Location: PHPKode > projects > board-tnk > board-tnk/board.php3
<?
//board-tnk v2.1
//Thierry Nkaoua hide@address.com
// http://www.linux-sottises.net


// Config
include ("include/config_board.php3");

//URL check: no arguments passed in the url
if(sizeof($HTTP_GET_VARS)!=0){
        print("<b>$talk[42]</b>");
        exit();
        }

// if $show is not set, then show forum list
if(!isset($show)){$show="forum_list";}

if($admin=="logout"){
        $login_password="";
        setcookie("bp","", time()-3600);
}

// read cookie for administration
if($admin=="admin" && $bp){
$login_password=$bp;
// Authentification
$auth=($login_password==$admin_password);
}

// Cookies for clients
include("include/cookie.inc");

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

<?
include("include/head.inc");
?>

</head>
<body>
<!--board-tnk v2.1-->
<?
include("include/banner.inc");

// Admin check and information
if($admin=="admin" && !$auth){
        print("<center><h2>Admin cookie expired!!</h2></center>");
        ?>
        <center><a href="board_admin.php">Back to login screen</a></center>
        <br>
        <?
}elseif($auth){
        print("<center><h2>Administration mode</h2></center><br>");
        include("include/logout.inc");
        ?>
        <br>
        <?
}

if($show!="forum_list" && $auth){
        include("include/back_admin.inc");
}

// switch for different pages according to $show
// $show=forum_list: show the forum list
// $show=thread_list: show the messages list for a forum
// $show=reply_list: show the reply list for a thread in a forum
// $show=new: posting a new message
// $show=postit: stroring the message or the reply
// $show=edit: edit message in admin mode


switch($show) {



//##################################################
//  Showing Forum list
case "forum_list":

include("include/mysql.inc");

// form to reset cookie for next visit
?>
<form action="<? print("$SELF"); ?>" method="post">
<table width="100%">
<tr>
<td>
<input type="hidden" name="mark" value="1">
<input type="image" src="<? print("icons_board/$cooky"); ?>" alt="cooky">&nbsp;&nbsp;</td>
<td>
<b><? print("$talk[0]"); ?></b><br><br>
</td>
</tr>
</table>
</form>
<br>
<b><? print("$talk[1]"); ?></b>
<br><br><br><br>
<?

// create delete forum for admin mode
if ($auth){
        include("include/create_delete_forum.inc");
}

//Forum list

// Is a prefix used in forum names?
if($prefix!=""){
        $query="SHOW TABLES LIKE \"$prefix%\"";
        }else{
        $query="SHOW TABLES";
        }
$result=mysql_query($query);
$n_forum=mysql_affected_rows();

// get all the forum names with number of all messages and of new messages
// after, only forum names are transmitted, forum is rebuild with the prefix...
// forum names are stored in an array...

for($i=0;$i<$n_forum;$i++){
$liste= mysql_fetch_array($result);
        $all_forum=$liste[0];
        if(isset($prefix)){
                $all_forum_name[$i]=str_replace($prefix,"",$all_forum);
                }else{
                $all_forum_name[$i]=$all_forum;
                }
        // replace _ by a space in forum names: $forum is the name of the table
        // forum_name is the name to show
        $all_forum_name[$i]=ereg_replace("_"," ",$all_forum_name[$i]);
}


// Table of forum list
?>
<center>
<table border="1" cellpadding="10">
<tr class="head">
<td>
<b><? print("$talk[2]"); ?></b>
</td>
<td align="center">
<b><? print("$talk[3]"); ?></b>
</td>
<td align="center">
<b><? print("$talk[4]"); ?></b>
</td>
</tr>

<?
for($i=0;$i<$n_forum;$i++){
        $forum_name=$all_forum_name[$i];
        $forum=ereg_replace(" ","_",$forum_name);
        $forum="$prefix"."$forum";

        // count all messages
        $query="select count(*) from $forum";
        $result1=mysql_query($query);
        $value1=mysql_fetch_array($result1);
        $messages=$value1[0];

        // count new messages
        $query="select count(*) from $forum where date >= $lstvst";
        $result1=mysql_query($query);
        $value1=mysql_fetch_array($result1);
        $messages_new=$value1[0];

        // form to enter a forum
        ?>
        <tr class=row1>
        <td align="left">
        <?
        include("include/enter_forum.inc");

