[ Index ]

PHP Cross Reference of MyBB 1.8.26

title

Body

[close]

/ -> editpost.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'editpost.php');
  13  
  14  $templatelist = "editpost,previewpost,changeuserbox,codebuttons,post_attachments_attachment_postinsert,post_attachments_attachment_mod_unapprove,postbit_attachments_thumbnails,postbit_profilefield_multiselect_value";
  15  $templatelist .= ",editpost_delete,forumdisplay_password_wrongpass,forumdisplay_password,editpost_reason,post_attachments_attachment_remove,post_attachments_update,post_subscription_method,postbit_profilefield_multiselect";
  16  $templatelist .= ",postbit_avatar,postbit_find,postbit_pm,postbit_rep_button,postbit_www,postbit_email,postbit_reputation,postbit_warn,postbit_warninglevel,postbit_author_user,posticons";
  17  $templatelist .= ",postbit_signature,postbit_classic,postbit,postbit_attachments_thumbnails_thumbnail,postbit_attachments_images_image,postbit_attachments_attachment,postbit_attachments_attachment_unapproved";
  18  $templatelist .= ",posticons_icon,post_prefixselect_prefix,post_prefixselect_single,newthread_postpoll,editpost_disablesmilies,post_attachments_attachment_mod_approve,post_attachments_attachment_unapproved";
  19  $templatelist .= ",postbit_warninglevel_formatted,postbit_reputation_formatted_link,editpost_signature,attachment_icon,post_attachments_attachment,post_attachments_add,post_attachments,editpost_postoptions,post_attachments_viewlink";
  20  $templatelist .= ",postbit_attachments_images,global_moderation_notice,post_attachments_new,postbit_attachments,postbit_online,postbit_away,postbit_offline,postbit_gotopost,postbit_userstar,postbit_icon";
  21  
  22  require_once  "./global.php";
  23  require_once  MYBB_ROOT."inc/functions_post.php";
  24  require_once  MYBB_ROOT."inc/functions_upload.php";
  25  require_once  MYBB_ROOT."inc/class_parser.php";
  26  $parser = new postParser;
  27  
  28  // Load global language phrases
  29  $lang->load("editpost");
  30  
  31  $plugins->run_hooks("editpost_start");
  32  
  33  // No permission for guests
  34  if(!$mybb->user['uid'])
  35  {
  36      error_no_permission();
  37  }
  38  
  39  // Get post info
  40  $pid = $mybb->get_input('pid', MyBB::INPUT_INT);
  41  
  42  // if we already have the post information...
  43  if(isset($style) && $style['pid'] == $pid && $style['type'] != 'f')
  44  {
  45      $post = &$style;
  46  }
  47  else
  48  {
  49      $post = get_post($pid);
  50  }
  51  
  52  if(!$post || ($post['visible'] == -1 && $mybb->input['action'] != "restorepost"))
  53  {
  54      error($lang->error_invalidpost);
  55  }
  56  
  57  // Get thread info
  58  $tid = $post['tid'];
  59  $thread = get_thread($tid);
  60  
  61  if(!$thread)
  62  {
  63      error($lang->error_invalidthread);
  64  }
  65  
  66  $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
  67  
  68  // Get forum info
  69  $fid = $post['fid'];
  70  $forum = get_forum($fid);
  71  
  72  if($thread['visible'] == 0 && !is_moderator($fid, "canviewunapprove") || $thread['visible'] == -1 && !is_moderator($fid, "canviewdeleted") || ($thread['visible'] < -1 && $thread['uid'] != $mybb->user['uid']))
  73  {
  74      if($thread['visible'] == 0 && !($mybb->settings['showownunapproved'] && $thread['uid'] == $mybb->user['uid']))
  75      {
  76          error($lang->error_invalidthread);
  77      }
  78  }
  79  if(!$forum || $forum['type'] != "f")
  80  {
  81      error($lang->error_closedinvalidforum);
  82  }
  83  if(($forum['open'] == 0 && !is_moderator($fid, "caneditposts")) || $mybb->user['suspendposting'] == 1)
  84  {
  85      error_no_permission();
  86  }
  87  
  88  // Add prefix to breadcrumb
  89  $breadcrumbprefix = '';
  90  if($thread['prefix'])
  91  {
  92      $threadprefixes = build_prefixes();
  93      if(!empty($threadprefixes[$thread['prefix']]))
  94      {
  95          $breadcrumbprefix = $threadprefixes[$thread['prefix']]['displaystyle'].'&nbsp;';
  96      }
  97  }
  98  
  99  // Make navigation
 100  build_forum_breadcrumb($fid);
 101  add_breadcrumb($breadcrumbprefix.$thread['subject'], get_thread_link($thread['tid']));
 102  add_breadcrumb($lang->nav_editpost);
 103  
 104  $forumpermissions = forum_permissions($fid);
 105  
