| [ Index ] |
PHP Cross Reference of MyBB 1.8.37 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 define("IN_MYBB", 1); 12 define('THIS_SCRIPT', 'newreply.php'); 13 14 $templatelist = "newreply,previewpost,loginbox,changeuserbox,posticons,newreply_threadreview,newreply_threadreview_post,forumdisplay_rules_link,newreply_multiquote_external,post_attachments_add,post_subscription_method"; 15 $templatelist .= ",codebuttons,post_attachments_new,post_attachments,post_savedraftbutton,newreply_modoptions,newreply_threadreview_more,postbit_online,postbit_pm,newreply_disablesmilies_hidden,post_attachments_update"; 16 $templatelist .= ",postbit_warninglevel,postbit_author_user,postbit_edit,postbit_quickdelete,postbit_inlinecheck,postbit_posturl,postbit_quote,postbit_multiquote,newreply_modoptions_close,newreply_modoptions_stick"; 17 $templatelist .= ",post_attachments_attachment_postinsert,post_attachments_attachment_remove,post_attachments_attachment_unapproved,post_attachments_attachment,post_attachments_viewlink,postbit_attachments_attachment,newreply_signature"; 18 $templatelist .= ",post_captcha_recaptcha_invisible,post_captcha_hidden,post_captcha,post_captcha_nocaptcha,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_javascript,postbit_groupimage,postbit_attachments,newreply_postoptions"; 19 $templatelist .= ",postbit_rep_button,postbit_author_guest,postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnailpostbit_attachments_images_image,postbit_attachments_attachment_unapproved"; 20 $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_gotopost,forumdisplay_password_wrongpass,forumdisplay_password,posticons_icon,attachment_icon,postbit_reputation_formatted_link"; 21 $templatelist .= ",global_moderation_notice,newreply_disablesmilies,postbit_userstar,newreply_draftinput,postbit_avatar,forumdisplay_rules,postbit_offline,postbit_find,postbit_warninglevel_formatted,postbit_ignored"; 22 $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,postbit_reputation,postbit_www,postbit_away,postbit_icon,postbit_email,postbit_report,postbit,postbit_warn"; 23 24 require_once "./global.php"; 25 require_once MYBB_ROOT."inc/functions_post.php"; 26 require_once MYBB_ROOT."inc/functions_user.php"; 27 require_once MYBB_ROOT."inc/functions_upload.php"; 28 require_once MYBB_ROOT."inc/class_parser.php"; 29 $parser = new postParser; 30 31 // Load global language phrases 32 $lang->load("newreply"); 33 34 // Get the pid and tid and replyto from the input. 35 $tid = $mybb->get_input('tid', MyBB::INPUT_INT); 36 $replyto = $mybb->get_input('replyto', MyBB::INPUT_INT); 37 38 // AJAX quick reply? 39 if(!empty($mybb->input['ajax'])) 40 { 41 unset($mybb->input['previewpost']); 42 } 43 44 // Edit a draft post. 45 $pid = 0; 46 $editdraftpid = ''; 47 $mybb->input['action'] = $mybb->get_input('action'); 48 if(($mybb->input['action'] == "editdraft" || $mybb->input['action'] == "do_newreply") && $mybb->get_input('pid', MyBB::INPUT_INT)) 49 { 50 $pid = $mybb->get_input('pid', MyBB::INPUT_INT); 51 $post = get_post($pid); 52 if(!$post) 53 { 54 error($lang->error_invalidpost); 55 } 56 else if($mybb->user['uid'] != $post['uid']) 57 { 58 error($lang->error_post_noperms); 59 } 60 $pid = (int)$post['pid']; 61 $tid = (int)$post['tid']; 62 eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";"); 63 } 64 65 // Set up $thread and $forum for later use. 66 $thread = get_thread($tid); 67 if(!$thread) 68 { 69 error($lang->error_invalidthread); 70 } 71 $fid = (int)$thread['fid']; 72 73 // Get forum info 74 $forum = get_forum($fid); 75 if(!$forum) 76 { 77 error($lang->error_invalidforum); 78 } 79 80 // Make navigation 81 build_forum_breadcrumb($fid); 82 $thread_subject = $thread['subject']; 83 $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject'])); 84 add_breadcrumb($thread['subject'], get_thread_link($thread['tid'])); 85 add_breadcrumb($lang->nav_newreply); 86 87 $forumpermissions = forum_permissions($fid); 88 89 // See if everything is valid up to here. 90 if(isset($post) && (($post['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || ($post['visible'] < 0 && $post['uid'] != $mybb->user['uid']))) 91 { 92 if($post['visible'] == 0 && !($mybb->settings['showownunapproved'] && $post['uid'] == $mybb->user['uid'])) 93 { 94 error($lang->error_invalidpost); 95 } 96 } 97 if(($thread['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || $thread['visible'] < 0) 98 { 99 if($thread['visible'] == 0 && !($mybb->settings['showownunapproved'] && $thread['uid'] == $mybb->user['uid'])) 100 { 101 error($lang->error_invalidthread); 102 } 103 } 104 if($forum['open'] == 0 || $forum['type'] != "f") 105 { 106 error($lang->error_closedinvalidforum); 107 } 108 if($forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0) 109 { 110 error_no_permission(); 111 } 112 113 if($mybb->user['suspendposting'] == 1) 114 { 115 $suspendedpostingtype = $lang->error_suspendedposting_permanent; 116 if($mybb->user['suspensiontime']) 117 { 118 $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime'])); 119 } 120 121 $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime'])); 122 123 error($lang->error_suspendedposting); 124 } 125 126 if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid']) 127 { 128 error_no_permission(); 129 } 130 131 if(isset($forumpermissions['canonlyreplyownthreads']) && $forumpermissions['canonlyreplyownthreads'] == 1 && $thread['uid'] != $mybb->user['uid']) 132 { 133 error_no_permission(); 134 } 135 136 // Coming from quick reply and not a preview call? Set subscription method 137 if($mybb->get_input('method') == "quickreply" && !isset($mybb->input['previewpost'])) 138 { 139 $mybb->input['postoptions']['subscriptionmethod'] = get_subscription_method($mybb->get_input('tid', MyBB::INPUT_INT)); 140 } 141 142 // Check if this forum is password protected and we have a valid password 143 check_forum_password($forum['fid']); 144 145 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 146 { 147 $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']); 148 if($forum['allowsmilies'] != 0) 149 { 150 $smilieinserter = build_clickable_smilies(); 151 } 152 } 153 154 // Display a login box or change user box? 155 if($mybb->user['uid'] != 0) 156 { 157 $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']); 158 eval("\$loginbox = \"".