Просмотр файла modules/forum/controllers/forum.php

Размер файла: 21.12Kb
<?php
/**
 * MobileCMS
 *
 * Open source content management system for mobile sites
 *
 * @author MobileCMS Team <[email protected]>
 * @copyright Copyright (c) 2011, MobileCMS Team
 * @link http://mobilecms.ru Official site
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
 */

defined('IN_SYSTEM') or die('<b>403<br />Запрет доступа!</b>');

/**
 * Контроллер форума, пользовательская часть
 */
class Forum_Controller extends Controller {
	/**
	* Метод по умолчанию
	*/
	public function action_index() {
		$this->action_list_sections();
	}

	/**
	* Список разделов
	*/
	public function action_list_sections() {
		$sections = array();
		$result = $this->db->query("SELECT * FROM #__forum_sections ORDER BY position");
		while($section = $this->db->fetch_array($result)) {
			if($this->config['forum']['show_forums_in_list_sections'] || $section['section_id'] == @$_GET['section_id']) {
				$section['forums'] = array();
				$result1 = $this->db->query("SELECT * FROM #__forum_forums WHERE section_id = '". $section['section_id'] ."' ORDER BY position");
				while($forum = $this->db->fetch_array($result1)) $section['forums'][] = $forum;
			}
			$sections[] = $section;
		}

		$this->tpl->assign(array(
			'sections' => $sections
		));
	
		$this->tpl->display('list_sections');
	}

	/**
	* Просмотр форума
	*/
	public function action_viewforum() {
		$this->per_page = $this->config['forum']['topics_per_page'];

		if($_GET['type'] != 'new') {
			if(!$forum = $this->db->get_row("SELECT * FROM #__forum_forums WHERE forum_id = '". intval($_GET['forum_id']) ."'"))
				a_error("Форум не найден!");
		}

		# Получение данных
		switch($_GET['type']) {
			case 'new':
				$sql = "SELECT SQL_CALC_FOUND_ROWS ft.*, u.username AS last_username
		  			FROM #__forum_topics AS ft
		  			INNER JOIN #__users AS u ON ft.last_user_id = u.user_id
		  			ORDER BY ft.time DESC
		  			LIMIT $this->start, $this->per_page";
		  		break;
			default:
				$sql = "SELECT SQL_CALC_FOUND_ROWS ft.*, u.username AS last_username
		  			FROM #__forum_topics AS ft
		  			INNER JOIN #__users AS u ON ft.last_user_id = u.user_id
		  			WHERE ft.forum_id = '". $forum['forum_id'] ."'
		  			ORDER BY ft.is_top_topic DESC, ft.last_message_time DESC
		  			LIMIT $this->start, $this->per_page";
				break;
		}

		$topics = $this->db->get_array($sql);
		$total = $this->db->get_one("SELECT FOUND_ROWS()");

		# Пагинация
		$pg_conf['base_url'] = a_url('forum/viewforum', 'forum_id='. $_GET['forum_id'] .'&amp;type='. $_GET['type'] .'&amp;start=');
		$pg_conf['total_rows'] = $total;
		$pg_conf['per_page'] = $this->per_page;

		a_import('libraries/pagination');
		$pg = new CI_Pagination($pg_conf);

		$this->tpl->assign(array(
			'topics' => $topics,
			'forum' => $forum,
			'total' => $total,
			'pagination' => $pg->create_links(),
			'section' => $this->db->get_row("SELECT * FROM #__forum_sections WHERE section_id = '". $forum['section_id'] ."'"),
			'messages_per_page' => $this->config['forum']['messages_per_page']
		));

		$this->tpl->display('viewforum');
	}

	/**
	* Просмотр темы
	*/
	public function action_viewtopic() {
		$this->per_page = $this->config['forum']['messages_per_page'];

		if(!$topic = $this->db->get_row("SELECT * FROM #__forum_topics WHERE topic_id = '". intval($_GET['topic_id']) ."'"))
			a_error("Тема не найдена!");

		# Получение данных
  		$result = $this->db->query("SELECT SQL_CALC_FOUND_ROWS fm.*, u.username AS username, u.status AS user_status, up.avatar AS avatar_exists, u.last_visit, ff.file_id, ff.file_size, ff.file_downloads, ff.file_name
  			FROM #__forum_messages AS fm
  			INNER JOIN #__users AS u USING(user_id)
  			LEFT JOIN #__users_profiles AS up USING(user_id)
			LEFT JOIN #__forum_files AS ff USING(message_id)
  			WHERE fm.topic_id = '". $topic['topic_id'] ."'
  			ORDER BY fm.message_id ASC
  			LIMIT $this->start, $this->per_page
  		");

