|
|
|
| Author |
Message |
_borzoid
Guest
|
 Post subject: Zen shopping cart module Scripting, text problem |
 |
|
Greetings, I got the name of your site from the forum directory.
First off let me say this is a great looking site. I hope you get lots of traffic.
I'm looking for scripting help for a shopping cart module I've installed. The shopping cart is Zen Cart, an offshoot of OSCommerce. I've installed a contribution by another member that is a forum. It is very simple and actually uses very few documents and changes to the original cart templates. The writer of the script said he would be happy to help further but I have been unable to contact him to ask my questions.
All I really want is a change to allow apostrophes, quotations and the like in the posts without the need to escape the characters, and the function to have the site send out an email to one of the moderators when a post is made. Is this something I could get help with here?
Zen cart is relatively new so I will understand if it's something too unfamiliar.
Thank you
Connie |
|
Wed Mar 31, 04 4:06 pm
 |
|
 |
quantum
Site Admin
Joined: 07 Mar 2004
Posts: 1048
Location: Dhaka, Bangladesh
|
| Post subject: |
|
|
Thanks borzoid.
It seems the zen cart is written in PHP. That is a good news. Hopefully I can help you.But I will need the related files. Zip and send the related files to my email. It's in the profile. Add your user name in the subject. Alternatively you can just give me an address from where I can dl the files.
From PHP concept, I can say perhaps the scripts are using ereg to remove certain characters. I cannot really say without testing/analyzing the particular scripts in question. But this may had good reasons to implement. Security.
The second problem seems, should be solved from the admin panel. If they did not add the facility, then it may need a major revision of the scripts involved. PHPBB gives you the option to send an email whenever a topic reply is being posted. If it is not a must that you use the zen forum then switch to phpbb. _________________
Dust fills my eyes / Clouds roll by / and I roll with them / Centuries cry / Orders fly / and I fall again
Afford best design, implement best solution. Outsource your web design.
|
|
|
Thu Apr 01, 04 8:44 am
|
|
|
Guest
|
| Post subject: |
|
|
The forum in question is not phbb. If that were so (to be integrated with the cart in a future release) I could use the forum admin to do this. The module that I am currently using is just a few new files (defines and tpl files) and a few additions to the css for the module.
If you still want to take a look I will send the forum.zip folder. I'm sure I will have to use some of the defines from the cart itself for the emails as in other parts of the cart notifications pull the email addresses from the admin defines. Let me know what you would need to see.
I am more than ready to do the grunt work myself, I'm just unsure about messing with the code when I don't know what I'm doing.
Connie |
|
|
Thu Apr 01, 04 4:29 pm
|
|
|
quantum
Site Admin
Joined: 07 Mar 2004
Posts: 1048
Location: Dhaka, Bangladesh
|
| Post subject: |
|
|
The forum in question is not phbb. If that were so (to be integrated with the cart in a future release) I could use the forum admin to do this.
I got that part. As I said: "If it is not a must that you use the zen forum then switch to phpbb." That means if you are the site admin, and if you just want a forum then install phpbb in another folder.
Anyway, send me the files so that I can take a look. I am always interested in looking at new things. :wink:
I need the forum files. And the site actually in action, so the URL of ur site. _________________
Dust fills my eyes / Clouds roll by / and I roll with them / Centuries cry / Orders fly / and I fall again
Afford best design, implement best solution. Outsource your web design.
|
|
|
Thu Apr 01, 04 9:55 pm
|
|
|
quantum
Site Admin
Joined: 07 Mar 2004
Posts: 1048
Location: Dhaka, Bangladesh
|
| Post subject: The problem with textarea |
|
|
Hi Connie,
I think I pinned down the problem. Before examining the code I thought it was something done intentionally by the author. But now I see that it was more of him not being so careful. It is a traditional problem with how the textarea works and submits or retrieves data to and from the database. I suspect a cofiguration with your php engine is causing the main trouble.
See, when the data from a text area is submitted to the database the ' and " should be escaped, obviously. Or there will be parse error. At least from php 3 this is done transparently. But the author of silforum may have failed to consider the scenerio, where the magic quotes are turned off intentionally by the Server Host. In the php.ini magic_quotes_gpc is turned on by default. If so, then php engine would modify a string with backslashes before characters that need to be quoted in database queries. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte). I think that magic quote is turned off by someone in your server php configuration. So the php cannot modify the text strings. And mysql is going belly up when php tries to insert strings and codes that stops abruptly.
Let us check if my suspicion is correct. Open a new text file and write down this:
<?php
phpinfo();
?>
Now save and upload it as phpinfo.php in your server's root. All this does is show you the basic server configurations for php. From your browser open the file [http://www.yourdomain.com/phpinfo.php]
From the configuration list scroll down little bit and from the Configuration PHP Core Table tell me what it says about the magic_quotes_gpc, magic_quotes_runtime, magic_quotes_sybase
If they are turned off then you can request your host to turn them on. If they won't, we have alternative ways to fix it. We will fix the silforum.php with addslashes function before it submits the text in the mysql dadatabse. The code should be modified anyway with trim, and striptags functions. Right now it can be a security threat to your site, as it is passing raw code as it is, back and forth. Want me to try a few hacks on your site? lol. just kidding. _________________
Dust fills my eyes / Clouds roll by / and I roll with them / Centuries cry / Orders fly / and I fall again
Afford best design, implement best solution. Outsource your web design.
|
|
|
Fri Apr 02, 04 7:44 am
|
|
|
borzoid
Just In
Joined: 01 Apr 2004
Posts: 6
Location: Michigan
|
| Post subject: |
|
|
Wow, thanks for the indepth look!! :D
I did as you said and all of the various magic quotes settings are turned to off. I'm sure that my host would turn them on if I asked (great guys there). However, The rest of Zen Cart does use the add and remove stripslashes in various places in the cart - would turning on the magic quotes cause a problem with those areas?
