2 /****************************************************************************/
4 /****************************************************************************/
5 /* Copyright (c) 2002-2010 */
6 /* Inclusive Design Institute */
9 /* This program is free software. You can redistribute it and/or */
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /****************************************************************************/
14 define('AT_INCLUDE_PATH', '../../../../include/');
15 require(AT_INCLUDE_PATH.'vitals.inc.php');
17 $fid = intval($_GET['fid']);
18 $_GET['reply'] = isset($_GET['reply']) ? $_GET['reply'] : '';
21 if (!isset($_GET['fid']) || !$fid) {
22 header('Location: list.php');
26 require(AT_INCLUDE_PATH.'../mods/_standard/forums/lib/forums.inc.php'); // for print_entry et al
28 if (!valid_forum_user($fid)) {
29 require(AT_INCLUDE_PATH.'header.inc.php');
30 $msg->printErrors('FORUM_DENIED');
31 require(AT_INCLUDE_PATH.'footer.inc.php');
35 // set default thread display order to ascending
36 if (!isset($_SESSION['thread_order']))
38 $_SESSION['thread_order'] = 'a';
40 else if (isset($_GET['order']))
42 $_SESSION['thread_order'] = $_GET['order'];
45 $forum_info = get_forum($fid);
47 $_pages[url_rewrite('mods/_standard/forums/forum/index.php?fid='.$fid)]['title'] = get_forum_name($fid);
48 $_pages[url_rewrite('mods/_standard/forums/forum/index.php?fid='.$fid)]['parent'] = 'mods/_standard/forums/forum/list.php';
49 $_pages[url_rewrite('mods/_standard/forums/forum/index.php?fid='.$fid)]['children'] = array(url_rewrite('mods/_standard/forums/forum/new_thread.php?fid='.$fid), 'search.php?search_within[]=forums');
51 $_pages[url_rewrite('mods/_standard/forums/forum/new_thread.php?fid='.$fid)]['title_var'] = 'new_thread';
52 $_pages[url_rewrite('mods/_standard/forums/forum/new_thread.php?fid='.$fid)]['parent'] = url_rewrite('mods/_standard/forums/forum/index.php?fid='.$fid);
54 $_pages['mods/_standard/forums/forum/view.php']['parent'] = url_rewrite('mods/_standard/forums/forum/index.php?fid='.$fid);
55 $_pages['search.php?search_within[]=forums']['title_var'] = 'search';
56 $_pages['search.php?search_within[]=forums']['parent'] = url_rewrite('mods/_standard/forums/forum/index.php');
58 if ($_REQUEST['reply']) {
59 $onload = 'document.form.subject.focus();';
62 $pid = intval($_GET['pid']);
68 $page = (intval($_GET['page'])>0)?(intval($_GET['page'])):1;
70 $start = ($page-1)*$num_per_page;
72 /* get the first thread first */
73 $sql = "SELECT *, DATE_FORMAT(date, '%Y-%m-%d %H:%i:%s') AS date, UNIX_TIMESTAMP(date) AS udate FROM ".TABLE_PREFIX."forums_threads WHERE post_id=$pid AND forum_id=$fid";
74 $result = mysql_query($sql, $db);
76 if (!($post_row = mysql_fetch_array($result))) {
77 require(AT_INCLUDE_PATH.'header.inc.php');
78 $_pages['mods/_standard/forums/forum/view.php']['title'] = _AT('no_post');
81 require(AT_INCLUDE_PATH.'footer.inc.php');
85 $_pages['mods/_standard/forums/forum/view.php']['title'] = $post_row['subject'];
87 require(AT_INCLUDE_PATH.'header.inc.php');
90 <a href="<?php echo htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES); ?>#post" style="border: 0px;"><img src="<?php echo $_base_path; ?>images/clr.gif" height="1" width="1" border="0" alt="<?php echo _AT('reply'); ?>" /></a>
94 * Protect data consistency
95 * Make sure the pid we are inserting is actually a thread post_id, otherwise we get dangling pointers
96 * in the case of injection
99 if ($_SESSION['valid_user']) {
100 $sql2 = "INSERT INTO ".TABLE_PREFIX."forums_accessed VALUES ($pid, $_SESSION[member_id], NOW(), 0)";
