Файл: mc-2.6/modules/forum/controllers/forum.php
Строк: 251
<?php
/**
* MobileCMS
*
* Open source content management system for mobile sites
*
* @author MobileCMS Team <support@mobilecms.ru>
* @copyright Copyright (c) 2011, MobileCMS Team
* @link http://mobilecms.ru Official site
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*/
defined('IN_SYSTEM') or die('<b>403<br />Запрет доступа!</b>');
/**
* Контроллер форума, пользовательская часть
*/
class Forum_Controller extends Controller {
/**
* Метод по умолчанию
*/
public function action_index() {
$this->action_list_sections();
}
/**
* Список разделов
*/
public function action_list_sections() {
$sections = array();
$result = $this->db->query("SELECT * FROM #__forum_sections ORDER BY position");
while($section = $this->db->fetch_array($result)) {
if($this->config['forum']['show_forums_in_list_sections'] || $section['section_id'] == @$_GET['section_id']) {
$section['forums'] = array();
$result1 = $this->db->query("SELECT * FROM #__forum_forums WHERE section_id = '". $section['section_id'] ."' ORDER BY position");
while($forum = $this->db->fetch_array($result1)) $section['forums'][] = $forum;
}
$sections[] = $section;
}
$this->tpl->assign(array(
'sections' => $sections
));
$this->tpl->display('list_sections');
}
/**
* Просмотр форума
*/
public function action_viewforum() {
$this->per_page = $this->config['forum']['topics_per_page'];
if($_GET['type'] != 'new') {
if(!$forum = $this->db->get_row("SELECT * FROM #__forum_forums WHERE forum_id = '". intval($_GET['forum_id']) ."'"))
a_error("Форум не найден!");
}
# Получение данных
switch($_GET['type']) {
case 'new':
$sql = "SELECT SQL_CALC_FOUND_ROWS ft.*, u.username AS last_username
FROM #__forum_topics AS ft
INNER JOIN #__users AS u ON ft.last_user_id = u.user_id
ORDER BY ft.time DESC
LIMIT $this->start, $this->per_page";
break;
default:
$sql = "SELECT SQL_CALC_FOUND_ROWS ft.*, u.username AS last_username
FROM #__forum_topics AS ft
INNER JOIN #__users AS u ON ft.last_user_id = u.user_id
WHERE ft.forum_id = '". $forum['forum_id'] ."'
ORDER BY ft.is_top_topic DESC, ft.last_message_time DESC
LIMIT $this->start, $this->per_page";
break;
}
$topics = $this->db->get_array($sql);
$total = $this->db->get_one("SELECT FOUND_ROWS()");
# Пагинация
$pg_conf['base_url'] = a_url('forum/viewforum', 'forum_id='. $_GET['forum_id'] .'&type='. $_GET['type'] .'&start=');
$pg_conf['total_rows'] = $total;
$pg_conf['per_page'] = $this->per_page;
a_import('libraries/pagination');
$pg = new CI_Pagination($pg_conf);
$this->tpl->assign(array(
'topics' => $topics,
'forum' => $forum,
'total' => $total,
'pagination' => $pg->create_links(),
'section' => $this->db->get_row("SELECT * FROM #__forum_sections WHERE section_id = '". $forum['section_id'] ."'"),
'messages_per_page' => $this->config['forum']['messages_per_page']
));
$this->tpl->display('viewforum');
}
/**
* Просмотр темы
*/
public function action_viewtopic() {
$this->per_page = $this->config['forum']['messages_per_page'];
if(!$topic = $this->db->get_row("SELECT * FROM #__forum_topics WHERE topic_id = '". intval($_GET['topic_id']) ."'"))
a_error("Тема не найдена!");
# Получение данных
$result = $this->db->query("SELECT SQL_CALC_FOUND_ROWS fm.*, u.username AS username, u.status AS user_status, up.avatar AS avatar_exists, u.last_visit, ff.file_id, ff.file_size, ff.file_downloads, ff.file_name
FROM #__forum_messages AS fm
INNER JOIN #__users AS u USING(user_id)
LEFT JOIN #__users_profiles AS up USING(user_id)
LEFT JOIN #__forum_files AS ff USING(message_id)
WHERE fm.topic_id = '". $topic['topic_id'] ."'
ORDER BY fm.message_id ASC
LIMIT $this->start, $this->per_page
");
$messages = array();
$num = $this->start;
if(!class_exists('smiles')) a_import('modules/smiles/helpers/smiles');
while($message = $this->db->fetch_array($result)) {
$message['num'] = ++$num;
$message['message'] = main::bbcode($message['message']);
$message['message'] = smiles::smiles_replace($message['message']);
$message['message'] = nl2br($message['message']);
$messages[] = $message;
}
$total = $this->db->get_one("SELECT FOUND_ROWS()");
# Пагинация
$pg_conf['base_url'] = a_url('forum/viewtopic', 'topic_id='. $_GET['topic_id'] .'&start=');
$pg_conf['total_rows'] = $total;
$pg_conf['per_page'] = $this->per_page;
a_import('libraries/pagination');
$pg = new CI_Pagination($pg_conf);
$this->tpl->assign(array(
'messages' => $messages,
'topic' => $topic,
'total' => $total,
'pagination' => $pg->create_links(),
'forum' => $this->db->get_row("SELECT * FROM #__forum_forums WHERE forum_id = '". $topic['forum_id'] ."'")
));
$this->tpl->display('viewtopic');
}
/**
* Закрепление / открепление темы
*/
public function action_topic_top() {
if(!$topic = $this->db->get_row("SELECT * FROM #__forum_topics WHERE topic_id = '". intval($_GET['topic_id']) ."'"))
a_error("Тема не найдена!");
if(ACCESS_LEVEL < 8) a_error('У вас нет прав на выполнение этой операции!');
$status = $_GET['a'] == 'top' ? 1 : 0;
$this->db->query("UPDATE #__forum_topics SET is_top_topic = '$status' WHERE topic_id = '". $topic['topic_id'] ."'");
header("Location: ". a_url('forum/viewforum', 'forum_id='. $topic['forum_id'] .'&start='. @$_GET['start'], TRUE));
exit;
}
/**
* Закрытие / окрытие темы
*/
public function action_topic_close() {
if(!$topic = $this->db->get_row("SELECT * FROM #__forum_topics WHERE topic_id = '". intval($_GET['topic_id']) ."'"))
a_error("Тема не найдена!");
if(ACCESS_LEVEL < 8) a_error('У вас нет прав на выполнение этой операции!');
$status = $_GET['a'] == 'close' ? 1 : 0;
$this->db->query("UPDATE #__forum_topics SET is_close_topic = '$status' WHERE topic_id = '". $topic['topic_id'] ."'");
header("Location: ". a_url('forum/viewforum', 'forum_id='. $topic['forum_id'] .'&start='. @$_GET['start'], TRUE));
exit;
}
/**
* Закрытие / окрытие темы
*/
public function action_topic_delete() {
if(!$topic = $this->db->get_row("SELECT * FROM #__forum_topics WHERE topic_id = '". intval($_GET['topic_id']) ."'"))
a_error("Тема не найдена!");
if(ACCESS_LEVEL < 8) a_error('У вас нет прав на выполнение этой операции!');
if(!empty($_GET['confirm'])) {
# удаляем тему
$this->db->query("DELETE FROM #__forum_topics WHERE topic_id = '". $topic['topic_id'] ."'");
# удаляем сообщения в теме
$this->db->query("DELETE FROM #__forum_messages WHERE topic_id = '". $topic['topic_id'] ."'");
# обновляем счетчик тем и сообщений в форуме
$this->db->query("UPDATE #__forum_forums SET
topics = topics - 1,
messages = messages - ". $topic['messages'] ." - 1
WHERE forum_id = '". $topic['forum_id'] ."'
");
header("Location: ". a_url('forum/viewforum', 'forum_id='. $topic['forum_id'] .'&start='. @$_GET['start'], TRUE));
exit;
}
else a_confirm('Действительно хотите удалить тему «'. $topic['name'] .'» со всеми сообщениями?', a_url('forum/topic_delete', 'confirm=yes&topic_id='. $topic['topic_id'] .'&start='. @$_GET['start']), a_url('forum/viewforum', 'forum_id='. $topic['forum_id'] .'&start='. @$_GET['start']));
}
/**
* Удаление сообщения
*/
public function action_message_delete() {
if(!$message = $this->db->get_row("SELECT m.*,
(SELECT status FROM #__users AS u WHERE u.user_id = m.user_id) AS user_status
FROM #__forum_messages AS m
WHERE message_id = '". intval($_GET['message_id']) ."'"))