Any help you give would be greatly appreciated but maybe we should pass on the hacks, lol :wink: .
Tell me what to do next.
Connie |
|
|
Fri Apr 02, 04 4:56 pm
|
|
|
quantum
Site Admin
Joined: 07 Mar 2004
Posts: 1048
Location: Dhaka, Bangladesh
|
| Post subject: Magic Quotes |
|
|
Connie,
You are most welcome. It is little bit cumbersome to change settings of the php configurations once it is set up and going. Because then the host admin will have to restart the php engine. However, you should try to convince him to do it for you. That is the easiest solution.
Common sensically it should cause the other scripts of the zen cart to behave weirdly if both the magic quotes are on and addslashes are used. But any professional coder would know what happens when and take appropiate measures. If the magic quotes are on the code should take care of itself and won't add any extra slashes. I cannot say if Zen Cart writers took the measure or not. But they seem to be professionals. So I would say go ahead and try turning on the magic quotes. After all, that is the default! If it starts causing problem with the cart, you know what caused it.
If I get some time I will try to add a few functions to the silforum so that it is more secure.
So if you don't mind me asking, you and Laura Wright are the same person? _________________
Dust fills my eyes / Clouds roll by / and I roll with them / Centuries cry / Orders fly / and I fall again
Afford best design, implement best solution. Outsource your web design.
|
|
|
Fri Apr 02, 04 10:49 pm
|
|
|
borzoid
Just In
Joined: 01 Apr 2004
Posts: 6
Location: Michigan
|
| Post subject: |
|
|
I'll do a search of the zen cart forum. I'm sure the magic quotes question would have been asked before. Will let you know what I find.
Did you post a test message to the forum? The registration names were None and None and showed up blank in my side box. I ended up deleting it even though I wanted to keep Laura's response in there for content. This is the first time I've deleted a post and it sort of screwed things up. I ended up re-posting one of my own messages to populate the side box.
No I'm not Laura, I wish I had her grass roots writing style. I live in Michigan and She in California - makes for some great long distance phone bills. :P She is an absolutely amazing person.
I'll get back with the magic quotes answer.
Connie |
|
|
Sat Apr 03, 04 3:49 am
|
|
|
borzoid
Just In
Joined: 01 Apr 2004
Posts: 6
Location: Michigan
|
| Post subject: |
|
|
Ok Quantum, went dredging through the forum at zen cart and found that earlier in beta testing magic quotes did become an issue and fixes were to be written into zen cart to accomodate this. However one post made mention that getting the host to turn the quotes on (or off) caused problems for other users of that host and they had to switch it back.
Your statement about restarting the php engine does make it seem as if it would affect everyone on the host. This is something I really don't want to do.
So now what?
Connie |
|
|
Sat Apr 03, 04 4:34 am
|
|
|
quantum
Site Admin
Joined: 07 Mar 2004
Posts: 1048
Location: Dhaka, Bangladesh
|
| Post subject: |
|
|
Your statement about restarting the php engine does make it seem as if it would affect everyone on the host. This is something I really don't want to do.
Yes, of course it'd affect everyone on the host. It'd be impractical that for every domain your server would employ seperate php engine. They all use the single one. Besides, now I am thinking, since they went through the trouble of turning it off delibarately, there must have been sufficient reasons.
So now what?
So now we rewrite the script. If you want to leave it upto me, it may take upto one week. Or less, if you are lucky. I don't know how much familiar you are with php. If you want to, you can start tweaking too. You will learn a few new things in the course.
Did you post a test message to the forum? The registration names were None and None and showed up blank in my side box. I ended up deleting it even though I wanted to keep Laura's response in there for content. This is the first time I've deleted a post and it sort of screwed things up.
Yes I did. I needed to know the nature of the errors. Sorry about the mess up. Not my fault though. It's your code that is messed up. :p . It's also interesting why it'd mess up your side boxes! :?:
If you keep me up on this, seems like I will end up rewriting the whole forum. Hey, that's not a bad idea. :) Wish I were less busy. But if a few other ppl helped me, we could really write up something like a opensource phpbb. i will keep the idea in the back of my head. _________________
Dust fills my eyes / Clouds roll by / and I roll with them / Centuries cry / Orders fly / and I fall again
Afford best design, implement best solution. Outsource your web design.
|
|
|
Sat Apr 03, 04 10:01 am
|
|
|
borzoid
Just In
Joined: 01 Apr 2004
Posts: 6
Location: Michigan
|
| Post subject: |
|
|
Ok so it's a code rewrite
If it were just php and I had someone to hold my hand through it I might give it a try but I'm afraid I probably know just enough to really screw it up :roll: Also, I know nothing about the security stuff you were speaking of and Mysql continues to defy me when it comes to even getting a feel for how it works. I'm a whiz with access and understand how sql is relational but it just seems that there are tons more variables than necessary and I get bogged down in how it all works together.
Basically, I will need help if I'm to do anything else with this.
