PageRenderTime 58ms CodeModel.GetById 19ms RepoModel.GetById 0ms app.codeStats 0ms

/Sources/Forums.php

https://bitbucket.org/nexea/x00n
PHP | 1410 lines | 1327 code | 29 blank | 54 comment | 75 complexity | 58d061b08f24562d471758088ed0b886 MD5 | raw file
Possible License(s): GPL-2.0

Large files files are truncated, but you can click here to view the full file

    

  1. <?php

    2. 

  2. /**********************************************************************************

    3. 

  3. * Login.php                                                                       *

    4. 

  4. ***********************************************************************************

    5. 

  5. * x00n: BitTorrent Tracker                                                        *

    6. 

  6. * Open-Source Project Inspired by NeXEA (webmaster@tylerperroux.com)              *

    7. 

  7. * =============================================================================== *

    8. 

  8. * Software Version:           x00n 1.0                                            *

    9. 

  9. * Software by:                x00n Dev Team (http://www.x00n.com/dev/)            *

    10. 

  10. * Copyright 2008-2009 by:     x00n Dev Team/NeXEA (http://www.x00n.com/           *

    11. 

  11. * Support, News, Updates at:  http://www.x00n.com                                 *

    12. 

  12. ***********************************************************************************

    13. 

  13. * This program is free software; you may redistribute it and/or modify it under   *

    14. 

  14. * the terms of the provided license as published by the GNU Foundation            *

    15. 

  15. *                                                                                 *

    16. 

  16. * This program is distributed in the hope that it is and will be useful, but      *

    17. 

  17. * WITHOUT ANY WARRANTIES; without even any implied warranty of MERCHANTABILITY    *

    18. 

  18. * or FITNESS FOR A PARTICULAR PURPOSE.                                            *

    19. 

  19. *                                                                                 *

    20. 

  20. * See the "LICENSE" file for details of the GNU General Public License.           *

    21. 

  21. * The latest version can always be found at http://www.x00n.com                   *

    22. 

  22. **********************************************************************************/

    23. 

  23. 

    24. 

  24. function loadForum(){

    25. 

  25. 	global $user_info, $domain, $HTTP_GET_VARS, $HTTP_SERVER_VARS;

    26. 

  26. 	loggedinorreturn();

    27. 

  27. 	$faction = $HTTP_GET_VARS["faction"];

    28. 

  28. 	

    29. 

  29. 	//-------- Global variables

    30. 

  30. 	$maxsubjectlength = 40;

    31. 

  31. 	$postsperpage = $user_info["postsperpage"];

    32. 

  32. 	if (!$postsperpage) $postsperpage = 25;

    33. 

  33. 	

    34. 

  34. 	//-------- Action: New topic

    35. 

  35. 	if ($faction == "newtopic")

    36. 

  36. 	{

    37. 

  37. 		$forumid = $_GET["forumid"];

    38. 

  38. 			if (!is_valid_id($forumid))

    39. 

  39. 				die;

    40. 

  40. 		stdhead("New topic");

    41. 

  41. 			begin_main_frame();

    42. 

  42. 				insert_compose_frame($forumid);

    43. 

  43. 			end_main_frame();

    44. 

  44. 		stdfoot();

    45. 

  45. 	die;

    46. 

  46. 	}

    47. 

  47. 	

    48. 

  48. 	//-------- Action: Post

    49. 

  49. 	if ($faction == "post")

    50. 

  50. 	{

    51. 

  51. 

    52. 

  52. 		$forumid = 0 + $_POST["forumid"];

    53. 

  53. 		$topicid = 0 + $_POST["topicid"];

    54. 

  54. 	

    55. 

  55. 		if (!is_valid_id($forumid) && !is_valid_id($topicid))

    56. 

  56. 			stderr("Error", "Bad forum or topic ID.");

    57. 

  57. 	

    58. 

  58. 		$newtopic = $forumid > 0;

    59. 

  59. 		$subject = $_POST["subject"];

    60. 

  60. 		if ($newtopic)

    61. 

  61. 		{

    62. 

  62. 			$subject = trim($subject);

    63. 

  63. 			if (!$subject)

    64. 

  64. 				stderr("Error", "You must enter a subject.");

    65. 

  65. 			if (strlen($subject) > $maxsubjectlength)

    66. 

  66. 				stderr("Error", "Subject is limited to $maxsubjectlength characters.");

    67. 

  67. 		}

    68. 

  68. 		else

    69. 

  69. 		{

    70. 

  70. 			$forumid = get_topic_forum($topicid) or die("Bad topic ID");

    71. 

  71. 		}

    72. 

  72. 	

    73. 

  73. 		//------ Make sure sure user has write access in forum

    74. 

  74. 		$arr = get_forum_access_levels($forumid) or die("Bad forum ID");

    75. 

  75. 		if (get_user_class() < $arr["write"] || ($newtopic && get_user_class() < $arr["create"]))

    76. 

  76. 			stderr("Error", "Permission denied.");

    77. 

  77. 		$body = trim($_POST["body"]);

    78. 

  78. 		if ($body == "")

    79. 

  79. 			stderr("Error", "No body text.");

    80. 

  80. 	

    81. 

  81. 		$userid = $user_info["id"];

    82. 

  82. 		if ($newtopic)

    83. 

  83. 		{

    84. 

  84. 			//---- Create topic

    85. 

  85. 			$subject = sqlesc($subject);

    86. 

  86. 			mysql_query("INSERT INTO topics (userid, forumid, subject) VALUES($userid, $forumid, $subject)") or sqlerr(__FILE__, __LINE__);

    87. 

  87. 			$topicid = mysql_insert_id() or stderr("Error", "No topic ID returned");

    88. 

  88. 		}

    89. 

  89. 		else

    90. 

  90. 		{

    91. 

  91. 			//---- Make sure topic exists and is unlocked

    92. 

  92. 			$res = mysql_query("SELECT * FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    93. 

  93. 			$arr = mysql_fetch_assoc($res) or die("Topic id n/a");

    94. 

  94. 			if ($arr["locked"] == 'yes' && get_user_class() < UC_MODERATOR)

    95. 

  95. 				stderr("Error", "This topic is locked.");

    96. 

  96. 			//---- Get forum ID

    97. 

  97. 			$forumid = $arr["forumid"];

    98. 

  98. 		}

    99. 

  99. 		

    100. 

  100. 		//------ Insert post

    101. 

  101. 		$added = "'" . get_date_time() . "'";

    102. 

  102. 		$body = sqlesc($body);

    103. 

  103. 		mysql_query("INSERT INTO posts (topicid, userid, added, body) " .

    104. 

  104. 		"VALUES($topicid, $userid, $added, $body)") or sqlerr(__FILE__, __LINE__);

    105. 

  105. 		$postid = mysql_insert_id() or die("Post id n/a");

    106. 

  106. 		

    107. 

  107. 		//------ Update topic last post

    108. 

  108. 		update_topic_last_post($topicid);

    109. 

  109. 	

    110. 

  110. 		//------ All done, redirect user to the post

    111. 

  111. 		$headerstr = "Location: $domain/index.php?action=forums&faction=viewtopic&topicid=$topicid&page=last";

    112. 

  112. 		if ($newtopic)

    113. 

  113. 			header($headerstr);

    114. 

  114. 		else

    115. 

  115. 			header("$headerstr#$postid");

    116. 

  116. 			die;

    117. 

  117. 	}

    118. 

  118. 	//-------- Action: View topic

    119. 

  119. 	if ($faction == "viewtopic")

    120. 

  120. 	{

    121. 

  121. 		$topicid = $_GET["topicid"];

    122. 

  122. 		$page = $_GET["page"];

    123. 

  123. 		if (!is_valid_id($topicid))

    124. 

  124. 			die;

    125. 

  125. 		$userid = $user_info["id"];

    126. 

  126. 	

    127. 

  127. 		//------ Get topic info

    128. 

  128. 		$res = mysql_query("SELECT * FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    129. 

  129. 		$arr = mysql_fetch_assoc($res) or stderr("Forum error", "Topic not found");

    130. 

  130. 		$locked = ($arr["locked"] == 'yes');

    131. 

  131. 		$subject = $arr["subject"];

    132. 

  132. 		$sticky = $arr["sticky"] == "yes";

    133. 

  133. 		$forumid = $arr["forumid"];

    134. 

  134. 		

    135. 

  135. 		//------ Update hits column

    136. 

  136. 		mysql_query("UPDATE topics SET views = views + 1 WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    137. 

  137. 		

    138. 

  138. 		//------ Get forum

    139. 

  139. 		$res = mysql_query("SELECT * FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);

    140. 

  140. 		$arr = mysql_fetch_assoc($res) or die("Forum = NULL");

    141. 

  141. 		$forum = $arr["name"];

    142. 

  142. 		if ($user_info["class"] < $arr["minclassread"])

    143. 

  143. 			stderr("Error", "You are not permitted to view this topic.");

    144. 

  144. 			

    145. 

  145. 		//------ Get post count

    146. 

  146. 		$res = mysql_query("SELECT COUNT(*) FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    147. 

  147. 		$arr = mysql_fetch_row($res);

    148. 

  148. 		$postcount = $arr[0];

    149. 

  149. 		

    150. 

  150. 		//------ Make page menu

    151. 

  151. 		$pagemenu = "<p>\n";

    152. 

  152. 		$perpage = $postsperpage;

    153. 

  153. 		$pages = ceil($postcount / $perpage);

    154. 

  154. 		if ($page[0] == "p")

    155. 

  155. 		{

    156. 

  156. 			$findpost = substr($page, 1);

    157. 

  157. 			$res = mysql_query("SELECT id FROM posts WHERE topicid=$topicid ORDER BY added") or sqlerr(__FILE__, __LINE__);

    158. 

  158. 			$i = 1;

    159. 

  159. 			while ($arr = mysql_fetch_row($res))

    160. 

  160. 			{

    161. 

  161. 				if ($arr[0] == $findpost)

    162. 

  162. 				break;

    163. 

  163. 				$i++;

    164. 

  164. 			}

    165. 

  165. 			$page = ceil($i / $perpage);

    166. 

  166. 		}

    167. 

  167. 		if ($page == "last")

    168. 

  168. 			$page = $pages;

    169. 

  169. 		else

    170. 

  170. 		{

    171. 

  171. 			if($page < 1)

    172. 

  172. 				$page = 1;

    173. 

  173. 			elseif ($page > $pages)

    174. 

  174. 				$page = $pages;

    175. 

  175. 		}

    176. 

  176. 		$offset = $page * $perpage - $perpage;

    177. 

  177. 		for ($i = 1; $i <= $pages; ++$i)

    178. 

  178. 		{

    179. 

  179. 			if ($i == $page)

    180. 

  180. 				$pagemenu .= "<span><b>$i</b></span>\n";

    181. 

  181. 			else

    182. 

