author | Dan |
Thu, 12 Jul 2007 01:04:01 -0400 | |
changeset 2 | a8a21e1c7afa |
parent 0 | f9ffdbd96607 |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
2 |
/*********************************************************************** |
|
3 |
||
4 |
Copyright (C) 2002-2005 Rickard Andersson (rickard@punbb.org) |
|
5 |
||
6 |
This file is part of PunBB. |
|
7 |
||
8 |
PunBB is free software; you can redistribute it and/or modify it |
|
9 |
under the terms of the GNU General Public License as published |
|
10 |
by the Free Software Foundation; either version 2 of the License, |
|
11 |
or (at your option) any later version. |
|
12 |
||
13 |
PunBB is distributed in the hope that it will be useful, but |
|
14 |
WITHOUT ANY WARRANTY; without even the implied warranty of |
|
15 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
16 |
GNU General Public License for more details. |
|
17 |
||
18 |
You should have received a copy of the GNU General Public License |
|
19 |
along with this program; if not, write to the Free Software |
|
20 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, |
|
21 |
MA 02111-1307 USA |
|
22 |
||
23 |
************************************************************************/ |
|
24 |
||
25 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
26 |
//define('PUN_ROOT', './'); |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
27 |
//require PUN_ROOT.'include/common.php'; |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
28 |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
29 |
global $pun_db, $pun_user, $pun_config, $lang_common; |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
30 |
|
0 | 31 |
|
32 |
||
33 |
// This particular function doesn't require forum-based moderator access. It can be used |
|
34 |
// by all moderators and admins. |
|
35 |
if (isset($_GET['get_host'])) |
|
36 |
{ |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
37 |
if ($pun_user['g_id'] < PUN_MOD) |
0 | 38 |
message($lang_common['No permission']); |
39 |
||
40 |
// Is get_host an IP address or a post ID? |
|
41 |
if (@preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $_GET['get_host'])) |
|
42 |
$ip = $_GET['get_host']; |
|
43 |
else |
|
44 |
{ |
|
45 |
$get_host = intval($_GET['get_host']); |
|
46 |
if ($get_host < 1) |
|
47 |
message($lang_common['Bad request']); |
|
48 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
49 |
$result = $pun_db->query('SELECT poster_ip FROM '.$pun_db->prefix.'posts WHERE id='.$get_host) or error('Unable to fetch post IP address', __FILE__, __LINE__, $pun_db->error()); |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
50 |
if (!$pun_db->num_rows($result)) |
0 | 51 |
message($lang_common['Bad request']); |
52 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
53 |
$ip = $pun_db->result($result); |
0 | 54 |
} |
55 |
||
56 |
message('The IP address is: '.$ip.'<br />The host name is: '.@gethostbyaddr($ip).'<br /><br /><a href="admin_users.php?show_users='.$ip.'">Show more users for this IP</a>'); |
|
57 |
} |
|
58 |
||
59 |
||
60 |
// All other functions require moderator/admin access |
|
61 |
$fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0; |
|
62 |
if ($fid < 1) |
|
63 |
message($lang_common['Bad request']); |
|
64 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
65 |
$result = $pun_db->query('SELECT moderators FROM '.$pun_db->prefix.'forums WHERE id='.$fid) or error('Unable to fetch forum info', __FILE__, __LINE__, $pun_db->error()); |
0 | 66 |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
67 |
$moderators = $pun_db->result($result); |
0 | 68 |
$mods_array = ($moderators != '') ? unserialize($moderators) : array(); |
69 |
||
70 |
if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_id'] != PUN_MOD || !array_key_exists($pun_user['username'], $mods_array))) |
|
71 |
message($lang_common['No permission']); |
|
72 |
||
73 |
||
74 |
// Load the misc.php language file |
|
75 |
require PUN_ROOT.'lang/'.$pun_user['language'].'/misc.php'; |
|
76 |
||
77 |
||
78 |
// All other topic moderation features require a topic id in GET |
|
79 |
if (isset($_GET['tid'])) |
|
80 |
{ |
|
81 |
$tid = intval($_GET['tid']); |
|
82 |
if ($tid < 1) |
|
83 |
message($lang_common['Bad request']); |
|
84 |
||
85 |
// Fetch some info about the topic |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
86 |
$result = $pun_db->query('SELECT t.subject, t.num_replies, f.id AS forum_id, forum_name FROM '.$pun_db->prefix.'topics AS t INNER JOIN '.$pun_db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$pun_db->prefix.'subscriptions AS s ON (t.id=s.topic_id AND s.user_id='.$pun_user['id'].') LEFT JOIN '.$pun_db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$fid.' AND t.id='.$tid.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $pun_db->error()); |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
