boinc/html/inc/db_forum.inc

492 lines
16 KiB
PHP

<?php
$cvs_version_tracker[]="\$Id$"; //Generated automatically - do not edit
function quickDBClean($unclean) {
/* A quick function to save me a few keystrokes */
return mysql_real_escape_string(stripslashes($unclean));
}
function getCategories() {
/* What does $langID look like? I would like to add additional checks. */
$langID = (!empty($_SESSION['lang']['id']))?$_SESSION['lang']['id']:1;
$langID = quickDBClean($langID);
$sql = "SELECT * FROM category WHERE lang = ".$langID." AND is_helpdesk = 0 ORDER BY orderID ASC";
return mysql_query($sql);
}
function getHelpDeskCategories() {
$sql = "SELECT * FROM category WHERE is_helpdesk = 1 ORDER BY orderID ASC";
return mysql_query($sql);
}
function getForums($categoryID) {
/* $categoryID - int */
if (!is_numeric($categoryID)) {
/* If the category ID isn't numeric, something funky is going on here
* and we don't like it.
* Calling function should call an error page if this returns NULL.
*/
return NULL;
}
$categoryID = quickDBClean($categoryID);
$sql = 'SELECT * FROM forum WHERE category = ' . $categoryID . ' ORDER BY orderID ASC';
return mysql_query($sql);
}
function getThreads($forumID, $min=-1, $nRec=-1, $sort_style='modified-new', $show_hidden = 0, $sticky = 1) {
/* Calling function: Set $show_hidden to 1 if it is a moderator reading
* Error page if this function returns NULL.
* $forumID - int
* $min - int
* $nRec - int
* $sort_style - string (checked by switch statement)
* $show_hidden - bool (not directly passed to SQL)
* $sticky - bool (not directly passed to SQL)
*/
if (! (is_numeric($forumID) && is_numeric($min) && is_numeric($nRec))) {
return NULL; // Something is wrong here.
}
$sql = 'SELECT * FROM thread WHERE forum = ' . $forumID ;
if ($sticky){
$stickysql = "sticky DESC, ";
}
if (!$show_hidden) {
$sql .= ' AND hidden = 0';
}
switch($sort_style) {
case 'modified-new':
$sql .= ' ORDER BY '.$stickysql.'timestamp DESC';
break;
case 'modified-old':
$sql .= ' ORDER BY '.$stickysql.'timestamp ASC';
break;
case 'views-most':
$sql .= ' ORDER BY '.$stickysql.'views DESC';
break;
case 'replies-most':
$sql .= ' ORDER BY '.$stickysql.'replies DESC';
break;
case 'create_time':
$sql .= ' ORDER by '.$stickysql.'create_time desc';
break;
case 'timestamp':
$sql .= ' ORDER by '.$stickysql.'timestamp desc';
break;
case 'sufferers':
$sql .= ' ORDER by '.$stickysql.'sufferers desc';
break;
case 'activity':
$sql .= ' ORDER by '.$stickysql.'activity desc';
break;
case 'score':
$sql .= ' ORDER by '.$stickysql.'score desc';
break;
}
if ($min > -1) {
$sql .= ' LIMIT '.$min;
if ($nRec > -1) {
$sql .= ', '.$nRec;
}
} else if ($nRec > -1) {
$sql .= ' LIMIT '.$nRec;
}
$data = mysql_query($sql);
echo mysql_error();
return $data;
}
function getPosts($threadID, $min = -1, $nRec = -1, $sort_style="timestamp", $show_hidden = false) {
/* Calling function: Set $show_hidden = true when it is a moderator reading
* error_page if this function returns NULL.
* $theradID - int
* $min - int
* $nRec - int
* $sort_style - string (checked by switch statement)
* $show_hidden - bool (not directly passed to SQL)
*/
if (! (is_numeric($threadID) && is_numeric($min) && is_numeric($nRec))) {
return NULL; // Something is wrong here.
}
$sql = 'SELECT * FROM post WHERE thread = '. $threadID;
if (!$show_hidden) {
$sql .= ' AND hidden = 0';
}
switch($sort_style) {
case 'timestamp':
$sql .= ' ORDER BY timestamp desc';
break;
case 'timestamp_asc':
$sql .= ' ORDER BY timestamp asc';
break;
case 'score':
$sql .= ' ORDER BY score DESC';
break;
}
if ($min > -1) {
$sql .= ' LIMIT '.$min;
if ($nRec > -1) {
$sql .= ', '.$nRec;
}
} elseif ($nRec > -1) {
$sql .= ' LIMIT '.$nRec;
}
return mysql_query($sql);
}
/* specific database functions */
function getCategory($categoryID) {
/* $categoryID - int */
if (! is_numeric($categoryID)) {
return NULL; // Something's rotten in Denmark
}
$sql = "SELECT * FROM category WHERE id = ".$categoryID . "\"";
$result = mysql_query($sql);
if ($result) {
return mysql_fetch_object($result);
} else {
return NULL;
}
}
function getForum($forumID) {
/* $forumID - int */
if (! is_numeric($forumID)) {
return NULL; // bad user!
}
$sql = "SELECT * FROM forum WHERE id = " . $forumID;
$result = mysql_query($sql);
if ($result) {
return mysql_fetch_object($result);
} else {
return NULL;
}
}
function getThread($threadID) {
/* $threadID - int */
if (! is_numeric($threadID)) {
return NULL; // Running out of comments...
}
$sql = "SELECT * FROM thread WHERE id = ".$threadID;
$result = mysql_query($sql);
if ($result) {
return mysql_fetch_object($result);
} else {
return NULL;
}
}
function getPost($postID) {
/* $postID - int */
if (! is_numeric($postID)) {
return NULL; // /me smacks the calling function around with a trout
}
$sql = "SELECT * FROM post WHERE id = ".$postID;
$result = mysql_query($sql);
if ($result) {
return mysql_fetch_object($result);
} else {
return NULL;
}
}
// Returns the post that started the thread with id = $threadId
function getFirstPost($threadID) {
/* $threadID - int */
if (! is_numeric($threadID)) {
return NULL; // These should always be numeric!
}
$sql = "SELECT * FROM post WHERE thread = " . $threadID ." ORDER BY id ASC limit 1";
$result = mysql_query($sql);
if ($result) {
return mysql_fetch_object($result);
} else {
return NULL;
}
}
function getForumPreferences($user){
/* $user->id - int
* Anything else make it in to SQL here?
*/
if (! is_numeric($user->id)) {
$user->forum_preferences=0; // Non-numeric user IDs are bad
return $user; // Just say they have no prefs
}
$sql = "SELECT * FROM forum_preferences WHERE userid = '".$user->id."'";
$result = mysql_query($sql);
if (mysql_num_rows($result)>0) {
$prefs=mysql_fetch_object($result);
//TODO - find out how to simply merge two objects instead of specifying all the fields manually here
$user->avatar=$prefs->avatar;
$user->hide_avatars=$prefs->hide_avatars;
$user->sorting=$prefs->sorting;
$user->images_as_links=$prefs->images_as_links;
$user->signature=$prefs->signature;
$user->posts=$prefs->posts;
$user->avatar_type=$prefs->avatar_type;
$user->no_signature_by_default=$prefs->no_signature_by_default;
$user->link_popup=$prefs->link_popup;
$user->mark_as_read_timestamp=$prefs->mark_as_read_timestamp;
$user->special_user=$prefs->special_user;
$user->jump_to_unread=$prefs->jump_to_unread;
$user->hide_signatures=$prefs->hide_signatures;
$user->rated_posts=$prefs->rated_posts;
$user->low_rating_threshold=$prefs->low_rating_threshold;
$user->high_rating_threshold=$prefs->high_rating_threshold;
$user->ignorelist=$prefs->ignorelist;
$user->last_post=$prefs->last_post;
$user->ignore_sticky_posts=$prefs->ignore_sticky_posts;
$user->forum_preferences=1;
//Set defaults in certain cases:
if ($user->low_rating_threshold==0 and $user->high_rating_threshold==0){
$user->low_rating_threshold=DEFAULT_LOW_RATING_THRESHOLD;
$user->high_rating_threshold=DEFAULT_HIGH_RATING_THRESHOLD;
}
} else {
mysql_query("INSERT INTO forum_preferences SET userid='".$user->id."'");
$user->forum_preferences=0;
}
return $user;
}
function setHasRated($user, $postID){
/* $user->id - int
* $postID - int
*/
if (! (is_numeric($user->id) && is_numeric($postID))) {
return NULL; // Nothing to see here.
}
mysql_query("UPDATE forum_preferences SET rated_posts = concat('|$postID',rated_posts) WHERE userid = '".$user->id."'");
return mysql_error();
}
function setSortStyle($user,$place,$new_style){
/* $user->id - int
* $user->sorting - string (?)
*/
if ($user->id!="" && is_numeric($user->id)){ // Dealing with a logged in user.
list($forum,$thread,$faq,$answer)=explode("|",$user->sorting);
$$place=$new_style;
$user->sorting=quickDBClean(implode("|",array($forum,$thread,$faq,$answer)));
// TODO: Check each value of the array to make sure it's one of the valid prefs
$sql = "UPDATE forum_preferences SET sorting = '".$user->sorting."' where userid = '".$user->id."'";
mysql_query($sql);
} else { // Dealing with a non-logged-in user (so we use cookies)
list($forum,$thread,$faq,$answer)=explode("|",$_COOKIE['sorting']);
$$place=$new_style;
setcookie('sorting', implode("|",array($forum,$thread,$faq,$answer)), time()+3600*24*365);
}
return 0; // Functions should always return *something* in my opinion.
}
function getThreadLastVisited($user, $thread){
/* $user->id - int
* $thread->id - int
*/
if ($user->id==""){ //Disable read/unread stuff for users that are not logged in
$user->thread_last_visited=time(); //Always display as visited
return $user;
}
if (!(is_numeric($user->id) && is_numeric($thread->id))) {
return $user; // Return the same as above. (and don't get to SQL)
}
$sql = "SELECT timestamp from forum_logging where userid='".$user->id."' and threadid='".$thread->id."'";
$result = mysql_query($sql);
if ($result) {
$data=mysql_fetch_object($result);
$user->thread_last_visited=$data->timestamp;
} else {
}
$user->thread_last_visited= max(time()-MAX_FORUM_LOGGING_TIME,$user->thread_last_visited,$user->mark_as_read_timestamp);
//echo $user->thread_last_visited." - ".time();
return $user;
}
function setThreadLastVisited($user, $thread, $timestamp=""){
/* $user->id - int
* $thread->id - int
* $timestamp - int (?)
*/
if (!(is_numeric($user->id) && is_numeric($thread->id))) {
return NULL; // Those had better be numeric!
}
if ($timestamp==""){$timestamp=time();};
$timestamp = quickDBClean($timestamp);
$sql = "REPLACE DELAYED into forum_logging set userid='".$user->id."', threadid='".$thread->id."', timestamp='$timestamp'";
mysql_query($sql);
}
function incThreadViews($threadID) {
/* $threadID - int */
if (! is_numeric($threadID)) {
return NULL;
}
$sql = "UPDATE thread SET views = views + 1 WHERE id = " . $threadID . " LIMIT 1";
mysql_query($sql);
}
function cleanup_forum_log(){
/* No external variables here, really... everything has already been in the
* database and wasn't created by somebody external. It should be all good.
*/
$sql = "SELECT timestamp FROM forum_logging where userid=0 and threadid=0";
$result=mysql_query($sql);
if (mysql_num_rows($result)>0) {
$data=mysql_fetch_object($result);
if ($data->timestamp<time()-MAX_FORUM_LOGGING_TIME){
$sql = "DELETE FROM forum_logging where timestamp<'".(time()-MAX_FORUM_LOGGING_TIME)."' and userid != 0";
mysql_query($sql);
echo mysql_error();
$sql = "REPLACE INTO forum_logging set userid=0, threadid=0, timestamp='".time()."'";
mysql_query($sql);
}
} else {
//No cleanup timestamp found, make one:
$sql = "INSERT INTO forum_logging set userid=0, threadid=0, timestamp=0";
mysql_query($sql);
echo mysql_error();
}
}
// Forum modifying functions.
function createThread($forumID, $ownerID, $title, $content, $add_signature=false) {
/* $forumID - int
* $ownerID - int
* $title - string
* $content - string (not used here)
* $add_signature - bool (not used here)
*/
$content = substr($content,0,64000); // Shorten content to avoid cut-off html tags when inserting LARGE posts.
$content = addslashes(sanitize_html(stripslashes($content)));
if (! (is_numeric($forumID) && is_numeric($ownerID))) {
return NULL;
}
$title = strip_tags(trim($title));
if (strlen($title) == 0) {
echo "Empty Title\n";
return 0;
}
$title = quickDBClean($title);
$sql = "insert into thread (forum, owner, title, create_time, timestamp) VALUES (" . $forumID . ", " . $ownerID . ", '" . $title . "', UNIX_TIMESTAMP(), UNIX_TIMESTAMP())";
$result = mysql_query($sql);
if (!$result) return false;
$threadID = mysql_insert_id();
addPost($threadID, $ownerID, NULL, $content, $add_signature);
$sql = "UPDATE forum_preferences SET posts = posts + 1, last_post = ".time()." WHERE userid = " . $ownerID . " LIMIT 1";
mysql_query($sql);
$sql = "UPDATE forum SET threads = threads + 1, posts = posts + 1, timestamp = UNIX_TIMESTAMP() WHERE id = " . $forumID . " LIMIT 1";
mysql_query($sql);
return $threadID;
}
function replyToThread($threadID, $userID, $content, $parent_post=NULL, $add_signature=false) {
/* $threadID - int
* $userID - int
* $content - string (not used in sql here)
* $parent_post - int (not used in sql here)
* $add_signature - bool (not used in sql here)
* $thread->id - int (should be safe, but we'll check it anyway)
* $thread->forum - int (should be safe, but we'll check it anyway)
*/
if (! (is_numeric($threadID) && is_numeric($userID))) {
return NULL; // Check thread and user ID before continuing
}
$thread = getThread($threadID);
// Now let's make sure $thread is sane...
if (! (is_numeric($thread->id) & is_numeric($thread->forum))) {
return NULL; // The thread ID and forum ID should always be numeric
} // ...if not, something is majorly wrong. (these came from the DB)
$content = substr($content,0,64000); //Avoid cut-off html tags when posting LARGE texts
$content = addslashes(sanitize_html(stripslashes($content)));
addPost($threadID, $userID, $parent_post, $content, $add_signature);
$sql = "UPDATE forum_preferences SET posts = posts + 1, last_post = ".time()." WHERE userid = " . $userID . " LIMIT 1";
mysql_query($sql);
$sql = "UPDATE thread SET replies = replies + 1, timestamp = UNIX_TIMESTAMP() WHERE id = " . $threadID . " LIMIT 1";
mysql_query($sql);
$sql = "UPDATE forum SET posts = posts + 1, timestamp = UNIX_TIMESTAMP() WHERE id = " . $thread->forum . " LIMIT 1";
mysql_query($sql);
return true; // Functions should always return something.
}
function addPost($threadID, $userID, $parentID, $content, $add_signature=false) {
/* $threadID - int
* $userID - int
* $parentID - int (which may not exist)
* $content - mother of all strings
* $add_signature - bool (not directly inserted in to sql)
*/
if (! (is_numeric($userID) && is_numeric($threadID))) {
return false; // Won't post.
}
$content = quickDBClean($content);
if ($add_signature){$sig=1;} else {$sig=0;};
if ($parentID) {
if (! is_numeric($parentID)) {
return false;
}
$sql = "INSERT INTO post (thread, user, timestamp, content, parent_post, signature) VALUES (" . $threadID . ", " . $userID . ", UNIX_TIMESTAMP(), '" . $content . "', " . $parentID . ", ".$sig.")";
} else {
$sql = "INSERT INTO post (thread, user, timestamp, content, signature) VALUES (" . $threadID . ", " . $userID . ", UNIX_TIMESTAMP(), '" . $content . "', ".$sig.")";
}
$result = mysql_query($sql);
if (!$result) return false;
return true;
}
function updatePost($postID, $content) {
/* $postID - int
* $content - mother of all strings
*/
if (! is_numeric($postID)) {
return false; // That really needs to be numeric.
}
$content = substr($content,0,64000); //Avoid cut-off html tags when inserting LARGE texts
$x = addslashes(sanitize_html(stripslashes($content)));
$x = quickDBClean($x);
$sql = "UPDATE post SET content = \"$x\", modified = UNIX_TIMESTAMP() WHERE id = " . $postID;
$result = mysql_query($sql);
if (!$result) return false;
return true;
}
function updateThread($threadID, $title) {
/* $threadID - int
* $title - string
*/
if (! is_numeric($threadID)) {
return false;
}
$title = strip_tags(trim($title));
$title = quickDBClean($title);
if (strlen($title) == 0) {
return false;
}
$sql = "UPDATE thread SET title = \"$title\" WHERE id = " . $threadID;
$result = mysql_query($sql);
if (!$result) return false;
return true;
}
?>