-'<?php

-// Posting specific functions.

-

-// This function will prepare the message for entry into the database.

-function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0)

-{

- $message = trim($message);

-

- if(!$html_on)

- {

- $message = htmlspecialchars($message);

- }

-

- if($bbcode_on)

- {

- $message = bbencode_first_pass($message, $bbcode_uid);

- }

-

- if($smile_on)

- {

- // No smile() function yet, write one...

- //$message = smile($message);

- }

-

- $message = addslashes($message);

- return($message);

-}

-// End Posting specific functions.

-//

-// Start program proper

-//

-// Start session management

-//

-$userdata = session_pagestart($user_ip, PAGE_POSTING, $session_length);

-init_userprefs($userdata);

-//

-// End session management

-

-// This is a quick check to see if it works

-// can probably be placed better ...

-

- if(isset($HTTP_POST_VARS['annouce']))

- else if(isset($HTTP_POST_VARS['sticky']))

- // to read this forum ...

-

-// Set initial conditions

-//

-$is_first_post = (($HTTP_GET_VARS['is_first_post'] == 1) || ($HTTP_POST_VARS['is_first_post'] == 1)) ? TRUE : FALSE;

-$disable_html = (isset($HTTP_POST_VARS['disable_html'])) ? $HTTP_POST_VARS['disable_html'] : !$userdata['user_allowhtml'];

-$disable_bbcode = (isset($HTTP_POST_VARS['disable_bbcode'])) ? $HTTP_POST_VARS['disable_bbcode'] : !$userdata['user_allowbbcode'];

-$disable_smilies = (isset($HTTP_POST_VARS['disable_smile'])) ? $HTTP_POST_VARS['disable_smile'] : !$userdata['user_allowsmile'];

-$attach_sig = (isset($HTTP_POST_VARS['attach_sig'])) ? $HTTP_POST_VARS['attach_sig'] : $userdata['user_attachsig'];

-$notify = (isset($HTTP_POST_VARS['notify'])) ? $HTTP_POST_VARS['notify'] : $userdata["always_notify"];

-$annouce = (isset($HTTP_POST_VARS['annouce'])) ? $HTTP_POST_VARS['annouce'] : "";

-$unannouce = (isset($HTTP_POST_VARS['unannouce'])) ? $HTTP_POST_VARS['unannouce'] : "";

-$sticky = (isset($HTTP_POST_VARS['sticky'])) ? $HTTP_POST_VARS['sticky'] : "";

-$unstick = (isset($HTTP_POST_VARS['unstick'])) ? $HTTP_POST_VARS['unstick'] : "";

-$preview = (isset($HTTP_POST_VARS['preview'])) ? TRUE : FALSE;

-

-

-if($annouce)

-{

- $topic_type = ANNOUCE;

-}

-else if($sticky)

-{

- $topic_type = STICKY;

-}

-else

-{

- $topic_type = NORMAL;

-}

-

-//

- $sql = "SELECT max(post_time) AS last_post_time

- FROM ".POSTS_TABLE."

- $db_row = $db->sql_fetchrowset($result);

- $last_post_time = $db_row[0]['last_post_time'];

- $sql = "INSERT INTO ".POSTS_TABLE." (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, bbcode_uid)

- VALUES ($new_topic_id, $forum_id, ".$userdata['user_id'].", '".$username."', $topic_time, '$user_ip', '$uid')";

-if($preview)

- error_die(GENERAL_ERROR, "Sorry, no there is no such forum");

- $sql = "SELECT forum_name

- FROM ".FORUMS_TABLE."

- WHERE forum_id = $forum_id";

- if(!$result = $db->sql_query($sql))

- {

- error_die(SQL_QUERY, "Could not obtain forum/forum access information.", __LINE__, __FILE__);

- }

- $forum_info = $db->sql_fetchrow($result);

- $forum_name = stripslashes($forum_info['forum_name']);

-

- $template->set_filenames(array(

- "body" => "posting_body.tpl",

- "jumpbox" => "jumpbox.tpl")

- );

- $jumpbox = make_jumpbox();

- $template->assign_vars(array(

- "JUMPBOX_LIST" => $jumpbox,

- "SELECT_NAME" => POST_FORUM_URL)

- );

- $template->assign_var_from_handle("JUMPBOX", "jumpbox");

