<?
// Wriiten by Spike^ekipS <spike@spikeekips.net>

include_once "./setting.php";

include_once $global["root"] . "/include/handle.php";
include_once $global["root"] . "/include/print_array.php";

include_once $global["root"] . "/lib/MySQLdb.php";
include_once $global["root"] . "/lib/Payload.php";
include_once $global["root"] . "/lib/Site.php";
include_once $global["root"] . "/lib/Image.php";
include_once $global["root"] . "/lib/Forum.php";

$Site = new Site;
$Site->init("forum", "_GET");

include_once $global["root"] . "/lang/" . $_SESSION["config_lang"] . ".php";

extract($_POST);

/*
echo print_array($_POST);
exit;
*/

if (! $_SESSION["config_id"] and trim($_POST["user_name"]) == "") {
	$_SESSION["tmp"]["msg"]["content"] = $string["error19"];
	goprev();
}

if (trim($_POST["user_content"]) == "") {
	$_SESSION["tmp"]["msg"]["content"] = $string["error17"];
	goprev();
}

$Forum = new Forum($_POST["id"]);
$info = $Forum->info($_POST["no"]);

# password check.
if (! $info["id"] and ! $info["password"]) {
	$_SESSION["tmp"]["msg"]["content"] = "1" . $string["error21"];
	goprev();
} elseif ($info["id"] and ($_SESSION["config_id"] != $info["id"])) {
	$_SESSION["tmp"]["msg"]["content"] = "2" . $string["error21"];
	goprev();
} elseif ($info["password"] and ! $_POST["user_password"]) {
	$_SESSION["tmp"]["msg"]["content"] = "3" . $string["error21"];
	goprev();
} elseif ($info["password"] != sha1($_POST["user_password"])) {
	$_SESSION["tmp"]["msg"]["content"] = "4" . $string["error21"];
	goprev();
}

$retval = true;

// payload handleing
if ($_FILES["user_payload"]["size"] > 0) {
	$Payload = new Payload_Forum($_POST["id"]);
	$retval = $Payload->insert();

	/////////////////////////////////// remove old payload
	$o_payload = $Site->DB->fetch_one(
		sprintf(
			"select payload from forum_%s where no = %s",
			$_POST["id"],
			$_POST["no"]
		)
	);

	$payload_org_filename = sprintf("%s/forum/%s/%s",
		$global["data"], $_POST["id"], $o_payload["payload"]);

	if (file_exists($payload_org_filename)) {
		unlink($payload_org_filename);
	}

	/////////////////////////////////// make thumbnail
	if ($retval) {
		$is_payloaded = true;

		if (eregi("^image", $Payload->header)) {

			$org_filename = sprintf("%s/forum/%s/%s",
				$global["data"], $_POST["id"], $Payload->storedFilename);

			$thumb_filename = $org_filename . "_s";
			$Image = new Image($org_filename);
			$type = $Image->info["mime"];

			$Image->thumbnail(350,"", $thumb_filename);
		}
	}
	///////////////////////////////////////////////////
}

if ($retval) {

	// data handling
	if ($_SESSION["user_authenticated"]) {

		// make query.
		while (list($i, $j) = each($_POST)) {
			if (! ereg("^user_", $i)) continue;
			if (ereg("^user_password$", $i)) continue;

			$key = ereg_replace("^user_","", $i);
			$a[] = sprintf("%s = '%s'", $key, escape_string($j));
		}

		// etc values
		$a[] = sprintf("ip_address = '%s'", $_SERVER["REMOTE_ADDR"]);
		$a[] = sprintf("date = '%s'", mktime());

		if ($is_payloaded) {
			$a[] = sprintf("payload = '%s'", $Payload->storedFilename);
			$a[] = sprintf("payload_header = '%s'", $Payload->header);
		}

		$added_query = implode(", \n", $a);

	} else {
		// make query.
		while (list($i, $j) = each($_POST)) {
			if (ereg("user_name", $i)) continue;
			if (ereg("^user_password$", $i)) continue;
			if (! ereg("^user_", $i)) continue;

			$key = ereg_replace("^user_","", $i);
			$a[] = sprintf("%s = '%s'", $key, escape_string($j));
		}

		$a[] = sprintf("password = '%s'", sha1($_POST["user_password"]));
		$a[] = sprintf("username = '%s'", escape_string($_POST["user_name"]));

		// etc values
		$a[] = sprintf("ip_address = '%s'", $_SERVER["REMOTE_ADDR"]);
		$a[] = sprintf("date = '%s'", mktime());

		if ($is_payloaded) {
			$a[] = sprintf("payload = '%s'", $Payload->storedFilename);
			$a[] = sprintf("payload_header = '%s'", escape_string($Payload->header));
		}

		$added_query = implode(", \n", $a);
	}

	$Site->DB->transaction_start(true);
	$Site->DB->query(
		sprintf(
			"update forum_%s set %s where no = %s",
				$_POST["id"],
				$added_query,
				$_POST["no"]
		)
	);

	$retval = $Site->DB->retval;
	$Site->DB->close();
}

if ($retval) {

	$url = "Location: " . $_SESSION["user_forum_url"] .
		"/forum?mode=forum_list&pg=0&id=". $_POST["id"];

	$Site->end1();

	Header($url);
	exit;
} else {
	$Site->end1();

	goprev();
}

?>
