XMB PHP Cross Reference Discussion Forums

Source: /vtmisc.php - 206 lines - 7551 bytes - Summary - Text - Print

Description: eXtreme Message Board XMB 1.9.11

   1  <?php
   2  /**
   3   * eXtreme Message Board
   4   * XMB 1.9.11
   5   *
   6   * Developed And Maintained By The XMB Group
   7   * Copyright (c) 2001-2012, The XMB Group
   8   * http://www.xmbforum2.com/
   9   *
  10   * This program is free software; you can redistribute it and/or
  11   * modify it under the terms of the GNU General Public License
  12   * as published by the Free Software Foundation; either version 2
  13   * of the License, or (at your option) any later version.
  14   *
  15   * This program is distributed in the hope that it will be useful,
  16   * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18   * GNU General Public License for more details.
  19   *
  20   * You should have received a copy of the GNU General Public License
  21   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22   *
  23   **/
  24  
  25  define('X_SCRIPT', 'vtmisc.php');
  26  
  27  require  'header.php';
  28  
  29  loadtemplates(
  30  'vtmisc_report',
  31  'misc_feature_notavailable'
  32  );
  33  
  34  eval('$css = "'.template('css').'";');
  35  
  36  if (X_GUEST) {
  37      redirect("{$full_url}misc.php?action=login", 0);
  38      exit;
  39  }
  40  
  41  //Validate $action, $pid, $tid, and $fid
  42  $fid = -1;
  43  $tid = -1;
  44  $pid = -1;
  45  $action = postedVar('action', '', FALSE, FALSE, FALSE, 'g'); //Forms did not include the action
  46  if ($action == 'report') {
  47      $pid = getRequestInt('pid');
  48      $query = $db->query("SELECT f.*, t.tid, t.subject FROM ".X_PREFIX."posts AS p LEFT JOIN ".X_PREFIX."threads AS t USING (tid) LEFT JOIN ".X_PREFIX."forums AS f ON f.fid=t.fid WHERE p.pid=$pid");
  49      if ($db->num_rows($query) != 1) {
  50          header('HTTP/1.0 404 Not Found');
  51          error($lang['textnothread']);
  52      }
  53      $forum = $db->fetch_array($query);
  54      $db->free_result($query);
  55      $fid = $forum['fid'];
  56      $tid = $forum['tid'];
  57  } else if ($action == 'votepoll') {
  58      $tid = getRequestInt('tid');
  59      $query = $db->query("SELECT f.*, t.subject FROM ".X_PREFIX."threads AS t LEFT JOIN ".X_PREFIX."forums AS f USING (fid) WHERE t.tid=$tid");
  60      if ($db->num_rows($query) != 1) {
  61          header('HTTP/1.0 404 Not Found');
  62          error($lang['textnothread']);
  63      }
  64      $forum = $db->fetch_array($query);
  65      $db->free_result($query);
  66      $fid = $forum['fid'];
  67  } else {
  68      header('HTTP/1.0 404 Not Found');
  69      error($lang['textnoaction']);
  70  }
  71  
  72  if (($forum['type'] != 'forum' && $forum['type'] != 'sub') || $forum['status'] != 'on') {
  73      header('HTTP/1.0 404 Not Found');
  74      error($lang['textnoforum']);
  75  }
  76  
  77  smcwcache();
  78  
  79  // check permissions on this forum
  80  $perms = checkForumPermissions($forum);
  81  if (!($perms[X_PERMS_VIEW] || $perms[X_PERMS_USERLIST])) {
  82      error($lang['privforummsg']);
  83  } else if (!$perms[X_PERMS_PASSWORD]) {
  84      handlePasswordDialog($fid);
  85  }
  86  
  87  $fup = array();
  88  if ($forum['type'] == 'sub') {
  89      $fup = getForum($forum['fup']);
  90      // prevent access to subforum when upper forum can't be viewed.
  91      $fupPerms = checkForumPermissions($fup);
  92      if (!$fupPerms[X_PERMS_VIEW]) {
  93          error($lang['privforummsg']);
  94      } else if (!$fupPerms[X_PERMS_PASSWORD]) {
  95          handlePasswordDialog($fup['fid']);
  96      } else if ($fup['fup'] > 0) {
  97          $fupup = getForum($fup['fup']);
  98          nav('<a href="index.php?gid='.$fup['fup'].'">'.fnameOut($fupup['name']).'</a>');
  99          unset($fupup);
 100      }
 101      nav('<a href="forumdisplay.php?fid='.$fup['fid'].'">'.fnameOut($fup['name']).'</a>');
 102      unset($fup);
 103  } else if ($forum['fup'] > 0) { // 'forum' in a 'group'
 104      $fup = getForum($forum['fup']);
 105      nav('<a href="index.php?gid='.$fup['fid'].'">'.fnameOut($fup['name']).'</a>');
 106      unset($fup);
 107  }
 108  nav('<a href="forumdisplay.php?fid='.$fid.'">'.fnameOut($forum['name']).'</a>');
 109  if ($tid > 0) {
 110      $subject = shortenString(rawHTMLsubject(stripslashes($forum['subject'])), 125, X_SHORTEN_SOFT|X_SHORTEN_HARD, '...');