87 |
if (!$pun_db->num_rows($result)) |
0 | 88 |
message($lang_common['Bad request']); |
89 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
90 |
$cur_topic = $pun_db->fetch_assoc($result); |
0 | 91 |
|
92 |
||
93 |
// Delete one or more posts |
|
94 |
if (isset($_POST['delete_posts']) || isset($_POST['delete_posts_comply'])) |
|
95 |
{ |
|
96 |
$posts = $_POST['posts']; |
|
97 |
if (empty($posts)) |
|
98 |
message($lang_misc['No posts selected']); |
|
99 |
||
100 |
if (isset($_POST['delete_posts_comply'])) |
|
101 |
{ |
|
102 |
confirm_referrer('moderate.php'); |
|
103 |
||
104 |
if (@preg_match('/[^0-9,]/', $posts)) |
|
105 |
message($lang_common['Bad request']); |
|
106 |
||
107 |
// Verify that the post IDs are valid |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
108 |
$result = $pun_db->query('SELECT 1 FROM '.$pun_db->prefix.'posts WHERE id IN('.$posts.') AND topic_id='.$tid) or error('Unable to check posts', __FILE__, __LINE__, $pun_db->error()); |
0 | 109 |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
110 |
if ($pun_db->num_rows($result) != substr_count($posts, ',') + 1) |
0 | 111 |
message($lang_common['Bad request']); |
112 |
||
113 |
// Delete the posts |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
114 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'posts WHERE id IN('.$posts.')') or error('Unable to delete posts', __FILE__, __LINE__, $pun_db->error()); |
0 | 115 |
|
116 |
require PUN_ROOT.'include/search_idx.php'; |
|
117 |
strip_search_index($posts); |
|
118 |
||
119 |
// Get last_post, last_post_id, and last_poster for the topic after deletion |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
120 |
$result = $pun_db->query('SELECT id, poster, posted FROM '.$pun_db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $pun_db->error()); |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
121 |
$last_post = $pun_db->fetch_assoc($result); |
0 | 122 |
|
123 |
// How many posts did we just delete? |
|
124 |
$num_posts_deleted = substr_count($posts, ',') + 1; |
|
125 |
||
126 |
// Update the topic |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
127 |
$pun_db->query('UPDATE '.$pun_db->prefix.'topics SET last_post='.$last_post['posted'].', last_post_id='.$last_post['id'].', last_poster=\''.$pun_db->escape($last_post['poster']).'\', num_replies=num_replies-'.$num_posts_deleted.' WHERE id='.$tid) or error('Unable to update topic', __FILE__, __LINE__, $pun_db->error()); |
0 | 128 |
|
129 |
update_forum($fid); |
|
130 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
131 |
pun_redirect('viewtopic.php?id='.$tid, $lang_misc['Delete posts redirect']); |
0 | 132 |
} |
133 |
||
134 |
||
135 |
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_misc['Moderate']; |
|
136 |
require PUN_ROOT.'header.php'; |
|
137 |
||
138 |
?> |
|
139 |
<div class="blockform"> |
|
140 |
<h2><span><?php echo $lang_misc['Delete posts'] ?></span></h2> |
|
141 |
<div class="box"> |
|
142 |
<form method="post" action="moderate.php?fid=<?php echo $fid ?>&tid=<?php echo $tid ?>"> |
|
143 |
<div class="inform"> |
|
144 |
<fieldset> |
|
145 |
<legend><?php echo $lang_misc['Confirm delete legend'] ?></legend> |
|
146 |
<div class="infldset"> |
|
147 |
<input type="hidden" name="posts" value="<?php echo implode(',', array_keys($posts)) ?>" /> |
|
148 |
<p><?php echo $lang_misc['Delete posts comply'] ?></p> |
|
149 |
</div> |
|
150 |
</fieldset> |
|
151 |
</div> |
|
152 |
<p><input type="submit" name="delete_posts_comply" value="<?php echo $lang_misc['Delete'] ?>" /><a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p> |
|
153 |
</form> |
|
154 |
</div> |
|
155 |
</div> |
|
156 |
<?php |
|
157 |
||
158 |
require PUN_ROOT.'footer.php'; |
|
159 |
} |
|
160 |
||
161 |
||
162 |
// Show the delete multiple posts view |
|
163 |
||
164 |
// Load the viewtopic.php language file |
|
165 |
require PUN_ROOT.'lang/'.$pun_user['language'].'/topic.php'; |
|
166 |
||
167 |
// Used to disable the Move and Delete buttons if there are no replies to this topic |
|
168 |
$button_status = ($cur_topic['num_replies'] == 0) ? ' disabled' : ''; |
|
169 |
||
170 |
||
171 |
// Determine the post offset (based on $_GET['p']) |
|
172 |
$num_pages = ceil(($cur_topic['num_replies'] + 1) / $pun_user['disp_posts']); |
|
173 |
||
174 |
$p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p']; |
|
175 |
$start_from = $pun_user['disp_posts'] * ($p - 1); |
|
176 |
||
177 |
