/modules/Forum/index.php
PHP | 1567 lines | 1273 code | 265 blank | 29 comment | 346 complexity | 1d0d99a3128dc0514570fb5e26280adf MD5 | raw file
Possible License(s): GPL-3.0, BSD-3-Clause, GPL-2.0, LGPL-3.0, LGPL-2.1
Large files files are truncated, but you can click here to view the full file
- <?php
- // -------------------------------------------------------------------------//
- // Nuked-KlaN - PHP Portal //
- // http://www.nuked-klan.org //
- // -------------------------------------------------------------------------//
- // This program is free software. you can redistribute it and/or modify //
- // it under the terms of the GNU General Public License as published by //
- // the Free Software Foundation; either version 2 of the License. //
- // -------------------------------------------------------------------------//
- if (!defined("INDEX_CHECK"))
- {
- die ("<div style=\"text-align: center;\">You cannot open this page directly</div>");
- }
-
- global $nuked, $language, $user, $cookie_captcha;
- translate("modules/Forum/lang/" . $language . ".lang.php");
-
- // Inclusion syst?me Captcha
- include_once("Includes/nkCaptcha.php");
-
- // On determine si le captcha est actif ou non
- if (_NKCAPTCHA == "off") $captcha = 0;
- else if ((_NKCAPTCHA == 'auto' OR _NKCAPTCHA == 'on') && $user[1] > 0) $captcha = 0;
- else $captcha = 1;
-
-
- if (!$user)
- {
- $visiteur = 0;
- }
- else
- {
- $visiteur = $user[1];
- }
- $ModName = basename(dirname(__FILE__));
- $level_access = nivo_mod($ModName);
- if ($visiteur >= $level_access && $level_access > -1)
- {
- compteur("Forum");
-
- function index()
- {
- opentable();
- include("modules/Forum/main.php");
- closetable();
- }
-
- function edit($mess_id)
- {
- global $visiteur, $user, $nuked;
-
- opentable();
-
- if ($_REQUEST['titre'] == "" || $_REQUEST['texte'] == "" || @ctype_space($_REQUEST['titre']) || @ctype_space($_REQUEST['texte']))
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _FIELDEMPTY . "</div><br /><br />";
- $url = "index.php?file=Forum&page=post&forum_id=" . $_REQUEST['forum_id'] . "&mess_id=" . $_REQUEST['mess_id'] . "&do=edit";
- redirect($url, 2);
- closetable();
- footer();
- exit();
- }
-
- $result = mysql_query("SELECT moderateurs FROM " . FORUM_TABLE . " WHERE '" . $visiteur . "' >= level AND id = '" . $_REQUEST['forum_id'] . "'");
- list($modos) = mysql_fetch_array($result);
-
- $administrator = ($user && $modos != "" && strpos($modos, $user[0]) !== false) ? 1 : 0;
-
- if ($_REQUEST['author'] == $user[2] || $visiteur >= admin_mod("Forum") || $administrator == 1)
- {
- $date = nkDate(time());
-
- if ($_REQUEST['edit_text'] == 1)
- {
- $texte_edit = _EDITBY . " " . $user[2] . " " . _THE . " " . $date;
- $edition = ", edition = '" . $texte_edit ."'";
- }
- else
- {
- $edition = "";
- }
-
- $_REQUEST['texte'] = secu_html(html_entity_decode($_REQUEST['texte']));
- $_REQUEST['texte'] = icon($_REQUEST['texte']);
- $_REQUEST['titre'] = mysql_real_escape_string(stripslashes($_REQUEST['titre']));
- $_REQUEST['texte'] = mysql_real_escape_string(stripslashes($_REQUEST['texte']));
-
- if (!is_numeric($_REQUEST['usersig'])) $_REQUEST['usersig'] = 0;
- if (!is_numeric($_REQUEST['emailnotify'])) $_REQUEST['emailnotify'] = 0;
-
- $sql2 = mysql_query("SELECT thread_id FROM " . FORUM_MESSAGES_TABLE . " WHERE id = '" . $mess_id . "'");
- list($thread_id) = mysql_fetch_row($sql2);
-
- $sql3 = mysql_query("SELECT id FROM " . FORUM_MESSAGES_TABLE . " WHERE thread_id = '" . $thread_id . "' ORDER BY id LIMIT 0, 1");
- list($mid) = mysql_fetch_row($sql3);
-
- $sql = mysql_query("UPDATE " . FORUM_MESSAGES_TABLE . " SET titre = '" . $_REQUEST['titre'] . "', txt = '" . $_REQUEST['texte'] . "'" . $edition . ", usersig = '" . $_REQUEST['usersig'] . "', emailnotify = '" . $_REQUEST['emailnotify'] . "' WHERE id = '" . $mess_id . "'");
-
- if ($mid == $mess_id)
- {
- $upd = mysql_query("UPDATE " . FORUM_THREADS_TABLE . " SET titre = '" . $_REQUEST['titre'] . "' WHERE id = '" . $thread_id . "'");
- }
-
- $sql_page = mysql_query("SELECT id FROM " . FORUM_MESSAGES_TABLE . " WHERE thread_id = '" . $thread_id . "'");
- $nb_rep = mysql_num_rows($sql_page);
-
- if ($nb_rep > $nuked['mess_forum_page'])
- {
- $topicpages = $nb_rep / $nuked['mess_forum_page'];
- $topicpages = ceil($topicpages);
-
- $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $thread_id . "&p=" . $topicpages . "#" . $mess_id;
- }
- else
- {
- $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $thread_id . "#" . $mess_id;
- }
-
- echo "<br /><br /><div style=\"text-align: center;\">" . _MESSMODIF . "</div><br /><br />";
- }
- else
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _ZONEADMIN . "</div><br /><br />";
- $url = 'index.php?file=Forum';
- }
- redirect($url, 2);
- closetable();
- }
-
- function del($mess_id)
- {
- global $visiteur, $user, $nuked;
