2 /****************************************************************/
4 /****************************************************************/
5 /* Copyright (c) 2002-2010 */
6 /* Inclusive Design Institute */
9 /* This program is free software. You can redistribute it and/or*/
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /****************************************************************/
14 define('AT_INCLUDE_PATH', '../../../../include/');
15 require(AT_INCLUDE_PATH.'vitals.inc.php');
16 require(AT_INCLUDE_PATH.'../mods/_standard/forums/lib/forums.inc.php');
18 $_section[0][0] = _AT('discussions');
19 $_section[0][1] = 'discussions/';
21 $pid = intval($_GET['pid']);
22 $fid = intval($_GET['fid']);
24 // check if they have access
25 if (!valid_forum_user($fid) || !$_SESSION['enroll']) {
26 $msg->addError('FORUM_NOT_FOUND');
27 header('Location: list.php');
31 $sql = "SELECT subject FROM ".TABLE_PREFIX."forums_threads WHERE post_id=$pid AND forum_id=$fid";
32 $result = mysql_query($sql, $db);
33 if (!($row = mysql_fetch_assoc($result))) {
34 $msg->addError('FORUM_NOT_FOUND');
35 header('Location: list.php');
38 $thread_name = $row['subject'];
41 * Protect against url injection
42 * Maintain consistency in data by not allowing any subscription to a reply thread, only top level id's (0).
44 $sql = "SELECT parent_id FROM " . TABLE_PREFIX."forums_threads WHERE post_id=$pid AND forum_id=$fid";
45 $result = mysql_query($sql, $db);
46 if ($row = mysql_fetch_assoc($result)) {
47 if ($row['parent_id'] > 0) { // not allowed, only top level
48 $msg->addError('FORUM_NO_SUBSCRIBE');
49 header('Location: view.php?fid='.$fid.SEP.'pid='.$row['parent_id']); // take us back to where we were
56 $sql = "UPDATE ".TABLE_PREFIX."forums_accessed SET subscribe=0 WHERE post_id=$pid AND member_id=$_SESSION[member_id]";
57 $result = mysql_query($sql, $db);
60 $sql = "REPLACE INTO ".TABLE_PREFIX."forums_accessed VALUES ($pid, $_SESSION[member_id], NOW(), 1)";
61 $result = mysql_query($sql, $db);
66 $this_pid = 'index.php?fid='.$fid;
68 $this_pid = 'view.php?fid='.$fid.SEP.'pid='.$pid;
71 if ($_GET['us'] == '1') {
72 $msg->addFeedback(array('THREAD_UNSUBSCRIBED', $thread_name));
73 header('Location: '.AT_BASE_HREF.'mods/_standard/forums/forum/'.$this_pid);
78 $msg->addFeedback(array('THREAD_SUBSCRIBED', $thread_name ));
79 header('Location: '.AT_BASE_HREF.'mods/_standard/forums/forum/'.$this_pid);