// Generate paging links |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
178 |
$paging_links = $lang_common['Pages'].': '.pun_paginate($num_pages, $p, 'moderate.php?fid='.$fid.'&tid='.$tid); |
0 | 179 |
|
180 |
||
181 |
if ($pun_config['o_censoring'] == '1') |
|
182 |
$cur_topic['subject'] = censor_words($cur_topic['subject']); |
|
183 |
||
184 |
||
185 |
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$cur_topic['subject']; |
|
186 |
require PUN_ROOT.'header.php'; |
|
187 |
||
188 |
?> |
|
189 |
<div class="linkst"> |
|
190 |
<div class="inbox"> |
|
191 |
<p class="pagelink conl"><?php echo $paging_links ?></p> |
|
192 |
<ul><li><a href="index.php"><?php echo $lang_common['Index'] ?></a></li><li> » <a href="viewforum.php?id=<?php echo $fid ?>"><?php echo pun_htmlspecialchars($cur_topic['forum_name']) ?></a></li><li> » <?php echo pun_htmlspecialchars($cur_topic['subject']) ?></li></ul> |
|
193 |
<div class="clearer"></div> |
|
194 |
</div> |
|
195 |
</div> |
|
196 |
||
197 |
<form method="post" action="moderate.php?fid=<?php echo $fid ?>&tid=<?php echo $tid ?>"> |
|
198 |
<?php |
|
199 |
||
200 |
require PUN_ROOT.'include/parser.php'; |
|
201 |
||
202 |
$bg_switch = true; // Used for switching background color in posts |
|
203 |
$post_count = 0; // Keep track of post numbers |
|
204 |
||
205 |
// Retrieve the posts (and their respective poster) |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
206 |
$result = $pun_db->query('SELECT u.title, u.num_posts, g.g_id, g.g_user_title, p.id, p.poster, p.poster_id, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by FROM '.$pun_db->prefix.'posts AS p INNER JOIN '.$pun_db->prefix.'users AS u ON u.id=p.poster_id INNER JOIN '.$pun_db->prefix.'groups AS g ON g.g_id=u.group_id WHERE p.topic_id='.$tid.' ORDER BY p.id LIMIT '.$start_from.','.$pun_user['disp_posts'], true) or error('Unable to fetch post info', __FILE__, __LINE__, $pun_db->error()); |
0 | 207 |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
208 |
while ($cur_post = $pun_db->fetch_assoc($result)) |
0 | 209 |
{ |
210 |
$post_count++; |
|
211 |
||
212 |
// If the poster is a registered user. |
|
213 |
if ($cur_post['poster_id'] > 1) |
|
214 |
{ |
|
215 |
$poster = '<a href="profile.php?id='.$cur_post['poster_id'].'">'.pun_htmlspecialchars($cur_post['poster']).'</a>'; |
|
216 |
||
217 |
// get_title() requires that an element 'username' be present in the array |
|
218 |
$cur_post['username'] = $cur_post['poster']; |
|
219 |
$user_title = get_title($cur_post); |
|
220 |
||
221 |
if ($pun_config['o_censoring'] == '1') |
|
222 |
$user_title = censor_words($user_title); |
|
223 |
} |
|
224 |
// If the poster is a guest (or a user that has been deleted) |
|
225 |
else |
|
226 |
{ |
|
227 |
$poster = pun_htmlspecialchars($cur_post['poster']); |
|
228 |
$user_title = $lang_topic['Guest']; |
|
229 |
} |
|
230 |
||
231 |
// Switch the background color for every message. |
|
232 |
$bg_switch = ($bg_switch) ? $bg_switch = false : $bg_switch = true; |
|
233 |
$vtbg = ($bg_switch) ? ' roweven' : ' rowodd'; |
|
234 |
||
235 |
// Perform the main parsing of the message (BBCode, smilies, censor words etc) |
|
236 |
$cur_post['message'] = parse_message($cur_post['message'], $cur_post['hide_smilies']); |
|
237 |
||
238 |
?> |
|
239 |
||
240 |
<div class="blockpost<?php echo $vtbg ?>"> |
|
241 |
<a name="<?php echo $cur_post['id'] ?>"></a> |
|
242 |
<h2><span><span class="conr">#<?php echo ($start_from + $post_count) ?> </span><a href="viewtopic.php?pid=<?php echo $cur_post['id'].'#p'.$cur_post['id'] ?>"><?php echo format_time($cur_post['posted']) ?></a></span></h2> |
|
243 |
<div class="box"> |
|
244 |
<div class="inbox"> |
|
245 |
<div class="postleft"> |
|
246 |
<dl> |
|
247 |
<dt><strong><?php echo $poster ?></strong></dt> |
|
248 |
<dd><strong><?php echo $user_title ?></strong></dd> |
|
249 |
</dl> |
|
250 |
</div> |
|
251 |
<div class="postright"> |
|
252 |
<h3 class="nosize"><?php echo $lang_common['Message'] ?></h3> |
|
253 |
<div class="postmsg"> |
|
254 |
<?php echo $cur_post['message']."\n" ?> |
|
255 |
<?php if ($cur_post['edited'] != '') echo "\t\t\t\t\t".'<p class="postedit"><em>'.$lang_topic['Last edit'].' '.pun_htmlspecialchars($cur_post['edited_by']).' ('.format_time($cur_post['edited']).')</em></p>'."\n"; ?> |
|
256 |
</div> |
|
257 |
<?php if ($start_from + $post_count > 1) echo '<p class="multidelete"><label><strong>'.$lang_misc['Select'].'</strong> <input type="checkbox" name="posts['.$cur_post['id'].']" value="1" /></label></p>'."\n" ?> |
|
258 |
</div> |
|
259 |
<div class="clearer"></div> |
|
260 |
</div> |
|
261 |
</div> |
|
262 |
</div> |