-
- opentable();
-
- $result = mysql_query("SELECT moderateurs FROM " . FORUM_TABLE . " WHERE '" . $visiteur . "' >= niveau AND id = '" . $_REQUEST['forum_id'] . "'");
- list($modos) = mysql_fetch_array($result);
-
- if ($user && $modos != "" && strpos($modos, $user[0]) !== false)
- {
- $administrator = 1;
- }
- else
- {
- $administrator = 0;
- }
-
- if ($visiteur >= admin_mod("Forum") || $administrator == 1)
- {
- if ($_REQUEST['confirm'] == _YES)
- {
- $sql2 = mysql_query("SELECT id, file FROM " . FORUM_MESSAGES_TABLE . " WHERE thread_id = '" . $_REQUEST['thread_id'] . "' ORDER BY id LIMIT 0, 1");
- list($mid, $filename) = mysql_fetch_row($sql2);
-
- if ($filename != "")
- {
- $path = "upload/Forum/" . $filename;
-
- if (is_file($path))
- {
- $filesys = str_replace("/", "\\", $path);
- @chmod ($path, 0775);
- @unlink($path);
- @system("del $filesys");
- }
- }
-
- if ($mid == $mess_id)
- {
- $sql_survey = mysql_query("SELECT sondage FROM " . FORUM_THREADS_TABLE . " WHERE id = '" . $_REQUEST['thread_id'] . "'");
- list($sondage) = mysql_fetch_row($sql_survey);
-
- if ($sondage == 1)
- {
- $sql_poll = mysql_query("SELECT id FROM " . FORUM_POLL_TABLE . " WHERE thread_id = '" . $_REQUEST['thread_id'] . "'");
- list($poll_id) = mysql_fetch_row($sql_poll);
-
- $sup1 = mysql_query("DELETE FROM " . FORUM_POLL_TABLE . " WHERE id = '" . $poll_id . "'");
- $sup2 = mysql_query("DELETE FROM " . FORUM_OPTIONS_TABLE . " WHERE poll_id = '" . $poll_id . "'");
- $sup3 = mysql_query("DELETE FROM " . FORUM_VOTE_TABLE . " WHERE poll_id = '" . $poll_id . "'");
- }
-
- mysql_query("DELETE FROM " . FORUM_THREADS_TABLE . " WHERE id = '" . (int) $_REQUEST['thread_id'] . "'");
- mysql_query("DELETE FROM " . FORUM_MESSAGES_TABLE . " WHERE thread_id = '" . (int) $_REQUEST['thread_id'] . "'");
-
- $url = "index.php?file=Forum&page=viewforum&forum_id=" . (int) $_REQUEST['forum_id'];
- } else {
- $url = "index.php?file=Forum&page=viewtopic&forum_id=" . (int) $_REQUEST['forum_id'] . "&thread_id=" . (int) $_REQUEST['thread_id'];
- }
-
- $sql = mysql_query("DELETE FROM " . FORUM_MESSAGES_TABLE . " WHERE id = '" . $mess_id . "'");
-
- echo "<br /><br /><div style=\"text-align: center;\">" . _MESSDELETED . "</div><br /><br />";
- redirect($url, 2);
- }
-
- else if ($_REQUEST['confirm'] == _NO)
- {
- $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
- echo "<br /><br /><div style=\"text-align: center;\">" . _DELCANCEL . "</div><br /><br />";
- redirect($url, 2);
- }
-
- else
- {
- echo "<form method=\"post\" action=\"index.php?file=Forum&op=del\">\n"
- . "<div style=\"text-align: center;\"><br /><br />" . _CONFIRMDELMESS . "<br />\n"
- . "<input type=\"hidden\" name=\"forum_id\" value=\"" . $_REQUEST['forum_id'] . "\" />\n"
- . "<input type=\"hidden\" name=\"thread_id\" value=\"" . $_REQUEST['thread_id'] . "\" />\n"
- . "<input type=\"hidden\" name=\"mess_id\" value=\"" . $mess_id . "\" />\n"
- . "<input type=\"submit\" name=\"confirm\" value=\"" . _YES . "\" />"
- . " <input type=\"submit\" name=\"confirm\" value=\"" . _NO . "\" /></div></form><br />\n";
- }
- }
- else
- {
- $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
- echo "<br /><br /><div style=\"text-align: center;\">" . _ZONEADMIN . "</div><br /><br />";
- redirect($url, 2);
- }
-
- closetable();
- }
-
- function del_topic($thread_id)
- {
- global $visiteur, $user, $nuked;
-
- opentable();
-
- $result = mysql_query("SELECT moderateurs FROM " . FORUM_TABLE . " WHERE '" . $visiteur . "' >= niveau AND id = '" . $_REQUEST['forum_id'] . "'");
- list($modos) = mysql_fetch_array($result);
-
- if ($user && $modos != "" && strpos($modos, $user[0]) !== false)
- {
- $administrator = 1;
- }
- else
- {
- $administrator = 0;
- }
-
- if ($visiteur >= admin_mod("Forum") || $administrator == 1)
- {
- if ($_REQUEST['confirm'] == _YES)
- {
- $sql = mysql_query("SELECT sondage FROM " . FORUM_THREADS_TABLE . " WHERE id = '" . $thread_id . "'");
- list($sondage) = mysql_fetch_row($sql);
-
- if ($sondage == 1)
- {
- $sql_poll = mysql_query("SELECT id FROM " . FORUM_POLL_TABLE . " WHERE thread_id = '" . $thread_id . "'");
- list($poll_id) = mysql_fetch_row($sql_poll);
-
- $sup1 = mysql_query("DELETE FROM " . FORUM_POLL_TABLE . " WHERE id = '" . $poll_id . "'");
- $sup2 = mysql_query("DELETE FROM " . FORUM_OPTIONS_TABLE . " WHERE poll_id = '" . $poll_id . "'");
- $sup3 = mysql_query("DELETE FROM " . FORUM_VOTE_TABLE . " WHERE poll_id = '" . $poll_id . "'");
- }
-
- $sql2 = mysql_query("SELECT file FROM " . FORUM_MESSAGES_TABLE . " WHERE thread_id = '" . $thread_id . "'");
- while (list($filename) = mysql_fetch_row($sql2))
- {
- if ($filename != "")
- {
- $path = "upload/Forum/" . $filename;
- if (is_file($path))
- {
- $filesys = str_replace("/", "\\", $path);
- @chmod ($path, 0775);
- @unlink($path);
- @system("del $filesys");
- }
