source: trunk/Modules/Forum/Forum.php

Last change on this file was 900, checked in by chronos, 9 months ago
  • Fixed: More form input fields validation.
  • Modified: Code cleanup.
File size: 14.6 KB
Line 
1<?php
2
3class ModuleForum extends Module
4{
5 function __construct(System $System)
6 {
7 parent::__construct($System);
8 $this->Name = 'Forum';
9 $this->Version = '1.0';
10 $this->Creator = 'Maron';
11 $this->License = 'GNU/GPL';
12 $this->Description = '';
13 $this->Dependencies = array();
14 }
15
16 function DoStart(): void
17 {
18 $this->System->RegisterPage(['forum'], 'PageForum');
19 $this->System->ModuleManager->Modules['News']->RegisterRSS(array(
20 'Title' => T('Forum'), 'Channel' => 'forum', 'Callback' => array('PageForum', 'ShowRSS'),
21 'Permission' => LICENCE_ANONYMOUS));
22
23 if (array_key_exists('Search', $this->System->ModuleManager->Modules))
24 $this->System->ModuleManager->Modules['Search']->RegisterSearch('forum',
25 T('Forum'), array('UserName', 'Text'), '`ForumText`', $this->System->Link('/forum/?search='));
26 if (array_key_exists('Search', $this->System->ModuleManager->Modules))
27 $this->System->ModuleManager->Modules['Search']->RegisterSearch('forumthread',
28 T('Name of thread forum'), array('UserName', 'Text'), '`ForumThread`',
29 $this->System->Link('/forum/?search='));
30
31 Core::Cast($this->System)->RegisterMenuItem(array(
32 'Title' => T('Forum'),
33 'Hint' => T('Forum about translation wow'),
34 'Link' => $this->System->Link('/forum/'),
35 'Permission' => LICENCE_ANONYMOUS,
36 'Icon' => '',
37 ), 17);
38 }
39
40 function ShowBox()
41 {
42 $Count = 20;
43 $Output = '<strong><a href="'.$this->System->Link('/forum/').'">'.T('Last forum posts').':</a></strong>';
44 $Output .= '<div class="box">';
45
46 $Query = 'SELECT `ForumText`.`Text`, `ForumText`.`Date`, `User`.`Name` AS `UserName`, '.
47 '`User`.`Id` AS `UserId`, `ForumText`.`Thread` '.
48 'FROM `ForumText` '.
49 'JOIN `User` ON `User`.`Id` = `ForumText`.`User` '.
50 'ORDER BY `Date` DESC LIMIT '.$Count;
51 $DbResult = $this->Database->query($Query);
52 $Output .= '<table class="MiniTable"><tr><th>'.T('Date').'</th><th>'.T('User').'</th><th>'.T('Post').'</th></tr>';
53 while ($DbRow = $DbResult->fetch_assoc())
54 {
55 $Output .= '<tr>'.
56 '<td><a href="'.$this->System->Link('/forum/?Thread='.$DbRow['Thread']).'">'.HumanDate($DbRow['Date']).'</a></td>'.
57 '<td><a href="'.$this->System->Link('/user/?user='.$DbRow['UserId']).'">'.$DbRow['UserName'].'</a></td>'.
58 '<td>'.ShowBBcodes(htmlspecialchars($DbRow['Text'])).'</td>'.
59 '</tr>';
60 }
61 $Output .= '</table></div>';
62 return $Output;
63 }
64}
65
66class PageForum extends Page
67{
68 function Show(): string
69 {
70 $User = ModuleUser::Cast($this->System->GetModule('User'))->User;
71 $Output = '';
72 $this->Title = T('Forum');
73 if (array_key_exists('a', $_POST)) $Action = $_POST['a'];
74 else if (array_key_exists('a', $_GET)) $Action = $_GET['a'];
75 else $Action = '';
76 if (array_key_exists('Edit', $_GET)) {
77 if (array_key_exists('text', $_POST))
78 $Output .= $this->Edit();
79 $Output .= $this->ShowEditForm();
80 } else
81 if (array_key_exists('search', $_GET))
82 $Output .= $this->ShowSearchForum();
83 else
84 if (array_key_exists('Thread', $_GET)) {
85 $Output .= '<h3>'.T('Forum - Thread').'</h3>';
86 if ($Action == 'add2') $Output .= $this->AddFinish();
87 if ($User->Licence(LICENCE_USER)) $Output .= $this->ShowAddForm();
88 $Output .= $this->ShowList();
89 } else {
90 $Output .= '<h3>'.T('Forum - List of Thread').'</h3>';
91 if ($Action == 'add2') $Output .= $this->AddFinish('ForumThread');
92 if ($User->Licence(LICENCE_USER)) $Output .= $this->ShowAddFormThread();
93 $Output .= $this->ShowListThread();
94 }
95 return $Output;
96 }
97
98 function Edit()
99 {
100 $User = ModuleUser::Cast($this->System->GetModule('User'))->User;
101 $Output = '';
102 $this->System->Database->query('UPDATE `ForumText` SET `Text`="'.$_POST['text'].'" WHERE `User` = '.$User->Id.' AND `ID` = '.$_GET['Edit']);
103 $Output .= ShowMessage(T('Text edited.'));
104 return $Output;
105 }
106
107 function ShowEditForm()
108 {
109 $User = ModuleUser::Cast($this->System->GetModule('User'))->User;
110 $Output = '';
111 if ($User->Licence(LICENCE_USER))
112 {
113 $DbResult = $this->System->Database->query('SELECT * FROM `ForumText` WHERE `User` = '.$User->Id.' AND `ID` = '.$_GET['Edit']);
114 if ( $DbResult->num_rows > 0) {
115 $DbRow = $DbResult->fetch_assoc();
116 $Output .= '<form action="?Edit='.$_GET['Edit'].'" method="post">'.
