<?php
/*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\//
// Sitchi CMS - Mobile Content Management System //
// The author: Nikoloz Sitchinava [sitchi] //
// Link: http://sitchicms.num.ge //
// Skype: SitchiCMS //
// License: LICENSE.txt (see attached file) //
// Version: VERSION.txt (see attached file) //
//\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\*/
define('_SITCHICMS', 1);
$root_path='../../';
require $root_path.'includes/db_connect.php';
require $root_path.'includes/start.php';
require $root_path.'includes/header.php';
require $root_path.'includes/functions.php';
require $root_path.'includes/head.php'; // თავი
$lng_forum = load_lng('forum');
if (!isset($_GET['act']))
{
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']!=NULL)
header("Location: ".$_SERVER['HTTP_REFERER']);
else
header("Location: index.php?".SID);
}else{
$act=htmlspecialchars(trim($_GET['act']));
}
switch ($act)
{
/**შეტყობინების დამატება**/
case 'create_post':
if (isset($_GET['id_them']) && is_numeric($_GET['id_them']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `forum_topic1_view` WHERE `id` = '".intval($_GET['id_them'])."' LIMIT 1",$dblink), 0)==1)
{
$id_them=intval(abs($_GET['id_them']));
$them = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_topic1_view` WHERE `id` = '".$id_them."' LIMIT 1"));
$section = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_section_view` WHERE `id` = '".$them['id_section']."' LIMIT 1"));
$forum = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_section` WHERE `id` = '".$them['id_forum']."' LIMIT 1"));
}else{
header("Location: index.php?".SID);
}
if(isset($_POST['msg']))
{
$msg = stripslashes(htmlspecialchars(trim($_POST['msg'])));
if(mb_strlen($msg)<2)
{
$err[] = '<div class="errmenu">'.$lng_forum['1_30'].'.(min 2)</div>';
}
if(mb_strlen($msg)>1280)
{
$err[] = '<div class="errmenu">'.$lng_forum['1_31'].'.(max 1280)</div>';
}
if(!isset($user) && isset($_POST['login']))
{
$login = stripslashes(htmlspecialchars(trim($_POST['login'])));
if($_POST['code']!=$_SESSION['rand'])
{
$err[] = '<div class="errmenu">'.$lng_forum['1_39'].'</div>';
}
if(mb_strlen($login)<3)
{
$err[] = '<div class="errmenu">'.$lng_forum['1_40'].'.(min 3)</div>';
}
if(mb_strlen($login)>32)
{
$err[] = '<div class="errmenu">'.$lng_forum['1_41'].'.(max 32)</div>';
}
if (!preg_match("#^[a-zა-ჰ0-9\-\_\ ]+$#ui", $login))
{
$err[] = '<div class="errmenu">'.$lng_forum['1_42'].'</div>';
}
if(mysql_num_rows(mysql_query('SELECT * FROM `users` WHERE `login`="'.mres($login).'" LIMIT 1')))
{
$err[] = '<div class="errmenu">'.$lng_forum['1_43'].'</div>';
}
}
if(isset($user))
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `forum_topic2_view` WHERE `id_user` = '$user[id]' AND `msg` = '".mres($msg)."' AND `time`>'".($time-86400)."' LIMIT 1"),0)!=0){
$err[] = '<div class="errmenu">'.$lng_forum['1_44'].'</div>';}
}else{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `forum_topic2_view` WHERE `login` = '".mres($login)."' AND `msg` = '".mres($msg)."' AND `time`>'".($time-86400)."' LIMIT 1"),0)!=0){
$err[] = '<div class="errmenu">'.$lng_forum['1_44'].'</div>';}
}
if(!isset($err))
{
if(isset($user))
{
mysql_query("INSERT INTO `forum_topic2_view` (login, time, msg, id_user, id_forum, id_section, id_them) values('$user[login]', '$time', '".mres($msg)."', '$user[id]', '".$forum['id']."', '".$section['id']."', '".$them['id']."' )");
mysql_query('UPDATE `users` SET `balans` = "'.($user['balans']+1).'" WHERE `id` = "'.$user['id'].'" LIMIT 1');
mysql_query('UPDATE `forum_topic1_view` SET `time` = "'.$time.'" WHERE `id` = "'.$them['id'].'" LIMIT 1');// ვანახლებთ
header("Location: index.php?act=view_topic&id_them=$them[id]&".SID);
}else{
mysql_query("INSERT INTO `forum_topic2_view` (login, time, msg, id_user, id_forum, id_section, id_them) values('$login', '$time', '".mres($msg)."', '0', '".$forum['id']."', '".$section['id']."', '".$them['id']."' )");
mysql_query('UPDATE `forum_topic1_view` SET `time` = "'.$time.'" WHERE `id` = "'.$them['id'].'" LIMIT 1');// ვანახლებთ
header("Location: index.php?act=view_topic&id_them=$them[id]&".SID);
}
$postid =mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_topic2_view` WHERE `login` = '".$user['login']."' ORDER BY `time` DESC LIMIT 1"));
if (isset($_POST['addfiles'])){
header("Location: addfile.php?id=".$postid['id']."");
}
}else{
head(''.$lng_forum['1_1'].' | '.$lng_forum['1_45'].'');
err();
echo'<a href="/modules/forum/index.php?act=view_topic&id_them='.$them['id'].'">'.$lng_forum['1_46'].'</a><br/>';
echo'<a href="/modules/forum/index.php?act=view_under_section&id_section='.$section['id'].'">'.$lng_forum['1_48'].'</a><br/>';
echo'<a href="/modules/forum/index.php?act=view_section&id_forum='.$forum['id'].'">'.$lng_forum['1_49'].'</a><br/>';
echo'<a href="/modules/forum/">'.$lng_forum['1_1'].'</a>';
require $root_path.'includes/end.php'; // დასასრული
}
}
break;
/***თემის შექმნა*/
case 'create_theme':
if (isset($_GET['id_section']) && is_numeric($_GET['id_section']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `forum_section_view` WHERE `id` = '".intval($_GET['id_section'])."' LIMIT 1",$dblink), 0)==1)
{
$id_section=intval(abs($_GET['id_section']));
$section = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_section_view` WHERE `id` = '".$id_section."' LIMIT 1"));
$forum = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_section` WHERE `id` = '".$section['id_forum']."' LIMIT 1"));
}else{
header("Location: index.php?".SID);
}
if(isset($_POST['msg']) && isset($_POST['theme']))
{
$msg = stripslashes(htmlspecialchars(trim($_POST['msg'])));
$theme = stripslashes(htmlspecialchars(trim($_POST['theme'])));
//if (preg_match("\{|\}|\^|\%|\\$|#|@|!|\~|'|\"|`|<|>",$msg))$err[] = '<div class="errmenu">'.$lng_forum['1_66'].'</div>';
if(mb_strlen($msg)<2)
{
$err[] = '<div class="errmenu">'.$lng_forum['1_30'].'.(min 2)</div>';
}
if(mb_strlen($msg)>1280)
{
$err[] = '<div class="errmenu">'.$lng_forum['1_31'].'.(max 1280)</div>';
}
if(mb_strlen($theme)>128)
{
$err[] = '<div class="errmenu">'.$lng_forum['1_35'].'.(max 128)</div>';
}
if(mb_strlen($theme)<3)
{
$err[] = '<div class="errmenu">'.$lng_forum['1_36'].'(min 3)</div>';
}
if (preg_match("#(^\ )|(\ $)#ui", $theme))
{
$err[] = '<div class="errmenu">'.$lng_forum['1_67'].'</div>';
}
// სტუმრებისთვის
if(!isset($user) && isset($_POST['login']) && $set['guest_forum_create_theme']==1)
{
$login = stripslashes(htmlspecialchars(trim($_POST['login'])));
if($_POST['code']!=$_SESSION['rand'])
{
$err[] = '<div class="errmenu">'.$lng_forum['1_39'].'</div>';
}
if(mb_strlen($login)<3)
{
$err[] = '<div class="errmenu">'.$lng_forum['1_40'].'.(min 3)</div>';
}
if(mb_strlen($login)>32)
{
$err[] = '<div class="errmenu">'.$lng_forum['1_41'].'.(max 32)</div>';
}
if (!preg_match("#^[a-zა-ჰ0-9\-\_\ ]+$#ui", $login))
{
$err[] = '<div class="errmenu">'.$lng_forum['1_42'].'</div>';
}
if(mysql_num_rows(mysql_query('SELECT * FROM `users` WHERE `login`="'.mres($login).'" LIMIT 1')))
{
$err[] = '<div class="errmenu">'.$lng_forum['1_43'].'</div>';
}
}
if(isset($user))
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `forum_topic1_view` WHERE `id_user` = '$user[id]' AND `name` = '".mres($theme)."' LIMIT 1"),0)!=0){
$err[] = '<div class="errmenu">'.$lng_forum['1_68'].'</div>';}
}else{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `forum_topic1_view` WHERE `login` = '".mres($login)."' AND `name` = '".mres($theme)."' LIMIT 1"),0)!=0){
$err[] = '<div class="errmenu">'.$lng_forum['1_68'].'</div>';}
}
if(!isset($err))
{
if(isset($user))
{
mysql_query("INSERT INTO `forum_topic1_view` (login, time, time_create, id_user, id_forum, id_section, name) values('$user[login]', '$time', '$time', '$user[id]', '$forum[id]', '$section[id]', '$theme' )");
$id_them= mysql_insert_id();
$them =mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_topic1_view` WHERE `id` = '".$id_them."' LIMIT 1"));
mysql_query("INSERT INTO `forum_topic2_view` (login, time, msg, id_user, id_forum, id_section, id_them) values('$user[login]', '$time', '".mres($msg)."', '$user[id]', '$forum[id]', '$section[id]', '$them[id]' )");
mysql_query('UPDATE `users` SET `balans` = "'.($user['balans']+1).'" WHERE `id` = "'.$user['id'].'" LIMIT 1');
mysql_query('UPDATE `forum_section_view` SET `time` = "'.$time.'" WHERE `id` = "'.$section['id'].'" LIMIT 1');// ვანახლებთ
}else{
mysql_query("INSERT INTO `forum_topic1_view` (login, time, time_create, id_user, id_forum, id_section, name) values('$login', '$time', '$time', '0', '$forum[id]', '$section[id]', '$theme' )");
$id_them= mysql_insert_id();
$them =mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_topic1_view` WHERE `id` = '".$id_them."' LIMIT 1"));
mysql_query("INSERT INTO `forum_topic2_view` (login, time, msg, id_user, id_forum, id_section, id_them) values('$login', '$time', '".mres($msg)."', '0', '$forum[id]', '$section[id]', '$them[id]' )");
mysql_query('UPDATE `forum_section_view` SET `time` = "'.$time.'" WHERE `id` = "'.$section['id'].'" LIMIT 1');// ვანახლებთ
}
$postid =mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_topic2_view` WHERE `login` = '".$user['login']."' ORDER BY `time` DESC LIMIT 1"));
if (isset($_POST['addfiles'])){
header("Location: addfile.php?id=".$postid['id']."");
}
head(''.$lng_forum['1_1'].' | '.$them['name']);
echo'<div class="hdr"><b><a href="index.php">'.$lng_forum['1_1'].'</a> | '.$them['name'].'</b></div>';
msg('<div class="menu">'.$lng_forum['1_47'].'</div>');
echo'<a href="/modules/forum/index.php?act=view_topic&id_them='.$them['id'].'">'.$lng_forum['1_46'].'</a><br/>';
echo'<a href="/modules/forum/index.php?act=view_under_section&id_section='.$section['id'].'">'.$lng_forum['1_48'].'</a><br/>';
echo'<a href="/modules/forum/index.php?act=view_section&id_forum='.$forum['id'].'">'.$lng_forum['1_49'].'</a><br/>';
echo'<a href="/modules/forum/">'.$lng_forum['1_1'].'</a>';
require $root_path.'includes/end.php'; // დასასრული
}}
$_SESSION['rand']='';
head(''.$lng_forum['1_1'].' | '.$section['name']);
echo'<div class="hdr"><b><a href="index.php">'.$lng_forum['1_1'].'</a> | '.$section['name'].'</b></div>';
err();
if(isset($user) || $set['guest_forum_create_theme']==1)
{
echo'<form method="POST" action="create.php?act=create_theme&id_section='.$section['id'].'"><div class="egmenu">';
if (!isset($user))
{
echo''.$lng_forum['1_17'].'(max 32):<br/><input type="text" name="login" maxlength="32" /><br/>';
echo'<img src="/pages/captcha.php" alt="" /><br/>';
echo'<input type="text" name="code" maxlength="4" size="4" /><br/>';
}
echo''.$lng_forum['1_38'].'(max 128):<br/><input type="text" name="theme" maxlength="128" /><br/>';
echo''.$lng_forum['1_18'].'(max 1280):<br/><textarea name="msg" maxlength="1280"></textarea><br/>';
echo'<input type="checkbox" name="addfiles" value="1" /> failis damateba<br/>';
echo'<input type="submit" name="save" value="'.$lng['1_8'].'" />';
echo'</div></form>';
}else{
echo''.$lng_forum['1_50'].'';
}
echo'<a href="'.$root_path.'modules/smiles/">'.$lng['1_48'].'</a><br/>';
echo'<a href="'.$root_path.'pages/bb-code.php">'.$lng['1_49'].'</a><br/>';
echo'<a href="/modules/forum/index.php?act=view_under_section&id_section='.$section['id'].'">'.$lng_forum['1_48'].'</a><br/>';
echo'<a href="/modules/forum/index.php?act=view_section&id_forum='.$forum['id'].'">'.$lng_forum['1_49'].'</a><br/>';
echo'<a href="/modules/forum/">'.$lng_forum['1_1'].'</a>';
break;
/**ფორუმის განყოფილების შექმნა**/
case 'create_section':
if (isset($_GET['id_forum']) && is_numeric($_GET['id_forum']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `forum_section` WHERE `id` = '".intval($_GET['id_forum'])."' LIMIT 1",$dblink), 0)==1)
{
$id_forum=intval(abs($_GET['id_forum']));
$forum = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_section` WHERE `id` = '".$id_forum."' LIMIT 1"));
}else{
header("Location: index.php?".SID);
}
if(isset($user) && $user['level']>=6)
{
if(isset($_POST['name']))
{
$name = stripslashes(htmlspecialchars(trim($_POST['name'])));
if(mb_strlen($name)<4)
{
$err[] = '<div class="errmenu">'.$lng_forum['1_51'].'(min 4)</div>';
}
if(mb_strlen($name)>64)
{
$err[] = '<div class="errmenu">'.$lng_forum['1_52'].'(max 64)</div>';
}
if($_POST['code']!=$_SESSION['rand'])
{
$err[] = '<div class="errmenu">'.$lng_forum['1_39'].'</div>';
}
if(!isset($err))
{
mysql_query("INSERT INTO `forum_section_view` (id_forum, name ,time_create, time) values('$forum[id]', '".mres($name)."', '$time', '$time' )");
$id_section=mysql_insert_id();
$section = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_section_view` WHERE `id` = '".$id_section."' LIMIT 1"));
head(''.$lng_forum['1_1'].' | '.$forum['name'].' | '.$section['name']);
echo'<div class="hdr"><b><a href="index.php">'.$lng_forum['1_1'].'</a> | '.$forum['name'].' | '.$section['name'].'</b></div>';
msg('<div class="menu">'.$lng_forum['1_53'].'</div>');
echo'<a href="/modules/forum/index.php?act=view_under_section&id_section='.$section['id'].'">'.$lng_forum['1_48'].'</a><br/>';
echo'<a href="/modules/forum/index.php?act=view_section&id_forum='.$forum['id'].'">'.$lng_forum['1_49'].'</a><br/>';
echo'<a href="/modules/forum/">'.$lng_forum['1_1'].'</a>';
require $root_path.'includes/end.php'; // დასასრული
}}
$_SESSION['rand']='';
head(''.$lng_forum['1_1'].' | '.$forum['name'].' | '.$lng_forum['1_54'].'');
echo'<div class="hdr"><b><a href="index.php">'.$lng_forum['1_1'].'</a> | <a href="/modules/forum/index.php?act=view_section&id_forum='.$forum['id'].'">'.$forum['name'].'</a> | '.$lng_forum['1_54'].'</b></div>';
err();
echo'<form method="POST" action="create.php?act=create_section&id_forum='.$forum['id'].'"><div class="egmenu">';
echo''.$lng_forum['1_55'].'(max 64):<br/><input type="text" name="name" maxlength="64" /><br/>';
echo'<img src="/pages/captcha.php" alt="" /><br/>';
echo'<input type="text" name="code" maxlength="4" size="4" /><br/>';
echo'<input type="submit" name="save" value="'.$lng['1_8'].'" />';
echo'</div></form>';
require $root_path.'includes/end.php'; // დასასრული
}else{
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']!=NULL)
header("Location: ".$_SERVER['HTTP_REFERER']);
else
header("Location: index.php?".SID);
}
break;
/**ფორუმის შექმნა**/
case 'create_forum':
if(isset($user) && $user['level']>=8)
{
if(isset($_POST['forum']) && isset($_POST['pos']) && isset($_POST['opis']))
{
$forum = stripslashes(htmlspecialchars(trim($_POST['forum'])));
$opis = stripslashes(htmlspecialchars(trim($_POST['opis'])));
$pos=intval($_POST['pos']);
if(mb_strlen($forum)<4)
{
$err[] = '<div class="errmenu">'.$lng_forum['1_57'].'(min 4)</div>';
}
if(mb_strlen($forum)>64)
{
$err[] = '<div class="errmenu">'.$lng_forum['1_57'].'(max 64)</div>';
}
if(mb_strlen($opis)>64)
{
$err[] = '<div class="errmenu">'.$lng_forum['1_58'].'(max 64)</div>';
}
if($_POST['code']!=$_SESSION['rand'])
{
$err[] = '<div class="errmenu">'.$lng_forum['1_39'].'</div>';
}
if(!isset($err))
{
mysql_query("INSERT INTO `forum_section` (`opis`, `name`, `pos`) values('$opis', '$forum', '$pos')");
head(''.$lng_forum['1_1'].' | '.$lng_forum['1_59'].'');
echo'<div class="hdr"><b><a href="index.php">'.$lng_forum['1_1'].'</a> | '.$lng_forum['1_59'].'</b></div>';
msg('<div class="menu">'.$lng_forum['1_60'].'</div>');
echo'<a href="/modules/forum/">'.$lng_forum['1_1'].'</a>';
require $root_path.'includes/end.php'; // დასასრული
}}
$_SESSION['rand']='';
head(''.$lng_forum['1_1'].' | '.$lng_forum['1_59'].'');
echo'<div class="hdr"><b><a href="/modules/forum/">'.$lng_forum['1_1'].'</a> | '.$lng_forum['1_59'].'</b></div>';
err();
echo'<div class="egmenu"><form method="POST" action="create.php?act=create_forum">';
echo''.$lng_forum['1_61'].'(max 64):<br/><input type="text" name="forum" maxlength="64" /><br/>';
echo''.$lng_forum['1_62'].'(max 64):<br/>';
echo'<textarea name="opis"></textarea><br/>';
echo''.$lng_forum['1_63'].':<br/>';
$pos=mysql_result(mysql_query("SELECT MAX(`pos`) FROM `forum_section`"), 0)+1;
echo'<input name="pos" type="text" maxlength="3" value="'.$pos.'" /><br/>';
echo'<img src="/pages/captcha.php" alt="" /><br/>';
echo'<input type="text" name="code" maxlength="4" size="4" /><br/>';
echo'<input type="submit" name="save" value="'.$lng['1_8'].'" />';
echo'</form></div>';
require $root_path.'includes/end.php'; // დასასრული
}else{
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']!=NULL)
header("Location: ".$_SERVER['HTTP_REFERER']);
else
header("Location: index.php?".SID);
}
break;
/**ტექსტის შექმნა**/
case 'create_txt':
if (isset($_GET['id_them']) && is_numeric($_GET['id_them']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `forum_topic1_view` WHERE `id` = '".intval($_GET['id_them'])."' LIMIT 1",$dblink), 0)==1)
{
$id_them=intval(abs($_GET['id_them']));
$them = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_topic1_view` WHERE `id` = '".$id_them."' LIMIT 1"));
$section = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_section_view` WHERE `id` = '".$them['id_section']."' LIMIT 1"));
$forum = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_section` WHERE `id` = '".$them['id_forum']."' LIMIT 1"));
}else{
header("Location: index.php?".SID);
}
header('Content-Type: text/plain; charset=utf-8', true);
header('Content-Disposition: attachment; filename="'.$them['name'].'.txt";');
echo"".$lng_forum['1_64'].": $them[name] ($forum[name]/$section[name])\r\n";
$q=mysql_query("SELECT * FROM `forum_topic2_view` WHERE `id_them` = '$them[id]' AND `id_forum` = '$forum[id]' AND `id_section` = '$section[id]' ORDER BY `time` ASC");
while ($post = mysql_fetch_assoc($q))
{
echo"\r\n";
if ($post['id_user']==0)
{
$ank['sqe']='guest';
$ank['id']='0';
$ank['level']='0';
}else{
$ank=mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id`='".$post['id_user']."' LIMIT 1"));
}
echo"$ank[login] (".date("j M Y в H:i", $post['time']).")\r\n";
echo post($post['msg'])."\r\n";
}
echo"\r\n".$lng_forum['1_65'].": http://$_SERVER[SERVER_NAME]/index.php?act=view_topic&id_them=$them[id]\r\n";
exit;
break;
}
require $root_path.'includes/end.php'; // დასასრული
?>