1 <?php
if (!isset($_GET['board']))
3 echo "Invalid boardID.";
6 if (!isset($_GET['topic']))
8 echo "Invalid topicID.";
11 include ("config.php");
12 function clancheck($bdnum, $username)
14 $sql = "SELECT * FROM users WHERE username='$username'";
15 $result = mysql_query($sql);
16 $myrow = mysql_fetch_array($result);
17 $clan2 = $myrow["faction"];
18 $sql = "SELECT * FROM boards WHERE boardid='$bdnum'";
19 $result = mysql_query($sql);
20 $myrow = mysql_fetch_array($result);
21 if ($clan2 == $myrow["clan"])
29 function check2($board)
31 $sql = "SELECT * FROM boards WHERE boardid='$board'";
32 $result = mysql_query($sql);
33 $myrow = mysql_fetch_array($result);
34 return $myrow["boardlevel"];
36 function check($topic)
38 $sql = "SELECT * FROM topics WHERE topicid='$topic'";
39 $result = mysql_query($sql);
40 if (!mysql_num_rows($result))
48 function getlevel($username)
50 $sql = "SELECT * FROM users WHERE username='$username'";
51 $result = mysql_query($sql);
52 $myrow = mysql_fetch_array($result);
53 return $myrow["level"];
59 echo "You cannot view this page.";
64 if (isset($_POST['submit']))
66 $message = trim($_POST['message']);
70 <table cellpadding
="2" cellspacing
="2" border
="0" width
="100%">
73 <td valign
="Top" bgcolor
=<?php
echo $systemnotcolor ?
> >
74 <div align
="Center"><font color
="#ffffff"><b
>Please enter your message
</b
></font
></div
>
78 <td valign
="Top" bgcolor
=<?php
echo $titlecolor ?
> >
79 <div align
="Center"><b
><font color
="#ffffff">Your Message
</font
></b
><br
>
85 <table cellpadding
="0" cellspacing
="0" border
="0" width
="100%">
88 <td valign
="Top" width
="10%"><font color
=black
>Message
:<br
>
91 <form method
="Post" action
="postmes.php?board=<?php echo $_GET['board'] ?> &topic=<?php echo $_GET['topic'] ?> "><textarea cols
="60" rows
="20" name
="message" wrap
="virtual"></textarea
><br
>
100 <select name
=previewornot
>
101 <option value
=preview selected
>Preview
</option
>
102 <option value
=post
>Post
</option
>
104 <input type
="submit" value
="Post Message" name
="submit"><input type
="reset" value
="Reset" name
="reset"></form
><br
>
111 if (strcmp($_POST['previewornot'], "preview") == 0)
113 $message = ereg_replace("\n", "<br>", $message);
114 $message = stripslashes($message);
115 echo "<table width=100%><tr><td bgcolor="
117 ."><font face=arial><b>From: </b> | <b>Posted:</b> | ";
118 echo "</td></tr><tr><td bgcolor="
120 ."><font face=arial>"
122 ."</font></td></tr></table>\n";
123 $message = ereg_replace("<br>", "\n", $message);
126 <form method
=post action
=postmes
.php?board
=<?php
echo $_GET['board'] ?
> &topic
=<?php
echo $_GET['topic'] ?
> >
127 <input type
=hidden name
=previewornot value
=post
>
128 <input type
=hidden name
=message value
="<?php echo htmlspecialchars($message) ?> ">
129 <input type
=hidden name
=slasheseh value
="strip">
130 <input type
=submit name
=submit value
="Post this Message"></form
><br
>
132 <table cellpadding
="2" cellspacing
="2" border
="0" width
="100%">
135 <td valign
="Top" bgcolor
=<?php
echo $titlecolor ?
> >
136 <div align
="Center"><b
><font color
="#ffffff">Your Message
</font
></b
><br
>
142 <table cellpadding
="0" cellspacing
="0" border
="0" width
="100%">
145 <td valign
="Top" width
="10%"><font color
=black
>Message
:<br
>
149 <form method
="Post" action
="postmes.php?board=<?php echo $_GET['board'] ?> &topic=<?php echo $_GET['topic'] ?> "><textarea cols
="60" rows
="20" name
="message" wrap
="virtual"><?php
echo $message ?
