author | Dan |
Thu, 12 Jul 2007 01:04:01 -0400 | |
changeset 2 | a8a21e1c7afa |
parent 0 | f9ffdbd96607 |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
2 |
/*********************************************************************** |
|
3 |
||
4 |
Copyright (C) 2002-2005 Rickard Andersson (rickard@punbb.org) |
|
5 |
||
6 |
This file is part of PunBB. |
|
7 |
||
8 |
PunBB is free software; you can redistribute it and/or modify it |
|
9 |
under the terms of the GNU General Public License as published |
|
10 |
by the Free Software Foundation; either version 2 of the License, |
|
11 |
or (at your option) any later version. |
|
12 |
||
13 |
PunBB is distributed in the hope that it will be useful, but |
|
14 |
WITHOUT ANY WARRANTY; without even the implied warranty of |
|
15 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
16 |
GNU General Public License for more details. |
|
17 |
||
18 |
You should have received a copy of the GNU General Public License |
|
19 |
along with this program; if not, write to the Free Software |
|
20 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, |
|
21 |
MA 02111-1307 USA |
|
22 |
||
23 |
************************************************************************/ |
|
24 |
||
25 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
26 |
//define('PUN_ROOT', './'); |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
27 |
//require PUN_ROOT.'include/common.php'; |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
28 |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
29 |
global $pun_db, $pun_user, $pun_config, $lang_common; |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
30 |
|
0 | 31 |
|
32 |
||
33 |
if ($pun_user['g_read_board'] == '0') |
|
34 |
message($lang_common['No view']); |
|
35 |
||
36 |
||
37 |
$action = isset($_GET['action']) ? $_GET['action'] : null; |
|
38 |
$id = isset($_GET['id']) ? intval($_GET['id']) : 0; |
|
39 |
$pid = isset($_GET['pid']) ? intval($_GET['pid']) : 0; |
|
40 |
if ($id < 1 && $pid < 1) |
|
41 |
message($lang_common['Bad request']); |
|
42 |
||
43 |
// Load the viewtopic.php language file |
|
44 |
require PUN_ROOT.'lang/'.$pun_user['language'].'/topic.php'; |
|
45 |
||
46 |
||
47 |
// If a post ID is specified we determine topic ID and page number so we can redirect to the correct message |
|
48 |
if ($pid) |
|
49 |
{ |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
50 |
$result = $pun_db->query('SELECT topic_id FROM '.$pun_db->prefix.'posts WHERE id='.$pid) or error('Unable to fetch post info', __FILE__, __LINE__, $pun_db->error()); |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
51 |
if (!$pun_db->num_rows($result)) |
0 | 52 |
message($lang_common['Bad request']); |
53 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
54 |
$id = $pun_db->result($result); |
0 | 55 |
|
56 |
// Determine on what page the post is located (depending on $pun_user['disp_posts']) |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
57 |
$result = $pun_db->query('SELECT id FROM '.$pun_db->prefix.'posts WHERE topic_id='.$id.' ORDER BY posted') or error('Unable to fetch post info', __FILE__, __LINE__, $pun_db->error()); |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
58 |
$num_posts = $pun_db->num_rows($result); |
0 | 59 |
|
60 |
