<div class='col-xs-12 col-sm-12 col-md-12 col-lg-12'>\n"; echo form_textarea('', 'comment_message', 'comment_message', $comment_message, array('required' => 1)); echo display_bbcodes("360px", "comment_message"); if (iGUEST && (!isset($_CAPTCHA_HIDE_INPUT) || isset($_CAPTCHA_HIDE_INPUT) && !$_CAPTCHA_HIDE_INPUT)) { $_CAPTCHA_HIDE_INPUT = FALSE; echo "<div style='width:360px; margin:10px auto;'>"; echo $locale['global_150'] . "<br />\n"; include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_display.php"; if (!$_CAPTCHA_HIDE_INPUT) { echo "<br />\n<label for='captcha_code'>" . $locale['global_151'] . "</label>"; echo "<br />\n<input type='text' id='captcha_code' name='captcha_code' class='textbox' autocomplete='off' style='width:100px' />\n"; } echo "</div>\n"; } echo form_button($comment_message ? $locale['c103'] : $locale['c102'], 'post_comment', 'post_comment', $comment_message ? $locale['c103'] : $locale['c102'], array('class' => 'btn btn-primary m-t-10')); echo "</div>\n</div>\n"; echo closeform(); } else { echo $locale['c105'] . "\n"; } closetable(); } }
function showcomments($ctype, $cdb, $ccol, $cid, $clink) { global $settings, $locale, $userdata, $aidlink; $link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : ""); $link = preg_replace("^(&|\\?)c_action=(edit|delete)&comment_id=\\d*^", "", $link); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) { $result = dbquery("DELETE FROM " . DB_COMMENTS . " WHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : " AND comment_name='" . $userdata['user_id'] . "'")); } redirect($clink); } if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) { if (iMEMBER) { $comment_name = $userdata['user_id']; } elseif ($settings['guestposts'] == "1") { $comment_name = trim(stripinput($_POST['comment_name'])); $comment_name = preg_replace("(^[0-9]*)", "", $comment_name); if (isnum($comment_name)) { $comment_name = ""; } include_once INCLUDES . "securimage/securimage.php"; $securimage = new Securimage(); if (!isset($_POST['com_captcha_code']) || $securimage->check($_POST['com_captcha_code']) == false) { redirect($link); } } $comment_message = trim(stripinput(censorwords($_POST['comment_message']))); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $comment_updated = false; if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) { if ($comment_message) { $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='{$comment_message}' WHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : " AND comment_name='" . $userdata['user_id'] . "'")); $comment_updated = true; } } if ($comment_updated) { $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_id<='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'") / 10) - 1) * 10; } redirect($clink . "&rstart=" . (isset($c_start) && isnum($c_start) ? $c_start : "")); } else { if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) { redirect(BASEDIR . "index.php"); } if ($comment_name && $comment_message) { require_once INCLUDES . "flood_include.php"; if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) { $result = dbquery("INSERT INTO " . DB_COMMENTS . " (comment_item_id, comment_type, comment_name, comment_message, comment_datestamp, comment_ip) VALUES ('{$cid}', '{$ctype}', '{$comment_name}', '{$comment_message}', '" . time() . "', '" . USER_IP . "')"); } } $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'") / 10) - 1) * 10; redirect($clink . "&rstart=" . $c_start); } } opentable($locale['c100']); echo "<a id='comments' name='comments'></a>"; $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='{$cid}' AND comment_type='{$ctype}'"); if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) { $_GET['c_start'] = 0; } $result = dbquery("SELECT tcm.*,user_name FROM " . DB_COMMENTS . " tcm\n\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\tWHERE comment_item_id='{$cid}' AND comment_type='{$ctype}'\n\t\tORDER BY comment_datestamp ASC LIMIT " . $_GET['c_start'] . ",10"); if (dbrows($result)) { $i = $_GET['c_start'] + 1; if ($c_rows > 10) { echo "<div style='text-align:center;margin-bottom:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&") . "</div>\n"; } while ($data = dbarray($result)) { echo "<div class='tbl2'>\n"; if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) { echo "<div style='float:right' class='comment_actions'><!--comment_actions-->\n<a href='" . FUSION_REQUEST . "&c_action=edit&comment_id=" . $data['comment_id'] . "#edit_comment'>" . $locale['c108'] . "</a> |\n"; echo "<a href='" . FUSION_REQUEST . "&c_action=delete&comment_id=" . $data['comment_id'] . "'>" . $locale['c109'] . "</a>\n</div>\n"; } echo "<a href='" . FUSION_REQUEST . "#c" . $data['comment_id'] . "' id='c" . $data['comment_id'] . "' name='c" . $data['comment_id'] . "'>#" . $i . "</a> | "; if ($data['user_name']) { echo "<span class='comment-name'><a href='" . BASEDIR . "profile.php?lookup=" . $data['comment_name'] . "'>" . $data['user_name'] . "</a></span>\n"; } else { echo "<span class='comment-name'>" . $data['comment_name'] . "</span>\n"; } echo "<span class='small'>" . $locale['global_071'] . showdate("longdate", $data['comment_datestamp']) . "</span>\n"; echo "</div>\n<div class='tbl1 comment_message'><!--comment_message-->" . nl2br(parseubb(parsesmileys($data['comment_message']))) . "</div>\n"; $i++; } if (iADMIN && checkrights("C")) { echo "<div align='right' class='tbl2'><a href='" . ADMIN . "comments.php" . $aidlink . "&ctype={$ctype}&cid={$cid}'>" . $locale['c106'] . "</a></div>\n"; } if ($c_rows > 10) { echo "<div style='text-align:center;margin-top:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&") . "</div>\n"; } } else { echo $locale['c101'] . "\n"; } closetable(); opentable($locale['c102']); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $eresult = dbquery("SELECT tcm.*,user_name FROM " . DB_COMMENTS . " tcm\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'"); if (dbrows($eresult)) { $edata = dbarray($eresult); if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) { $clink .= "&c_action=edit&comment_id=" . $edata['comment_id']; $comment_message = $edata['comment_message']; } } else { $comment_message = ""; } } else { $comment_message = ""; } if (iMEMBER || $settings['guestposts'] == "1") { require_once INCLUDES . "bbcode_include.php"; echo "<a id='edit_comment' name='edit_comment'></a>\n"; echo "<form name='inputform' method='post' action='" . $clink . "'>\n"; if (iGUEST) { echo "<div align='center' class='tbl'>\n" . $locale['c104'] . "<br />\n"; echo "<input type='text' name='comment_name' maxlength='30' class='textbox' style='width:360px' />\n"; echo "</div>\n"; } echo "<div align='center' class='tbl'>\n"; echo "<textarea name='comment_message' cols='70' rows='6' class='textbox' style='width:360px'>" . $comment_message . "</textarea><br />\n"; echo display_bbcodes("360px", "comment_message"); if (iGUEST) { echo $locale['global_158'] . "<br />\n"; echo "<img id='com_captcha' src='" . INCLUDES . "securimage/securimage_show.php' alt='' /><br />\n"; echo "<a href='" . INCLUDES . "securimage/securimage_play.php'><img src='" . INCLUDES . "securimage/images/audio_icon.gif' alt='' class='tbl-border' style='margin-bottom:1px' /></a>\n"; echo "<a href='#' onclick=\"document.getElementById('com_captcha').src = '" . INCLUDES . "securimage/securimage_show.php?sid=' + Math.random(); return false\"><img src='" . INCLUDES . "securimage/images/refresh.gif' alt='' class='tbl-border' /></a><br />\n"; echo $locale['global_159'] . "<br />\n<input type='text' name='com_captcha_code' class='textbox' style='width:100px' />\n"; } echo "<br />\n<input type='submit' name='post_comment' value='" . ($comment_message ? $locale['c103'] : $locale['c102']) . "' class='button' />\n"; echo "</div>\n</form>\n"; } else { echo $locale['c105'] . "\n"; } closetable(); }
