Zephox

Cleaned and optimized. <?php session_start(); require "global_func.php"; if ($_SESSION['loggedin'] == 0) { header("Location: login.php"); exit; } $userid = $_SESSION['userid']; require "header.php"; $h = new headers; $h->startheaders(); include "mysql.php"; global $c; $is = mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid", $c) or die(mysql_error()); $ir = mysql_fetch_array($is); check_level(); $fm = money_formatter($ir['money']); $lv = date('F j, Y, g:i a', $ir['laston']); $h->userdata($ir, $lv, $fm); $h->menuarea(); echo "<font face='Arial' size='4'><center>Forums</center></font><hr width='90%'>"; if ($ir['forum_ban']) { die(" You are banned from the forums for " . number_format($ir['forum_ban']) . " more days. The reason for this is {$ir['forum_reason']}. <hr width='90%'>> [url='explore.php']Back[/url]<hr width='90%'>"); } switch ($_GET['view']) { case 'topic': view_topic(); break; case 'section': view_section(); break; case 'reply': reply_forum(); break; case 'edit': edit_reply(); break; case 'editpost': edit_message(); break; case 'delpost': delete_post(); break; case 'deltop': delete_topic(); break; case 'newtopic': create_topic(); break; case 'newsect': create_section(); break; default: forums_index(); break; } function forums_index() { global $ir, $c, $userid, $h; $sql = sechof("SELECT * FROM `forums_sections` fs LEFT JOIN `users` u ON (u.userid = fs.fsCREATOR) ORDER BY fs.fsID DESC"); $sql = mysql_query($sql); echo "<table width='90%' cellspacing='1' border='1' align='center'><tr bgcolor='#AAAAAA'><td colspan='4'>[b]<center>Public Forums[/b]"; if ($ir['user_level'] == '2') { echo " >> [[url='forums.php?view=newsect'][b]New Forum[/url]][/b]"; } echo "</center></td></tr><tr bgcolor='#AAAAAA'><th align='left'>Forum Name</th><th>Topics</th></tr>"; while ($r = mysql_fetch_array($sql)) { echo "<tr><td width='50%'>[url='forums.php?view=section&ID={$r[']{$r['fsNAME']}[/url] [size="1"][i]{$r['fsDESC']}[/i][/size]</td> <td width='25%'><center>{$r['fsPOSTS']}</center></td></tr>"; } echo "</table><hr width='90%'>"; } function view_section() { global $ir, $c, $userid, $h; $_GET['ID'] = abs((int) $_GET['ID']); $sql = sechof("SELECT * FROM `forums_topics` ft LEFT JOIN `users` u ON (u.userid = ft.ftUSER) LEFT JOIN `forums_sections` fs ON (fs.fsID = ft.ftFORUM) WHERE (ft.ftFORUM = %u)", $_GET['ID']); $sql = mysql_query($sql); echo "<table width='90%' cellspacing='1' border='1' align='center'><tr bgcolor='#AAAAAA'><td colspan='3'>[b]<center>[url='forums.php']Public Forums[/url] >> [[url='forums.php?view=newtopic'][b]New Topic[/url]]</center>[/b]</td></tr> <tr bgcolor='#AAAAAA'><th align='left'>Topic</th><th>Posts</th><th>Starter</th></tr>"; while ($r = mysql_fetch_array($sql)) { echo "<tr><td width='50%'>[url='forums.php?view=topic&ID={$r[']{$r['ftNAME']}[/url]"; if ($r['fpUSER'] == $ir['userid'] || $ir['user_level'] == 2) { echo " [[url='forums.php?view=deltop&ID={$r[']Delete[/url]]"; } echo " [size="1"][i]{$r['ftDESC']}[/i][/size]</td> <td width='25%'><center>{$r['ftPOSTS']}</center></td> <td width='25%'><center>[url='viewuser.php?u={$r[']{$r['username']}[/url]</center></td></tr>"; } echo "</table><hr width='90%'>"; } function view_topic() { global $ir, $c, $userid, $h; $_GET['ID'] = abs((int) $_GET['ID']); $sql = sechof("SELECT * FROM `forums_posts` fp LEFT JOIN `users` u ON (u.userid = fp.fpUSER) LEFT JOIN `forums_topics` ft ON (ft.ftID = fp.fpTOPIC) LEFT JOIN `forums_sections` fs ON (fs.fsID = ft.ftFORUM) WHERE (fp.fpTOPIC = %u)", $_GET['ID']); $sql = mysql_query($sql); echo "<table width='90%' cellspacing='1' border='1' align='center'>"; while ($r = mysql_fetch_array($sql)) { echo "<tr bgcolor='#AAAAAA'><td colspan='4'>[b][url='forums.php']Public Forums[/url] >> [url='forums.php?view=section&ID={$r[']{$r['fsNAME']}[/url] >> {$r['ftNAME']}[/b]</td></tr> <tr><td width='10%' valign='top'>[url='viewuser.php?u={$r[']{$r['username']}[/url] [{$r['userid']}] Level {$r['level']} {$r['posts']} Posts </td> <td width='90%' valign='top'> [b]Subject: [/b]{$r['fpSUBJECT']} "; if ($r['fpUSER'] == $ir['userid']) { echo "[[url='forums.php?view=editpost&ID={$r[']Edit[/url]]"; } if ($r['fpUSER'] == $ir['userid'] || $ir['user_level'] != 2) { echo " [[url='forums.php?view=delpost&ID={$r[']Delete[/url]]"; } echo " [i]Posted at " . date('F j Y, g:i:s a', $r['fpTIME']) . "[/i] <hr />{$r['fpPOST']} "; if ($r['fpEDIT']) { echo "[i]Last edited by [url='viewuser.php?u={$r[']{$r['username']}[/url] at " . date('F j Y, g:i:s a', $r['fpTIME']) . ".[/i] "; } echo "</td> </tr>"; } echo "</table><hr width='90%'><center> <form action='forums.php?view=reply' method='post'> [b]Reply to this Topic:[/b] <input type='hidden' name='ID' value='{$_GET['ID']}' /> Subject <input type='text' name='subject' /> Message <textarea name='message' cols='40' rows='7'></textarea> <input type='submit' value='Reply' /></form></center> <hr width='90%'>"; } function create_section() { global $ir, $c, $userid, $h; if ($ir['user_level'] != '2') { echo " You are not permitted to access this area of the forums. <hr width='90%'>> [url='explore.php']Back[/url]<hr width='90%'>"; } else if ($_POST['name'] AND $_POST['description']) { $sql = sechof("INSERT INTO `forums_sections` (`fsID`, `fsNAME`, `fsDESC`, `fsCREATOR`, `fsPOSTS`) VALUES ('NULL','%s', '%s', '%d', '%d')", mysql_real_escape_string($_POST['name']), mysql_real_escape_string($_POST['description']), $userid, 0); mysql_query($sql); echo " The {$_POST['name']} forum section was successfully created. <hr width='90%'>> [url='forums.php']Back[/url]<hr width='90%'>"; } else { echo " <form action='forums.php?view=newsect' method='post'> Create Forum Section: Name <input type='text' name='name' /> Description <textarea name='description' cols='40' rows='7'></textarea> <input type='submit' value='Create' /></form> <hr width='90%'>> [url='forums.php']Back[/url]<hr width='90%'>"; } } function create_topic() { global $ir, $c, $userid, $h; if ($_POST['name'] AND $_POST['description'] AND $_POST['section'] AND $_POST['subject'] AND $_POST['message']) { $_POST['section'] = abs((int) $_POST['section']); $sql = sechof("INSERT INTO `forums_topics` (`ftID`, `ftFORUM`, `ftNAME`, `ftDESC`, `ftUSER`) VALUES ('NULL','%d', '%s', '%s', '%d')", $_POST['section'], mysql_real_escape_string($_POST['name']), mysql_real_escape_string($_POST['description']), $userid); mysql_query($sql); $i = mysql_insert_id($c); $fm = sechof("INSERT INTO `forums_posts` (`fpID`, `fpTOPIC`, `fpSUBJECT`, `fpPOST`, `fpUSER`, `fpTIME`) VALUES ('NULL','%d', '%s', '%s', '%d', '%d')", $i, mysql_real_escape_string($_POST['subject']), mysql_real_escape_string($_POST['message']), $userid, time()); mysql_query($fm); $upd = sechof("UPDATE `forums_sections` SET fsPOSTS = fsPOSTS + 1 WHERE (`fsID` = %u)", $_POST['section']); mysql_query($upd); echo " The {$_POST['name']} forum topic was successfully created. <hr width='90%'>> [url='forums.php']Back[/url]<hr width='90%'>"; } else { echo " <form action='forums.php?view=newtopic' method='post'> Create Forum Topic: Name <input type='text' name='name' /> Forum <select name='section' type='dropdown'> <option value='0'>None</option>"; $q = sechof("SELECT * FROM `forums_sections`", $c); $q = mysql_query($q); while ($r = mysql_fetch_array($q)) { echo "<option value='{$r['fsID']}'>{$r['fsNAME']}</option>"; } echo "</select> Description <textarea name='description' cols='40' rows='7'></textarea> [b]First Message:[/b] Subject <input type='text' name='subject' /> Message <textarea name='message' cols='40' rows='7'></textarea> <input type='submit' value='Create' /></form> <hr width='90%'>> [url='forums.php']Back[/url]<hr width='90%'>"; } } function reply_forum() { global $ir, $c, $userid, $h; if ($_POST['subject'] AND $_POST['message'] AND $_POST['ID']) { $_POST['ID'] = abs((int) $_POST['ID']); $sql = sechof("INSERT INTO `forums_posts` (`fpID`, `fpTOPIC`, `fpSUBJECT`, `fpPOST`, `fpUSER`, `fpTIME`) VALUES ('NULL','%d', '%s', '%s', '%d', '%d')", $_POST['ID'], mysql_real_escape_string($_POST['subject']), mysql_real_escape_string($_POST['message']), $userid, time()); mysql_query($sql); $upd = sechof("UPDATE `forums_topics` SET ftPOSTS = ftPOSTS + 1 WHERE (`ftID` = %u)", $_POST['ID']); mysql_query($upd); $upda = sechof("UPDATE `users` SET posts = posts + 1 WHERE (`userid` = %u)", $ir['userid']); mysql_query($upda); echo " Your reply was successfully posted. <hr width='90%'>> [url='forums.php?view=topic&ID={$_POST[']Back[/url]<hr width='90%'>"; } else { echo " You missed one or more of the required fields. Go back and try again. <hr width='90%'>> [url='forums.php']Back[/url]<hr width='90%'>"; } } function edit_message() { global $ir, $c, $userid, $h; $_GET['ID'] = abs((int) $_GET['ID']); $sql = sechof("SELECT * FROM `forums_posts` WHERE (fpID = %u)", $_GET['ID']); $sql = mysql_query($sql); $r = mysql_fetch_array($sql); if ($ir['userid'] != $r['fpUSER']) { echo " You are not the owner of this message. <hr width='90%'>> [url='forums.php']Back[/url]<hr width='90%'>"; } else { echo "<form action='forums.php?view=edit&ID={$_GET['ID']}' method='post'> [b]Edit Message:[/b] Subject <input type='text' name='subject' value='{$r['fpSUBJECT']}' /> Message <textarea name='message' cols='40' rows='7'>{$r['fpPOST']}</textarea> <input type='submit' value='Edit' /></form> <hr width='90%'>> [url='forums.php']Back[/url]<hr width='90%'>"; } } function edit_reply() { global $ir, $c, $userid, $h; $_GET['ID'] = abs((int) $_GET['ID']); $sql = sechof("SELECT * FROM `forums_posts` WHERE (fpID = %u)", $_GET['ID']); $sql = mysql_query($sql); $r = mysql_fetch_array($sql); if ($ir['userid'] != $r['fpUSER'] || $ir['user_level'] != 2) { echo " You are not authorised to edit this message. <hr width='90%'>> [url='forums.php']Back[/url]<hr width='90%'>"; } else if ($_POST['subject'] AND $_POST['message'] AND $_GET['ID']) { $edit = sechof("UPDATE `forums_posts` SET `fpSUBJECT` = '%s', `fpPOST` = '%s', `fpEDIT` = '%d' WHERE (`fpID` = %u)", mysql_escape_string($_POST['subject']), mysql_escape_string($_POST['message']), time(), $_GET['ID']); mysql_query($edit); echo " Your post was successfully edited. <hr width='90%'>> [url='forums.php?view=topic&ID={$_GET[']Back[/url]<hr width='90%'>"; } else { echo " You missed one or more of the required fields. Go back and try again. <hr width='90%'>> [url='forums.php']Back[/url]<hr width='90%'>"; } } function delete_post() { global $ir, $c, $userid, $h; $_GET['ID'] = abs((int) $_GET['ID']); $sql = sechof("SELECT * FROM `forums_posts` WHERE (fpID = %u)", $_GET['ID']); $sql = mysql_query($sql); $r = mysql_fetch_array($sql); if ($ir['user_level'] != 2) { echo " You are not authorised to remove this message. <hr width='90%'>[url='forums.php']Back[/url]<hr width='90%'>"; } else if ($r['fpID']) { //////update Topic Post Count//// mysql_query($sql); $upd = sechof("UPDATE `forums_topics` SET ftPOSTS = ftPOSTS - 1 WHERE (`ftID` = {$r['fpTOPIC']})"); mysql_query($upd); ////////////////////////////// $edit = sechof("DELETE FROM `forums_posts` WHERE (`fpID` = %u)", $_GET['ID']); mysql_query($edit); echo " The post was successfully removed. <hr width='90%'>[url='forums.php']Back[/url]<hr width='90%'>"; } else { echo " This post has already been deleted. <hr width='90%'>[url='forums.php']Back[/url]<hr width='90%'>"; } } function delete_topic() { global $ir, $c, $userid, $h; $_GET['ID'] = abs((int) $_GET['ID']); $sql = sechof("SELECT * FROM `forums_topics` WHERE (ftID = %u)", $_GET['ID']); $sql = mysql_query($sql); $r = mysql_fetch_array($sql); if ($ir['user_level'] != 2) { echo " You are not authorised to remove this topic. <hr width='90%'>[url='forums.php']Back[/url]<hr width='90%'>"; } else if ($r['ftID']) { ///update Section Topic Count///// $upd = sechof("UPDATE `forums_sections` SET fsPOSTS = fsPOSTS - 1 WHERE (`fsID` = {$r['ftFORUM']})"); mysql_query($upd); ////////////////////////////// $posts = sechof("DELETE FROM `forums_posts` WHERE (`fpTOPIC` = %u)", $_GET['ID']); mysql_query($posts); $edit = sechof("DELETE FROM `forums_topics` WHERE (`ftID` = %u)", $_GET['ID']); mysql_query($edit); echo " The topic was successfully removed. <hr width='90%'>[url='forums.php']Back[/url]<hr width='90%'>"; } else { echo " This topic has already been deleted. <hr width='90%'>[url='forums.php']Back[/url]<hr width='90%'>"; } } $h->endpage(); ?>

First of all well done, Good feature to have. Also i have slightly cleaned it up a little, This has not been tested but should work fine. Reason: Do not own a version of MCCodes framework.   <?php include_once(DIRNAME(__FILE__) . '/globals.php'); global $db, $ir, $c, $h, $userid, $set; if ($ir['user_level'] != 2) { die("403"); } if (!$_GET['spend']) { echo "Welcome to the Admin Refill Centre! What would you like to do? [url='admincentre.php?spend=erefill']Energy Refill[/url] [url='admincentre.php?spend=brefill']Brave Refill[/url] [url='admincentre.php?spend=wrefill']Will Refill[/url] [url='admincentre.php?spend=hrefill']Health Refill[/url] [url='admincentre.php?spend=arefill']Refill All[/url] [url='admincentre.php?spend=nojail']No Jail[/url] [url='admincentre.php?spend=nohosp']No Hostpital[/url] "; } else { if ($_GET['spend'] == 'erefill') { if ($ir['energy'] == $ir['maxenergy']) { echo "You already have full energy. "; echo "[url='admincentre.php']Back[/url] "; } else { $db->query("UPDATE users SET energy=maxenergy WHERE userid=$userid"); echo "You have refilled your energy bar. "; echo "[url='admincentre.php']Back[/url] "; } } else if ($_GET['spend'] == 'brefill') { if ($ir['brave'] == $ir['maxbrave']) { echo "You already have full brave. "; echo "[url='admincentre.php']Back[/url] "; } else { $db->query("UPDATE users SET brave=maxbrave WHERE userid=$userid"); echo "You have refilled your brave bar. "; echo "[url='admincentre.php']Back[/url] "; } } else if ($_GET['spend'] == 'wrefill') { if ($ir['will'] == $ir['maxwill']) { echo "You already have full will. "; echo "[url='admincentre.php']Back[/url] "; } else { $db->query("UPDATE users SET will=maxwill WHERE userid=$userid"); echo "You have refilled your will bar. "; echo "[url='admincentre.php']Back[/url] "; } } else if ($_GET['spend'] == 'hrefill') { if ($ir['hp'] == $ir['maxhp']) { echo "You already have full health. "; echo "[url='admincentre.php']Back[/url] "; } else { $db->query("UPDATE users SET hp=maxhp WHERE userid=$userid"); echo "You have refilled your health bar. "; echo "[url='admincentre.php']Back[/url] "; } } else if ($_GET['spend'] == 'arefill') { $db->query("UPDATE users SET brave=maxbrave WHERE userid=$userid"); $db->query("UPDATE users SET will=maxwill WHERE userid=$userid"); $db->query("UPDATE users SET hp=maxhp WHERE userid=$userid"); $db->query("UPDATE users SET energy=maxenergy WHERE userid=$userid"); echo "You have refilled all your bars. "; echo "[url='admincentre.php']Back[/url] "; } else if ($_GET['spend'] == 'nojail') { if ($ir['jail'] == 0) { echo "You are not in jail. "; echo "[url='admincentre.php']Back[/url] "; } else { $db->query("UPDATE users SET jail=0 WHERE userid=$userid"); echo "You have been released from jail. "; echo "[url='admincentre.php']Back[/url] "; } } else if ($_GET['spend'] == 'nohosp') { if ($ir['hospital'] == 0) { echo "You are not in hospital. "; echo "[url='admincentre.php']Back[/url] "; } else { $db->query("UPDATE users SET hospital=0 WHERE userid=$userid"); echo "You have been released from hospital. "; echo "[url='admincentre.php']Back[/url] "; } } } $h->endpage(); ?>