search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Codechange: Gruppierung der Ausgabe der Benutzerliste, Tabellen mit <thead> und ...
[wmmkf.git] / posting.php
blob430d88d7fe0cf6960245a285f551ac42e416108c
1 <?php
2 ###############################################################################
3 # my little forum #
4 # Copyright (C) 2005 Alex #
5 # http://www.mylittlehomepage.net/ #
6 # #
7 # This program is free software; you can redistribute it and/or #
8 # modify it under the terms of the GNU General Public License #
9 # as published by the Free Software Foundation; either version 2 #
10 # of the License, or (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program; if not, write to the Free Software #
19 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #
20 ###############################################################################
21
22 include_once("inc.php");
23 include_once("functions/include.prepare.php");
24
25
26 if (empty($_SESSION[$settings['session_prefix'].'user_id'])
27 && $settings['captcha_posting'] == 1)
28 {
29 require('captcha/captcha.php');
30 $captcha = new captcha();
31 }
32
33 # category is given from the form via POST
34 if (isset($_POST['category'])) $category = intval($_POST['category']);
35 if (isset($_POST['p_category'])) $p_category = intval($_POST['p_category']);
36
37 # look for banned user:
38 if (isset($_SESSION[$settings['session_prefix'].'user_id']))
39 {
40 $lockQuery = "SELECT user_lock
41 FROM ". $db_settings['userdata_table'] ."
42 WHERE user_id = '". intval($_SESSION[$settings['session_prefix'].'user_id']) ."'
43 LIMIT 1";
44 $lock_result = mysql_query($lockQuery, $connid);
45 if (!$lock_result) die($lang['db_error']);
46 $lock_result_array = mysql_fetch_assoc($lock_result);
47 mysql_free_result($lock_result);
48
49 if ($lock_result_array['user_lock'] > 0)
50 {
51 header("location: ". $settings['forum_address'] ."user.php");
52 die('<a href="user.php">further...</a>');
53 }
54 } # End: if (isset($_SESSION[$settings['session_prefix'].'user_id']))
55
56 if (isset($_GET['lock'])
57 and isset($_SESSION[$settings['session_prefix'].'user_id'])
58 and ($_SESSION[$settings['session_prefix']."user_type"] == "admin"
59 or $_SESSION[$settings['session_prefix']."user_type"] == "mod"))
60 {
61 $lockQuery = "SELECT
62 tid,
63 locked
64 FROM ". $db_settings['forum_table'] ."
65 WHERE id = ". intval($_GET['id']) ."
66 LIMIT 1";
67 $lock_result = mysql_query($lockQuery, $connid);
68 if (!$lock_result) die($lang['db_error']);
69 $field = mysql_fetch_assoc($lock_result);
70 mysql_free_result($lock_result);
71
72 $locker = ($field['locked']==0) ? 1 : 0;
73 $relockQuery = "UPDATE ". $db_settings['forum_table'] ." SET
74 time = time,
75 last_answer = last_answer,
76 edited = edited,
77 locked = '". $locker ."'
78 WHERE tid = ". intval($field['tid']);
79 @mysql_query($relockQuery, $connid);
80 if (!empty($_SESSION[$settings['session_prefix'].'curr_view'])
81 and in_array($_SESSION[$settings['session_prefix'].'curr_view'], $possViews))
82 {
83 if ($_SESSION[$settings['session_prefix'].'curr_view'] == 'thread')
84 {
85 $header_href = 'forum_entry.php?id='. intval($_GET['id']);
86 }
87 else
88 {
89 $header_href = $_SESSION[$settings['session_prefix'].'curr_view'] .'_entry.php?id='. $field['tid'];
90 }
91 }
92 else if (!empty($_SESSION[$settings['session_prefix'].'user_view'])
93 and in_array($_SESSION[$settings['session_prefix'].'user_view'], $possViews))
94 {
95 if ($_SESSION[$settings['session_prefix'].'user_view'] == 'thread')
96 {
97 $header_href = 'forum_entry.php?id='. intval($_GET['id']);
98 }
99 else
100 {
101 $header_href = $_SESSION[$settings['session_prefix'].'user_view'] .'_entry.php?id='. $field['tid'];
102 }
103 }
104 else
105 {
106 if ($setting['standard'] == 'thread')
107 {
108 $header_href = 'forum.php';
109 }
110 else
111 {
112 $header_href = $setting['standard'] .'.php';
113 }
114 }
115 header('location: '.$settings['forum_address'].$header_href);
116 } # if (isset($_GET['lock']) ...)
117
118
119 if (isset($_GET['fix'])
120 and isset($_SESSION[$settings['session_prefix'].'user_id'])
121 and ($_SESSION[$settings['session_prefix']."user_type"] == "admin"
122 or $_SESSION[$settings['session_prefix']."user_type"] == "mod"))
123 {
124 $fixQuery = "SELECT
125 tid,
126 fixed
127 FROM ". $db_settings['forum_table'] ."
128 WHERE id = ". intval($id) ."
129 LIMIT 1";
130 $fix_result = mysql_query($fixQuery, $connid);
131 if (!$fix_result) die($lang['db_error']);
132 $field = mysql_fetch_assoc($fix_result);
133 mysql_free_result($fix_result);
134
135 $fixer = ($field['fixed']==0) ? 1 : 0;
136 $refixQuery = "UPDATE ". $db_settings['forum_table'] ." SET
137 time = time,
138 last_answer = last_answer,
139 edited = edited,
140 fixed = '". intval($fixer) ."'
141 WHERE tid = ". intval($field['tid']);
142 @mysql_query($refixQuery, $connid);
143 if (!empty($_SESSION[$settings['session_prefix'].'curr_view'])
144 and in_array($_SESSION[$settings['session_prefix'].'curr_view'], $possViews))
145 {
146 if ($_SESSION[$settings['session_prefix'].'curr_view'] == 'thread')
147 {
148 $header_href = 'forum_entry.php?id='. intval($_GET['id']);
149 }
150 else
151 {
152 $header_href = $_SESSION[$settings['session_prefix'].'curr_view'] .'_entry.php?id='. $field['tid'];
153 }
154 }
155 else if (!empty($_SESSION[$settings['session_prefix'].'user_view'])
156 and in_array($_SESSION[$settings['session_prefix'].'user_view'], $possViews))
157 {
158 if ($_SESSION[$settings['session_prefix'].'user_view'] == 'thread')
159 {
160 $header_href = 'forum_entry.php?id='. intval($_GET['id']);
161 }
162 else
163 {
164 $header_href = $_SESSION[$settings['session_prefix'].'user_view'] .'_entry.php?id='. $field['tid'];
165 }
166 }
167 else
168 {
169 if ($setting['standard'] == 'thread')
170 {
171 $header_href = 'forum.php';
172 }
173 else
174 {
175 $header_href = $setting['standard'] .'.php';
176 }
177 }
178 header('location: '.$settings['forum_address'].$header_href);
179 } # if (isset($_GET['fix']) ...)
180
181
182 if (isset($_GET['subscribe'])
183 and isset($_SESSION[$settings['session_prefix'].'user_id'])
184 and isset($_GET['back']))
185 {
186 if ($_GET['subscribe'] == 'true')
187 {
188 $querySubscribe = "INSERT INTO ". $db_settings['usersubscripts_table'] ." SET
189 user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id']) .",
190 tid = ". intval($_GET['back']) ."
191 ON DUPLICATE KEY UPDATE
192 user_id = user_id,
193 tid = tid";
194 $queryUnsubscribePost = "UPDATE ". $db_settings['forum_table'] ." SET
195 email_notify = 0
196 WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id']) ."
197 AND tid = ". intval($_GET['id']);
198 }
199 else if ($_GET['subscribe'] == 'false')
200 {
201 $subscriptThread = processSearchThreadSubscriptions($_GET['back'], $_SESSION[$settings['session_prefix'].'user_id']);
202 if (($subscriptThread !== false
203 and is_array($subscriptThread))
204 and ($subscriptThread['user_id'] == $_SESSION[$settings['session_prefix'].'user_id']
205 and $subscriptThread['tid'] == $_GET['back']))
206 {
207 $querySubscribe = "DELETE FROM ". $db_settings['usersubscripts_table'] ."
208 WHERE tid = ". intval($_GET['back']) ."
209 AND user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id']) ."
210 LIMIT 1";
211 }
212 }
213 if (!empty($querySubscribe)) @mysql_query($querySubscribe, $connid);
214 if (!empty($queryUnsubscribePost)) @mysql_query($queryUnsubscribePost, $connid);
215 if (!empty($_SESSION[$settings['session_prefix'].'curr_view'])
216 and in_array($_SESSION[$settings['session_prefix'].'curr_view'], $possViews))
217 {
218 if ($_SESSION[$settings['session_prefix'].'curr_view'] == 'thread')
219 {
220 $header_href = 'forum_entry.php?id='. intval($_GET['id']);
221 }
222 else
223 {
224 $header_href = $_SESSION[$settings['session_prefix'].'curr_view'] .'_entry.php?id='. intval($_GET['back']);
225 }
226 }
227 else if (!empty($_SESSION[$settings['session_prefix'].'user_view'])
228 and in_array($_SESSION[$settings['session_prefix'].'user_view'], $possViews))
229 {
230 if ($_SESSION[$settings['session_prefix'].'user_view'] == 'thread')
231 {
232 $header_href = 'forum_entry.php?id='. intval($_GET['id']);
233 }
234 else
235 {
236 $header_href = $_SESSION[$settings['session_prefix'].'user_view'] .'_entry.php?id='. intval($_GET['back']);
237 }
238 }
239 else
240 {
241 if ($setting['standard'] == 'thread')
242 {
243 $header_href = 'forum.php';
244 }
245 else
246 {
247 $header_href = $setting['standard'] .'.php';
248 }
249 }
250 header('location: '.$settings['forum_address'].$header_href);
251 } # if (isset($_GET['subscribe'] ...)
