206 lines
7.5 KiB
PHP
206 lines
7.5 KiB
PHP
<?php
|
|
require("function.php");
|
|
require("layout.php");
|
|
$fid = $_GET['id'];
|
|
if(!$_GET[id]) $fid=$_POST[fid];
|
|
$threads=mysqli_fetch_array(mysqli_query($con,"SELECT * FROM threads WHERE id = $fid"));
|
|
$forums=mysqli_fetch_array(mysqli_query($con,"SELECT * FROM forums WHERE id = $threads[forum]"));
|
|
$users=mysqli_fetch_array(mysqli_query($con,"SELECT * FROM users WHERE id = $loguserid"));
|
|
$posts=mysqli_query($con,"SELECT * FROM posts WHERE thread = $_GET[id] ORDER BY date DESC");
|
|
$smilies=readsmilies();
|
|
$tccellha="<td bgcolor=$tableheadbg";
|
|
$tccellhb="><center>$fonthead";
|
|
$ppp=20;
|
|
if ($logpassword!="") {
|
|
$ppp=$users[postsperpage];
|
|
if ($ppp==0) { $ppp=20; }
|
|
}
|
|
print "$header<br>";
|
|
if ($_POST[action]=="" and $threads[id]>-1) {
|
|
print "$fonttag<a href=index.php>$boardname</a> - <a href=forum.php?id=$forums[id]>".$forums[title]."</a> - ".$threads[title]."
|
|
<table border=0 bgcolor=$tableborder width=$tablewidth align=center cellpadding=0 cellspacing=0>
|
|
<td>
|
|
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>";
|
|
if ($action=="" and $forums[id]>-1 and $_GET[id]>-1 and $threads[closed]!=1) {
|
|
print "
|
|
<FORM ACTION=\"newreply.php\" NAME=\"REPLIER\" METHOD=\"POST\">
|
|
";
|
|
|
|
|
|
$quotemsg="";
|
|
if ($_GET[postid]!="") {
|
|
$quotepost=mysqli_fetch_array(mysqli_query($con,"SELECT id,text,user FROM posts WHERE id = $_GET[postid]"));
|
|
$quoteuser=mysqli_fetch_array(mysqli_query($con,"SELECT id,name FROM users WHERE id=$quotepost[user]"));
|
|
$quotemsg=$smallfont."<i>Originally posted by ".$quoteuser[name]."</i></font><hr>".$quotepost[text]."<hr>";
|
|
}
|
|
|
|
$replytable="$tccellha width=150$tccellhb"." </font></td>";
|
|
$replytable.="$tccellh"." </td><tr>";
|
|
|
|
|
|
if (!$loguserid) {
|
|
$replytable.="$tccell1"."<b>User name:</td>";
|
|
$replytable.="$tccell2"."</center><INPUT TYPE=TEXT NAME=\"username\" SIZE=25 MAXLENGTH=25></td><tr>";
|
|
$replytable.="$tccell1"."<b>Password:</td>";
|
|
$replytable.="$tccell2"."</center><INPUT TYPE=PASSWORD NAME=\"password\" SIZE=13 MAXLENGTH=13></td><tr>";
|
|
} else {
|
|
$replytable.="$tccell1"."<b>Alternate login</td>";
|
|
$replytable.="$tccell2"."</center><s>Use an alternate login</s> -- Coming soon!</td><tr>";
|
|
}
|
|
|
|
$replytable.="$tccell1"."<b>Reply:</td>";
|
|
$replytable.="$tccell2"."</center><TEXTAREA NAME=\"message\" ROWS=20 COLS=60 WRAP=VIRTUAL>$quotemsg</TEXTAREA></td><tr>";
|
|
$replytable.="$tccell1"." </td>";
|
|
$replytable.="$tccell2"."</center>
|
|
<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"postreply\">
|
|
<INPUT TYPE=HIDDEN NAME=\"fid\" VALUE=\"$fid\">
|
|
<INPUT TYPE=Submit NAME=\"submit\" VALUE=\"Submit reply\">
|
|
<INPUT TYPE=Submit NAME=\"preview\" VALUE=\"Preview reply\"></td></FORM>";
|
|
print "$replytable
|
|
</td>
|
|
</table></table><br>"; print "
|
|
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
|
|
";
|
|
$postlist="$tccellha width=150$tccellhb"."User</font></td>";
|
|
$postlist.="$tccellh"."Post</td><tr>";
|
|
$p="-1";
|
|
while($post = mysqli_fetch_array($posts)){
|
|
$userpost=mysqli_fetch_array(mysqli_query($con,"SELECT users.*, posts.* FROM users INNER JOIN posts ON users.id = posts.user AND posts.id=$post[id]")) or die('error');
|
|
if ($post[thread]==$_GET[id]) {
|
|
$totalposts=mysqli_num_rows(mysqli_query($con,"SELECT * FROM posts WHERE thread=$_GET[id]"));
|
|
|
|
|
|
if ($totalposts>0) {
|
|
$postlist.="<tr>";
|
|
}
|
|
$p++;
|
|
$bg=$tablebg1;
|
|
if ($p % 2 == 0) {
|
|
$bg=$tablebg2;
|
|
}
|
|
|
|
|
|
|
|
$tcellbg="<td bgcolor=$bg valign=top";
|
|
|
|
$postdate=date("m-d-y h:i A",$post[date]+$tzoff);
|
|
$postlist.="$tcellbg>$fonttagg<a href=profile.php?id=$userpost[user]>$userpost[name]</a>$smallfont<br>";
|
|
$postlist.="Posts: $userpost[posts]</td>";
|
|
