include "prepend.inc.php"; $PAGELIMIT = 25; // ====================================================================================================== // SPECIAL GLOBALS: PAGE NUMBER, FORUM, TOPIC, MESSAGE // ====================================================================================================== // ----- // treat $p_id specially and ensure a value of "0" (as opposed to the empty string) if (!$p_id) $p_id = 0; // ----- // $page: page number if (!($page = $_GET["page"])) $page = $_POST["page"]; if (!is_numeric($page)) $page = 1; if ($page < 1) $page = 1; // ----- // message/topic/forum info: similar process of collecting data abstracted into getforumvar function. function getforumvar ($varname,$infovarname,$tablename,$idfield,$nextvarname='',$nextidfield='') { global $$varname,$$infovarname; // if no contents yet, check form data for contents if (!$$varname) { $$varname = $_GET[$varname]; if (!${$varname}) $$varname = $_POST[$varname]; if (!is_numeric($$varname)) $$varname = 0; } // if we have data, get info if ($$varname) { $r = query ('select * from ' . $tablename . ' where ' . $idfield . '=' . $$varname . ';'); $$infovarname = mysql_fetch_array($r, MYSQL_ASSOC) or die ('Error looking up ' . $varname . '.'); if ($nextvarname) { global $$nextvarname; $$nextvarname = ${$infovarname}[$nextidfield]; } } } // get specified message getforumvar ("m","messageinfo","messages","messageid","t","ownertopicid"); // get specified topic getforumvar ("t","topicinfo","topics","topicid","f","ownerforumid"); // get specified forum getforumvar ("f","foruminfo","forums","forumid","g","ownergroupid"); // if no group implied by forum, revert to default group for directory if ($g <= 0) { $g = 1; } // get group info $r = query ("select * from groups where groupid=" . $g . ";"); $g_info = mysql_fetch_array($r, MYSQL_ASSOC) or die ("Error accessing database for group id=" . $g); // if still no forum specified, look up existing forums for specified group. // if the group only has one forum, default to it. if ($f <= 0) { $r = query ('select * from forums where ownergroupid=' . $g); $forumcount = 0; while ($foruminfo = mysql_fetch_array($r, MYSQL_ASSOC)) { $forumlist[] = $foruminfo; $forumcount++; } if ($forumcount == 1) { $foruminfo = $forumlist[0]; $f = $foruminfo["forumid"]; } } // ====================================================================================================== // FORUM SECURITY // ====================================================================================================== // security test if (!is_allowed(ACCESS_FORUM_VIEW)) { include "accessdenied.php"; } // security info function determineaccess () { global $moderator, $topiccreator, $t, $topicinfo, $p_id, $u_id; $moderator = is_allowed(ACCESS_FORUM_MODERATE); $topiccreator = FALSE; if ($t) { // if not a moderator, the topic creator still has special editing privileges if ($u_id > 0) { $topiccreator = ($topicinfo['creatorid'] == $p_id); } else if ($p_id == 0) { // guests are assumed to be the topic creator if no messages have yet been posted in the current topic. // ASSUMPTION: zero-message topics are not displayed to guests unless they have just created a topic! $topiccreator = (($topicinfo['creatorid'] == 0) and ($topicinfo['totalmessages'] == 0)); } } } determineaccess(); // ====================================================================================================== // PROCESS INPUT FORMS // ====================================================================================================== $newtopic = $_POST["newtopic"]; $newmessage = $_POST["newmessage"]; $delete = $_GET["delete"]; $deleteconfirm = $_GET["deleteconfirm"]; $edit = $_GET["edit"]; // NEW TOPIC if ($newtopic) { if (!is_allowed(ACCESS_FORUM_NEWTOPIC)) { include "accessdenied.php"; } if (!$f) { noteerror ("No message forum was selected for your topic."); } else if ($t) { // topic id stipulated: editing existing topic $now = time(); $q = 'update topics set subject="' . sqlsafe($newtopic) . '",'; $q .= ' lastupdated=' . $now . ' where topicid=' . $t . ';'; $r = query($q) or die ('Error updating topic with query:
' . $q); $_POST["newtopic"] = ''; $topicinfo['subject'] = $newtopic; $changereport = 'Topic updated.'; } else { $now = time(); // create new topic $q = 'insert into topics set subject="' . sqlsafe($newtopic) . '",'; $q .= ' creatorid=' . $p_id . ','; $q .= ' ownerforumid=' . $f . ','; $q .= ' totalmessages=0,'; $q .= ' whencreated=' . $now . ','; $q .= ' lastupdated=' . $now . ';'; $r = query($q) or die ('Error creating new topic with query:
' . $q); // get topic id $r = query('select * from topics where whencreated=' . $now . ';'); $topicinfo = mysql_fetch_array($r, MYSQL_ASSOC) or die ('Error looking up newly-created topic.'); $t = $topicinfo["topicid"]; determineaccess(); $_POST["newtopic"] = ''; } } if ($newmessage) { if (!is_allowed(ACCESS_FORUM_POST)) { include "accessdenied.php"; } if (!$t) { noteerror ("No topic was selected for your message."); } else if ($m) { // message id stipulated: editing existing message $now = time(); $q = 'update messages set message="' . sqlsafe($newmessage) . '",'; $q .= ' lastedited=' . $now . ' where messageid=' . $m . ';'; $r = query($q) or die ('Error updating message with query:
' . $q); $_POST["newmessage"] = ''; // update topic date $q = 'update topics set lastupdated=' . $now . ' where topicid=' . $t . ';'; $r = query($q) or die ('Error updating topic timestamp with query:
' . $q); $change_report = 'Message updated.'; $messageinfo['message'] = $newmessage; } else { $now = time(); $q = 'insert into messages set message="' . sqlsafe($newmessage) . '",'; $q .= ' creatorid=' . $p_id . ','; $q .= ' ownertopicid=' . $t . ','; $q .= ' whencreated=' . $now . ','; $q .= ' lastedited=' . $now . ';'; $r = query($q) or die ('Error creating message with query:
' . $q); // retrieve message id $r = query('select * from messages where whencreated=' . $now . ';'); $messageinfo = mysql_fetch_array($r, MYSQL_ASSOC) or die ('Error looking up newly-created message.'); $m = $messageinfo["messageid"]; // clear POST data $_POST["newmessage"] = ''; // update topic date $q = 'update topics set lastupdated=' . $now . ',totalmessages=totalmessages+1 where topicid=' . $t . ';'; $r = query($q) or die ('Error updating topic timestamp with query:
' . $q); $topicinfo["totalmessages"]++; determineaccess(); // force page number to last page $page = 99999999; } } if ($delete) { if ($m) { $r = query ('select * from messages where messageid=' . $m); $messageinfo = mysql_fetch_array($r, MYSQL_ASSOC) or die ('Error checking message to be deleted.'); $creator = $messageinfo["creatorid"]; if ((($creator == $p_id) and ($u_id)) or is_allowed(ACCESS_FORUM_MODERATE)) { $r = query ('delete from messages where messageid=' . $m); // update topic date $q = 'update topics set lastupdated=' . time() . ',totalmessages=totalmessages-1 where topicid=' . $t . ';'; $r = query($q) or die ('Error updating topic timestamp with query:
' . $q); $topicinfo["totalmessages"]--; determineaccess(); $change_report = 'Message deleted.'; } else { include "accessdenied.php"; } } else if ($t) { $r = query ('select * from topics where topicid=' . $t); $topicinfo = mysql_fetch_array($r, MYSQL_ASSOC) or die ('Error checking topic to be deleted.'); $allowed = ($moderator or ($topiccreator and !$topicinfo['totalmessages'])); if ($allowed) { // delete messages in topic $r = query ('delete from messages where ownertopicid=' . $t); // delete topic $r = query ('delete from topics where topicid=' . $t); $t = 0; determineaccess(); $change_report = 'Topic deleted.'; } else { include "accessdenied.php"; } } // end if deleting } // ====================================================================================================== // FORUM PURGING // ====================================================================================================== function purgeforum () { $DAY = 86400; // number of seconds in a day global $f, $foruminfo; $now = time(); if (($foruminfo["purgetime"]) and ($now > ($foruminfo["lastpurge"] + $DAY))) { // minimum 1-day wait between purges $deletetime = $now - ($foruminfo["purgetime"] * $DAY); $r = query ('select * from forums,topics where ownerforumid=forumid and forumid=' . $f . ' and lastupdated<' . $deletetime . ';'); $topicids = ''; if ($r) { $count = 0; $idlist = ''; while ($info = mysql_fetch_array($r, MYSQL_ASSOC)) { if ($idlist) $idlist .