function showcomments_avatar($ctype, $cdb, $ccol, $cid, $clink, $seo_root_link = "", $a = "-", $seo_catid = "", $b = "-page-", $rowstart = "", $c = "-", $seo_subject = "") { // Pimped global $settings, $locale, $userdata, $aidlink; if (URL_REWRITE && $seo_root_link != "") { $seo_link = $seo_root_link . $a . $seo_catid . $c . clean_subject_urlrewrite($seo_subject) . ".html"; } // Pimped $link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : ""); $link = preg_replace("^(&|\\?)c_action=(edit|delete)&comment_id=\\d*^", "", $link); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . (int) $_GET['comment_id'] . "' AND comment_name='" . (int) $userdata['user_id'] . "'")) { $result = dbquery("DELETE FROM " . DB_COMMENTS . " WHERE comment_id='" . (int) $_GET['comment_id'] . "'" . (iMODERATOR || iADMIN ? "" : " AND comment_name='" . (int) $userdata['user_id'] . "'")); } redirect($clink); } if ($settings['comments_enabled'] == "1") { if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) { if (iMEMBER) { $comment_name = $userdata['user_id']; } elseif ($settings['guestposts'] == "1") { $comment_name = trim(stripinput($_POST['comment_name'])); $comment_name = preg_replace("(^[0-9]*)", "", $comment_name); if (isnum($comment_name)) { $comment_name = ""; } include_once INCLUDES . "securimage/securimage.php"; $securimage = new Securimage(); if (!isset($_POST['com_captcha_code']) || $securimage->check($_POST['com_captcha_code']) == false) { redirect($link); } } $comment_message = trim(stripinput(censorwords($_POST['comment_message']))); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $comment_updated = false; if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . (int) $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "' AND comment_name='" . (int) $userdata['user_id'] . "' AND comment_hidden='0'")) { if ($comment_message) { $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message=" . _db($comment_message) . " WHERE comment_id='" . (int) $_GET['comment_id'] . "'" . (iMODERATOR || iADMIN ? "" : " AND comment_name='" . (int) $userdata['user_id'] . "'")); $comment_updated = true; } } if ($comment_updated) { $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_id<='" . (int) $_GET['comment_id'] . "' AND comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . "") / 10) - 1) * 10; } redirect($clink . "&c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : "")); } else { if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) { redirect(BASEDIR . "index.php"); } if ($comment_name && $comment_message) { require_once INCLUDES . "flood_include.php"; if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) { $result = dbquery("INSERT INTO " . DB_COMMENTS . " (comment_item_id, comment_type, comment_name, comment_message, comment_datestamp, comment_ip, comment_hidden) VALUES (" . _db($cid) . ", " . _db($ctype) . ", " . _db($comment_name) . ", " . _db($comment_message) . ", '" . time() . "', '" . USER_IP . "', '0')"); } } $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . (int) $cid . "' AND comment_type=" . _db($ctype) . "") / 10) - 1) * 10; redirect($clink . "&c_start=" . $c_start); } } opentable($locale['c100']); echo "<a id='comments' name='comments'></a>"; $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . " AND comment_hidden='0'"); if (!isset($_GET['c_start']) && $c_rows > 10) { $_GET['c_start'] = (ceil($c_rows / 10) - 1) * 10; } if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) { $_GET['c_start'] = 0; } $result = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_datestamp, tcm.comment_message,\r\n\t\t\ttcu.user_name, tcu.user_avatar, tcu.user_id, tcu.user_level, tcu.user_status\r\n\t\t\tFROM " . DB_COMMENTS . " tcm\r\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\tWHERE comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . " AND comment_hidden='0'\r\n\t\t\tORDER BY comment_datestamp ASC LIMIT " . (int) $_GET['c_start'] . ",10"); if (dbrows($result)) { $i = $_GET['c_start'] + 1; if ($c_rows > 10) { echo "<div style='text-align:center;margin-bottom:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&", $seo_root_link, $a, $seo_catid, $b, $rowstart, "-cstart-", $c, $seo_subject) . "</div>\n"; } echo "<table cellpadding='0' cellspacing='1' width='100%' class='tbl-border'>\n"; while ($data = dbarray($result)) { echo "<tr><td class='tbl2' width='10%' align='center'>\n"; if ($data['user_name']) { echo "<span class='comment-name'>" . profile_link($data['comment_name'], $data['user_name'], $data['user_status']) . "</span>\n"; } else { echo "<span class='comment-name'>" . $data['comment_name'] . "</span>\n"; } echo "</td>\n"; echo "<td class='tbl2'>\n<span class='small'>" . $locale['global_071'] . showdate("longdate", $data['comment_datestamp']) . "</span>\n"; echo "<div style='float:right' class='comment_actions'>"; if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) { echo "<!--comment_actions-->\n<a href='" . FUSION_SELF . "?" . FUSION_QUERY . "&c_action=edit&comment_id=" . $data['comment_id'] . "#edit_comment'>" . $locale['c108'] . "</a> |\n"; echo "<a href='" . FUSION_SELF . "?" . FUSION_QUERY . "&c_action=delete&comment_id=" . $data['comment_id'] . "'>" . $locale['c109'] . "</a> |\n"; } echo "<a href='" . FUSION_REQUEST . "#c" . $data['comment_id'] . "' id='c" . $data['comment_id'] . "' name='c" . $data['comment_id'] . "'>#" . $i . "</a></div>\n"; echo "</td>\n"; echo "</tr>\n<tr>\n"; $avatar = $data['user_avatar'] != "" && file_exists(IMAGES_AVA . $data['user_avatar']) ? IMAGES_AVA . $data['user_avatar'] : IMAGES_AVA . "noavatar.jpg"; echo "<td class='tbl1' width='15%'>\n"; echo "<div style='text-align:center;'><img src='" . $avatar . "' width='50' height='50' alt='' /></div><br />\n"; if ($settings['warning_system_comments'] && $data['user_name']) { $points = show_warning_points($data['user_id']); echo "<div class='commentswarnings'>"; echo "<span class='small'><a style='cursor:help;' onclick=\"warning_info();\">" . $locale['WARN200'] . "</a></span> "; echo warning_profile_link("1", $data['user_id'], $points); echo "</div>"; } echo "<span class='small2'>" . $locale['c110'] . number_format(dbcount("(comment_id)", DB_COMMENTS, "comment_name='" . (int) $data['user_id'] . "'")) . "<br />"; echo $locale['c111'] . getuserlevel($data['user_level']) . "</span><br />"; echo "</td>\n"; echo "<td class='tbl2' valign='top'>\n" . nl2br(parseubb(parsesmileys($data['comment_message']))) . "</td>\n</tr>"; $i++; } echo "\n</table>\n"; if ((iMODERATOR || iADMIN) && checkrights("C")) { echo "<div align='right' class='tbl2'><a href='" . ADMIN . "comments.php" . $aidlink . "&ctype={$ctype}&cid={$cid}'>" . $locale['c106'] . "</a></div>\n"; } if ($c_rows > 10) { echo "<br /><div style='text-align:center;margin-top:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&", $seo_root_link, $a, $seo_catid, $b, $rowstart, "-cstart-", $c, $seo_subject) . "</div>\n"; } } else { echo $locale['c101'] . "\n"; } closetable(); opentable($locale['c102']); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $eresult = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcu.user_name FROM " . DB_COMMENTS . " tcm\r\n\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\t\tWHERE comment_id='" . (int) $_GET['comment_id'] . "' AND comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . " AND comment_hidden='0'"); if (dbrows($eresult)) { $edata = dbarray($eresult); if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) { $clink .= "&c_action=edit&comment_id=" . $edata['comment_id']; $comment_message = $edata['comment_message']; } } else { $comment_message = ""; } } else { $comment_message = ""; } if (iMEMBER || $settings['guestposts'] == "1") { require_once INCLUDES . "bbcode_include.php"; echo "<a id='edit_comment' name='edit_comment'></a>\n"; echo "<form name='inputform' method='post' action='" . (URL_REWRITE && $seo_root_link != "" ? $seo_link : $clink) . "'>\n"; // Pimped if (iGUEST) { echo "<div align='center' class='tbl'>\n" . $locale['c104'] . "<br />\n"; echo "<input type='text' name='comment_name' maxlength='30' class='textbox' style='width:360px' />\n"; echo "</div>\n"; } echo "<div align='center' class='tbl'>\n"; echo "<textarea name='comment_message' cols='70' rows='6' class='textbox' style='width:360px'>" . $comment_message . "</textarea><br />\n"; echo display_bbcodes("360px", "comment_message"); if (iGUEST) { echo $locale['global_158'] . "<br />\n"; echo "<img id='com_captcha' src='" . INCLUDES . "securimage/securimage_show.php' alt='' /><br />\n"; echo "<a href='" . INCLUDES . "securimage/securimage_play.php'><img src='" . INCLUDES . "securimage/images/audio_icon.gif' alt='' class='tbl-border' style='margin-bottom:1px' /></a>\n"; echo "<a href='#' onclick=\"document.getElementById('com_captcha').src = '" . INCLUDES . "securimage/securimage_show.php?sid=' + Math.random(); return false\"><img src='" . INCLUDES . "securimage/images/refresh.gif' alt='' class='tbl-border' /></a><br />\n"; echo $locale['global_159'] . "<br />\n<input type='text' name='com_captcha_code' class='textbox' style='width:100px' />\n"; } echo "<br />\n<input type='submit' name='post_comment' value='" . ($comment_message ? $locale['c103'] : $locale['c102']) . "' class='button' />\n"; echo "</div>\n</form>\n"; } else { echo $locale['c105'] . "\n"; } closetable(); } }