        //Delete forum in admin mode
        if($auth){
                include("include/delete_forum.inc");
        }
        ?>
        </td>
        <td align="center">
        <? print("$messages\n");?>
        </td>
        <td align="center">
        <?
        if($messages_new=="0"){
                print("$messages_new\n</td>\n</tr>\n");
                }else{
                print("<b>$messages_new</b>\n</td>\n</tr>\n");
                }
        } // end for loop on forum
?>
</table></center>
<?
break;
// End Forum list


//##################################################
// showing threads in a forum
case "thread_list":

include("include/mysql.inc");

// array of all forums
include("include/forum_array.inc");

//Forum navigation
include("include/forum_nav.inc");
?>
<br>
<?
// Back to the forum list
include("include/back_forum.inc");

// delete thread in admin mode
if($auth){
        include("include/delete_thread_really.inc");
}


// Table for messages list
?>
<br>
<center>
<table width="95%" border="1" cellpadding="5">
<tr class="head">
<td>
<b><? print("$talk[7]: $forum_name"); ?></b>
&nbsp;&nbsp;&nbsp;

<?
// Reading threads

// $threads is the number of threads in the forum
if(!isset($threads)){
        $query="SELECT * FROM $forum where reply=0";
        $result = mysql_query ($query);
        $threads=mysql_affected_rows();
        }

// form to post a new message
include("include/post_new.inc");

?>
</td>
</tr>

<?

// read $max_posts threads
$query="SELECT * FROM $forum where reply=0 order by id desc LIMIT $rows_init,$max_posts";
$result = mysql_query ($query);

// $nrows is the real number of read threads
$nrows=min(mysql_affected_rows(),$max_posts);

//show the threads, with alternate colors ($i_color)
$i_color=1;
for($i=0;$i<$nrows;$i++){
        $row = mysql_fetch_array($result);
        $id = $row["id"];
        $name = $row["name"];
        $icon = $row["icon"];
        $msg = $row["msg"];
        $titre = $row["title"];
        $date=$row["date"];
        $email=$row["email"];
        $web=$row["web"];
        $web=strip_tags($web);
        tr_color($i_color);
        ?>
        <td>
        <img src="icons_board/icon<? print("$icon"); ?>.gif" alt="icon"></img>
        &nbsp;
        <b><? print("$titre"); ?></b>
        <? print("$talk[12]"); ?>:
        <a href="mailto:<? print("$email"); ?>"><? print("$name"); ?></a>&nbsp;&nbsp;&nbsp;
        <?
        if($web!=""){
                print("$talk[13]"); ?>:
                <a href="<? print("$web"); ?>"><? print(ereg_replace("http://","",$web)); ?></a>
                &nbsp;&nbsp;&nbsp;
        <?}
        print("$talk[14] ".strftime("%d %B %Y $talk[15] %H:%M", $date));

        // MessagesCount
        $result1 = mysql_query ("select count(*) from $forum where reply=$id;");
        $value = mysql_fetch_array($result1);
        $j=$value[0];

        // New messages replies count
        $result1 = mysql_query ("select count(date) from $forum where reply=$id and date >= $lstvst or id=$id and date >= $lstvst;");
        $value = mysql_fetch_array($result1);
        $jj=$value[0];
        ?>
        <p align="right">
        <b><? print("$talk[11]: $j"); ?></b>
        <?
        if ($jj != "0") {
        print("<b>$talk[4]: $jj</b>");
        }

        ?>
        <hr>
        <? print("$msg"); ?>

        <?
        // form to read the thread
        ?>
        <br><br>
        <form action="<? print("$SELF"); ?>" method="post">
        <input type="hidden" name="id" value="<? print("$id"); ?>">
        <input type="hidden" name="threads" value="<? print("$threads");?>">
        <input type="hidden" name="rows_init" value="<? print("$rows_init"); ?>">
        <input type="hidden" name="show" value="reply_list">
        <? include("include/all_forum_form.inc"); ?>
        <b><input type="submit" value="<? print("$talk[85]"); ?>"></b>
        </form>
        <br>
        <?
        // form to delete the thread in admin mode
        if($auth){
                include("include/delete_thread.inc");
        }
        ?>
        </td>

        </tr>
        <?
        $i_color=$i_color+1;
} //end for loop on threads list

if($nrows=="0"){
        tr_color($i_color);
        ?>
        <td align="center" colspan="3">
        <?
        print("<b>$talk[16]</b>");
        ?>
        </td></tr>
        <?
}
// Foot of the Table
?>
<tr class="head">
<td>
<b><? print("$talk[7]: $forum_name"); ?></b>
&nbsp;&nbsp;&nbsp;

<?
// form to post a new message at the end of the table of threads
// same as the top of the table
include("include/post_new.inc");

?>
</td>
<!--<td align="center" width="50"><b><? print("$talk[11]"); ?></b></td>
<td align="center" width="50"><b><? print("$talk[4]"); ?></b></td>-->
</tr>

</table>
</center>

<?
// Navigation arrows through the threads
?>
<br>
<center>
<table width="50%">
<tr align=center>
<?
// left arrow only if there are previous threads
$rows_init_new=$rows_init-$max_posts;
if($rows_init_new>=0){
        ?>
        <td>
        <form action="<? print("$SELF"); ?>" method="POST">
        <input type=hidden name=rows_init value="<? print("$rows_init_new"); ?>">
        <input type="hidden" name="show" value="thread_list">
        <input type="hidden" name="threads" value="<? print("$threads");?>">
         <? include("include/all_forum_form.inc"); ?>
        <input type=image src="icons_board/left.jpg">
        </form>
        </td>
        <? }

// right arrows only if more threads are remaining
$rows_init_new=$rows_init+$max_posts;
if($rows_init_new<$threads){
        ?>
        <td>
        <form action="<? print("$SELF"); ?>" method="POST">
        <input type=hidden name=rows_init value="<? print("$rows_init_new"); ?>">
         <input type="hidden" name="show" value="thread_list">
        <input type="hidden" name="threads" value="<? print("$threads");?>">
        <? include("include/all_forum_form.inc"); ?>
        <input type=image src="icons_board/right.jpg">
        </form>
        </td>
        <? }
?>
</tr>
</table>
</center>

<?
// Back to forum list
include("include/back_forum.inc");

?>
<br>
<?

//forum navigation
include("include/forum_nav.inc");
//  End $show=thread_list
break;


//##################################################
// showing answers to a thread in a forum
case "reply_list":

include("include/mysql.inc");

// array of all forums
include("include/forum_array.inc");

// Forum Navigation
include("include/forum_nav.inc");

?>
<br><br>
<?
// Back to the threads list
include("include/back_threads.inc");

// Back to forum list
include("include/back_forum.inc");

// Really delete an answer
if($auth){
        include("include/delete_answer_really.inc");
}

// diferent query if an answer has to be deleted
if($auth && $admin_action=="delete_answer"){
        $query="SELECT * FROM $forum where id=$id_delete";
}else{
        $query="SELECT * FROM $forum where id=$id or reply=$id order by id";
}

$result = mysql_query($query);
$rows=mysql_affected_rows();


// delete thread and delete answer forms in admin mode
if($auth){
        include("include/delete_thread_answer.inc");
}

// Table of messages list
//Table head for posting or answering
?>
<center>
<table width="95%" border="1" cellpadding="5">
<tr class="head">
<td>
<b><? print("$talk[7]: $forum_name"); ?></b>
</td>
</tr>
<?

for($i=0;$i<$rows;$i++){
        $row = mysql_fetch_array($result);
        $name = $row["name"];
        $icon = $row["icon"];
        $msg = $row["msg"];
        $reply = $row["reply"];
        $titre = $row["title"];
        $date=$row["date"];
        $email=$row["email"];
        $web=$row["web"];
        $web=strip_tags($web);
        // for first message, keep the id number and the title
        if($i=="0"){
                $titre_init=$titre;
                $id=$row["id"];
                $reply=$id;
        }
        ?>
        <tr class="row">
        <td><img src="icons_board/icon<? print("$icon"); ?>.gif" alt="icon"></img>
        &nbsp;
        <b><? print("$titre"); ?></b>
        <br><br>
        <? print("$talk[12]"); ?>:
        <a href="mailto:<?print("$email"); ?>"><? print("$name"); ?></a>
        &nbsp;&nbsp;&nbsp;
        <?
        if($web!=""){
        print("$talk[13]"); ?>:
        <a href="<? print("$web"); ?>"><? print(ereg_replace("http://","",$web)); ?></a>
        &nbsp;&nbsp;&nbsp;
        <?
        }
        print("$talk[14] ".strftime("%d %B %Y $talk[15] %H:%M", $date))
        ?>
        <br><hr><br>
        <? print("$msg"); ?>
        <br>
        <?
        // forms to delete and edit an answer
        if($auth){
                include("include/delete_answer.inc");
        }
        ?>
        </td>
        </tr>
<?
} // end for loop on rows
?>
<tr class="head">
<td>
<b><? print("$talk[7]: $forum_name"); ?></b>
</td>
</tr>

</table>
</center>
<br>
<?