- }
- }
-
- mysql_query("DELETE FROM " . FORUM_MESSAGES_TABLE . " WHERE thread_id = '" . $thread_id . "' AND forum_id = '" . (int) $_REQUEST['forum_id'] . "'");
- mysql_query("DELETE FROM " . FORUM_THREADS_TABLE . " WHERE id = '" . $thread_id . "' AND forum_id = '" . (int) $_REQUEST['forum_id'] . "'");
-
- $url = "index.php?file=Forum&page=viewforum&forum_id=" . $_REQUEST['forum_id'];
- echo "<br /><br /><div style=\"text-align: center;\">" . _TOPICDELETED . "</div><br /><br />";
- redirect($url, 2);
- }
-
- else if ($_REQUEST['confirm'] == _NO)
- {
- $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $thread_id;
- echo "<br /><br /><div style=\"text-align: center;\">" . _DELCANCEL . "</div><br /><br />";
- redirect($url, 2);
- }
-
- else
- {
- echo "<form method=\"post\" action=\"index.php?file=Forum&op=del_topic\">\n"
- . "<div style=\"text-align: center;\"><br /><br />" . _CONFIRMDELTOPIC . "<br />\n"
- . "<input type=\"hidden\" name=\"forum_id\" value=\"" . $_REQUEST['forum_id'] . "\" />\n"
- . "<input type=\"hidden\" name=\"thread_id\" value=\"" . $thread_id . "\" />\n"
- . "<input type=\"submit\" name=\"confirm\" value=\"" . _YES . "\" />"
- . " <input type=\"submit\" name=\"confirm\" value=\"" . _NO . "\" /></div></form><br />\n";
- }
-
- }
- else
- {
- $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $thread_id;
- echo "<br /><br /><div style=\"text-align: center;\">" . _ZONEADMIN . "</div><br /><br />";
- redirect($url, 2);
- }
-
- closetable();
- }
-
- function move()
- {
- global $visiteur, $user, $nuked;
-
- opentable();
-
- $result = mysql_query("SELECT moderateurs FROM " . FORUM_TABLE . " WHERE '" . $visiteur . "' >= niveau AND id = '" . $_REQUEST['forum_id'] . "'");
- list($modos) = mysql_fetch_array($result);
-
- if ($user && $modos != "" && strpos($modos, $user[0]) !== false)
- {
- $administrator = 1;
- }
- else
- {
- $administrator = 0;
- }
-
- if ($visiteur >= admin_mod("Forum") || $administrator == 1)
- {
- if ($_REQUEST['confirm'] == _YES && $_REQUEST['newforum'] != "")
- {
- echo"<br /><br /><div style=\"text-align: center;\">" . _TOPICMOVED . "</div><br /><br />";
-
- mysql_query("UPDATE " . FORUM_THREADS_TABLE . " SET forum_id = '" . $_REQUEST['newforum'] . "' WHERE id = '" . (int) $_REQUEST['thread_id'] . "'");
- mysql_query("UPDATE " . FORUM_MESSAGES_TABLE . " SET forum_id = '" . $_REQUEST['newforum'] . "' WHERE thread_id = '" . (int) $_REQUEST['thread_id'] . "'");
- $SQL = "SELECT thread_id, forum_id, user_id FROM " . FORUM_READ_TABLE . " WHERE forum_id LIKE '%," . $_REQUEST['forum_id'] . ",%' OR forum_id LIKE '%," . $_REQUEST['newforum'] . ",%' ";
- $req = mysql_query($SQL);
- $update = '';
- // Liste des utilisateurs
- $userTMP = array();
- while ($data = mysql_fetch_assoc($req)) {
- $userTMP[$data['user_id']] = array('forum_id' => $data['forum_id'], 'thread_id' => $data['thread_id']);
- }
- // Vieux forum
- $oldTMP = array();
- // Liste des threads de l'ancien forum
- $SQL = "SELECT id FROM " . FORUM_THREADS_TABLE . " WHERE forum_id = " . (int) $_REQUEST['forum_id'] . " ";
- $req = mysql_query($SQL);
- // On vérifie que tous les threads sont lus
- while ($data = mysql_fetch_assoc($req)) {
- $oldTMP[$data['id']] = $data['id'];
- }
- // Nouveau forum
- $newTMP = array();
- // Liste des threads du nouveau forum
- $SQL = "SELECT id FROM " . FORUM_THREADS_TABLE . " WHERE forum_id = " . (int) $_REQUEST['newforum'] . " ";
- $req = mysql_query($SQL);
- // On vérifie que tous les threads sont lus
- while ($data = mysql_fetch_assoc($req)) {
- $newTMP[$data['id']] = $data['id'];
- }
-
- // On boucle les users
- foreach ($userTMP as $key => $member) {
- // On part du fait que tout les posts sont lu
- $read = true;
- foreach ($oldTMP as $old) {
- // Si au moins un post n'est pas lu
- if (strrpos($member['thread_id'], ',' . $old . ',') === false)
- $read = false;
- }
-
- // Si ils sont tous lu, et que le forum est pas dans la liste on le rajoute
- if ($read === true && strrpos($member['forum_id'], ',' . $_REQUEST['forum_id'] . ',') === false) {
- // Nouvelle liste des forums
- $fid = $member['forum_id'] . $_REQUEST['forum_id'] . ',';
- // Si aucun update n'a eu lieu avant
- $update .= (!empty($update) ? ', ':'');
- $update .= "('" . $fid . "', '" . $key . "')";
- }
-
- // On part du fait que tout les posts sont lu
- $read = true;
- foreach($newTMP as $new){
- // Si au moins un post n'est pas lu
- if (strrpos($member['thread_id'], ',' . $new . ',') === false)
- $read = false;
- }
-
- // Si tout n'est pas lu, et que le forum est présent dans la liste on le retire
- if ($read === false && strrpos($fid, ',' . $_REQUEST['newforum'] . ',') !== false) {
- // Nouvelle liste des forums
- $fid = preg_replace("#," . $_REQUEST['newforum'] . ",#is", ",", $fid);
- // Si aucun n'update n'a eu lieu avant
- $update .= (!empty($update) ? ', ':'');
