<?php
if (@$magic != "0xDEADBEEF")
die("This file cannot be executed directly");
$submitId = secureVar($_POST['submit'], 'html');
$actionId = secureVar($_GET['action'], 'html');
$pageNum = 1;
// Get page number
if (! empty($_GET['p']))
$pageNum = secureVar($_GET['p'], 'html');
// Get page type
$typeId = secureVar($_GET['t'], 'html');
$databaseName = $dbTables['posts'];
$isTrash = false;
if ((! empty($typeId)) && isset($typeId) && ($typeId == 'trash')) {
$isTrash = true;
$databaseName = $dbTables['trash'];
}
if ($isTrash) {
echo '<div class="mainTitle">' . $lang['trash'] . '</div>';
echo '<div class="helpPopup ' . $alignHelp . '"><a href="#" onclick="openHelp(\'trash\');">' . $lang['help'] . '</a></div>';
$submitEmptyTrash = secureVar($_POST['submitEmptyTrash'], 'html');
if ((! empty($submitEmptyTrash)) && isset($submitEmptyTrash)) {
$con->connect();
$queryMsg = "TRUNCATE TABLE " . $dbTables['trash'] . ";";
if ($con->modify($queryMsg))
echo "<div class=\"msgSuccess\">" . $lang['changeSuccess'] . "</div>";
else {
$con->printError();
echo "<div class=\"msgError\">" . $lang['dataError'] . "</div>";
}
$con->close();
}
}
else {
echo '<div class="mainTitle">' . $lang['posts'] . '</div>';
echo '<div class="helpPopup ' . $alignHelp . '"><a href="#" onclick="openHelp(\'posts\');">' . $lang['help'] . '</a></div>';
}
$postsTable = $dbTables['posts'];
$trashTable = $dbTables['trash'];
if ($isTrash) {
$trashTable = $dbTables['posts'];
$postsTable = $dbTables['trash'];
}
$searchUsed = false;
$postActionId = secureVar($_GET['postid'], 'html');
if ((! empty($actionId)) && isset($actionId)) {
$con->connect();
$doQuery = true;
switch ($actionId) {
case "delete" :
$queryMsg = "DELETE FROM " . $postsTable . " WHERE id='" . secureVar($postActionId, 'sql') . "';";
if (! $isTrash) {
$queryMsgTrash = "INSERT INTO " . $trashTable . " SELECT * FROM " . $postsTable . " WHERE id='" . secureVar($postActionId, 'sql') . "';";
$con->modify($queryMsgTrash);
}
else {
$queryMsgReply = "DELETE FROM " . $dbTables['reply'] . " WHERE post_id='" . secureVar($postActionId, 'sql') . "';";
$con->modify($queryMsgReply);
}
break;
case "banIP" :
// Get IP for id post
$con->getRows("Select ip from " . $postsTable . " where id='" . secureVar($postActionId, 'sql') . "';");
foreach ($con->queryResult as $res)
$ipNumber = $res['ip'];
// Add IP to ban table
$queryMsg = "INSERT INTO " . $dbTables['ip'] . " (id, ip) VALUES (NULL, '" . secureVar($ipNumber, 'sql') . "');";
break;
case "unbanIP" :
// Get IP for id post
$con->getRows("Select ip from " . $postsTable . " where id='" . secureVar($postActionId, 'sql') . "';");
foreach ($con->queryResult as $res)
$ipNumber = $res['ip'];
// Remove IP from ban table
$queryMsg = "DELETE FROM " . $dbTables['ip'] . " WHERE ip='" . secureVar($ipNumber, 'sql') . "';";
break;
case "restore" :
$queryMsgTrash = "INSERT INTO " . $dbTables['posts'] . " SELECT * FROM " . $dbTables['trash'] . " WHERE id='" . secureVar($postActionId, 'sql') . "';";
$con->modify($queryMsgTrash);
$queryMsg = "DELETE FROM " . $dbTables['trash'] . " WHERE id='" . secureVar($postActionId, 'sql') . "';";
break;
case "publish" :
$queryMsg = "update " . $postsTable . " set publish='1' WHERE id='" . secureVar($postActionId, 'sql') . "';";
break;
case "unpublish" :
$queryMsg = "update " . $postsTable . " set publish='0' WHERE id='" . secureVar($postActionId, 'sql') . "';";
break;
case "deleteReply" :
