/com_joomlaboard/post.php
PHP | 948 lines | 878 code | 33 blank | 37 comment | 78 complexity | e2d950835943a7c8fb27c701c2e717d2 MD5 | raw file
- <?php
- /**
- * post.php handles everything related to posts
- * @package com_joomlaboard
- * @copyright (C) 2000 - 2007 TSMF / Jan de Graaff / All Rights Reserved
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
- * @author TSMF
- * Joomla! is Free Software
- **/
- // Dont allow direct linking
- defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
- // get variables
- $action = mosGetParam($_POST , 'action' , '');
- $resubject = mosGetParam($_REQUEST, 'resubject' , '');
- $replyto = (int) mosGetParam($_REQUEST, 'replyto' , 0);
- $ip = $_SERVER["REMOTE_ADDR"]; //ip for floodprotection, post logging, subscriptions, etcetera
- $editmode = 0;
- $catName = $thisCat->getName();
- if ($my->id > 0) {
- $my_name = $sbConfig['username'] ? $my->username : $my->name;
- $my_email= $my->email;
- }
- else {
- $my_name = '';
- $my_email= '';
- }
- // permissions check
- switch (sb_has_post_permission($database,$catid,$replyto,$my->id,$sbConfig['pubwrite'],$is_moderator)) {
- case 0:
- echo "<p align=\"center\">";
- echo _POST_NO_PUBACCESS1."<br />";
- echo _POST_NO_PUBACCESS2."<br /><br />";
- if ($sbConfig['cb_profile']) {
- echo '<a href="'.sefRelToAbs('index.php?option=com_comprofiler&task=registers').'">'._POST_NO_PUBACCESS3.'</a><br /></p>';
- }
- else {
- echo '<a href="'.sefRelToAbs('index.php?option=com_registration&task=register').'">'._POST_NO_PUBACCESS3.'</a><br /></p>';
- }
- return;
- case -1:
- echo '<p align="center">' . _GEN_TOPIC ._POST_LOCKED.'<br />';
- echo _POST_NO_NEW.'<br /></p>';
- return;
- case -2:
- echo '<p align="center">' . _GEN_FORUM ._POST_LOCKED.'<br />';
- echo _POST_NO_NEW.'<br /></p>';
- return;
- }
- // flood protection
- $sbConfig['floodprotection'] = (int) $sbConfig['floodprotection'];
- if ($sbConfig['floodprotection'] != 0) {
- $database->setQuery("select max(time) from #__sb_messages where ip='$ip'");
- $lastPostTime=$database->loadResult();
- }
- if ( ! $is_moderator && $do!='edit' && $sbConfig['floodprotection'] == 1 && ($lastPostTime+$sbConfig['floodprotection']) >= $systime) {
- echo _POST_TOPIC_FLOOD1;
- echo $sbConfig['floodprotection']." "._POST_TOPIC_FLOOD2."<br />";
- echo _POST_TOPIC_FLOOD3;
- return;
- }
- ?>
- <table border="0" cellspacing="0" cellpadding="0" width="100%" align="center">
- <tr>
- <td>
- <?php
- if ($action=="post"){
-
- ?>
- <table border="0" cellspacing="1" cellpadding="3" width="70%" align="center" class="contentpane"><tr><td>
- <?php
- $parent=(int)$parentid;
- $message = isset($_POST['message']) ? trim($_POST['message']) : '';
- if (empty($sb_authorname))
- {
- echo _POST_FORGOT_NAME;
- }
- else if (empty($subject))
- {
- echo _POST_FORGOT_SUBJECT;
- }
- else if (empty($message))
- {
- echo _POST_FORGOT_MESSAGE;
- }
- else
- {
- if ($parent == 0)
- $thread = $parent = 0;
- $database->setQuery("SELECT id,thread,parent FROM #__sb_messages WHERE id='$parent'");
- $database->query();
- if ($database->getNumRows() == 0)
- {
- // bad parent, create a new post
- $parent = 0;
- $thread = 0;
- }
- else
- {
- $database->loadObject($m);
- $thread = $m->parent==0?$m->id:$m->thread;
- }
- if ($catid == 0 )
- {
- $catid = 1; //make sure there's a proper category
- }
- if ($attachfile != '' ) {
- $noFileUpload=0;
- include JB_ABSPATH.'/file_upload.php';
- if ($rc==0){
- $noFileUpload=1;
- }
- }
- if ($attachimage != '' ) {
- $noImgUpload=0;
- include JB_ABSPATH.'/image_upload.php';
- if ($rc==0){
- $noImgUpload=1;
- }
- }
- $messagesubject=$subject;//before we add slashes and all... used later in mail
- $sb_authorname=trim(addslashes($sb_authorname));
- $subject=trim(htmlspecialchars(addslashes($subject)));
- $message=trim(htmlspecialchars(addslashes($message)));
- if ($contentURL != "empty") { $message= $contentURL.'\n\n'.$message;}
- //parse the message for some preliminary bbcode and stripping of HTML
- $message = smile::bbencode_first_pass($message);
- $subject = smile::bbencode_first_pass($subject);
- //--
- $email=trim(addslashes($email));
- $topic_emoticon=(int)$topic_emoticon;
- $topic_emoticon=$topic_emoticon>7?0:$topic_emoticon;