|
263 |
||
264 |
||
265 |
||
266 |
||
267 |
<?php |
|
268 |
||
269 |
} |
|
270 |
||
271 |
?> |
|
272 |
<div class="postlinksb"> |
|
273 |
<div class="inbox"> |
|
274 |
<p class="pagelink conl"><?php echo $paging_links ?></p> |
|
275 |
<p class="conr"><input type="submit" name="delete_posts" value="<?php echo $lang_misc['Delete'] ?>"<?php echo $button_status ?> /></p> |
|
276 |
<div class="clearer"></div> |
|
277 |
</div> |
|
278 |
</div> |
|
279 |
</form> |
|
280 |
<?php |
|
281 |
||
282 |
require PUN_ROOT.'footer.php'; |
|
283 |
} |
|
284 |
||
285 |
||
286 |
// Move one or more topics |
|
287 |
if (isset($_REQUEST['move_topics']) || isset($_POST['move_topics_to'])) |
|
288 |
{ |
|
289 |
if (isset($_POST['move_topics_to'])) |
|
290 |
{ |
|
291 |
confirm_referrer('moderate.php'); |
|
292 |
||
293 |
if (@preg_match('/[^0-9,]/', $_POST['topics'])) |
|
294 |
message($lang_common['Bad request']); |
|
295 |
||
296 |
$topics = explode(',', $_POST['topics']); |
|
297 |
$move_to_forum = isset($_POST['move_to_forum']) ? intval($_POST['move_to_forum']) : 0; |
|
298 |
if (empty($topics) || $move_to_forum < 1) |
|
299 |
message($lang_common['Bad request']); |
|
300 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
301 |
// Verify that the topic IDs are valid |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
302 |
$result = $pun_db->query('SELECT 1 FROM '.$pun_db->prefix.'topics WHERE id IN('.implode(',',$topics).') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $pun_db->error()); |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
303 |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
304 |
if ($pun_db->num_rows($result) != count($topics)) |
0 | 305 |
message($lang_common['Bad request']); |
306 |
||
307 |
// Delete any redirect topics if there are any (only if we moved/copied the topic back to where it where it was once moved from) |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
308 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'topics WHERE forum_id='.$move_to_forum.' AND moved_to IN('.implode(',',$topics).')') or error('Unable to delete redirect topics', __FILE__, __LINE__, $pun_db->error()); |
0 | 309 |
|
310 |
// Move the topic(s) |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
311 |
$pun_db->query('UPDATE '.$pun_db->prefix.'topics SET forum_id='.$move_to_forum.' WHERE id IN('.implode(',',$topics).')') or error('Unable to move topics', __FILE__, __LINE__, $pun_db->error()); |
0 | 312 |
|
313 |
// Should we create redirect topics? |
|
314 |
if (isset($_POST['with_redirect'])) |
|
315 |
{ |
|
316 |
while (list(, $cur_topic) = @each($topics)) |
|
317 |
{ |
|
318 |
// Fetch info for the redirect topic |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
319 |
$result = $pun_db->query('SELECT poster, subject, posted, last_post FROM '.$pun_db->prefix.'topics WHERE id='.$cur_topic) or error('Unable to fetch topic info', __FILE__, __LINE__, $pun_db->error()); |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
320 |
$moved_to = $pun_db->fetch_assoc($result); |
0 | 321 |
|
322 |
// Create the redirect topic |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
323 |
$pun_db->query('INSERT INTO '.$pun_db->prefix.'topics (poster, subject, posted, last_post, moved_to, forum_id) VALUES(\''.$pun_db->escape($moved_to['poster']).'\', \''.$pun_db->escape($moved_to['subject']).'\', '.$moved_to['posted'].', '.$moved_to['last_post'].', '.$cur_topic.', '.$fid.')') or error('Unable to create redirect topic', __FILE__, __LINE__, $pun_db->error()); |
0 | 324 |
} |
325 |
} |
|
326 |
||
327 |
update_forum($fid); // Update the forum FROM which the topic was moved |
|
328 |
update_forum($move_to_forum); // Update the forum TO which the topic was moved |
|
329 |
||
330 |
$redirect_msg = (count($topics) > 1) ? $lang_misc['Move topics redirect'] : $lang_misc['Move topic redirect']; |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
331 |
pun_redirect('viewforum.php?id='.$move_to_forum, $redirect_msg); |
0 | 332 |
} |
333 |
||
334 |
if (isset($_POST['move_topics'])) |
|
335 |
{ |
|
336 |
$topics = isset($_POST['topics']) ? $_POST['topics'] : array(); |
|
337 |
if (empty($topics)) |
|
338 |
message($lang_misc['No topics selected']); |
|
339 |
||
340 |
$topics = implode(',', array_keys($topics)); |
|
341 |
$action = 'multi'; |
|
342 |
} |
|
343 |
else |
|
344 |
{ |
|
345 |
$topics = intval($_GET['move_topics']); |
|
346 |
if ($topics < 1) |
|
347 |
message($lang_common['Bad request']); |
|
348 |
||
349 |
$action = 'single'; |
|
350 |
} |
|
351 |
||
352 |
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Moderate'; |
|
353 |
require PUN_ROOT.'header.php'; |