  		$messages = array();
  		$num = $this->start;
  		if(!class_exists('smiles')) a_import('modules/smiles/helpers/smiles');
  		while($message = $this->db->fetch_array($result)) {
  			$message['num'] = ++$num;
  			$message['message'] = main::bbcode($message['message']);
  			$message['message'] = smiles::smiles_replace($message['message']);
  			$message['message'] = nl2br($message['message']);
  			$messages[] = $message;
  		}

  		$total = $this->db->get_one("SELECT FOUND_ROWS()");

		# Пагинация
		$pg_conf['base_url'] = a_url('forum/viewtopic', 'topic_id='. $_GET['topic_id'] .'&amp;start=');
		$pg_conf['total_rows'] = $total;
		$pg_conf['per_page'] = $this->per_page;

		a_import('libraries/pagination');
		$pg = new CI_Pagination($pg_conf);

		$this->tpl->assign(array(
			'messages' => $messages,
			'topic' => $topic,
			'total' => $total,
			'pagination' => $pg->create_links(),
			'forum' => $this->db->get_row("SELECT * FROM #__forum_forums WHERE forum_id = '". $topic['forum_id'] ."'")
		));

		$this->tpl->display('viewtopic');
	}

	/**
	* Закрепление / открепление темы
	*/
	public function action_topic_top() {
		if(!$topic = $this->db->get_row("SELECT * FROM #__forum_topics WHERE topic_id = '". intval($_GET['topic_id']) ."'"))
			a_error("Тема не найдена!");
	
		if(ACCESS_LEVEL < 8) a_error('У вас нет прав на выполнение этой операции!');
	
		$status = $_GET['a'] == 'top' ? 1 : 0;
		$this->db->query("UPDATE #__forum_topics SET is_top_topic = '$status' WHERE topic_id = '". $topic['topic_id'] ."'");
	
		header("Location: ". a_url('forum/viewforum', 'forum_id='. $topic['forum_id'] .'&start='. @$_GET['start'], TRUE));
		exit;
	}

	/**
	* Закрытие / окрытие темы
	*/
	public function action_topic_close() {
		if(!$topic = $this->db->get_row("SELECT * FROM #__forum_topics WHERE topic_id = '". intval($_GET['topic_id']) ."'"))
			a_error("Тема не найдена!");
	
		if(ACCESS_LEVEL < 8) a_error('У вас нет прав на выполнение этой операции!');
	
		$status = $_GET['a'] == 'close' ? 1 : 0;
		$this->db->query("UPDATE #__forum_topics SET is_close_topic = '$status' WHERE topic_id = '". $topic['topic_id'] ."'");
	
		header("Location: ". a_url('forum/viewforum', 'forum_id='. $topic['forum_id'] .'&start='. @$_GET['start'], TRUE));
		exit;
	}

	/**
	* Закрытие / окрытие темы
	*/
	public function action_topic_delete() {
		if(!$topic = $this->db->get_row("SELECT * FROM #__forum_topics WHERE topic_id = '". intval($_GET['topic_id']) ."'"))
			a_error("Тема не найдена!");
	
		if(ACCESS_LEVEL < 8) a_error('У вас нет прав на выполнение этой операции!');

		if(!empty($_GET['confirm'])) {
			# удаляем тему
			$this->db->query("DELETE FROM #__forum_topics WHERE topic_id = '". $topic['topic_id'] ."'");
			# удаляем сообщения в теме
			$this->db->query("DELETE FROM #__forum_messages WHERE topic_id = '". $topic['topic_id'] ."'");
			# обновляем счетчик тем и сообщений в форуме
			$this->db->query("UPDATE #__forum_forums SET
				topics = topics - 1,
				messages = messages - ". $topic['messages'] ." - 1
				WHERE forum_id = '". $topic['forum_id'] ."'
			");
	
			header("Location: ". a_url('forum/viewforum', 'forum_id='. $topic['forum_id'] .'&start='. @$_GET['start'], TRUE));
			exit;
		}
		else a_confirm('Действительно хотите удалить тему &laquo;'. $topic['name'] .'&raquo; со всеми сообщениями?', a_url('forum/topic_delete', 'confirm=yes&amp;topic_id='. $topic['topic_id'] .'&amp;start='. @$_GET['start']), a_url('forum/viewforum', 'forum_id='. $topic['forum_id'] .'&amp;start='. @$_GET['start']));
	}

	/**
	* Удаление сообщения
	*/
	public function action_message_delete() {
		if(!$message = $this->db->get_row("SELECT m.*,
			(SELECT status FROM #__users AS u WHERE u.user_id = m.user_id) AS user_status
			FROM #__forum_messages AS m
			WHERE message_id = '". intval($_GET['message_id']) ."'"))
			a_error("Сообщение не найдено!");

		if(!a_check_rights($message['user_id'], $message['user_status']) || !$message['is_last_message'])
			a_error('У вас нет права удалять данное сообщение!');

		if(!empty($_GET['confirm'])) {
			# Удаляем сообщение
			$this->db->query("DELETE FROM #__forum_messages WHERE message_id = '". $message['message_id'] ."'");
			# Обновляем счетчики сообщений
			$this->db->query("UPDATE #__forum_topics SET messages = messages - 1 WHERE topic_id = '". $message['topic_id'] ."'");
			$this->db->query("UPDATE #__forum_forums SET messages = messages - 1 WHERE forum_id = '". $message['forum_id'] ."'");
	
			# Отнимаем рейтинг
			user::rating_update(-1, $message['user_id']);
	
			header("Location: ". a_url('forum/viewtopic', 'topic_id='. $message['topic_id'] .'&start='. @$_GET['start'], TRUE));
			exit;
		}
		else a_confirm('Действительно хотите удалить данное сообщение?', a_url('forum/message_delete', 'confirm=yes&amp;message_id='. $message['message_id'] .'&amp;start='. @$_GET['start']), a_url('forum/viewtopic', 'topic_id='. $message['topic_id'] .'&amp;start='. @$_GET['start']));
	}

	/**
	* Постинг
	*/
	public function action_posting() {
		if(!empty($_GET['new_topic'])) {
			if(!$forum = $this->db->get_row("SELECT * FROM #__forum_forums WHERE forum_id = '". intval($_GET['forum_id']) ."'"))
				a_error("Форум не найден!");
			$action = 'new_topic';
			$message = array();
			$title = "Новая тема";
	
			if(USER_ID == -1 && !$this->config['forum']['guests_create_topics'])
				a_error("Гости не имеют права создвать темы!<br />Зарегистрируйтесь или войдите под своим именем.");
		}
		else {
			if(is_numeric($_GET['message_id'])) {
				if(!$message = $this->db->get_row("SELECT * FROM #__forum_messages WHERE message_id = '". intval($_GET['message_id']) ."'"))
					a_error("Сообщение не найдено!");
					
				if(ACCESS_LEVEL < 8 && $message['user_id'] != USER_ID)
					a_error("У вас нет прав редактировать данное сообщение!");
				
				if($message['is_first_message'] == 1) {
					$action = 'edit_first_message';
				}
				else {
					$action = 'edit_message';
				}
	
				$title = "Редактировать сообщение";
				$message_text = $message['message'];
				$topic_id = $message['topic_id'];
			}
			else {
				$action = 'new_message';
				$message = array();
				$title = "Новое сообщение";
				$topic_id = $_GET['topic_id'];
	
				$message_text = '';
	
				if(!empty($_GET['replay'])) {
					$message_text .= '[b]'. $_GET['replay'] .'[/b], ';
				}
				elseif(is_numeric($_GET['q'])) {
					if(!$q_post = $this->db->get_row("SELECT * FROM #__forum_messages LEFT JOIN #__users USING(user_id) WHERE message_id = '". intval($_GET['q']) ."'"))
						a_error("Не найден пост для цитирования");
	
					$message_text .= '[q]'. $q_post['username'] .' ('. date('d.m.Y в H:i', $q_post['time']) .')'. PHP_EOL;
					$message_text .= $q_post['message'] .'[/q]'. PHP_EOL;
				}

				if(USER_ID == -1 && !$this->config['forum']['guests_write_messages'])
					a_error("Гости не имеют отвечать на темы!<br />Зарегистрируйтесь или войдите под своим именем.");
			}

			if(!$topic = $this->db->get_row("SELECT * FROM #__forum_topics WHERE topic_id = '". intval($topic_id) ."'"))
				a_error("Тема не найдена!");