for ($i = 0; $i < $num_posts; ++$i) |
|
61 |
{ |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
62 |
$cur_id = $pun_db->result($result, $i); |
0 | 63 |
if ($cur_id == $pid) |
64 |
break; |
|
65 |
} |
|
66 |
++$i; // we started at 0 |
|
67 |
||
68 |
$_GET['p'] = ceil($i / $pun_user['disp_posts']); |
|
69 |
} |
|
70 |
||
71 |
// If action=new, we redirect to the first new post (if any) |
|
72 |
else if ($action == 'new' && !$pun_user['is_guest']) |
|
73 |
{ |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
74 |
$result = $pun_db->query('SELECT MIN(id) FROM '.$pun_db->prefix.'posts WHERE topic_id='.$id.' AND posted>'.$pun_user['last_visit']) or error('Unable to fetch post info', __FILE__, __LINE__, $pun_db->error()); |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
75 |
$first_new_post_id = $pun_db->result($result); |
0 | 76 |
|
77 |
if ($first_new_post_id) |
|
78 |
header('Location: viewtopic.php?pid='.$first_new_post_id.'#p'.$first_new_post_id); |
|
79 |
else // If there is no new post, we go to the last post |
|
80 |
header('Location: viewtopic.php?id='.$id.'&action=last'); |
|
81 |
||
82 |
exit; |
|
83 |
} |
|
84 |
||
85 |
// If action=last, we redirect to the last post |
|
86 |
else if ($action == 'last') |
|
87 |
{ |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
88 |
$result = $pun_db->query('SELECT MAX(id) FROM '.$pun_db->prefix.'posts WHERE topic_id='.$id) or error('Unable to fetch post info', __FILE__, __LINE__, $pun_db->error()); |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
89 |
$last_post_id = $pun_db->result($result); |
0 | 90 |
|
91 |
if ($last_post_id) |
|
92 |
{ |
|
93 |
header('Location: viewtopic.php?pid='.$last_post_id.'#p'.$last_post_id); |
|
94 |
exit; |
|
95 |
} |
|
96 |
} |
|
97 |
||
98 |
||
99 |
// Fetch some info about the topic |
|
100 |
if (!$pun_user['is_guest']) |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
101 |
$result = $pun_db->query('SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, s.user_id AS is_subscribed FROM '.$pun_db->prefix.'topics AS t INNER JOIN '.$pun_db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$pun_db->prefix.'subscriptions AS s ON (t.id=s.topic_id AND s.user_id='.$pun_user['id'].') LEFT JOIN '.$pun_db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id='.$id.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $pun_db->error()); |
0 | 102 |
else |
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
103 |
$result = $pun_db->query('SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM '.$pun_db->prefix.'topics AS t INNER JOIN '.$pun_db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$pun_db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id='.$id.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $pun_db->error()); |
0 | 104 |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
105 |
if (!$pun_db->num_rows($result)) |
0 | 106 |
message($lang_common['Bad request']); |
107 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
108 |
$cur_topic = $pun_db->fetch_assoc($result); |
0 | 109 |
|
110 |
// Sort out who the moderators are and if we are currently a moderator (or an admin) |
|
111 |
$mods_array = ($cur_topic['moderators'] != '') ? unserialize($cur_topic['moderators']) : array(); |
|
112 |