 106  if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 107  {
 108      $codebuttons = build_mycode_inserter("message", $mybb->settings['smilieinserter']);
 109  }
 110  if($mybb->settings['smilieinserter'] != 0)
 111  {
 112      $smilieinserter = build_clickable_smilies();
 113  }
 114  
 115  $mybb->input['action'] = $mybb->get_input('action');
 116  if(!$mybb->input['action'] || isset($mybb->input['previewpost']))
 117  {
 118      $mybb->input['action'] = "editpost";
 119  }
 120  
 121  if($mybb->input['action'] == "deletepost" && $mybb->request_method == "post")
 122  {
 123      if(!is_moderator($fid, "candeleteposts") && !is_moderator($fid, "cansoftdeleteposts") && $pid != $thread['firstpost'] || !is_moderator($fid, "candeletethreads") && !is_moderator($fid, "cansoftdeletethreads") && $pid == $thread['firstpost'])
 124      {
 125          if($thread['closed'] == 1)
 126          {
 127              error($lang->redirect_threadclosed);
 128          }
 129          if($forumpermissions['candeleteposts'] == 0 && $pid != $thread['firstpost'] || $forumpermissions['candeletethreads'] == 0 && $pid == $thread['firstpost'])
 130          {
 131              error_no_permission();
 132          }
 133          if($mybb->user['uid'] != $post['uid'])
 134          {
 135              error_no_permission();
 136          }
 137          // User can't delete unapproved post unless allowed for own
 138          if($post['visible'] == 0 && !($mybb->settings['showownunapproved'] && $post['uid'] == $mybb->user['uid']))
 139          {
 140              error_no_permission();
 141          }
 142      }
 143      if($post['visible'] == -1 && $mybb->settings['soft_delete'] == 1)
 144      {
 145          error($lang->error_already_deleted);
 146      }
 147  }
 148  elseif($mybb->input['action'] == "restorepost" && $mybb->request_method == "post")
 149  {
 150      if(!is_moderator($fid, "canrestoreposts") && $pid != $thread['firstpost'] || !is_moderator($fid, "canrestorethreads") && $pid == $thread['firstpost'] || $post['visible'] != -1)
 151      {
 152          error_no_permission();
 153      }
 154  }
 155  else
 156  {
 157      if(!is_moderator($fid, "caneditposts"))
 158      {
 159          if($thread['closed'] == 1)
 160          {
 161              error($lang->redirect_threadclosed);
 162          }
 163          if($forumpermissions['caneditposts'] == 0)
 164          {
 165              error_no_permission();
 166          }
 167          if($mybb->user['uid'] != $post['uid'])
 168          {
 169              error_no_permission();
 170          }
 171          // Edit time limit
 172          $time = TIME_NOW;
 173          if($mybb->usergroup['edittimelimit'] != 0 && $post['dateline'] < ($time-($mybb->usergroup['edittimelimit']*60)))
 174          {
 175              $lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->usergroup['edittimelimit']);
 176              error($lang->edit_time_limit);
 177          }
 178          // User can't edit unapproved post
 179          if(($post['visible'] == 0 && !($mybb->settings['showownunapproved'] && $post['uid'] == $mybb->user['uid'])) || $post['visible'] == -1)
 180          {
 181              error_no_permission();
 182          }
 183      }
 184  }
 185  
 186  // Check if this forum is password protected and we have a valid password
 187  check_forum_password($forum['fid']);
 188  
 189  if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == '1')
 190  {
 191      error($lang->error_empty_post_input);
 192  }
 193  
 194  $attacherror = '';
 195  if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_editpost" && isset($mybb->input['submitbutton'])) || ($mybb->input['action'] == "editpost" && isset($mybb->input['previewpost']))) && $_FILES['attachments'])))
 196  {
 197      // Verify incoming POST request
 198      verify_post_check($mybb->get_input('my_post_key'));
 199  
 200      if($pid)
 201      {
 202          $attachwhere = "pid='{$pid}'";
 203      }
 204      else
 205      {
 206          $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 207      }
 208  
 209      $ret = add_attachments($pid, $forumpermissions, $attachwhere, "editpost");
 210  
 211      if(!empty($ret['errors']))
 212      {
 213          $errors = $ret['errors'];
 214      }
 215  
 216      // Do we have attachment errors?
