<?php
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
require("include.php");
require("functions/functions.watch.php");
if ((isset($_POST['submit'])) && ($_POST['submit'] == "say it")) {
bco_insert_reply($_POST);
exit;
}
if (isset($_GET['action'])) {
switch ($_GET['action']) {
case "watch":
if (watch($_GET['id'])) {
bco_html_header(BOARD_TITLE);
bco_index_menu(BOARD_TITLE . " - Successfully added thread to watch list.");
// Display a nice message about no new messages.
echo "\n<table width=\"100%\" cellpadding=\"2\" cellspacing=\"0\" class=\"replytable\">";
echo "\n <tr>";
echo "\n <td class=\"tr1\" colspan=\"5\"><div align=\"center\">Success!<br />";
echo "\n <a href=\"view_topic.php?id=$_GET[id]\" class=\"tr1link\">Go back to the thread.</a><br /><br />";
echo "\n <a href=\"index.php\" class=\"tr1link\">Go back to the index.</a></div></td>";
echo "\n </tr>";
echo "\n</table>";
bco_html_footer();
exit;
} else {
bco_error("Add watch failed.");
}
case "unwatch":
if (unwatch($_GET['id'])) {
bco_html_header(BOARD_TITLE);
bco_index_menu(BOARD_TITLE . " - Successfully removed thread to watch list.");
// Display a nice message about no new messages.
echo "\n<table width=\"100%\" cellpadding=\"2\" cellspacing=\"0\" class=\"replytable\">";
echo "\n <tr>";
echo "\n <td class=\"tr1\" colspan=\"5\"><div align=\"center\">Success!<br />";
echo "\n <a href=\"view_topic.php?id=$_GET[id]\" class=\"tr1link\">Go back to the thread.</a><br /><br />";
echo "\n <a href=\"index.php\" class=\"tr1link\">Go back to the index.</a></div></td>";
echo "\n </tr>";
echo "\n</table>";
bco_html_footer();
exit;
} else {
bco_error("Remove watch failed.");
}
case "update":
if (update_watch($_GET['id'])) {
bco_html_header(BOARD_TITLE);
bco_index_menu(BOARD_TITLE . " - Successfully updated thread in watch list.");
// Display a nice message about no new messages.
echo "\n<table width=\"100%\" cellpadding=\"2\" cellspacing=\"0\" class=\"replytable\">";
echo "\n <tr>";
echo "\n <td class=\"tr1\" colspan=\"5\"><div align=\"center\">Success!<br />";
echo "\n <a href=\"view_topic.php?id=$_GET[id]\" class=\"tr1link\">Go back to the thread.</a><br /><br />";
echo "\n <a href=\"index.php\" class=\"tr1link\">Go back to the index.</a></div></td>";
echo "\n </tr>";
echo "\n</table>";
bco_html_footer();
exit;
} else {
bco_error("Remove watch failed.");
}
default:
break;
}
}
$query = "select subject, views, sticky, locked from subject_index where id=$_GET[id]";
if (!$result = pg_query($query)) {
bco_error("Get thread inforation query failed.");
}
unset($query);
if (pg_num_rows($result) == 0) {
bco_error("Sorry $_GET[id] is not a valid thread id.");
unset($result);
}
$thread_info = pg_fetch_array($result);
unset($result);
$subject = stripslashes($thread_info['subject']);
// urlencode the subject so we can transfer it to the reply function
$subject_url = urlencode($subject);
$sticky = $thread_info['sticky'];
$locked = $thread_info['locked'];
$views = $thread_info['views'];
unset($thread_info);
/* This query get's all the shit for the thread. */
if ($is_admin) {
$query = "select id, createdby, username, extract(epoch from postdate) as postdate_epoch, msgbody, ip, ip_forwarded_for";
$query .= " from messages";
$query .= " where id_subject=$_GET[id] order by postdate asc";
} else {
$query = "select id, createdby, username, extract(epoch from postdate) as postdate_epoch, msgbody";
$query .= " from messages";
$query .= " where id_subject=$_GET[id] order by postdate asc";
}
//echo $query;
if (!$result = pg_query($query)) {
bco_error("MySQL said: " . pg_last_error());
unset($query);
}
bco_html_header("$subject - " . BOARD_TITLE);
bco_index_menu("$subject ($views views)");
unset($subject, $views);
echo <<< END
\n<table width="100%" cellpadding="1" cellspacing="0" class="threadtable">
