PageRenderTime 61ms CodeModel.GetById 23ms RepoModel.GetById 1ms app.codeStats 0ms

/modules/Forum/index.php

https://code.google.com/p/nuked-klan/
PHP | 1567 lines | 1273 code | 265 blank | 29 comment | 346 complexity | 1d0d99a3128dc0514570fb5e26280adf MD5 | raw file
Possible License(s): GPL-3.0, BSD-3-Clause, GPL-2.0, LGPL-3.0, LGPL-2.1

Large files files are truncated, but you can click here to view the full file

  1. <?php
  2. // -------------------------------------------------------------------------//
  3. // Nuked-KlaN - PHP Portal //
  4. // http://www.nuked-klan.org //
  5. // -------------------------------------------------------------------------//
  6. // This program is free software. you can redistribute it and/or modify //
  7. // it under the terms of the GNU General Public License as published by //
  8. // the Free Software Foundation; either version 2 of the License. //
  9. // -------------------------------------------------------------------------//
  10. if (!defined("INDEX_CHECK"))
  11. {
  12. die ("<div style=\"text-align: center;\">You cannot open this page directly</div>");
  13. }
  14. global $nuked, $language, $user, $cookie_captcha;
  15. translate("modules/Forum/lang/" . $language . ".lang.php");
  16. // Inclusion syst?me Captcha
  17. include_once("Includes/nkCaptcha.php");
  18. // On determine si le captcha est actif ou non
  19. if (_NKCAPTCHA == "off") $captcha = 0;
  20. else if ((_NKCAPTCHA == 'auto' OR _NKCAPTCHA == 'on') && $user[1] > 0) $captcha = 0;
  21. else $captcha = 1;
  22. if (!$user)
  23. {
  24. $visiteur = 0;
  25. }
  26. else
  27. {
  28. $visiteur = $user[1];
  29. }
  30. $ModName = basename(dirname(__FILE__));
  31. $level_access = nivo_mod($ModName);
  32. if ($visiteur >= $level_access && $level_access > -1)
  33. {
  34. compteur("Forum");
  35. function index()
  36. {
  37. opentable();
  38. include("modules/Forum/main.php");
  39. closetable();
  40. }
  41. function edit($mess_id)
  42. {
  43. global $visiteur, $user, $nuked;
  44. opentable();
  45. if ($_REQUEST['titre'] == "" || $_REQUEST['texte'] == "" || @ctype_space($_REQUEST['titre']) || @ctype_space($_REQUEST['texte']))
  46. {
  47. echo "<br /><br /><div style=\"text-align: center;\">" . _FIELDEMPTY . "</div><br /><br />";
  48. $url = "index.php?file=Forum&page=post&forum_id=" . $_REQUEST['forum_id'] . "&mess_id=" . $_REQUEST['mess_id'] . "&do=edit";
  49. redirect($url, 2);
  50. closetable();
  51. footer();
  52. exit();
  53. }
  54. $result = mysql_query("SELECT moderateurs FROM " . FORUM_TABLE . " WHERE '" . $visiteur . "' >= level AND id = '" . $_REQUEST['forum_id'] . "'");
  55. list($modos) = mysql_fetch_array($result);
  56. $administrator = ($user && $modos != "" && strpos($modos, $user[0]) !== false) ? 1 : 0;
  57. if ($_REQUEST['author'] == $user[2] || $visiteur >= admin_mod("Forum") || $administrator == 1)
  58. {
  59. $date = nkDate(time());
  60. if ($_REQUEST['edit_text'] == 1)
  61. {
  62. $texte_edit = _EDITBY . "&nbsp;" . $user[2] . "&nbsp;" . _THE . "&nbsp;" . $date;
  63. $edition = ", edition = '" . $texte_edit ."'";
  64. }
  65. else
  66. {
  67. $edition = "";
  68. }
  69. $_REQUEST['texte'] = secu_html(html_entity_decode($_REQUEST['texte']));
  70. $_REQUEST['texte'] = icon($_REQUEST['texte']);
  71. $_REQUEST['titre'] = mysql_real_escape_string(stripslashes($_REQUEST['titre']));
  72. $_REQUEST['texte'] = mysql_real_escape_string(stripslashes($_REQUEST['texte']));
  73. if (!is_numeric($_REQUEST['usersig'])) $_REQUEST['usersig'] = 0;
  74. if (!is_numeric($_REQUEST['emailnotify'])) $_REQUEST['emailnotify'] = 0;
  75. $sql2 = mysql_query("SELECT thread_id FROM " . FORUM_MESSAGES_TABLE . " WHERE id = '" . $mess_id . "'");
  76. list($thread_id) = mysql_fetch_row($sql2);
  77. $sql3 = mysql_query("SELECT id FROM " . FORUM_MESSAGES_TABLE . " WHERE thread_id = '" . $thread_id . "' ORDER BY id LIMIT 0, 1");
  78. list($mid) = mysql_fetch_row($sql3);
  79. $sql = mysql_query("UPDATE " . FORUM_MESSAGES_TABLE . " SET titre = '" . $_REQUEST['titre'] . "', txt = '" . $_REQUEST['texte'] . "'" . $edition . ", usersig = '" . $_REQUEST['usersig'] . "', emailnotify = '" . $_REQUEST['emailnotify'] . "' WHERE id = '" . $mess_id . "'");
  80. if ($mid == $mess_id)
  81. {
  82. $upd = mysql_query("UPDATE " . FORUM_THREADS_TABLE . " SET titre = '" . $_REQUEST['titre'] . "' WHERE id = '" . $thread_id . "'");
  83. }
  84. $sql_page = mysql_query("SELECT id FROM " . FORUM_MESSAGES_TABLE . " WHERE thread_id = '" . $thread_id . "'");
  85. $nb_rep = mysql_num_rows($sql_page);
  86. if ($nb_rep > $nuked['mess_forum_page'])
  87. {
  88. $topicpages = $nb_rep / $nuked['mess_forum_page'];
  89. $topicpages = ceil($topicpages);
  90. $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $thread_id . "&p=" . $topicpages . "#" . $mess_id;
  91. }
  92. else
  93. {
  94. $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $thread_id . "#" . $mess_id;
  95. }
  96. echo "<br /><br /><div style=\"text-align: center;\">" . _MESSMODIF . "</div><br /><br />";
  97. }
  98. else
  99. {
  100. echo "<br /><br /><div style=\"text-align: center;\">" . _ZONEADMIN . "</div><br /><br />";
  101. $url = 'index.php?file=Forum';
  102. }
  103. redirect($url, 2);
  104. closetable();
  105. }
  106. function del($mess_id)
  107. {
  108. global $visiteur, $user, $nuked;
