I have a problem in my forum script. I am using a string replace function on my forums to remove any and all HTML. My problem is, it seems to be doing this to BB codes as well.
I am posting the full script as I have no idea where the problem is. If some one could take the time to skim thru my script and find the problem I would be extremely grateful as I have spent hours working on this damn thing.
The main problem is that when I hit enter to go down a line in a forum post it should insert a <br> when adding the post to the database, instead it cuts thru the HTML Still, This shouldn’t happen.
<?php $title = "Forums"; include("header.php");
if ($banned[forums] == 'Yes') {
print "You have been banned from the forums, talk to the admin";
include("footer.php");
exit;
}
$forumsbgc = "#485776;";
?>
<script language="JavaScript" type="text/JavaScript">
function launchForums(){
name=window.open("help.php?help=forums","","width=640,height=480,top=100,left=100,resizable=yes,scrollbars=no,menubar=no,toolbar=no,status=no,location=no")
}
</script>
<script language="JavaScript" type="text/JavaScript">
function sendText(e, text)
{
e.value += text
}
</script>
<?php
// The Topic List
if ($view == 'topics') {
print "<table><b>Topics</b><br><br>";
$tsel = mysql_query("select * from topics order by id asc");
while ($topic = mysql_fetch_array($tsel)) {
$thread_count = mysql_num_rows(mysql_query("select * from threads where in_topic=$topic[id]"));
$reply_count = mysql_num_rows(mysql_query("select * from replies where in_topic=$topic[id]"));
$post_count = ($reply_count + $thread_count);
print "<tr><td><a href=forums.php?threads=$topic[id]>$topic[topic]</a></td></tr>";
print "<tr><td>$topic[info]<br></td></tr>";
print "<tr><td>Threads: $thread_count ---- Total Posts: $post_count<br><br></tr>";
}
print "</table>";
if ($stat[rank] == Admin) {
print "<center><br><br>[<a href=forums.php?topic=start>Add Topic</a>]</center>";
}
}
// Threads
if ($threads) {
print "<table><tr><td width=150><u><b>Topic</td><td width=100><u><b>Starter</td><td width=50><b><u>Replies</td><td><b><u>Last Reply</td></tr>";
$tsel = mysql_query("select * from threads where in_topic=$threads order by last_post_time desc");
while ($thread = mysql_fetch_array($tsel)) {
$userinfo = mysql_fetch_array(mysql_query("select * from players where id=$thread[user_id]"));
$puser = "$userinfo[user]";
$lastreply = "$thread[last_post_user]";
if ($puser == '0') {
$puser = "Deleted";
}
if ($lastreply == '0') {
$lastreply = "Nobody";
}
$replies = mysql_num_rows(mysql_query("select * from replies where thread_id=$thread[id]"));
print "<tr><td><a href=forums.php?posts=$thread[id]>$thread[topic]</a></td><td>$puser</td><td>$replies</td><td>$lastreply</td></tr>";
}
print "</table>";
print "</center><form method=post action=forums.php?action=addthread&in_topic=$threads>";
print "<center>Add Quick Thread:<br><input type=text name=title2 size=31><br><textarea name=body cols=30 rows=3></textarea><br><input type=submit value=\"Add Topic\">
</form>
[<a href=forums.php?action=advthread&in_topic=$threads>Advanced Thread</a>]
</center>";
print "<center>[<a href=forums.php?view=topics>Back To Topics</a>]</center>";
if ($stat[rank] == Admin) {
print "<br><br><center>[<a href=forums.php?view=deletetopic&id=$threads>Delete Topic</a>][<a href=forums.php?view=cleartopic&id=$threads>Clear Topic</a>]</center>";
}
}
// View Post
if ($posts) {
$threadinfo = mysql_fetch_array(mysql_query("select * from threads where id=$posts"));