$is_admmod = ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_id'] == PUN_MOD && array_key_exists($pun_user['username'], $mods_array))) ? true : false; |
|
113 |
||
114 |
// Can we or can we not post replies? |
|
115 |
if ($cur_topic['closed'] == '0') |
|
116 |
{ |
|
117 |
if (($cur_topic['post_replies'] == '' && $pun_user['g_post_replies'] == '1') || $cur_topic['post_replies'] == '1' || $is_admmod) |
|
118 |
$post_link = '<a href="post.php?tid='.$id.'">'.$lang_topic['Post reply'].'</a>'; |
|
119 |
else |
|
120 |
$post_link = ' '; |
|
121 |
} |
|
122 |
else |
|
123 |
{ |
|
124 |
$post_link = $lang_topic['Topic closed']; |
|
125 |
||
126 |
if ($is_admmod) |
|
127 |
$post_link .= ' / <a href="post.php?tid='.$id.'">'.$lang_topic['Post reply'].'</a>'; |
|
128 |
} |
|
129 |
||
130 |
||
131 |
// Determine the post offset (based on $_GET['p']) |
|
132 |
$num_pages = ceil(($cur_topic['num_replies'] + 1) / $pun_user['disp_posts']); |
|
133 |
||
134 |
$p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p']; |
|
135 |
$start_from = $pun_user['disp_posts'] * ($p - 1); |
|
136 |
||
137 |
// Generate paging links |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
138 |
$paging_links = $lang_common['Pages'].': '.pun_paginate($num_pages, $p, 'viewtopic.php?id='.$id); |
0 | 139 |
|
140 |
||
141 |
if ($pun_config['o_censoring'] == '1') |
|
142 |
$cur_topic['subject'] = censor_words($cur_topic['subject']); |
|
143 |
||
144 |
||
145 |
$quickpost = false; |
|
146 |
if ($pun_config['o_quickpost'] == '1' && |
|
147 |
!$pun_user['is_guest'] && |
|
148 |
($cur_topic['post_replies'] == '1' || ($cur_topic['post_replies'] == '' && $pun_user['g_post_replies'] == '1')) && |
|
149 |
($cur_topic['closed'] == '0' || $is_admmod)) |
|
150 |
{ |
|
151 |
$required_fields = array('req_message' => $lang_common['Message']); |
|
152 |
$quickpost = true; |
|
153 |
} |
|
154 |
||
155 |
if (!$pun_user['is_guest'] && $pun_config['o_subscriptions'] == '1') |
|
156 |
{ |
|
157 |
if ($cur_topic['is_subscribed']) |
|
158 |
// I apologize for the variable naming here. It's a mix of subscription and action I guess :-) |
|
159 |
$subscraction = '<p class="subscribelink clearb">'.$lang_topic['Is subscribed'].' - <a href="misc.php?unsubscribe='.$id.'">'.$lang_topic['Unsubscribe'].'</a></p>'."\n"; |
|
160 |
else |
|
161 |
$subscraction = '<p class="subscribelink clearb"><a href="misc.php?subscribe='.$id.'">'.$lang_topic['Subscribe'].'</a></p>'."\n"; |
|
162 |
} |
|
163 |
else |
|
164 |
$subscraction = '<div class="clearer"></div>'."\n"; |
|
165 |
||
166 |
$page_title = pun_htmlspecialchars($pun_config['o_board_title'].' / '.$cur_topic['subject']); |
|
167 |
define('PUN_ALLOW_INDEX', 1); |
|
168 |
require PUN_ROOT.'header.php'; |
|
169 |
||
170 |
?> |
|
171 |
<div class="linkst"> |
|
172 |
<div class="inbox"> |
|
173 |
<p class="pagelink conl"><?php echo $paging_links ?></p> |
|
174 |
<p class="postlink conr"><?php echo $post_link ?></p> |
|
175 |
<ul><li><a href="index.php"><?php echo $lang_common['Index'] ?></a></li><li> » <a href="viewforum.php?id=<?php echo $cur_topic['forum_id'] ?>"><?php echo pun_htmlspecialchars($cur_topic['forum_name']) ?></a></li><li> » <?php echo pun_htmlspecialchars($cur_topic['subject']) ?></li></ul> |
|
176 |
<div class="clearer"></div> |
|
177 |
