[ Index ]

PHP Cross Reference of MyBB 1.8.38

title

Body

[close]

/ -> newreply.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'newreply.php');
  13  
  14  $templatelist = "newreply,previewpost,loginbox,changeuserbox,posticons,newreply_threadreview,newreply_threadreview_post,forumdisplay_rules_link,newreply_multiquote_external,post_attachments_add,post_subscription_method";
  15  $templatelist .= ",codebuttons,post_attachments_new,post_attachments,post_savedraftbutton,newreply_modoptions,newreply_threadreview_more,postbit_online,postbit_pm,newreply_disablesmilies_hidden,post_attachments_update";
  16  $templatelist .= ",postbit_warninglevel,postbit_author_user,postbit_edit,postbit_quickdelete,postbit_inlinecheck,postbit_posturl,postbit_quote,postbit_multiquote,newreply_modoptions_close,newreply_modoptions_stick";
  17  $templatelist .= ",post_attachments_attachment_postinsert,post_attachments_attachment_remove,post_attachments_attachment_unapproved,post_attachments_attachment,post_attachments_viewlink,postbit_attachments_attachment,newreply_signature";
  18  $templatelist .= ",post_captcha_recaptcha_invisible,post_captcha_hidden,post_captcha,post_captcha_nocaptcha,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_javascript,postbit_groupimage,postbit_attachments,newreply_postoptions";
  19  $templatelist .= ",postbit_rep_button,postbit_author_guest,postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnailpostbit_attachments_images_image,postbit_attachments_attachment_unapproved";
  20  $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_gotopost,forumdisplay_password_wrongpass,forumdisplay_password,posticons_icon,attachment_icon,postbit_reputation_formatted_link";
  21  $templatelist .= ",global_moderation_notice,newreply_disablesmilies,postbit_userstar,newreply_draftinput,postbit_avatar,forumdisplay_rules,postbit_offline,postbit_find,postbit_warninglevel_formatted,postbit_ignored";
  22  $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,postbit_reputation,postbit_www,postbit_away,postbit_icon,postbit_email,postbit_report,postbit,postbit_warn";
  23  
  24  require_once  "./global.php";
  25  require_once  MYBB_ROOT."inc/functions_post.php";
  26  require_once  MYBB_ROOT."inc/functions_user.php";
  27  require_once  MYBB_ROOT."inc/functions_upload.php";
  28  require_once  MYBB_ROOT."inc/class_parser.php";
  29  $parser = new postParser;
  30  
  31  // Load global language phrases
  32  $lang->load("newreply");
  33  
  34  // Get the pid and tid and replyto from the input.
  35  $tid = $mybb->get_input('tid', MyBB::INPUT_INT);
  36  $replyto = $mybb->get_input('replyto', MyBB::INPUT_INT);
  37  
  38  // AJAX quick reply?
  39  if(!empty($mybb->input['ajax']))
  40  {
  41      unset($mybb->input['previewpost']);
  42  }
  43  
  44  // Edit a draft post.
  45  $pid = 0;
  46  $editdraftpid = '';
  47  $mybb->input['action'] = $mybb->get_input('action');
  48  if(($mybb->input['action'] == "editdraft" || $mybb->input['action'] == "do_newreply") && $mybb->get_input('pid', MyBB::INPUT_INT))
  49  {
  50      $pid = $mybb->get_input('pid', MyBB::INPUT_INT);
  51      $post = get_post($pid);
  52      if(!$post)
  53      {
  54          error($lang->error_invalidpost);
  55      }
  56      else if($mybb->user['uid'] != $post['uid'])
  57      {
  58          error($lang->error_post_noperms);
  59      }
  60      $pid = (int)$post['pid'];
  61      $tid = (int)$post['tid'];
  62      eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
  63  }
  64  
  65  // Set up $thread and $forum for later use.
  66  $thread = get_thread($tid);
  67  if(!$thread)
  68  {
  69      error($lang->error_invalidthread);
  70  }
  71  $fid = (int)$thread['fid'];
  72  
  73  // Get forum info
  74  $forum = get_forum($fid);
  75  if(!$forum)
  76  {
  77      error($lang->error_invalidforum);
  78  }
  79  
  80  // Make navigation
  81  build_forum_breadcrumb($fid);
  82  $thread_subject = $thread['subject'];
  83  $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
  84  add_breadcrumb($thread['subject'], get_thread_link($thread['tid']));
  85  add_breadcrumb($lang->nav_newreply);
  86  
  87  $forumpermissions = forum_permissions($fid);
  88  
