1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
<?php include_once 'header.php'; ?>
<?php
include_once 'includes/db_inc.php';
function add_quote($dbc, $thread_id, $matches) {
foreach ($matches as $match) {
$id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT) - 1;
$sql = "SELECT post_content, post_author, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_thread = " . $thread_id . " LIMIT 1 OFFSET " . $id;
$result = mysqli_query($dbc, $sql);
if (!$result) {
return '<blockquote></blockquote>';
}
$reply = mysqli_fetch_assoc($result);
return '<blockquote><a href="#' . $id + 1 .'">Quote from ' . $reply['user_name'] . '</a><br>' . $reply['post_content'] . '</blockquote>';
}
}
$sql = "SELECT thread_id, thread_subject, thread_date, user_id, user_name FROM threads LEFT JOIN users ON thread_author = user_id WHERE thread_id = " . mysqli_real_escape_string($dbc, $_GET['id']);
$result = mysqli_query($dbc, $sql);
if (!$result) {
die('Error trying to display thread page: ' . mysqli_error($dbc));
}
if (mysqli_num_rows($result) == 0) {
echo 'This thread does not exist';
} else {
while ($row = mysqli_fetch_assoc($result)) {
echo '<section><h1>' . $row['thread_subject'] . '</h1>';
echo 'Created by <a href="user.php?id='. $row['user_id'] .'">' . $row['user_name'] . '</a> on ' . date('M d, Y', strtotime($row['thread_date'])) . '</section>';
$thread_id = $row['thread_id'];
}
}
echo '</section>';
mysqli_free_result($result);
$sql = "SELECT post_id, post_content, post_date, post_author, user_id, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_thread = " . mysqli_real_escape_string($dbc, $_GET['id']);
$result = mysqli_query($dbc, $sql);
if (!$result) {
die('Error trying to display posts: ' . mysqli_error($dbc));
}
if (mysqli_num_rows($result) == 0) {
echo '<section>This thread has no posts</section>';
} else {
echo '<table>';
$post_index = 1;
$thread_id = $_GET['id'];
while ($row = mysqli_fetch_assoc($result)) {
echo '<tr><th></th><th>' . $post_index . '</th></tr>';
echo '<tr class="post" id=' . $post_index . '><td>Posted by <a href="user.php?id='. $row['user_id'] .'">' . $row['user_name'] . '</a><br><small>' . date('m/d/Y g:ia', strtotime($row['post_date'])) . '</small></td>';
$post_content = $row['post_content'];
$post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) {
return add_quote($dbc, $thread_id, $matches);
}, $post_content);
$post_content = preg_replace(
"/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i",
'<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $post_content);
$post_content = preg_replace('/(https?:\/\/[^ ]+?(?:\.jpg|\.png|\.gif))/', '<img class="image-embed" src="$1" alt="$1" />', $post_content);
$post_content = preg_replace('@\b(http(s)?://)?([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:</\w+>|/?>))@i', '<a href="http$2://$3">$0</a>', $post_content);
echo '<td class="post-content">' . $post_content . '</td></tr>';
$post_index++;
}
echo '</table>';
}
mysqli_free_result($result);
if (isset($_SESSION['signed_in'])) {
echo '
<section>
<form action="includes/reply_inc.php?reply_to=' . $thread_id .'" method="post">
<h2>Reply to this thread</h2>
<i>Quote a post with ># and the number above the post (example: >#7)</i>
<textarea name="reply_content"></textarea>
<br>
<input type="submit" name="submit">
</form>
</section>
';
} else {
echo '
<section>
<a href="signin.php">Sign in</a> to reply to this thread</a>
</section>
';
}
include_once 'footer.php';
?>
|