|
354 |
||
355 |
?> |
|
356 |
<div class="blockform"> |
|
357 |
<h2><span><?php echo ($action == 'single') ? $lang_misc['Move topic'] : $lang_misc['Move topics'] ?></span></h2> |
|
358 |
<div class="box"> |
|
359 |
<form method="post" action="moderate.php?fid=<?php echo $fid ?>"> |
|
360 |
<div class="inform"> |
|
361 |
<input type="hidden" name="topics" value="<?php echo $topics ?>" /> |
|
362 |
<fieldset> |
|
363 |
<legend><?php echo $lang_misc['Move legend'] ?></legend> |
|
364 |
<div class="infldset"> |
|
365 |
<label><?php echo $lang_misc['Move to'] ?> |
|
366 |
<br /><select name="move_to_forum"> |
|
367 |
<?php |
|
368 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
369 |
$result = $pun_db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$pun_db->prefix.'categories AS c INNER JOIN '.$pun_db->prefix.'forums AS f ON c.id=f.cat_id LEFT JOIN '.$pun_db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.redirect_url IS NULL ORDER BY c.disp_position, c.id, f.disp_position', true) or error('Unable to fetch category/forum list', __FILE__, __LINE__, $pun_db->error()); |
0 | 370 |
|
371 |
$cur_category = 0; |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
372 |
while ($cur_forum = $pun_db->fetch_assoc($result)) |
0 | 373 |
{ |
374 |
if ($cur_forum['cid'] != $cur_category) // A new category since last iteration? |
|
375 |
{ |
|
376 |
if ($cur_category) |
|
377 |
echo "\t\t\t\t\t\t\t".'</optgroup>'."\n"; |
|
378 |
||
379 |
echo "\t\t\t\t\t\t\t".'<optgroup label="'.pun_htmlspecialchars($cur_forum['cat_name']).'">'."\n"; |
|
380 |
$cur_category = $cur_forum['cid']; |
|
381 |
} |
|
382 |
||
383 |
if ($cur_forum['fid'] != $fid) |
|
384 |
echo "\t\t\t\t\t\t\t\t".'<option value="'.$cur_forum['fid'].'">'.pun_htmlspecialchars($cur_forum['forum_name']).'</option>'."\n"; |
|
385 |
} |
|
386 |
||
387 |
?> |
|
388 |
</optgroup> |
|
389 |
</select> |
|
390 |
<br /></label> |
|
391 |
<div class="rbox"> |
|
392 |
<label><input type="checkbox" name="with_redirect" value="1"<?php if ($action == 'single') echo ' checked="checked"' ?> /><?php echo $lang_misc['Leave redirect'] ?><br /></label> |
|
393 |
</div> |
|
394 |
</div> |
|
395 |
</fieldset> |
|
396 |
</div> |
|
397 |
<p><input type="submit" name="move_topics_to" value="<?php echo $lang_misc['Move'] ?>" /><a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p> |
|
398 |
</form> |
|
399 |
</div> |
|
400 |
</div> |
|
401 |
<?php |
|
402 |
||
403 |
require PUN_ROOT.'footer.php'; |
|
404 |
} |
|
405 |
||
406 |
||
407 |
// Delete one or more topics |
|
408 |
if (isset($_REQUEST['delete_topics']) || isset($_POST['delete_topics_comply'])) |
|
409 |
{ |
|
410 |
$topics = isset($_POST['topics']) ? $_POST['topics'] : array(); |
|
411 |
if (empty($topics)) |
|
412 |
message($lang_misc['No topics selected']); |
|
413 |
||
414 |
if (isset($_POST['delete_topics_comply'])) |
|
415 |
{ |
|
416 |
confirm_referrer('moderate.php'); |
|
417 |
||
418 |
if (@preg_match('/[^0-9,]/', $topics)) |
|
419 |
message($lang_common['Bad request']); |
|
420 |
||
421 |
require PUN_ROOT.'include/search_idx.php'; |
|
422 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
423 |
// Verify that the topic IDs are valid |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
424 |
$result = $pun_db->query('SELECT 1 FROM '.$pun_db->prefix.'topics WHERE id IN('.$topics.') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $pun_db->error()); |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
425 |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
426 |
if ($pun_db->num_rows($result) != substr_count($topics, ',') + 1) |
0 | 427 |
message($lang_common['Bad request']); |
428 |
||
429 |
// Delete the topics and any redirect topics |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
430 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'topics WHERE id IN('.$topics.') OR moved_to IN('.$topics.')') or error('Unable to delete topic', __FILE__, __LINE__, $pun_db->error()); |
0 | 431 |
|
432 |
// Delete any subscriptions |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
433 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'subscriptions WHERE topic_id IN('.$topics.')') or error('Unable to delete subscriptions', __FILE__, __LINE__, $pun_db->error()); |
0 | 434 |
|
435 |
// Create a list of the post ID's in this topic and then strip the search index |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
436 |
$result = $pun_db->query('SELECT id FROM '.$pun_db->prefix.'posts WHERE topic_id IN('.$topics.')') or error('Unable to fetch posts', __FILE__, __LINE__, $pun_db->error()); |
0 | 437 |
|
438 |
$post_ids = ''; |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
439 |
while ($row = $pun_db->fetch_row($result)) |
0 | 440 |
$post_ids .= ($post_ids != '') ? ','.$row[0] : $row[0]; |
441 |
||
442 |
// We have to check that we actually have a list of post ID's since we could be deleting just a redirect topic |
|
443 |
if ($post_ids != '') |
|
444 |
strip_search_index($post_ids); |
|
445 |
||
446 |
// Delete posts |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
447 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'posts WHERE topic_id IN('.$topics.')') or error('Unable to delete posts', __FILE__, __LINE__, $pun_db->error()); |
0 | 448 |
|
449 |
update_forum($fid); |
|
450 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
451 |
pun_redirect('viewforum.php?id='.$fid, $lang_misc['Delete topics redirect']); |
0 | 452 |
} |
453 |
||
454 |
||
455 |
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_misc['Moderate']; |
|
456 |
require PUN_ROOT.'header.php'; |
|
457 |
||
458 |
?> |
|
459 |
<div class="blockform"> |
|
460 |
<h2><?php echo $lang_misc['Delete topics'] ?></h2> |
|
461 |
<div class="box"> |
|
462 |
<form method="post" action="moderate.php?fid=<?php echo $fid ?>"> |
|
463 |
<input type="hidden" name="topics" value="<?php echo implode(',', array_keys($topics)) ?>" /> |
|
464 |
<div class="inform"> |
|
465 |
<fieldset> |
|
466 |
<legend><?php echo $lang_misc['Confirm delete legend'] ?></legend> |
|
467 |
<div class="infldset"> |
|
468 |
<p><?php echo $lang_misc['Delete topics comply'] ?></p> |
|
469 |
</div> |
|
470 |
</fieldset> |
|
471 |
</div> |
|
472 |
<p><input type="submit" name="delete_topics_comply" value="<?php echo $lang_misc['Delete'] ?>" /><a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p> |
|
473 |
</form> |
|
474 |
</div> |
|
475 |
</div> |
|
476 |
<?php |
|
477 |
||
478 |
require PUN_ROOT.'footer.php'; |
|
479 |
} |
|
480 |
||
481 |
||
482 |
// Open or close one or more topics |
|
483 |
else if (isset($_REQUEST['open']) || isset($_REQUEST['close'])) |
|
484 |
{ |
|
485 |
$action = (isset($_REQUEST['open'])) ? 0 : 1; |
|
486 |
||
487 |
// There could be an array of topic ID's in $_POST |
|
488 |
if (isset($_POST['open']) || isset($_POST['close'])) |
|
489 |
{ |
|
490 |
confirm_referrer('moderate.php'); |
|
491 |
||
492 |
$topics = isset($_POST['topics']) ? @array_map('intval', @array_keys($_POST['topics'])) : array(); |
|
493 |
if (empty($topics)) |
|
494 |
message($lang_misc['No topics selected']); |
|
495 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
496 |
$pun_db->query('UPDATE '.$pun_db->prefix.'topics SET closed='.$action.' WHERE id IN('.implode(',', $topics).') AND forum_id='.$fid) or error('Unable to close topics', __FILE__, __LINE__, $pun_db->error()); |
0 | 497 |
|
498 |
$redirect_msg = ($action) ? $lang_misc['Close topics redirect'] : $lang_misc['Open topics redirect']; |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
499 |
pun_redirect('moderate.php?fid='.$fid, $redirect_msg); |
0 | 500 |
} |
501 |
// Or just one in $_GET |
|
502 |
else |
|
503 |
{ |
|
504 |
confirm_referrer('viewtopic.php'); |
|
505 |
||
506 |
$topic_id = ($action) ? intval($_GET['close']) : intval($_GET['open']); |
|
507 |
if ($topic_id < 1) |
|
508 |
message($lang_common['Bad request']); |
|
509 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
510 |
$pun_db->query('UPDATE '.$pun_db->prefix.'topics SET closed='.$action.' WHERE id='.$topic_id.' AND forum_id='.$fid) or error('Unable to close topic', __FILE__, __LINE__, $pun_db->error()); |
0 | 511 |
|
512 |
$redirect_msg = ($action) ? $lang_misc['Close topic redirect'] : $lang_misc['Open topic redirect']; |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
513 |
pun_redirect('viewtopic.php?id='.$topic_id, $redirect_msg); |
0 | 514 |
} |
515 |
} |
|
516 |
||
517 |
||
518 |
// Stick a topic |
|
519 |
else if (isset($_GET['stick'])) |
|
520 |
{ |
|
521 |
confirm_referrer('viewtopic.php'); |
|
522 |
||
523 |
$stick = intval($_GET['stick']); |
|
524 |
if ($stick < 1) |
|
525 |
message($lang_common['Bad request']); |
|
526 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
527 |
$pun_db->query('UPDATE '.$pun_db->prefix.'topics SET sticky=\'1\' WHERE id='.$stick.' AND forum_id='.$fid) or error('Unable to stick topic', __FILE__, __LINE__, $pun_db->error()); |
0 | 528 |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
529 |
pun_redirect('viewtopic.php?id='.$stick, $lang_misc['Stick topic redirect']); |
0 | 530 |
} |
531 |
||
532 |
||
533 |
// Unstick a topic |
|
534 |
else if (isset($_GET['unstick'])) |
|
535 |
{ |
|
536 |
confirm_referrer('viewtopic.php'); |
|
537 |
||
538 |
$unstick = intval($_GET['unstick']); |
|
539 |