252
253
254 if (($settings['access_for_users_only'] == 1
255 && isset($_SESSION[$settings['session_prefix'].'user_name']))
256 || $settings['access_for_users_only'] != 1)
257 {
258 if (($settings['entries_by_users_only'] == 1
259 && isset($_SESSION[$settings['session_prefix'].'user_name']))
260 || $settings['entries_by_users_only'] != 1)
261 {
262 $categories = get_categories();
263 if ($categories == "not accessible")
264 {
265 header('location: '.$settings['forum_address'].'index.php');
266 die('<a href="index.php">further...</a>');
267 }
268
269 # delete array for error messages
270 unset($errors);
271 unset($Thread);
272 if (empty($descasc)) $descasc = "DESC";
273 # safety: forbid editing of postings
274 $edit_authorization = 0;
275 # safety: forbid deletion of postings
276 $delete_authorization = 0;
277
278 if (empty($action)) $action = "new";
279
280 # Falls editiert oder gelöscht werden soll, schauen, ob der User dazu berechtigt ist:
281 if ($action == "edit"
282 || $action == "delete"
283 || $action == "delete ok")
284 {
285 $userIdQuery = "SELECT user_id
286 FROM ". $db_settings['forum_table'] ."
287 WHERE id = ". intval($id) ."
288 LIMIT 1";
289 $user_id_result = mysql_query($userIdQuery, $connid);
290 if (!$user_id_result) die($lang['db_error']);
291 $result_array = mysql_fetch_assoc($user_id_result);
292 mysql_free_result($user_id_result);
293
294 $userTypeQuery = "SELECT user_type
295 FROM ". $db_settings['userdata_table'] ."
296 WHERE user_id = ". intval($result_array["user_id"]) ."
297 LIMIT 1";
298 $user_type_result = mysql_query($userTypeQuery, $connid);
299 if (!$user_type_result) die($lang['db_error']);
300 $user_result_array = mysql_fetch_array($user_type_result);
301 mysql_free_result($user_type_result);
302
303 # ist da jemand bekanntes?
304 if (isset($_SESSION[$settings['session_prefix'].'user_id']))
305 {
306 # Admin darf alles:
307 if ($_SESSION[$settings['session_prefix'].'user_type'] == "admin")
308 {
309 $edit_authorization = 1;
310 $delete_authorization = 1;
311 }
312 # Moderator darf alles außer Postings von Admins editieren/löschen:
313 else if ($_SESSION[$settings['session_prefix'].'user_type'] == "mod")
314 {
315 if ($user_result_array["user_type"] != "admin")
316 {
317 $edit_authorization = 1;
318 $delete_authorization = 1;
319 }
320 }
321 # User darf (falls aktiviert) nur seine eigenen Postings editieren/löschen:
322 else if ($_SESSION[$settings['session_prefix'].'user_type'] == "user")
323 {
324 # Schauen, ob es sich um einen eigenen Eintrag handelt:
325 if ($result_array["user_id"] == $_SESSION[$settings['session_prefix'].'user_id'])
326 {
327 if ($settings['user_edit'] == 1) $edit_authorization = 1;
328 if ($settings['user_delete'] == 1) $delete_authorization = 1;
329 }
330 }
331 }
332 } # Ende Überprüfung der Berechtigung
333
334 # wenn das Formular noch nicht abgeschickt wurde:
335 if (empty($form))
336 {
337 switch ($action)
338 {
339 case "new":
340 # Cookies mit Userdaten einlesen, falls es sich um einen
341 # nicht angemeldeten User handelt und Cookies vorhanden sind:
342 if (!isset($_SESSION[$settings['session_prefix'].'user_id']))
343 {
344 if (isset($_COOKIE['user_name']))
345 {
346 $name = $_COOKIE['user_name']; $setcookie = 1;
347 }
348 if (isset($_COOKIE['user_email']))
349 {
350 $email = $_COOKIE['user_email'];
351 }
352 if (isset($_COOKIE['user_hp']))
353 {
354 $hp = $_COOKIE['user_hp'];
355 }
356 if (isset($_COOKIE['user_place']))
357 {
358 $place = $_COOKIE['user_place'];
359 }
360 }
361 $id = (!isset($id) or $id < 0) ? 0 : (int)$id;
362
363 if (empty($show_signature))
364 {
365 $show_signature = 1;
366 }
367
368 # if message is a reply:
369 if ($id != 0)
370 {
371 $messageQuery = "SELECT
372 tid,
373 pid,
374 name,
375 subject,
376 category,
377 text,
378 locked
379 FROM ". $db_settings['forum_table'] ."
380 WHERE id = ". intval($id);
381 $result = mysql_query($messageQuery, $connid);
382 if (!$result) die($lang['db_error']);
383 $field = mysql_fetch_assoc($result);
384 if (mysql_num_rows($result) != 1)
385 {
386 $id = 0;
387 }
388 else
389 {
390 $thema = $field["tid"];
391 $subject = $field["subject"];
392 $p_category = $field["category"];
393 $text = $field["text"];
394 $aname = $field["name"];
395 $text = $text;
396 # Zitatzeichen an den Anfang jeder Zeile stellen:
397 $text = preg_replace("/^/m", $settings['quote_symbol']." ", $text);
398 }
399 mysql_free_result($result);
400
401 if ($field['locked'] > 0
402 && (empty($_SESSION[$settings['session_prefix'].'user_type'])
403 || (isset($_SESSION[$settings['session_prefix'].'user_type'])
404 && $_SESSION[$settings['session_prefix'].'user_type'] != 'admin'
405 && $_SESSION[$settings['session_prefix'].'user_type'] != 'mod')))
406 {
407 $show = "no authorization";
408 $reason = $lang['thread_locked_error'];
409 }
410 else
411 {
412 $show = "form";
413 }
414 }
415 else
416 {
417 $show = "form";
418 }
419 break;
420
421 case "edit":
422 if ($edit_authorization == 1)
423 {
424 # fetch data of message which should be edited:
425 $editQuery = "SELECT
426 tid,
427 pid,
428 user_id,
429 name,
430 email,
431 hp,
432 place,
433 subject,
434 category,
435 text,
436 email_notify,
437 show_signature,
438 locked,
439 fixed,
440 UNIX_TIMESTAMP(time) AS time,
441 UNIX_TIMESTAMP(NOW() - INTERVAL ". $settings['edit_period'] ." MINUTE) AS edit_diff
442 FROM ". $db_settings['forum_table'] ."
443 WHERE id = ". intval($id);
444 $edit_result = mysql_query($editQuery, $connid);
445 if (!$edit_result) die($lang['db_error']);
446 $field = mysql_fetch_assoc($edit_result);
447 mysql_free_result($edit_result);
448
449 $thema = $field["tid"];
450 $tid = $field["tid"];
451 $pid = $field["pid"];
452 $p_user_id = $field["user_id"];
453 $name = $field["name"];
454 $aname = $field["name"];
455 $email = $field["email"];
456 $hp = $field["hp"];
457 $place = $field["place"];
458 $subject = $field["subject"];
459 $p_category = $field["category"];
460 $text = $field["text"];
461 $email_notify = $field["email_notify"];
462 $show_signature = $field["show_signature"];
463 $fixed = $field["fixed"];
464 if ($field['locked'] > 0 &&
465 (empty($_SESSION[$settings['session_prefix'].'user_type'])
466 || (isset($_SESSION[$settings['session_prefix'].'user_type'])
467 && $_SESSION[$settings['session_prefix'].'user_type'] != 'admin'
468 && $_SESSION[$settings['session_prefix'].'user_type'] != 'mod')))
469 {
470 $show = "no authorization";
471 $reason = $lang['thread_locked_error'];
472 }
473 else if ($settings['edit_period'] > 0
474 && $field["edit_diff"] > $field["time"]
475 && (empty($_SESSION[$settings['session_prefix'].'user_type'])
476 || (isset($_SESSION[$settings['session_prefix'].'user_type'])
477 && $_SESSION[$settings['session_prefix'].'user_type'] != 'admin'
478 && $_SESSION[$settings['session_prefix'].'user_type'] != 'mod')))
479 {
480 $show = "no authorization";
481 $reason = str_replace('[minutes]',$settings['edit_period'],$lang['edit_period_over']);
482 }
483 else
484 {
485 $show = "form";
486 }
487 }
488 else
489 {
490 $show = "no authorization";
491 }
492 break;
493
494 case "delete":
495 if ($delete_authorization == 1)
496 {
497 $deleteQuery = "SELECT
498 tid,
499 pid,
500 UNIX_TIMESTAMP(time + INTERVAL ". $time_difference ." HOUR) AS tp_time,
501 name,
502 subject,
503 category
504 FROM ". $db_settings['forum_table'] ."
505 WHERE id = ". intval($id);
506 $delete_result = mysql_query($deleteQuery, $connid);
507 if(!$delete_result) die($lang['db_error']);
508 $field = mysql_fetch_assoc($delete_result);
509 $aname = $field["name"];
510 $thema = $field["tid"];
511 $show = "delete form";
512 }
513 else
514 {
515 $show = "no authorization";
516 }
517 break;
518
519 case "delete ok":
520 if ($delete_authorization == 1)
521 {
522 $postingIdQuery = "SELECT pid
523 FROM ". $db_settings['forum_table'] ."
524 WHERE id = ". intval($id);
525 $pid_result = mysql_query($postingIdQuery,$connid);
526 if (!$pid_result) die($lang['db_error']);
527 $feld = mysql_fetch_assoc($pid_result);
528
529 if ($feld["pid"] == 0)
530 {
531 $deleteThreadQuery = "DELETE FROM ". $db_settings['forum_table'] ."
532 WHERE tid = ". intval($id);
533 $delete_result = mysql_query($deleteThreadQuery, $connid);
534 }
535 else
536 {
537 $allLastAnswersQuery = "SELECT
538 tid,
539 time,
540 last_answer
541 FROM ". $db_settings['forum_table'] ."
542 WHERE id = ". intval($id);
543 $last_answer_result = mysql_query($allLastAnswersQuery, $connid);
544 $field = mysql_fetch_assoc($last_answer_result);
545 mysql_free_result($last_answer_result);
546
547 # if message is newest in topic:
548 if ($field['time'] == $field['last_answer'])
549 {
550 # search last answer and actualise "last_answer":
551 $lastAnswerQuery = "SELECT
552 time
553 FROM ". $db_settings['forum_table'] ."
554 WHERE tid = ". intval($field['tid']) ."
555 AND time < '". $field['time'] ."'
556 ORDER BY time DESC
557 LIMIT 1";
558 $last_answer_result = mysql_query($lastAnswerQuery, $connid);
559 $field2 = mysql_fetch_assoc($last_answer_result);
560 mysql_free_result($last_answer_result);
561 $updateLastAnswerQuery = "UPDATE ". $db_settings['forum_table'] ." SET
562 time = time,
563 last_answer = '". $field2['time'] ."'
564 WHERE tid = ". intval($field['tid']);
565 $update_result = mysql_query($updateLastAnswerQuery, $connid);
566 }
567 # delete message:
568 $deleteMessageQuery = "DELETE FROM ". $db_settings['forum_table'] ."
569 WHERE id = ". intval($id);
570 $delete_result = mysql_query($deleteMessageQuery,$connid);
571 } # if ($feld["pid"] == 0) else
572 if (!empty($_SESSION[$settings['session_prefix'].'curr_view'])
573 and in_array($_SESSION[$settings['session_prefix'].'curr_view'], $possViews))
574 {
575 if ($_SESSION[$settings['session_prefix'].'curr_view'] == 'thread')
576 {
577 $header_href = 'forum.php';
578 }
579 else
580 {
581 $header_href = $_SESSION[$settings['session_prefix'].'curr_view'] .'.php';
582 }
583 }
584 else if (!empty($_SESSION[$settings['session_prefix'].'user_view'])
585 and in_array($_SESSION[$settings['session_prefix'].'user_view'], $possViews))
586 {
587 if ($_SESSION[$settings['session_prefix'].'user_view'] == 'thread')
588 {
589 $header_href = 'forum.php';
590 }
591 else
592 {
593 $header_href = $_SESSION[$settings['session_prefix'].'user_view'] .'.php';
594 }
595 }
596 else
597 {
598 if ($setting['standard'] == 'thread')
599 {
600 $header_href = 'forum.php';
601 }
602 else
603 {
604 $header_href = $setting['standard'] .'.php';
605 }
606 }
607 header('location: '.$settings['forum_address'].$header_href);
608 die('<a href="'.$header_href.$qs.'">further...</a>');
609 }
610 else
611 {
612 $show = "no authorization";
613 }
614 break;
615 }
616 } #if (empty($form))
617
618 # form submitted:
619 else if (isset($form))
620 {
621 $fixed = (empty($_POST['fixed'])) ? 0 : $_POST['fixed'];
622 switch ($action)
623 {
624 case "new":
625 # is it a registered user?
626 if (isset($_SESSION[$settings['session_prefix'].'user_id']))
627 {
628 $user_id = $_SESSION[$settings['session_prefix'].'user_id'];
629 $name = $_SESSION[$settings['session_prefix'].'user_name'];
630 }
631
632 # if the posting is an answer, search the thread-ID:
633 if ($id != 0)
634 {
635 $threadIdQuery = "SELECT
636 tid,
637 locked
638 FROM ". $db_settings['forum_table'] ."
639 WHERE id = ". intval($id);
640 $tid_result = mysql_query($threadIdQuery, $connid);
641 if (!$tid_result) die($lang['db_error']);
642
643 if (mysql_num_rows($tid_result) != 1)
644 {
645 die($lang['db_error']);
646 }
647 else
648 {
649 $field = mysql_fetch_assoc($tid_result);
650 $Thread = $field['tid'];
651 if ($field['locked'] > 0)
652 {
653 unset($action);
654 $show = "no authorization";
655 $reason = $lang['thread_locked_error'];
656 }
657 }
658 mysql_free_result($tid_result);
659 }
660 else if ($id == 0)
661 {
662 $Thread = 0;
663 }
664 break;
665
666 case "edit";
667 # fetch missing data from database:
668 $postingQuery = "SELECT
669 name,
670 locked,
671 UNIX_TIMESTAMP(time) AS time,
672 UNIX_TIMESTAMP(NOW() - INTERVAL ". $settings['edit_period'] ." MINUTE) AS edit_diff
673 FROM ". $db_settings['forum_table'] ."
674 WHERE id = ". intval($id);
675 $edit_result = mysql_query($postingQuery, $connid);
676 if (!$edit_result) die($lang['db_error']);
677 $field = mysql_fetch_assoc($edit_result);
678 mysql_free_result($edit_result);
679 if (empty($name))
680 {
681 $name = $field["name"];
682 }
683 break;
684 }
685
686 # trim and complete data:
687 $email = empty($email) ? "" : $email;
688 $hp = empty($hp) ? "" : $hp;
689 $place = empty($place) ? "" : $place;
690 $show_signature = empty($show_signature) ? 0 : $show_signature;
691 $user_id = empty($user_id) ? 0 : $user_id;
692 $email_notify = empty($email_notify) ? 0 : $email_notify;
693 $p_category = empty($p_category) ? 0 : $p_category;
694 if (isset($name)) $name = trim($name);
695 if (isset($subject)) $subject = trim($subject);
696 if (isset($text)) $text = trim($text);
697 if (isset($email)) $email = trim($email);
698 if (isset($hp)) $hp = trim($hp);
699 if (isset($place)) $place = trim($place);
700 # end trim and complete data
701
702 # check data:
703 # double entry?
704 $uniqueIdQuery = "SELECT COUNT(*)
705 FROM ". $db_settings['forum_table'] ."
706 WHERE uniqid = '". $uniqid ."'
707 AND time > NOW()-10000";
708 $uniqid_result = mysql_query($uniqueIdQuery, $connid);
709 list($uniqid_count) = mysql_fetch_row($uniqid_result);
710 mysql_free_result($uniqid_result);
711 if ($uniqid_count > 0)
712 {
713 header("location: ".$settings['forum_address']."index.php");
714 die('<a href="index.php">further...</a>');
715 }
716
717 # check for not accepted words:
718 $badWordQuery = "SELECT list
719 FROM ". $db_settings['banlists_table'] ."
720 WHERE name = 'words'
721 LIMIT 1";
722 $result = mysql_query($badWordQuery, $connid);
723 if (!$result) die($lang['db_error']);
724 $data = mysql_fetch_assoc($result);
725 mysql_free_result($result);
726
727 if (trim($data['list']) != '')
728 {
729 $not_accepted_words = explode(',', trim($data['list']));
730 foreach ($not_accepted_words as $not_accepted_word)
731 {
732 if ($not_accepted_word!=''
733 && (preg_match("/".$not_accepted_word."/i",$name)
734 || preg_match("/".$not_accepted_word."/i",$text)
735 || preg_match("/".$not_accepted_word."/i",$subject)
736 || preg_match("/".$not_accepted_word."/i",$email)
737 || preg_match("/".$not_accepted_word."/i",$hp)
738 || preg_match("/".$not_accepted_word."/i",$place)))
739 {
740 $errors[] = $lang['error_not_accepted_word'] ." »". mb_strtoupper($not_accepted_word) ."«";
741 break;
742 }
743 }
744 }
745
746 if (!isset($name) || $name == "")
747 {
748 $errors[] = $lang['error_no_name'];
749 }
750 # name reserved?
751 if (!isset($_SESSION[$settings['session_prefix'].'user_id']))