/** * New thread */ public function set_newThreadInfo() { $userdata = fusion_get_userdata(); $locale = fusion_get_locale("", FORUM_LOCALE); $locale += fusion_get_locale("", FORUM_TAGS_LOCALE); $forum_settings = ForumServer::get_forum_settings(); // @todo: Reduce lines and optimize further if (iMEMBER) { // New thread directly to a specified forum if (!empty($_GET['forum_id']) && ForumServer::verify_forum($_GET['forum_id'])) { add_to_title($locale['forum_0000']); add_to_meta("description", $locale['forum_0000']); add_breadcrumb(array("link" => FORUM . "index.php", "title" => $locale['forum_0000'])); add_to_title($locale['global_201'] . $locale['forum_0057']); $forum_data = dbarray(dbquery("SELECT f.*, f2.forum_name AS forum_cat_name\n\t\t\t\tFROM " . DB_FORUMS . " f\n\t\t\t\tLEFT JOIN " . DB_FORUMS . " f2 ON f.forum_cat=f2.forum_id\n\t\t\t\tWHERE f.forum_id='" . intval($_GET['forum_id']) . "'\n\t\t\t\tAND " . groupaccess('f.forum_access') . "\n\t\t\t\t")); if ($forum_data['forum_type'] == 1) { redirect(INFUSIONS . "forum/index.php"); } // Use the new permission settings self::setPermission($forum_data); $forum_data['lock_edit'] = $forum_settings['forum_edit_lock']; if (self::getPermission("can_post") && self::getPermission("can_access")) { add_breadcrumb(array('link' => INFUSIONS . 'forum/index.php?viewforum&forum_id=' . $forum_data['forum_id'] . '&parent_id=' . $forum_data['forum_cat'], 'title' => $forum_data['forum_name'])); add_breadcrumb(array('link' => INFUSIONS . 'forum/index.php?viewforum&forum_id=' . $forum_data['forum_id'] . '&parent_id=' . $forum_data['forum_cat'], 'title' => $locale['forum_0057'])); /** * Generate a poll form */ $poll_form = ""; if (self::getPermission("can_create_poll")) { // initial data to push downwards $pollData = array('thread_id' => 0, 'forum_poll_title' => !empty($_POST['forum_poll_title']) ? form_sanitizer($_POST['forum_poll_title'], '', 'forum_poll_title') : '', 'forum_poll_start' => time(), 'forum_poll_length' => 2, 'forum_poll_votes' => 0); // counter of lengths $option_data[1] = ""; $option_data[2] = ""; // Do a validation if checked add_poll if (isset($_POST['add_poll'])) { $pollData = array('thread_id' => 0, 'forum_poll_title' => isset($_POST['forum_poll_title']) ? form_sanitizer($_POST['forum_poll_title'], '', 'forum_poll_title') : '', 'forum_poll_start' => time(), 'forum_poll_length' => count($option_data), 'forum_poll_votes' => 0); // calculate poll lengths if (!empty($_POST['poll_options']) && is_array($_POST['poll_options'])) { foreach ($_POST['poll_options'] as $i => $value) { $option_data[$i] = form_sanitizer($value, '', "poll_options[{$i}]"); } } } if (isset($_POST['add_poll_option']) && isset($_POST['poll_options'])) { // reindex the whole array with blank values. foreach ($_POST['poll_options'] as $i => $value) { $option_data[$i] = form_sanitizer($value, '', "poll_options[{$i}]"); } if (\defender::safe()) { $option_data = array_values(array_filter($option_data)); array_unshift($option_data, NULL); unset($option_data[0]); $pollData['forum_poll_length'] = count($option_data); } array_push($option_data, ''); } $poll_field = ''; $poll_field['poll_field'] = form_text('forum_poll_title', $locale['forum_0604'], $pollData['forum_poll_title'], array('max_length' => 255, 'placeholder' => $locale['forum_0604a'], 'inline' => TRUE, 'required' => TRUE)); for ($i = 1; $i <= count($option_data); $i++) { $poll_field['poll_field'] .= form_text("poll_options[{$i}]", sprintf($locale['forum_0606'], $i), $option_data[$i], array('max_length' => 255, 'placeholder' => $locale['forum_0605'], 'inline' => TRUE, 'required' => $i <= 2 ? TRUE : FALSE)); } $poll_field['poll_field'] .= "<div class='col-xs-12 col-sm-offset-3'>\n"; $poll_field['poll_field'] .= form_button('add_poll_option', $locale['forum_0608'], $locale['forum_0608'], array('class' => 'btn-primary btn-sm')); $poll_field['poll_field'] .= "</div>\n"; $info = array('title' => $locale['forum_0366'], 'description' => $locale['forum_0630'], 'field' => $poll_field); ob_start(); echo form_checkbox("add_poll", $locale['forum_0366'], isset($_POST['add_poll']) ? TRUE : FALSE, array('reverse_label' => TRUE)); echo "<div id='poll_form' class='poll-form' style='display:none;'>\n"; echo "<div class='well clearfix'>\n"; echo "<!--pre_form-->\n"; echo $info['field']['poll_field']; echo "</div>\n"; echo "</div>\n"; $poll_form = ob_get_contents(); ob_end_clean(); } $thread_data = array('forum_id' => $forum_data['forum_id'], 'thread_id' => 0, 'thread_subject' => isset($_POST['thread_subject']) ? form_sanitizer($_POST['thread_subject'], '', 'thread_subject') : '', 'thread_tags' => isset($_POST['thread_tags']) ? form_sanitizer($_POST['thread_tags'], '', 'thread_tags') : '', 'thread_author' => $userdata['user_id'], 'thread_views' => 0, 'thread_lastpost' => time(), 'thread_lastpostid' => 0, 'thread_lastuser' => $userdata['user_id'], 'thread_postcount' => 1, 'thread_poll' => 0, 'thread_sticky' => isset($_POST['thread_sticky']) ? 1 : 0, 'thread_locked' => isset($_POST['thread_sticky']) ? 1 : 0, 'thread_hidden' => 0); $post_data = array('forum_id' => $forum_data['forum_id'], 'forum_cat' => $forum_data['forum_cat'], 'thread_id' => 0, 'post_id' => 0, 'post_message' => isset($_POST['post_message']) ? form_sanitizer($_POST['post_message'], '', 'post_message') : '', 'post_showsig' => isset($_POST['post_showsig']) ? 1 : 0, 'post_smileys' => !isset($_POST['post_smileys']) || isset($_POST['post_message']) && preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $_POST['post_message']) ? 0 : 1, 'post_author' => $userdata['user_id'], 'post_datestamp' => time(), 'post_ip' => USER_IP, 'post_ip_type' => USER_IP_TYPE, 'post_edituser' => 0, 'post_edittime' => 0, 'post_editreason' => '', 'post_hidden' => 0, 'notify_me' => isset($_POST['notify_me']) ? 