As for keeping you on? uhhh...what would you charge :?: :?:
I really want this to work and work well. I think if it is well done and I figure out just how to get forum traffic in, it could really get my whole site going but price is a factor (working out of my kitchen and my pocket right now). :oops:
Connie |
|
|
Sat Apr 03, 04 10:41 am
|
|
|
quantum
Site Admin
Joined: 07 Mar 2004
Posts: 1048
Location: Dhaka, Bangladesh
|
|
|
Sun Apr 04, 04 1:04 am
|
|
|
quantum
Site Admin
Joined: 07 Mar 2004
Posts: 1048
Location: Dhaka, Bangladesh
|
| Post subject: Zen Cart Silforum Modification Code |
|
|
Hi Borzoid,
You know it's difficult to write codes with only intutions without any chance to test them and correct the errors. As a first step, I added some addslashes functions in the silforum.php. Below is the code.
-------------------------
| Code: |
<?PHP
class silforum{
function silforum(){
if(SILFORUM_ADMIN_INSTALL==1){
$q="CREATE TABLE sil_forum_cat (
ID int(10) NOT NULL auto_increment,
title varchar(200) default '0',
des text,
topics int(10) default '0',
forID tinyint(3) unsigned default '1',
PRIMARY KEY (ID),
UNIQUE KEY ID (ID),
KEY ID_2 (ID)
) TYPE=MyISAM;
";
if(mysql_query($q)){
echo "added table sil_forum_cat.";
}else{
echo "error adding sil_forum_cat.";
}
$q="CREATE TABLE sil_forum_for (
ID tinyint(3) unsigned NOT NULL auto_increment,
title text,
PRIMARY KEY (ID),
UNIQUE KEY ID (ID),
KEY ID_2 (ID)
) TYPE=MyISAM;
";
if(mysql_query($q)){
echo "added table sil_forum_for.";
}else{
echo "error adding sil_forum_for.";
}
$q="CREATE TABLE sil_forum_reply (
ID int(100) unsigned NOT NULL auto_increment,
topID int(15) unsigned default '0',
user text,
text text,
date text,
PRIMARY KEY (ID),
UNIQUE KEY ID (ID)
) TYPE=MyISAM;
";
if(mysql_query($q)){
echo "added table sil_forum_reply.";
}else{
echo "error adding sil_forum_reply.";
}
$q="CREATE TABLE sil_forum_topic (
ID tinyint(15) unsigned NOT NULL auto_increment,
catID tinyint(10) unsigned default '0',
title text,
text text,
user text,
sticky tinyint(3) unsigned default '0',
urgent tinyint(3) unsigned default '0',
faq tinyint(3) unsigned default '0',
date text,
PRIMARY KEY (ID),
UNIQUE KEY ID (ID)
) TYPE=MyISAM;
";
if(mysql_query($q)){
echo "added table sil_forum_topic. installation complete please set admin customer_id define to your id, and admin_install define to 0 ";
}else{
echo "error adding sil_forum_topic.";
}
}
}
function _inputTdMouseover(){
return 'onMouseOver="this.bgColor=\''.SILFORUM_ADMIN_TD_MOUSEOVERCOLOR.'\'" onMouseOut="this.bgColor=\''.SILFORUM_ADMIN_TD_MOUSEOFFCOLOR.'\'"';
}
function _isAdmin(){
global $_SESSION;
$id=$_SESSION['customer_id'];
$enum=explode(":",SILFORUM_ADMIN_IDS);
$size=sizeof($enum);
for($i=0; $i<$size; $i++){
if($enum[$i]==$id){
$ret=true;
break;
}else $ret=false;
}
return $ret;
}
function _topicAdminRadios($tid){
if($this->_isAdmin()){
$ret='<td class="silforumtd"><input type="radio" name="removetopic" value="'.$tid.'">
</td><td class="silforumtd"><input type="radio" name="edittopic" value="'.$tid.'"></td>';
}else $ret='';
return $ret;
}
function _adminCatInsertRadios($cid){
if($this->_isAdmin()){
$ret='<td class="silforumtd"><input type="radio" name="removecat" value="'.$cid.'">
</td><td class="silforumtd"><input type="radio" name="editcat" value="'.$cid.'"></td>';
}else $ret='';
return $ret;
}
function _adminEditTopic($tid){
$fq=mysql_query("SELECT * FROM sil_forum_topic WHERE ID='$tid';");
$row=mysql_fetch_array($fq);
$tid=$row['ID'];
$cid=$row['catID'];
$title=$row['title'];
$user=$row['user'];
$sticky=$row['sticky'];
$urgent=$row['urgent'];
$faq=$row['faq'];
$date=$row['date'];
$text=$row['text'];
$timenow=$this->_getTime();
$text = stripslashes($text);
$title = stripslashes($title);
echo '<tr><td><form name="form1" method="post" action="index.php?main_page=silforum&action=adminedittopic">
<table width="300" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="36"><strong>Title:</strong></td>
<td width="264"><input type="text" name="title" value="'.$title.'"></td>
</tr>
<tr>
<td valign="top"><strong>Text:</strong></td>
<td><textarea name="text" cols="55" rows="15">'.$text.'</textarea></td>
</tr>
<tr>
<td>';
$check=false;
if($sticky>0){
print_r('<label><input type="radio" name="special" value="sticky" checked>Sticky<br></label>');
$check=true;
}else {
print_r('<label><input type="radio" name="special" value="sticky">Sticky<br></label>');
}
if($urgent>0){
print_r('<label><input type="radio" name="special" value="urgent" checked>Urgent<br></label>');
$check=true;
}else {
