","
", "    ", "\\2", "", "\\1", "\\1", "\\1", "\\1", "\\1", "&#\\1;", ); $tags_decode_search=array( "/
/", "/    /", "/(.*?)<\/a>/", "/(.*?)<\/a>/", "//", "/(.*?)<\/i>/", "/(.*?)<\/u>/", "/(.*?)<\/b>/", "/(.*?)<\/em>/", "/(.*?)<\/small>/", ); $tags_decode_replace=array( "\n", "\t", "[url=\\1]\\2[/url]", "[url=\\1]\\2[/url]", "[img=\\1]", "[i]\\1[/i]", "[u]\\1[/u]", "[b]\\1[/b]", "[em]\\1[/em]", "[small]\\1[/small]", ); function pageheader($title=NULL) { $messages=array( "So, you wanted a message board, eh?", "Keep It Simple, Stupid", "Minimalist, yet functional (barely)", "It's one of the places to be! :)", "It's like eating", "The world is corrupt!", "Not even remotely secure", "Brute force ROMhacking since 2004", "With a side of search", "It's like you want", "Anything else is gaslight", "take that, morning-me", "obscure enough to be secure?", "Welcome to the Blast Radius", "Therefore you are wrong.", "it shifts to attack mode", "activate, resonate, precipitate", "wow, what a hole!", "with a capital F", "The wizard makes no changes without your permission.", "My Honda is erratic", "and California Dreamin' has become a liability", "photograph the five birds" ); echo ""; echo ''; echo ''; echo "HCS Forum - "; if (is_null($title)) echo $messages[rand(0,count($messages)-1)]; else echo $title; echo ""; ?> Tags:

bold: [b]bold[/b]
italics: [i]italics[/i]
emphasis: [em]emphasis[/em]
underline: [u]underline[/u]
small: [small]small[/small]
Link: [url=http://www.google.com]Link[/url]

[img=https://www.hcs64.com/images/mm1.png]
?addpost" method="POST">
User Name "; } else { echo $_COOKIE[$cookie_uname]; } tagsinstructions(); ?>
Password "; } else { echo "**********"; } ?>
Subject
Message
User Name "; else echo $_COOKIE[$cookie_uname]; tagsinstructions(); ?>
Password "; else echo "**********"; ?>
Subject
Message
\n"; if( $ppage > 0) { echo ""; echo "
\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
\n"; echo "\n"; } if(($highr) < $nresults) { echo ""; echo "
\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
\n"; echo "\n"; } echo "\n"; } // authenticate by user name/pass or by cookies // return user id, die if authentication fails function authenticate($dbh,$use_cookies,$user,$pass) { global $cookie_uname,$cookie_token; if (isset($user) && $user!='' && isset($pass) && $pass!='') { $query=mysqli_prepare($dbh," SELECT idx, pass_hash FROM users WHERE uname = ? ") or die("auth attempt: ".mysqli_error($dbh)); mysqli_stmt_bind_param($query,'s',$user); mysqli_stmt_execute($query) or die(mysqli_error($dbh)); mysqli_stmt_bind_result($query,$uid,$pass_hash); if (!mysqli_stmt_fetch($query)) die("User lookup failed ".mysqli_error($dbh)); if (!password_verify($pass,$pass_hash)) die("Authentication failed."); mysqli_stmt_close($query); } else if ($use_cookies && isset($_COOKIE[$cookie_uname]) && isset($_COOKIE[$cookie_token])) { $query=mysqli_prepare($dbh," SELECT idx FROM users WHERE uname = ? AND logintoken <> '' AND logintoken = ? ") or die("auth attempt: ".mysqli_error($dbh)); mysqli_stmt_bind_param($query,'ss',$_COOKIE[$cookie_uname],$_COOKIE[$cookie_token]); mysqli_stmt_execute($query) or die(mysqli_error($dbh)); mysqli_stmt_bind_result($query,$uid); if (!mysqli_stmt_fetch($query)) die ("Authentication failed".mysqli_error($dbh)); mysqli_stmt_close($query); } else die("Authentication failed (incomplete data)."); return $uid; } // update the last updated timestamp for a post/thread function update_post_time($dbh,$idx) { $query = mysqli_prepare($dbh," UPDATE board SET lasttime = NOW() WHERE idx = ? LIMIT 1 ") or die("update error: ".mysqli_error($dbh)); mysqli_stmt_bind_param($query,'i',$idx); mysqli_stmt_execute($query) or die(mysqli_error($dbh)); mysqli_stmt_close($query); } // ***************************** Top of code ******************************** if (!isset($_SERVER['HTTPS']) || !$_SERVER['HTTPS']) { header("HTTP/1.1 301 Moved Permanently"); header("Location: https://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']); exit(); } require("dblogin.php"); require("dblogin_write.php"); $dbh = dblogin(); if (isset($_GET['login'])) { // **** Display login form pageheader(); ?>
User Name
Password
0) echo "

