include("functions.php");
include("forum_template.php");
mysql_connect($db_Hostname, $db_UserName, $db_Password) || die("Can't Connect to Database: ".mysql_error());
mysql_select_db($db_Database);
$fSettings = GetSettings();
function PostMessage($messagetype)
{
global $addsig,$fSettings,$username,$password,$subject,$message,$replynotice,$emoticon,$BoardID,$TopicID,$REMOTE_ADDR,$posticon,$txt;
if ($subject == "") {fHeader();UhOh($txt['errEmptySubject']);}
if ($TopicID)
{
$query = "SELECT Locked from t_messages WHERE TopicID = $TopicID order by DatePosted ASC";
$result = mysql_query($query);
if ($row = mysql_fetch_array($result))
{
if ($row["Locked"] == 1)
{fHeader(); UhOh($txt['errLocked']);}
}
}
if ($username == "") {fHeader();UhOh($txt['errNeedUsername']);}
if ($message == "") {fHeader();UhOh($txt['errEmptyMessage']);}
if ((strlen($username) > 25) || (strlen($username) < 4)) {fHeader();UhOh($txt['errUsernameLength']);}
//if (eregi("[^a-z0-9_]+",$username)) {fHeader();UhOh($txt['errUsernameFormat']);}
if (HasSpecialChar($username)) {fHeader();UhOh($txt['errUsernameFormat']);}
$query = "SELECT count(*) from t_users WHERE UserName = '$username'";
$result = mysql_query($query);
$row = mysql_fetch_row($result);
if ($row[0] >= 1)
{
if (CheckPassword($username,$password) != 1)
{
fHeader();
UhOh($txt['errInvalidUser']);
}
else
{
if ($fSettings["floodflag"] == "yes")
{ $query = "SELECT DateEdited from t_messages WHERE Poster = '$username' Order By DateEdited DESC LIMIT 1";
$result = mysql_query($query);
$row = mysql_fetch_row($result);
$UsrLastActive = $row[0];
$usrfloodprotect = time() - $UsrLastActive;
if ($usrfloodprotect <= $fSettings["floodinterval"])
{ $txt['errFloodControl']=str_replace("XFLI",$fSettings["floodinterval"],$txt['errFloodControl']);
fHeader();UhOh($txt['errFloodControl']);
}
}
$query = "SELECT Password,SavePass,NumPost from t_users WHERE UserName = '$username'";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
if ($row["SavePass"] == 'yes')
CookieStuff(time()+30240000,$username,$row["Password"]);
else
CookieStuff(0,$username,$row["Password"]);
$NumPost = $row["NumPost"]+1;
$query = "UPDATE t_users set NumPost=$NumPost WHERE UserName = '$username'";
mysql_query($query);
}
}
$subject = htmlspecialchars($subject);
$subject = addslashes($subject);
$message = addslashes($message);
$dateposted = time();
if ($messagetype == "PostMessage")
{
$query = "SELECT TopicID from t_messages Order By TopicID DESC LIMIT 1";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
$TopicID = $row["TopicID"] + 1;
$firstmessage = "yes";
if (!(CheckPermission("post",$username)))
{fHeader();LogInFirst($txt['CantPost']);}
}
else
{
if (!(CheckPermission("reply",$username)))
{fHeader();LogInFirst($txt['CantPost']);}
$firstmessage = "no";
$query = "SELECT Poster from t_messages WHERE ReplyNotice = 'yes' AND TopicID = $TopicID";
$result = mysql_query($query);
$posterlist = "(*ADAD*),";
if ($row = mysql_fetch_array($result))
{
do
{
if (stristr($posterlist,$row["Poster"].","))
{
MailReplyNotice($row["Poster"],$TopicID);
$posterlist .= $row["Poster"].",";
}
} while ($row = mysql_fetch_array($result));
}
$query = "select numReplies from t_messages where TopicID = '$TopicID' LIMIT 1";
$result2 = mysql_query($query);
$row2 = mysql_fetch_row($result2);
$numReplies = $row2[0]+1;
}
//$query = "SELECT count(*) from t_messages WHERE PosterIP LIKE '$REMOTE_ADDR' AND Message LIKE '$message'";
//$result = mysql_query($query);
//if ($result)
//{
// $row = mysql_fetch_row($result);
// if ($row[0] > 0)
// {
// fHeader();
// $TopicID--;
// $prevlink = $fSettings["ScriptURL"]."/viewtopic.php?TopicID=$TopicID";
// Redirect($txt['errDoublePost']." You're now being redirected to the topic. If you don't want to wait, please click here
",$prevlink);
// UhOh($txt['errDoublePost']);
// }
//}
UpdateUserLevel($username);