</div> |
|
178 |
</div> |
|
179 |
||
180 |
<?php |
|
181 |
||
182 |
||
183 |
require PUN_ROOT.'include/parser.php'; |
|
184 |
||
185 |
$bg_switch = true; // Used for switching background color in posts |
|
186 |
$post_count = 0; // Keep track of post numbers |
|
187 |
||
188 |
// Retrieve the posts (and their respective poster/online status) |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
189 |
$result = $pun_db->query('SELECT eu.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM '.$pun_db->prefix.'posts AS p INNER JOIN '.$pun_db->prefix.'users AS u ON u.id=p.poster_id INNER JOIN '.table_prefix.'users AS eu ON eu.user_id=u.id INNER JOIN '.$pun_db->prefix.'groups AS g ON g.g_id=u.group_id LEFT JOIN '.$pun_db->prefix.'online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id='.$id.' ORDER BY p.id LIMIT '.$start_from.','.$pun_user['disp_posts'], true) or error('Unable to fetch post info', __FILE__, __LINE__, $pun_db->error()); |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
190 |
while ($cur_post = $pun_db->fetch_assoc($result)) |
0 | 191 |
{ |
192 |
$post_count++; |
|
193 |
$user_avatar = ''; |
|
194 |
$user_info = array(); |
|
195 |
$user_contacts = array(); |
|
196 |
$post_actions = array(); |
|
197 |
$is_online = ''; |
|
198 |
$signature = ''; |
|
199 |
||
200 |
// If the poster is a registered user. |
|
201 |
if ($cur_post['poster_id'] > 1) |
|
202 |
{ |
|
203 |
$username = '<a href="profile.php?id='.$cur_post['poster_id'].'">'.pun_htmlspecialchars($cur_post['username']).'</a>'; |
|
204 |
$user_title = get_title($cur_post); |
|
205 |
||
206 |
if ($pun_config['o_censoring'] == '1') |
|
207 |
$user_title = censor_words($user_title); |
|
208 |
||
209 |
// Format the online indicator |
|
210 |
$is_online = ($cur_post['is_online'] == $cur_post['poster_id']) ? '<strong>'.$lang_topic['Online'].'</strong>' : $lang_topic['Offline']; |
|
211 |
||
212 |
if ($pun_config['o_avatars'] == '1' && $cur_post['use_avatar'] == '1' && $pun_user['show_avatars'] != '0') |
|
213 |
{ |
|
214 |
if ($img_size = @getimagesize($pun_config['o_avatars_dir'].'/'.$cur_post['poster_id'].'.gif')) |
|
215 |
$user_avatar = '<img src="'.$pun_config['o_avatars_dir'].'/'.$cur_post['poster_id'].'.gif" '.$img_size[3].' alt="" />'; |
|
216 |
else if ($img_size = @getimagesize($pun_config['o_avatars_dir'].'/'.$cur_post['poster_id'].'.jpg')) |
|
217 |
$user_avatar = '<img src="'.$pun_config['o_avatars_dir'].'/'.$cur_post['poster_id'].'.jpg" '.$img_size[3].' alt="" />'; |
|
218 |
else if ($img_size = @getimagesize($pun_config['o_avatars_dir'].'/'.$cur_post['poster_id'].'.png')) |
|
219 |
$user_avatar = '<img src="'.$pun_config['o_avatars_dir'].'/'.$cur_post['poster_id'].'.png" '.$img_size[3].' alt="" />'; |
|
220 |
} |
|
221 |
else |
|
222 |
$user_avatar = ''; |
|
223 |
||
224 |
// We only show location, register date, post count and the contact links if "Show user info" is enabled |
|
225 |
if ($pun_config['o_show_user_info'] == '1') |
|
226 |
{ |
|
227 |
if ($cur_post['location'] != '') |
|
228 |
{ |
|
229 |
if ($pun_config['o_censoring'] == '1') |
|
230 |
$cur_post['location'] = censor_words($cur_post['location']); |
|
231 |
||
232 |
$user_info[] = '<dd>'.$lang_topic['From'].': '.pun_htmlspecialchars($cur_post['location']); |
|
233 |