- $posttime=time()+($sbConfig['board_ofset']*3600);
- //check if the post must be reviewed by a Moderator prior to showing
- //doesn't apply to admin/moderator posts ;-)
- $holdPost=0;
- if (!$is_moderator){
- $database->setQuery("SELECT review FROM #__sb_categories WHERE id=$catid");
- $holdPost=$database->loadResult();
- }
- $database->setQuery("INSERT INTO #__sb_messages (parent,thread,catid,name,userid,email,subject,time,ip,topic_emoticon,hold) VALUES('$parent','$thread','$catid','$sb_authorname','$my_id','$email','$subject','$posttime','$ip','$topic_emoticon','$holdPost')");
- if ($database->query())
- {
- $pid=$database->insertId();
- $database->setQuery("INSERT INTO #__sb_messages_text (mesid,message) VALUES('$pid','$message')");
- $database->query();
- if ($thread==0){
- //if thread was zero, we now know to which id it belongs, so we can determine the thread and update it
- $database->setQuery("UPDATE #__sb_messages SET thread='$pid' WHERE id='$pid'");
- $database->query();
- }
- //update the user posts count
- if ($my->id != 0){
- $database->setQuery("UPDATE #__sb_users SET posts=posts+1 WHERE userid='$my->id'");
- $database->query();
- }
- //Update the attachments table if an image has been attached
- if ( $imageLocation != "" && ! $noImgUpload)
- {
- $database->setQuery("INSERT INTO #__sb_attachments (mesid, filelocation) values ('$pid','$imageLocation')");
- if (!$database->query()){
- echo "<script> alert('Storing image failed: ".$database->getErrorMsg()."'); </script>\n";
- }
- }
- //Update the attachments table if an file has been attached
- if ( $fileLocation != "" && ! $noFileUpload)
- {
- $database->setQuery("INSERT INTO #__sb_attachments (mesid, filelocation) values ('$pid','$fileLocation')");
- if (!$database->query()){
- echo "<script> alert('Storing file failed: ".$database->getErrorMsg()."'); </script>\n";
- }
- }
- //Now manage the subscriptions (only if subscriptions are allowed)
- if($sbConfig['allowsubscriptions'] == 1) {//they're allowed
- //get the proper user credentials for each subscription to this topic
- if ($thread==0){
- $querythread=$pid;
- } else {
- $querythread=$thread;
- }
- //clean up the message
- $mailmessage=smile::purify($message);
- $database->setQuery("SELECT * FROM #__sb_subscriptions AS a"
- . "\n LEFT JOIN #__users as u"
- . "\n ON a.userid=u.id "
- . "\n WHERE a.thread= '$querythread'");
- $subsList=$database->loadObjectList();
- //construct a useable URL
- $messageUrl=sefRelToAbs($mosConfig_live_site."/index.php?option=com_joomlaboard&Itemid=$Itemid&func=view&catid=$catid&id=$pid")."#$pid";
- if(count($subsList)>0){//we got more than 0 subscriptions
- foreach($subsList as $subs){
- $mailsubject = "$_COM_A_NOTIFICATION $board_title";
- $msg = "$subs->name,\n";
- $msg .= "$_COM_A_NOTIFICATION1 $board_title forum\n";
- $msg .= "Subject: '".stripslashes($messagesubject)."' in Forum: '".stripslashes($catName)."'\n";
- $msg .= "Posted by: ". stripslashes($sb_authorname) . "\n\n";
- $msg .= "$_COM_A_NOTIFICATION2\n";
- $msg .= "URL: $messageUrl\n\n";
- $msg .= "Post:\n";
- $msg .= stripslashes($mailmessage);
- $msg .= "\n\n";
- $msg .= "$_COM_A_NOTIFICATION3\n";
- $msg .= "\n\n\n\n\n";
- $msg .= "** Joomlaboard Forum Component by Jan de Graaff **\n";
- $msg .= "** the Two Shoes M-Factory - http://www.tsmf.net **";
- if($ip != "127.0.0.1" && $my_id != $subs->id){//don't mail yourself
- mosmail($sbConfig['email'],"Forum at ". $_SERVER['SERVER_NAME'],$subs->email,$mailsubject,$msg);
- }
- }
- }
- }
- //Now manage the mail for moderators (only if configured)
- if($sbConfig['mailmod'] == '1') {//they're configured
- //get the proper user credentials for each moderator for this forum
- $database->setQuery("SELECT * FROM #__sb_moderation AS a"
- . "\n LEFT JOIN #__users AS u"
- . "\n ON a.userid=u.id"
- . "\n WHERE a.catid=$catid");
- $modsList=$database->loadObjectList();
- if(count($modsList)>0){//we got more than 0 moderators eligible for email
- foreach($modsList as $mods){
- $mailsubject = "$_COM_A_NOTIFICATION $board_title";
- $msg = "$mods->name,\n";
- $msg .= "$_COM_A_NOT_MOD1 $board_title forum\n";
- $msg .= "Subject: '".stripslashes($messagesubject)."' in Forum: '".stripslashes($catName)."'\n";