$templates->get("changeuserbox")."\";"); 159 } 160 else 161 { 162 if(empty($mybb->input['previewpost']) && $mybb->input['action'] != "do_newreply") 163 { 164 $username = ''; 165 } 166 else 167 { 168 $username = htmlspecialchars_uni($mybb->get_input('username')); 169 } 170 eval("\$loginbox = \"".$templates->get("loginbox")."\";"); 171 } 172 173 // Check to see if the thread is closed, and if the user is a mod. 174 if(!is_moderator($fid, "canpostclosedthreads")) 175 { 176 if($thread['closed'] == 1) 177 { 178 error($lang->redirect_threadclosed); 179 } 180 } 181 182 // No weird actions allowed, show new reply form if no regular action. 183 if($mybb->input['action'] != "do_newreply" && $mybb->input['action'] != "editdraft") 184 { 185 $mybb->input['action'] = "newreply"; 186 } 187 188 // Even if we are previewing, still show the new reply form. 189 if(!empty($mybb->input['previewpost'])) 190 { 191 $mybb->input['action'] = "newreply"; 192 } 193 194 // Setup a unique posthash for attachment management 195 if(!$mybb->get_input('posthash') && !$pid) 196 { 197 $mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].random_str()); 198 } 199 200 if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1) 201 { 202 error($lang->error_empty_post_input); 203 } 204 205 $errors = array(); 206 $maximageserror = $attacherror = ''; 207 if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_newreply" && $mybb->get_input('submit')) || ($mybb->input['action'] == "newreply" && isset($mybb->input['previewpost'])) || isset($mybb->input['savedraft'])) && !empty($_FILES['attachments'])))) 208 { 209 // Verify incoming POST request 210 verify_post_check($mybb->get_input('my_post_key')); 211 212 if($pid) 213 { 214 $attachwhere = "pid='{$pid}'"; 215 } 216 else 217 { 218 $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'"; 219 } 220 221 $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newreply"); 222 223 if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1) 224 { 225 if(isset($ret['success'])) 226 { 227 $attachment = array('aid'=>'{1}', 'icon'=>'{2}', 'filename'=>'{3}', 'size'=>'{4}'); 228 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0) 229 { 230 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 231 } 232 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 233 $attach_mod_options = ''; 234 eval("\$attemplate = \"".$templates->get("post_attachments_attachment")."\";"); 235 $ret['template'] = $attemplate; 236 237 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 238 $usage = $db->fetch_array($query); 239 $ret['usage'] = get_friendly_size($usage['ausage']); 240 } 241 242 header("Content-type: application/json; charset={$lang->settings['charset']}"); 243 echo json_encode($ret); 244 exit(); 245 } 246 247 if(!empty($ret['errors'])) 248 { 249 $errors = $ret['errors']; 250 } 251 252 // If we were dealing with an attachment but didn't click 'Post Reply' or 'Save as Draft', force the new reply page again. 253 if(!$mybb->get_input('submit') && !$mybb->get_input('savedraft')) 254 { 255 eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";"); 256 $mybb->input['action'] = "newreply"; 257 } 258 } 259 260 detect_attachmentact(); 261 262 // Remove an attachment. 263 if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove") 264 { 265 // Verify incoming POST request 266 verify_post_check($mybb->get_input('my_post_key')); 267 268 remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT)); 269 270 if(!$mybb->get_input('submit')) 271 { 272 eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";"); 273 $mybb->input['action'] = "newreply"; 274 } 275 276 if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1) 277 { 278 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 279 $usage = $db->fetch_array($query); 280 281 header("Content-type: application/json; charset={$lang->settings['charset']}"); 282 echo json_encode(array("success" => true, "usage" => get_friendly_size($usage['ausage']))); 283 exit(); 284 } 285 } 286 287 $reply_errors = $quoted_ids = ''; 288 $hide_captcha = false; 289 290 // Check the maximum posts per day for this user 291 if($mybb->usergroup['maxposts'] > 0) 292 { 293 $daycut = TIME_NOW-60*60*24; 294 $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible !='-1' AND dateline>{$daycut}"); 295 $post_count = $db->fetch_field($query, "posts_today"); 296 if($post_count >= $mybb->usergroup['maxposts']) 297 { 298 $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']); 299 error($lang->error_maxposts); 300 } 301 } 302 303 if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1) 304 { 305 $mybb->settings['postsperpage'] = 20; 306 } 307 308 if($mybb->input['action'] == "do_newreply" && $mybb->request_method == "post") 309 { 310 // Verify incoming POST request 311 verify_post_check($mybb->get_input('my_post_key')); 312 313 $plugins->run_hooks("newreply_do_newreply_start"); 314 315 // If this isn't a logged in user, then we need to do some special validation. 316 if($mybb->user['uid'] == 0) 317 { 318 // If they didn't specify a username leave blank so $lang->guest can be used on output 319 if(!$mybb->get_input('username')) 320 { 321 $username = ''; 322 } 323 // Otherwise use the name they specified. 324 else 325 { 326 $username = $mybb->get_input('username'); 327 } 328 $uid = 0; 329 330 331 if($mybb->settings['stopforumspam_on_newreply']) 332 { 333 require_once MYBB_ROOT . '/inc/class_stopforumspamchecker.php'; 334 335 $stop_forum_spam_checker = new StopForumSpamChecker( 336 $plugins, 337 $mybb->settings['stopforumspam_min_weighting_before_spam'], 338 $mybb->settings['stopforumspam_check_usernames'], 339 $mybb->settings['stopforumspam_check_emails'], 340 $mybb->settings['stopforumspam_check_ips'], 341 $mybb->settings['stopforumspam_log_blocks'] 342 ); 343 344 try { 345 if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip())) 346 { 347 error($lang->sprintf($lang->error_stop_forum_spam_spammer, 348 $stop_forum_spam_checker->getErrorText(array( 349 'stopforumspam_check_usernames', 350 'stopforumspam_check_ips' 351 )))); 352 } 353 } 354 catch (Exception $e) 355 { 356 if($mybb->settings['stopforumspam_block_on_error']) 357 { 358 error($lang->error_stop_forum_spam_fetching); 359 } 360 } 361 } 362 } 363 // This user is logged in. 364 else 365 { 366 $username = $mybb->user['username']; 367 $uid = $mybb->user['uid']; 368 } 369 370 // Attempt to see if this post is a duplicate or not 371 if($uid > 0) 372 { 373 $user_check = "p.uid='{$uid}'"; 374 } 375 else 376 { 377 $user_check = "p.ipaddress=".$db->escape_binary($session->packedip); 378 } 379 if(!$mybb->get_input('savedraft')) 380 { 381 $query = $db->simple_select("posts p", "p.pid, p.visible", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.visible > -1 AND p.dateline>".(TIME_NOW-600)); 382 if($db->num_rows($query) > 0) 383 { 384 error($lang->error_post_already_submitted); 385 } 386 } 387 388 // Set up posthandler. 389 require_once MYBB_ROOT."inc/datahandlers/post.php"; 390 $posthandler = new PostDataHandler("insert"); 391 392 // Set the post data that came from the input to the $post array. 393 $post = array( 394 "tid" => $mybb->get_input('tid', MyBB::INPUT_INT), 395 "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT), 396 "fid" => $thread['fid'], 397 "subject" => $mybb->get_input('subject'), 398 "icon" => $mybb->get_input('icon', MyBB::INPUT_INT), 399 "uid" => $uid, 400 "username" => $username, 401 "message" => $mybb->get_input('message'), 402 "ipaddress" => $session->packedip, 403 "posthash" => $mybb->get_input('posthash') 404 ); 405 406 if(isset($mybb->input['pid'])) 407 { 408 $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT); 409 } 410 411 // Are we saving a draft post? 412 if($mybb->get_input('savedraft') && $mybb->user['uid']) 413 { 414 $post['savedraft'] = 1; 415 } 416 else 417 { 418 $post['savedraft'] = 0; 419 } 420 421 $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 422 if(!isset($postoptions['signature'])) 423 { 424 $postoptions['signature'] = 0; 425 } 426 if(!isset($postoptions['subscriptionmethod'])) 427 { 428 $postoptions['subscriptionmethod'] = 0; 429 } 430 if(!isset($postoptions['disablesmilies'])) 431 { 432 $postoptions['disablesmilies'] = 0; 433 } 434 435 // Set up the post options from the input. 436 $post['options'] = array( 437 "signature" => $postoptions['signature'], 438 "subscriptionmethod" => $postoptions['subscriptionmethod'], 439 "disablesmilies" => $postoptions['disablesmilies'] 440 ); 441 442 // Apply moderation options if we have them 443 $post['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY); 444 445 $posthandler->set_data($post); 446 447 // Now let the post handler do all the hard work. 448 $valid_post = $posthandler->validate_post(); 449 450 $post_errors = array(); 451 // Fetch friendly error messages if this is an invalid post 452 if(!$valid_post) 453 { 454 $post_errors = $posthandler->get_friendly_errors(); 455 } 456 457 // Mark thread as read 458 require_once MYBB_ROOT."inc/functions_indicators.php"; 459 mark_thread_read($tid, $fid); 460 461 $json_data = ''; 462 463 // Check captcha image 464 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 465 { 466 require_once MYBB_ROOT.'inc/class_captcha.php'; 467 $post_captcha = new captcha(false, "post_captcha"); 468 469 if($post_captcha->validate_captcha() == false) 470 { 471 // CAPTCHA validation failed 472 foreach($post_captcha->get_errors() as $error) 473 { 474 $post_errors[] = $error; 475 } 476 } 477 else 478 { 479 $hide_captcha = true; 480 } 481 482 if($mybb->get_input('ajax', MyBB::INPUT_INT) && $post_captcha->type == 1) 483 { 484 $randomstr = random_str(5); 485 $imagehash = md5(random_str(12)); 486 487 $imagearray = array( 488 "imagehash" => $imagehash, 489 "imagestring" => $randomstr, 490 "dateline" => TIME_NOW 491 ); 492 493 $db->insert_query("captcha", $imagearray); 494 495 //header("Content-type: text/html; charset={$lang->settings['charset']}"); 496 $data = ''; 497 $data .= "<captcha>$imagehash"; 498 499 if($hide_captcha) 500 { 501 $data .= "|$randomstr"; 502 } 503 504 $data .= "</captcha>"; 505 506 //header("Content-type: application/json; charset={$lang->settings['charset']}"); 507 $json_data = array("data" => $data); 508 } 509 } 510 511 // One or more errors returned, fetch error list and throw to newreply page 512 if(count($post_errors) > 0) 513 { 514 $reply_errors = inline_error($post_errors, '', $json_data); 515 $mybb->input['action'] = "newreply"; 516 } 517 else 518 { 519 $postinfo = $posthandler->insert_post(); 520 $pid = $postinfo['pid']; 521 $visible = $postinfo['visible']; 522 523 if(isset($postinfo['closed'])) 524 { 525 $closed = $postinfo['closed']; 526 } 527 else 528 { 529 $closed = ''; 530 } 531 532 // Invalidate solved captcha 533 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 534 { 535 $post_captcha->invalidate_captcha(); 536 } 537 538 $force_redirect = false; 539 540 // Deciding the fate 541 if($visible == -2) 542 { 543 // Draft post 544 $lang->redirect_newreply = $lang->draft_saved; 545 $url = "usercp.php?action=drafts"; 546 } 547 elseif($visible == 1) 548 { 549 // Visible post 550 $lang->redirect_newreply .= $lang->redirect_newreply_post; 551 $url = get_post_link($pid, $tid)."#pid{$pid}"; 552 } 553 else 554 { 555 // Moderated post 556 $lang->redirect_newreply .= '<br />'.$lang->redirect_newreply_moderation; 557 $url = get_thread_link($tid); 558 559 // User must see moderation notice, regardless of redirect settings 560 $force_redirect = true; 561 } 562 563 // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected 564 if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0) 565 { 566 // We quoted all posts - remove the entire cookie 567 if($mybb->get_input('quoted_ids') == "all") 568 { 569 my_unsetcookie("multiquote"); 570 } 571 // Only quoted a few - attempt to remove them from the cookie 572 else 573 { 574 $quoted_ids = explode("|", $mybb->get_input('quoted_ids')); 575 $multiquote = explode("|", $mybb->cookies['multiquote']); 576 if(!empty($multiquote) && !empty($quoted_ids)) 577 { 578 foreach($multiquote as $key => $quoteid) 579 { 580 // If this ID was quoted, remove it from the multiquote list 581 if(in_array($quoteid, $quoted_ids)) 582 { 583 unset($multiquote[$key]); 584 } 585 } 586 // Still have an array - set the new cookie 587 if(!empty($multiquote)) 588 { 589 $new_multiquote = implode(",", $multiquote); 590 my_setcookie("multiquote", $new_multiquote); 591 } 592 // Otherwise, unset it 593 else 594 { 595 my_unsetcookie("multiquote"); 596 } 597 } 598 } 599 } 600 601 $plugins->run_hooks("newreply_do_newreply_end"); 602 603 // This was a post made via the ajax quick reply - we need to do some special things here 604 if($mybb->get_input('ajax', MyBB::INPUT_INT)) 605 { 606 // Visible post 607 if($visible == 1) 608 { 609 // Set post counter 610 $postcounter = $thread['replies'] + 1; 611 612 if(is_moderator($fid, "canviewunapprove")) 613 { 614 $postcounter += $thread['unapprovedposts']; 615 } 616 if(is_moderator($fid, "canviewdeleted")) 617 { 618 $postcounter += $thread['deletedposts']; 619 } 620 621 // Was there a new post since we hit the quick reply button? 622 if($mybb->get_input('lastpid', MyBB::INPUT_INT)) 623 { 624 $query = $db->simple_select("posts", "pid", "tid = '{$tid}' AND pid != '{$pid}'", array("order_by" => "pid", "order_dir" => "desc")); 625 $new_post = $db->fetch_array($query); 626 if($new_post['pid'] != $mybb->get_input('lastpid', MyBB::INPUT_INT)) 627 { 628 redirect(get_thread_link($tid, 0, "lastpost")); 629 } 630 } 631 632 // Lets see if this post is on the same page as the one we're viewing or not 633 // if it isn't, redirect us 634 if($mybb->settings['postsperpage'] > 0) 635 { 636 $post_page = ceil(($postcounter + 1) / $mybb->settings['postsperpage']); 637 } 638 else 639 { 640 $post_page = 1; 641 } 642 643 if($post_page > $mybb->get_input('from_page', MyBB::INPUT_INT)) 644 { 645 redirect(get_thread_link($tid, 0, "lastpost")); 646 exit; 647 } 648 649 // Return the post HTML and display it inline 650 $query = $db->query(" 651 SELECT u.*, u.username AS userusername, p.*, f.*, eu.username AS editusername 652 FROM ".TABLE_PREFIX."posts p 653 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 654 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 655 LEFT JOIN ".TABLE_PREFIX."users eu ON (eu.uid=p.edituid) 656 WHERE p.pid='{$pid}' 657 "); 658 $post = $db->fetch_array($query); 659 660 // Now lets fetch all of the attachments for this post 661 $query = $db->simple_select("attachments", "*", "pid='{$pid}'"); 662 while($attachment = $db->fetch_array($query)) 663 { 664 $attachcache[$attachment['pid']][$attachment['aid']] = $attachment; 665 } 666 667 // Establish altbg - may seem like this is backwards, but build_postbit reverses it 668 if(($postcounter - $mybb->settings['postsperpage']) % 2 != 0) 669 { 670 $altbg = "trow1"; 671 } 672 else 673 { 674 $altbg = "trow2"; 675 } 676 677 $charset = "UTF-8"; 678 if($lang->settings['charset']) 679 { 680 $charset = $lang->settings['charset']; 681 } 682 683 require_once MYBB_ROOT."inc/functions_post.php"; 684 $pid = $post['pid']; 685 $post = build_postbit($post); 686 687 $data = ''; 688 $data .= $post; 689 690 // Build a new posthash incase the user wishes to quick reply again 691 $new_posthash = md5($mybb->user['uid'].random_str()); 692 $data .= "<script type=\"text/javascript\">\n"; 693 $data .= "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n"; 694 $data .= "if(typeof(inlineModeration) != 'undefined') { 695 $('#inlinemod_{$pid}').on(\"click\", function(e) { 696 inlineModeration.checkItem(); 697 }); 698 }\n"; 699 700 if($closed == 1) 701 { 702 $data .= "$('#quick_reply_form .trow1').removeClass('trow1 trow2').addClass('trow_shaded');\n"; 703 } 704 else 705 { 706 $data .= "$('#quick_reply_form .trow_shaded').removeClass('trow_shaded').addClass('trow1');\n"; 707 } 708 709 $data .= "</script>\n"; 710 711 header("Content-type: application/json; charset={$lang->settings['charset']}"); 712 echo json_encode(array("data" => $data)); 713 714 exit; 715 } 716 // Post is in the moderation queue 717 else 718 { 719 redirect(get_thread_link($tid, 0, "lastpost"), $lang->redirect_newreply_moderation, "", true); 720 exit; 721 } 722 } 723 else 724 { 725 $lang->redirect_newreply .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid)); 726 redirect($url, $lang->redirect_newreply, "", $force_redirect); 727 exit; 728 } 729 } 730 } 731 732 // Show the newreply form. 733 if($mybb->input['action'] == "newreply" || $mybb->input['action'] == "editdraft") 734 { 735 $plugins->run_hooks("newreply_start"); 736 737 $quote_ids = $multiquote_external = ''; 738 // If this isn't a preview and we're not editing a draft, then handle quoted posts 739 if(empty($mybb->input['previewpost']) && !$reply_errors && $mybb->input['action'] != "editdraft" && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && !$mybb->get_input('newattachment') && !$mybb->get_input('updateattachment')) 740 { 741 $message = ''; 742 $quoted_posts = array(); 743 // Handle multiquote 744 if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0) 745 { 746 $multiquoted = explode("|", $mybb->cookies['multiquote']); 747 foreach($multiquoted as $post) 748 { 749 $quoted_posts[$post] = (int)$post; 750 } 751 } 752 // Handle incoming 'quote' button 753 if($replyto) 754 { 755 $quoted_posts[$replyto] = $replyto; 756 } 757 758 // Quoting more than one post - fetch them 759 if(count($quoted_posts) > 0) 760 { 761 $external_quotes = 0; 762 $quoted_posts = implode(",", $quoted_posts); 763 $quoted_ids = array(); 764 $unviewable_forums = get_unviewable_forums(); 765 $inactiveforums = get_inactive_forums(); 766 if($unviewable_forums) 767 { 768 $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})"; 769 } 770 if($inactiveforums) 771 { 772 $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})"; 773 } 774 775 // Check group permissions if we can't view threads not started by us 776 $group_permissions = forum_permissions(); 777 $onlyusfids = array(); 778 $onlyusforums = ''; 779 foreach($group_permissions as $gpfid => $forum_permissions) 780 { 781 if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1) 782 { 783 $onlyusfids[] = $gpfid; 784 } 785 } 786 if(!empty($onlyusfids)) 787 { 788 $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))"; 789 } 790 791 if(is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted')) 792 { 793 $visible_where = "AND p.visible IN (-1,0,1)"; 794 } 795 elseif(is_moderator($fid, 'canviewunapprove') && !is_moderator($fid, 'canviewdeleted')) 796 { 797 $visible_where = "AND p.visible IN (0,1)"; 798 } 799 elseif(!is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted')) 800 { 801 $visible_where = "AND p.visible IN (-1,1)"; 802 } 803 else 804 { 805 $visible_where = "AND p.visible=1"; 806 } 807 808 require_once MYBB_ROOT."inc/functions_posting.php"; 809 $query = $db->query(" 810 SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername 811 FROM ".TABLE_PREFIX."posts p 812 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 813 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 814 WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where} 815 "); 816 $load_all = $mybb->get_input('load_all_quotes', MyBB::INPUT_INT); 817 while($quoted_post = $db->fetch_array($query)) 818 { 819 // Only show messages for the current thread 820 if($quoted_post['tid'] == $tid || $load_all == 1) 821 { 822 // If this post was the post for which a quote button was clicked, set the subject 823 if($replyto == $quoted_post['pid']) 824 { 825 $subject = preg_replace('#^RE:\s?#i', '', $quoted_post['subject']); 826 // Subject too long? Shorten it to avoid error message 827 if(my_strlen($subject) > 85) 828 { 829 $subject = my_substr($subject, 0, 82).'...'; 830 } 831 $subject = "RE: ".$subject; 832 } 833 $message .= parse_quoted_message($quoted_post); 834 $quoted_ids[] = $quoted_post['pid']; 835 } 836 // Count the rest 837 else 838 { 839 ++$external_quotes; 840 } 841 } 842 if($mybb->settings['maxquotedepth'] != '0') 843 { 844 $message = remove_message_quotes($message); 845 } 846 if($external_quotes > 0) 847 { 848 if($external_quotes == 1) 849 { 850 $multiquote_text = $lang->multiquote_external_one; 851 $multiquote_deselect = $lang->multiquote_external_one_deselect; 852 $multiquote_quote = $lang->multiquote_external_one_quote; 853 } 854 else 855 { 856 $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes); 857 $multiquote_deselect = $lang->multiquote_external_deselect; 858 $multiquote_quote = $lang->multiquote_external_quote; 859 } 860 eval("\$multiquote_external = \"".$templates->get("newreply_multiquote_external")."\";"); 861 } 862 $quoted_ids = implode("|", $quoted_ids); 863 } 864 } 865 866 if(isset($mybb->input['quoted_ids'])) 867 { 868 $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids')); 869 } 870 871 if(isset($mybb->input['previewpost'])) 872 { 873 $previewmessage = $mybb->get_input('message'); 874 } 875 if(empty($message)) 876 { 877 $message = $mybb->get_input('message'); 878 } 879 $message = htmlspecialchars_uni($message); 880 881 $postoptionschecked = array('signature' => '', 'disablesmilies' => ''); 882 $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = ''; 883 884 // Set up the post options. 885 if(!empty($mybb->input['previewpost']) || $reply_errors != '') 886 { 887 $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 888 889 if(isset($postoptions['signature']) && $postoptions['signature'] == 1) 890 { 891 $postoptionschecked['signature'] = " checked=\"checked\""; 892 } 893 if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1) 894 { 895 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 896 } 897 $subscription_method = get_subscription_method($tid, $postoptions); 898 $subject = $mybb->input['subject']; 899 } 900 elseif($mybb->input['action'] == "editdraft" && $mybb->user['uid']) 901 { 902 $message = htmlspecialchars_uni($post['message']); 903 $subject = $post['subject']; 904 if($post['includesig'] != 0) 905 { 906 $postoptionschecked['signature'] = " checked=\"checked\""; 907 } 908 if($post['smilieoff'] == 1) 909 { 910 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 911 } 912 $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts 913 $mybb->input['icon'] = $post['icon']; 914 } 915 else 916 { 917 if($mybb->user['signature'] != '') 918 { 919 $postoptionschecked['signature'] = " checked=\"checked\""; 920 } 921 $subscription_method = get_subscription_method($tid); 922 } 923 ${$subscription_method.'subscribe'} = "checked=\"checked\" "; 924 925 if($forum['allowpicons'] != 0) 926 { 927 $posticons = get_post_icons(); 928 } 929 930 // No subject? 931 if(!isset($subject)) 932 { 933 if(!empty($mybb->input['subject'])) 934 { 935 $subject = $mybb->get_input('subject'); 936 } 937 else 938 { 939 $subject = $thread_subject; 940 // Subject too long? Shorten it to avoid error message 941 if(my_strlen($subject) > 85) 942 { 943 $subject = my_substr($subject, 0, 82).'...'; 944 } 945 $subject = "RE: ".$subject; 946 } 947 } 948 949 // Preview a post that was written. 950 $preview = ''; 951 if(!empty($mybb->input['previewpost'])) 952 { 953 // If this isn't a logged in user, then we need to do some special validation. 954 if($mybb->user['uid'] == 0) 955 { 956 // If they didn't specify a username leave blank so $lang->guest can be used on output 957 if(!$mybb->get_input('username')) 958 { 959 $username = ''; 960 } 961 // Otherwise use the name they specified. 962 else 963 { 964 $username = $mybb->get_input('username'); 965 } 966 $uid = 0; 967 } 968 // This user is logged in. 969 else 970 { 971 $username = $mybb->user['username']; 972 $uid = $mybb->user['uid']; 973 } 974 975 // Set up posthandler. 976 require_once MYBB_ROOT."inc/datahandlers/post.php"; 977 $posthandler = new PostDataHandler("insert"); 978 $posthandler->action = "post"; 979 980 // Set the post data that came from the input to the $post array. 981 $post = array( 982 "tid" => $mybb->get_input('tid', MyBB::INPUT_INT), 983 "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT), 984 "fid" => $thread['fid'], 985 "subject" => $mybb->get_input('subject'), 986 "icon" => $mybb->get_input('icon', MyBB::INPUT_INT), 987 "uid" => $uid, 988 "username" => $username, 989 "message" => $mybb->get_input('message'), 990 "ipaddress" => $session->packedip, 991 "posthash" => $mybb->get_input('posthash') 992 ); 993 994 if(isset($mybb->input['pid'])) 995 { 996 $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT); 997 } 998 999 $posthandler->set_data($post); 1000 1001 // Now let the post handler do all the hard work. 1002 $valid_post = $posthandler->verify_message(); 1003 $valid_subject = $posthandler->verify_subject(); 1004 1005 // guest post --> verify author 1006 if($post['uid'] == 0) 1007 { 1008 $valid_username = $posthandler->verify_author(); 1009 } 1010 else 1011 { 1012 $valid_username = true; 1013 } 1014 1015 $post_errors = array(); 1016 // Fetch friendly error messages if this is an invalid post 1017 if(!$valid_post || !$valid_subject || !$valid_username) 1018 { 1019 $post_errors = $posthandler->get_friendly_errors(); 1020 } 1021 1022 // One or more errors returned, fetch error list and throw to newreply page 1023 if(count($post_errors) > 0) 1024 { 1025 $reply_errors = inline_error($post_errors); 1026 } 1027 else 1028 { 1029 $quote_ids = htmlspecialchars_uni($mybb->get_input('quote_ids')); 1030 $mybb->input['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT); 1031 $query = $db->query(" 1032 SELECT u.*, f.* 1033 FROM ".TABLE_PREFIX."users u 1034 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 1035 WHERE u.uid='".$mybb->user['uid']."' 1036 "); 1037 $post = $db->fetch_array($query); 1038 $post['username'] = $username; 1039 if($mybb->user['uid']) 1040 { 1041 $post['userusername'] = $mybb->user['username']; 1042 } 1043 $post['message'] = $previewmessage; 1044 $post['subject'] = $subject; 1045 $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT); 1046 $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 1047 if(isset($mybb->input['postoptions']['disablesmilies'])) 1048 { 1049 $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies']; 1050 } 1051 $post['dateline'] = TIME_NOW; 1052 if(isset($mybb->input['postoptions']['signature'])) 1053 { 1054 $post['includesig'] = $mybb->input['postoptions']['signature']; 1055 } 1056 if(!isset($post['includesig']) || $post['includesig'] != 1) 1057 { 1058 $post['includesig'] = 0; 1059 } 1060 1061 // Fetch attachments assigned to this post. 1062 if($mybb->get_input('pid', MyBB::INPUT_INT)) 1063 { 1064 $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'"; 1065 } 1066 else 1067 { 1068 $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'"; 1069 } 1070 1071 $query = $db->simple_select("attachments", "*", $attachwhere); 1072 while($attachment = $db->fetch_array($query)) 1073 { 1074 $attachcache[0][$attachment['aid']] = $attachment; 1075 } 1076 1077 $postbit = build_postbit($post, 1); 1078 eval("\$preview = \"".$templates->get("previewpost")."\";"); 1079 } 1080 } 1081 1082 $subject = htmlspecialchars_uni($parser->parse_badwords($subject)); 1083 1084 $posthash = htmlspecialchars_uni($mybb->get_input('posthash')); 1085 1086 // Do we have attachment errors? 1087 if(count($errors) > 0) 1088 { 1089 $reply_errors = inline_error($errors); 1090 } 1091 1092 // Get a listing of the current attachments. 1093 if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0) 1094 { 1095 $attachcount = 0; 1096 if($pid) 1097 { 1098 $attachwhere = "pid='$pid'"; 1099 } 1100 else 1101 { 1102 $attachwhere = "posthash='".$db->escape_string($posthash)."'"; 1103 } 1104 $attachments = ''; 1105 $query = $db->simple_select("attachments", "*", $attachwhere); 1106 while($attachment = $db->fetch_array($query)) 1107 { 1108 $attachment['size'] = get_friendly_size($attachment['filesize']); 1109 $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename'])); 1110 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 1111 1112 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 1113 { 1114 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 1115 } 1116 1117 $attach_mod_options = ''; 1118 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 1119 1120 if($attachment['visible'] != 1) 1121 { 1122 eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";"); 1123 } 1124 else 1125 { 1126 eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";"); 1127 } 1128 $attachcount++; 1129 } 1130 1131 $noshowattach = ''; 1132 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 1133 $usage = $db->fetch_array($query); 1134 1135 if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0) 1136 { 1137 $noshowattach = 1; 1138 } 1139 1140 if($mybb->usergroup['attachquota'] == 0) 1141 { 1142 $friendlyquota = $lang->unlimited; 1143 } 1144 else 1145 { 1146 $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024); 1147 } 1148 $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota); 1149 1150 $link_viewattachments = ''; 1151 if($usage['ausage'] !== NULL) 1152 { 1153 $friendlyusage = get_friendly_size($usage['ausage']); 1154 $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage); 1155 eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";"); 1156 } 1157 else 1158 { 1159 $lang->attach_usage = ""; 1160 } 1161 1162 $attach_add_options = ''; 1163 if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach) 1164 { 1165 eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";"); 1166 } 1167 1168 $attach_update_options = ''; 1169 if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0) 1170 { 1171 eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";"); 1172 } 1173 1174 if($attach_add_options || $attach_update_options) 1175 { 1176 eval("\$newattach = \"".$templates->get("post_attachments_new")."\";"); 1177 } 1178 1179 eval("\$attachbox = \"".$templates->get("post_attachments")."\";"); 1180 } 1181 else 1182 { 1183 $attachbox = ''; 1184 } 1185 1186 // If the user is logged in, provide a save draft button. 1187 if($mybb->user['uid']) 1188 { 1189 eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";"); 1190 } 1191 1192 // Show captcha image for guests if enabled 1193 $captcha = ''; 1194 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 1195 { 1196 $correct = false; 1197 require_once MYBB_ROOT.'inc/class_captcha.php'; 1198 $post_captcha = new captcha(false, "post_captcha"); 1199 1200 if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1) 1201 { 1202 // If previewing a post - check their current captcha input - if correct, hide the captcha input area 1203 // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits 1204 if($post_captcha->validate_captcha() == true) 1205 { 1206 $correct = true; 1207 1208 // Generate a hidden list of items for our captcha 1209 $captcha = $post_captcha->build_hidden_captcha(); 1210 } 1211 } 1212 1213 if(!$correct) 1214 { 1215 if($post_captcha->type == captcha::DEFAULT_CAPTCHA) 1216 { 1217 $post_captcha->build_captcha(); 1218 } 1219 elseif(in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3))) 1220 { 1221 $post_captcha->build_recaptcha(); 1222 } 1223 elseif(in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE))) 1224 { 1225 $post_captcha->build_hcaptcha(); 1226 } 1227 } 1228 else if($correct && (in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3)))) 1229 { 1230 $post_captcha->build_recaptcha(); 1231 } 1232 else if($correct && (in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE)))) 1233 { 1234 $post_captcha->build_hcaptcha(); 1235 } 1236 1237 if($post_captcha->html) 1238 { 1239 $captcha = $post_captcha->html; 1240 } 1241 } 1242 1243 $reviewmore = ''; 1244 $threadreview = ''; 1245 if($mybb->settings['threadreview'] != 0) 1246 { 1247 if(is_moderator($fid, "canviewunapprove") || $mybb->settings['showownunapproved']) 1248 { 1249 $visibility = "(visible='1' OR visible='0')"; 1250 } 1251 else 1252 { 1253 $visibility = "visible='1'"; 1254 } 1255 $query = $db->simple_select("posts", "COUNT(pid) AS post_count", "tid='{$tid}' AND {$visibility}"); 1256 $numposts = $db->fetch_field($query, "post_count"); 1257 1258 if($numposts > $mybb->settings['postsperpage']) 1259 { 1260 $numposts = $mybb->settings['postsperpage']; 1261 $lang->thread_review_more = $lang->sprintf($lang->thread_review_more, $mybb->settings['postsperpage'], get_thread_link($tid)); 1262 eval("\$reviewmore = \"".$templates->get("newreply_threadreview_more")."\";"); 1263 } 1264 1265 $pidin = array(); 1266 $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND {$visibility}", array("order_by" => "dateline DESC, pid DESC", "limit" => $mybb->settings['postsperpage'])); 1267 while($post = $db->fetch_array($query)) 1268 { 1269 $pidin[] = $post['pid']; 1270 } 1271 1272 if(!empty($pidin)) 1273 { 1274 $pidin = implode(",", $pidin); 1275 1276 // Fetch attachments 1277 $query = $db->simple_select("attachments", "*", "pid IN ($pidin)"); 1278 while($attachment = $db->fetch_array($query)) 1279 { 1280 $attachcache[$attachment['pid']][$attachment['aid']] = $attachment; 1281 } 1282 $query = $db->query(" 1283 SELECT p.*, u.username AS userusername 1284 FROM ".TABLE_PREFIX."posts p 1285 LEFT JOIN ".TABLE_PREFIX."users u ON (p.uid=u.uid) 1286 WHERE pid IN ($pidin) 1287 ORDER BY dateline DESC, pid DESC 1288 "); 1289 $postsdone = 0; 1290 $altbg = "trow1"; 1291 $reviewbits = ''; 1292 while($post = $db->fetch_array($query)) 1293 { 1294 if($post['userusername']) 1295 { 1296 $post['username'] = $post['userusername']; 1297 } 1298 $reviewpostdate = my_date('relative', $post['dateline']); 1299 $parser_options = array( 1300 "allow_html" => $forum['allowhtml'], 1301 "allow_mycode" => $forum['allowmycode'], 1302 "allow_smilies" => $forum['allowsmilies'], 1303 "allow_imgcode" => $forum['allowimgcode'], 1304 "allow_videocode" => $forum['allowvideocode'], 1305 "me_username" => $post['username'], 1306 "filter_badwords" => 1 1307 ); 1308 if($post['smilieoff'] == 1) 1309 { 1310 $parser_options['allow_smilies'] = 0; 1311 } 1312 1313 if($mybb->user['uid'] != 0 && $mybb->user['showimages'] != 1 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0) 1314 { 1315 $parser_options['allow_imgcode'] = 0; 1316 } 1317 1318 if($mybb->user['uid'] != 0 && $mybb->user['showvideos'] != 1 || $mybb->settings['guestvideos'] != 1 && $mybb->user['uid'] == 0) 1319 { 1320 $parser_options['allow_videocode'] = 0; 1321 } 1322 1323 $post['username'] = htmlspecialchars_uni($post['username']); 1324 1325 if($post['visible'] != 1) 1326 { 1327 $altbg = "trow_shaded"; 1328 } 1329 1330 $plugins->run_hooks("newreply_threadreview_post"); 1331 1332 $post['message'] = $parser->parse_message($post['message'], $parser_options); 1333 get_post_attachments($post['pid'], $post); 1334 $reviewmessage = $post['message']; 1335 eval("\$reviewbits .= \"".$templates->get("newreply_threadreview_post")."\";"); 1336 if($altbg == "trow1") 1337 { 1338 $altbg = "trow2"; 1339 } 1340 else 1341 { 1342 $altbg = "trow1"; 1343 } 1344 } 1345 eval("\$threadreview = \"".$templates->get("newreply_threadreview")."\";"); 1346 } 1347 } 1348 1349 // Hide signature option if no permission 1350 $signature = ''; 1351 if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature']) 1352 { 1353 eval("\$signature = \"".$templates->get('newreply_signature')."\";"); 1354 } 1355 1356 // Can we disable smilies or are they disabled already? 1357 $disablesmilies = ''; 1358 if($forum['allowsmilies'] != 0) 1359 { 1360 eval("\$disablesmilies = \"".$templates->get("newreply_disablesmilies")."\";"); 1361 } 1362 1363 $postoptions = ''; 1364 if(!empty($signature) || !empty($disablesmilies)) 1365 { 1366 eval("\$postoptions = \"".$templates->get("newreply_postoptions")."\";"); 1367 $bgcolor = "trow2"; 1368 } 1369 else 1370 { 1371 $bgcolor = "trow1"; 1372 } 1373 1374 $modoptions = ''; 1375 // Show the moderator options. 1376 if(is_moderator($fid)) 1377 { 1378 if($mybb->get_input('processed', MyBB::INPUT_INT)) 1379 { 1380 $mybb->input['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY); 1381 if(!isset($mybb->input['modoptions']['closethread'])) 1382 { 1383 $mybb->input['modoptions']['closethread'] = 0; 1384 } 1385 $closed = (int)$mybb->input['modoptions']['closethread']; 1386 if(!isset($mybb->input['modoptions']['stickthread'])) 1387 { 1388 $mybb->input['modoptions']['stickthread'] = 0; 1389 } 1390 $stuck = (int)$mybb->input['modoptions']['stickthread']; 1391 } 1392 else 1393 { 1394 $closed = $thread['closed']; 1395 $stuck = $thread['sticky']; 1396 } 1397 1398 if($closed) 1399 { 1400 $closecheck = ' checked="checked"'; 1401 } 1402 else 1403 { 1404 $closecheck = ''; 1405 } 1406 1407 if($stuck) 1408 { 1409 $stickycheck = ' checked="checked"'; 1410 } 1411 else 1412 { 1413 $stickycheck = ''; 1414 } 1415 1416 $closeoption = ''; 1417 if(is_moderator($thread['fid'], "canopenclosethreads")) 1418 { 1419 eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";"); 1420 } 1421 1422 $stickoption = ''; 1423 if(is_moderator($thread['fid'], "canstickunstickthreads")) 1424 { 1425 eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";"); 1426 } 1427 1428 if(!empty($closeoption) || !empty($stickoption)) 1429 { 1430 eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";"); 1431 $bgcolor = "trow1"; 1432 } 1433 else 1434 { 1435 $bgcolor = "trow2"; 1436 } 1437 } 1438 else 1439 { 1440 $bgcolor = "trow2"; 1441 } 1442 1443 // Fetch subscription select box 1444 eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";"); 1445 1446 $lang->post_reply_to = $lang->sprintf($lang->post_reply_to, $thread['subject']); 1447 $lang->reply_to = $lang->sprintf($lang->reply_to, $thread['subject']); 1448 1449 // Do we have any forum rules to show for this forum? 1450 $forumrules = ''; 1451 if($forum['rulestype'] >= 2 && $forum['rules']) 1452 { 1453 if(!$forum['rulestitle']) 1454 { 1455 $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']); 1456 } 1457 1458 if(!$parser) 1459 { 1460 require_once MYBB_ROOT.'inc/class_parser.php'; 1461 $parser = new postParser; 1462 } 1463 1464 $rules_parser = array( 1465 "allow_html" => 1, 1466 "allow_mycode" => 1, 1467 "allow_smilies" => 1, 1468 "allow_imgcode" => 1 1469 ); 1470 1471 $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser); 1472 $foruminfo = $forum; 1473 1474 if($forum['rulestype'] == 3) 1475 { 1476 eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";"); 1477 } 1478 else if($forum['rulestype'] == 2) 1479 { 1480 eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";"); 1481 } 1482 } 1483 1484 $moderation_notice = ''; 1485 if(!is_moderator($forum['fid'], "canapproveunapproveattachs")) 1486 { 1487 if($forumpermissions['modattachments'] == 1 && $forumpermissions['canpostattachments'] != 0) 1488 { 1489 $moderation_text = $lang->moderation_forum_attachments; 1490 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 1491 } 1492 } 1493 if(!is_moderator($forum['fid'], "canapproveunapproveposts")) 1494 { 1495 if($forumpermissions['modposts'] == 1) 1496 { 1497 $moderation_text = $lang->moderation_forum_posts; 1498 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 1499 } 1500 1501 if($mybb->user['moderateposts'] == 1) 1502 { 1503 $moderation_text = $lang->moderation_user_posts; 1504 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 1505 } 1506 } 1507 1508 $php_max_upload_size = get_php_upload_limit(); 1509 $php_max_file_uploads = (int)ini_get('max_file_uploads'); 1510 eval("\$post_javascript = \"".$templates->get("post_javascript")."\";"); 1511 1512 $plugins->run_hooks("newreply_end"); 1513 1514 $forum['name'] = strip_tags($forum['name']); 1515 1516 eval("\$newreply = \"".$templates->get("newreply")."\";"); 1517 output_page($newreply); 1518 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |