<?
//board-tnk v2.1
//Thierry Nkaoua hide@address.com
// http://www.linux-sottises.net
// Config
include ("include/config_board.php");
//URL check: no arguments passed in the url
if(sizeof($HTTP_GET_VARS)!=0){
print("<b>$talk[42]</b>");
exit();
}
// if $show is not set, then show forum list
if(!isset($show)){$show="forum_list";}
if($admin=="logout"){
$login_password="";
setcookie("bp","", time()-3600);
}
// read cookie for administration
if($admin=="admin" && $bp){
$login_password=$bp;
// Authentification
$auth=($login_password==$admin_password);
}
// Cookies for clients
include("include/cookie.inc");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<?
include("include/head.inc");
?>
</head>
<body>
<!--board-tnk v2.1-->
<?
include("include/banner.inc");
// Admin check and information
if($admin=="admin" && !$auth){
print("<center><h2>Admin cookie expired!!</h2></center>");
?>
<center><a href="board_admin.php">Back to login screen</a></center>
<br>
<?
}elseif($auth){
print("<center><h2>Administration mode</h2></center><br>");
include("include/logout.inc");
?>
<br>
<?
}
if($show!="forum_list" && $auth){
include("include/back_admin.inc");
}
// switch for different pages according to $show
// $show=forum_list: show the forum list
// $show=thread_list: show the messages list for a forum
// $show=reply_list: show the reply list for a thread in a forum
// $show=new: posting a new message
// $show=postit: stroring the message or the reply
// $show=edit: edit message in admin mode
switch($show) {
//##################################################
// Showing Forum list
case "forum_list":
include("include/mysql.inc");
// form to reset cookie for next visit
?>
<form action="<? print("$SELF"); ?>" method="post">
<table width="100%">
<tr>
<td>
<input type="hidden" name="mark" value="1">
<input type="image" src="<? print("icons_board/$cooky"); ?>" alt="cooky"> </td>
<td>
<b><? print("$talk[0]"); ?></b><br><br>
</td>
</tr>
</table>
</form>
<br>
<b><? print("$talk[1]"); ?></b>
<br><br><br><br>
<?
// create delete forum for admin mode
if ($auth){
include("include/create_delete_forum.inc");
}
//Forum list
// Is a prefix used in forum names?
if($prefix!=""){
$query="SHOW TABLES LIKE \"$prefix%\"";
}else{
$query="SHOW TABLES";
}
$result=mysql_query($query);
$n_forum=mysql_affected_rows();
// get all the forum names with number of all messages and of new messages
// after, only forum names are transmitted, forum is rebuild with the prefix...
// forum names are stored in an array...
for($i=0;$i<$n_forum;$i++){
$liste= mysql_fetch_array($result);
$all_forum=$liste[0];
if(isset($prefix)){
$all_forum_name[$i]=str_replace($prefix,"",$all_forum);
}else{
$all_forum_name[$i]=$all_forum;
}
// replace _ by a space in forum names: $forum is the name of the table
// forum_name is the name to show
$all_forum_name[$i]=ereg_replace("_"," ",$all_forum_name[$i]);
}
// Table of forum list
?>
<center>
<table border="1" cellpadding="10">
<tr class="head">
<td>
<b><? print("$talk[2]"); ?></b>
</td>
<td align="center">
<b><? print("$talk[3]"); ?></b>
</td>
<td align="center">
<b><? print("$talk[4]"); ?></b>
</td>
</tr>
<?
for($i=0;$i<$n_forum;$i++){
$forum_name=$all_forum_name[$i];
$forum=ereg_replace(" ","_",$forum_name);
$forum="$prefix"."$forum";
// count all messages
$query="select count(*) from $forum";
$result1=mysql_query($query);
$value1=mysql_fetch_array($result1);
$messages=$value1[0];
// count new messages
$query="select count(*) from $forum where date >= $lstvst";
$result1=mysql_query($query);
$value1=mysql_fetch_array($result1);
$messages_new=$value1[0];
// form to enter a forum
?>
<tr class=row1>
<td align="left">
<?
include("include/enter_forum.inc");
//Delete forum in admin mode
if($auth){
include("include/delete_forum.inc");
}
?>
</td>
<td align="center">
<? print("$messages\n");?>
</td>
<td align="center">
<?
if($messages_new=="0"){
print("$messages_new\n</td>\n</tr>\n");
}else{
print("<b>$messages_new</b>\n</td>\n</tr>\n");
}
} // end for loop on forum
?>
</table></center>
<?
break;
// End Forum list
//##################################################
// showing threads in a forum
case "thread_list":
include("include/mysql.inc");
// array of all forums
include("include/forum_array.inc");
//Forum navigation
include("include/forum_nav.inc");
?>
<br>
<?
