| author | Dan |
| Thu, 12 Jul 2007 01:04:01 -0400 | |
| changeset 2 | a8a21e1c7afa |
| parent 0 | f9ffdbd96607 |
| child 5 | e3d7322305bf |
| permissions | -rw-r--r-- |
| 0 | 1 |
<?php |
2 |
/*********************************************************************** |
|
3 |
||
4 |
Copyright (C) 2002-2005 Rickard Andersson (rickard@punbb.org) |
|
5 |
||
6 |
This file is part of PunBB. |
|
7 |
||
8 |
PunBB is free software; you can redistribute it and/or modify it |
|
9 |
under the terms of the GNU General Public License as published |
|
10 |
by the Free Software Foundation; either version 2 of the License, |
|
11 |
or (at your option) any later version. |
|
12 |
||
13 |
PunBB is distributed in the hope that it will be useful, but |
|
14 |
WITHOUT ANY WARRANTY; without even the implied warranty of |
|
15 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
16 |
GNU General Public License for more details. |
|
17 |
||
18 |
You should have received a copy of the GNU General Public License |
|
19 |
along with this program; if not, write to the Free Software |
|
20 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, |
|
21 |
MA 02111-1307 USA |
|
22 |
||
23 |
************************************************************************/ |
|
24 |
||
25 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
26 |
//define('PUN_ROOT', './');
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
27 |
//require PUN_ROOT.'include/common.php'; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
28 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
29 |
global $pun_db, $pun_user, $pun_config, $lang_common; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
30 |
|
| 0 | 31 |
|
32 |
||
33 |
if ($pun_user['g_read_board'] == '0') |
|
34 |
message($lang_common['No view']); |
|
35 |
||
36 |
||
37 |
$id = isset($_GET['id']) ? intval($_GET['id']) : 0; |
|
38 |
if ($id < 1) |
|
39 |
message($lang_common['Bad request']); |
|
40 |
||
41 |
// Load the viewforum.php language file |
|
42 |
require PUN_ROOT.'lang/'.$pun_user['language'].'/forum.php'; |
|
43 |
||
44 |
// Fetch some info about the forum |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
45 |
$result = $pun_db->query('SELECT f.forum_name, f.redirect_url, f.moderators, f.num_topics, f.sort_by, fp.post_topics FROM '.$pun_db->prefix.'forums AS f LEFT JOIN '.$pun_db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$id) or error('Unable to fetch forum info', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
46 |
if (!$pun_db->num_rows($result)) |
| 0 | 47 |
message($lang_common['Bad request']); |
48 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
49 |
$cur_forum = $pun_db->fetch_assoc($result); |
| 0 | 50 |
|
51 |
// Is this a redirect forum? In that case, redirect! |
|
52 |
if ($cur_forum['redirect_url'] != '') |
|
53 |
{
|
|
54 |
header('Location: '.$cur_forum['redirect_url']);
|
|
55 |
exit; |
|
56 |
} |
|
57 |
||
58 |
// Sort out who the moderators are and if we are currently a moderator (or an admin) |
|
59 |
$mods_array = array(); |
|
60 |
if ($cur_forum['moderators'] != '') |
|
61 |
$mods_array = unserialize($cur_forum['moderators']); |
|
62 |
||
63 |
$is_admmod = ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_id'] == PUN_MOD && array_key_exists($pun_user['username'], $mods_array))) ? true : false; |
|
64 |
||
65 |
// Can we or can we not post new topics? |
|