- $update .= "('" . $fid . "', '" . $key . "')";
- }
-
- }
-
- if(!empty($update)){
- $update = "INSERT INTO `" . FORUM_READ_TABLE . "` (forum_id, user_id) VALUES $update ON DUPLICATE KEY UPDATE forum_id=VALUES(forum_id);";
- mysql_query($update) or die(mysql_error());
- }
-
- $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['newforum'] . "&thread_id=" . (int) $_REQUEST['thread_id'];
- redirect($url, 2);
- } else if ($_REQUEST['confirm'] == _NO) {
- echo "<br /><br /><div style=\"text-align: center;\">" . _DELCANCEL . "</div><br /><br />";
-
- $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
- redirect($url, 2);
- }
-
- else
- {
- echo "<form action=\"index.php?file=Forum&op=move\" method=\"post\">\n"
- . "<div style=\"text-align: center;\"><br /><br />" . _MOVETOPIC . " : <select name=\"newforum\">\n";
-
- $sql_cat = mysql_query("SELECT id, nom FROM " . FORUM_CAT_TABLE . " WHERE '" . $visiteur . "' >= niveau ORDER BY ordre, nom");
- while (list($cat, $cat_name) = mysql_fetch_row($sql_cat))
- {
- $cat_name = printSecuTags($cat_name);
-
- echo "<option value=\"\">* " . $cat_name . "</option>\n";
-
- $sql_forum = mysql_query("SELECT nom, id FROM " . FORUM_TABLE . " WHERE cat = '" . $cat . "' AND '" . $visiteur . "' >= niveau ORDER BY ordre, nom");
- while (list($forum_name, $fid) = mysql_fetch_row($sql_forum))
- {
- $forum_name = printSecuTags($forum_name);
-
- echo "<option value=\"" . $fid . "\"> " . $forum_name . "</option>\n";
- }
- }
-
- echo "</select><br /><br /><input type=\"submit\" name=\"confirm\" value=\"" . _YES . "\" />"
- . " <input type=\"submit\" name=\"confirm\" value=\"" . _NO . "\" />\n"
- . "<input type=\"hidden\" name=\"forum_id\" value=\"".$_REQUEST['forum_id']."\" />\n"
- . "<input type=\"hidden\" name=\"thread_id\" value=\"".$_REQUEST['thread_id']."\" /></div></form><br />\n";
- }
- }
- else
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _ZONEADMIN . "</div><br /><br />";
- $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
- redirect($url, 2);
- }
-
- closetable();
- }
-
- function lock()
- {
- global $visiteur, $user, $nuked;
-
- opentable();
-
- $result = mysql_query("SELECT moderateurs FROM " . FORUM_TABLE . " WHERE '" . $visiteur . "' >= niveau AND id = '" . $_REQUEST['forum_id'] . "'");
- list($modos) = mysql_fetch_array($result);
-
- if ($user && $modos != "" && strpos($modos, $user[0]) !== false)
- {
- $administrator = 1;
- }
- else
- {
- $administrator = 0;
- }
-
- if ($_REQUEST['do'] == "close")
- {
- $lock_text = _TOPICLOCKED;
- $lock_type = 1;
- }
-
- else if ($_REQUEST['do'] == "open")
- {
- $lock_text = _TOPICUNLOCKED;
- $lock_type = 0;
- }
-
- if ($visiteur >= admin_mod("Forum") || $administrator == 1)
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . $lock_text . "</div><br /><br />";
-
- $sql = mysql_query("UPDATE " . FORUM_THREADS_TABLE . " SET closed = '" . $lock_type . "' WHERE id = '" . $_REQUEST['thread_id'] . "'");
-
- $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
- redirect($url, 2);
- }
- else
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _ZONEADMIN . "</div><br /><br />";
-
- $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
- redirect($url, 2);
- }
-
- closetable();
- }
-
- function announce()
- {
- global $visiteur, $user, $nuked;
-
- opentable();
-
- $result = mysql_query("SELECT moderateurs FROM " . FORUM_TABLE . " WHERE '" . $visiteur . "' >= niveau AND id = '" . $_REQUEST['forum_id'] . "'");
- list($modos) = mysql_fetch_array($result);
-
- if ($user && $modos != "" && strpos($modos, $user[0]) !== false)
- {
- $administrator = 1;
- }
- else
- {
- $administrator = 0;
- }
-
- if ($_REQUEST['do'] == "up")
- {
- $announce = 1;
- }
- else if ($_REQUEST['do'] == "down")
- {
- $announce = 0;
- }
-
- if ($visiteur >= admin_mod("Forum") || $administrator == 1)
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _TOPICMODIFIED . "</div><br /><br />";
-
- $sql = mysql_query("UPDATE " . FORUM_THREADS_TABLE . " SET annonce = '" . $announce . "' WHERE id = '" . $_REQUEST['thread_id'] . "'");
-
- $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
- redirect($url, 2);
- }
- else
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _ZONEADMIN . "</div><br /><br />";
-
- $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
- redirect($url, 2);
- }
-
- closetable();
- }
-
- function reply()
- {
- global $user, $nuked, $captcha,$visiteur,$user_ip, $bgcolor3;
-
- opentable();
-
- if ($captcha == 1 && !ValidCaptchaCode($_REQUEST['code_confirm']))
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _BADCODECONFIRM . "<br /><br /><a href=\"javascript:history.back()\">[ <b>" . _BACK . "</b> ]</a></div><br /><br />";
- closetable();
- footer();
- exit();
- }
-
- if ($_REQUEST['auteur'] == "" || $_REQUEST['titre'] == "" || $_REQUEST['texte'] == "" || @ctype_space($_REQUEST['titre']) || @ctype_space($_REQUEST['texte']))