  89  // See if everything is valid up to here.
  90  if(isset($post) && (($post['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || ($post['visible'] < 0 && $post['uid'] != $mybb->user['uid'])))
  91  {
  92      if($post['visible'] == 0 && !($mybb->settings['showownunapproved'] && $post['uid'] == $mybb->user['uid']))
  93      {
  94          error($lang->error_invalidpost);
  95      }
  96  }
  97  if(($thread['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || $thread['visible'] < 0)
  98  {
  99      if($thread['visible'] == 0 && !($mybb->settings['showownunapproved'] && $thread['uid'] == $mybb->user['uid']))
 100      {
 101          error($lang->error_invalidthread);
 102      }
 103  }
 104  if($forum['open'] == 0 || $forum['type'] != "f")
 105  {
 106      error($lang->error_closedinvalidforum);
 107  }
 108  if($forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0)
 109  {
 110      error_no_permission();
 111  }
 112  
 113  if($mybb->user['suspendposting'] == 1)
 114  {
 115      $suspendedpostingtype = $lang->error_suspendedposting_permanent;
 116      if($mybb->user['suspensiontime'])
 117      {
 118          $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime']));
 119      }
 120  
 121      $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime']));
 122  
 123      error($lang->error_suspendedposting);
 124  }
 125  
 126  if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'])
 127  {
 128      error_no_permission();
 129  }
 130  
 131  if(isset($forumpermissions['canonlyreplyownthreads']) && $forumpermissions['canonlyreplyownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'])
 132  {
 133      error_no_permission();
 134  }
 135  
 136  // Coming from quick reply and not a preview call? Set subscription method
 137  if($mybb->get_input('method') == "quickreply" && !isset($mybb->input['previewpost']))
 138  {
 139      $mybb->input['postoptions']['subscriptionmethod'] = get_subscription_method($mybb->get_input('tid', MyBB::INPUT_INT));
 140  }
 141  
 142  // Check if this forum is password protected and we have a valid password
 143  check_forum_password($forum['fid']);
 144  
 145  if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 146  {
 147      $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']);
 148      if($forum['allowsmilies'] != 0)
 149      {
 150          $smilieinserter = build_clickable_smilies();
 151      }
 152  }
 153  
 154  // Display a login box or change user box?
 155  if($mybb->user['uid'] != 0)
 156  {
 157      $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
 158      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
 159  }
 160  else
 161  {
 162      if(empty($mybb->input['previewpost']) && $mybb->input['action'] != "do_newreply")
 163      {
 164          $username = '';
 165      }
 166      else
 167      {
 168          $username = htmlspecialchars_uni($mybb->get_input('username'));
 169      }
 170      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
 171  }
 172  
 173  // Check to see if the thread is closed, and if the user is a mod.
 174  if(!is_moderator($fid, "canpostclosedthreads"))
 175  {
 176      if($thread['closed'] == 1)
 177      {
 178          error($lang->redirect_threadclosed);
 179      }
 180  }
 181  
 182  // No weird actions allowed, show new reply form if no regular action.
 183  if($mybb->input['action'] != "do_newreply" && $mybb->input['action'] != "editdraft")
 184  {
 185      $mybb->input['action'] = "newreply";
 186  }
 187  
 188  // Even if we are previewing, still show the new reply form.
 189  if(!empty($mybb->input['previewpost']))
 190  {
 191      $mybb->input['action'] = "newreply";
 192  }
 193  
 194  // Setup a unique posthash for attachment management
 195  if(!$mybb->get_input('posthash') && !$pid)
 196  {
 197      $mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].random_str());
 198  }
 199  
 200  if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1)
 201  {
 202      error($lang->error_empty_post_input);
 203  }
 204  
 205  $errors = array();
 206  $maximageserror = $attacherror = '';