1 : 0, 'post_locked' => 0); // Execute post new thread if (isset($_POST['post_newthread']) && \defender::safe()) { require_once INCLUDES . "flood_include.php"; // all data is sanitized here. if (!flood_control("post_datestamp", DB_FORUM_POSTS, "post_author='" . $userdata['user_id'] . "'")) { // have notice if (\defender::safe()) { // create a new thread. dbquery_insert(DB_FORUM_THREADS, $thread_data, 'save', array('primary_key' => 'thread_id', 'keep_session' => TRUE)); $post_data['thread_id'] = dblastid(); $pollData['thread_id'] = dblastid(); dbquery_insert(DB_FORUM_POSTS, $post_data, 'save', array('primary_key' => 'post_id', 'keep_session' => TRUE)); $post_data['post_id'] = dblastid(); // Attach files if permitted if (!empty($_FILES) && is_uploaded_file($_FILES['file_attachments']['tmp_name'][0]) && self::getPermission("can_upload_attach")) { $upload = form_sanitizer($_FILES['file_attachments'], '', 'file_attachments'); if ($upload['error'] == 0) { foreach ($upload['target_file'] as $arr => $file_name) { $attach_data = array('thread_id' => $post_data['thread_id'], 'post_id' => $post_data['post_id'], 'attach_name' => $file_name, 'attach_mime' => $upload['type'][$arr], 'attach_size' => $upload['source_size'][$arr], 'attach_count' => '0'); dbquery_insert(DB_FORUM_ATTACHMENTS, $attach_data, "save", array('keep_session' => TRUE)); } } } dbquery("UPDATE " . DB_USERS . " SET user_posts=user_posts+1 WHERE user_id='" . intval($post_data['post_author']) . "'"); // Update stats in forum and threads // find all parents and update them $list_of_forums = get_all_parent(dbquery_tree(DB_FORUMS, 'forum_id', 'forum_cat'), $post_data['forum_id']); if (is_array($list_of_forums)) { foreach ($list_of_forums as $forum_id) { $forum_update_sql = "\n UPDATE " . DB_FORUMS . " SET forum_lastpost='" . intval($post_data['post_datestamp']) . "',\n forum_postcount=forum_postcount+1,\n forum_threadcount=forum_threadcount+1,\n forum_lastpostid='" . intval($post_data['post_id']) . "',\n forum_lastuser='******'post_author']) . "' WHERE forum_id='" . intval($forum_id) . "'\n "; dbquery($forum_update_sql); } } // update current forum dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . $post_data['post_datestamp'] . "', forum_postcount=forum_postcount+1, forum_threadcount=forum_threadcount+1, forum_lastpostid='" . $post_data['post_id'] . "', forum_lastuser='******'post_author'] . "' WHERE forum_id='" . $post_data['forum_id'] . "'"); // update current thread dbquery("UPDATE " . DB_FORUM_THREADS . " SET thread_lastpost='" . $post_data['post_datestamp'] . "', thread_lastpostid='" . $post_data['post_id'] . "', thread_lastuser='******'post_author'] . "' WHERE thread_id='" . $post_data['thread_id'] . "'"); // set notify if ($forum_settings['thread_notify'] && isset($_POST['notify_me']) && $post_data['thread_id']) { if (!dbcount("(thread_id)", DB_FORUM_THREAD_NOTIFY, "thread_id='" . $post_data['thread_id'] . "' AND notify_user='******'post_author'] . "'")) { dbquery("INSERT INTO " . DB_FORUM_THREAD_NOTIFY . " (thread_id, notify_datestamp, notify_user, notify_status) VALUES('" . $post_data['thread_id'] . "', '" . $post_data['post_datestamp'] . "', '" . $post_data['post_author'] . "', '1')"); } } // Add poll if exist if (!empty($option_data) && isset($_POST['add_poll'])) { dbquery_insert(DB_FORUM_POLLS, $pollData, 'save'); $poll_option_data['thread_id'] = $pollData['thread_id']; $i = 1; foreach ($option_data as $option_text) { if ($option_text) { $poll_option_data['forum_poll_option_id'] = $i; $poll_option_data['forum_poll_option_text'] = $option_text; $poll_option_data['forum_poll_option_votes'] = 0; dbquery_insert(DB_FORUM_POLL_OPTIONS, $poll_option_data, 'save'); $i++; } } dbquery("UPDATE " . DB_FORUM_THREADS . " SET thread_poll='1' WHERE thread_id='" . $pollData['thread_id'] . "'"); } } if (\defender::safe()) { redirect(INFUSIONS . "forum/postify.php?post=new&error=0&forum_id=" . intval($post_data['forum_id']) . "&parent_id=" . intval($post_data['forum_cat']) . "&thread_id=" . intval($post_data['thread_id'] . "")); } } } $this->info = array('title' => $locale['forum_0057'], 'description' => '', 'openform' => openform('input_form', 'post', FORUM . "newthread.php?forum_id=" . $post_data['forum_id'], array('enctype' => self::getPermission("can_upload_attach"))), 'closeform' => closeform(), 'forum_id_field' => '', 'thread_id_field' => '', "forum_field" => "", 'subject_field' => form_text('thread_subject', $locale['forum_0600'], $thread_data['thread_subject'], array('required' => 1, 'placeholder' => $locale['forum_2001'], 'error_text' => '', 'class' => 'm-t-20 m-b-20')), 'tags_field' => form_select('thread_tags[]', $locale['forum_tag_0100'], $thread_data['thread_tags'], array('options' => $this->tag()->get_TagOpts(TRUE), 'width' => '100%', 'multiple' => TRUE, 'delimiter' => '.', 'max_select' => 3)), 'message_field' => form_textarea('post_message', $locale['forum_0601'], $post_data['post_message'], array('required' => 1, 'error_text' => '', 'autosize' => 1, 'no_resize' => 1, 'preview' => 1, 'form_name' => 'input_form', 'bbcode' => 1)), 'attachment_field' => self::getPermission("can_upload_attach") ? form_fileinput('file_attachments[]', $locale['forum_0557'], "", array('input_id' => 'file_attachments', 'upload_path' => INFUSIONS . 'forum/attachments/', 'type' => 'object', 'preview_off' => TRUE, "multiple" => TRUE, "inline" => FALSE, 'max_count' => $forum_settings['forum_attachmax_count'], 'valid_ext' => $forum_settings['forum_attachtypes'], "class" => "m-b-0")) . " <div class='m-b-20'>\n<small>\n " . sprintf($locale['forum_0559'], parsebytesize($forum_settings['forum_attachmax']), str_replace('|', ', ', $forum_settings['forum_attachtypes']), $forum_settings['forum_attachmax_count']) . "</small>\n</div>\n" : "", 'poll_form' => $poll_form, 'smileys_field' => form_checkbox('post_smileys', $locale['forum_0622'], $post_data['post_smileys'], array('class' => 'm-b-0', 'reverse_label' => TRUE)), 'signature_field' => array_key_exists("user_sig", $userdata) && $userdata['user_sig'] ? form_checkbox('post_showsig', $locale['forum_0623'], $post_data['post_showsig'], array('class' => 'm-b-0', 'reverse_label' => TRUE)) : '', 'sticky_field' => iMOD || iSUPERADMIN ? form_checkbox('thread_sticky', $locale['forum_0620'], $thread_data['thread_sticky'], array('class' => 'm-b-0', 'reverse_label' => TRUE)) : '', 'lock_field' => iMOD || iSUPERADMIN ? form_checkbox('thread_locked', $locale['forum_0621'], $thread_data['thread_locked'], array('class' => 'm-b-0', 'reverse_label' => TRUE)) : '', 'edit_reason_field' => '', 'delete_field' => '', 'hide_edit_field' => '', 'post_locked_field' => '', 'notify_field' => $forum_settings['thread_notify'] ? form_checkbox('notify_me', $locale['forum_0626'], $post_data['notify_me'], array('class' => 'm-b-0', 'reverse_label' => TRUE)) : '', 'post_buttons' => form_button('post_newthread', $locale['forum_0057'], $locale['forum_0057'], array('class' => 'btn-primary btn-sm')) . form_button('cancel', $locale['cancel'], $locale['cancel'], array('class' => 'btn-default btn-sm m-l-10')), 'last_posts_reply' => ''); // add a jquery to toggle the poll form add_to_jquery("\n if (\$('#add_poll').is(':checked')) {\n \$('#poll_form').show();\n } else {\n \$('#poll_form').hide();\n }\n \$('#add_poll').bind('click', function() {\n if (\$(this).is(':checked')) {\n \$('#poll_form').slideDown();\n } else {\n \$('#poll_form').slideUp();\n }\n });\n "); } else { redirect(FORUM . "index.php"); } } else { /* * Quick New Forum Posting. * Does not require to run permissions. * Does not contain forum poll. * Does not contain attachment */ if (!dbcount("(forum_id)", DB_FORUMS, "forum_type !='1'")) { redirect(INFUSIONS . "forum/index.php"); } if (!dbcount("(forum_id)", DB_FORUMS, "forum_language ='" . LANGUAGE . "'")) { redirect(INFUSIONS . "forum/index.php"); } add_breadcrumb(array("link" => FORUM . "newthread.php?forum_id=0", "title" => $locale['forum_0057'])); $thread_data = array('forum_id' => isset($_POST['forum_id']) ? form_sanitizer($_POST['forum_id'], 0, "forum_id") : 0, 'thread_id' => 0, 'thread_subject' => isset($_POST['thread_subject']) ? form_sanitizer($_POST['thread_subject'], '', 'thread_subject') : '', 'thread_tags' => isset($_POST['thread_tags']) ? form_sanitizer($_POST['thread_tags'], '', 'thread_tags') : '', 'thread_author' => $userdata['user_id'], 'thread_views' => 0, 'thread_lastpost' => time(), 'thread_lastpostid' => 0, 'thread_lastuser' => $userdata['user_id'], 'thread_postcount' => 1, 'thread_poll' => 0, 'thread_sticky' => isset($_POST['thread_sticky']) ? TRUE : FALSE, 'thread_locked' => isset($_POST['thread_sticky']) ? TRUE : FALSE, 'thread_hidden' => 0); $post_data = array('forum_id' => isset($_POST['forum_id']) ? form_sanitizer($_POST['forum_id'], 0, "forum_id") : 0, "forum_cat" => 0, 'thread_id' => 0, 'post_id' => 0, 'post_message' => isset($_POST['post_message']) ? form_sanitizer($_POST['post_message'], '', 'post_message') : '', 'post_showsig' => isset($_POST['post_showsig']) ? TRUE : FALSE, 'post_smileys' => !isset($_POST['post_smileys']) || isset($_POST['post_message']) && preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $_POST['post_message']) ? FALSE : TRUE, 'post_author' => $userdata['user_id'], 'post_datestamp' => time(), 'post_ip' => USER_IP, 'post_ip_type' => USER_IP_TYPE, 'post_edituser' => 0, 'post_edittime' => 0, 'post_editreason' => '', 'post_hidden' => 0, 'notify_me' => isset($_POST['notify_me']) ? TRUE : FALSE, 'post_locked' => 0); // go for a new thread posting. // check data // and validate // do not run attach, and do not run poll. if (isset($_POST['post_newthread']) && \defender::safe()) { require_once INCLUDES . "flood_include.php"; // all data is sanitized here. if (!flood_control("post_datestamp", DB_FORUM_POSTS, "post_author='" . $userdata['user_id'] . "'")) { // have notice if (ForumServer::verify_forum($thread_data['forum_id'])) { $forum_data = dbarray(dbquery("SELECT f.