<? /*

Forum & category administration script for Intellect Board 2

(c) 2004, XXXX Pro, United Open Project
Visit us online: http://iboard.xxxxpro.ru
*/

if (!$IBOARD) die("Hack attempt!");

function f_recurse($parent,$cat,$deep) {
  $link=$GLOBALS['link'];
  if ($cat) $sqldata="f_ctid=".$cat." AND ";
  $sql = "SELECT MIN(f_sortfield),MAX(f_sortfield) FROM ".$GLOBALS['DBprefix']."Forum f WHERE $sqldata f_parent=$parent";
  $res = db_query($sql,$link);
  list($fmin,$fmax)=db_fetch_row($res);
  $sql = "SELECT f.*, tp_container FROM ".$GLOBALS['DBprefix']."Forum f, ".$GLOBALS['DBprefix']."ForumType tp WHERE $sqldata f_parent=$parent AND f_tpid=tp_id ORDER BY f_sortfield";
  $res = db_query($sql,$link);
  while ($fdata=db_fetch_array($res)) {
    ad_f_entry($fdata,$fmax,$fmin,$deep);
    if ($fdata['tp_container']) f_recurse($fdata['f_id'],0,$deep+1);
  }
  db_free_result($res);
}

function ct_list() {
  $link = $GLOBALS['link'];
  ad_ct_list_start();
  $sql = "SELECT MAX(ct_sortfield),MIN(ct_sortfield) FROM ".$GLOBALS['DBprefix']."Category";
  $res=db_query($sql,$link);
  list($max,$min)=db_fetch_row($res);
  db_free_result($res);
  $sql = "SELECT ct_id,ct_name,ct_sortfield, MAX(f_sortfield) AS fmax,MIN(f_sortfield) AS fmin FROM ".$GLOBALS['DBprefix']."Category ct ".
  "LEFT JOIN ".$GLOBALS['DBprefix']."Forum f ON (f.f_ctid=ct.ct_id) GROUP BY ct_id,ct_name ORDER BY ct_sortfield";
  $res=db_query($sql,$link);
  $oldcat = "";
  while ($cdata=db_fetch_array($res)) {
    ad_ct_entry($cdata,$max,$min);
    f_recurse(0,$cdata['ct_id'],1);
  }
  ad_ct_list_end();
}

function ct_up() {
  $link = $GLOBALS['link'];
  $ctid = getvar("ctid");
  $sql = "SELECT ct_sortfield FROM ".$GLOBALS['DBprefix']."Category WHERE ct_id=$ctid";
  $res = db_query($sql,$link);
  $sort = db_fetch_row($res);
  db_free_result($res);
  $sql = "SELECT MAX(ct_sortfield) FROM ".$GLOBALS['DBprefix']."Category WHERE ct_sortfield<".$sort[0];
  $res = db_query($sql,$link);
  $prev_sort = db_fetch_row($res);
  db_free_result($res);
  $sql="UPDATE ".$GLOBALS['DBprefix']."Category SET ct_sortfield=".$sort[0]." WHERE ct_sortfield=".$prev_sort[0];
  db_query($sql,$link);
  $sql="UPDATE ".$GLOBALS['DBprefix']."Category SET ct_sortfield=".$prev_sort[0]." WHERE ct_id=".$ctid;
  db_query($sql,$link);
  ad_message(MSG_ct_moved,MSG_ct_list,"index.php?m=forum&a=ct_list");
}

function ct_down() {
  $link = $GLOBALS['link'];
  $ctid = getvar("ctid");
  $sql = "SELECT ct_sortfield FROM ".$GLOBALS['DBprefix']."Category WHERE ct_id=$ctid";
  $res = db_query($sql,$link);
  $sort = db_fetch_row($res);
  db_free_result($res);
  $sql = "SELECT MIN(ct_sortfield) FROM ".$GLOBALS['DBprefix']."Category WHERE ct_sortfield>".$sort[0];
  $res = db_query($sql,$link);
  $prev_sort = db_fetch_row($res);
  db_free_result($res);
  $sql="UPDATE ".$GLOBALS['DBprefix']."Category SET ct_sortfield=".$sort[0]." WHERE ct_sortfield=".$prev_sort[0];
  db_query($sql,$link);
  $sql="UPDATE ".$GLOBALS['DBprefix']."Category SET ct_sortfield=".($prev_sort[0])." WHERE ct_id=".$ctid;
  db_query($sql,$link);
  ad_message(MSG_ct_moved,MSG_ct_list,"index.php?m=forum&a=ct_list");
}

