Location: PHPKode > projects > Ramui forum script > forum-script/gb/user/include/clspost.php
<?php
/*
Copyright (c) 2012 http://ramui.com. All right reserved.
This product is protected by copyright and distributed under licenses restricting copying, distribution. Permission is granted to the public to download and use this script provided that this Notice and any statement of authorship are reproduced in every page on all copies of the script.
*/
class post extends clslogin
{
private function add_post($fid)
{
		$title='Add new post';
		$max=sprintf("%d",$this->site['postsize']);
		$scriptfile='<script type="text/javascript" src="../script/comment.js"></script><script type="text/javascript">var bbCodeEditorID="content";var fid='.$fid.';var maxCodeLength='.$max.';</script>';
		$menu=$this->get_menu();
		include "include/head.php";
		include "include/add_post.php";
		include "include/footer.html";
}
private function edit_post($id)
{
		if(!($this->site['allowedit'])){@header("Location: index.php");exit;}
		$query=sprintf("SELECT* FROM ".PREFIX."post WHERE id = %u AND locked <> 'Y' AND publish = 'Y' AND uid = %u",$id,$this->uid);
		$result=@mysql_query($query);
		$num=@mysql_num_rows($result);
        if($num<1){$loc='../../index.php';@header("Location: $loc");exit;}
		$row =@mysql_fetch_array($result, MYSQL_ASSOC);
		$title=$row['title'];
		$max=sprintf("%d",$this->site['postsize']);
		$menu=$this->get_menu();
		$scriptfile='<script type="text/javascript" src="../script/comment.js"></script><script type="text/javascript">var bbCodeEditorID="content";var pid='.$id.';var maxCodeLength='.$max.';</script>';
		include "include/head.php";
		include "include/add_post.php";
		include "include/footer.html";
}
private function save_post($id='')
{
        $fid=(int)$_POST['fid'];
		if($id){$query=sprintf("SELECT tp.updated FROM ".PREFIX."post tp, ".PREFIX."forum tf WHERE tp.id = %u AND tf.id = tp.uid AND tf.locked <> 'Y' AND tf.publish = 'Y' AND tp.locked <> 'Y'",$id);}
		else{$query=sprintf("SELECT id FROM ".PREFIX."forum WHERE id =%u AND publish = 'Y' AND locked <> 'Y'",$fid);}
		$result=@mysql_query($query);
		$num_rows=@mysql_num_rows($result);
		if(empty($num_rows)){exit;}
		$row = @mysql_fetch_array($result, MYSQL_ASSOC);
		if((!$this->site['allowedit'])&&($row['updated']<(time()-900))&&($id)){echo '<span style="color:red; background-color:white;">Sorry! this board doesn\'t allow you to edit your post</span>';exit;}
		if((empty($_SESSION['fw_captcha_code']))||(md5($_POST['fw_captcha_code'])!==($_SESSION['fw_captcha_code']))){
            echo '<span style="color:red; background-color:white;">Error! wrong verification code. Please try again.</span>';
            exit;}
		$title=trim(fw_strip_slashes(rawurldecode($_POST["title"])));
		$title=htmlspecialchars(fw_remove_smarttag($title));
		$content=trim(fw_strip_slashes(rawurldecode($_POST["content"])));
		$content=fw_remove_smarttag($content);
		$autolink=(empty($_POST["autolink"])? 0 : 1);
		$s=fw_linkcount($content,$autolink);
		if($s>$this->site['linkperpost']){echo '<span style="color:red">Error! Maximum '.$this->site['linkperpost'].' URL allowed</span>';exit;}
		$content_text=mysql_real_escape_string(fw_bb2text($content));
		$dt=time();
		$publish=(($this->site['approval']=='A')? 'Y':'');
		$max_size=$this->site['postsize'];
		if((strlen($content)>$max_size)||(strlen($title)>80)){echo '<span style="color:red; background-color:white;">Unespected error! Please try again.</span>';exit;}
		$content=mysql_real_escape_string($content);
		$title=mysql_real_escape_string($title);
		$description=trim(fw_strip_slashes(rawurldecode($_POST["description"])));
		$tags=trim(fw_strip_slashes(rawurldecode($_POST["tags"])));
		$description=htmlspecialchars(fw_remove_smarttag($description));
		$description=str_replace("\n"," ",str_replace("\r","",$description));
		$tags=htmlspecialchars(fw_remove_smarttag($tags));
		if((strlen($description)>250)||(strlen($tags)>250)){echo '<span style="color:red; background-color:white;">Unespected error! Please try again.</span>';exit;}
		$description=mysql_real_escape_string($description);
		$tags=mysql_real_escape_string($tags);
		if(empty($id)){
			$query="INSERT INTO ".PREFIX."post(fid, title, description, keywords, uid, content, autolink, publish, updated, date) VALUES (%u, '%s', '%s', '%s', %u, '%s', $autolink, '$publish', $dt, $dt)";
			$query=sprintf($query,$fid,$title,$description,$tags,$this->uid,$content);
			@mysql_query($query);
			$pid=mysql_insert_id();
			if($pid){
				$query=sprintf("INSERT INTO ".PREFIX."search(title, keywords, description, pid, uid, publish, body) VALUES ('%s', '%s', '%s', %d, %d, '$publish', '%s')",$title,$tags,$description,$pid,$this->uid,$content_text);
				@mysql_query($query);
				$message=$pid.'<>'.'<span style="color:green; background-color:white;">'.(($this->site['approval']=='A')? 'Your message has been successfully posted':'Your message is waiting for approval').'</span>';}
		}
		else{
			$query="UPDATE ".PREFIX."post tp LEFT JOIN ".PREFIX."search ts ON tp.id = ts.pid SET ";
			$query.="tp.title = '%s', ts.title = '%s', tp.content = '%s', ts.body = '%s', tp.description = '%s', ts.description = '%s', tp.keywords = '%s', ts.keywords = '%s', tp.autolink = $autolink, tp.updated = $dt ";
			$query.="WHERE tp.id = %u";
			$query=sprintf($query,$title,$title,$content,$content_text,$description,$description,$tags,$tags,$id);
			@mysql_query($query);
			$message=$id.'<>'.'<span style="color:green; background-color:white;">Your message has been successfully posted</span>';
		}
		echo $message;exit;
}
public function get_query($qur)
{
		if(($this->admin)&&($qur[1]=="3")){
			$loc="../admin/index.php?qur=2M1M".$qur[2];
			@header("Location: $loc");exit;
		}
		$message='';
		if($this->verify_user($message)){
			switch ($qur[1]){
				case "1":
					$this->add_post($qur[2]);
				break;
				case "2":
					$this->save_post($qur[2]);
				break;
				case "3":
					$this->edit_post($qur[2]);
				break;
				case "5":
					$this->log_out();
				break;
				default:
					@header("Location: index.php");
			}
		}
		else{
			if($qur[1]!="2"){$this->log_in($message);}
		}
}
}
?>
Return current item: Ramui forum script