208 lines
6.9 KiB
PHP
208 lines
6.9 KiB
PHP
<?php
|
|
require("function.php");
|
|
require("layout.php");
|
|
|
|
//GET doesn't carry over through POST, so I do it this way
|
|
$fid = $_GET['id'];
|
|
if(!$_GET[id]) $fid=$_POST[fid];
|
|
|
|
|
|
//Get the data
|
|
$posts=mysqli_fetch_array(mysqli_query($con,"SELECT * FROM posts WHERE id = $fid"));
|
|
$threads=mysqli_fetch_array(mysqli_query($con,"SELECT * FROM threads WHERE id = $posts[thread]"));
|
|
$forums=mysqli_fetch_array(mysqli_query($con,"SELECT * FROM forums WHERE id = $threads[forum]"));
|
|
$users=mysqli_fetch_array(mysqli_query($con,"SELECT * FROM users WHERE id = $loguserid"));
|
|
$smilies=readsmilies();
|
|
|
|
//Gotta be logged in
|
|
if (!$loguserid) {
|
|
print "$header<br><table border=0 bgcolor=$tableborder width=$tablewidth align=center cellpadding=0 cellspacing=0>
|
|
<td>
|
|
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
|
|
$tccell1 You are not logged it!</table></td></table>$footer";
|
|
die('');
|
|
|
|
}
|
|
|
|
//Do we have permission to edit?
|
|
if ($loguserid!=$posts[user]) {
|
|
print "$header<br><table border=0 bgcolor=$tableborder width=$tablewidth align=center cellpadding=0 cellspacing=0>
|
|
<td>
|
|
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
|
|
$tccell1 You do not have permission to edit this post!</table></td></table>$footer";
|
|
die('');
|
|
|
|
}
|
|
|
|
//This should be moved to layout.php
|
|
$tccellha="<td bgcolor=$tableheadbg";
|
|
$tccellhb="><center>$fonthead";
|
|
|
|
//Why do we need posts per page?
|
|
//
|
|
// $ppp=20;
|
|
// if ($logpassword!="") {
|
|
// $ppp=$users[$loguserid][16];
|
|
// if ($ppp==0) { $ppp=20; }
|
|
// }
|
|
|
|
|
|
//Have a nasty variable "$threads[$posts[$id][0]][4]"
|
|
|
|
|
|
print $header;
|
|
|
|
// $forumid=$threads[$posts[$id][0]][0];
|
|
|
|
if ($_POST[action]=="" and $forums[id]>-1 and $threads[closed]!=1 and !$_GET[action]) {
|
|
print "$fonttag<a href=index.php>$boardname</a> - <a href=forum.php?id=$forums[id]>".$forums[title]."</a> - ".$threads[title]."
|
|
<table border=0 bgcolor=$tableborder width=$tablewidth align=center cellpadding=0 cellspacing=0>
|
|
<td>
|
|
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
|
|
<FORM ACTION=\"editpost.php\" NAME=\"REPLIER\" METHOD=\"POST\">
|
|
";
|
|
|
|
//Replace <br> with line breaks. This needs to be revised at some point
|
|
$message=$posts[text];
|
|
$message=str_replace("
|
|
","",$message);
|
|
$message=str_replace("<br>","
|
|
",$message);
|
|
|
|
//Begin reply table
|
|
$replytable="$tccellha width=150$tccellhb"." </font></td>";
|
|
$replytable.="$tccellh"." </td><tr>";
|
|
$replytable.="$tccell1"."<b>Post:</td>";
|
|
$replytable.="$tccell2"."</center><TEXTAREA NAME=\"message\" ROWS=20 COLS=60 WRAP=VIRTUAL>$message"."</TEXTAREA></td><tr>";
|
|
$replytable.="$tccell1"." </td>";
|
|
$replytable.="$tccell2"."</center>
|
|
<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"editpost\">
|
|
<INPUT TYPE=HIDDEN NAME=\"fid\" VALUE=\"$fid\">
|
|
<INPUT TYPE=Submit NAME=\"submit\" VALUE=\"Edit post\">
|
|
<INPUT TYPE=Submit NAME=\"preview\" VALUE=\"Preview post\"></td></FORM>";
|
|
print "$replytable
|
|
</td>
|
|
</table>
|
|
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
|
|
";
|
|
print "
|
|
</table>
|
|
</td>
|
|
</table>
|
|
$fonttag<a href=index.php>$boardname</a> - <a href=forum.php?id=$forums[id]>".$forums[title]."</a> - ".$threads[title]." ";
|
|
}
|
|
|
|
if ($_POST[action]=="editpost") {
|
|
print "
|
|
<table border=0 bgcolor=$tableborder width=$tablewidth align=center cellpadding=0 cellspacing=0>