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _FIELDEMPTY . "<br /><br /><a href=\"javascript:history.back()\">[ <b>" . _BACK . "</b> ]</a></div><br /><br />";
- closetable();
- footer();
- exit();
- }
-
- $result = mysql_query("SELECT moderateurs FROM " . FORUM_TABLE . " WHERE '" . $visiteur . "' >= niveau AND id = '" . $_REQUEST['forum_id'] . "'");
- list($modos) = mysql_fetch_array($result);
-
- if ($user && $modos != "" && strpos($modos, $user[0]) !== false)
- {
- $administrator = 1;
- }
- else
- {
- $administrator = 0;
- }
-
- $lock = mysql_query("SELECT closed FROM " . FORUM_THREADS_TABLE . " WHERE forum_id = '" . $_REQUEST['forum_id'] . "' AND id = '" . $_REQUEST['thread_id'] . "'");
- list($closed) = mysql_fetch_array($lock);
-
- $forum = mysql_query("SELECT FT.level FROM " . FORUM_TABLE . " AS FT INNER JOIN " . FORUM_THREADS_TABLE . " AS FTT ON FT.id = FTT.forum_id WHERE FTT.id = '" . $_REQUEST['thread_id'] . "'");
- list($level) = mysql_fetch_array($forum);
-
- if ($visiteur >= admin_mod("Forum") || $administrator == 1)
- {
- $auth = 1;
- }
- else if ($closed > 0 || $level > $visiteur)
- {
- $auth = 0;
- }
-
- if ($auth == "0")
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _ZONEADMIN . "</div><br /><br />";
-
- $url = "index.php?file=Forum&page=post&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
- redirect($url, 2);
- closetable();
- footer();
- exit();
- }
-
- if ($user[2] != "")
- {
- $autor = $user[2];
- $auteur_id = $user[0];
- }
- else
- {
- $_REQUEST['auteur'] = htmlentities($_REQUEST['auteur'], ENT_QUOTES);
- $_REQUEST['auteur'] = verif_pseudo($_REQUEST['auteur']);
-
- if ($_REQUEST['auteur'] == "error1")
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _PSEUDOFAILDED . "<br /><br /><a href=\"javascript:history.back()\">[ <b>" . _BACK . "</b> ]</a></div><br /><br />";
- closetable();
- footer();
- exit();
- }
- else if ($_REQUEST['auteur'] == "error2")
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _RESERVNICK . "<br /><br /><a href=\"javascript:history.back()\">[ <b>" . _BACK . "</b> ]</a></div><br /><br />";
- closetable();
- footer();
- exit();
- }
- else if ($_REQUEST['auteur'] == "error3")
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _BANNEDNICK . "<br /><br /><a href=\"javascript:history.back()\">[ <b>" . _BACK . "</b> ]</a></div><br /><br />";
- closetable();
- footer();
- exit();
- }
- else
- {
- $autor = $_REQUEST['auteur'];
- }
-
- }
-
- $flood = mysql_query("SELECT date FROM " . FORUM_MESSAGES_TABLE . " WHERE auteur = '" . $autor . "' OR auteur_ip = '" . $user_ip . "' ORDER BY date DESC LIMIT 0, 1");
- list($flood_date) = mysql_fetch_row($flood);
- $anti_flood = $flood_date + $nuked['post_flood'];
-
- $date = time();
-
- if ($date < $anti_flood && $visiteur < admin_mod("Forum"))
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _NOFLOOD . "</div><br /><br />";
- $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
- redirect($url, 2);
- closetable();
- footer();
- exit();
- }
-
- $_REQUEST['texte'] = secu_html(html_entity_decode($_REQUEST['texte']));
- $_REQUEST['texte'] = icon($_REQUEST['texte']);
- $_REQUEST['titre'] = mysql_real_escape_string(stripslashes($_REQUEST['titre']));
- $_REQUEST['texte'] = mysql_real_escape_string(stripslashes($_REQUEST['texte']));
- $_REQUEST['texte'] = str_replace('<blockquote>', '<blockquote style="border: 1px dashed ' . $bgcolor3 . '; background: #FFF; color: #000; padding: 5px"><strong>' . _QUOTE . ' :</strong><br />', $_REQUEST['texte']);
-
- $autor = mysql_real_escape_string(stripslashes($autor));
-
- if (!is_numeric($_REQUEST['usersig'])) $_REQUEST['usersig'] = 0;
- if (!is_numeric($_REQUEST['emailnotify'])) $_REQUEST['emailnotify'] = 0;
-
- $filename = $_FILES['fichiernom']['name'];
- $filesize = $_FILES['fichiernom']['size'] / 1000;
-
- if ($visiteur >= $nuked['forum_file_level'] && $filename != "" && $nuked['forum_file'] == "on" && $nuked['forum_file_maxsize'] >= $filesize)
- {
- if (!preg_match("`\.php`i", $filename) && !preg_match("`\.htm`i", $filename) && !preg_match("`\.[a-z]htm`i", $filename) && $filename != ".htaccess")
- {
- $url_file = "upload/Forum/" . $filename;
- move_uploaded_file($_FILES['fichiernom']['tmp_name'], $url_file) or die ("<br /><br /><div style=\"text-align: center;\"><big><b>" . _UPLOADFAILED . "</b></big></div><br /><br />");
- @chmod ($url_file, 0644);
- }
- }
- else
- {
- $url_file = "";
- }
-
-
- mysql_query("UPDATE " . FORUM_THREADS_TABLE . " SET last_post = '" . $date . "' WHERE id = '" . (int) $_REQUEST['thread_id'] . "'");
- $SQL = "SELECT thread_id, forum_id, user_id FROM " . FORUM_READ_TABLE . " WHERE thread_id LIKE '%," . (int) $_REQUEST['thread_id'] . ",%' OR forum_id LIKE '%," . (int) $_REQUEST['forum_id'] . ",%' ";
- $req = mysql_query($SQL);
- $update = "";