if ($unstick < 1) |
|
540 |
message($lang_common['Bad request']); |
|
541 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
542 |
$pun_db->query('UPDATE '.$pun_db->prefix.'topics SET sticky=\'0\' WHERE id='.$unstick.' AND forum_id='.$fid) or error('Unable to unstick topic', __FILE__, __LINE__, $pun_db->error()); |
0 | 543 |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
544 |
pun_redirect('viewtopic.php?id='.$unstick, $lang_misc['Unstick topic redirect']); |
0 | 545 |
} |
546 |
||
547 |
||
548 |
// No specific forum moderation action was specified in the query string, so we'll display the moderator forum |
|
549 |
||
550 |
// Load the viewforum.php language file |
|
551 |
require PUN_ROOT.'lang/'.$pun_user['language'].'/forum.php'; |
|
552 |
||
553 |
// Fetch some info about the forum |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
554 |
$result = $pun_db->query('SELECT f.forum_name, f.redirect_url, f.num_topics FROM '.$pun_db->prefix.'forums AS f LEFT JOIN '.$pun_db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$fid) or error('Unable to fetch forum info', __FILE__, __LINE__, $pun_db->error()); |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
555 |
if (!$pun_db->num_rows($result)) |
0 | 556 |
message($lang_common['Bad request']); |
557 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
558 |
$cur_forum = $pun_db->fetch_assoc($result); |
0 | 559 |
|
560 |
// Is this a redirect forum? In that case, abort! |
|
561 |
if ($cur_forum['redirect_url'] != '') |
|
562 |
message($lang_common['Bad request']); |
|
563 |
||
564 |
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.pun_htmlspecialchars($cur_forum['forum_name']); |
|
565 |
require PUN_ROOT.'header.php'; |
|
566 |
||
567 |
// Determine the topic offset (based on $_GET['p']) |
|
568 |
$num_pages = ceil($cur_forum['num_topics'] / $pun_user['disp_topics']); |
|
569 |
||
570 |
$p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p']; |
|
571 |
$start_from = $pun_user['disp_topics'] * ($p - 1); |
|
572 |
||
573 |
// Generate paging links |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
574 |
$paging_links = $lang_common['Pages'].': '.pun_paginate($num_pages, $p, 'moderate.php?fid='.$fid) |
0 | 575 |
|
576 |
?> |
|
577 |
<div class="linkst"> |
|
578 |
<div class="inbox"> |
|
579 |
<p class="pagelink conl"><?php echo $paging_links ?></p> |
|
580 |
<ul><li><a href="index.php"><?php echo $lang_common['Index'] ?></a> </li><li>» <?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?></li></ul> |
|
581 |
<div class="clearer"></div> |
|
582 |
</div> |
|
583 |
</div> |
|
584 |
||
585 |
<form method="post" action="moderate.php?fid=<?php echo $fid ?>"> |
|
586 |
<div id="vf" class="blocktable"> |
|
587 |
<h2><span><?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?></span></h2> |
|
588 |
<div class="box"> |
|
589 |
<div class="inbox"> |
|
590 |
<table cellspacing="0"> |
|
591 |
<thead> |
|
592 |
<tr> |
|
593 |
<th class="tcl" scope="col"><?php echo $lang_common['Topic'] ?></th> |
|
594 |
<th class="tc2" scope="col"><?php echo $lang_common['Replies'] ?></th> |
|
595 |
<th class="tc3" scope="col"><?php echo $lang_forum['Views'] ?></th> |
|
596 |
<th class="tcr"><?php echo $lang_common['Last post'] ?></th> |
|
597 |
<th class="tcmod" scope="col"><?php echo $lang_misc['Select'] ?></th> |
|
598 |
</tr> |
|
599 |
</thead> |
|
600 |
<tbody> |
|
601 |
<?php |
|
602 |
||
603 |
// Select topics |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
604 |
$result = $pun_db->query('SELECT id, poster, subject, posted, last_post, last_post_id, last_poster, num_views, num_replies, closed, sticky, moved_to FROM '.$pun_db->prefix.'topics WHERE forum_id='.$fid.' ORDER BY sticky DESC, last_post DESC LIMIT '.$start_from.', '.$pun_user['disp_topics']) or error('Unable to fetch topic list for forum', __FILE__, __LINE__, $pun_db->error()); |
0 | 605 |
|
606 |
// If there are topics in this forum. |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
607 |
if ($pun_db->num_rows($result)) |
0 | 608 |
{ |
609 |
$button_status = ''; |
|
610 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
611 |
while ($cur_topic = $pun_db->fetch_assoc($result)) |
0 | 612 |
{ |
613 |
||
614 |
$icon_text = $lang_common['Normal icon']; |
|
615 |
$item_status = ''; |
|
616 |
$icon_type = 'icon'; |
|
617 |
||
618 |
if ($cur_topic['moved_to'] == null) |
|
619 |
{ |
|
620 |
$last_post = '<a href="viewtopic.php?pid='.$cur_topic['last_post_id'].'#p'.$cur_topic['last_post_id'].'">'.format_time($cur_topic['last_post']).'</a> '.$lang_common['by'].' '.pun_htmlspecialchars($cur_topic['last_poster']); |
|
621 |
$ghost_topic = false; |