welcome back {$_POST['uname']}.
your last recorded activity was ".date($timefmt." ".$datefmt,$llstamp); else echo "

Thanks for logging in, {$_POST['uname']}."; echo "
proceed to the forum"; } else if (isset($_GET['logout'])) { // Log Out $secure=true; $httponly=true; setcookie($cookie_uname, "", time() - 3600, $cookie_path,$cookie_site,$secure,$httponly); setcookie($cookie_token, "", time() - 3600, $cookie_path,$cookie_site,$secure,$httponly); if (isset($_COOKIE[$cookie_uname])) { $dbh_write = dblogin_write(); $query=mysqli_prepare($dbh_write," UPDATE users SET logintoken = NULL, lastlogin = NOW() WHERE uname = ? AND logintoken = ?"); mysqli_stmt_bind_param($query,'ss',$_COOKIE[$cookie_uname],$_COOKIE[$cookie_token]); mysqli_stmt_execute($query) or die(mysqli_error($dbh_write)); mysqli_stmt_close($query); mysqli_close($dbh_write); $deleted=1; } else $deleted=0; pageheader(); if ($deleted==1) echo "Cookies deleted.

"; else echo "Cookies not found, trying to delete anyway."; } else if (isset($_GET['adduser'])) { // **** Display form to add a user pageheader(); ?>
User Name
Password
Verify Password

10 ]); $dbh_write = dblogin_write(); $query = mysqli_prepare($dbh_write,"INSERT INTO users SET idx=NULL, joined=NOW(), uname=?, pass_hash=?"); mysqli_stmt_bind_param($query,'ss',$_POST['uname'],$pass_hash); mysqli_stmt_execute($query) or die (mysqli_error($dbh_write)); mysqli_stmt_close($query); mysqli_close($dbh_write); echo "Welcome to the forum!"; } else echo "the passwords did not match"; } else echo "User name {$_POST['uname']} already exists."; } else if (isset($_GET['userinfo'])) { // **** User info page // get info from users database $query= mysqli_prepare($dbh,"SELECT uname, UNIX_TIMESTAMP(joined) as joindate, logintoken, UNIX_TIMESTAMP(lastlogin) as login FROM users WHERE idx = ?"); mysqli_stmt_bind_param($query,'i',$_GET['userinfo']); mysqli_stmt_execute($query) or die(mysqli_error($dbh)); mysqli_stmt_store_result($query); if (mysqli_stmt_num_rows($query) != 1) die("no such user"); mysqli_stmt_bind_result($query,$uname,$joindate,$logintoken,$login); mysqli_stmt_fetch($query) or die(mysqli_error($dbh)); mysqli_stmt_close($query); // get post count, last post $query = mysqli_prepare($dbh,"SELECT COUNT(*) AS postcount, UNIX_TIMESTAMP(MAX(postedtime)) as lasttime FROM board WHERE author = ?"); mysqli_stmt_bind_param($query,'i',$_GET['userinfo']); mysqli_stmt_execute($query) or die(mysqli_error($dbh)); mysqli_stmt_bind_result($query,$postcount,$lasttime); mysqli_stmt_fetch($query) or die(mysqli_error($dbh)); mysqli_stmt_close($query); pageheader($uname." user info"); echo "Info for user "$uname":