101 $result2 = mysql_query($sql2, $db);
103 $sql2 = "UPDATE ".TABLE_PREFIX."forums_accessed SET last_accessed=NOW() WHERE post_id=$pid AND member_id=$_SESSION[member_id]";
104 $result2 = mysql_query($sql2, $db);
108 $num_threads = $post_row['num_comments']+1;
109 $num_pages = ceil($num_threads/$num_per_page);
110 $locked = $post_row['locked'];
112 echo '<p><strong>'._AT('lock_no_read1').'</strong></p>';
113 require(AT_INCLUDE_PATH.'footer.inc.php');
117 $parent_name = $post_row['subject'];
119 echo '<ul class="forum-thread">';
120 print_entry($post_row);
121 $subject = $post_row['subject'];
122 if ($_GET['reply'] == $post_row['post_id']) {
123 $saved_post = $post_row;
127 <div class="forum-paginator" style="background-color:#F5F5F5;">
130 $sql = "SELECT *, DATE_FORMAT(date, '%Y-%m-%d %H-%i:%s') AS date, UNIX_TIMESTAMP(date) AS udate FROM ".TABLE_PREFIX."forums_threads WHERE parent_id=$pid AND forum_id=$fid ORDER BY date ";
131 if ($_SESSION['thread_order'] == 'a')
132 $sql .= "ASC LIMIT $start, $num_per_page";
134 $sql .= "DESC LIMIT $start, $num_per_page";
136 $result = mysql_query($sql, $db);
138 if (mysql_num_rows($result) > 0)
140 echo '<div class="forum-paginator">';
141 echo '<div style="float:right;">';
142 if ($_SESSION['thread_order'] == 'a')
143 echo '<a href="'.url_rewrite($_SERVER['PHP_SELF'].'?fid='.$fid.SEP.'pid='.$pid.SEP.'page='.$page.SEP.'order=d').'">
144 <img src="'.AT_BASE_HREF.'images/up.png" border="0" alt=""> '._AT('recent_first').'
147 echo '<a href="'.url_rewrite($_SERVER['PHP_SELF'].'?fid='.$fid.SEP.'pid='.$pid.SEP.'page='.$page.SEP.'order=a').'">
148 <img src="'.AT_BASE_HREF.'images/down.png" border="0" alt=""> '._AT('recent_last').'
153 echo _AT('page').': ';
154 for ($i=1; $i<=$num_pages; $i++) {
156 echo '<span class="forum-paginator-active">'.$i.'</span>';
158 echo '<a href="'.url_rewrite($_SERVER['PHP_SELF'].'?fid='.$fid.SEP.'pid='.$pid.SEP.'page='.$i.SEP.'order='.$_SESSION['thread_order']).'">'.$i.'</a>';
162 echo ' <span class="spacer">|</span> ';
166 echo '<ul class="forum-thread">';
168 while ($row = mysql_fetch_assoc($result)) {
170 $subject = $row['subject'];
171 if ($_GET['reply'] == $row['post_id']) {
177 echo '<div class="forum-paginator">';
178 echo _AT('page').': ';
179 for ($i=1; $i<=$num_pages; $i++) {
181 echo '<span class="forum-paginator-active">'.$i.'</span>';
183 echo '<a href="'.url_rewrite($_SERVER['PHP_SELF'].'?fid='.$fid.SEP.'pid='.$pid.SEP.'page='.$i.SEP.'order='.$_SESSION['thread_order']).'">'.$i.'</a>';
187 echo ' <span class="spacer">|</span> ';
195 if (substr($subject,0,3) != 'Re:') {
196 $subject = 'Re: '.$subject;
199 if ($_SESSION['valid_user'] && $_SESSION['enroll'] && !$locked) {
200 $sql = "SELECT subscribe FROM ".TABLE_PREFIX."forums_accessed WHERE post_id=$_GET[pid] AND member_id=$_SESSION[member_id]";
201 $result = mysql_query($sql, $db);
202 $row = mysql_fetch_assoc($result);
203 if ($row['subscribe']) {
204 echo '<p><a href="mods/_standard/forums/forum/subscribe.php?fid='.$fid.SEP.'pid='.$_GET['pid'].SEP.'us=1">'._AT('unsubscribe').'</a></p>';
207 echo '<p><a href="mods/_standard/forums/forum/subscribe.php?fid='.$fid.SEP.'pid='.$_GET['pid'].'">'._AT('subscribe').'</a></p>';
211 if ($_SESSION['valid_user'] && !$_SESSION['enroll']) {
212 echo '<p><strong>'._AT('enroll_to_post').'</strong></p>';
213 } else if ($locked == 0) {
214 require(AT_INCLUDE_PATH.'../mods/_standard/forums/html/new_thread.inc.php');
216 echo '<p><strong>'._AT('lock_no_post1').'</strong></p>';
219 require(AT_INCLUDE_PATH.'footer.inc.php');