$queryMsg = "DELETE FROM " . $dbTables['reply'] . " WHERE id='" . secureVar($postActionId, 'sql') . "';";
break;
case "deleteUnpublishedPosts" :
$queryMsgTrash = "INSERT INTO " . $trashTable . " SELECT * FROM " . $postsTable . " WHERE publish='0';";
$con->modify($queryMsgTrash);
$queryMsg = "DELETE FROM " . $dbTables['posts'] . " WHERE publish='0';";
break;
default :
$doQuery = false;
}
if ($doQuery) {
if ($con->modify($queryMsg))
echo "<div class=\"msgSuccess\">" . $lang['changeSuccess'] . "</div>";
else {
$con->printError();
echo "<div class=\"msgError\">" . $lang['dataError'] . "</div>";
}
}
$con->close();
}
$messageData = secureVar($_POST['modifyMessage'], 'html');
if ((! empty($messageData)) && isset($messageData)) {
$con->connect();
$queryMsg = "update " . $postsTable . " set message='" . secureVar($messageData, 'sql') . "' WHERE id='" . secureVar($postActionId, 'sql') . "';";
if ($con->modify($queryMsg))
echo "<div class=\"msgSuccess\">" . $lang['changeSuccess'] . "</div>";
else {
$con->printError();
echo "<div class=\"msgError\">" . $lang['dataError'] . "</div>";
}
$con->close();
unset($submitId);
}
$replyData = secureVar($_POST['replyMessage'], 'html');
if ((! empty($replyData)) && isset($replyData)) {
$con->connect();
$queryMsg = "INSERT INTO " . $dbTables['reply'] . " (
`id` ,
`admin_id` ,
`post_id` ,
`name` ,
`date` ,
`message`
)
VALUES (
NULL , '" . secureVar($_SESSION['id'], 'sql') . "', '" . secureVar($postActionId, 'sql') . "', '" . secureVar($_SESSION['username'], 'sql') . "', '" . secureVar(time(), 'sql') . "', '" . secureVar($replyData, 'sql') . "'
);";
if ($con->modify($queryMsg))
echo "<div class=\"msgSuccess\">" . $lang['changeSuccess'] . "</div>";
else {
$con->printError();
echo "<div class=\"msgError\">" . $lang['dataError'] . "</div>";
}
$con->close();
unset($submitId);
}
$replyAdminData = secureVar($_POST['modifyReplyMessage'], 'html');
if ((! empty($replyAdminData)) && isset($replyAdminData)) {
$con->connect();
$queryMsg = "update " . $dbTables['reply'] . " set message='" . secureVar($replyAdminData, 'sql') . "' WHERE id='" . secureVar($postActionId, 'sql') . "';";
if ($con->modify($queryMsg))
echo "<div class=\"msgSuccess\">" . $lang['changeSuccess'] . "</div>";
else {
$con->printError();
echo "<div class=\"msgError\">" . $lang['dataError'] . "</div>";
}
$con->close();
unset($submitId);
}
$checkedItems = $_POST['checkedItems'];
if(! empty($checkedItems) && isset($checkedItems)) {
$result = false;
$items = explode(',', $checkedItems);
$resultNewQuery = false;
$actionIPDone = true;
$con->connect();
/**
* Do treatments, delete/ban/publish/unpublish
*/
if (isset($_POST['delete']) && !empty($_POST['delete'])) {
foreach ($items as $value) {
$queryMsg = "DELETE FROM " . $postsTable . " WHERE id='" . secureVar($value, 'sql') . "';";
if (! $isTrash) {
$queryMsgTrash = "INSERT INTO " . $trashTable . " SELECT * FROM " . $postsTable . " WHERE id='" . secureVar($value, 'sql') . "';";
$con->modify($queryMsgTrash);
}
else {
$queryMsgReply = "DELETE FROM " . $dbTables['reply'] . " WHERE post_id='" . secureVar($value, 'sql') . "';";
$con->modify($queryMsgReply);
}
if ($con->modify($queryMsg))
$resultNewQuery = true;
else
$resultNewQuery = false;
}
}
elseif (isset($_POST['ban']) && !empty($_POST['ban'])) {
$actionIPDone = false;
$addedIP = true;
foreach ($items as $value) {
// Get IP for id post