|
|
<td>
|
|
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
|
|
";
|
|
|
|
//Check if crap is empty
|
|
if(!$_POST[message]){
|
|
print "$tccell1"."You left your post blank!";
|
|
print "<br>Click <a href=thread.php?id=$threads[id]>here</a> to return to the thread.";
|
|
print $footer;
|
|
die();
|
|
|
|
|
|
|
|
}
|
|
|
|
if (0==0) {
|
|
|
|
// $message=str_replace("
|
|
//","<br>",$_POST[message]);
|
|
|
|
$s=0;
|
|
$message=str_replace("\x22",""",$_POST[message]);
|
|
$message=str_replace("")",""<b></b>)",$message);
|
|
$message=str_replace("src="","src=\"",$message);
|
|
$message=str_replace(""","\x22",$message);
|
|
|
|
while ($smilies[$s][0]!="") {
|
|
$smilie=$smilies[$s];
|
|
$smile=$smilie[0];
|
|
eval ("\$message=str_replace(\"$smile\",\"<img src=$smilie[1]>\",\$message);");
|
|
$s++;
|
|
}
|
|
$message=str_replace("
|
|
","<br>",$message);
|
|
|
|
if ($_POST[submit]!="") {
|
|
/*
|
|
|
|
$posts[$id][4]=$message;
|
|
$i=0;
|
|
while ($posts[$i][0]!="" and $i<($id+1)) {
|
|
if ($posts[$i][0]==$posts[$id][0]) {
|
|
$threadpostcount++;
|
|
}
|
|
$i++;
|
|
}
|
|
$pagenum=floor($threadpostcount/$ppp);
|
|
*/
|
|
$date=time();
|
|
$message1=mysqli_real_escape_string($con,$message);
|
|
print "$_POST[fid]";
|
|
mysqli_query($con,"UPDATE posts SET lastedit = '$date', edituser = '$loguserid', text = '$message1' WHERE id = $_POST[fid]") or mysqli_error($con);
|
|
|
|
print "$tccell1"."Thank you, ".$users[name].", for editing the post.
|
|
Click <a href=thread.php?id=$threads[id]>here</a> to return to the thread.
|
|
</table></td></table>
|
|
";
|
|
|
|
} else {
|
|
|
|
|
|
print "
|
|
<FORM ACTION=\"editpost.php\" NAME=\"REPLIER\" METHOD=\"POST\">
|
|
$tccell1 This is a preview of your post.</td><tr>
|
|
$tccell2</center>".$message."</td></table></td></table>
|
|
<br>
|
|
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
|
|
|
|
$tccell1 <b>Post:</td>
|
|
$tccell2 </center><TEXTAREA NAME=\"message\" ROWS=20 COLS=60 WRAP=VIRTUAL>".str_replace("<br>","
|
|
",$message)."</TEXTAREA></td><tr>
|
|
|
|
<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"editpost\">
|
|
<INPUT TYPE=HIDDEN NAME=\"fid\" VALUE=\"$fid\">
|
|
<INPUT TYPE=Submit NAME=\"submit\" VALUE=\"Edit post\">
|
|
<INPUT TYPE=Submit NAME=\"preview\" VALUE=\"Preview reply\"></td></FORM>
|
|
</table></td></table>";
|
|
|
|
|
|
}
|
|
} else {
|
|
print "$tccell1"."Couldn't edit the post. Either you didn't enter an existing username, ";
|
|
print "or you haven't entered the right password for the username, or you are not allowed to edit this post.";
|
|
print "<br>Click <a href=thread.php?id=$threads[id]>here</a> to return to the thread.";
|
|
}
|
|
}
|
|
|
|
if ($_GET[action]=="delete") {
|
|
print "
|
|
<table border=0 bgcolor=$tableborder width=$tablewidth align=center cellpadding=0 cellspacing=0>
|
|
<td>
|
|
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
|
|
";
|
|
|
|
if (0==0) {
|
|
mysqli_query($con,"DELETE FROM posts WHERE id=$fid");
|
|
|
|
print "$tccell1"."Thank you, ".$users[name].", for deleting the post.
|
|
Click <a href=forum.php?id=$forums[id]>here</a> to return to the forum.
|
|
</table></td></table>
|
|
";
|
|
|
|
} else {
|
|
print "$tccell1"."Couldn't delete the post. Either you didn't enter an existing username, ";
|
|
print "or you haven't entered the right password for the username, or you are not allowed to delete this post.";
|
|
print "<br>Click <a href=thread.php?id=$id>here</a> to return to the thread.";
|
|
}
|
|
}
|
|
|
|
print $footer;
|
|
?>
|