"; echo "Joined: ".date($datefmt,$joindate)."
"; echo "Posts: $postcount"; if ($postcount > 0) echo ", last posted ".date("$datefmt $timefmt",$lasttime)."
"; if (isset($logintoken) && $logintoken != "") echo "Logged in ".date("$datefmt $timefmt",$login)."
"; else if ($login > 0) echo "Last logged in ".date("$datefmt $timefmt",$login)."
"; else echo "Never logged in.
"; echo "
\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
"; } else if (isset($_GET['chpass'])) { // **** Change password form pageheader(); ?> Change Password:
User Name
Old Password
New Password
Verify New Password
10 ]); mysqli_stmt_bind_param($query,'sss',$newpass_hash,$uid,$_POST['uname']); mysqli_stmt_execute($query) or die(mysqli_error($dbh_write)); if (mysqli_stmt_affected_rows($query) != 1) die ("password change failed"); mysqli_stmt_close($query); mysqli_close($dbh_write); echo "Password Changed."; } else if (isset($_GET['newthread'])) { pageheader(); echo "

Create A New Thread!

"; NewPostForm(0); } else if (isset($_GET['showthread'])) { // **** Show a single thread // put thread subject in title $query = mysqli_prepare($dbh,"SELECT subject FROM board WHERE idx = ?") or die(mysqli_error()); mysqli_stmt_bind_param($query,'i',$_GET['showthread']); mysqli_stmt_execute($query) or die(mysqli_error($dbh)); mysqli_stmt_bind_result($query,$subject); mysqli_stmt_fetch($query) or die("no such post found".mysqli_error($dbh)); pageheader($subject); mysqli_stmt_close($query); // count posts in thread $query = mysqli_prepare($dbh,"SELECT COUNT(*) FROM board WHERE board.replyto = ? OR board.idx = ?") or die(mysql_error()); mysqli_stmt_bind_param($query,'ii',$_GET['showthread'],$_GET['showthread']); mysqli_stmt_execute($query) or die(mysqli_error($dbh)); mysqli_stmt_bind_result($query,$postcount); mysqli_stmt_fetch($query) or die(mysqli_error($dbh)); mysqli_stmt_close($query); $pageno = $_GET['showpage'] ?? 0; $lastpage = floor(($postcount-1)/$postsperpage); if (isset($_GET['lastpage'])) $pageno = $lastpage; $firstonpage = $pageno*$postsperpage; // get user's last login time if (isset($_COOKIE[$cookie_uname]) && isset($_COOKIE[$cookie_token])) { $query = mysqli_prepare($dbh,"SELECT UNIX_TIMESTAMP(prevlogin) AS llstamp FROM users WHERE uname = ? AND logintoken = ?") or die(mysqli_error($dbh)); mysqli_stmt_bind_param($query,'ss',$_COOKIE[$cookie_uname],$_COOKIE[$cookie_token]); mysqli_stmt_execute($query) or die(mysqli_error($dbh)); mysqli_stmt_bind_result($query,$lastlogin); if (!mysqli_stmt_fetch($query)) $lastlogin=0; mysqli_stmt_close($query); } else $lastlogin=0; echo "

"; if ($pageno > 0) echo "Previous Page"; if ($pageno > 0 && $pageno < floor(($postcount-1)/$postsperpage)) echo " | "; if ($pageno < floor(($postcount-1)/$postsperpage)) echo "Next Page"; echo "