$query = "INSERT INTO t_messages (Subject,Message,BoardID,TopicID,numReplies,Poster,DatePosted,ReplyNotice,Emoticon,FirstMessage,PosterIP,PostIcon,AddSig) ";
$query .= "VALUES('$subject','$message','$BoardID','$TopicID','$numReplies','$username','$dateposted','$replynotice','$emoticon','$firstmessage','$REMOTE_ADDR','$posticon','$addsig')";
$result = mysql_query($query);
$query = "UPDATE t_messages SET DateEdited='$dateposted',numReplies='$numReplies' WHERE TopicID='$TopicID'";
mysql_query($query);
if (!$result)
{fHeader();UhOh("Error Posting. Reason: ".mysql_error());}
$prevlink = $fSettings["ScriptURL"]."/viewtopic.php?TopicID=$TopicID";
Redirect("Your message has been sent. You're now being redirected to the topic. If you don't want to wait, please click here",$prevlink);
}
function MailReplyNotice($touser,$TopicID)
{
global $fSettings;
$ToUser = GrabUserInfo($touser);
if ($ToUser["UserLevel"] != "Guest")
{
$subject = "tForum Reply Notice";
$message = "Someone has replied to your message on tForum.\n\nPlease use this link to read the topic: ".$fSettings["ScriptURL"]."/viewtopic.php?TopicID=$TopicID";
mail($ToUser["UserName"]." <".$ToUser["Email"].">", $subject, $message, "From: tForum <".$fSettings["Email"].">");
}
}
function PostEditMSG()
{
global $addsig,$fSettings,$username,$password,$subject,$message,$replynotice,$emoticon,$MessageID,$deletemessage,$posticon,$txt,$BoardID;
$query = "SELECT Locked from t_messages WHERE ID = $MessageID";
$result = mysql_query($query);
if (!$result)
{ fHeader();UhOh(mysql_error());}
if ($row = mysql_fetch_array($result))
{
if ($row["Locked"] == 1)
{fHeader(); UhOh($txt['errLocked']);}
}
if ($username == "") {fHeader();UhOh($txt['errNeedUsername']);}
if ($subject == "") {fHeader();UhOh($txt['errEmptySubject']);}
if ($message == "") {fHeader();UhOh($txt['errEmptyMessage']);}
if ((strlen($username) > 25) || (strlen($username) < 4)) {fHeader();UhOh($txt['errUsernameLength']);}
if (HasSpecialChar($username)) {fHeader();UhOh($txt['errUsernameFormat']);}
$msgInfo = GrabMessageInfo($MessageID);
$BoardID = $msgInfo['BoardID'];
$TopicID = $msgInfo['TopicID'];
if ((CheckPermission("editmessage",$username) == 0) && (!is_mod($username,$password,$msgInfo['BoardID'])))
{fHeader();UhOh($txt['errNoEditPerm']);}
if (CheckPassword($username,$password) != 1)
{fHeader();UhOh($txt['errInvalidUser']);}
else
{
if ($fSettings["floodflag"] == "yes")
{ $query = "SELECT DateEdited from t_messages WHERE Poster = '$username' Order By DateEdited DESC LIMIT 1";
$result = mysql_query($query);
$row = mysql_fetch_row($result);
$UsrLastActive = $row[0];
$usrfloodprotect = time() - $UsrLastActive;
if ($usrfloodprotect <= $fSettings["floodinterval"])
{ $txt['errFloodControl']=str_replace("XFLI",$fSettings["floodinterval"],$txt['errFloodControl']);
fHeader();UhOh($txt['errFloodControl']);
}
}
$query = "SELECT Password,SavePass,NumPost from t_users WHERE UserName = '$username'";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
if ($row["SavePass"] == 'yes')
CookieStuff(time()+30240000,$username,$row["Password"]);
else
CookieStuff(0,$username,$row["Password"]);
}
$subject = htmlspecialchars($subject);
$subject = addslashes($subject);
$message = addslashes($message);
$dateposted = time();
$UserInfo = GrabUserInfo($username);
$message .= "\n\n[Edited by ".$UserInfo["UserName"]." on ".FormatDate(time(),$UserInfo["timezone"])." at ".FormatTime(time(),$UserInfo["timezone"])." GMT]";
if ($deletemessage == "yes")
{
if ($msgInfo["FirstMessage"] == "yes")
{
if ($msgInfo["IsPoll"])
{ $query = "SELECT PollID from t_polls WHERE TopicID =".$msgInfo["TopicID"];
$result = mysql_query($query);
if (!$result)
{ fHeader();UhOh(mysql_error()); }
list($PollID) = mysql_fetch_array($result);
$query = "DELETE FROM t_polls WHERE TopicID = ".$msgInfo["TopicID"];
$result = mysql_query($query);
if (!$result){fHeader();UhOh(mysql_error());}
$query = "DELETE from t_polloptions WHERE PollID = ".$PollID;