*, f2.forum_name AS forum_cat_name\n FROM " . DB_FORUMS . " f\n LEFT JOIN " . DB_FORUMS . " f2 ON f.forum_cat=f2.forum_id\n WHERE f.forum_id='" . intval($thread_data['forum_id']) . "'\n AND " . groupaccess('f.forum_access') . "\n ")); if ($forum_data['forum_type'] == 1) { redirect(INFUSIONS . "forum/index.php"); } // Use the new permission settings self::setPermission($forum_data); $forum_data['lock_edit'] = $forum_settings['forum_edit_lock']; if (self::getPermission("can_post") && self::getPermission("can_access")) { $post_data['forum_cat'] = $forum_data['forum_cat']; // create a new thread. dbquery_insert(DB_FORUM_THREADS, $thread_data, 'save', array('primary_key' => 'thread_id', 'keep_session' => TRUE)); $post_data['thread_id'] = dblastid(); dbquery_insert(DB_FORUM_POSTS, $post_data, 'save', array('primary_key' => 'post_id', 'keep_session' => TRUE)); $post_data['post_id'] = dblastid(); dbquery("UPDATE " . DB_USERS . " SET user_posts=user_posts+1 WHERE user_id='" . $post_data['post_author'] . "'"); // Update stats in forum and threads // find all parents and update them $list_of_forums = get_all_parent(dbquery_tree(DB_FORUMS, 'forum_id', 'forum_cat'), $post_data['forum_id']); foreach ($list_of_forums as $fid) { dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . time() . "', forum_postcount=forum_postcount+1, forum_threadcount=forum_threadcount+1, forum_lastpostid='" . $post_data['post_id'] . "', forum_lastuser='******'post_author'] . "' WHERE forum_id='" . $fid . "'"); } // update current forum dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost=''" . time() . "'', forum_postcount=forum_postcount+1, forum_threadcount=forum_threadcount+1, forum_lastpostid='" . $post_data['post_id'] . "', forum_lastuser='******'post_author'] . "' WHERE forum_id='" . $post_data['forum_id'] . "'"); // update current thread dbquery("UPDATE " . DB_FORUM_THREADS . " SET thread_lastpost=''" . time() . "'', thread_lastpostid='" . $post_data['post_id'] . "', thread_lastuser='******'post_author'] . "' WHERE thread_id='" . $post_data['thread_id'] . "'"); // set notify if ($forum_settings['thread_notify'] && isset($_POST['notify_me']) && $post_data['thread_id']) { if (!dbcount("(thread_id)", DB_FORUM_THREAD_NOTIFY, "thread_id='" . $post_data['thread_id'] . "' AND notify_user='******'post_author'] . "'")) { dbquery("INSERT INTO " . DB_FORUM_THREAD_NOTIFY . " (thread_id, notify_datestamp, notify_user, notify_status) VALUES('" . $post_data['thread_id'] . "', '" . time() . "', '" . $post_data['post_author'] . "', 1)"); } } if (\defender::safe()) { redirect(INFUSIONS . "forum/postify.php?post=new&error=0&forum_id=" . intval($post_data['forum_id']) . "&parent_id=" . intval($post_data['forum_cat']) . "&thread_id=" . intval($post_data['thread_id'] . "")); } } else { addNotice("danger", $locale['forum_0186']); } } else { addNotice("danger", $locale['forum_0187']); redirect(INFUSIONS . "forum/index.php"); } } } //Disable all parents $disabled_opts = array(); $disable_query = "\n SELECT forum_id FROM " . DB_FORUMS . " WHERE forum_type='1'\n " . (multilang_table("FO") ? "AND forum_language='" . LANGUAGE . "'" : "") . "\n "; $disable_query = dbquery(" {$disable_query} "); if (dbrows($disable_query) > 0) { while ($d_forum = dbarray($disable_query)) { $disabled_opts = $d_forum['forum_id']; } } $this->info = array('title' => $locale['forum_0057'], 'description' => '', 'openform' => openform('input_form', 'post', FORUM . "newthread.php", array('enctype' => FALSE)), 'closeform' => closeform(), 'forum_id_field' => '', 'thread_id_field' => '', 'forum_field' => form_select_tree("forum_id", $locale['forum_0395'], $thread_data['forum_id'], array("required" => TRUE, "width" => "320px", "no_root" => TRUE, "disable_opts" => $disabled_opts, "query" => multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "'" : ""), DB_FORUMS, "forum_name", "forum_id", "forum_cat"), 'subject_field' => form_text('thread_subject', $locale['forum_0600'], $thread_data['thread_subject'], array('required' => 1, 'placeholder' => $locale['forum_2001'], 'error_text' => '', 'class' => 'm-t-20 m-b-20')), 'tags_field' => form_select('thread_tags[]', $locale['forum_tag_0100'], $thread_data['thread_tags'], array('options' => $this->tag()->get_TagOpts(), 'width' => '100%', 'multiple' => TRUE, 'delimiter' => '.', 'max_select' => 3)), 'message_field' => form_textarea('post_message', $locale['forum_0601'], $post_data['post_message'], array('required' => 1, 'error_text' => '', 'autosize' => 1, 'no_resize' => 1, 'preview' => 1, 'form_name' => 'input_form', 'bbcode' => 1)), 'attachment_field' => "", 'poll_form' => "", 'smileys_field' => form_checkbox('post_smileys', $locale['forum_0622'], $post_data['post_smileys'], array('class' => 'm-b-0', 'reverse_label' => TRUE)), 'signature_field' => array_key_exists("user_sig", $userdata) && $userdata['user_sig'] ? form_checkbox('post_showsig', $locale['forum_0623'], $post_data['post_showsig'], array('class' => 'm-b-0', 'reverse_label' => TRUE)) : '', 'sticky_field' => iSUPERADMIN ? form_checkbox('thread_sticky', $locale['forum_0620'], $thread_data['thread_sticky'], array('class' => 'm-b-0', 'reverse_label' => TRUE)) : '', 'lock_field' => iSUPERADMIN ? form_checkbox('thread_locked', $locale['forum_0621'], $thread_data['thread_locked'], array('class' => 'm-b-0', 'reverse_label' => TRUE)) : '', 'edit_reason_field' => '', 'delete_field' => '', 'hide_edit_field' => '', 'post_locked_field' => '', 'notify_field' => $forum_settings['thread_notify'] ? form_checkbox('notify_me', $locale['forum_0626'], $post_data['notify_me'], array('class' => 'm-b-0', 'reverse_label' => TRUE)) : '', 'post_buttons' => form_button('post_newthread', $locale['forum_0057'], $locale['forum_0057'], array('class' => 'btn-primary btn-sm')) . form_button('cancel', $locale['cancel'], $locale['cancel'], array('class' => 'btn-default btn-sm m-l-10')), 'last_posts_reply' => ''); } } else { redirect(INFUSIONS . 'forum/index.php'); } }