function ct_new() {
  $link = $GLOBALS['link'];
  $sql = "SELECT MAX(ct_sortfield) FROM ".$GLOBALS['DBprefix']."Category";
  $res= db_query($sql,$link);
  $sort = db_fetch_row($res);
  db_free_result($res);
  $ct_name = getvar("ct_name");
  $sql = "INSERT INTO ".$GLOBALS['DBprefix']."Category SET ct_name=\"".$ct_name."\", ct_sortfield=\"".($sort[0]+1)."\"";
  $res = db_query($sql,$link);
  ad_message(MSG_ct_created,MSG_ct_list,"index.php?m=forum&a=ct_list");
}

function ct_edit() {
  $link = $GLOBALS['link'];
  $ctid = getvar("ctid");
  $sql = "SELECT ct_name FROM ".$GLOBALS['DBprefix']."Category WHERE ct_id=$ctid";
  $res = db_query($sql,$link);
  $name = db_fetch_row($res);
  db_free_result($res);
  ad_ct_editform($name[0]);
}

function ct_delete() {
  $link = $GLOBALS['link'];
  $ctid = getvar("ctid");
  $sql = "SELECT MAX(ct_id) FROM ".$GLOBALS['DBprefix']."Category WHERE ct_id<$ctid GROUP BY ct_id";
  $res = db_query($sql,$link);
  $newctid = db_fetch_row($res);
  if ($newctid==0) {
    db_free_result($res);
    $sql = "SELECT MIN(ct_id) FROM ".$GLOBALS['DBprefix']."Category WHERE ct_id>$ctid GROUP BY ct_id";
    $res = db_query($sql,$link);
    $newctid = db_fetch_row($res);
  }
  if (!$newctid) error(MSG_e_ctlast);
  $sql = "UPDATE ".$GLOBALS['DBprefix']."Forum SET f_ctid=".$newctid[0]." WHERE f_ctid=$ctid";
  $res = db_query($sql,$link);
  $sql = "DELETE FROM ".$GLOBALS['DBprefix']."Category WHERE ct_id=$ctid";
  $res = db_query($sql,$link);
  ad_message(MSG_ct_deleted,MSG_ct_list,"index.php?m=forum&a=ct_list");
}

function ct_save() {
  check_post();
  $link = $GLOBALS['link'];
  $sql = "UPDATE ".$GLOBALS['DBprefix']."Category SET ct_name=\"".getvar("ct_name")."\" WHERE ct_id=".getvar("ctid");
  $res = db_query($sql,$link);
  ad_message(MSG_ct_saved,MSG_ct_list,"index.php?m=forum&a=ct_list");
}

function f_new_type() {
  $link = $GLOBALS['link'];
  $ctid = getvar("ctid");
  $sql = "SELECT tp_id,tp_title FROM ".$GLOBALS['DBprefix']."ForumType";
  $res = db_query($sql,$link);
  while ($tpdata=db_fetch_row($res)) {
    $typeselect.="<input type=radio name=f_tpid value=\"".$tpdata[0]."\"";
    if ($tpdata[0]==1) $typeselect.=" checked";
    $typeselect.=">".constant($tpdata[1])."<br>";
  }
  ad_f_new_type($typeselect);
}

function f_new() {
  $link = $GLOBALS['link'];
//  $sql = "SELECT ct_id,ct_name FROM ".$GLOBALS['DBprefix']."Category";
//  $catselect = build_select($sql,$fdata['f_ctid']);
  $f_tpid = getvar("f_tpid");
  $ctid = getvar("ctid");
  $sql = "SELECT tp_template FROM ".$GLOBALS['DBprefix']."ForumType WHERE tp_id=\"$f_tpid\"";
  $res = db_query($sql,$link);
  $tpname = db_fetch_row($res);
  load_style($tpname[0].".php");
  global $newaction;
  $newaction = "f_create";
  global $newmodule;
  $newmodule = "forum";
  $langselect = "<option value=0>".MSG_alllangs.build_select("SELECT ln_id,ln_name FROM ".$GLOBALS['DBprefix']."Language");
    $levelselect = build_level_select();
  $catselect = build_select("SELECT ct_id,ct_name FROM ".$GLOBALS['DBprefix']."Category");
  $fdata['f_lview']=-1;
  $fdata['f_lread']=-1;
  $fdata['f_lpost']=100;
  $fdata['f_ltopic']=100;
  $fdata['f_ledit']=100;
  $fdata['f_lvote']=100;
  $fdata['f_lpoll']=100;
  $fdata['f_lsticky']=500;
  $fdata['f_lattach']=100;
  $fdata['f_lhtml']=1000;
  $fdata['f_lmoderate']=500;
  $fdata['f_lip']=500;
  $fdata['f_rate']=1;
  $fdata['f_bcode']=1;
  $fdata['f_smiles']=1;
  $fdata['f_tpid']=$_POST['f_tpid'];
    $sql = "SELECT f_id,f_title FROM ".$GLOBALS['DBprefix']."Forum, ".$GLOBALS['DBprefix']."ForumType WHERE f_tpid=tp_id AND tp_container=1";
  $fcontainer = "<option value=0>".MSG_f_mainpage.build_select($sql);
  call_user_func($tpname[0]."_params",$catselect,$levelselect,$fdata,$fcontainer,$langselect);
}

function f_create() {
  check_post();
  $link = $GLOBALS['link'];
  $ctid = getvar("ctid");
  $fdata = build_sql("f_");
  $sql = "SELECT MAX(f_sortfield) FROM ".$GLOBALS['DBprefix']."Forum";
  $res = db_query($sql,$link);
  $tmp = db_fetch_row($res);
  db_free_result($res);
  $count = $tmp[0]+1;
  $sql = "INSERT INTO ".$GLOBALS['DBprefix']."Forum SET f_sortfield=$count, $fdata";
  $res = db_query($sql,$link);
  ad_message(MSG_f_created,MSG_ct_list,"index.php?m=forum&a=ct_list");
}

function f_confrim() {
//  $link = $GLOBALS['link'];
  $newaction = "f_delete";
  $params['fid']=getvar($f_id);
  $newmodule = "forum";
  confirm($newmodule,$newaction,$params);
}

function f_delete() {
  check_post();
  $link = $GLOBALS['link'];
  $fid = getvar("fid");
  $sql = "SELECT t_id FROM ".$GLOBALS['DBprefix']."Topic WHERE t_fid=$fid";
  $res = db_query($sql,$link);
  while ($num=db_fetch_row($res)) {
    if ($buffer) $buffer .= " OR ";
    $buffer .= "tid=".$num[0];
    if ($buffer2) $buffer2 .= " OR ";
    $buffer2 .= "p_tid=".$num[0];
    if ($buffer3) $buffer3 .= " OR ";
    $buffer3 .= "pl_tid=".$num[0];
  }
  db_free_result($res);

  $sql = "SELECT f_parent FROM ".$GLOBALS['DBprefix']."Forum WHERE f_id=\"$fid\"";
  $res = db_query($sql,$link);
  $parent=db_fetch_row($res);
  db_free_result($res);

  $sql = "UPDATE ".$GLOBALS['DBprefix']."Forum SET f_parent=\"".$parent[0]."\" WHERE f_parent=\"$fid\"";
  $res = db_query($sql,$link);

  $sql = "DELETE FROM ".$GLOBALS['DBprefix']."Forum WHERE f_id=$fid";
  $res = db_query($sql,$link);
  $sql = "DELETE FROM ".$GLOBALS['DBprefix']."Topic WHERE t_fid=$fid";
  $res = db_query($sql,$link);
  $sql = "DELETE FROM ".$GLOBALS['DBprefix']."LastVisit WHERE fid=\"$fid\"";
  $res = db_query($sql,$link);
  $sql = "DELETE FROM ".$GLOBALS['DBprefix']."UserAccess WHERE fid=\"$fid\"";
  $res = db_query($sql,$link);


  if ($buffer) {
    $sql = "DELETE FROM ".$GLOBALS['DBprefix']."TopicView WHERE $buffer";
    $res = db_query($sql,$link);
    $sql = "DELETE FROM ".$GLOBALS['DBprefix']."Bookmark WHERE $buffer";
    $res = db_query($sql,$link);
    $sql = "DELETE FROM ".$GLOBALS['DBprefix']."Subscription WHERE $buffer";
    $res = db_query($sql,$link);
    $sql = "DELETE FROM ".$GLOBALS['DBprefix']."TopicRate WHERE $buffer";
    $res = db_query($sql,$link);
  }

  if ($buffer2) {
    $sql = "SELECT p_attach FROM ".$GLOBALS['DBprefix']."Post WHERE ($buffer2) AND p_attach!=0";
    $res = db_query($sql,$link);
    while ($num=db_fetch_row($res)) {
      if ($attach) $attach.=" OR ";
      $attach.="file_id=".$num[0];
    }
    db_free_result($res);
    if ($attach) {
      $sql = "DELETE FROM ".$GLOBALS['DBprefix']."File WHERE $attach";
      $res = db_query($sql,$link);
    }
    $sql = "DELETE FROM ".$GLOBALS['DBprefix']."Post WHERE $buffer2";
    $res = db_query($sql,$link);
  }

  if ($buffer4) {
    $sql = "SELECT * FROM ".$GLOBALS['DBprefix']."Poll WHERE $buffer3";
    $res = db_query($sql,$link);
    while ($num=db_fetch_row($res)) {
      if ($buffer4) $buffer4 .= " OR ";
      $buffer4 .= "pv_plid=".$num[0];
    }
    $sql = "DELETE FROM ".$GLOBALS['DBprefix']."Poll WHERE $buffer3";
    $res = db_query($sql,$link);
    $sql = "SELECT * FROM ".$GLOBALS['DBprefix']."PollVariant WHERE $buffer4";
    $res = db_query($sql,$link);
    while ($num=db_fetch_row($res)) {
      if ($buffer5) $buffer5 .= " OR ";
      $buffer5 .= "pvid=".$num[0];
    }
    $sql = "DELETE FROM ".$GLOBALS['DBprefix']."PollVariant WHERE $buffer4";
    $res = db_query($sql,$link);
    if ($buffer5) {
      $sql = "DELETE FROM ".$GLOBALS['DBprefix']."Vote WHERE $buffer5";
      $res = db_query($sql,$link);
    }
  }
  ad_message(MSG_f_deleted,MSG_ct_list,"index.php?m=forum&a=ct_list");
}

function f_edit() {
  $link = $GLOBALS['link'];
  $fid = getvar("fid");
  $sql = "SELECT * FROM ".$GLOBALS['DBprefix']."Forum f, ".$GLOBALS['DBprefix']."ForumType tp WHERE f.f_id=\"$fid\" AND f.f_tpid=tp.tp_id";
  $res = db_query($sql,$link);
  if (db_num_rows($res)==0) error(MSG_e_noforum);
  $fdata = db_fetch_array($res);
  $sql = "SELECT ct_id,ct_name FROM ".$GLOBALS['DBprefix']."Category";
  $catselect = build_select($sql,$fdata['f_ctid']);
  $levelselect = build_level_select();
    $langselect = "<option value=0>".MSG_alllangs.build_select("SELECT ln_id,ln_name FROM ".$GLOBALS['DBprefix']."Language");
  load_style($fdata['tp_template'].".php");
  global $newaction,$newmodule;
  $newaction = "f_save";
  $newmodule = "forum";
  $sql = "SELECT f_id,f_title FROM ".$GLOBALS['DBprefix']."Forum, ".$GLOBALS['DBprefix']."ForumType WHERE f_tpid=tp_id AND tp_container=1";
  $fcontainer = "<option value=0>".MSG_f_mainpage.build_select($sql);
  call_user_func($fdata['tp_template']."_params",$catselect,$levelselect,$fdata,$fcontainer,$langselect);
}

function f_save() {
  check_post();
  $link = $GLOBALS['link'];
  $fid = getvar("fid");
  $fdata = build_sql("f_");
  $sql = "UPDATE ".$GLOBALS['DBprefix']."Forum SET $fdata WHERE f_id=$fid";
  $res = db_query($sql,$link);
  ad_message(MSG_f_saved,MSG_ct_list,"index.php?m=forum&a=ct_list");
}

function f_up() {
  $link = $GLOBALS['link'];
  $fid = getvar("fid");
  $sql = "SELECT f_sortfield,f_ctid,f_parent FROM ".$GLOBALS['DBprefix']."Forum WHERE f_id=$fid";
  $res = db_query($sql,$link);
  $sort = db_fetch_row($res);
  db_free_result($res);
  $sql = "SELECT MAX(f_sortfield) FROM ".$GLOBALS['DBprefix']."Forum WHERE f_sortfield<".$sort[0]." AND f_ctid=".$sort[1]." AND f_parent=".$sort[2];
  $res = db_query($sql,$link);
  $prev_sort = db_fetch_row($res);
  db_free_result($res);
  $sql="UPDATE ".$GLOBALS['DBprefix']."Forum SET f_sortfield=".$sort[0]." WHERE f_sortfield=".$prev_sort[0];
  db_query($sql,$link);
  $sql="UPDATE ".$GLOBALS['DBprefix']."Forum SET f_sortfield=".$prev_sort[0]." WHERE f_id=".$fid;
  db_query($sql,$link);
  ad_message(MSG_f_moved,MSG_ct_list,"index.php?m=forum&a=ct_list");
}

function f_down() {
  $link = $GLOBALS['link'];
  $fid = getvar("fid");
  $sql = "SELECT f_sortfield,f_ctid,f_parent FROM ".$GLOBALS['DBprefix']."Forum WHERE f_id=$fid";
  $res = db_query($sql,$link);
  $sort = db_fetch_row($res);
  db_free_result($res);
  $sql = "SELECT MIN(f_sortfield) FROM ".$GLOBALS['DBprefix']."Forum WHERE f_sortfield>".$sort[0]." AND f_ctid=".$sort[1]." AND f_parent=".$sort[2];
  $res = db_query($sql,$link);
  $prev_sort = db_fetch_row($res);
  db_free_result($res);
  $sql="UPDATE ".$GLOBALS['DBprefix']."Forum SET f_sortfield=".$sort[0]." WHERE f_sortfield=".$prev_sort[0];
  db_query($sql,$link);
  $sql="UPDATE ".$GLOBALS['DBprefix']."Forum SET f_sortfield=".($prev_sort[0])." WHERE f_id=".$fid;
  db_query($sql,$link);
  ad_message(MSG_f_moved,MSG_ct_list,"index.php?m=forum&a=ct_list");
}

function f_group() {
  $link = $GLOBALS['link'];
  $sql = "SELECT f_id,f_title FROM ".$GLOBALS['DBprefix']."Forum f, ".$GLOBALS['DBprefix']."Category ct ".
         "WHERE f_ctid=ct_id ORDER BY ct_sortfield,f_sortfield";
  $res = db_query($sql,$link);
  $count = db_num_rows($res);
  while ($fdata=db_fetch_row($res)) {
    $buffer.="<input type=checkbox name=fs[".$fdata[0]."] value=".$fdata[0].">".$fdata[1]."<br>";
  }
  $langselect = "<option value=\"\">".MSG_nochanges."<option value=0>".MSG_alllangs.build_select("SELECT ln_id,ln_name FROM ".$GLOBALS['DBprefix']."Language");
    $levelselect = "<option value=\"\">".MSG_nochanges.build_level_select();
  $catselect = "<option value=\"\">".MSG_nochanges.build_select("SELECT ct_id,ct_name FROM ".$GLOBALS['DBprefix']."Category");
    $sql = "SELECT f_id,f_title FROM ".$GLOBALS['DBprefix']."Forum, ".$GLOBALS['DBprefix']."ForumType WHERE f_tpid=tp_id AND tp_container=1";
  $fcontainer = "<option value=\"\">".MSG_nochanges."<option value=\"0\">".MSG_f_mainpage.build_select($sql);
  ad_f_group($buffer,$catselect,$fcontainer,$levelselect,$langselect,$count);
}

function f_group_process() {
  check_post();
  $link = $GLOBALS['link'];
  if (!is_array($_POST['fs'])) error(MSG_e_f_noselected);
  foreach ($_POST['fs'] as $forum=>$value) {
    if ($sqldata) $sqldata.=" OR ";
    $sqldata.="f_id=$forum";
  }
  $sqldata2 = "";
  foreach ($_POST as $name=>$value) {
    if (substr($name,0,2)=="f_" && $value!="") {
       if ($sqldata2) $sqldata2.=", ";
       $sqldata2.= "$name=\"".addslashes($value)."\"";
     }
  }
  if (!$sqldata2) error(MSG_e_f_noparams);
  $sql = "UPDATE ".$GLOBALS['DBprefix']."Forum SET $sqldata2 WHERE $sqldata";
  $res = db_query($sql,$link);
  ad_message(MSG_f_groupdone,MSG_ct_list,"index.php?m=forum&a=ct_list");
}

function f_exchange() {
  $link=$GLOBALS['link'];
  $sql = "SELECT f_sortfield FROM ".$GLOBALS['DBprefix']."Forum WHERE f_id=\"".getvar('forum1')."\"";
  $res = db_query($sql,$link);
  list($forum1pos)=db_fetch_row($res);
  $sql = "SELECT f_sortfield FROM ".$GLOBALS['DBprefix']."Forum WHERE f_id=\"".getvar('forum2')."\"";
  $res = db_query($sql,$link);
  list($forum2pos)=db_fetch_row($res);
  if (getvar('exchange')) {
    $sql = "UPDATE ".$GLOBALS['DBprefix']."Forum SET f_sortfield=".$forum2pos." WHERE f_id=\"".getvar('forum1')."\"";
    $res = db_query($sql,$link);
    $sql = "UPDATE ".$GLOBALS['DBprefix']."Forum SET f_sortfield=".$forum1pos." WHERE f_id=\"".getvar('forum2')."\"";
    $res = db_query($sql,$link);
  }
  if (getvar('move_before')) {
    $sql = "UPDATE ".$GLOBALS['DBprefix']."Forum SET f_sortfield=f_sortfield+1 WHERE f_sortfield>=\"".$forum2pos."\"";
    $res = db_query($sql,$link);
    $sql = "UPDATE ".$GLOBALS['DBprefix']."Forum SET f_sortfield=".$forum2pos." WHERE f_id=\"".getvar('forum1')."\"";
    $res = db_query($sql,$link);
    $sql = "UPDATE ".$GLOBALS['DBprefix']."Forum SET f_sortfield=f_sortfield-1 WHERE f_sortfield>\"".$forum1pos."\"";
    $res = db_query($sql,$link);
  }
  if (getvar('move_after')) {
    $sql = "UPDATE ".$GLOBALS['DBprefix']."Forum SET f_sortfield=f_sortfield+1 WHERE f_sortfield>\"".$forum2pos."\"";
    $res = db_query($sql,$link);
    $sql = "UPDATE ".$GLOBALS['DBprefix']."Forum SET f_sortfield=".$forum2pos." WHERE f_id=\"".getvar('forum1')."\"";
    $res = db_query($sql,$link);
    $sql = "UPDATE ".$GLOBALS['DBprefix']."Forum SET f_sortfield=f_sortfield-1 WHERE f_sortfield>\"".$forum1pos."\"";
    $res = db_query($sql,$link);
    }
    ad_message(MSG_f_moved,MSG_ct_list,"index.php?m=forum&a=ct_list");
}

function f_confirm() {
  $params['fid']=getvar('fid');
  confirm("forum","f_delete",$params,MSG_f_confirm."?","index.php?m=forum&a=ct_list");
}

function ct_confirm() {
  $params['ctid']=getvar('ctid');
  confirm("forum","ct_delete",$params,MSG_ct_confirm."?","index.php?m=forum&a=ct_list");
}