// Back to the threads list
include("include/back_threads.inc");

// Back to forum list
include("include/back_forum.inc");
?>
<br>
<?
include("include/forum_nav.inc");
?>
<br><br>
<br><br>
<center>
<b><? print("$talk[8] $talk[40]"); ?></b>
<br>
<br>
</center>
<?
include("include/post.inc");


//  End $show=reply_list
break;


//##################################################
// sending a new message
case "new":

// array of all forums
include("include/forum_array.inc");

// Forum navigation
include("include/forum_nav.inc");

?>
<br>
<?

// Back to the messages list
include("include/back_threads.inc");

// Back to forum list
include("include/back_forum.inc");

?>
<br><br>
<?

// Post page
include("include/post.inc");

// end $show=new
break;


//##################################################
//  Storing message in MYSQL
case "postit":

include("include/mysql.inc");

// array of all forums
include("include/forum_array.inc");

// Checking the user fields
$checkemail="^[^@ ]+@[^@ ]+\.[^@ \.]+$";
if($name_post==""){
        print("$talk[24]\n");
        }elseif(!ereg($checkemail, $email_post, $trashed)){
        print("$talk[25]\n");
        }elseif($titre_post==""){
        print("$talk[26]\n");
        }elseif($msg==""){
        print("$talk[41]\n");
        }else{
        // End checking

        // security issue found by Ahmet Sabri ALPER
        $web_post=strip_tags($web_post);

        // add http:// to webpost if web_post is given
        if($web_post && !ereg("http://",$web_post)){
                $web_post="http://".$web_post;
        }

        //$msg_mail=htmlspecialchars(stripslashes($msg));
        // Take off spaces at the end of message
        $msg=ereg_replace(" +$","",$msg);
        //$msg=ereg_replace("\"","'",$msg);


        if($visu=="visu"){
                $msg_show=htmlfilt(stripslashes($msg),$nb_icons);
                $msg=htmlspecialchars(stripslashes($msg));
                $titre_post=htmlspecialchars(stripslashes($titre_post));
                $email_post=htmlspecialchars(stripslashes($email_post));
                $web_post=htmlspecialchars(stripslashes($web_post));
                $name_post=htmlspecialchars(stripslashes($name_post));

                ?>
                <br><br>
                <table width="95%" border="1" cellpadding="5">
                <tr class="head">
                <td>
                <b><? print("$talk[7]: $forum_name"); ?></b>
                </td>
                </tr>
                <tr class="row">
                <td><img src="icons_board/icon<? print("$icon_post"); ?>.gif" alt="icon"></img>
                &nbsp;
                <b><? print("$titre_post"); ?></b>
                <br><br>
                <? print("$talk[12]"); ?>:
                <a href="mailto:<?print("$email_post"); ?>"><? print("$name_post"); ?></a>
                &nbsp;&nbsp;&nbsp;
                <?
                if($web_post!=""){
                        print("$talk[13]"); ?>:
                        <a href="<? print("$web_post"); ?>"><? print(ereg_replace("http://","",$web_post)); ?></a>
                        &nbsp;&nbsp;&nbsp;
                        <?
                }
                print("$talk[14] ".strftime("%d %B %Y $talk[15] %H:%M", time()))
                ?>
                <br><hr><br>
                <? print("$msg_show"); ?>
                <br>
                </td>
                </tr>
                </table>
                <br><br>
                <form action="<? print("$SELF"); ?>" method="POST">
                <input type="hidden" name="show" value="<? print("$show_save"); ?>">
                <input type="hidden" name="postedit" value="<? print("$postedit"); ?>">
                <input type="hidden" name="threads" value="<? print("$threads"); ?>">
                <input type="hidden" name="rows_init" value="<? print("$rows_init"); ?>">
                <input type="hidden" name="titre_post" value="<? print("$titre_post"); ?>">
                <input type="hidden" name="name_post" value="<? print("$name_post"); ?>">
                <input type="hidden" name="email_post" value="<? print("$email_post"); ?>">
                <input type="hidden" name="web_post" value="<? print("$web_post"); ?>">
                <input type="hidden" name="msg_back" value="<? print("$msg"); ?>">
                <input type="hidden" name="icon_post" value="<? print("$icon_post"); ?>">
                <input type="hidden" name="id" value="<? print("$id"); ?>">
                <input type="hidden" name="id_edit" value="<? print("$id_edit"); ?>">
                <? include("include/all_forum_form.inc"); ?>
                <input type="submit" value="<? print("$talk[89]"); ?>">
                </form>

