Code: Select all
<?php
if(!$_SESSION['uid']){
header("Location: index.php");
}
$actz = $_GET['act2'];
$actzz = array('reply','topic','admin','delete');
if($actz){
$admin = isa($_SESSION['uid']);
if($actz == 'admin'){
if($admin){
//
}else {
echo "You are not an administrator, so you cannot view this page!";
}
}
if($actz == 'reply'){
$id = mss($_GET['id']);
if($id){
$sql = "SELECT * FROM `alabama_forum_replies` WHERE `id`='".$id."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) == 0){
echo "This topic doesn't exist, so therefore you cannot edit it!";
}else {
$row = mysql_fetch_assoc($res);
$user_id = $row['uid'];
if($user_id == $_SESSION['uid'] || $admin == 1){
if(!$_POST['submit']){
echo "<form method=\"post\" action=\"index.php?act=mod&act2=reply&id=".$id."\">\n";
echo "<table border=\"0\" width=\"100%\" cellspacing=\"3\" cellpadding=\"3\">\n";
echo "<tr><td class=\"forum_header\" align=\"center\"><textarea style=\"width:90%;height:200px\" name=\"reply\">".htmlentities($row['message'])."</textarea></td></tr>\n";
echo "<tr><td class=\"forum_header\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"Submit Edited Comment\"></td></tr>\n";
echo "</table></form>\n";
}else {
$reply = mss($_POST['reply']);
if($reply){
$r = range(10,10000);
if(in_array(strlen($reply),$r)){
$sql2 = "UPDATE `alabama_forum_replies` SET `message`='".$reply."', `edit_time`='".time()."' WHERE `id`='".$id."'";
$res2 = mysql_query($sql2) or die(mysql_error());
header("Location: index.php?act=topic&id=".$row['tid']."");
}else {
echo "Your reply must be between 10 and 10,000 characters in length!\n";
}
}
}
}else {
echo "This is not your reply to edit!";
}
}
}
}
if ($actz == 'deletereply'){
$id = mss($_GET['id']);
if($id){
$sql = "DELETE * FROM `alabama_forum_replies` WHERE `id`='".$id."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows == 0){
echo "This topic doesn't exist";
}else {
$row = mysql_fetch_assoc($res);
$user_id = $row['uid'];
if(user_id == $_SESSION['uid'] || $admin == 1){
if(!$_POST[submit]){
echo "<form method=\"post\" action=\"index.php?act=delete&act2=deletereply&id=".$id."\>\n";
echo "<table border=\"0\" width=\"100%\" cellspacing=\"3\" cellpadding=\"3\">\n";
echo "<tr><td class=\"forum_header\" align=\"center\"><textarea style=\"width:90%;height:200px\" name=\"deletethis\">".htmlentities($row['message'])."</textarea></td></tr>\n";
echo "<tr><td class=\"forum_header\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"Delete Comment\"></td></tr>\n";
echo "</table></form>\n";
}else{
}
}else{
echo "This is not your reply to edit";
}
}
}
}
if($actz == 'topic'){
}
}else {
header("Location: index.php");
}Code: Select all
<?php
$id = mss($_GET['id']);
$page = (!$_GET['page'] || $_GET['page'] < 0) ? "1" : $_GET['page'];
$page = ceil($page);
$limit = 10;
$start = $limit;
$end = $page*$limit-($limit);
if($id){
$sql = "SELECT * FROM `alabama_forum_topics` WHERE `id`='".$id."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) == 0){
echo "This topic does not exist!";
}else {
$row = mysql_fetch_assoc($res);
$sql2 = "SELECT admin FROM `alabama_forum_sub_cats` WHERE `id`='".$row['cid']."'";
$res2 = mysql_query($sql2) or die(mysql_error());
$row2 = mysql_fetch_assoc($res2);
if($row2['admin'] == 1 && $admin_user_level == 0){