|
622 |
} |
|
623 |
else |
|
624 |
{ |
|
625 |
$last_post = ' '; |
|
626 |
$ghost_topic = true; |
|
627 |
} |
|
628 |
||
629 |
if ($pun_config['o_censoring'] == '1') |
|
630 |
$cur_topic['subject'] = censor_words($cur_topic['subject']); |
|
631 |
||
632 |
if ($cur_topic['moved_to'] != 0) |
|
633 |
$subject = $lang_forum['Moved'].': <a href="viewtopic.php?id='.$cur_topic['moved_to'].'">'.pun_htmlspecialchars($cur_topic['subject']).'</a> <span class="byuser">'.$lang_common['by'].' '.pun_htmlspecialchars($cur_topic['poster']).'</span>'; |
|
634 |
else if ($cur_topic['closed'] == '0') |
|
635 |
$subject = '<a href="viewtopic.php?id='.$cur_topic['id'].'">'.pun_htmlspecialchars($cur_topic['subject']).'</a> <span>'.$lang_common['by'].' '.pun_htmlspecialchars($cur_topic['poster']).'</span>'; |
|
636 |
else |
|
637 |
{ |
|
638 |
$subject = '<a href="viewtopic.php?id='.$cur_topic['id'].'">'.pun_htmlspecialchars($cur_topic['subject']).'</a> <span class="byuser">'.$lang_common['by'].' '.pun_htmlspecialchars($cur_topic['poster']).'</span>'; |
|
639 |
$icon_text = $lang_common['Closed icon']; |
|
640 |
$item_status = 'iclosed'; |
|
641 |
} |
|
642 |
||
643 |
if ($cur_topic['last_post'] > $pun_user['last_visit'] && !$ghost_topic) |
|
644 |
{ |
|
645 |
$icon_text .= ' '.$lang_common['New icon']; |
|
646 |
$item_status .= ' inew'; |
|
647 |
$icon_type = 'icon inew'; |
|
648 |
$subject = '<strong>'.$subject.'</strong>'; |
|
649 |
$subject_new_posts = '<span class="newtext">[ <a href="viewtopic.php?id='.$cur_topic['id'].'&action=new" title="'.$lang_common['New posts info'].'">'.$lang_common['New posts'].'</a> ]</span>'; |
|
650 |
} |
|
651 |
else |
|
652 |
$subject_new_posts = null; |
|
653 |
||
654 |
// We won't display "the dot", but we add the spaces anyway |
|
655 |
if ($pun_config['o_show_dot'] == '1') |
|
656 |
$subject = ' '.$subject; |
|
657 |
||
658 |
if ($cur_topic['sticky'] == '1') |
|
659 |
{ |
|
660 |
$subject = '<span class="stickytext">'.$lang_forum['Sticky'].': </span>'.$subject; |
|
661 |
$item_status .= ' isticky'; |
|
662 |
$icon_text .= ' '.$lang_forum['Sticky']; |
|
663 |
} |
|
664 |
||
665 |
$num_pages_topic = ceil(($cur_topic['num_replies'] + 1) / $pun_user['disp_posts']); |
|
666 |
||
667 |
if ($num_pages_topic > 1) |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
668 |
$subject_multipage = '[ '.pun_paginate($num_pages_topic, -1, 'viewtopic.php?id='.$cur_topic['id']).' ]'; |
0 | 669 |
else |
670 |
$subject_multipage = null; |
|
671 |
||
672 |
// Should we show the "New posts" and/or the multipage links? |
|
673 |
if (!empty($subject_new_posts) || !empty($subject_multipage)) |
|
674 |
{ |
|
675 |
$subject .= ' '.(!empty($subject_new_posts) ? $subject_new_posts : ''); |
|
676 |
$subject .= !empty($subject_multipage) ? ' '.$subject_multipage : ''; |
|
677 |
} |
|
678 |
||
679 |
?> |
|
680 |
<tr<?php if ($item_status != '') echo ' class="'.trim($item_status).'"'; ?>> |
|
681 |
<td class="tcl"> |
|
682 |
<div class="<?php echo $icon_type ?>"><div class="nosize"><?php echo trim($icon_text) ?></div></div> |
|
683 |
<div class="tclcon"> |
|
684 |
<?php echo $subject."\n" ?> |
|
685 |
</div> |
|
686 |
</td> |
|
687 |
<td class="tc2"><?php echo (!$ghost_topic) ? $cur_topic['num_replies'] : ' ' ?></td> |
|
688 |
<td class="tc3"><?php echo (!$ghost_topic) ? $cur_topic['num_views'] : ' ' ?></td> |
|
689 |
<td class="tcr"><?php echo $last_post ?></td> |
|
690 |
<td class="tcmod"><input type="checkbox" name="topics[<?php echo $cur_topic['id'] ?>]" value="1" /></td> |
|
691 |
</tr> |
|
692 |
<?php |
|
693 |
||
694 |
} |
|
695 |
} |
|
696 |
else |
|
697 |
{ |
|
698 |
$button_status = ' disabled'; |
|
699 |
echo "\t\t\t\t\t".'<tr><td class="tcl" colspan="5">'.$lang_forum['Empty forum'].'</td></tr>'."\n"; |
|
700 |
} |
|
701 |
||
702 |
?> |
|
703 |
</tbody> |
|
704 |
</table> |
|
705 |
</div> |
|
706 |
</div> |
|
707 |
</div> |
|
708 |
||
709 |
<div class="linksb"> |
|
710 |
<div class="inbox"> |
|
711 |
<p class="pagelink conl"><?php echo $paging_links ?></p> |
|
712 |
<p class="conr"><input type="submit" name="move_topics" value="<?php echo $lang_misc['Move'] ?>"<?php echo $button_status ?> /> <input type="submit" name="delete_topics" value="<?php echo $lang_misc['Delete'] ?>"<?php echo $button_status ?> /> <input type="submit" name="open" value="<?php echo $lang_misc['Open'] ?>"<?php echo $button_status ?> /> <input type="submit" name="close" value="<?php echo $lang_misc['Close'] ?>"<?php echo $button_status ?> /></p> |
|
713 |
<div class="clearer"></div> |
|
714 |
</div> |
|
715 |
</div> |
|
716 |
</form> |
|
717 |
<?php |
|
718 |
||
719 |
require PUN_ROOT.'footer.php'; |