752 {
753 $reservedUsernameQuery = "SELECT user_name
754 FROM ". $db_settings['userdata_table'] ."
755 WHERE user_name = '". mysql_real_escape_string($name) ."'";
756 $result = mysql_query($reservedUsernameQuery,$connid);
757 if (!$result) die($lang['db_error']);
758 $field = mysql_fetch_assoc($result);
759 mysql_free_result($result);
760
761 if ($name != ""
762 and mb_strtolower($field["user_name"]) == mb_strtolower($name))
763 {
764 $lang['error_name_reserved'] = str_replace("[name]", htmlspecialchars($name), $lang['error_name_reserved']);
765 $errors[] = $lang['error_name_reserved'];
766 }
767 }
768 # check the given email address for format name@domain.tld
769 if (!empty($email)
770 and !preg_match($validator['email'], $email))
771 {
772 $errors[] = $lang['error_email_wrong'];
773 }
774 # if (!empty($hp) and !preg_match("[hier fehlt noch die Reg-Ex]", $hp))
775 # $errors[] = $lang['error_hp_wrong'];
776 if (($email == ""
777 && isset($email_notify)
778 && $email_notify == 1
779 && !isset($_SESSION[$settings['session_prefix'].'user_id']))
780 || ($email == ""
781 && isset($email_notify)
782 && $email_notify == 1
783 && isset($p_user_id)
784 && $p_user_id == 0))
785 {
786 $errors[] = $lang['error_no_email_to_notify'];
787 }
788 if (empty($subject))
789 {
790 $errors[] = $lang['error_no_subject'];
791 }
792 if (empty($settings['empty_postings_possible'])
793 || (isset($settings['empty_postings_possible'])
794 && $settings['empty_postings_possible'] != 1))
795 {
796 if (empty($text))
797 {
798 $errors[] = $lang['error_no_text'];
799 }
800 }
801 if (mb_strlen($name) > $settings['name_maxlength'])
802 {
803 $errors[] = $lang['name_marking']." ".$lang['error_input_too_long'];
804 }
805 if (mb_strlen($email) > $settings['email_maxlength'])
806 {
807 $errors[] = $lang['email_marking']." ".$lang['error_input_too_long'];
808 }
809 if (mb_strlen($hp) > $settings['hp_maxlength'])
810 {
811 $errors[] = $lang['hp_marking'] . " " .$lang['error_input_too_long'];
812 }
813 if (mb_strlen($place) > $settings['place_maxlength'])
814 {
815 $errors[] = $lang['place_marking'] . " " .$lang['error_input_too_long'];
816 }
817 if (mb_strlen($subject) > $settings['subject_maxlength'])
818 {
819 $errors[] = $lang['subject_marking'] . " " .$lang['error_input_too_long'];
820 }
821 if (mb_strlen($text) > $settings['text_maxlength'])
822 {
823 $lang['error_text_too_long'] = str_replace("[length]", mb_strlen($text), $lang['error_text_too_long']);
824 $lang['error_text_too_long'] = str_replace("[maxlength]", $settings['text_maxlength'], $lang['error_text_too_long']);
825 $errors[] = $lang['error_text_too_long'];
826 }
827 $nameLength = processCountCharsInWords($name, $settings['name_word_maxlength'], $lang['error_name_word_too_long']);
828 if (!empty($nameLength)
829 and is_array($nameLength))
830 {
831 foreach ($nameLength as $message)
832 {
833 $errors[] = $message;
834 }
835 }
836 $placeLength = processCountCharsInWords($place, $settings['place_word_maxlength'], $lang['error_place_word_too_long']);
837 if (!empty($placeLength)
838 and is_array($placeLength))
839 {
840 foreach ($placeLength as $message)
841 {
842 $errors[] = $message;
843 }
844 }
845 $subjectLength = processCountCharsInWords($subject, $settings['subject_word_maxlength'], $lang['error_subject_word_too_long']);
846 if (!empty($subjectLength)
847 and is_array($subjectLength))
848 {
849 foreach ($subjectLength as $message)
850 {
851 $errors[] = $message;
852 }
853 }
854 $text_arr = str_replace("\n", " ", $text);
855 if ($settings['bbcode'] == 1)
856 {
857 $text_arr = preg_replace("#\[b\](.+?)\[/b\]#is", "\\1", $text_arr);
858 $text_arr = preg_replace("#\[i\](.+?)\[/i\]#is", "\\1", $text_arr);
859 $text_arr = preg_replace("#\[u\](.+?)\[/u\]#is", "\\1", $text_arr);
860 $text_arr = preg_replace("#\[link\](.+?)\[/link\]#is", "", $text_arr);
861 $text_arr = preg_replace("#\[link=(.+?)\](.+?)\[/link\]#is", "\\2", $text_arr);
862 $text_arr = preg_replace("#\[url\](.+?)\[/url\]#is", "", $text_arr);
863 $text_arr = preg_replace("#\[url=(.+?)\](.+?)\[/url\]#is", "\\2", $text_arr);
864 }
865 if ($settings['bbcode_img'] == 1
866 && $settings['bbcode_img'] == 1)
867 {
868 $text_arr = preg_replace("#\[img\](.+?)\[/img\]#is", "[img]", $text_arr);
869 $text_arr = preg_replace("#\[img-l\](.+?)\[/img\]#is", "[img] ", $text_arr);
870 $text_arr = preg_replace("#\[img-r\](.+?)\[/img\]#is", "[img]", $text_arr);
871 }
872 if ($settings['autolink'] == 1)
873 {
874 $text_arr = text_check_link($text_arr);
875 }
876 $textLength = processCountCharsInWords($text_arr, $settings['text_word_maxlength'], $lang['error_text_word_too_long']);
877 if (!empty($textLength)
878 and is_array($textLength))
879 {
880 foreach ($textLength as $message)
881 {
882 $errors[] = $message;
883 }
884 }
885
886 # CAPTCHA check:
887 if (isset($_POST['save_entry'])
888 && empty($_SESSION[$settings['session_prefix'].'user_id'])
889 && $settings['captcha_posting'] == 1)
890 {
891 if($settings['captcha_type'] == 1)
892 {
893 if ($captcha->check_captcha($_SESSION['captcha_session'],$_POST['captcha_code'])!=TRUE) $errors[] = $lang['captcha_code_invalid'];
894 }
895 else
896 {
897 if ($captcha->check_math_captcha($_SESSION['captcha_session'][2],$_POST['captcha_code'])!=TRUE) $errors[] = $lang['captcha_code_invalid'];
898 }
899 }
900 # end check data
901
902 if (empty($errors)
903 && empty($preview)
904 && isset($_POST['save_entry']))
905 {
906 switch ($action)
907 {
908 case "new":
909 $newPostingQuery = "INSERT INTO ". $db_settings['forum_table'] ." SET
910 pid = ". intval($id) .",
911 tid = ". intval($Thread) .",
912 uniqid = '". $uniqid ."',
913 time = NOW(),
914 last_answer = NOW(),
915 user_id = ". intval($user_id) .",
916 name = '". mysql_real_escape_string($name) ."',
917 subject = '". mysql_real_escape_string($subject) ."',
918 email = '". mysql_real_escape_string($email) ."',
919 hp = '". mysql_real_escape_string($hp) ."',
920 place = '". mysql_real_escape_string($place) ."',
921 ip_addr = INET_ATON('". $_SERVER["REMOTE_ADDR"] ."'),
922 text = '". mysql_real_escape_string($text) ."',
923 show_signature = ". intval($show_signature) .",
924 email_notify = ". intval($email_notify) .",
925 category = ". intval($p_category) .",
926 fixed = ". intval($fixed);
927 $result = mysql_query($newPostingQuery, $connid);
928 if (!$result) die($lang['db_error']);
929 # set the thread id for the new thread
930 if ($id == 0)
931 {
932 if (!mysql_query("UPDATE ". $db_settings['forum_table'] ." SET
933 tid = id,
934 time = time
935 WHERE id = LAST_INSERT_id()", $connid))
936 {
937 die($lang['db_error']);
938 }
939 }
940 # wann auf Thread als letztes geantwortet wurde aktualisieren (für Board-Ansicht):
941 if ($id != 0)
942 {
943 if (!mysql_query("UPDATE ".$db_settings['forum_table']." SET
944 time = time,
945 last_answer = NOW()
946 WHERE tid = ". $Thread, $connid))
947 {
948 die($lang['db_error']);
949 }
950 }
951 # letzten Eintrag ermitteln (um darauf umzuleiten):
952 $redirectQuery = "SELECT
953 tid,
954 tid AS counter,
955 pid,
956 id,
957 (SELECT COUNT(*) FROM ". $db_settings['forum_table'] ."
958 WHERE tid = counter) AS count
959 FROM ". $db_settings['forum_table'] ."
960 WHERE id = LAST_INSERT_ID()";
961 $result_neu = mysql_query($redirectQuery, $connid);
962 $neu = mysql_fetch_assoc($result_neu);
963 $ip = $_SERVER["REMOTE_ADDR"];
964 $mail_text = unbbcode($text);
965
966 # Schauen, ob eine E-Mail-Benachrichtigung versendet werden soll:
967 if ($settings['email_notification'] == 1)
968 {
969 $PostAddress = $settings['forum_address'];
970 if ($settings['standard'] == "board")
971 {
972 $PostAddress .= "board_entry.php?id=".$neu["tid"]."#p".$neu["id"];
973 }
974 else if ($settings['standard'] == "mix")
975 {
976 $PostAddress .= "mix_entry.php?id=".$neu["tid"]."#p".$neu["id"];
977 }
978 else
979 {
980 $PostAddress .= "forum_entry.php?id=".$neu["id"];
981 }
982 $emailUserQuery = "SELECT
983 user_id,
984 name,
985 email,
986 subject,
987 text,
988 email_notify
989 FROM ". $db_settings['forum_table'] ."
990 WHERE id = ". intval($id) ."
991 LIMIT 1";
992 $parent_result = mysql_query($emailUserQuery, $connid);
993 $parent = mysql_fetch_assoc($parent_result);
994 if ($parent["email_notify"] == 1)
995 {
996 # wenn das Posting von einem registrierten User stammt,
997 # E-Mail-Adresse aus den User-Daten holen:
998 if ($parent["user_id"] > 0)