- while ($results = mysql_fetch_assoc($req)) {
- $tid = $results['thread_id'];
- $fid = $results['forum_id'];
- if (strrpos($fid, ',' . $_REQUEST['forum_id'] . ',') !== false) {
- $fid = preg_replace("#," . $_REQUEST['forum_id'] . ",#is", ",", $fid);
- }
- if (strrpos($tid, ',' . $_REQUEST['thread_id'] . ',') !== false) {
- $tid = preg_replace("#," . $_REQUEST['thread_id'] . ",#is", ",", $tid);
- }
- $update .= (!empty($update) ? ', ':'');
- $update .= "('" . $fid . "', '" . $tid ."', '" . $results['user_id'] . "')";
- }
- if(!empty($update)){
- $update = "INSERT INTO `" . FORUM_READ_TABLE . "` (forum_id, thread_id, user_id) VALUES $update ON DUPLICATE KEY UPDATE forum_id=VALUES(forum_id), thread_id=VALUES(thread_id);";
- mysql_query($update) or die(mysql_error());
- }
-
- mysql_query("INSERT INTO " . FORUM_MESSAGES_TABLE . " ( `id` , `titre` , `txt` , `date` , `edition` , `auteur` , `auteur_id` , `auteur_ip` , `usersig` , `emailnotify` , `thread_id` , `forum_id` , `file` ) VALUES ( '' , '" . $_REQUEST['titre'] . "' , '" . $_REQUEST['texte'] . "' , '" . $date . "' , '' , '" . $autor . "' , '" . $auteur_id . "' , '" . $user_ip . "' , '" . $_REQUEST['usersig'] . "' , '" . $_REQUEST['emailnotify'] . "' , '" . (int) $_REQUEST['thread_id'] . "' , '" . (int) $_REQUEST['forum_id'] . "' , '" . $filename . "' )");
-
- $notify = mysql_query("SELECT auteur_id FROM " . FORUM_MESSAGES_TABLE . " WHERE thread_id = '" . (int) $_REQUEST['thread_id'] . "' AND emailnotify = 1 GROUP BY auteur_id");
- $nbusers = mysql_num_rows($notify);
-
- if ($nbusers > 0)
- {
- while (list($usermail) = mysql_fetch_row($notify))
- {
- if($usermail != $auteur_id)
- {
- $getmail = mysql_query("SELECT mail FROM " . USER_TABLE . " WHERE id = '" . $usermail . "'");
- list($email) = mysql_fetch_row($getmail);
- $subject = _MESSAGE . " : " . $_REQUEST['titre'];
- $corps = _EMAILNOTIFYMAIL . "\r\n" . $nuked['url'] . "/index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'] . "\r\n\r\n\r\n" . $nuked['name'] . " - " . $nuked['slogan'];
- $from = "From: " . $nuked['name'] . " <" . $nuked['mail'] . ">\r\nReply-To: " . $nuked['mail'];
-
- $subject = @html_entity_decode($subject);
- $corps = @html_entity_decode($corps);
- $from = @html_entity_decode($from);
-
- mail($email, $subject, $corps, $from);
- }
- }
- }
-
- if ($user)
- {
- $sql_count = mysql_query("SELECT count FROM " . USER_TABLE . " WHERE id = '" . $user[0] . "'");
- list($count) = mysql_fetch_row($sql_count);
- $newcount = $count + 1;
- $upd = mysql_query("UPDATE " . USER_TABLE . " SET count = '" . $newcount . "' WHERE id = '" . $user[0] . "'");
- }
-
- $sql_page = mysql_query("SELECT id FROM " . FORUM_MESSAGES_TABLE . " WHERE thread_id = '" . $_REQUEST['thread_id'] . "'");
- list($mess_id) = mysql_fetch_row($sql_page);
- $nb_rep = mysql_num_rows($sql_page);
-
- if ($nb_rep > $nuked['mess_forum_page'])
- {
- $topicpages = $nb_rep / $nuked['mess_forum_page'];
- $topicpages = ceil($topicpages);
- $link_post = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'] . "&p=" . $topicpages . "#" . $mess_id;
- }
- else
- {
- $link_post = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'] . "#" . $mess_id;
- }
-
- echo "<br /><br /><div style=\"text-align: center;\">" . _MESSAGESEND . "</div><br /><br />";
- redirect($link_post, 2);
- closetable();
- }
-
- function post()
- {
- global $user, $nuked,$captcha,$user_ip, $visiteur, $bgcolor3;
-
- opentable();
-
- if ($captcha == 1 && !ValidCaptchaCode($_REQUEST['code_confirm']))
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _BADCODECONFIRM . "<br /><br /><a href=\"javascript:history.back()\">[ <b>" . _BACK . "</b> ]</a></div><br /><br />";
- closetable();
- footer();
- exit();
- }
-
- if ($_REQUEST['auteur'] == "" || $_REQUEST['titre'] == "" || $_REQUEST['texte'] == "" || @ctype_space($_REQUEST['titre']) || @ctype_space($_REQUEST['texte']))
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _FIELDEMPTY . "</div><br /><br />";
- $url = "index.php?file=Forum&page=post&forum_id=" . $_REQUEST['forum_id'];
- redirect($url, 2);
- closetable();
- footer();
- exit();
- }
-
- $forum = mysql_query("SELECT level, level_poll FROM " . FORUM_TABLE . " WHERE id = '" . $_REQUEST['forum_id'] . "'");
- list($level, $level_poll) = mysql_fetch_array($forum);
-
- if ($level > $visiteur)
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _ZONEADMIN . "</div><br /><br />";
- $url = "index.php?file=Forum&page=post&forum_id=" . $_REQUEST['forum_id'];
- redirect($url, 2);
- closetable();
- footer();
- exit();
- }
-
- if ($user[2] != "")
- {
- $autor = $user[2];
- $auteur_id = $user[0];
- }
- else
- {
- $_REQUEST['auteur'] = htmlentities($_REQUEST['auteur'], ENT_QUOTES);
- $_REQUEST['auteur'] = verif_pseudo($_REQUEST['auteur']);
-
- if ($_REQUEST['auteur'] == "error1")