-

- $template->assign_vars(array(

- "FORUM_ID" => $forum_id,

- "FORUM_NAME" => $forum_name,

-

- "L_POSTNEWIN" => $section_title,

-

- "U_VIEW_FORUM" => append_sid("viewforum.$phpEx?".POST_FORUM_URL."=$forum_id"))

- );

-

- if($userdata['session_logged_in'])

- {

- $username_input = $userdata["username"];

- $password_input = "";

- }

- else

- {

- $username_input = '<input type="text" name="username" value="' . $username . '" size="25" maxlength="50">';

- $password_input = '<input type="password" name="password" size="25" maxlenght="40">';

- }

- $subject_input = '<input type="text" name="subject" value="'.$subject.'" size="50" maxlength="255">';

- $message_input = '<textarea name="message" rows="10" cols="40" wrap="virtual">'.$message.'</textarea>';

- if($board_config['allow_html'])

- {

- $html_status = $lang['HTML'] . $lang['is_ON'];

- $html_toggle = '<input type="checkbox" name="disable_html" ';

- if($disable_html)

- {

- $html_toggle .= 'checked';

- }

- $html_toggle .= "> " . $lang['Disable'] . $lang['HTML'] . $lang['in_this_post'];

- }

- else

- {

- $html_status = $lang['HTML'] . $lang['is_OFF'];

- }

- if($board_config['allow_bbcode'])

- $bbcode_status = $l_bbcodeis . " " . $l_on;

- $bbcode_toggle = '<input type="checkbox" name="disable_bbcode" ';

- if($disable_bbcode)

- $bbcode_toggle .= "checked";

- $bbcode_toggle .= "> " . $lang['Disable'] . $lang['BBCode'] . $lang['in_this_post'];

- $bbcode_status = $lang['BBCode'] . $lang['is_OFF'];

- }

-

- if($board_config['allow_smilies'])

- {

- $smile_toggle = '<input type="checkbox" name="disable_smile" ';

- if($disable_smilies)

- $smile_toggle .= "checked";

- $smile_toggle .= "> " . $lang['Disable'] . $lang['Smilies'] . $lang['in_this_post'];

- }

-

- $sig_toggle = '<input type="checkbox" name="attach_sig" ';

- if($attach_sig)

- {

- $sig_toggle .= "checked";

- $sig_toggle .= "> " . $lang['Attach_signature'];

- if($mode == 'newtopic' || ($mode == 'editpost' && $is_first_post))

- if($is_auth['auth_announce'])

- if(!$is_annouce)

- {

- $annouce_toggle = '<input type="checkbox" name="annouce" ';

- if($annouce)

- {

- $announce_toggle .= "checked";

- }

- $annouce_toggle .= '> '.$lang['Post_Annoucement'];

- }

- else

- {

- $annouce_toggle = '<input type="checkbox" name="unannouce" ';

- if($unannouce)

- {

- $announce_toggle .= "checked";

- }

- $annouce_toggle .= '> '.$lang['Un_announce'];

- }

- }

-

- if($is_auth['auth_sticky'])

- {

- if(!$is_stuck)

- {

- $sticky_toggle = '<input type="checkbox" name="sticky" ';

- if($sticky)

- {

- $sticky_toggle .= "checked";

- }

- $sticky_toggle .= '> '.$lang['Post_Sticky'];

- }

- else

- {

- $sticky_toggle = '<input type="checkbox" name="unstick" ';

- if($unstick)

- {

- $sticky_toggle .= "checked";

- }

- $sticky_toggle .= '> '.$lang['Un_stick'];

- }

-

-

- if($mode == 'newtopic' || ($mode == 'editpost' && $notify_show))

- $notify_toggle = '<input type="checkbox" name="notify" ';

- if($notify)

- $notify_toggle .= "checked";

- $notify_toggle .= "> " . $lang['Notify'];

- if($mode == 'reply' || $mode == 'editpost')

- {

- $topic_id = ($HTTP_GET_VARS[POST_TOPIC_URL]) ? $HTTP_GET_VARS[POST_TOPIC_URL] : $HTTP_POST_VARS[POST_TOPIC_URL];

- $post_id = ($HTTP_GET_VARS[POST_POST_URL]) ? $HTTP_GET_VARS[POST_POST_URL] : $HTTP_POST_VARS[POST_POST_URL];

