| [ Index ] |
PHP Cross Reference of MyBB 1.6.7 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id: newthread.php 5746 2012-02-03 10:03:25Z Tomm $ 10 */ 11 12 define("IN_MYBB", 1); 13 define('THIS_SCRIPT', 'newthread.php'); 14 15 $templatelist = "newthread,previewpost,error_invalidforum,redirect_newthread,loginbox,changeuserbox,newthread_postpoll,posticons,attachment,newthread_postpoll,codebuttons,smilieinsert,error_nosubject"; 16 $templatelist .= "posticons,newthread_disablesmilies,newreply_modoptions,post_attachments_new,post_attachments,post_savedraftbutton,post_subscription_method,post_attachments_attachment_remove,"; 17 $templatelist .= "forumdisplay_rules,forumdisplay_rules_link"; 18 19 require_once "./global.php"; 20 require_once MYBB_ROOT."inc/functions_post.php"; 21 require_once MYBB_ROOT."inc/functions_user.php"; 22 23 // Load global language phrases 24 $lang->load("newthread"); 25 26 $tid = $pid = ""; 27 if($mybb->input['action'] == "editdraft" || ($mybb->input['savedraft'] && $mybb->input['tid']) || ($mybb->input['tid'] && $mybb->input['pid'])) 28 { 29 $thread = get_thread($mybb->input['tid']); 30 31 $query = $db->simple_select("posts", "*", "tid='".intval($mybb->input['tid'])."' AND visible='-2'", array('order_by' => 'dateline', 'limit' => 1)); 32 $post = $db->fetch_array($query); 33 34 if(!$thread['tid'] || !$post['pid'] || $thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid']) 35 { 36 error($lang->invalidthread); 37 } 38 39 $pid = $post['pid']; 40 $fid = $thread['fid']; 41 $tid = $thread['tid']; 42 $editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />"; 43 } 44 else 45 { 46 $fid = intval($mybb->input['fid']); 47 } 48 49 // Fetch forum information. 50 $forum = get_forum($fid); 51 if(!$forum) 52 { 53 error($lang->error_invalidforum); 54 } 55 56 // Draw the navigation 57 build_forum_breadcrumb($fid); 58 add_breadcrumb($lang->nav_newthread); 59 60 $forumpermissions = forum_permissions($fid); 61 62 if($forum['open'] == 0 || $forum['type'] != "f" || $forum['linkto'] != "") 63 { 64 error($lang->error_closedinvalidforum); 65 } 66 67 if($forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $mybb->user['suspendposting'] == 1) 68 { 69 error_no_permission(); 70 } 71 72 // Check if this forum is password protected and we have a valid password 73 check_forum_password($forum['fid']); 74 75 // If MyCode is on for this forum and the MyCode editor is enabled in the Admin CP, draw the code buttons and smilie inserter. 76 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 77 { 78 $codebuttons = build_mycode_inserter(); 79 if($forum['allowsmilies'] != 0) 80 { 81 $smilieinserter = build_clickable_smilies(); 82 } 83 } 84 85 // Does this forum allow post icons? If so, fetch the post icons. 86 if($forum['allowpicons'] != 0) 87 { 88 $posticons = get_post_icons(); 89 } 90 91 // If we have a currently logged in user then fetch the change user box. 92 if($mybb->user['uid'] != 0) 93 { 94 eval("\$loginbox = \"".$templates->get("changeuserbox")."\";"); 95 } 96 97 // Otherwise we have a guest, determine the "username" and get the login box. 98 else 99 { 100 if(!$mybb->input['previewpost'] && $mybb->input['action'] != "do_newthread") 101 { 102 $username = ''; 103 } 104 else 105 { 106 $username = htmlspecialchars($mybb->input['username']); 107 } 108 eval("\$loginbox = \"".$templates->get("loginbox")."\";"); 109 } 110 111 // If we're not performing a new thread insert and not editing a draft then we're posting a new thread. 112 if($mybb->input['action'] != "do_newthread" && $mybb->input['action'] != "editdraft") 113 { 114 $mybb->input['action'] = "newthread"; 115 } 116 117 // Previewing a post, overwrite the action to the new thread action. 118 if($mybb->input['previewpost']) 119 { 120 $mybb->input['action'] = "newthread"; 121 } 122 123 if((empty($_POST) && empty($_FILES)) && $mybb->input['processed'] == '1') 124 { 125 error($lang->error_cannot_upload_php_post); 126 } 127 128 // Handle attachments if we've got any. 129 if(!$mybb->input['attachmentaid'] && ($mybb->input['newattachment'] || $mybb->input['updateattachment'] || ($mybb->input['action'] == "do_newthread" && $mybb->input['submit'] && $_FILES['attachment']))) 130 { 131 // Verify incoming POST request 132 verify_post_check($mybb->input['my_post_key']); 133 134 if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid'])) 135 { 136 $attachwhere = "pid='{$pid}'"; 137 } 138 else 139 { 140 $attachwhere = "posthash='".$db->escape_string($mybb->input['posthash'])."'"; 141 } 142 $query = $db->simple_select("attachments", "COUNT(aid) as numattachs", $attachwhere); 143 $attachcount = $db->fetch_field($query, "numattachs"); 144 145 // If there's an attachment, check it and upload it 146 if($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0 && ($mybb->settings['maxattachments'] == 0 || $attachcount < $mybb->settings['maxattachments'])) 147 { 148 require_once MYBB_ROOT."inc/functions_upload.php"; 149 150 $update_attachment = false; 151 if($mybb->input['updateattachment']) 152 { 153 $update_attachment = true; 154 } 155 $attachedfile = upload_attachment($_FILES['attachment'], $update_attachment); 156 } 157 158 // Error with attachments - should use new inline errors? 159 if($attachedfile['error']) 160 { 161 $errors[] = $attachedfile['error']; 162 $mybb->input['action'] = "newthread"; 163 } 164 165 // If we were dealing with an attachment but didn't click 'Post Thread', force the new thread page again. 166 if(!$mybb->input['submit']) 167 { 168 //$editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />"; 169 $mybb->input['action'] = "newthread"; 170 } 171 } 172 173 // Are we removing an attachment from the thread? 174 if($mybb->input['attachmentaid'] && $mybb->input['attachmentact'] == "remove" && $mybb->input['posthash']) 175 { 176 // Verify incoming POST request 177 verify_post_check($mybb->input['my_post_key']); 178 179 require_once MYBB_ROOT."inc/functions_upload.php"; 180 remove_attachment(0, $mybb->input['posthash'], $mybb->input['attachmentaid']); 181 if(!$mybb->input['submit']) 182 { 183 $mybb->input['action'] = "newthread"; 184 } 185 } 186 187 $thread_errors = ""; 188 $hide_captcha = false; 189 190 // Check the maximum posts per day for this user 191 if($mybb->settings['maxposts'] > 0 && $mybb->usergroup['cancp'] != 1) 192 { 193 $daycut = TIME_NOW-60*60*24; 194 $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible='1' AND dateline>{$daycut}"); 195 $post_count = $db->fetch_field($query, "posts_today"); 196 if($post_count >= $mybb->settings['maxposts']) 197 { 198 $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->settings['maxposts']); 199 error($lang->error_maxposts); 200 } 201 } 202 203 // Performing the posting of a new thread. 204 if($mybb->input['action'] == "do_newthread" && $mybb->request_method == "post") 205 { 206 // Verify incoming POST request 207 verify_post_check($mybb->input['my_post_key']); 208 209 $plugins->run_hooks("newthread_do_newthread_start"); 210 211 // If this isn't a logged in user, then we need to do some special validation. 212 if($mybb->user['uid'] == 0) 213 { 214 $username = htmlspecialchars_uni($mybb->input['username']); 215 216 // Check if username exists. 217 if(username_exists($mybb->input['username'])) 218 { 219 // If it does and no password is given throw back "username is taken" 220 if(!$mybb->input['password']) 221 { 222 error($lang->error_usernametaken); 223 } 224 225 // Checks to make sure the user can login; they haven't had too many tries at logging in. 226 // Is a fatal call if user has had too many tries 227 $logins = login_attempt_check(); 228 229 // If the user specified a password but it is wrong, throw back invalid password. 230 $mybb->user = validate_password_from_username($mybb->input['username'], $mybb->input['password']); 231 if(!$mybb->user['uid']) 232 { 233 my_setcookie('loginattempts', $logins + 1); 234 $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "LOWER(username) = '".$db->escape_string(my_strtolower($mybb->input['username']))."'", 1, true); 235 if($mybb->settings['failedlogintext'] == 1) 236 { 237 $login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins); 238 } 239 error($lang->error_invalidpassword.$login_text); 240 } 241 // Otherwise they've logged in successfully. 242 243 $mybb->input['username'] = $username = $mybb->user['username']; 244 my_setcookie("mybbuser", $mybb->user['uid']."_".$mybb->user['loginkey'], null, true); 245 my_setcookie('loginattempts', 1); 246 247 // Update the session to contain their user ID 248 $updated_session = array( 249 "uid" => $mybb->user['uid'], 250 ); 251 $db->update_query("sessions", $updated_session, "sid='{$session->sid}'"); 252 253 $db->update_query("users", array("loginattempts" => 1), "uid='{$mybb->user['uid']}'"); 254 255 // Set uid and username 256 $uid = $mybb->user['uid']; 257 $username = $mybb->user['username']; 258 259 // Check if this user is allowed to post here 260 $mybb->usergroup = &$groupscache[$mybb->user['usergroup']]; 261 $forumpermissions = forum_permissions($fid); 262 if($forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $mybb->user['suspendposting'] == 1) 263 { 264 error_no_permission(); 265 } 266 } 267 // This username does not exist. 268 else 269 { 270 // If they didn't specify a username then give them "Guest" 271 if(!$mybb->input['username']) 272 { 273 $username = $lang->guest; 274 } 275 // Otherwise use the name they specified. 276 else 277 { 278 $username = htmlspecialchars($mybb->input['username']); 279 } 280 $uid = 0; 281 } 282 } 283 // This user is logged in. 284 else 285 { 286 $username = $mybb->user['username']; 287 $uid = $mybb->user['uid']; 288 } 289 290 // Attempt to see if this post is a duplicate or not 291 if($uid > 0) 292 { 293 $user_check = "p.uid='{$uid}'"; 294 } 295 else 296 { 297 $user_check = "p.ipaddress='".$db->escape_string($session->ipaddress)."'"; 298 } 299 if(!$mybb->input['savedraft'] && !$pid) 300 { 301 $query = $db->simple_select("posts p", "p.pid", "$user_check AND p.fid='{$forum['fid']}' AND p.subject='".$db->escape_string($mybb->input['subject'])."' AND p.message='".$db->escape_string($mybb->input['message'])."' AND p.posthash='".$db->escape_string($mybb->input['posthash'])."'"); 302 $duplicate_check = $db->fetch_field($query, "pid"); 303 if($duplicate_check) 304 { 305 error($lang->error_post_already_submitted); 306 } 307 } 308 309 // Set up posthandler. 310 require_once MYBB_ROOT."inc/datahandlers/post.php"; 311 $posthandler = new PostDataHandler("insert"); 312 $posthandler->action = "thread"; 313 314 // Set the thread data that came from the input to the $thread array. 315 $new_thread = array( 316 "fid" => $forum['fid'], 317 "subject" => $mybb->input['subject'], 318 "prefix" => $mybb->input['threadprefix'], 319 "icon" => $mybb->input['icon'], 320 "uid" => $uid, 321 "username" => $username, 322 "message" => $mybb->input['message'], 323 "ipaddress" => get_ip(), 324 "posthash" => $mybb->input['posthash'] 325 ); 326 327 if($pid != '') 328 { 329 $new_thread['pid'] = $pid; 330 } 331 332 // Are we saving a draft thread? 333 if($mybb->input['savedraft'] && $mybb->user['uid']) 334 { 335 $new_thread['savedraft'] = 1; 336 } 337 else 338 { 339 $new_thread['savedraft'] = 0; 340 } 341 342 // Is this thread already a draft and we're updating it? 343 if(isset($thread['tid']) && $thread['visible'] == -2) 344 { 345 $new_thread['tid'] = $thread['tid']; 346 } 347 348 // Set up the thread options from the input. 349 $new_thread['options'] = array( 350 "signature" => $mybb->input['postoptions']['signature'], 351 "subscriptionmethod" => $mybb->input['postoptions']['subscriptionmethod'], 352 "disablesmilies" => $mybb->input['postoptions']['disablesmilies'] 353 ); 354 355 // Apply moderation options if we have them 356 $new_thread['modoptions'] = $mybb->input['modoptions']; 357 358 $posthandler->set_data($new_thread); 359 360 // Now let the post handler do all the hard work. 361 $valid_thread = $posthandler->validate_thread(); 362 363 $post_errors = array(); 364 // Fetch friendly error messages if this is an invalid thread 365 if(!$valid_thread) 366 { 367 $post_errors = $posthandler->get_friendly_errors(); 368 } 369 370 // Check captcha image 371 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 372 { 373 require_once MYBB_ROOT.'inc/class_captcha.php'; 374 $post_captcha = new captcha; 375 376 if($post_captcha->validate_captcha() == false) 377 { 378 // CAPTCHA validation failed 379 foreach($post_captcha->get_errors() as $error) 380 { 381 $post_errors[] = $error; 382 } 383 } 384 else 385 { 386 $hide_captcha = true; 387 } 388 } 389 390 // One or more errors returned, fetch error list and throw to newthread page 391 if(count($post_errors) > 0) 392 { 393 $thread_errors = inline_error($post_errors); 394 $mybb->input['action'] = "newthread"; 395 } 396 // No errors were found, it is safe to insert the thread. 397 else 398 { 399 $thread_info = $posthandler->insert_thread(); 400 $tid = $thread_info['tid']; 401 $visible = $thread_info['visible']; 402 403 // Mark thread as read 404 require_once MYBB_ROOT."inc/functions_indicators.php"; 405 mark_thread_read($tid, $fid); 406 407 // We were updating a draft thread, send them back to the draft listing. 408 if($new_thread['savedraft'] == 1) 409 { 410 $lang->redirect_newthread = $lang->draft_saved; 411 $url = "usercp.php?action=drafts"; 412 } 413 414 // A poll was being posted with this thread, throw them to poll posting page. 415 else if($mybb->input['postpoll'] && $forumpermissions['canpostpolls']) 416 { 417 $url = "polls.php?action=newpoll&tid=$tid&polloptions=".intval($mybb->input['numpolloptions']); 418 $lang->redirect_newthread .= $lang->redirect_newthread_poll; 419 } 420 421 // This thread is stuck in the moderation queue, send them back to the forum. 422 else if(!$visible) 423 { 424 // Moderated thread 425 $lang->redirect_newthread .= $lang->redirect_newthread_moderation; 426 $url = get_forum_link($fid); 427 } 428 429 // This is just a normal thread - send them to it. 430 else 431 { 432 // Visible thread 433 $lang->redirect_newthread .= $lang->redirect_newthread_thread; 434 $url = get_thread_link($tid); 435 } 436 437 // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected 438 if($mybb->input['quoted_ids'] && $mybb->cookies['multiquote'] && $mybb->settings['multiquote'] != 0) 439 { 440 // We quoted all posts - remove the entire cookie 441 if($mybb->input['quoted_ids'] == "all") 442 { 443 my_unsetcookie("multiquote"); 444 } 445 } 446 447 $plugins->run_hooks("newthread_do_newthread_end"); 448 449 // Hop to it! Send them to the next page. 450 if(!$mybb->input['postpoll']) 451 { 452 $lang->redirect_newthread .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid)); 453 } 454 redirect($url, $lang->redirect_newthread); 455 } 456 } 457 458 if($mybb->input['action'] == "newthread" || $mybb->input['action'] == "editdraft") 459 { 460 461 $plugins->run_hooks("newthread_start"); 462 463 $quote_ids = ''; 464 // If this isn't a preview and we're not editing a draft, then handle quoted posts 465 if(!$mybb->input['previewpost'] && !$thread_errors && $mybb->input['action'] != "editdraft") 466 { 467 $message = ''; 468 $quoted_posts = array(); 469 // Handle multiquote 470 if($mybb->cookies['multiquote'] && $mybb->settings['multiquote'] != 0) 471 { 472 $multiquoted = explode("|", $mybb->cookies['multiquote']); 473 foreach($multiquoted as $post) 474 { 475 $quoted_posts[$post] = intval($post); 476 } 477 } 478 479 // Quoting more than one post - fetch them 480 if(count($quoted_posts) > 0) 481 { 482 $external_quotes = 0; 483 $quoted_posts = implode(",", $quoted_posts); 484 $unviewable_forums = get_unviewable_forums(); 485 if($unviewable_forums) 486 { 487 $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})"; 488 } 489 490 if(is_moderator($fid)) 491 { 492 $visible_where = "AND p.visible != 2"; 493 } 494 else 495 { 496 $visible_where = "AND p.visible > 0"; 497 } 498 499 if(intval($mybb->input['load_all_quotes']) == 1) 500 { 501 $query = $db->query(" 502 SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername 503 FROM ".TABLE_PREFIX."posts p 504 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 505 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 506 WHERE p.pid IN ($quoted_posts) {$unviewable_forums} {$visible_where} 507 "); 508 while($quoted_post = $db->fetch_array($query)) 509 { 510 if($quoted_post['userusername']) 511 { 512 $quoted_post['username'] = $quoted_post['userusername']; 513 } 514 $quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']); 515 $quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']); 516 $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']); 517 $message .= "[quote='{$quoted_post['username']}' pid='{$quoted_post['pid']}' dateline='{$quoted_post['dateline']}']\n{$quoted_post['message']}\n[/quote]\n\n"; 518 } 519 520 $quoted_ids = "all"; 521 } 522 else 523 { 524 $query = $db->query(" 525 SELECT COUNT(*) AS quotes 526 FROM ".TABLE_PREFIX."posts p 527 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 528 WHERE p.pid IN ($quoted_posts) {$unviewable_forums} {$visible_where} 529 "); 530 $external_quotes = $db->fetch_field($query, 'quotes'); 531 532 if($external_quotes > 0) 533 { 534 if($external_quotes == 1) 535 { 536 $multiquote_text = $lang->multiquote_external_one; 537 $multiquote_deselect = $lang->multiquote_external_one_deselect; 538 $multiquote_quote = $lang->multiquote_external_one_quote; 539 } 540 else 541 { 542 $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes); 543 $multiquote_deselect = $lang->multiquote_external_deselect; 544 $multiquote_quote = $lang->multiquote_external_quote; 545 } 546 eval("\$multiquote_external = \"".$templates->get("newthread_multiquote_external")."\";"); 547 } 548 } 549 } 550 } 551 552 if($mybb->input['quoted_ids']) 553 { 554 $quoted_ids = htmlspecialchars_uni($mybb->input['quoted_ids']); 555 } 556 557 // Check the various post options if we're 558 // a -> previewing a post 559 // b -> removing an attachment 560 // c -> adding a new attachment 561 // d -> have errors from posting 562 563 if($mybb->input['previewpost'] || $mybb->input['attachmentaid'] || $mybb->input['newattachment'] || $mybb->input['updateattachment'] || $thread_errors) 564 { 565 $postoptions = $mybb->input['postoptions']; 566 if($postoptions['signature'] == 1) 567 { 568 $postoptionschecked['signature'] = " checked=\"checked\""; 569 } 570 if($postoptions['subscriptionmethod'] == "none") 571 { 572 $postoptions_subscriptionmethod_none = "checked=\"checked\""; 573 } 574 else if($postoptions['subscriptionmethod'] == "instant") 575 { 576 $postoptions_subscriptionmethod_instant = "checked=\"checked\""; 577 } 578 else 579 { 580 $postoptions_subscriptionmethod_dont = "checked=\"checked\""; 581 } 582 if($postoptions['disablesmilies'] == 1) 583 { 584 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 585 } 586 if($mybb->input['postpoll'] == 1) 587 { 588 $postpollchecked = "checked=\"checked\""; 589 } 590 $numpolloptions = intval($mybb->input['numpolloptions']); 591 } 592 593 // Editing a draft thread 594 else if($mybb->input['action'] == "editdraft" && $mybb->user['uid']) 595 { 596 $message = htmlspecialchars_uni($post['message']); 597 $subject = htmlspecialchars_uni($post['subject']); 598 if($post['includesig'] != 0) 599 { 600 $postoptionschecked['signature'] = " checked=\"checked\""; 601 } 602 if($post['smilieoff'] == 1) 603 { 604 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 605 } 606 $icon = $post['icon']; 607 if($forum['allowpicons'] != 0) 608 { 609 $posticons = get_post_icons(); 610 } 611 } 612 613 // Otherwise, this is our initial visit to this page. 614 else 615 { 616 if($mybb->user['signature'] != '') 617 { 618 $postoptionschecked['signature'] = " checked=\"checked\""; 619 } 620 if($mybb->user['subscriptionmethod'] == 1) 621 { 622 $postoptions_subscriptionmethod_none = "checked=\"checked\""; 623 } 624 else if($mybb->user['subscriptionmethod'] == 2) 625 { 626 $postoptions_subscriptionmethod_instant = "checked=\"checked\""; 627 } 628 else 629 { 630 $postoptions_subscriptionmethod_dont = "checked=\"checked\""; 631 } 632 $numpolloptions = "2"; 633 } 634 635 // If we're preving a post then generate the preview. 636 if($mybb->input['previewpost']) 637 { 638 // Set up posthandler. 639 require_once MYBB_ROOT."inc/datahandlers/post.php"; 640 $posthandler = new PostDataHandler("insert"); 641 $posthandler->action = "thread"; 642 643 // Set the thread data that came from the input to the $thread array. 644 $new_thread = array( 645 "fid" => $forum['fid'], 646 "prefix" => $mybb->input['threadprefix'], 647 "subject" => $mybb->input['subject'], 648 "icon" => $mybb->input['icon'], 649 "uid" => $uid, 650 "username" => $username, 651 "message" => $mybb->input['message'], 652 "ipaddress" => get_ip(), 653 "posthash" => $mybb->input['posthash'] 654 ); 655 656 if($pid != '') 657 { 658 $new_thread['pid'] = $pid; 659 } 660 661 $posthandler->set_data($new_thread); 662 663 // Now let the post handler do all the hard work. 664 $valid_thread = $posthandler->verify_message(); 665 $valid_subject = $posthandler->verify_subject(); 666 667 $post_errors = array(); 668 // Fetch friendly error messages if this is an invalid post 669 if(!$valid_thread || !$valid_subject) 670 { 671 $post_errors = $posthandler->get_friendly_errors(); 672 } 673 674 // One or more errors returned, fetch error list and throw to newreply page 675 if(count($post_errors) > 0) 676 { 677 $thread_errors = inline_error($post_errors); 678 } 679 else 680 { 681 if(!$mybb->input['username']) 682 { 683 $mybb->input['username'] = $lang->guest; 684 } 685 if($mybb->input['username'] && !$mybb->user['uid']) 686 { 687 $mybb->user = validate_password_from_username($mybb->input['username'], $mybb->input['password']); 688 } 689 $query = $db->query(" 690 SELECT u.*, f.* 691 FROM ".TABLE_PREFIX."users u 692 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 693 WHERE u.uid='".$mybb->user['uid']."' 694 "); 695 $post = $db->fetch_array($query); 696 if(!$mybb->user['uid'] || !$post['username']) 697 { 698 $post['username'] = htmlspecialchars_uni($mybb->input['username']); 699 } 700 else 701 { 702 $post['userusername'] = $mybb->user['username']; 703 $post['username'] = $mybb->user['username']; 704 } 705 $previewmessage = $mybb->input['message']; 706 $post['message'] = $previewmessage; 707 $post['subject'] = $mybb->input['subject']; 708 $post['icon'] = $mybb->input['icon']; 709 $post['smilieoff'] = $postoptions['disablesmilies']; 710 $post['dateline'] = TIME_NOW; 711 $post['includesig'] = $mybb->input['postoptions']['signature']; 712 if($post['includesig'] != 1) 713 { 714 $post['includesig'] = 0; 715 } 716 717 // Fetch attachments assigned to this post 718 if($mybb->input['pid']) 719 { 720 $attachwhere = "pid='".intval($mybb->input['pid'])."'"; 721 } 722 else 723 { 724 $attachwhere = "posthash='".$db->escape_string($mybb->input['posthash'])."'"; 725 } 726 727 $query = $db->simple_select("attachments", "*", $attachwhere); 728 while($attachment = $db->fetch_array($query)) 729 { 730 $attachcache[0][$attachment['aid']] = $attachment; 731 } 732 733 $postbit = build_postbit($post, 1); 734 eval("\$preview = \"".$templates->get("previewpost")."\";"); 735 } 736 $message = htmlspecialchars_uni($mybb->input['message']); 737 $subject = htmlspecialchars_uni($mybb->input['subject']); 738 } 739 740 // Removing an attachment or adding a new one, or showting thread errors. 741 else if($mybb->input['attachmentaid'] || $mybb->input['newattachment'] || $mybb->input['updateattachment'] || $thread_errors) 742 { 743 $message = htmlspecialchars_uni($mybb->input['message']); 744 $subject = htmlspecialchars_uni($mybb->input['subject']); 745 } 746 747 // Do we have attachment errors? 748 if(count($errors) > 0) 749 { 750 $thread_errors = inline_error($errors); 751 } 752 753 // Generate thread prefix selector 754 if(!intval($mybb->input['threadprefix'])) 755 { 756 $mybb->input['threadprefix'] = 0; 757 } 758 759 $prefixselect = build_prefix_select($forum['fid'], $mybb->input['threadprefix']); 760 761 // Setup a unique posthash for attachment management 762 if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft") 763 { 764 $posthash = md5($mybb->user['uid'].random_str()); 765 } 766 elseif($mybb->input['action'] == "editdraft") 767 { 768 // Drafts have posthashes, too... 769 $posthash = $post['posthash']; 770 } 771 else 772 { 773 $posthash = htmlspecialchars_uni($mybb->input['posthash']); 774 } 775 776 // Can we disable smilies or are they disabled already? 777 if($forum['allowsmilies'] != 0) 778 { 779 eval("\$disablesmilies = \"".$templates->get("newthread_disablesmilies")."\";"); 780 } 781 else 782 { 783 $disablesmilies = "<input type=\"hidden\" name=\"postoptions[disablesmilies]\" value=\"no\" />"; 784 } 785 786 // Show the moderator options 787 if(is_moderator($fid)) 788 { 789 $modoptions = $mybb->input['modoptions']; 790 if($modoptions['closethread'] == 1) 791 { 792 $closecheck = "checked=\"checked\""; 793 } 794 else 795 { 796 $closecheck = ''; 797 } 798 if($modoptions['stickthread'] == 1) 799 { 800 $stickycheck = "checked=\"checked\""; 801 } 802 else 803 { 804 $stickycheck = ''; 805 } 806 unset($modoptions); 807 eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";"); 808 $bgcolor = "trow1"; 809 $bgcolor2 = "trow2"; 810 } 811 else 812 { 813 $bgcolor = "trow2"; 814 $bgcolor2 = "trow1"; 815 } 816 817 // Fetch subscription select box 818 eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";"); 819 820 if($forumpermissions['canpostattachments'] != 0) 821 { // Get a listing of the current attachments, if there are any 822 $attachcount = 0; 823 if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid'])) 824 { 825 $attachwhere = "pid='$pid'"; 826 } 827 else 828 { 829 $attachwhere = "posthash='".$db->escape_string($posthash)."'"; 830 } 831 $query = $db->simple_select("attachments", "*", $attachwhere); 832 $attachments = ''; 833 while($attachment = $db->fetch_array($query)) 834 { 835 $attachment['size'] = get_friendly_size($attachment['filesize']); 836 $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename'])); 837 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 838 839 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 840 { 841 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 842 } 843 844 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 845 846 $attach_mod_options = ''; 847 if($attachment['visible'] != 1) 848 { 849 eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";"); 850 } 851 else 852 { 853 eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";"); 854 } 855 $attachcount++; 856 } 857 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 858 $usage = $db->fetch_array($query); 859 if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0) 860 { 861 $noshowattach = 1; 862 } 863 if($mybb->usergroup['attachquota'] == 0) 864 { 865 $friendlyquota = $lang->unlimited; 866 } 867 else 868 { 869 $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024); 870 } 871 $friendlyusage = get_friendly_size($usage['ausage']); 872 $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyusage, $friendlyquota); 873 if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach) 874 { 875 eval("\$newattach = \"".$templates->get("post_attachments_new")."\";"); 876 } 877 eval("\$attachbox = \"".$templates->get("post_attachments")."\";"); 878 879 $bgcolor = alt_trow(); 880 } 881 882 if($mybb->user['uid']) 883 { 884 eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";"); 885 } 886 887 // Show captcha image for guests if enabled 888 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 889 { 890 $correct = false; 891 require_once MYBB_ROOT.'inc/class_captcha.php'; 892 $post_captcha = new captcha(false, "post_captcha"); 893 894 if($mybb->input['previewpost'] || $hide_captcha == true && $post_captcha->type == 1) 895 { 896 // If previewing a post - check their current captcha input - if correct, hide the captcha input area 897 // ... but only if it's a default one, reCAPTCHAs must be filled in every time due to draconian limits 898 if($post_captcha->validate_captcha() == true) 899 { 900 $correct = true; 901 902 // Generate a hidden list of items for our captcha 903 $captcha = $post_captcha->build_hidden_captcha(); 904 } 905 } 906 907 if(!$correct) 908 { 909 if($post_captcha->type == 1) 910 { 911 $post_captcha->build_captcha(); 912 } 913 else if($post_captcha->type == 2) 914 { 915 $post_captcha->build_recaptcha(); 916 } 917 918 if($post_captcha->html) 919 { 920 $captcha = $post_captcha->html; 921 } 922 } 923 } 924 925 if($forumpermissions['canpostpolls'] != 0) 926 { 927 $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']); 928 eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";"); 929 } 930 931 // Do we have any forum rules to show for this forum? 932 $forumrules = ''; 933 if($forum['rulestype'] >= 2 && $forum['rules']) 934 { 935 if(!$forum['rulestitle']) 936 { 937 $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']); 938 } 939 940 if(!$parser) 941 { 942 require_once MYBB_ROOT.'inc/class_parser.php'; 943 $parser = new postParser; 944 } 945 946 $rules_parser = array( 947 "allow_html" => 1, 948 "allow_mycode" => 1, 949 "allow_smilies" => 1, 950 "allow_imgcode" => 1 951 ); 952 953 $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser); 954 $foruminfo = $forum; 955 956 if($forum['rulestype'] == 3) 957 { 958 eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";"); 959 } 960 else if($forum['rulestype'] == 2) 961 { 962 eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";"); 963 } 964 } 965 966 $plugins->run_hooks("newthread_end"); 967 968 $forum['name'] = strip_tags($forum['name']); 969 $lang->newthread_in = $lang->sprintf($lang->newthread_in, $forum['name']); 970 971 eval("\$newthread = \"".$templates->get("newthread")."\";"); 972 output_page($newthread); 973 974 } 975 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sat Mar 31 17:55:03 2012 | Cross-referenced by PHPXref 0.7.1 |