| [Top level directory] [Classes] [Functions] [Constants] [Variables] |
XMB Open Source Forum Software - PHP Cross Reference |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * eXtreme Message Board 4 * XMB 1.9.11 5 * 6 * Developed And Maintained By The XMB Group 7 * Copyright (c) 2001-2010, The XMB Group 8 * http://www.xmbforum.com 9 * 10 * Sponsored By iEntry, Inc. 11 * http://www.ientry.com 12 * 13 * This program is free software; you can redistribute it and/or 14 * modify it under the terms of the GNU General Public License 15 * as published by the Free Software Foundation; either version 2 16 * of the License, or (at your option) any later version. 17 * 18 * This program is distributed in the hope that it will be useful, 19 * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 * GNU General Public License for more details. 22 * 23 * You should have received a copy of the GNU General Public License 24 * along with this program. If not, see <http://www.gnu.org/licenses/>. 25 * 26 **/ 27 28 define('X_SCRIPT', 'post.php'); 29 30 require 'header.php'; 31 32 header('X-Robots-Tag: noindex'); 33 34 loadtemplates( 35 'post_captcha', 36 'post_notloggedin', 37 'post_loggedin', 38 'post_preview', 39 'post_attachment_orphan', 40 'post_attachmentbox', 41 'post_newthread', 42 'post_reply_review_toolong', 43 'post_reply_review_post', 44 'post_reply', 45 'post_edit', 46 'functions_smilieinsert', 47 'functions_smilieinsert_smilie', 48 'functions_bbcodeinsert', 49 'forumdisplay_password', 50 'functions_bbcode', 51 'post_newpoll', 52 'post_edit_attachment', 53 'viewthread_post_attachmentthumb', 54 'viewthread_post_attachmentimage', 55 'viewthread_post_attachment', 56 'viewthread_post_nosig', 57 'viewthread_post_sig' 58 ); 59 60 eval('$css = "'.template('css').'";'); 61 62 if (X_GUEST) { 63 eval('$loggedin = "'.template('post_notloggedin').'";'); 64 } else { 65 eval('$loggedin = "'.template('post_loggedin').'";'); 66 } 67 68 if ($self['ban'] == "posts" || $self['ban'] == "both") { 69 error($lang['textbanfrompost']); 70 } 71 72 //Validate $pid, $tid, $fid, and $repquote 73 $fid = -1; 74 $tid = -1; 75 $pid = -1; 76 $repquote = -1; 77 if ($action == 'edit') { 78 $pid = getRequestInt('pid'); 79 $query = $db->query("SELECT f.*, t.tid FROM ".X_PREFIX."posts AS p LEFT JOIN ".X_PREFIX."threads AS t USING (tid) LEFT JOIN ".X_PREFIX."forums AS f ON f.fid=t.fid WHERE p.pid=$pid"); 80 if ($db->num_rows($query) != 1) { 81 header('HTTP/1.0 404 Not Found'); 82 error($lang['textnothread']); 83 } 84 $forum = $db->fetch_array($query); 85 $db->free_result($query); 86 $fid = $forum['fid']; 87 $tid = $forum['tid']; 88 } else if ($action == 'reply') { 89 $tid = getRequestInt('tid'); 90 $repquote = getInt('repquote'); 91 $query = $db->query("SELECT f.* FROM ".X_PREFIX."threads AS t LEFT JOIN ".X_PREFIX."forums AS f USING (fid) WHERE t.tid=$tid"); 92 if ($db->num_rows($query) != 1) { 93 header('HTTP/1.0 404 Not Found'); 94 error($lang['textnothread']); 95 } 96 $forum = $db->fetch_array($query); 97 $db->free_result($query); 98 $fid = $forum['fid']; 99 } else if ($action == 'newthread') { 100 $fid = getRequestInt('fid'); 101 $forum = getForum($fid); 102 if ($forum === FALSE) { 103 header('HTTP/1.0 404 Not Found'); 104 error($lang['textnoforum']); 105 } 106 } else { 107 header('HTTP/1.0 404 Not Found'); 108 error($lang['textnoaction']); 109 } 110 111 if (($forum['type'] != 'forum' && $forum['type'] != 'sub') || $forum['status'] != 'on') { 112 header('HTTP/1.0 404 Not Found'); 113 error($lang['textnoforum']); 114 } 115 116 smcwcache(); 117 118 if ($tid > 0) { 119 $query = $db->query("SELECT * FROM ".X_PREFIX."threads WHERE tid=$tid"); 120 if ($db->num_rows($query) != 1) { 121 header('HTTP/1.0 404 Not Found'); 122 error($lang['textnothread']); 123 } 124 $thread = $db->fetch_array($query); 125 $db->free_result($query); 126 $threadname = rawHTMLsubject(stripslashes($thread['subject'])); 127 } else { 128 $thread = array(); 129 $threadname = ''; 130 } 131 132 //Warning! These variables are used for template output. 133 $attachfile = ''; 134 $attachment = ''; 135 $captchapostcheck = ''; 136 $dissubject = ''; 137 $errors = ''; 138 $imghash = ''; 139 $message = ''; 140 $message1 = ''; 141 $postinfo = array(); 142 $preview = ''; 143 $spelling_lang = ''; 144 $spelling_submit1 = ''; 145 $spelling_submit2 = ''; 146 $subject = ''; 147 $suggestions = ''; 148 if (X_GUEST) { 149 $username = 'Anonymous'; 150 } else { 151 $username = $xmbuser; 152 } 153 154 validatePpp(); 155 156 $poll = postedVar('poll', '', FALSE, FALSE, FALSE, 'g'); 157 if ($poll != 'yes') { 158 $poll = ''; 159 } 160 161 // check permissions on this forum (and top forum if it's a sub?) 162 $perms = checkForumPermissions($forum); 163 if (!$perms[X_PERMS_VIEW]) { 164 if (X_GUEST) { 165 redirect("{$full_url}misc.php?action=login", 0); 166 exit; 167 } else { 168 error($lang['privforummsg']); 169 } 170 } else if (!$perms[X_PERMS_PASSWORD]) { 171 handlePasswordDialog($fid); 172 } 173 174 // check posting permissions specifically 175 if ($action == 'newthread') { 176 if (($poll == '' && !$perms[X_PERMS_THREAD]) || ($poll == 'yes' && !$perms[X_PERMS_POLL])) { 177 if (X_GUEST) { 178 redirect("{$full_url}misc.php?action=login", 0); 179 exit; 180 } else { 181 error($lang['textnoaction']); 182 } 183 } 184 } else if ($action == 'reply') { 185 if (!$perms[X_PERMS_REPLY]) { 186 if (X_GUEST) { 187 redirect("{$full_url}misc.php?action=login", 0); 188 exit; 189 } else { 190 error($lang['textnoaction']); 191 } 192 } 193 } else if ($action == 'edit') { 194 // let's allow edits for now, we'll check for permissions later on in the script (due to need for $orig['author']) 195 } else { 196 error($lang['textnoaction']); 197 } 198 199 $fup = array(); 200 if ($forum['type'] == 'sub') { 201 $fup = getForum($forum['fup']); 202 // prevent access to subforum when upper forum can't be viewed. 203 $fupPerms = checkForumPermissions($fup); 204 if (!$fupPerms[X_PERMS_VIEW]) { 205 if (X_GUEST) { 206 redirect("{$full_url}misc.php?action=login", 0); 207 exit; 208 } else { 209 error($lang['privforummsg']); 210 } 211 } else if (!$fupPerms[X_PERMS_PASSWORD]) { 212 error($lang['privforummsg']); // do not show password-dialog here; it makes the situation too complicated 213 } else if ($fup['fup'] > 0) { 214 $fupup = getForum($fup['fup']); 215 nav('<a href="index.php?gid='.$fup['fup'].'">'.fnameOut($fupup['name']).'</a>'); 216 unset($fupup); 217 } 218 nav('<a href="forumdisplay.php?fid='.$fup['fid'].'">'.fnameOut($fup['name']).'</a>'); 219 } else if ($forum['fup'] > 0) { // 'forum' in a 'group' 220 $fup = getForum($forum['fup']); 221 nav('<a href="index.php?gid='.$fup['fid'].'">'.fnameOut($fup['name']).'</a>'); 222 } 223 nav('<a href="forumdisplay.php?fid='.$fid.'">'.fnameOut($forum['name']).'