Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Watersys/edit_message.php

Go to file
 
 
Cannot retrieve contributors at this time
153 lines (153 sloc) 5.74 KB
Raw Blame
Open in GitHub Desktop
<?php
//This page let an user edit a message
include('config.php');
if(isset($_GET['id'], $_GET['id2']))
{
$id = intval($_GET['id']);
$id2 = intval($_GET['id2']);
if(isset($_SESSION['username']))
{
$dn1 = mysqli_fetch_array(mysqli_query($var,'select count(t.id) as nb1, t.authorid, t2.title, t.message, t.parent, c.name from topics as t, topics as t2, categories as c where t.id="'.$id.'" and t.id2="'.$id2.'" and t2.id="'.$id.'" and t2.id2=1 and c.id=t.parent group by t.id'));
if($dn1['nb1']>0)
{
if($_SESSION['userid']==$dn1['authorid'] or $_SESSION['username']==$admin)
{
include('bbcode_function.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="<?php echo $design; ?>/style.css" rel="stylesheet" title="Style" />
<title>Edit a reply - <?php echo htmlentities($dn1['title'], ENT_QUOTES, 'UTF-8'); ?> - <?php echo htmlentities($dn1['name'], ENT_QUOTES, 'UTF-8'); ?> - Forum</title>
<script type="text/javascript" src="functions.js"></script>
</head>
<body>
<div align="center">
<div class="header">
<a href="<?php echo $url_home; ?>"><img width="80%" src="<?php echo $design; ?>/images/logo.png" alt="Forum" /></a>
</div></div>
<div class="contentmessage">
<?php
$nb_new_pm = mysqli_fetch_array(mysqli_query($var,'select count(*) as nb_new_pm from pm where ((user1="'.$_SESSION['userid'].'" and user1read="no") or (user2="'.$_SESSION['userid'].'" and user2read="no")) and id2="1"'));
$nb_new_pm = $nb_new_pm['nb_new_pm'];
?>
<div class="box">
<div class="box_left">
<a href="<?php echo $url_home; ?>">WCSF Index</a> &gt; <a href="list_topics.php?parent=<?php echo $dn1['parent']; ?>"><?php echo htmlentities($dn1['name'], ENT_QUOTES, 'UTF-8'); ?></a> &gt; <a href="read_topic.php?id=<?php echo $id; ?>"><?php echo htmlentities($dn1['title'], ENT_QUOTES, 'UTF-8'); ?></a> &gt; Edit a reply
</div>
<div class="box_right">
<a href="list_pm.php">Your messages(<?php echo $nb_new_pm; ?>)</a> - <a href="profile.php?id=<?php echo $_SESSION['userid']; ?>"><?php echo htmlentities($_SESSION['username'], ENT_QUOTES, 'UTF-8'); ?></a> (<a href="login.php">Logout</a>)
</div>
<div class="clean"></div>
</div>
<?php
if(isset($_POST['message']) and $_POST['message']!='')
{
if($id2==1)
{
if($_SESSION['username']==$admin and isset($_POST['title']) and $_POST['title']!='')
{
$title = $_POST['title'];
if(get_magic_quotes_gpc())
{
$title = stripslashes($title);
}
$title = mysql_real_escape_string($dn1['title']);
}
else
{
$title = mysql_real_escape_string($dn1['title']);
}
}
else
{
$title = '';
}
$message = $_POST['message'];
if(get_magic_quotes_gpc())
{
$message = stripslashes($message);
}
$message = mysql_real_escape_string(bbcode_to_html($message));
if(mysql_query('update topics set title="'.$title.'", message="'.$message.'" where id="'.$id.'" and id2="'.$id2.'"'))
{
?>
<div class="message">The message have successfully been edited.<br />
<a href="read_topic.php?id=<?php echo $id; ?>">Go the the topic</a></div>
<?php
}
else
{
echo 'An error occurred while editing the message.';
}
}
else
{
?>
<form action="edit_message.php?id=<?php echo $id; ?>&id2=<?php echo $id2; ?>" method="post">
<?php
if($_SESSION['username']==$admin and $id2==1)
{
?>
<label for="title">Title</label><input type="text" name="title" id="title" value="<?php echo htmlentities($dn1['title'], ENT_QUOTES, 'UTF-8'); ?>" />
<?php
}
?>
<label for="message">Message</label><br />
<div class="message_buttons">
<input type="button" value="Bold" onclick="javascript:insert('[b]', '[/b]', 'message');" /><!--
--><input type="button" value="Italic" onclick="javascript:insert('[i]', '[/i]', 'message');" /><!--
--><input type="button" value="Underlined" onclick="javascript:insert('[u]', '[/u]', 'message');" /><!--
--><input type="button" value="Image" onclick="javascript:insert('[img]', '[/img]', 'message');" /><!--
--><input type="button" value="Link" onclick="javascript:insert('[url]', '[/url]', 'message');" /><!--
--><input type="button" value="Left" onclick="javascript:insert('[left]', '[/left]', 'message');" /><!--
--><input type="button" value="Center" onclick="javascript:insert('[center]', '[/center]', 'message');" /><!--
--><input type="button" value="Right" onclick="javascript:insert('[right]', '[/right]', 'message');" />
</div>
<textarea name="message" id="message" cols="70" rows="6"><?php echo html_to_bbcode($dn1['message']); ?></textarea><br />
<input type="submit" value="Submit" />
</form>
<?php
}
?>
</div>
<!-- <div class="foot">
<p><b>Water Control System and Discussion Portal for Farmers</b></p>
</div> -->
</body>
</html>
<?php
}
else
{
echo '<h2>You don\'t have the right to edit this message.</h2>';
}
}
else
{
echo '<h2>The message you want to edit doesn\'t exist..</h2>';
}
}
else
{
?>
<h2>You must be logged to access this page:</h2>
<div class="box_login">
<form action="login.php" method="post">
<label for="username">Username</label><input type="text" name="username" id="username" /><br />
<label for="password">Password</label><input type="password" name="password" id="password" /><br />
<label for="memorize">Remember</label><input type="checkbox" name="memorize" id="memorize" value="yes" />
<div class="center">
<input type="submit" value="Login" /> <input type="button" onclick="javascript:document.location='signup.php';" value="Sign Up" />
</div>
</form>
</div>
<?php
}
}
else
{
header("location:login.php?msg=Login First to use service");
}
?>