999 {
1000 $emailUserIdQuery = "SELECT
1001 user_name,
1002 user_email
1003 FROM ". $db_settings['userdata_table'] ."
1004 WHERE user_id = '". intval($parent["user_id"]) ."'
1005 LIMIT 1";
1006 $email_result = mysql_query($emailUserIdQuery, $connid);
1007 if (!$email_result) die($lang['db_error']);
1008 $field = mysql_fetch_assoc($email_result);
1009 mysql_free_result($email_result);
1010
1011 $parent["name"] = $field["user_name"];
1012 $parent["email"] = $field["user_email"];
1013 }
1014 $emailbody = $lang['email_text'];
1015 $emailbody = str_replace("[recipient]", $parent["name"], $emailbody);
1016 $emailbody = str_replace("[name]", $name, $emailbody);
1017 $emailbody = str_replace("[subject]", $subject, $emailbody);
1018 $emailbody = str_replace("[text]", $mail_text, $emailbody);
1019 $emailbody = str_replace("[posting_address]", $PostAddress, $emailbody);
1020 $emailbody = str_replace("[original_subject]", $parent["subject"], $emailbody);
1021 $emailbody = str_replace("[original_text]", unbbcode($parent["text"]), $emailbody);
1022 $emailbody = str_replace("[forum_address]", $settings['forum_address'], $emailbody);
1023 $emailbody = stripslashes($emailbody);
1024 $emailbody = str_replace($settings['quote_symbol'], ">", $emailbody);
1025 $an = mb_encode_mimeheader($parent["name"],"UTF-8")." <".$parent["email"].">";
1026 $emailsubject = strip_tags($lang['email_subject']);
1027 $sent = processEmail($an, $emailsubject, $emailbody);
1028 if ($sent === true)
1029 {
1030 $sent = "ok";
1031 }
1032 unset($emailsubject);
1033 unset($emailbody);
1034 unset($an);
1035 }
1036 $threadNotifyQuery = "SELECT
1037 t1.user_name AS name,
1038 t1.user_email AS email,
1039 t2.user_id
1040 FROM ". $db_settings['userdata_table'] ." AS t1,
1041 ". $db_settings['usersubscripts_table'] ." AS t2
1042 WHERE t1.user_id = t2.user_id AND t2.tid = ". $neu['tid'];
1043 $emails_result = mysql_query($threadNotifyQuery, $connid);
1044 if (!$emails_result) die($lang['db_error']);
1045 while ($field = mysql_fetch_assoc($emails_result))
1046 {
1047 $emailbody = str_replace("[recipient]", $field["name"], $lang['email_text']);
1048 $emailbody = str_replace("[name]", $name, $emailbody);
1049 $emailbody = str_replace("[subject]", $subject, $emailbody);
1050 $emailbody = str_replace("[text]", $mail_text, $emailbody);
1051 $emailbody = str_replace("[posting_address]", $PostAddress, $emailbody);
1052 $emailbody = str_replace("[original_subject]", $parent["subject"], $emailbody);
1053 $emailbody = str_replace("[original_text]", unbbcode($parent["text"]), $emailbody);
1054 $emailbody = str_replace("[forum_address]", $settings['forum_address'], $emailbody);
1055 $emailbody = stripslashes($emailbody);
1056 $emailbody = str_replace($settings['quote_symbol'], ">", $emailbody);
1057 $an = mb_encode_mimeheader($field["name"],"UTF-8")." <".$field["email"].">";
1058 $emailsubject = strip_tags($lang['email_subject']);
1059 $sent1 = processEmail($an, $emailsubject, $emailbody);
1060 if ($sent1 === true)
1061 {
1062 $sent1 = "ok";
1063 }
1064 unset($emailsubject);
1065 unset($emailbody);
1066 unset($an);
1067 }
1068 mysql_free_result($emails_result);
1069 }
1070 # E-Mail-Benachrichtigung an Admins und Moderatoren:
1071 $emailbody = ($id > 0) ? strip_tags($lang['admin_email_text_reply']) : strip_tags($lang['admin_email_text']);
1072 $emailbody = str_replace("[name]", $name, $emailbody);
1073 $emailbody = str_replace("[subject]", $subject, $emailbody);
1074 $emailbody = str_replace("[text]", $mail_text, $emailbody);
1075 $emailbody = str_replace("[posting_address]", $PostAddress, $emailbody);
1076 $emailbody = str_replace("[forum_address]", $settings['forum_address'], $emailbody);
1077 $emailbody = str_replace($settings['quote_symbol'], ">", $emailbody);
1078 # $emailsubject = strip_tags($lang['admin_email_subject']);
1079 $emailsubject = str_replace("[subject]", $subject, $lang['admin_email_subject']);
1080 // Schauen, wer eine E-Mail-Benachrichtigung will:
1081 $en_result = mysql_query("SELECT user_name, user_email FROM ".$db_settings['userdata_table']." WHERE new_posting_notify = '1'", $connid);
1082 if (!$en_result) die($lang['db_error']);
1083 while ($admin_array = mysql_fetch_assoc($en_result))
1084 {
1085 $ind_emailbody = str_replace("[admin]", $admin_array['user_name'], $emailbody);
1086 $an = mb_encode_mimeheader($admin_array['user_name'],"UTF-8")." <".$admin_array['user_email'].">";
1087 $sent2[] = processEmail($an, $emailsubject, $ind_emailbody);
1088 unset($ind_emailbody);
1089 unset($an);
1090 }
1091 mysql_free_result($en_result);
1092
1093 # Cookies setzen, falls gewünscht und Funktion aktiv:
1094 if ($settings['remember_userdata'] == 1)
1095 {
1096 if (isset($setcookie) && $setcookie==1)
1097 {
1098 setcookie("user_name",$name,time()+(3600*24*30));
1099 setcookie("user_email",$email,time()+(3600*24*30));
1100 setcookie("user_hp",$hp,time()+(3600*24*30));
1101 setcookie("user_place",$place,time()+(3600*24*30));
1102 }
1103 }
1104
1105 # for redirect:
1106 $further_tid = $neu["tid"];
1107 $further_id = $neu["id"];
1108 $further_page = 0;
1109 if ((!empty($_SESSION[$setting['session_prefix'] .'curr_view'])
1110 and $_SESSION[$setting['session_prefix'] .'curr_view'] == 'board')
1111 or (!empty($_SESSION[$setting['session_prefix'] .'user_view'])
1112 and $_SESSION[$setting['session_prefix'] .'user_view'] == 'board')
1113 or (!empty($_COOKIE['curr_view'])
1114 and $_COOKIE['curr_view'] == 'board')
1115 or (!empty($_COOKIE['user_view'])
1116 and $_COOKIE['user_view'] == 'board'))
1117 {
1118 # there are more postings in thread than
1119 # the setting for postings per page allows
1120 if ($neu['count'] > $settings['answers_per_topic'])
1121 {
1122 $further_page = floor($neu['count']/$settings['answers_per_topic']);
1123 }
1124 }
1125 $refer = 1;
1126 break;
1127
1128 case "edit":
1129 if ($edit_authorization == 1
1130 && ($field['locked'] == 0
1131 || (isset($_SESSION[$settings['session_prefix'].'user_type'])
1132 && ($_SESSION[$settings['session_prefix'].'user_type'] == 'admin'
1133 || $_SESSION[$settings['session_prefix'].'user_type'] == 'mod'))))
1134 {
1135 if (!($settings['edit_period'] > 0
1136 && $field["edit_diff"] > $field["time"]
1137 && (empty($_SESSION[$settings['session_prefix'].'user_type'])
1138 || (isset($_SESSION[$settings['session_prefix'].'user_type'])
1139 && $_SESSION[$settings['session_prefix'].'user_type'] != 'admin'
1140 && $_SESSION[$settings['session_prefix'].'user_type'] != 'mod'))))
1141 {
1142 $editPostingQuery = "SELECT
1143 tid,
1144 tid AS counter,
1145 (SELECT COUNT(*) FROM ". $db_settings['forum_table'] ."
1146 WHERE tid = counter) AS count,
1147 name,
1148 subject,
1149 text
1150 FROM ". $db_settings['forum_table'] ."
1151 WHERE id = ". intval($id);
1152 $tid_result = mysql_query($editPostingQuery, $connid);
1153 if (!$tid_result) die($lang['db_error']);
1154 $field = mysql_fetch_assoc($tid_result);
1155 mysql_free_result($tid_result);
1156 # unnoticed editing for admins and mods:
1157 if (isset($_SESSION[$settings['session_prefix'].'user_type'])
1158 && $_SESSION[$settings['session_prefix'].'user_type'] == "admin"
1159 && $settings['dont_reg_edit_by_admin'] == 1
1160 || isset($_SESSION[$settings['session_prefix'].'user_type'])
1161 && $_SESSION[$settings['session_prefix'].'user_type'] == "mod"
1162 && $settings['dont_reg_edit_by_mod'] == 1
1163 || ($field['text'] == $text
1164 && $field['subject'] == $subject
1165 && $field['name'] == $name
1166 && isset($_SESSION[$settings['session_prefix'].'user_type'])
1167 && ($_SESSION[$settings['session_prefix'].'user_type'] == "admin"
1168 || $_SESSION[$settings['session_prefix'].'user_type'] == "mod")))
1169 {
1170 $updatePostingQuery = "UPDATE ". $db_settings['forum_table'] ." SET
1171 time = time,
1172 last_answer = last_answer,
1173 edited = edited,
1174 name = '". mysql_real_escape_string($name) ."',
1175 subject = '". mysql_real_escape_string($subject) ."',
1176 category = ". intval($p_category) .",
1177 email = '". mysql_real_escape_string($email) ."',
1178 hp = '". mysql_real_escape_string($hp) ."',
1179 place = '". mysql_real_escape_string($place) ."',
1180 text = '". mysql_real_escape_string($text) ."',
1181 email_notify = '". intval($email_notify) ."',
1182 show_signature = '". intval($show_signature) ."',
1183 fixed = ". intval($fixed) ."
1184 WHERE id = ". intval($id);
1185 }
1186 else
1187 {
1188 $updatePostingQuery = "UPDATE ". $db_settings['forum_table'] ." SET
1189 time = time,
1190 last_answer = last_answer,
1191 edited = NOW(),
1192 edited_by = '". mysql_real_escape_string($_SESSION[$settings['session_prefix']."user_name"]) ."',
1193 name = '". mysql_real_escape_string($name) ."',
1194 subject = '". mysql_real_escape_string($subject) ."',
1195 category = ". intval($p_category) .",
1196 email = '". mysql_real_escape_string($email) ."',
1197 hp = '". mysql_real_escape_string($hp) ."',
1198 place = '". mysql_real_escape_string($place) ."',
1199 text = '". mysql_real_escape_string($text) ."',
1200 email_notify = '". intval($email_notify) ."',
1201 show_signature = '". intval($show_signature) ."',
1202 fixed = ". intval($fixed) ."
1203 WHERE id = ". intval($id);
1204 }
1205 $posting_update_result = mysql_query($updatePostingQuery, $connid);
1206 $category_update_result = mysql_query("UPDATE ". $db_settings['forum_table'] ." SET
1207 time = time,
1208 last_answer = last_answer,
1209 edited = edited,
1210 category = ". intval($p_category) ."
