$fonthead"; $ppp=20; if ($logpassword!="") { $ppp=$users[postsperpage]; if ($ppp==0) { $ppp=20; } } print "$header
"; if ($_POST[action]=="" and $threads[id]>-1) { print "$fonttag$boardname - ".$forums[title]." - ".$threads[title]."

"; if ($action=="" and $forums[id]>-1 and $_GET[id]>-1 and $threads[closed]!=1) { print " "; $quotemsg=""; if ($_GET[postid]!="") { $quotepost=mysqli_fetch_array(mysqli_query($con,"SELECT id,text,user FROM posts WHERE id = $_GET[postid]")); $quoteuser=mysqli_fetch_array(mysqli_query($con,"SELECT id,name FROM users WHERE id=$quotepost[user]")); $quotemsg=$smallfont."Originally posted by ".$quoteuser[name]." ".$quotepost[text]." "; } $replytable="$tccellha width=150$tccellhb"." "; $replytable.="$tccellh"." "; if (!$loguserid) { $replytable.="$tccell1"."User name:"; $replytable.="$tccell2".""; $replytable.="$tccell1"."Password:"; $replytable.="$tccell2".""; } else { $replytable.="$tccell1"."Alternate login"; $replytable.="$tccell2"."Use an alternate login -- Coming soon!"; } $replytable.="$tccell1"."Reply:"; $replytable.="$tccell2"."$quotemsg"; $replytable.="$tccell1"." "; $replytable.="$tccell2"." "; print "$replytable

"; print " "; $postlist="$tccellha width=150$tccellhb"."User"; $postlist.="$tccellh"."Post"; $p="-1"; while($post = mysqli_fetch_array($posts)){ $userpost=mysqli_fetch_array(mysqli_query($con,"SELECT users.*, posts.* FROM users INNER JOIN posts ON users.id = posts.user AND posts.id=$post[id]")) or die('error'); if ($post[thread]==$_GET[id]) { $totalposts=mysqli_num_rows(mysqli_query($con,"SELECT * FROM posts WHERE thread=$_GET[id]")); if ($totalposts>0) { $postlist.=""; } $p++; $bg=$tablebg1; if ($p % 2 == 0) { $bg=$tablebg2; } $tcellbg=" $fonttag$boardname - $forums[title] - $threads[title] "; } } if ($_POST[action]=="postreply") { print " $tblstart "; if(!$_POST[message]){ print "$tccell1"."You left your post blank!"; print "
Click here to return to the thread."; print $footer; die(); } $users0=mysqli_query($con,"SELECT id,password,name FROM users"); if($loguserid) { $userid=$loguserid; $username=$users[name]; } else { $userid=-1; while($users1=mysqli_fetch_array($users0)){ if ($users1[2]==$_POST[username] and password_verify($_POST[password],$users1[1])) { $userid = $users1[0]; $username=$_POST[username]; } } } if ($userid!=-1) { if (!$loguserid) $username=$_POST[username]; $s=0; $message=str_replace("\x22",""",$_POST[message]); $message=str_replace("")","")",$message); $message=str_replace("src="","src=\"",$message); // $msg=$message; $message=str_replace(""","\x22",$message); /* if ($users[$userid][5]!="") { $msg.="

--------------------
".$users[$userid][5]; } */ $s=0; while ($smilies[$s][0]!="") { $smilie=$smilies[$s]; $smile=$smilie[0]; eval ("\$message=str_replace(\"$smile\",\"\",\$message);"); $s++; } $message=str_replace(" ","
",$message); if ($_POST[submit]!="") { $date=time(); $message1=mysqli_real_escape_string($con,$message); mysqli_query($con,"UPDATE users SET posts = posts + 1, lastposttime = $date WHERE id = $userid") or die(mysqli_error($con)); mysqli_query($con,"INSERT INTO `posts` (`thread`, `user`, `date`, `ip`, `text`) VALUES ('$_POST[fid]', '$userid', '$date', '$userip', '$message1')") or die(mysql_error()); mysqli_query($con,"UPDATE threads SET lastpostdate = $date WHERE id = $_POST[fid]") or die(mysqli_error($con)); print "$tccell1"."Thank you, ".$username.", for submitting your post."; print "
Click here to go to the thread. "; } else { print "

$tccell1 This is a preview of your post. $tccell2

".$message."
$tccell1 Post: $tccell2 ".str_replace("<br>"," ",$message).""; if (!$loguserid) { print " "; } print " $tccell1   $tccell2 "; } } else { print "$tccell1"."Couldn't enter the post. Either you didn't enter an existing username, "; print "or you haven't entered the right password for the username."; print "
Click here to return to the thread, or wait to get redirected."; } } print $footer; ?>