} |
|
234 |
||
235 |
$user_info[] = '<dd>'.$lang_common['Registered'].': '.date($pun_config['o_date_format'], $cur_post['registered']); |
|
236 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
237 |
if ($pun_config['o_show_post_count'] == '1' || $pun_user['g_id'] >= USER_LEVEL_MEMBER) |
0 | 238 |
$user_info[] = '<dd>'.$lang_common['Posts'].': '.$cur_post['num_posts']; |
239 |
||
240 |
// Now let's deal with the contact links (E-mail and URL) |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
241 |
if (($cur_post['email_setting'] == '0' && !$pun_user['is_guest']) || $pun_user['g_id'] >= USER_LEVEL_MEMBER) |
0 | 242 |
$user_contacts[] = '<a href="mailto:'.$cur_post['email'].'">'.$lang_common['E-mail'].'</a>'; |
243 |
else if ($cur_post['email_setting'] == '1' && !$pun_user['is_guest']) |
|
244 |
$user_contacts[] = '<a href="misc.php?email='.$cur_post['poster_id'].'">'.$lang_common['E-mail'].'</a>'; |
|
245 |
||
246 |
if ($cur_post['url'] != '') |
|
247 |
$user_contacts[] = '<a href="'.pun_htmlspecialchars($cur_post['url']).'">'.$lang_topic['Website'].'</a>'; |
|
248 |
} |
|
249 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
250 |
if ($pun_user['g_id'] >= USER_LEVEL_MEMBER) |
0 | 251 |
{ |
252 |
$user_info[] = '<dd>IP: <a href="moderate.php?get_host='.$cur_post['id'].'">'.$cur_post['poster_ip'].'</a>'; |
|
253 |
||
254 |
if ($cur_post['admin_note'] != '') |
|
255 |
$user_info[] = '<dd>'.$lang_topic['Note'].': <strong>'.pun_htmlspecialchars($cur_post['admin_note']).'</strong>'; |
|
256 |
} |
|
257 |
} |
|
258 |
// If the poster is a guest (or a user that has been deleted) |
|
259 |
else |
|
260 |
{ |
|
261 |
$username = pun_htmlspecialchars($cur_post['username']); |
|
262 |
$user_title = get_title($cur_post); |
|
263 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
264 |
if ($pun_user['g_id'] >= USER_LEVEL_MEMBER) |
0 | 265 |
$user_info[] = '<dd>IP: <a href="moderate.php?get_host='.$cur_post['id'].'">'.$cur_post['poster_ip'].'</a>'; |
266 |
||
267 |
if ($pun_config['o_show_user_info'] == '1' && $cur_post['poster_email'] != '' && !$pun_user['is_guest']) |
|
268 |
$user_contacts[] = '<a href="mailto:'.$cur_post['poster_email'].'">'.$lang_common['E-mail'].'</a>'; |
|
269 |
} |
|
270 |
||
271 |
// Generation post action array (quote, edit, delete etc.) |
|
272 |
if (!$is_admmod) |
|
273 |
{ |
|
274 |
if (!$pun_user['is_guest']) |
|
275 |
$post_actions[] = '<li class="postreport"><a href="misc.php?report='.$cur_post['id'].'">'.$lang_topic['Report'].'</a>'; |
|
276 |
||
277 |
if ($cur_topic['closed'] == '0') |
|
278 |
{ |
|
279 |
if ($cur_post['poster_id'] == $pun_user['id']) |
|
280 |
{ |
|
281 |
if ((($start_from + $post_count) == 1 && $pun_user['g_delete_topics'] == '1') || (($start_from + $post_count) > 1 && $pun_user['g_delete_posts'] == '1')) |
|
282 |
$post_actions[] = '<li class="postdelete"><a href="delete.php?id='.$cur_post['id'].'">'.$lang_topic['Delete'].'</a>'; |
|
283 |
if ($pun_user['g_edit_posts'] == '1') |
|
284 |
$post_actions[] = '<li class="postedit"><a href="edit.php?id='.$cur_post['id'].'">'.$lang_topic['Edit'].'</a>'; |
|
285 |
} |
|
286 |
||
287 |
if (($cur_topic['post_replies'] == '' && $pun_user['g_post_replies'] == '1') || $cur_topic['post_replies'] == '1') |
|
288 |