END;
while ($row = pg_fetch_assoc($result)) {
$id = $row['id'];
$userid = $row['createdby'];
$postdate = date("M dS, Y \a\\t h:i:s a", $row['postdate_epoch']);
$username = $row['username'];
if ($is_admin) {
$ip = $row['ip'];
$ip_forwarded_for = $row['ip_fowarded_for'];
}
if ($user_data['images'] == 0) {
$msgbody = nl2br(bco_remove_images(stripslashes($row['msgbody'])));
} else {
$msgbody = nl2br(stripslashes($row['msgbody']));
}
if ($userid == $user_array['myuserid']) {
$row_class = " class=\"mypostthread\"";
$link_class = "mypost";
} else {
$row_class = " class=\"tr2thread\"";
$link_class = "tr2";
}
if (isset($_GET['highlight'])) {
$msgbody = eregi_replace(" $_GET[highlight] ", " <strong>$_GET[highlight]</strong> ", $msgbody);
}
echo "\n <tr>";
echo "\n <td$row_class>";
echo "<a name=\"$id\"></a>";
echo " <a href=\"view_profile.php?id=$userid\" class=\"$link_class\"><strong>$username</strong></a> posted this on $postdate";
if ($is_admin) {
if (($ip_fowarded_for != '') && ($ip_forwarded_for != 'unknown')) {
echo " [$ip_forwarded_for -> <a href=\"admin/admin.php?mode=gethost&ip=$ip\" class=\"$link_class\">ip/host info</a>]";
} else {
echo " [<a href=\"admin/admin.php?mode=gethost&ip=$ip\" class=\"$link_class\">ip/host info</a>]";
}
}
echo "\n </td>";
echo "\n </tr>";
echo "\n <tr>";
echo "\n <td class=\"tr1\">$msgbody<br /><br /></td>";
echo "\n </tr>\n";
}
if ($watch_link != "") {
$watch_link = " || $watch_link";
}
echo <<< END
</table>
<a href="JavaScript: history.go(-1)">back to the shit</a>
<br />
END;
if ($locked == 0) {
echo "\n<br />";
echo "\n<form method=\"post\" action=\"$PHP_SELF\">";
echo "\n<table cellpadding=\"1\" cellspacing=\"0\" width=\"100%\" class=\"replytable\">";
echo "\n <tr>";
echo "\n <td align=\"right\" width=\"120\" valign=\"top\">username:</td>";
echo "\n <td align=\"left\">";
echo "<input type=\"text\" name=\"username\" size=\"25\" maxlength=\"25\" value=\"$user_array[username]\" class=\"textfield\" />";
echo "</td>";
echo "\n </tr>";
echo "\n <tr>";
echo "\n <td align=\"right\" width=\"120\" valign=\"top\">password:</td>";
echo "\n <td align=\"left\">";
echo "<input type=\"password\" name=\"password\" size=\"25\" maxlength=\"25\" value=\"$user_array[password]\" class=\"textfield\" />";
echo "</td>";
echo "\n </tr>";
echo "\n <tr>";
echo "\n <td align=\"right\" width=\"120\" valign=\"top\">say that shit:</td>";
echo "\n <td align=\"left\"><textarea name=\"msgbody\" rows=\"10\" cols=\"70\" class=\"textfield\"></textarea></td>";
echo "\n </tr>";
echo "\n <tr>";
echo "\n <td align=\"right\" width=\"120\"> </td>";
echo "\n <td align=\"left\">";
echo "<input type=\"submit\" name=\"submit\" value=\"say it\" class=\"button\" />";
echo "<input type=\"checkbox\" name=\"unhtml\" value=\"true\" /> Disable html.</td>";
echo "\n </tr>";
echo "\n</table>";
echo "\n<input type=\"hidden\" name=\"id\" value=\"$_GET[id]\" />";
echo "\n<input type=\"hidden\" name=\"ip\" value=\"$_SERVER[REMOTE_ADDR]\" />";
echo "\n<input type=\"hidden\" name=\"subject\" value=\"$subject_url\" />";
echo "\n</form>";
} else {
echo "\n<table cellpadding=\"1\" cellspacing=\"0\" width=\"100%\" class=\"replytable\">";
echo "\n <tr>";
echo "\n <td align=\"center\" valign=\"top\"><h3>This thread is locked. No more replies can be added.</h3></td>";
echo "\n </td>";
echo "\n </tr>";
echo "\n</table>";
}
bco_html_footer();
// And this one updates the viewed field in the subjects index
$update_views_query = "UPDATE subject_index set views=views+1 where id='$_GET[id]'";
pg_query("BEGIN");
// Run the update query here
if (!pg_query($update_views_query)) {
bco_error("MySQL said: " . pg_last_error());
unset($update_views_query);
}
pg_query("COMMIT");
function bco_insert_reply($_POST)
{
//
// Turn the runtime off so things will work like I want them to.
