-1) { $sql .= ' LIMIT '.$min; if ($nRec > -1) { $sql .= ', '.$nRec; } } else if ($nRec > -1) { $sql .= ' LIMIT '.$nRec; } $data = mysql_query($sql); echo mysql_error(); return $data; } function getPosts($threadID, $min = -1, $nRec = -1, $sort_style="timestamp", $show_hidden = false) { /* Calling function: Set $show_hidden = true when it is a moderator reading * error_page if this function returns NULL. * $theradID - int * $min - int * $nRec - int * $sort_style - string (checked by switch statement) * $show_hidden - bool (not directly passed to SQL) */ if (! (is_numeric($threadID) && is_numeric($min) && is_numeric($nRec))) { return NULL; // Something is wrong here. } $sql = 'SELECT * FROM post WHERE thread = '. $threadID; if (!$show_hidden) { $sql .= ' AND hidden = 0'; } switch($sort_style) { case 'timestamp': $sql .= ' ORDER BY timestamp desc'; break; case 'timestamp_asc': $sql .= ' ORDER BY timestamp asc'; break; case 'score': $sql .= ' ORDER BY score DESC'; break; } if ($min > -1) { $sql .= ' LIMIT '.$min; if ($nRec > -1) { $sql .= ', '.$nRec; } } elseif ($nRec > -1) { $sql .= ' LIMIT '.$nRec; } return mysql_query($sql); } /* specific database functions */ function getCategory($categoryID) { /* $categoryID - int */ if (! is_numeric($categoryID)) { return NULL; // Something's rotten in Denmark } $sql = "SELECT * FROM category WHERE id = ".$categoryID . "\""; $result = mysql_query($sql); if ($result) { return mysql_fetch_object($result); } else { return NULL; } } function getForum($forumID) { /* $forumID - int */ if (! is_numeric($forumID)) { return NULL; // bad user! } $sql = "SELECT * FROM forum WHERE id = " . $forumID; $result = mysql_query($sql); if ($result) { return mysql_fetch_object($result); } else { return NULL; } } function getThread($threadID) { /* $threadID - int */ if (! is_numeric($threadID)) { return NULL; // Running out of comments... } $sql = "SELECT * FROM thread WHERE id = ".$threadID; $result = mysql_query($sql); if ($result) { return mysql_fetch_object($result); } else { return NULL; } } function getPost($postID) { /* $postID - int */ if (! is_numeric($postID)) { return NULL; // /me smacks the calling function around with a trout } $sql = "SELECT * FROM post WHERE id = ".$postID; $result = mysql_query($sql); if ($result) { return mysql_fetch_object($result); } else { return NULL; } } // Returns the post that started the thread with id = $threadId function getFirstPost($threadID) { /* $threadID - int */ if (! is_numeric($threadID)) { return NULL; // These should always be numeric! } $sql = "SELECT * FROM post WHERE thread = " . $threadID ." ORDER BY id ASC limit 1"; $result = mysql_query($sql); if ($result) { return mysql_fetch_object($result); } else { return NULL; } } function getForumPreferences($user){ /* $user->id - int * Anything else make it in to SQL here? */ if (! is_numeric($user->id)) { $user->forum_preferences=0; // Non-numeric user IDs are bad return $user; // Just say they have no prefs } $sql = "SELECT * FROM forum_preferences WHERE userid = '".$user->id."'"; $result = mysql_query($sql); if (mysql_num_rows($result)>0) { $prefs=mysql_fetch_object($result); //TODO - find out how to simply merge two objects instead of specifying all the fields manually here $user->avatar=$prefs->avatar; $user->hide_avatars=$prefs->hide_avatars; $user->sorting=$prefs->sorting; $user->images_as_links=$prefs->images_as_links; $user->signature=$prefs->signature; $user->posts=$prefs->posts; $user->avatar_type=$prefs->avatar_type; $user->no_signature_by_default=$prefs->no_signature_by_default; $user->link_popup=$prefs->link_popup; $user->mark_as_read_timestamp=$prefs->mark_as_read_timestamp; $user->special_user=$prefs->special_user; $user->jump_to_unread=$prefs->jump_to_unread; $user->hide_signatures=$prefs->hide_signatures; $user->rated_posts=$prefs->rated_posts; $user->low_rating_threshold=$prefs->low_rating_threshold; $user->high_rating_threshold=$prefs->high_rating_threshold; $user->ignorelist=$prefs->ignorelist; $user->last_post=$prefs->last_post; $user->ignore_sticky_posts=$prefs->ignore_sticky_posts; $user->forum_preferences=1; //Set defaults in certain cases: if ($user->low_rating_threshold==0 and $user->high_rating_threshold==0){ $user->low_rating_threshold=DEFAULT_LOW_RATING_THRESHOLD; $user->high_rating_threshold=DEFAULT_HIGH_RATING_THRESHOLD; } } else { mysql_query("INSERT INTO forum_preferences SET userid='".$user->id."'"); $user->forum_preferences=0; } return $user; } function setHasRated($user, $postID){ /* $user->id - int * $postID - int */ if (! (is_numeric($user->id) && is_numeric($postID))) { return NULL; // Nothing to see here. } mysql_query("UPDATE forum_preferences SET rated_posts = concat('|$postID',rated_posts) WHERE userid = '".$user->id."'"); return mysql_error(); } function setSortStyle($user,$place,$new_style){ /* $user->id - int * $user->sorting - string (?) */ if ($user->id!="" && is_numeric($user->id)){ // Dealing with a logged in user. list($forum,$thread,$faq,$answer)=explode("|",$user->sorting); $$place=$new_style; $user->sorting=quickDBClean(implode("|",array($forum,$thread,$faq,$answer))); // TODO: Check each value of the array to make sure it's one of the valid prefs $sql = "UPDATE forum_preferences SET sorting = '".$user->sorting."' where userid = '".$user->id."'"; mysql_query($sql); } else { // Dealing with a non-logged-in user (so we use cookies) list($forum,$thread,$faq,$answer)=explode("|",$_COOKIE['sorting']); $$place=$new_style; setcookie('sorting', implode("|",array($forum,$thread,$faq,$answer)), time()+3600*24*365); } return 0; // Functions should always return *something* in my opinion. } function getThreadLastVisited($user, $thread){ /* $user->id - int * $thread->id - int */ if ($user->id==""){ //Disable read/unread stuff for users that are not logged in $user->thread_last_visited=time(); //Always display as visited return $user; } if (!(is_numeric($user->id) && is_numeric($thread->id))) { return $user; // Return the same as above. (and don't get to SQL) } $sql = "SELECT timestamp from forum_logging where userid='".$user->id."' and threadid='".$thread->id."'"; $result = mysql_query($sql); if ($result) { $data=mysql_fetch_object($result); $user->thread_last_visited=$data->timestamp; } else { } $user->thread_last_visited= max(time()-MAX_FORUM_LOGGING_TIME,$user->thread_last_visited,$user->mark_as_read_timestamp); //echo $user->thread_last_visited." - ".time(); return $user; } function setThreadLastVisited($user, $thread, $timestamp=""){ /* $user->id - int * $thread->id - int * $timestamp - int (?) */ if (!(is_numeric($user->id) && is_numeric($thread->id))) { return NULL; // Those had better be numeric! } if ($timestamp==""){$timestamp=time();}; $timestamp = quickDBClean($timestamp); $sql = "REPLACE DELAYED into forum_logging set userid='".$user->id."', threadid='".$thread->id."', timestamp='$timestamp'"; mysql_query($sql); } function incThreadViews($threadID) { /* $threadID - int */ if (! is_numeric($threadID)) { return NULL; } $sql = "UPDATE thread SET views = views + 1 WHERE id = " . $threadID . " LIMIT 1"; mysql_query($sql); } function cleanup_forum_log(){ /* No external variables here, really... everything has already been in the * database and wasn't created by somebody external. It should be all good. */ $sql = "SELECT timestamp FROM forum_logging where userid=0 and threadid=0"; $result=mysql_query($sql); if (mysql_num_rows($result)>0) { $data=mysql_fetch_object($result); if ($data->timestampid - int (should be safe, but we'll check it anyway) * $thread->forum - int (should be safe, but we'll check it anyway) */ if (! (is_numeric($threadID) && is_numeric($userID))) { return NULL; // Check thread and user ID before continuing } $thread = getThread($threadID); // Now let's make sure $thread is sane... if (! (is_numeric($thread->id) & is_numeric($thread->forum))) { return NULL; // The thread ID and forum ID should always be numeric } // ...if not, something is majorly wrong. (these came from the DB) $content = substr($content,0,64000); //Avoid cut-off html tags when posting LARGE texts $content = addslashes(sanitize_html(stripslashes($content))); addPost($threadID, $userID, $parent_post, $content, $add_signature); $sql = "UPDATE forum_preferences SET posts = posts + 1, last_post = ".time()." WHERE userid = " . $userID . " LIMIT 1"; mysql_query($sql); $sql = "UPDATE thread SET replies = replies + 1, timestamp = UNIX_TIMESTAMP() WHERE id = " . $threadID . " LIMIT 1"; mysql_query($sql); $sql = "UPDATE forum SET posts = posts + 1, timestamp = UNIX_TIMESTAMP() WHERE id = " . $thread->forum . " LIMIT 1"; mysql_query($sql); return true; // Functions should always return something. } function addPost($threadID, $userID, $parentID, $content, $add_signature=false) { /* $threadID - int * $userID - int * $parentID - int (which may not exist) * $content - mother of all strings * $add_signature - bool (not directly inserted in to sql) */ if (! (is_numeric($userID) && is_numeric($threadID))) { return false; // Won't post. } $content = quickDBClean($content); if ($add_signature){$sig=1;} else {$sig=0;}; if ($parentID) { if (! is_numeric($parentID)) { return false; } $sql = "INSERT INTO post (thread, user, timestamp, content, parent_post, signature) VALUES (" . $threadID . ", " . $userID . ", UNIX_TIMESTAMP(), '" . $content . "', " . $parentID . ", ".$sig.")"; } else { $sql = "INSERT INTO post (thread, user, timestamp, content, signature) VALUES (" . $threadID . ", " . $userID . ", UNIX_TIMESTAMP(), '" . $content . "', ".$sig.")"; } $result = mysql_query($sql); if (!$result) return false; return true; } function updatePost($postID, $content) { /* $postID - int * $content - mother of all strings */ if (! is_numeric($postID)) { return false; // That really needs to be numeric. } $content = substr($content,0,64000); //Avoid cut-off html tags when inserting LARGE texts $x = addslashes(sanitize_html(stripslashes($content))); $x = quickDBClean($x); $sql = "UPDATE post SET content = \"$x\", modified = UNIX_TIMESTAMP() WHERE id = " . $postID; $result = mysql_query($sql); if (!$result) return false; return true; } function updateThread($threadID, $title) { /* $threadID - int * $title - string */ if (! is_numeric($threadID)) { return false; } $title = strip_tags(trim($title)); $title = quickDBClean($title); if (strlen($title) == 0) { return false; } $sql = "UPDATE thread SET title = \"$title\" WHERE id = " . $threadID; $result = mysql_query($sql); if (!$result) return false; return true; } ?>