a_error("Сообщение не найдено!");
if(!a_check_rights($message['user_id'], $message['user_status']) || !$message['is_last_message'])
a_error('У вас нет права удалять данное сообщение!');
if(!empty($_GET['confirm'])) {
# Удаляем сообщение
$this->db->query("DELETE FROM #__forum_messages WHERE message_id = '". $message['message_id'] ."'");
# Обновляем счетчики сообщений
$this->db->query("UPDATE #__forum_topics SET messages = messages - 1 WHERE topic_id = '". $message['topic_id'] ."'");
$this->db->query("UPDATE #__forum_forums SET messages = messages - 1 WHERE forum_id = '". $message['forum_id'] ."'");
# Отнимаем рейтинг
user::rating_update(-1, $message['user_id']);
header("Location: ". a_url('forum/viewtopic', 'topic_id='. $message['topic_id'] .'&start='. @$_GET['start'], TRUE));
exit;
}
else a_confirm('Действительно хотите удалить данное сообщение?', a_url('forum/message_delete', 'confirm=yes&message_id='. $message['message_id'] .'&start='. @$_GET['start']), a_url('forum/viewtopic', 'topic_id='. $message['topic_id'] .'&start='. @$_GET['start']));
}
/**
* Постинг
*/
public function action_posting() {
if(!empty($_GET['new_topic'])) {
if(!$forum = $this->db->get_row("SELECT * FROM #__forum_forums WHERE forum_id = '". intval($_GET['forum_id']) ."'"))
a_error("Форум не найден!");
$action = 'new_topic';
$message = array();
$title = "Новая тема";
if(USER_ID == -1 && !$this->config['forum']['guests_create_topics'])
a_error("Гости не имеют права создвать темы!<br />Зарегистрируйтесь или войдите под своим именем.");
}
else {
if(is_numeric($_GET['message_id'])) {
if(!$message = $this->db->get_row("SELECT * FROM #__forum_messages WHERE message_id = '". intval($_GET['message_id']) ."'"))
a_error("Сообщение не найдено!");
if(ACCESS_LEVEL < 8 && $message['user_id'] != USER_ID)
a_error("У вас нет прав редактировать данное сообщение!");
if($message['is_first_message'] == 1) {
$action = 'edit_first_message';
}
else {
$action = 'edit_message';
}
$title = "Редактировать сообщение";
$message_text = $message['message'];
$topic_id = $message['topic_id'];
}
else {
$action = 'new_message';
$message = array();
$title = "Новое сообщение";
$topic_id = $_GET['topic_id'];
$message_text = '';
if(!empty($_GET['replay'])) {
$message_text .= '[b]'. $_GET['replay'] .'[/b], ';
}
elseif(is_numeric($_GET['q'])) {
if(!$q_post = $this->db->get_row("SELECT * FROM #__forum_messages LEFT JOIN #__users USING(user_id) WHERE message_id = '". intval($_GET['q']) ."'"))
a_error("Не найден пост для цитирования");
$message_text .= '[q]'. $q_post['username'] .' ('. date('d.m.Y в H:i', $q_post['time']) .')'. PHP_EOL;
$message_text .= $q_post['message'] .'[/q]'. PHP_EOL;
}
if(USER_ID == -1 && !$this->config['forum']['guests_write_messages'])
a_error("Гости не имеют отвечать на темы!<br />Зарегистрируйтесь или войдите под своим именем.");
}
if(!$topic = $this->db->get_row("SELECT * FROM #__forum_topics WHERE topic_id = '". intval($topic_id) ."'"))