  109. opentable();
  110. $result = mysql_query("SELECT moderateurs FROM " . FORUM_TABLE . " WHERE '" . $visiteur . "' >= niveau AND id = '" . $_REQUEST['forum_id'] . "'");
  111. list($modos) = mysql_fetch_array($result);
  112. if ($user && $modos != "" && strpos($modos, $user[0]) !== false)
  113. {
  114. $administrator = 1;
  115. }
  116. else
  117. {
  118. $administrator = 0;
  119. }
  120. if ($visiteur >= admin_mod("Forum") || $administrator == 1)
  121. {
  122. if ($_REQUEST['confirm'] == _YES)
  123. {
  124. $sql2 = mysql_query("SELECT id, file FROM " . FORUM_MESSAGES_TABLE . " WHERE thread_id = '" . $_REQUEST['thread_id'] . "' ORDER BY id LIMIT 0, 1");
  125. list($mid, $filename) = mysql_fetch_row($sql2);
  126. if ($filename != "")
  127. {
  128. $path = "upload/Forum/" . $filename;
  129. if (is_file($path))
  130. {
  131. $filesys = str_replace("/", "\\", $path);
  132. @chmod ($path, 0775);
  133. @unlink($path);
  134. @system("del $filesys");
  135. }
  136. }
  137. if ($mid == $mess_id)
  138. {
  139. $sql_survey = mysql_query("SELECT sondage FROM " . FORUM_THREADS_TABLE . " WHERE id = '" . $_REQUEST['thread_id'] . "'");
  140. list($sondage) = mysql_fetch_row($sql_survey);
  141. if ($sondage == 1)
  142. {
  143. $sql_poll = mysql_query("SELECT id FROM " . FORUM_POLL_TABLE . " WHERE thread_id = '" . $_REQUEST['thread_id'] . "'");
  144. list($poll_id) = mysql_fetch_row($sql_poll);
  145. $sup1 = mysql_query("DELETE FROM " . FORUM_POLL_TABLE . " WHERE id = '" . $poll_id . "'");
  146. $sup2 = mysql_query("DELETE FROM " . FORUM_OPTIONS_TABLE . " WHERE poll_id = '" . $poll_id . "'");
  147. $sup3 = mysql_query("DELETE FROM " . FORUM_VOTE_TABLE . " WHERE poll_id = '" . $poll_id . "'");
  148. }
  149. mysql_query("DELETE FROM " . FORUM_THREADS_TABLE . " WHERE id = '" . (int) $_REQUEST['thread_id'] . "'");
  150. mysql_query("DELETE FROM " . FORUM_MESSAGES_TABLE . " WHERE thread_id = '" . (int) $_REQUEST['thread_id'] . "'");
  151. $url = "index.php?file=Forum&page=viewforum&forum_id=" . (int) $_REQUEST['forum_id'];
  152. } else {
  153. $url = "index.php?file=Forum&page=viewtopic&forum_id=" . (int) $_REQUEST['forum_id'] . "&thread_id=" . (int) $_REQUEST['thread_id'];
  154. }
  155. $sql = mysql_query("DELETE FROM " . FORUM_MESSAGES_TABLE . " WHERE id = '" . $mess_id . "'");
  156. echo "<br /><br /><div style=\"text-align: center;\">" . _MESSDELETED . "</div><br /><br />";
  157. redirect($url, 2);
  158. }
  159. else if ($_REQUEST['confirm'] == _NO)
  160. {
  161. $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
  162. echo "<br /><br /><div style=\"text-align: center;\">" . _DELCANCEL . "</div><br /><br />";
  163. redirect($url, 2);
  164. }
  165. else
  166. {
  167. echo "<form method=\"post\" action=\"index.php?file=Forum&amp;op=del\">\n"
  168. . "<div style=\"text-align: center;\"><br /><br />" . _CONFIRMDELMESS . "<br />\n"
  169. . "<input type=\"hidden\" name=\"forum_id\" value=\"" . $_REQUEST['forum_id'] . "\" />\n"
  170. . "<input type=\"hidden\" name=\"thread_id\" value=\"" . $_REQUEST['thread_id'] . "\" />\n"
  171. . "<input type=\"hidden\" name=\"mess_id\" value=\"" . $mess_id . "\" />\n"
  172. . "<input type=\"submit\" name=\"confirm\" value=\"" . _YES . "\" />"
  173. . "&nbsp;<input type=\"submit\" name=\"confirm\" value=\"" . _NO . "\" /></div></form><br />\n";
  174. }
  175. }
  176. else
  177. {
  178. $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
  179. echo "<br /><br /><div style=\"text-align: center;\">" . _ZONEADMIN . "</div><br /><br />";
  180. redirect($url, 2);
  181. }
  182. closetable();
  183. }
  184. function del_topic($thread_id)
  185. {
  186. global $visiteur, $user, $nuked;
  187. opentable();
  188. $result = mysql_query("SELECT moderateurs FROM " . FORUM_TABLE . " WHERE '" . $visiteur . "' >= niveau AND id = '" . $_REQUEST['forum_id'] . "'");
  189. list($modos) = mysql_fetch_array($result);
  190. if ($user && $modos != "" && strpos($modos, $user[0]) !== false)
  191. {
  192. $administrator = 1;
  193. }
  194. else
  195. {
  196. $administrator = 0;
  197. }
  198. if ($visiteur >= admin_mod("Forum") || $administrator == 1)
  199. {
  200. if ($_REQUEST['confirm'] == _YES)
  201. {
  202. $sql = mysql_query("SELECT sondage FROM " . FORUM_THREADS_TABLE . " WHERE id = '" . $thread_id . "'");
  203. list($sondage) = mysql_fetch_row($sql);
  204. if ($sondage == 1)
  205. {
  206. $sql_poll = mysql_query("SELECT id FROM " . FORUM_POLL_TABLE . " WHERE thread_id = '" . $thread_id . "'");
  207. list($poll_id) = mysql_fetch_row($sql_poll);
  208. $sup1 = mysql_query("DELETE FROM " . FORUM_POLL_TABLE . " WHERE id = '" . $poll_id . "'");
  209. $sup2 = mysql_query("DELETE FROM " . FORUM_OPTIONS_TABLE . " WHERE poll_id = '" . $poll_id . "'");
  210. $sup3 = mysql_query("DELETE FROM " . FORUM_VOTE_TABLE . " WHERE poll_id = '" . $poll_id . "'");
  211. }
  212. $sql2 = mysql_query("SELECT file FROM " . FORUM_MESSAGES_TABLE . " WHERE thread_id = '" . $thread_id . "'");
  213. while (list($filename) = mysql_fetch_row($sql2))
  214. {
  215. if ($filename != "")
  216. {
  217. $path = "upload/Forum/" . $filename;
  218. if (is_file($path))
  219. {
  220. $filesys = str_replace("/", "\\", $path);
  221. @chmod ($path, 0775);
  222. @unlink($path);
  223. @system("del $filesys");
  224. }
  225. }
  226. }
