<?php
/*************************************************************************
* 427BB - PHP & MySQL Forum *
* Copyright (C) 2003-2006 Ben Brown *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; version 2 of the License. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* A Copy of the GNU General Public License can be found in the file *
* 'liscence.txt' in the root of the forum directory. *
*************************************************************************/
include 'sql_connect.php';
function get_personal($p_user, $showsig) {
include 'config.php';
$pers_sql = "SELECT UserType, Status, Avatar, Signature, Posts, Location FROM " . $t_prefix . "Personal WHERE UserName='$p_user'";
$pers_res = mysql_query($pers_sql);
$pers_row = mysql_fetch_row($pers_res);
$p_usertype = $pers_row[0];
$p_status = stripslashes($pers_row[1]);
$avatar = stripslashes($pers_row[2]);
$sig = stripslashes($pers_row[3]);
$postcount = $pers_row[4];
$location = stripslashes($pers_row[5]);
$out = "<td class=mess_nw width=120";
if ($sig != NULL && $showsig != 0) {
$out .= " rowspan=2";
}
$out .= "><span class=small>$p_status
<br>$avatar";
if ($location != NULL) {
$out.= "\n<br>$location";
}
$out .= "\n<br>Posts: $postcount
</span></td>";
$out = array ($p_usertype, $out, $sig);
return $out;
}
function get_options($auth, $usertype, $username, $p_user, $postid, $write) {
if ($write != TRUE) {
return " ";
}
$out = "<div class=small style=\"text-align:right\">[ ";
if (!isset($auth) || $auth == NULL) {
$out .= "You are not logged in. Log in or <a href=register.php class=white>register</a> to post ]</div>";
return $out;
}
$out .= "<a href=\"ignorelist.php?ignore_user=$p_user\" class=white>Ignore User</a> | ";
if ($usertype == "admin" || $username == $p_user) {
$out .= "<a href=\"posts.php?delete=$postid\" class=white>delete</a> | <a href=\"posts.php?edit=$postid\" class=white>edit</a> | ";
}
$out .= "<a href=\"posts.php?quote=$postid\" class=white>quote</a> | <a href=\"posts.php?reply=$postid\" class=white>reply</a>";
$out .= " ]</div>";
return $out;
}
function get_post_info($post_id, $type = NULL) {
include 'config.php';
if ($type == "thread") {
$sql = "SELECT ForumTitle FROM " . $t_prefix . "Forums WHERE ForumID=$post_id";
$res = mysql_query($sql);
$out = mysql_result($res, 0);
return $out;
} else if ($type == "ethread") {
$sql = "SELECT ThreadTitle, ForumID FROM " . $t_prefix . "Threads WHERE ID=$post_id";
$res = mysql_query($sql);
$out = mysql_fetch_row($res);
return $out;
}
$p_sql = "SELECT UserName, Post, ThreadID, ForumID FROM " . $t_prefix . "Posts WHERE ID=$post_id";
$p_res = mysql_query($p_sql);
if (!$p_row = mysql_fetch_row($p_res)) {
return mysql_error() . "\n$p_sql";
}
$ThreadID = $p_row[2];
$t_sql = "SELECT ThreadTitle FROM " . $t_prefix . "Threads WHERE ID=$ThreadID";
$t_res = mysql_query($t_sql);
$title = mysql_result($t_res, 0);
$p_row[4] = $title;
return $p_row;
}
function draw_form($post_id, $type, $prev_post = NULL) {
include 'config.php';
include 'func_chk.php';
$info = get_post_info($post_id, $type);
if (isset($_POST['refer'])) {
$refer = $_POST['refer'];
} else {
$refer = $_SERVER['HTTP_REFERER'];
}
$page = $_SERVER['PHP_SELF'];
$preview = $_POST['preview'];
if ($type != "ethread") {
$post = $info[1];
$ThreadID = $info[2];
$ForumID = $info[3];
$ThreadTitle = stripslashes($info[4]);
} else {
$ThreadTitle = stripslashes($info[0]);
$ForumID = $info[1];
$ThreadID = $post_id;
}
$out = "<form action=\"$page\" method=post name=form>
<table border=0 width=\"$table_width\" cellspacing=3 cellpadding=0>";
if ($type == "ethread" || $type == "thread") {
$out .= "<tr>
<td class=formright width=100>Thread Title:</td>
<td class=formleft><input type=text size=60 name=ThreadTitle value=\"";
if ($type == "ethread") {
$out .= $ThreadTitle;
}
$out .= "\"></td>
</tr>";
}
if ($type == "delete") {
$out .= "<input type=hidden name=postid value=$post_id>
<tr height=100 valign=top>
<td class=mess>$post</td>
</tr>
<tr>
<td classformleft><input type=submit name=save value=\"Delete\">
<input type=submit name=save value=\"Cancel\"></td>
</tr>";
}
if ($type == "reply" || $type == "quote") {
$out .= "<input type=hidden name=replyuser value=\"" . $info[0] . "\">";
}
if ($type != "delete" && $type != "ethread") {
$out .= "<tr valign=top>
<td class=formright>Post:</td>
<td class=formleft><textarea name=post rows=10 cols=80>";
if ($prev_post != NULL) {
$out .= $prev_post;
} else if ($type == "edit" || $type == "quote") {
$post = post_replace($post, "edit");
if ($type == "quote") {
$out .= "[quote={$info[0]}]\n" . $post . "\n[/quote]";
$type = "reply";
} else {
$out .= $post;
}
}
$out .= "</textarea></td></tr>";
}
if ($type == "edit" || $type == "reply") {
$out .= show_smilies();
if ($type == "edit" && $usertype == "admin") {
$out .= "\n<tr><td> </td>\n<td class=formleft><input type=checkbox name=showedit checked> Show Edit</td></tr>";
}
$out .= "\n<tr><td> </td>\n<td class=formleft><input type=checkbox name=preview checked> Preview</td></tr>
<input type=hidden name=postid value=$post_id>";
}
if ($type == "thread") {
$out .= "\n<input type=hidden name=ForumID value=$post_id>";
} else {
$out .= "\n<input type=hidden name=ThreadID value=$ThreadID>";
}
if ($type == "thread") {
$out .= show_smilies();
}
if ($type == "thread" || $type == "ethread") {
if ($usertype == "admin") {
$out .= get_thread_admin($post_id, $type);
}
}
if ($type != "thread") {
$out .= "<input type=hidden name=ForumID value=$ForumID>";
}
$out .= "<input type=hidden name=refer value=\"$refer\">
<input type=hidden name=type value=\"$type\">
<tr>";
if ($type != "delete") {
$out .= "<td class=formleft> </td>
<td class=formleft><input type=submit name=save value=\"Save\">
<input type=submit name=save value=\"Cancel\"></td>
</tr>";
}
$out .= "</table></form>";
return $out;
}
function show_last_posts($ThreadID, $table_width) {
include 'config.php';
$sql = "SELECT UserName, Post FROM " . $t_prefix . "Posts WHERE ThreadID=$ThreadID ORDER BY UTime DESC LIMIT 10";
$res = mysql_query($sql);
$out .= "<div class=messtitle>Last 10 Posts:</div>
<div class=mess_nw>
<table border=0 cellspacing=0 width=\"$table_width\">";
while ($row = mysql_fetch_row($res)) {
$username = stripslashes($row[0]);
$post = img_replace($row[1]);
$post = stripslashes($post);
$out .= "<tr valign=top>
<td class=mess_nw width=120>$username</td>
<td class=mess_nw>$post</td>
</tr>";
}
$out .= "</table>";
return $out;
}
function increase_postcount($user) {
include 'config.php';
if ($user == NULL) {
return "Username not supplied";
}
$sql = "SELECT UserType, Posts FROM " . $t_prefix . "Personal WHERE UserName='$user'";
$res = mysql_query($sql);
if (!$row = mysql_fetch_row($res)) {
return mysql_error();
}
$usertype = $row[0];
$postcount = $row[1];
if ($postcount == NULL) {
$postcount = 0;
}
$postcount++;
$statuses = get_statuses();
foreach ($statuses as $key => $val) {
if (preg_match("/^custom$/", $val['status'])) {
$trigger = $val['posts'];
}
}
if ($usertype == "admin" || $postcount >= $trigger) {
$sql = "UPDATE " . $t_prefix . "Personal SET Posts=$postcount WHERE UserName='$user'";
if (!mysql_query($sql)) {
return mysql_error();
} else {
return;
}
}
foreach ($statuses as $key => $val) {
if ($postcount == $val['posts']) {
$status = addslashes($val['status']);
}
}
if ($status == NULL) {
$sql = "UPDATE " . $t_prefix . "Personal SET Posts=$postcount WHERE UserName='$user'";
} else {
$sql = "UPDATE " . $t_prefix . "Personal SET Posts=$postcount, Status='$status' WHERE UserName='$user'";
}
if (!mysql_query($sql)) {
return mysql_error();
} else {
return;
}
}
function show_preview($post) {
$p_post = post_replace($post, "post");
$p_post = stripslashes($p_post);
$out = "\n
<!-- Start of Preview -->
<div class=messtitle>Preview</div>
<div class=mess>$p_post</div>";
$post = base64_encode($post);
$ThreadID = $_POST['ThreadID'];
$ForumID = $_POST['ForumID'];
$postid = $_POST['postid'];
$refer = $_POST['refer'];
$type = $_POST['type'];
$replyuser = stripslashes($_POST['replyuser']);
$showedit = $_POST['showedit'];
$action = $_SERVER['PHP_SELF'];
$out .= "\n<form action=\"$action\" method=POST>
<input type=hidden name=ThreadID value=$ThreadID>
<input type=hidden name=ForumID value=$ForumID>
<input type=hidden name=postid value=$postid>
<input type=hidden name=refer value=$refer>
<input type=hidden name=type value=$type>
<input type=hidden name=post value=\"$post\">
<input type=hidden name=showedit value=$showedit>
<input type=hidden name=replyuser value=\"$replyuser\">
<input type=hidden name=enc value=1>
<input type=submit name=save value=\"Save\">
</form>
<!-- End of Preview -->
";
return $out;
}
function get_thread_admin($ThreadID, $type = NULL) {
include 'config.php';
if ($ThreadID != NULL) {
if ($type == "thread") {
$sql1 = NULL;
$sql2 = "Forums";
$id = "ForumID";
} else {
$sql1 = ", Status, Sticky";
$sql2 = "Threads";
$id = "ID";
}
$sql = "SELECT UGroup, GroupRights, OtherRights{$sql1} FROM " . $t_prefix . $sql2 . " WHERE {$id}=$ThreadID";
if (!$res = mysql_query($sql)) {
return mysql_error();
}
$row = mysql_fetch_row($res);
$status = $row[3];
$sticky = $row[4];
$UGroup = $row[0];
$g_acc = $row[1];
$o_acc = $row[2];
} else {
$status = "unlocked";
$sticky = 'NULL';
}
$out = "<tr>
<td class=messtitle_nw colspan=2>Edit Thread Settings</div>
</tr>
<tr>
<td class=formright>";
$opts = array ("unlocked", "locked");
$out .= "Thread Status:</td>
<td class=formleft><select name=status>";
foreach($opts as $value) {
$out .= "\n<option";
if ($value == $status) {
$out .= " selected";
}
$out .= ">$value</option>";
}
$out .= "</select></td>
</tr>
<tr>
<td class=formright>Sticky:</td>
<td class=formleft><input type=checkbox name=sticky";
if ($sticky == "a") {
$out .= " checked";
}
$out .= "></td>
</tr>
<tr>
<td class=messtitle_nw colspan=2>Access Rights</td>
</tr>
<tr>
<td class=formright>Group:</td>
<td class=formleft><select name=UGroup>";
$groups = get_groups();
foreach ($groups as $key => $val) {
$out .= "<option";
if ($val['name'] == $UGroup) {
$out .= " selected";
}
$out .= ">" . $val['name'] . "</option>";
}
$out .= "</select></td>
</tr>
<tr valign=top>
<td class=formright> </td>";
$code = get_access_html($g_acc, $o_acc);
$out .= "<td>$code</td>";
$out .="\n</tr>
<tr>
<td> </td>
<td>(Leave blank to use the same permissions as the forum)</td>
</tr>";
return $out;
}
function show_smilies($tab_width = "100%") {
include 'config.php';
$out = "\n<!-- Start of Smiley script -->
<script language=javascript>
<!--
function add_smiley(text) {
document.form.post.value = document.form.post.value + text;
}
function add_url() {
url = document.form.url.value;
comment = document.form.comment.value;
if (comment == \"\") {
comment = url;
}
text = \"[url=\" + url + \"]\" + comment + \"[/url]\";
document.form.post.value = document.form.post.value + text;
document.form.url.value = \"\";
document.form.comment.value = \"\";
}
function add_img() {
img = document.form.img.value;
text = \"[img]\" + img + \"[/img]\";
document.form.post.value = document.form.post.value + text;
document.form.img.value = \"\";
}
// -->
</script>
<tr>
<td> </td>
<td>
<table border=0 cellspacing=0>
<tr valign=top>
<td>
<table border=0 cellspacing=0>";
$sql = "SELECT COUNT(*) FROM " . $t_prefix . "Smilies";
$res = mysql_query($sql);
$count = mysql_result($res, 0);
$sql = "SELECT URL, Shortcut FROM " . $t_prefix . "Smilies";
$res = mysql_query($sql);
$r_count = 0;
$t_count = 0;
while ($row = mysql_fetch_row($res)) {
$URL = $row[0];
$Shortcut = $row[1];
if ($r_count == 0) {
$out .= "<tr>";
}
$out .= "\n\t<td><a href=# onclick=\"javascript:add_smiley('$Shortcut');\">$URL</a></td>";
$r_count ++;
$t_count ++;
if ($r_count == 4 || $t_count == $count) {
$out .= "\n</tr>";
$r_count = 0;
}
}
$out .= "\n</table>
</td>
<td>
<table border=0 cellspacing=0 width=\"$tab_width\">
<tr>
<td class=messtitle_nw colspan=5>QuickURL</td>
</tr>
<tr>
<td>URL:</td>
<td><input name=url type=text></td>
<td>Comment:</td>
<td><input name=comment type=text></td>
<td><input type=button onclick=\"javascript:add_url();\" value=\"Add URL\"></td>
</tr>
<tr>
<td class=messtitle_nw colspan=5>QuickIMG</td>
</tr>
<tr>
<td>IMG:</td>
<td><input name=img type=text></td>
<td><input type=button onclick=\"javascript:add_img();\" value=\"Add IMG\"></td>
</tr>
</table>
</td>
</tr>
</table>
</tr>
<!-- End of Smiley Script -->";
return $out;
}
?>