Location: PHPKode > projects > Warp.cms - php/mysql content management > warp_121/forum_op.php
<?php

// [forum operations module v.1.2.1]
// xantis.warp.cms - version 1.2
// (c) 2002 xantis - all rights reserved
// this code is registered and protected by international copyrights laws


//####### Register Globals !

extract($HTTP_ENV_VARS);
extract($HTTP_GET_VARS);
extract($HTTP_POST_VARS);
extract($HTTP_COOKIE_VARS);
extract($HTTP_SERVER_VARS);

//#########################

$ysecure = rawurldecode($ysecure);
$ysecure = base64_decode ($ysecure);
if ($ysecure == 'forumfrmok') {
	$xnt_control_var = 'xnt2002warp.cms';
} //end if

if (empty($yfilename)) {
	$yfilename = 'forum_op.php';
} //end if

require("lib_adv.php");

//##################################################


function xforum_post () {
//--------------------------------

global	$wxu, $wxp ;

global 	$yforum_err_post, $yforum_thanks_post, $ywebsite_addr, 
	$yforum_reply_title_short, $yforum_announce_new_reply,
	$yforum_sender, $yforum_thanks_updated ;

global 	$subj_var, $msg_var, $userid_var, $blockid_var, $op_var ;

global 	$arr_var_result;

global	$REQUEST_METHOD, $QUERY_STRING, $y_warp_direct_file_acc_msg_reff ;

//--------------------------------

//-----------------------------------in vars
$subj_var = rawurldecode($subj_var);
$msg_var = rawurldecode($msg_var);
$userid_var = rawurldecode($userid_var);
$blockid_var = rawurldecode($blockid_var);
$op_var = rawurldecode($op_var);
//-------------------------------------------

//-----------------------------------process the vars
$pst_subj_adv = trim("$subj_var");
$pst_subj_adv = stripslashes("$pst_subj_adv");
$pst_subj_adv = htmlspecialchars("$pst_subj_adv");
$pst_subj_adv = ereg_replace ('  ', '&nbsp;&nbsp;', $pst_subj_adv);
$pst_subj_adv = addslashes ("$pst_subj_adv");

$pst_msg_adv = trim("$msg_var");
$pst_msg_adv = stripslashes("$pst_msg_adv");
$pst_msg_adv = xflash_rtf_to_html ("$pst_msg_adv");
$pst_msg_adv = addslashes ("$pst_msg_adv");

//locals
$pst_xdate = date("Y-m-d");
$pst_xtime = date("H:i:s");
//-------------------------------------------


//check request method
if ( ($REQUEST_METHOD <> 'POST') OR (!empty($QUERY_STRING)) ) {

	die (
	"&xcheck_load_controlvar=".rawurlencode('ok').
	"&xcheck_data_controlvar=".rawurlencode('notok').
	"&flash_form_text_err=".rawurlencode($y_warp_direct_file_acc_msg_reff).
	"&flash_form_text_oky=".rawurlencode("XXX").
	"&"
	) ;

} //end if


//------------------------ get user auth
//read from users
xmysql_read_data_fl ("SELECT id, usr_name FROM users WHERE ( (MD5(usr_name)='$wxu') AND (MD5(usr_pass)='$wxp') )");
$hlocx_usr_vfy = $arr_var_result[0];
// redeclare sender var
$pst_sender_adv = $arr_var_result[1];
//------------------------ 


//################################################## NEW TOPIC

if ($op_var == 'topic') {


//------------------------ //categ verify
xmysql_read_data_fl ("SELECT id, topic_lock FROM forum_categs WHERE (id='$blockid_var') ");
$hlocx_categ_vfy = $arr_var_result[0];
$hlocx_categ_lock_vfy = $arr_var_result[1];
//------------------------

//--------------------check categ lock
$hlocal_usr_categ_checker = 'ok';

if ($hlocx_categ_lock_vfy == 'y') {
	$hlocal_usr_categ_checker = 'notok';
} //end if
//--------------------data verify

if ( ($hlocx_categ_vfy <> $blockid_var) OR ($hlocx_usr_vfy <> $userid_var) ) {
	$hlocal_usr_categ_checker = 'notok';
} //end if
if ( (empty($hlocx_categ_vfy)) OR (empty($hlocx_usr_vfy))) {
	$hlocal_usr_categ_checker = 'notok';
} //end if

