2) {
if($md_passwd != $userdata[user_password]) {
$die = 1;
}
}
else {
$die = 1;
}
if($die != 1) {
// You've entered your username and password, and no problems have been found, log you in!
$sessid = new_session($userdata[user_id], $REMOTE_ADDR, $sesscookietime, $db);
set_session_cookie($sessid, $sesscookietime, $sesscookiename, $cookiepath, $cookiedomain, $cookiesecure);
}
}
if($die == 1) {
include('page_header.' . $phpEx);
error_die($l_permdeny);
}
// IF we made it this far we are allowed to edit this message, yay!
$is_html_disabled = false;
if($allow_html == 0 || isset($html) )
{
$message = htmlspecialchars($message);
$is_html_disabled = true;
}
if($allow_bbcode == 1 && !isset($bbcode))
$message = bbencode($message, $is_html_disabled);
if(!$smile)
$message = smile($message);
// MUST do make_clickable() (and smile()) before changing \n into
.
$message = make_clickable($message);
$message = str_replace("\n", "
", $message);
$edit_by = get_syslang_string($sys_lang, "l_editedby");
$on_date = get_syslang_string($sys_lang, "l_ondate");
// If it's been edited more than once, there might be old "edited by" strings with
// escaped HTML code in them. We want to fix this up right here:
$message = preg_replace("#<font\ size\=-1>\[\ $edit_by(.*?)\ \]</font>#si", '[ ' . $edit_by . '\1 ]', $message);
$message .= "
[ $edit_by $username $on_date $date ]";
$message = censor_string($message, $db);
$message = addslashes($message);
if(!$delete) {
$forward = 1;
$topic = $topic_id;
$forum = $forum_id;
include('page_header.' . $phpEx);
$sql = "UPDATE posts_text SET post_text = '$message' WHERE (post_id = '$post_id')";
if(!$result = mysql_query($sql, $db))
error_die("Unable to update the posting in the database");
$subject = strip_tags($subject);
if(isset($subject) && (trim($subject) != '')) {
if(!isset($notify))
$notify = 0;
else
$notify = 1;
$subject = censor_string($subject, $db);
$subject = addslashes($subject);
$sql = "UPDATE topics SET topic_title = '$subject', topic_notify = '$notify' WHERE topic_id = '$topic_id'";
if(!$result = mysql_query($sql, $db)) {
error_die("Unable to update the topic subject in the database");
}
}
echo "
";
echo "";
echo "";
echo "
$l_stored";
echo " | |
";
}
else {
$now_hour = date("H");
$now_min = date("i");
list($hour, $min) = split(":", $time);
// NOT ((time is good) OR (user is supermod/admin) OR (user is moderator of this forum))
if (!( (($now_hour == $hour && $min_now - 30 < $min) || ($now_hour == $hour +1 && $now_min - 30 > 0))
||
($userdata[user_level] > 2 || is_moderator($forum, $userdata[user_id], $db)) ))
{
include('page_header.' . $phpEx);
error_die($l_permdeny);
}
include('page_header.'.$phpEx);
$last_post_in_thread = get_last_post($topic_id, $db, "time_fix");
$sql = "DELETE FROM posts WHERE post_id = '$post_id'";
if(!$r = mysql_query($sql, $db)){
error_die("Couldn't delete post from database");
}
$sql = "DELETE FROM posts_text WHERE post_id = '$post_id'";
if(!$r = mysql_query($sql, $db)){
error_die("Couldn't delete post from database");
}
else if($last_post_in_thread == $this_post_time) {
$topic_time_fixed = get_last_post($topic_id, $db, "time_fix");
$sql = "UPDATE topics SET topic_time = '$topic_time_fixed' WHERE topic_id = '$topic_id'";
if(!$r = mysql_query($sql, $db)) {
error_die("Couldn't update to previous post time - last post has been removed");
}
}
if(get_total_posts($topic_id, $db, "topic") == 0)
{
$sql = "DELETE FROM topics WHERE topic_id = '$topic_id'";
if(!$r = mysql_query($sql, $db))
error_die("Couldn't delete topic from database");
$topic_removed = TRUE;
}
if($posterdata[user_id] != -1) {
$sql = "UPDATE users SET user_posts = user_posts - 1 WHERE user_id = $posterdata[user_id]";
if(!$r = mysql_query($sql, $db))
{
error_die("Couldn't change user post count.");
}
}
sync($db, $forum, 'forum');
if(!$topic_removed)
{
sync($db, $topic_id, 'topic');
}
echo "
";
echo "";
echo "";
echo "
$l_deleted ";
echo " | |
";
}
}
else {
// Gotta handle private forums right here. They're naturally covered on submit, but not in this part.
$sql = "SELECT f.forum_type, f.forum_name, t.topic_title FROM forums f, topics t WHERE (f.forum_id = '$forum') AND (t.topic_id = $topic) AND (t.forum_id = f.forum_id)";
if(!$result = mysql_query($sql, $db))
{
error_die("Couldn't get forum and topic information from the database.");
}
if(!$myrow = mysql_fetch_array($result))
{
error_die("Error - The forum/topic you selected does not exist. Please go back and try again.");
}
if(($myrow[forum_type] == 1) && !$user_logged_in && !$logging_in)
{
// Private forum, no valid session, and login form not submitted...
require('page_header.'.$phpEx);
?>
$sql");
$myrow = mysql_fetch_array($result);
// Freekin' ugly but I couldn't get it to work right as 1 big if
// - James
if ($user_logged_in) {
if($userdata[user_level] <= 2) {
if($userdata[user_level] == 2 && !is_moderator($forum, $userdata[user_id], $db)) {
if($userdata[user_level] < 2 && ($userdata[user_id] != $myrow[user_id]))
error_die($l_notedit);
}
}
}
$message = $myrow[post_text];
if(eregi("\[addsig]$", $message))
$addsig = 1;
else
$addsig = 0;
$message = eregi_replace("\[addsig]$", "\n_________________\n" . $myrow[user_sig], $message);
$message = str_replace("
", "\n", $message);
$message = stripslashes($message);
$message = desmile($message);
$message = bbdecode($message);
$message = undo_make_clickable($message);
$message = undo_htmlspecialchars($message);
// Special handling for tags in the message, which can break the editing form..
$message = preg_replace('##si', '</TEXTAREA>', $message);
list($day, $time) = split(" ", $myrow[post_time]);
?>