  182. 				$pagemenu .= "<a href=\"index.php?action=forums&amp;faction=viewtopic&amp;topicid=$topicid&amp;page=$i\"><b>$i</b></a>\n";

    183. 

  183. 		}

    184. 

  184. 		if ($page == 1){

    185. 

  185. 			$pagemenu .= "<br /><span><b>&lt;&lt; Prev</b></span>";

    186. 

  186. 		}

    187. 

  187. 		else

    188. 

  188. 		{

    189. 

  189. 			$pagemenu .= "<br /><a href=\"?action=forums&amp;faction=viewtopic&amp;topicid=$topicid&amp;page=" . ($page - 1) . "\"><b>&lt;&lt; Prev</b></a>";

    190. 

  190. 			$pagemenu .= "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";

    191. 

  191. 		}

    192. 

  192. 		if ($page == $pages)

    193. 

  193. 		{

    194. 

  194. 			$pagemenu .= "<span><b>Next &gt;&gt;</b></span></p>\n";

    195. 

  195. 		}

    196. 

  196. 		else

    197. 

  197. 		{

    198. 

  198. 			$pagemenu .= "<a href=\"?action=forums&amp;faction=viewtopic&amp;topicid=$topicid&amp;page=" . ($page + 1) . "\"><b>Next &gt;&gt;</b></a></p>\n";

    199. 

  199. 		}

    200. 

  200. 		//------ Get posts

    201. 

  201. 		$res = mysql_query("SELECT * FROM posts WHERE topicid=$topicid ORDER BY id LIMIT $offset,$perpage") or sqlerr(__FILE__, __LINE__);

    202. 

  202. 		stdhead("View topic");

    203. 

  203. 			print("<a name=\"top\"><h1><a href=\"?action=forums&amp;faction=viewforum&amp;forumid=$forumid\">$forum</a> &gt; $subject</h1>\n");

    204. 

  204. 			print($pagemenu);

    205. 

  205. 			//------ Print table

    206. 

  206. 			begin_main_frame();

    207. 

  207. 				begin_frame();

    208. 

  208. 					$pc = mysql_num_rows($res);

    209. 

  209. 					$pn = 0;

    210. 

  210. 					$r = mysql_query("SELECT lastpostread FROM readposts WHERE userid=" . $user_info["id"] . " AND topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    211. 

  211. 					$a = mysql_fetch_row($r);

    212. 

  212. 					$lpr = $a[0];

    213. 

  213. 					if (!$lpr)

    214. 

  214. 						mysql_query("INSERT INTO readposts (userid, topicid) VALUES($userid, $topicid)") or sqlerr(__FILE__, __LINE__);

    215. 

  215. 					while ($arr = mysql_fetch_assoc($res))

    216. 

  216. 					{

    217. 

  217. 						$pn++;

    218. 

  218. 						$postid = $arr["id"];

    219. 

  219. 						$posterid = $arr["userid"];

    220. 

  220. 						$added = $arr["added"] . " GMT (" . (get_elapsed_time(sql_timestamp_to_unix_timestamp($arr["added"]))) . " ago)";

    221. 

  221. 						//---- Get poster details

    222. 

  222. 							$res2 = mysql_query("SELECT username,class,avatar,donor,title,enabled,warned FROM users WHERE id=$posterid") or sqlerr(__FILE__, __LINE__);

    223. 

  223. 						$arr2 = mysql_fetch_assoc($res2);

    224. 

  224. 						$postername = $arr2["username"];

    225. 

  225. 						if ($postername == "")

    226. 

  226. 						{

    227. 

  227. 							$by = "unknown[$posterid]";

    228. 

  228. 							$avatar = "";

    229. 

  229. 						}

    230. 

  230. 						else

    231. 

  231. 						{

    232. 

  232. 							// if ($arr2["enabled"] == "yes")

    233. 

  233. 							$avatar = ($user_info["avatars"] == "yes" ? htmlspecialchars($arr2["avatar"]) : "");

    234. 

  234. 							// else

    235. 

  235. 							// $avatar = "images/disabled_avatar.gif";

    236. 

  236. 							$title = $arr2["title"];

    237. 

  237. 							if (!$title)

    238. 

  238. 								$title = get_user_class_name($arr2["class"]);

    239. 

  239. 							$by = "<a href=\"userdetails?id=$posterid\"><b>$postername</b></a>" . ($arr2["donor"] == "yes" ? "<img src=\"".

    240. 

  240. 								"images/star.gif\" alt=\"Donor\">" : "") . ($arr2["enabled"] == "no" ? "<img src=".

    241. 

  241. 								"images/disabled.gif\" alt=\"This account is disabled\" style=\"margin-left: 2px\">" : ($arr2["warned"] == "yes" ? "<a href=rules#warning class=altlink><img src=images/warned.gif alt=\"Warned\" border=0></a>" : "")) . " ($title)";

    242. 

  242. 						}

    243. 

  243. 						if (!$avatar)

    244. 

  244. 							$avatar = "images/default_avatar.gif";

    245. 

  245. 						print("<a name=\"$postid\">\n");

    246. 

  246. 						if ($pn == $pc)

    247. 

  247. 						{

    248. 

  248. 							print("<a name=\"last\">\n");

    249. 

  249. 							if ($postid > $lpr)

    250. 

  250. 								mysql_query("UPDATE readposts SET lastpostread=$postid WHERE userid=$userid AND topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    251. 

  251. 						}

    252. 

  252. 						print("<p class=\"sub\"><table border=\"0\" cellspacing=\"0\" cellpadding=\"0\"><tr><td class=\"embedded\" width=\"99%\">#$postid by $by at $added");

    253. 

  253. 						if (!$locked || get_user_class() >= UC_MODERATOR)

    254. 

  254. 						{

    255. 

  255. 							print(" - [<a href=\"?action=forums&amp;faction=quotepost&amp;topicid=$topicid&amp;postid=$postid\"><b>Quote</b></a>]");

    256. 

  256. 						}

    257. 

  257. 						if (($user_info["id"] == $posterid && !$locked) || get_user_class() >= UC_MODERATOR){

    258. 

  258. 							print(" - [<a href=\"?action=forums&amp;faction=editpost&amp;postid=$postid\"><b>Edit</b></a>]");

    259. 

  259. 						}

    260. 

  260. 						if (get_user_class() >= UC_MODERATOR){

    261. 

  261. 							print(" - [<a href=\"?action=forums&amp;faction=deletepost&amp;postid=$postid\"><b>Delete</b></a>]");

    262. 

  262. 						}

    263. 

  263. 						print("</td><td class=\"embedded\" width=\"1%\"><a href=#top><img src=\"images/top.gif\" border=\"0\" alt=\"Top\"></a></td></tr>");

    264. 

  264. 						print("</table></p>\n");

    265. 

  265. 						

    266. 

  266. 						begin_table(true);

    267. 

  267. 						$body = format_comment($arr["body"]);

    268. 

  268. 						if (is_valid_id($arr['editedby']))

    269. 

  269. 						{

    270. 

  270. 							$res2 = mysql_query("SELECT username FROM users WHERE id=$arr[editedby]");

    271. 

  271. 							if (mysql_num_rows($res2) == 1)

    272. 

  272. 							{

    273. 

  273. 								$arr2 = mysql_fetch_assoc($res2);

    274. 

  274. 								$body .= "<p><span>Last edited by <a href=\"userdetails?id=$arr[editedby]\"><b>$arr2[username]</b></a> at $arr[editedat] GMT</span></p>\n";

    275. 

  275. 							}

    276. 

  276. 						}

    277. 

  277. 						print("<tr valign=\"top\"><td width=\"150\" align=\"center\" style=\"padding: 0px\">" .

    278. 

  278. 						($avatar ? "<img width=\"150\" src=\"$avatar\">" : ""). "</td><td class=\"comment\">$body</td></tr>\n");

    279. 

  279. 					

    280. 

  280. 						end_table();

    281. 

  281. 					}

    282. 

  282. 					//------ Mod options

    283. 

  283. 					if (get_user_class() >= UC_MODERATOR)

    284. 

  284. 					{

    285. 

  285. 						attach_frame();

    286. 

  286. 						$res = mysql_query("SELECT id,name,minclasswrite FROM forums ORDER BY name") or sqlerr(__FILE__, __LINE__);

    287. 

  287. 						print("<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n");

    288. 

  288. 						print("<form method=\"post\" action=\"?action=forums&amp;faction=setsticky\">\n");

    289. 

  289. 						print("<input type=\"hidden\" name=\"action\" value=\"forums\">\n");

    290. 

  290. 

    291. 

  291. 						print("<input type=\"hidden\" name=\"topicid\" value=\"$topicid\">\n");

    292. 

  292. 						echo "<input type=\"hidden\" name=\"returnto\" value=\"".$HTTP_SERVER_VARS['REQUEST_URI']."\">\n";

    293. 

  293. 						print("<tr><td class=\"embedded\" align=\"right\">Sticky:</td>\n");

    294. 

  294. 						print("<td class=\"embedded\"><input type=\"radio\" name=\"sticky\" value='yes' " . ($sticky ? " checked" : "") . "> Yes <input type=\"radio\" name=\"sticky\" value='no' " . (!$sticky ? " checked" : "") . "> No\n");

    295. 

  295. 						print("<input type=\"submit\" value=\"Set\"></td></tr>");

    296. 

  296. 						print("</form>\n");

    297. 

  297. 				

    298. 

  298. 						print("<form method=\"post\" action=\"?action=forums&amp;faction=setlocked\">\n");

    299. 

  299. 						echo "<input type=\"hidden\" name=\"action\" value=\"forums\">\n";

    300. 

  300. 						echo "<input type=\"hidden\" name=\"returnto\" value=\"".$HTTP_SERVER_VARS['REQUEST_URI']."\">\n";

    301. 

  301. 						print("<tr><td class=\"embedded\" align=\"right\">Locked:</td>\n");

    302. 

  302. 						print("<td class=\"embedded\"><input type=\"radio\" name=\"locked\" value='yes' " . ($locked ? " checked" : "") . "> Yes <input type=\"radio\" name=\"locked\" value='no' " . (!$locked ? " checked" : "") . "> No\n");

    303. 

  303. 						print("<input type=submit value='Set'></td></tr>");

    304. 

  304. 						print("</form>\n");

    305. 

  305. 		

    306. 

  306. 						print("<form method=\"post\" action=\"?action=forums&amp;faction=renametopic\">\n");

    307. 

  307. 						print("<input type=\"hidden\" name=\"action\" value=\"forums\">\n");

    308. 

  308. 						print("<input type=\"hidden\" name=\"topicid\" value=\"$topicid\">\n");

    309. 

  309. 						print("<input type=\"hidden\" name=\"returnto\" value=\"$domain$HTTP_SERVER_VARS[REQUEST_URI]\">\n");

    310. 

