search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
0.8.1a
[gfh.git] / postmes.php
blobacebcbcca85b313a5d09d97c70aee23c523b5aa2
1 <?php if (!isset($_GET['board']))
2 {
3 echo "Invalid boardID.";
4 exit;
5 }
6 if (!isset($_GET['topic']))
7 {
8 echo "Invalid topicID.";
9 exit;
10 }
11 include ("config.php");
12 function clancheck($bdnum, $username)
13 {
14 $sql = "SELECT * FROM users WHERE username='$username'";
15 $result = mysql_query($sql);
16 $myrow = mysql_fetch_array($result);
17 $clan2 = $myrow["faction"];
18 $sql = "SELECT * FROM boards WHERE boardid='$bdnum'";
19 $result = mysql_query($sql);
20 $myrow = mysql_fetch_array($result);
21 if ($clan2 == $myrow["clan"])
22 {
23 return 1;
24 } else
25 {
26 return 0;
27 }
28 }
29 function check2($board)
30 {
31 $sql = "SELECT * FROM boards WHERE boardid='$board'";
32 $result = mysql_query($sql);
33 $myrow = mysql_fetch_array($result);
34 return $myrow["boardlevel"];
35 }
36 function check($topic)
37 {
38 $sql = "SELECT * FROM topics WHERE topicid='$topic'";
39 $result = mysql_query($sql);
40 if (!mysql_num_rows($result))
41 {
42 return 0;
43 } else
44 {
45 return 1;
46 }
47 }
48 function getlevel($username)
49 {
50 $sql = "SELECT * FROM users WHERE username='$username'";
51 $result = mysql_query($sql);
52 $myrow = mysql_fetch_array($result);
53 return $myrow["level"];
54 }
55
56 $username = auth();
57 if (!$username)
58 {
59 echo "You cannot view this page.";
60 exit;
61 }
62 if ($username)
63 {
64 if (isset($_POST['submit']))
65 {
66 $message = trim($_POST['message']);
67 if (!$message)
68 {
69 ?>
70 <table cellpadding="2" cellspacing="2" border="0" width="100%">
71 <tbody>
72 <tr>
73 <td valign="Top" bgcolor=<?php echo $systemnotcolor ?> >
74 <div align="Center"><font color="#ffffff"><b>Please enter your message</b></font></div>
75 </td>
76 </tr>
77 <tr>
78 <td valign="Top" bgcolor=<?php echo $titlecolor ?> >
79 <div align="Center"><b><font color="#ffffff">Your Message</font></b><br>
80 </div>
81 </td>
82 </tr>
83 <tr>
84 <td valign="Top">
85 <table cellpadding="0" cellspacing="0" border="0" width="100%">
86 <tbody>
87 <tr>
88 <td valign="Top" width="10%"><font color=black>Message:<br>
89 </td>
90 <td valign="Top">
91 <form method="Post" action="postmes.php?board=<?php echo $_GET['board'] ?> &topic=<?php echo $_GET['topic'] ?> "><textarea cols="60" rows="20" name="message" wrap="virtual"></textarea><br>
92 </td>
93 </tr>
94 </tbody>
95 </table>
96 </td>
97 </tr>
98 <tr>
99 <td valign="Top">
100 <select name=previewornot>
101 <option value=preview selected>Preview</option>
102 <option value=post>Post</option>
103 </select>
104 <input type="submit" value="Post Message" name="submit"><input type="reset" value="Reset" name="reset"></form><br>
105 </td>
106 </tr>
107 </tbody><br>
108 </table>
109 <?php } else
110 {
111 if (strcmp($_POST['previewornot'], "preview") == 0)
112 {
113 $message = ereg_replace("\n", "<br>", $message);
114 $message = stripslashes($message);
115 echo "<table width=100%><tr><td bgcolor="
116 .$secondcolor
117 ."><font face=arial><b>From: </b> | <b>Posted:</b> | ";
118 echo "</td></tr><tr><td bgcolor="
119 .$firstcolor
120 ."><font face=arial>"
121 .$message
122 ."</font></td></tr></table>\n";
123 $message = ereg_replace("<br>", "\n", $message);