//
set_magic_quotes_runtime(0);
global $user_array, $user_data;
if (bco_authorize_user($_POST['username'],$_POST['password'])) {
$get_myuserid_query = "SELECT id from users where lower(username)=lower('$_POST[username]') and password='" . md5($_POST['password']) . "'";
$replyuserid = pg_fetch_result(pg_query($get_myuserid_query), 0);
// Get the time between posts and make sure the user hasn't posted within that timeframe.. if he/she has, then spew an error.
$time_between_posts_query = "select config_value from bco_config where config_name='time_between_replies'";
if (!$time_between_posts = pg_fetch_result(pg_query($time_between_posts_query), 0)) {
bco_error("Getting config value \"time_between_posts\" failed.<br />" . pg_last_error());
}
// Make sure the user hasn't posted within that timeframe.. if he/she has, then spew an error.
$lastpost_time_query = "select id from users where id=$replyuserid and last_post > NOW() - '$time_between_posts seconds'::interval";
if (pg_num_rows(pg_query($lastpost_time_query)) == 1) {
bco_error("You are posting faster than the limit. Please chill.");
}
if (!is_numeric($_POST['id'])) {
bco_error("The id is not an integer");
}
$thread_exists_query = "select id from subject_index where id=$_POST[id]";
if (pg_num_rows(pg_query($thread_exists_query)) == 0) {
bco_error("The thread you are replying to, does not exist.");
}
$is_locked_query = "select locked from subject_index where id=$_POST[id]";
if (!$locked_result = pg_query($is_locked_query)) {
bco_error("Hrm.");
}
if ($locked_value = pg_fetch_result($locked_result, 0)) {
bco_error("uh oh!");
}
if ($locked_value == "1") {
bco_error("It's locked for a reason, pal.");
}
$id = trim($_POST[ip]);
if (!eregi("[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}", $_POST['ip'])) {
bco_error("Your ip address is not of a x.x.x.x format.");
}
// If the data coming in contains a ' " \ or / they will not be escaped by php automatically since
// they are urlencoded. Addslashes HAS to be done here.
$subject = trim(addslashes(urldecode($_POST['subject'])));
if ($_POST['unhtml'] == "true") {
$msgbody = trim(addslashes(htmlentities($_POST['msgbody'])));
} else {
$msgbody = trim(addslashes(bco_clean_html($_POST['msgbody'])));
}
if ($msgbody == "") {
bco_error("The message body is empty. I'm not into that.");
}
$forward_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
if ($forward_ip == '') {
$forward_ip = '0.0.0.0';
}
pg_query("BEGIN");
$reply_query = "INSERT INTO messages (id_subject, createdby, username, ip, ip_forwarded_for, postdate, msgbody, subject)";
$reply_query .= " values";
$reply_query .= " ('$_POST[id]', '$replyuserid', '$_POST[username]', '$_SERVER[REMOTE_ADDR]', '$forward_ip', NOW(), '$msgbody', '$subject')";
if (!pg_query($reply_query)) {
pg_query("ROLLBACK");
bco_error("MySQL said: " . pg_last_error() . "<br />$reply_query");
}
/* Let's increment the replies here. */
$update_subjects_query = "UPDATE subject_index set replies=replies+1, lastpost_date=NOW(), lastpost_by='$_POST[username]' where id='$_POST[id]'";
if (!pg_query($update_subjects_query)) {
pg_query("ROLLBACK");
bco_error("MySQL said: " . pg_last_error());
}
/* Done updating replies */
/* Time to update the last time posted date in the users table */
//$posters_column_update_query = "update users set last_post=NOW(), last_view=NOW() where id=$replyuserid";
/* $query = "INSERT INTO active_users
(username, date, posted, hidden)
values
('$_POST[username]', NOW(), '1', '$user_data[hidden]')";
if (!pg_query($query)) {
pg_query("ROLLBACK");
bco_error("MySQL said uh: " . pg_last_error() . "<br />$query");
}*/
pg_query("COMMIT");
header("Location: $GLOBALS[base_url]");
exit;
}
}
//print_r($GLOBALS);
?>