 217      if(!empty($errors))
 218      {
 219          $attacherror = inline_error($errors);
 220      }
 221  
 222      // If we were dealing with an attachment but didn't click 'Update Post', force the post edit page again.
 223      if(!isset($mybb->input['submitbutton']))
 224      {
 225          $mybb->input['action'] = "editpost";
 226      }
 227  }
 228  
 229  detect_attachmentact();
 230  
 231  if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && isset($mybb->input['attachmentact']) && $mybb->input['action'] == "do_editpost" && $mybb->request_method == "post") // Lets remove/approve/unapprove the attachment
 232  {
 233      // Verify incoming POST request
 234      verify_post_check($mybb->get_input('my_post_key'));
 235  
 236      $mybb->input['attachmentaid'] = $mybb->get_input('attachmentaid', MyBB::INPUT_INT);
 237      if($mybb->input['attachmentact'] == "remove")
 238      {
 239          remove_attachment($pid, "", $mybb->input['attachmentaid']);
 240      }
 241      elseif($mybb->get_input('attachmentact') == "approve" && is_moderator($fid, 'canapproveunapproveattachs'))
 242      {
 243          $update_sql = array("visible" => 1);
 244          $db->update_query("attachments", $update_sql, "aid='{$mybb->input['attachmentaid']}'");
 245          update_thread_counters($post['tid'], array('attachmentcount' => "+1"));
 246      }
 247      elseif($mybb->get_input('attachmentact') == "unapprove" && is_moderator($fid, 'canapproveunapproveattachs'))
 248      {
 249          $update_sql = array("visible" => 0);
 250          $db->update_query("attachments", $update_sql, "aid='{$mybb->input['attachmentaid']}'");
 251          update_thread_counters($post['tid'], array('attachmentcount' => "-1"));
 252      }
 253  
 254      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 255      {
 256          header("Content-type: application/json; charset={$lang->settings['charset']}");
 257          echo json_encode(array("success" => true));
 258          exit();
 259      }
 260  
 261      if(!isset($mybb->input['submitbutton']))
 262      {
 263          $mybb->input['action'] = "editpost";
 264      }
 265  }
 266  
 267  if($mybb->input['action'] == "deletepost" && $mybb->request_method == "post")
 268  {
 269      // Verify incoming POST request
 270      verify_post_check($mybb->get_input('my_post_key'));
 271  
 272      $plugins->run_hooks("editpost_deletepost");
 273  
 274      if($mybb->get_input('delete', MyBB::INPUT_INT) == 1)
 275      {
 276          $query = $db->simple_select("posts", "pid", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "asc"));
 277          $firstcheck = $db->fetch_array($query);
 278          if($firstcheck['pid'] == $pid)
 279          {
 280              $firstpost = 1;
 281          }
 282          else
 283          {
 284              $firstpost = 0;
 285          }
 286  
 287          $modlogdata['fid'] = $fid;
 288          $modlogdata['tid'] = $tid;
 289          if($firstpost)
 290          {
 291              if($forumpermissions['candeletethreads'] == 1 || is_moderator($fid, "candeletethreads") || is_moderator($fid, "cansoftdeletethreads"))
 292              {
 293                  require_once  MYBB_ROOT."inc/class_moderation.php";
 294                  $moderation = new Moderation;
 295  
 296                  if($mybb->settings['soft_delete'] == 1 || is_moderator($fid, "cansoftdeletethreads"))
 297                  {
 298                      $modlogdata['pid'] = $pid;
 299  
 300                      $moderation->soft_delete_threads(array($tid));
 301                      log_moderator_action($modlogdata, $lang->thread_soft_deleted);
 302                  }
 303                  else
 304                  {
 305                      $moderation->delete_thread($tid);
 306                      mark_reports($tid, "thread");
 307                      log_moderator_action($modlogdata, $lang->thread_deleted);
 308                  }
 309  
 310                  if($mybb->input['ajax'] == 1)
 311                  {
 312                      header("Content-type: application/json; charset={$lang->settings['charset']}");
 313                      if(is_moderator($fid, "canviewdeleted"))
 314                      {
 315                          echo json_encode(array("data" => '1', "first" => '1'));
 316                      }
 317                      else
 318                      {
 319                          echo json_encode(array("data" => '3', "url" => get_forum_link($fid)));
 320                      }
 321                  }
 322                  else
 323                  {
 324                      redirect(get_forum_link($fid), $lang->redirect_threaddeleted);
 325                  }
 326              }
 327              else
 328              {
 329                  error_no_permission();
 330              }
 331          }
 332          else
 333          {
 334              if($forumpermissions['candeleteposts'] == 1 || is_moderator($fid, "candeleteposts") || is_moderator($fid, "cansoftdeleteposts"))
 335              {
 336                  // Select the first post before this
 337                  require_once  MYBB_ROOT."inc/class_moderation.php";
 338                  $moderation = new Moderation;
 339  
 340                  if($mybb->settings['soft_delete'] == 1 || is_moderator($fid, "cansoftdeleteposts"))
 341                  {
 342                      $modlogdata['pid'] = $pid;
 343  
 344                      $moderation->soft_delete_posts(array($pid));
 345                      log_moderator_action($modlogdata, $lang->post_soft_deleted);
 346                  }
 347                  else
 348                  {
 349                      $moderation->delete_post($pid);
 350                      mark_reports($pid, "post");
 351                      log_moderator_action($modlogdata, $lang->post_deleted);
 352                  }
 353  
 354                  $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND dateline <= '{$post['dateline']}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "desc"));
 355                  $next_post = $db->fetch_array($query);
 356                  if($next_post['pid'])
 357                  {
 358                      $redirect = get_post_link($next_post['pid'], $tid)."#pid{$next_post['pid']}";
 359                  }
 360                  else
 361                  {
 362                      $redirect = get_thread_link($tid);
 363                  }
 364  
 365                  if($mybb->input['ajax'] == 1)
 366                  {
 367                      header("Content-type: application/json; charset={$lang->settings['charset']}");
 368                      if(is_moderator($fid, "canviewdeleted"))
 369                      {
 370                          echo json_encode(array("data" => '1', "first" => '0'));
 371                      }
 372                      else
 373                      {
 374                          echo json_encode(array("data" => '2'));
 375                      }
 376                  }
 377                  else
 378                  {
 379                      redirect($redirect, $lang->redirect_postdeleted);
 380                  }
 381              }
 382              else
 383              {
 384                  error_no_permission();
 385              }
 386          }
 387      }
 388      else
 389      {
 390          error($lang->redirect_nodelete);
 391      }
 392  }
 393  
 394  if($mybb->input['action'] == "restorepost" && $mybb->request_method == "post")
 395  {
 396      // Verify incoming POST request
 397      verify_post_check($mybb->get_input('my_post_key'));
 398  
 399      $plugins->run_hooks("editpost_restorepost");
 400  
 401      if($mybb->get_input('restore', MyBB::INPUT_INT) == 1)
 402      {
 403          $query = $db->simple_select("posts", "pid", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "asc"));
 404          $firstcheck = $db->fetch_array($query);
 405          if($firstcheck['pid'] == $pid)
 406          {
 407              $firstpost = 1;
 408          }
 409          else
 410          {
 411              $firstpost = 0;
 412          }
 413  
 414          $modlogdata['fid'] = $fid;
 415          $modlogdata['tid'] = $tid;
 416          $modlogdata['pid'] = $pid;
 417          if($firstpost)
 418          {
 419              if(is_moderator($fid, "canrestorethreads"))
 420              {
 421                  require_once  MYBB_ROOT."inc/class_moderation.php";
 422                  $moderation = new Moderation;
 423                  $moderation->restore_threads(array($tid));
 424                  log_moderator_action($modlogdata, $lang->thread_restored);
 425                  if($mybb->input['ajax'] == 1)
 426                  {
 427                      header("Content-type: application/json; charset={$lang->settings['charset']}");
 428                      echo json_encode(array("data" => '1', "first" => '1'));
 429                  }
 430                  else
 431                  {
 432                      redirect(get_forum_link($fid), $lang->redirect_threadrestored);
 433                  }
 434              }
 435              else
 436              {
 437                  error_no_permission();
 438              }
 439          }
 440          else
 441          {
 442              if(is_moderator($fid, "canrestoreposts"))
 443              {
 444                  // Select the first post before this
 445                  require_once  MYBB_ROOT."inc/class_moderation.php";
 446                  $moderation = new Moderation;
 447                  $moderation->restore_posts(array($pid));
 448                  log_moderator_action($modlogdata, $lang->post_restored);
 449                  $redirect = get_post_link($pid, $tid)."#pid{$pid}";
 450  
 451                  if($mybb->input['ajax'] == 1)
 452                  {
 453                      header("Content-type: application/json; charset={$lang->settings['charset']}");
 454                      echo json_encode(array("data" => '1', "first" => '0'));
 455                  }
 456                  else
 457                  {
 458                      redirect($redirect, $lang->redirect_postrestored);
 459                  }
 460              }
 461              else
 462              {
 463                  error_no_permission();
 464              }
 465          }
 466      }
 467      else
 468      {
 469          error($lang->redirect_norestore);
 470      }
 471  }
 472  
 473  if($mybb->input['action'] == "do_editpost" && $mybb->request_method == "post")
 474  {
 475      // Verify incoming POST request
 476      verify_post_check($mybb->get_input('my_post_key'));
 477  
 478      $plugins->run_hooks("editpost_do_editpost_start");
 479  
 480      // Set up posthandler.