  227. mysql_query("DELETE FROM " . FORUM_MESSAGES_TABLE . " WHERE thread_id = '" . $thread_id . "' AND forum_id = '" . (int) $_REQUEST['forum_id'] . "'");
  228. mysql_query("DELETE FROM " . FORUM_THREADS_TABLE . " WHERE id = '" . $thread_id . "' AND forum_id = '" . (int) $_REQUEST['forum_id'] . "'");
  229. $url = "index.php?file=Forum&page=viewforum&forum_id=" . $_REQUEST['forum_id'];
  230. echo "<br /><br /><div style=\"text-align: center;\">" . _TOPICDELETED . "</div><br /><br />";
  231. redirect($url, 2);
  232. }
  233. else if ($_REQUEST['confirm'] == _NO)
  234. {
  235. $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $thread_id;
  236. echo "<br /><br /><div style=\"text-align: center;\">" . _DELCANCEL . "</div><br /><br />";
  237. redirect($url, 2);
  238. }
  239. else
  240. {
  241. echo "<form method=\"post\" action=\"index.php?file=Forum&amp;op=del_topic\">\n"
  242. . "<div style=\"text-align: center;\"><br /><br />" . _CONFIRMDELTOPIC . "<br />\n"
  243. . "<input type=\"hidden\" name=\"forum_id\" value=\"" . $_REQUEST['forum_id'] . "\" />\n"
  244. . "<input type=\"hidden\" name=\"thread_id\" value=\"" . $thread_id . "\" />\n"
  245. . "<input type=\"submit\" name=\"confirm\" value=\"" . _YES . "\" />"
  246. . "&nbsp;<input type=\"submit\" name=\"confirm\" value=\"" . _NO . "\" /></div></form><br />\n";
  247. }
  248. }
  249. else
  250. {
  251. $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $thread_id;
  252. echo "<br /><br /><div style=\"text-align: center;\">" . _ZONEADMIN . "</div><br /><br />";
  253. redirect($url, 2);
  254. }
  255. closetable();
  256. }
  257. function move()
  258. {
  259. global $visiteur, $user, $nuked;
  260. opentable();
  261. $result = mysql_query("SELECT moderateurs FROM " . FORUM_TABLE . " WHERE '" . $visiteur . "' >= niveau AND id = '" . $_REQUEST['forum_id'] . "'");
  262. list($modos) = mysql_fetch_array($result);
  263. if ($user && $modos != "" && strpos($modos, $user[0]) !== false)
  264. {
  265. $administrator = 1;
  266. }
  267. else
  268. {
  269. $administrator = 0;
  270. }
  271. if ($visiteur >= admin_mod("Forum") || $administrator == 1)
  272. {
  273. if ($_REQUEST['confirm'] == _YES && $_REQUEST['newforum'] != "")
  274. {
  275. echo"<br /><br /><div style=\"text-align: center;\">" . _TOPICMOVED . "</div><br /><br />";
  276. mysql_query("UPDATE " . FORUM_THREADS_TABLE . " SET forum_id = '" . $_REQUEST['newforum'] . "' WHERE id = '" . (int) $_REQUEST['thread_id'] . "'");
  277. mysql_query("UPDATE " . FORUM_MESSAGES_TABLE . " SET forum_id = '" . $_REQUEST['newforum'] . "' WHERE thread_id = '" . (int) $_REQUEST['thread_id'] . "'");
  278. $SQL = "SELECT thread_id, forum_id, user_id FROM " . FORUM_READ_TABLE . " WHERE forum_id LIKE '%," . $_REQUEST['forum_id'] . ",%' OR forum_id LIKE '%," . $_REQUEST['newforum'] . ",%' ";
  279. $req = mysql_query($SQL);
  280. $update = '';
  281. // Liste des utilisateurs
  282. $userTMP = array();
  283. while ($data = mysql_fetch_assoc($req)) {
  284. $userTMP[$data['user_id']] = array('forum_id' => $data['forum_id'], 'thread_id' => $data['thread_id']);
  285. }
  286. // Vieux forum
  287. $oldTMP = array();
  288. // Liste des threads de l'ancien forum
  289. $SQL = "SELECT id FROM " . FORUM_THREADS_TABLE . " WHERE forum_id = " . (int) $_REQUEST['forum_id'] . " ";
  290. $req = mysql_query($SQL);
  291. // On vérifie que tous les threads sont lus
  292. while ($data = mysql_fetch_assoc($req)) {
  293. $oldTMP[$data['id']] = $data['id'];
  294. }
  295. // Nouveau forum
  296. $newTMP = array();
  297. // Liste des threads du nouveau forum
  298. $SQL = "SELECT id FROM " . FORUM_THREADS_TABLE . " WHERE forum_id = " . (int) $_REQUEST['newforum'] . " ";
  299. $req = mysql_query($SQL);
  300. // On vérifie que tous les threads sont lus
  301. while ($data = mysql_fetch_assoc($req)) {
  302. $newTMP[$data['id']] = $data['id'];
  303. }
  304. // On boucle les users
  305. foreach ($userTMP as $key => $member) {
  306. // On part du fait que tout les posts sont lu
  307. $read = true;
  308. foreach ($oldTMP as $old) {
  309. // Si au moins un post n'est pas lu
  310. if (strrpos($member['thread_id'], ',' . $old . ',') === false)
  311. $read = false;
  312. }
  313. // Si ils sont tous lu, et que le forum est pas dans la liste on le rajoute
  314. if ($read === true && strrpos($member['forum_id'], ',' . $_REQUEST['forum_id'] . ',') === false) {
  315. // Nouvelle liste des forums
  316. $fid = $member['forum_id'] . $_REQUEST['forum_id'] . ',';
  317. // Si aucun update n'a eu lieu avant
  318. $update .= (!empty($update) ? ', ':'');
  319. $update .= "('" . $fid . "', '" . $key . "')";
  320. }
  321. // On part du fait que tout les posts sont lu
  322. $read = true;
  323. foreach($newTMP as $new){
  324. // Si au moins un post n'est pas lu
  325. if (strrpos($member['thread_id'], ',' . $new . ',') === false)
  326. $read = false;
  327. }
  328. // Si tout n'est pas lu, et que le forum est présent dans la liste on le retire
  329. if ($read === false && strrpos($fid, ',' . $_REQUEST['newforum'] . ',') !== false) {
  330. // Nouvelle liste des forums
  331. $fid = preg_replace("#," . $_REQUEST['newforum'] . ",#is", ",", $fid);
  332. // Si aucun n'update n'a eu lieu avant
  333. $update .= (!empty($update) ? ', ':'');
  334. $update .= "('" . $fid . "', '" . $key . "')";
  335. }
  336. }