$post_actions[] = '<li class="postquote"><a href="post.php?tid='.$id.'&qid='.$cur_post['id'].'">'.$lang_topic['Quote'].'</a>'; |
|
289 |
} |
|
290 |
} |
|
291 |
else |
|
292 |
$post_actions[] = '<li class="postreport"><a href="misc.php?report='.$cur_post['id'].'">'.$lang_topic['Report'].'</a>'.$lang_topic['Link separator'].'</li><li class="postdelete"><a href="delete.php?id='.$cur_post['id'].'">'.$lang_topic['Delete'].'</a>'.$lang_topic['Link separator'].'</li><li class="postedit"><a href="edit.php?id='.$cur_post['id'].'">'.$lang_topic['Edit'].'</a>'.$lang_topic['Link separator'].'</li><li class="postquote"><a href="post.php?tid='.$id.'&qid='.$cur_post['id'].'">'.$lang_topic['Quote'].'</a>'; |
|
293 |
||
294 |
||
295 |
// Switch the background color for every message. |
|
296 |
$bg_switch = ($bg_switch) ? $bg_switch = false : $bg_switch = true; |
|
297 |
$vtbg = ($bg_switch) ? ' roweven' : ' rowodd'; |
|
298 |
||
299 |
||
300 |
// Perform the main parsing of the message (BBCode, smilies, censor words etc) |
|
301 |
$cur_post['message'] = parse_message($cur_post['message'], $cur_post['hide_smilies']); |
|
302 |
||
303 |
// Do signature parsing/caching |
|
304 |
if ($cur_post['signature'] != '' && $pun_user['show_sig'] != '0') |
|
305 |
{ |
|
306 |
if (isset($signature_cache[$cur_post['poster_id']])) |
|
307 |
$signature = $signature_cache[$cur_post['poster_id']]; |
|
308 |
else |
|
309 |
{ |
|
310 |
$signature = parse_signature($cur_post['signature']); |
|
311 |
$signature_cache[$cur_post['poster_id']] = $signature; |
|
312 |
} |
|
313 |
} |
|
314 |
||
315 |
?> |
|
316 |
<div id="p<?php echo $cur_post['id'] ?>" class="blockpost<?php echo $vtbg ?><?php if (($post_count + $start_from) == 1) echo ' firstpost'; ?>"> |
|
317 |
<h2><span><span class="conr">#<?php echo ($start_from + $post_count) ?> </span><a href="viewtopic.php?pid=<?php echo $cur_post['id'].'#p'.$cur_post['id'] ?>"><?php echo format_time($cur_post['posted']) ?></a></span></h2> |
|
318 |
<div class="box"> |
|
319 |
<div class="inbox"> |
|
320 |
<div class="postleft"> |
|
321 |
<dl> |
|
322 |
<dt><strong><?php echo $username ?></strong></dt> |
|
323 |
<dd class="usertitle"><strong><?php echo $user_title ?></strong></dd> |
|
324 |
<dd class="postavatar"><?php echo $user_avatar ?></dd> |
|
325 |
<?php if (count($user_info)) echo "\t\t\t\t\t".implode('</dd>'."\n\t\t\t\t\t", $user_info).'</dd>'."\n"; ?> |
|
326 |
<?php if (count($user_contacts)) echo "\t\t\t\t\t".'<dd class="usercontacts">'.implode(' ', $user_contacts).'</dd>'."\n"; ?> |
|
327 |
</dl> |
|
328 |
</div> |
|
329 |
<div class="postright"> |
|
330 |
<h3><?php if (($post_count + $start_from) > 1) echo ' Re: '; ?><?php echo pun_htmlspecialchars($cur_topic['subject']) ?></h3> |
|
331 |
<div class="postmsg"> |
|
332 |
<?php echo $cur_post['message']."\n" ?> |
|
333 |
<?php if ($cur_post['edited'] != '') echo "\t\t\t\t\t".'<p class="postedit"><em>'.$lang_topic['Last edit'].' '.pun_htmlspecialchars($cur_post['edited_by']).' ('.format_time($cur_post['edited']).')</em></p>'."\n"; ?> |
|
334 |
</div> |
|
335 |
<?php if ($signature != '') echo "\t\t\t\t".'<div class="postsignature"><hr />'.$signature.'</div>'."\n"; ?> |
|
336 |
</div> |
|
337 |
<div class="clearer"></div> |
|
338 |