if (empty ($threadinfo['id'])) {
print "No such thread.";
include("footer.php");
exit;
}
$userinfo = mysql_fetch_array(mysql_query("select * from players where id=$threadinfo[user_id]"));
$puser = "$userinfo[user]";
$posts = "$userinfo[posts]";
$avatar = "$userinfo[avatar]";
if ($puser == '0') {
$puser = "Deleted";
}
if ($posts == '0') {
$posts = "Unknown";
}
print "
<br>
<div align=center>
<table border=1 cellpadding=1 bordercolor=$table_border>
<tr>
<td bgcolor=$forumsbgc rowspan=2 width=20% valign=top><b>$puser</b>
<br><b>Posts:</b> $posts
<br><br>";
if ($avatar != '') {
print "$avatar";
}else{
print "<img src=avatars/none.gif>";
}
print "</td>
<td bgcolor=$forumsbgc valign=top width=100%><b>Subject:</b> $threadinfo[topic]<br><br></td>
</tr>
<tr>
<td bgcolor=$forumsbgc valign=top height=100 width=340>$threadinfo[body]</td>
</tr>
<tr>
<td bgcolor=$forumsbgc colspan=2 align=center><b>Time Posted:</b>$threadinfo[post_time]</td>
</table>
</div>
<br><br>";
$rsel = mysql_query("select * from replies where thread_id=$threadinfo[id] order by id asc");
while ($reply = mysql_fetch_array($rsel)) {
$userinfo = mysql_fetch_array(mysql_query("select * from players where id=$reply[user_id]"));
$puser = "$userinfo[user]";
$posts = "$userinfo[posts]";
$avatar = "$userinfo[avatar]";
if ($puser == '0') {
$puser = "Deleted";
}
if ($posts == '0') {
$posts = "Unknown";
}
print "<div align=center>
<table border=1 bordercolor=$table_border>
<tr>
<td bgcolor=$forumsbgc rowspan=2 width=20% valign=top><b>$puser</b>
<br><b>Posts:</b> $posts
<br><br>";
if ($avatar != '') {
print "$avatar";
}else{
print "<img src=avatars/none.gif>";
}
print "
<td bgcolor=$forumsbgc valign=top height=100 width=340>$reply[body]</td>
</tr>
<tr>
<td bgcolor=$forumsbgc colspan=2 align=center><b>Time Posted:</b>$reply[post_time]</td>
</table>
</div>
<br><br>";
}
if ($threadinfo[locked] != 'Yes') {
print "</center><form method=post action=forums.php?reply=$threadinfo[id]>";
print "<center>Quick Reply:<br><textarea name=rep cols=30 rows=3></textarea><br><input type=submit value=\"Add Reply\"></form>
[<a href=forums.php?action=advreply&replyid=$threadinfo[id]>Advanced Reply</a>]</center>";
print "<center>[<a href=forums.php?threads=$threadinfo[in_topic]>Back</a>]</center>";
} else {
print "<center>Thread Is Locked!</center>";
if ($stat[rank] == Admin) {
print "<center>[<a href=forums.php?view=unlockthread&thread_id=$threadinfo[id]>Un-Lock Thread</a>]</center>";
}
print "<center><br>[<a href=forums.php?threads=$threadinfo[in_topic]>Back</a>]</center>";
}
if ($stat[rank] == Admin) {
print "<center><br><br>[<a href=forums.php?view=deletethread&thread_id=$threadinfo[id]>Delete</a>][<a href=forums.php?view=lockthread&thread_id=$threadinfo[id]>Lock</a>][<a href=forums.php?view=pinthread&thread_id=$threadinfo[id]>Pin</a>]</center>";
}
}
// Advanced Thread maker
if ($action == 'advthread') {
?>
<table>
<td valign="top">Subject:
<p><br>Message:
</p>
<p>
<img name="1" img src="smileys/1.gif" border="0" alt="" onClick="sendText(document.form1.body, ' ')">
<img name="2" img src="smileys/2.gif" border="0" alt="" onClick="sendText(document.form1.body, ' ')">
<img name="3" img src="smileys/3.gif" border="0" alt=":-D" onClick="sendText(document.form1.body, ' :-D ')">
<img name="4" img src="smileys/4.gif" border="0" alt=":-o" onClick="sendText(document.form1.body, ' :-o ')">
<img name="5" img src="smileys/5.gif" border="0" alt=":-P" onClick="sendText(document.form1.body, ' :-P ')">