  337. if(!empty($update)){
  338. $update = "INSERT INTO `" . FORUM_READ_TABLE . "` (forum_id, user_id) VALUES $update ON DUPLICATE KEY UPDATE forum_id=VALUES(forum_id);";
  339. mysql_query($update) or die(mysql_error());
  340. }
  341. $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['newforum'] . "&thread_id=" . (int) $_REQUEST['thread_id'];
  342. redirect($url, 2);
  343. } else if ($_REQUEST['confirm'] == _NO) {
  344. echo "<br /><br /><div style=\"text-align: center;\">" . _DELCANCEL . "</div><br /><br />";
  345. $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
  346. redirect($url, 2);
  347. }
  348. else
  349. {
  350. echo "<form action=\"index.php?file=Forum&amp;op=move\" method=\"post\">\n"
  351. . "<div style=\"text-align: center;\"><br /><br />" . _MOVETOPIC . " : <select name=\"newforum\">\n";
  352. $sql_cat = mysql_query("SELECT id, nom FROM " . FORUM_CAT_TABLE . " WHERE '" . $visiteur . "' >= niveau ORDER BY ordre, nom");
  353. while (list($cat, $cat_name) = mysql_fetch_row($sql_cat))
  354. {
  355. $cat_name = printSecuTags($cat_name);
  356. echo "<option value=\"\">* " . $cat_name . "</option>\n";
  357. $sql_forum = mysql_query("SELECT nom, id FROM " . FORUM_TABLE . " WHERE cat = '" . $cat . "' AND '" . $visiteur . "' >= niveau ORDER BY ordre, nom");
  358. while (list($forum_name, $fid) = mysql_fetch_row($sql_forum))
  359. {
  360. $forum_name = printSecuTags($forum_name);
  361. echo "<option value=\"" . $fid . "\">&nbsp;&nbsp;&nbsp;" . $forum_name . "</option>\n";
  362. }
  363. }
  364. echo "</select><br /><br /><input type=\"submit\" name=\"confirm\" value=\"" . _YES . "\" />"
  365. . "&nbsp;<input type=\"submit\" name=\"confirm\" value=\"" . _NO . "\" />\n"
  366. . "<input type=\"hidden\" name=\"forum_id\" value=\"".$_REQUEST['forum_id']."\" />\n"
  367. . "<input type=\"hidden\" name=\"thread_id\" value=\"".$_REQUEST['thread_id']."\" /></div></form><br />\n";
  368. }
  369. }
  370. else
  371. {
  372. echo "<br /><br /><div style=\"text-align: center;\">" . _ZONEADMIN . "</div><br /><br />";
  373. $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
  374. redirect($url, 2);
  375. }
  376. closetable();
  377. }
  378. function lock()
  379. {
  380. global $visiteur, $user, $nuked;
  381. opentable();
  382. $result = mysql_query("SELECT moderateurs FROM " . FORUM_TABLE . " WHERE '" . $visiteur . "' >= niveau AND id = '" . $_REQUEST['forum_id'] . "'");
  383. list($modos) = mysql_fetch_array($result);
  384. if ($user && $modos != "" && strpos($modos, $user[0]) !== false)
  385. {
  386. $administrator = 1;
  387. }
  388. else
  389. {
  390. $administrator = 0;
  391. }
  392. if ($_REQUEST['do'] == "close")
  393. {
  394. $lock_text = _TOPICLOCKED;
  395. $lock_type = 1;
  396. }
  397. else if ($_REQUEST['do'] == "open")
  398. {
  399. $lock_text = _TOPICUNLOCKED;
  400. $lock_type = 0;
  401. }
  402. if ($visiteur >= admin_mod("Forum") || $administrator == 1)
  403. {
  404. echo "<br /><br /><div style=\"text-align: center;\">" . $lock_text . "</div><br /><br />";
  405. $sql = mysql_query("UPDATE " . FORUM_THREADS_TABLE . " SET closed = '" . $lock_type . "' WHERE id = '" . $_REQUEST['thread_id'] . "'");
  406. $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
  407. redirect($url, 2);
  408. }
  409. else
  410. {
  411. echo "<br /><br /><div style=\"text-align: center;\">" . _ZONEADMIN . "</div><br /><br />";
  412. $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
  413. redirect($url, 2);
  414. }
  415. closetable();
  416. }
  417. function announce()
  418. {
  419. global $visiteur, $user, $nuked;
  420. opentable();
  421. $result = mysql_query("SELECT moderateurs FROM " . FORUM_TABLE . " WHERE '" . $visiteur . "' >= niveau AND id = '" . $_REQUEST['forum_id'] . "'");
  422. list($modos) = mysql_fetch_array($result);
  423. if ($user && $modos != "" && strpos($modos, $user[0]) !== false)
  424. {
  425. $administrator = 1;
  426. }
  427. else
  428. {
  429. $administrator = 0;
  430. }
  431. if ($_REQUEST['do'] == "up")
  432. {
  433. $announce = 1;
  434. }
  435. else if ($_REQUEST['do'] == "down")
  436. {
  437. $announce = 0;
  438. }
  439. if ($visiteur >= admin_mod("Forum") || $administrator == 1)
  440. {
  441. echo "<br /><br /><div style=\"text-align: center;\">" . _TOPICMODIFIED . "</div><br /><br />";
  442. $sql = mysql_query("UPDATE " . FORUM_THREADS_TABLE . " SET annonce = '" . $announce . "' WHERE id = '" . $_REQUEST['thread_id'] . "'");
  443. $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
  444. redirect($url, 2);
  445. }
  446. else
  447. {
  448. echo "<br /><br /><div style=\"text-align: center;\">" . _ZONEADMIN . "</div><br /><br />";
  449. $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
  450. redirect($url, 2);
  451. }
  452. closetable();
  453. }
  454. function reply()
  455. {
  456. global $user, $nuked, $captcha,$visiteur,$user_ip, $bgcolor3;
  457. opentable();
  458. if ($captcha == 1 && !ValidCaptchaCode($_REQUEST['code_confirm']))
  459. {
  460. echo "<br /><br /><div style=\"text-align: center;\">" . _BADCODECONFIRM . "<br /><br /><a href=\"javascript:history.back()\">[ <b>" . _BACK . "</b> ]</a></div><br /><br />";
  461. closetable();
  462. footer();
  463. exit();
  464. }
  465. if ($_REQUEST['auteur'] == "" || $_REQUEST['titre'] == "" || $_REQUEST['texte'] == "" || @ctype_space($_REQUEST['titre']) || @ctype_space($_REQUEST['texte']))
  466. {
  467. echo "<br /><br /><div style=\"text-align: center;\">" . _FIELDEMPTY . "<br /><br /><a href=\"javascript:history.back()\">[ <b>" . _BACK . "</b> ]</a></div><br /><br />";
  468. closetable();
  469. footer();
  470. exit();
  471. }
  472. $result = mysql_query("SELECT moderateurs FROM " . FORUM_TABLE . " WHERE '" . $visiteur . "' >= niveau AND id = '" . $_REQUEST['forum_id'] . "'");
  473. list($modos) = mysql_fetch_array($result);
  474. if ($user && $modos != "" && strpos($modos, $user[0]) !== false)
  475. {
  476. $administrator = 1;
  477. }
  478. else
  479. {
  480. $administrator = 0;
  481. }
  482. $lock = mysql_query("SELECT closed FROM " . FORUM_THREADS_TABLE . " WHERE forum_id = '" . $_REQUEST['forum_id'] . "' AND id = '" . $_REQUEST['thread_id'] . "'");
  483. list($closed) = mysql_fetch_array($lock);
  484. $forum = mysql_query("SELECT FT.level FROM " . FORUM_TABLE . " AS FT INNER JOIN " . FORUM_THREADS_TABLE . " AS FTT ON FT.id = FTT.forum_id WHERE FTT.id = '" . $_REQUEST['thread_id'] . "'");
  485. list($level) = mysql_fetch_array($forum);
  486. if ($visiteur >= admin_mod("Forum") || $administrator == 1)
  487. {
  488. $auth = 1;
  489. }
  490. else if ($closed > 0 || $level > $visiteur)
  491. {
  492. $auth = 0;
  493. }
  494. if ($auth == "0")
  495. {
  496. echo "<br /><br /><div style=\"text-align: center;\">" . _ZONEADMIN . "</div><br /><br />";
  497. $url = "index.php?file=Forum&page=post&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
  498. redirect($url, 2);
  499. closetable();
  500. footer();
  501. exit();
  502. }
  503. if ($user[2] != "")
  504. {
  505. $autor = $user[2];
  506. $auteur_id = $user[0];
  507. }
  508. else
  509. {
  510. $_REQUEST['auteur'] = htmlentities($_REQUEST['auteur'], ENT_QUOTES);
  511. $_REQUEST['auteur'] = verif_pseudo($_REQUEST['auteur']);
  512. if ($_REQUEST['auteur'] == "error1")
  513. {
  514. echo "<br /><br /><div style=\"text-align: center;\">" . _PSEUDOFAILDED . "<br /><br /><a href=\"javascript:history.back()\">[ <b>" . _BACK . "</b> ]</a></div><br /><br />";
  515. closetable();
  516. footer();
  517. exit();
  518. }
  519. else if ($_REQUEST['auteur'] == "error2")
  520. {
  521. echo "<br /><br /><div style=\"text-align: center;\">" . _RESERVNICK . "<br /><br /><a href=\"javascript:history.back()\">[ <b>" . _BACK . "</b> ]</a></div><br /><br />";
  522. closetable();
  523. footer();
  524. exit();
  525. }
  526. else if ($_REQUEST['auteur'] == "error3")
  527. {
  528. echo "<br /><br /><div style=\"text-align: center;\">" . _BANNEDNICK . "<br /><br /><a href=\"javascript:history.back()\">[ <b>" . _BACK . "</b> ]</a></div><br /><br />";
  529. closetable();
  530. footer();
  531. exit();
  532. }
  533. else
  534. {
  535. $autor = $_REQUEST['auteur'];
  536. }
  537. }
  538. $flood = mysql_query("SELECT date FROM " . FORUM_MESSAGES_TABLE . " WHERE auteur = '" . $autor . "' OR auteur_ip = '" . $user_ip . "' ORDER BY date DESC LIMIT 0, 1");
  539. list($flood_date) = mysql_fetch_row($flood);
  540. $anti_flood = $flood_date + $nuked['post_flood'];
  541. $date = time();
  542. if ($date < $anti_flood && $visiteur < admin_mod("Forum"))
  543. {
  544. echo "<br /><br /><div style=\"text-align: center;\">" . _NOFLOOD . "</div><br /><br />";
  545. $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
  546. redirect($url, 2);
  547. closetable();
  548. footer();
  549. exit();
  550. }
  551. $_REQUEST['texte'] = secu_html(html_entity_decode($_REQUEST['texte']));
  552. $_REQUEST['texte'] = icon($_REQUEST['texte']);
  553. $_REQUEST['titre'] = mysql_real_escape_string(stripslashes($_REQUEST['titre']));
  554. $_REQUEST['texte'] = mysql_real_escape_string(stripslashes($_REQUEST['texte']));
  555. $_REQUEST['texte'] = str_replace('<blockquote>', '<blockquote style="border: 1px dashed ' . $bgcolor3 . '; background: #FFF; color: #000; padding: 5px"><strong>' . _QUOTE . ' :</strong><br />', $_REQUEST['texte']);
  556. $autor = mysql_real_escape_string(stripslashes($autor));
  557. if (!is_numeric($_REQUEST['usersig'])) $_REQUEST['usersig'] = 0;
  558. if (!is_numeric($_REQUEST['emailnotify'])) $_REQUEST['emailnotify'] = 0;
  559. $filename = $_FILES['fichiernom']['name'];
  560. $filesize = $_FILES['fichiernom']['size'] / 1000;
  561. if ($visiteur >= $nuked['forum_file_level'] && $filename != "" && $nuked['forum_file'] == "on" && $nuked['forum_file_maxsize'] >= $filesize)
  562. {
  563. if (!preg_match("`\.php`i", $filename) && !preg_match("`\.htm`i", $filename) && !preg_match("`\.[a-z]htm`i", $filename) && $filename != ".htaccess")
  564. {
  565. $url_file = "upload/Forum/" . $filename;
  566. move_uploaded_file($_FILES['fichiernom']['tmp_name'], $url_file) or die ("<br /><br /><div style=\"text-align: center;\"><big><b>" . _UPLOADFAILED . "</b></big></div><br /><br />");
  567. @chmod ($url_file, 0644);
  568. }
  569. }
  570. else
  571. {
  572. $url_file = "";
  573. }
  574. mysql_query("UPDATE " . FORUM_THREADS_TABLE . " SET last_post = '" . $date . "' WHERE id = '" . (int) $_REQUEST['thread_id'] . "'");
  575. $SQL = "SELECT thread_id, forum_id, user_id FROM " . FORUM_READ_TABLE . " WHERE thread_id LIKE '%," . (int) $_REQUEST['thread_id'] . ",%' OR forum_id LIKE '%," . (int) $_REQUEST['forum_id'] . ",%' ";