124 ?>
125 <br><br><center>
126 <form method=post action=postmes.php?board=<?php echo $_GET['board'] ?> &topic=<?php echo $_GET['topic'] ?> >
127 <input type=hidden name=previewornot value=post>
128 <input type=hidden name=message value="<?php echo htmlspecialchars($message) ?> ">
129 <input type=hidden name=slasheseh value="strip">
130 <input type=submit name=submit value="Post this Message"></form><br>
131 ?>
132 <table cellpadding="2" cellspacing="2" border="0" width="100%">
133 <tbody>
134 <tr>
135 <td valign="Top" bgcolor=<?php echo $titlecolor ?> >
136 <div align="Center"><b><font color="#ffffff">Your Message</font></b><br>
137 </div>
138 </td>
139 </tr>
140 <tr>
141 <td valign="Top">
142 <table cellpadding="0" cellspacing="0" border="0" width="100%">
143 <tbody>
144 <tr>
145 <td valign="Top" width="10%"><font color=black>Message:<br>
146 </td>
147
148 <td valign="Top">
149 <form method="Post" action="postmes.php?board=<?php echo $_GET['board'] ?> &topic=<?php echo $_GET['topic'] ?> "><textarea cols="60" rows="20" name="message" wrap="virtual"><?php echo $message ?> </textarea><br>
150 </td>
151 </tr>
152 </tbody>
153 </table>
154 </td>
155 <tr>
156 <td valign="Top">
157 <select name=previewornot>
158 <option value=preview selected>Preview</option>
159 <option value=post>Post</option>
160 </select>
161 <input type="submit" value="Post Message" name="submit"><input type="reset" value="Reset" name="reset">
162 </form><br>
163 </td>
164 </tr>
165 </tr>
166 </tbody><br>
167 </table>
168 <?php exit;
169 }
170 if (strcmp("post", $_POST['previewornot']) == 0)
171 {
172 $sql =
173 "SELECT * FROM messages WHERE topic='{$_GET['topic']}' ORDER BY theorder DESC";
174 $result = mysql_query($sql);
175 $exist = check($_GET['topic']);
176 $bodbod = addslashes($message);
177 $boardlevel = check2($_GET['board']);
178 $uselevel = getlevel($uname);
179 if ($exist == 0)
180 {
181 echo "<font color=black>Invalid topic.";
182 exit;
183 }
184 if ($boardlevel > $uselevel)
185 {
186 echo "<font color=black>You cannot post here.";
187 exit;
188 }
189 $count = 0;
190 while ($myrow = mysql_fetch_array($result))
191 {
192 if ($count == 0)
193 {
194 $count = $count +1;
195 $stuff = $myrow["theorder"];
196 }
197 }
198 $sql = "SELECT * FROM topics WHERE topicid='{$_GET['topic']}'";
199 $result = mysql_query($sql);
200 $myrow = mysql_fetch_array($result);
201 if ($myrow["closed"] == 1)
202 {
203 echo "<font color=black>Topic is marked closed.";
204 exit;
205 }
206 $sql = "SELECT * FROM boards WHERE boardid='{$_GET['board']}'";
207 $result = mysql_query($sql);
208 $myrow = mysql_fetch_array($result);
209 $clanvalue = $myrow["clan"];
210 $clan = clancheck($_GET['board'], $uname);
211 if ($clanvalue != 0 AND $uselevel != 60)
212 {
213 if ($clan == 0)
214 {
215 echo "<font color=black>You cannot view this board.";
216 exit;
217 }
218 }
219 $stuff = $stuff +1;
220 $bodbod = addslashes($message);
221 if ($uselevel < 60)
222 $bodbod = htmlspecialchars($bodbod);
223 $bodbod = ereg_replace("\n", "<br>", $bodbod);
224 $bodbod = ereg_replace("&lt;i&gt;", "<i>", $bodbod);
225 $bodbod = ereg_replace("&lt;/i&gt;", "</i>", $bodbod);
226 $bodbod = ereg_replace("&lt;b&gt;", "<b>", $bodbod);
227 $bodbod = ereg_replace("&lt;/b&gt;", "</b>", $bodbod);