117 '<fieldset><legend>'.T('Edit message').'</legend>'.
118 T('User').': ';
119 if ($User->Licence(LICENCE_USER)) $Output .= '<b>'.$User->Name.'</b><br />';
120 else $Output .= '<input type="text" name="user" /><br />';
121 $Output .= T('Message text').': ('.T('You can use').' <a href="http://www.bbcode.org/reference.php">'.T('BB code').'</a>)<br/>'.
122 '<textarea onkeydown="ResizeTextArea(this)" rows="8" name="text" cols="80">'.htmlspecialchars($DbRow['Text']).'</textarea> <br/>'.
123 '<input type="hidden" name="a" value="add2"/>'.
124 '<input type="submit" value="'.T('Send').'" /><br /></fieldset>'.
125 '</form>';
126 } else $Output .= ShowMessage(T('You have to be registered for adding message.'), MESSAGE_CRITICAL);
127 } else $Output .= ShowMessage(T('You can edit only your own message.'), MESSAGE_CRITICAL);
128 return $Output;
129 }
130
131 function ShowSearchForum()
132 {
133 $Output = '';
134
135 $Output .= '<div class="shoutbox">';
136 $where = '`ForumText`.`Text` LIKE "%'.($_GET['search'] ).'%" OR '.
137 ' `ForumThread`.`Text` LIKE "%'.($_GET['search'] ).'%" OR `ForumThread`.`UserName` LIKE "%'.($_GET['search'] ).'%" OR '.
138 ' `ForumText`.`UserName` LIKE "%'.($_GET['search'] ).'%"';
139 $join = ' JOIN `ForumThread` ON `ForumThread`.`ID` = `ForumText`.`Thread`';
140
141 $DbResult = $this->System->Database->query('SELECT COUNT(*) FROM `ForumText` '.$join.' WHERE '.$where);
142 $DbRow = $DbResult->fetch_row();
143 $PageList = GetPageList($DbRow[0]);
144
145 $Output .= $PageList['Output'];
146
147 $DbResult = $this->System->Database->query('SELECT `ForumText`.`Text`, `ForumText`.`Date`, `ForumText`.`UserName`,'.
148 '`ForumThread`.`Text` as `ThreadName`,`ForumText`.`Thread` FROM `ForumText` '.$join.' WHERE '.$where.' ORDER BY `ForumText`.`Date` DESC '.$PageList['SQLLimit']);
149 while ($Line = $DbResult->fetch_assoc())
150 $Output .= '<div><a href="'.$this->System->Link('/forum/?Thread='.$Line['Thread']).'">'.
151 htmlspecialchars($Line['ThreadName']).'</a><br /><strong>'.$Line['UserName'].
152 '</strong> ('.HumanDate($Line['Date']).'): '.ShowBBcodes(htmlspecialchars($Line['Text'])).'</div> ';
153 $Output .= '</div>'.$PageList['Output'];
154 return $Output;
155 }
156
157 function ShowListThread()
158 {
159 $Output = '';
160
161 $DbResult = $this->System->Database->query('SELECT COUNT(*) FROM `ForumThread` WHERE 1');
162 $DbRow = $DbResult->fetch_row();
163 $PageList = GetPageList($DbRow[0]);
164
165 $Output .= $PageList['Output'];
166 $Output .= '<div class="shoutbox">';
167 $DbResult = $this->System->Database->query('SELECT * FROM `ForumThread` WHERE 1 ORDER BY `ID` DESC '.$PageList['SQLLimit']);
168 while ($Line = $DbResult->fetch_assoc())
169 {
170 $Output .= '<div><span style="float:right;"><strong>'.$Line['UserName'].
171 '</strong> - ('.HumanDate($Line['Date']).')</span> <a href="?Thread='.$Line['ID'].'">'.
172 str_replace("\n", '', htmlspecialchars($Line['Text'])).'</a></div>';
173 }
174 $Output .= '</div>'.$PageList['Output'];
175 return $Output;
176 }
177
178 function ShowList()
179 {
180 $User = ModuleUser::Cast($this->System->GetModule('User'))->User;
181 $Output = '';
182
183 if (array_key_exists('search', $_GET)) $_SESSION['search'] = $_GET['search'];
184 else if (!array_key_exists('search', $_SESSION)) $_SESSION['search'] = '';
185 if (array_key_exists('search', $_GET) and ($_GET['search'] == '')) $_SESSION['search'] = '';
186 if ($_SESSION['search'] != '')
187 {
188 $SearchQuery = ' AND (`Text` LIKE "%'.$_SESSION['search'].'%")';
189 $Output .= '<div><a href="?search=">'.sprintf(T('Disable filter "%s"'), $_SESSION['search']).'</a></div>';
190 } else $SearchQuery = '';
191
192 $DbResult = $this->System->Database->query('SELECT * FROM `ForumThread` WHERE ID='.($_GET['Thread']*1).' LIMIT 1');
193 if ($DbResult->num_rows > 0)
194 {
195 $Thread = $DbResult->fetch_assoc();
196 $Output .= '<h3>'.htmlspecialchars($Thread['Text']).'</h3>';
197
198 $DbResult = $this->System->Database->query('SELECT COUNT(*) FROM `ForumText` WHERE `Thread` = '.($_GET['Thread']*1).' '.$SearchQuery);
199 $DbRow = $DbResult->fetch_row();
200 $PageList = GetPageList($DbRow[0]);
201
202 $Output .= $PageList['Output'];
203 $Output .= '<div class="shoutbox">';
204 $DbResult = $this->System->Database->query('SELECT * FROM `ForumText` WHERE `Thread` = '.
205 ($_GET['Thread'] * 1).' '.$SearchQuery.' ORDER BY `ID` DESC '.$PageList['SQLLimit']);
206 while ($Line = $DbResult->fetch_assoc())
207 {
208 if ($User->Id == $Line['User'])
209 {
210 $edit = '<a href="?Edit='.$Line['ID'].'">'.T('edit').'</a>';
211 } else $edit = '';
212 $Text = str_replace("\n", '<br />', ShowBBcodes(htmlspecialchars($Line['Text'])));
213 $Output .= '<div><span style="float:right;">'.$edit.' ('.HumanDate($Line['Date']).
214 ')</span><strong>'.$Line['UserName'].'</strong>: '.$Text.' </div> ';
215 }
216 $Output .= '</div>'.$PageList['Output'];
217 } else $Output .= ShowMessage(T('Item not found'), MESSAGE_CRITICAL);
218 return $Output;
219 }
220
221 function ShowAddForm()
222 {
223 $User = ModuleUser::Cast($this->System->GetModule('User'))->User;
224 $Output = '';
225 if ($User->Licence(LICENCE_USER))
226 {
227 $Output .= '<form action="?Thread='.$_GET['Thread'].'" method="post">'.
228 '<fieldset><legend>'.T('New Forum Message').'</legend>'.
229 T('User').': ';
230 if ($User->Licence(LICENCE_USER)) $Output .= '<b>'.$User->Name.'</b><br />';
231 else $Output .= '<input type="text" name="user" /><br />';
232 $Output .= T('Message text').': ('.T('You can use').' <a href="http://www.bbcode.org/reference.php">'.T('BB code').'</a>)<br/>'.
233 '<textarea onkeydown="ResizeTextArea(this)" name="text" cols="80"></textarea> <br/>'.
234 '<input type="hidden" name="a" value="add2"/>'.
235 '<input type="submit" value="'.T('Send').'" /><br /></fieldset>'.
236 '</form>';
237 } else $Output .= ShowMessage(T('You have to be registered for adding message.'), MESSAGE_CRITICAL);
238 return $Output;
239 }
240
241 function ShowAddFormThread()
242 {
243 $User = ModuleUser::Cast($this->System->GetModule('User'))->User;
244 $Output = '';
245 if ($User->Licence(LICENCE_USER))
246 {
247 $Output .= '<form action="?" method="post">'.
248 '<fieldset><legend>'.T('New thread').'</legend>'.T('User').': ';
249 if ($User->Licence(LICENCE_USER)) $Output .= '<b>'.$User->Name.'</b><br />';
250 else $Output .= '<input type="text" name="user" /><br />';
251 $Output .= T('Name of thread').': <br />'.
252 '<textarea onkeydown="ResizeTextArea(this)" name="text" rows="1" cols="30"></textarea> <br/>'.
253 '<input type="hidden" name="a" value="add2"/>'.
254 '<input type="submit" value="'.T('Send').'" /><br /></fieldset>'.
255 '</form>';
256 } else $Output .= ShowMessage(T('You have to be registered for adding message.'), MESSAGE_CRITICAL);
257 return $Output;
258 }
259
260 function AddFinish($Table = 'ForumText')
261 {
262 $User = ModuleUser::Cast($this->System->GetModule('User'))->User;
263 $Output = '';
264 if ($User->Licence(LICENCE_USER))
265 {
266 if (array_key_exists('text', $_POST))
267 {
268 $Text = $_POST['text'];
269 if (trim($Text) == '') $Output .= ShowMessage('Nelze vložit prázdnou zprávu.', MESSAGE_WARNING);
270 else
271 {
272 // Protection against mutiple post of same message
273 $Thread = '';
274 if ($Table == 'ForumText') $Thread = 'AND `Thread` = '.$_GET['Thread'];
275 $DbResult = $this->System->Database->query('SELECT `Text` FROM `'.$Table.'` WHERE 1 '.$Thread.' AND (`User` = "'.
276 $User->Id.'") ORDER BY `Date` DESC LIMIT 1');
277 if ($DbResult->num_rows > 0)
278 {
279 $DbRow = $DbResult->fetch_assoc();
280 } else $DbRow['Text'] = '';
281
282 if ($DbRow['Text'] == $Text) $Output .= ShowMessage(T('You can\' add same message twice.'), MESSAGE_WARNING);
283 else
284 {
285 if ($Table == 'ForumText') {
286
287 $DbResult = $this->System->Database->query('SELECT * FROM `ForumThread` WHERE ID='.($_GET['Thread']*1).' LIMIT 1');
288 if ($DbResult->num_rows > 0)
289 {
290 $this->System->Database->query('INSERT INTO `'.$Table.'` ( `User`, `UserName` , `Text` , `Date` , `IP` , `Thread` ) '.
291 ' VALUES ('.$User->Id.', "'.$User->Name.
292 '", "'.$Text.'", NOW(), "'.GetRemoteAddress().'","'.$_GET['Thread'].'")');
293 } else $Output .= ShowMessage(T('Item not found'), MESSAGE_CRITICAL);
294 } else
295 $this->System->Database->query('INSERT INTO `'.$Table.'` ( `User`, `UserName` , `Text` , `Date` , `IP`) '.
296 ' VALUES ('.$User->Id.', "'.$User->Name.
297 '", "'.$Text.'", NOW(), "'.GetRemoteAddress().'")');
298 $Output .= ShowMessage(T('Added.'));
299 }
300 }
301 } else $Output .= ShowMessage(T('You have to specified new message.'), MESSAGE_CRITICAL);
302 $Output .= '<br/>';
303 } else $Output .= ShowMessage(T('You have to be registered for adding message.'), MESSAGE_CRITICAL);
304 return $Output;
305 }
306
307 function ShowRSS()
308 {
309 $Items = array();
310 $TitleLength = 50;
311 mb_internal_encoding('utf-8');
312 $DbResult = $this->Database->query('SELECT `Thread`, `ID`, UNIX_TIMESTAMP(`Date`) AS `UnixDate`, '.
313 '`User`, `UserName`, `Text`, ( SELECT `Text` FROM `ForumThread` '.
314 'WHERE `ID` = `ForumText`.`Thread`) AS `ThreadText` FROM `ForumText` ORDER BY `ID` DESC LIMIT 20');
315 while ($DbRow = $DbResult->fetch_assoc())
316 {
317 $Title = mb_substr($DbRow['Text'], 0, $TitleLength);
318 if (mb_strlen($Title) == $TitleLength) $Title .= '...';
319 $Items[] = array
320 (
321 'Title' => htmlspecialchars($DbRow['ThreadText']).' - '.$DbRow['UserName'].': ',
322 'Link' => 'https://'.Core::Cast($this->System)->Config['Web']['Host'].$this->System->Link('/forum/?Thread='.$DbRow['Thread']),
323 'Description' => ShowBBcodes(htmlspecialchars($DbRow['Text'])),
324 'Time' => $DbRow['UnixDate'],
325 );
326 }
327 $Output = GenerateRSS(array
328 (
329 'Title' => Core::Cast($this->System)->Config['Web']['Title'].' - '.T('Forum'),
330 'Link' => 'https://'.Core::Cast($this->System)->Config['Web']['Host'].$this->System->Link('/forum/'),
331 'Description' => Core::Cast($this->System)->Config['Web']['Description'],
332 'WebmasterEmail' => Core::Cast($this->System)->Config['Web']['AdminEmail'],
333 'Items' => $Items,
334 ));
335 return $Output;
336 }
337}
Note: See TracBrowser for help on using the repository browser.