  576. $req = mysql_query($SQL);
  577. $update = "";
  578. while ($results = mysql_fetch_assoc($req)) {
  579. $tid = $results['thread_id'];
  580. $fid = $results['forum_id'];
  581. if (strrpos($fid, ',' . $_REQUEST['forum_id'] . ',') !== false) {
  582. $fid = preg_replace("#," . $_REQUEST['forum_id'] . ",#is", ",", $fid);
  583. }
  584. if (strrpos($tid, ',' . $_REQUEST['thread_id'] . ',') !== false) {
  585. $tid = preg_replace("#," . $_REQUEST['thread_id'] . ",#is", ",", $tid);
  586. }
  587. $update .= (!empty($update) ? ', ':'');
  588. $update .= "('" . $fid . "', '" . $tid ."', '" . $results['user_id'] . "')";
  589. }
  590. if(!empty($update)){
  591. $update = "INSERT INTO `" . FORUM_READ_TABLE . "` (forum_id, thread_id, user_id) VALUES $update ON DUPLICATE KEY UPDATE forum_id=VALUES(forum_id), thread_id=VALUES(thread_id);";
  592. mysql_query($update) or die(mysql_error());
  593. }
  594. mysql_query("INSERT INTO " . FORUM_MESSAGES_TABLE . " ( `id` , `titre` , `txt` , `date` , `edition` , `auteur` , `auteur_id` , `auteur_ip` , `usersig` , `emailnotify` , `thread_id` , `forum_id` , `file` ) VALUES ( '' , '" . $_REQUEST['titre'] . "' , '" . $_REQUEST['texte'] . "' , '" . $date . "' , '' , '" . $autor . "' , '" . $auteur_id . "' , '" . $user_ip . "' , '" . $_REQUEST['usersig'] . "' , '" . $_REQUEST['emailnotify'] . "' , '" . (int) $_REQUEST['thread_id'] . "' , '" . (int) $_REQUEST['forum_id'] . "' , '" . $filename . "' )");
  595. $notify = mysql_query("SELECT auteur_id FROM " . FORUM_MESSAGES_TABLE . " WHERE thread_id = '" . (int) $_REQUEST['thread_id'] . "' AND emailnotify = 1 GROUP BY auteur_id");
  596. $nbusers = mysql_num_rows($notify);
  597. if ($nbusers > 0)
  598. {
  599. while (list($usermail) = mysql_fetch_row($notify))
  600. {
  601. if($usermail != $auteur_id)
  602. {
  603. $getmail = mysql_query("SELECT mail FROM " . USER_TABLE . " WHERE id = '" . $usermail . "'");
  604. list($email) = mysql_fetch_row($getmail);
  605. $subject = _MESSAGE . " : " . $_REQUEST['titre'];
  606. $corps = _EMAILNOTIFYMAIL . "\r\n" . $nuked['url'] . "/index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'] . "\r\n\r\n\r\n" . $nuked['name'] . " - " . $nuked['slogan'];
  607. $from = "From: " . $nuked['name'] . " <" . $nuked['mail'] . ">\r\nReply-To: " . $nuked['mail'];
  608. $subject = @html_entity_decode($subject);
  609. $corps = @html_entity_decode($corps);
  610. $from = @html_entity_decode($from);
  611. mail($email, $subject, $corps, $from);
  612. }
  613. }
  614. }
  615. if ($user)
  616. {
  617. $sql_count = mysql_query("SELECT count FROM " . USER_TABLE . " WHERE id = '" . $user[0] . "'");
  618. list($count) = mysql_fetch_row($sql_count);
  619. $newcount = $count + 1;
  620. $upd = mysql_query("UPDATE " . USER_TABLE . " SET count = '" . $newcount . "' WHERE id = '" . $user[0] . "'");
  621. }
  622. $sql_page = mysql_query("SELECT id FROM " . FORUM_MESSAGES_TABLE . " WHERE thread_id = '" . $_REQUEST['thread_id'] . "'");
  623. list($mess_id) = mysql_fetch_row($sql_page);
  624. $nb_rep = mysql_num_rows($sql_page);
  625. if ($nb_rep > $nuked['mess_forum_page'])
  626. {
  627. $topicpages = $nb_rep / $nuked['mess_forum_page'];
  628. $topicpages = ceil($topicpages);
  629. $link_post = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'] . "&p=" . $topicpages . "#" . $mess_id;
  630. }
  631. else
  632. {
  633. $link_post = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'] . "#" . $mess_id;
  634. }
  635. echo "<br /><br /><div style=\"text-align: center;\">" . _MESSAGESEND . "</div><br /><br />";
  636. redirect($link_post, 2);
  637. closetable();
  638. }
  639. function post()
  640. {
  641. global $user, $nuked,$captcha,$user_ip, $visiteur, $bgcolor3;
  642. opentable();
  643. if ($captcha == 1 && !ValidCaptchaCode($_REQUEST['code_confirm']))
  644. {
  645. echo "<br /><br /><div style=\"text-align: center;\">" . _BADCODECONFIRM . "<br /><br /><a href=\"javascript:history.back()\">[ <b>" . _BACK . "</b> ]</a></div><br /><br />";
  646. closetable();
  647. footer();
  648. exit();
  649. }
  650. if ($_REQUEST['auteur'] == "" || $_REQUEST['titre'] == "" || $_REQUEST['texte'] == "" || @ctype_space($_REQUEST['titre']) || @ctype_space($_REQUEST['texte']))
  651. {
  652. echo "<br /><br /><div style=\"text-align: center;\">" . _FIELDEMPTY . "</div><br /><br />";
  653. $url = "index.php?file=Forum&page=post&forum_id=" . $_REQUEST['forum_id'];
  654. redirect($url, 2);
  655. closetable();
  656. footer();
  657. exit();
  658. }
  659. $forum = mysql_query("SELECT level, level_poll FROM " . FORUM_TABLE . " WHERE id = '" . $_REQUEST['forum_id'] . "'");
  660. list($level, $level_poll) = mysql_fetch_array($forum);
  661. if ($level > $visiteur)
  662. {
  663. echo "<br /><br /><div style=\"text-align: center;\">" . _ZONEADMIN . "</div><br /><br />";
  664. $url = "index.php?file=Forum&page=post&forum_id=" . $_REQUEST['forum_id'];
  665. redirect($url, 2);
  666. closetable();
  667. footer();
  668. exit();
  669. }
  670. if ($user[2] != "")
  671. {
  672. $autor = $user[2];
  673. $auteur_id = $user[0];
  674. }
  675. else
  676. {
  677. $_REQUEST['auteur'] = htmlentities($_REQUEST['auteur'], ENT_QUOTES);
  678. $_REQUEST['auteur'] = verif_pseudo($_REQUEST['auteur']);
  679. if ($_REQUEST['auteur'] == "error1")
  680. {