echo "You cannot view this topic!";
}else {
$a = (isa($row['uid'])) ? "<font style=\"color:#800000;\">ADMIN</font>" : "";
echo "<table border=\"0\" width=\"100%\" cellspacing=\"3\" cellpadding=\"3\">\n";
echo "<tr><td colspan=\"2\" align=\"left\" class=\"forum_header\"><b>".$row['title']."</b> - Posted On: <em>".$row['date']."</em></td></tr>\n";
echo "<tr><td align=\"left\" width=\"15%\" valign=\"top\" class=\"forum_header\">".uid($row['uid'], true)."<br>Post Count: ".post($row['uid'])."<br>".$a."</td>";
echo "<td align=\"left\" valign=\"top\" class=\"forum_header\">\n";
echo topic($row['message']);
echo "</td>\n";
echo "</tr>\n";
$amount_check = "SELECT * FROM `alabama_forum_replies` WHERE `tid`='".$id."'";
$amount_check_res = mysql_query($amount_check) or die(mysql_error());
$amount_count = mysql_num_rows($amount_check_res);
$pages = ceil($amount_count/$limit);
$previous = ($page-1 <= 0) ? "« Prev" : "<a href=\"./index.php?act=topic&id=".$id."&page=".($page-1)."\">« Prev</a>";
$nextpage = ($page+1 > $pages) ? "Next »" : "<a href=\"./index.php?act=topic&id=".$id."&page=".($page+1)."\">Next »</a>";
echo "<tr><td align=\"right\" colspan=\"2\" class=\"forum_header\">\n";
echo "Pages: ";
echo $previous;
for($i=1;$i<=$pages;$i++){
$href = ($page == $i) ? " ".$i." " : " <a href=\"./index.php?act=topic&id=".$id."&page=".$i."\">".$i."</a> ";
echo $href;
}
echo $nextpage;
echo "</td></tr>\n";
$select_sql = "SELECT * FROM `alabama_forum_replies` WHERE `tid`='".$id."' ORDER BY id ASC LIMIT ".$end.",".$start."";
$select_res = mysql_query($select_sql) or die(mysql_error());
echo "</table>\n";
echo "<table border=\"0\" width=\"100%\" cellspacing=\"3\" cellpadding=\"3\" class=\"reply\">\n";
while($rowr = mysql_fetch_assoc($select_res)){
$b = (isa($rowr['uid'])) ? "<font style=\"color:#800000;\">ADMIN</font>" : "";
echo "<tr><td colspan=\"2\" align=\"left\" class=\"forum_header\">Posted On: <em>".$rowr['date']."</em></td></tr>\n";
echo "<tr><td align=\"left\" width=\"15%\" valign=\"top\" class=\"forum_header\">".uid($rowr['uid'], true)."<br>Post Count: ".post($rowr['uid'])."<br>".$b."</td>";
echo "<td align=\"left\" valign=\"top\" class=\"forum_header\">\n";
echo topic($rowr['message']);
if($rowr['edit_time'] > 0){
echo "<tr><td colspan=\"2\" align=\"right\"><em>Last Edit: ".date("M d, Y",$rowr['edit_time']) . " at " . date("h:i:s",$rowr['edit_time'])."</em></td></tr>\n";
}
$adminz = isa($_SESSION['uid']);
if($adminz == 1 || $rowr['uid'] == $_SESSION['uid']){
echo "<tr><td align=\"left\" colspan=\"2\"><a href=\"index.php?act=mod&act2=reply&id=".$rowr['id']."\">Edit This Reply</a></td></tr>\n";
}
if($adminz == 1 || $rowr['uid'] == $_SESSION['uid']){
echo "<tr><td align=\"left\" colspan=\"2\"><a href=\"index.php?act=delete&act2=deletereply&id=".$rowr['id']."\">Delete This Reply</a></td></tr>\n";
}
echo "</td>\n";
echo "</tr>\n";
}
echo "<form method=\"post\" action=\"./index.php?act=reply&id=".$row['id']."\">\n";
echo "<tr><td colspan=\"2\" align=\"center\"><textarea style=\"width:90%\" name=\"reply\"></textarea><br><input type=\"submit\" name=\"submit\" value=\"Add Reply\" style=\"width:90%\"></td></tr>\n";
echo "</table>\n";
}
}
}else {
echo "Please view a valid topic!";
}
?>