> </textarea
><br
>
157 <select name
=previewornot
>
158 <option value
=preview selected
>Preview
</option
>
159 <option value
=post
>Post
</option
>
161 <input type
="submit" value
="Post Message" name
="submit"><input type
="reset" value
="Reset" name
="reset">
170 if (strcmp("post", $_POST['previewornot']) == 0)
173 "SELECT * FROM messages WHERE topic='{$_GET['topic']}' ORDER BY theorder DESC";
174 $result = mysql_query($sql);
175 $exist = check($_GET['topic']);
176 $bodbod = addslashes($message);
177 $boardlevel = check2($_GET['board']);
178 $uselevel = getlevel($uname);
181 echo "<font color=black>Invalid topic.";
184 if ($boardlevel > $uselevel)
186 echo "<font color=black>You cannot post here.";
190 while ($myrow = mysql_fetch_array($result))
195 $stuff = $myrow["theorder"];
198 $sql = "SELECT * FROM topics WHERE topicid='{$_GET['topic']}'";
199 $result = mysql_query($sql);
200 $myrow = mysql_fetch_array($result);
201 if ($myrow["closed"] == 1)
203 echo "<font color=black>Topic is marked closed.";
206 $sql = "SELECT * FROM boards WHERE boardid='{$_GET['board']}'";
207 $result = mysql_query($sql);
208 $myrow = mysql_fetch_array($result);
209 $clanvalue = $myrow["clan"];
210 $clan = clancheck($_GET['board'], $uname);
211 if ($clanvalue != 0 AND $uselevel != 60)
215 echo "<font color=black>You cannot view this board.";
220 $bodbod = addslashes($message);
222 $bodbod = htmlspecialchars($bodbod);
223 $bodbod = ereg_replace("\n", "<br>", $bodbod);
224 $bodbod = ereg_replace("<i>", "<i>", $bodbod);
225 $bodbod = ereg_replace("</i>", "</i>", $bodbod);
226 $bodbod = ereg_replace("<b>", "<b>", $bodbod);
227 $bodbod = ereg_replace("</b>", "</b>", $bodbod);
228 $bodbod = ereg_replace("<B>", "<b>", $bodbod);
229 $bodbod = ereg_replace("</B>", "</b>", $bodbod);
230 $bodbod = ereg_replace("<I>", "<i>", $bodbod);
231 $bodbod = ereg_replace("</I>", "</i>", $bodbod);
232 $sql = "SELECT * FROM users WHERE username='$uname'";
233 $result = mysql_query($sql);
234 $myrow = mysql_fetch_array($result);
235 $usename = $myrow["username"];
236 /* if ($myrow["level"]==15)
238 if ($myrow["poststoday"]<50)
240 $postst=$myrow["poststoday"]+1;
241 $sql="UPDATE users SET poststoday='$postst' WHERE username='$uname'";
242 $result=mysql_query($sql);
244 if ($myrow["level"]==15)
246 if ($myrow["poststoday"]==50)
248 echo "You have posted 50 messages already.";
253 "SELECT * FROM messages WHERE messbody='$bodbod' AND messby='$usename' AND topic='{$_GET['topic']}'";
254 $result = mysql_query($sql);
255 if (mysql_num_rows($result) >= 1)
257 echo "<font color=black>You have posted an identical message in this topic.";
261 $datedate = date("n/j/Y H:i");
263 "UPDATE topics SET timesec='$timetime' WHERE topicid='{$_GET['topic']}'";
264 $result = mysql_query($sql);
266 "UPDATE topics SET postdate='$datedate' WHERE topicid='{$_GET['topic']}'";
267 $result = mysql_query($sql);
268 $datedate = date("n/j/Y h:i:s A");
270 "INSERT INTO messages (topic,messby,messsec,messbody,mesboard,theorder,postdate) VALUES ('{$_GET['topic']}','$usename','$timetime','$bodbod','{$_GET['board']}','$stuff','$datedate')";
271 $result = mysql_query($sql);
273 $datedate = date("n/j/y H:i:s");
275 "UPDATE users SET lastactivity='$datedate' WHERE username='$uname'";
276 $result = mysql_query($sql);
277 echo "<font color=black>Your message has been posted. Go to your <a href=messagelist.php?board="
281 ."><font color=blue>message</font></a>.\n";
287 <table cellpadding
="2" cellspacing
="2" border
="0" width
="100%">
290 <td valign
="Top" bgcolor
=<?php
echo $titlecolor ?
> >
291 <div align
="Center"><b
><font color
="#ffffff">Your Message
</font
></b
><br
>
297 <table cellpadding
="0" cellspacing
="0" border
="0" width
="100%">
300 <td valign
="Top" width
="10%"><font color
=black
>Message
:<br
>
303 <form method
="Post" action
="postmes.php?board=<?php echo $_GET['board'] ?>&topic=<?php echo $_GET['topic'] ?> "><textarea cols
="60" rows
="20" name
="message" wrap
="virtual"></textarea
><br
>
311 <select name
=previewornot
>
312 <option value
=preview
>Preview
</option
>
313 <option value
=post selected
>Post
</option
>
315 <input type
="submit" value
="Post Message" name
="submit"><input type
="reset" value
="Reset" name
="reset">
322 <br
><font color
=black
>Enabled tags
. <
;b
>
;<
;/b
>
; <
;i
>
;<
;/i
>
;