- }

- $hidden_form_fields = "<input type=\"hidden\" name=\"mode\" value=\"$mode\"><input type=\"hidden\" name=\"" . POST_FORUM_URL . "\" value=\"$forum_id\"><input type=\"hidden\" name=\"" . POST_TOPIC_URL . "\" value=\"$topic_id\"><input type=\"hidden\" name=\"" . POST_POST_URL . "\" value=\"$post_id\"><input type=\"hidden\" name=\"is_first_post\" value=\"$is_first_post\">";

- if($mode == 'newtopic')

- {

- $post_a = $lang['Post_a_new_topic'];

- }

- else if($mode == 'reply')

- {

- $post_a = $lang['Post_a_reply'];

- }

- else if($mode == 'editpost')

- {

- $post_a = $lang['Edit_Post'];

- }

- $template->assign_vars(array(

- "USERNAME_INPUT" => $username_input,

- "PASSWORD_INPUT" => $password_input,

- "SUBJECT_INPUT" => $subject_input,

- "MESSAGE_INPUT" => $message_input,

- "HTML_STATUS" => $html_status,

- "HTML_TOGGLE" => $html_toggle,

- "SMILE_TOGGLE" => $smile_toggle,

- "SIG_TOGGLE" => $sig_toggle,

- "ANNOUNCE_TOGGLE" => $annouce_toggle,

- "STICKY_TOGGLE" => $sticky_toggle,

- "NOTIFY_TOGGLE" => $notify_toggle,

- "BBCODE_TOGGLE" => $bbcode_toggle,

- "BBCODE_STATUS" => $bbcode_status,

-

- "L_SUBJECT" => $lang['Subject'],

- "L_MESSAGE_BODY" => $lang['Message_body'],

- "L_OPTIONS" => $lang['Options'],

- "L_PREVIEW" => $lang['Preview'],

- "L_SUBMIT" => $lang['Submit_post'],

- "L_CANCEL" => $lang['Cancel_post'],

- "L_POST_A" => $post_a,

-

- "S_POST_ACTION" => append_sid("posting.$phpEx"),

- "S_HIDDEN_FORM_FIELDS" => $hidden_form_fields)

- );

-

- $template->pparse("body");

-

- include('includes/page_tail.'.$phpEx);

-$folder = (!empty($HTTP_GET_VARS['folder'])) ? $HTTP_GET_VARS['folder'] : "inbox";

-$mode = (!empty($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : "";

-// Output page header and

-// open the index body template

-//

-include('includes/page_header.'.$phpEx);

-

-//

- $user_to_sql = "AND pm.privmsgs_to_groupid = ug2.group_id AND ug2.user_id = " . $userdata['user_id'];

- $user_from_sql = "AND pm.privmsgs_from_groupid = ug.group_id AND u.user_id = ug.user_id";

- $user_to_sql = "AND pm.privmsgs_to_groupid = ug.group_id AND u.user_id = ug.user_id";

- $user_from_sql = "AND pm.privmsgs_from_groupid = ug2.group_id AND ug2.user_id = " . $userdata['user_id'];

- $sql = "SELECT u.username, u.user_id, u.user_website, u.user_icq, u.user_aim, u.user_yim, u.user_msnm, u.user_viewemail, u.user_sig, u.user_avatar, pm.privmsgs_id, pm.privmsgs_type, pm.privmsgs_date, pm.privmsgs_subject, pm.privmsgs_bbcode_uid, pmt.privmsgs_text

- FROM ".PRIVMSGS_TABLE." pm, " . PRIVMSGS_TEXT_TABLE . " pmt, ".USERS_TABLE." u, " . USER_GROUP_TABLE . " ug, " . USER_GROUP_TABLE . " ug2

- $poster_avatar = ($privmsg['user_avatar'] != "" && $userdata['user_id'] != ANONYMOUS) ? "<img src=\"".$board_config['avatar_path']."/".$privmsg['user_avatar']."\">" : "";

- $profile_img = "<a href=\"".append_sid("profile.$phpEx?mode=viewprofile&".POST_USERS_URL."=$poster_id")."\"><img src=\"".$images['profile']."\" alt=\"$l_profileof $poster\" border=\"0\"></a>";

- $email_img = ($privmsg['user_viewemail'] == 1) ? "<a href=\"mailto:".$privmsg['user_email']."\"><img src=\"".$images['email']."\" alt=\"$l_email $poster\" border=\"0\"></a>" : "";

- $www_img = ($privmsg['user_website']) ? "<a href=\"".$privmsg['user_website']."\"><img src=\"".$images['www']."\" alt=\"$l_viewsite\" border=\"0\"></a>" : "";

- $icq_status_img = "<a href=\"http://wwp.icq.com/".$privmsg['user_icq']."#pager\"><img src=\"http://online.mirabilis.com/scripts/online.dll?icq=".$privmsg['user_icq']."&img=5\" alt=\"$l_icqstatus\" border=\"0\"></a>";

- $icq_add_img = "<a href=\"http://wwp.icq.com/scripts/search.dll?to=".$privmsg['user_icq']."\"><img src=\"".$images['icq']."\" alt=\"$l_icq\" border=\"0\"></a>";

- $aim_img = ($privmsg['user_aim']) ? "<a href=\"aim:goim?screenname=".$privmsg['user_aim']."&message=Hello+Are+you+there?\"><img src=\"".$images['aim']."\" border=\"0\"></a>" : "";

- $msn_img = ($privmsg['user_msnm']) ? "<a href=\"profile.$phpEx?mode=viewprofile&".POST_USERS_URL."=$poster_id\"><img src=\"".$images['msn']."\" border=\"0\"></a>" : "";

- $yim_img = ($privmsg['user_yim']) ? "<a href=\"http://edit.yahoo.com/config/send_webmesg?.target=".$privmsg['user_yim']."&.src=pg\"><img src=\"".$images['yim']."\" border=\"0\"></a>" : "";

-else if($mode == "post" || $mode == "reply")

- if($mode == "reply")

- "body" => "posting_body.tpl",

- // Error

- }

-

- $sql = "SELECT g.group_id

- FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g

- WHERE ug.user_id = " . $userdata['user_id'] . "

- AND ug.group_id = g.group_id

- AND g.group_single_user = 1";

- if(!$ug_status = $db->sql_query($sql))

- {

- error_die(SQL_QUERY, "Could not obtain group_id information.", __LINE__, __FILE__);

- $group_id_row = $db->sql_fetchrow($ug_status);

-

- $group_id = $group_id_row['group_id'];

-

-

- $delete_sql .= "privmsgs_to_groupid = $group_id AND (

- $delete_sql .= "privmsgs_from_groupid = $group_id AND privmsgs_type = " . PRIVMSGS_NEW_MAIL;

- $delete_sql .= "privmsgs_from_groupid = $group_id AND privmsgs_type = " . PRIVMSGS_SENT_MAIL;

- case 'savedbox':

- $delete_sql .= "( privmsgs_from_groupid = $group_id OR privmsgs_to_groupid = $group_id )

- // Error

- $sql = "SELECT g.group_id

- FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g

- WHERE ug.user_id = " . $userdata['user_id'] . "

- AND ug.group_id = g.group_id

- AND g.group_single_user = 1";

- if(!$ug_status = $db->sql_query($sql))

- {

- error_die(SQL_QUERY, "Could not obtain group_id information.", __LINE__, __FILE__);

- }

- $group_id_row = $db->sql_fetchrow($ug_status);

-

- $group_id = $group_id_row['group_id'];

-

- $saved_sql .= "privmsgs_to_groupid = $group_id AND (

- $saved_sql .= "privmsgs_from_groupid = $group_id AND privmsgs_type = " . PRIVMSGS_SENT_MAIL;

- $sql_tot = "SELECT COUNT(pm.privmsgs_id) AS pm_total

- FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug

- WHERE ug.group_id = pm.privmsgs_to_groupid

- AND ug.user_id = " . $userdata['user_id'] . "

- AND ( pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL . "

- OR pm.privmsgs_type = " . PRIVMSGS_READ_MAIL . " )";

-

- $sql = "SELECT pm.privmsgs_type, pm.privmsgs_id, pm.privmsgs_date, pm.privmsgs_subject, ug.user_id, g.group_name, g.group_single_user

- FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug, " . USER_GROUP_TABLE . " ug2, " . GROUPS_TABLE . " g

- WHERE ug.group_id = pm.privmsgs_from_groupid

- AND g.group_id = ug.group_id

- AND ug2.group_id = pm.privmsgs_to_groupid

- AND ug2.user_id = " . $userdata['user_id'] . "

- AND ( pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL . "

- OR pm.privmsgs_type = " . PRIVMSGS_READ_MAIL . " )

- ORDER BY pm.privmsgs_date DESC

- LIMIT $start, " . $board_config['topics_per_page'];

- $sql_tot = "SELECT COUNT(pm.privmsgs_id) AS pm_total

- FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug

- WHERE ug.group_id = pm.privmsgs_from_groupid

- AND ug.user_id = " . $userdata['user_id'] . "

- AND pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL;

-

- $sql = "SELECT pm.privmsgs_type, pm.privmsgs_id, pm.privmsgs_date, pm.privmsgs_subject, ug.user_id, g.group_name, g.group_single_user

- FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug, " . USER_GROUP_TABLE . " ug2, " . GROUPS_TABLE . " g

- WHERE ug.group_id = pm.privmsgs_to_groupid

- AND g.group_id = ug.group_id

- AND ug2.group_id = pm.privmsgs_from_groupid

- AND ug2.user_id = " . $userdata['user_id'] . "

- AND pm.privmsgs_type = " . PRIVMSGS_NEW_MAIL . "

- ORDER BY pm.privmsgs_date DESC

- LIMIT $start, " . $board_config['topics_per_page'];

- break;

- $sql_tot = "SELECT COUNT(pm.privmsgs_id) AS pm_total

- FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug

- WHERE ug.group_id = pm.privmsgs_from_groupid

- AND ug.user_id = " . $userdata['user_id'] . "

- AND pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL;

-

- $sql = "SELECT pm.privmsgs_type, pm.privmsgs_id, pm.privmsgs_date, pm.privmsgs_subject, ug.user_id, g.group_name, g.group_single_user

- FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug, " . USER_GROUP_TABLE . " ug2, " . GROUPS_TABLE . " g

- WHERE ug.group_id = pm.privmsgs_to_groupid

- AND g.group_id = ug.group_id

- AND ug2.group_id = pm.privmsgs_from_groupid

- AND ug2.user_id = " . $userdata['user_id'] . "

- AND pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL . "

- ORDER BY pm.privmsgs_date DESC

- LIMIT $start, " . $board_config['topics_per_page'];

- $sql_tot = "SELECT COUNT(pm.privmsgs_id) AS pm_total

- FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug

- WHERE ug.group_id = pm.privmsgs_to_groupid

- AND ug.user_id = " . $userdata['user_id'] . "

- AND pm.privmsgs_type = " . PRIVMSGS_SAVED_MAIL;

-

- $sql = "SELECT pm.privmsgs_type, pm.privmsgs_id, pm.privmsgs_date, pm.privmsgs_subject, ug.user_id, g.group_name, g.group_single_user

- FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug, " . USER_GROUP_TABLE . " ug2, " . GROUPS_TABLE . " g

- WHERE ug.group_id = pm.privmsgs_from_groupid

- AND g.group_id = ug.group_id

- AND ug2.group_id = pm.privmsgs_to_groupid

- AND ug2.user_id = " . $userdata['user_id'] . "

- AND pm.privmsgs_type = " . PRIVMSGS_SAVED_MAIL . "

- ORDER BY pm.privmsgs_date DESC

- LIMIT $start, " . $board_config['topics_per_page']; break;

-// Okay, let's build the index

-

- $icon_flag = ($flag == PRIVMSGS_READ_MAIL || $flag == PRIVMSGS_SENT_MAIL) ? "<img src=\"images/msg_read.gif\">" : "<img src=\"images/msg_unread.gif\">";

- $msg_username = stripslashes($pm_list[$i]['group_name']);

- if($pm_list[$i]['group_single_user'])

- {

- $u_from_user_profile = "profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$msg_userid";

- }

- else

- {

- $u_from_user_profile = "groupadmin.$phpEx?" . POST_GROUPS_URL . "=$msg_userid";

- }

- if($flag == PRIVMSGS_NEW_MAIL && $mode == "inbox")

- "PAGINATION" => generate_pagination("privmsg.$phpEx?mode=$mode", $pm_total, $board_config['topics_per_page'], $start),