session_start();
require("todooforum.conf.php");
$db = mysql_connect("$dbserver", "$dbuser", "$dbpass");
mysql_select_db("$dbbase",$db);
if ($cat == 'post' and $titre and $message and $auteur and $email)
{if (verif_ip("$ip", "$chaine_ip"))
{$titre = htmlspecialchars($titre);
$message = htmlspecialchars($message);
$auteur = htmlspecialchars($auteur);
$email = htmlspecialchars($email);
$avatar = htmlspecialchars($avatar);
$titre = addslashes($titre);
$message = addslashes($message);
$auteur = addslashes($auteur);
$email = addslashes($email);
$avatar = addslashes($avatar);
$date_post = date("Y-m-d H:i:s");
setcookie("todooforum_auteur","$auteur",time()+86400);
setcookie("todooforum_email","$email",time()+86400);
setcookie("todooforum_avatar","$avatar",time()+86400);
if ($reponse == '') {$reponse = "non";} else {$reponse;}
if (!$id_post) {$id_post = "0";} else {}
$sql = "INSERT INTO `todooforum_post` (`id_post` , `titre` , `message` , `auteur` , `email` , `date` , `date2` , `avatar` , `vus` , `id_forum` , `reponse` , `ip` ) VALUES('$id_post','$titre','$message','$auteur','$email','$date_post','$date_post','$avatar','0','$id_forum','$reponse', '$ip')"; mysql_query($sql) or die('Erreur SQL !'.$sql.'
'.mysql_error());
$sql = "UPDATE todooforum_post SET date2='$date_post' where id_forum=$id_forum and id_post=0 and id=$id_post"; mysql_query($sql) or die('Erreur SQL !'.$sql.'
'.mysql_error());
envoi_mail($id_forum, $id_post, $pg, $titre_site, $adresse, $email, $email_administrateur, $nom_de_page);
$total = mini_retour($id_forum, $id_post, $pp, "");
header("Location: $adresse/$nom_de_page?cat=reponse&id_forum=$id_forum&id_post=$id_post&pg=$total#bas");
}
else
{}
}
elseif ($cat == admin)
{if ($range == post and $_SESSION[login] == $login_admin)
{$titre = htmlspecialchars($titre);
$message = htmlspecialchars($message);
$auteur = htmlspecialchars($auteur);
$email = htmlspecialchars($email);
$avatar = htmlspecialchars($avatar);
$titre = addslashes($titre);
$message = addslashes($message);
$auteur = addslashes($auteur);
$email = addslashes($email);
$avatar = addslashes($avatar);
if ($reponse == '') {$reponse = "non";} else {$reponse;}
$sql = "UPDATE todooforum_post SET auteur='$auteur', email='$email', titre='$titre', message='$message', avatar='$avatar', reponse='$reponse' where id=$id"; mysql_query($sql) or die('Erreur SQL !'.$sql.'
'.mysql_error());
$req_scroll_id = mysql_query("SELECT id FROM todooforum_post where id_forum=$id_forum and id_post=$id_post");
$res_scroll_id = mysql_numrows($req_scroll_id);
while ($i < $res_scroll_id and $scroll_id != $id)
{$scroll_id = mysql_result($req_scroll_id,$i,"id");
$i++;
}
$i++;
while ($j < $i)
{$total++; $j=$j+$pp;
}
header("Location: $adresse/$nom_de_page?cat=reponse&id_forum=$id_forum&id_post=$id_post&pg=$total#$id");
}
elseif ($t == supprimer and $_SESSION[login] == $login_admin)
{$sql = "delete from todooforum_post where id=$id"; mysql_query($sql) or die('Erreur SQL !'.$sql.'
'.mysql_error());
$total = mini_retour($id_forum, $id_post, $pp, "");
if ($total > $pg) {} else {$pg=$total;}
header("Location: $adresse/$nom_de_page?cat=reponse&id_forum=$id_forum&id_post=$id_post&pg=$pg#bas");
}
elseif ($login and $password)
{$login = trim($_POST['login']);
$password = trim($_POST['password']);
if ($login == $login_admin && $password == $password_admin)
{$login = "$login_admin";
session_register("login");
header("Location: $adresse/$nom_de_page?id_forum=0");
}
else
{header("Location: $adresse/$nom_de_page?cat=admin");}
}
else
{}
}
else {}
//include "header.php";
?>