Location: PHPKode > projects > top serious project > bco/view_topic.php
<?php

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

require("include.php");
require("functions/functions.watch.php");

if ((isset($_POST['submit'])) && ($_POST['submit'] == "say it")) {
	bco_insert_reply($_POST);
	exit;
}

if (isset($_GET['action'])) {
    switch ($_GET['action']) {
    case "watch":
        if (watch($_GET['id'])) {
            bco_html_header(BOARD_TITLE);

            bco_index_menu(BOARD_TITLE . " - Successfully added thread to watch list.");

            // Display a nice message about no new messages.
            echo "\n<table width=\"100%\" cellpadding=\"2\" cellspacing=\"0\" class=\"replytable\">";
            echo "\n    <tr>";
            echo "\n        <td class=\"tr1\" colspan=\"5\"><div align=\"center\">Success!<br />";
            echo "\n        <a href=\"view_topic.php?id=$_GET[id]\" class=\"tr1link\">Go back to the thread.</a><br /><br />";
            echo "\n        <a href=\"index.php\" class=\"tr1link\">Go back to the index.</a></div></td>";
            echo "\n    </tr>";
            echo "\n</table>";

            bco_html_footer();
            exit;
        } else {
            bco_error("Add watch failed.");
        }

    case "unwatch":
        if (unwatch($_GET['id'])) {
            bco_html_header(BOARD_TITLE);

            bco_index_menu(BOARD_TITLE . " - Successfully removed thread to watch list.");

            // Display a nice message about no new messages.
            echo "\n<table width=\"100%\" cellpadding=\"2\" cellspacing=\"0\" class=\"replytable\">";
            echo "\n    <tr>";
            echo "\n        <td class=\"tr1\" colspan=\"5\"><div align=\"center\">Success!<br />";
            echo "\n        <a href=\"view_topic.php?id=$_GET[id]\" class=\"tr1link\">Go back to the thread.</a><br /><br />";
            echo "\n        <a href=\"index.php\" class=\"tr1link\">Go back to the index.</a></div></td>";
            echo "\n    </tr>";
            echo "\n</table>";

            bco_html_footer();
            exit;
        } else {
            bco_error("Remove watch failed.");
        }

	case "update":
		if (update_watch($_GET['id'])) {
            bco_html_header(BOARD_TITLE);

            bco_index_menu(BOARD_TITLE . " - Successfully updated thread in watch list.");

            // Display a nice message about no new messages.
            echo "\n<table width=\"100%\" cellpadding=\"2\" cellspacing=\"0\" class=\"replytable\">";
            echo "\n    <tr>";
            echo "\n        <td class=\"tr1\" colspan=\"5\"><div align=\"center\">Success!<br />";
            echo "\n        <a href=\"view_topic.php?id=$_GET[id]\" class=\"tr1link\">Go back to the thread.</a><br /><br />";
            echo "\n        <a href=\"index.php\" class=\"tr1link\">Go back to the index.</a></div></td>";
            echo "\n    </tr>";
            echo "\n</table>";

            bco_html_footer();
            exit;
        } else {
            bco_error("Remove watch failed.");
        }

    default:
        break;
    }
}

$query = "select subject, views, sticky, locked from subject_index where id=$_GET[id]";

if (!$result = pg_query($query)) {
	bco_error("Get thread inforation query failed.");
}
unset($query);

if (pg_num_rows($result) == 0) {
	bco_error("Sorry $_GET[id] is not a valid thread id.");
	unset($result);
}

$thread_info = pg_fetch_array($result);
unset($result);

$subject = stripslashes($thread_info['subject']);
// urlencode the subject so we can transfer it to the reply function
$subject_url = urlencode($subject);
$sticky = $thread_info['sticky'];
$locked = $thread_info['locked'];
$views = $thread_info['views'];
unset($thread_info);
/* This query get's all the shit for the thread. */
if ($is_admin) {
    $query  = "select id, createdby, username, extract(epoch from postdate) as postdate_epoch, msgbody, ip, ip_forwarded_for";
    $query .= " from messages";
    $query .= " where id_subject=$_GET[id] order by postdate asc";	
} else {
	$query  = "select id, createdby, username, extract(epoch from postdate) as postdate_epoch, msgbody";
	$query .= " from messages";
	$query .= " where id_subject=$_GET[id] order by postdate asc";
}