  310. 						print("<tr><td class=\"embedded\" align=\"right\">Rename topic:</td><td class=embedded><input type=text name=subject size=60 maxlength=$maxsubjectlength value=\"" . htmlspecialchars($subject) . "\">\n");

    311. 

  311. 						print("<input type=\"submit\" value=\"Okay\"></td></tr>");

    312. 

  312. 						print("</form>\n");

    313. 

  313. 						

    314. 

  314. 						print("<form method=\"post\" action=\"?action=forums&amp;faction=movetopic&amp;topicid=$topicid\">\n");

    315. 

  315. 						print("<tr><td class=\"embedded\">Move this thread to:&nbsp;</td><td class=\"embedded\"><select name=\"forumid\">");

    316. 

  316. 			

    317. 

  317. 						while ($arr = mysql_fetch_assoc($res))

    318. 

  318. 							if ($arr["id"] != $forumid && get_user_class() >= $arr["minclasswrite"])

    319. 

  319. 								print("<option value=" . $arr["id"] . ">" . $arr["name"] . "\n");

    320. 

  320. 	

    321. 

  321. 						print("</select> <input type=\"submit\" value=\"Okay\"></form></td></tr>\n");

    322. 

  322. 						print("<tr><td class=\"embedded\">Delete topic</td><td class=\"embedded\">\n");

    323. 

  323. 						print("<form method=\"get\" action=\"?action=forums\">\n");

    324. 

  324. 						print("<input type=\"hidden\" name=\"faction\" value=\"deletetopic\">\n");

    325. 

  325. 						print("<input type=\"hidden\" name=\"topicid\" value=\"$topicid\">\n");

    326. 

  326. 						print("<input type=\"hidden\" name=\"forumid\" value=\"$forumid\">\n");

    327. 

  327. 						print("<input type=\"checkbox\" name=\"sure\" value=\"1\">I'm sure\n");

    328. 

  328. 						print("<input type=\"submit\" value=\"Okay\">\n");

    329. 

  329. 						print("</form>\n");

    330. 

  330. 						print("</td></tr>\n");

    331. 

  331. 						print("</table>\n");

    332. 

  332. 					}

    333. 

  333. 				end_frame();

    334. 

  334. 			end_main_frame();

    335. 

  335. 			print($pagemenu);

    336. 

  336. 

    337. 

  337. 			if ($locked && get_user_class() < UC_MODERATOR)

    338. 

  338. 			{

    339. 

  339. 				print("<p>This topic is locked; no new posts are allowed.</p>\n");

    340. 

  340. 			}

    341. 

  341. 			else

    342. 

  342. 			{

    343. 

  343. 				$arr = get_forum_access_levels($forumid) or die;

    344. 

  344. 	

    345. 

  345. 				if (get_user_class() < $arr["write"])

    346. 

  346. 					print("<p><i>You are not permitted to post in this forum.</i></p>\n");

    347. 

  347. 				else

    348. 

  348. 					$maypost = true;

    349. 

  349. 			}

    350. 

  350. 

    351. 

  351. 			//------ "View unread" / "Add reply" buttons

    352. 

  352. 	

    353. 

  353. 			print("<p><table class=\"main\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\"><tr>\n");

    354. 

  354. 			print("<td class=\"embedded\"><form method=\"get\" action=\"?action=forum\" />\n");

    355. 

  355. 			print("<input type=\"hidden\" name=\"faction\" value=\"viewunread\" />\n");

    356. 

  356. 			print("<fieldset><input type=\"submit\" value=\"View Unread\" /></fieldset>\n");

    357. 

  357. 			print("</form></td>\n");

    358. 

  358. 			if ($maypost)

    359. 

  359. 			{

    360. 

  360. 				print("<td class=\"embedded\" style=\"padding-left: 10px\"><form method=\"get\" action=\"?action=forum\">\n");

    361. 

  361. 				print("<input type=\"hidden\" name=\"faction\" value=\"reply\">\n");

    362. 

  362. 				print("<input type=\"hidden\" name=\"topicid\" value=\"$topicid\">\n");

    363. 

  363. 				print("<input type=\"submit\" value=\"Add Reply\" class=\"btn\">\n");

    364. 

  364. 				print("</form></td>\n");

    365. 

  365. 			}

    366. 

  366. 			print("</tr></table></p>\n");

    367. 

  367. 

    368. 

  368. 			//------ Forum quick jump drop-down

    369. 

  369. 			insert_quick_jump_menu($forumid);

    370. 

  370. 		stdfoot();

    371. 

  371. 		die;

    372. 

  372. 	}

    373. 

  373. 

    374. 

  374. 	//-------- Action: Quote

    375. 

  375. 	if ($faction == "quotepost")

    376. 

  376. 	{

    377. 

  377. 		$topicid = $_GET["topicid"];

    378. 

  378. 		if (!is_valid_id($topicid))

    379. 

  379. 			stderr("Error", "Invalid topic ID $topicid.");

    380. 

  380. 		stdhead("Post reply");

    381. 

  381. 			begin_main_frame();

    382. 

  382. 				insert_compose_frame($topicid, false, true);

    383. 

  383. 			end_main_frame();

    384. 

  384. 		stdfoot();

    385. 

  385. 		die;

    386. 

  386. 	}

    387. 

  387. 	//-------- Action: Reply

    388. 

  388. 	if ($faction == "reply")

    389. 

  389. 	{

    390. 

  390. 		$topicid = $_GET["topicid"];

    391. 

  391. 		if (!is_valid_id($topicid))

    392. 

  392. 			die;

    393. 

  393. 		stdhead("Post reply");

    394. 

  394. 			begin_main_frame();

    395. 

  395. 				insert_compose_frame($topicid, false);

    396. 

  396. 			end_main_frame();

    397. 

  397. 		stdfoot();

    398. 

  398. 		die;

    399. 

  399. 	}

    400. 

  400. 	//-------- Action: Move topic

    401. 

  401. 	if ($faction == "movetopic")

    402. 

  402. 	{

    403. 

  403. 		$forumid = $_POST["forumid"];

    404. 

  404. 		$topicid = $_GET["topicid"];

    405. 

  405. 		if (!is_valid_id($forumid) || !is_valid_id($topicid) || get_user_class() < UC_MODERATOR)

    406. 

  406. 			die;

    407. 

  407. 		// Make sure topic and forum is valid

    408. 

  408. 		$res = @mysql_query("SELECT minclasswrite FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);

    409. 

  409. 		if (mysql_num_rows($res) != 1)

    410. 

  410. 			stderr("Error", "Forum not found.");

    411. 

  411. 		$arr = mysql_fetch_row($res);

    412. 

  412. 		if (get_user_class() < $arr[0])

    413. 

  413. 			die;

    414. 

  414. 		$res = @mysql_query("SELECT subject,forumid FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    415. 

  415. 		if (mysql_num_rows($res) != 1)

    416. 

  416. 			stderr("Error", "Topic not found.");

    417. 

  417. 		$arr = mysql_fetch_assoc($res);

    418. 

  418. 

    419. 

  419. 		if ($arr["forumid"] != $forumid)

    420. 

  420. 			@mysql_query("UPDATE topics SET forumid=$forumid WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    421. 

  421. 		// Redirect to forum page

    422. 

  422. 

    423. 

  423. 		header("Location: $domain/index.php?action=forums&faction=viewforum&forumid=$forumid");

    424. 

  424. 		die;

    425. 

  425. 	}

    426. 

  426. 

    427. 

  427. 	//-------- Action: Delete topic

    428. 

  428. 

    429. 

  429. 	if ($faction == "deletetopic")

    430. 

  430. 	{

    431. 

  431. 		$topicid = $_GET["topicid"];

    432. 

  432. 		$forumid = $_GET["forumid"];

    433. 

  433. 

    434. 

  434. 		if (!is_valid_id($topicid) || get_user_class() < UC_MODERATOR)

    435. 

  435. 			die;

    436. 

  436. 

    437. 

  437. 		$sure = $_GET["sure"];

    438. 

  438. 

    439. 

  439. 		if (!$sure)

    440. 

  440. 		{

    441. 

  441. 			stderr("Delete topic", "Sanity check: You are about to delete a topic. Click\n" .

    442. 

  442. 			"<a href=?action=forums&amp;faction=deletetopic&amp;topicid=$topicid&amp;sure=1>here</a> if you are sure.");

    443. 

  443. 		}

    444. 

  444. 

    445. 

  445. 		mysql_query("DELETE FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    446. 

  446. 

    447. 

  447. 		mysql_query("DELETE FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    448. 

  448. 

    449. 

  449. 		header("Location: $domain/index.php?action=forums&faction=viewforum&forumid=$forumid");

    450. 

  450. 

    451. 

  451. 		die;

    452. 

  452. 	}

    453. 

  453. 

    454. 

  454.   //-------- Action: Edit post

    455. 

  455. 

    456. 

  456.   if ($faction == "editpost")

    457. 

  457.   {

    458. 

  458.     $postid = $HTTP_GET_VARS["postid"];

    459. 

  459. 

    460. 

  460.     if (!is_valid_id($postid))

    461. 

  461.       die;

    462. 

  462. 

    463. 

  463.     $res = mysql_query("SELECT * FROM posts WHERE id=$postid") or sqlerr(__FILE__, __LINE__);

    464. 

  464. 

    465. 

  465. 		if (mysql_num_rows($res) != 1)

    466. 

  466. 			stderr("Error", "No post with ID $postid.");

    467. 

  467. 

    468. 

  468. 		$arr = mysql_fetch_assoc($res);

    469. 

  469. 

    470. 

  470.     $res2 = mysql_query("SELECT locked FROM topics WHERE id = " . $arr["topicid"]) or sqlerr(__FILE__, __LINE__);

    471. 

  471. 		$arr2 = mysql_fetch_assoc($res2);

    472. 

  472. 

    473. 

  473.  		if (mysql_num_rows($res) != 1)

    474. 

  474. 			stderr("Error", "No topic associated with post ID $postid.");

    475. 

  475. 

    476. 

  476. 		$locked = ($arr2["locked"] == 'yes');

    477. 

  477. 

    478. 

  478.     if (($user_info["id"] != $arr["userid"] || $locked) && get_user_class() < UC_MODERATOR)

    479. 

  479.       stderr("Error", "Denied!");

    480. 

  480. 

    481. 

  481.     if ($HTTP_SERVER_VARS['REQUEST_METHOD'] == 'POST')

    482. 

  482.     {

    483. 

  483.     	$body = $HTTP_POST_VARS['body'];

    484. 

  484. 

    485. 

  485.     	if ($body == "")

    486. 

  486.     	  stderr("Error", "Body cannot be empty!");

    487. 

  487. 

    488. 

  488.       $body = sqlesc($body);

    489. 

  489. 

    490. 

  490.       $editedat = sqlesc(get_date_time());

    491. 

  491. 

    492. 

  492.       mysql_query("UPDATE posts SET body = '$body', editedat = '$editedat', editedby = '$user_info[id]' WHERE id = '$postid'") or sqlerr(__FILE__, __LINE__);

    493. 