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _PSEUDOFAILDED . "</div><br /><br />";
- $url = "index.php?file=Forum&page=post&forum_id=" . $_REQUEST['forum_id'];
- redirect($url, 2);
- closetable();
- footer();
- exit();
- }
- else if ($_REQUEST['auteur'] == "error2")
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _RESERVNICK . "</div><br /><br />";
- $url = "index.php?file=Forum&page=post&forum_id=" . $_REQUEST['forum_id'];
- redirect($url, 2);
- closetable();
- footer();
- exit();
- }
- else if ($_REQUEST['auteur'] == "error3")
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _BANNEDNICK . "</div><br /><br />";
- $url = "index.php?file=Forum&page=post&forum_id=" . $_REQUEST['forum_id'];
- redirect($url, 2);
- closetable();
- footer();
- exit();
- }
- else
- {
- $autor = $_REQUEST['auteur'];
- }
- }
-
- $flood = mysql_query("SELECT date FROM " . FORUM_MESSAGES_TABLE . " WHERE auteur = '" . $autor . "' OR auteur_ip = '" . $user_ip . "' ORDER BY date DESC LIMIT 0, 1");
- list($flood_date) = mysql_fetch_row($flood);
- $anti_flood = $flood_date + $nuked['post_flood'];
-
- $date = time();
-
- if ($date < $anti_flood && $user[1] < admin_mod("Forum"))
- {
- echo "<br /><br /><div style=\"text-align: center;\">" . _NOFLOOD . "</div><br /><br />";
- $url = "index.php?file=Forum&page=viewforum&forum_id=" . $_REQUEST['forum_id'];
- redirect($url, 2);
- closetable();
- footer();
- exit();
- }
- $_REQUEST['texte'] = secu_html(html_entity_decode($_REQUEST['texte']));
- $_REQUEST['texte'] = icon($_REQUEST['texte']);
- $_REQUEST['titre'] = mysql_real_escape_string(stripslashes($_REQUEST['titre']));
- $_REQUEST['texte'] = mysql_real_escape_string(stripslashes($_REQUEST['texte']));
- $_REQUEST['texte'] = str_replace('<blockquote>', '<blockquote style="border: 1px dashed ' . $bgcolor3 . '; background: #FFF; color: #000; padding: 5px"><strong>' . _QUOTE . ' :</strong><br />', $_REQUEST['texte']);
-
- $autor = mysql_real_escape_string(stripslashes($autor));
-
- if (!is_numeric($_REQUEST['usersig'])) $_REQUEST['usersig'] = 0;
- if (!is_numeric($_REQUEST['emailnotify'])) $_REQUEST['emailnotify'] = 0;
- if (($visiteur < admin_mod("Forum") && $administrator == 0) || !is_numeric($_REQUEST['annonce'])) $_REQUEST['annonce'] = 0;
-
- if ($_REQUEST['survey'] == 1 && $_REQUEST['survey_field'] > 0 && $visiteur >= $level_poll)
- {
- $sondage = 1;
- }
- else
- {
- $sondage = 0;
- }
-
- $sql = mysql_query("INSERT INTO " . FORUM_THREADS_TABLE . " ( `id` , `titre` , `date` , `closed` , `auteur` , `auteur_id` , `forum_id` , `last_post` , `view` , `annonce` , `sondage` ) VALUES ( '' , '" . $_REQUEST['titre'] . "' , '" . $date . "' , '' , '" . $autor . "' , '" . $auteur_id . "' , '" . $_REQUEST['forum_id'] . "' , '" . $date . "' , '' , '" . $_REQUEST['annonce'] . "' , '" . $sondage . "' )");
- $req4 = mysql_query("SELECT MAX(id) FROM " . FORUM_THREADS_TABLE . " WHERE forum_id = '" . $_REQUEST['forum_id'] . "' AND titre = '" . $_REQUEST['titre'] . "' AND date = '" . $date . "' AND auteur = '" . $_REQUEST['auteur'] . "'");
- $idmax = mysql_result($req4, 0, "MAX(id)");
-
- $_REQUEST['thread_id'] = $idmax;
-
- $filename = $_FILES['fichiernom']['name'];
- $filesize = $_FILES['fichiernom']['size'] / 1000;
-
- if ($visiteur >= $nuked['forum_file_level'] && $filename != "" && $nuked['forum_file'] == "on" && $nuked['forum_file_maxsize'] >= $filesize)
- {
- if (!preg_match("`\.php`i", $filename) && !preg_match("`\.htm`i", $filename) && !preg_match("`\.[a-z]htm`i", $filename) && $filename != ".htaccess")
- {
- $url_file = "upload/Forum/" . $filename;
- move_uploaded_file($_FILES['fichiernom']['tmp_name'], $url_file) or die ("<br /><br /><div style=\"text-align: center;\"><big><b>" . _UPLOADFAILED . "</b></big></div><br /><br />");
- @chmod ($url_file, 0644);
- }
- }
- else
- {
- $url_file = "";
- }
-
- $sql2 = mysql_query("INSERT INTO " . FORUM_MESSAGES_TABLE . " ( `id` , `titre` , `txt` , `date` , `edition` , `auteur` , `auteur_id` , `auteur_ip` , `usersig` , `emailnotify` , `thread_id` , `forum_id` , `file` ) VALUES ( '' , '" . $_REQUEST['titre'] . "' , '" . $_REQUEST['texte'] . "' , '" . $date . "' , '' , '" . $autor . "' , '" . $auteur_id . "' , '" . $user_ip . "' , '" . $_REQUEST['usersig'] . "' , '" . $_REQUEST['emailnotify'] . "' , '" . $_REQUEST['thread_id'] . "' , '" . $_REQUEST['forum_id'] . "' , '" . $filename . "' )");
- $SQL = "SELECT thread_id, forum_id, user_id FROM " . FORUM_READ_TABLE . " WHERE thread_id LIKE '%," . (int) $_REQUEST['thread_id'] . ",%' OR forum_id LIKE '%," . (int) $_REQUEST['forum_id'] . ",%' ";
- $req = mysql_query($SQL);
- $update = "";
- while ($results = mysql_fetch_assoc($req)) {
- $tid = $results['thread_id'];
- $fid = $results['forum_id'];
- if (strrpos($fid, ',' . $_REQUEST['forum_id'] . ',') !== false) {
- $fid = preg_replace("#," . $_REQUEST['forum_id'] . ",#is", ",", $fid);
- }