//echo $query;

if (!$result = pg_query($query)) {
    bco_error("MySQL said: " . pg_last_error());
    unset($query);
}

bco_html_header("$subject - " . BOARD_TITLE);

bco_index_menu("$subject ($views views)");
unset($subject, $views);

echo <<< END
\n<table width="100%" cellpadding="1" cellspacing="0" class="threadtable">
END;

while ($row = pg_fetch_assoc($result)) {
	$id 		= $row['id'];
	$userid		= $row['createdby'];
	$postdate	= date("M dS, Y \a\\t h:i:s a", $row['postdate_epoch']);
    $username 	= $row['username'];
	if ($is_admin) {
		$ip 				= $row['ip'];
		$ip_forwarded_for 	= $row['ip_fowarded_for'];
	}

    if ($user_data['images'] == 0) {
    	$msgbody	= nl2br(bco_remove_images(stripslashes($row['msgbody'])));
    } else {
        $msgbody  = nl2br(stripslashes($row['msgbody']));
    }
    
    if ($userid == $user_array['myuserid']) {
        $row_class = " class=\"mypostthread\"";
        $link_class = "mypost";
    } else {
        $row_class   = " class=\"tr2thread\"";
        $link_class = "tr2";
    }

    if (isset($_GET['highlight'])) {
        $msgbody = eregi_replace(" $_GET[highlight] ", " <strong>$_GET[highlight]</strong> ", $msgbody);
    }

    echo "\n    <tr>";
    echo "\n        <td$row_class>";
    echo "<a name=\"$id\"></a>";
    echo " <a href=\"view_profile.php?id=$userid\" class=\"$link_class\"><strong>$username</strong></a> posted this on $postdate";
	if ($is_admin) {
		if (($ip_fowarded_for != '') && ($ip_forwarded_for != 'unknown')) {
			echo " [$ip_forwarded_for -> <a href=\"admin/admin.php?mode=gethost&amp;ip=$ip\" class=\"$link_class\">ip/host info</a>]";
		} else {
			echo " [<a href=\"admin/admin.php?mode=gethost&amp;ip=$ip\" class=\"$link_class\">ip/host info</a>]";
		}
	}
	echo "\n		</td>";
    echo "\n    </tr>";
    echo "\n    <tr>";
    echo "\n        <td class=\"tr1\">$msgbody<br /><br /></td>";
    echo "\n    </tr>\n";
}

if ($watch_link != "") {
    $watch_link = " || $watch_link";
}

echo <<< END
</table>
<a href="JavaScript: history.go(-1)">back to the shit</a>
<br />
END;

if ($locked == 0) {
    echo "\n<br />";
    echo "\n<form method=\"post\" action=\"$PHP_SELF\">";
    echo "\n<table cellpadding=\"1\" cellspacing=\"0\" width=\"100%\" class=\"replytable\">";
    echo "\n    <tr>";
    echo "\n        <td align=\"right\" width=\"120\" valign=\"top\">username:</td>";
    echo "\n        <td align=\"left\">";
    echo "<input type=\"text\" name=\"username\" size=\"25\" maxlength=\"25\" value=\"$user_array[username]\" class=\"textfield\" />";
    echo "</td>";
    echo "\n    </tr>";
    echo "\n    <tr>";
    echo "\n        <td align=\"right\" width=\"120\" valign=\"top\">password:</td>";
    echo "\n        <td align=\"left\">";
    echo "<input type=\"password\" name=\"password\" size=\"25\" maxlength=\"25\" value=\"$user_array[password]\" class=\"textfield\" />";
    echo "</td>";
    echo "\n    </tr>";
    echo "\n    <tr>";
    echo "\n        <td align=\"right\" width=\"120\" valign=\"top\">say&nbsp;that&nbsp;shit:</td>";
    echo "\n        <td align=\"left\"><textarea name=\"msgbody\" rows=\"10\" cols=\"70\" class=\"textfield\"></textarea></td>";
    echo "\n    </tr>";
    echo "\n    <tr>";
    echo "\n        <td align=\"right\" width=\"120\">&nbsp;</td>";
    echo "\n    <td align=\"left\">";
    echo "<input type=\"submit\" name=\"submit\" value=\"say it\" class=\"button\" />";
    echo "<input type=\"checkbox\" name=\"unhtml\" value=\"true\" /> Disable html.</td>";
    echo "\n    </tr>";
    echo "\n</table>";
    echo "\n<input type=\"hidden\" name=\"id\" value=\"$_GET[id]\" />";
    echo "\n<input type=\"hidden\" name=\"ip\" value=\"$_SERVER[REMOTE_ADDR]\" />";
    echo "\n<input type=\"hidden\" name=\"subject\" value=\"$subject_url\" />";
    echo "\n</form>";
} else {
    echo "\n<table cellpadding=\"1\" cellspacing=\"0\" width=\"100%\" class=\"replytable\">";
    echo "\n    <tr>";
    echo "\n        <td align=\"center\" valign=\"top\"><h3>This thread is locked. No more replies can be added.</h3></td>";
    echo "\n        </td>";
    echo "\n    </tr>";
    echo "\n</table>";
}

bco_html_footer();