- $msg .= "Posted by: ". stripslashes($sb_authorname) . "\n\n";
- $msg .= "$_COM_A_NOT_MOD2\n";
- $msg .= "URL: $messageUrl\n\n";
- $msg .= "Post:\n";
- $msg .= stripslashes($mailmessage);
- $msg .= "\n\n";
- $msg .= "$_COM_A_NOTIFICATION3\n";
- $msg .= "\n\n\n\n\n";
- $msg .= "** Joomlaboard Forum Component by TSMF **\n";
- $msg .= "** the Two Shoes M-Factory - http://www.tsmf.net **";
- if($ip != "127.0.0.1" && $my_id != $mods->id){//don't mail yourself
- //Send away
- mosmail($sbConfig['email'],"Forum at ". $_SERVER['SERVER_NAME'],$mods->email,$mailsubject,$msg);
- }
- }
- }
- }
- //now try adding any new subscriptions if asked for by the poster
- if($subscribeMe == 1){
- if ($thread==0){$sb_thread=$pid;}else{$sb_thread=$thread;}
- $database->setQuery("INSERT INTO #__sb_subscriptions (thread,userid) VALUES ('$sb_thread','$my_id')");
- if ($database->query()){
- echo _POST_SUBSCRIBED_TOPIC."<br /><br />";
- }else{
- echo _POST_NO_SUBSCRIBED_TOPIC."<br /><br />";
- }
- }
- if($holdPost==1){
- echo _POST_SUCCES_REVIEW.' <a href="'.sefRelToAbs('index.php?option=com_joomlaboard&Itemid='.$Itemid.'&func=showcat&catid='.$catid).'">'._GEN_CONTINUE.'</a>.';
- }else{
- echo '<div align="center">'._POST_SUCCESS_POSTED.'<br /><br />';
- echo '<a href="'.sefRelToAbs('index.php?option=com_joomlaboard&Itemid='.$Itemid.'&func=view&catid='.$catid.'&id='.$pid).'#'.$pid.'">'._POST_SUCCESS_VIEW.'</a><br />';
- echo '<a href="'.sefRelToAbs('index.php?option=com_joomlaboard&Itemid='.$Itemid.'&func=showcat&catid='.$catid).'">'._POST_SUCCESS_FORUM.'</a><br />';
- echo '</div>';
- ?>
- <script language="javascript">
- setTimeout("location='<?php echo sefRelToAbs('index.php?option=com_joomlaboard&Itemid='.$Itemid.'&func=view&catid='.$catid.'&id='.$pid).'#'.$pid;?>'",3500);
- </script>
- <?php
- }
- }
- else
- {
- echo _POST_ERROR_MESSAGE;
- }
- }?>
- </td></tr></table>
- <?php
- }
- else if ($action=="cancel") {
- echo '<br /><br /><div align="center">'._SUBMIT_CANCEL."</div><br />";
- echo '<div align="center">'._SUBMIT_CANCEL.'<br /><br />';
- echo '<a href="'.sefRelToAbs('index.php?option=com_joomlaboard&Itemid='.$Itemid.'&func=view&catid='.$catid.'&id='.$pid).'#'.$pid.'">'._POST_SUCCESS_VIEW.'</a><br />';
- echo '<a href="'.sefRelToAbs('index.php?option=com_joomlaboard&Itemid='.$Itemid.'&func=showcat&catid='.$catid).'">'._POST_SUCCESS_FORUM.'</a><br />';
- echo '</div>';
- }
- else {
- if ($do=="quote") {//reply do quote
- $parentid=0;
- if ($replyto > 0)
- {
- $database->setQuery("SELECT #__sb_messages.*,#__sb_messages_text.message FROM #__sb_messages,#__sb_messages_text WHERE id='$replyto' AND mesid='$replyto'");
- $database->query();
- if ($database->getNumRows() > 0)
- {
- $database->loadObject($message);
- //$message->message=smile::smileReplace($message->message,0);
- $table = array_flip(get_html_translation_table(HTML_ENTITIES));
- $quote = strtr($message->message, $table);
- $htmlText = "[b]".stripslashes($message->name)." "._POST_WROTE.":[/b]\n";
- $htmlText .= '[quote]'.$quote."[/quote]";
- $quote=smile::sbStripHtmlTags($quote);
- //$quote=RTESafe_sb(nl2br($quote));
- $resubject = strtr($message->subject, $table);
- $resubject = strtolower(substr($resubject,0,strlen(_POST_RE)))==strtolower(_POST_RE)?stripslashes($resubject):_POST_RE.stripslashes($resubject);
- //$resubject = htmlspecialchars($resubject);
- $resubject=smile::sbStripHtmlTags($resubject);
- $parentid = $message->id;
- $authorName=$my_name;
- }
- }
- ?>
- <form action="<?php echo sefRelToAbs(JB_LIVEURL.'&func=post'); ?>" method="post" name="postform" enctype="multipart/form-data">
- <input type="hidden" name="parentid" value="<?php echo $parentid;?>" />
- <input type="hidden" name="catid" value="<?php echo $catid;?>" />
- <input type="hidden" name="action" value="post" />
- <input type="hidden" name="contentURL" value="empty" />
- <?php
- //get the writing stuff in:
- $no_upload="0";//only edit mode should disallow this
- include(JB_ABSPATH.'/write.html.php');
- //--
- }
- else if ($do=="reply") {// reply no quote
- $parentid=0;
- $setFocus=0;
- if ($replyto > 0) {
- $database->setQuery('SELECT #__sb_messages.*,#__sb_messages_text.message'.
- "\n". 'FROM #__sb_messages,#__sb_messages_text'.