//--------------------


$fcategid = $hlocx_categ_vfy;
$fuserxyid = $hlocx_usr_vfy;

$xcheck_load_controlvar = 'ok';

if ( (empty($fcategid)) OR (empty($pst_subj_adv)) OR (empty($pst_msg_adv)) OR (empty($pst_sender_adv)) OR ($hlocal_usr_categ_checker<>'ok') ) {
	$xcheck_data_controlvar = 'notok';
} //end if
else {
	xmysql_write_data_fl ("INSERT INTO forum_topics (subject, message, sender, w_date, w_time, block, w_uid_auth) VALUES ('$pst_subj_adv', '$pst_msg_adv', '$pst_sender_adv', '$pst_xdate', '$pst_xtime', '$fcategid', '$fuserxyid')");

	$xcheck_data_controlvar = 'ok';
} //end else


echo(	"&xcheck_load_controlvar=".rawurlencode($xcheck_load_controlvar).
	"&xcheck_data_controlvar=".rawurlencode($xcheck_data_controlvar).
	"&flash_form_text_err=".rawurlencode($yforum_err_post).
	"&flash_form_text_oky=".rawurlencode($yforum_thanks_post).
	"&"
);

} //end if

//##################################################


//################################################## NEW REPLY

if ($op_var == 'reply') {

//------------------------ //categ verify
xmysql_read_data_fl ("SELECT id, w_uid_auth, block FROM forum_topics WHERE (id='$blockid_var') ");
$hlocx_categ_vfy = $arr_var_result[0];
$hlocx_thecateg_block = $arr_var_result[2];
//------------------------

//------------------------ // get originator e-mail
xmysql_read_data_fl ("SELECT usr_email FROM users WHERE (id='$arr_var_result[1]')");
$hh_xusr_email_addr = $arr_var_result[0];
//------------------------


//--------------------data verify
$hlocal_usr_categ_checker = 'ok';
if ( ($hlocx_categ_vfy <> $blockid_var) OR ($hlocx_usr_vfy <> $userid_var) ) {
	$hlocal_usr_categ_checker = 'notok';
} //end if
if ( (empty($hlocx_categ_vfy)) OR (empty($hlocx_usr_vfy))) {
	$hlocal_usr_categ_checker = 'notok';
} //end if
//--------------------

$ftopicid = $hlocx_categ_vfy;
$fuserxyid = $hlocx_usr_vfy;

$xcheck_load_controlvar = 'ok';

if ( (empty($ftopicid)) OR (empty($pst_subj_adv)) OR (empty($pst_msg_adv)) OR (empty($pst_sender_adv)) OR ($hlocal_usr_categ_checker<>'ok') ) {
	$xcheck_data_controlvar = 'notok';
} //end if
else {
	xmysql_write_data_fl ("INSERT INTO forum_replies (subject, message, sender, w_date, w_time, block, block_c, w_uid_auth) VALUES ('$pst_subj_adv', '$pst_msg_adv', '$pst_sender_adv', '$pst_xdate', '$pst_xtime', '$ftopicid', '$hlocx_thecateg_block', '$fuserxyid')");

	xmysql_read_data_fl ("SELECT subject FROM forum_topics WHERE (id='$ftopicid')");

	mail($hh_xusr_email_addr, $yforum_announce_new_reply,
		$yforum_announce_new_reply.' : '.$arr_var_result[0]."\n".
		$yforum_reply_title_short.' : '.$pst_subj_adv."\n".
		'-----------------------------------'."\n".
		$yforum_sender.' : '.$pst_sender_adv."\n".
		$pst_xdate.'  -  '.$pst_xtime."\n".
		'-----------------------------------'."\n".
		$ywebsite_addr."\n".
		'-----------------------------------'."\n"
	);

	$xcheck_data_controlvar = 'ok';
} //end else


echo(	"&xcheck_load_controlvar=".rawurlencode($xcheck_load_controlvar).
	"&xcheck_data_controlvar=".rawurlencode($xcheck_data_controlvar).
	"&flash_form_text_err=".rawurlencode($yforum_err_post).
	"&flash_form_text_oky=".rawurlencode($yforum_thanks_post).
	"&"
);