  681. echo "<br /><br /><div style=\"text-align: center;\">" . _PSEUDOFAILDED . "</div><br /><br />";
  682. $url = "index.php?file=Forum&page=post&forum_id=" . $_REQUEST['forum_id'];
  683. redirect($url, 2);
  684. closetable();
  685. footer();
  686. exit();
  687. }
  688. else if ($_REQUEST['auteur'] == "error2")
  689. {
  690. echo "<br /><br /><div style=\"text-align: center;\">" . _RESERVNICK . "</div><br /><br />";
  691. $url = "index.php?file=Forum&page=post&forum_id=" . $_REQUEST['forum_id'];
  692. redirect($url, 2);
  693. closetable();
  694. footer();
  695. exit();
  696. }
  697. else if ($_REQUEST['auteur'] == "error3")
  698. {
  699. echo "<br /><br /><div style=\"text-align: center;\">" . _BANNEDNICK . "</div><br /><br />";
  700. $url = "index.php?file=Forum&page=post&forum_id=" . $_REQUEST['forum_id'];
  701. redirect($url, 2);
  702. closetable();
  703. footer();
  704. exit();
  705. }
  706. else
  707. {
  708. $autor = $_REQUEST['auteur'];
  709. }
  710. }
  711. $flood = mysql_query("SELECT date FROM " . FORUM_MESSAGES_TABLE . " WHERE auteur = '" . $autor . "' OR auteur_ip = '" . $user_ip . "' ORDER BY date DESC LIMIT 0, 1");
  712. list($flood_date) = mysql_fetch_row($flood);
  713. $anti_flood = $flood_date + $nuked['post_flood'];
  714. $date = time();
  715. if ($date < $anti_flood && $user[1] < admin_mod("Forum"))
  716. {
  717. echo "<br /><br /><div style=\"text-align: center;\">" . _NOFLOOD . "</div><br /><br />";
  718. $url = "index.php?file=Forum&page=viewforum&forum_id=" . $_REQUEST['forum_id'];
  719. redirect($url, 2);
  720. closetable();
  721. footer();
  722. exit();
  723. }
  724. $_REQUEST['texte'] = secu_html(html_entity_decode($_REQUEST['texte']));
  725. $_REQUEST['texte'] = icon($_REQUEST['texte']);
  726. $_REQUEST['titre'] = mysql_real_escape_string(stripslashes($_REQUEST['titre']));
  727. $_REQUEST['texte'] = mysql_real_escape_string(stripslashes($_REQUEST['texte']));
  728. $_REQUEST['texte'] = str_replace('<blockquote>', '<blockquote style="border: 1px dashed ' . $bgcolor3 . '; background: #FFF; color: #000; padding: 5px"><strong>' . _QUOTE . ' :</strong><br />', $_REQUEST['texte']);
  729. $autor = mysql_real_escape_string(stripslashes($autor));
  730. if (!is_numeric($_REQUEST['usersig'])) $_REQUEST['usersig'] = 0;
  731. if (!is_numeric($_REQUEST['emailnotify'])) $_REQUEST['emailnotify'] = 0;
  732. if (($visiteur < admin_mod("Forum") && $administrator == 0) || !is_numeric($_REQUEST['annonce'])) $_REQUEST['annonce'] = 0;
  733. if ($_REQUEST['survey'] == 1 && $_REQUEST['survey_field'] > 0 && $visiteur >= $level_poll)
  734. {
  735. $sondage = 1;
  736. }
  737. else
  738. {
  739. $sondage = 0;
  740. }
  741. $sql = mysql_query("INSERT INTO " . FORUM_THREADS_TABLE . " ( `id` , `titre` , `date` , `closed` , `auteur` , `auteur_id` , `forum_id` , `last_post` , `view` , `annonce` , `sondage` ) VALUES ( '' , '" . $_REQUEST['titre'] . "' , '" . $date . "' , '' , '" . $autor . "' , '" . $auteur_id . "' , '" . $_REQUEST['forum_id'] . "' , '" . $date . "' , '' , '" . $_REQUEST['annonce'] . "' , '" . $sondage . "' )");
  742. $req4 = mysql_query("SELECT MAX(id) FROM " . FORUM_THREADS_TABLE . " WHERE forum_id = '" . $_REQUEST['forum_id'] . "' AND titre = '" . $_REQUEST['titre'] . "' AND date = '" . $date . "' AND auteur = '" . $_REQUEST['auteur'] . "'");
  743. $idmax = mysql_result($req4, 0, "MAX(id)");
  744. $_REQUEST['thread_id'] = $idmax;
  745. $filename = $_FILES['fichiernom']['name'];
  746. $filesize = $_FILES['fichiernom']['size'] / 1000;
  747. if ($visiteur >= $nuked['forum_file_level'] && $filename != "" && $nuked['forum_file'] == "on" && $nuked['forum_file_maxsize'] >= $filesize)
  748. {
  749. if (!preg_match("`\.php`i", $filename) && !preg_match("`\.htm`i", $filename) && !preg_match("`\.[a-z]htm`i", $filename) && $filename != ".htaccess")
  750. {
  751. $url_file = "upload/Forum/" . $filename;
  752. move_uploaded_file($_FILES['fichiernom']['tmp_name'], $url_file) or die ("<br /><br /><div style=\"text-align: center;\"><big><b>" . _UPLOADFAILED . "</b></big></div><br /><br />");
  753. @chmod ($url_file, 0644);
  754. }
  755. }
  756. else
  757. {
  758. $url_file = "";
  759. }
  760. $sql2 = mysql_query("INSERT INTO " . FORUM_MESSAGES_TABLE . " ( `id` , `titre` , `txt` , `date` , `edition` , `auteur` , `auteur_id` , `auteur_ip` , `usersig` , `emailnotify` , `thread_id` , `forum_id` , `file` ) VALUES ( '' , '" . $_REQUEST['titre'] . "' , '" . $_REQUEST['texte'] . "' , '" . $date . "' , '' , '" . $autor . "' , '" . $auteur_id . "' , '" . $user_ip . "' , '" . $_REQUEST['usersig'] . "' , '" . $_REQUEST['emailnotify'] . "' , '" . $_REQUEST['thread_id'] . "' , '" . $_REQUEST['forum_id'] . "' , '" . $filename . "' )");
  761. $SQL = "SELECT thread_id, forum_id, user_id FROM " . FORUM_READ_TABLE . " WHERE thread_id LIKE '%," . (int) $_REQUEST['thread_id'] . ",%' OR forum_id LIKE '%," . (int) $_REQUEST['forum_id'] . ",%' ";
  762. $req = mysql_query($SQL);
  763. $update = "";
  764. while ($results = mysql_fetch_assoc($req)) {
  765. $tid = $results['thread_id'];
  766. $fid = $results['forum_id'];
  767. if (strrpos($fid, ',' . $_REQUEST['forum_id'] . ',') !== false) {
  768. $fid = preg_replace("#," . $_REQUEST['forum_id'] . ",#is", ",", $fid);
  769. }
  770. if (strrpos($tid, ',' . $_REQUEST['thread_id'] . ',') !== false) {