- "\n". 'WHERE id='.$replyto.' AND mesid='.$replyto);
- $database->query();
- if ($database->getNumRows() > 0){
- $database->loadObject($message);
- $table = array_flip(get_html_translation_table(HTML_ENTITIES));
- $resubject = htmlspecialchars(strtr($message->subject, $table));
- $resubject = strtolower(substr($resubject,0,strlen(_POST_RE)))==strtolower(_POST_RE)?stripslashes($resubject):_POST_RE.stripslashes($resubject);
- $parentid = $message->id;
- }
- }
- $htmlText="";
- $authorName=$my_name;
- ?>
- <form action="<?php echo sefRelToAbs('index.php?option=com_joomlaboard&Itemid='.$Itemid . '&func=post'); ?>" method="post" name="postform" enctype="multipart/form-data">
- <input type="hidden" name="parentid" value="<?php echo $parentid;?>" />
- <input type="hidden" name="catid" value="<?php echo $catid;?>" />
- <input type="hidden" name="action" value="post" />
- <input type="hidden" name="contentURL" value="empty" />
- <?php
- //get the writing stuff in:
- $no_upload="0";//only edit mode should disallow this
- include(JB_ABSPATH.'/write.html.php');
- //--
- }
- else if ($do=="newFromBot") {// The Mosbot "discuss on forums" has detected an unexisting thread and wants to create one
- $parentid=0;
- $setFocus=0;
- // $resubject = base64_decode($resubject); //per mf#6100 -- jdg 16/07/2005
- $resubject = base64_decode(strtr($resubject, "()", "+/"));
- $resubject = str_replace("%20"," ",$resubject);
- $resubject = preg_replace('/%32/','&',$resubject);
- $resubject = preg_replace('/%33/',';',$resubject);
- $resubject = preg_replace("/\'/",''',$resubject);
- $resubject = preg_replace("/\"/",'"',$resubject);
- //$table = array_flip(get_html_translation_table(HTML_ENTITIES));
- //$resubject = strtr($resubject, $table);
- $fromBot=1; //this new topic comes from the discuss mambot
- $authorName=htmlspecialchars($my_name);
- $rowid = (int) mosGetParam( $_GET, 'rowid', 0 );
- $rowItemid = (int) mosGetParam( $_GET, 'rowItemid', 0 );
- if ( $rowItemid ) {
- $contentURL=sefRelToAbs('index.php?option=content&task=view&Itemid='.$rowItemid.'&id='.$rowid);
- }
- else {
- $contentURL=sefRelToAbs('index.php?option=content&task=view&Itemid=1&id='.$rowid);
- }
- $contentURL= _POST_DISCUSS.': [url='.$contentURL.']'.$resubject.'[/url]';
- ?>
- <form action="<?php echo sefRelToAbs("index.php?option=com_joomlaboard&Itemid=$Itemid&func=post");?>" method="post" name="postform" enctype="multipart/form-data">
- <input type="hidden" name="parentid" value="<?php echo $parentid;?>" />
- <input type="hidden" name="catid" value="<?php echo $catid;?>" />
- <input type="hidden" name="action" value="post" />
- <input type="hidden" name="contentURL" value="<?php echo $contentURL ;?>" />
- <?php
- //get the writing stuff in:
- $no_upload="0";//only edit mode should disallow this
- include(JB_ABSPATH.'/write.html.php');
- //--
- //echo "</form>";
- }
- else if ($do == "edit") {
- $allowEdit=0;
- $id=(int)$id;
- $mess=null;
- $database->setQuery("SELECT * FROM #__sb_messages LEFT JOIN #__sb_messages_text ON #__sb_messages.id=#__sb_messages_text.mesid WHERE #__sb_messages.id='$id'");
- $database->loadObject($mes);
- // Check permission
- $allowEdit=0;
- if ($is_moderator) {
- $allowEdit=1;
- }
- elseif ($sbConfig['useredit']==1 && $my->id >0 && $my->id == $mes->userid ) {
- $allowEdit=1;
- }
- if (!$allowEdit) {
- echo '<p>Hacking attempt!</p>';
- return;
- }
- //we're now in edit mode
- $editmode=1;
- $htmlText=smile::sbStripHtmlTags($mes->message);
- $table = array_flip(get_html_translation_table(HTML_ENTITIES));
- $htmlText = strtr($htmlText, $table);
- $htmlText=smile::sbHtmlSafe($htmlText);
- $resubject=htmlspecialchars(stripslashes($mes->subject));
- $authorName=htmlspecialchars($mes->name);
- ?>
- <form action="<?php echo sefRelToAbs("index.php?option=com_joomlaboard&Itemid=$Itemid&catid=$catid&func=post"); ?>" method="post" name="postform" enctype="multipart/form-data" />
- <input type="hidden" name="id" value="<?php echo $mes->id;?>" />
- <input type="hidden" name="do" value="editpostnow" />
- <?php
- // get the writing stuff in:
- // first check if there is an uploaded image or file already for this post (no new ones allowed)
- $no_file_upload=0;
- $no_image_upload=0;
- $database->setQuery("SELECT filelocation FROM #__sb_attachments WHERE mesid='$id'");
- $attachments=$database->loadObjectList();
- if (count($attachments > 0) ) {
- foreach($attachments as $att) {
- if (preg_match("&/uploaded/files/&si", $att->filelocation) ){
- $no_file_upload="1";
- }
- if (preg_match("&/uploaded/images/&si", $att->filelocation) ){
- $no_image_upload="1";
- }
- }
- }
- else {
- $no_upload="0";
- }
- include(JB_ABSPATH.'/write.html.php');
- //echo "</form>";
- }
- else if ($do == "editpostnow") {