                &nbsp;&nbsp;&nbsp;&nbsp;

                <form action="<? print("$SELF"); ?>" method="POST">
                <input type="hidden" name="show" value="postit">
                <input type="hidden" name="postedit" value="<? print("$postedit"); ?>">
                <input type="hidden" name="threads" value="<? print("$threads"); ?>">
                <input type="hidden" name="rows_init" value="<? print("$rows_init"); ?>">
                <input type="hidden" name="titre_post" value="<? print("$titre_post"); ?>">
                <input type="hidden" name="msg" value="<? print("$msg"); ?>">
                <input type="hidden" name="reply" value="<? print("$reply"); ?>">
                <input type="hidden" name="id" value="<? print("$id"); ?>">
                <input type="hidden" name="id_edit" value="<? print("$id_edit"); ?>">
                <input type="hidden" name="name_post" value="<? print("$name_post"); ?>">
                <input type="hidden" name="email_post" value="<? print("$email_post"); ?>">
                <input type="hidden" name="icon_post" value="<? print("$icon_post"); ?>">
                <input type="hidden" name="web_post" value="<? print("$web_post"); ?>">
                <? include("include/all_forum_form.inc"); ?>
                <input type="submit" value="<? print("$talk[23]"); ?>">
                </form>

        <?
        }else{

        // Save original value for mailing before making html and tags work
        $titre_post_mail=$titre_post;
        $name_post_mail=$name_post;
        $email_post_mail=$email_post;
        $web_post_mail=$web_post;
        $msg_mail=$msg;

        // HTML tags work
        $titre_post = (ereg_replace("<", "&lt;", $titre_post));
        $titre_post = (ereg_replace(">", "&gt;", $titre_post));
        $name_post = (ereg_replace(">", "&gt;", $name_post));
        $name_post = (ereg_replace("<", "&lt;", $name_post));
        $msg = htmlfilt($msg,$nb_icons);


        $now = time();

        if(!$postedit){
                $query="INSERT INTO ".$forum." (name,icon,msg,reply,title,date,email,web) ";
                $query=$query."VALUES('$name_post','$icon_post','$msg','$reply','$titre_post','$now','$email_post','$web_post')";
        }else{
                $query="UPDATE ".$forum;
                $query=$query." SET name='$name_post',icon='$icon_post',msg='$msg',title='$titre_post',email='$email_post',web='$web_post' ";
                $query=$query."WHERE id='$id_edit'";
        }
        mysql_query($query);


        // Say thank you to the user  and make him get back to the right page
        ?>
        <b><? print("$talk[27]"); ?></b>
        <br><br>
        <?

// Back to forum list
include("include/back_forum.inc");
?>
<br><br>
<?
        if($reply=="0"){
                print("<b>$talk[5]</b>");
                include("include/enter_forum.inc");
                }else{
                include("include/back_reply.inc");
        }
        ?>
        <br><br>
        <?
        // Forum navigation
        include("include/forum_nav.inc");

        //email to admin
        if($prevenir && !$postedit){
                $emailmessage="$talk[28] $forum_name:\n".
                "$talk[19]: $titre_post_mail\n".
                "$talk[12]: $name_post_mail\nemail: $email_post\n\n".
                "$talk[20]:\n$msg_mail\n\n";
                mail($mailadmin,"$talk[28] $forum_name",$emailmessage);
        }
        } // end if visu
}

break;
//  End Storing message in MYSQL


// edit a message in admin mode
case "edit":

include("include/mysql.inc");

// array of all forums
include("include/forum_array.inc");


?>
<br>
<?
// Forum navigation
include("include/forum_nav.inc");

if(!isset($msg_back)){
        $query="SELECT * FROM $forum where id=$id_edit";
        $result=mysql_query($query);
        $row=mysql_fetch_array($result);
        $name_post=$row["name"];
        $icon_post=$row["icon"];
        $msg_back=$row["msg"];
        $msg_back=backhtmlfilt($msg_back,$nb_icons);
        $titre_post=$row["title"];
        $date=$row["date"];
        $email_post=$row["email"];
        $web_post=$row["web"];
        $web_post=strip_tags($web_post);
        $web_post=ereg_replace("http://","",$web_post);
}

if($auth){
        include("include/post.inc");
}

break;
// end edit message

} // end switch on $show


//Foot--------------------

include("include/foot.inc");

//  End board-tnk
Return current item: board-tnk