	   		# Определяем можно ли постить в теме
	   		if(ACCESS_LEVEL < 8 && $topic['is_close_topic'])
	   			a_error("Тема закрыта, вы не имеете права писать и редактировать сообщения!");
	  	}

		if(isset($_POST['submit'])) {
			if($action == 'new_topic' || $action == 'edit_first_message') {
				if(empty($_POST['topic_name'])) {
					$this->error .= 'Укажите название темы!<br />';
				}
			}
			if(empty($_POST['message'])) {
				$this->error .= 'Укажите сообщение!<br />';
			}
			# Проверка кода с картинки
			if(USER_ID == -1) {
				if($_POST['captcha_code'] != $_SESSION['captcha_code']) {
					$this->error .= 'Неверно указан код с картинки<br />';
				}
			}
			# Проверка прикрепляемого файла
			if(!empty($_FILES['attach']['tmp_name'])) {
				$file_ext = array_pop(explode('.', $_FILES['attach']['name']));
				
				if(!strstr(';'. $this->config['forum']['allowed_filetypes'] .';', ';'. $file_ext .';'))
					$this->error .= 'Вы пытаетесь загрузить запрещенный тип файла<br />';
					
				if(filesize($_FILES['attach']['tmp_name']) > $this->config['forum']['max_filesize'] * 1048576)
					$this->error .= 'Размер загружаемого файла превышает допустимый размер ('. $this->config['forum']['max_filesize'] .' Mb)<br />';
			}

			if(!$this->error) {
				$_SESSION['captcha_code'] = main::get_unique_code(4);

				switch($action) {
					# Создание темы
					case 'new_topic':
						# Добавляем тему
						$this->db->query("INSERT INTO #__forum_topics SET
							section_id = '". $forum['section_id'] ."',
							forum_id = '". $forum['forum_id'] ."',
							user_id = '". USER_ID ."',
							name = '". a_safe($_POST['topic_name']) ."',
							time = UNIX_TIMESTAMP(),
							last_message_time = UNIX_TIMESTAMP(),
							last_user_id = '". USER_ID ."'
						");
						$topic_id = $this->db->insert_id();
	
						# Добавляем сообщение
						$this->db->query("INSERT INTO #__forum_messages SET
							topic_id = '". $topic_id ."',
							section_id = '". $forum['section_id'] ."',
							forum_id = '". $forum['forum_id'] ."',
							user_id = '". USER_ID ."',
							message = '". a_safe($_POST['message']) ."',
							is_first_message = 1,
							time = UNIX_TIMESTAMP()
						");
						$message_id = $this->db->insert_id();
	
						# Увеличиваем количество тем и сообщений в форуме
						$this->db->query("UPDATE #__forum_forums SET
							topics = topics + 1,
							messages = messages + 1
							WHERE
							forum_id = '". $forum['forum_id'] ."'
						");
		
						# Добавляем рейтинг
						user::rating_update();
	
						$location = a_url('forum/viewtopic', 'topic_id='. $topic_id, true);
						break;
					# Добавление сообщения
					case 'new_message':
						# Снимаем метку с последнего сообщения
						$this->db->query("UPDATE #__forum_messages SET is_last_message = 0 WHERE topic_id = '". $topic['topic_id'] ."'");
	
						# Добавляем сообщение
						$this->db->query("INSERT INTO #__forum_messages SET
							topic_id = '". $topic['topic_id'] ."',
							section_id = '". $topic['section_id'] ."',
							forum_id = '". $topic['forum_id'] ."',
							user_id = '". USER_ID ."',
							message = '". a_safe($_POST['message']) ."',
							is_last_message = 1,
							time = UNIX_TIMESTAMP()
						");
						$message_id = $this->db->insert_id();
	
						# Обновляем счетчик сообщений темы и время последнего сообщения
						$this->db->query("UPDATE #__forum_topics SET
							messages = messages + 1,
							last_message_time = UNIX_TIMESTAMP(),
							last_user_id = '". USER_ID ."'
							WHERE topic_id = '". $topic['topic_id'] ."'
						");
	
						# Увеличиваем количество сообщений в форуме
						$this->db->query("UPDATE #__forum_forums SET
							messages = messages + 1
							WHERE
							forum_id = '". $topic['forum_id'] ."'
						");
	
						# Добавляем рейтинг
						user::rating_update();
	
						# Определяем start для пагинации
						$messages = $topic['messages'] + 1;
						$start = floor($messages / $this->config['forum']['messages_per_page']) * $this->config['forum']['messages_per_page'];
		
						$location = a_url('forum/viewtopic', 'topic_id='. $topic['topic_id'] .'&start='. $start, true);
						break;
					# Редактирование сообщения
					case 'edit_first_message':
						$this->db->query("UPDATE #__forum_topics SET name = '". a_safe($_POST['topic_name']) ."' WHERE topic_id = '". $message['topic_id'] ."'");
					case 'edit_message':
						# Изменяем сообщение
						$this->db->query("UPDATE #__forum_messages SET
							message = '". a_safe($_POST['message']) ."',
							edit_editor = '". $this->user['username'] ."',
							edit_time = UNIX_TIMESTAMP(),
							edit_count = edit_count + 1
							WHERE
							message_id = '". $message['message_id'] ."'
						");
						$message_id = $message['message_id'];
	