- $database->setQuery("SELECT userid FROM #__sb_messages WHERE id='$id'");
- $userid=$database->loadResult();
- // Check permission
- $allowEdit=0;
- if ($is_moderator) {
- $allowEdit=1;
- }
- elseif ($sbConfig['useredit']==1 && $my->id >0 && $my->id == $userid ) {
- $allowEdit=1;
- }
- if (!$allowEdit) {
- echo '<p>Hacking attempt!</p>';
- return;
- }
- if ($attachfile != '' ) {
- include JB_ABSPATH.'/file_upload.php';
- }
- if ($attachimage != '' ) {
- include JB_ABSPATH.'/image_upload.php';
- }
- $message = isset($_POST['message']) ? trim($_POST['message']) : '';
- $message=trim(htmlspecialchars(addslashes($message)));
- if ($sbConfig['editMarkUp']) {
- $posttime=time()+($sbConfig['board_ofset']*3600);
- $message = $message."<br /><br />"._EDIT_BY." ".$my_name.", "._EDIT_AT." ".date(_DATETIME, $posttime);
- }
- //parse the message for some preliminary bbcode and stripping of HTML
- $message = smile::bbencode_first_pass($message);
- $id=(int)$id;
- $database->setQuery("SELECT id FROM #__sb_messages WHERE id='$id'");
- $database->query();
- if ($database->getNumRows() > 0)
- {
- $database->setQuery("UPDATE #__sb_messages SET name='$sb_authorname', email='".addslashes($email)."', subject='".addslashes($subject)."', topic_emoticon='".((int)$topic_emoticon)."' WHERE id='$id'");
- $dbr_nameset=$database->query();
- $database->setQuery("UPDATE #__sb_messages_text SET message='$message' WHERE mesid='$id'");
- if ($database->query() && $dbr_nameset)
- {
- //Update the attachments table if an image has been attached
- if ( $imageLocation != "" )
- {
- $database->setQuery("INSERT INTO #__sb_attachments (mesid, filelocation) values ('$id','$imageLocation')");
- if (!$database->query()){
- echo "<script> alert('Storing image failed: ".$database->getErrorMsg()."'); </script>\n";
- }
- }
- //Update the attachments table if an file has been attached
- if ( $fileLocation != "" )
- {
- $database->setQuery("INSERT INTO #__sb_attachments (mesid, filelocation) values ('$id','$fileLocation')");
- if (!$database->query()){
- echo "<script> alert('Storing file failed: ".$database->getErrorMsg()."'); </script>\n";
- }
- }
- echo '<div align="center">'._POST_SUCCESS_EDIT.'<br /><br />';
- echo '<a href="'.sefRelToAbs('index.php?option=com_joomlaboard&Itemid='.$Itemid.'&func=view&catid='.$catid.'&id='.$id).'#'.$id.'">'._POST_SUCCESS_VIEW.'</a><br />';
- echo '<a href="'.sefRelToAbs('index.php?option=com_joomlaboard&Itemid='.$Itemid.'&func=showcat&catid='.$catid).'">'._POST_SUCCESS_FORUM.'</a><br />';
- echo '</div>';
- }
- else
- echo _POST_ERROR_MESSAGE_OCCURED;
- }
- else
- {
- echo _POST_INVALID;
- }
- }
- else if ($do == "delete") {
- if(!$is_moderator){ die("Hacking Attempt!");}
- $id=(int)$id;
- $database->setQuery("SELECT * FROM #__sb_messages WHERE id=$id");
- $message=$database->loadObjectList();
- foreach ($message as $mes) {
- ?>
-
- <form action="<?php echo sefRelToAbs("index.php?option=com_joomlaboard&Itemid=$Itemid&catid=$catid&func=post"); ?>" method="post" name="myform">
- <input type="hidden" name="do" value="deletepostnow" />
- <input type="hidden" name="id" value="<?php echo $mes->id;?>" />
- <?php echo _POST_ABOUT_TO_DELETE;?>: <strong><?php echo stripslashes(htmlspecialchars($mes->subject));?></strong>.<br /><br />
- <?php echo _POST_ABOUT_DELETE;?><br /><br />
- <input type="checkbox" checked name="delAttachments" value="delAtt" /> <?php echo _POST_DELETE_ATT;?>
- <br /><br />
- <a href="javascript:document.myform.submit();"><?php echo _GEN_CONTINUE;?></a>
- | <a href="<?php echo sefRelToAbs("index.php?option=com_joomlaboard&Itemid=$Itemid&func=view&catid=$catid;&id=$id");?>"><?php echo _GEN_CANCEL;?></a>
- </form>
- <?php
- }
- }
- else if ($do == "deletepostnow") {
- if(!$is_moderator)
- die("Hacking Attempt!");
- $id=(int) mosGetParam($_POST,'id','');
- $dellattach=mosGetParam($_POST,'delAttachments','')=='delAtt'?1:0;
- $thread=sb_delete_post($database,$id,$dellattach);
- switch ($thread) {
- case -1:
- echo _POST_ERROR_TOPIC.'<br />';
- echo 'Could not promote children in post hierarchy. Nothing deleted.';
- break;
- case -2:
- echo _POST_ERROR_TOPIC.'<br />';
- echo 'Could not delete the post(s) - nothing else deleted';
- break;
- case -3:
- echo _POST_ERROR_TOPIC.'<br />';
- echo 'Could not delete the texts of the post(s). Update the database manually (mesid='.$id.').';
- break;
- case -4:
- echo _POST_ERROR_TOPIC.'<br />';
- echo 'Everything deleted, but failed to update user post stats!';
- break;
- case -5:
- echo _POST_ERROR_TOPIC.'<br />';
- echo 'Could not delete the poll. Update the database manually.';
- break;
- default:
- echo '<div align="center">'._POST_SUCCESS_DELETE.'<br /><br />';
- if ($do=='deletepostnow')