// And this one updates the viewed field in the subjects index
$update_views_query = "UPDATE subject_index set views=views+1 where id='$_GET[id]'";

pg_query("BEGIN");
// Run the update query here
if (!pg_query($update_views_query)) {
    bco_error("MySQL said: " . pg_last_error());
    unset($update_views_query);
}
pg_query("COMMIT");

function bco_insert_reply($_POST)
{
    //
    // Turn the runtime off so things will work like I want them to.
    //
    set_magic_quotes_runtime(0);
    
    global $user_array, $user_data;
	
	if (bco_authorize_user($_POST['username'],$_POST['password'])) {
		$get_myuserid_query = "SELECT id from users where lower(username)=lower('$_POST[username]') and password='" . md5($_POST['password']) . "'";
		$replyuserid = pg_fetch_result(pg_query($get_myuserid_query), 0);
        // Get the time between posts and make sure the user hasn't posted within that timeframe.. if he/she has, then spew an error.
        $time_between_posts_query = "select config_value from bco_config where config_name='time_between_replies'";
        if (!$time_between_posts = pg_fetch_result(pg_query($time_between_posts_query), 0)) {
            bco_error("Getting config value \"time_between_posts\" failed.<br />" . pg_last_error());
        }
        // Make sure the user hasn't posted within that timeframe.. if he/she has, then spew an error.
        $lastpost_time_query = "select id from users where id=$replyuserid and last_post > NOW() - '$time_between_posts seconds'::interval";
        if (pg_num_rows(pg_query($lastpost_time_query)) == 1) {
            bco_error("You are posting faster than the limit. Please chill.");
        }
		if (!is_numeric($_POST['id'])) {
			bco_error("The id is not an integer");
		}
        $thread_exists_query = "select id from subject_index where id=$_POST[id]";
        if (pg_num_rows(pg_query($thread_exists_query)) == 0) {
            bco_error("The thread you are replying to, does not exist.");
        }

        $is_locked_query = "select locked from subject_index where id=$_POST[id]";
        if (!$locked_result = pg_query($is_locked_query)) {
            bco_error("Hrm.");
        }

        if ($locked_value = pg_fetch_result($locked_result, 0)) {
            bco_error("uh oh!");
        }
		
        if ($locked_value == "1") {
            bco_error("It's locked for a reason, pal.");
        }

        $id = trim($_POST[ip]);
		if (!eregi("[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}", $_POST['ip'])) {
			bco_error("Your ip address is not of a x.x.x.x format.");
		}
        // If the data coming in contains a ' " \ or / they will not be escaped by php automatically since 
        // they are urlencoded. Addslashes HAS to be done here.
        $subject = trim(addslashes(urldecode($_POST['subject'])));
        if ($_POST['unhtml'] == "true") {
            $msgbody = trim(addslashes(htmlentities($_POST['msgbody'])));
        } else {
            $msgbody = trim(addslashes(bco_clean_html($_POST['msgbody'])));
        }
		if ($msgbody == "") {
			bco_error("The message body is empty. I'm not into that.");
		}

	    $forward_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
	    if ($forward_ip == '') {
			$forward_ip = '0.0.0.0';
		}
        pg_query("BEGIN");
		$reply_query  = "INSERT INTO messages (id_subject, createdby, username, ip, ip_forwarded_for, postdate, msgbody, subject)";
		$reply_query .= " values";
		$reply_query .= " ('$_POST[id]', '$replyuserid', '$_POST[username]', '$_SERVER[REMOTE_ADDR]', '$forward_ip', NOW(), '$msgbody', '$subject')";
		if (!pg_query($reply_query)) {
            pg_query("ROLLBACK");
			bco_error("MySQL said: " . pg_last_error() . "<br />$reply_query");
		}
		
        /* Let's increment the replies here. */
		$update_subjects_query = "UPDATE subject_index set replies=replies+1, lastpost_date=NOW(), lastpost_by='$_POST[username]' where id='$_POST[id]'";
		
		if (!pg_query($update_subjects_query)) {
            pg_query("ROLLBACK");
			bco_error("MySQL said: " . pg_last_error());
		}
		/* Done updating replies */
        
        /* Time to update the last time posted date in the users table */
        //$posters_column_update_query = "update users set last_post=NOW(), last_view=NOW() where id=$replyuserid";
/*        $query = "INSERT INTO active_users
                  (username, date, posted, hidden)
                  values
                  ('$_POST[username]', NOW(), '1', '$user_data[hidden]')";
        if (!pg_query($query)) {
            pg_query("ROLLBACK");
            bco_error("MySQL said uh: " . pg_last_error() . "<br />$query");
        }*/
        pg_query("COMMIT");
        header("Location: $GLOBALS[base_url]");
        exit;
	}
}

//print_r($GLOBALS);

?>
Return current item: top serious project