// Back to the forum list
include("include/back_forum.inc");
// delete thread in admin mode
if($auth){
include("include/delete_thread_really.inc");
}
// Table for messages list
?>
<br>
<center>
<table width="95%" border="1" cellpadding="5">
<tr class="head">
<td>
<b><? print("$talk[7]: $forum_name"); ?></b>
<?
// Reading threads
// $threads is the number of threads in the forum
if(!isset($threads)){
$query="SELECT * FROM $forum where reply=0";
$result = mysql_query ($query);
$threads=mysql_affected_rows();
}
// form to post a new message
include("include/post_new.inc");
?>
</td>
</tr>
<?
// read $max_posts threads
$query="SELECT * FROM $forum where reply=0 order by id desc LIMIT $rows_init,$max_posts";
$result = mysql_query ($query);
// $nrows is the real number of read threads
$nrows=min(mysql_affected_rows(),$max_posts);
//show the threads, with alternate colors ($i_color)
$i_color=1;
for($i=0;$i<$nrows;$i++){
$row = mysql_fetch_array($result);
$id = $row["id"];
$name = $row["name"];
$icon = $row["icon"];
$msg = $row["msg"];
$titre = $row["title"];
$date=$row["date"];
$email=$row["email"];
$web=$row["web"];
$web=strip_tags($web);
tr_color($i_color);
?>
<td>
<img src="icons_board/icon<? print("$icon"); ?>.gif" alt="icon"></img>
<b><? print("$titre"); ?></b>
<? print("$talk[12]"); ?>:
<a href="mailto:<? print("$email"); ?>"><? print("$name"); ?></a>
<?
if($web!=""){
print("$talk[13]"); ?>:
<a href="<? print("$web"); ?>"><? print(ereg_replace("http://","",$web)); ?></a>
<?}
print("$talk[14] ".strftime("%d %B %Y $talk[15] %H:%M", $date));
// MessagesCount
$result1 = mysql_query ("select count(*) from $forum where reply=$id;");
$value = mysql_fetch_array($result1);
$j=$value[0];
// New messages replies count
$result1 = mysql_query ("select count(date) from $forum where reply=$id and date >= $lstvst or id=$id and date >= $lstvst;");
$value = mysql_fetch_array($result1);
$jj=$value[0];
?>
<p align="right">
<b><? print("$talk[11]: $j"); ?></b>
<?
if ($jj != "0") {
print("<b>$talk[4]: $jj</b>");
}
?>
<hr>
<? print("$msg"); ?>
<?
// form to read the thread
?>
<br><br>
<form action="<? print("$SELF"); ?>" method="post">
<input type="hidden" name="id" value="<? print("$id"); ?>">
<input type="hidden" name="threads" value="<? print("$threads");?>">
<input type="hidden" name="rows_init" value="<? print("$rows_init"); ?>">
<input type="hidden" name="show" value="reply_list">
<? include("include/all_forum_form.inc"); ?>
<b><input type="submit" value="<? print("$talk[85]"); ?>"></b>
</form>
<br>
<?
// form to delete the thread in admin mode
if($auth){
include("include/delete_thread.inc");
}
?>
</td>
</tr>
<?
$i_color=$i_color+1;
} //end for loop on threads list
if($nrows=="0"){
tr_color($i_color);
?>
<td align="center" colspan="3">
<?
print("<b>$talk[16]</b>");
?>
</td></tr>
<?
}
// Foot of the Table
?>
<tr class="head">
<td>
<b><? print("$talk[7]: $forum_name"); ?></b>
<?
// form to post a new message at the end of the table of threads
// same as the top of the table
include("include/post_new.inc");
?>
</td>
<!--<td align="center" width="50"><b><? print("$talk[11]"); ?></b></td>
<td align="center" width="50"><b><? print("$talk[4]"); ?></b></td>-->
</tr>
</table>
</center>
<?
// Navigation arrows through the threads
?>
<br>
<center>
<table width="50%">
<tr align=center>
<?
// left arrow only if there are previous threads
$rows_init_new=$rows_init-$max_posts;
if($rows_init_new>=0){
?>
<td>
<form action="<? print("$SELF"); ?>" method="POST">
<input type=hidden name=rows_init value="<? print("$rows_init_new"); ?>">
<input type="hidden" name="show" value="thread_list">
<input type="hidden" name="threads" value="<? print("$threads");?>">
<? include("include/all_forum_form.inc"); ?>
<input type=image src="icons_board/left.jpg">
</form>
</td>
<? }
// right arrows only if more threads are remaining
$rows_init_new=$rows_init+$max_posts;
if($rows_init_new<$threads){
?>
<td>
<form action="<? print("$SELF"); ?>" method="POST">
<input type=hidden name=rows_init value="<? print("$rows_init_new"); ?>">
<input type="hidden" name="show" value="thread_list">
<input type="hidden" name="threads" value="<? print("$threads");?>">
<? include("include/all_forum_form.inc"); ?>
<input type=image src="icons_board/right.jpg">
</form>
</td>
<? }
?>
</tr>
</table>
</center>
<?
// Back to forum list
include("include/back_forum.inc");
?>
<br>
<?
//forum navigation
include("include/forum_nav.inc");
// End $show=thread_list
break;
//##################################################
// showing answers to a thread in a forum
case "reply_list":
include("include/mysql.inc");
// array of all forums
include("include/forum_array.inc");
// Forum Navigation
include("include/forum_nav.inc");
?>
<br><br>
<?
// Back to the threads list
include("include/back_threads.inc");
// Back to forum list
include("include/back_forum.inc");
// Really delete an answer
if($auth){
include("include/delete_answer_really.inc");
}
// diferent query if an answer has to be deleted
if($auth && $admin_action=="delete_answer"){
$query="SELECT * FROM $forum where id=$id_delete";
}else{
$query="SELECT * FROM $forum where id=$id or reply=$id order by id";
}
$result = mysql_query($query);
$rows=mysql_affected_rows();
// delete thread and delete answer forms in admin mode
if($auth){
include("include/delete_thread_answer.inc");
}
// Table of messages list
//Table head for posting or answering
?>
<center>
<table width="95%" border="1" cellpadding="5">
<tr class="head">
<td>
<b><? print("$talk[7]: $forum_name"); ?></b>
</td>
</tr>
<?
for($i=0;$i<$rows;$i++){
$row = mysql_fetch_array($result);
$name = $row["name"];
$icon = $row["icon"];
$msg = $row["msg"];
$reply = $row["reply"];
$titre = $row["title"];
$date=$row["date"];
$email=$row["email"];
$web=$row["web"];
$web=strip_tags($web);
// for first message, keep the id number and the title
if($i=="0"){
$titre_init=$titre;
$id=$row["id"];
$reply=$id;
}
?>
<tr class="row">
<td><img src="icons_board/icon<? print("$icon"); ?>.gif" alt="icon"></img>
<b><? print("$titre"); ?></b>
<br><br>
<? print("$talk[12]"); ?>:
<a href="mailto:<?print("$email"); ?>"><? print("$name"); ?></a>
<?
if($web!=""){
print("$talk[13]"); ?>:
<a href="<? print("$web"); ?>"><? print(ereg_replace("http://","",$web)); ?></a>
<?
}
print("$talk[14] ".strftime("%d %B %Y $talk[15] %H:%M", $date))
?>
<br><hr><br>
<? print("$msg"); ?>
<br>
<?
// forms to delete and edit an answer
if($auth){
include("include/delete_answer.inc");
}
?>
</td>
</tr>
<?
} // end for loop on rows
?>
<tr class="head">
<td>
<b><? print("$talk[7]: $forum_name"); ?></b>
</td>
</tr>
</table>
</center>
<br>
<?
