PageRenderTime 64ms CodeModel.GetById 26ms RepoModel.GetById 0ms app.codeStats 0ms

/dead/forums.php

https://bitbucket.org/nexea/x00n
PHP | 1589 lines | 1357 code | 199 blank | 33 comment | 75 complexity | 64f11b6c08ac6ccbb9c198d45a7419d3 MD5 | raw file
Possible License(s): GPL-2.0 
    

  1. <?

    2. 

  2. ob_start("ob_gzhandler");

    3. 

  3. 

    4. 

  4.   require "include/bittorrent.php";

    5. 

  5. 

    6. 

  6. 

    7. 

  7.   dbconn(false);

    8. 

  8. 

    9. 

  9.   loggedinorreturn();

    10. 

  10. 

    11. 

  11.   $action = $HTTP_GET_VARS["action"];

    12. 

  12. 

    13. 

  13.   function catch_up()

    14. 

  14.   {

    15. 

  15. 	/*

    16. 

  16. 	die("This feature is currently unavailable.");

    17. 

  17. 	*/

    18. 

  18.     global $CURUSER;

    19. 

  19. 

    20. 

  20.     $userid = $CURUSER["id"];

    21. 

  21. 

    22. 

  22.     $res = mysql_query("SELECT id, lastpost FROM topics") or sqlerr(__FILE__, __LINE__);

    23. 

  23. 

    24. 

  24.     while ($arr = mysql_fetch_assoc($res))

    25. 

  25.     {

    26. 

  26.       $topicid = $arr["id"];

    27. 

  27. 

    28. 

  28.       $postid = $arr["lastpost"];

    29. 

  29. 

    30. 

  30.       $r = mysql_query("SELECT id,lastpostread FROM readposts WHERE userid=$userid and topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    31. 

  31. 

    32. 

  32.       if (mysql_num_rows($r) == 0)

    33. 

  33.         mysql_query("INSERT INTO readposts (userid, topicid, lastpostread) VALUES($userid, $topicid, $postid)") or sqlerr(__FILE__, __LINE__);

    34. 

  34. 

    35. 

  35.       else

    36. 

  36.       {

    37. 

  37.         $a = mysql_fetch_assoc($r);

    38. 

  38. 

    39. 

  39.         if ($a["lastpostread"] < $postid)

    40. 

  40.           mysql_query("UPDATE readposts SET lastpostread=$postid WHERE id=" . $a["id"]) or sqlerr(__FILE__, __LINE__);

    41. 

  41.       }

    42. 

  42.     }

    43. 

  43.   }

    44. 

  44. 

    45. 

  45.   //-------- Returns the minimum read/write class levels of a forum

    46. 

  46. 

    47. 

  47.   function get_forum_access_levels($forumid)

    48. 

  48.   {

    49. 

  49.     $res = mysql_query("SELECT minclassread, minclasswrite, minclasscreate FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);

    50. 

  50. 

    51. 

  51.     if (mysql_num_rows($res) != 1)

    52. 

  52.       return false;

    53. 

  53. 

    54. 

  54.     $arr = mysql_fetch_assoc($res);

    55. 

  55. 

    56. 

  56.     return array("read" => $arr["minclassread"], "write" => $arr["minclasswrite"], "create" => $arr["minclasscreate"]);

    57. 

  57.   }

    58. 

  58. 

    59. 

  59.   //-------- Returns the forum ID of a topic, or false on error

    60. 

  60. 

    61. 

  61.   function get_topic_forum($topicid)

    62. 

  62.   {

    63. 

  63.     $res = mysql_query("SELECT forumid FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    64. 

  64. 

    65. 

  65.     if (mysql_num_rows($res) != 1)

    66. 

  66.       return false;

    67. 

  67. 

    68. 

  68.     $arr = mysql_fetch_row($res);

    69. 

  69. 

    70. 

  70.     return $arr[0];

    71. 

  71.   }

    72. 

  72. 

    73. 

  73.   //-------- Returns the ID of the last post of a forum

    74. 

  74. 

    75. 

  75.   function update_topic_last_post($topicid)

    76. 

  76.   {

    77. 

  77.     $res = mysql_query("SELECT id FROM posts WHERE topicid=$topicid ORDER BY id DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);

    78. 

  78. 

    79. 

  79.     $arr = mysql_fetch_row($res) or die("No post found");

    80. 

  80. 

    81. 

  81.     $postid = $arr[0];

    82. 

  82. 

    83. 

  83.     mysql_query("UPDATE topics SET lastpost=$postid WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    84. 

  84.   }

    85. 

  85. 

    86. 

  86.   function get_forum_last_post($forumid)

    87. 

  87.   {

    88. 

  88.     $res = mysql_query("SELECT lastpost FROM topics WHERE forumid=$forumid ORDER BY lastpost DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);

    89. 

  89. 

    90. 

  90.     $arr = mysql_fetch_row($res);

    91. 

  91. 

    92. 

  92.     $postid = $arr[0];

    93. 

  93. 

    94. 

  94.     if ($postid)

    95. 

  95.       return $postid;

    96. 

  96. 

    97. 

  97.     else

    98. 

  98.       return 0;

    99. 

  99.   }

    100. 

  100. 

    101. 

  101.   //-------- Inserts a quick jump menu

    102. 

  102. 

    103. 

  103.   function insert_quick_jump_menu($currentforum = 0)

    104. 

  104.   {

    105. 

  105.     print("<p class=\"txtCenter\"><form method=\"get\" action=\"?\" name=\"jump\">\n");

    106. 

  106. 

    107. 

  107.     print("<input type=\"hidden\" name=\"action\" value=\"viewforum\">\n");

    108. 

  108. 

    109. 

  109.     print("Quick jump: ");

    110. 

  110. 

    111. 

  111.     print("<select name=\"forumid\" onchange=\"if(this.options[this.selectedIndex].value != -1){ forms['jump'].submit() }\">\n");

    112. 

  112. 

    113. 

  113.     $res = mysql_query("SELECT * FROM forums ORDER BY name") or sqlerr(__FILE__, __LINE__);

    114. 

  114. 

    115. 

  115.     while ($arr = mysql_fetch_assoc($res))

    116. 

  116.     {

    117. 

  117.       if (get_user_class() >= $arr["minclassread"])

    118. 

  118.         print("<option value=\"" . $arr["id"] . ($currentforum == $arr["id"] ? " selected\">" : ">") . $arr["name"] . "\n");

    119. 

  119.     }

    120. 

  120. 

    121. 

  121.     print("</select>\n");

    122. 

  122. 

    123. 

  123.     print("<input type=\"submit\" value=\"Go!\">\n");

    124. 

  124. 

    125. 

  125.     print("</form>\n</p>");

    126. 

  126.   }

    127. 

  127. 

    128. 

  128.   //-------- Inserts a compose frame

    129. 

  129. 

    130. 

  130.   function insert_compose_frame($id, $newtopic = true, $quote = false)

    131. 

  131.   {

    132. 

  132.     global $maxsubjectlength, $CURUSER;

    133. 

  133. 

    134. 

  134.     if ($newtopic)

    135. 

  135.     {

    136. 

  136.       $res = mysql_query("SELECT name FROM forums WHERE id=$id") or sqlerr(__FILE__, __LINE__);

    137. 

  137. 

    138. 

  138.       $arr = mysql_fetch_assoc($res) or die("Bad forum id");

    139. 

  139. 

    140. 

  140.       $forumname = $arr["name"];

    141. 

  141. 

    142. 

  142.       print("<p class=\"txtCenter\">New topic in <a href=\"?action=viewforum&amp;forumid=$id\">$forumname</a> forum</p>\n");

    143. 

  143.     }

    144. 

  144.     else

    145. 

  145.     {

    146. 

  146.       $res = mysql_query("SELECT * FROM topics WHERE id=$id") or sqlerr(__FILE__, __LINE__);

    147. 

  147. 

    148. 

  148.       $arr = mysql_fetch_assoc($res) or stderr("Forum error", "Topic not found.");

    149. 

  149. 

    150. 

  150.       $subject = $arr["subject"];

    151. 

  151. 

    152. 

  152.       print("<p class=\"txtCenter\">Reply to topic: <a href=\"?action=viewtopic&amp;topicid=$id\">$subject</a></p>");

    153. 

  153.     }

    154. 

  154. 

    155. 

  155.     begin_frame("Compose", true);

    156. 

  156. 

    157. 

  157.     print("<form method=\"post\" action=\"?action=post\">\n");

    158. 

  158. 

    159. 

  159.     if ($newtopic)

    160. 

  160.       print("<input type=\"hidden\" name=\"forumid\" value=\"$id\">\n");

    161. 

  161. 

    162. 

  162.     else

    163. 

  163.       print("<input type=\"hidden\" name=\"topicid\" value=\"$id\">\n");

    164. 

  164. 

    165. 

  165.     begin_table();

    166. 

  166. 

    167. 

  167.     if ($newtopic)

    168. 

  168.       print("<tr><td class=\"rowhead\">Subject</td>" .

    169. 

  169.         "<td align=\"left\" style=\"padding: 0px\"><input type=\"text\" size=\"100\" maxlength=\"$maxsubjectlength\" name=\"subject\" " .

    170. 

  170.         "style=\"border: 0px; height: 19px\"></td></tr>\n");

    171. 

  171. 

    172. 

  172.     if ($quote)

    173. 

  173.     {

    174. 

  174.        $postid = $_GET["postid"];

    175. 

  175.        if (!is_valid_id($postid))

    176. 

  176.          die;

    177. 

  177. 

    178. 

  178. 	   $res = mysql_query("SELECT posts.*, users.username FROM posts JOIN users ON posts.userid = users.id WHERE posts.id=$postid") or sqlerr(__FILE__, __LINE__);

    179. 

  179. 

    180. 

  180. 	   if (mysql_num_rows($res) != 1)

    181. 

  181. 	     stderr("Error", "No post with ID $postid.");

    182. 

  182. 

    183. 

  183. 	   $arr = mysql_fetch_assoc($res);

    184. 

  184.     }

    185. 

  185. 

    186. 

  186.     print("<tr><td class=\"rowhead\">Body</td><td align=\"left\" style=\"padding: 0px\">" .

    187. 

  187.     "<textarea name=\"body\" cols=\"100\" rows=\"20\" style=\"border: 0px\">".

    188. 

  188.     ($quote?(("[quote=".htmlspecialchars($arr["username"])."]".htmlspecialchars($arr["body"])."[/quote]")):"").

    189. 

  189.     "</textarea></td></tr>\n");

    190. 

  190. 

    191. 

  191.     print("<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" class=\"btn\" value=\"Submit\"></td></tr>\n");

    192. 

  192. 

    193. 

  193.     end_table();

    194. 

  194. 

    195. 

  195.     print("</form>\n");

    196. 

  196. 

    197. 

  197. 		print("<p class=\"txtCenter\"><a href=\"tags\" target=\"_blank\">Tags</a> | <a href=\"smilies\" target=\"_blank\">Smilies</a></p>\n");

    198. 

  198. 

    199. 

  199.     end_frame();

    200. 

  200. 

    201. 

  201.     //------ Get 10 last posts if this is a reply

    202. 

  202. 

    203. 

  203.     if (!$newtopic)

    204. 

  204.     {

    205. 

  205.       $postres = mysql_query("SELECT * FROM posts WHERE topicid=$id ORDER BY id DESC LIMIT 10") or sqlerr(__FILE__, __LINE__);

    206. 

  206. 

    207. 

  207.       begin_frame("10 last posts, in reverse order");

    208. 

  208. 

    209. 

  209.       while ($post = mysql_fetch_assoc($postres))

    210. 

  210.       {

    211. 

  211.         //-- Get poster details

    212. 

  212. 

    213. 

  213.         $userres = mysql_query("SELECT * FROM users WHERE id=" . $post["userid"] . " LIMIT 1") or sqlerr(__FILE__, __LINE__);

    214. 

  214. 

    215. 

  215.         $user = mysql_fetch_assoc($userres);

    216. 

  216. 

    217. 

  217.       	$avatar = ($CURUSER["avatars"] == "yes" ? htmlspecialchars($user["avatar"]) : "");

    218. 

  218. //	    $avatar = $user["avatar"];

    219. 

  219. 

    220. 

  220.         if (!$avatar)

    221. 

  221.           $avatar = "images/default_avatar.gif";

    222. 

  222. 

    223. 

  223.         print("<p class=sub>#" . $post["id"] . " by " . $user["username"] . " at " . $post["added"] . " GMT</p>");

    224. 

  224. 

    225. 

  225.         begin_table(true);

    226. 

  226. 

    227. 

  227.         print("<tr valign=\"top\"><td width=\"150\" align=\"center\" style=\"padding: 0px\">" . ($avatar ? "<img width=\"150\" src=\"$avatar\">" : "").

    228. 

  228.           "</td><td class=\"comment\">" . format_comment($post["body"]) . "</td></tr>\n");

    229. 

  229. 

    230. 

  230.         end_table();

    231. 

  231. 

    232. 

  232.       }

    233. 

  233. 

    234. 

  234.       end_frame();

    235. 

  235. 

    236. 

  236.     }

    237. 

  237. 

    238. 

  238.   insert_quick_jump_menu();

    239. 

  239. 

    240. 

  240.   }

    241. 

  241. 

    242. 

  242.   //-------- Global variables

    243. 

  243. 

    244. 

  244.   $maxsubjectlength = 40;

    245. 

  245.   $postsperpage = $CURUSER["postsperpage"];

    246. 

  246. 	if (!$postsperpage) $postsperpage = 25;

    247. 

  247. 

    248. 

  248.   //-------- Action: New topic

    249. 

  249. 

    250. 

  250.   if ($action == "newtopic")

    251. 

  251.   {

    252. 

  252.     $forumid = $_GET["forumid"];

    253. 

  253. 

    254. 

  254.     if (!is_valid_id($forumid))

    255. 

  255.       die;

    256. 

  256. 

    257. 

  257.     stdhead("New topic");

    258. 

  258. 

    259. 

  259.     begin_main_frame();

    260. 

  260. 

    261. 

  261.     insert_compose_frame($forumid);

    262. 

  262. 

    263. 

  263.     end_main_frame();

    264. 

  264. 

    265. 

  265.     stdfoot();

    266. 

  266. 

    267. 

  267.     die;

    268. 

  268.   }

    269. 

  269. 

    270. 

  270.   //-------- Action: Post

    271. 

  271. 

    272. 

  272.   if ($action == "post")

    273. 

  273.   {

    274. 

  274.     $forumid = 0 + $_POST["forumid"];

    275. 

  275.     $topicid = 0 + $_POST["topicid"];

    276. 

  276. 

    277. 

  277.     if (!is_valid_id($forumid) && !is_valid_id($topicid))

    278. 

  278.       stderr("Error", "Bad forum or topic ID.");

    279. 

  279. 

    280. 

  280.     $newtopic = $forumid > 0;

    281. 

  281. 

    282. 

  282.     $subject = $_POST["subject"];

    283. 

  283. 

    284. 

  284.     if ($newtopic)

    285. 

  285.     {

    286. 

  286.       $subject = trim($subject);

    287. 

  287. 

    288. 

  288.       if (!$subject)

    289. 

  289.         stderr("Error", "You must enter a subject.");

    290. 

  290. 

    291. 

  291.       if (strlen($subject) > $maxsubjectlength)

    292. 

  292.         stderr("Error", "Subject is limited to $maxsubjectlength characters.");

    293. 

  293.     }

    294. 

  294.     else

    295. 

  295.       $forumid = get_topic_forum($topicid) or die("Bad topic ID");

    296. 

  296. 

    297. 

  297.     //------ Make sure sure user has write access in forum

    298. 

  298. 

    299. 

  299.     $arr = get_forum_access_levels($forumid) or die("Bad forum ID");

    300. 

  300. 

    301. 

  301.     if (get_user_class() < $arr["write"] || ($newtopic && get_user_class() < $arr["create"]))

    302. 

  302.       stderr("Error", "Permission denied.");

    303. 

  303. 

    304. 

  304.     $body = trim($_POST["body"]);

    305. 

  305. 

    306. 

  306.     if ($body == "")

    307. 

  307.       stderr("Error", "No body text.");

    308. 

  308. 

    309. 

  309.     $userid = $CURUSER["id"];

    310. 

  310. 

    311. 

  311.     if ($newtopic)

    312. 

  312.     {

    313. 

  313.       //---- Create topic

    314. 

  314. 

    315. 

  315.       $subject = sqlesc($subject);

    316. 

  316. 

    317. 

  317.       mysql_query("INSERT INTO topics (userid, forumid, subject) VALUES($userid, $forumid, $subject)") or sqlerr(__FILE__, __LINE__);

    318. 

  318. 

    319. 

  319.       $topicid = mysql_insert_id() or stderr("Error", "No topic ID returned");

    320. 

  320.     }

    321. 

  321.     else

    322. 

  322.     {

    323. 

  323.       //---- Make sure topic exists and is unlocked

    324. 

  324. 

    325. 

  325.       $res = mysql_query("SELECT * FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    326. 

  326. 

    327. 

  327.       $arr = mysql_fetch_assoc($res) or die("Topic id n/a");

    328. 

  328. 

    329. 

  329.       if ($arr["locked"] == 'yes' && get_user_class() < UC_MODERATOR)

    330. 

  330.         stderr("Error", "This topic is locked.");

    331. 

  331. 

    332. 

  332.       //---- Get forum ID

    333. 

  333. 

    334. 

  334.       $forumid = $arr["forumid"];

    335. 

  335.     }

    336. 

  336. 

    337. 

  337.     //------ Insert post

    338. 

  338. 

    339. 

  339.     $added = "'" . get_date_time() . "'";

    340. 

  340. 

    341. 

  341.     $body = sqlesc($body);

    342. 

  342. 

    343. 

  343.     mysql_query("INSERT INTO posts (topicid, userid, added, body) " .

    344. 

  344.     "VALUES($topicid, $userid, $added, $body)") or sqlerr(__FILE__, __LINE__);

    345. 

  345. 

    346. 

  346.     $postid = mysql_insert_id() or die("Post id n/a");

    347. 

  347. 

    348. 

  348.     //------ Update topic last post

    349. 

  349. 

    350. 

  350.     update_topic_last_post($topicid);

    351. 

  351. 

    352. 

  352.     //------ All done, redirect user to the post

    353. 

  353. 

    354. 

  354.     $headerstr = "Location: $DEFAULTBASEURL/forums?action=viewtopic&amp;topicid=$topicid&amp;page=last";

    355. 

  355. 

    356. 

  356.     if ($newtopic)

    357. 

  357.       header($headerstr);

    358. 

  358. 

    359. 

  359.     else

    360. 

  360.       header("$headerstr#$postid");

    361. 

  361. 

    362. 

  362.     die;

    363. 

  363.   }

    364. 

  364. 

    365. 

  365.   //-------- Action: View topic

    366. 

  366. 

    367. 

  367.   if ($action == "viewtopic")

    368. 

  368.   {

    369. 

  369.     $topicid = $_GET["topicid"];

    370. 

  370. 

    371. 

  371.     $page = $_GET["page"];

    372. 

  372. 

    373. 

  373.     if (!is_valid_id($topicid))

    374. 

  374.       die;

    375. 

  375. 

    376. 

  376.     $userid = $CURUSER["id"];

    377. 

  377. 

    378. 

  378.     //------ Get topic info

    379. 

  379. 

    380. 

  380.     $res = mysql_query("SELECT * FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    381. 

  381. 

    382. 

  382.     $arr = mysql_fetch_assoc($res) or stderr("Forum error", "Topic not found");

    383. 

  383. 

    384. 

  384.     $locked = ($arr["locked"] == 'yes');

    385. 

  385.     $subject = $arr["subject"];

    386. 

  386.     $sticky = $arr["sticky"] == "yes";

    387. 

  387.     $forumid = $arr["forumid"];

    388. 

  388. 

    389. 

  389. 	//------ Update hits column

    390. 

  390. 

    391. 

  391.     mysql_query("UPDATE topics SET views = views + 1 WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    392. 

  392. 

    393. 

  393.     //------ Get forum

    394. 

  394. 

    395. 

  395.     $res = mysql_query("SELECT * FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);

    396. 

  396. 

    397. 

  397.     $arr = mysql_fetch_assoc($res) or die("Forum = NULL");

    398. 

  398. 

    399. 

  399.     $forum = $arr["name"];

    400. 

  400. 

    401. 

  401.     if ($CURUSER["class"] < $arr["minclassread"])

    402. 

  402. 		stderr("Error", "You are not permitted to view this topic.");

    403. 

  403. 

    404. 

  404.     //------ Get post count

    405. 

  405. 

    406. 

  406.     $res = mysql_query("SELECT COUNT(*) FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    407. 

  407. 

    408. 

  408.     $arr = mysql_fetch_row($res);

    409. 

  409. 

    410. 

  410.     $postcount = $arr[0];

    411. 

  411. 

    412. 

  412.     //------ Make page menu

    413. 

  413. 

    414. 

  414.     $pagemenu = "<p>\n";

    415. 

  415. 

    416. 

  416.     $perpage = $postsperpage;

    417. 

  417. 

    418. 

  418.     $pages = ceil($postcount / $perpage);

    419. 

  419. 

    420. 

  420.     if ($page[0] == "p")

    421. 

  421.   	{

    422. 

  422. 	    $findpost = substr($page, 1);

    423. 

  423. 	    $res = mysql_query("SELECT id FROM posts WHERE topicid=$topicid ORDER BY added") or sqlerr(__FILE__, __LINE__);

    424. 

  424. 	    $i = 1;

    425. 

  425. 	    while ($arr = mysql_fetch_row($res))

    426. 

  426. 	    {

    427. 

  427. 	      if ($arr[0] == $findpost)

    428. 

  428. 	        break;

    429. 

  429. 	      ++$i;

    430. 

  430. 	    }

    431. 

  431. 	    $page = ceil($i / $perpage);

    432. 

  432. 	  }

    433. 

  433. 

    434. 

  434.     if ($page == "last")

    435. 

  435.       $page = $pages;

    436. 

  436.     else

    437. 

  437.     {

    438. 

  438.       if($page < 1)

    439. 

  439.         $page = 1;

    440. 

  440.       elseif ($page > $pages)

    441. 

  441.         $page = $pages;

    442. 

  442.     }

    443. 

  443. 

    444. 

  444.     $offset = $page * $perpage - $perpage;

    445. 

  445. 

    446. 

  446.     for ($i = 1; $i <= $pages; ++$i)

    447. 

  447.     {

    448. 

  448.       if ($i == $page)

    449. 

  449.         $pagemenu .= "<span><b>$i</b></span>\n";

    450. 

  450. 

    451. 

  451.       else

    452. 

  452.         $pagemenu .= "<a href=\"?action=viewtopic&amp;topicid=$topicid&amp;page=$i\"><b>$i</b></a>\n";

    453. 

  453.     }

    454. 

  454. 

    455. 

  455.     if ($page == 1)

    456. 

  456.       $pagemenu .= "<br /><span><b>&lt;&lt; Prev</b></span>";

    457. 

  457. 

    458. 

  458.     else

    459. 

  459.       $pagemenu .= "<br /><a href=\"?action=viewtopic&amp;topicid=$topicid&amp;page=" . ($page - 1) .

    460. 

  460.         "\"><b>&lt;&lt; Prev</b></a>";

    461. 

  461. 

    462. 

  462.     $pagemenu .= "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";

    463. 

  463. 

    464. 

  464.     if ($page == $pages)

    465. 

  465.       $pagemenu .= "<span><b>Next &gt;&gt;</b></span></p>\n";

    466. 

  466. 

    467. 

  467.     else

    468. 

  468.       $pagemenu .= "<a href=\"?action=viewtopic&amp;topicid=$topicid&amp;page=" . ($page + 1) .

    469. 

  469.         "\"><b>Next &gt;&gt;</b></a></p>\n";

    470. 

  470. 

    471. 

  471.     //------ Get posts

    472. 

  472. 

    473. 

  473.     $res = mysql_query("SELECT * FROM posts WHERE topicid=$topicid ORDER BY id LIMIT $offset,$perpage") or sqlerr(__FILE__, __LINE__);

    474. 

  474. 

    475. 

  475.     stdhead("View topic");

    476. 

  476. 

    477. 

  477.     print("<a name=\"top\"><h1><a href=\"?action=viewforum&amp;forumid=$forumid\">$forum</a> &gt; $subject</h1>\n");

    478. 

  478. 

    479. 

  479.     print($pagemenu);

    480. 

  480. 

    481. 

  481.     //------ Print table

    482. 

  482. 

    483. 

  483.     begin_main_frame();

    484. 

  484. 

    485. 

  485.     begin_frame();

    486. 

  486. 

    487. 

  487.     $pc = mysql_num_rows($res);

    488. 

  488. 

    489. 

  489.     $pn = 0;

    490. 

  490. 

    491. 

  491.     $r = mysql_query("SELECT lastpostread FROM readposts WHERE userid=" . $CURUSER["id"] . " AND topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    492. 

  492. 

    493. 

  493.     $a = mysql_fetch_row($r);

    494. 

  494. 

    495. 

  495.     $lpr = $a[0];

    496. 

  496. 

    497. 

  497.     if (!$lpr)

    498. 

  498.       mysql_query("INSERT INTO readposts (userid, topicid) VALUES($userid, $topicid)") or sqlerr(__FILE__, __LINE__);

    499. 

  499. 

    500. 

  500.     while ($arr = mysql_fetch_assoc($res))

    501. 

  501.     {

    502. 

  502.       ++$pn;

    503. 

  503. 

    504. 

  504.       $postid = $arr["id"];

    505. 

  505. 

    506. 

  506.       $posterid = $arr["userid"];

    507. 

  507. 

    508. 

  508.       $added = $arr["added"] . " GMT (" . (get_elapsed_time(sql_timestamp_to_unix_timestamp($arr["added"]))) . " ago)";

    509. 

  509. 

    510. 

  510.       //---- Get poster details

    511. 

  511. 

    512. 

  512.       $res2 = mysql_query("SELECT username,class,avatar,donor,title,enabled,warned FROM users WHERE id=$posterid") or sqlerr(__FILE__, __LINE__);

    513. 

  513. 

    514. 

  514.       $arr2 = mysql_fetch_assoc($res2);

    515. 

  515. 

    516. 

  516.       $postername = $arr2["username"];

    517. 

  517. 

    518. 

  518.       if ($postername == "")

    519. 

  519.       {

    520. 

  520.         $by = "unknown[$posterid]";

    521. 

  521. 

    522. 

  522.         $avatar = "";

    523. 

  523.       }

    524. 

  524.       else

    525. 

  525.       {

    526. 

  526. //		if ($arr2["enabled"] == "yes")

    527. 

  527. 	        $avatar = ($CURUSER["avatars"] == "yes" ? htmlspecialchars($arr2["avatar"]) : "");

    528. 

  528. //	    else

    529. 

  529. //			$avatar = "images/disabled_avatar.gif";

    530. 

  530. 

    531. 

  531.         $title = $arr2["title"];

    532. 

  532. 

    533. 

  533.         if (!$title)

    534. 

  534.           $title = get_user_class_name($arr2["class"]);

    535. 

  535. 

    536. 

  536.         $by = "<a href=\"userdetails?id=$posterid\"><b>$postername</b></a>" . ($arr2["donor"] == "yes" ? "<img src=\"".

    537. 

  537.         "images/star.gif\" alt=\"Donor\">" : "") . ($arr2["enabled"] == "no" ? "<img src=".

    538. 

  538.         "images/disabled.gif\" alt=\"This account is disabled\" style=\"margin-left: 2px\">" : ($arr2["warned"] == "yes" ? "<a href=rules#warning class=altlink><img src=images/warned.gif alt=\"Warned\" border=0></a>" : "")) . " ($title)";

    539. 

  539.       }

    540. 

  540. 

    541. 

  541.       if (!$avatar)

    542. 

  542.         $avatar = "images/default_avatar.gif";

    543. 

  543. 

    544. 

  544.       print("<a name=\"$postid\">\n");

    545. 

  545. 

    546. 

  546.       if ($pn == $pc)

    547. 

  547.       {

    548. 

  548.         print("<a name=\"last\">\n");

    549. 

  549.         if ($postid > $lpr)

    550. 

  550.           mysql_query("UPDATE readposts SET lastpostread=$postid WHERE userid=$userid AND topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    551. 

  551.       }

    552. 

  552. 

    553. 

  553.       print("<p class=\"sub\"><table border=\"0\" cellspacing=\"0\" cellpadding=\"0\"><tr><td class=\"embedded\" width=\"99%\">#$postid by $by at $added");

    554. 

  554. 

    555. 

  555.       if (!$locked || get_user_class() >= UC_MODERATOR)

    556. 

  556. 				print(" - [<a href=\"?action=quotepost&amp;topicid=$topicid&amp;postid=$postid\"><b>Quote</b></a>]");

    557. 

  557. 

    558. 

  558.       if (($CURUSER["id"] == $posterid && !$locked) || get_user_class() >= UC_MODERATOR)

    559. 

  559.         print(" - [<a href=\"?action=editpost&amp;postid=$postid\"><b>Edit</b></a>]");

    560. 

  560. 

    561. 

  561.       if (get_user_class() >= UC_MODERATOR)

    562. 

  562.         print(" - [<a href=\"?action=deletepost&amp;postid=$postid\"><b>Delete</b></a>]");

    563. 

  563. 

    564. 

  564.       print("</td><td class=\"embedded\" width=\"1%\"><a href=#top><img src=\"images/top.gif\" border=\"0\" alt=\"Top\"></a></td></tr>");

    565. 

  565. 

    566. 

  566.       print("</table></p>\n");

    567. 

  567. 

    568. 

  568.       begin_table(true);

    569. 

  569. 

    570. 

  570.       $body = format_comment($arr["body"]);

    571. 

  571. 

    572. 

  572.       if (is_valid_id($arr['editedby']))

    573. 

  573.       {

    574. 

  574.         $res2 = mysql_query("SELECT username FROM users WHERE id=$arr[editedby]");

    575. 

  575.         if (mysql_num_rows($res2) == 1)

    576. 

  576.         {

    577. 

  577.           $arr2 = mysql_fetch_assoc($res2);

    578. 

  578.           $body .= "<p><span>Last edited by <a href=\"userdetails?id=$arr[editedby]\"><b>$arr2[username]</b></a> at $arr[editedat] GMT</span></p>\n";

    579. 

  579.         }

    580. 

  580.       }

    581. 

  581. 

    582. 

  582. 

    583. 

  583.       print("<tr valign=\"top\"><td width=\"150\" align=\"center\" style=\"padding: 0px\">" .

    584. 

  584.         ($avatar ? "<img width=\"150\" src=\"$avatar\">" : ""). "</td><td class=\"comment\">$body</td></tr>\n");

    585. 

  585. 

    586. 

  586.       end_table();

    587. 

  587.     }

    588. 

  588. 

    589. 

  589.     //------ Mod options

    590. 

  590. 

    591. 

  591. 	  if (get_user_class() >= UC_MODERATOR)

    592. 

  592. 	  {

    593. 

  593. 	    attach_frame();

    594. 

  594. 

    595. 

  595. 	    $res = mysql_query("SELECT id,name,minclasswrite FROM forums ORDER BY name") or sqlerr(__FILE__, __LINE__);

    596. 

  596. 	    print("<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n");

    597. 

  597. 

    598. 

  598. 	    print("<form method=\"post\" action=\"?action=setsticky\">\n");

    599. 

  599. 	    print("<input type=\"hidden\" name=\"topicid\" value=\"$topicid\">\n");

    600. 

  600. 	    print("<input type=\"hidden\" name=\"returnto\" value=\"$HTTP_SERVER_VARS[REQUEST_URI]\">\n");

    601. 

  601. 	    print("<tr><td class=\"embedded\" align=\"right\">Sticky:</td>\n");

    602. 

  602. 	    print("<td class=\"embedded\"><input type=\"radio\" name=\"sticky\" value='yes' " . ($sticky ? " checked" : "") . "> Yes <input type=\"radio\" name=\"sticky\" value='no' " . (!$sticky ? " checked" : "") . "> No\n");

    603. 

  603. 	    print("<input type=\"submit\" value=\"Set\"></td></tr>");

    604. 

  604. 	    print("</form>\n");

    605. 

  605. 

    606. 

  606. 	    print("<form method=\"post\" action=\"?action=setlocked\">\n");

    607. 

  607. 	    print("<input type=\"hidden\" name=\"topicid\" value=\"$topicid\">\n");

    608. 

  608. 	    print("<input type=\"hidden\" name=\"returnto\" value=\"$HTTP_SERVER_VARS[REQUEST_URI]\">\n");

    609. 

  609. 	    print("<tr><td class=\"embedded\" align=\"right\">Locked:</td>\n");

    610. 

  610. 	    print("<td class=\"embedded\"><input type=\"radio\" name=\"locked\" value='yes' " . ($locked ? " checked" : "") . "> Yes <input type=\"radio\" name=\"locked\" value='no' " . (!$locked ? " checked" : "") . "> No\n");

    611. 

  611. 	    print("<input type=submit value='Set'></td></tr>");

    612. 

  612. 	    print("</form>\n");

    613. 

  613. 

    614. 

  614. 	    print("<form method=\"post\" action=\"?action=renametopic\">\n");

    615. 

  615. 	    print("<input type=\"hidden\" name=\"topicid\" value=\"$topicid\">\n");

    616. 

  616. 	    print("<input type=\"hidden\" name=\"returnto\" value=\"$DEFAULTBASEURL$HTTP_SERVER_VARS[REQUEST_URI]\">\n");

    617. 

  617. 	    print("<tr><td class=\"embedded\" align=\"right\">Rename topic:</td><td class=embedded><input type=text name=subject size=60 maxlength=$maxsubjectlength value=\"" . htmlspecialchars($subject) . "\">\n");

    618. 

  618. 	    print("<input type=\"submit\" value=\"Okay\"></td></tr>");

    619. 

  619. 	    print("</form>\n");

    620. 

  620. 

    621. 

  621. 	    print("<form method=\"post\" action=\"?action=movetopic&amp;topicid=$topicid\">\n");

    622. 

  622. 	    print("<tr><td class=\"embedded\">Move this thread to:&nbsp;</td><td class=\"embedded\"><select name=\"forumid\">");

    623. 

  623. 

    624. 

  624. 	    while ($arr = mysql_fetch_assoc($res))

    625. 

  625. 	      if ($arr["id"] != $forumid && get_user_class() >= $arr["minclasswrite"])

    626. 

  626. 	        print("<option value=" . $arr["id"] . ">" . $arr["name"] . "\n");

    627. 

  627. 

    628. 

  628. 	    print("</select> <input type=\"submit\" value=\"Okay\"></form></td></tr>\n");

    629. 

  629. 	    print("<tr><td class=\"embedded\">Delete topic</td><td class=\"embedded\">\n");

    630. 

  630. 	    print("<form method=\"get\" action=\"/forums\">\n");

    631. 

  631. 	    print("<input type=\"hidden\" name=\"action\" value=\"deletetopic\">\n");

    632. 

  632. 	    print("<input type=\"hidden\" name=\"topicid\" value=\"$topicid\">\n");

    633. 

  633. 	    print("<input type=\"hidden\" name=\"forumid\" value=\"$forumid\">\n");

    634. 

  634. 	    print("<input type=\"checkbox\" name=\"sure\" value=\"1\">I'm sure\n");

    635. 

  635. 	    print("<input type=\"submit\" value=\"Okay\">\n");

    636. 

  636. 	    print("</form>\n");

    637. 

  637. 	    print("</td></tr>\n");

    638. 

  638. 	    print("</table>\n");

    639. 

  639. 	  }

    640. 

  640. 

    641. 

  641.   	end_frame();

    642. 

  642. 

    643. 

  643.   	end_main_frame();

    644. 

  644. 

    645. 

  645.   	print($pagemenu);

    646. 

  646. 

    647. 

  647.   	if ($locked && get_user_class() < UC_MODERATOR)

    648. 

  648.   		print("<p>This topic is locked; no new posts are allowed.</p>\n");

    649. 

  649. 

    650. 

  650.   	else

    651. 

  651.   	{

    652. 

  652. 	    $arr = get_forum_access_levels($forumid) or die;

    653. 

  653. 

    654. 

  654. 	    if (get_user_class() < $arr["write"])

    655. 

  655. 	      print("<p><i>You are not permitted to post in this forum.</i></p>\n");

    656. 

  656. 

    657. 

  657. 	    else

    658. 

  658. 	      $maypost = true;

    659. 

  659. 	  }

    660. 

  660. 

    661. 

  661. 	  //------ "View unread" / "Add reply" buttons

    662. 

  662. 

    663. 

  663. 	  print("<p><table class=\"main\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\"><tr>\n");

    664. 

  664. 	  print("<td class=\"embedded\"><form method=\"get\" action=\"?\" />\n");

    665. 

  665. 	  print("<input type=\"hidden\" name=\"action\" value=\"viewunread\" />\n");

    666. 

  666. 	  print("<fieldset><input type=\"submit\" value=\"View Unread\" /></fieldset>\n");

    667. 

  667. 	  print("</form></td>\n");

    668. 

  668. 

    669. 

  669.     if ($maypost)

    670. 

  670.     {

    671. 

  671.       print("<td class=\"embedded\" style=\"padding-left: 10px\"><form method=\"get\" action=\"?\">\n");

    672. 

  672.       print("<input type=\"hidden\" name=\"action\" value=\"reply\">\n");

    673. 

  673.       print("<input type=\"hidden\" name=\"topicid\" value=\"$topicid\">\n");

    674. 

  674.       print("<input type=\"submit\" value=\"Add Reply\" class=\"btn\">\n");

    675. 

  675.       print("</form></td>\n");

    676. 

  676.     }

    677. 

  677.     print("</tr></table></p>\n");

    678. 

  678. 

    679. 

  679.     //------ Forum quick jump drop-down

    680. 

  680. 

    681. 

  681.     insert_quick_jump_menu($forumid);

    682. 

  682. 

    683. 

  683.     stdfoot();

    684. 

  684. 

    685. 

  685.     die;

    686. 

  686.   }

    687. 

  687. 

    688. 

  688.   //-------- Action: Quote

    689. 

  689. 

    690. 

  690. 	if ($action == "quotepost")

    691. 

  691. 	{

    692. 

  692. 		$topicid = $_GET["topicid"];

    693. 

  693. 

    694. 

  694. 		if (!is_valid_id($topicid))

    695. 

  695. 			stderr("Error", "Invalid topic ID $topicid.");

    696. 

  696. 

    697. 

  697.     stdhead("Post reply");

    698. 

  698. 

    699. 

  699.     begin_main_frame();

    700. 

  700. 

    701. 

  701.     insert_compose_frame($topicid, false, true);

    702. 

  702. 

    703. 

  703.     end_main_frame();

    704. 

  704. 

    705. 

  705.     stdfoot();

    706. 

  706. 

    707. 

  707.     die;

    708. 

  708.   }

    709. 

  709. 

    710. 

  710.   //-------- Action: Reply

    711. 

  711. 

    712. 

  712.   if ($action == "reply")

    713. 

  713.   {

    714. 

  714.     $topicid = $_GET["topicid"];

    715. 

  715. 

    716. 

  716.     if (!is_valid_id($topicid))

    717. 

  717.       die;

    718. 

  718. 

    719. 

  719.     stdhead("Post reply");

    720. 

  720. 

    721. 

  721.     begin_main_frame();

    722. 

  722. 

    723. 

  723.     insert_compose_frame($topicid, false);

    724. 

  724. 

    725. 

  725.     end_main_frame();

    726. 

  726. 

    727. 

  727.     stdfoot();

    728. 

  728. 

    729. 

  729.     die;

    730. 

  730.   }

    731. 

  731. 

    732. 

  732.   //-------- Action: Move topic

    733. 

  733. 

    734. 

  734.   if ($action == "movetopic")

    735. 

  735.   {

    736. 

  736.     $forumid = $_POST["forumid"];

    737. 

  737. 

    738. 

  738.     $topicid = $_GET["topicid"];

    739. 

  739. 

    740. 

  740.     if (!is_valid_id($forumid) || !is_valid_id($topicid) || get_user_class() < UC_MODERATOR)

    741. 

  741.       die;

    742. 

  742. 

    743. 

  743.     // Make sure topic and forum is valid

    744. 

  744. 

    745. 

  745.     $res = @mysql_query("SELECT minclasswrite FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);

    746. 

  746. 

    747. 

  747.     if (mysql_num_rows($res) != 1)

    748. 

  748.       stderr("Error", "Forum not found.");

    749. 

  749. 

    750. 

  750.     $arr = mysql_fetch_row($res);

    751. 

  751. 

    752. 

  752.     if (get_user_class() < $arr[0])

    753. 

  753.       die;

    754. 

  754. 

    755. 

  755.     $res = @mysql_query("SELECT subject,forumid FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    756. 

  756. 

    757. 

  757.     if (mysql_num_rows($res) != 1)

    758. 

  758.       stderr("Error", "Topic not found.");

    759. 

  759. 

    760. 

  760.     $arr = mysql_fetch_assoc($res);

    761. 

  761. 

    762. 

  762.     if ($arr["forumid"] != $forumid)

    763. 

  763.       @mysql_query("UPDATE topics SET forumid=$forumid WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    764. 

  764. 

    765. 

  765.     // Redirect to forum page

    766. 

  766. 

    767. 

  767.     header("Location: $DEFAULTBASEURL/forums?action=viewforum&forumid=$forumid");

    768. 

  768. 

    769. 

  769.     die;

    770. 

  770.   }

    771. 

  771. 

    772. 

  772.   //-------- Action: Delete topic

    773. 

  773. 

    774. 

  774.   if ($action == "deletetopic")

    775. 

  775.   {

    776. 

  776.     $topicid = $_GET["topicid"];

    777. 

  777.     $forumid = $_GET["forumid"];

    778. 

  778. 

    779. 

  779.     if (!is_valid_id($topicid) || get_user_class() < UC_MODERATOR)

    780. 

  780.       die;

    781. 

  781. 

    782. 

  782.     $sure = $_GET["sure"];

    783. 

  783. 

    784. 

  784.     if (!$sure)

    785. 

  785.     {

    786. 

  786.       stderr("Delete topic", "Sanity check: You are about to delete a topic. Click\n" .

    787. 

  787.       "<a href=?action=deletetopic&amp;topicid=$topicid&amp;sure=1>here</a> if you are sure.");

    788. 

  788.     }

    789. 

  789. 

    790. 

  790.     mysql_query("DELETE FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    791. 

  791. 

    792. 

  792.     mysql_query("DELETE FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    793. 

  793. 

    794. 

  794.     header("Location: $DEFAULTBASEURL/forums?action=viewforum&forumid=$forumid");

    795. 

  795. 

    796. 

  796.     die;

    797. 

  797.   }

    798. 

  798. 

    799. 

  799.   //-------- Action: Edit post

    800. 

  800. 

    801. 

  801.   if ($action == "editpost")

    802. 

  802.   {

    803. 

  803.     $postid = $HTTP_GET_VARS["postid"];

    804. 

  804. 

    805. 

  805.     if (!is_valid_id($postid))

    806. 

  806.       die;

    807. 

  807. 

    808. 

  808.     $res = mysql_query("SELECT * FROM posts WHERE id=$postid") or sqlerr(__FILE__, __LINE__);

    809. 

  809. 

    810. 

  810. 		if (mysql_num_rows($res) != 1)

    811. 

  811. 			stderr("Error", "No post with ID $postid.");

    812. 

  812. 

    813. 

  813. 		$arr = mysql_fetch_assoc($res);

    814. 

  814. 

    815. 

  815.     $res2 = mysql_query("SELECT locked FROM topics WHERE id = " . $arr["topicid"]) or sqlerr(__FILE__, __LINE__);

    816. 

  816. 		$arr2 = mysql_fetch_assoc($res2);

    817. 

  817. 

    818. 

  818.  		if (mysql_num_rows($res) != 1)

    819. 

  819. 			stderr("Error", "No topic associated with post ID $postid.");

    820. 

  820. 

    821. 

  821. 		$locked = ($arr2["locked"] == 'yes');

    822. 

  822. 

    823. 

  823.     if (($CURUSER["id"] != $arr["userid"] || $locked) && get_user_class() < UC_MODERATOR)

    824. 

  824.       stderr("Error", "Denied!");

    825. 

  825. 

    826. 

  826.     if ($HTTP_SERVER_VARS['REQUEST_METHOD'] == 'POST')

    827. 

  827.     {

    828. 

  828.     	$body = $HTTP_POST_VARS['body'];

    829. 

  829. 

    830. 

  830.     	if ($body == "")

    831. 

  831.     	  stderr("Error", "Body cannot be empty!");

    832. 

  832. 

    833. 

  833.       $body = sqlesc($body);

    834. 

  834. 

    835. 

  835.       $editedat = sqlesc(get_date_time());

    836. 

  836. 

    837. 

  837.       mysql_query("UPDATE posts SET body = '$body', editedat = '$editedat', editedby = '$CURUSER[id]' WHERE id = '$postid'") or sqlerr(__FILE__, __LINE__);

    838. 

  838. 

    839. 

  839. 		$returnto = $HTTP_POST_VARS["returnto"];

    840. 

  840. 

    841. 

  841. 			if ($returnto != "")

    842. 

  842. 			{

    843. 

  843. 				$returnto .= "&amp;page=p$postid#$postid";

    844. 

  844. 				header("Location: $returnto");

    845. 

  845. 			}

    846. 

  846. 			else

    847. 

  847. 				stderr("Success", "Post was edited successfully.");

    848. 

  848.     }

    849. 

  849. 

    850. 

  850.     stdhead();

    851. 

  851. 

    852. 

  852.     print("<h1>Edit Post</h1>\n");

    853. 

  853. 

    854. 

  854.     print("<form method=\"post\" action=\"?action=editpost&amp;postid=$postid\">\n");

    855. 

  855.     print("<input type=\"hidden\" name=\"returnto\" value=\"" . htmlspecialchars($HTTP_SERVER_VARS["HTTP_REFERER"]) . "\">\n");

    856. 

  856. 

    857. 

  857.     print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\">\n");

    858. 

  858. 

    859. 

  859.     print("<tr><td style=\"padding: 0px\"><textarea name=\"body\" cols=\"100\" rows=\"20\" style=\"border: 0px\">" . htmlspecialchars($arr["body"]) . "</textarea></td></tr>\n");

    860. 

  860. 

    861. 

  861.     print("<tr><td align=\"center\"><input type=\"submit\" value=\"Okay\" class=\"btn\"></td></tr>\n");

    862. 

  862. 

    863. 

  863.     print("</table>\n");

    864. 

  864. 

    865. 

  865.     print("</form>\n");

    866. 

  866. 

    867. 

  867.     stdfoot();

    868. 

  868. 

    869. 

  869.   	die;

    870. 

  870.   }

    871. 

  871. 

    872. 

  872.   //-------- Action: Delete post

    873. 

  873. 

    874. 

  874.   if ($action == "deletepost")

    875. 

  875.   {

    876. 

  876.     $postid = $_GET["postid"];

    877. 

  877. 

    878. 

  878.     $sure = $_GET["sure"];

    879. 

  879. 

    880. 

  880.     if (get_user_class() < UC_MODERATOR || !is_valid_id($postid))

    881. 

  881.       die;

    882. 

  882. 

    883. 

  883.     //------- Get topic id

    884. 

  884. 

    885. 

  885.     $res = mysql_query("SELECT topicid FROM posts WHERE id=$postid") or sqlerr(__FILE__, __LINE__);

    886. 

  886. 

    887. 

  887.     $arr = mysql_fetch_row($res) or stderr("Error", "Post not found");

    888. 

  888. 

    889. 

  889.     $topicid = $arr[0];

    890. 

  890. 

    891. 

  891.     //------- We can not delete the post if it is the only one of the topic

    892. 

  892. 

    893. 

  893.     $res = mysql_query("SELECT COUNT(*) FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    894. 

  894. 

    895. 

  895.     $arr = mysql_fetch_row($res);

    896. 

  896. 

    897. 

  897.     if ($arr[0] < 2)

    898. 

  898.       stderr("Error", "Can't delete post; it is the only post of the topic. You should\n" .

    899. 

  899.       "<a href=\"?action=deletetopic&amp;topicid=$topicid&amp;sure=1\">delete the topic</a> instead.\n");

    900. 

  900. 

    901. 

  901. 

    902. 

  902.     //------- Get the id of the last post before the one we're deleting

    903. 

  903. 

    904. 

  904.     $res = mysql_query("SELECT id FROM posts WHERE topicid=$topicid AND id < $postid ORDER BY id DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);

    905. 

  905. 		if (mysql_num_rows($res) == 0)

    906. 

  906. 			$redirtopost = "";

    907. 

  907. 		else

    908. 

  908. 		{

    909. 

  909. 			$arr = mysql_fetch_row($res);

    910. 

  910. 			$redirtopost = "&amp;page=p$arr[0]#$arr[0]";

    911. 

  911. 		}

    912. 

  912. 

    913. 

  913.     //------- Make sure we know what we do :-)

    914. 

  914. 

    915. 

  915.     if (!$sure)

    916. 

  916.     {

    917. 

  917.       stderr("Delete post", "Sanity check: You are about to delete a post. Click\n" .

    918. 

  918.       "<a href=\"?action=deletepost&amp;postid=$postid&amp;sure=1\">here</a> if you are sure.");

    919. 

  919.     }

    920. 

  920. 

    921. 

  921.     //------- Delete post

    922. 

  922. 

    923. 

  923.     mysql_query("DELETE FROM posts WHERE id=$postid") or sqlerr(__FILE__, __LINE__);

    924. 

  924. 

    925. 

  925.     //------- Update topic

    926. 

  926. 

    927. 

  927.     update_topic_last_post($topicid);

    928. 

  928. 

    929. 

  929.     header("Location: $DEFAULTBASEURL/forums?action=viewtopic&amp;topicid=$topicid$redirtopost");

    930. 

  930. 

    931. 

  931.     die;

    932. 

  932.   }

    933. 

  933. 

    934. 

  934.   //-------- Action: Lock topic

    935. 

  935. 

    936. 

  936.   if ($action == "locktopic")

    937. 

  937.   {

    938. 

  938.     $forumid = $_GET["forumid"];

    939. 

  939.     $topicid = $_GET["topicid"];

    940. 

  940.     $page = $_GET["page"];

    941. 

  941. 

    942. 

  942.     if (!is_valid_id($topicid) || get_user_class() < UC_MODERATOR)

    943. 

  943.       die;

    944. 

  944. 

    945. 

  945.     mysql_query("UPDATE topics SET locked='yes' WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    946. 

  946. 

    947. 

  947.     header("Location: $DEFAULTBASEURL/forums?action=viewforum&forumid=$forumid&page=$page");

    948. 

  948. 

    949. 

  949.     die;

    950. 

  950.   }

    951. 

  951. 

    952. 

  952.   //-------- Action: Unlock topic

    953. 

  953. 

    954. 

  954.   if ($action == "unlocktopic")

    955. 

  955.   {

    956. 

  956.     $forumid = $_GET["forumid"];

    957. 

  957. 

    958. 

  958.     $topicid = $_GET["topicid"];

    959. 

  959. 

    960. 

  960.     $page = $_GET["page"];

    961. 

  961. 

    962. 

  962.     if (!is_valid_id($topicid) || get_user_class() < UC_MODERATOR)

    963. 

  963.       die;

    964. 

  964. 

    965. 

  965.     mysql_query("UPDATE topics SET locked='no' WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    966. 

  966. 

    967. 

  967.     header("Location: $DEFAULTBASEURL/forums?action=viewforum&forumid=$forumid&page=$page");

    968. 

  968. 

    969. 

  969.     die;

    970. 

  970.   }

    971. 

  971. 

    972. 

  972.   //-------- Action: Set locked on/off

    973. 

  973. 

    974. 

  974.   if ($action == "setlocked")

    975. 

  975.   {

    976. 

  976.     $topicid = 0 + $HTTP_POST_VARS["topicid"];

    977. 

  977. 

    978. 

  978.     if (!$topicid || get_user_class() < UC_MODERATOR)

    979. 

  979.       die;

    980. 

  980. 

    981. 

  981. 	$locked = sqlesc($HTTP_POST_VARS["locked"]);

    982. 

  982.     mysql_query("UPDATE topics SET locked=$locked WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    983. 

  983. 

    984. 

  984.     header("Location: $HTTP_POST_VARS[returnto]");

    985. 

  985. 

    986. 

  986.     die;

    987. 

  987.   }

    988. 

  988. 

    989. 

  989.   //-------- Action: Set sticky on/off

    990. 

  990. 

    991. 

  991.   if ($action == "setsticky")

    992. 

  992.   {

    993. 

  993.     $topicid = 0 + $HTTP_POST_VARS["topicid"];

    994. 

  994. 

    995. 

  995.     if (!topicid || get_user_class() < UC_MODERATOR)

    996. 

  996.       die;

    997. 

  997. 

    998. 

  998. 	$sticky = sqlesc($HTTP_POST_VARS["sticky"]);

    999. 

  999.     mysql_query("UPDATE topics SET sticky=$sticky WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    1000. 

  1000. 

    1001. 

  1001.     header("Location: $HTTP_POST_VARS[returnto]");

    1002. 

  1002. 

    1003. 

  1003.     die;

    1004. 

  1004.   }

    1005. 

  1005. 

    1006. 

  1006.   //-------- Action: Rename topic

    1007. 

  1007. 

    1008. 

  1008.   if ($action == 'renametopic')

    1009. 

  1009.   {

    1010. 

  1010.   	if (get_user_class() < UC_MODERATOR)

    1011. 

  1011.   	  die;

    1012. 

  1012. 

    1013. 

  1013.   	$topicid = $HTTP_POST_VARS['topicid'];

    1014. 

  1014. 

    1015. 

  1015.   	if (!is_valid_id($topicid))

    1016. 

  1016.   	  die;

    1017. 

  1017. 

    1018. 

  1018.   	$subject = $HTTP_POST_VARS['subject'];

    1019. 

  1019. 

    1020. 

  1020.   	if ($subject == '')

    1021. 

  1021.   	  stderr('Error', 'You must enter a new title!');

    1022. 

  1022. 

    1023. 

  1023.   	$subject = sqlesc($subject);

    1024. 

  1024. 

    1025. 

  1025.   	mysql_query("UPDATE topics SET subject=$subject WHERE id=$topicid") or sqlerr();

    1026. 

  1026. 

    1027. 

  1027.   	$returnto = $HTTP_POST_VARS['returnto'];

    1028. 

  1028. 

    1029. 

  1029.   	if ($returnto)

    1030. 

  1030.   	  header("Location: $returnto");

    1031. 

  1031. 

    1032. 

  1032.   	die;

    1033. 

  1033.   }

    1034. 

  1034. 

    1035. 

  1035.   //-------- Action: View forum

    1036. 

  1036. 

    1037. 

  1037.   if ($action == "viewforum")

    1038. 

  1038.   {

    1039. 

  1039.     $forumid = $_GET["forumid"];

    1040. 

  1040. 

    1041. 

  1041.     if (!is_valid_id($forumid))

    1042. 

  1042.       die;

    1043. 

  1043. 

    1044. 

  1044.     $page = $_GET["page"];

    1045. 

  1045. 

    1046. 

  1046.     $userid = $CURUSER["id"];

    1047. 

  1047. 

    1048. 

  1048.     //------ Get forum name

    1049. 

  1049. 

    1050. 

  1050.     $res = mysql_query("SELECT name, minclassread FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);

    1051. 

  1051. 

    1052. 

  1052.     $arr = mysql_fetch_assoc($res) or die;

    1053. 

  1053. 

    1054. 

  1054.     $forumname = $arr["name"];

    1055. 

  1055. 

    1056. 

  1056.     if (get_user_class() < $arr["minclassread"])

    1057. 

  1057.       die("Not permitted");

    1058. 

  1058. 

    1059. 

  1059.     //------ Page links

    1060. 

  1060. 

    1061. 

  1061.     //------ Get topic count

    1062. 

  1062. 

    1063. 

  1063.     $perpage = $CURUSER["topicsperpage"];

    1064. 

  1064. 	if (!$perpage) $perpage = 20;

    1065. 

  1065. 

    1066. 

  1066.     $res = mysql_query("SELECT COUNT(*) FROM topics WHERE forumid=$forumid") or sqlerr(__FILE__, __LINE__);

    1067. 

  1067. 

    1068. 

  1068.     $arr = mysql_fetch_row($res);

    1069. 

  1069. 

    1070. 

  1070.     $num = $arr[0];

    1071. 

  1071. 

    1072. 

  1072.     if ($page == 0)

    1073. 

  1073.       $page = 1;

    1074. 

  1074. 

    1075. 

  1075.     $first = ($page * $perpage) - $perpage + 1;

    1076. 

  1076. 

    1077. 

  1077.     $last = $first + $perpage - 1;

    1078. 

  1078. 

    1079. 

  1079.     if ($last > $num)

    1080. 

  1080.       $last = $num;

    1081. 

  1081. 

    1082. 

  1082.     $pages = floor($num / $perpage);

    1083. 

  1083. 

    1084. 

  1084.     if ($perpage * $pages < $num)

    1085. 

  1085.       ++$pages;

    1086. 

  1086. 

    1087. 

  1087.     //------ Build menu

    1088. 

  1088. 

    1089. 

  1089.     $menu = "<p class=\"txtCenter\"><b>\n";

    1090. 

  1090. 

    1091. 

  1091.     $lastspace = false;

    1092. 

  1092. 

    1093. 

  1093.     for ($i = 1; $i <= $pages; ++$i)

    1094. 

  1094.     {

    1095. 

  1095.     	if ($i == $page)

    1096. 

  1096.         $menu .= "<span>$i</span>\n";

    1097. 

  1097. 

    1098. 

  1098.       elseif ($i > 3 && ($i < $pages - 2) && ($page - $i > 3 || $i - $page > 3))

    1099. 

  1099.     	{

    1100. 

  1100.     		if ($lastspace)

    1101. 

  1101.     		  continue;

    1102. 

  1102. 

    1103. 

  1103.   		  $menu .= "... \n";

    1104. 

  1104. 

    1105. 

  1105.      		$lastspace = true;

    1106. 

  1106.     	}

    1107. 

  1107. 

    1108. 

  1108.       else

    1109. 

  1109.       {

    1110. 

  1110.         $menu .= "<a href=\"?action=viewforum&amp;forumid=$forumid&amp;page=$i\">$i</a>\n";

    1111. 

  1111. 

    1112. 

  1112.         $lastspace = false;

    1113. 

  1113.       }

    1114. 

  1114.       if ($i < $pages)

    1115. 

  1115.         $menu .= "</b>|<b>\n";

    1116. 

  1116.     }

    1117. 

  1117. 

    1118. 

  1118.     $menu .= "<br />\n";

    1119. 

  1119. 

    1120. 

  1120.     if ($page == 1)

    1121. 

  1121.       $menu .= "<span>&lt;&lt; Prev</span>";

    1122. 

  1122. 

    1123. 

  1123.     else

    1124. 

  1124.       $menu .= "<a href=\"?action=viewforum&amp;forumid=$forumid&amp;page=" . ($page - 1) . "\">&lt;&lt; Prev</a>";

    1125. 

  1125. 

    1126. 

  1126.     $menu .= "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";

    1127. 

  1127. 

    1128. 

  1128.     if ($last == $num)

    1129. 

  1129.       $menu .= "<span>Next &gt;&gt;</span>";

    1130. 

  1130. 

    1131. 

  1131.     else

    1132. 

  1132.       $menu .= "<a href=\"?action=viewforum&amp;forumid=$forumid&amp;page=" . ($page + 1) . "\">Next &gt;&gt;</a>";

    1133. 

  1133. 

    1134. 

  1134.     $menu .= "</b></p>\n";

    1135. 

  1135. 

    1136. 

  1136.     $offset = $first - 1;

    1137. 

  1137. 

    1138. 

  1138.     //------ Get topics data

    1139. 

  1139. 

    1140. 

  1140.     $topicsres = mysql_query("SELECT * FROM topics WHERE forumid=$forumid ORDER BY sticky, lastpost DESC LIMIT $offset,$perpage") or

    1141. 

  1141.       stderr("SQL Error", mysql_error());

    1142. 

  1142. 

    1143. 

  1143.     stdhead("Forum");

    1144. 

  1144. 

    1145. 

  1145.     $numtopics = mysql_num_rows($topicsres);

    1146. 

  1146. 

    1147. 

  1147.     print("<h1>$forumname</h1>\n");

    1148. 

  1148. 

    1149. 

  1149.     if ($numtopics > 0)

    1150. 

  1150.     {

    1151. 

  1151.       print($menu);

    1152. 

  1152. 

    1153. 

  1153.       print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\">");

    1154. 

  1154. 

    1155. 

  1155.       print("<tr><td class=\"colhead\" align=\"left\">Topic</td><td class=\"colhead\">Replies</td><td class=\"colhead\">Views</td>\n" .

    1156. 

  1156.         "<td class=\"colhead\" align=\"left\">Author</td><td class=\"colhead\" align=\"left\">Last&nbsp;post</td>\n");

    1157. 

  1157. 

    1158. 

  1158.       print("</tr>\n");

    1159. 

  1159. 

    1160. 

  1160.       while ($topicarr = mysql_fetch_assoc($topicsres))

    1161. 

  1161.       {

    1162. 

  1162.         $topicid = $topicarr["id"];

    1163. 

  1163. 

    1164. 

  1164.         $topic_userid = $topicarr["userid"];

    1165. 

  1165. 

    1166. 

  1166.         $topic_views = $topicarr["views"];

    1167. 

  1167. 

    1168. 

  1168. 		$views = number_format($topic_views);

    1169. 

  1169. 

    1170. 

  1170.         $locked = $topicarr["locked"] == "yes";

    1171. 

  1171. 

    1172. 

  1172.         $sticky = $topicarr["sticky"] == "yes";

    1173. 

  1173. 

    1174. 

  1174.         //---- Get reply count

    1175. 

  1175. 

    1176. 

  1176.         $res = mysql_query("SELECT COUNT(*) FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    1177. 

  1177. 

    1178. 

  1178.         $arr = mysql_fetch_row($res);

    1179. 

  1179. 

    1180. 

  1180.         $posts = $arr[0];

    1181. 

  1181. 

    1182. 

  1182.         $replies = max(0, $posts - 1);

    1183. 

  1183. 

    1184. 

  1184.         $tpages = floor($posts / $postsperpage);

    1185. 

  1185. 

    1186. 

  1186.         if ($tpages * $postsperpage != $posts)

    1187. 

  1187.           ++$tpages;

    1188. 

  1188. 

    1189. 

  1189.         if ($tpages > 1)

    1190. 

  1190.         {

    1191. 

  1191.           $topicpages = " (<img src=\"images/multipage.gif\">";

    1192. 

  1192. 

    1193. 

  1193.           for ($i = 1; $i <= $tpages; ++$i)

    1194. 

  1194.             $topicpages .= " <a href=\"?action=viewtopic&amp;topicid=$topicid&amp;page=$i\">$i</a>";

    1195. 

  1195. 

    1196. 

  1196.           $topicpages .= ")";

    1197. 

  1197.         }

    1198. 

  1198.         else

    1199. 

  1199.           $topicpages = "";

    1200. 

  1200. 

    1201. 

  1201.         //---- Get userID and date of last post

    1202. 

  1202. 

    1203. 

  1203.         $res = mysql_query("SELECT * FROM posts WHERE topicid=$topicid ORDER BY id DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);

    1204. 

  1204. 

    1205. 

  1205.         $arr = mysql_fetch_assoc($res);

    1206. 

  1206. 

    1207. 

  1207.         $lppostid = 0 + $arr["id"];

    1208. 

  1208. 

    1209. 

  1209.         $lpuserid = 0 + $arr["userid"];

    1210. 

  1210. 

    1211. 

  1211.         $lpadded = "" . $arr["added"] . "";

    1212. 

  1212. 

    1213. 

  1213.         //------ Get name of last poster

    1214. 

  1214. 

    1215. 

  1215.         $res = mysql_query("SELECT * FROM users WHERE id=$lpuserid") or sqlerr(__FILE__, __LINE__);

    1216. 

  1216. 

    1217. 

  1217.         if (mysql_num_rows($res) == 1)

    1218. 

  1218.         {

    1219. 

  1219.           $arr = mysql_fetch_assoc($res);

    1220. 

  1220. 

    1221. 

  1221.           $lpusername = "<a href=\"userdetails?id=$lpuserid\"><b>$arr[username]</b></a>";

    1222. 

  1222.         }

    1223. 

  1223.         else

    1224. 

  1224.           $lpusername = "unknown[$topic_userid]";

    1225. 

  1225. 

    1226. 

  1226.         //------ Get author

    1227. 

  1227. 

    1228. 

  1228.         $res = mysql_query("SELECT username FROM users WHERE id=$topic_userid") or sqlerr(__FILE__, __LINE__);

    1229. 

  1229. 

    1230. 

  1230.         if (mysql_num_rows($res) == 1)

    1231. 

  1231.         {

    1232. 

  1232.           $arr = mysql_fetch_assoc($res);

    1233. 

  1233. 

    1234. 

  1234.           $lpauthor = "<a href=\"userdetails?id=$topic_userid\"><b>$arr[username]</b></a>";

    1235. 

  1235.         }

    1236. 

  1236.         else

    1237. 

  1237.           $lpauthor = "unknown[$topic_userid]";

    1238. 

  1238. 

    1239. 

  1239.         //---- Print row

    1240. 

  1240. 

    1241. 

  1241.         $r = mysql_query("SELECT lastpostread FROM readposts WHERE userid=$userid AND topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    1242. 

  1242. 

    1243. 

  1243.         $a = mysql_fetch_row($r);

    1244. 

  1244. 

    1245. 

  1245.         $new = !$a || $lppostid > $a[0];

    1246. 

  1246. 

    1247. 

  1247.         $topicpic = ($locked ? ($new ? "lockednew" : "locked") : ($new ? "unlockednew" : "unlocked"));

    1248. 

  1248. 

    1249. 

  1249.         $subject = ($sticky ? "Sticky: " : "") . "<a href=\"?action=viewtopic&amp;topicid=$topicid\"><b>" .

    1250. 

  1250.         encodehtml($topicarr["subject"]) . "</b></a>$topicpages";

    1251. 

  1251. 

    1252. 

  1252.         print("<tr><td align=\"left\"><table border=\"0\" cellspacing=\"0\" cellpadding=\"0\"><tr>" .

    1253. 

  1253.         "<td class=\"embedded\" style=\"padding-right: 5px\"><img src=\"images/$topicpic.gif\" alt=\"$topicpic\"/>" .

    1254. 

  1254.         "</td><td class=\"embedded\" align=\"left\">\n" .

    1255. 

  1255.         "$subject</td></tr></table></td><td align=\"right\">$replies</td>\n" .

    1256. 

  1256.         "<td align=\"right\">$views</td><td align=\"left\">$lpauthor</td>\n" .

    1257. 

  1257.         "<td align=\"left\">$lpadded<br />by&nbsp;$lpusername</td>\n");

    1258. 

  1258. 

    1259. 

  1259.         print("</tr>\n");

    1260. 

  1260.       } // while

    1261. 

  1261. 

    1262. 

  1262.       print("</table>\n");

    1263. 

  1263. 

    1264. 

  1264.       print($menu);

    1265. 

  1265. 

    1266. 

  1266.     } // if

    1267. 

  1267.     else

    1268. 

  1268.       print("<p class=\"txtCenter\">No topics found</p>\n");

    1269. 

  1269. 

    1270. 

  1270.     print("<table class=\"main\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\"><tr valign=\"middle\">\n");

    1271. 

  1271. 

    1272. 

  1272.     print("<td class=\"embedded\"><img src=\"images/unlockednew.gif\" style=\"margin-right: 5px\" alt=\"New Posts\" /></td><td class=\"embedded\">New posts</td>\n");

    1273. 

  1273. 

    1274. 

  1274.     print("<td class=\"embedded\"><img src=\"images/locked.gif\" alt=\"Locked\" style=\"margin-left: 10px; margin-right: 5px\" />" .

    1275. 

  1275.     "</td><td class=\"embedded\">Locked topic</td>\n");

    1276. 

  1276. 

    1277. 

  1277.     print("</tr></table>\n");

    1278. 

  1278. 

    1279. 

  1279.     $arr = get_forum_access_levels($forumid) or die;

    1280. 

  1280. 

    1281. 

  1281.     $maypost = get_user_class() >= $arr["write"] && get_user_class() >= $arr["create"];

    1282. 

  1282. 

    1283. 

  1283.     if (!$maypost)

    1284. 

  1284.       print("<p><i>You are not permitted to start new topics in this forum.</i></p>\n");

    1285. 

  1285. 

    1286. 

  1286.     print("<table border=\"0\" class=\"main\" cellspacing=\"0\" cellpadding=\"0\"><tr>\n");

    1287. 

  1287. 

    1288. 

  1288.     print("<td class=\"embedded\"><form method=\"get\" action=\"?\"><input type=\"hidden\" name=\"action\" value=\"viewunread\"><input type=\"submit\" value=\"View unread\" class=\"btn\"></form></td>\n");

    1289. 

  1289. 

    1290. 

  1290.     if ($maypost)

    1291. 

  1291.       print("<td class=\"embedded\"><form method=\"get\" action=\"?\">

    1292. 

  1292. 	<input type=\"hidden\" name=\"action\" value=\"newtopic\">

    1293. 

  1293. 	<input type=\"hidden\" name=\"forumid\" value=\"$forumid\">

    1294. 

  1294. 	<input type=\"submit\" value=\"New topic\" class=\"btn\" style=\"margin-left: 10px\"></form></td>\n");

    1295. 

  1295. 

    1296. 

  1296.     print("</tr></table>\n");

    1297. 

  1297. 

    1298. 

  1298.     insert_quick_jump_menu($forumid);

    1299. 

  1299. 

    1300. 

  1300.     stdfoot();

    1301. 

  1301. 

    1302. 

  1302.     die;

    1303. 

  1303.   }

    1304. 

  1304. 

    1305. 

  1305.   //-------- Action: View unread posts

    1306. 

  1306. 

    1307. 

  1307.   if ($action == "viewunread")

    1308. 

  1308.   {

    1309. 

  1309. 

    1310. 

  1310.     $userid = $CURUSER['id'];

    1311. 

  1311. 

    1312. 

  1312.     $maxresults = 25;

    1313. 

  1313. 

    1314. 

  1314.     $res = mysql_query("SELECT id, forumid, subject, lastpost FROM topics ORDER BY lastpost") or sqlerr(__FILE__, __LINE__);

    1315. 

  1315. 

    1316. 

  1316.     stdhead();

    1317. 

  1317. 

    1318. 

  1318.     print("<h2>Topics with unread posts</h2>\n");

    1319. 

  1319. 

    1320. 

  1320.     $n = 0;

    1321. 

  1321. 

    1322. 

  1322.     $uc = get_user_class();

    1323. 

  1323. 

    1324. 

  1324.     while ($arr = mysql_fetch_assoc($res))

    1325. 

  1325.     {

    1326. 

  1326.       $topicid = $arr['id'];

    1327. 

  1327. 

    1328. 

  1328.       $forumid = $arr['forumid'];

    1329. 

  1329. 

    1330. 

  1330.       //---- Check if post is read

    1331. 

  1331.       $r = mysql_query("SELECT lastpostread FROM readposts WHERE userid=$userid AND topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    1332. 

  1332. 

    1333. 

  1333.       $a = mysql_fetch_row($r);

    1334. 

  1334. 

    1335. 

  1335.       if ($a && $a[0] == $arr['lastpost'])

    1336. 

  1336.         continue;

    1337. 

  1337. 

    1338. 

  1338.       //---- Check access & get forum name

    1339. 

  1339.       $r = mysql_query("SELECT name, minclassread FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);

    1340. 

  1340. 

    1341. 

  1341.       $a = mysql_fetch_assoc($r);

    1342. 

  1342. 

    1343. 

  1343.       if ($uc < $a['minclassread'])

    1344. 

  1344.         continue;

    1345. 

  1345. 

    1346. 

  1346.       ++$n;

    1347. 

  1347. 

    1348. 

  1348.       if ($n > $maxresults)

    1349. 

  1349.         break;

    1350. 

  1350. 

    1351. 

  1351.       $forumname = $a['name'];

    1352. 

  1352. 

    1353. 

  1353.       if ($n == 1)

    1354. 

  1354.       {

    1355. 

  1355.         ?><table border="1" cellspacing="0" cellpadding="5">

    1356. 

  1356. 

    1357. 

  1357.         <tr><td class="colhead" align="left">Topic</td><td class="colhead" align="left">Forum</td></tr>

    1358. 

  1358.       <?php

    1359. 

  1359. 	}

    1360. 

  1360. 	?>

    1361. 

  1361. 	<tr><td align="left"><table border="0" cellspacing="0" cellpadding="0"><tr><td class="embedded">

    1362. 

  1362. 	<img src="images/unlockednew.gif" style="margin-right: 5px" alt="Unlocked Topic"/></td><td class="embedded">

    1363. 

  1363. 	<a href="?action=viewtopic&amp;topicid=<?=$topicid?>&amp;page=last#last"><b><?=htmlspecialchars($arr["subject"])?>

    1364. 

  1364. 	</b></a></td></tr></table></td><td align="left"><a href="?action=viewforum&amp;forumid=<?=$forumid?>"><b><?=$forumname?></b></a></td></tr>

    1365. 

  1365. 	<?php

    1366. 

  1366.     }

    1367. 

  1367.     if ($n > 0)

    1368. 

  1368.     {

    1369. 

  1369.       print("</table>\n");

    1370. 

  1370. 

    1371. 

  1371.       if ($n > $maxresults)

    1372. 

  1372.         print("<p>More than $maxresults items found, displaying first $maxresults.</p>\n");

    1373. 

  1373. 

    1374. 

  1374.       print("<p><a href=\"?catchup\"><b>Catch up</b></a></p>\n");

    1375. 

  1375.     }

    1376. 

  1376.     else

    1377. 

  1377.       print("<b>Nothing found</b>");

    1378. 

  1378. 

    1379. 

  1379.     stdfoot();

    1380. 

  1380. 

    1381. 

  1381.     die;

    1382. 

  1382.   }

    1383. 

  1383. 

    1384. 

  1384. if ($action == "search")

    1385. 

  1385. {

    1386. 

  1386. 	stdhead("Forum Search");

    1387. 

  1387. 	print("<h2>Forum Search (<span class=\"red\">BETA</span>)</h2>\n");

    1388. 

  1388. 	$keywords = trim($HTTP_GET_VARS["keywords"]);

    1389. 

  1389. 	if ($keywords != "")

    1390. 

  1390. 	{

    1391. 

  1391. 		$perpage = 50;

    1392. 

  1392. 		$page = max(1, 0 + $HTTP_GET_VARS["page"]);

    1393. 

  1393. 		$ekeywords = sqlesc($keywords);

    1394. 

  1394. 		print("<p><b>Searched for \"" . htmlspecialchars($keywords) . "\"</b></p>\n");

    1395. 

  1395. 		$res = mysql_query("SELECT COUNT(*) FROM posts WHERE MATCH (body) AGAINST ($ekeywords)") or sqlerr(__FILE__, __LINE__);

    1396. 

  1396. 		$arr = mysql_fetch_row($res);

    1397. 

  1397. 		$hits = 0 + $arr[0];

    1398. 

  1398. 		if ($hits == 0)

    1399. 

  1399. 			print("<p><b>Sorry, nothing found!</b></p>");

    1400. 

  1400. 		else

    1401. 

  1401. 		{

    1402. 

  1402. 			$pages = 0 + ceil($hits / $perpage);

    1403. 

  1403. 			if ($page > $pages) $page = $pages;

    1404. 

  1404. 			for ($i = 1; $i <= $pages; ++$i)

    1405. 

  1405. 				if ($page == $i)

    1406. 

  1406. 					$pagemenu1 .= "<span><b>$i</b></span>\n";

    1407. 

  1407. 				else

    1408. 

  1408. 					$pagemenu1 .= "<a href=\"/forums?action=search&amp;keywords=" . htmlspecialchars($keywords) . "&amp;page=$i\"><b>$i</b></a>\n";

    1409. 

  1409. 			if ($page == 1)

    1410. 

  1410. 				$pagemenu2 = "<span><b>&lt;&lt; Prev</b></span>\n";

    1411. 

  1411. 			else

    1412. 

  1412. 				$pagemenu2 = "<a href=\"/forums?action=search&amp;keywords=" . htmlspecialchars($keywords) . "&amp;page=" . ($page - 1) . "\"><b>&lt;&lt; Prev</b></a>\n";

    1413. 

  1413. 			$pagemenu2 .= "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\n";

    1414. 

  1414. 			if ($page == $pages)

    1415. 

  1415. 				$pagemenu2 .= "<span><b>Next &gt;&gt;</b></span>\n";

    1416. 

  1416. 			else

    1417. 

  1417. 				$pagemenu2 .= "<a href=\"/forums?action=search&amp;keywords=" . htmlspecialchars($keywords) . "&amp;page=" . ($page + 1) . "\"><b>Next &gt;&gt;</b></a>\n";

    1418. 

  1418. 			$offset = ($page * $perpage) - $perpage;

    1419. 

  1419. 			$res = mysql_query("SELECT id, topicid,userid,added FROM posts WHERE MATCH (body) AGAINST ($ekeywords) LIMIT $offset,$perpage") or sqlerr(__FILE__, __LINE__);

    1420. 

  1420. 			$num = mysql_num_rows($res);

    1421. 

  1421. 			print("<p>$pagemenu1<br />$pagemenu2</p>");

    1422. 

  1422. 			print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\">\n");

    1423. 

  1423. 			print("<tr><td class=\"colhead\">Post</td><td class=\"colhead\" align=\"left\">Topic</td><td class=\"colhead\" align=\"left\">Forum</td><td class=\"colhead\" align=\"left\">Posted by</td></tr>\n");

    1424. 

  1424. 			for ($i = 0; $i < $num; ++$i)

    1425. 

  1425. 			{

    1426. 

  1426. 				$post = mysql_fetch_assoc($res);

    1427. 

  1427. 				$res2 = mysql_query("SELECT forumid, subject FROM topics WHERE id=$post[topicid]") or

    1428. 

  1428. 					sqlerr(__FILE__, __LINE__);

    1429. 

  1429. 				$topic = mysql_fetch_assoc($res2);

    1430. 

  1430. 				$res2 = mysql_query("SELECT name,minclassread FROM forums WHERE id=$topic[forumid]") or

    1431. 

  1431. 					sqlerr(__FILE__, __LINE__);

    1432. 

  1432. 				$forum = mysql_fetch_assoc($res2);

    1433. 

  1433. 				if ($forum["name"] == "" || $forum["minclassread"] > $CURUSER["class"])

    1434. 

  1434. 				{

    1435. 

  1435. 					--$hits;

    1436. 

  1436. 					continue;

    1437. 

  1437. 				}

    1438. 

  1438. 				$res2 = mysql_query("SELECT username FROM users WHERE id=$post[userid]") or

    1439. 

  1439. 					sqlerr(__FILE__, __LINE__);

    1440. 

  1440. 				$user = mysql_fetch_assoc($res2);

    1441. 

  1441. 				if ($user["username"] == "")

    1442. 

  1442. 					$user["username"] = "[$post[userid]]";

    1443. 

  1443. 				print("<tr><td>$post[id]</td><td align=\"left\"><a href=\"?action=viewtopic&amp;topicid=$post[topicid]&amp;page=p$post[id]#$post[id]\"><b>" . htmlspecialchars($topic["subject"]) . "</b></a></td><td align=\"left\"><a href=\"?action=viewforum&amp;forumid=$topic[forumid]\"><b>" . htmlspecialchars($forum["name"]) . "</b></a><td align=\"left\"><a href=\"userdetails?id=$post[userid]\"><b>$user[username]</b></a><br />at $post[added]</tr>\n");

    1444. 

  1444. 			}

    1445. 

  1445. 			print("</table>\n");

    1446. 

  1446. 			print("<p>$pagemenu2<br />$pagemenu1</p>");

    1447. 

  1447. 			print("<p>Found $hits post" . ($hits != 1 ? "s" : "") . ".</p>");

    1448. 

  1448. 			print("<p><b>Search again</b></p>\n");

    1449. 

  1449. 		}

    1450. 

  1450. 	}

    1451. 

  1451. 	print("<form method=\"get action=\"/forums\">\n");

    1452. 

  1452. 	print("<input type=\"hidden\" name=\"action\" value=\"search\">\n");

    1453. 

  1453. 	print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\">\n");

    1454. 

  1454. 	print("<tr><td class=\"rowhead\">Key words</td><td align=\"left\"><input type=\"text\" size=\"55\" name=\"keywords\" value=\"" . htmlspecialchars($keywords) .

    1455. 

  1455. 		 "\"><br />\n" .

    1456. 

  1456. 		"<span class=\"small\" size=\"-1\">Enter one or more words to search for.<br />Very common words and words with less than 3 characters are ignored.</span></td></tr>\n");

    1457. 

  1457. 	print("<tr><td align=\"center\" colspan=\"2\"><input type=\"submit\" value=\"Search\"></td></tr>\n");

    1458. 

  1458. 	print("</table>\n</form>\n");

    1459. 

  1459. 	stdfoot();

    1460. 

  1460. 	die;

    1461. 

  1461. }

    1462. 

  1462. 

    1463. 

  1463.   //-------- Handle unknown action

    1464. 

  1464. 

    1465. 

  1465.   if ($action != "")

    1466. 

  1466.     stderr("Forum Error", "Unknown action '$action'.");

    1467. 

  1467. 

    1468. 

  1468.   //-------- Default action: View forums

    1469. 

  1469. 

    1470. 

  1470.   if (isset($_GET["catchup"]))

    1471. 

  1471.     catch_up();

    1472. 

  1472. 

    1473. 

  1473.   //-------- Get forums

    1474. 

  1474. 

    1475. 

  1475.   $forums_res = mysql_query("SELECT * FROM forums ORDER BY sort, name") or sqlerr(__FILE__, __LINE__);

    1476. 

  1476. 

    1477. 

  1477.   stdhead("Forums");

    1478. 

  1478. 

    1479. 

  1479.   print("<h2>Forums</h2>\n");

    1480. 

  1480. 

    1481. 

  1481.   print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\">\n");

    1482. 

  1482. 

    1483. 

  1483.   print("<tr><td class=\"colhead\" align=\"left\">Forum</td><td class=\"colhead\" align=\"right\">Topics</td>" .

    1484. 

  1484.   "<td class=\"colhead\" align=\"right\">Posts</td>" .

    1485. 

  1485.   "<td class=\"colhead\" align=\"left\">Last post</td></tr>\n");

    1486. 

  1486. 

    1487. 

  1487.   while ($forums_arr = mysql_fetch_assoc($forums_res))

    1488. 

  1488.   {

    1489. 

  1489.     if (get_user_class() < $forums_arr["minclassread"])

    1490. 

  1490.       continue;

    1491. 

  1491. 

    1492. 

  1492.     $forumid = $forums_arr["id"];

    1493. 

  1493. 

    1494. 

  1494.     $forumname = htmlspecialchars($forums_arr["name"]);

    1495. 

  1495. 

    1496. 

  1496.     $forumdescription = htmlspecialchars($forums_arr["description"]);

    1497. 

  1497. 

    1498. 

  1498.     $topiccount = number_format($forums_arr["topiccount"]);

    1499. 

  1499. 

    1500. 

  1500.     $postcount = number_format($forums_arr["postcount"]);

    1501. 

  1501. 

    1502. 

  1502. /*

    1503. 

  1503.     while ($topicids_arr = mysql_fetch_assoc($topicids_res))

    1504. 

  1504.     {

    1505. 

  1505.       $topicid = $topicids_arr['id'];

    1506. 

  1506. 

    1507. 

  1507.       $postcount_res = mysql_query("SELECT COUNT(*) FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    1508. 

  1508. 

    1509. 

  1509.       $postcount_arr = mysql_fetch_row($postcount_res);

    1510. 

  1510. 

    1511. 

  1511.       $postcount += $postcount_arr[0];

    1512. 

  1512.     }

    1513. 

  1513. */

    1514. 

  1514.     $postcount = number_format($postcount);

    1515. 

  1515. 

    1516. 

  1516.     // Find last post ID

    1517. 

  1517. 

    1518. 

  1518.     $lastpostid = get_forum_last_post($forumid);

    1519. 

  1519. 

    1520. 

  1520.     // Get last post info

    1521. 

  1521. 

    1522. 

  1522.     $post_res = mysql_query("SELECT added,topicid,userid FROM posts WHERE id=$lastpostid") or sqlerr(__FILE__, __LINE__);

    1523. 

  1523. 

    1524. 

  1524.     if (mysql_num_rows($post_res) == 1)

    1525. 

  1525.     {

    1526. 

  1526.       $post_arr = mysql_fetch_assoc($post_res) or die("Bad forum last_post");

    1527. 

  1527. 

    1528. 

  1528.       $lastposterid = $post_arr["userid"];

    1529. 

  1529. 

    1530. 

  1530.       $lastpostdate = $post_arr["added"];

    1531. 

  1531. 

    1532. 

  1532.       $lasttopicid = $post_arr["topicid"];

    1533. 

  1533. 

    1534. 

  1534.       $user_res = mysql_query("SELECT username FROM users WHERE id=$lastposterid") or sqlerr(__FILE__, __LINE__);

    1535. 

  1535. 

    1536. 

  1536.       $user_arr = mysql_fetch_assoc($user_res);

    1537. 

  1537. 

    1538. 

  1538.       $lastposter = htmlspecialchars($user_arr['username']);

    1539. 

  1539. 

    1540. 

  1540.       $topic_res = mysql_query("SELECT subject FROM topics WHERE id=$lasttopicid") or sqlerr(__FILE__, __LINE__);

    1541. 

  1541. 

    1542. 

  1542.       $topic_arr = mysql_fetch_assoc($topic_res);

    1543. 

  1543. 

    1544. 

  1544.       $lasttopic = htmlspecialchars($topic_arr['subject']);

    1545. 

  1545. 

    1546. 

  1546.       $lastpost = "$lastpostdate<br />" .

    1547. 

  1547.       "by <a href=\"userdetails?id=$lastposterid\"><b>$lastposter</b></a><br />" .

    1548. 

  1548.       "in <a href=\"?action=viewtopic&amp;topicid=$lasttopicid&amp;page=p$lastpostid#$lastpostid\"><b>$lasttopic</b></a>";

    1549. 

  1549. 

    1550. 

  1550.       $r = mysql_query("SELECT lastpostread FROM readposts WHERE userid=$CURUSER[id] AND topicid=$lasttopicid") or sqlerr(__FILE__, __LINE__);

    1551. 

  1551. 

    1552. 

  1552.       $a = mysql_fetch_row($r);

    1553. 

  1553. 

    1554. 

  1554.       if ($a && $a[0] >= $lastpostid)

    1555. 

  1555.         $img = "unlocked";

    1556. 

  1556.       else

    1557. 

  1557.         $img = "unlockednew";

    1558. 

  1558.     }

    1559. 

  1559.     else

    1560. 

  1560.     {

    1561. 

  1561.       $lastpost = "N/A";

    1562. 

  1562.       $img = "unlocked";

    1563. 

  1563.     }

    1564. 

  1564.     print("<tr>

    1565. 

  1565. 	<td align=\"left\">

    1566. 

  1566. 		<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">

    1567. 

  1567. 			<tr>

    1568. 

  1568. 				<td class=\"embedded\" style=\"padding-right: 5px\">

    1569. 

  1569. 					<img src=\"images/$img.gif\" alt=\"$img\"/>

    1570. 

  1570. 				</td>

    1571. 

  1571. 				<td class=\"embedded\">

    1572. 

  1572. 					<a href=\"?action=viewforum&amp;forumid=$forumid\"><b>$forumname</b></a><br />$forumdescription

    1573. 

  1573. 				</td>

    1574. 

  1574. 			</tr>

    1575. 

  1575. 		</table>

    1576. 

  1576. 	</td>

    1577. 

  1577. 	<td align=\"right\">

    1578. 

  1578. 		$topiccount

    1579. 

  1579. 	</td>

    1580. 

  1580. <td align=\"right\">$postcount</td>" .

    1581. 

  1581.     "<td align=\"left\">$lastpost</td></tr>\n");

    1582. 

  1582.   }

    1583. 

  1583. 

    1584. 

  1584.   print("</table>\n");

    1585. 

  1585. 

    1586. 

  1586.   print("<p class=\"txtCenter\"><a href=\"?action=search\"><b>Search</b></a> | <a href=\"?action=viewunread\"><b>View unread</b></a> | <a href=\"?catchup\"><b>Catch up</b></a></p>");

    1587. 

  1587. 

    1588. 

  1588.   stdfoot();

    1589. 

  1589. ?>
    1590.