<?php
session_start();
setlocale(LC_CTYPE, 'fr_FR.UTF-8');
mb_internal_encoding('UTF-8');
include_once '../api/config.php';
include_once '../api/dev.php';
include_once '../api/fonctions.php';
include_once '../api/app.php';
$dev = new dev($mysql_hostname, $mysql_username, $mysql_password, $mysql_database);
$admin = false;
if (isset($_SESSION['user'])) {
if ($dev->isConnected($_SESSION['user']['username'], $_SESSION['user']['password'], $_SESSION['user']['session_id'])) {
if ($dev->getAdminLevel($dev->getId($_SESSION['user']['username'])) > 6) {
$admin = true;
}
}
}
if (!$admin) {
header('Location: ../index.php');
}
?>
<!doctype html>
<html>
<head>
<script type="text/javascript" src="./js/jquery-2.1.4.js"></script>
<script type="text/javascript" src="./js/codemirror.js"></script>
<link rel="stylesheet" href="./css/admin.css" />
<link rel="stylesheet" href="./css/icons.css" />
<link rel="stylesheet" href="./css/codemirror.css" />
<meta charset="utf-8"/>
<?php
session_start();
setlocale(LC_CTYPE, 'fr_FR.UTF-8');
mb_internal_encoding('UTF-8');
include_once '../api/config.php';
include_once '../api/dev.php';
include_once '../api/fonctions.php';
include_once '../api/app.php';
$dev = new dev($mysql_hostname, $mysql_username, $mysql_password, $mysql_database);
$admin = false;
if (isset($_SESSION['user'])) {
if ($dev->isConnected($_SESSION['user']['username'], $_SESSION['user']['password'], $_SESSION['user']['session_id'])) {
if ($dev->getAdminLevel($dev->getId($_SESSION['user']['username'])) > 6) {
$admin = true;
}
}
}
if (!$admin) {
header('Location: ../index.php');
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8" />
<link rel="stylesheet" href="./css/style.css" />
<link rel="stylesheet" href="./css/icons.css" />
<script type="text/javascript" src="./js/jquery-2.1.4.js"></script>
<script type="text/javascript" src="./js/main.js"/></script>
<script>
$json = new jsonapi($json_hostname, $json_port, $json_username, $json_password, $json_salt);
if (isset($_GET['from']) && !isset($_POST['from'])) {
$from = $_GET['from'];
} else {
if (!isset($_GET['from']) && isset($_POST['from'])) {
$from = $_POST['from'];
} else {
echo 'error';
header('Location: ./index.php');
}
}
if ($from == "add") {
if ($_POST['send']) {
if (isset($_SESSION['user'])) {
if ($dev->isConnected($_SESSION['user']['username'], $_SESSION['user']['password'], $_SESSION['user']['session_id'])) {
if ($dev->getForumAdminLevel($_POST['forum']) <= $dev->getAdminLevel($dev->getId($_SESSION['user']['username']))) {
$sql = "INSERT INTO `web_threads`(`id`, `forum_id`, `title`, `uuid_author`, `stucked`, `valid`) VALUES ('" . ($dev->getLastThreadID() + 1) . "','" . $_POST['forum'] . "', '" . utf8_decode(addslashes($_POST['title'])) . "', '" . $dev->getId($_SESSION['user']['username']) . "','0','1');";
$sql2 = "INSERT INTO `web_messages`(`uuid_author`, `content`, `thread_id`) VALUES ('" . $dev->getId($_SESSION['user']['username']) . "', '" . addslashes(utf8_decode($_POST['bbcode_field'])) . "','" . ($dev->getLastThreadID() + 1) . "')";
$db2 = new PDO('mysql:host=' . $mysql_hostname . ';dbname=' . $mysql_database, $mysql_username, $mysql_password);
$req2 = $db2->prepare($sql . $sql2);
$req2->execute();
//var_dump($req2->errorInfo());
Header(sprintf('Location: ./forum_thread.php?id=%d', $dev->getLastThreadID()));
}
} else {
unset($_SESSION['user']);
header('Location: ./index.php');
}
} else {
header('Location: ./index.php');
}
} else {
echo '<div id="forum">
<span class="icon-bubble" id="ico"></span>
<span id="title">Aucun sujet épinglé</span></br>
<span id="threads">Aucun sujet épinglé</span>
</div>';
}
?>
</div>
</br>
<div id="limiter">
Liste des sujets
<?php
if (isset($_SESSION['user'])) {
if ($dev->isConnected($_SESSION['user']['username'], $_SESSION['user']['password'], $_SESSION['user']['session_id'])) {