public static function send_pm($to, $from, $subject, $message, $smileys = 'y', $to_group = FALSE, $save_sent = TRUE) { include LOCALE . LOCALESET . "messages.php"; require_once INCLUDES . "sendmail_include.php"; require_once INCLUDES . "flood_include.php"; $strict = FALSE; $locale = array(); $group_name = getgroupname($to); $to = isnum($to) || !empty($group_name) ? $to : 0; $from = isnum($from) ? $from : 0; $smileys = preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $message) ? "n" : $smileys; if (!$to_group) { // send to user $pmStatus = self::get_pm_settings($to); $myStatus = self::get_pm_settings($from); if (!flood_control("message_datestamp", DB_MESSAGES, "message_from='" . intval($from) . "'")) { // find receipient $result = dbquery("SELECT u.user_id, u.user_name, u.user_email, u.user_level,\n\t\t\t\tCOUNT(m.message_id) 'message_count'\n\t\t\t\tFROM " . DB_USERS . " u\n\t\t\t\tLEFT JOIN " . DB_MESSAGES . " m ON m.message_user=u.user_id and message_folder='0'\n\t\t\t\tWHERE u.user_id='" . intval($to) . "' GROUP BY u.user_id\n\t\t\t\t"); if (dbrows($result) > 0) { $data = dbarray($result); $result2 = dbquery("SELECT user_id, user_name FROM " . DB_USERS . " WHERE user_id='" . intval($from) . "'"); if (dbrows($result2) > 0) { $userdata = dbarray($result2); if ($to != $from) { if ($data['user_id'] == 1 || $data['user_level'] < USER_LEVEL_MEMBER || !$pmStatus['user_inbox'] || $data['message_count'] + 1 <= $pmStatus['user_inbox']) { $inputData = array("message_id" => 0, "message_to" => $to, "message_user" => $to, "message_from" => $from, "message_subject" => $subject, "message_message" => $message, "message_smileys" => $smileys, "message_read" => 0, "message_datestamp" => time(), "message_folder" => 0); dbquery_insert(DB_MESSAGES, $inputData, "save"); // this will flood the inbox when message is sent to group. -- fixed if ($myStatus['user_pm_save_sent'] == '2' && $save_sent == TRUE) { // user_outbox. $cdata = dbarray(dbquery("SELECT COUNT(message_id) AS outbox_count, MIN(message_id) AS last_message FROM\n\t\t\t\t\t\t\t\t\t" . DB_MESSAGES . " WHERE message_to='" . $userdata['user_id'] . "' AND message_user='******'user_id'] . "' AND message_folder='1' GROUP BY message_to")); // check my outbox limit and if surpass, remove oldest message if ($myStatus['user_outbox'] != "0" && $cdata['outbox_count'] + 1 > $myStatus['user_outbox']) { dbquery("DELETE FROM " . DB_MESSAGES . " WHERE message_id='" . $cdata['last_message'] . "' AND message_to='" . $userdata['user_id'] . "'"); } $inputData['message_user'] = $userdata['user_id']; $inputData['message_folder'] = 1; $inputData['message_from'] = $to; $inputData['message_to'] = $userdata['user_id']; dbquery_insert(DB_MESSAGES, $inputData, "save"); } $send_email = $pmStatus['user_pm_email_notify']; if ($send_email == "2") { $message_content = str_replace("[SUBJECT]", $subject, $locale['626']); $message_content = str_replace("[USER]", $userdata['user_name'], $message_content); $template_result = dbquery("SELECT template_key, template_active FROM " . DB_EMAIL_TEMPLATES . " WHERE template_key='PM' LIMIT 1"); if (dbrows($template_result)) { $template_data = dbarray($template_result); if ($template_data['template_active'] == "1") { sendemail_template("PM", $subject, trimlink($message, 150), $userdata['user_name'], $data['user_name'], "", $data['user_email']); } else { sendemail($data['user_name'], $data['user_email'], fusion_get_settings("siteusername"), fusion_get_settings("siteemail"), $locale['625'], $data['user_name'] . $message_content); } } else { sendemail($data['user_name'], $data['user_email'], fusion_get_settings("siteusername"), fusion_get_settings("siteemail"), $locale['625'], $data['user_name'] . $message_content); } } } else { // Inbox is full if ($strict) { die("User inbox is full. Try delete it or upgrade it to 102 or 103 status"); } \defender::stop(); addNotice("danger", $locale['628']); } } } else { // Sender does not exist in DB if ($strict) { die("Sender User ID does not exist in DB. Sequence Aborted."); } \defender::stop(); addNotice("danger", $locale['482']); } } else { \defender::stop(); if ($strict) { die("Message Recepient User ID is invalid"); } addNotice("danger", $locale['482']); } } else { if ($strict) { die("You are flooding, send_pm halted"); } \defender::stop(); addNotice("danger", sprintf($locale['487'], fusion_get_settings("flood_interval"))); } } else { $result = NULL; if ($to <= -101 && $to >= -103) { // -101, -102, -103 only $result = dbquery("SELECT user_id from " . DB_USERS . " WHERE user_level <='" . intval($to) . "' AND user_status='0'"); } else { // ## --- deprecate -- WHERE user_groups REGEXP('^\\\.{$to}$|\\\.{$to}\\\.|\\\.{$to}$') # $result = dbquery("SELECT user_id FROM " . DB_USERS . " WHERE " . in_group("user_groups", $to) . " AND user_status='0'"); } if (dbrows($result) > 0) { while ($data = dbarray($result)) { self::send_pm($data['user_id'], $from, $subject, $message, $smileys, FALSE, FALSE); } } else { \defender::stop(); addNotice("danger", $locale['492']); } } }
/** * Handle post of Quick Reply Form */ private function handle_quick_reply() { $forum_settings = $this->get_forum_settings(); $locale = fusion_get_locale(); $userdata = fusion_get_userdata(); if (isset($_POST['post_quick_reply'])) { if ($this->getThreadPermission("can_reply") && \defender::safe()) { $this->thread_data = $this->thread_info['thread']; require_once INCLUDES . "flood_include.php"; if (!flood_control("post_datestamp", DB_FORUM_POSTS, "post_author='" . $userdata['user_id'] . "'")) { // have notice $post_data = array('post_id' => 0, 'forum_id' => $this->thread_data['forum_id'], 'thread_id' => $this->thread_data['thread_id'], 'post_message' => form_sanitizer($_POST['post_message'], '', 'post_message'), 'post_showsig' => isset($_POST['post_showsig']) ? 1 : 0, 'post_smileys' => isset($_POST['post_smileys']) || preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $_POST['post_message']) ? 1 : 0, 'post_author' => $userdata['user_id'], 'post_datestamp' => time(), 'post_ip' => USER_IP, 'post_ip_type' => USER_IP_TYPE, 'post_edituser' => 0, 'post_edittime' => 0, 'post_editreason' => '', 'post_hidden' => 0, 'post_locked' => $forum_settings['forum_edit_lock'] || isset($_POST['post_locked']) ? 1 : 0); if (\defender::safe()) { // post message is invalid or whatever is invalid $update_forum_lastpost = FALSE; // Prepare forum merging action $last_post_author = dbarray(dbquery("SELECT post_author FROM " . DB_FORUM_POSTS . " WHERE thread_id='" . $this->thread_data['thread_id'] . "' ORDER BY post_id DESC LIMIT 1")); if ($last_post_author['post_author'] == $post_data['post_author'] && $this->thread_data['forum_merge']) { $last_message = dbarray(dbquery("SELECT post_id, post_message FROM " . DB_FORUM_POSTS . " WHERE thread_id='" . $this->thread_data['thread_id'] . "' ORDER BY post_id DESC")); $post_data['post_id'] = $last_message['post_id']; $post_data['post_message'] = $last_message['post_message'] . "\n\n" . $locale['forum_0640'] . " " . showdate("longdate", time()) . ":\n" . $post_data['post_message']; dbquery_insert(DB_FORUM_POSTS, $post_data, 'update', array('primary_key' => 'post_id')); } else { $update_forum_lastpost = TRUE; dbquery_insert(DB_FORUM_POSTS, $post_data, 'save', array('primary_key' => 'post_id')); $post_data['post_id'] = dblastid(); dbquery("UPDATE " . DB_USERS . " SET user_posts=user_posts+1 WHERE user_id='" . $post_data['post_author'] . "'"); } // Update stats in forum and threads if ($update_forum_lastpost) { // find all parents and update them $list_of_forums = get_all_parent(dbquery_tree(DB_FORUMS, 'forum_id', 'forum_cat'), $this->thread_data['forum_id']); if (!empty($list_of_forums)) { foreach ($list_of_forums as $fid) { dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . time() . "', forum_postcount=forum_postcount+1, forum_lastpostid='" . $post_data['post_id'] . "', forum_lastuser='******'post_author'] . "' WHERE forum_id='" . $fid . "'"); } } // update current forum dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . time() . "', forum_postcount=forum_postcount+1, forum_lastpostid='" . $post_data['post_id'] . "', forum_lastuser='******'post_author'] . "' WHERE forum_id='" . $this->thread_data['forum_id'] . "'"); // update current thread dbquery("UPDATE " . DB_FORUM_THREADS . " SET thread_lastpost='" . time() . "', thread_lastpostid='" . $post_data['post_id'] . "', thread_postcount=thread_postcount+1, thread_lastuser='******'post_author'] . "' WHERE thread_id='" . $this->thread_data['thread_id'] . "'"); } // set notify if ($forum_settings['thread_notify'] == TRUE && isset($_POST['notify_me']) && $this->thread_data['thread_id']) { if (!dbcount("(thread_id)", DB_FORUM_THREAD_NOTIFY, "thread_id='" . $this->thread_data['thread_id'] . "' AND notify_user='******'post_author'] . "'")) { dbquery("INSERT INTO " . DB_FORUM_THREAD_NOTIFY . " (thread_id, notify_datestamp, notify_user, notify_status) VALUES('" . $this->thread_data['thread_id'] . "', '" . time() . "', '" . $post_data['post_author'] . "', '1')"); } } } redirect(INFUSIONS . "forum/postify.php?post=reply&error=0&forum_id=" . intval($post_data['forum_id']) . "&thread_id=" . intval($post_data['thread_id']) . "&post_id=" . intval($post_data['post_id'])); } } } }