"; $query = mysqli_prepare($dbh," SELECT board.subject AS subject, board.message AS message, board.idx AS idx, UNIX_TIMESTAMP(board.postedtime) AS postedtime, UNIX_TIMESTAMP(board.lasttime) AS lasttime, users.uname AS uname, users.idx AS uidx FROM board, users WHERE board.author = users.idx AND (board.replyto = ? OR board.idx = ?) ORDER BY postedtime ASC LIMIT ?,? ") or die (mysqli_error($dbh)); mysqli_stmt_bind_param($query,'iiii',$_GET['showthread'],$_GET['showthread'],$firstonpage,$postsperpage); mysqli_stmt_execute($query) or die(mysqli_error($dbh)); mysqli_stmt_bind_result($query,$subject,$message,$message_id,$postedtime,$updatetime,$uname,$uid); echo "
\n"; $firstpost=1; while (mysqli_stmt_fetch($query)) { echo "
"; if ($lastlogin > 0 && $updatetime > $lastlogin) echo "* "; echo "$subject by $uname at ".date($timefmt,$postedtime)." on ".date($datefmt,$postedtime)."
\n"; echo "
$message"; $age = time()-$postedtime; if ($age < $editexpire && ((!isset($_COOKIE[$cookie_uname]) || !isset($_COOKIE[$cookie_token])) || !strcmp($uname,$_COOKIE[$cookie_uname]))) { $timeleft_sec = $editexpire - $age; $timeleft_min = (int)($timeleft_sec / 60); $timeleft_sec = $timeleft_sec % 60; $timeleft_hr = (int)($timeleft_min / 60); $timeleft_min = $timeleft_min % 60; if ($timeleft_hr > 0) { $timeleft_str = "$timeleft_hr hour"; if ($timeleft_hr > 1) { $timeleft_str .= "s"; } } else { if ($timeleft_min > 0) { $timeleft_str = "$timeleft_min minute"; if ($timeleft_min > 1) { $timeleft_str .= "s"; } } else { $timeleft_str = "less than 1 minute"; } } echo "
[edit] ($timeleft_str left)"; } echo "
\n"; } mysqli_stmt_close($query); echo "
\n"; echo "

"; if ($pageno > 0) echo "Previous Page"; if ($pageno > 0 && $pageno < floor(($postcount-1)/$postsperpage)) echo " | "; if ($pageno < floor(($postcount-1)/$postsperpage)) echo "Next Page"; echo "
"; echo "Go to Page "; for ($i = 0; $i <= $lastpage; $i++) { if ($pageno != $i) echo ""; echo "$i"; if ($pageno != $i) echo ""; echo " "; } echo "

"; echo "Search this thread"; echo "

"; echo "Show all threads

"; echo "Reply to this thread:
"; NewPostForm($_GET['showthread']); echo "

