nincollin
/
AcmlmboardZero
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
This repository has been archived on 2023-09-19. You can view files and clone it, but cannot push or open issues or pull requests.
AcmlmboardZero/newreply.php

206 lines
7.5 KiB
PHP
Raw Permalink Blame History

<?php
require("function.php");
require("layout.php");
$fid = $_GET['id'];
if(!$_GET[id]) $fid=$_POST[fid];
$threads=mysqli_fetch_array(mysqli_query($con,"SELECT * FROM threads WHERE id = $fid"));
$forums=mysqli_fetch_array(mysqli_query($con,"SELECT * FROM forums WHERE id = $threads[forum]"));
$users=mysqli_fetch_array(mysqli_query($con,"SELECT * FROM users WHERE id = $loguserid"));
$posts=mysqli_query($con,"SELECT * FROM posts WHERE thread = $_GET[id] ORDER BY date DESC");
$smilies=readsmilies();
$tccellha="<td bgcolor=$tableheadbg";
$tccellhb="><center>$fonthead";
$ppp=20;
if ($logpassword!="") {
$ppp=$users[postsperpage];
if ($ppp==0) { $ppp=20; }
}
print "$header<br>";
if ($_POST[action]=="" and $threads[id]>-1) {
print "$fonttag<a href=index.php>$boardname</a> - <a href=forum.php?id=$forums[id]>".$forums[title]."</a> - ".$threads[title]."
<table border=0 bgcolor=$tableborder width=$tablewidth align=center cellpadding=0 cellspacing=0>
<td>
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>";
if ($action=="" and $forums[id]>-1 and $_GET[id]>-1 and $threads[closed]!=1) {
print "
<FORM ACTION=\"newreply.php\" NAME=\"REPLIER\" METHOD=\"POST\">
";
$quotemsg="";
if ($_GET[postid]!="") {
$quotepost=mysqli_fetch_array(mysqli_query($con,"SELECT id,text,user FROM posts WHERE id = $_GET[postid]"));
$quoteuser=mysqli_fetch_array(mysqli_query($con,"SELECT id,name FROM users WHERE id=$quotepost[user]"));
$quotemsg=$smallfont."<i>Originally posted by ".$quoteuser[name]."</i></font><hr>".$quotepost[text]."<hr>";
}
$replytable="$tccellha width=150$tccellhb"."&nbsp;</font></td>";
$replytable.="$tccellh"."&nbsp;</td><tr>";
if (!$loguserid) {
$replytable.="$tccell1"."<b>User name:</td>";
$replytable.="$tccell2"."</center><INPUT TYPE=TEXT NAME=\"username\" SIZE=25 MAXLENGTH=25></td><tr>";
$replytable.="$tccell1"."<b>Password:</td>";
$replytable.="$tccell2"."</center><INPUT TYPE=PASSWORD NAME=\"password\" SIZE=13 MAXLENGTH=13></td><tr>";
} else {
$replytable.="$tccell1"."<b>Alternate login</td>";
$replytable.="$tccell2"."</center><s>Use an alternate login</s> -- Coming soon!</td><tr>";
}
$replytable.="$tccell1"."<b>Reply:</td>";
$replytable.="$tccell2"."</center><TEXTAREA NAME=\"message\" ROWS=20 COLS=60 WRAP=VIRTUAL>$quotemsg</TEXTAREA></td><tr>";
$replytable.="$tccell1"."&nbsp;</td>";
$replytable.="$tccell2"."</center>
<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"postreply\">
<INPUT TYPE=HIDDEN NAME=\"fid\" VALUE=\"$fid\">
<INPUT TYPE=Submit NAME=\"submit\" VALUE=\"Submit reply\">
<INPUT TYPE=Submit NAME=\"preview\" VALUE=\"Preview reply\"></td></FORM>";
print "$replytable
</td>
</table></table><br>"; print "
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
";
$postlist="$tccellha width=150$tccellhb"."User</font></td>";
$postlist.="$tccellh"."Post</td><tr>";
$p="-1";
while($post = mysqli_fetch_array($posts)){
$userpost=mysqli_fetch_array(mysqli_query($con,"SELECT users.*, posts.* FROM users INNER JOIN posts ON users.id = posts.user AND posts.id=$post[id]")) or die('error');
if ($post[thread]==$_GET[id]) {
$totalposts=mysqli_num_rows(mysqli_query($con,"SELECT * FROM posts WHERE thread=$_GET[id]"));
if ($totalposts>0) {
$postlist.="<tr>";
}
$p++;
$bg=$tablebg1;
if ($p % 2 == 0) {
$bg=$tablebg2;
}
$tcellbg="<td bgcolor=$bg valign=top";
$postdate=date("m-d-y h:i A",$post[date]+$tzoff);