  771. $tid = preg_replace("#," . $_REQUEST['thread_id'] . ",#is", ",", $tid);
  772. }
  773. $update .= (!empty($update) ? ', ' : '');
  774. $update .= "('" . $fid . "', '" . $tid . "', '" . $results['user_id'] . "')";
  775. }
  776. if (!empty($update)) {
  777. $update = "INSERT INTO `" . FORUM_READ_TABLE . "` (forum_id, thread_id, user_id) VALUES $update ON DUPLICATE KEY UPDATE forum_id=VALUES(forum_id), thread_id=VALUES(thread_id);";
  778. mysql_query($update) or die(mysql_error());
  779. }
  780. if ($user)
  781. {
  782. $sql_count = mysql_query("SELECT count FROM " . USER_TABLE . " WHERE id = '" . $user[0] . "'");
  783. list($count) = mysql_fetch_row($sql_count);
  784. $newcount = $count + 1;
  785. $upd = mysql_query("UPDATE " . USER_TABLE . " SET count = '" . $newcount . "' WHERE id = '" . $user[0] . "'");
  786. }
  787. if ($_REQUEST['survey'] == 1 && $_REQUEST['survey_field'] > 0 && $visiteur >= $level_poll)
  788. {
  789. $url = "index.php?file=Forum&op=add_poll&survey_field=" . $_REQUEST['survey_field'] . "&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
  790. }
  791. else
  792. {
  793. $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
  794. }
  795. echo "<br /><br /><div style=\"text-align: center;\">" . _MESSAGESEND . "</div><br /><br />";
  796. redirect($url, 2);
  797. closetable();
  798. }
  799. function mark()
  800. {
  801. global $user, $nuked, $cookie_forum;
  802. if ($user)
  803. {
  804. if ($_REQUEST['forum_id'] > 0)
  805. {
  806. $new_id = '';
  807. $table_read_forum = array();
  808. $id_read_forum = '';
  809. if (isset($_COOKIE[$cookie_forum]) && $_COOKIE[$cookie_forum] != "")
  810. {
  811. $id_read_forum = $_COOKIE[$cookie_forum];
  812. if (preg_match("`[^0-9,]`i", $id_read_forum)) $id_read_forum = "";
  813. $table_read_forum = explode(',',$id_read_forum);
  814. }
  815. $req = "SELECT MAX(id) FROM " . FORUM_MESSAGES_TABLE . " WHERE forum_id = '" . $_REQUEST['forum_id'] . "' AND date > '" . $user[4] . "' GROUP BY thread_id";
  816. $sql = mysql_query($req);
  817. while (list($max_id) = mysql_fetch_array($sql))
  818. {
  819. if (!in_array($max_id,$table_read_forum))
  820. {
  821. if ($new_id != '') $new_id .= ',';
  822. $new_id .= $max_id;
  823. }
  824. }
  825. if ($id_read_forum != '' && $new_id != '') $id_read_forum .= ',';
  826. $_COOKIE['cookie_forum'] = $id_read_forum . $new_id;
  827. }
  828. else
  829. {
  830. $_COOKIE['cookie_forum'] = '';
  831. $req = "UPDATE " . SESSIONS_TABLE . " SET last_used = date WHERE user_id = '" . $user[0] . "'";
  832. $sql = mysql_query($req);
  833. }
  834. if ($user) {
  835. if ((int) $_REQUEST['forum_id'] != "") {
  836. $where = "WHERE forum_id = '" . (int) $_REQUEST['forum_id'] . "'";
  837. } else {
  838. $where = "";
  839. }
  840. // On veut modifier la chaine thread_id et forum_id
  841. $req = mysql_query("SELECT thread_id, forum_id FROM " . FORUM_READ_TABLE . " WHERE user_id = '" . $user[0] . "'");
  842. $result = mysql_query("SELECT id, forum_id FROM " . FORUM_THREADS_TABLE . " " . $where);
  843. $nbtopics = mysql_num_rows($result);
  844. if ($nbtopics > 0) {
  845. $res = mysql_fetch_assoc($req);
  846. $tid = ',' . substr($res['thread_id'], 1);
  847. $fid = ',' . substr($res['forum_id'], 1);
  848. ;
  849. while (list($thread_id, $forum_id) = mysql_fetch_row($result)) {
  850. if (strrpos($tid, ',' . $thread_id . ',') === false)
  851. $tid .= $thread_id . ',';
  852. if (strrpos($fid, ',' . $forum_id . ',') === false)
  853. $fid .= $forum_id . ',';
  854. }
  855. $sql = mysql_query("REPLACE " . FORUM_READ_TABLE . " (`user_id` , `thread_id` , `forum_id` ) VALUES ('" . $user[0] . "' , '" . $tid . "' , '" . $fid . "' )");
  856. }
  857. }
  858. }
  859. opentable();
  860. echo "<br /><br /><div style=\"text-align: center;\">" . _MESSAGESMARK . "</div><br /><br />";
  861. redirect("index.php?file=Forum", 2);
  862. closetable();
  863. }
  864. function del_file()
  865. {
  866. global $visiteur, $user, $nuked;
  867. opentable();
  868. $result = mysql_query("SELECT moderateurs FROM " . FORUM_TABLE . " WHERE '" . $visiteur . "' >= niveau AND id = '" . $_REQUEST['forum_id'] . "'");
  869. list($modos) = mysql_fetch_array($result);
  870. if ($user && $modos != "" && strpos($modos, $user[0]) !== false)
  871. {
  872. $administrator = 1;
  873. }
  874. else
  875. {
  876. $administrator = 0;
  877. }
  878. $sql = mysql_query("SELECT file, auteur_id FROM " . FORUM_MESSAGES_TABLE . " WHERE id = '" . $_REQUEST['mess_id'] . "'");
  879. list($filename, $auteur_id) = mysql_fetch_array($sql);
  880. if ($user && $auteur_id == $user[0] || $visiteur >= admin_mod("Forum") || $administrator == 1)
  881. {
  882. $path = "upload/Forum/" . $filename;
  883. if (is_file($path))
  884. {
  885. $filesys = str_replace("/", "\\", $path);
  886. @chmod ($path, 0775);
  887. @unlink($path);
  888. @system("del $filesys");
  889. $upd = mysql_query("UPDATE " . FORUM_MESSAGES_TABLE . " SET file = '' WHERE id = '" . $_REQUEST['mess_id'] . "'");
  890. echo "<br /><br /><div style=\"text-align: center;\">" . _FILEDELETED . "</div><br /><br />";
  891. $url = "index.php?file=Forum&page=viewtopic&forum_id=" . $_REQUEST['forum_id'] . "&thread_id=" . $_REQUEST['thread_id'];
  892. redirect($url, 2);
  893. }
  894. }
  895. else

Large files files are truncated, but you can click here to view the full file