| [ Index ] |
PHP Cross Reference of MyBB 1.6.7 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id: newreply.php 5746 2012-02-03 10:03:25Z Tomm $ 10 */ 11 12 define("IN_MYBB", 1); 13 define('THIS_SCRIPT', 'newreply.php'); 14 15 $templatelist = "newreply,previewpost,error_invalidforum,error_invalidthread,redirect_threadposted,loginbox,changeuserbox,posticons,newreply_threadreview,forumrules,attachments,newreply_threadreview_post,forumdisplay_rules,forumdisplay_rules_link"; 16 $templatelist .= ",smilieinsert,smilieinsert_getmore,codebuttons,post_attachments_new,post_attachments,post_savedraftbutton,newreply_modoptions,newreply_threadreview_more,newreply_disablesmilies,postbit_online,postbit_find,postbit_pm,postbit_www,postbit_email,postbit_reputation,postbit_warninglevel,postbit_author_user,postbit_edit,postbit_quickdelete,postbit_inlinecheck,postbit_posturl,postbit_quote,postbit_multiquote,postbit_report,postbit_ignored,postbit,post_subscription_method"; 17 18 require_once "./global.php"; 19 require_once MYBB_ROOT."inc/functions_post.php"; 20 require_once MYBB_ROOT."inc/functions_user.php"; 21 require_once MYBB_ROOT."inc/class_parser.php"; 22 $parser = new postParser; 23 24 // Load global language phrases 25 $lang->load("newreply"); 26 27 // Get the pid and tid and replyto from the input. 28 $pid = $replyto = $mybb->input['pid']; 29 $tid = $mybb->input['tid']; 30 if(isset($mybb->input['replyto'])) 31 { 32 $replyto = intval($mybb->input['replyto']); 33 } 34 35 // AJAX quick reply? 36 if($mybb->input['ajax']) 37 { 38 unset($mybb->input['previewpost']); 39 } 40 41 // Edit a draft post. 42 $draft_pid = 0; 43 $editdraftpid = ''; 44 if($mybb->input['action'] == "editdraft" && $pid) 45 { 46 $options = array( 47 "limit" => 1 48 ); 49 $query = $db->simple_select("posts", "*", "pid='".$pid."'", $options); 50 $post = $db->fetch_array($query); 51 if(!$post['pid']) 52 { 53 error($lang->error_invalidpost); 54 } 55 else if($mybb->user['uid'] != $post['uid']) 56 { 57 error($lang->error_post_noperms); 58 } 59 $draft_pid = $post['pid']; 60 $tid = $post['tid']; 61 $editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$draft_pid\" />"; 62 } 63 64 // Set up $thread and $forum for later use. 65 $options = array( 66 "limit" => 1 67 ); 68 $query = $db->simple_select("threads", "*", "tid='".$tid."'"); 69 if($db->num_rows($query) == 0) 70 { 71 error($lang->error_invalidthread); 72 } 73 74 $thread = $db->fetch_array($query); 75 $fid = $thread['fid']; 76 77 // Get forum info 78 $forum = get_forum($fid); 79 if(!$forum) 80 { 81 error($lang->error_invalidforum); 82 } 83 84 // Make navigation 85 build_forum_breadcrumb($fid); 86 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 87 add_breadcrumb($thread['subject'], get_thread_link($thread['tid'])); 88 add_breadcrumb($lang->nav_newreply); 89 90 $forumpermissions = forum_permissions($fid); 91 92 // See if everything is valid up to here. 93 if(isset($post) && (($post['visible'] == 0 && !is_moderator($fid)) || $post['visible'] == 0)) 94 { 95 error($lang->error_invalidpost); 96 } 97 if(($thread['visible'] == 0 && !is_moderator($fid)) || $thread['visible'] < 0) 98 { 99 error($lang->error_invalidthread); 100 } 101 if($forum['open'] == 0 || $forum['type'] != "f") 102 { 103 error($lang->error_closedinvalidforum); 104 } 105 if($forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0 || $mybb->user['suspendposting'] == 1) 106 { 107 error_no_permission(); 108 } 109 110 if($forumpermissions['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid']) 111 { 112 error_no_permission(); 113 } 114 115 // Coming from quick reply? Set some defaults 116 if($mybb->input['method'] == "quickreply") 117 { 118 if($mybb->user['subscriptionmethod'] == 1) 119 { 120 $mybb->input['postoptions']['subscriptionmethod'] = "none"; 121 } 122 else if($mybb->user['subscriptionmethod'] == 2) 123 { 124 $mybb->input['postoptions']['subscriptionmethod'] = "instant"; 125 } 126 } 127 128 // Check if this forum is password protected and we have a valid password 129 check_forum_password($forum['fid']); 130 131 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 132 { 133 $codebuttons = build_mycode_inserter(); 134 if($forum['allowsmilies'] != 0) 135 { 136 $smilieinserter = build_clickable_smilies(); 137 } 138 } 139 140 // Display a login box or change user box? 141 if($mybb->user['uid'] != 0) 142 { 143 eval("\$loginbox = \"".$templates->get("changeuserbox")."\";"); 144 } 145 else 146 { 147 if(!$mybb->input['previewpost'] && $mybb->input['action'] != "do_newreply") 148 { 149 $username = ''; 150 } 151 else 152 { 153 $username = htmlspecialchars_uni($mybb->input['username']); 154 } 155 eval("\$loginbox = \"".$templates->get("loginbox")."\";"); 156 } 157 158 // Check to see if the thread is closed, and if the user is a mod. 159 if(!is_moderator($fid, "caneditposts")) 160 { 161 if($thread['closed'] == 1) 162 { 163 error($lang->redirect_threadclosed); 164 } 165 } 166 167 // Is the currently logged in user a moderator of this forum? 168 if(is_moderator($fid)) 169 { 170 $ismod = true; 171 } 172 else 173 { 174 $ismod = false; 175 } 176 177 // No weird actions allowed, show new reply form if no regular action. 178 if($mybb->input['action'] != "do_newreply" && $mybb->input['action'] != "editdraft") 179 { 180 $mybb->input['action'] = "newreply"; 181 } 182 183 // Even if we are previewing, still show the new reply form. 184 if($mybb->input['previewpost']) 185 { 186 $mybb->input['action'] = "newreply"; 187 } 188 189 if((empty($_POST) && empty($_FILES)) && $mybb->input['processed'] == '1') 190 { 191 error($lang->error_cannot_upload_php_post); 192 } 193 194 if(!$mybb->input['attachmentaid'] && ($mybb->input['newattachment'] || $mybb->input['updateattachment'] || ($mybb->input['action'] == "do_newreply" && $mybb->input['submit'] && $_FILES['attachment']))) 195 { 196 // Verify incoming POST request 197 verify_post_check($mybb->input['my_post_key']); 198 199 if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid'])) 200 { 201 $attachwhere = "pid='{$pid}'"; 202 } 203 else 204 { 205 $attachwhere = "posthash='".$db->escape_string($mybb->input['posthash'])."'"; 206 } 207 $query = $db->simple_select("attachments", "COUNT(aid) as numattachs", $attachwhere); 208 $attachcount = $db->fetch_field($query, "numattachs"); 209 210 // If there's an attachment, check it and upload it 211 if($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0 && ($mybb->settings['maxattachments'] == 0 || $attachcount < $mybb->settings['maxattachments'])) 212 { 213 require_once MYBB_ROOT."inc/functions_upload.php"; 214 215 $update_attachment = false; 216 if($mybb->input['updateattachment']) 217 { 218 $update_attachment = true; 219 } 220 $attachedfile = upload_attachment($_FILES['attachment'], $update_attachment); 221 } 222 223 if($attachedfile['error']) 224 { 225 $errors[] = $attachedfile['error']; 226 $mybb->input['action'] = "newreply"; 227 } 228 229 if(!$mybb->input['submit']) 230 { 231 $editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />"; 232 $mybb->input['action'] = "newreply"; 233 } 234 } 235 236 // Remove an attachment. 237 if($mybb->input['attachmentaid'] && $mybb->input['attachmentact'] == "remove" && $mybb->input['posthash']) 238 { 239 // Verify incoming POST request 240 verify_post_check($mybb->input['my_post_key']); 241 242 require_once MYBB_ROOT."inc/functions_upload.php"; 243 remove_attachment(0, $mybb->input['posthash'], $mybb->input['attachmentaid']); 244 if(!$mybb->input['submit']) 245 { 246 $editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />"; 247 $mybb->input['action'] = "newreply"; 248 } 249 } 250 251 // Setup our posthash for managing attachments. 252 if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft") 253 { 254 $mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].random_str()); 255 } 256 257 $reply_errors = ""; 258 $hide_captcha = false; 259 260 // Check the maximum posts per day for this user 261 if($mybb->settings['maxposts'] > 0 && $mybb->usergroup['cancp'] != 1) 262 { 263 $daycut = TIME_NOW-60*60*24; 264 $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible='1' AND dateline>{$daycut}"); 265 $post_count = $db->fetch_field($query, "posts_today"); 266 if($post_count >= $mybb->settings['maxposts']) 267 { 268 $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->settings['maxposts']); 269 error($lang->error_maxposts); 270 } 271 } 272 273 if($mybb->input['action'] == "do_newreply" && $mybb->request_method == "post") 274 { 275 // Verify incoming POST request 276 verify_post_check($mybb->input['my_post_key']); 277 278 $plugins->run_hooks("newreply_do_newreply_start"); 279 280 // If this isn't a logged in user, then we need to do some special validation. 281 if($mybb->user['uid'] == 0) 282 { 283 $username = htmlspecialchars_uni($mybb->input['username']); 284 285 // Check if username exists. 286 if(username_exists($mybb->input['username'])) 287 { 288 // If it does and no password is given throw back "username is taken" 289 if(!$mybb->input['password']) 290 { 291 error($lang->error_usernametaken); 292 } 293 294 // Checks to make sure the user can login; they haven't had too many tries at logging in. 295 // Is a fatal call if user has had too many tries 296 $logins = login_attempt_check(); 297 298 // If the user specified a password but it is wrong, throw back invalid password. 299 $mybb->user = validate_password_from_username($mybb->input['username'], $mybb->input['password']); 300 if(!$mybb->user['uid']) 301 { 302 my_setcookie('loginattempts', $logins + 1); 303 $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "LOWER(username) = '".$db->escape_string(my_strtolower($mybb->input['username']))."'", 1, true); 304 if($mybb->settings['failedlogintext'] == 1) 305 { 306 $login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins); 307 } 308 error($lang->error_invalidpassword.$login_text); 309 } 310 // Otherwise they've logged in successfully. 311 312 $mybb->input['username'] = $username = $mybb->user['username']; 313 my_setcookie("mybbuser", $mybb->user['uid']."_".$mybb->user['loginkey'], null, true); 314 my_setcookie('loginattempts', 1); 315 316 // Update the session to contain their user ID 317 $updated_session = array( 318 "uid" => $mybb->user['uid'], 319 ); 320 $db->update_query("sessions", $updated_session, "sid='{$session->sid}'"); 321 322 $db->update_query("users", array("loginattempts" => 1), "uid='{$mybb->user['uid']}'"); 323 324 // Set uid and username 325 $uid = $mybb->user['uid']; 326 $username = $mybb->user['username']; 327 328 // Check if this user is allowed to post here 329 $mybb->usergroup = &$groupscache[$mybb->user['usergroup']]; 330 $forumpermissions = forum_permissions($fid); 331 if($forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0 || $mybb->user['suspendposting'] == 1) 332 { 333 error_no_permission(); 334 } 335 } 336 // This username does not exist. 337 else 338 { 339 // If they didn't specify a username then give them "Guest" 340 if(!$mybb->input['username']) 341 { 342 $username = $lang->guest; 343 } 344 // Otherwise use the name they specified. 345 else 346 { 347 $username = htmlspecialchars($mybb->input['username']); 348 } 349 $uid = 0; 350 } 351 } 352 // This user is logged in. 353 else 354 { 355 $username = $mybb->user['username']; 356 $uid = $mybb->user['uid']; 357 } 358 359 // Attempt to see if this post is a duplicate or not 360 if($uid > 0) 361 { 362 $user_check = "p.uid='{$uid}'"; 363 } 364 else 365 { 366 $user_check = "p.ipaddress='".$db->escape_string($session->ipaddress)."'"; 367 } 368 if(!$mybb->input['savedraft']) 369 { 370 $query = $db->simple_select("posts p", "p.pid, p.visible", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->input['subject'])."' AND p.message='".$db->escape_string($mybb->input['message'])."' AND p.posthash='".$db->escape_string($mybb->input['posthash'])."' AND p.visible != '-2'"); 371 $duplicate_check = $db->fetch_field($query, "pid"); 372 if($duplicate_check) 373 { 374 error($lang->error_post_already_submitted); 375 } 376 } 377 378 // Set up posthandler. 379 require_once MYBB_ROOT."inc/datahandlers/post.php"; 380 $posthandler = new PostDataHandler("insert"); 381 382 // Set the post data that came from the input to the $post array. 383 $post = array( 384 "tid" => $mybb->input['tid'], 385 "replyto" => $mybb->input['replyto'], 386 "fid" => $thread['fid'], 387 "subject" => $mybb->input['subject'], 388 "icon" => $mybb->input['icon'], 389 "uid" => $uid, 390 "username" => $username, 391 "message" => $mybb->input['message'], 392 "ipaddress" => get_ip(), 393 "posthash" => $mybb->input['posthash'] 394 ); 395 396 if($mybb->input['pid']) 397 { 398 $post['pid'] = $mybb->input['pid']; 399 } 400 401 // Are we saving a draft post? 402 if($mybb->input['savedraft'] && $mybb->user['uid']) 403 { 404 $post['savedraft'] = 1; 405 } 406 else 407 { 408 $post['savedraft'] = 0; 409 } 410 411 // Set up the post options from the input. 412 $post['options'] = array( 413 "signature" => $mybb->input['postoptions']['signature'], 414 "subscriptionmethod" => $mybb->input['postoptions']['subscriptionmethod'], 415 "disablesmilies" => $mybb->input['postoptions']['disablesmilies'] 416 ); 417 418 // Apply moderation options if we have them 419 $post['modoptions'] = $mybb->input['modoptions']; 420 421 $posthandler->set_data($post); 422 423 // Now let the post handler do all the hard work. 424 $valid_post = $posthandler->validate_post(); 425 426 $post_errors = array(); 427 // Fetch friendly error messages if this is an invalid post 428 if(!$valid_post) 429 { 430 $post_errors = $posthandler->get_friendly_errors(); 431 } 432 433 // Mark thread as read 434 require_once MYBB_ROOT."inc/functions_indicators.php"; 435 mark_thread_read($tid, $fid); 436 437 // Check captcha image 438 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 439 { 440 require_once MYBB_ROOT.'inc/class_captcha.php'; 441 $post_captcha = new captcha(false, "post_captcha"); 442 443 if($post_captcha->validate_captcha() == false) 444 { 445 // CAPTCHA validation failed 446 foreach($post_captcha->get_errors() as $error) 447 { 448 $post_errors[] = $error; 449 } 450 } 451 else 452 { 453 $hide_captcha = true; 454 } 455 456 if($mybb->input['ajax']) 457 { 458 if($post_captcha->type == 1) 459 { 460 $randomstr = random_str(5); 461 $imagehash = md5(random_str(12)); 462 463 $imagearray = array( 464 "imagehash" => $imagehash, 465 "imagestring" => $randomstr, 466 "dateline" => TIME_NOW 467 ); 468 469 $db->insert_query("captcha", $imagearray); 470 471 header("Content-type: text/html; charset={$lang->settings['charset']}"); 472 echo "<captcha>$imagehash"; 473 474 if($hide_captcha) 475 { 476 echo "|$randomstr"; 477 } 478 479 echo "</captcha>"; 480 } 481 else if($post_captcha->type == 2) 482 { 483 header("Content-type: text/html; charset={$lang->settings['charset']}"); 484 echo "<captcha>reload</captcha>"; 485 } 486 } 487 } 488 489 // One or more errors returned, fetch error list and throw to newreply page 490 if(count($post_errors) > 0) 491 { 492 $reply_errors = inline_error($post_errors); 493 $mybb->input['action'] = "newreply"; 494 } 495 else 496 { 497 $postinfo = $posthandler->insert_post(); 498 $pid = $postinfo['pid']; 499 $visible = $postinfo['visible']; 500 501 // Deciding the fate 502 if($visible == -2) 503 { 504 // Draft post 505 $lang->redirect_newreply = $lang->draft_saved; 506 $url = "usercp.php?action=drafts"; 507 } 508 elseif($visible == 1) 509 { 510 // Visible post 511 $lang->redirect_newreply .= $lang->redirect_newreply_post; 512 $url = get_post_link($pid, $tid)."#pid{$pid}"; 513 } 514 else 515 { 516 // Moderated post 517 $lang->redirect_newreply .= '<br />'.$lang->redirect_newreply_moderation; 518 $url = get_thread_link($tid); 519 } 520 521 // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected 522 if($mybb->input['quoted_ids'] && $mybb->cookies['multiquote'] && $mybb->settings['multiquote'] != 0) 523 { 524 // We quoted all posts - remove the entire cookie 525 if($mybb->input['quoted_ids'] == "all") 526 { 527 my_unsetcookie("multiquote"); 528 } 529 // Only quoted a few - attempt to remove them from the cookie 530 else 531 { 532 $quoted_ids = explode("|", $mybb->input['quoted_ids']); 533 $multiquote = explode("|", $mybb->cookies['multiquote']); 534 if(is_array($multiquote) && is_array($quoted_ids)) 535 { 536 foreach($multiquote as $key => $quoteid) 537 { 538 // If this ID was quoted, remove it from the multiquote list 539 if(in_array($quoteid, $quoted_ids)) 540 { 541 unset($multiquote[$key]); 542 } 543 } 544 // Still have an array - set the new cookie 545 if(is_array($multiquote)) 546 { 547 $new_multiquote = implode(",", $multiquote); 548 my_setcookie("multiquote", $new_multiquote); 549 } 550 // Otherwise, unset it 551 else 552 { 553 my_unsetcookie("multiquote"); 554 } 555 } 556 } 557 } 558 559 $plugins->run_hooks("newreply_do_newreply_end"); 560 561 // This was a post made via the ajax quick reply - we need to do some special things here 562 if($mybb->input['ajax']) 563 { 564 // Visible post 565 if($visible == 1) 566 { 567 // Set post counter 568 if($ismod == true) 569 { 570 $postcounter = $thread['replies'] + $thread['unapprovedposts'] + 1; 571 } 572 else 573 { 574 $postcounter = $thread['replies'] + 1; 575 } 576 577 // Was there a new post since we hit the quick reply button? 578 if($mybb->input['lastpid']) 579 { 580 $query = $db->simple_select("posts", "pid", "tid = '{$tid}' AND pid != '{$pid}'", array("order_by" => "pid", "order_dir" => "desc")); 581 $new_post = $db->fetch_array($query); 582 if($new_post['pid'] != $mybb->input['lastpid']) 583 { 584 redirect(get_thread_link($tid, 0, "lastpost")); 585 } 586 } 587 588 // Lets see if this post is on the same page as the one we're viewing or not 589 // if it isn't, redirect us 590 if($perpage > 0 && (($postcounter) % $perpage) == 0) 591 { 592 $post_page = ($postcounter) / $mybb->settings['postsperpage']; 593 } 594 else 595 { 596 $post_page = intval(($postcounter) / $mybb->settings['postsperpage']) + 1; 597 } 598 599 if($mybb->input['from_page'] && $post_page > $mybb->input['from_page']) 600 { 601 redirect(get_thread_link($tid, 0, "lastpost")); 602 exit; 603 } 604 605 // Return the post HTML and display it inline 606 $query = $db->query(" 607 SELECT u.*, u.username AS userusername, p.*, f.*, eu.username AS editusername 608 FROM ".TABLE_PREFIX."posts p 609 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 610 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 611 LEFT JOIN ".TABLE_PREFIX."users eu ON (eu.uid=p.edituid) 612 WHERE p.pid='{$pid}' 613 "); 614 $post = $db->fetch_array($query); 615 616 // Now lets fetch all of the attachments for this post 617 $query = $db->simple_select("attachments", "*", "pid='{$pid}'"); 618 while($attachment = $db->fetch_array($query)) 619 { 620 $attachcache[$attachment['pid']][$attachment['aid']] = $attachment; 621 } 622 623 // Establish altbg - may seem like this is backwards, but build_postbit reverses it 624 if(($postcounter - $mybb->settings['postsperpage']) % 2 != 0) 625 { 626 $altbg = "trow1"; 627 } 628 else 629 { 630 $altbg = "trow2"; 631 } 632 633 $charset = "UTF-8"; 634 if($lang->settings['charset']) 635 { 636 $charset = $lang->settings['charset']; 637 } 638 639 require_once MYBB_ROOT."inc/functions_post.php"; 640 $pid = $post['pid']; 641 $post = build_postbit($post); 642 643 header("Content-type: text/plain; charset={$charset}"); 644 echo $post; 645 646 // Build a new posthash incase the user wishes to quick reply again 647 $new_posthash = md5($mybb->user['uid'].random_str()); 648 echo "<script type=\"text/javascript\">\n"; 649 echo "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n"; 650 echo "if(typeof(inlineModeration) != 'undefined') { Event.observe($('inlinemod_{$pid}'), 'click', inlineModeration.checkItem); }\n"; 651 echo "</script>\n"; 652 exit; 653 } 654 // Post is in the moderation queue 655 else 656 { 657 redirect(get_thread_link($tid, 0, "lastpost"), $lang->redirect_newreply_moderation); 658 exit; 659 } 660 } 661 else 662 { 663 $lang->redirect_newreply .= $lang->sprintf($lang->redirect_return_thread, get_forum_link($fid)); 664 redirect($url, $lang->redirect_newreply); 665 exit; 666 } 667 } 668 } 669 670 // Show the newreply form. 671 if($mybb->input['action'] == "newreply" || $mybb->input['action'] == "editdraft") 672 { 673 $plugins->run_hooks("newreply_start"); 674 675 $quote_ids = ''; 676 // If this isn't a preview and we're not editing a draft, then handle quoted posts 677 if(!$mybb->input['previewpost'] && !$reply_errors && $mybb->input['action'] != "editdraft" && !$mybb->input['attachmentaid'] && !$mybb->input['newattachment'] && !$mybb->input['updateattachment'] && !$mybb->input['rem']) 678 { 679 $message = ''; 680 $quoted_posts = array(); 681 // Handle multiquote 682 if($mybb->cookies['multiquote'] && $mybb->settings['multiquote'] != 0) 683 { 684 $multiquoted = explode("|", $mybb->cookies['multiquote']); 685 foreach($multiquoted as $post) 686 { 687 $quoted_posts[$post] = intval($post); 688 } 689 } 690 // Handle incoming 'quote' button 691 if($mybb->input['pid']) 692 { 693 $quoted_posts[$mybb->input['pid']] = $mybb->input['pid']; 694 } 695 696 // Quoting more than one post - fetch them 697 if(count($quoted_posts) > 0) 698 { 699 $external_quotes = 0; 700 $quoted_posts = implode(",", $quoted_posts); 701 $unviewable_forums = get_unviewable_forums(); 702 if($unviewable_forums) 703 { 704 $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})"; 705 } 706 if(is_moderator($fid)) 707 { 708 $visible_where = "AND p.visible != 2"; 709 } 710 else 711 { 712 $visible_where = "AND p.visible > 0"; 713 } 714 715 require_once MYBB_ROOT."inc/functions_posting.php"; 716 $query = $db->query(" 717 SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername 718 FROM ".TABLE_PREFIX."posts p 719 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 720 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 721 WHERE p.pid IN ($quoted_posts) {$unviewable_forums} {$visible_where} 722 "); 723 $load_all = intval($mybb->input['load_all_quotes']); 724 while($quoted_post = $db->fetch_array($query)) 725 { 726 // Only show messages for the current thread 727 if($quoted_post['tid'] == $tid || $load_all == 1) 728 { 729 // If this post was the post for which a quote button was clicked, set the subject 730 if($pid == $quoted_post['pid']) 731 { 732 $subject = preg_replace('#RE:\s?#i', '', $quoted_post['subject']); 733 $subject = "RE: ".$subject; 734 } 735 $message .= parse_quoted_message($quoted_post); 736 $quoted_ids[] = $quoted_post['pid']; 737 } 738 // Count the rest 739 else 740 { 741 ++$external_quotes; 742 } 743 } 744 if($mybb->settings['maxquotedepth'] != '0') 745 { 746 $message = remove_message_quotes($message); 747 } 748 if($external_quotes > 0) 749 { 750 if($external_quotes == 1) 751 { 752 $multiquote_text = $lang->multiquote_external_one; 753 $multiquote_deselect = $lang->multiquote_external_one_deselect; 754 $multiquote_quote = $lang->multiquote_external_one_quote; 755 } 756 else 757 { 758 $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes); 759 $multiquote_deselect = $lang->multiquote_external_deselect; 760 $multiquote_quote = $lang->multiquote_external_quote; 761 } 762 eval("\$multiquote_external = \"".$templates->get("newreply_multiquote_external")."\";"); 763 } 764 if(count($quoted_ids) > 0) 765 { 766 $quoted_ids = implode("|", $quoted_ids); 767 } 768 } 769 } 770 771 if($mybb->input['quoted_ids']) 772 { 773 $quoted_ids = htmlspecialchars_uni($mybb->input['quoted_ids']); 774 } 775 776 if($mybb->input['previewpost']) 777 { 778 $previewmessage = $mybb->input['message']; 779 } 780 if(!$message) 781 { 782 $message = $mybb->input['message']; 783 } 784 $message = htmlspecialchars_uni($message); 785 786 // Set up the post options. 787 if($mybb->input['previewpost'] || $maximageserror || $reply_errors != '') 788 { 789 $postoptions = $mybb->input['postoptions']; 790 if($postoptions['signature'] == 1) 791 { 792 $postoptionschecked['signature'] = " checked=\"checked\""; 793 } 794 if($postoptions['subscriptionmethod'] == "none") 795 { 796 $postoptions_subscriptionmethod_none = "checked=\"checked\""; 797 } 798 else if($postoptions['subscriptionmethod'] == "instant") 799 { 800 $postoptions_subscriptionmethod_instant = "checked=\"checked\""; 801 } 802 else 803 { 804 $postoptions_subscriptionmethod_dont = "checked=\"checked\""; 805 } 806 if($postoptions['disablesmilies'] == 1) 807 { 808 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 809 } 810 $subject = $mybb->input['subject']; 811 } 812 elseif($mybb->input['action'] == "editdraft" && $mybb->user['uid']) 813 { 814 $message = htmlspecialchars_uni($post['message']); 815 $subject = $post['subject']; 816 if($post['includesig'] != 0) 817 { 818 $postoptionschecked['signature'] = " checked=\"checked\""; 819 } 820 if($post['smilieoff'] == 1) 821 { 822 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 823 } 824 $mybb->input['icon'] = $post['icon']; 825 } 826 else 827 { 828 if($mybb->user['signature'] != '') 829 { 830 $postoptionschecked['signature'] = " checked=\"checked\""; 831 } 832 if($mybb->user['subscriptionmethod'] == 1) 833 { 834 $postoptions_subscriptionmethod_none = "checked=\"checked\""; 835 } 836 else if($mybb->user['subscriptionmethod'] == 2) 837 { 838 $postoptions_subscriptionmethod_instant = "checked=\"checked\""; 839 } 840 else 841 { 842 $postoptions_subscriptionmethod_dont = "checked=\"checked\""; 843 } 844 } 845 846 if($forum['allowpicons'] != 0) 847 { 848 $posticons = get_post_icons(); 849 } 850 851 // No subject, but post info? 852 if(!$subject && $mybb->input['subject']) 853 { 854 $subject = $mybb->input['subject']; 855 } 856 857 // Preview a post that was written. 858 if($mybb->input['previewpost']) 859 { 860 // Set up posthandler. 861 require_once MYBB_ROOT."inc/datahandlers/post.php"; 862 $posthandler = new PostDataHandler("insert"); 863 864 // Set the post data that came from the input to the $post array. 865 $post = array( 866 "tid" => $mybb->input['tid'], 867 "replyto" => $mybb->input['replyto'], 868 "fid" => $thread['fid'], 869 "subject" => $mybb->input['subject'], 870 "icon" => $mybb->input['icon'], 871 "uid" => $uid, 872 "username" => $username, 873 "message" => $mybb->input['message'], 874 "ipaddress" => get_ip(), 875 "posthash" => $mybb->input['posthash'] 876 ); 877 878 if($mybb->input['pid']) 879 { 880 $post['pid'] = $mybb->input['pid']; 881 } 882 883 $posthandler->set_data($post); 884 885 // Now let the post handler do all the hard work. 886 $valid_post = $posthandler->verify_message(); 887 $valid_subject = $posthandler->verify_subject(); 888 889 $post_errors = array(); 890 // Fetch friendly error messages if this is an invalid post 891 if(!$valid_post || !$valid_subject) 892 { 893 $post_errors = $posthandler->get_friendly_errors(); 894 } 895 896 // One or more errors returned, fetch error list and throw to newreply page 897 if(count($post_errors) > 0) 898 { 899 $reply_errors = inline_error($post_errors); 900 } 901 else 902 { 903 $quote_ids = htmlspecialchars_uni($mybb->input['quote_ids']); 904 if(!$mybb->input['username']) 905 { 906 $mybb->input['username'] = $lang->guest; 907 } 908 if($mybb->input['username'] && !$mybb->user['uid']) 909 { 910 $mybb->user = validate_password_from_username($mybb->input['username'], $mybb->input['password']); 911 } 912 $mybb->input['icon'] = intval($mybb->input['icon']); 913 $query = $db->query(" 914 SELECT u.*, f.* 915 FROM ".TABLE_PREFIX."users u 916 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 917 WHERE u.uid='".$mybb->user['uid']."' 918 "); 919 $post = $db->fetch_array($query); 920 if(!$mybb->user['uid'] || !$post['username']) 921 { 922 $post['username'] = $mybb->input['username']; 923 } 924 else 925 { 926 $post['userusername'] = $mybb->user['username']; 927 $post['username'] = $mybb->user['username']; 928 } 929 $post['message'] = $previewmessage; 930 $post['subject'] = $subject; 931 $post['icon'] = $mybb->input['icon']; 932 $post['smilieoff'] = $postoptions['disablesmilies']; 933 $post['dateline'] = TIME_NOW; 934 $post['includesig'] = $mybb->input['postoptions']['signature']; 935 if($post['includesig'] != 1) 936 { 937 $post['includesig'] = 0; 938 } 939 940 // Fetch attachments assigned to this post. 941 if($mybb->input['pid']) 942 { 943 $attachwhere = "pid='".intval($mybb->input['pid'])."'"; 944 } 945 else 946 { 947 $attachwhere = "posthash='".$db->escape_string($mybb->input['posthash'])."'"; 948 } 949 950 $query = $db->simple_select("attachments", "*", $attachwhere); 951 while($attachment = $db->fetch_array($query)) 952 { 953 $attachcache[0][$attachment['aid']] = $attachment; 954 } 955 956 $postbit = build_postbit($post, 1); 957 eval("\$preview = \"".$templates->get("previewpost")."\";"); 958 } 959 } 960 $subject = htmlspecialchars_uni($subject); 961 962 if(!$pid && !$mybb->input['previewpost']) 963 { 964 $subject = "RE: " . $thread['subject']; 965 } 966 967 // Setup a unique posthash for attachment management 968 if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft") 969 { 970 $posthash = md5($mybb->user['uid'].random_str()); 971 } 972 elseif($mybb->input['action'] == "editdraft") 973 { 974 // Drafts have posthashes, too... 975 $posthash = htmlspecialchars_uni($post['posthash']); 976 } 977 else 978 { 979 $posthash = htmlspecialchars_uni($mybb->input['posthash']); 980 } 981 982 // Do we have attachment errors? 983 if(count($errors) > 0) 984 { 985 $reply_errors = inline_error($errors); 986 } 987 988 // Get a listing of the current attachments. 989 if($forumpermissions['canpostattachments'] != 0) 990 { 991 $attachcount = 0; 992 if($mybb->input['action'] == "editdraft" && $mybb->input['pid']) 993 { 994 $attachwhere = "pid='$pid'"; 995 } 996 else 997 { 998 $attachwhere = "posthash='".$db->escape_string($posthash)."'"; 999 } 1000 $attachments = ''; 1001 $query = $db->simple_select("attachments", "*", $attachwhere); 1002 while($attachment = $db->fetch_array($query)) 1003 { 1004 $attachment['size'] = get_friendly_size($attachment['filesize']); 1005 $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename'])); 1006 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 1007 1008 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 1009 { 1010 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 1011 } 1012 $attach_mod_options = ''; 1013 if($attachment['visible'] != 1) 1014 { 1015 eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";"); 1016 } 1017 else 1018 { 1019 eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";"); 1020 } 1021 $attachcount++; 1022 } 1023 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 1024 $usage = $db->fetch_array($query); 1025 if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0) 1026 { 1027 $noshowattach = 1; 1028 } 1029 if($mybb->usergroup['attachquota'] == 0) 1030 { 1031 $friendlyquota = $lang->unlimited; 1032 } 1033 else 1034 { 1035 $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024); 1036 } 1037 $friendlyusage = get_friendly_size($usage['ausage']); 1038 $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyusage, $friendlyquota); 1039 if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach) 1040 { 1041 eval("\$newattach = \"".$templates->get("post_attachments_new")."\";"); 1042 } 1043 eval("\$attachbox = \"".$templates->get("post_attachments")."\";"); 1044 } 1045 1046 // If the user is logged in, provide a save draft button. 1047 if($mybb->user['uid']) 1048 { 1049 eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";"); 1050 } 1051 1052 // Show captcha image for guests if enabled 1053 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 1054 { 1055 $correct = false; 1056 require_once MYBB_ROOT.'inc/class_captcha.php'; 1057 1058 if($mybb->input['previewpost'] || $hide_captcha == true) 1059 { 1060 // If previewing a post - check their current captcha input - if correct, hide the captcha input area 1061 $post_captcha = new captcha; 1062 1063 if($post_captcha->validate_captcha() == true) 1064 { 1065 $correct = true; 1066 1067 // Generate a hidden list of items for our captcha 1068 $captcha = $post_captcha->build_hidden_captcha(); 1069 } 1070 } 1071 1072 if(!$correct) 1073 { 1074 $post_captcha = new captcha(true, "post_captcha"); 1075 1076 if($post_captcha->html) 1077 { 1078 $captcha = $post_captcha->html; 1079 } 1080 } 1081 } 1082 1083 if($mybb->settings['threadreview'] != 0) 1084 { 1085 if(!$mybb->settings['postsperpage']) 1086 { 1087 $mybb->settings['postperpage'] = 20; 1088 } 1089 1090 if(is_moderator($fid)) 1091 { 1092 $visibility = "(visible='1' OR visible='0')"; 1093 } 1094 else 1095 { 1096 $visibility = "visible='1'"; 1097 } 1098 $query = $db->simple_select("posts", "COUNT(pid) AS post_count", "tid='{$tid}' AND {$visibility}"); 1099 $numposts = $db->fetch_field($query, "post_count"); 1100 1101 if($numposts > $mybb->settings['postsperpage']) 1102 { 1103 $numposts = $mybb->settings['postsperpage']; 1104 $lang->thread_review_more = $lang->sprintf($lang->thread_review_more, $mybb->settings['postsperpage'], get_thread_link($tid)); 1105 eval("\$reviewmore = \"".$templates->get("newreply_threadreview_more")."\";"); 1106 } 1107 1108 $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND {$visibility}", array("order_by" => "dateline", "order_dir" => "desc", "limit" => $mybb->settings['postsperpage'])); 1109 while($post = $db->fetch_array($query)) 1110 { 1111 $pidin[] = $post['pid']; 1112 } 1113 1114 $pidin = implode(",", $pidin); 1115 1116 // Fetch attachments 1117 $query = $db->simple_select("attachments", "*", "pid IN ($pidin)"); 1118 while($attachment = $db->fetch_array($query)) 1119 { 1120 $attachcache[$attachment['pid']][$attachment['aid']] = $attachment; 1121 } 1122 $query = $db->query(" 1123 SELECT p.*, u.username AS userusername 1124 FROM ".TABLE_PREFIX."posts p 1125 LEFT JOIN ".TABLE_PREFIX."users u ON (p.uid=u.uid) 1126 WHERE pid IN ($pidin) 1127 ORDER BY dateline DESC 1128 "); 1129 $postsdone = 0; 1130 $altbg = "trow1"; 1131 $reviewbits = ''; 1132 while($post = $db->fetch_array($query)) 1133 { 1134 if($post['userusername']) 1135 { 1136 $post['username'] = $post['userusername']; 1137 } 1138 $reviewpostdate = my_date($mybb->settings['dateformat'], $post['dateline']); 1139 $reviewposttime = my_date($mybb->settings['timeformat'], $post['dateline']); 1140 $parser_options = array( 1141 "allow_html" => $forum['allowhtml'], 1142 "allow_mycode" => $forum['allowmycode'], 1143 "allow_smilies" => $forum['allowsmilies'], 1144 "allow_imgcode" => $forum['allowimgcode'], 1145 "allow_videocode" => $forum['allowvideocode'], 1146 "me_username" => $post['username'], 1147 "filter_badwords" => 1 1148 ); 1149 if($post['smilieoff'] == 1) 1150 { 1151 $parser_options['allow_smilies'] = 0; 1152 } 1153 1154 if($post['visible'] != 1) 1155 { 1156 $altbg = "trow_shaded"; 1157 } 1158 1159 $post['message'] = $parser->parse_message($post['message'], $parser_options); 1160 get_post_attachments($post['pid'], $post); 1161 $reviewmessage = $post['message']; 1162 eval("\$reviewbits .= \"".$templates->get("newreply_threadreview_post")."\";"); 1163 if($altbg == "trow1") 1164 { 1165 $altbg = "trow2"; 1166 } 1167 else 1168 { 1169 $altbg = "trow1"; 1170 } 1171 } 1172 eval("\$threadreview = \"".$templates->get("newreply_threadreview")."\";"); 1173 } 1174 // Can we disable smilies or are they disabled already? 1175 if($forum['allowsmilies'] != 0) 1176 { 1177 eval("\$disablesmilies = \"".$templates->get("newreply_disablesmilies")."\";"); 1178 } 1179 else 1180 { 1181 $disablesmilies = "<input type=\"hidden\" name=\"postoptions[disablesmilies]\" value=\"no\" />"; 1182 } 1183 // Show the moderator options. 1184 if(is_moderator($fid)) 1185 { 1186 if($mybb->input['processed']) 1187 { 1188 $closed = intval($mybb->input['modoptions']['closethread']); 1189 $stuck = intval($mybb->input['modoptions']['stickthread']); 1190 } 1191 else 1192 { 1193 $closed = $thread['closed']; 1194 $stuck = $thread['sticky']; 1195 } 1196 1197 if($closed) 1198 { 1199 $closecheck = ' checked="checked"'; 1200 } 1201 else 1202 { 1203 $closecheck = ''; 1204 } 1205 1206 if($stuck) 1207 { 1208 $stickycheck = ' checked="checked"'; 1209 } 1210 else 1211 { 1212 $stickycheck = ''; 1213 } 1214 1215 eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";"); 1216 $bgcolor = "trow1"; 1217 } 1218 else 1219 { 1220 $bgcolor = "trow2"; 1221 } 1222 1223 // Fetch subscription select box 1224 eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";"); 1225 1226 $lang->post_reply_to = $lang->sprintf($lang->post_reply_to, $thread['subject']); 1227 $lang->reply_to = $lang->sprintf($lang->reply_to, $thread['subject']); 1228 1229 // Do we have any forum rules to show for this forum? 1230 $forumrules = ''; 1231 if($forum['rulestype'] >= 2 && $forum['rules']) 1232 { 1233 if(!$forum['rulestitle']) 1234 { 1235 $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']); 1236 } 1237 1238 if(!$parser) 1239 { 1240 require_once MYBB_ROOT.'inc/class_parser.php'; 1241 $parser = new postParser; 1242 } 1243 1244 $rules_parser = array( 1245 "allow_html" => 1, 1246 "allow_mycode" => 1, 1247 "allow_smilies" => 1, 1248 "allow_imgcode" => 1 1249 ); 1250 1251 $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser); 1252 $foruminfo = $forum; 1253 1254 if($forum['rulestype'] == 3) 1255 { 1256 eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";"); 1257 } 1258 else if($forum['rulestype'] == 2) 1259 { 1260 eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";"); 1261 } 1262 } 1263 1264 $plugins->run_hooks("newreply_end"); 1265 1266 $forum['name'] = strip_tags($forum['name']); 1267 1268 eval("\$newreply = \"".$templates->get("newreply")."\";"); 1269 output_page($newreply); 1270 } 1271 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sat Mar 31 17:55:03 2012 | Cross-referenced by PHPXref 0.7.1 |