$con->getRows("Select ip from " . $postsTable . " where id='" . secureVar($value, 'sql') . "';");
foreach ($con->queryResult as $res)
$ipNumber = $res['ip'];
if ($addedIP) {
$queryBannedIP = "Select ip from " . $dbTables['ip'] . ";";
$con->getRows($queryBannedIP);
if ($con->getNumRows() > 0) {
foreach ($con->queryResult as $res) {
$bannedNewIPs[] = $res['ip'];
}
}
}
if (empty($bannedNewIPs) || !in_array($ipNumber, $bannedNewIPs)) {
// Add IP to ban table
$queryMsg = "INSERT INTO " . $dbTables['ip'] . " (id, ip) VALUES (NULL, '" . secureVar($ipNumber, 'sql') . "');";
if ($con->modify($queryMsg)) {
echo "<div class=\"msgSuccess\">" . $lang['changeSuccess'] . "</div>";
$addedIP = true;
}
else {
$con->printError();
$addedIP = false;
echo "<div class=\"msgError\">" . $lang['dataError'] . "</div>";
}
}
else {
$addedIP = false;
echo "<div class=\"msgError\">" . $ipNumber . ' ' . $lang['ipBanned'] . "</div>";
}
}
}
elseif (isset($_POST['publish']) && !empty($_POST['publish'])) {
foreach ($items as $value) {
$queryMsg = "update " . $postsTable . " set publish='1' WHERE id='" . secureVar($value, 'sql') . "';";
if ($con->modify($queryMsg))
$resultNewQuery = true;
else
$resultNewQuery = false;
}
}
elseif (isset($_POST['unpublish']) && !empty($_POST['unpublish'])) {
foreach ($items as $value) {
$queryMsg = "update " . $postsTable . " set publish='0' WHERE id='" . secureVar($value, 'sql') . "';";
if ($con->modify($queryMsg))
$resultNewQuery = true;
else
$resultNewQuery = false;
}
}
elseif (isset($_POST['restore']) && !empty($_POST['restore'])) {
foreach ($items as $value) {
$queryMsgTrash = "INSERT INTO " . $dbTables['posts'] . " SELECT * FROM " . $dbTables['trash'] . " WHERE id='" . secureVar($value, 'sql') . "';";
$con->modify($queryMsgTrash);
$queryMsg = "DELETE FROM " . $dbTables['trash'] . " WHERE id='" . secureVar($value, 'sql') . "';";
if ($con->modify($queryMsg))
$resultNewQuery = true;
else
$resultNewQuery = false;
}
}
else {
$doNewQuery = false;
}
if ($actionIPDone) {
if ($resultNewQuery)
echo "<div class=\"msgSuccess\">" . $lang['changeSuccess'] . "</div>";
else {
$con->printError();
echo "<div class=\"msgError\">" . $lang['dataError'] . "</div>";
}
}
$con->close();
unset($submitId);
}
$queryMsg = "";
$con->connect();
function produceSearchMsg($tableName, $searchString, $ua) {
global $dbTables;
// Explode search data into words (explode by blank space)
$searchData = explode(" ", trim($searchString));
//$queryMsg = "select * from " . $tableName . " where ";
$queryMsg = "select posts.*, reply.id as rid, reply.post_id as post_id, reply.date as rdate, reply.message as rmessage, reply.name as rname from " . $tableName . " posts LEFT JOIN " . $dbTables['reply'] . " reply ON (posts.id = reply.post_id) where";
// Search each word
foreach ($searchData as $searchSingleData) {
// Search is anything + search data + anything
$searchSingleData = "%".$searchSingleData."%";
if ($ua)
$queryMsg .= " posts.useragent LIKE '" . secureVar($searchSingleData, 'sql') . "' ||";
else
$queryMsg .= " posts.name LIKE '" . secureVar($searchSingleData, 'sql') . "' || posts.message LIKE '" . secureVar($searchSingleData, 'sql') . "' ||";
}
// Remove additional ||
$queryMsg = substr($queryMsg,0,(strLen($queryMsg)-3));
$queryMsg .= " group by posts.date desc;";
return $queryMsg;
}
// Get post id
$postId = secureVar($_GET['id'], 'html');
// Get flag
$countryId = secureVar($_GET['cc'], 'html');
if ((! empty($postId)) && isset($postId) && is_numeric($postId))
$queryMsg = "select posts.*, reply.id as rid, reply.post_id as post_id, reply.date as rdate, reply.message as rmessage, reply.name as rname from " . $databaseName . " posts LEFT JOIN " . $dbTables['reply'] . " reply ON (posts.id = reply.post_id) where posts.id=\"" . secureVar($postId, 'sql') . "\";";
// Get single country posts
elseif ((!empty($countryId)) && isset($countryId) && (strlen($countryId) == 2))
$queryMsg = "select posts.*, reply.id as rid, reply.post_id as post_id, reply.date as rdate, reply.message as rmessage, reply.name as rname from " . $databaseName . " posts LEFT JOIN " . $dbTables['reply'] . " reply ON (posts.id = reply.post_id) where posts.country=\"" . secureVar($countryId, 'sql') . "\" group by posts.date desc;";
elseif ((! empty($submitId)) && isset($submitId)) {
$searchUsed = true;
// Get search query and type
$searchCheck['searchData'] = secureVar(trim($_POST['searchData']), 'html');
$searchCheck['searchType'] = secureVar(trim($_POST['searchType']), 'html');
$searchCheck['hidden'] = secureVar(trim($_POST['hiddenField']), 'html');
if ($searchCheck['hidden'] != '') {
$error = new Error("Humans only ! Go away WALL·E");
die($error->showError());
}
$errorField = '';
if (($searchCheck['searchData'] == '') || empty($searchCheck['searchData']))
$errorField .= $lang['searchData'] . ' ' . $lang['isEmpty'] . '<br />';
if (($searchCheck['searchType'] == '') || empty($searchCheck['searchType']))
$errorField .= $lang['searchType'] . ' ' . $lang['isEmpty'] . '<br />';
if ($errorField != '') {
echo "<div class=\"msgError\">$errorField</div>";
}
else {
switch ($searchCheck['searchType']) {
case "posts" :
$queryMsg = produceSearchMsg($dbTables['posts'], $searchCheck['searchData'], false);
break;
case "ip" :
$queryMsg = "select posts.*, reply.id as rid, reply.post_id as post_id, reply.date as rdate, reply.message as rmessage, reply.name as rname from " . $databaseName . " posts LEFT JOIN " . $dbTables['reply'] . " reply ON (posts.id = reply.post_id) where posts.ip LIKE '" . secureVar($searchCheck['searchData'], 'sql') . "';";
break;
case "ua" :
$queryMsg = produceSearchMsg($dbTables['posts'], $searchCheck['searchData'], true);
break;
case "countries" :
$queryMsg = "select posts.*, reply.id as rid, reply.post_id as post_id, reply.date as rdate, reply.message as rmessage, reply.name as rname from " . $databaseName . " posts LEFT JOIN " . $dbTables['reply'] . " reply ON (posts.id = reply.post_id) where posts.country LIKE '" . secureVar($searchCheck['searchData'], 'sql') . "';";
break;
case "trash" :
$queryMsg = produceSearchMsg($dbTables['trash'], $searchCheck['searchData'], false);
break;
default : ;
}
}
}
else {
// Get all posts
if ($config['pagesFormat'] == 'allinone')
$queryMsg = "select posts.*, reply.id as rid, reply.post_id as post_id, reply.date as rdate, reply.message as rmessage, reply.name as rname from " . $databaseName . " posts LEFT JOIN " . $dbTables['reply'] . " reply ON (posts.id = reply.post_id) group by posts.date desc;";
// Get posts for the selected page
elseif ($config['pagesFormat'] == 'several') {
$startingPostNum = ($pageNum - 1) * $config['numPostsPerPage'];
$queryMsg = "select posts.*, reply.id as rid, reply.post_id as post_id, reply.date as rdate, reply.message as rmessage, reply.name as rname from " . $databaseName . " posts LEFT JOIN " . $dbTables['reply'] . " reply ON (posts.id = reply.post_id) group by posts.date desc limit " . secureVar($startingPostNum, 'sql') . " , " . secureVar($config['numPostsPerPage'], 'sql') . ";";