// Back to the threads list
include("include/back_threads.inc");
// Back to forum list
include("include/back_forum.inc");
?>
<br>
<?
include("include/forum_nav.inc");
?>
<br><br>
<br><br>
<center>
<b><? print("$talk[8] $talk[40]"); ?></b>
<br>
<br>
</center>
<?
include("include/post.inc");
// End $show=reply_list
break;
//##################################################
// sending a new message
case "new":
// array of all forums
include("include/forum_array.inc");
// Forum navigation
include("include/forum_nav.inc");
?>
<br>
<?
// Back to the messages list
include("include/back_threads.inc");
// Back to forum list
include("include/back_forum.inc");
?>
<br><br>
<?
// Post page
include("include/post.inc");
// end $show=new
break;
//##################################################
// Storing message in MYSQL
case "postit":
include("include/mysql.inc");
// array of all forums
include("include/forum_array.inc");
// Checking the user fields
$checkemail="^[^@ ]+@[^@ ]+\.[^@ \.]+$";
if($name_post==""){
print("$talk[24]\n");
}elseif(!ereg($checkemail, $email_post, $trashed)){
print("$talk[25]\n");
}elseif($titre_post==""){
print("$talk[26]\n");
}elseif($msg==""){
print("$talk[41]\n");
}else{
// End checking
// security issue found by Ahmet Sabri ALPER
$web_post=strip_tags($web_post);
// add http:// to webpost if web_post is given
if($web_post && !ereg("http://",$web_post)){
$web_post="http://".$web_post;
}
//$msg_mail=htmlspecialchars(stripslashes($msg));
// Take off spaces at the end of message
$msg=ereg_replace(" +$","",$msg);
//$msg=ereg_replace("\"","'",$msg);
if($visu=="visu"){
$msg_show=htmlfilt(stripslashes($msg),$nb_icons);
$msg=htmlspecialchars(stripslashes($msg));
$titre_post=htmlspecialchars(stripslashes($titre_post));
$email_post=htmlspecialchars(stripslashes($email_post));
$web_post=htmlspecialchars(stripslashes($web_post));
$name_post=htmlspecialchars(stripslashes($name_post));
?>
<br><br>
<table width="95%" border="1" cellpadding="5">
<tr class="head">
<td>
<b><? print("$talk[7]: $forum_name"); ?></b>
</td>
</tr>
<tr class="row">
<td><img src="icons_board/icon<? print("$icon_post"); ?>.gif" alt="icon"></img>
<b><? print("$titre_post"); ?></b>
<br><br>
<? print("$talk[12]"); ?>:
<a href="mailto:<?print("$email_post"); ?>"><? print("$name_post"); ?></a>
<?
if($web_post!=""){
print("$talk[13]"); ?>:
<a href="<? print("$web_post"); ?>"><? print(ereg_replace("http://","",$web_post)); ?></a>
<?