</a>'); 224 225 // Search-link 226 $searchlink = makeSearchLink($forum['fid']); 227 228 if (!ini_get('file_uploads')) { 229 $forum['attachstatus'] = 'off'; 230 } elseif ($forum['attachstatus'] == 'on') { 231 require 'include/attach.inc.php'; 232 $attachlimits = ' '.$lang['attachmaxsize'].' '.getSizeFormatted($SETTINGS['maxattachsize']).'. '.$lang['attachmaxdims'].' '.$SETTINGS['max_image_size'].'.'; 233 } 234 235 $posticon = postedVar('posticon', 'javascript', TRUE, TRUE, TRUE); 236 if (!isValidFilename($posticon)) { 237 $posticon = ''; 238 } elseif (!file_exists($smdir.'/'.$posticon)) { 239 $posticon = ''; 240 } 241 242 $listed_icons = 0; 243 $icons = '<input type="radio" name="posticon" value="" /> <img src="'.$imgdir.'/default_icon.gif" alt="[*]" border="0" />'; 244 $querysmilie = $db->query("SELECT url, code FROM ".X_PREFIX."smilies WHERE type='picon'"); 245 while($smilie = $db->fetch_array($querysmilie)) { 246 $icons .= ' <input type="radio" name="posticon" value="'.$smilie['url'].'" /><img src="'.$smdir.'/'.$smilie['url'].'" alt="'.$smilie['code'].'" border="0" />'; 247 $listed_icons++; 248 if ($listed_icons == 9) { 249 $icons .= '<br />'; 250 $listed_icons = 0; 251 } 252 } 253 $db->free_result($querysmilie); 254 255 if ($action != 'edit') { 256 $icons = str_replace('<input type="radio" name="posticon" value="'.$posticon.'" />', '<input type="radio" name="posticon" value="'.$posticon.'" checked="checked" />', $icons); 257 258 if (X_GUEST && $SETTINGS['captcha_status'] == 'on' && $SETTINGS['captcha_post_status'] == 'on' && !DEBUG) { 259 require ROOT.'include/captcha.inc.php'; 260 } 261 } 262 263 $allowimgcode = ($forum['allowimgcode'] == 'yes' And $forum['allowbbcode'] == 'yes') ? $lang['texton'] : $lang['textoff']; 264 $allowhtml = ($forum['allowhtml'] == 'yes') ? $lang['texton'] : $lang['textoff']; 265 $allowsmilies = ($forum['allowsmilies'] == 'yes') ? $lang['texton'] : $lang['textoff']; 266 $allowbbcode = ($forum['allowbbcode'] == 'yes') ? $lang['texton'] : $lang['textoff']; 267 268 if (isset($smileyoff) && $smileyoff == 'yes') { 269 $smileoffcheck = $cheHTML; 270 } else { 271 $smileoffcheck = ''; 272 $smileyoff = 'no'; 273 } 274 275 if (isset($bbcodeoff) && $bbcodeoff == 'yes') { 276 $codeoffcheck = $cheHTML; 277 } else { 278 $codeoffcheck = ''; 279 $bbcodeoff = 'no'; 280 } 281 282 if (isset($emailnotify) && $emailnotify == 'yes') { 283 $emailnotifycheck = $cheHTML; 284 } else { 285 $emailnotifycheck = ''; 286 $emailnotify = 'no'; 287 } 288 289 // New bool vars to clear up the confusion about effective settings. 290 $bBBcodeInserterEnabled = ($SETTINGS['bbinsert'] == 'on' And $forum['allowbbcode'] == 'yes'); 291 $bBBcodeOnForThisPost = ($forum['allowbbcode'] == 'yes' And $bbcodeoff == 'no'); 292 $bIMGcodeOnForThisPost = ($bBBcodeOnForThisPost And $forum['allowimgcode'] == 'yes'); 293 $bSmilieInserterEnabled = ($SETTINGS['smileyinsert'] == 'on' And $forum['allowsmilies'] == 'yes'); 294 $bSmiliesOnForThisPost = ($forum['allowsmilies'] == 'yes' And $smileyoff == 'no'); 295 296 if (isset($subaction) && $subaction == 'spellcheck' && (isset($spellchecksubmit) || isset($updates_submit))) { 297 $sc = TRUE; 298 } else { 299 $sc = FALSE; 300 } 301 302 if (!(isset($usesig) && $usesig == 'yes')) { 303 $usesig = 'no'; 304 } 305 306 if ((isset($previewpost) || $sc) && $usesig == 'yes') { 307 $usesigcheck = $cheHTML; 308 } else if (isset($previewpost) || $sc) { 309 $usesigcheck = ''; 310 } else if ($self['sig'] != '') { 311 $usesigcheck = $cheHTML; 312 } else { 313 $usesigcheck = ''; 314 } 315 316 if (X_STAFF) { 317 if (isset($toptopic) && $toptopic == 'yes') { 318 $topcheck = $cheHTML; 319 } else { 320 $topcheck = ''; 321 $toptopic = 'no'; 322 } 323 324 if (isset($closetopic) && $closetopic == 'yes') { 325 $closecheck = $cheHTML; 326 } else { 327 $closecheck = ''; 328 $closetopic = 'no'; 329 } 330 } else { 331 $topcheck = ''; 332 $closecheck = ''; 333 } 334 335 $messageinput = postedVar('message', '', TRUE, FALSE); //postify() is responsible for DECODING if html is allowed. 336 337 if ($SETTINGS['spellcheck'] == 'on') { 338 $spelling_submit1 = '<input type="hidden" name="subaction" value="spellcheck" /><input type="submit" class="submit" name="spellchecksubmit" value="'.$lang['checkspelling'].'" />'; 339 $spelling_lang = '<select name="language"><option value="en" selected="selected">English</option></select>'; 340 if ($sc) { 341 if (isset($language) && !isset($updates_submit)) { 342 require ROOT.'include/spelling.inc.php'; 343 $spelling = new spelling($language); 344 $problems = $spelling->check_text(postedVar('message', '', FALSE, FALSE)); //Use raw value so we're not checking entity names. 345 if (count($problems) > 0) { 346 $suggest = array(); 347 foreach($problems as $raworig=>$new) { 348 $orig = cdataOut($raworig); 349 $mistake = array(); 350 foreach($new as $rawsuggestion) { 351 $suggestion = attrOut($rawsuggestion); 352 eval('$mistake[] = "'.template('spelling_suggestion_new').'";'); 353 } 354 $mistake = implode("\n", $mistake); 355 eval('$suggest[] = "'.template('spelling_suggestion_row').'";'); 356 } 357 $suggestions = implode("\n", $suggest); 358 eval('$suggestions = "'.template('spelling_suggestion').'";'); 359 $spelling_submit2 = '<input type="submit" class="submit" name="updates_submit" value="'.$lang['replace'].'" />'; 360 } else { 361 eval('$suggestions = "'.template('spelling_suggestion_no').'";'); 362 } 363 } else { 364 $old_words = postedArray('old_words', 'string', '', TRUE, FALSE); 365 foreach($old_words as $word) { 366 $replacement = postedVar('replace_'.$word, '', TRUE, FALSE); 367 $messageinput = str_replace($word, $replacement, $messageinput); 368 } 369 } 370 } 371 } 372 373 $bbcodeinsert = ''; 374 $bbcodescript = ''; 375 $moresmilies = ''; 376 $smilieinsert = ''; 377 if ($bBBcodeInserterEnabled Or $bSmilieInserterEnabled) { 378 eval('$bbcodescript = "'.template('functions_bbcode').'";'); 379 if ($bBBcodeInserterEnabled) { 380 eval('$bbcodeinsert = "'.template('functions_bbcodeinsert').'";'); // Uses $spelling_lang 381 } 382 if ($bSmilieInserterEnabled) { 383 $smilieinsert = smilieinsert(); 384 $moresmilies = "<a href=\"misc.php?action=smilies\" onclick=\"Popup(this.href, 'Window', 175, 250); return false;\">[{$lang['moresmilies']}]</a>"; 385 } 386 } 387 388 switch($action) { 389 case 'reply': 390 nav('<a href="viewthread.php?tid='.$tid.'">'.$threadname.'</a>'); 391 nav($lang['textreply']); 392 393 if ($SETTINGS['subject_in_title'] == 'on') { 394 $threadSubject = '- '.$threadname; 395 } 396 397 eval('$header = "'.template('header').'";'); 398 399 $replyvalid = onSubmit('replysubmit'); // This new flag will indicate a message was submitted and successful. 400 401 if ($forum['attachstatus'] == 'on' And $username != 'Anonymous') { 402 for ($i=1; $i<=$SETTINGS['filesperpost']; $i++) { 403 if (isset($_FILES['attach'.$i])) { 404 $result = attachUploadedFile('attach'.$i); 405 if ($result < 0 And $result != X_EMPTY_UPLOAD) { 406 $errors .= softerror($attachmentErrors[$result]); 407 $replyvalid = FALSE; 408 } 409 } 410 } 411 $result = doAttachmentEdits($deletes); 412 if ($result < 0) { 413 $errors .= softerror($attachmentErrors[$result]); 414 $replyvalid = FALSE; 415 } 416 foreach($deletes as $aid) { 417 $messageinput = str_replace("[file]{$aid}[/file]", '', $messageinput); 418 } 419 if ($SETTINGS['attach_remote_images'] == 'on' And $bIMGcodeOnForThisPost) { 420 $result = extractRemoteImages(0, $messageinput); 421 if ($result < 0) { 422 $errors .= softerror($attachmentErrors[$result]); 423 $replyvalid = FALSE; 424 } 425 } 426 $attachSkipped = FALSE; 427 } else { 428 $attachSkipped = TRUE; 429 } 430 431 //Check all replying permissions for this $tid. 432 if (!X_SADMIN And $thread['closed'] != '') { 433 if ($replyvalid) { 434 $errors .= softerror($lang['closedmsg']); 435 } else { 436 error($lang['closedmsg']); 437 } 438 $replyvalid = FALSE; 439 } 440 441 if ($replyvalid) { 442 if (X_GUEST) { // Anonymous posting is allowed, and was checked in forum perms at top of file. 443 $password = ''; 444 if (strlen(postedVar('username')) > 0 And isset($_POST['password'])) { 445 if (loginUser(postedVar('username'), md5($_POST['password']))) { 446 if ($self['status'] == "Banned") { 447 $errors .= softerror($lang['bannedmessage']); 448 $replyvalid = FALSE; 449 } else if ($self['ban'] == "posts" || $self['ban'] == "both") { 450 $errors .= softerror($lang['textbanfrompost']); 451 $replyvalid = FALSE; 452 } else { 453 $username = $xmbuser; 454 455 // check permissions on this forum (and top forum if it's a sub?) 456 $perms = checkForumPermissions($forum); 457 if (!$perms[X_PERMS_VIEW]) { 458 $errors .= softerror($lang['privforummsg']); 459 $topicvalid = FALSE; 460 } else if (!$perms[X_PERMS_REPLY]) { 461 $errors .= softerror($lang['textnoaction']); 462 $topicvalid = FALSE; 463 } 464 465 if ($forum['type'] == 'sub') { 466 // prevent access to subforum when upper forum can't be viewed. 467 $fupPerms = checkForumPermissions($fup); 468 if (!$fupPerms[X_PERMS_VIEW]) { 469 $errors .= softerror($lang['privforummsg']); 470 $topicvalid = FALSE; 471 } 472 } 473 } 474 } else { 475 $errors .= softerror($lang['textpw1']); 476 $replyvalid = FALSE; 477 } 478 } else if ($SETTINGS['captcha_status'] == 'on' && $SETTINGS['captcha_post_status'] == 'on' && !DEBUG) { 479 $Captcha = new Captcha(250, 50); 480 if ($Captcha->bCompatible !== false) { 481 $imgcode = postedVar('imgcode', '', FALSE, FALSE); 482 $imghash = postedVar('imghash'); 483 if ($Captcha->ValidateCode($imgcode, $imghash) !== TRUE) { 484 $errors .= softerror($lang['captchaimageinvalid']); 485 $replyvalid = FALSE; 486 } 487 } 488 unset($Captcha); 489 } 490 } 491 } 492 493 if ($replyvalid) { 494 if (strlen(postedVar('subject')) == 0 && strlen($messageinput) == 0) { 495 $errors .= softerror($lang['postnothing']); 496 $replyvalid = FALSE; 497 } 498 } 499 500 if ($replyvalid) { 501 if ($posticon != '') { 502 $query = $db->query("SELECT id FROM ".X_PREFIX."smilies WHERE type='picon' AND url='$posticon'"); 503 if ($db->num_rows($query) == 0) { 504 $posticon = ''; 505 $errors .= softerror($lang['error']); 506 $replyvalid = FALSE; 507 } 508 $db->free_result($query); 509 } 510 } 511 512 if ($replyvalid) { 513 if ($forum['lastpost'] != '') { 514 $lastpost = explode('|', $forum['lastpost']); 515 $rightnow = $onlinetime - $floodctrl; 516 if ($rightnow <= $lastpost[0] && $username == $lastpost[1]) { 517 $floodlink = "<a href=\"viewthread.php?fid=$fid&tid=$tid\">Click here</a>"; 518 $errmsg = $lang['floodprotect'].' '.$floodlink.' '.$lang['tocont']; 519 $errors .= softerror($errmsg); 520 $replyvalid = FALSE; 521 } 522 } 523 } 524 525 if ($replyvalid) { 526 $thatime = $onlinetime; 527 if ($bBBcodeOnForThisPost) { 528 postLinkBBcode($messageinput); 529 } 530 $dbmessage = $db->escape(addslashes($messageinput)); //The message column is historically double-quoted. 531 $dbsubject = addslashes(postedVar('subject', 'javascript', TRUE, TRUE, TRUE)); 532 $db->query("INSERT INTO ".X_PREFIX."posts (fid, tid, author, message, subject, dateline, icon, usesig, useip, bbcodeoff, smileyoff) VALUES ($fid, $tid, '$username', '$dbmessage', '$dbsubject', ".$db->time(time()).", '$posticon', '$usesig', '$onlineip', '$bbcodeoff', '$smileyoff')"); 533 $pid = $db->insert_id(); 534 535 $moderator = (modcheck($username, $forum['moderator']) == 'Moderator'); 536 if ($moderator && $closetopic == 'yes') { 537 $db->query("UPDATE ".X_PREFIX."threads SET closed='yes' WHERE tid='$tid' AND fid='$fid'"); 538 } 539 540 $db->query("UPDATE ".X_PREFIX."threads SET lastpost='$thatime|$username|$pid', replies=replies+1 WHERE tid=$tid"); 541 542 $where = "WHERE fid=$fid"; 543 if ($forum['type'] == 'sub') { 544 $where .= " OR fid={$forum['fup']}"; 545 } 546 $db->query("UPDATE ".X_PREFIX."forums SET lastpost='$thatime|$username|$pid', posts=posts+1 $where"); 547 unset($where); 548 549 $db->query("UPDATE ".X_PREFIX."members SET postnum=postnum+1 WHERE username='$username'"); 550 551 $query = $db->query("SELECT COUNT(pid) FROM ".X_PREFIX."posts WHERE pid <= $pid AND tid='$tid'"); 552 $posts = $db->result($query,0); 553 $db->free_result($query); 554 555 $lang2 = loadPhrases(array('charset','textsubsubject','textsubbody')); 556 $viewperm = getOneForumPerm($forum, X_PERMS_RAWVIEW); 557 $date = $db->result($db->query("SELECT dateline FROM ".X_PREFIX."posts WHERE tid='$tid' AND pid < $pid ORDER BY dateline DESC LIMIT 1"), 0); 558 $subquery = $db->query("SELECT m.email, m.lastvisit, m.ppp, m.status, m.langfile " 559 . "FROM ".X_PREFIX."favorites f " 560 . "INNER JOIN ".X_PREFIX."members m USING (username) " 561 . "WHERE f.type = 'subscription' AND f.tid = $tid AND m.username != '$username' AND m.lastvisit >= $date"); 562 while($subs = $db->fetch_array($subquery)) { 563 if ($viewperm < $status_enum[$subs['status']]) { 564 continue; 565 } 566 567 if ($subs['ppp'] < 1) { 568 $subs['ppp'] = $posts; 569 } 570 571 $translate = $lang2[$subs['langfile']]; 572 $topicpages = quickpage($posts, $subs['ppp']); 573 $topicpages = ($topicpages == 1) ? '' : '&page='.$topicpages; 574 $threadurl = $full_url.'viewthread.php?tid='.$tid.$topicpages.'#pid'.$pid; 575 $rawsubject = htmlspecialchars_decode($threadname, ENT_QUOTES); 576 $rawusername = htmlspecialchars_decode($username, ENT_QUOTES); 577 $rawemail = htmlspecialchars_decode($subs['email'], ENT_QUOTES); 578 $rawbbname = htmlspecialchars_decode($bbname, ENT_NOQUOTES); 579 $headers = array(); 580 $headers[] = smtpHeaderFrom($rawbbname, $adminemail); 581 $headers[] = 'X-Mailer: PHP'; 582 $headers[] = 'X-AntiAbuse: Board servername - '.$cookiedomain; 583 $headers[] = 'X-AntiAbuse: Username - '.$rawusername; 584 $headers[] = 'Content-Type: text/plain; charset='.$translate['charset']; 585 $headers = implode("\r\n", $headers); 586 altMail($rawemail, $rawsubject.' ('.$translate['textsubsubject'].')', $rawusername.' '.$translate['textsubbody']." \n".$threadurl, $headers); 587 } 588 $db->free_result($subquery); 589 590 if (isset($emailnotify) && $emailnotify == 'yes') { 591 $query = $db->query("SELECT tid FROM ".X_PREFIX."favorites WHERE tid='$tid' AND username='$username' AND type='subscription'"); 592 if ($db->num_rows($query) < 1) { 593 $db->query("INSERT INTO ".X_PREFIX."favorites (tid, username, type) VALUES ($tid, '$username', 'subscription')"); 594 } 595 $db->free_result($query); 596 } 597 598 if ($forum['attachstatus'] == 'on') { 599 if ($attachSkipped) { 600 for ($i=1; $i<=$SETTINGS['filesperpost']; $i++) { 601 if (isset($_FILES['attach'.$i])) { 602 attachUploadedFile('attach'.$i, $pid); 603 } 604 } 605 if ($SETTINGS['attach_remote_images'] == 'on' And $bIMGcodeOnForThisPost) { 606 extractRemoteImages($pid, $messageinput); 607 $newdbmessage = $db->escape(addslashes($messageinput)); 608 if ($newdbmessage != $dbmessage) { // Anonymous message was modified after save, in order to use the pid. 609 $db->query("UPDATE ".X_PREFIX."posts SET message='$newdbmessage' WHERE pid=$pid"); 610 } 611 } 612 } elseif ($username != 'Anonymous') { 613 claimOrphanedAttachments($pid); 614 } 615 } 616 617 $topicpages = quickpage($posts, $ppp); 618 $topicpages = ($topicpages == 1) ? '' : '&page='.$topicpages; 619 message($lang['replymsg'], TRUE, '', '', $full_url."viewthread.php?tid={$tid}{$topicpages}#pid{$pid}", true, false, true); 620 } 621 622 if (!$replyvalid) { 623 if (isset($repquote) && ($repquote = (int) $repquote)) { 624 $query = $db->query("SELECT p.message, p.tid, p.fid, p.author FROM ".X_PREFIX."posts p WHERE p.pid=$repquote"); 625 $thaquote = $db->fetch_array($query); 626 $db->free_result($query); 627 $quoteperms = checkForumPermissions(getForum($thaquote['fid'])); 628 if ($quoteperms[X_PERMS_VIEW] And $quoteperms[X_PERMS_PASSWORD]) { 629 $thaquote['message'] = preg_replace('@\\[file\\]\\d*\\[/file\\]@', '', $thaquote['message']); //These codes will not work inside quotes. 630 //Note this bbcode is a pseudo-link. Treat it as cdata. Do not recode the author string. 631 $messageinput = "[rquote=$repquote&tid={$thaquote['tid']}&author={$thaquote['author']}]".rawHTMLmessage(stripslashes($thaquote['message']))."[/rquote]"; //Messages are historically double-quoted. 632 } 633 } 634 635 // Fill $attachfile 636 $files = array(); 637 if ($forum['attachstatus'] == 'on' And $username != 'Anonymous') { 638 $attachfile = ''; 639 $query = $db->query("SELECT a.aid, a.pid, a.filename, a.filetype, a.filesize, a.downloads, a.img_size, thumbs.aid AS thumbid, thumbs.filename AS thumbname, thumbs.img_size AS thumbsize FROM ".X_PREFIX."attachments AS a LEFT JOIN ".X_PREFIX."attachments AS thumbs ON a.aid=thumbs.parentid WHERE a.uid={$self['uid']} AND a.pid=0 AND a.parentid=0"); 640 $counter = 0; 641 while ($postinfo = $db->fetch_array($query)) { 642 $files[] = $postinfo; 643 $postinfo['filename'] = attrOut($postinfo['filename']); 644 $postinfo['filesize'] = number_format($postinfo['filesize'], 0, '.', ','); 645 eval('$attachfile .= "'.template('post_attachment_orphan').'";'); 646 if ($bBBcodeOnForThisPost) { 647 $bbcode = "[file]{$postinfo['aid']}[/file]"; 648 if (strpos($messageinput, $bbcode) === FALSE) { 649 if ($counter == 0 Or $postinfo['img_size'] == '' Or $prevsize = '' Or $SETTINGS['attachimgpost'] == 'off') { 650 $messageinput .= "\r\n\r\n"; 651 } 652 $messageinput .= ' '.$bbcode; // Use a leading space to prevent awkward line wraps. 653 $counter++; 654 $prevsize = $postinfo['img_size']; 655 } 656 } 657 } 658 $maxtotal = phpShorthandValue('post_max_size'); 659 if ($maxtotal > 0) { 660 $lang['attachmaxtotal'] .= ' '.getSizeFormatted($maxtotal); 661 } else { 662 $lang['attachmaxtotal'] = ''; 663 } 664 $maxuploads = $SETTINGS['filesperpost'] - $db->num_rows($query); 665 if ($maxuploads > 0) { 666 $max_dos_limit = (int) ini_get('max_file_uploads'); 667 if ($max_dos_limit > 0) $maxuploads = min($maxuploads, $max_dos_limit); 668 eval('$attachfile .= "'.template("post_attachmentbox").'";'); 669 } 670 $db->free_result($query); 671 } 672 673 //Allow sanitized message to pass-through to template in case of: #1 preview, #2 post error 674 $subject = rawHTMLsubject(postedVar('subject', 'javascript', TRUE, FALSE, TRUE)); 675 $message = rawHTMLmessage($messageinput); 676 677 if (isset($previewpost)) { 678 if ($posticon != '') { 679 $thread['icon'] = "<img src=\"$smdir/$posticon\" />"; 680 } else { 681 $thread['icon'] = ''; 682 } 683 $currtime = $onlinetime; 684 $date = gmdate($dateformat, $currtime + ($timeoffset * 3600) + ($addtime * 3600)); 685 $time = gmdate($timecode, $currtime + ($timeoffset * 3600) + ($addtime * 3600)); 686 $poston = $lang['textposton'].' '.$date.' '.$lang['textat'].' '.$time; 687 $dissubject = $subject; 688 if ($bBBcodeOnForThisPost) { 689 postLinkBBcode($messageinput); 690 } 691 $message1 = postify($messageinput, $smileyoff, $bbcodeoff, $forum['allowsmilies'], $forum['allowhtml'], $forum['allowbbcode'], $forum['allowimgcode']); 692 693 if (count($files) > 0) { 694 bbcodeFileTags($message1, $files, 0, $bBBcodeOnForThisPost); 695 } 696 697 if ($usesig == 'yes') { 698 $post['sig'] = postify($self['sig'], 'no', 'no', $forum['allowsmilies'], $SETTINGS['sightml'], $SETTINGS['sigbbcode'], $forum['allowimgcode'], false); 699 eval('$message1 .= "'.template('viewthread_post_sig').'";'); 700 } else { 701 eval('$message1 .= "'.template('viewthread_post_nosig').'";'); 702 } 703 704 eval('$preview = "'.template('post_preview').'";'); 705 } 706 707 if (X_GUEST && $SETTINGS['captcha_status'] == 'on' && $SETTINGS['captcha_post_status'] == 'on' && !DEBUG) { 708 $Captcha = new Captcha(250, 50); 709 if ($Captcha->bCompatible !== false) { 710 $imghash = $Captcha->GenerateCode(); 711 if ($SETTINGS['captcha_code_casesensitive'] == 'off') { 712 $lang['captchacaseon'] = ''; 713 } 714 eval('$captchapostcheck = "'.template('post_captcha').'";'); 715 } 716 unset($Captcha); 717 } 718 719 $posts = ''; 720 721 if (modcheck($username, $forum['moderator']) == 'Moderator') { 722 $closeoption = '<br /><input type="checkbox" name="closetopic" value="yes" '.$closecheck.' /> '.$lang['closemsgques'].'<br />'; 723 } else { 724 $closeoption = ''; 725 } 726 727 $querytop = $db->query("SELECT COUNT(tid) FROM ".X_PREFIX."posts WHERE tid='$tid'"); 728 $replynum = $db->result($querytop, 0); 729 if ($replynum >= $ppp) { 730 $threadlink = 'viewthread.php?fid='.$fid.'&tid='.$tid; 731 eval($lang['evaltrevlt']); 732 eval('$posts .= "'.template('post_reply_review_toolong').'";'); 733 } else { 734 $thisbg = $altbg1; 735 $query = $db->query("SELECT * FROM ".X_PREFIX."posts WHERE tid='$tid' ORDER BY dateline DESC"); 736 while($post = $db->fetch_array($query)) { 737 $date = gmdate($dateformat, $post['dateline'] + ($timeoffset * 3600) + ($addtime * 3600)); 738 $time = gmdate($timecode, $post['dateline'] + ($timeoffset * 3600) + ($addtime * 3600)); 739 $poston = $lang['textposton'].' '.$date.' '.$lang['textat'].' '.$time; 740 741 if ($post['icon'] != '') { 742 $post['icon'] = '<img src="'.$smdir.'/'.$post['icon'].'" alt="'.$lang['altpostmood'].'" border="0" />'; 743 } else { 744 $post['icon'] = '<img src="'.$imgdir.'/default_icon.gif" alt="[*]" border="0" />'; 745 } 746 747 $post['message'] = preg_replace('@\\[file\\]\\d*\\[/file\\]@', '', $post['message']); //These codes do not work in postify() 748 $post['message'] = postify(stripslashes($post['message']), $post['smileyoff'], $post['bbcodeoff'], $forum['allowsmilies'], $forum['allowhtml'], $forum['allowbbcode'], $forum['allowimgcode']); 749 eval('$posts .= "'.template('post_reply_review_post').'";'); 750 if ($thisbg == $altbg2) { 751 $thisbg = $altbg1; 752 } else { 753 $thisbg = $altbg2; 754 } 755 } 756 $db->free_result($query); 757 } 758 $db->free_result($querytop); 759 760 if (getOneForumPerm($forum, X_PERMS_RAWREPLY) == $status_enum['Guest']) { // Member posting is not allowed, do not request credentials! 761 $loggedin = ''; 762 } 763 764 eval('$postpage = "'.template('post_reply').'";'); 765 } 766 break; 767 768 case 'newthread': 769 if ($poll == 'yes') { 770 nav($lang['textnewpoll']); 771 } else { 772 nav($lang['textpostnew']); 773 } 774 775 if ($SETTINGS['subject_in_title'] == 'on') { 776 $threadSubject = '- '.$dissubject; 777 } 778 779 eval('$header = "'.template('header').'";'); 780 781 $pollanswers = postedVar('pollanswers', '', TRUE, FALSE); 782 $topicvalid = onSubmit('topicsubmit'); // This new flag will indicate a message was submitted and successful. 783 784 if ($forum['attachstatus'] == 'on' And $username != 'Anonymous') { 785 for ($i=1; $i<=$SETTINGS['filesperpost']; $i++) { 786 if (isset($_FILES['attach'.$i])) { 787 $result = attachUploadedFile('attach'.$i); 788 if ($result < 0 And $result != X_EMPTY_UPLOAD) { 789 $errors .= softerror($attachmentErrors[$result]); 790 $topicvalid = FALSE; 791 } 792 } 793 } 794 $result = doAttachmentEdits($deletes); 795 if ($result < 0) { 796 $errors .= softerror($attachmentErrors[$result]); 797 $topicvalid = FALSE; 798 } 799 foreach($deletes as $aid) { 800 $messageinput = str_replace("[file]{$aid}[/file]", '', $messageinput); 801 } 802 if ($SETTINGS['attach_remote_images'] == 'on' And $bIMGcodeOnForThisPost) { 803 $result = extractRemoteImages(0, $messageinput); 804 if ($result < 0) { 805 $errors .= softerror($attachmentErrors[$result]); 806 $topicvalid = FALSE; 807 } 808 } 809 $attachSkipped = FALSE; 810 } else { 811 $attachSkipped = TRUE; 812 } 813 814 if ($topicvalid) { 815 if (X_GUEST) { // Anonymous posting is allowed, and was checked in forum perms at top of file. 816 $password = ''; 817 if (strlen(postedVar('username')) > 0 And isset($_POST['password'])) { 818 if (loginUser(postedVar('username'), md5($_POST['password']))) { 819 if ($self['status'] == "Banned") { 820 $errors .= softerror($lang['bannedmessage']); 821 $topicvalid = FALSE; 822 } else if ($self['ban'] == "posts" || $self['ban'] == "both") { 823 $errors .= softerror($lang['textbanfrompost']); 824 $topicvalid = FALSE; 825 } else { 826 $username = $xmbuser; 827 828 // check permissions on this forum (and top forum if it's a sub?) 829 $perms = checkForumPermissions($forum); 830 if (!$perms[X_PERMS_VIEW]) { 831 $errors .= softerror($lang['privforummsg']); 832 $topicvalid = FALSE; 833 } else if (($poll == '' && !$perms[X_PERMS_THREAD]) || ($poll == 'yes' && !$perms[X_PERMS_POLL])) { 834 $errors .= softerror($lang['textnoaction']); 835 $topicvalid = FALSE; 836 } 837 838 if ($forum['type'] == 'sub') { 839 // prevent access to subforum when upper forum can't be viewed. 840 $fupPerms = checkForumPermissions($fup); 841 if (!$fupPerms[X_PERMS_VIEW]) { 842 $errors .= softerror($lang['privforummsg']); 843 $topicvalid = FALSE; 844 } 845 } 846 } 847 } else { 848 $errors .= softerror($lang['textpw1']); 849 $topicvalid = FALSE; 850 } 851 } else if ($SETTINGS['captcha_status'] == 'on' && $SETTINGS['captcha_post_status'] == 'on' && !DEBUG) { 852 $Captcha = new Captcha(250, 50); 853 if ($Captcha->bCompatible !== false) { 854 $imgcode = postedVar('imgcode', '', FALSE, FALSE); 855 $imghash = postedVar('imghash'); 856 if ($Captcha->ValidateCode($imgcode, $imghash) !== TRUE) { 857 $errors .= softerror($lang['captchaimageinvalid']); 858 $topicvalid = FALSE; 859 } 860 } 861 unset($Captcha); 862 } 863 } 864 } 865 866 if ($topicvalid) { 867 if (strlen(postedVar('subject')) == 0) { 868 $errors .= softerror($lang['textnosubject']); 869 $topicvalid = FALSE; 870 } 871 } 872 873 if ($topicvalid) { 874 if ($posticon != '') { 875 $query = $db->query("SELECT id FROM ".X_PREFIX."smilies WHERE type='picon' AND url='$posticon'"); 876 if ($db->num_rows($query) == 0) { 877 $posticon = ''; 878 $errors .= softerror($lang['error']); 879 $topicvalid = FALSE; 880 } 881 $db->free_result($query); 882 } 883 } 884 885 if ($topicvalid) { 886 if ($forum['lastpost'] != '') { 887 $lastpost = explode('|', $forum['lastpost']); 888 $rightnow = $onlinetime - $floodctrl; 889 if ($rightnow <= $lastpost[0] && $username == $lastpost[1]) { 890 $errors .= softerror($lang['floodprotect']); 891 $topicvalid = FALSE; 892 } 893 } 894 } 895 896 if ($topicvalid) { 897 if ($poll == 'yes') { 898 $pollopts = array(); 899 $pollopts2 = explode("\n", $pollanswers); 900 foreach($pollopts2 as $value) { 901 $value = trim($value); 902 if ($value != '') { 903 $pollopts[] = $value; 904 } 905 } 906 $pnumnum = count($pollopts); 907 908 if ($pnumnum < 2) { 909 $errors .= softerror($lang['too_few_pollopts']); 910 $topicvalid = FALSE; 911 } 912 } 913 } 914 915 if ($topicvalid) { 916 $thatime = $onlinetime; 917 918 if ($bBBcodeOnForThisPost) { 919 postLinkBBcode($messageinput); 920 } 921 $dbmessage = $db->escape(addslashes($messageinput)); //The message column is historically double-quoted. 922 $dbsubject = addslashes(postedVar('subject', 'javascript', TRUE, TRUE, TRUE)); 923 $db->query("INSERT INTO ".X_PREFIX."threads (fid, subject, icon, lastpost, views, replies, author, closed, topped) VALUES ($fid, '$dbsubject', '$posticon', '$thatime|$username', 0, 0, '$username', '', 0)"); 924 $tid = $db->insert_id(); 925 926 $db->query("INSERT INTO ".X_PREFIX."posts (fid, tid, author, message, subject, dateline, icon, usesig, useip, bbcodeoff, smileyoff) VALUES ($fid, $tid, '$username', '$dbmessage', '$dbsubject', ".$db->time($thatime).", '$posticon', '$usesig', '$onlineip', '$bbcodeoff', '$smileyoff')"); 927 $pid = $db->insert_id(); 928 929 $db->query("UPDATE ".X_PREFIX."threads SET lastpost=concat(lastpost, '|".$pid."') WHERE tid='$tid'"); 930 931 $where = "WHERE fid=$fid"; 932 if ($forum['type'] == 'sub') { 933 $where .= " OR fid={$forum['fup']}"; 934 } 935 $db->query("UPDATE ".X_PREFIX."forums SET lastpost='$thatime|$username|$pid', threads=threads+1, posts=posts+1 $where"); 936 unset($where); 937 938 if ($poll == 'yes') { 939 $query = $db->query("SELECT vote_id, topic_id FROM ".X_PREFIX."vote_desc WHERE topic_id='$tid'"); 940 if ($query) { 941 $vote_id = $db->fetch_array($query); 942 $vote_id = $vote_id['vote_id']; 943 if ($vote_id > 0) { 944 $db->query("DELETE FROM ".X_PREFIX."vote_results WHERE vote_id='$vote_id'"); 945 $db->query("DELETE FROM ".X_PREFIX."vote_voters WHERE vote_id='$vote_id'"); 946 $db->query("DELETE FROM ".X_PREFIX."vote_desc WHERE vote_id='$vote_id'"); 947 } 948 } 949 $db->free_result($query); 950 951 $dbsubject = addslashes(postedVar('subject', 'javascript', TRUE, TRUE, TRUE)); 952 $db->query("INSERT INTO ".X_PREFIX."vote_desc (topic_id, vote_text) VALUES ($tid, '$dbsubject')"); 953 $vote_id = $db->insert_id(); 954 $i = 1; 955 foreach($pollopts as $p) { 956 $p = $db->escape_var($p); 957 $db->query("INSERT INTO ".X_PREFIX."vote_results (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($vote_id, $i, '$p', 0)"); 958 $i++; 959 } 960 $db->query("UPDATE ".X_PREFIX."threads SET pollopts=1 WHERE tid='$tid'"); 961 } 962 963 if (isset($emailnotify) && $emailnotify == 'yes') { 964 $query = $db->query("SELECT tid FROM ".X_PREFIX."favorites WHERE tid='$tid' AND username='$username' AND type='subscription'"); 965 $thread = $db->fetch_array($query); 966 $db->free_result($query); 967 if (!$thread) { 968 $db->query("INSERT INTO ".X_PREFIX."favorites (tid, username, type) VALUES ($tid, '$username', 'subscription')"); 969 } 970 } 971 972 $db->query("UPDATE ".X_PREFIX."members SET postnum=postnum+1 WHERE username='$username'"); 973 974 $moderator = (modcheck($username, $forum['moderator']) == 'Moderator'); 975 if ($moderator) { 976 if ($toptopic == 'yes') { 977 $db->query("UPDATE ".X_PREFIX."threads SET topped='1' WHERE tid='$tid' AND fid='$fid'"); 978 } 979 if ($closetopic == 'yes') { 980 $db->query("UPDATE ".X_PREFIX."threads SET closed='yes' WHERE tid='$tid' AND fid='$fid'"); 981 } 982 } 983 984 if ($forum['attachstatus'] == 'on') { 985 if ($attachSkipped) { 986 for ($i=1; $i<=$SETTINGS['filesperpost']; $i++) { 987 if (isset($_FILES['attach'.$i])) { 988 attachUploadedFile('attach'.$i, $pid); 989 } 990 } 991 if ($SETTINGS['attach_remote_images'] == 'on' And $bIMGcodeOnForThisPost) { 992 extractRemoteImages($pid, $messageinput); 993 $newdbmessage = $db->escape(addslashes($messageinput)); 994 if ($newdbmessage != $dbmessage) { // Anonymous message was modified after save, in order to use the pid. 995 $db->query("UPDATE ".X_PREFIX."posts SET message='$newdbmessage' WHERE pid=$pid"); 996 } 997 } 998 } elseif ($username != 'Anonymous') { 999 claimOrphanedAttachments($pid); 1000 } 1001 } 1002 1003 $query = $db->query("SELECT COUNT(tid) FROM ".X_PREFIX."posts WHERE tid='$tid'"); 1004 $posts = $db->result($query, 0); 1005 $db->free_result($query); 1006 1007 $topicpages = quickpage($posts, $ppp); 1008 $topicpages = ($topicpages == 1) ? '' : '&page='.$topicpages; 1009 message($lang['postmsg'], TRUE, '', '', $full_url."viewthread.php?tid={$tid}{$topicpages}#pid{$pid}", true, false, true); 1010 } 1011 1012 if (!$topicvalid) { 1013 // Fill $attachfile 1014 $files = array(); 1015 if ($forum['attachstatus'] == 'on' And $username != 'Anonymous') { 1016 $attachfile = ''; 1017 $query = $db->query("SELECT a.aid, a.pid, a.filename, a.filetype, a.filesize, a.downloads, a.img_size, thumbs.aid AS thumbid, thumbs.filename AS thumbname, thumbs.img_size AS thumbsize FROM ".X_PREFIX."attachments AS a LEFT JOIN ".X_PREFIX."attachments AS thumbs ON a.aid=thumbs.parentid WHERE a.uid={$self['uid']} AND a.pid=0 AND a.parentid=0"); 1018 $counter = 0; 1019 while ($postinfo = $db->fetch_array($query)) { 1020 $files[] = $postinfo; 1021 $postinfo['filename'] = attrOut($postinfo['filename']); 1022 $postinfo['filesize'] = number_format($postinfo['filesize'], 0, '.', ','); 1023 eval('$attachfile .= "'.template('post_attachment_orphan').'";'); 1024 if ($bBBcodeOnForThisPost) { 1025 $bbcode = "[file]{$postinfo['aid']}[/file]"; 1026 if (strpos($messageinput, $bbcode) === FALSE) { 1027 if ($counter == 0 Or $postinfo['img_size'] == '' Or $prevsize == '' Or $SETTINGS['attachimgpost'] == 'off') { 1028 $messageinput .= "\r\n\r\n"; 1029 } 1030 $messageinput .= ' '.$bbcode; // Use a leading space to prevent awkward line wraps. 1031 $counter++; 1032 $prevsize = $postinfo['img_size']; 1033 } 1034 } 1035 } 1036 $maxtotal = phpShorthandValue('post_max_size'); 1037 if ($maxtotal > 0) { 1038 $lang['attachmaxtotal'] .= ' '.getSizeFormatted($maxtotal); 1039 } else { 1040 $lang['attachmaxtotal'] = ''; 1041 } 1042 $maxuploads = $SETTINGS['filesperpost'] - $db->num_rows($query); 1043 if ($maxuploads > 0) { 1044 $max_dos_limit = (int) ini_get('max_file_uploads'); 1045 if ($max_dos_limit > 0) $maxuploads = min($maxuploads, $max_dos_limit); 1046 eval('$attachfile .= "'.template("post_attachmentbox").'";'); 1047 } 1048 $db->free_result($query); 1049 } 1050 1051 //Allow sanitized message to pass-through to template in case of: #1 preview, #2 post error 1052 $subject = rawHTMLsubject(postedVar('subject', 'javascript', TRUE, FALSE, TRUE)); 1053 $message = rawHTMLmessage($messageinput); 1054 1055 if (isset($previewpost)) { 1056 if ($posticon != '') { 1057 $thread['icon'] = "<img src=\"$smdir/$posticon\" />"; 1058 } else { 1059 $thread['icon'] = ''; 1060 } 1061 $currtime = $onlinetime; 1062 $date = gmdate($dateformat, $currtime + ($timeoffset * 3600) + ($addtime * 3600)); 1063 $time = gmdate($timecode, $currtime + ($timeoffset * 3600) + ($addtime * 3600)); 1064 $poston = $lang['textposton'].' '.$date.' '.$lang['textat'].' '.$time; 1065 $dissubject = $subject; 1066 if ($bBBcodeOnForThisPost) { 1067 postLinkBBcode($messageinput); 1068 } 1069 $message1 = postify($messageinput, $smileyoff, $bbcodeoff, $forum['allowsmilies'], $forum['allowhtml'], $forum['allowbbcode'], $forum['allowimgcode']); 1070 1071 if (count($files) > 0) { 1072 bbcodeFileTags($message1, $files, 0, $bBBcodeOnForThisPost); 1073 } 1074 1075 if ($usesig == 'yes') { 1076 $post['sig'] = postify($self['sig'], 'no', 'no', $forum['allowsmilies'], $SETTINGS['sightml'], $SETTINGS['sigbbcode'], $forum['allowimgcode'], false); 1077 eval('$message1 .= "'.template('viewthread_post_sig').'";'); 1078 } else { 1079 eval('$message1 .= "'.template('viewthread_post_nosig').'";'); 1080 } 1081 1082 eval('$preview = "'.template('post_preview').'";'); 1083 } 1084 1085 if (X_GUEST && $SETTINGS['captcha_status'] == 'on' && $SETTINGS['captcha_post_status'] == 'on' && !DEBUG) { 1086 $Captcha = new Captcha(250, 50); 1087 if ($Captcha->bCompatible !== false) { 1088 $imghash = $Captcha->GenerateCode(); 1089 if ($SETTINGS['captcha_code_casesensitive'] == 'off') { 1090 $lang['captchacaseon'] = ''; 1091 } 1092 eval('$captchapostcheck = "'.template('post_captcha').'";'); 1093 } 1094 unset($Captcha); 1095 } 1096 1097 if (modcheck($username, $forum['moderator']) == 'Moderator') { 1098 $topoption = '<br /><input type="checkbox" name="toptopic" value="yes" '.$topcheck.' /> '.$lang['topmsgques']; 1099 $closeoption = '<br /><input type="checkbox" name="closetopic" value="yes" '.$closecheck.' /> '.$lang['closemsgques'].'<br />'; 1100 } else { 1101 $topoption = ''; 1102 $closeoption = ''; 1103 } 1104 1105 if (!isset($spelling_submit2)) { 1106 $spelling_submit2 = ''; 1107 } 1108 1109 if (getOneForumPerm($forum, X_PERMS_RAWTHREAD) == $status_enum['Guest']) { // Member posting is not allowed, do not request credentials! 1110 $loggedin = ''; 1111 } 1112 1113 if (isset($poll) && $poll == 'yes') { 1114 eval('$postpage = "'.template('post_newpoll').'";'); 1115 } else { 1116 eval('$postpage = "'.template('post_newthread').'";'); 1117 } 1118 } 1119 break; 1120 1121 case 'edit': 1122 nav('<a href="viewthread.php?tid='.$tid.'">'.$threadname.'</a>'); 1123 nav($lang['texteditpost']); 1124 1125 if ($SETTINGS['subject_in_title'] == 'on') { 1126 $threadSubject = '- '.$threadname; 1127 } 1128 1129 eval('$header = "'.template('header').'";'); 1130 1131 $editvalid = TRUE; // This new flag will indicate a message was submitted and successful. 1132 1133 //Check all editing permissions for this $pid. Based on viewthread design, forum Moderators can always edit, $orig['author'] can edit open threads only. 1134 $query = $db->query("SELECT p.*, m.status FROM ".X_PREFIX."posts p LEFT JOIN ".X_PREFIX."members m ON p.author=m.username WHERE p.pid=$pid"); 1135 $orig = $db->fetch_array($query); 1136 $db->free_result($query); 1137 1138 $status1 = modcheckPost($self['username'], $forum['moderator'], $orig['status']); 1139 1140 if ($status1 != 'Moderator' And ($self['username'] != $orig['author'] Or $thread['closed'] != '')) { 1141 $errors .= softerror($lang['noedit']); 1142 $editvalid = FALSE; 1143 } 1144 1145 if ($editvalid) { 1146 if ($forum['attachstatus'] == 'on') { 1147 for ($i=1; $i<=$SETTINGS['filesperpost']; $i++) { 1148 if (isset($_FILES['attach'.$i])) { 1149 $result = attachUploadedFile('attach'.$i, $pid); 1150 if ($result < 0 And $result != X_EMPTY_UPLOAD) { 1151 $errors .= softerror($attachmentErrors[$result]); 1152 $editvalid = FALSE; 1153 } 1154 } 1155 } 1156 $result = doAttachmentEdits($deletes, $pid); 1157 if ($result < 0) { 1158 $errors .= softerror($attachmentErrors[$result]); 1159 $editvalid = FALSE; 1160 } 1161 foreach($deletes as $aid) { 1162 $messageinput = str_replace("[file]{$aid}[/file]", '', $messageinput); 1163 } 1164 $temp = ''; 1165 if ($SETTINGS['attach_remote_images'] == 'on' And $bIMGcodeOnForThisPost) { 1166 $result = extractRemoteImages($pid, $messageinput); 1167 if ($result < 0) { 1168 $errors .= softerror($attachmentErrors[$result]); 1169 $editvalid = FALSE; 1170 } 1171 } 1172 } 1173 } 1174 1175 $editvalid &= onSubmit('editsubmit'); 1176 1177 if ($editvalid) { 1178 if ($posticon != '') { 1179 $query = $db->query("SELECT id FROM ".X_PREFIX."smilies WHERE type='picon' AND url='$posticon'"); 1180 if ($db->num_rows($query) == 0) { 1181 $posticon = ''; 1182 $errors .= softerror($lang['error']); 1183 $editvalid = FALSE; 1184 } 1185 $db->free_result($query); 1186 } 1187 } 1188 1189 if ($editvalid) { 1190 $query = $db->query("SELECT pid FROM ".X_PREFIX."posts WHERE tid=$tid ORDER BY dateline LIMIT 1"); 1191 $isfirstpost = $db->fetch_array($query); 1192 $db->free_result($query); 1193 1194 if ((strlen(postedVar('subject')) == 0 && $pid == $isfirstpost['pid']) && !(isset($delete) && $delete == 'yes')) { 1195 $errors .= softerror($lang['textnosubject']); 1196 $editvalid = FALSE; 1197 } 1198 } 1199 1200 if ($editvalid) { 1201 $threaddelete = 'no'; 1202 1203 if (!(isset($delete) && $delete == 'yes')) { 1204 if ($SETTINGS['editedby'] == 'on') { 1205 $messageinput .= "\n\n[".$lang['textediton'].' '.gmdate($dateformat).' '.$lang['textby']." $username]"; 1206 } 1207 1208 if ($bBBcodeOnForThisPost) { 1209 postLinkBBcode($messageinput); 1210 } 1211 $dbmessage = $db->escape(addslashes($messageinput)); //The subject and message columns are historically double-quoted. 1212 $dbsubject = addslashes(postedVar('subject', 'javascript', TRUE, TRUE, TRUE)); 1213 1214 if ($isfirstpost['pid'] == $pid) { 1215 $db->query("UPDATE ".X_PREFIX."threads SET icon='$posticon', subject='$dbsubject' WHERE tid=$tid"); 1216 } 1217 1218 $db->query("UPDATE ".X_PREFIX."posts SET message='$dbmessage', usesig='$usesig', bbcodeoff='$bbcodeoff', smileyoff='$smileyoff', icon='$posticon', subject='$dbsubject' WHERE pid=$pid"); 1219 } else { 1220 require_once ('include/attach.inc.php'); 1221 $db->query("DELETE FROM ".X_PREFIX."posts WHERE pid=$pid"); 1222 $db->query("UPDATE ".X_PREFIX."members SET postnum=postnum-1 WHERE username='".$db->escape_var($orig['author'])."'"); 1223 deleteAllAttachments($pid); 1224 1225 if ($isfirstpost['pid'] == $pid) { 1226 $query = $db->query("SELECT COUNT(pid) AS pcount FROM ".X_PREFIX."posts WHERE tid=$tid"); 1227 $numrows = $db->fetch_array($query); 1228 $numrows = $numrows['pcount']; 1229 $db->free_result($query); 1230 1231 if ($numrows == 0) { 1232 $threaddelete = 'yes'; 1233 $db->query("DELETE FROM ".X_PREFIX."favorites WHERE tid='$tid'"); 1234 1235 $db->query("DELETE FROM d, r, v " 1236 . "USING ".X_PREFIX."vote_desc AS d " 1237 . "LEFT JOIN ".X_PREFIX."vote_results AS r ON r.vote_id = d.vote_id " 1238 . "LEFT JOIN ".X_PREFIX."vote_voters AS v ON v.vote_id = d.vote_id " 1239 . "WHERE d.topic_id = $tid"); 1240 1241 $db->query("DELETE FROM ".X_PREFIX."threads WHERE tid=$tid OR closed='moved|$tid'"); 1242 } else { 1243 $db->query("UPDATE ".X_PREFIX."posts SET subject='".$db->escape_var($orig['subject'])."' WHERE tid=$tid ORDER BY dateline LIMIT 1"); 1244 } 1245 } 1246 if ($forum['type'] == 'sub') { 1247 updateforumcount($fup['fid']); 1248 } 1249 updatethreadcount($tid); 1250 updateforumcount($fid); 1251 } 1252 1253 if ($threaddelete == 'no') { 1254 $query = $db->query("SELECT COUNT(pid) FROM ".X_PREFIX."posts WHERE dateline <= {$orig['dateline']} AND tid=$tid"); 1255 $posts = $db->result($query,0); 1256 $db->free_result($query); 1257 $topicpages = quickpage($posts, $ppp); 1258 $topicpages = ($topicpages == 1) ? '' : '&page='.$topicpages; 1259 message($lang['editpostmsg'], TRUE, '', '', $full_url."viewthread.php?tid={$tid}{$topicpages}#pid{$pid}", true, false, true); 1260 } else { 1261 message($lang['editpostmsg'], TRUE, '', '', $full_url.'forumdisplay.php?fid='.$fid, true, false, true); 1262 } 1263 } 1264 1265 if (!$editvalid) { 1266 // Fill $postinfo 1267 $subjectinput = postedVar('subject', 'javascript', TRUE, FALSE, TRUE); 1268 if (onSubmit('editsubmit') || isset($previewpost) || $sc) { 1269 $postinfo = array("usesig"=>$usesig, "bbcodeoff"=>$bbcodeoff, "smileyoff"=>$smileyoff, "message"=>$messageinput, "subject"=>$subjectinput, 'icon'=>$posticon); 1270 } else { 1271 $postinfo = $orig; 1272 $postinfo['message'] = stripslashes($postinfo['message']); //Messages are historically double-quoted. 1273 $postinfo['subject'] = stripslashes($postinfo['subject']); 1274 $bBBcodeOnForThisPost = ($forum['allowbbcode'] == 'yes' And $postinfo['bbcodeoff'] == 'no'); 1275 $bIMGcodeOnForThisPost = ($bBBcodeOnForThisPost And $forum['allowimgcode'] == 'yes'); 1276 $bSmiliesOnForThisPost = ($forum['allowsmilies'] == 'yes' And $postinfo['smileyoff'] == 'no'); 1277 } 1278 1279 // Fill $attachment 1280 $attachment = ''; 1281 $files = array(); 1282 if ($forum['attachstatus'] == 'on') { 1283 $query = $db->query("SELECT a.aid, a.pid, a.filename, a.filetype, a.filesize, a.downloads, a.img_size, thumbs.aid AS thumbid, thumbs.filename AS thumbname, thumbs.img_size AS thumbsize FROM ".X_PREFIX."attachments AS a LEFT JOIN ".X_PREFIX."attachments AS thumbs ON a.aid=thumbs.parentid WHERE a.pid=$pid AND a.parentid=0"); 1284 $counter = 0; 1285 while ($attach = $db->fetch_array($query)) { 1286 $files[] = $attach; 1287 $postinfo['aid'] = $attach['aid']; 1288 $postinfo['downloads'] = $attach['downloads']; 1289 $postinfo['filename'] = attrOut($attach['filename']); 1290 $postinfo['filesize'] = number_format($attach['filesize'], 0, '.', ','); 1291 $postinfo['url'] = getAttachmentURL($attach['aid'], $pid, $attach['filename']); 1292 eval('$attachment .= "'.template('post_edit_attachment').'";'); 1293 if ($bBBcodeOnForThisPost) { 1294 $bbcode = "[file]{$attach['aid']}[/file]"; 1295 if (strpos($postinfo['message'], $bbcode) === FALSE) { 1296 if ($counter == 0 Or $attach['img_size'] == '' Or $prevsize = '' Or $SETTINGS['attachimgpost'] == 'off') { 1297 $postinfo['message'] .= "\r\n\r\n"; 1298 } 1299 $postinfo['message'] .= ' '.$bbcode; // Use a leading space to prevent awkward line wraps. 1300 $counter++; 1301 $prevsize = $attach['img_size']; 1302 } 1303 } 1304 } 1305 $maxtotal = phpShorthandValue('post_max_size'); 1306 if ($maxtotal > 0) { 1307 $lang['attachmaxtotal'] .= ' '.getSizeFormatted($maxtotal); 1308 } else { 1309 $lang['attachmaxtotal'] = ''; 1310 } 1311 $maxuploads = $SETTINGS['filesperpost'] - $db->num_rows($query); 1312 if ($maxuploads > 0) { 1313 $max_dos_limit = (int) ini_get('max_file_uploads'); 1314 if ($max_dos_limit > 0) $maxuploads = min($maxuploads, $max_dos_limit); 1315 eval('$attachment .= "'.template("post_attachmentbox").'";'); 1316 } 1317 $db->free_result($query); 1318 } 1319 1320 //Allow sanitized message to pass-through to template in case of: #1 preview, #2 post error 1321 $subject = rawHTMLsubject($postinfo['subject']); 1322 $message = rawHTMLmessage($postinfo['message']); 1323 1324 if (isset($previewpost)) { 1325 if ($postinfo['icon'] != '') { 1326 $thread['icon'] = "<img src=\"$smdir/{$postinfo['icon']}\" />"; 1327 } else { 1328 $thread['icon'] = ''; 1329 } 1330 $currtime = $onlinetime; 1331 $date = gmdate($dateformat, $currtime + ($timeoffset * 3600) + ($addtime * 3600)); 1332 $time = gmdate($timecode, $currtime + ($timeoffset * 3600) + ($addtime * 3600)); 1333 $poston = $lang['textposton'].' '.$date.' '.$lang['textat'].' '.$time; 1334 $dissubject = $subject; 1335 $message1 = $postinfo['message']; 1336 if ($SETTINGS['editedby'] == 'on') { 1337 $message1 .= "\n\n[".$lang['textediton'].' '.gmdate($dateformat).' '.$lang['textby']." $username]"; 1338 } 1339 if ($bBBcodeOnForThisPost) { 1340 postLinkBBcode($message1); 1341 } 1342 $message1 = postify($message1, $smileyoff, $bbcodeoff, $forum['allowsmilies'], $forum['allowhtml'], $forum['allowbbcode'], $forum['allowimgcode']); 1343 1344 if (count($files) > 0) { 1345 bbcodeFileTags($message1, $files, $pid, $bBBcodeOnForThisPost); 1346 } 1347 1348 if ($usesig == 'yes') { 1349 $post['sig'] = postify($self['sig'], 'no', 'no', $forum['allowsmilies'], $SETTINGS['sightml'], $SETTINGS['sigbbcode'], $forum['allowimgcode'], false); 1350 eval('$message1 .= "'.template('viewthread_post_sig').'";'); 1351 } else { 1352 eval('$message1 .= "'.template('viewthread_post_nosig').'";'); 1353 } 1354 1355 eval('$preview = "'.template('post_preview').'";'); 1356 } 1357 1358 if ($postinfo['bbcodeoff'] == 'yes') { 1359 $offcheck1 = $cheHTML; 1360 } else { 1361 $offcheck1 = ''; 1362 } 1363 1364 if ($postinfo['smileyoff'] == 'yes') { 1365 $offcheck2 = $cheHTML; 1366 } else { 1367 $offcheck2 = ''; 1368 } 1369 1370 if ($postinfo['usesig'] == 'yes') { 1371 $offcheck3 = $cheHTML; 1372 } else { 1373 $offcheck3 = ''; 1374 } 1375 1376 $icons = str_replace('<input type="radio" name="posticon" value="'.$postinfo['icon'].'" />', '<input type="radio" name="posticon" value="'.$postinfo['icon'].'" checked="checked" />', $icons); 1377 1378 $postinfo['message'] = rawHTMLmessage($postinfo['message']); 1379 $postinfo['subject'] = rawHTMLsubject($postinfo['subject']); 1380 1381 eval('$postpage = "'.template('post_edit').'";'); 1382 } 1383 break; 1384 1385 default: 1386 error($lang['textnoaction']); 1387 break; 1388 } 1389 1390 end_time(); 1391 eval('$footer = "'.template('footer').'";'); 1392 echo $header, $errors, $postpage, $footer; 1393 1394 function postLinkBBcode(&$message) { 1395 global $db; 1396 1397 $items = array(); 1398 $pattern = "@\\[pid](\\d+)\\[/pid]@si"; 1399 preg_match_all($pattern, $message, $results, PREG_SET_ORDER); 1400 if (count($results) == 0) { 1401 return TRUE; 1402 } 1403 foreach($results as $result) { 1404 $items[] = $result[1]; 1405 } 1406 1407 $pids = implode(', ', $items); 1408 $query = $db->query("SELECT p.pid, p.tid, p.subject, t.subject AS tsubject, t.fid FROM ".X_PREFIX."posts AS p LEFT JOIN ".X_PREFIX."threads AS t USING (tid) WHERE pid IN ($pids)"); 1409 while($row = $db->fetch_array($query)) { 1410 $perms = checkForumPermissions(getForum($row['fid'])); 1411 if ($perms[X_PERMS_VIEW] And $perms[X_PERMS_PASSWORD]) { 1412 if ($row['subject'] != '') { 1413 $subject = stripslashes($row['subject']); 1414 } else { 1415 $subject = stripslashes($row['tsubject']); 1416 } 1417 $pattern = "[pid]{$row['pid']}[/pid]"; 1418 $replacement = "[pid={$row['pid']}&tid={$row['tid']}]{$subject}[/pid]"; 1419 $message = str_replace($pattern, $replacement, $message); 1420 } 1421 } 1422 return TRUE; 1423 } 1424 1425 function softerror(&$msg) { 1426 return error($msg, FALSE, '', '<br />', FALSE, FALSE, TRUE, FALSE); 1427 } 1428 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Jan 26 20:11:23 2010 | Home | Forum | Download | SVN | Bug Tracker | Documentation | Cross-referenced by PHPXref 0.7 |