228 $bodbod = ereg_replace("&lt;B&gt;", "<b>", $bodbod);
229 $bodbod = ereg_replace("&lt;/B&gt;", "</b>", $bodbod);
230 $bodbod = ereg_replace("&lt;I&gt;", "<i>", $bodbod);
231 $bodbod = ereg_replace("&lt;/I&gt;", "</i>", $bodbod);
232 $sql = "SELECT * FROM users WHERE username='$uname'";
233 $result = mysql_query($sql);
234 $myrow = mysql_fetch_array($result);
235 $usename = $myrow["username"];
236 /* if ($myrow["level"]==15)
237 {
238 if ($myrow["poststoday"]<50)
239 {
240 $postst=$myrow["poststoday"]+1;
241 $sql="UPDATE users SET poststoday='$postst' WHERE username='$uname'";
242 $result=mysql_query($sql);
243 }}
244 if ($myrow["level"]==15)
245 {
246 if ($myrow["poststoday"]==50)
247 {
248 echo "You have posted 50 messages already.";
249 exit;
250 }}
251 */
252 $sql =
253 "SELECT * FROM messages WHERE messbody='$bodbod' AND messby='$usename' AND topic='{$_GET['topic']}'";
254 $result = mysql_query($sql);
255 if (mysql_num_rows($result) >= 1)
256 {
257 echo "<font color=black>You have posted an identical message in this topic.";
258 exit;
259 }
260 $timetime = time();
261 $datedate = date("n/j/Y H:i");
262 $sql =
263 "UPDATE topics SET timesec='$timetime' WHERE topicid='{$_GET['topic']}'";
264 $result = mysql_query($sql);
265 $sql =
266 "UPDATE topics SET postdate='$datedate' WHERE topicid='{$_GET['topic']}'";
267 $result = mysql_query($sql);
268 $datedate = date("n/j/Y h:i:s A");
269 $sql =
270 "INSERT INTO messages (topic,messby,messsec,messbody,mesboard,theorder,postdate) VALUES ('{$_GET['topic']}','$usename','$timetime','$bodbod','{$_GET['board']}','$stuff','$datedate')";
271 $result = mysql_query($sql);
272 echo mysql_error();
273 $datedate = date("n/j/y H:i:s");
274 $sql =
275 "UPDATE users SET lastactivity='$datedate' WHERE username='$uname'";
276 $result = mysql_query($sql);
277 echo "<font color=black>Your message has been posted. Go to your <a href=messagelist.php?board="
278 .$_GET['board']
279 ."&topic="
280 .$_GET['topic']
281 ."><font color=blue>message</font></a>.\n";
282 }
283 }
284 } else
285 {
286 ?>
287 <table cellpadding="2" cellspacing="2" border="0" width="100%">
288 <tbody>
289 <tr>
290 <td valign="Top" bgcolor=<?php echo $titlecolor ?> >
291 <div align="Center"><b><font color="#ffffff">Your Message</font></b><br>
292 </div>
293 </td>
294 </tr>
295 <tr>
296 <td valign="Top">
297 <table cellpadding="0" cellspacing="0" border="0" width="100%">
298 <tbody>
299 <tr>
300 <td valign="Top" width="10%"><font color=black>Message:<br>
301 </td>
302 <td valign="Top">
303 <form method="Post" action="postmes.php?board=<?php echo $_GET['board'] ?>&topic=<?php echo $_GET['topic'] ?> "><textarea cols="60" rows="20" name="message" wrap="virtual"></textarea><br>
304 </td>
305 </tr>
306 </tbody>
307 </table>
308 </td>
309 <tr>
310 <td valign="Top">
311 <select name=previewornot>
312 <option value=preview>Preview</option>
313 <option value=post selected>Post</option>
314 </select>
315 <input type="submit" value="Post Message" name="submit"><input type="reset" value="Reset" name="reset">
316 </form><br>
317 </td>
318 </tr>
319 </tr>
320 </tbody><br>
321 </table>
322 <br><font color=black>Enabled tags. &lt;b&gt;&lt;/b&gt; &lt;i&gt;&lt;/i&gt;
323 <?php }
324 }
325 ?>
asdsad