print_r('<label><input type="radio" name="special" value="urgent">Urgent<br></label>');
}
if($faq>0){
$check=true;
print_r('<label><input type="radio" name="special" value="faq" checked>Faq<br></label>');
}else{
print_r('<label><input type="radio" name="special" value="faq">Faq<br></label>');
}
if($check==true){
print_r('<label><input type="radio" name="special" value="none">None<br></label>');
}else{
print_r('<label><input type="radio" name="special" value="none" checked>None<br></label>');
}
echo '</td>
<td align="right"><input name="tid" type="hidden" id="tid" value="'.$tid.'">
<input name="time" type="hidden" id="time" value="'.$timenow.'">
<input type="submit" name="Submit" value="Submit"></td>
</tr>
</table></form></td></tr>';
return $tmp;
}
function _adminEditCat($cid){
$fq=mysql_query("SELECT * FROM sil_forum_cat WHERE ID='$cid';");
$row=mysql_fetch_array($fq);
$cid=$row['ID'];
$title=$row['title'];
$text=$row['des'];
$timenow=$this->_getTime();
$des = stripslashes($des);
$title = stripslashes($title);
$text = stripslashes($text);
echo '<tr><td><form name="form1" method="post" action="index.php?main_page=silforum&action=admineditcat">
<table width="300" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="36"><strong>Title:</strong></td>
<td width="264"><input type="text" name="title" value="'.$title.'"></td>
</tr>
<tr>
<td valign="top"><strong>Description:</strong></td>
<td><textarea name="des" cols="55" rows="15">'.$text.'</textarea></td>
</tr>
<tr>
<td>';
echo '</td>
<td align="right"><input name="cid" type="hidden" id="cid" value="'.$cid.'">
<input type="submit" name="Submit" value="Submit"></td>
</tr>
</table></form></td></tr>';
return $tmp;
}
function _adminInsertEdit($tid,$title,$text,$sticky,$urgent,$faq){
$text = addslashes($text);
$title = addslashes($title);
$q="UPDATE sil_forum_topic SET title= '$title', text= '$text', sticky= '$sticky', urgent= '$urgent', faq= '$faq' WHERE ID='$tid';";
if(mysql_query($q)){
echo "updated your topic <a href=index.php?main_page=silforum>Go To Main</a>";
}else{
echo "couldnt update the topic, there was an error. <a href=index.php?main_page=silforum>Go To Main</a>";
}
}
function _adminInsertCatEdit($cid,$title,$des){
$des = addslashes($des);
$title = addslashes($title);
$q="UPDATE sil_forum_cat SET title= '$title', des= '$des' WHERE ID='$cid';";
if(mysql_query($q)){
echo "updated your category <a href=index.php?main_page=silforum>Go To Main</a>";
}else{
echo "couldnt update the category, there was an error. <a href=index.php?main_page=silforum>Go To Main</a>";
}
}
function _adminAddCat($title, $des,$forID){
$text = addslashes($text);
$title = addslashes($title);
if(mysql_query("INSERT INTO sil_forum_cat (ID, title, des, topics, forID) VALUES (NULL, '$title', '$des', 1, '$forID');")){
echo "Your category has been added successfully. <a href=index.php?main_page=silforum>Go To Main</a>";
}else{
echo "We could not add the category there was an error! <a href=index.php?main_page=silforum>Go To Main</a>";
}
}
function _adminAddFor($title){
$title = addslashes($title);
if(mysql_query("INSERT INTO sil_forum_for (ID, title) VALUES (NULL, '$title');")){
echo "Your Forum has been added successfully. <a href=index.php?main_page=silforum>Go To Main</a>";
}else{
echo "We could not add the category there was an error! <a href=index.php?main_page=silforum>Go To Main</a>";
}
}
function _adminRemoveTopic($tid){
if(mysql_query("DELETE FROM sil_forum_topic WHERE ID=$tid;")){
$q=mysql_query("DELETE FROM sil_forum_reply WHERE topID=$tid;");
echo "The topic id($tid) and all its replies have been removed <a href=index.php?main_page=silforum>Go To Main</a>";
}else {
echo "The topic could not be removed. <a href=index.php?main_page=silforum>Go To Main</a>";
}
}
function _adminRemoveCat($cid){
if(mysql_query("DELETE FROM sil_forum_cat WHERE ID=$cid;")){
mysql_query("DELETE FROM sil_forum_topic WHERE catID=$cid;");
echo "The Category id($cid) and all its topics have been removed <a href=index.php?main_page=silforum>Go To Main</a>";
}else {
echo "The topic could not be removed. <a href=index.php?main_page=silforum>Go To Main</a>";
}
}
function _adminTopicTitles(){
if($this->_isAdmin()){
$ret='<td class=silforumtd>Delete</td><td class=silforumtd>Edit</td>';
}else $ret='';
return $ret;
}
function _adminTopicOpenForm(){
if($this->_isAdmin()){
$ret='<form name="topic" method="post" action="index.php?main_page=silforum&action=admintopic">';
}else $ret='';
return $ret;
}
function _adminCatOpenForm(){
if($this->_isAdmin()){