1211 WHERE tid = '". $field["tid"] ."'", $connid);
1212
1213 if (isset($back))
1214 {
1215 $further_tid = $back;
1216 }
1217 $further_id = $id;
1218 $further_page = 0;
1219 if ((!empty($_SESSION[$setting['session_prefix'] .'curr_view'])
1220 and $_SESSION[$setting['session_prefix'] .'curr_view'] == 'board')
1221 or (!empty($_SESSION[$setting['session_prefix'] .'user_view'])
1222 and $_SESSION[$setting['session_prefix'] .'user_view'] == 'board')
1223 or (!empty($_COOKIE['curr_view'])
1224 and $_COOKIE['curr_view'] == 'board')
1225 or (!empty($_COOKIE['user_view'])
1226 and $_COOKIE['user_view'] == 'board'))
1227 {
1228 # there are more postings in thread than
1229 # the setting for postings per page allows
1230 if ($field['count'] > $settings['answers_per_topic'])
1231 {
1232 $further_page = floor($field['count']/$settings['answers_per_topic']);
1233 }
1234 }
1235 $refer = 1;
1236 }
1237 else
1238 {
1239 $show = "no authorization";
1240 $reason = str_replace('[minutes]',$settings['edit_period'],$lang['edit_period_over']);
1241 }
1242 }
1243 else
1244 {
1245 $show = "no authorization";
1246 $reason = $lang['thread_locked_error'];
1247 }
1248 break;
1249 }
1250 } # Ende "if (empty($errors) && empty($preview) && isset($_POST['save_entry']))"
1251 else
1252 {
1253 $show = "form";
1254 }
1255
1256 if (isset($refer))
1257 {
1258 $qs = '';
1259 $qsl = '';
1260 if (!empty($_SESSION[$settings['session_prefix'].'curr_view'])
1261 and in_array($_SESSION[$settings['session_prefix'].'curr_view'], $possViews))
1262 {
1263 if ($_SESSION[$settings['session_prefix'].'curr_view'] == 'thread')
1264 {
1265 $header_href = 'forum_entry.php';
1266 $further = $further_id;
1267 }
1268 else
1269 {
1270 $header_href = $_SESSION[$settings['session_prefix'].'curr_view'] .'_entry.php';
1271 $further = $further_tid;
1272 }
1273 }
1274 else if (!empty($_SESSION[$settings['session_prefix'].'user_view'])
1275 and in_array($_SESSION[$settings['session_prefix'].'user_view'], $possViews))
1276 {
1277 if ($_SESSION[$settings['session_prefix'].'user_view'] == 'thread')
1278 {
1279 $header_href = 'forum_entry.php';
1280 $further = $further_id;
1281 }
1282 else
1283 {
1284 $header_href = $_SESSION[$settings['session_prefix'].'user_view'] .'_entry.php';
1285 $further = $further_tid;
1286 }
1287 }
1288 else
1289 {
1290 if ($setting['standard'] == 'thread')
1291 {
1292 $header_href = 'forum_entry.php';
1293 $further = $further_id;
1294 }
1295 else
1296 {
1297 $header_href = $setting['standard'] .'_entry.php';
1298 $further = $further_tid;
1299 }
1300 }
1301 if ($further_page > 0)
1302 {
1303 $qs .= '&be_page='.$further_page;
1304 $qsl .= '&amp;be_page='.$further_page;
1305 }
1306 if ($header_href != 'forum_entry.php')
1307 {
1308 $qs .= '#p'.$further_id;
1309 $qsl .= '#p'.$further_id;
1310 }
1311 header('location: '. $settings['forum_address'].$header_href .'?id='. $further.$qs);
1312 die('<a href="'. $header_href .'?id='. $further.$qsl .'">further...</a>');
1313 exit(); # Skript beenden
1314 }
1315 } # Ende "if (isset(form))"
1316
1317 switch ($action)
1318 {
1319 case "new":
1320 $wo = ($id == 0) ? $lang['new_entry_marking'] : $lang['answer_marking'];
1321 break;
1322 case "edit";
1323 $wo = $lang['edit_marking'];
1324 break;
1325 case "delete";
1326 $wo = $lang['delete_marking'];
1327 break;
1328 }
1329 $wo = strip_tags($wo);
1330
1331 if (isset($aname))
1332 {
1333 $lang['back_to_posting_linkname'] = str_replace("[name]", htmlspecialchars($aname), $lang['back_to_posting_linkname']);
1334 $lang['answer_on_posting_marking'] = str_replace("[name]", htmlspecialchars($aname), $lang['answer_on_posting_marking']);
1335 }
1336
1337 $subnav_1 = '';
1338 if ($action == "new"
1339 && $id != 0
1340 || $action == "edit"
1341 || $action == "delete")
1342 {
1343 if (!empty($view))
1344 {
1345 $subnav1_href1 = ($view=="board") ? 'board_entry.php' : 'mix_entry.php';
1346 }
1347 else
1348 {
1349 $subnav1_href1 = 'forum_entry.php';
1350 }
1351 if (isset($page)
1352 && isset($order)
1353 && isset($category))
1354 {
1355 $subnav1_query1 = '&amp;page='.$page.'&amp;order='.$order;
1356 $subnav1_query1 .= ($category > 0) ? '&amp;category='.$category : '';
1357 }
1358 else
1359 {
1360 $subnav1_query1 = '';
1361 }
1362 if (!empty($view))
1363 {
1364 $subnav_1 .= '<a class="textlink" href="'.$subnav1_href1.'?id='.$thema;
1365 $subnav_1 .= $subnav_query1.'&amp;descasc='.$descasc;
1366 $subnav_1 .= '">'.$lang['back_to_topic_linkname'].'</a>';
1367 }
1368 else
1369 {
1370 $subnav_1 .= '<a class="textlink" href="'.$subnav1_href1.'?id='.$id;
1371 $subnav_1 .= $subnav1_query1.'&amp;descasc='.$descasc.'">';
1372 if (isset($aname))
1373 {
1374 $subnav_1 .= $lang['back_to_posting_linkname'].'</a>';
1375 }
1376 else
1377 {
1378 $subnav_1 .= $lang['back_linkname'].'</a>';
1379 }
1380 }
1381 }
1382 else if ($action == "new"
1383 && $id == 0)
1384 {
1385 if (!empty($view))
1386 {
1387 $subnav1_href2 = ($view=="board") ? 'board.php' : 'mix.php';
1388 }
1389 else
1390 {
1391 $subnav1_href2 = 'forum.php';
1392 }
1393 $subnav_1 .= '<a class="textlink" href="'.$subnav1_href2;
1394 $subnav_1 .= '">'.$lang['back_to_overview_linkname'].'</a>';
1395 }
1396
1397 parse_template();
1398 echo $header;
1399 echo outputDebugSession();
1400
1401 switch ($show)
1402 {
1403 case "form":
1404 if (empty($_SESSION[$settings['session_prefix'].'user_id'])
1405 && $settings['captcha_posting'] == 1)
1406 {
1407 if($settings['captcha_type']==1)
1408 {
1409 $_SESSION['captcha_session'] = $captcha->generate_code();
1410 }
1411 else
1412 {
1413 $_SESSION['captcha_session'] = $captcha->generate_math_captcha();
1414 }
1415 }
1416 # Ãœberschrift:
1417 if ($action == "new")
1418 {
1419 if ($id == 0)
1420 {
1421 echo '<h2>'.$lang['new_entry_marking'].'</h2>'."\n";
1422 }
1423 else
1424 {
1425 echo '<h2>'.$lang['answer_marking'].'</h2>'."\n";
1426 echo '<p class="postingforma">'.$lang['answer_on_posting_marking'].'</p>'."\n";
1427 }
1428 }
1429 if ($action == "edit")
1430 {
1431 echo '<h2>'.$lang['edit_marking'].'</h2>'."\n";
1432 }
1433 # error messages, if present:
1434 if (isset($errors))
1435 {
1436 echo errorMessages($errors);
1437 }
1438 # preview:
1439 if (isset($preview)
1440 && empty($errors))
1441 {
1442 if (isset($_SESSION[$settings['session_prefix'].'user_id']))
1443 {
1444 if ($action == "edit")
1445 {
1446 $pr_id = $p_user_id;
1447 }
1448 else
1449 {
1450 $pr_id = $_SESSION[$settings['session_prefix']."user_id"];
1451 }
1452 $previewQuery = "SELECT
1453 user_name,
1454 user_email,
1455 hide_email,
1456 user_hp,
1457 user_place,
1458 signature
1459 FROM ". $db_settings['userdata_table'] ."
1460 WHERE user_id = '". intval($pr_id) ."'
1461 LIMIT 1";
1462 $preview_result = mysql_query($previewQuery, $connid);
1463 if (!$preview_result) die($lang['db_error']);
1464 $field = mysql_fetch_assoc($preview_result);
1465 mysql_free_result($preview_result);
1466 $pr_name = $field["user_name"];
1467 $pr_email = $field["user_email"];
1468 $hide_email = $field["hide_email"];
1469 $pr_hp = $field["user_hp"];
1470 $pr_place = $field["user_place"];
1471 $prSignature = $field["signature"];
1472 } # End: if (isset($_SESSION[$settings['session_prefix'].'user_id']))
1473 if (empty($pr_name)) $pr_name = $name;
1474 if (empty($pr_email)) $pr_email = $email;
1475 if (empty($hide_email)) $hide_email = 0;
1476 if (empty($pr_hp)) $pr_hp = $hp;
1477 if (empty($pr_place)) $pr_place = $place;
1478 # current time:
1479 list($pr_time) = mysql_fetch_row(mysql_query("SELECT UNIX_TIMESTAMP(NOW() + INTERVAL ".$time_difference." HOUR)"));
1480 $mark['admin'] = false;
1481 $mark['mod'] = false;
1482 $mark['user'] = false;
1483 $entry = array();
1484 $entry['hide_email'] = $hide_email;
1485 $entry['id'] = 0;
1486 $entry['answer'] = '';
1487 $entry["email"] = $pr_email;
1488 $entry["hp"] = $pr_hp;
1489 $entry['name'] = $pr_name;
1490 $entry["place"] = $pr_place;
1491 $entry['user_id'] = !empty($pr_id) ? $pr_id : 0;
1492 $entry['ip'] = '127.0.0.1';
1493 $entry["edited_diff"] = 0;
1494 $entry["p_time"] = $pr_time;
1495 $entry["edited_by"] = '';
1496 $entry["e_time"] = '';
1497 # generate content of preview
1498 if (isset($_SESSION[$settings['session_prefix'].'curr_view'])
1499 and in_array($_SESSION[$settings['session_prefix'].'curr_view'], array('thread', 'mix', 'board')))
1500 {
1501 $prTemplate = file_get_contents('data/templates/posting.'. $_SESSION[$settings['session_prefix'].'curr_view'] .'.html');
1502 $isView = $_SESSION[$settings['session_prefix'].'curr_view'];
1503 }
1504 else if (isset($_SESSION[$settings['session_prefix'].'user_view'])
1505 and in_array($_SESSION[$settings['session_prefix'].'user_view'], array('thread', 'mix', 'board')))
1506 {
1507 $prTemplate = file_get_contents('data/templates/posting.'. $_SESSION[$settings['session_prefix'].'user_view'] .'.html');
1508 $isView = $_SESSION[$settings['session_prefix'].'user_view'];
1509 }
1510 else if (isset($_COOKIE['curr_view'])
1511 and in_array($_COOKIE['curr_view'], array('thread', 'mix', 'board')))
1512 {
1513 $prTemplate = file_get_contents('data/templates/posting.'. $_COOKIE['curr_view'] .'.html');
1514 $isView = $_COOKIE['curr_view'];
1515 }
1516 else if (isset($_COOKIE['user_view'])
1517 and in_array($_COOKIE['user_view'], array('thread', 'mix', 'board')))
1518 {
1519 $prTemplate = file_get_contents('data/templates/posting.'. $_COOKIE['user_view'] .'.html');
1520 $isView = $_COOKIE['user_view'];
1521 }
1522 else
1523 {
1524 $prTemplate = file_get_contents('data/templates/posting.'. $settings['standard'] .'.html');
1525 $isView = $settings['standard'];
1526 }
1527 $prAuthorinfo = outputAuthorInfo($mark, $entry, $page, $order, $view, $category);
1528 $prSubject = htmlspecialchars($subject);
1529 if ($text == "")
1530 {
1531 $prText = $lang['no_text'];
1532 }
1533 else
1534 {
1535 $prText = $text;
1536 # $prText = htmlspecialchars($prText);
1537 # $prText = nl2br($prText);
1538 $prText = ($settings['autolink'] == 1) ? make_link($prText) : $prText;
1539 $prText = ($settings['bbcode'] == 1) ? bbcode($prText) : $prText;
1540 $prText = ($settings['smilies'] == 1) ? smilies($prText) : $prText;
1541 $prText = zitat($prText);
1542 }
1543 if ($show_signature == 1
1544 && $prSignature != "")
1545 {
1546 $prSignature = $settings['signature_separator']."\n".$prSignature;
1547 # $prSignature = htmlspecialchars($prSignature);
1548 # $prSignature = nl2br($prSignature);
1549 $prSignature = ($settings['autolink'] == 1) ? make_link($prSignature) : $prSignature;
1550 $prSignature = ($settings['bbcode'] == 1) ? bbcode($prSignature) : $prSignature;
1551 $prSignature = ($settings['smilies'] == 1) ? smilies($prSignature) : $prSignature;
1552 $prSignature = '<div class="signature">'.$prSignature.'</div>'."\n";
1553 }
1554 else
1555 {
1556 $prSignature = '';
1557 }
1558 $prThreadHeadline = ($isView == 'thread') ? $lang['whole_thread_marking'] : '';
1559 $prThread = ($isView == 'thread') ? '...' : '';
1560 $prTemplate = str_replace('{postingheadline}', $prSubject, $prTemplate);
1561 $prTemplate = str_replace('{authorinfo}', $prAuthorinfo, $prTemplate);
1562 $prTemplate = str_replace('{editmenu}', '', $prTemplate);
1563 $prTemplate = str_replace('{answer-locked}', '', $prTemplate);
1564 $prTemplate = str_replace('{posting}', $prText, $prTemplate);
1565 $prTemplate = str_replace('{signature}', $prSignature, $prTemplate);
1566 $prTemplate = str_replace('{threadheadline}', $prThreadHeadline, $prTemplate);
1567 $prTemplate = str_replace('{thread}', $prThread, $prTemplate);
1568 $prTemplate = str_replace('{postingID}', $entry['user_id'], $prTemplate);
1569 $prTemplate = ($isView == 'board') ? '<table class="normaltab">'. $prTemplate .'</table>' : $prTemplate;
1570 # echo '<pre>'. print_r(htmlspecialchars($prTemplate), true) .'</pre>';
1571 echo '<h3 class="caution">'.$lang['preview_headline'].'</h3>'."\n";
1572 echo $prTemplate;
1573 echo '<hr class="entryline" />'."\n";
1574 } # if (isset($preview) && empty($errors))
1575 # End preview
1576 echo '<form action="posting.php" method="post" id="entryform" accept-charset="UTF-8">'."\n";
1577 if (empty($_SESSION[$settings['session_prefix'].'user_id'])
1578 && $settings['captcha_posting'] == 1)
1579 {
1580 echo '<input type="hidden" name="'. session_name() .'" value="'. session_id() .'" />'."\n";
1581 }
1582 echo '<input type="hidden" name="form" value="true" />'."\n";
1583 echo '<input type="hidden" name="id" value="'. intval($id) .'" />'."\n";
1584 echo ($action == "edit") ? '<input type="hidden" name="pid" value="'. intval($pid) .'" />'."\n" : '';
1585 echo '<input type="hidden" name="uniqid" value="'. uniqid("") .'" />'."\n";
1586 echo '<input type="hidden" name="action" value="'. htmlspecialchars($action) .'" />'."\n";
1587 echo (isset($p_user_id)) ? '<input type="hidden" name="p_user_id" value="'. $p_user_id .'" />'."\n" : '';
1588 echo (isset($aname)) ? '<input type="hidden" name="aname" value="'. htmlspecialchars($aname) .'" />'."\n" : '';
1589 echo (isset($back)) ? '<input type="hidden" name="back" value="'. $back .'" />'."\n" : '';
1590 echo (isset($thema)) ? '<input type="hidden" name="thema" value="'. $thema .'" />'."\n" : '';
1591 echo '<table class="normal">'."\n";
1592 # Formularfelder für unbekannte User bzw. wenn
1593 # Posting unbekannter User editiert wird:
1594 if (!isset($_SESSION[$settings['session_prefix'].'user_id'])
1595 or $action == "edit"
1596 && $p_user_id == 0)
1597 {
1598 echo '<tr>'."\n";
1599 echo '<td><label for="name">'. $lang['name_marking'] .'</label"></td>'."\n";
1600 echo '<td><input type="text" size="40" name="name" id="name" value="';
1601 echo (isset($name)) ? htmlspecialchars($name) : '';
1602 echo '" maxlength="'. $settings['name_maxlength'] .'" /></td>'."\n";
1603 echo '</tr><tr>'."\n";
1604 echo '<td><label for="email">'. $lang['email_marking'] .'</label></td>'."\n";
1605 echo '<td><input type="text" size="40" name="email" id="email" value="';
1606 echo (isset($email)) ? htmlspecialchars($email) : '';
1607 echo '" maxlength="'. $settings['email_maxlength'] .'" />&nbsp;';
1608 echo '<span class="xsmall">'. $lang['optional_marking'] .'</span></td>'."\n";
1609 echo '</tr><tr>'."\n";
1610 echo '<td><label for="hp">'. $lang['hp_marking'] .'</label></td>'."\n";
1611 echo '<td><input type="text" size="40" name="hp" id="hp" value="';
1612 echo (isset($hp)) ? htmlspecialchars($hp) : '';
1613 echo '" maxlength="'. $settings['hp_maxlength'] .'&nbsp;';
1614 echo '<span class="xsmall">'. $lang['optional_marking'] .'</span></td>'."\n";
1615 echo '</tr><tr>'."\n";
1616 echo '<td><label for="place">'. $lang['place_marking'] .'</label></td>'."\n";
1617 echo '<td><input type="text" size="40" name="place" id="place" value="';
1618 echo (isset($place)) ? htmlspecialchars($place) : '';
1619 echo '" maxlength="'. $settings['place_maxlength'] .'" />&nbsp;';
1620 echo '<span class="xsmall">'. $lang['optional_marking'] .'</span></td>'."\n";
1621 echo '</tr>';
1622 if ($settings['remember_userdata'] == 1
1623 && !isset($_SESSION[$settings['session_prefix'].'user_id']))
1624 {
1625 echo '<tr>'."\n";
1626 echo '<td>&nbsp;</td><td><span class="small"><input type="checkbox" name="setcookie" value="1"';
1627 echo (isset($setcookie) && $setcookie == 1) ? ' checked="checked"' : '';
1628 echo ' />&nbsp;'. $lang['remember_userdata_cbm'];
1629 if (isset($_COOKIE['user_name'])
1630 || isset($_COOKIE['user_email'])
1631 or isset($_COOKIE['user_hp'])
1632 or isset($_COOKIE['user_hp']))
1633 {
1634 echo '&nbsp;&nbsp;&nbsp;<a onclick="javascript:createPopup(this.href, 200, 150); return false;"';
1635 echo ' href="delete_cookie.php" title="'. outputLangDebugInAttributes($lang['delete_cookies_linktitle']) .'"><img border="0"';
1636 echo ' src="img/dc.png" name="dc" alt="" width="12" height="9">'. $lang['delete_cookies_linkname'] .'</a>';
1637 }
1638 echo '</span></td>'."\n";
1639 echo '</tr>';
1640 }
1641 }
1642 if ($categories !== false)
1643 {
1644 echo '<tr>'."\n";
1645 echo '<td><label for="p_category">'. $lang['category_marking'] .'</label></td>'."\n";
1646 echo '<td><select size="1" name="p_category" id="p_category">'."\n";
1647 if (empty($id)
1648 || $id == 0
1649 || $action=="edit"
1650 && isset($pid)
1651 && $pid == 0)
1652 {
1653 while (list($key, $val) = each($categories))
1654 {
1655 if ($key != 0)
1656 {
1657 echo '<option value="'. $key .'"';
1658 if ((isset($_SESSION[$settings['session_prefix'].'category'])
1659 && $_SESSION[$settings['session_prefix'].'category'] > 0
1660 && $key == $_SESSION[$settings['session_prefix'].'category']
1661 && empty($p_category))
1662 || (isset($p_category)
1663 && $key == $p_category))
1664 {
1665 echo ' selected="selected"';
1666 }
1667 echo '>'. htmlspecialchars($val) .'</option>'."\n";
1668 }
1669 }
1670 }
1671 else
1672 {
1673 echo '<option value="'. $p_category .'">';
1674 if (isset($categories[$p_category]))
1675 {
1676 echo $categories[$p_category];
1677 }
1678 echo '</option>'."\n";
1679 }
1680 echo '</select></td>'."\n";
1681 echo '</tr>';
1682 }
1683 echo '<tr>'."\n";
1684 echo '<td><label for="subject">'. $lang['subject_marking'] .'</label></td>'."\n";
1685 echo '<td><input type="text" size="50" name="subject" id="subject" value="';
1686 echo (isset($subject)) ? htmlspecialchars($subject) : '';
1687 echo '" maxlength="'. $settings['subject_maxlength'] .'" /></td>'."\n";
1688 echo '</tr><tr>'."\n";
1689 echo '<td colspan="2"><label for="text">'. $lang['text_marking'] .'</label>';
1690 if ($action == "new"
1691 && $id != 0)
1692 {
1693 echo '&nbsp;&nbsp;<span id="delete-text" class="small">'. $lang['delete_quoted_text'] .'</span>';
1694 }
1695 echo '</td>'."\n";
1696 echo '</tr><tr>'."\n";
1697 echo '<td colspan="2">'."\n";
1698 echo '<table class="normal" border="0" cellpadding="0" cellspacing="0">'."\n";
1699 echo '<tr>'."\n".'<td valign="top">'."\n";
1700 echo '<textarea cols="78" rows="20" name="text" id="text">';
1701 if (isset($text))
1702 {
1703 echo htmlspecialchars($text);
1704 }
1705 echo '</textarea>'."\n";
1706 echo '</td>'."\n";
1707 echo '<td id="buttonspace">'. $lang['bbcode_marking_user'] .'</td>'."\n";
1708 echo '</tr>'."\n".'</table>'."\n";
1709 echo '</td>'."\n";
1710 echo '</tr>'."\n";
1711 if ((isset($_SESSION[$settings['session_prefix'].'user_id'])
1712 && $action=="new")
1713 || (isset($_SESSION[$settings['session_prefix'].'user_id'])
1714 && $action=="edit"
1715 && $p_user_id > 0))
1716 {
1717 echo '<tr>'."\n";
1718 echo '<td colspan="2"><label for="show_signature"><input type="checkbox"';
1719 echo ' name="show_signature" id="show_signature" value="1"';
1720 echo (isset($show_signature) && $show_signature==1) ? ' checked="checked"' : '';
1721 echo ' />&nbsp;'. $lang['show_signature_cbm'] .'</label></td>'."\n";
1722 echo '</tr>';
1723 }
1724 if ($settings['email_notification'] == 1)
1725 {
1726 echo '<tr>'."\n";
1727 echo '<td colspan="2"><label for="email_notify"><input type="checkbox"';
1728 echo ' name="email_notify" id="email_notify" value="1"';
1729 echo (isset($email_notify) && $email_notify == 1) ? ' checked="checked"' : '';
1730 echo ' />&nbsp;'. $lang['email_notification_cbm'] .'</label></td>'."\n";
1731 echo '</tr>';
1732 }
1733 else
1734 {
1735 echo '<input type="hidden" name="email_b" value="" />'."\n";
1736 }
1737 if (isset($_SESSION[$settings['session_prefix'].'user_type'])
1738 && ($_SESSION[$settings['session_prefix'].'user_type'] == "admin"
1739 || $_SESSION[$settings['session_prefix'].'user_type'] == "mod")
1740 && (empty($id)
1741 || $id == 0
1742 || $action=="edit"
1743 && isset($pid)
1744 && $pid == 0))
1745 {
1746 echo '<tr>'."\n";
1747 echo '<td colspan="2"><label for="fixed"><input type="checkbox"';
1748 echo ' name="fixed" id="fixed" value="1"';
1749 echo (isset($fixed) && $fixed == 1) ? ' checked="checked"' : '';
1750 echo ' />&nbsp;'. $lang['fix_thread'] .'</label></td>'."\n";
1751 echo '</tr>';
1752 }
1753 if (empty($_SESSION[$settings['session_prefix'].'user_id'])
1754 && $settings['captcha_posting'] == 1)
1755 {
1756 echo '<tr>'."\n";
1757 echo '<td colspan="2"><b>'. $lang['captcha_marking'] .'</b></td>'."\n";
1758 echo '</tr>';
1759 if ($settings['captcha_type'] == 1)
1760 {
1761 echo '<tr>'."\n";
1762 echo '<td colspan="2"><img class="captcha" src="captcha/captcha_image.php?';
1763 echo SID.'" alt="'. outputLangDebugInAttributes($lang['captcha_image_alt']) .'" width="180" height="40"/></td>'."\n";
1764 echo '</tr><tr>'."\n";
1765 echo '<td colspan="2">'. $lang['captcha_expl_image'] .'</td>'."\n";
1766 echo '</tr><tr>'."\n";
1767 echo '<td colspan="2"><input type="text" name="captcha_code" value="" size="10" /></td>'."\n";
1768 echo '</tr>';
1769 }
1770 else
1771 {
1772 echo '<tr>'."\n";
1773 echo '<td colspan="2">'. $lang['captcha_expl_math'] .'</td>'."\n";
1774 echo '</tr><tr>'."\n";
1775 echo '<td colspan="2">'. $_SESSION['captcha_session'][0] .' + '. $_SESSION['captcha_session'][1] .' = ';
1776 echo '<input type="text" name="captcha_code" value="" size="5" /></td>'."\n";
1777 echo '</tr>';
1778 }
1779 }
1780 echo '<tr>'."\n";
1781 echo '<td colspan="2"><input type="submit" name="save_entry" value="';
1782 echo outputLangDebugInAttributes($lang['submit_button']) .'" title="'. outputLangDebugInAttributes($lang['submit_button_title']) .'" />&nbsp;';
1783 echo '<input type="submit" name="preview" value="';
1784 echo outputLangDebugInAttributes($lang['preview_button']) .'" title="'. outputLangDebugInAttributes($lang['preview_button_title']) .'" />&nbsp;';
1785 echo '<input type="reset" value="'. outputLangDebugInAttributes($lang['reset_button']) .'" title="'. outputLangDebugInAttributes($lang['reset_button_title']) .'" /></td>'."\n";
1786 echo "</tr>\n</table>\n</form>\n";
1787 if (!isset($_SESSION[$settings['session_prefix'].'user_id'])
1788 || isset($_SESSION[$settings['session_prefix'].'user_id'])
1789 && $action=="edit" )
1790 {
1791 echo '<p class="xsmall" style="margin-top: 30px;">'. $lang['email_exp'] .'</p>'."\n";
1792 }
1793 break;
1794 # End: switch ($show)->case "form"
1795 case "no authorization":
1796 echo '<p class="caution">'. $lang['no_authorization'] .'</p>'."\n";
1797 if (isset($reason))
1798 {
1799 echo '<p>'. $reason .'</p>'."\n";
1800 }
1801 break;
1802 # End: switch ($show)->case "no authorization"
1803 case "delete form":
1804 $lang['thread_info'] = str_replace("[name]", htmlspecialchars($field["name"]), $lang['thread_info']);
1805 $lang['thread_info'] = str_replace("[time]", strftime($lang['time_format'],$field["tp_time"]), $lang['thread_info']);
1806 echo '<h2>'. $lang['delete_marking'] .'</h2>'."\n";
1807 echo '<p>'. $lang['delete_posting_sure'];
1808 echo ($field["pid"] == 0) ? '<br />'. $lang['delete_whole_thread'] : '';
1809 echo '</p>'."\n";
1810 echo '<p><b>'. htmlspecialchars($field["subject"]) .'</b>&nbsp;'. $lang['thread_info'] .'</p>'."\n";
1811 echo '<form action="posting.php" method="post" accept-charset="UTF-8">'."\n";
1812 echo '<input type="hidden" name="action" value="delete ok" />'."\n";
1813 echo '<input type="hidden" name="id" value="'. intval($id) .'" />'."\n";
1814 echo '<p><input type="submit" name="delete" value="'. $lang['delete_posting_ok'] .'" /></p>'."\n";
1815 echo '</form>'."\n";
1816 break;
1817 # End: switch ($show)->case "delete form"
1818 }
1819 echo $footer;
1820 } # End: if (($settings['entries_by_users_only'] == 1 ...)
1821 else
1822 {
1823 header("Location: ". $settings['forum_address'] ."login.php?msg=noentry");
1824 die('<a href="login.php?msg=noentry">further...</a>');
1825 }
1826 } # End: if (($settings['access_for_users_only'] == 1 ...)
1827 else
1828 {
1829 header("Location: ". $settings['forum_address'] ."login.php?msg=noaccess");
1830 die('<a href="login.php?msg=noaccess">further...</a>');
1831 }
1832 ?>
a fork of mylittleforum version 1