<img name="6" img src="smileys/6.gif" border="0" alt=";-)" onClick="sendText(document.form1.body, ' ;-) ')">
</p>
</p>
<?php
print "<form name=form1 form method=post action=forums.php?action=addthread&topic=$topic[topic]&in_topic=$in_topic>";
?>
<td><input type=text name=title2 size=30>
<br>
<img name="7" img src="images/bold.gif" border="0" alt="Bold" onClick="sendText(document.form1.body, '[b] [/b]')">
<img name="7" img src="images/italic.gif" border="0" alt="Italic" onClick="sendText(document.form1.body, '[i] [/i]')">
<img name="7" img src="images/underline.gif" border="0" alt="Underline" onClick="sendText(document.form1.body, '[u] [/u]')">
<img name="7" img src="images/strikethrough.gif" border="0" alt="Strikethrough" onClick="sendText(document.form1.body, '[s] [/s]')">
<textarea name=body cols=60% rows=15></textarea></p>
<p><center><input type=submit value="Add Thread"></center>
</table>
<?php
}
// Add Thread
if ($action == 'addthread') {
$date = date("F j Y h:i a");
$c = explode(" ",$body);
$body = str_replace("", '<img src="images/smileys/1.gif">',$body);
$body = str_replace(":-)", '<img src="images/smileys/1.gif">',$body);
$body = str_replace("", '<img src="images/smileys/2.gif">',$body);
$body = str_replace(":-(", '<img src="images/smileys/2.gif">',$body);
$body = str_replace("", '<img src="images/smileys/3.gif">',$body);
$body = str_replace(":-D", '<img src="images/smileys/3.gif">',$body);
$body = str_replace("", '<img src="images/smileys/4.gif">',$body);
$body = str_replace(":-o", '<img src="images/smileys/4.gif">',$body);
$body = str_replace("", '<img src="images/smileys/5.gif">',$body);
$body = str_replace("", '<img src="images/smileys/5.gif">',$body);
$body = str_replace(":-p", '<img src="images/smileys/5.gif">',$body);
$body = str_replace(":-P", '<img src="images/smileys/5.gif">',$body);
$body = str_replace("", '<img src="images/smileys/6.gif">',$body);
$body = str_replace(";-)", '<img src="images/smileys/6.gif">',$body);
$body = str_replace("[b]","<b>",$body);
$body = str_replace("[u]","<u>",$body);
$body = str_replace("[i]","<i>",$body);
$body = str_replace("[s]","<s>",$body);
$body = str_replace("[red]","<font style=\"color: FF0000;\">",$body);
$body = str_replace("[blue]","<font style=\"color: 0000FF;\">",$body);
$body = str_replace("[green]","<font style=\"color: 00FF00;\">",$body);
$body = str_replace("[yellow]","<font style=\"color: FFFF00;\">",$body);
$body = str_replace("[/red]","</font>",$body);
$body = str_replace("[/blue]","</font>",$body);
$body = str_replace("[/green]","</font>",$body);
$body = str_replace("[/yellow]","</font>",$body);
$body = str_replace("[/b]","</b>",$body);
$body = str_replace("[/u]","</u>",$body);
$body = str_replace("[/i]","</i>",$body);
$body = str_replace("[/s]","</s>",$body);
$body = nl2br($body);
$title2 = str_replace($remove_these, "", "$title2");
$body = str_replace($remove_these, "", "$body");
$title2 = htmlspecialchars($title2);
$body = htmlspecialchars($body);
if (empty ($title2) || empty ($body)) {
print "You must fill all fields.";
include("footer.php");
exit;
}
if ($in_topic == '') {
print "Could not add Thread";
}else{
$posts = $stat[posts] + 1;
mysql_query("update players set posts='$posts' where id=$stat[id]");
mysql_query("insert into threads (user_id, topic, body, in_topic, post_time, last_post_time) values('$stat[id]', '$title2', '$body</b></u></i></s></font>', '$in_topic', ' $date', '$ctime')") or die("Could not add Thread.");
print "<center>Added Thread.<br><br>
Back to <a href=forums.php?threads=$in_topic>Threads</a>.
<br>Back to <a href=forums.php?view=topics>Topics</a>.</center>";
}
}
// Advanced Reply thingy
if ($action == 'advreply') {
?>
<table>
<td valign="top">
<p><br><br>Message:
<br><br>
<img name="1" img src="smileys/1.gif" border="0" alt="" onClick="sendText(document.form1.rep, ' ')">
<img name="2" img src="smileys/2.gif" border="0" alt="" onClick="sendText(document.form1.rep, ' ')">
<img name="3" img src="smileys/3.gif" border="0" alt=":-D" onClick="sendText(document.form1.rep, ' :-D ')">
<br><img name="4" img src="smileys/4.gif" border="0" alt=":-o" onClick="sendText(document.form1.rep, ' :-o ')">
<img name="5" img src="smileys/5.gif" border="0" alt=":-P" onClick="sendText(document.form1.rep, ' :-P ')">
<img name="6" img src="smileys/6.gif" border="0" alt=";-)" onClick="sendText(document.form1.rep, ' ;-) ')">
</p>
</p>
<?php
print "<form name=form1 form method=post action=forums.php?reply=$replyid>";
?>
<td>
<img name="7" img src="images/bold.gif" border="0" alt="Bold" onClick="sendText(document.form1.rep, '[b] [/b]')">
<img name="7" img src="images/italic.gif" border="0" alt="Italic" onClick="sendText(document.form1.rep, '[i] [/i]')">
<img name="7" img src="images/underline.gif" border="0" alt="Underline" onClick="sendText(document.form1.rep, '[u] [/u]')">
<img name="7" img src="images/strikethrough.gif" border="0" alt="Strikethrough" onClick="sendText(document.form1.rep, '[s] [/s]')">
<textarea name=rep cols=60% rows=15></textarea></p>
<p><center><input type=submit value="Add Post"></center>
</table>
<?php
}
// Add Reply
if ($reply) {
$date = date("F j Y h:i a");
$threadinfo = mysql_fetch_array(mysql_query("select * from threads where id=$reply"));
$exists = mysql_num_rows(mysql_query("select * from threads where id=$reply"));
if ($threadinfo[locked] == 'Yes') {
print "Thread Is Locked!";
} else {
$rep = str_replace($remove_these, "", "$rep");
$rep = htmlspecialchars($rep);
$rep = nl2br($rep);
$smileys = array(
'' => '1.gif',
':-)' => '1.gif',
'' => '2.gif',
':-(' => '2.gif',
'' => '3.gif',
':-D' => '3.gif',
'' => '4.gif',
':-o' => '4.gif',
'' => '5.gif',
'' => '5.gif',
':-p' => '5.gif',
':-P' => '5.gif',
'' => '6.gif',
';-)' => '6.gif');
foreach($smileys as $smiley=>$image) {
$rep = str_replace($smiley, '<img src="smileys/'.$image.'">',$rep);
}
$c = explode(" ",$rep);
$rep = str_replace("[b]","<b>",$rep);
$rep = str_replace("[u]","<u>",$rep);
$rep = str_replace("[i]","<i>",$rep);
$rep = str_replace("[s]","<s>",$rep);
$rep = str_replace("[red]","<font style=\"color: FF0000;\">",$rep);
$rep = str_replace("[blue]","<font style=\"color: 0000FF;\">",$rep);
$rep = str_replace("[green]","<font style=\"color: 00FF00;\">",$rep);
$rep = str_replace("[yellow]","<font style=\"color: FFFF00;\">",$rep);
$rep = str_replace("[/red]","</font>",$rep);
$rep = str_replace("[/blue]","</font>",$rep);
$rep = str_replace("[/green]","</font>",$rep);
$rep = str_replace("[/yellow]","</font>",$rep);
$rep = str_replace("[/b]","</b>",$rep);
$rep = str_replace("[/u]","</u>",$rep);
$rep = str_replace("[/i]","</i>",$rep);
$rep = str_replace("[/s]","</s>",$rep);
if ($exists <= 0) {
print "No such topic.";
include("footer.php");
exit;
}
if (empty ($rep)) {
print "You must fill out all fields.";
include("footer.php");
exit;
}
$posts = $stat[posts] + 1;
mysql_query("update players set posts='$posts' where id=$stat[id]");
mysql_query("update threads set last_post_time='$ctime' where id='$reply'");
mysql_query("update threads set last_post_user='$stat[user]' where id='$reply'");
mysql_query("insert into replies (user_id, thread_id, body, post_time, in_topic) values('$stat[id]', '$reply', '$rep</b></u></i></s></font>', ' $date', '$threadinfo[in_topic]')") or die("Could not add reply.");
print "<center>Reply added.<br><br>
Back to <a href=forums.php?posts=$reply>Post</a>.
<br>Back to <a href=forums.php?threads=$threadinfo[in_topic]>Threads</a>.</center>";
}
}
//Topic Maker
if ($topic == 'start') {
if ($stat[rank] != Admin) {
print "You're not an admin.";
include("footer.php");
exit;
}
?>
<table>
<td valign="top">Topic:
<p><br>Info:
<?php
print "<form name=form1 form method=post action=forums.php?topic=addtopic>";
?>
<td><input type=text name=topic_name size=30>
<br>
<img name="7" img src="images/bold.gif" border="0" alt="Bold" onClick="sendText(document.form1.topic_info, '[b] [/b]')">
<img name="7" img src="images/italic.gif" border="0" alt="Italic" onClick="sendText(document.form1.topic_info, '[i] [/i]')">
<img name="7" img src="images/underline.gif" border="0" alt="Underline" onClick="sendText(document.form1.topic_info, '[u] [/u]')">
<img name="7" img src="images/strikethrough.gif" border="0" alt="Strikethrough" onClick="sendText(document.form1.topic_info, '[s] [/s]')">
<textarea name=topic_info cols=80% rows=15></textarea></p>
<p><center><input type=submit value="Add Topic"></center>
</table>
<?php
}
//Add Topic
if ($topic == 'addtopic') {
if ($stat[rank] != Admin) {
print "You're not an admin.";
include("footer.php");
exit;
}
$topic_name = str_replace($remove_these, "", "$topic_name");
$topic_info = str_replace($remove_these, "", "$topic_info");
$topic_name = htmlspecialchars($topic_name);
$topic_info = htmlspecialchars($topic_info);
$c = explode(" ",$topic_name);
$topic_info = str_replace("[b]","<b>",$topic_info);
$topic_info = str_replace("[u]","<u>",$topic_info);
$topic_info = str_replace("[i]","<i>",$topic_info);
$topic_info = str_replace("[s]","<s>",$topic_info);
$topic_info = str_replace("[/b]","</b>",$topic_info);
$topic_info = str_replace("[/u]","</u>",$topic_info);
$topic_info = str_replace("[/i]","</i>",$topic_info);
$topic_info = str_replace("[/s]","</s>",$topic_info);
if (empty ($topic_name) || empty ($topic_info)) {
print "You must fill out all fields.";
include("footer.php");
exit;
}
mysql_query("insert into topics (topic, info) values('$topic_name</b></u></i></s>', '$topic_info</b></u></i></s>')") or die("Could not add reply.");
print "<center>Topic added.<br><br>
<br>Back to <a href=forums.php?view=topics>Threads</a>.</center>";
}
//Remove Topic
if ($view == 'deletetopic') {
$topic = mysql_fetch_array(mysql_query("select * from topics where id=$id"));
if ($stat[rank] != Admin) {
print "You're not an admin.";
include("footer.php");
exit;
}
if (empty ($topic[id])) {
print "No such Topic.";
include("footer.php");
exit;
}
mysql_query("delete from replies where thread_id=$id");
mysql_query("delete from threads where in_topic=$id");
mysql_query("delete from topics where id=$id");
print "<center>Topic Deleted<br><br>
Back to <a href=forums.php?view=topics>Topics</a>.</center>
";
}
// Clear Topic
if ($view == 'cleartopic') {
$topic = mysql_fetch_array(mysql_query("select * from topics where id=$id"));
if ($stat[rank] != Admin) {
print "You're not an admin.";
include("footer.php");
exit;
}
if (empty ($topic[id])) {
print "No such Topic.";
include("footer.php");
exit;
}
mysql_query("delete from replies where topic=$id");
mysql_query("delete from threads where in_topic=$id");
print "<center>Topic Cleared<br><br>
Back to <a href=forums.php?threads=$id>Threads</a>.
<br>Back to <a href=forums.php?view=topics>Topics</a>.</center>
";
}
//Remove Thread
if ($view == 'deletethread') {
$thread = mysql_fetch_array(mysql_query("select * from threads where id=$thread_id"));
if ($stat[rank] != Admin) {
print "You're not an admin.";
include("footer.php");
exit;
}
if (empty ($thread[id])) {
print "No such Thread.";
include("footer.php");
exit;
}
mysql_query("delete from replies where thread_id=$thread[id]");
mysql_query("delete from threads where id=$thread[id]");
print "<center>Thread Deleted<br><br>
Back to <a href=forums.php?threads=$thread[in_topic]>Threads</a>.
<br>Back to <a href=forums.php?view=topics>Topics</a>.</center>
";
}
//Lock Thread
if ($view == 'lockthread') {
$thread = mysql_fetch_array(mysql_query("select * from threads where id=$thread_id"));
if ($stat[rank] != Admin) {
print "You're not an admin.";
include("footer.php");
exit;
}
if (empty ($thread[id])) {
print "No such Thread.";
include("footer.php");
exit;
}
mysql_query("update threads set locked='Yes' where id=$thread[id]");
print "<center>The thread has been Locked<br><br>
Back to <a href=forums.php?posts=$thread[id]>Post</a>.
<br>Back to <a href=forums.php?threads=$thread[in_topic]>Threads</a>.</center>
";
}
//Un-Lock Thread
if ($view == 'unlockthread') {
$thread = mysql_fetch_array(mysql_query("select * from threads where id=$thread_id"));
if ($stat[rank] != Admin) {
print "You're not an admin.";
include("footer.php");
exit;
}
if (empty ($thread[id])) {
print "No such Thread.";
include("footer.php");
exit;
}
mysql_query("update threads set locked='No' where id=$thread[id]");
print "<center>The thread has been Un-Locked<br><br>
Back to <a href=forums.php?posts=$thread[id]>Post</a>.
<br>Back to <a href=forums.php?threads=$thread[in_topic]>Threads</a>.</center>
";
}
//Pin Thread
if ($view == 'pinthread') {
$thread = mysql_fetch_array(mysql_query("select * from threads where id=$thread_id"));
if ($stat[rank] != Admin) {
print "You're not an admin.";
include("footer.php");
exit;
}
if (empty ($thread[id])) {
print "No such Thread.";
include("footer.php");
exit;
}
mysql_query("update threads set last_post_time='9999999999' where id=$thread[id]");
print "<center>The Thread has been Pinned<br><br>
Back to <a href=forums.php?posts=$thread[id]>Post</a>.
<br>Back to <a href=forums.php?threads=$thread[in_topic]>Threads</a>.</center>
";
}
?>
<center>[<a href="javascript:launchForums()">Help</a>]</center>
<?php
include("footer.php");
?>