66 |
if (($cur_forum['post_topics'] == '' && $pun_user['g_post_topics'] == '1') || $cur_forum['post_topics'] == '1' || $is_admmod) |
|
67 |
$post_link = "\t\t".'<p class="postlink conr"><a href="post.php?fid='.$id.'">'.$lang_forum['Post topic'].'</a></p>'."\n"; |
|
68 |
else |
|
69 |
$post_link = ''; |
|
70 |
||
71 |
||
72 |
// Determine the topic offset (based on $_GET['p']) |
|
73 |
$num_pages = ceil($cur_forum['num_topics'] / $pun_user['disp_topics']); |
|
74 |
||
75 |
$p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p']; |
|
76 |
$start_from = $pun_user['disp_topics'] * ($p - 1); |
|
77 |
||
78 |
// Generate paging links |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
79 |
$paging_links = $lang_common['Pages'].': '.pun_paginate($num_pages, $p, 'viewforum.php?id='.$id); |
| 0 | 80 |
|
81 |
||
82 |
$page_title = pun_htmlspecialchars($pun_config['o_board_title'].' / '.$cur_forum['forum_name']); |
|
83 |
define('PUN_ALLOW_INDEX', 1);
|
|
84 |
require PUN_ROOT.'header.php'; |
|
85 |
||
86 |
?> |
|
87 |
<div class="linkst"> |
|
88 |
<div class="inbox"> |
|
89 |
<p class="pagelink conl"><?php echo $paging_links ?></p> |
|
90 |
<?php echo $post_link ?> |
|
91 |
<ul><li><a href="index.php"><?php echo $lang_common['Index'] ?></a> </li><li>» <?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?></li></ul> |
|
92 |
<div class="clearer"></div> |
|
93 |
</div> |
|
94 |
</div> |
|
95 |
||
96 |
<div id="vf" class="blocktable"> |
|
97 |
<h2><span><?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?></span></h2> |
|
98 |
<div class="box"> |
|
99 |
<div class="inbox"> |
|
100 |
<table cellspacing="0"> |
|
101 |
<thead> |
|
102 |
<tr> |
|
103 |
<th class="tcl" scope="col"><?php echo $lang_common['Topic'] ?></th> |
|
104 |
<th class="tc2" scope="col"><?php echo $lang_common['Replies'] ?></th> |
|
105 |
<th class="tc3" scope="col"><?php echo $lang_forum['Views'] ?></th> |
|
106 |
<th class="tcr" scope="col"><?php echo $lang_common['Last post'] ?></th> |
|
107 |
</tr> |
|
108 |
</thead> |
|
109 |
<tbody> |
|
110 |
<?php |
|
111 |
||
112 |
// Fetch list of topics to display on this page |
|
113 |
if ($pun_user['is_guest'] || $pun_config['o_show_dot'] == '0') |
|
114 |
{
|
|
115 |
// Without "the dot" |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
116 |
$sql = 'SELECT id, poster, subject, posted, last_post, last_post_id, last_poster, num_views, num_replies, closed, sticky, moved_to FROM '.$pun_db->prefix.'topics WHERE forum_id='.$id.' ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC LIMIT '.$start_from.', '.$pun_user['disp_topics']; |
| 0 | 117 |
} |
118 |
else |
|
119 |
{
|
|
120 |
// With "the dot" |
|
121 |
switch ($db_type) |
|
122 |
{
|
|
123 |
case 'mysql': |
|
124 |
case 'mysqli': |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
125 |
$sql = 'SELECT p.poster_id AS has_posted, t.id, t.subject, t.poster, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_views, t.num_replies, t.closed, t.sticky, t.moved_to FROM '.$pun_db->prefix.'topics AS t LEFT JOIN '.$pun_db->prefix.'posts AS p ON t.id=p.topic_id AND p.poster_id='.$pun_user['id'].' WHERE t.forum_id='.$id.' GROUP BY t.id ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC LIMIT '.$start_from.', '.$pun_user['disp_topics']; |
| 0 | 126 |
break; |
127 |
||
128 |
case 'sqlite': |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
129 |
$sql = 'SELECT p.poster_id AS has_posted, t.id, t.subject, t.poster, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_views, t.num_replies, t.closed, t.sticky, t.moved_to FROM '.$pun_db->prefix.'topics AS t LEFT JOIN '.$pun_db->prefix.'posts AS p ON t.id=p.topic_id AND p.poster_id='.$pun_user['id'].' WHERE t.id IN(SELECT id FROM '.$pun_db->prefix.'topics WHERE forum_id='.$id.' ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC LIMIT '.$start_from.', '.$pun_user['disp_topics'].') GROUP BY t.id ORDER BY t.sticky DESC, t.last_post DESC'; |
| 0 | 130 |
break; |
131 |
||
132 |
default: |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
133 |
$sql = 'SELECT p.poster_id AS has_posted, t.id, t.subject, t.poster, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_views, t.num_replies, t.closed, t.sticky, t.moved_to FROM '.$pun_db->prefix.'topics AS t LEFT JOIN '.$pun_db->prefix.'posts AS p ON t.id=p.topic_id AND p.poster_id='.$pun_user['id'].' WHERE t.forum_id='.$id.' GROUP BY t.id, t.subject, t.poster, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_views, t.num_replies, t.closed, t.sticky, t.moved_to, p.poster_id ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC LIMIT '.$start_from.', '.$pun_user['disp_topics']; |
| 0 | 134 |
break; |
135 |
||
136 |
} |
|
137 |
} |
|
138 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
139 |
$result = $pun_db->query($sql) or error('Unable to fetch topic list', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 140 |
|
141 |
// If there are topics in this forum. |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
142 |
if ($pun_db->num_rows($result)) |
| 0 | 143 |
{
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
144 |
while ($cur_topic = $pun_db->fetch_assoc($result)) |
| 0 | 145 |
{
|
146 |
$icon_text = $lang_common['Normal icon']; |
|
147 |
$item_status = ''; |
|
148 |
$icon_type = 'icon'; |
|
149 |
||
150 |
if ($cur_topic['moved_to'] == null) |
|
151 |
$last_post = '<a href="viewtopic.php?pid='.$cur_topic['last_post_id'].'#p'.$cur_topic['last_post_id'].'">'.format_time($cur_topic['last_post']).'</a> <span class="byuser">'.$lang_common['by'].' '.pun_htmlspecialchars($cur_topic['last_poster']).'</span>'; |
|
152 |
else |
|
153 |
$last_post = ' '; |
|
154 |
||
155 |
if ($pun_config['o_censoring'] == '1') |
|
156 |
$cur_topic['subject'] = censor_words($cur_topic['subject']); |
|
157 |
||
158 |
if ($cur_topic['moved_to'] != 0) |
|
159 |
$subject = $lang_forum['Moved'].': <a href="viewtopic.php?id='.$cur_topic['moved_to'].'">'.pun_htmlspecialchars($cur_topic['subject']).'</a> <span class="byuser">'.$lang_common['by'].' '.pun_htmlspecialchars($cur_topic['poster']).'</span>'; |
|
160 |
else if ($cur_topic['closed'] == '0') |
|
161 |
$subject = '<a href="viewtopic.php?id='.$cur_topic['id'].'">'.pun_htmlspecialchars($cur_topic['subject']).'</a> <span class="byuser">'.$lang_common['by'].' '.pun_htmlspecialchars($cur_topic['poster']).'</span>'; |
|
162 |
else |
|
163 |
{
|
|
164 |
$subject = '<a href="viewtopic.php?id='.$cur_topic['id'].'">'.pun_htmlspecialchars($cur_topic['subject']).'</a> <span class="byuser">'.$lang_common['by'].' '.pun_htmlspecialchars($cur_topic['poster']).'</span>'; |
|
165 |
$icon_text = $lang_common['Closed icon']; |
|
166 |
$item_status = 'iclosed'; |
|
167 |
} |
|
168 |
||
169 |
if (!$pun_user['is_guest'] && $cur_topic['last_post'] > $pun_user['last_visit'] && $cur_topic['moved_to'] == null) |