}
else {
$error = new Error("The Cat doesn't know how to display the posts !");
die($error->showError());
}
}
if (!$isTrash) {
$queryMsgUnpublished = "select id from " . $databaseName . " where publish='0';";
$con->getRows($queryMsgUnpublished);
if ($con->getNumRows() > 0)
echo '<p><a href="index.php?a=posts&p=' . $pageNum . '&action=deleteUnpublishedPosts">-> ' . $lang['deleteUnpublishedPosts'] . '</a></p>';
}
// Get censored and smilies replacment lists
// Get it before process query, in order not to interfere with the other querie
include_once '../classes/manage/message.class.php';
$censoredList = Message::getCensoredList();
$smiliesReplacement = Message::getSmiliesReplacement();
// Get banned IPs list
$queryMsgIP = "Select ip from " . $dbTables['ip'] . ";";
$con->getRows($queryMsgIP);
if ($con->getNumRows() > 0) {
foreach ($con->queryResult as $res) {
$bannedIPs[] = $res['ip'];
}
}
$con->getRows($queryMsg);
if ($con->getNumRows() > 0) {
if ($isTrash) {
echo '<form method="post" action="index.php?a=posts&t=trash">
<fieldset>
<input type="submit" name="submitEmptyTrash" value="' . $lang['emptyTrash'] . '" />
</fieldset>
</form>';
}
?>
<script type="text/javascript">
function toggle(obj) {
var el = document.getElementById('i' + obj);
var el1 = document.getElementById('m' + obj);
if ( el.style.display != 'none' ) {
el.style.display = 'none';
el1.src = '../images/posts/toggle.gif';
}
else {
el.style.display = '';
el1.src = '../images/posts/toggle1.gif';
}
}
function checkAllFields(ref) {
var chkAll = document.getElementById('checkAll');
var checks = document.getElementsByName('checked_items[]');
var checkedArray = new Array();
var checked = document.getElementById('checkedItems');
var boxLength = checks.length;
var allChecked = false;
var totalChecked = 0;
if (ref == "all") {
if (chkAll.checked == true) {
for (i=0; i < boxLength; i++)
checks[i].checked = true;
}
else {
for (i=0; i < boxLength; i++)
checks[i].checked = false;
}
}
else {
for (i=0; i < boxLength; i++) {
if (checks[i].checked == true) {
allChecked = true;
continue;
}
else {
allChecked = false;
break;
}
}
if (allChecked == true)
chkAll.checked = true;
else
chkAll.checked = false;
}
for (j=0; j < boxLength; j++) {
if (checks[j].checked == true)
checkedArray.push(checks[j].value);
}
checked.value = checkedArray;
}
</script>
<?php
include_once '../classes/manage/statistics.class.php';
include_once '../classes/manage/countries.class.php';
if ($con->getNumRows() > 1) {
$urlGlobalActionPrefix = "index.php?a=posts&p=" . $pageNum;
if ($isTrash) {
$urlGlobalActionPrefix .= "&t=trash";
$globalActionsMenu = '<input type="submit" name="restore" value="' . $lang['pRestore'] . '" /> - <input type="submit" name="delete" value="' . $lang['pDelete'] . '" /> - <input type="submit" name="ban" value="' . $lang['pBanIP'] . '" />';
}
else {
$globalActionsMenu = '<input type="submit" name="delete" value="' . $lang['pDelete'] . '" /> - <input type="submit" name="ban" value="' . $lang['pBanIP'] . '" /> - <input type="submit" name="publish" value="' . $lang['pPublish'] . '" /> - <input type="submit" name="unpublish" value="' . $lang['pUnpublish'] . '" />';
}
echo "<form action=\"" . $urlActionPrefix . "\" method=\"post\"><fieldset>