$ret='<form name="topic" method="post" action="index.php?main_page=silforum&action=admincat">';
}else $ret='';
return $ret;
}
function _adminCloseForm(){
if($this->_isAdmin()){
$ret='</form>';
}else $ret='';
return $ret;
}
function _adminSubmitButton(){
if($this->_isAdmin()){
$ret='<input type="submit" name="Submit" value="Submit">';
}else $ret='';
return $ret;
}
function _getPagerData($numHits, $limit, $page)
{
$numHits = (int) $numHits;
$limit = max((int) $limit, 1);
$page = (int) $page;
$numPages = ceil($numHits / $limit);
$page = max($page, 1);
$page = min($page, $numPages);
$offset = ($page - 1) * $limit;
$ret = new stdClass;
$ret->offset = $offset;
$ret->limit = $limit;
$ret->numPages = $numPages;
$ret->page = $page;
return $ret;
}
function _makeZenLink($page, $args){
$tmp=zen_href_link($page,$args);
return $tmp;
}
function _getTopics($id=''){
$counter=1;
global $sildb, $template;
$page = $pg;
$limit = 20;
$result = mysql_query("select count(*) from sil_forum_topic WHERE catID='$id';");
$total = mysql_result($result, 0, 0);
// work out the pager values
$pager = $this->_getPagerData($total, $limit, $page);
$offset = $pager->offset;
$limit = $pager->limit;
$page = $pager->page;
$query=mysql_query("SELECT * FROM sil_forum_topic WHERE catID='$id' limit $offset, $limit;");
$idz=$this->_isLoggedIn();
$name=$idz['name'];
if(strlen($name)>3){
echo '<table class="silforumtab" width="100%" cellspacing="0" cellpadding="2">'.$this->_adminTopicOpenForm().'
<tr class=silforumtrsilv>'.$this->_adminTopicTitles().'
<td class=silforumtd width="73%%">Title</td>
<td class=silforumtd width="20%">Posted By</td>
<td class=silforumtd width="7%">Rep</td>
</tr>';
}else{
echo '<table class="silforumtab" width="100%" cellspacing="0" cellpadding="2">
<tr class=silforumtrsilv>'.$this->_adminTopicTitles().'
<td width="73%%">Title</td>
<td width="20%">Posted By</td>
<td width="7%">Rep</td>
</tr>';
}
if($fq=mysql_query("SELECT * FROM sil_forum_topic WHERE catID='$id' and sticky='1';")){
while($row=mysql_fetch_array($fq)){
$tid=$row['ID'];
$cid=$row['catID'];
$title=$row['title'];
$user=$row['user'];
$sticky=$row['sticky'];
$urgent=$row['urgent'];
$faq=$row['faq'];
$date=$row['date'];
$title = stripslashes($title);
if($q1=mysql_query("SELECT * FROM sil_forum_reply WHERE topID='$tid';")){
$count=mysql_num_rows($q1);
}else{
$count=0;
}
$link=$this->_makeZenLink('silforum',"action=viewreply&tid=$tid");
echo '<tr class="silforumtrtop"><td colspan=5></td></tr>
<tr class="silforumtr">'.$this->_topicAdminRadios($tid).'
<td class="silforumtd" width="73%" '.$this->_inputTdMouseover().'><img src="'.$template->get_template_dir('sticky.gif', DIR_WS_TEMPLATE, $current_page_base,'images/silforum').'/'. 'sticky.gif'.'" width=16 height=16><a href='.$link.'>'.$title.'</a></td>
<td class="silforumtd" width="20%">posted by:'.$user.'<br>On:'.$date.'</td>
<td class="silforumtd" width="7%" valign="top">'.$count.'</td>
</tr>
<tr class="silforumtrbot"><td colspan=5></td></tr>
';
}
}
if($fq=mysql_query("SELECT * FROM sil_forum_topic WHERE catID='$id' and urgent='1';")){
while($row=mysql_fetch_array($fq)){
$tid=$row['ID'];
$cid=$row['catID'];
$title=$row['title'];
$user=$row['user'];
$sticky=$row['sticky'];
$urgent=$row['urgent'];
$faq=$row['faq'];
$date=$row['date'];
$title = stripslashes($title);
if($q1=mysql_query("SELECT * FROM sil_forum_reply WHERE topID='$tid';")){
$count=mysql_num_rows($q1);
}else{
$count=0;
}
$link=$this->_makeZenLink('silforum',"action=viewreply&tid=$tid");
echo ' <tr class="silforumtrtop"><td colspan=5></td></tr>
<tr class="silforumtr">'.$this->_topicAdminRadios($tid).'
<td class="silforumtd" width="73%" '.$this->_inputTdMouseover().'><img src="images/silforum/urgent.gif" width=16 height=16><a href='.$link.'>'.$title.'</a></td>
<td class="silforumtd" width="20%">posted by:'.$user.'<br>On:'.$date.'</td>
<td class="silforumtd" width="7%" valign="top">'.$count.'</td>
</tr><tr class="silforumtrbot"><td colspan=5></td></tr>';
}
}
if($fq=mysql_query("SELECT * FROM sil_forum_topic WHERE catID='$id' and faq='1';")){
while($row=mysql_fetch_array($fq)){
$tid=$row['ID'];
$cid=$row['catID'];
$title=$row['title'];
$user=$row['user'];
$sticky=$row['sticky'];
$urgent=$row['urgent'];
$faq=$row['faq'];
$date=$row['date'];
$title = stripslashes($title);
if($q1=mysql_query("SELECT * FROM sil_forum_reply WHERE topID='$tid';")){
$count=mysql_num_rows($q1);
}else{
$count=0;
}
$link=$this->_makeZenLink('silforum',"action=viewreply&tid=$tid");
echo ' <tr class="silforumtrtop"><td colspan=5></td></tr><tr class="silforumtr">'.$this->_topicAdminRadios($tid).'
<td class="silforumtd" width="73%" '.$this->_inputTdMouseover().'><img src="images/silforum/faq.gif" width=16 height=16><a href='.$link.'>'.$title.'</a></td>
<td class="silforumtd" width="20%">posted by:'.$user.'<br>On:'.$date.'</td>
<td class="silforumtd" width="7%" valign="top">'.$count.'</td>
</tr><tr class="silforumtrbot"><td colspan=5></td></tr>';
}
}
while($row = mysql_fetch_array($query)){
$tid=$row['ID'];
$cid=$row['catID'];
$title=$row['title'];
$user=$row['user'];
$sticky=$row['sticky'];
$urgent=$row['urgent'];
$faq=$row['faq'];
$date=$row['date'];
$title = stripslashes($title);
if($sticky==0 && $urgent==0 && $faq==0){
if($q1=mysql_query("SELECT * FROM sil_forum_reply WHERE topID='$tid';")){
$count=mysql_num_rows($q1);
}else{
$count=0;
}
$link=$this->_makeZenLink('silforum',"action=viewreply&tid=$tid");
//$output="<tr><td><a href=$link>$title</a></td><td>posted by: <b>$user</b><br>On:<b> $date</b></td><td><b>$count</b></td></tr>$output";
if($counter==2){
echo '<tr class="silforumtrtop"><td colspan=5></td></tr> <tr class="silforumtr">'.$this->_topicAdminRadios($tid).'
<td class="silforumtd" width="73%" '.$this->_inputTdMouseover().'><a href='.$link.'>'.$title.'</a></td>
<td class="silforumtd" width="20%">posted by:'.$user.'<br>On:'.$date.'</td>
<td class="silforumtd" width="7%" valign="top">'.$count.'</td>
</tr><tr class="silforumtrbot"><td colspan=5></td></tr>';
$counter=1;
}else{
echo '<tr class="silforumtrtop"><td colspan=5></td></tr><tr class="silforumtr" bgcolor=#e4e4e4>'.$this->_topicAdminRadios($tid).'
<td class="silforumtd" width="73%" '.$this->_inputTdMouseover().'><a href='.$link.'>'.$title.'</a></td>
<td class="silforumtd" width="20%">posted by:'.$user.'<br>On:'.$date.'</td>
<td class="silforumtd" width="7%" valign="top">'.$count.'</td>
</tr><tr class="silforumtrbot"><td colspan=5></td></tr>';
$counter++;
}
}
}
echo "<tr class=silforumtrsilv><td colspan=5>";
if ($page == 1) // this is the first page - there is no previous page
echo "Previous ";
else // not the first page, link to the previous page
echo "<a href=\"index.php?main_page=silforum&action=viewtopic&cid=$id&page=" . ($page - 1) . "\">Previous</a>";
for ($i = 1; $i <= $pager->numPages; $i++) {
echo " | ";
if ($i == $pager->page)
echo "Page $i";
else
echo "<a href=\"index.php?main_page=silforum&action=viewtopic&cid=$id&page=$i\">Page $i</a>";
}
if ($page == $pager->numPages) // this is the last page - there is no next page
echo " | Next";
else // not the last page, link to the next page
echo " | <a href=\"index.php?main_page=silforum&action=viewtopic&cid=$id&page=" . ($page + 1) . "\"> | Next | </a>";
if(strlen($name)>3){
echo '<a href=index.php?main_page=silforum&action=topic&cid='.$id.'>Post a New Topic</a> | | '.$this->_adminTopicOpenForm().$this->_adminSubmitButton().'<input type=hidden name=cid value='.$id.'></td></tr><tr><td>'.$this->_adminCloseForm().'</td></tr></table>';
}else{
echo ' '.$this->_adminSubmitButton().'<input type=hidden name=cid value='.$id.'></td></tr><tr><td>'.$this->_adminCloseForm().'</td></tr></table>';
}
return 0;
}
function _getCatagories(){
global $_SESSION;
$counter=1;
if(SILFORUM_ADMIN_SHOWCUSTID==1){
echo "<br>your customer id is: ".$_SESSION['customer_id']."<br>";
}
if($this->_isAdmin()){
echo $this->_adminCatOpenForm();
}
$c=1;
$qu=mysql_query("SELECT * FROM sil_forum_for;");
while($row2=mysql_fetch_array($qu)){
$forID=$row2['ID'];
$tit=$row2['title'];
if($this->_isAdmin()){
if($c>1){
echo "<tr class=silforumtrsilv><td colspan=5><center><b>$tit</b> <input type=radio name=forid value=$forID>add to this cat.</center></td></tr>";
}else{
echo "<tr class=silforumtrsilv><td colspan=5><center><b>$tit</b> <input type=radio name=forid value=$forID checked>add to this cat.</center></td></tr>";
}
}else{
echo "<tr class=silforumtrsilv><td colspan=5><center><b>$tit</b></center></td></tr>";
}
echo '<tr class=silforumtrtop><td colspan=5></td></tr><tr class=silforumtr>';
if($this->_isAdmin())echo '<td>delete</td><td>edit</td>';
echo '<td><b>Category</b></td><td><b>Topics</b></td></tr><tr class=silforumtrbot><td colspan=5></td></tr>';
$c++;
$query=mysql_query("SELECT * FROM sil_forum_cat WHERE forID='$forID' order by ID desc;");
while($row = mysql_fetch_array($query)){
$cid=$row['ID'];
$title=$row['title'];
$desc=$row['des'];
$topics=$row['topics'];
$text = stripslashes($desc);
$title = stripslashes($topics);
if($q1=mysql_query("SELECT * FROM sil_forum_topic WHERE catID='$cid';")){
$count=mysql_num_rows($q1);
}else{
$count=0;
}
$topics=$count;
$topics = stripslashes($topics);
$title = stripslashes($title);
$link=$this->_makeZenLink('silforum',"action=viewtopic&cid=$cid");
if($this->_isAdmin()){
echo "<tr class=\"silforumtrtop\"><td colspan=5></td></tr><tr class=\"silforumtr\">".$this->_adminCatInsertRadios($cid)."<td class=\"silforumtd\" ".$this->_inputTdMouseover()."><a href=$link>$title</a><br>$desc</td><td class=\"silforumtd\"><b>$topics</b></td></tr><tr class=\"silforumtrbot\"><td colspan=5></td></tr>";
}else{
echo "<tr class=\"silforumtrtop\"><td colspan=5></td></tr><tr class=\"silforumtr\"><td class=\"silforumtd\" ".$this->_inputTdMouseover()."><a href=$link>$title</a><br>$desc</td><td class=\"silforumtd\"><b>$topics</b></td></tr><tr class=\"silforumtrbot\"><td colspan=5></td></tr>";
}
}
}
if($this->_isAdmin()){
echo "<tr class=silforumtrsilv><td colspan=5><lable><input type=radio name=addcat value=0 checked>no</label> <label><input type=radio name=addcat value=1>Add</label> | Title:<input type=text name=title charwidth=15> | Description<input type=text name=\"des\" charwidth=15><br><input type=radio name=addfor value=0 checked>dont add forum <input type=radio name=addfor value=1>add forum <input type=text name=tit charwidth=15> | ".$this->_adminSubmitButton()."</td></tr>".$this->_adminCloseForm();
}else{
}
return $out;
}
function _getReplies($id='',$page){
global $sildb;
$counter=1;
$limit = 20;
$result = mysql_query("select count(*) from sil_forum_reply WHERE topID='$id'");
$total = mysql_result($result, 0, 0);
// work out the pager values
$pager = $this->_getPagerData($total, $limit, $page);
$offset = $pager->offset;
$limit = $pager->limit;
$page = $pager->page;
$query=mysql_query("SELECT * FROM sil_forum_reply WHERE topID='$id' order by ID limit $offset, $limit;");
$idz=$this->_isLoggedIn();
$name=$idz['name'];
if(strlen($name)<3){
echo '<table class="silforumtab" width="100%" cellspacing="0" cellpadding="2">
<tr class=silforumtrsilv>
<td width="20%">Posted By</td>
<td width="80%">Text</td>
</tr>';
}else{
echo '<table class="silforumtab" width="100%" cellspacing="0" cellpadding="2">
<tr class=silforumtrsilv>
<td width="20%">Posted By</td>
<td width="80%">Text</td>
</tr>';
}
if($page<=1){
$q2=mysql_query("SELECT * FROM sil_forum_topic WHERE ID='$id';");
$row2=mysql_fetch_array($q2);
$user2=$row2['user'];
$text2=$row2['text'];
$date2=$row2['date'];
$text2 = stripslashes($text2);
echo '<tr class="silforumtrtop"><td colspan=5></td></tr><tr class="silforumtr">
<td class="silforumtd" width="20%">Posted by: '.$user2.'<br>On: '.$date2.'</td>
<td class="silforumtd" width="80%" valign=top>'.$text2.'</td>
</tr><tr class="silforumtrbot"><td colspan=5></td></tr>';
}
while($row = mysql_fetch_array($query)){
$rid=$row['ID'];
$tid=$row['topID'];
$user=$row['user'];
$text=$row['text'];
$date=$row['date'];
$text = stripslashes($text);
//$output="<tr><td width=\"100px\" bgcolor=#cccfff>posted by: <b>$user</b><br>On:<b> $date</b></td><td>$text</td></tr>$output";
if($counter==2){
echo ' <tr class="silforumtrtop"><td colspan=5></td></tr><tr class="silforumtr">
<td class="silforumtd" width="20%">posted by:'.$user.'<br>On:'.$date.'</td>
<td class="silforumtd" width="80%" valign="top">'.$text.'</td>
</tr><tr class="silforumtrbot"><td colspan=5></td></tr>';
$counter=1;
}else{
echo '<tr class="silforumtrtop"><td colspan=5></td></tr> <tr class="silforumtr">
<td class="silforumtd" width="20%">posted by:'.$user.'<br>On:'.$date.'</td>
<td class="silforumtd" width="80%" valign="top">'.$text.'</td>
</tr><tr class="silforumtrbot"><td colspan=5></td></tr>';
$counter++;
}
}
echo "<tr class=silforumtrsilv><td colspan=2>";
if ($page == 1) // this is the first page - there is no previous page
echo "Previous";
else // not the first page, link to the previous page
echo "<a href=\"index.php?main_page=silforum&action=viewreply&tid=$id&page=" . ($page - 1) . "\">Previous</a>";
for ($i = 1; $i <= $pager->numPages; $i++) {
echo " | ";
if ($i == $pager->page)
echo "Page $i";
else
echo "<a href=\"index.php?main_page=silforum&action=viewreply&tid=$id&page=$i\">Page $i</a>";
}
if ($page == $pager->numPages) // this is the last page - there is no next page
echo " | Next";
else // not the last page, link to the next page
echo " | <a href=\"index.php?main_page=silforum&action=viewreply&tid=$id&page=" . ($page + 1) . "\">Next</a>";
if(strlen($name)>3){
echo " | <a href=index.php?main_page=silforum&action=reply&tid='.$id.'>Post a Reply</a></td></tr></table>";
}else{
echo "</td></tr></table>";
}
return 0;
}
function _getLatest(){
$q=mysql_query("SELECT * FROM sil_forum_topic order by ID desc;");
$row=mysql_fetch_array($q);
$idtop=$row['ID'];
$user=$row['user'];
$date=$row['date'];
$title=$row['title'];
$title = stripslashes($title);
$q=mysql_query("SELECT * FROM sil_forum_reply order by ID desc;");
$row=mysql_fetch_array($q);
$idrep=$row['ID'];
$userr=$row['user'];
$dater=$row['date'];
$idrept=$row['topID'];
if($idrept==$idtop){
$ret="re:<a href=index.php?main_page=silforum&action=viewreply&tid=$idtop>$title</a>
<br>by: $userr<br>On: $dater";
}else{
$ret="<a href=index.php?main_page=silforum&action=viewreply&tid=$idtop>$title</a>
<br>by: $user<br>On: $date";
}
return $ret;
}
function _isLoggedIn(){
global $_SESSION;
$id=$_SESSION['customer_id'];
if(isset($id)){
$q=mysql_query("SELECT * FROM customers WHERE customers_id='$id';");
$row=mysql_fetch_array($q);
$name= $row['customers_firstname'] . " " . $row['customers_lastname'];
$email=$row['customers_email_address'];
$ret=array('name'=>$name,'email'=>$email);
}else{
$ret=0;
}
return $ret;
}
function _postTopic($user, $id='', $title, $text, $timenow, $sticky, $urgent, $faq){
$text = addslashes($text);
$title = addslashes($title);
//INSERT INTO sil_forum_topic (ID, catID, title, text, user, sticky, urgent, faq, date) VALUES (NULL, 1, 'tete', 'etete', 'etetet', 0, 0, 0, 'tetete')
if(mysql_query("INSERT INTO sil_forum_topic (ID, catID, title, text, user, sticky, urgent, faq, date) VALUES (NULL, '$id','$title', '$text', '$user', '$sticky', '$urgent', '$faq', '$timenow');")){
return true;
}else{
return false;
}
}
function _postReply($user, $id='', $text, $timenow){
$text = addslashes($text);
if(mysql_query("INSERT INTO sil_forum_reply (ID, topID, user, text, date) VALUES (NULL, '$id', '$user', '$text', '$timenow');")){
return true;
}else{
return false;
}
}
function _getPostTopic($cid){
if($this->_isAdmin()){
$tmp2='<label><input type="radio" name="special" value="sticky">Sticky<br></label>
<label><input type="radio" name="special" value="urgent">Urgent<br></label>
<label><input type="radio" name="special" value="faq">Faq<br></label>
<label><input type="radio" name="special" value="none" checked>None<br></label>';
}
$timenow=$this->_getTime();
$tmp='<tr><td><form name="form1" method="post" action="index.php?main_page=silforum&action=posttopic">
<table width="300" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="36"><strong>Title:</strong></td>
<td width="264"><input type="text" name="title"></td>
</tr>
<tr>
<td valign="top"><strong>Text:</strong></td>
<td><textarea name="text" cols="55" rows="15"></textarea></td>
</tr>
<tr>
<td>'.$tmp2.'</td>
<td align="right"><input name="cid" type="hidden" id="cid" value="'.$cid.'">
<input name="time" type="hidden" id="time" value="'.$timenow.'">
<input type="submit" name="Submit" value="Submit"></td>
</tr>
</table></form></td></tr>';
return $tmp;
}
function _getPostReply($tid){
$timenow=$this->_getTime();
$q=mysql_query("SELECT * FROM sil_forum_topic WHERE ID=$tid;");
$row=mysql_fetch_array($q);
$reptitle=$row['title'];
$title = stripslashes($title);
$tmp='<tr><td><form name="form1" method="post" action="index.php?main_page=silforum&action=postreply">
<table width="300" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="36"><strong>In ReplyTo:</strong></td>
<td>'.$reptitle.'</td>
</tr>
<tr>
<td valign="top"><strong>Text:</strong></td>
<td><textarea name="text" cols="55" rows="15"></textarea></td>
</tr>
<tr>
<td> </td>
<td align="right"><input name="tid" type="hidden" id="tid" value="'.$tid.'">
<input name="time" type="hidden" id="time" value="'.$timenow.'">
<input type="submit" name="Submit" value="Submit"></td>
</tr>
</table></form></td></tr>';
return $tmp;
}
function _getTime(){
return date("D dS M,Y h:i a");
}
}
?> |
-----------------------------
Now save and upload this as | | | | |