$result = mysql_query($query);
if (!$result){fHeader();UhOh(mysql_error());}
$query = "DELETE from t_votes WHERE PollID = ".$PollID;
$result = mysql_query($query);
}
$query = "DELETE from t_messages WHERE TopicID = ".$msgInfo["TopicID"];
$result = mysql_query($query);
if ($result)
{
$prevlink = $fSettings["ScriptURL"]."/viewboard.php?BoardID=".$msgInfo["BoardID"];
Redirect("Your topic has been deleted. You're now being redirected to the board you were at. If you don't want to wait, please click here",$prevlink);
}
else
{fHeader();UhOh(mysql_error());}
}
else
{
$query = "select numReplies from t_messages where TopicID = '$TopicID' LIMIT 1";
$result2 = mysql_query($query);
$row2 = mysql_fetch_row($result2);
$numReplies = $row2[0]-1;
$query = "UPDATE t_messages SET numReplies='$numReplies' WHERE TopicID='$TopicID'";
mysql_query($query);
$query = "DELETE from t_messages WHERE ID = ".$msgInfo["ID"];
$result = mysql_query($query);
if ($result)
{
$prevlink = $fSettings["ScriptURL"]."/viewtopic.php?TopicID=".$msgInfo["TopicID"];
Redirect("Your message has been deleted. You're now being redirected to the message you were at. If you don't want to wait, please click here",$prevlink);
}
else
{fHeader();UhOh(mysql_error());}
}
}
else
{
$query = "UPDATE t_messages SET Subject='$subject',Message='$message',ReplyNotice='$replynotice',Emoticon='$emoticon',PostIcon='$posticon',AddSig='$addsig' WHERE ID=$MessageID";
$result = mysql_query($query);
//$query = "UPDATE t_messages SET DateEdited='$dateposted' WHERE TopicID=".$msgInfo['$TopicID'];
//mysql_query($query);
$prevlink = $fSettings["ScriptURL"]."/viewtopic.php?TopicID=".$msgInfo["TopicID"];
Redirect("Your message has been editted. You're now being redirected to the topic you were at. If you don't want to wait, please click here",$prevlink);
}
}
function LockTopic($TopicID)
{
global $fSettings,$txt;
$query = "select BoardID from t_messages WHERE TopicID = $TopicID LIMIT 1";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
$CurrentUserPass = GrabUserPass();
if (is_mod($CurrentUserPass[UserName],$CurrentUserPass[Password],$row["BoardID"]) != 1)
{fHeader();UhOh($txt['errNoLockPerm']);}
$query = "SELECT Locked from t_messages WHERE TopicID = $TopicID Order By DatePosted ASC";
$result = mysql_query($query);
if (!$result)
{ fHeader();UhOh(mysql_error());}
if ($row = mysql_fetch_array($result))
{
if ($row["Locked"] == 1)
{
$query = "UPDATE t_messages SET Locked=0 WHERE TopicID = $TopicID";
$result = mysql_query($query);
if (!$result)
{ fHeader();UhOh(mysql_error());}
$prevlink = $fSettings["ScriptURL"]."/viewtopic.php?TopicID=$TopicID";
Redirect("The topic is now unlocked. You're now being redirected to the topic you were at. If you don't want to wait, please click here",$prevlink);
}
else
{
$query = "UPDATE t_messages SET Locked=1 WHERE TopicID = $TopicID";
$result = mysql_query($query);
if (!$result)
{ fHeader();UhOh(mysql_error());}
$prevlink = $fSettings["ScriptURL"]."/viewtopic.php?TopicID=$TopicID";
Redirect("The topic is now locked. You're now being redirected to the topic you were at. If you don't want to wait, please click here",$prevlink);
}
}
}
function MoveTopic($TopicID,$BoardID)
{
global $fSettings,$txt;
$CurrentUserPass = GrabUserPass();
if (is_mod($CurrentUserPass[UserName],$CurrentUserPass[Password],$BoardID) != 1)
{fHeader();UhOh($txt['errNoMovePerm']);}
$query = "UPDATE t_messages SET BoardID=$BoardID WHERE TopicID = $TopicID";
$result = mysql_query($query);
if (!$result)
{ fHeader();UhOh(mysql_error());}
$prevlink = $fSettings["ScriptURL"]."/viewtopic.php?TopicID=$TopicID";
Redirect("The topic is now moved. You're now being redirected to the topic you were at. If you don't want to wait, please click here",$prevlink);
}
function PrintSmilieWindow()
{ global $fSettings,$txt;
?>
BORDER="0"> | }while ($row = mysql_fetch_array($result)); }?>