<table class=\"tablePosts\">
<tr class=\"topInfosActions\">
<td>" . $lang['globalActions'] . " : " . $globalActionsMenu . "
</td>
<td align=\"right\" width=\"10%\"><input type=\"checkbox\" onclick=\"checkAllFields('all');\" id=\"checkAll\" /></td>
</tr>
</table>
<input type=\"hidden\" name=\"checkedItems\" id=\"checkedItems\" />
</fieldset></form>";
}
foreach ($con->queryResult as $res) {
// Get data, format it if necessary, and publish it
$userAgent = new Statistics($res['useragent']);
$countryName = new Countries();
$messageValue = Message::formatMessage(secureVar($res['message'], 'html'), $censoredList);
$messageValue = Message::formatSmilies($messageValue, "admin", $smiliesReplacement);
$banIpLang = $lang['pBanIP'];
$banIpAction = "banIP";
if ((! empty($bannedIPs)) && (in_array($res['ip'], $bannedIPs))) {
$banIpLang = $lang['pUnbanIP'];
$banIpAction = "unbanIP";
}
$publishLang = $lang['pUnpublish'];
$publishAction = "unpublish";
$topInfoStyle = "topInfosActions";
if (! $res['publish']) {
$publishLang = $lang['pPublish'];
$publishAction = "publish";
$topInfoStyle = "topInfosActionsUnpublished";
}
echo "<div class=\"posts\">
<table class=\"tablePosts\">
<tr class=\"" . $topInfoStyle . "\">
<td>" . $lang['actions'] . " : ";
$urlActionPrefix = "<a href=\"index.php?a=posts&p=" . $pageNum . "&postid=" . secureVar($res['id'], 'html') . "&action=";
if ($isTrash) {
echo $urlActionPrefix . "restore&t=trash\">" . $lang['pRestore'] . "</a> - "
. $urlActionPrefix . "delete&t=trash\">" . $lang['pDelete'] . "</a> - ";
echo $urlActionPrefix . $banIpAction . "&t=trash\">" . $banIpLang . "</a>";
}
else {
echo $urlActionPrefix . "modify\">" . $lang['pModify'] . "</a> - "
. $urlActionPrefix . "delete\"\">" . $lang['pDelete'] . "</a> - ";
if ($res['rid'] == NULL)
echo $urlActionPrefix . "reply\">" . $lang['pReply'] . "</a> - ";
echo $urlActionPrefix . $banIpAction . "\">" . $banIpLang . "</a> - ";
echo $urlActionPrefix . $publishAction . "\">" . $publishLang;
}
echo "</a></td>
<td align=\"right\" width=\"10%\">
<input type=\"checkbox\" value=\"" . secureVar($res['id'], 'html') . "\" name=\"checked_items[]\" onclick=\"checkAllFields(" . secureVar($res['id'], 'html') . ");\" />
</td>
</tr>
<tr class=\"topInfos\">
<td>";
if ($isTrash)
echo secureVar($res['name'], 'html');
else
echo "<a href=\"index.php?a=posts&id=" . secureVar($res['id'], 'html') . "\">" . secureVar($res['name'], 'html') . "</a>";
echo ", " . date($config['dateFormat'], secureVar($res['date'], 'html')) . ",
" . secureVar($res['location'], 'html') . " <a href=\"index.php?a=posts&cc=" . secureVar($res['country'], 'html') . "\"><img src=\"../images/countries/" . secureVar($res['country'], 'html') . ".png\"
alt=\"" . $countryName->getCountry($res['country']) . "\" /></a>
</td>
<td>
<a href=\"javascript:toggle(" . secureVar($res['id'], 'html') . ")\"><img src=\"../images/posts/toggle1.gif\" id=\"m" . secureVar($res['id'], 'html') . "\" alt=\"toggle\" /></a>
</td>
</tr>
<tr>
<td colspan=\"2\" class=\"message\" id='i" . secureVar($res['id'], 'html') . "'>";
if (isset($actionId) && ($postActionId == secureVar($res['id'], 'html'))) {
$urlActionPrefix = "index.php?a=posts&p=" . $pageNum . "&postid=" . secureVar($res['id'], 'html');
if ($isTrash)
$urlActionPrefix .= "&t=trash";
if ($actionId == 'modify') {
echo "<form action=\"" . $urlActionPrefix . "\" method=\"post\"><fieldset>