$postlist.="$tcellbg>$fonttagg<a href=profile.php?id=$userpost[user]>$userpost[name]</a>$smallfont<br>";
$postlist.="Posts: $userpost[posts]</td>";
$postlist.="$tcellbg>$fonttag$post[text]</td>";
}
$i--;
}
print "$postlist
</table>
</td>
</table>
$fonttag<a href=index.php>$boardname</a> - <a href=forum.php?id=$forums[id]>$forums[title]</a> - $threads[title]
";
}
}
if ($_POST[action]=="postreply") {
print "
$tblstart
";
if(!$_POST[message]){
print "$tccell1"."You left your post blank!";
print "<br>Click <a href=thread.php?id=$_POST[fid]>here</a> to return to the thread.";
print $footer;
die();
}
$users0=mysqli_query($con,"SELECT id,password,name FROM users");
if($loguserid) {
$userid=$loguserid;
$username=$users[name];
} else {
$userid=-1;
while($users1=mysqli_fetch_array($users0)){
if ($users1[2]==$_POST[username] and password_verify($_POST[password],$users1[1])) {
$userid = $users1[0];
$username=$_POST[username];
}
}
}
if ($userid!=-1) {
if (!$loguserid) $username=$_POST[username];
$s=0;
$message=str_replace("\x22","&quot;",$_POST[message]);
$message=str_replace("&quot;)","&quot;<b></b>)",$message);
$message=str_replace("src=&quot;","src=\"",$message);
// $msg=$message;
$message=str_replace("&quot;","\x22",$message);
/*
if ($users[$userid][5]!="") {
$msg.="<br><br>--------------------<br>".$users[$userid][5];
}
*/
$s=0;
while ($smilies[$s][0]!="") {
$smilie=$smilies[$s];
$smile=$smilie[0];
eval ("\$message=str_replace(\"$smile\",\"<img src=$smilie[1]>\",\$message);");
$s++;
}
$message=str_replace("
","<br>",$message);
if ($_POST[submit]!="") {
$date=time();
$message1=mysqli_real_escape_string($con,$message);
mysqli_query($con,"UPDATE users SET posts = posts + 1, lastposttime = $date WHERE id = $userid") or die(mysqli_error($con));
mysqli_query($con,"INSERT INTO `posts` (`thread`, `user`, `date`, `ip`, `text`) VALUES ('$_POST[fid]', '$userid', '$date', '$userip', '$message1')") or die(mysql_error());
mysqli_query($con,"UPDATE threads SET lastpostdate = $date WHERE id = $_POST[fid]") or die(mysqli_error($con));
print "$tccell1"."Thank you, ".$username.", for submitting your post.";
print "<br>Click <a href=thread.php?id=$_POST[fid]>here</a> to go to the thread.
<!-- <META HTTP-EQUIV=\"REFRESH\" CONTENT=\"0; URL=thread.php?id=$t\"> --!>
</table></td></table>
";
} else {
print "
<FORM ACTION=\"newreply.php\" NAME=\"REPLIER\" METHOD=\"POST\">
$tccell1 This is a preview of your post.</td><tr>
$tccell2</center>".$message."</td></table></td></table>
<br>
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
$tccell1 <b>Post:</td>
$tccell2 </center><TEXTAREA NAME=\"message\" VALUE=\"$message\" ROWS=20 COLS=60 WRAP=VIRTUAL>".str_replace("<br>","
",$message)."</TEXTAREA></td><tr>";
if (!$loguserid) {
print "<INPUT TYPE=HIDDEN NAME=\"password\" VALUE=\"$_POST[password]\">
<INPUT TYPE=HIDDEN NAME=\"username\" VALUE=\"$_POST[username]\">";
}
print "<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"postreply\">
<INPUT TYPE=HIDDEN NAME=\"fid\" VALUE=\"$_POST[fid]\">
<INPUT TYPE=HIDDEN NAME=\"iconid\" VALUE=\"$_POST[iconid]\">
<tr>
$tccell1 &nbsp;
$tccell2 </center><INPUT TYPE=Submit NAME=\"submit\" VALUE=\"Submit reply\">
<INPUT TYPE=Submit NAME=\"preview\" VALUE=\"Preview reply\"></td></FORM>
</table></td></table>"; }
} else {
print "$tccell1"."Couldn't enter the post. Either you didn't enter an existing username, ";
print "or you haven't entered the right password for the username.";
print "<br>Click <a href=thread.php?id=$id>here</a> to return to the thread, or wait to get redirected.";
}
}
print $footer;
?>
Reference in New Issue View Git Blame Copy Permalink