a_error("Тема не найдена!");
# Определяем можно ли постить в теме
if(ACCESS_LEVEL < 8 && $topic['is_close_topic'])
a_error("Тема закрыта, вы не имеете права писать и редактировать сообщения!");
}
if(isset($_POST['submit'])) {
if($action == 'new_topic' || $action == 'edit_first_message') {
if(empty($_POST['topic_name'])) {
$this->error .= 'Укажите название темы!<br />';
}
}
if(empty($_POST['message'])) {
$this->error .= 'Укажите сообщение!<br />';
}
# Проверка кода с картинки
if(USER_ID == -1) {
if($_POST['captcha_code'] != $_SESSION['captcha_code']) {
$this->error .= 'Неверно указан код с картинки<br />';
}
}
# Проверка прикрепляемого файла
if(!empty($_FILES['attach']['tmp_name'])) {
$file_ext = array_pop(explode('.', $_FILES['attach']['name']));
if(!strstr(';'. $this->config['forum']['allowed_filetypes'] .';', ';'. $file_ext .';'))
$this->error .= 'Вы пытаетесь загрузить запрещенный тип файла<br />';
if(filesize($_FILES['attach']['tmp_name']) > $this->config['forum']['max_filesize'] * 1048576)
$this->error .= 'Размер загружаемого файла превышает допустимый размер ('. $this->config['forum']['max_filesize'] .' Mb)<br />';
}
if(!$this->error) {
$_SESSION['captcha_code'] = main::get_unique_code(4);
switch($action) {
# Создание темы
case 'new_topic':
# Добавляем тему
$this->db->query("INSERT INTO #__forum_topics SET
section_id = '". $forum['section_id'] ."',
forum_id = '". $forum['forum_id'] ."',
user_id = '". USER_ID ."',
name = '". a_safe($_POST['topic_name']) ."',
time = UNIX_TIMESTAMP(),
last_message_time = UNIX_TIMESTAMP(),
last_user_id = '". USER_ID ."'
");
$topic_id = $this->db->insert_id();
# Добавляем сообщение
$this->db->query("INSERT INTO #__forum_messages SET
topic_id = '". $topic_id ."',
section_id = '". $forum['section_id'] ."',
forum_id = '". $forum['forum_id'] ."',
user_id = '". USER_ID ."',
message = '". a_safe($_POST['message']) ."',
is_first_message = 1,
time = UNIX_TIMESTAMP()
");
$message_id = $this->db->insert_id();
# Увеличиваем количество тем и сообщений в форуме
$this->db->query("UPDATE #__forum_forums SET
topics = topics + 1,
messages = messages + 1
WHERE
forum_id = '". $forum['forum_id'] ."'
");
# Добавляем рейтинг
user::rating_update();
$location = a_url('forum/viewtopic', 'topic_id='. $topic_id, true);
break;
# Добавление сообщения
case 'new_message':
# Снимаем метку с последнего сообщения
$this->db->query("UPDATE #__forum_messages SET is_last_message = 0 WHERE topic_id = '". $topic['topic_id'] ."'");
# Добавляем сообщение
$this->db->query("INSERT INTO #__forum_messages SET
topic_id = '". $topic['topic_id'] ."',
section_id = '". $topic['section_id'] ."',
forum_id = '". $topic['forum_id'] ."',
user_id = '". USER_ID ."',
message = '". a_safe($_POST['message']) ."',
is_last_message = 1,
time = UNIX_TIMESTAMP()
");
$message_id = $this->db->insert_id();
# Обновляем счетчик сообщений темы и время последнего сообщения
$this->db->query("UPDATE #__forum_topics SET
messages = messages + 1,
last_message_time = UNIX_TIMESTAMP(),
last_user_id = '". USER_ID ."'
WHERE topic_id = '". $topic['topic_id'] ."'
");
# Увеличиваем количество сообщений в форуме
$this->db->query("UPDATE #__forum_forums SET
messages = messages + 1
WHERE
forum_id = '". $topic['forum_id'] ."'
");
# Добавляем рейтинг
user::rating_update();
# Определяем start для пагинации
$messages = $topic['messages'] + 1;
$start = floor($messages / $this->config['forum']['messages_per_page']) * $this->config['forum']['messages_per_page'];
$location = a_url('forum/viewtopic', 'topic_id='. $topic['topic_id'] .'&start='. $start, true);
break;
# Редактирование сообщения
case 'edit_first_message':
$this->db->query("UPDATE #__forum_topics SET name = '". a_safe($_POST['topic_name']) ."' WHERE topic_id = '". $message['topic_id'] ."'");
case 'edit_message':
# Изменяем сообщение
$this->db->query("UPDATE #__forum_messages SET
message = '". a_safe($_POST['message']) ."',
edit_editor = '". $this->user['username'] ."',
edit_time = UNIX_TIMESTAMP(),
edit_count = edit_count + 1
WHERE
message_id = '". $message['message_id'] ."'