<div class="postfootleft"><?php if ($cur_post['poster_id'] > 1) echo '<p>'.$is_online.'</p>'; ?></div> |
|
339 |
<div class="postfootright"><?php echo (count($post_actions)) ? '<ul>'.implode($lang_topic['Link separator'].'</li>', $post_actions).'</li></ul></div>'."\n" : '<div> </div></div>'."\n" ?> |
|
340 |
</div> |
|
341 |
</div> |
|
342 |
</div> |
|
343 |
||
344 |
<?php |
|
345 |
||
346 |
} |
|
347 |
||
348 |
?> |
|
349 |
<div class="postlinksb"> |
|
350 |
<div class="inbox"> |
|
351 |
<p class="postlink conr"><?php echo $post_link ?></p> |
|
352 |
<p class="pagelink conl"><?php echo $paging_links ?></p> |
|
353 |
<ul><li><a href="index.php"><?php echo $lang_common['Index'] ?></a></li><li> » <a href="viewforum.php?id=<?php echo $cur_topic['forum_id'] ?>"><?php echo pun_htmlspecialchars($cur_topic['forum_name']) ?></a></li><li> » <?php echo pun_htmlspecialchars($cur_topic['subject']) ?></li></ul> |
|
354 |
<?php echo $subscraction ?> |
|
355 |
</div> |
|
356 |
</div> |
|
357 |
||
358 |
<?php |
|
359 |
||
360 |
// Display quick post if enabled |
|
361 |
if ($quickpost) |
|
362 |
{ |
|
363 |
||
364 |
?> |
|
365 |
<div class="blockform"> |
|
366 |
<h2><span><?php echo $lang_topic['Quick post'] ?></span></h2> |
|
367 |
<div class="box"> |
|
368 |
<form method="post" action="post.php?tid=<?php echo $id ?>" onsubmit="this.submit.disabled=true;if(process_form(this)){return true;}else{this.submit.disabled=false;return false;}"> |
|
369 |
<div class="inform"> |
|
370 |
<fieldset> |
|
371 |
<legend><?php echo $lang_common['Write message legend'] ?></legend> |
|
372 |
<div class="infldset txtarea"> |
|
373 |
<input type="hidden" name="form_sent" value="1" /> |
|
374 |
<input type="hidden" name="form_user" value="<?php echo (!$pun_user['is_guest']) ? pun_htmlspecialchars($pun_user['username']) : 'Guest'; ?>" /> |
|
375 |
<label><textarea name="req_message" rows="7" cols="75" tabindex="1"></textarea></label> |
|
376 |
<ul class="bblinks"> |
|
377 |
<li><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a>: <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li> |
|
378 |
<li><a href="help.php#img" onclick="window.open(this.href); return false;"><?php echo $lang_common['img tag'] ?></a>: <?php echo ($pun_config['p_message_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li> |
|
379 |
<li><a href="help.php#smilies" onclick="window.open(this.href); return false;"><?php echo $lang_common['Smilies'] ?></a>: <?php echo ($pun_config['o_smilies'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li> |
|
380 |
</ul> |
|
381 |
</div> |
|
382 |
</fieldset> |
|
383 |
</div> |
|
384 |
<p><input type="submit" name="submit" tabindex="2" value="<?php echo $lang_common['Submit'] ?>" accesskey="s" /></p> |
|
385 |
</form> |
|
386 |
</div> |
|
387 |
</div> |
|
388 |
<?php |
|
389 |
||
390 |
} |
|
391 |
||
392 |
// Increment "num_views" for topic |
|
393 |
$low_prio = ($db_type == 'mysql') ? 'LOW_PRIORITY ' : ''; |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
394 |
$pun_db->query('UPDATE '.$low_prio.$pun_db->prefix.'topics SET num_views=num_views+1 WHERE id='.$id) or error('Unable to update topic', __FILE__, __LINE__, $pun_db->error()); |
0 | 395 |
|
396 |
$forum_id = $cur_topic['forum_id']; |
|
397 |
$footer_style = 'viewtopic'; |
|
398 |
require PUN_ROOT.'footer.php'; |