"; } else if (isset($_GET['addpost'])) { // **** Add a post pageheader(); $uid = authenticate($dbh,true,$_POST['author'] ?? '',$_POST['pass'] ?? ''); if ($_POST['inresponseto']=="0" && (!isset($_POST['subject']) || $_POST['subject']=="" || ctype_space($_POST['subject']))) die("Cannot start thread with empty subject"); if ((!isset($_POST['message']) || $_POST['message']=="" || ctype_space($_POST['message']))) die("empty message not allowed!"); $dbh_write = dblogin_write(); $query = mysqli_prepare($dbh_write," INSERT INTO board VALUES(NULL,NOW(),NOW(),?,?,?,?,?) ") or die ("post error: ".mysqli_error($dbh_write)); $subject=htmlspecialchars($_POST['subject'],ENT_QUOTES); $message=preg_replace($tags_search,$tags_replace,htmlspecialchars($_POST['message'],ENT_QUOTES)); mysqli_stmt_bind_param($query,'iisss',$uid,$_POST['inresponseto'],$subject,$message,$_SERVER['REMOTE_ADDR']); mysqli_stmt_execute($query) or die(mysqli_error($dbh_write)); mysqli_stmt_close($query); echo "Added.
"; // update thread last updated time if ($_POST['inresponseto'] != 0) { update_post_time($dbh_write,$_POST['inresponseto']); echo "Return to thread
"; } echo "Return to forum"; mysqli_close($dbh_write); } else if (isset($_GET['editpost'])) { // **** Display post edit form pageheader(); $query = mysqli_prepare($dbh," SELECT subject,message FROM board WHERE idx = ?") or die(mysqli_error($dbh)); mysqli_stmt_bind_param($query,'i',$_GET['editpost']); mysqli_stmt_execute($query) or die(mysqli_error($dbh)); mysqli_stmt_bind_result($query,$subject,$message); if (!mysqli_stmt_fetch($query)) die("no such post ".mysqli_error($dbh)); mysqli_stmt_close($query); EditPostForm($_GET['editpost'],preg_replace($tags_decode_search,$tags_decode_replace,$message),$subject); } else if (isset($_GET['editpost2'])) { // **** Commit an edited post pageheader(); $posttoedit = intval($_POST['posttoupdate']); // look up what post this reponds to and when it was first posted $query = mysqli_prepare($dbh,"SELECT replyto, UNIX_TIMESTAMP(postedtime) FROM board WHERE idx = ? LIMIT 1") or die(mysqli_error($dbh)); mysqli_stmt_bind_param($query,'i',$_POST['posttoupdate']); mysqli_stmt_execute($query) or die(mysqli_error($dbh)); mysqli_stmt_bind_result($query,$inresponseto,$postedtime); mysqli_stmt_fetch($query) or die("couldn't find first post in thread".mysqli_error($dbh)); mysqli_stmt_close($query); if (!in_array($posttoedit, $editable_whitelist) && time()-$postedtime >= $editexpire) die("edit time for this post has expired ($editexpire seconds)"); $uid = authenticate($dbh,true,$_POST['author'] ?? '',$_POST['pass'] ?? ''); if ($inresponseto=="0" && (!isset($_POST['subject']) || $_POST['subject']=="" || ctype_space($_POST['subject']))) die("Thread cannot have empty subject"); if ((!isset($_POST['message']) || $_POST['message']=="" || ctype_space($_POST['message']))) die("empty message not allowed!"); $dbh_write = dblogin_write(); $query = mysqli_prepare($dbh_write," UPDATE board SET subject = ?, message = ?, ip = ?, lasttime = NOW() WHERE idx = ? AND author = ? LIMIT 1 ") or die (mysqli_error($dbh_write)); $newmessage = preg_replace($tags_search,$tags_replace,htmlspecialchars($_POST['message'],ENT_QUOTES))."