 481      require_once  MYBB_ROOT."inc/datahandlers/post.php";
 482      $posthandler = new PostDataHandler("update");
 483      $posthandler->action = "post";
 484  
 485      // Set the post data that came from the input to the $post array.
 486      $post = array(
 487          "pid" => $mybb->input['pid'],
 488          "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
 489          "subject" => $mybb->get_input('subject'),
 490          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 491          "uid" => $post['uid'],
 492          "username" => $post['username'],
 493          "edit_uid" => $mybb->user['uid'],
 494          "message" => $mybb->get_input('message'),
 495          "editreason" => $mybb->get_input('editreason'),
 496      );
 497  
 498      $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 499      if(!isset($postoptions['signature']))
 500      {
 501          $postoptions['signature'] = 0;
 502      }
 503      if(!isset($postoptions['subscriptionmethod']))
 504      {
 505          $postoptions['subscriptionmethod'] = 0;
 506      }
 507      if(!isset($postoptions['disablesmilies']))
 508      {
 509          $postoptions['disablesmilies'] = 0;
 510      }
 511  
 512      // Set up the post options from the input.
 513      $post['options'] = array(
 514          "signature" => $postoptions['signature'],
 515          "subscriptionmethod" => $postoptions['subscriptionmethod'],
 516          "disablesmilies" => $postoptions['disablesmilies']
 517      );
 518  
 519      $posthandler->set_data($post);
 520  
 521      // Now let the post handler do all the hard work.
 522      if(!$posthandler->validate_post())
 523      {
 524          $post_errors = $posthandler->get_friendly_errors();
 525          $post_errors = inline_error($post_errors);
 526          $mybb->input['action'] = "editpost";
 527      }
 528      // No errors were found, we can call the update method.
 529      else
 530      {
 531          $postinfo = $posthandler->update_post();
 532          $visible = $postinfo['visible'];
 533          $first_post = $postinfo['first_post'];
 534  
 535          // Help keep our attachments table clean.
 536          $db->delete_query("attachments", "filename='' OR filesize<1");
 537  
 538          // Did the user choose to post a poll? Redirect them to the poll posting page.