 111      nav('<a href="viewthread.php?tid='.$tid.'">'.$subject.'</a>');
 112      unset($subject);
 113  }
 114  
 115  if ($SETTINGS['subject_in_title'] == 'on') {
 116      $threadSubject = '- '.rawHTMLsubject(stripslashes($forum['subject']));
 117  }
 118  
 119  // Search-link
 120  $searchlink = makeSearchLink($forum['fid']);
 121  
 122  if ($action == 'report') {
 123      nav($lang['textreportpost']);
 124      eval('echo "'.template('header').'";');
 125  
 126      if ($SETTINGS['reportpost'] == 'off') {
 127          header('HTTP/1.0 403 Forbidden');
 128          eval('echo "'.template('misc_feature_notavailable').'";');
 129          end_time();
 130          eval('echo "'.template('footer').'";');
 131          exit;
 132      }
 133  
 134      if (noSubmit('reportsubmit')) {
 135          eval('echo "'.template('vtmisc_report').'";');
 136      } else {
 137          require ('include/u2u.inc.php');
 138          $modquery = $db->query("SELECT username, ppp FROM ".X_PREFIX."members WHERE status='Super Administrator' OR status='Administrator' OR status='Super Moderator'");
 139          while($modusr = $db->fetch_array($modquery)) {
 140              $posturl = $full_url."viewthread.php?tid=$tid&amp;goto=search&amp;pid=$pid";
 141              $reason = postedVar('reason', '', TRUE, FALSE);
 142              $message = $lang['reportmessage'].' '.$posturl."\n\n".$lang['reason'].' '.$reason;
 143              $message = addslashes($message); //Messages are historically double-slashed.
 144              $subject = addslashes($lang['reportsubject']);
 145              $db->escape_fast($message);
 146              $db->escape_fast($subject);
 147              $db->escape_fast($modusr['username']);
 148  
 149              u2u_send_recp($modusr['username'], $subject, $message);
 150          }
 151          $db->free_result($modquery);
 152  
 153          message($lang['reportmsg'], false, '', '', $full_url.'viewthread.php?tid='.$tid.'&goto=search&pid='.$pid, true, false, true);
 154      }
 155  
 156  } else if ($action == 'votepoll') {
 157      nav($lang['textvote']);
 158      eval('echo "'.template('header').'";');
 159  
 160      // User voted in poll related to thread $tid. The vote option is contained in $postopnum
 161      $postopnum = formInt('postopnum');
 162      if ($postopnum === 0) {
 163          error($lang['pollvotenotselected'], false);
 164      }
 165  
 166      // Does a poll exist for this thread?
 167      $tid = intval($tid);
 168      $query = $db->query("SELECT vote_id FROM ".X_PREFIX."vote_desc WHERE topic_id=$tid");
 169      if ($query === false) {
 170          error($lang['pollvotenotselected'], false);
 171      }
 172  
 173      $vote_id = $db->fetch_array($query);
 174      $vote_id = $vote_id['vote_id'];
 175      $db->free_result($query);
 176  
 177      // does the poll option exist?
 178      $query = $db->query("SELECT COUNT(vote_option_id) FROM ".X_PREFIX."vote_results WHERE vote_id=$vote_id AND vote_option_id=$postopnum");
 179      $vote_result = intval($db->result($query, 0)); //Aggregate functions with no grouping always return 1 row.
 180      $db->free_result($query);
 181      if ($vote_result != 1) {
 182          error($lang['pollvotenotselected'], false);
 183      }
 184  
 185      // Has the user voted on this poll before?
 186      $query = $db->query("SELECT COUNT(vote_id) FROM ".X_PREFIX."vote_voters WHERE vote_id=$vote_id AND vote_user_id={$self['uid']}");
 187      $voted = intval($db->result($query, 0));
 188      $db->free_result($query);
 189      if ($voted >= 1) {
 190          error($lang['alreadyvoted'], false);
 191      }
 192  
 193      // Okay, the user is about to vote
 194      $db->query("INSERT INTO ".X_PREFIX."vote_voters (vote_id, vote_user_id, vote_user_ip) VALUES ($vote_id, {$self['uid']}, '".encode_ip($onlineip)."')");
 195      $db->query("UPDATE ".X_PREFIX."vote_results SET vote_result=vote_result+1 WHERE vote_id=$vote_id AND vote_option_id=$postopnum");
 196  
 197      if ($tid > 0) {
 198          message($lang['votemsg'], false, '', '', $full_url.'viewthread.php?tid='.$tid, true, false, true);
 199      } else {
 200          message($lang['votemsg'], false, '', '', $full_url, true, false, true);
 201      }
 202  }
 203  
 204  end_time();
 205  eval('echo "'.template('footer').'";');
 206  ?>

title

Description

title

Description

title

Description

title

title

Body