edited ".date($timefmt." ".$datefmt).""; $subject=htmlspecialchars($_POST['subject'],ENT_QUOTES); mysqli_stmt_bind_param($query,'sssii',$subject,$newmessage,$_SERVER['REMOTE_ADDR'],$_POST['posttoupdate'],$uid); mysqli_stmt_execute($query) or die(mysqli_error($dbh_write)); if (mysqli_stmt_affected_rows($query) != 1) die("no such post by you"); mysqli_stmt_close($query); echo "Updated.
"; if ($inresponseto != 0) { update_post_time($dbh_write,$inresponseto); echo "Return to thread
"; echo "Return to forum"; } mysqli_close($dbh_write); } else if (isset($_GET['searchmode'])) { // **** Searching (largely ripped off from Josh W) pageheader(); $post_action = "$my_path?searchmode"; if(isset($_GET['threadid'])) { $post_action .= "&threadid=${_GET['threadid']}"; } echo "
\n"; $query = $_POST['query'] ?? ''; $threadid = $_GET['threadid'] ?? ''; echo "\n"; echo "\n"; if(isset($_GET['threadid'])) { echo "\n"; } echo ""; $searchwhere = $_POST['searchwhere'] ?? ''; echo "\n"; echo "\n"; echo "\n"; echo "\n"; $searchhow = $_POST['searchhow'] ?? ''; echo ""; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; $order = $_POST['order'] ?? ''; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
Search for: 
In thread: 
Search where?
Search how?
Order?
\n"; echo "
\n"; if(isset($_POST['query'])) { if(isset($_POST['page'])) $lowr = ($_POST['page']-1)*$postsperpage; else $lowr = 0; $highr = $lowr + $postsperpage; switch ($searchwhere) { case "message": $field = "message"; break; case "subject": $field = "subject"; break; case "uname": $field = "users.uname"; break; default: $field = "message"; } switch ($searchhow) { case "exact": $query_sql = "$field LIKE ?"; $query = mysqli_real_escape_string($dbh,htmlspecialchars($_POST['query'],ENT_QUOTES)); break; case "phrase": $query_sql = "$field LIKE ?"; $query = "%" . mysqli_real_escape_string($dbh,htmlspecialchars($_POST['query'],ENT_QUOTES)) . "%"; break; case "anywords": $word_count = substr_count($_POST['query']," ")+1; $query_sql = "$field LIKE ?" . str_repeat(" OR $field LIKE ?",$word_count-1); $query = explode(" ", "%" . str_replace(" ","% %",htmlspecialchars($_POST['query'],ENT_QUOTES)) . "%" ); break; case "allwords": $word_count = substr_count($_POST['query']," ")+1; $query_sql = "$field LIKE ?" . str_repeat(" AND $field LIKE ?",$word_count-1); $query = explode(" ", "%" . str_replace(" ","% %",htmlspecialchars($_POST['query'],ENT_QUOTES)) . "%" ); break; default: $query = "'%mothballs%'"; break; } $full_query = "SELECT board.idx AS idx FROM board"; if ($field == "users.uname") { $full_query .= ",users"; } $full_query .= " WHERE ( $query_sql )"; if ($field == "users.uname") { $full_query .= " AND board.author = users.idx"; } if (isset($_GET['threadid'])) { $threadid = intval($_GET['threadid']); $full_query .= " AND ( board.idx = $threadid OR board.replyto = $threadid )"; } $full_query .= " ORDER BY board.postedtime "; if (!isset($_POST['order']) || $_POST['order'] == "ASC") { $full_query .= "ASC\n"; } else { $full_query .= "DESC\n"; } $stmt=mysqli_prepare($dbh,$full_query) or die (mysqli_error($dbh)); if ($searchhow == "anywords" || $searchhow == "allwords") { $i = 2; $query2[0] = $stmt; $query2[1] = str_repeat('s',$word_count); foreach ($query as $q) { $query2[$i] = &$query[$i-2]; $i++; } call_user_func_array('mysqli_stmt_bind_param',$query2); } else { mysqli_stmt_bind_param($stmt,'s',$query) or die (mysqli_error($dbh)); } mysqli_stmt_execute($stmt) or die(mysqli_error($dbh)); mysqli_stmt_bind_result($stmt,$message_idx) or die(mysqli_error($dbh)); mysqli_stmt_store_result($stmt); $nresults = mysqli_stmt_num_rows($stmt); for($i = 0; $i < $nresults && $i < $lowr; $i++) if (!mysqli_stmt_fetch($stmt)) die(mysqli_error($dbh)); for($i = $lowr; $i < $nresults && $i < $highr && mysqli_stmt_fetch($stmt); $i++) { $indexes[$i] = $message_idx; } mysqli_stmt_close($stmt); $npage = (int)(($highr+$postsperpage) / $postsperpage); $ppage = $npage - 2; $highr3 = $highr; if($highr > $nresults) $highr = $nresults; $test2 = preg_replace(array("[ ]"),array("+") ,$_POST['query']); echo "
\n"; PrevNext($post_action,$ppage,$npage,$highr3,$nresults); echo "