- if (strrpos($tid, ',' . $_REQUEST['thread_id'] . ',') !== false) {
- $tid = preg_replace("#," . $_REQUEST['thread_id'] . ",#is", ",", $tid);
- }
- $update .= (!empty($update) ? ', ' : '');
- $update .= "('" . $fid . "', '" . $tid . "', '" . $results['user_id'] . "')";
- }
- if (!empty($update)) {
- $update = "INSERT INTO `" . FORUM_READ_TABLE . "` (forum_id, thread_id, user_id) VALUES $update ON DUPLICATE KEY UPDATE forum_id=VALUES(forum_id), thread_id=VALUES(thread_id);";
- mysql_query($update) or die(mysql_error());
- }
- if ($user)
- {
- $sql_count = mysql_query("SELECT count FROM " . USER_TABLE . " WHERE id = '" . $user[0] . "'");
- list($count) = mysql_fetch_row($sql_count);
- $newcount = $count + 1;
- $upd = mysql_query("UPDATE " . USER_TABLE . " SET count = '" . $newcount . "' WHERE id = '" . $user[0] . "'");
- }
-
- if ($_REQUEST['survey'] == 1 && $_REQUEST['survey_field'] > 0 && $visiteur >= $level_poll)
- {
- $url = "index.php?file=Forum&op=add_poll&survey_field=" . $_REQUEST['survey_field'] . "&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
- }
- else
- {
- $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
- }
-
- echo "<br /><br /><div style=\"text-align: center;\">" . _MESSAGESEND . "</div><br /><br />";
- redirect($url, 2);
- closetable();
- }
-
- function mark()
- {
- global $user, $nuked, $cookie_forum;
-
- if ($user)
- {
- if ($_REQUEST['forum_id'] > 0)
- {
- $new_id = '';
- $table_read_forum = array();
- $id_read_forum = '';
-
- if (isset($_COOKIE[$cookie_forum]) && $_COOKIE[$cookie_forum] != "")
- {
- $id_read_forum = $_COOKIE[$cookie_forum];
- if (preg_match("`[^0-9,]`i", $id_read_forum)) $id_read_forum = "";
- $table_read_forum = explode(',',$id_read_forum);
- }
-
- $req = "SELECT MAX(id) FROM " . FORUM_MESSAGES_TABLE . " WHERE forum_id = '" . $_REQUEST['forum_id'] . "' AND date > '" . $user[4] . "' GROUP BY thread_id";
- $sql = mysql_query($req);
- while (list($max_id) = mysql_fetch_array($sql))
- {
- if (!in_array($max_id,$table_read_forum))
- {
- if ($new_id != '') $new_id .= ',';
- $new_id .= $max_id;
- }
- }
-
- if ($id_read_forum != '' && $new_id != '') $id_read_forum .= ',';
- $_COOKIE['cookie_forum'] = $id_read_forum . $new_id;
- }
- else
- {
- $_COOKIE['cookie_forum'] = '';
- $req = "UPDATE " . SESSIONS_TABLE . " SET last_used = date WHERE user_id = '" . $user[0] . "'";
- $sql = mysql_query($req);
- }
- if ($user) {
- if ((int) $_REQUEST['forum_id'] != "") {
- $where = "WHERE forum_id = '" . (int) $_REQUEST['forum_id'] . "'";
- } else {
- $where = "";
- }
- // On veut modifier la chaine thread_id et forum_id
- $req = mysql_query("SELECT thread_id, forum_id FROM " . FORUM_READ_TABLE . " WHERE user_id = '" . $user[0] . "'");
-
- $result = mysql_query("SELECT id, forum_id FROM " . FORUM_THREADS_TABLE . " " . $where);
- $nbtopics = mysql_num_rows($result);
-
- if ($nbtopics > 0) {
- $res = mysql_fetch_assoc($req);
- $tid = ',' . substr($res['thread_id'], 1);
- $fid = ',' . substr($res['forum_id'], 1);
- ;
- while (list($thread_id, $forum_id) = mysql_fetch_row($result)) {
- if (strrpos($tid, ',' . $thread_id . ',') === false)
- $tid .= $thread_id . ',';
- if (strrpos($fid, ',' . $forum_id . ',') === false)
- $fid .= $forum_id . ',';
- }
- $sql = mysql_query("REPLACE " . FORUM_READ_TABLE . " (`user_id` , `thread_id` , `forum_id` ) VALUES ('" . $user[0] . "' , '" . $tid . "' , '" . $fid . "' )");
- }
- }
- }
- opentable();
- echo "<br /><br /><div style=\"text-align: center;\">" . _MESSAGESMARK . "</div><br /><br />";
- redirect("index.php?file=Forum", 2);
- closetable();
- }
-
- function del_file()
- {
- global $visiteur, $user, $nuked;
-
- opentable();
-
- $result = mysql_query("SELECT moderateurs FROM " . FORUM_TABLE . " WHERE '" . $visiteur . "' >= niveau AND id = '" . $_REQUEST['forum_id'] . "'");
- list($modos) = mysql_fetch_array($result);
-
- if ($user && $modos != "" && strpos($modos, $user[0]) !== false)
- {
- $administrator = 1;
- }
- else
- {
- $administrator = 0;
- }
-
- $sql = mysql_query("SELECT file, auteur_id FROM " . FORUM_MESSAGES_TABLE . " WHERE id = '" . $_REQUEST['mess_id'] . "'");
- list($filename, $auteur_id) = mysql_fetch_array($sql);
-
- if ($user && $auteur_id == $user[0] || $visiteur >= admin_mod("Forum") || $administrator == 1)
- {
- $path = "upload/Forum/" . $filename;
- if (is_file($path))
- {
- $filesys = str_replace("/", "\\", $path);
- @chmod ($path, 0775);
- @unlink($path);
- @system("del $filesys");
-
- $upd = mysql_query("UPDATE " . FORUM_MESSAGES_TABLE . " SET file = '' WHERE id = '" . $_REQUEST['mess_id'] . "'");
- echo "<br /><br /><div style=\"text-align: center;\">" . _FILEDELETED . "</div><br /><br />";
- $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
- redirect($url, 2);
- }
- }
- else
- …
Large files files are truncated, but you can click here to view the full file