						$location = a_url('forum/viewtopic', 'topic_id='. $message['topic_id'], true);
						break;
				}
				
				if(!empty($_FILES['attach']['tmp_name'])) {
					# Удаляем старый файл, если имеется
					if($old_file = $this->db->get_row("SELECT * FROM #__forum_files WHERE message_id = '$message_id'")) {
						@unlink(ROOT .'files/forum/'. main::get_dir($old_file['file_id']) .'/'. $old_file['file_name']);
						$this->db->query("DELETE FROM #__forum_files WHERE file_id = '". $old_file['file_id'] ."'");
					}
					
					# Получаем ID нового файла
					$this->db->query("INSERT INTO #__forum_files SET file_id = NULL");
					$file_id = $this->db->insert_id();
					
					# Генерируем имя загружаемого файла
					$file_name = $file_id .'_'. preg_replace('/[^a-zA-Z0-9_\.]+/', '', $_FILES['attach']['name']);
					
					# Создаем папку для файла если необходимо
					$directory = ROOT .'files/forum/'. main::get_dir($file_id);
					if(!file_exists($directory)) {
						mkdir($directory);
						chmod($directory, 0777);
					}
					
					# Перемещаем новый файл
					move_uploaded_file($_FILES['attach']['tmp_name'], $directory .'/'. $file_name);
					chmod($directory .'/'. $file_name, 0777);
					
					# Получаем размер файла
					$file_size = filesize($directory .'/'. $file_name);
					
					# Обновляем данные о файле
					$this->db->query("UPDATE #__forum_files SET
						message_id = '$message_id',
						file_name = '". a_safe($file_name) ."',
						file_size = '$file_size'
						WHERE file_id = $file_id
					");
				}
				
				header('Location: '. $location);
				exit;
			}
		}
		if(!isset($_POST['submit']) || $this->error) {
			$_SESSION['captcha_code'] = main::get_unique_code(4);
	
			$this->tpl->assign(array(
			'error' => $this->error,
			'title' => $title,
			'message' => $message,
			'topic' => $topic,
			'forum' => $forum,
			'action' => $action,
			'message_text' => $message_text
			));
	
			$this->tpl->display('posting');
		}
	}

	/**
	* Листинг новых сообщений
	*/
	public function action_new_messages() {
		$this->per_page = $this->config['forum']['messages_per_page'];

		$sql = "SELECT SQL_CALC_FOUND_ROWS m.*, t.name AS topic_name, u.username, u.last_visit, up.avatar AS avatar_exists,
			(SELECT COUNT(*) FROM #__forum_messages AS fm WHERE fm.topic_id = m.topic_id) AS all_messages
			FROM #__forum_messages AS m LEFT JOIN #__forum_topics AS t USING(topic_id) LEFT JOIN #__users AS u ON u.user_id = m.user_id LEFT JOIN #__users_profiles AS up ON up.user_id = u.user_id
			ORDER BY m.time DESC
			LIMIT $this->start, $this->per_page
		";

		$result = $this->db->query($sql);
		$total = $this->db->get_one("SELECT FOUND_ROWS()");

		$messages = array();
  		if(!class_exists('smiles')) a_import('modules/smiles/helpers/smiles');
  		while($message = $this->db->fetch_array($result)) {
  			$message['message'] = main::bbcode($message['message']);
  			$message['message'] = smiles::smiles_replace($message['message']);
  			$message['message'] = nl2br($message['message']);
  			$messages[] = $message;
  		}

  		# Пагинация
		$pg_conf['base_url'] = a_url('forum/new_messages', 'start=');
		$pg_conf['total_rows'] = $total;
		$pg_conf['per_page'] = $this->per_page;

		a_import('libraries/pagination');
		$pg = new CI_Pagination($pg_conf);

		$this->tpl->assign(array(
			'messages' => $messages,
			'total' => $total,
			'pagination' => $pg->create_links(),
			'messages_per_page' => $this->per_page
		));

		$this->tpl->display('new_messages');
	}
	
	/**
	 * Скачивание прикрепленного файла
	 */
	public function action_download_attach() {
		if(!$file = $this->db->get_row("SELECT * FROM #__forum_files WHERE file_id = '". intval($_GET['file_id']) ."'"))
			a_error('Файл не найден!');
			
		# Обновляем счетчик скачиваний
		$this->db->query("UPDATE #__forum_files SET file_downloads = file_downloads + 1 WHERE file_id = '". $file['file_id'] ."'");
		
		# Перенаправляем на файл
		header('Location: '. URL .'files/forum/'. main::get_dir($file['file_id']) .'/'. $file['file_name']);
	}
}
?>