if ($dev->getForumAdminLevel($_GET['id']) <= $dev->getAdminLevel($dev->getId($_SESSION['user']['username']))) {
echo '<div style="float:right;height:20px;font-size:12px;width:100px;" id="button" onClick="window.location.href=\'./forum_addthread.php?id=' . $_GET['id'] . '\'">Creer un sujet</div>';
}
} else {
unset($_SESSION['user']);
}
}
?>
</div>
<div id="cat">
<?php
$db = new PDO('mysql:host=' . $mysql_hostname . ';dbname=' . $mysql_database, $mysql_username, $mysql_password);
if (isset($_GET['start']) && is_numeric($_GET['start']) && $_GET['start'] != '0') {
$sql_req = "SELECT * FROM `web_threads` WHERE `forum_id`='" . $_GET['id'] . "' AND `stucked` = '0' ORDER BY `date_modified` ASC LIMIT 30 OFFSET %d;";
$sql_req = sprintf($sql_req, $_GET['start'] - 1);
} else {
echo '<span class="number" style="font-weight:1.3em;float:left;width:150px;">Choix de la page: </span>';
$db2 = new PDO('mysql:host=' . $mysql_hostname . ';dbname=' . $mysql_database, $mysql_username, $mysql_password);
$sql_req2 = "SELECT * FROM `web_news_comments` WHERE `news_id`='" . $_GET['id'] . "' ORDER BY `date`;";
$req2 = $db2->prepare($sql_req2);
$req2->execute();
$req2->setFetchMode(PDO::FETCH_ASSOC);
for ($i = 0; $i < $req2->rowCount(); $i = $i + 5) {
echo '<a href="news.php?start=' . $i . '" class="number" style="float:left;">' . $i / 5 . '</a>';
}
echo '<div style="clear:both;"></div>';
}
if ($req_comments->rowCount() > 0) {
while ($key = $req_comments->fetch()) {
echo '<div id="news" style="rgb(250, 250, 250);">
<div style="position:absolute; top:5px; z-index:999;right:5px;">';
if (isset($_SESSION['user']) && ($dev->getAdminLevel($dev->getID($_SESSION['user']['username'])) >= 6 || $key['uuid'] == $dev->getID($_SESSION['user']['username']))) {
echo '<a href="news_process.php?type=remove&id=' . $key['id'] . '"><img src="./ressources/icons/delete.png" Alt="Retirer ce post" title="Retirer ce post"/></a>';
}
echo '</div>
<table style="width:100%; margin:5px; margin-bottom:10px;">
<tr>
<td style="width:12%; vertical-align:top;">
<div id="profileholder">
<div id="avatar">';
if (file_exists('./uploads/avatars/' . $key['uuid'] . '.png')) {
echo '<img src="./uploads/avatars/' . $key['uuid'] . '.png" style="width:90%; margin:2.5%;"/>';
} else {
echo '<img src="./uploads/avatars/default.png" style="width:90%; margin:2.5%;"/>';
}
echo '
</div>
$sql_req = "SELECT * FROM `web_messages` WHERE `thread_id`='" . $_GET['id'] . "' ORDER BY `date_written` ASC LIMIT 10;";
}
$req = $db->prepare($sql_req);
$req->execute();
$req->setFetchMode(PDO::FETCH_ASSOC);
$count = 0;
if ($req->rowCount() > 0) {
while ($key = $req->fetch()) {
$count++;
if ($count == 1) {
echo '<div id="news" style="rgb(250, 250, 250);margin-top:0px;">';
} else {
echo '<div id="news" style="rgb(250, 250, 250);">';
}
echo '<div style="position:absolute; top:5px; z-index:999;right:5px;">';
if (isset($_SESSION['user']) && ($dev->getAdminLevel($dev->getID($_SESSION['user']['username'])) >= 6 || $key['uuid_author'] == $dev->getID($_SESSION['user']['username']))) {
if ($count == 1) {
echo '<a href="forum_process.php?from=remove_thread&id=' . $_GET['id'] . '"><img src="../ressources/icons/delete.png" Alt="Retirer ce Sujet" title="Retirer ce Sujet"/></a>';
} else {
echo '<a href="forum_process.php?from=remove_msg&id=' . $key['id'] . '&th=' . $_GET['id'] . '"><img src="../ressources/icons/delete.png" Alt="Retirer ce post" title="Retirer ce post"/></a>';
}
}
echo '</div>
<table style="width:100%; margin:5px; margin-bottom:10px;">
<tr>
<td style="width:12%; vertical-align:top;">
<div id="profileholder">
<div id="avatar">';
if (file_exists('../uploads/avatars/' . $key['uuid_author'] . '.png')) {
echo '<img src="../uploads/avatars/' . $key['uuid_author'] . '.png" style="width:90%; margin:2.5%;"/>';
} else {