Showing " . ($lowr + 1) . " - $highr out of $nresults posts

\n"; for($i = $lowr; $i < $highr; $i++) { $post_index = $indexes[$i]; // fetch the thread index $stmt = mysqli_prepare($dbh,"SELECT replyto FROM board WHERE idx = ?") or die (mysqli_error($dbh)); mysqli_stmt_bind_param($stmt,'i',$post_index) or die(mysqli_error($dbh)); mysqli_stmt_execute($stmt) or die(mysqli_error($dbh)); mysqli_stmt_bind_result($stmt,$thread_index) or die(mysqli_error($dbh)); mysqli_stmt_fetch($stmt) or die ("error fetching a post".mysqli_error($dbh)); mysqli_stmt_close($stmt); if ($thread_index != 0) { // fetch the thread title and index $stmt = mysqli_prepare($dbh,"SELECT subject FROM board WHERE idx = ?") or die(mysqli_error($dbh)); mysqli_stmt_bind_param($stmt,'i',$thread_index) or die(mysqli_error($dbh)); mysqli_stmt_execute($stmt) or die (mysqli_error($dbh)); mysqli_stmt_store_result($stmt) or die (mysqli_error($dbh)); if (mysqli_stmt_num_rows($stmt) != 0) { mysqli_stmt_bind_result($stmt,$thread_subject) or die(mysqli_error($dbh)); mysqli_stmt_fetch($stmt) or die ("error fetching thread title and index $thread_index ".mysqli_error($dbh)); } else { $thread_index = 0; } mysqli_stmt_close($stmt); } if ($thread_index != 0) { // count how many posts come before this one $stmt = mysqli_prepare($dbh,"SELECT COUNT(*) FROM board WHERE (replyto = ? OR idx = ?) AND board.idx < ?") or die(mysqli_error($dbh)); mysqli_stmt_bind_param($stmt,'iii',$thread_index,$thread_index,$post_index) or die (mysqli_error($dbh)); mysqli_stmt_execute($stmt) or die (mysqli_error($dbh)); mysqli_stmt_bind_result($stmt,$postcount) or die(mysqli_error($dbh)); mysqli_stmt_fetch($stmt) or die(mysqli_error($dbh)); mysqli_stmt_close($stmt); $pageno = floor(($postcount) / $postsperpage); } // retrieve details of this post $stmt = mysqli_prepare($dbh,"SELECT board.subject, board.message, UNIX_TIMESTAMP(board.postedtime), users.idx, users.uname FROM board, users WHERE board.idx = ? AND users.idx = board.author") or die(mysqli_error($dbh)); mysqli_stmt_bind_param($stmt,'i',$post_index); mysqli_stmt_execute($stmt) or die (mysqli_error($dbh)); mysqli_stmt_bind_result($stmt,$subject,$message,$postedtime,$uid,$uname); mysqli_stmt_fetch($stmt) or die ("error getting post details ".mysqli_error($dbh)); mysqli_stmt_close($stmt); if($thread_index != 0) echo "Thread: $thread_subject
"; else echo "Thread: $subject
"; echo "
$subject by $uname at " . date($timefmt,$postedtime)." on ".date($datefmt,$postedtime); echo "
$message
"; } echo "