$postlist.="$tcellbg>$fonttag$post[text]</td>";
|
|
}
|
|
$i--;
|
|
}
|
|
print "$postlist
|
|
</table>
|
|
</td>
|
|
</table>
|
|
$fonttag<a href=index.php>$boardname</a> - <a href=forum.php?id=$forums[id]>$forums[title]</a> - $threads[title]
|
|
";
|
|
}
|
|
|
|
}
|
|
if ($_POST[action]=="postreply") {
|
|
print "
|
|
$tblstart
|
|
";
|
|
|
|
if(!$_POST[message]){
|
|
print "$tccell1"."You left your post blank!";
|
|
print "<br>Click <a href=thread.php?id=$_POST[fid]>here</a> to return to the thread.";
|
|
print $footer;
|
|
die();
|
|
|
|
|
|
|
|
}
|
|
|
|
$users0=mysqli_query($con,"SELECT id,password,name FROM users");
|
|
|
|
|
|
if($loguserid) {
|
|
$userid=$loguserid;
|
|
$username=$users[name];
|
|
|
|
} else {
|
|
$userid=-1;
|
|
while($users1=mysqli_fetch_array($users0)){
|
|
if ($users1[2]==$_POST[username] and password_verify($_POST[password],$users1[1])) {
|
|
$userid = $users1[0];
|
|
$username=$_POST[username];
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
|
|
if ($userid!=-1) {
|
|
if (!$loguserid) $username=$_POST[username];
|
|
$s=0;
|
|
$message=str_replace("\x22",""",$_POST[message]);
|
|
$message=str_replace("")",""<b></b>)",$message);
|
|
$message=str_replace("src="","src=\"",$message);
|
|
// $msg=$message;
|
|
$message=str_replace(""","\x22",$message);
|
|
/*
|
|
if ($users[$userid][5]!="") {
|
|
$msg.="<br><br>--------------------<br>".$users[$userid][5];
|
|
}
|
|
*/
|
|
$s=0;
|
|
while ($smilies[$s][0]!="") {
|
|
$smilie=$smilies[$s];
|
|
$smile=$smilie[0];
|
|
eval ("\$message=str_replace(\"$smile\",\"<img src=$smilie[1]>\",\$message);");
|
|
$s++;
|
|
}
|
|
$message=str_replace("
|
|
","<br>",$message);
|
|
|
|
if ($_POST[submit]!="") {
|
|
$date=time();
|
|
$message1=mysqli_real_escape_string($con,$message);
|
|
mysqli_query($con,"UPDATE users SET posts = posts + 1, lastposttime = $date WHERE id = $userid") or die(mysqli_error($con));
|
|
mysqli_query($con,"INSERT INTO `posts` (`thread`, `user`, `date`, `ip`, `text`) VALUES ('$_POST[fid]', '$userid', '$date', '$userip', '$message1')") or die(mysql_error());
|
|
mysqli_query($con,"UPDATE threads SET lastpostdate = $date WHERE id = $_POST[fid]") or die(mysqli_error($con));
|
|
|
|
print "$tccell1"."Thank you, ".$username.", for submitting your post.";
|
|
print "<br>Click <a href=thread.php?id=$_POST[fid]>here</a> to go to the thread.
|
|
<!-- <META HTTP-EQUIV=\"REFRESH\" CONTENT=\"0; URL=thread.php?id=$t\"> --!>
|
|
</table></td></table>
|
|
";
|
|
|
|
|
|
} else {
|
|
|
|
print "
|
|
<FORM ACTION=\"newreply.php\" NAME=\"REPLIER\" METHOD=\"POST\">
|
|
$tccell1 This is a preview of your post.</td><tr>
|
|
$tccell2</center>".$message."</td></table></td></table>
|
|
<br>
|
|
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
|
|
|
|
$tccell1 <b>Post:</td>
|
|
$tccell2 </center><TEXTAREA NAME=\"message\" VALUE=\"$message\" ROWS=20 COLS=60 WRAP=VIRTUAL>".str_replace("<br>","
|
|
",$message)."</TEXTAREA></td><tr>";
|
|
|
|
if (!$loguserid) {
|
|
print "<INPUT TYPE=HIDDEN NAME=\"password\" VALUE=\"$_POST[password]\">
|
|
<INPUT TYPE=HIDDEN NAME=\"username\" VALUE=\"$_POST[username]\">";
|
|
}
|
|
print "<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"postreply\">
|
|
<INPUT TYPE=HIDDEN NAME=\"fid\" VALUE=\"$_POST[fid]\">
|
|
<INPUT TYPE=HIDDEN NAME=\"iconid\" VALUE=\"$_POST[iconid]\">
|
|
<tr>
|
|
$tccell1
|
|
$tccell2 </center><INPUT TYPE=Submit NAME=\"submit\" VALUE=\"Submit reply\">
|
|
<INPUT TYPE=Submit NAME=\"preview\" VALUE=\"Preview reply\"></td></FORM>
|
|
</table></td></table>"; }
|
|
} else {
|
|
print "$tccell1"."Couldn't enter the post. Either you didn't enter an existing username, ";
|
|
print "or you haven't entered the right password for the username.";
|
|
print "<br>Click <a href=thread.php?id=$id>here</a> to return to the thread, or wait to get redirected.";
|
|
}
|
|
}
|
|
print $footer;
|
|
|
|
?>
|