= ','; $idlist .= $info['topicid']; $count++; } if ($count) { $r = query ('delete from messages where ownertopicid in (' . $idlist . ');'); $r = query ('delete from topics where topicid in (' . $idlist . ');'); } } $r = query('update forums set lastpurge=' . $now . ' where forumid=' . $f . ';'); } } // ====================================================================================================== // COMMON PAGE COMPONENTS // ====================================================================================================== function masthead_forum () { global $moderator, $topiccreator, $t, $messagecount, $topicinfo, $g; global $BGCOLOUR_LIGHT, $BGCOLOUR_DARK, $p_id, $u_id, $deleteconfirm, $edit; $availablesearchtypes[SEARCH_MESSAGE_THISGROUP] = 'message (this group)'; $availablesearchtypes[SEARCH_TOPIC_THISGROUP] = 'topic (this group)'; $availablesearchtypes[SEARCH_MESSAGE] = 'message (all groups)'; $availablesearchtypes[SEARCH_TOPIC] = 'topic (all groups)'; $availablesearchtypes[SEARCH_FORUMGROUP] = 'forum (by group name)'; masthead_search($availablesearchtypes); if (($t) and (!$edit)) { $deleteallowed = ($moderator or ($topiccreator and ($topicinfo['totalmessages'] == 0))); $editallowed = ($moderator or $topiccreator); if ($deleteallowed or $editallowed) { print '
'; formtextareainput ($contentvarname,76,12,"small"); print ' |
'; formend(); print ' |
'; print crunchtext($topicinfo["subject"]); print ' | |||
---|---|---|---|
'; print ''; print "Pages in Topic: "; // print page numbers $i = 0; $numpages = $resultcount / $PAGELIMIT; while ($i++ < $numpages) { if ($i == $page) { print '' . $i . ' '; } else { print '' . $i . ' '; } } print " | |||
'; $creator = $messageinfo["creatorid"]; if ($creator) { $r = query ('select * from persons where personid=' . $creator . ';') or die ('Error looking up message creator id ' . $creator); $creatorinfo = mysql_fetch_array($r, MYSQL_ASSOC); if (!$creatorinfo) // obsolete person id: treat as 'guest' $creator = 0; } if ($creator) { print ''; print crunchtext($creatorinfo['firstname'] . ' ' . $creatorinfo['lastname']); print ''; } else { print 'Guest'; } print " | \n"; print "";
// message header: date/time, edit/delete
print '
| \n";
print "
'; print ''; print "Pages in Forum: "; // print page numbers $i = 0; $numpages = $resultcount / $PAGELIMIT; while ($i++ < $numpages) { if ($i == $page) { print '' . $i . ' '; } else { print '' . $i . ' '; } } print " | |||
Topic | '; print 'Replies | '; print 'Topic Starter | '; print 'Most Recent |
'; print ''; print crunchtext($topicinfo["subject"]); print ""; if ($topicinfo["totalmessages"] > $PAGELIMIT) { $i = $topicinfo["totalmessages"]; $whichpage = 0; print " Page:"; while ($i > 0) { print ' ' . $whichpage . ''; $i = $i - $PAGELIMIT; } print " | \n"; } print ""; if ($topicinfo["totalmessages"]) { print $topicinfo["totalmessages"] - 1; } else { print highlighttext('n/a'); } print " | \n"; print ""; $creator = $topicinfo["creatorid"]; if ($creator) { $r = query ('select * from persons where personid=' . $creator . ';') or die ('Error looking up message creator id ' . $creator); $creatorinfo = mysql_fetch_array($r, MYSQL_ASSOC); if (!$creatorinfo) // obsolete person id: treat as 'guest' $creator = 0; } if ($creator) { print ''; print crunchtext($creatorinfo['firstname'] . ' ' . $creatorinfo['lastname']); print ''; } else { print 'Guest'; } print " | \n"; print "" . date("m-d-y H:i", $topicinfo["lastupdated"]) . " | \n"; print "
"; if (is_allowed(ACCESS_FORUM_NEWTOPIC)) { print '
'; $f = $f; formstart(append_url_vars_pg('f'),"thin"); print 'Create New Topic: '; formtextinput ("newtopic",50,"small"); print ''; print " \n"; print " |