 539          if($mybb->get_input('postpoll', MyBB::INPUT_INT) && $forumpermissions['canpostpolls'])
 540          {
 541              $url = "polls.php?action=newpoll&tid=$tid&polloptions=".$mybb->get_input('numpolloptions', MyBB::INPUT_INT);
 542              $lang->redirect_postedited = $lang->redirect_postedited_poll;
 543          }
 544          else if($visible == 0 && $first_post && !is_moderator($fid, "canviewunapprove", $mybb->user['uid']))
 545          {
 546              // Moderated post
 547              $lang->redirect_postedited .= $lang->redirect_thread_moderation;
 548              $url = get_forum_link($fid);
 549          }
 550          else if($visible == 0 && !is_moderator($fid, "canviewunapprove", $mybb->user['uid']))
 551          {
 552              $lang->redirect_postedited .= $lang->redirect_post_moderation;
 553              $url = get_thread_link($tid);
 554          }
 555          // Otherwise, send them back to their post
 556          else
 557          {
 558              $lang->redirect_postedited .= $lang->redirect_postedited_redirect;
 559              $url = get_post_link($pid, $tid)."#pid{$pid}";
 560          }
 561          $plugins->run_hooks("editpost_do_editpost_end");
 562  
 563          redirect($url, $lang->redirect_postedited);
 564      }
 565  }
 566  
 567  if(!$mybb->input['action'] || $mybb->input['action'] == "editpost")
 568  {
 569      $plugins->run_hooks("editpost_action_start");
 570  
 571      if(!isset($mybb->input['previewpost']))
 572      {
 573          $icon = $post['icon'];
 574      }
 575  
 576      if($forum['allowpicons'] != 0)
 577      {
 578          $posticons = get_post_icons();
 579      }
 580  
 581      $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
 582      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
 583  
 584      $deletebox = '';
 585      if($post['visible'] != -1 && (($thread['firstpost'] == $pid && (is_moderator($fid, "candeletethreads") || $forumpermissions['candeletethreads'] == 1 && $mybb->user['uid'] == $post['uid'])) || ($thread['firstpost'] != $pid && (is_moderator($fid, "candeleteposts") || $forumpermissions['candeleteposts'] == 1 && $mybb->user['uid'] == $post['uid']))))
 586      {
 587          eval("\$deletebox = \"".$templates->get("editpost_delete")."\";");
 588      }
 589  
 590      $bgcolor = "trow1";
 591      if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0)
 592      { // Get a listing of the current attachments, if there are any
 593          $attachcount = 0;
 594          $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
 595          $attachments = '';
 596          while($attachment = $db->fetch_array($query))
 597          {
 598              $attachment['size'] = get_friendly_size($attachment['filesize']);
 599              $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
 600              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
 601  
 602              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 603              {
 604                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
 605              }
 606              // Moderating options
 607              $attach_mod_options = '';
 608              if(is_moderator($fid))
 609              {
 610                  if($attachment['visible'] == 1)
 611                  {
 612                      eval("\$attach_mod_options = \"".$templates->get("post_attachments_attachment_mod_unapprove")."\";");
 613                  }
 614                  else
 615                  {
 616                      eval("\$attach_mod_options = \"".$templates->get("post_attachments_attachment_mod_approve")."\";");
 617                  }
 618              }
 619  
 620              // Remove Attachment
 621              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
 622  
 623              if($attachment['visible'] != 1)
 624              {
 625                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
 626              }
 627              else
 628              {
 629                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
 630              }
 631              $attachcount++;
 632          }
 633          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 634          $usage = $db->fetch_array($query);
 635          if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
 636          {
 637              $noshowattach = 1;
 638          }
 639          else
 640          {
 641              $noshowattach = 0;
 642          }
 643          if($mybb->usergroup['attachquota'] == 0)
 644          {
 645              $friendlyquota = $lang->unlimited;
 646          }
 647          else
 648          {
 649              $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
 650          }
 651  
 652          $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota);
 653  
 654          if($usage['ausage'] !== NULL)
 655          {
 656              $friendlyusage = get_friendly_size($usage['ausage']);
 657              $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage);
 658              eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";");
 659          }
 660          else
 661          {
 662              $lang->attach_usage = "";
 663          }
 664  
 665          if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach)
 666          {
 667              eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";");
 668          }
 669  
 670          if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0)
 671          {
 672              eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
 673          }
 674  
 675          if($attach_add_options || $attach_update_options)
 676          {
 677              eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
 678          }
 679          eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
 680      }
 681      if(!$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && !$mybb->get_input('newattachment') && !$mybb->get_input('updateattachment') && !isset($mybb->input['previewpost']))
 682      {
 683          $message = $post['message'];
 684          $subject = $post['subject'];
 685          $reason = htmlspecialchars_uni($post['editreason']);
 686      }
 687      else
 688      {
 689          $message = $mybb->get_input('message');
 690          $subject = $mybb->get_input('subject');
 691          $reason = htmlspecialchars_uni($mybb->get_input('editreason'));
 692      }
 693  
 694      $previewmessage = $message;
 695      $previewsubject = $subject;
 696      $message = htmlspecialchars_uni($message);
 697      $subject = htmlspecialchars_uni($subject);
 698  
 699      if(!isset($post_errors))
 700      {
 701          $post_errors = '';
 702      }
 703  
 704      $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = '';
 705      $postoptionschecked = array('signature' => '', 'disablesmilies' => '');
 706  
 707      if(!empty($mybb->input['previewpost']) || $post_errors)
 708      {
 709          // Set up posthandler.