- echo '<a href="'.sefRelToAbs(JB_LIVEURL.'&func=view&catid='.$catid.'&id='.$thread).'">'._POST_SUCCESS_VIEW.'</a><br />';
- echo '<a href="'.sefRelToAbs(JB_LIVEURL.'&func=showcat&catid='.$catid).'">'._POST_SUCCESS_FORUM.'</a><br />';
- echo '</div>';
- echo '<script language="javascript">';
- if ($do=='deletetopicnow')
- echo 'setTimeout("location=\''.sefRelToAbs(JB_LIVEURL.'&func=showcat&catid='.$catid).'\'",3500)';
- else
- echo 'setTimeout("location=\''.sefRelToAbs(JB_LIVEURL.'&func=view&catid='.$catid.'&id='.$thread).'\'",3500)';
- echo '</script>';
- break;
- }
- }//fi $do==deletepostnow
- else if ($do == "move") {
- if(!$is_moderator){ die("Hacking Attempt!");}
- $catid=(int)$catid;
- $id=(int)$id;
- //get list of available forums
- //$database->setQuery("SELECT id,name FROM #__sb_categories WHERE parent != '0'");
- $database->setQuery( "SELECT a.*, b.name AS category"
- . "\nFROM #__sb_categories AS a"
- . "\nLEFT JOIN #__sb_categories AS b ON b.id = a.parent"
- . "\nWHERE a.parent != '0'"
- . "\nORDER BY parent, ordering");
- $catlist=$database->loadObjectList();
- // get topic subject:
- $database->setQuery("select subject from #__sb_messages where id=$id");
- $topicSubject=$database->loadResult();
- ?>
- <form action="<?php echo sefRelToAbs("index.php?option=com_joomlaboard&Itemid=$Itemid&func=post"); ?>" method="post" name="myform">
- <input type="hidden" name="do" value="domovepost" />
- <input type="hidden" name="id" value="<?php echo $id;?>" />
- <p><?php echo _GEN_TOPIC;?>: <strong><?php echo $topicSubject;?></strong><br /><br />
- <?php echo _POST_MOVE_TOPIC;?>:<br />
- <select name="catid" size="4">
- <?php
- foreach ($catlist as $cat)
- {
- echo "<OPTION value=\"$cat->id\" > $cat->category/$cat->name </OPTION>";
- }?>
- </select><br />
- <input type="checkbox" checked name="leaveGhost" value="1" /> <?php echo _POST_MOVE_GHOST;?>
- <br />
- <input type="submit" class="button" value="<?php echo _GEN_MOVE;?>" />
- </form>
- <?php
- }
- else if ($do == "domovepost")
- {
- if(!$is_moderator){ die("Hacking Attempt!");}
- $catid=(int)$catid;
- $id=(int)$id;
- $bool_leaveGhost=(int)mosGetParam($_POST,'leaveGhost',0);
- //get the some details from the original post for later
- $database->setQuery("SELECT `subject`, `catid`, `time` AS timestamp FROM #__sb_messages WHERE `id`='$id'");
- $oldRecord=$database->loadObjectList();
- $newSubject=_MOVED_TOPIC." ".$oldRecord[0]->subject;
- $database->setQuery("SELECT MAX(time) AS timestamp FROM #__sb_messages WHERE `thread`='$id'");
- $lastTimestamp=$database->loadResult();
- if ($lastTimestamp == "") { $lastTimestamp = $oldRecord[0]->timestamp; }
-
- //perform the actual move
- //Move topic post first
- $database->setQuery("UPDATE #__sb_messages SET `catid`='$catid' WHERE `id`='$id'");
- if ($database->query())
- { //succeeded; move the rest of the thread if exists
- $database->setQuery("UPDATE #__sb_messages set `catid`='$catid' WHERE `thread`='$id'");
- if ($database->query())
- {
- // insert 'moved topic' notification in old forum if needed
- if ($bool_leaveGhost) {
- $database->setQuery("INSERT INTO #__sb_messages (`parent`, `subject`, `time`, `catid`, `moved`) VALUES ('0','$newSubject','".$lastTimestamp."','".$oldRecord[0]->catid."','1')");
- if ($database->query() ) {
- //determine the new location for link composition
- $newId=$database->insertid();
- $newURL = "catid=".$catid."&id=".$id;
- $database->setQuery("INSERT INTO #__sb_messages_text (`mesid`, `message`) VALUES ('$newId', '$newURL')");
- if (! $database->query() ) { $database->stderr(true); }
- //and update the thread id on the 'moved' post for the right ordering when viewing the forum..
- $database->setQuery("UPDATE #__sb_messages SET `thread`='$newId' WHERE `id`='$newId'");
- if (! $database->query() ) { $database->stderr(true); }
- }
- else
- echo '<p style="text-align:center">'._POST_GHOST_FAILED.'</p>';
- }
- //move succeeded
- echo '<div align="center">'._POST_SUCCESS_MOVE.'<br /><br />';
- echo '<a href="'.sefRelToAbs(JB_LIVEURL.'&func=view&catid='.$catid.'&id='.$id).'#'.$id.'">'._POST_SUCCESS_VIEW.'</a><br />';
- echo '<a href="'.sefRelToAbs(JB_LIVEURL.'&func=showcat&catid='.$catid).'">'._POST_SUCCESS_FORUM.'</a><br />';
- echo '</div>';
- ?>
- <script language="javascript">
- setTimeout("location='<?php echo sefRelToAbs(JB_LIVEURL.'&func=view&catid='.$catid.'&id='.$id); ?>'",3500);
- </script>
- <?php
- }
- else
- {
- echo "Severe database error. Update your database manually so the replies to the topic are matched to the new forum as well";
- //this is severe.. takes a lot of coding to programatically correct it. Won't do that.
- //chances of this happening are very slim. Disclaimer: this is software as-is *lol*;
- //go read the GPL and the header of this file..