function showcomments($ctype, $cdb, $ccol, $cid, $clink, $ingroup) { global $settings, $locale, $userdata, $aidlink; if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $eresult = dbquery("SELECT tcm.*,user_name FROM " . DB_COMMENTS . " tcm\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'"); if (dbrows($eresult)) { $edata = dbarray($eresult); if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) { $clink .= "&c_action=edit&comment_id=" . $edata['comment_id']; $comment_message = $edata['comment_message']; } } else { $comment_message = ""; } } else { $comment_message = ""; } if (iMEMBER && $ingroup) { add_to_head("<script type='text/javascript'>window.onload=setTimeout(\"hideall()\", 250);\n\t\tfunction hideall(){\n\t\t\tdocument.getElementById('bbcode').style.display='none';\n\t\t}\n\t\tfunction showhide(msg_id) {\n\t\t document.getElementById(msg_id).style.display = document.getElementById(msg_id).style.display == 'none' ? 'block' : 'none';\n\t\t}</script>\n"); require_once INCLUDES . "bbcode_include.php"; echo "<a id='edit_comment' name='edit_comment'></a>\n"; echo "<form name='inputform' method='post' action='" . $clink . "'>\n"; echo "<div align='center'>\n"; echo "<textarea name='comment_message' rows='2' class='textbox' style='width:90%'>" . $comment_message . "</textarea><br />\n"; echo "<input type='submit' name='post_comment' value='" . $locale['uc283'] . "' class='button' /> :: <a onClick='showhide(\"bbcode\")'>" . $locale['uc285'] . "</a>\n"; echo "<div id='bbcode'><br />" . display_bbcodes("360px", "comment_message") . "</div>\n"; echo "</div>\n</form>\n"; } else { echo "<div align='center'>" . $locale['uc289'] . "</div>\n"; } echo "</td>\n</tr>\n"; echo "<tr>\n<td class='tbl1' style='padding:6px;'>\n"; if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) { $result = dbquery("DELETE FROM " . DB_COMMENTS . " WHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : " AND comment_name='" . $userdata['user_id'] . "'")); } redirect($clink); } if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) { if (iMEMBER) { $comment_name = $userdata['user_id']; } elseif ($settings['guestposts'] == "1") { $comment_name = trim(stripinput($_POST['comment_name'])); $comment_name = preg_replace("(^[0-9]*)", "", $comment_name); if (isnum($comment_name)) { $comment_name = ""; } } $comment_message = trim(stripinput(censorwords($_POST['comment_message']))); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $comment_updated = false; if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) { if ($comment_message) { $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='{$comment_message}' WHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : " AND comment_name='" . $userdata['user_id'] . "'")); $comment_updated = true; } } if ($comment_updated) { $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_id<='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'") / 10) - 1) * 10; } redirect($clink . "&rstart=" . (isset($c_start) && isnum($c_start) ? $c_start : "")); } else { if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) { redirect(BASEDIR . "index.php"); } if ($comment_name && $comment_message) { require_once INCLUDES . "flood_include.php"; if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) { $result = dbquery("INSERT INTO " . DB_COMMENTS . " (comment_item_id, comment_type, comment_name, comment_message, comment_datestamp, comment_ip) VALUES ('{$cid}', '{$ctype}', '{$comment_name}', '{$comment_message}', '" . time() . "', '" . USER_IP . "')"); } } $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'") / 10) - 1) * 10; redirect($clink . "&rstart=" . $c_start); } } echo "<a id='comments' name='comments'></a>"; $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='{$cid}' AND comment_type='{$ctype}'"); if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) { $_GET['c_start'] = 0; } $result = dbquery("SELECT tcm.*,tcu.* FROM " . DB_COMMENTS . " tcm\n\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\tWHERE comment_item_id='{$cid}' AND comment_type='{$ctype}'\n\t\tORDER BY comment_datestamp DESC LIMIT " . $_GET['c_start'] . ",10"); if (dbrows($result)) { $i = $_GET['c_start'] + 1; if ($c_rows > 10) { echo "<div style='text-align:center;margin-bottom:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&") . "</div>\n"; } echo "<table width='100%' cellspacing='1' cellpadding='0'>\n"; while ($data = dbarray($result)) { echo "<tr><td class='tbl2' rowspan='2' width='1'>\n"; if ($data['user_avatar']) { list($width, $height) = getimagesize(IMAGES . "avatars/" . $data['user_avatar']); $new_width = 70; $new_height = $height * ($new_width / $height); echo "<img src='" . IMAGES . "avatars/" . $data['user_avatar'] . "' alt='' style='width:" . $new_width . "px;height:" . $new_height . "px'>\n"; } else { echo "<img src='" . IMAGES . "noav.gif' alt='' style='width:70px;height:70px'>\n"; } echo "</td>\n<td class='tbl2' style='height:30px;'>"; if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) { echo "<div style='float:right'>\n<a href='" . FUSION_REQUEST . "&c_action=edit&comment_id=" . $data['comment_id'] . "#edit_comment'>" . $locale['c108'] . "</a> |\n"; echo "<a href='" . FUSION_REQUEST . "&c_action=delete&comment_id=" . $data['comment_id'] . "'>" . $locale['c109'] . "</a>\n</div>\n"; } echo "<a href='" . FUSION_REQUEST . "#c" . $data['comment_id'] . "' id='c" . $data['comment_id'] . "' name='c" . $data['comment_id'] . "'>#" . $i . "</a> | "; echo "<a href='" . BASEDIR . "profile.php?lookup=" . $data['comment_name'] . "'>" . showLabel($data['comment_name']) . "</a>\n"; echo "<span class='small'>" . timepassed($data['comment_datestamp']) . "</span></td></tr>\n<tr><td class='tbl1' style='vertical-align:top;'>\n"; echo nl2br(parseubb(parsesmileys($data['comment_message']))) . "</td></tr>\n"; $i++; } echo "</table>"; if (iADMIN && checkrights("C")) { echo "<div align='right' class='tbl2'><a href='" . ADMIN . "comments.php" . $aidlink . "&ctype={$ctype}&cid={$cid}'>" . $locale['c106'] . "</a></div>\n"; } if ($c_rows > 10) { echo "<div style='text-align:center;margin-top:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&") . "</div>\n"; } } else { echo $locale['uc284'] . "\n"; } }
/** * Display Comments * @param $comment_type * @param $comment_db * @param $comment_col * @param $comment_item_id * @param $clink */ public function showComments($comment_type, $comment_db, $comment_col, $comment_item_id, $clink) { global $aidlink; $locale = fusion_get_locale(); $locale += fusion_get_locale('', LOCALE . LOCALESET . "user_fields.php"); $cpp = $this->settings['comments_per_page']; $comment_data = array('comment_id' => isset($_GET['comment_id']) && isnum($_GET['comment_id']) ? $_GET['comment_id'] : 0, 'comment_name' => '', 'comment_message' => '', 'comment_datestamp' => time(), 'comment_item_id' => $comment_item_id, 'comment_type' => $comment_type, 'comment_cat' => 0, 'comment_ip' => USER_IP, 'comment_ip_type' => USER_IP_TYPE, 'comment_hidden' => 0); /** Delete */ if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $this->userdata['user_id'] . "'")) { $result = dbquery("\n DELETE FROM " . DB_COMMENTS . "\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\n\t\t\t\tAND comment_name='" . $this->userdata['user_id'] . "'")); } redirect($clink . ($this->settings['comments_sorting'] == "ASC" ? "" : "&c_start=0")); } if ($this->settings['comments_enabled'] == "1") { $this->c_arr['c_info']['comments_count'] = format_word(0, $this->locale['fmt_comment']); // Handle Comment Posts if ((iMEMBER || $this->settings['guestposts']) && isset($_POST['post_comment'])) { if (!iMEMBER && $this->settings['guestposts']) { // Process Captchas $_CAPTCHA_IS_VALID = FALSE; include INCLUDES . "captchas/" . $this->settings['captcha'] . "/captcha_check.php"; if (!isset($_POST['captcha_code']) && $_CAPTCHA_IS_VALID == FALSE) { \defender::stop(); addNotice("danger", $locale['u194']); } } $comment_data = array('comment_id' => isset($_GET['comment_id']) && isnum($_GET['comment_id']) ? $_GET['comment_id'] : 0, 'comment_name' => iMEMBER ? $this->userdata['user_id'] : form_sanitizer($_POST['comment_name'], '', 'comment_name'), 'comment_message' => form_sanitizer($_POST['comment_message'], '', 'comment_message'), 'comment_datestamp' => time(), 'comment_item_id' => $comment_item_id, 'comment_type' => $comment_type, 'comment_cat' => form_sanitizer($_POST['comment_cat'], 0, 'comment_cat'), 'comment_ip' => USER_IP, 'comment_ip_type' => USER_IP_TYPE, 'comment_hidden' => 0); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && $comment_data['comment_id']) { // Update comment if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $comment_data['comment_id'] . "'\n AND comment_item_id='" . $comment_item_id . "'\n AND comment_type='" . $comment_type . "'\n AND comment_name='" . $this->userdata['user_id'] . "'\n AND comment_hidden='0'") && \defender::safe()) { $c_name_query = "SELECT comment_name FROM " . DB_COMMENTS . " WHERE comment_id='" . $comment_data['comment_id'] . "'"; $comment_data['comment_name'] = dbresult(dbquery($c_name_query), 0); dbquery_insert(DB_COMMENTS, $comment_data, 'update'); if ($this->settings['comments_sorting'] == "ASC") { $c_operator = "<="; } else { $c_operator = ">="; } $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_id" . $c_operator . "'" . $comment_data['comment_id'] . "'\n AND comment_item_id='" . $comment_item_id . "'\n AND comment_type='" . $comment_type . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; addNotice("success", $locale['global_027']); redirect(self::format_clink($clink) . "&c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : "")); } } else { // Save New comment if (!dbcount("(" . $comment_col . ")", $comment_db, $comment_col . "='" . $comment_item_id . "'")) { redirect(BASEDIR . "index.php"); } if (\defender::safe()) { $c_start = 0; $id = 0; if ($comment_data['comment_name'] && $comment_data['comment_message']) { require_once INCLUDES . "flood_include.php"; if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) { dbquery_insert(DB_COMMENTS, $comment_data, 'save'); $id = dblastid(); if ($this->settings['comments_sorting'] == "ASC") { $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; } } redirect(self::format_clink($clink) . "&c_start=" . $c_start . "#c" . $id); } } } } $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "' AND comment_hidden='0'"); if (!isset($_GET['c_start']) && $c_rows > $cpp) { $_GET['c_start'] = (ceil($c_rows / $cpp) - 1) * $cpp; } if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) { $_GET['c_start'] = 0; } $comment_query = "\n SELECT tcm.*, tcu.user_id, tcu.user_name, tcu.user_avatar, tcu.user_status\n FROM " . DB_COMMENTS . " tcm\n LEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n WHERE comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "' AND comment_hidden='0'\n ORDER BY comment_datestamp " . $this->settings['comments_sorting'] . ", comment_cat DESC"; $query = dbquery($comment_query); if (dbrows($query) > 0) { $i = $this->settings['comments_sorting'] == "ASC" ? $_GET['c_start'] + 1 : $c_rows - $_GET['c_start']; if ($c_rows > $cpp) { $this->c_arr['c_info']['c_makepagenav'] = makepagenav($_GET['c_start'], $cpp, $c_rows, 3, $clink . "&", "c_start"); } if (iADMIN && checkrights("C")) { $this->c_arr['c_info']['admin_link'] = "<!--comment_admin-->\n"; $this->c_arr['c_info']['admin_link'] .= "<a href='" . ADMIN . "comments.php" . $aidlink . "&ctype=" . $comment_type . "&comment_item_id=" . $comment_item_id . "'>" . $this->locale['c106'] . "</a>"; } while ($row = dbarray($query)) { $actions = array("edit_dell" => "", "edit_link" => "", "delete_link" => ""); if (iADMIN && checkrights("C") || iMEMBER && $row['comment_name'] == $this->userdata['user_id'] && isset($row['user_name'])) { $edit_link = clean_request('c_action=edit&comment_id=' . $row['comment_id'], array('c_action', 'comment_id'), false) . "#edit_comment"; $delete_link = clean_request('c_action=delete&comment_id=' . $row['comment_id'], array('c_action', 'comment_id'), false); $comment_actions = "<!---comment_actions--><div class='btn-group'>\n <a class='btn btn-xs btn-default' href='{$edit_link}'>" . $this->locale['c108'] . "</a>\n <a class='btn btn-xs btn-default' href='{$delete_link}' onclick=\"return confirm('" . $this->locale['c110'] . "');\"><i class='fa fa-trash'></i>" . $this->locale['c109'] . "</a>\n </div><!---//comment_actions-->\n "; $actions = array("edit_link" => array('link' => $edit_link, 'name' => $this->locale['c108']), "delete_link" => array('link' => $delete_link, 'name' => $this->locale['c109']), "edit_dell" => $comment_actions); } $reply_form = ""; if (isset($_GET['comment_reply']) && $_GET['comment_reply'] == $row['comment_id']) { $locale = fusion_get_locale(); $comment_data['comment_cat'] = $row['comment_id']; $reply_form = openform("comments_reply_form", "post", FUSION_REQUEST, array("class" => "comments_reply_form")); if (iGUEST) { $reply_form .= form_text('comment_name', fusion_get_locale('c104'), $comment_data['comment_name'], array('max_length' => 30)); } $reply_form .= form_hidden("comment_cat", "", $comment_data['comment_cat']); $reply_form .= form_textarea("comment_message", "", $comment_data['comment_message'], array("tinymce" => "simple", "type" => fusion_get_settings("tinymce_enabled") ? "tinymce" : "bbcode", "input_id" => "comment_message-" . $i, "required" => true)); if (iGUEST && (!isset($_CAPTCHA_HIDE_INPUT) || isset($_CAPTCHA_HIDE_INPUT) && !$_CAPTCHA_HIDE_INPUT)) { $_CAPTCHA_HIDE_INPUT = FALSE; $reply_form .= "<div class='m-t-10 m-b-10'>"; $reply_form .= "<label class='col-xs-12 col-sm-3'>" . $locale['global_150'] . "</label><div class='col-xs-12 col-sm-9'>\n"; ob_start(); include INCLUDES . "captchas/" . $this->settings['captcha'] . "/captcha_display.php"; $reply_form .= ob_get_contents(); ob_end_clean(); if (!$_CAPTCHA_HIDE_INPUT) { $reply_form .= "<br />\n<label for='captcha_code'>" . $locale['global_151'] . "</label>"; $reply_form .= "<br />\n<input type='text' id='captcha_code' name='captcha_code' class='textbox' autocomplete='off' style='width:100px' />\n"; } $reply_form .= "</div>\n"; $reply_form .= "</div>\n"; } $reply_form .= form_button('post_comment', $locale['c102'], $locale['c102'], array('class' => 'btn-success m-t-10')); $reply_form .= closeform(); } /** formats $row */ $row = array("comment_id" => $row['comment_id'], "comment_cat" => $row['comment_cat'], "i" => $i, "user_avatar" => display_avatar($row, '50px', '', false, 'img-rounded'), "user" => array("user_id" => $row['user_id'], "user_name" => $row['user_name'], "user_avatar" => $row['user_avatar'], "status" => $row['user_status']), "reply_link" => clean_request("comment_reply=" . $row['comment_id'], array("comment_reply"), false), "reply_form" => $reply_form, "comment_datestamp" => showdate('shortdate', $row['comment_datestamp']), "comment_time" => timer($row['comment_datestamp']), "comment_message" => "<!--comment_message-->\n" . nl2br(parseubb(parsesmileys($row['comment_message']))) . "<!--//comment_message-->\n", "comment_name" => $row['user_name'] ? profile_link($row['comment_name'], $row['user_name'], $row['user_status'], 'strong text-dark') : $row['comment_name']); $row += $actions; $id = $row['comment_id']; $parent_id = $row['comment_cat'] === NULL ? "0" : $row['comment_cat']; $data[$id] = $row; $this->c_arr['c_con'][$parent_id][$id] = $row; $this->settings['comments_sorting'] == "ASC" ? $i++ : $i--; } // Paginate the array $this->c_arr['c_con'][0] = array_chunk($this->c_arr['c_con'][0], $cpp, true); // Pass cpp settings $this->c_arr['c_info']['comments_per_page'] = $cpp; $this->c_arr['c_info']['comments_count'] = format_word(number_format($i - 1, 0), $this->locale['fmt_comment']); } echo "<a id='comments' name='comments'></a>"; render_comments($this->c_arr['c_con'], $this->c_arr['c_info']); render_comments_form($comment_type, $clink, $comment_item_id, isset($_CAPTCHA_HIDE_INPUT) ? $_CAPTCHA_HIDE_INPUT : FALSE); } }