} //end if

//##################################################


//################################################## EDIT TOPIC

if ($op_var == 'xedtt') {


//------------------------ //categ verify
xmysql_read_data_fl ("SELECT id FROM forum_topics WHERE ( (id='$blockid_var') AND (w_uid_auth='$hlocx_usr_vfy') ) ");
$hlocx_topic_vfy = $arr_var_result[0];
//------------------------


//--------------------data verify
$hlocal_usr_categ_checker = 'ok';
if ( ($hlocx_topic_vfy <> $blockid_var) OR ($hlocx_usr_vfy <> $userid_var) ) {
	$hlocal_usr_categ_checker = 'notok';
} //end if
if ( (empty($hlocx_topic_vfy)) OR (empty($hlocx_usr_vfy))) {
	$hlocal_usr_categ_checker = 'notok';
} //end if
//--------------------


$ftopicid = $hlocx_topic_vfy;
$fuupdated = $pst_xdate.' - '.$pst_xtime ;

$xcheck_load_controlvar = 'ok';

if ( (empty($ftopicid)) OR (empty($pst_subj_adv)) OR (empty($pst_msg_adv)) OR (empty($pst_sender_adv)) OR ($hlocal_usr_categ_checker<>'ok') ) {
	$xcheck_data_controlvar = 'notok';
} //end if
else {
	xmysql_write_data_fl ("UPDATE forum_topics SET subject='$pst_subj_adv', message='$pst_msg_adv', w_updated='$fuupdated'  WHERE ( (id='$ftopicid') AND (w_uid_auth='$hlocx_usr_vfy') ) ");

	$xcheck_data_controlvar = 'ok';
} //end else


echo(	"&xcheck_load_controlvar=".rawurlencode($xcheck_load_controlvar).
	"&xcheck_data_controlvar=".rawurlencode($xcheck_data_controlvar).
	"&flash_form_text_err=".rawurlencode($yforum_err_post).
	"&flash_form_text_oky=".rawurlencode($yforum_thanks_updated).
	"&"
);

} //end if

//##################################################


//################################################## EDIT REPLY

if ($op_var == 'xedtr') {


//------------------------ //categ verify
xmysql_read_data_fl ("SELECT id FROM forum_replies WHERE ( (id='$blockid_var') AND (w_uid_auth='$hlocx_usr_vfy') ) ");
$hlocx_reply_vfy = $arr_var_result[0];
//------------------------


//--------------------data verify
$hlocal_usr_categ_checker = 'ok';
if ( ($hlocx_reply_vfy <> $blockid_var) OR ($hlocx_usr_vfy <> $userid_var) ) {
	$hlocal_usr_categ_checker = 'notok';
} //end if
if ( (empty($hlocx_reply_vfy)) OR (empty($hlocx_usr_vfy))) {
	$hlocal_usr_categ_checker = 'notok';
} //end if
//--------------------


$freplyid = $hlocx_reply_vfy;
$fuupdated = $pst_xdate.' - '.$pst_xtime ;

$xcheck_load_controlvar = 'ok';

if ( (empty($freplyid)) OR (empty($pst_subj_adv)) OR (empty($pst_msg_adv)) OR (empty($pst_sender_adv)) OR ($hlocal_usr_categ_checker<>'ok') ) {
	$xcheck_data_controlvar = 'notok';
} //end if
else {
	xmysql_write_data_fl ("UPDATE forum_replies SET subject='$pst_subj_adv', message='$pst_msg_adv', w_updated='$fuupdated'  WHERE ( (id='$freplyid') AND (w_uid_auth='$hlocx_usr_vfy') ) ");

	$xcheck_data_controlvar = 'ok';
} //end else


echo(	"&xcheck_load_controlvar=".rawurlencode($xcheck_load_controlvar).
	"&xcheck_data_controlvar=".rawurlencode($xcheck_data_controlvar).
	"&flash_form_text_err=".rawurlencode($yforum_err_post).
	"&flash_form_text_oky=".rawurlencode($yforum_thanks_updated).
	"&"
);

} //end if

//##################################################


} //END FUNCTION



//------------------------------------------------

if ($ysecure == 'forumfrmok') {
	xforum_post ();
} //end if

//------------------------------------------------

// end of php code
?>
Return current item: Warp.cms - php/mysql content management