}
print("$talk[14] ".strftime("%d %B %Y $talk[15] %H:%M", time()))
?>
<br><hr><br>
<? print("$msg_show"); ?>
<br>
</td>
</tr>
</table>
<br><br>
<form action="<? print("$SELF"); ?>" method="POST">
<input type="hidden" name="show" value="<? print("$show_save"); ?>">
<input type="hidden" name="postedit" value="<? print("$postedit"); ?>">
<input type="hidden" name="threads" value="<? print("$threads"); ?>">
<input type="hidden" name="rows_init" value="<? print("$rows_init"); ?>">
<input type="hidden" name="titre_post" value="<? print("$titre_post"); ?>">
<input type="hidden" name="name_post" value="<? print("$name_post"); ?>">
<input type="hidden" name="email_post" value="<? print("$email_post"); ?>">
<input type="hidden" name="web_post" value="<? print("$web_post"); ?>">
<input type="hidden" name="msg_back" value="<? print("$msg"); ?>">
<input type="hidden" name="icon_post" value="<? print("$icon_post"); ?>">
<input type="hidden" name="id" value="<? print("$id"); ?>">
<input type="hidden" name="id_edit" value="<? print("$id_edit"); ?>">
<? include("include/all_forum_form.inc"); ?>
<input type="submit" value="<? print("$talk[89]"); ?>">
</form>
<form action="<? print("$SELF"); ?>" method="POST">
<input type="hidden" name="show" value="postit">
<input type="hidden" name="postedit" value="<? print("$postedit"); ?>">
<input type="hidden" name="threads" value="<? print("$threads"); ?>">
<input type="hidden" name="rows_init" value="<? print("$rows_init"); ?>">
<input type="hidden" name="titre_post" value="<? print("$titre_post"); ?>">
<input type="hidden" name="msg" value="<? print("$msg"); ?>">
<input type="hidden" name="reply" value="<? print("$reply"); ?>">
<input type="hidden" name="id" value="<? print("$id"); ?>">
<input type="hidden" name="id_edit" value="<? print("$id_edit"); ?>">
<input type="hidden" name="name_post" value="<? print("$name_post"); ?>">
<input type="hidden" name="email_post" value="<? print("$email_post"); ?>">
<input type="hidden" name="icon_post" value="<? print("$icon_post"); ?>">
<input type="hidden" name="web_post" value="<? print("$web_post"); ?>">
<? include("include/all_forum_form.inc"); ?>
<input type="submit" value="<? print("$talk[23]"); ?>">
</form>
<?
}else{
// Save original value for mailing before making html and tags work
$titre_post_mail=$titre_post;
$name_post_mail=$name_post;
$email_post_mail=$email_post;
$web_post_mail=$web_post;
$msg_mail=$msg;
// HTML tags work
$titre_post = (ereg_replace("<", "<", $titre_post));
$titre_post = (ereg_replace(">", ">", $titre_post));
$name_post = (ereg_replace(">", ">", $name_post));
$name_post = (ereg_replace("<", "<", $name_post));
$msg = htmlfilt($msg,$nb_icons);
$now = time();
if(!$postedit){
$query="INSERT INTO ".$forum." (name,icon,msg,reply,title,date,email,web) ";
$query=$query."VALUES('$name_post','$icon_post','$msg','$reply','$titre_post','$now','$email_post','$web_post')";
}else{
$query="UPDATE ".$forum;
$query=$query." SET name='$name_post',icon='$icon_post',msg='$msg',title='$titre_post',email='$email_post',web='$web_post' ";
$query=$query."WHERE id='$id_edit'";
}
mysql_query($query);
// Say thank you to the user and make him get back to the right page
?>
<b><? print("$talk[27]"); ?></b>
<br><br>
<?
// Back to forum list
include("include/back_forum.inc");
?>
<br><br>
<?
if($reply=="0"){
print("<b>$talk[5]</b>");
include("include/enter_forum.inc");
}else{
include("include/back_reply.inc");
}
?>
<br><br>
<?
// Forum navigation
include("include/forum_nav.inc");
//email to admin
if($prevenir && !$postedit){
$emailmessage="$talk[28] $forum_name:\n".
"$talk[19]: $titre_post_mail\n".
"$talk[12]: $name_post_mail\nemail: $email_post\n\n".
"$talk[20]:\n$msg_mail\n\n";
mail($mailadmin,"$talk[28] $forum_name",$emailmessage);
}
} // end if visu
}
break;
// End Storing message in MYSQL
// edit a message in admin mode
case "edit":
include("include/mysql.inc");
// array of all forums
include("include/forum_array.inc");
?>
<br>
<?
// Forum navigation
include("include/forum_nav.inc");
if(!isset($msg_back)){
$query="SELECT * FROM $forum where id=$id_edit";
$result=mysql_query($query);
$row=mysql_fetch_array($result);
$name_post=$row["name"];
$icon_post=$row["icon"];
$msg_back=$row["msg"];
$msg_back=backhtmlfilt($msg_back,$nb_icons);
$titre_post=$row["title"];
$date=$row["date"];
$email_post=$row["email"];
$web_post=$row["web"];
$web_post=strip_tags($web_post);
$web_post=ereg_replace("http://","",$web_post);
}
if($auth){
include("include/post.inc");
}
break;
// end edit message
} // end switch on $show
//Foot--------------------
include("include/foot.inc");
// End board-tnk