|
170 |
{
|
|
171 |
$icon_text .= ' '.$lang_common['New icon']; |
|
172 |
$item_status .= ' inew'; |
|
173 |
$icon_type = 'icon inew'; |
|
174 |
$subject = '<strong>'.$subject.'</strong>'; |
|
175 |
$subject_new_posts = '<span class="newtext">[ <a href="viewtopic.php?id='.$cur_topic['id'].'&action=new" title="'.$lang_common['New posts info'].'">'.$lang_common['New posts'].'</a> ]</span>'; |
|
176 |
} |
|
177 |
else |
|
178 |
$subject_new_posts = null; |
|
179 |
||
180 |
// Should we display the dot or not? :) |
|
181 |
if (!$pun_user['is_guest'] && $pun_config['o_show_dot'] == '1') |
|
182 |
{
|
|
183 |
if ($cur_topic['has_posted'] == $pun_user['id']) |
|
184 |
$subject = '<strong>·</strong> '.$subject; |
|
185 |
else |
|
186 |
$subject = ' '.$subject; |
|
187 |
} |
|
188 |
||
189 |
if ($cur_topic['sticky'] == '1') |
|
190 |
{
|
|
191 |
$subject = '<span class="stickytext">'.$lang_forum['Sticky'].': </span>'.$subject; |
|
192 |
$item_status .= ' isticky'; |
|
193 |
$icon_text .= ' '.$lang_forum['Sticky']; |
|
194 |
} |
|
195 |
||
196 |
$num_pages_topic = ceil(($cur_topic['num_replies'] + 1) / $pun_user['disp_posts']); |
|
197 |
||
198 |
if ($num_pages_topic > 1) |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
199 |
$subject_multipage = '[ '.pun_paginate($num_pages_topic, -1, 'viewtopic.php?id='.$cur_topic['id']).' ]'; |
| 0 | 200 |
else |
201 |
$subject_multipage = null; |
|
202 |
||
203 |
// Should we show the "New posts" and/or the multipage links? |
|
204 |
if (!empty($subject_new_posts) || !empty($subject_multipage)) |
|
205 |
{
|
|
206 |
$subject .= ' '.(!empty($subject_new_posts) ? $subject_new_posts : ''); |
|
207 |
$subject .= !empty($subject_multipage) ? ' '.$subject_multipage : ''; |
|
208 |
} |
|
209 |
||
210 |
?> |
|
211 |
<tr<?php if ($item_status != '') echo ' class="'.trim($item_status).'"'; ?>> |
|
212 |
<td class="tcl"> |
|
213 |
<div class="intd"> |
|
214 |
<div class="<?php echo $icon_type ?>"><div class="nosize"><?php echo trim($icon_text) ?></div></div> |
|
215 |
<div class="tclcon"> |
|
216 |
<?php echo $subject."\n" ?> |
|
217 |
</div> |
|
218 |
</div> |
|
219 |
</td> |
|
220 |
<td class="tc2"><?php echo ($cur_topic['moved_to'] == null) ? $cur_topic['num_replies'] : ' ' ?></td> |
|
221 |
<td class="tc3"><?php echo ($cur_topic['moved_to'] == null) ? $cur_topic['num_views'] : ' ' ?></td> |
|
222 |
<td class="tcr"><?php echo $last_post ?></td> |
|
223 |
</tr> |
|
224 |
<?php |
|
225 |
||
226 |
} |
|
227 |
} |
|
228 |
else |
|
229 |
{
|
|
230 |
||
231 |
?> |
|
232 |
<tr> |
|
233 |
<td class="tcl" colspan="4"><?php echo $lang_forum['Empty forum'] ?></td> |
|
234 |
</tr> |
|
235 |
<?php |
|
236 |
||
237 |
} |
|
238 |
||
239 |
?> |
|
240 |
</tbody> |
|
241 |
</table> |
|
242 |
</div> |
|
243 |
</div> |
|
244 |
</div> |
|
245 |
||
246 |
<div class="linksb"> |
|
247 |
<div class="inbox"> |
|
248 |
<p class="pagelink conl"><?php echo $paging_links ?></p> |
|
249 |
<?php echo $post_link ?> |
|
250 |
<ul><li><a href="index.php"><?php echo $lang_common['Index'] ?></a> </li><li>» <?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?></li></ul> |
|
251 |
<div class="clearer"></div> |
|
252 |
</div> |
|
253 |
</div> |
|
254 |
<?php |
|
255 |
||
256 |
$forum_id = $id; |
|
257 |
$footer_style = 'viewforum'; |
|
258 |
require PUN_ROOT.'footer.php'; |
|
259 |