 710          require_once  MYBB_ROOT."inc/datahandlers/post.php";
 711          $posthandler = new PostDataHandler("update");
 712          $posthandler->action = "post";
 713  
 714          // Set the post data that came from the input to the $post array.
 715          $post = array(
 716              "pid" => $mybb->input['pid'],
 717              "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
 718              "subject" => $mybb->get_input('subject'),
 719              "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 720              "uid" => $post['uid'],
 721              "username" => $post['username'],
 722              "edit_uid" => $mybb->user['uid'],
 723              "message" => $mybb->get_input('message'),
 724          );
 725  
 726          $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 727          if(!isset($postoptions['signature']))
 728          {
 729              $postoptions['signature'] = 0;
 730          }
 731          if(!isset($postoptions['emailnotify']))
 732          {
 733              $postoptions['emailnotify'] = 0;
 734          }
 735          if(!isset($postoptions['disablesmilies']))
 736          {
 737              $postoptions['disablesmilies'] = 0;
 738          }
 739  
 740          // Set up the post options from the input.
 741          $post['options'] = array(
 742              "signature" => $postoptions['signature'],
 743              "emailnotify" => $postoptions['emailnotify'],
 744              "disablesmilies" => $postoptions['disablesmilies']
 745          );
 746  
 747          $posthandler->set_data($post);
 748  
 749          // Now let the post handler do all the hard work.
 750          if(!$posthandler->validate_post())
 751          {
 752              $post_errors = $posthandler->get_friendly_errors();
 753              $post_errors = inline_error($post_errors);
 754              $mybb->input['action'] = "editpost";
 755              $mybb->input['previewpost'] = 0;
 756          }
 757          else
 758          {
 759  
 760              $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 761  
 762              if(isset($postoptions['signature']) && $postoptions['signature'] == 1)
 763              {
 764                  $postoptionschecked['signature'] = " checked=\"checked\"";
 765              }
 766  
 767              if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1)
 768              {
 769                  $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 770              }
 771              
 772              $subscription_method = get_subscription_method($tid, $postoptions);
 773              ${$subscription_method.'subscribe'} = "checked=\"checked\" ";
 774          }
 775      }
 776  
 777      if(!empty($mybb->input['previewpost']))
 778      {
 779          if(!$post['uid'])
 780          {
 781              $query = $db->simple_select('posts', 'username, dateline', "pid='{$pid}'");
 782              $postinfo = $db->fetch_array($query);
 783          }
 784          else
 785          {
 786              // Figure out the poster's other information.
 787              $query = $db->query("
 788                  SELECT u.*, f.*, p.dateline
 789                  FROM ".TABLE_PREFIX."users u
 790                  LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 791                  LEFT JOIN ".TABLE_PREFIX."posts p ON (p.uid=u.uid)
 792                  WHERE u.uid='{$post['uid']}' AND p.pid='{$pid}'
 793                  LIMIT 1
 794              ");
 795              $postinfo = $db->fetch_array($query);
 796              $postinfo['userusername'] = $postinfo['username'];
 797          }
 798  
 799          $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
 800          while($attachment = $db->fetch_array($query))
 801          {
 802              $attachcache[0][$attachment['aid']] = $attachment;
 803          }
 804  
 805          if(!isset($postoptions['disablesmilies']))
 806          {
 807              $postoptions['disablesmilies'] = 0;
 808          }
 809  
 810          // Set the values of the post info array.
 811          $postinfo['message'] = $previewmessage;
 812          $postinfo['subject'] = $previewsubject;
 813          $postinfo['icon'] = $icon;
 814          $postinfo['smilieoff'] = $postoptions['disablesmilies'];
 815  
 816          $postbit = build_postbit($postinfo, 1);
 817          eval("\$preview = \"".$templates->get("previewpost")."\";");
 818      }
 819      else if(!$post_errors)
 820      {
 821          $preview = '';
 822  
 823          if($post['includesig'] != 0)
 824          {
 825              $postoptionschecked['signature'] = " checked=\"checked\"";
 826          }
 827  
 828          if($post['smilieoff'] == 1)
 829          {
 830              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 831          }
 832  
 833          $subscription_method = get_subscription_method($tid, $postoptions);
 834          ${$subscription_method.'subscribe'} = "checked=\"checked\" ";
 835      }
 836  
 837      // Generate thread prefix selector if this is the first post of the thread
 838      if($thread['firstpost'] == $pid)
 839      {
 840          if(!$mybb->get_input('threadprefix', MyBB::INPUT_INT))
 841          {
 842              $mybb->input['threadprefix'] = $thread['prefix'];
 843          }
 844  
 845          $prefixselect = build_prefix_select($forum['fid'], $mybb->get_input('threadprefix', MyBB::INPUT_INT), 0, $thread['prefix']);
 846      }
 847      else
 848      {
 849          $prefixselect = "";
 850      }
 851  
 852      $editreason = '';
 853      if($mybb->settings['alloweditreason'] == 1)
 854      {
 855          eval("\$editreason = \"".$templates->get("editpost_reason")."\";");
 856          $bgcolor = "trow2";
 857          $bgcolor2 = "trow1";
 858      }
 859      else
 860      {
 861          $bgcolor = "trow1";
 862          $bgcolor2 = "trow2";
 863      }
 864  
 865      // Fetch subscription select box
 866      eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
 867  
 868      $query = $db->simple_select("posts", "*", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "asc"));
 869      $firstcheck = $db->fetch_array($query);
 870  
 871      $time = TIME_NOW;
 872      if($firstcheck['pid'] == $pid && $forumpermissions['canpostpolls'] != 0 && $thread['poll'] < 1 && (is_moderator($fid, "canmanagepolls") || $thread['dateline'] > ($time-($mybb->settings['polltimelimit']*60*60)) || $mybb->settings['polltimelimit'] == 0))
 873      {
 874          $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']);
 875          $numpolloptions = $mybb->get_input('numpolloptions', MyBB::INPUT_INT);
 876          $postpollchecked = '';
 877          
 878          if($numpolloptions < 1)
 879          {
 880              $numpolloptions = 2;
 881          }
 882          
 883          if($mybb->get_input('postpoll', MyBB::INPUT_INT) == 1)
 884          {
 885              $postpollchecked = 'checked="checked"';
 886          }
 887          
 888          eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";");
 889      }
 890      else
 891      {
 892          $pollbox = '';
 893      }
 894  
 895      // Hide signature option if no permission
 896      $signature = '';
 897      if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature'])
 898      {
 899          eval("\$signature = \"".$templates->get('editpost_signature')."\";");
 900      }
 901  
 902      // Can we disable smilies or are they disabled already?
 903      $disablesmilies = '';
 904      if($forum['allowsmilies'] != 0)
 905      {
 906          eval("\$disablesmilies = \"".$templates->get("editpost_disablesmilies")."\";");
 907      }
 908  
 909      $postoptions = '';
 910      if(!empty($signature) || !empty($disablesmilies))
 911      {
 912          eval("\$postoptions = \"".$templates->get("editpost_postoptions")."\";");
 913      }
 914  
 915      $moderation_notice = '';
 916      if(!is_moderator($forum['fid'], "canapproveunapproveattachs"))
 917      {
 918          if($forumpermissions['modattachments'] == 1  && $forumpermissions['canpostattachments'] != 0)
 919          {
 920              $moderation_text = $lang->moderation_forum_attachments;
 921              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
 922          }
 923      }
 924  
 925      if(!is_moderator($forum['fid'], "canapproveunapproveposts"))
 926      {
 927          if($forumpermissions['mod_edit_posts'] == 1)
 928          {
 929              $moderation_text = $lang->moderation_forum_edits;
 930              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
 931          }
 932      }
 933  
 934      $php_max_upload_filesize = return_bytes(ini_get('max_upload_filesize'));
 935      $php_post_max_size = return_bytes(ini_get('post_max_size'));
 936  
 937      if ($php_max_upload_filesize != 0 && $php_post_max_size != 0)
 938      {
 939          $php_max_upload_size = min($php_max_upload_filesize, $php_post_max_size);
 940      }
 941      else
 942      {
 943          $php_max_upload_size = max($php_max_upload_filesize, $php_post_max_size);
 944      }
 945  
 946      $php_max_file_uploads = (int)ini_get('max_file_uploads');
 947      eval("\$post_javascript = \"".$templates->get("post_javascript")."\";");
 948  
 949      $plugins->run_hooks("editpost_end");
 950  
 951      $forum['name'] = strip_tags($forum['name']);
 952  
 953      eval("\$editpost = \"".$templates->get("editpost")."\";");
 954      output_page($editpost);
 955  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref