Файл: mc-2.7.0/modules/forum/controllers/forum.php
Строк: 248
<?php
/**
* MobileCMS
*
* Open source content management system for mobile sites
*
* @author MobileCMS Team <support@mobilecms.pro>
* @copyright Copyright (c) 2011-2019, MobileCMS Team
* @link https://mobilecms.pro Official site
* @license MIT license
*/
defined('IN_SYSTEM') or die('<b>403<br />Запрет доступа!</b>');
/**
* Контроллер форума, пользовательская часть
*/
class Forum_Controller extends Controller {
/**
* Метод по умолчанию
*/
public function action_index() {
$this->action_list_sections();
}
/**
* Список разделов
*/
public function action_list_sections() {
$sections = array();
$result = $this->db->query("SELECT * FROM #__forum_sections ORDER BY position");
while ($section = $this->db->fetch_array($result)) {
if ($this->config['forum']['show_forums_in_list_sections'] || $section['section_id'] == @$_GET['section_id']) {
$section['forums'] = array();
$result1 = $this->db->query("SELECT * FROM #__forum_forums WHERE section_id = '" . $section['section_id'] . "' ORDER BY position");
while ($forum = $this->db->fetch_array($result1))
$section['forums'][] = $forum;
}
$sections[] = $section;
}
$this->tpl->assign(array(
'sections' => $sections
));
$this->tpl->display('list_sections');
}
/**
* Просмотр форума
*/
public function action_viewforum() {
$this->per_page = $this->config['forum']['topics_per_page'];
if ($_GET['type'] != 'new') {
if (!$forum = $this->db->get_row("SELECT * FROM #__forum_forums WHERE forum_id = '" . intval($_GET['forum_id']) . "'"))
a_error("Форум не найден!");
}
# Получение данных
switch ($_GET['type']) {
case 'new':
$sql = "SELECT SQL_CALC_FOUND_ROWS ft.*, u.username AS last_username
FROM #__forum_topics AS ft
INNER JOIN #__users AS u ON ft.last_user_id = u.user_id
ORDER BY ft.time DESC
LIMIT $this->start, $this->per_page";
break;
default:
$sql = "SELECT SQL_CALC_FOUND_ROWS ft.*, u.username AS last_username
FROM #__forum_topics AS ft
INNER JOIN #__users AS u ON ft.last_user_id = u.user_id
WHERE ft.forum_id = '" . $forum['forum_id'] . "'
ORDER BY ft.is_top_topic DESC, ft.last_message_time DESC
LIMIT $this->start, $this->per_page";
break;
}
$topics = $this->db->get_array($sql);
$total = $this->db->get_one("SELECT FOUND_ROWS()");
# Пагинация
$pg_conf['base_url'] = a_url('forum/viewforum', 'forum_id=' . $_GET['forum_id'] . '&type=' . $_GET['type'] . '&start=');
$pg_conf['total_rows'] = $total;
$pg_conf['per_page'] = $this->per_page;
a_import('libraries/pagination');
$pg = new CI_Pagination($pg_conf);
$this->tpl->assign(array(
'topics' => $topics,
'forum' => $forum,
'total' => $total,
'pagination' => $pg->create_links(),
'section' => $this->db->get_row("SELECT * FROM #__forum_sections WHERE section_id = '" . $forum['section_id'] . "'"),
'messages_per_page' => $this->config['forum']['messages_per_page']
));
$this->tpl->display('viewforum');
}
/**
* Просмотр темы
*/
public function action_viewtopic() {
$this->per_page = $this->config['forum']['messages_per_page'];
if (!$topic = $this->db->get_row("SELECT * FROM #__forum_topics WHERE topic_id = '" . intval($_GET['topic_id']) . "'"))
a_error("Тема не найдена!");
# Получение данных
$result = $this->db->query("SELECT SQL_CALC_FOUND_ROWS fm.*, u.username AS username, u.status AS user_status, up.avatar AS avatar_exists, u.last_visit, ff.file_id, ff.file_size, ff.file_downloads, ff.file_name
FROM #__forum_messages AS fm
INNER JOIN #__users AS u USING(user_id)
LEFT JOIN #__users_profiles AS up USING(user_id)
LEFT JOIN #__forum_files AS ff USING(message_id)
WHERE fm.topic_id = '" . $topic['topic_id'] . "'
ORDER BY fm.message_id ASC
LIMIT $this->start, $this->per_page
");
$messages = array();
$num = $this->start;
if (!class_exists('smiles'))
a_import('modules/smiles/helpers/smiles');
while ($message = $this->db->fetch_array($result)) {
$message['num'] = ++$num;
$message['message'] = main::bbcode($message['message']);
$message['message'] = smiles::smiles_replace($message['message']);
$message['message'] = nl2br($message['message']);
$messages[] = $message;
}
$total = $this->db->get_one("SELECT FOUND_ROWS()");
# Пагинация
$pg_conf['base_url'] = a_url('forum/viewtopic', 'topic_id=' . $_GET['topic_id'] . '&start=');
$pg_conf['total_rows'] = $total;
$pg_conf['per_page'] = $this->per_page;
a_import('libraries/pagination');
$pg = new CI_Pagination($pg_conf);
$this->tpl->assign(array(
'messages' => $messages,
'topic' => $topic,
'total' => $total,
'pagination' => $pg->create_links(),
'forum' => $this->db->get_row("SELECT * FROM #__forum_forums WHERE forum_id = '" . $topic['forum_id'] . "'")
));
$this->tpl->display('viewtopic');
}
/**
* Закрепление / открепление темы
*/
public function action_topic_top() {
if (!$topic = $this->db->get_row("SELECT * FROM #__forum_topics WHERE topic_id = '" . intval($_GET['topic_id']) . "'"))
a_error("Тема не найдена!");
if (ACCESS_LEVEL < 8)
a_error('У вас нет прав на выполнение этой операции!');
$status = $_GET['a'] == 'top' ? 1 : 0;
$this->db->query("UPDATE #__forum_topics SET is_top_topic = '$status' WHERE topic_id = '" . $topic['topic_id'] . "'");
header("Location: " . a_url('forum/viewforum', 'forum_id=' . $topic['forum_id'] . '&start=' . @$_GET['start'], TRUE));
exit;
}
/**
* Закрытие / окрытие темы
*/
public function action_topic_close() {
if (!$topic = $this->db->get_row("SELECT * FROM #__forum_topics WHERE topic_id = '" . intval($_GET['topic_id']) . "'"))
a_error("Тема не найдена!");
if (ACCESS_LEVEL < 8)
a_error('У вас нет прав на выполнение этой операции!');
$status = $_GET['a'] == 'close' ? 1 : 0;
$this->db->query("UPDATE #__forum_topics SET is_close_topic = '$status' WHERE topic_id = '" . $topic['topic_id'] . "'");
header("Location: " . a_url('forum/viewforum', 'forum_id=' . $topic['forum_id'] . '&start=' . @$_GET['start'], TRUE));
exit;
}
/**
* Закрытие / окрытие темы
*/
public function action_topic_delete() {
if (!$topic = $this->db->get_row("SELECT * FROM #__forum_topics WHERE topic_id = '" . intval($_GET['topic_id']) . "'")) {
a_error("Тема не найдена!");
}
if (ACCESS_LEVEL < 8) {
a_error('У вас нет прав на выполнение этой операции!');
}
if (!empty($_GET['confirm'])) {
# удаляем тему
$this->db->query("DELETE FROM #__forum_topics WHERE topic_id = '" . $topic['topic_id'] . "'");
# удаляем сообщения в теме
$this->db->query("DELETE FROM #__forum_messages WHERE topic_id = '" . $topic['topic_id'] . "'");
# обновляем счетчик тем и сообщений в форуме
$this->db->query("UPDATE #__forum_forums SET
topics = topics - 1,
messages = messages - " . $topic['messages'] . " - 1
WHERE forum_id = '" . $topic['forum_id'] . "'
");
header("Location: " . a_url('forum/viewforum', 'forum_id=' . $topic['forum_id'] . '&start=' . @$_GET['start'], TRUE));
exit;
} else {
a_confirm('Действительно хотите удалить тему «' . $topic['name'] . '» со всеми сообщениями?', a_url('forum/topic_delete', 'confirm=yes&topic_id=' . $topic['topic_id'] . '&start=' . @$_GET['start']), a_url('forum/viewforum', 'forum_id=' . $topic['forum_id'] . '&start=' . @$_GET['start']));
}
}
/**
* Удаление сообщения
*/
public function action_message_delete() {
if (!$message = $this->db->get_row("SELECT m.*,
(SELECT status FROM #__users AS u WHERE u.user_id = m.user_id) AS user_status
FROM #__forum_messages AS m
WHERE message_id = '" . intval($_GET['message_id']) . "'")) {
a_error("Сообщение не найдено!");
}
if (!a_check_rights($message['user_id'], $message['user_status']) || !$message['is_last_message']) {
a_error('У вас нет права удалять данное сообщение!');
}
if (!empty($_GET['confirm'])) {
# Удаляем сообщение
$this->db->query("DELETE FROM #__forum_messages WHERE message_id = '" . $message['message_id'] . "'");
# Обновляем счетчики сообщений
$this->db->query("UPDATE #__forum_topics SET messages = messages - 1 WHERE topic_id = '" . $message['topic_id'] . "'");
$this->db->query("UPDATE #__forum_forums SET messages = messages - 1 WHERE forum_id = '" . $message['forum_id'] . "'");
# Отнимаем рейтинг
user::rating_update(-1, $message['user_id']);
header("Location: " . a_url('forum/viewtopic', 'topic_id=' . $message['topic_id'] . '&start=' . @$_GET['start'], TRUE));
exit;
} else {
a_confirm('Действительно хотите удалить данное сообщение?', a_url('forum/message_delete', 'confirm=yes&message_id=' . $message['message_id'] . '&start=' . @$_GET['start']), a_url('forum/viewtopic', 'topic_id=' . $message['topic_id'] . '&start=' . @$_GET['start']));
}
}
/**
* Постинг
*/
public function action_posting() {
if (!empty($_GET['new_topic'])) {
if (!$forum = $this->db->get_row("SELECT * FROM #__forum_forums WHERE forum_id = '" . intval($_GET['forum_id']) . "'")) {
a_error("Форум не найден!");
}
$action = 'new_topic';
$message = array();
$title = "Новая тема";
if (USER_ID == -1 && !$this->config['forum']['guests_create_topics']) {
a_error("Гости не имеют права создвать темы!<br />Зарегистрируйтесь или войдите под своим именем.");
}
} else {
if (is_numeric($_GET['message_id'])) {
if (!$message = $this->db->get_row("SELECT * FROM #__forum_messages WHERE message_id = '" . intval($_GET['message_id']) . "'")) {
a_error("Сообщение не найдено!");
}
if (ACCESS_LEVEL < 8 && $message['user_id'] != USER_ID) {
a_error("У вас нет прав редактировать данное сообщение!");
}
if ($message['is_first_message'] == 1) {
$action = 'edit_first_message';
} else {
$action = 'edit_message';
}
$title = "Редактировать сообщение";
$message_text = $message['message'];
$topic_id = $message['topic_id'];
} else {
$action = 'new_message';
$message = array();
$title = "Новое сообщение";
$topic_id = $_GET['topic_id'];
$message_text = '';
if (!empty($_GET['replay'])) {
$message_text .= '[b]' . $_GET['replay'] . '[/b], ';
} elseif (is_numeric($_GET['q'])) {
if (!$q_post = $this->db->get_row("SELECT * FROM #__forum_messages LEFT JOIN #__users USING(user_id) WHERE message_id = '" . intval($_GET['q']) . "'"))
a_error("Не найден пост для цитирования");
$message_text .= '[q]' . $q_post['username'] . ' (' . date('d.m.Y в H:i', $q_post['time']) . ')' . PHP_EOL;
$message_text .= $q_post['message'] . '[/q]' . PHP_EOL;
}
if (USER_ID == -1 && !$this->config['forum']['guests_write_messages'])
a_error("Гости не имеют отвечать на темы!<br />Зарегистрируйтесь или войдите под своим именем.");
}
if (!$topic = $this->db->get_row("SELECT * FROM #__forum_topics WHERE topic_id = '" . intval($topic_id) . "'"))
a_error("Тема не найдена!");
# Определяем можно ли постить в теме
if (ACCESS_LEVEL < 8 && $topic['is_close_topic'])
a_error("Тема закрыта, вы не имеете права писать и редактировать сообщения!");
}
if (isset($_POST['submit'])) {
if ($action == 'new_topic' || $action == 'edit_first_message') {
if (empty($_POST['topic_name'])) {
$this->error .= 'Укажите название темы!<br />';
}
}
if (empty($_POST['message'])) {
$this->error .= 'Укажите сообщение!<br />';
}
# Проверка кода с картинки
if (USER_ID == -1) {
if ($_POST['captcha_code'] != $_SESSION['captcha_code']) {
$this->error .= 'Неверно указан код с картинки<br />';
}
}
# Проверка прикрепляемого файла
if (!empty($_FILES['attach']['tmp_name'])) {
$file_ext = array_pop(explode('.', $_FILES['attach']['name']));
if (!strstr(';' . $this->config['forum']['allowed_filetypes'] . ';', ';' . $file_ext . ';'))
$this->error .= 'Вы пытаетесь загрузить запрещенный тип файла<br />';
if (filesize($_FILES['attach']['tmp_name']) > $this->config['forum']['max_filesize'] * 1048576)
$this->error .= 'Размер загружаемого файла превышает допустимый размер (' . $this->config['forum']['max_filesize'] . ' Mb)<br />';
}
if (!$this->error) {
$_SESSION['captcha_code'] = main::get_unique_code(4);
switch ($action) {
# Создание темы
case 'new_topic':
# Добавляем тему
$this->db->query("INSERT INTO #__forum_topics SET
section_id = '" . $forum['section_id'] . "',
forum_id = '" . $forum['forum_id'] . "',
user_id = '" . USER_ID . "',
name = '" . a_safe($_POST['topic_name']) . "',
time = UNIX_TIMESTAMP(),
last_message_time = UNIX_TIMESTAMP(),
last_user_id = '" . USER_ID . "'
");
$topic_id = $this->db->insert_id();
# Добавляем сообщение
$this->db->query("INSERT INTO #__forum_messages SET
topic_id = '" . $topic_id . "',
section_id = '" . $forum['section_id'] . "',
forum_id = '" . $forum['forum_id'] . "',
user_id = '" . USER_ID . "',
message = '" . a_safe($_POST['message']) . "',
is_first_message = 1,
time = UNIX_TIMESTAMP()
");
$message_id = $this->db->insert_id();
# Увеличиваем количество тем и сообщений в форуме
$this->db->query("UPDATE #__forum_forums SET
topics = topics + 1,
messages = messages + 1
WHERE
forum_id = '" . $forum['forum_id'] . "'
");
# Добавляем рейтинг
user::rating_update();
$location = a_url('forum/viewtopic', 'topic_id=' . $topic_id, true);
break;
# Добавление сообщения
case 'new_message':
# Снимаем метку с последнего сообщения
$this->db->query("UPDATE #__forum_messages SET is_last_message = 0 WHERE topic_id = '" . $topic['topic_id'] . "'");
# Добавляем сообщение
$this->db->query("INSERT INTO #__forum_messages SET
topic_id = '" . $topic['topic_id'] . "',
section_id = '" . $topic['section_id'] . "',
forum_id = '" . $topic['forum_id'] . "',
user_id = '" . USER_ID . "',
message = '" . a_safe($_POST['message']) . "',
is_last_message = 1,
time = UNIX_TIMESTAMP()
");
$message_id = $this->db->insert_id();
# Обновляем счетчик сообщений темы и время последнего сообщения
$this->db->query("UPDATE #__forum_topics SET
messages = messages + 1,
last_message_time = UNIX_TIMESTAMP(),
last_user_id = '" . USER_ID . "'
WHERE topic_id = '" . $topic['topic_id'] . "'
");
# Увеличиваем количество сообщений в форуме
$this->db->query("UPDATE #__forum_forums SET
messages = messages + 1
WHERE
forum_id = '" . $topic['forum_id'] . "'
");
# Добавляем рейтинг
user::rating_update();
# Определяем start для пагинации
$messages = $topic['messages'] + 1;
$start = floor($messages / $this->config['forum']['messages_per_page']) * $this->config['forum']['messages_per_page'];
$location = a_url('forum/viewtopic', 'topic_id=' . $topic['topic_id'] . '&start=' . $start, true);
break;
# Редактирование сообщения
case 'edit_first_message':
$this->db->query("UPDATE #__forum_topics SET name = '" . a_safe($_POST['topic_name']) . "' WHERE topic_id = '" . $message['topic_id'] . "'");
case 'edit_message':
# Изменяем сообщение
$this->db->query("UPDATE #__forum_messages SET
message = '" . a_safe($_POST['message']) . "',
edit_editor = '" . $this->user['username'] . "',
edit_time = UNIX_TIMESTAMP(),
edit_count = edit_count + 1
WHERE
message_id = '" . $message['message_id'] . "'
");
$message_id = $message['message_id'];
$location = a_url('forum/viewtopic', 'topic_id=' . $message['topic_id'], true);
break;
}
if (!empty($_FILES['attach']['tmp_name'])) {
# Удаляем старый файл, если имеется
if ($old_file = $this->db->get_row("SELECT * FROM #__forum_files WHERE message_id = '$message_id'")) {
@unlink(ROOT . 'files/forum/' . main::get_dir($old_file['file_id']) . '/' . $old_file['file_name']);
$this->db->query("DELETE FROM #__forum_files WHERE file_id = '" . $old_file['file_id'] . "'");
}
# Получаем ID нового файла
$this->db->query("INSERT INTO #__forum_files SET file_id = NULL");
$file_id = $this->db->insert_id();
# Генерируем имя загружаемого файла
$file_name = $file_id . '_' . preg_replace('/[^a-zA-Z0-9_.]+/', '', $_FILES['attach']['name']);
# Создаем папку для файла если необходимо
$directory = ROOT . 'files/forum/' . main::get_dir($file_id);
if (!file_exists($directory)) {
mkdir($directory);
chmod($directory, 0777);
}
# Перемещаем новый файл
move_uploaded_file($_FILES['attach']['tmp_name'], $directory . '/' . $file_name);
chmod($directory . '/' . $file_name, 0777);
# Получаем размер файла
$file_size = filesize($directory . '/' . $file_name);
# Обновляем данные о файле
$this->db->query("UPDATE #__forum_files SET
message_id = '$message_id',
file_name = '" . a_safe($file_name) . "',
file_size = '$file_size'
WHERE file_id = $file_id
");
}
header('Location: ' . $location);
exit;
}
}
if (!isset($_POST['submit']) || $this->error) {
$_SESSION['captcha_code'] = main::get_unique_code(4);
$this->tpl->assign(array(
'error' => $this->error,
'title' => $title,
'message' => $message,
'topic' => $topic,
'forum' => $forum,
'action' => $action,
'message_text' => $message_text
));
$this->tpl->display('posting');
}
}
/**
* Листинг новых сообщений
*/
public function action_new_messages() {
$this->per_page = $this->config['forum']['messages_per_page'];
$sql = "SELECT SQL_CALC_FOUND_ROWS m.*, t.name AS topic_name, u.username, u.last_visit, up.avatar AS avatar_exists,
(SELECT COUNT(*) FROM #__forum_messages AS fm WHERE fm.topic_id = m.topic_id) AS all_messages
FROM #__forum_messages AS m LEFT JOIN #__forum_topics AS t USING(topic_id) LEFT JOIN #__users AS u ON u.user_id = m.user_id LEFT JOIN #__users_profiles AS up ON up.user_id = u.user_id
ORDER BY m.time DESC
LIMIT $this->start, $this->per_page
";
$result = $this->db->query($sql);
$total = $this->db->get_one("SELECT FOUND_ROWS()");
$messages = array();
if (!class_exists('smiles'))
a_import('modules/smiles/helpers/smiles');
while ($message = $this->db->fetch_array($result)) {
$message['message'] = main::bbcode($message['message']);
$message['message'] = smiles::smiles_replace($message['message']);
$message['message'] = nl2br($message['message']);
$messages[] = $message;
}
# Пагинация
$pg_conf['base_url'] = a_url('forum/new_messages', 'start=');
$pg_conf['total_rows'] = $total;
$pg_conf['per_page'] = $this->per_page;
a_import('libraries/pagination');
$pg = new CI_Pagination($pg_conf);
$this->tpl->assign(array(
'messages' => $messages,
'total' => $total,
'pagination' => $pg->create_links(),
'messages_per_page' => $this->per_page
));
$this->tpl->display('new_messages');
}
/**
* Скачивание прикрепленного файла
*/
public function action_download_attach() {
if (!$file = $this->db->get_row("SELECT * FROM #__forum_files WHERE file_id = '" . intval($_GET['file_id']) . "'"))
a_error('Файл не найден!');
# Обновляем счетчик скачиваний
$this->db->query("UPDATE #__forum_files SET file_downloads = file_downloads + 1 WHERE file_id = '" . $file['file_id'] . "'");
# Перенаправляем на файл
header('Location: ' . URL . 'files/forum/' . main::get_dir($file['file_id']) . '/' . $file['file_name']);
}
}
?>