- }
- }
- else
- {?>
- <?php echo _POST_TOPIC_NOT_MOVED;?> <a href="index.php?option=com_joomlaboard&Itemid=<?php echo $Itemid;?>&func=view&catid=<?php echo $catid;?>&id=<?php echo $id;?>"><?php echo _POST_CLICK;?></a>
- <?php
- }
- }
- else if ($do == "subscribe")
- {
- $catid=(int)$catid;
- $id=(int)$id;
- $database->setQuery("INSERT INTO #__sb_subscriptions (thread,userid) VALUES ('$sb_thread','$my_id')");
- if ($database->query()){
- echo _POST_SUBSCRIBED_TOPIC."<br /><br />";
- }else{
- echo _POST_NO_SUBSCRIBED_TOPIC."<br /><br />";
- }
- echo '<div align="center">'._POST_SUCCESS_SUBSCRIBE.'<br /><br />';
- echo '<a href="'.sefRelToAbs(JB_LIVEURL.'&func=view&catid='.$catid.'&id='.$pid).'#'.$pid.'">'._POST_SUCCESS_VIEW.'</a><br />';
- echo '<a href="'.sefRelToAbs(JB_LIVEURL.'&func=showcat&catid='.$catid).'">'._POST_SUCCESS_FORUM.'</a><br />';
- echo '</div>'; ?>
- <script language="javascript">
- setTimeout("location='<?php echo sefRelToAbs(JB_LIVEURL.'&func=userprofile&do=show'); ?>'",3500);
- </script>
- <?php
- }
- else if ($do == "sticky")
- {
- if(!$is_moderator){ die("Hacking Attempt!");}
- $database->setQuery("update #__sb_messages set ordering=1 where id=$id");
- if ($database->query()){
- echo '<p align="center">'._POST_STICKY_SET.'<br /><br />';
- }else{
- echo '<p align="center">'._POST_STICKY_NOT_SET.'<br /><br />';
- }
- echo '<div align="center">'._POST_SUCCESS_REQUEST2.'<br /><br />';
- echo '<a href="'.sefRelToAbs(JB_LIVEURL.'&func=view&catid='.$catid.'&id='.$id).'#'.$id.'">'._POST_SUCCESS_VIEW.'</a><br />';
- echo '<a href="'.sefRelToAbs(JB_LIVEURL.'&func=showcat&catid='.$catid).'">'._POST_SUCCESS_FORUM.'</a><br />';
- echo '</div>';
- ?>
- <script language="javascript">
- setTimeout("location='<?php echo sefRelToAbs(JB_LIVEURL.'&func=view&catid='.$catid.'&id='.$id);?>'",3500);
- </script>
- <?php
- }
- else if ($do == "unsticky")
- {
- if(!$is_moderator){ die("Hacking Attempt!");}
- $database->setQuery("update #__sb_messages set ordering=0 where id=$id");
- if ($database->query()){
- echo '<p align="center">'._POST_STICKY_UNSET.'<br /><br />';
- }else{
- echo '<p align="center">'._POST_STICKY_NOT_UNSET.'<br /><br />';
- }
- echo '<div align="center">'._POST_SUCCESS_REQUEST2.'<br /><br />';
- echo '<a href="'.sefRelToAbs(JB_LIVEURL.'&func=view&catid='.$catid.'&id='.$id).'#'.$id.'">'._POST_SUCCESS_VIEW.'</a><br />';
- echo '<a href="'.sefRelToAbs(JB_LIVEURL.'&func=showcat&catid='.$catid).'">'._POST_SUCCESS_FORUM.'</a><br />';
- echo '</div>'; ?>
- <script language="javascript">
- setTimeout("location='<?php echo sefRelToAbs(JB_LIVEURL.'&func=view&catid='.$catid.'&id='.$id) ;?>'",3500);
- </script>
- <?php
- }
- else if ($do == "lock")
- {
- if(!$is_moderator){ die("Hacking Attempt!");}
- //lock topic post
- $database->setQuery("update #__sb_messages set locked=1 where id=$id");
- if ($database->query()){
- echo '<p align=/"center/">'._POST_LOCK_SET.'<br /><br />';
- }else{
- echo '<p align=/"center/">'._POST_LOCK_NOT_SET.'<br /><br />';
- }
- echo '<div align=/"center/">'._POST_SUCCESS_REQUEST2.'<br /><br />';
- echo '<a href="'.sefRelToAbs(JB_LIVEURL.'&func=view&catid='.$catid.'&id='.$id).'#'.$id.'">'._POST_SUCCESS_VIEW.'</a><br />';
- echo '<a href="'.sefRelToAbs(JB_LIVEURL.'&func=showcat&catid='.$catid).'">'._POST_SUCCESS_FORUM.'</a><br />';
- echo '</div>';
- ?>
- <script language="javascript">
- setTimeout("location='<?php echo sefRelToAbs(JB_LIVEURL.'&func=view&catid='.$catid.'&id='.$id);?>'",3500);
- </script>
- <?php
- }
- else if ($do == "unlock")
- {
- if(!$is_moderator){ die("Hacking Attempt!");}
- $database->setQuery("update #__sb_messages set locked=0 where id=$id");
- if ($database->query()){
- echo '<p align="center">'._POST_LOCK_UNSET.'<br /><br />';
- }else{
- echo '<p align="center">'._POST_LOCK_NOT_UNSET.'<br /><br />';
- }
- echo '<div align="center">'._POST_SUCCESS_REQUEST2.'<br /><br />';
- echo '<a href="'.sefRelToAbs(JB_LIVEURL.'&func=view&catid='.$catid.'&id='.$id).'#'.$id.'">'._POST_SUCCESS_VIEW.'</a><br />';
- echo '<a href="'.sefRelToAbs(JB_LIVEURL.'&func=showcat&catid='.$catid).'">'._POST_SUCCESS_FORUM.'</a><br />';
- echo '</div>'; ?>
- <script language="javascript">
- setTimeout("location='<?php echo sefRelToAbs(JB_LIVEURL.'&func=view&catid='.$catid.'&id='.$id);?>'",3500);
- </script>
- <?php
- }
- }
- ?>
- </td>
- </tr>
- </table>
- <?php
- /**
- * Function to delete posts
- *
- * @param database object
- * @param int the id if the post to be deleted
- * @param boolean determines if we need to delete attachements as well
- *
- * @return int returns thread id if all went well, -1 to -5 are error numbers
- **/
- function sb_delete_post(&$database,$id,$dellattach) {
- $database->setQuery('SELECT id,catid,parent,thread,subject,userid FROM #__sb_messages WHERE id='.$id);
- if (!$database->query())
- return -2;
- $database->loadObject($mes);
- $thread=$mes->thread;
-
- if ($mes->parent==0) {
- // this is the forum topic; if removed, all children must be removed as well.
- $children=array();
- $userids=array();
- $database->setQuery('SELECT userid,id FROM #__sb_messages WHERE thread='.$id .' OR id='.$id);
- foreach ($database->loadObjectList() as $line) {
- $children[]=$line->id;
- if ($line->userid > 0)
- $userids[]=$line->userid;
- }
- $children=implode(',',$children);
- $userids=implode(',',$userids);
- }
- else {
- //this is not the forum topic, so delete it and promote the direct children one level up in the hierarchy
- $database->setQuery('UPDATE #__sb_messages SET parent=\''.$mes->parent.'\' WHERE parent=\''.$id.'\'');
- if (!$database->query())
- return -1;
- $children=$id;
- $userids=$mes->userid > 0 ? $mes->userid : '';
- }
-
- //Delete the post (and it's children when it's the first post)
- $database->setQuery('DELETE FROM #__sb_messages WHERE id='.$id .' OR thread='.$id);
- if (!$database->query())
- return -2;
-
- //Delete message text(s)
- $database->setQuery('DELETE FROM #__sb_messages_text WHERE mesid IN ('.$children.')');
- if (!$database->query())
- return -3;
-
- //Update user post stats
- if (!empty($userids) && count($userids) > 0) {
- $database->setQuery('UPDATE #__sb_users SET posts=posts-1 WHERE userid IN ('.$userids.')');
- if (!$database->query())
- return -4;
- }
- //Delete (possible) ghost post
- $database->setQuery('SELECT mesid FROM #__sb_messages_text WHERE message=\'catid='.$mes->catid.'&id='.$id.'\'');
- $int_ghost_id=$database->loadResult();
- if ($int_ghost_id>0) {
- $database->setQuery('DELETE FROM #__sb_messages WHERE id='.$int_ghost_id);
- $database->query();
- $database->setQuery('DELETE FROM #__sb_messages_text WHERE mesid='.$int_ghost_id);
- $database->query();
- }
-
- //Delete attachments
- if ($dellattach) {
- $database->setQuery('SELECT filelocation FROM #__sb_attachments WHERE mesid IN ('.$children.')');
- $fileList=$database->loadObjectList();
- if (count($fileList)>0){
- foreach ($fileList as $fl)
- unlink($fl->filelocation);
- $database->setQuery('DELETE FROM #__sb_attachments WHERE mesid IN ('.$children.')');
- $database->query();
- }
- }
- return $thread; // all went well :-)
- }
- function listThreadHistory($id,$sbConfig, $database)
- {
- if($id != 0)
- {
- //get the parent# for the post on which 'reply' or 'quote' is chosen
- $database->setQuery("SELECT parent FROM #__sb_messages WHERE id='$id'");
- $this_message_parent = $database->loadResult();
- //Get the thread# for the same post
- $database->setQuery("SELECT thread FROM #__sb_messages WHERE id='$id'");
- $this_message_thread = $database->loadResult();
- //determine the correct thread# for the entire thread
- if ($this_message_parent==0)
- {$thread=$id;} else {$thread=$this_message_thread;}
- //get all the messages for this thread
- $database->setQuery("SELECT * FROM #__sb_messages LEFT JOIN #__sb_messages_text ON #__sb_messages.id=#__sb_messages_text.mesid WHERE thread='$thread' OR id='$thread' AND hold = 0 ORDER BY time DESC LIMIT ".$sbConfig['historyLimit']);
- $messages=$database->loadObjectList();
- //and the subject of the first thread (for reference)
- $database->setQuery("SELECT subject FROM #__sb_messages WHERE id='$thread' and parent=0");
- $this_message_subject = $database->loadResult();
- echo "<b>"._POST_TOPIC_HISTORY.":</b> ".htmlspecialchars($this_message_subject)." <br />"._POST_TOPIC_HISTORY_MAX." $historyLimit "._POST_TOPIC_HISTORY_LAST."<br />";
- ?>
- <table border="0" cellspacing="1" cellpadding="3" width="100%" class="sb_review_table">
- <tr>
- <td class="sb_review_header" width="20%" align="center"><strong><?php echo _GEN_AUTHOR;?></strong></td>
- <td class="sb_review_header" align="center"><strong><?php echo _GEN_MESSAGE;?></strong></td>
- </tr>
- <?php
- $k=0;
- foreach($messages as $mes)
- {
- $k = 1-$k;
- $mes->name = htmlspecialchars($mes->name);
- $mes->email = htmlspecialchars($mes->email);
- $mes->subject = htmlspecialchars($mes->subject);
- $mes->message = smile::smileReplace($mes->message,1, $sbConfig['disemoticons']);
- ?>
- <tr>
- <td class="sb_review_body<?php echo $k;?>" valign="top"><?php echo stripslashes($mes->name);?></td>
- <td class="sb_review_body<?php echo $k;?>">
- <?php
- $sb_message_txt = stripslashes($mes->message);
- $sb_message_txt = str_replace("</P><br />","</P>", $sb_message_txt );
- //Long Words Wrap:
- $sb_message_txt = smile::htmlwrap($sb_message_txt, $sbConfig['wrap']);
- echo $sb_message_txt;
- ?>
- </td>
- </tr>
- <?php }
- ?>
- </table><?php
- }//else: this is a new topic so there can't be a history
- }
- ?>