<textarea name='modifyMessage' rows='5' cols='50' onfocus='this.select()'>" . htmlspecialchars_decode(secureVar($res['message'], 'html'), ENT_QUOTES) . "</textarea>
<input type=\"hidden\" name=\"postid\" value=\"" . secureVar($res['id'], 'html') . "\" />
<input type=\"submit\" name=\"submit\" value=\"" . $lang['modify'] . "\" />
</fieldset></form>";
}
elseif ($actionId == 'reply') {
echo $messageValue . "<hr />
<form action=\"" . $urlActionPrefix . "\" method=\"post\"><fieldset>
<textarea name='replyMessage' rows='5' cols='35'></textarea>
<input type=\"hidden\" name=\"postid\" value=\"" . secureVar($res['id'], 'html') . "\" />
<input type=\"submit\" name=\"submit\" value=\"" . $lang['modify'] . "\" />
</fieldset></form>";
}
else
echo $messageValue;
}
else
echo $messageValue;
echo"</td>
</tr>
<tr class=\"topInfos\">
<td colspan=\"2\">" . $lang['lUserAgent'] . " : " . $userAgent->getUserAgent() . "</td>
</tr>
<tr class=\"topInfos\">
<td>" . $lang['pEmail'] . " : " . secureVar(base64_decode($res['email']), 'html') . "</td>
<td><img src=\"../images/os/icon_" . $userAgent->getOS() . ".png\" alt=\"OS\" />
<img src=\"../images/browsers/icon_" . $userAgent->getBrowser() . ".png\" alt=\"Browser\" /></td>
</tr>
<tr class=\"topInfos\">
<td>" . $lang['pIP'] . " : " . secureVar($res['ip'], 'html') . "</td>
<td><img src=\"../images/stars/" . secureVar($res['rating'], 'html') . ".gif\" alt=\"" . secureVar($res['rating'], 'html') . "\" /></td>
</tr>
</table>";
// Admin reply
if ($res['rid'] != NULL) {
$messageValue = Message::formatMessage(secureVar($res['rmessage'], 'html'), $censoredList);
$messageValue = Message::formatSmilies($messageValue, "admin", $smiliesReplacement);
echo "<table class=\"tableReply\">
<tr class=\"topInfos\">
<td align=\"left\">"
. secureVar(base64_decode($res['rname']), 'html') . "</a>, " . date($config['dateFormat'], secureVar($res['rdate'], 'html'));
echo "</td>
<td align=\"right\">";
$urlActionPrefix = "<a href=\"index.php?a=posts&p=" . $pageNum . "&postid=" . secureVar($res['rid'], 'html') . "&action=";
echo $urlActionPrefix . "modifyReply\">" . $lang['pModify'] . "</a> - ";
echo $urlActionPrefix . "deleteReply\">" . $lang['pDelete'] . "</a>
</td>
</tr>
<tr>
<td class=\"message\" colspan=\"2\">";
if ($actionId == 'modifyReply') {
echo "<form action=\"index.php?a=posts&p=" . $pageNum . "&postid=" . secureVar($res['rid'], 'html') . "&action=modifiedReply\" method=\"post\"><fieldset>
<textarea name='modifyReplyMessage' rows='5' cols='50' onfocus='this.select()'>" . htmlspecialchars_decode(secureVar($res['rmessage'], 'html'), ENT_QUOTES) . "</textarea>
<input type=\"hidden\" name=\"postid\" value=\"" . secureVar($res['rid'], 'html') . "\" />
<input type=\"submit\" name=\"submit\" value=\"" . $lang['modify'] . "\" />
</fieldset></form>";
}
else
echo $messageValue;
echo "</td>
</tr>
</table>";
}
echo "</div>";
}
if (
((! empty($postId)) && isset($postId) && is_numeric($postId))
|| ((!empty($countryId)) && isset($countryId) && (strlen($countryId) == 2))
|| ($config['pagesFormat'] == 'allinone')
|| ($searchUsed)
) {
$con->close();
} else {
$con->connect();
$con->getRows("select id from " . $databaseName . " group by date desc;");
$numRowsAll = $con->getNumRows();
$con->close();
$numPages = ceil(($numRowsAll / $config['numPostsPerPage']));
if ($numPages > 1)
require_once 'includes/boxes/pageLinks.php';
}
}
else {
$con->close();
echo $lang['noPostsToYourQuery'];
}
?>