  493. 

    494. 

  494. 		$returnto = $HTTP_POST_VARS["returnto"];

    495. 

  495. 

    496. 

  496. 			if ($returnto != "")

    497. 

  497. 			{

    498. 

  498. 				$returnto .= "&amp;page=p$postid#$postid";

    499. 

  499. 				header("Location: $returnto");

    500. 

  500. 			}

    501. 

  501. 			else

    502. 

  502. 				stderr("Success", "Post was edited successfully.");

    503. 

  503.     }

    504. 

  504. 

    505. 

  505.     stdhead();

    506. 

  506. 

    507. 

  507.     print("<h1>Edit Post</h1>\n");

    508. 

  508. 

    509. 

  509.     print("<form method=\"post\" action=\"?action=forums&amp;faction=editpost&amp;postid=$postid\">\n");

    510. 

  510.     print("<input type=\"hidden\" name=\"returnto\" value=\"" . htmlspecialchars($HTTP_SERVER_VARS["HTTP_REFERER"]) . "\">\n");

    511. 

  511. 

    512. 

  512.     print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\">\n");

    513. 

  513. 

    514. 

  514.     print("<tr><td style=\"padding: 0px\"><textarea name=\"body\" cols=\"100\" rows=\"20\" style=\"border: 0px\">" . htmlspecialchars($arr["body"]) . "</textarea></td></tr>\n");

    515. 

  515. 

    516. 

  516.     print("<tr><td align=\"center\"><input type=\"submit\" value=\"Okay\" class=\"btn\"></td></tr>\n");

    517. 

  517. 

    518. 

  518.     print("</table>\n");

    519. 

  519. 

    520. 

  520.     print("</form>\n");

    521. 

  521. 

    522. 

  522.     stdfoot();

    523. 

  523. 

    524. 

  524.   	die;

    525. 

  525.   }

    526. 

  526. 

    527. 

  527.   //-------- Action: Delete post

    528. 

  528. 

    529. 

  529.   if ($faction == "deletepost")

    530. 

  530.   {

    531. 

  531.     $postid = $_GET["postid"];

    532. 

  532. 

    533. 

  533.     $sure = $_GET["sure"];

    534. 

  534. 

    535. 

  535.     if (get_user_class() < UC_MODERATOR || !is_valid_id($postid))

    536. 

  536.       die;

    537. 

  537. 

    538. 

  538.     //------- Get topic id

    539. 

  539. 

    540. 

  540.     $res = mysql_query("SELECT topicid FROM posts WHERE id=$postid") or sqlerr(__FILE__, __LINE__);

    541. 

  541. 

    542. 

  542.     $arr = mysql_fetch_row($res) or stderr("Error", "Post not found");

    543. 

  543. 

    544. 

  544.     $topicid = $arr[0];

    545. 

  545. 

    546. 

  546.     //------- We can not delete the post if it is the only one of the topic

    547. 

  547. 

    548. 

  548.     $res = mysql_query("SELECT COUNT(*) FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    549. 

  549. 

    550. 

  550.     $arr = mysql_fetch_row($res);

    551. 

  551. 

    552. 

  552.     if ($arr[0] < 2)

    553. 

  553.       stderr("Error", "Can't delete post; it is the only post of the topic. You should\n" .

    554. 

  554.       "<a href=\"?action=forums&amp;faction=deletetopic&amp;topicid=$topicid&amp;sure=1\">delete the topic</a> instead.\n");

    555. 

  555. 

    556. 

  556. 

    557. 

  557.     //------- Get the id of the last post before the one we're deleting

    558. 

  558. 

    559. 

  559.     $res = mysql_query("SELECT id FROM posts WHERE topicid=$topicid AND id < $postid ORDER BY id DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);

    560. 

  560. 		if (mysql_num_rows($res) == 0)

    561. 

  561. 			$redirtopost = "";

    562. 

  562. 		else

    563. 

  563. 		{

    564. 

  564. 			$arr = mysql_fetch_row($res);

    565. 

  565. 			$redirtopost = "&amp;page=p$arr[0]#$arr[0]";

    566. 

  566. 		}

    567. 

  567. 

    568. 

  568.     //------- Make sure we know what we do :-)

    569. 

  569. 

    570. 

  570.     if (!$sure)

    571. 

  571.     {

    572. 

  572.       stderr("Delete post", "Sanity check: You are about to delete a post. Click\n" .

    573. 

  573.       "<a href=\"?action=forums&amp;faction=deletepost&amp;postid=$postid&amp;sure=1\">here</a> if you are sure.");

    574. 

  574.     }

    575. 

  575. 

    576. 

  576.     //------- Delete post

    577. 

  577. 

    578. 

  578.     mysql_query("DELETE FROM posts WHERE id=$postid") or sqlerr(__FILE__, __LINE__);

    579. 

  579. 

    580. 

  580.     //------- Update topic

    581. 

  581. 

    582. 

  582.     update_topic_last_post($topicid);

    583. 

  583. 

    584. 

  584.     header("Location: $domain/index.php?action=forums&faction=viewtopic&amp;topicid=$topicid$redirtopost");

    585. 

  585. 

    586. 

  586.     die;

    587. 

  587.   }

    588. 

  588. 

    589. 

  589.   //-------- Action: Lock topic

    590. 

  590. 

    591. 

  591.   if ($faction == "locktopic")

    592. 

  592.   {

    593. 

  593.     $forumid = $_GET["forumid"];

    594. 

  594.     $topicid = $_GET["topicid"];

    595. 

  595.     $page = $_GET["page"];

    596. 

  596. 

    597. 

  597.     if (!is_valid_id($topicid) || get_user_class() < UC_MODERATOR)

    598. 

  598.       die;

    599. 

  599. 

    600. 

  600.     mysql_query("UPDATE topics SET locked='yes' WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    601. 

  601. 

    602. 

  602.     header("Location: $domain/index.php?action=forums&faction=viewforum&forumid=$forumid&page=$page");

    603. 

  603. 

    604. 

  604.     die;

    605. 

  605.   }

    606. 

  606. 

    607. 

  607.   //-------- Action: Unlock topic

    608. 

  608. 

    609. 

  609.   if ($faction == "unlocktopic")

    610. 

  610.   {

    611. 

  611.     $forumid = $_GET["forumid"];

    612. 

  612. 

    613. 

  613.     $topicid = $_GET["topicid"];

    614. 

  614. 

    615. 

  615.     $page = $_GET["page"];

    616. 

  616. 

    617. 

  617.     if (!is_valid_id($topicid) || get_user_class() < UC_MODERATOR)

    618. 

  618.       die;

    619. 

  619. 

    620. 

  620.     mysql_query("UPDATE topics SET locked='no' WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    621. 

  621. 

    622. 

  622.     header("Location: $domain/index.php?action=forums&faction=viewforum&forumid=$forumid&page=$page");

    623. 

  623. 

    624. 

  624.     die;

    625. 

  625.   }

    626. 

  626. 

    627. 

  627.   //-------- Action: Set locked on/off

    628. 

  628. 

    629. 

  629.   if ($faction == "setlocked")

    630. 

  630.   {

    631. 

  631.     $topicid = 0 + $HTTP_POST_VARS["topicid"];

    632. 

  632. 

    633. 

  633.     if (!$topicid || get_user_class() < UC_MODERATOR)

    634. 

  634. echo $HTTP_POST_VARS['returnto'];

    635. 

  635.       die;

    636. 

  636. 

    637. 

  637. 	$locked = sqlesc($HTTP_POST_VARS["locked"]);

    638. 

  638.     mysql_query("UPDATE topics SET locked=$locked WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    639. 

  639. 

    640. 

  640.     header("Location: $HTTP_POST_VARS[returnto]");

    641. 

  641. 

    642. 

  642.     die;

    643. 

  643. 

    644. 

  644.   }

    645. 

  645. 

    646. 

  646.   //-------- Action: Set sticky on/off

    647. 

  647. 

    648. 

  648.   if ($faction == "setsticky")

    649. 

  649.   {

    650. 

  650.     $topicid = 0 + $HTTP_POST_VARS["topicid"];

    651. 

  651. 

    652. 

  652.     if (!topicid || get_user_class() < UC_MODERATOR)

    653. 

  653.       die;

    654. 

  654. 

    655. 

  655. 	$sticky = sqlesc($HTTP_POST_VARS["sticky"]);

    656. 

  656.     mysql_query("UPDATE topics SET sticky=$sticky WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    657. 

  657. 

    658. 

  658.     header("Location: $HTTP_POST_VARS[returnto]");

    659. 

  659. 

    660. 

  660.     die;

    661. 

  661.   }

    662. 

  662. 

    663. 

  663.   //-------- Action: Rename topic

    664. 

  664. 

    665. 

  665.   if ($faction == 'renametopic')

    666. 

  666.   {

    667. 

  667.   	if (get_user_class() < UC_MODERATOR)

    668. 

  668.   	  die;

    669. 

  669. 

    670. 

  670.   	$topicid = $HTTP_POST_VARS['topicid'];

    671. 

  671. 

    672. 

  672.   	if (!is_valid_id($topicid))

    673. 

  673.   	  die;

    674. 

  674. 

    675. 

  675.   	$subject = $HTTP_POST_VARS['subject'];

    676. 

  676. 

    677. 

  677.   	if ($subject == '')

    678. 

  678.   	  stderr('Error', 'You must enter a new title!');

    679. 

  679. 

    680. 

  680.   	$subject = sqlesc($subject);

    681. 

  681. 

    682. 

  682.   	mysql_query("UPDATE topics SET subject=$subject WHERE id=$topicid") or sqlerr();

    683. 

  683. 

    684. 

  684.   	$returnto = $HTTP_POST_VARS['returnto'];

    685. 

  685. 

    686. 

  686.   	if ($returnto)

    687. 

  687.   	  header("Location: $returnto");

    688. 

  688. 

    689. 

  689.   	die;

    690. 

  690.   }

    691. 

  691. 

    692. 

  692.   //-------- Action: View forum

    693. 

  693. 

    694. 

  694.   if ($faction == "viewforum")

    695. 

  695.   {

    696. 

  696.     $forumid = $_GET["forumid"];

    697. 

  697. 

    698. 

  698.     if (!is_valid_id($forumid))

    699. 

  699.       die;

    700. 

  700. 

    701. 

  701.     $page = $_GET["page"];

    702. 

  702. 

    703. 

  703.     $userid = $user_info["id"];

    704. 

  704. 

    705. 

  705.     //------ Get forum name

    706. 

  706. 

    707. 

  707.     $res = mysql_query("SELECT name, minclassread FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);

    708. 

  708. 

    709. 

  709.     $arr = mysql_fetch_assoc($res) or die;

    710. 

  710. 

    711. 

  711.     $forumname = $arr["name"];

    712. 

  712. 

    713. 

  713.     if (get_user_class() < $arr["minclassread"])

    714. 

  714.       die("Not permitted");

    715. 

  715. 

    716. 

  716.     //------ Page links

    717. 

  717. 

    718. 

  718.     //------ Get topic count

    719. 

  719. 

    720. 

  720.     $perpage = $user_info["topicsperpage"];

    721. 

  721. 	if (!$perpage) $perpage = 20;

    722. 

  722. 

    723. 

  723.     $res = mysql_query("SELECT COUNT(*) FROM topics WHERE forumid=$forumid") or sqlerr(__FILE__, __LINE__);

    724. 

  724. 

    725. 

  725.     $arr = mysql_fetch_row($res);

    726. 

  726. 

    727. 

  727.     $num = $arr[0];

    728. 

  728. 

    729. 

  729.     if ($page == 0)

    730. 

  730.       $page = 1;

    731. 

  731. 

    732. 

  732.     $first = ($page * $perpage) - $perpage + 1;

    733. 

  733. 

    734. 

  734.     $last = $first + $perpage - 1;

    735. 

  735. 

    736. 

  736.     if ($last > $num)

    737. 

  737.       $last = $num;

    738. 

  738. 

    739. 

  739.     $pages = floor($num / $perpage);

    740. 

  740. 

    741. 

  741.     if ($perpage * $pages < $num)

    742. 

  742.       ++$pages;

    743. 

  743. 

    744. 

  744.     //------ Build menu

    745. 

  745. 

    746. 

  746.     $menu = "<p class=\"txtCenter\"><b>\n";

    747. 

  747. 

    748. 

  748.     $lastspace = false;

    749. 

  749. 

    750. 

  750.     for ($i = 1; $i <= $pages; ++$i)

    751. 

  751.     {

    752. 

  752.     	if ($i == $page)

    753. 

  753.         $menu .= "<span>$i</span>\n";

    754. 

  754. 

    755. 

  755.       elseif ($i > 3 && ($i < $pages - 2) && ($page - $i > 3 || $i - $page > 3))

    756. 

  756.     	{

    757. 

  757.     		if ($lastspace)

    758. 

  758.     		  continue;

    759. 

  759. 

    760. 

  760.   		  $menu .= "... \n";

    761. 

  761. 

    762. 

  762.      		$lastspace = true;

    763. 

  763.     	}

    764. 

  764. 

    765. 

  765.       else

    766. 

  766.       {

    767. 

  767.         $menu .= "<a href=\"?action=forums&amp;faction=viewforum&amp;forumid=$forumid&amp;page=$i\">$i</a>\n";

    768. 

  768. 

    769. 

  769.         $lastspace = false;

    770. 

  770.       }

    771. 

  771.       if ($i < $pages)

    772. 

  772.         $menu .= "</b>|<b>\n";

    773. 

  773.     }

    774. 

  774. 

    775. 

  775.     $menu .= "<br />\n";

    776. 

  776. 

    777. 

  777.     if ($page == 1)

    778. 

  778.       $menu .= "<span>&lt;&lt; Prev</span>";

    779. 

  779. 

    780. 

  780.     else

    781. 

  781.       $menu .= "<a href=\"?action=forums&amp;faction=viewforum&amp;forumid=$forumid&amp;page=" . ($page - 1) . "\">&lt;&lt; Prev</a>";

    782. 

  782. 

    783. 

  783.     $menu .= "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";

    784. 

  784. 

    785. 

  785.     if ($last == $num)

    786. 

  786.       $menu .= "<span>Next &gt;&gt;</span>";

    787. 

  787. 

    788. 

  788.     else

    789. 

  789.       $menu .= "<a href=\"?action=forums&amp;faction=viewforum&amp;forumid=$forumid&amp;page=" . ($page + 1) . "\">Next &gt;&gt;</a>";

    790. 

  790. 

    791. 

  791.     $menu .= "</b></p>\n";

    792. 

  792. 

    793. 

  793.     $offset = $first - 1;

    794. 

  794. 

    795. 

  795.     //------ Get topics data

    796. 

  796. 

    797. 

  797.     $topicsres = mysql_query("SELECT * FROM topics WHERE forumid=$forumid ORDER BY sticky, lastpost DESC LIMIT $offset,$perpage") or

    798. 

  798.       stderr("SQL Error", mysql_error());

    799. 

  799. 

    800. 

  800.     stdhead("Forum");

    801. 

  801. 

    802. 

  802.     $numtopics = mysql_num_rows($topicsres);

    803. 

  803. 

    804. 

  804.     print("<h1>$forumname</h1>\n");

    805. 

  805. 

    806. 

  806.     if ($numtopics > 0)

    807. 

  807.     {

    808. 

  808.       print($menu);

    809. 

  809. 

    810. 

  810.       print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\">");

    811. 

  811. 

    812. 

  812.       print("<tr><td class=\"colhead\" align=\"left\">Topic</td><td class=\"colhead\">Replies</td><td class=\"colhead\">Views</td>\n" .

    813. 

  813.         "<td class=\"colhead\" align=\"left\">Author</td><td class=\"colhead\" align=\"left\">Last&nbsp;post</td>\n");

    814. 

  814. 

    815. 

  815.       print("</tr>\n");

    816. 

  816. 

    817. 

  817.       while ($topicarr = mysql_fetch_assoc($topicsres))

    818. 

  818.       {

    819. 

  819.         $topicid = $topicarr["id"];

    820. 

  820. 

    821. 

  821.         $topic_userid = $topicarr["userid"];

    822. 

  822. 

    823. 

  823.         $topic_views = $topicarr["views"];

    824. 

  824. 

    825. 

  825. 		$views = number_format($topic_views);

    826. 

  826. 

    827. 

  827.         $locked = $topicarr["locked"] == "yes";

    828. 

  828. 

    829. 

  829.         $sticky = $topicarr["sticky"] == "yes";

    830. 

  830. 

    831. 

  831.         //---- Get reply count

    832. 

  832. 

    833. 

  833.         $res = mysql_query("SELECT COUNT(*) FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    834. 

  834. 

    835. 

  835.         $arr = mysql_fetch_row($res);

    836. 

  836. 

    837. 

  837.         $posts = $arr[0];

    838. 

  838. 

    839. 

  839.         $replies = max(0, $posts - 1);

    840. 

  840. 

    841. 

  841.         $tpages = floor($posts / $postsperpage);

    842. 

  842. 

    843. 

  843.         if ($tpages * $postsperpage != $posts)

    844. 

  844.           ++$tpages;

    845. 

  845. 

    846. 

  846.         if ($tpages > 1)

    847. 

  847.         {

    848. 

  848.           $topicpages = " (<img src=\"images/multipage.gif\">";

    849. 

  849. 

    850. 

  850.           for ($i = 1; $i <= $tpages; ++$i)

    851. 

  851.             $topicpages .= " <a href=\"?action=forums&amp;faction=viewtopic&amp;topicid=$topicid&amp;page=$i\">$i</a>";

    852. 

  852. 

    853. 

  853.           $topicpages .= ")";

    854. 

  854.         }

    855. 

  855.         else

    856. 

  856.           $topicpages = "";

    857. 

  857. 

    858. 

  858.         //---- Get userID and date of last post

    859. 

  859. 

    860. 

  860.         $res = mysql_query("SELECT * FROM posts WHERE topicid=$topicid ORDER BY id DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);

    861. 

  861. 

    862. 

  862.         $arr = mysql_fetch_assoc($res);

    863. 

  863. 

    864. 

  864.         $lppostid = 0 + $arr["id"];

    865. 

  865. 

    866. 

  866.         $lpuserid = 0 + $arr["userid"];

    867. 

  867. 

    868. 

  868.         $lpadded = "" . $arr["added"] . "";

    869. 

  869. 

    870. 

  870.         //------ Get name of last poster

    871. 

  871. 

    872. 

  872.         $res = mysql_query("SELECT * FROM users WHERE id=$lpuserid") or sqlerr(__FILE__, __LINE__);

    873. 

  873. 

    874. 

  874.         if (mysql_num_rows($res) == 1)

    875. 

  875.         {

    876. 

  876.           $arr = mysql_fetch_assoc($res);

    877. 

  877. 

    878. 

  878.           $lpusername = "<a href=\"userdetails?id=$lpuserid\"><b>$arr[username]</b></a>";

    879. 

  879.         }

    880. 

  880.         else

    881. 

  881.           $lpusername = "unknown[$topic_userid]";

    882. 

  882. 

    883. 

  883.         //------ Get author

    884. 

  884. 

    885. 

  885.         $res = mysql_query("SELECT username FROM users WHERE id=$topic_userid") or sqlerr(__FILE__, __LINE__);

    886. 

  886. 

    887. 

  887.         if (mysql_num_rows($res) == 1)

    888. 

  888.         {

    889. 

  889.           $arr = mysql_fetch_assoc($res);

    890. 

  890. 

    891. 

  891.           $lpauthor = "<a href=\"userdetails?id=$topic_userid\"><b>$arr[username]</b></a>";

    892. 

  892.         }

    893. 

  893.         else

    894. 

  894.           $lpauthor = "unknown[$topic_userid]";

    895. 

  895. 

    896. 

  896.         //---- Print row

    897. 

  897. 

    898. 

  898.         $r = mysql_query("SELECT lastpostread FROM readposts WHERE userid=$userid AND topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    899. 

  899. 

    900. 

  900.         $a = mysql_fetch_row($r);

    901. 

  901. 

    902. 

  902.         $new = !$a || $lppostid > $a[0];

    903. 

  903. 

    904. 

  904.         $topicpic = ($locked ? ($new ? "lockednew" : "locked") : ($new ? "unlockednew" : "unlocked"));

    905. 

  905. 

    906. 

  906.         $subject = ($sticky ? "Sticky: " : "") . "<a href=\"?action=forums&amp;faction=viewtopic&amp;topicid=$topicid\"><b>" .

    907. 

  907.         encodehtml($topicarr["subject"]) . "</b></a>$topicpages";

    908. 

  908. 

    909. 

  909.         print("<tr><td align=\"left\"><table border=\"0\" cellspacing=\"0\" cellpadding=\"0\"><tr>" .

    910. 

  910.         "<td class=\"embedded\" style=\"padding-right: 5px\"><img src=\"images/$topicpic.gif\" alt=\"$topicpic\"/>" .

    911. 

  911.         "</td><td class=\"embedded\" align=\"left\">\n" .

    912. 

  912.         "$subject</td></tr></table></td><td align=\"right\">$replies</td>\n" .

    913. 

  913.         "<td align=\"right\">$views</td><td align=\"left\">$lpauthor</td>\n" .

    914. 

  914.         "<td align=\"left\">$lpadded<br />by&nbsp;$lpusername</td>\n");

    915. 

  915. 

    916. 

  916.         print("</tr>\n");

    917. 

  917.       } // while

    918. 

  918. 

    919. 

  919.       print("</table>\n");

    920. 

  920. 

    921. 

  921.       print($menu);

    922. 

  922. 

    923. 

  923.     } // if

    924. 

  924.     else

    925. 

  925.       print("<p class=\"txtCenter\">No topics found</p>\n");

    926. 

  926. 

    927. 

  927.     print("<table class=\"main\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\"><tr valign=\"middle\">\n");

    928. 

  928. 

    929. 

  929.     print("<td class=\"embedded\"><img src=\"images/unlockednew.gif\" style=\"margin-right: 5px\" alt=\"New Posts\" /></td><td class=\"embedded\">New posts</td>\n");

    930. 

  930. 

    931. 

  931.     print("<td class=\"embedded\"><img src=\"images/locked.gif\" alt=\"Locked\" style=\"margin-left: 10px; margin-right: 5px\" />" .

    932. 

  932.     "</td><td class=\"embedded\">Locked topic</td>\n");

    933. 

  933. 

    934. 

  934.     print("</tr></table>\n");

    935. 

  935. 

    936. 

  936.     $arr = get_forum_access_levels($forumid) or die;

    937. 

  937. 

    938. 

  938.     $maypost = get_user_class() >= $arr["write"] && get_user_class() >= $arr["create"];

    939. 

  939. 

    940. 

  940.     if (!$maypost)

    941. 

  941.       print("<p><i>You are not permitted to start new topics in this forum.</i></p>\n");

    942. 

  942. 

    943. 

  943.     print("<table border=\"0\" class=\"main\" cellspacing=\"0\" cellpadding=\"0\"><tr>\n");

    944. 

  944. 

    945. 

  945.     print("<td class=\"embedded\"><form method=\"get\" action=\"?action=forums\">

    946. 

  946. 	<input type=\"hidden\" name=\"action\" value=\"forums\">

    947. 

  947. 	<input type=\"hidden\" name=\"faction\" value=\"viewunread\">

    948. 

  948. 	<input type=\"submit\" value=\"View unread\" class=\"btn\"></form></td>\n");

    949. 

  949. 

    950. 

  950.     if ($maypost)

    951. 

  951.       print("<td class=\"embedded\"><form method=\"get\" action=\"index.php?action=forum\">

    952. 

  952. 	<input type=\"hidden\" name=\"action\" value=\"forums\">

    953. 

  953. 	<input type=\"hidden\" name=\"faction\" value=\"newtopic\">

    954. 

  954. 	<input type=\"hidden\" name=\"forumid\" value=\"$forumid\">

    955. 

  955. 	<input type=\"submit\" value=\"New topic\" class=\"btn\" style=\"margin-left: 10px\"></form></td>\n");

    956. 

  956. 

    957. 

  957.     print("</tr></table>\n");

    958. 

  958. 

    959. 

  959.     insert_quick_jump_menu($forumid);

    960. 

  960. 

    961. 

  961.     stdfoot();

    962. 

  962. 

    963. 

  963.     die;

    964. 

  964.   }

    965. 

  965. 

    966. 

  966.   //-------- Action: View unread posts

    967. 

  967. 

    968. 

  968.   if ($faction == "viewunread")

    969. 

  969.   {

    970. 

  970. 

    971. 

  971.     $userid = $user_info['id'];

    972. 

  972. 

    973. 

  973.     $maxresults = 25;

    974. 

  974. 

    975. 

  975.     $res = mysql_query("SELECT id, forumid, subject, lastpost FROM topics ORDER BY lastpost") or sqlerr(__FILE__, __LINE__);

    976. 

  976. 

    977. 

  977.     stdhead();

    978. 

  978. 

    979. 

  979.     print("<h2>Topics with unread posts</h2>\n");

    980. 

  980. 

    981. 

  981.     $n = 0;

    982. 

  982. 

    983. 

  983.     $uc = get_user_class();

    984. 

  984. 

    985. 

  985.     while ($arr = mysql_fetch_assoc($res))

    986. 

  986.     {

    987. 

  987.       $topicid = $arr['id'];

    988. 

  988. 

    989. 

  989.       $forumid = $arr['forumid'];

    990. 

  990. 

    991. 

  991.       //---- Check if post is read

    992. 

  992.       $r = mysql_query("SELECT lastpostread FROM readposts WHERE userid=$userid AND topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    993. 

  993. 

    994. 

  994.       $a = mysql_fetch_row($r);

    995. 

  995. 

    996. 

  996.       if ($a && $a[0] == $arr['lastpost'])

    997. 

  997.         continue;

    998. 

  998. 

    999. 

  999.       //---- Check access & get forum name

    1000. 

  1000.       $r = mysql_query("SELECT name, minclassread FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);

    1001. 

  1001. 

    1002. 

  1002.       $a = mysql_fetch_assoc($r);

    1003. 

  1003. 

    1004. 

  1004.       if ($uc < $a['minclassread'])

    1005. 

  1005.         continue;

    1006. 

  1006. 

    1007. 

  1007.       ++$n;

    1008. 

  1008. 

    1009. 

  1009.       if ($n > $maxresults)

    1010. 

  1010.         break;

    1011. 

  1011. 

    1012. 

  1012.       $forumname = $a['name'];

    1013. 

  1013. 

    1014. 

  1014.       if ($n == 1)

    1015. 

  1015.       {

    1016. 

  1016.         ?><table border="1" cellspacing="0" cellpadding="5">

    1017. 

  1017. 

    1018. 

  1018.         <tr><td class="colhead" align="left">Topic</td><td class="colhead" align="left">Forum</td></tr>

    1019. 

  1019.       <?php

    1020. 

  1020. 	}

    1021. 

  1021. 	?>

    1022. 

  1022. 	<tr><td align="left"><table border="0" cellspacing="0" cellpadding="0"><tr><td class="embedded">

    1023. 

  1023. 	<img src="images/unlockednew.gif" style="margin-right: 5px" alt="Unlocked Topic"/></td><td class="embedded">

    1024. 

  1024. 	<a href="?action=forums&amp;faction=viewtopic&amp;topicid=<?=$topicid?>&amp;page=last#last"><b><?=htmlspecialchars($arr["subject"])?>

    1025. 

  1025. 	</b></a></td></tr></table></td><td align="left"><a href="?action=forums&amp;faction=viewforum&amp;forumid=<?=$forumid?>"><b><?=$forumname?></b></a></td></tr>

    1026. 

  1026. 	<?php

    1027. 

  1027.     }

    1028. 

  1028.     if ($n > 0)

    1029. 

  1029.     {

    1030. 

  1030.       print("</table>\n");

    1031. 

  1031. 

    1032. 

  1032.       if ($n > $maxresults)

    1033. 

  1033.         print("<p>More than $maxresults items found, displaying first $maxresults.</p>\n");

    1034. 

  1034. 

    1035. 

  1035.       print("<p><a href=\"?action=forums&amp;catchup\"><b>Catch up</b></a></p>\n");

    1036. 

  1036.     }

    1037. 

  1037.     else

    1038. 

  1038.       print("<b>Nothing found</b>");

    1039. 

  1039. 

    1040. 

  1040.     stdfoot();

    1041. 

  1041. 

    1042. 

  1042.     die;

    1043. 

  1043.   }

    1044. 

  1044. 

    1045. 

  1045. if ($faction == "search")

    1046. 

  1046. {

    1047. 

  1047. 	stdhead("Forum Search");

    1048. 

  1048. 	print("<h2>Forum Search (<span class=\"red\">BETA</span>)</h2>\n");

    1049. 

  1049. 	$keywords = trim($HTTP_GET_VARS["keywords"]);

    1050. 

  1050. 	if ($keywords != "")

    1051. 

  1051. 	{

    1052. 

  1052. 		$perpage = 50;

    1053. 

  1053. 		$page = max(1, 0 + $HTTP_GET_VARS["page"]);

    1054. 

  1054. 		$ekeywords = sqlesc($keywords);

    1055. 

  1055. 		print("<p><b>Searched for \"" . htmlspecialchars($keywords) . "\"</b></p>\n");

    1056. 

  1056. 		$res = mysql_query("SELECT COUNT(*) FROM posts WHERE MATCH (body) AGAINST ($ekeywords)") or sqlerr(__FILE__, __LINE__);

    1057. 

  1057. 		$arr = mysql_fetch_row($res);

    1058. 

  1058. 		$hits = 0 + $arr[0];

    1059. 

  1059. 		if ($hits == 0)

    1060. 

  1060. 			print("<p><b>Sorry, nothing found!</b></p>");

    1061. 

  1061. 		else

    1062. 

  1062. 		{

    1063. 

  1063. 			$pages = 0 + ceil($hits / $perpage);

    1064. 

  1064. 			if ($page > $pages) $page = $pages;

    1065. 

  1065. 			for ($i = 1; $i <= $pages; ++$i)

    1066. 

  1066. 				if ($page == $i)

    1067. 

  1067. 					$pagemenu1 .= "<span><b>$i</b></span>\n";

    1068. 

  1068. 				else

    1069. 

  1069. 					$pagemenu1 .= "<a href=\"index.php?action=forums&amp;faction=search&amp;keywords=" . htmlspecialchars($keywords) . "&amp;page=$i\"><b>$i</b></a>\n";

    1070. 

  1070. 			if ($page == 1)

    1071. 

  1071. 				$pagemenu2 = "<span><b>&lt;&lt; Prev</b></span>\n";

    1072. 

  1072. 			else

    1073. 

  1073. 				$pagemenu2 = "<a href=\"index.php?action=forums&amp;faction=search&amp;keywords=" . htmlspecialchars($keywords) . "&amp;page=" . ($page - 1) . "\"><b>&lt;&lt; Prev</b></a>\n";

    1074. 

  1074. 			$pagemenu2 .= "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\n";

    1075. 

  1075. 			if ($page == $pages)

    1076. 

  1076. 				$pagemenu2 .= "<span><b>Next &gt;&gt;</b></span>\n";

    1077. 

  1077. 			else

    1078. 

  1078. 				$pagemenu2 .= "<a href=\"index.php?action=forums&amp;faction=search&amp;keywords=" . htmlspecialchars($keywords) . "&amp;page=" . ($page + 1) . "\"><b>Next &gt;&gt;</b></a>\n";

    1079. 

  1079. 			$offset = ($page * $perpage) - $perpage;

    1080. 

  1080. 			$res = mysql_query("SELECT id, topicid,userid,added FROM posts WHERE MATCH (body) AGAINST ($ekeywords) LIMIT $offset,$perpage") or sqlerr(__FILE__, __LINE__);

    1081. 

  1081. 			$num = mysql_num_rows($res);

    1082. 

  1082. 			print("<p>$pagemenu1<br />$pagemenu2</p>");

    1083. 

  1083. 			print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\">\n");

    1084. 

  1084. 			print("<tr><td class=\"colhead\">Post</td><td class=\"colhead\" align=\"left\">Topic</td><td class=\"colhead\" align=\"left\">Forum</td><td class=\"colhead\" align=\"left\">Posted by</td></tr>\n");

    1085. 

  1085. 			for ($i = 0; $i < $num; ++$i)

    1086. 

  1086. 			{

    1087. 

  1087. 				$post = mysql_fetch_assoc($res);

    1088. 

  1088. 				$res2 = mysql_query("SELECT forumid, subject FROM topics WHERE id=$post[topicid]") or

    1089. 

  1089. 					sqlerr(__FILE__, __LINE__);

    1090. 

  1090. 				$topic = mysql_fetch_assoc($res2);

    1091. 

  1091. 				$res2 = mysql_query("SELECT name,minclassread FROM forums WHERE id=$topic[forumid]") or

    1092. 

  1092. 					sqlerr(__FILE__, __LINE__);

    1093. 

  1093. 				$forum = mysql_fetch_assoc($res2);

    1094. 

  1094. 				if ($forum["name"] == "" || $forum["minclassread"] > $user_info["class"])

    1095. 

  1095. 				{

    1096. 

  1096. 					--$hits;

    1097. 

  1097. 					continue;

    1098. 

  1098. 				}

    1099. 

  1099. 				$res2 = mysql_query("SELECT username FROM users WHERE id=$post[userid]") or

    1100. 

  1100. 					sqlerr(__FILE__, __LINE__);

    1101. 

  1101. 				$user = mysql_fetch_assoc($res2);

    1102. 

  1102. 				if ($user["username"] == "")

    1103. 

  1103. 					$user["username"] = "[$post[userid]]";

    1104. 

  1104. 				print("<tr><td>$post[id]</td><td align=\"left\"><a href=\"?action=forums&amp;faction=viewtopic&amp;topicid=$post[topicid]&amp;page=p$post[id]#$post[id]\"><b>" . htmlspecialchars($topic["subject"]) . "</b></a></td><td align=\"left\"><a href=\"?action=forums&amp;faction=viewforum&amp;forumid=$topic[forumid]\"><b>" . htmlspecialchars($forum["name"]) . "</b></a><td align=\"left\"><a href=\"userdetails?id=$post[userid]\"><b>$user[username]</b></a><br />at $post[added]</tr>\n");

    1105. 

  1105. 			}

    1106. 

  1106. 			print("</table>\n");

    1107. 

  1107. 			print("<p>$pagemenu2<br />$pagemenu1</p>");

    1108. 

  1108. 			print("<p>Found $hits post" . ($hits != 1 ? "s" : "") . ".</p>");

    1109. 

  1109. 			print("<p><b>Search again</b></p>\n");

    1110. 

  1110. 		}

    1111. 

  1111. 	}

    1112. 

  1112. 	print("<form method=\"get action=\"index.php?action=forums\">\n");

    1113. 

  1113. 	print("<input type=\"hidden\" name=\"faction\" value=\"search\">\n");

    1114. 

  1114. 	print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\">\n");

    1115. 

  1115. 	print("<tr><td class=\"rowhead\">Key words</td><td align=\"left\"><input type=\"text\" size=\"55\" name=\"keywords\" value=\"" . htmlspecialchars($keywords) .

    1116. 

  1116. 		 "\"><br />\n" .

    1117. 

  1117. 		"<span class=\"small\" size=\"-1\">Enter one or more words to search for.<br />Very common words and words with less than 3 characters are ignored.</span></td></tr>\n");

    1118. 

  1118. 	print("<tr><td align=\"center\" colspan=\"2\"><input type=\"submit\" value=\"Search\"></td></tr>\n");

    1119. 

  1119. 	print("</table>\n</form>\n");

    1120. 

  1120. 	stdfoot();

    1121. 

  1121. 	die;

    1122. 

  1122. }

    1123. 

  1123. 

    1124. 

  1124.   //-------- Handle unknown action

    1125. 

  1125. 

    1126. 

  1126.   //-------- Default action: View forums

    1127. 

  1127. 

    1128. 

  1128.   if (isset($_GET["catchup"])){

    1129. 

  1129.     catch_up();

    1130. 

  1130. 	}

    1131. 

  1131.   if ($faction != "")

    1132. 

  1132.     stderr("Forum Error", "Unknown action '$faction'.");

    1133. 

  1133. 

    1134. 

  1134. 

    1135. 

  1135.   //-------- Get forums

    1136. 

  1136. 

    1137. 

  1137.   $forums_res = mysql_query("SELECT * FROM forums ORDER BY sort, name") or sqlerr(__FILE__, __LINE__);

    1138. 

  1138. 

    1139. 

  1139.   stdhead("Forums");

    1140. 

  1140. 

    1141. 

  1141.   print("<h2>Forums</h2>\n");

    1142. 

  1142. 

    1143. 

  1143.   print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\">\n");

    1144. 

  1144. 

    1145. 

  1145.   print("<tr><td class=\"colhead\" align=\"left\">Forum</td><td class=\"colhead\" align=\"right\">Topics</td>" .

    1146. 

  1146.   "<td class=\"colhead\" align=\"right\">Posts</td>" .

    1147. 

  1147.   "<td class=\"colhead\" align=\"left\">Last post</td></tr>\n");

    1148. 

  1148. 

    1149. 

  1149.   while ($forums_arr = mysql_fetch_assoc($forums_res))

    1150. 

  1150.   {

    1151. 

  1151.     if (get_user_class() < $forums_arr["minclassread"])

    1152. 

  1152.       continue;

    1153. 

  1153. 

    1154. 

  1154.     $forumid = $forums_arr["id"];

    1155. 

  1155. 

    1156. 

  1156.     $forumname = htmlspecialchars($forums_arr["name"]);

    1157. 

  1157. 

    1158. 

  1158.     $forumdescription = htmlspecialchars($forums_arr["description"]);

    1159. 

  1159. 

    1160. 

  1160.     $topiccount = number_format($forums_arr["topiccount"]);

    1161. 

  1161. 

    1162. 

  1162.     $postcount = number_format($forums_arr["postcount"]);

    1163. 

  1163. 

    1164. 

  1164. /*

    1165. 

  1165.     while ($topicids_arr = mysql_fetch_assoc($topicids_res))

    1166. 

  1166.     {

    1167. 

  1167.       $topicid = $topicids_arr['id'];

    1168. 

  1168. 

    1169. 

  1169.       $postcount_res = mysql_query("SELECT COUNT(*) FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    1170. 

  1170. 

    1171. 

  1171.       $postcount_arr = mysql_fetch_row($postcount_res);

    1172. 

  1172. 

    1173. 

  1173.       $postcount += $postcount_arr[0];

    1174. 

  1174.     }

    1175. 

  1175. */

    1176. 

  1176.     $postcount = number_format($postcount);

    1177. 

  1177. 

    1178. 

  1178.     // Find last post ID

    1179. 

  1179. 

    1180. 

  1180.     $lastpostid = get_forum_last_post($forumid);

    1181. 

  1181. 

    1182. 

  1182.     // Get last post info

    1183. 

  1183. 

    1184. 

  1184.     $post_res = mysql_query("SELECT added,topicid,userid FROM posts WHERE id=$lastpostid") or sqlerr(__FILE__, __LINE__);

    1185. 

  1185. 

    1186. 

  1186.     if (mysql_num_rows($post_res) == 1)

    1187. 

  1187.     {

    1188. 

  1188.       $post_arr = mysql_fetch_assoc($post_res) or die("Bad forum last_post");

    1189. 

  1189. 

    1190. 

  1190.       $lastposterid = $post_arr["userid"];

    1191. 

  1191. 

    1192. 

  1192.       $lastpostdate = $post_arr["added"];

    1193. 

  1193. 

    1194. 

  1194.       $lasttopicid = $post_arr["topicid"];

    1195. 

  1195. 

    1196. 

  1196.       $user_res = mysql_query("SELECT username FROM users WHERE id=$lastposterid") or sqlerr(__FILE__, __LINE__);

    1197. 

  1197. 

    1198. 

  1198.       $user_arr = mysql_fetch_assoc($user_res);

    1199. 

  1199. 

    1200. 

  1200.       $lastposter = htmlspecialchars($user_arr['username']);

    1201. 

  1201. 

    1202. 

  1202.       $topic_res = mysql_query("SELECT subject FROM topics WHERE id=$lasttopicid") or sqlerr(__FILE__, __LINE__);

    1203. 

  1203. 

    1204. 

  1204.       $topic_arr = mysql_fetch_assoc($topic_res);

    1205. 

  1205. 

    1206. 

  1206.       $lasttopic = htmlspecialchars($topic_arr['subject']);

    1207. 

  1207. 

    1208. 

  1208.       $lastpost = "$lastpostdate<br />" .

    1209. 

  1209.       "by <a href=\"userdetails?id=$lastposterid\"><b>$lastposter</b></a><br />" .

    1210. 

  1210.       "in <a href=\"?action=forums&amp;faction=viewtopic&amp;topicid=$lasttopicid&amp;page=p$lastpostid#$lastpostid\"><b>$lasttopic</b></a>";

    1211. 

  1211.       $r = mysql_query("SELECT lastpostread FROM readposts WHERE userid=$user_info[id] AND topicid = $lasttopicid") or die(mysql_error());

    1212. 

  1212. 

    1213. 

  1213.       $a = mysql_fetch_row($r);

    1214. 

  1214. 

    1215. 

  1215.       if ($a && $a[0] >= $lastpostid)

    1216. 

  1216.         $img = "unlocked";

    1217. 

  1217.       else

    1218. 

  1218.         $img = "unlockednew";

    1219. 

  1219.     }

    1220. 

  1220.     else

    1221. 

  1221.     {

    1222. 

  1222.       $lastpost = "N/A";

    1223. 

  1223.       $img = "unlocked";

    1224. 

  1224.     }

    1225. 

  1225.     print("<tr>

    1226. 

  1226. 	<td align=\"left\">

    1227. 

  1227. 		<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">

    1228. 

  1228. 			<tr>

    1229. 

  1229. 				<td class=\"embedded\" style=\"padding-right: 5px\">

    1230. 

  1230. 					<img src=\"images/$img.gif\" alt=\"$img\"/>

    1231. 

  1231. 				</td>

    1232. 

  1232. 				<td class=\"embedded\">

    1233. 

  1233. 					<a href=\"?action=forums&amp;faction=viewforum&amp;forumid=$forumid\"><b>$forumname</b></a><br />$forumdescription

    1234. 

  1234. 				</td>

    1235. 

  1235. 			</tr>

    1236. 

  1236. 		</table>

    1237. 

  1237. 	</td>

    1238. 

  1238. 	<td align=\"right\">

    1239. 

  1239. 		$topiccount

    1240. 

  1240. 	</td>

    1241. 

  1241. <td align=\"right\">$postcount</td>" .

    1242. 

  1242.     "<td align=\"left\">$lastpost</td></tr>\n");

    1243. 

  1243.   }

    1244. 

  1244. 

    1245. 

  1245.   print("</table>\n");

    1246. 

  1246. 

    1247. 

  1247.   print("<p class=\"txtCenter\"><a href=\"?action=forums&amp;faction=search\"><b>Search</b></a> | <a href=\"?action=forums&amp;faction=viewunread\"><b>View unread</b></a> | <a href=\"index.php?action=forums&amp;catchup\"><b>Catch up</b></a></p>");

    1248. 

  1248. 

    1249. 

  1249.   stdfoot();

    1250. 

  1250. 

    1251. 

  1251. }

    1252. 

  1252. function catch_up()

    1253. 

  1253. {

    1254. 

  1254. 	/*

    1255. 

  1255. 	die("This feature is currently unavailable.");

    1256. 

  1256. 	*/

    1257. 

  1257. 	global $user_info;

    1258. 

  1258. 	$userid = $user_info["id"];

    1259. 

  1259. 	$res = mysql_query("SELECT id, lastpost FROM topics") or sqlerr(__FILE__, __LINE__);

    1260. 

  1260. 	while ($arr = mysql_fetch_assoc($res))

    1261. 

  1261. 	{

    1262. 

  1262. 		$topicid = $arr["id"];

    1263. 

  1263. 		$postid = $arr["lastpost"];

    1264. 

  1264. 		$r = mysql_query("SELECT id,lastpostread FROM readposts WHERE userid=$userid and topicid=$topicid") or sqlerr(__FILE__, __LINE__);

    1265. 

  1265. 		if (mysql_num_rows($r) == 0){

    1266. 

  1266. 			mysql_query("INSERT INTO readposts (userid, topicid, lastpostread) VALUES($userid, $topicid, $postid)") or sqlerr(__FILE__, __LINE__);

    1267. 

  1267. 		}

    1268. 

  1268. 		else

    1269. 

  1269. 		{

    1270. 

  1270. 			$a = mysql_fetch_assoc($r);

    1271. 

  1271. 			if ($a["lastpostread"] < $postid)

    1272. 

  1272. 			mysql_query("UPDATE readposts SET lastpostread=$postid WHERE id=" . $a["id"]) or sqlerr(__FILE__, __LINE__);

    1273. 

  1273. 		}

    1274. 

  1274. 	}

    1275. 

  1275. }

    1276. 

  1276. 

    1277. 

  1277. //-------- Returns the minimum read/write class levels of a forum

    1278. 

  1278. function get_forum_access_levels($forumid)

    1279. 

  1279. {

    1280. 

  1280. 	$res = mysql_query("SELECT minclassread, minclasswrite, minclasscreate FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);

    1281. 

  1281. 	if (mysql_num_rows($res) != 1)

    1282. 

  1282. 		return false;

    1283. 

  1283. 	$arr = mysql_fetch_assoc($res);

    1284. 

  1284. 	return array("read" => $arr["minclassread"], "write" => $arr["minclasswrite"], "create" => $arr["minclasscreate"]);

    1285. 

  1285. }

    1286. 

  1286. 

    1287. 

  1287. //-------- Returns the forum ID of a topic, or false on error

    1288. 

  1288. function get_topic_forum($topicid)

    1289. 

  1289. {

    1290. 

  1290. 	$res = mysql_query("SELECT forumid FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    1291. 

  1291. 	if (mysql_num_rows($res) != 1)

    1292. 

  1292. 		return false;

    1293. 

  1293. 	$arr = mysql_fetch_row($res);

    1294. 

  1294. 	return $arr[0];

    1295. 

  1295. }

    1296. 

  1296. 

    1297. 

  1297. //-------- Returns the ID of the last post of a forum

    1298. 

  1298. function update_topic_last_post($topicid)

    1299. 

  1299. {

    1300. 

  1300. 	$res = mysql_query("SELECT id FROM posts WHERE topicid=$topicid ORDER BY id DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);

    1301. 

  1301. 	$arr = mysql_fetch_row($res) or die("No post found");

    1302. 

  1302. 	$postid = $arr[0];

    1303. 

  1303. 	mysql_query("UPDATE topics SET lastpost=$postid WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

    1304. 

  1304. }

    1305. 

  1305. 

    1306. 

  1306. function get_forum_last_post($forumid)

    1307. 

  1307. {

    1308. 

  1308. 	$res = mysql_query("SELECT lastpost FROM topics WHERE forumid=$forumid ORDER BY lastpost DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);

    1309. 

  1309. 	$arr = mysql_fetch_row($res);

    1310. 

  1310. 	$postid = $arr[0];

    1311. 

  1311. 	if ($postid)

    1312. 

  1312. 	{

    1313. 

  1313. 		return $postid;

    1314. 

  1314. 	}

    1315. 

  1315. 	else

    1316. 

  1316. 	{

    1317. 

  1317. 		return 0;

    1318. 

  1318. 	}

    1319. 

  1319. }

    1320. 

  1320. //-------- Inserts a quick jump menu

    1321. 

  1321. function insert_quick_jump_menu($currentforum = 0)

    1322. 

  1322. {

    1323. 

  1323. 	print("<p class=\"txtCenter\"><form method=\"get\" action=\"?action=forums\" name=\"jump\">\n");

    1324. 

  1324. 	print("<input type=\"hidden\" name=\"faction\" value=\"viewforum\">\n");

    1325. 

  1325. 	print("Quick jump: ");

    1326. 

  1326. 	print("<select name=\"forumid\" onchange=\"if(this.options[this.selectedIndex].value != -1){ forms['jump'].submit() }\">\n");

    1327. 

  1327. 	$res = mysql_query("SELECT * FROM forums ORDER BY name") or sqlerr(__FILE__, __LINE__);

    1328. 

  1328. 	while ($arr = mysql_fetch_assoc($res))

    1329. 

  1329. 	{

    1330. 

  1330. 		if (get_user_class() >= $arr["minclassread"])

    1331. 

  1331. 			print("<option value=\"" . $arr["id"] . ($currentforum == $arr["id"] ? " selected\">" : ">") . $arr["name"] . "\n");

    1332. 

  1332. 	}

    1333. 

  1333. 	print("</select>\n");

    1334. 

  1334. 	print("<input type=\"submit\" value=\"Go!\">\n");

    1335. 

  1335. 	print("</form>\n</p>");

    1336. 

  1336. }

    1337. 

  1337. 

    1338. 

  1338. //-------- Inserts a compose frame

    1339. 

  1339. function insert_compose_frame($id, $newtopic = true, $quote = false)

    1340. 

  1340. {

    1341. 

  1341. 	global $maxsubjectlength, $user_info;

    1342. 

  1342. 	if ($newtopic)

    1343. 

  1343. 	{

    1344. 

  1344. 		$res = mysql_query("SELECT name FROM forums WHERE id=$id") or sqlerr(__FILE__, __LINE__);

    1345. 

  1345. 		$arr = mysql_fetch_assoc($res) or die("Bad forum id");

    1346. 

  1346. 		$forumname = $arr["name"];

    1347. 

  1347. 		print("<p class=\"txtCenter\">New topic in <a href=\"?action=forums&amp;faction=viewforum&amp;forumid=$id\">$forumname</a> forum</p>\n");

    1348. 

  1348. 	}

    1349. 

  1349. 	else

    1350. 

  1350. 	{

    1351. 

  1351. 		$res = mysql_query("SELECT * FROM topics WHERE id=$id") or sqlerr(__FILE__, __LINE__);

    1352. 

  1352. 		$arr = mysql_fetch_assoc($res) or stderr("Forum error", "Topic not found.");

    1353. 

  1353. 		$subject = $arr["subject"];

    1354. 

  1354. 		print("<p class=\"txtCenter\">Reply to topic: <a href=\"?action=forums&amp;faction=viewtopic&amp;topicid=$id\">$subject</a></p>");

    1355. 

  1355. 	}

    1356. 

  1356. 

    1357. 

  1357. 	begin_frame("Compose", true);

    1358. 

  1358. 		print("<form method=\"post\" action=\"?action=forums&amp;faction=post\">\n");

    1359. 

  1359. 		if ($newtopic)

    1360. 

  1360. 			print("<input type=\"hidden\" name=\"forumid\" value=\"$id\">\n");

    1361. 

  1361. 		else

    1362. 

  1362. 			print("<input type=\"hidden\" name=\"topicid\" value=\"$id\">\n");

    1363. 

  1363. 		begin_table();

    1364. 

  1364. 			if ($newtopic)

    1365. 

  1365. 				print("<tr><td class=\"rowhead\">Subject</td>" .

    1366. 

  1366. 				"<td align=\"left\" style=\"padding: 0px\"><input type=\"text\" size=\"100\" maxlength=\"$maxsubjectlength\" name=\"subject\" " .

    1367. 

  1367. 				"style=\"border: 0px; height: 19px\"></td></tr>\n");

    1368. 

  1368. 			if ($quote)

    1369. 

  1369. 			{

    1370. 

  1370. 				$postid = $_GET["postid"];

    1371. 

  1371. 				if (!is_valid_id($postid))

    1372. 

  1372. 					die;

    1373. 

  1373. 				$res = mysql_query("SELECT posts.*, users.username FROM posts JOIN users ON posts.userid = users.id WHERE posts.id=$postid") or sqlerr(__FILE__, __LINE__);

    1374. 

  1374. 				if (mysql_num_rows($res) != 1)

    1375. 

  1375. 					stderr("Error", "No post with ID $postid.");

    1376. 

  1376. 				$arr = mysql_fetch_assoc($res);

    1377. 

  1377. 			}

    1378. 

  1378. 			print("<tr><td class=\"rowhead\">Body</td><td align=\"left\" style=\"padding: 0px\">" .

    1379. 

  1379. 			"<textarea name=\"body\" cols=\"100\" rows=\"20\" style=\"border: 0px\">".

    1380. 

  1380. 			($quote?(("[quote=".htmlspecialchars($arr["username"])."]".htmlspecialchars($arr["body"])."[/quote]")):"").

    1381. 

  1381. 			"</textarea></td></tr>\n");

    1382. 

  1382. 			print("<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" class=\"btn\" value=\"Submit\"></td></tr>\n");

    1383. 

  1383. 		end_table();

    1384. 

  1384. 		print("</form>\n");

    1385. 

  1385. 		print("<p class=\"txtCenter\"><a href=\"tags\" target=\"_blank\">Tags</a> | <a href=\"smilies\" target=\"_blank\">Smilies</a></p>\n");

    1386. 

  1386. 	end_frame();

    1387. 

  1387. 	//------ Get 10 last posts if this is a reply

    1388. 

  1388. 	if (!$newtopic)

    1389. 

  1389. 	{

    1390. 

  1390. 		$postres = mysql_query("SELECT * FROM posts WHERE topicid=$id ORDER BY id DESC LIMIT 10") o
    1391.

Large files files are truncated, but you can click here to view the full file