");
$message_id = $message['message_id'];
$location = a_url('forum/viewtopic', 'topic_id='. $message['topic_id'], true);
break;
}
if(!empty($_FILES['attach']['tmp_name'])) {
# Удаляем старый файл, если имеется
if($old_file = $this->db->get_row("SELECT * FROM #__forum_files WHERE message_id = '$message_id'")) {
@unlink(ROOT .'files/forum/'. main::get_dir($old_file['file_id']) .'/'. $old_file['file_name']);
$this->db->query("DELETE FROM #__forum_files WHERE file_id = '". $old_file['file_id'] ."'");
}
# Получаем ID нового файла
$this->db->query("INSERT INTO #__forum_files SET file_id = NULL");
$file_id = $this->db->insert_id();
# Генерируем имя загружаемого файла
$file_name = $file_id .'_'. preg_replace('/[^a-zA-Z0-9_.]+/', '', $_FILES['attach']['name']);
# Создаем папку для файла если необходимо
$directory = ROOT .'files/forum/'. main::get_dir($file_id);
if(!file_exists($directory)) {
mkdir($directory);
chmod($directory, 0777);
}
# Перемещаем новый файл
move_uploaded_file($_FILES['attach']['tmp_name'], $directory .'/'. $file_name);
chmod($directory .'/'. $file_name, 0777);
# Получаем размер файла
$file_size = filesize($directory .'/'. $file_name);
# Обновляем данные о файле
$this->db->query("UPDATE #__forum_files SET
message_id = '$message_id',
file_name = '". a_safe($file_name) ."',
file_size = '$file_size'
WHERE file_id = $file_id
");
}
header('Location: '. $location);
exit;
}
}
if(!isset($_POST['submit']) || $this->error) {
$_SESSION['captcha_code'] = main::get_unique_code(4);
$this->tpl->assign(array(
'error' => $this->error,
'title' => $title,
'message' => $message,
'topic' => $topic,
'forum' => $forum,
'action' => $action,
'message_text' => $message_text
));
$this->tpl->display('posting');
}
}
/**
* Листинг новых сообщений
*/
public function action_new_messages() {
$this->per_page = $this->config['forum']['messages_per_page'];
$sql = "SELECT SQL_CALC_FOUND_ROWS m.*, t.name AS topic_name, u.username, u.last_visit, up.avatar AS avatar_exists,
(SELECT COUNT(*) FROM #__forum_messages AS fm WHERE fm.topic_id = m.topic_id) AS all_messages
FROM #__forum_messages AS m LEFT JOIN #__forum_topics AS t USING(topic_id) LEFT JOIN #__users AS u ON u.user_id = m.user_id LEFT JOIN #__users_profiles AS up ON up.user_id = u.user_id
ORDER BY m.time DESC
LIMIT $this->start, $this->per_page
";
$result = $this->db->query($sql);
$total = $this->db->get_one("SELECT FOUND_ROWS()");
$messages = array();
if(!class_exists('smiles')) a_import('modules/smiles/helpers/smiles');
while($message = $this->db->fetch_array($result)) {
$message['message'] = main::bbcode($message['message']);
$message['message'] = smiles::smiles_replace($message['message']);
$message['message'] = nl2br($message['message']);
$messages[] = $message;
}
# Пагинация
$pg_conf['base_url'] = a_url('forum/new_messages', 'start=');
$pg_conf['total_rows'] = $total;
$pg_conf['per_page'] = $this->per_page;
a_import('libraries/pagination');
$pg = new CI_Pagination($pg_conf);
$this->tpl->assign(array(
'messages' => $messages,
'total' => $total,
'pagination' => $pg->create_links(),
'messages_per_page' => $this->per_page
));
$this->tpl->display('new_messages');
}
/**
* Скачивание прикрепленного файла
*/
public function action_download_attach() {
if(!$file = $this->db->get_row("SELECT * FROM #__forum_files WHERE file_id = '". intval($_GET['file_id']) ."'"))
a_error('Файл не найден!');
# Обновляем счетчик скачиваний
$this->db->query("UPDATE #__forum_files SET file_downloads = file_downloads + 1 WHERE file_id = '". $file['file_id'] ."'");
# Перенаправляем на файл
header('Location: '. URL .'files/forum/'. main::get_dir($file['file_id']) .'/'. $file['file_name']);
}
}
?>