"; PrevNext($post_action,$ppage,$npage,$highr3,$nresults); } // end if query } else if (isset($_GET['rss'])) { // **** RSS feed (again ripped off from josh */ echo "\n\n"; echo "HCS Forum\n$full_path\n"; echo "10 most recently active threads in the HCS Forum\n"; $stmt=mysqli_prepare($dbh, "SELECT board.idx AS threadid,board.subject,board.lasttime, (SELECT COUNT(*) FROM board WHERE replyto = threadid) AS replycount, (SELECT idx FROM board AS b WHERE b.idx = board.idx OR b.replyto = board.idx ORDER BY postedtime DESC LIMIT 1) AS lastpost FROM board WHERE board.replyto = '0' ORDER BY lasttime DESC LIMIT 10") or die (mysqli_error($dbh)); mysqli_stmt_execute($stmt) or die(mysqli_error($dbh)); mysqli_stmt_bind_result($stmt, $index, $subject, $lasttime, $replies, $lastpost); while (mysqli_stmt_fetch($stmt)) { $lastpage = floor($replies / $postsperpage); echo ""; echo "$subject ($replies replies)\n"; echo "$subject ($replies replies)\n"; echo "$full_path?showthread=$index&showpage=$lastpage#post_$lastpost\n"; echo "\n"; } mysqli_stmt_close($stmt); echo ""; mysqli_close($dbh); exit; // avoid outputting the html footer } else { // **** Display Threads pageheader(); // get user's last login time if (isset($_COOKIE[$cookie_uname]) && isset($_COOKIE[$cookie_token])) { // login time $query = mysqli_prepare($dbh,"SELECT UNIX_TIMESTAMP(prevlogin) AS llstamp FROM users WHERE uname = ? AND logintoken = ?"); mysqli_stmt_bind_param($query,'ss',$_COOKIE[$cookie_uname],$_COOKIE[$cookie_token]); mysqli_stmt_execute($query) or die(mysqli_error($dbh)); mysqli_stmt_bind_result($query,$lastlogin); if (!mysqli_stmt_fetch($query)) $lastlogin=0; mysqli_stmt_close($query); } else { $lastlogin=0; } // first page has count($pinned_threads) + $threadsperpage, // subsequent pages have $threadsperpage if (!isset($_GET['showpage'])) { $firstonpage = 0; $threadsonthispage = count($pinned_threads) + $threadsperpage; } else { $firstonpage = count($pinned_threads) + $threadsperpage * intval($_GET['showpage']); $threadsonthispage = $threadsperpage; } // thread list $pinned_threads_sql="idx IN ('" . join("','", $pinned_threads) . "') AS pinned,"; $query_str = " SELECT pinned, b1.idx AS threadid, subject, UNIX_TIMESTAMP(lasttime) AS lasttime, (SELECT 1+COUNT(*) FROM board WHERE replyto = threadid) AS postcount, IFNULL(lastreply, b1.idx) AS lastpost, (SELECT author FROM board WHERE idx = lastpost) AS lastuid, (SELECT uname FROM users WHERE idx = lastuid) AS lastuname FROM (SELECT $pinned_threads_sql idx, (SELECT idx FROM board WHERE replyto = b0.idx ORDER BY postedtime DESC LIMIT 1) AS lastreply FROM board b0 WHERE replyto = '0' ORDER BY pinned DESC, lasttime DESC LIMIT ?,?) b1 JOIN board b2 ON b1.idx = b2.idx ;"; $query = mysqli_prepare($dbh,$query_str) or die (mysqli_error($dbh)); mysqli_stmt_bind_param($query,'ii',$firstonpage,$threadsonthispage) or die(mysqli_error($dbh)); // get thread list mysqli_execute($query) or die(mysqli_error($dbh)); mysqli_stmt_bind_result($query,$pinned,$threadid,$subject,$thread_lasttime,$postcount,$lastidx,$last_uid,$last_uname); echo ""; $saw_pinned = 0; while (mysqli_stmt_fetch($query)) { if (!$pinned && $saw_pinned) { $saw_pinned = 0; echo "\n"; } echo "\n"; echo ""; echo "\n"; } echo "
Threadses
SubjectUpdatedUpdated byPosts
 
"; if ($lastlogin > 0 && $thread_lasttime > $lastlogin) echo "* "; echo "$subject"; if ($pinned) { $saw_pinned = 1; echo " (pin'd)"; } $lastpage = 0; if ($postcount > $postsperpage) { $lastpage = floor(($postcount-1) / $postsperpage); echo " (last page)"; } echo "".date($timefmt." ".$datefmt,$thread_lasttime)."$last_uname $postcount
\n"; mysqli_stmt_close($query); $query = mysqli_prepare($dbh,"SELECT COUNT(*) FROM board WHERE replyto = '0'") or die(mysqli_error($dbh)); mysqli_execute($query) or die (mysqli_error($dbh)); mysqli_stmt_bind_result($query,$count) or die(mysqli_error($dbh)); mysqli_stmt_fetch($query) or die("error fetching thread list ".mysqli_error($dbh)); mysqli_stmt_close($query) or die(mysqli_error($dbh)); echo "

"; $showpage = intval($_GET['showpage'] ?? '0'); $showprev = $showpage > 0; $shownext = ($firstonpage+$threadsonthispage < $count); if ($showprev) echo "Previous Page"; if ($showprev && $shownext) echo " | "; if ($shownext) echo "Next Page"; echo "

"; echo "Create a new thread | "; echo "Search
"; if (!isset($_COOKIE[$cookie_uname]) || !isset($_COOKIE[$cookie_token])) { echo "Create an account | "; } echo "Change Password | "; if (!isset($_COOKIE[$cookie_uname]) || !isset($_COOKIE[$cookie_token])) { echo "Log In"; } else { echo "Log Out"; } } mysqli_close($dbh); ?>

HCS Forum Index
Halley's Comet Software
forum source