 207  if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_newreply" && $mybb->get_input('submit')) || ($mybb->input['action'] == "newreply" && isset($mybb->input['previewpost'])) || isset($mybb->input['savedraft'])) && !empty($_FILES['attachments']))))
 208  {
 209      // Verify incoming POST request
 210      verify_post_check($mybb->get_input('my_post_key'));
 211  
 212      if($pid)
 213      {
 214          $attachwhere = "pid='{$pid}'";
 215      }
 216      else
 217      {
 218          $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 219      }
 220  
 221      $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newreply");
 222  
 223      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 224      {
 225          if(isset($ret['success']))
 226          {
 227              $attachment = array('aid'=>'{1}', 'icon'=>'{2}', 'filename'=>'{3}', 'size'=>'{4}');
 228              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 229              {
 230                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
 231              }
 232              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
 233              $attach_mod_options = '';
 234              eval("\$attemplate = \"".$templates->get("post_attachments_attachment")."\";");
 235              $ret['template'] = $attemplate;
 236  
 237              $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 238              $usage = $db->fetch_array($query);
 239              $ret['usage'] = get_friendly_size($usage['ausage']);
 240          }
 241          
 242          header("Content-type: application/json; charset={$lang->settings['charset']}");
 243          echo json_encode($ret);
 244          exit();
 245      }
 246  
 247      if(!empty($ret['errors']))
 248      {
 249          $errors = $ret['errors'];
 250      }
 251  
 252      // If we were dealing with an attachment but didn't click 'Post Reply' or 'Save as Draft', force the new reply page again.
 253      if(!$mybb->get_input('submit') && !$mybb->get_input('savedraft'))
 254      {
 255          eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
 256          $mybb->input['action'] = "newreply";
 257      }
 258  }
 259  
 260  detect_attachmentact();
 261  
 262  // Remove an attachment.
 263  if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove")
 264  {
 265      // Verify incoming POST request
 266      verify_post_check($mybb->get_input('my_post_key'));
 267  
 268      remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT));
 269  
 270      if(!$mybb->get_input('submit'))
 271      {
 272          eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
 273          $mybb->input['action'] = "newreply";
 274      }
 275  
 276      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 277      {
 278          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 279          $usage = $db->fetch_array($query);
 280  
 281          header("Content-type: application/json; charset={$lang->settings['charset']}");
 282          echo json_encode(array("success" => true, "usage" => get_friendly_size($usage['ausage'])));
 283          exit();
 284      }
 285  }
 286  
 287  $reply_errors = $quoted_ids = '';
 288  $hide_captcha = false;
 289  
 290  // Check the maximum posts per day for this user
 291  if($mybb->usergroup['maxposts'] > 0)
 292  {
 293      $daycut = TIME_NOW-60*60*24;
 294      $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible !='-1' AND dateline>{$daycut}");
 295      $post_count = $db->fetch_field($query, "posts_today");
 296      if($post_count >= $mybb->usergroup['maxposts'])
 297      {
 298          $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']);
 299          error($lang->error_maxposts);
 300      }
 301  }
 302  
 303  if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
 304  {
 305      $mybb->settings['postsperpage'] = 20;
 306  }
 307  
 308  if($mybb->input['action'] == "do_newreply" && $mybb->request_method == "post")
 309  {
 310      // Verify incoming POST request
 311      verify_post_check($mybb->get_input('my_post_key'));
 312  
 313      $plugins->run_hooks("newreply_do_newreply_start");
 314  
 315      // If this isn't a logged in user, then we need to do some special validation.
 316      if($mybb->user['uid'] == 0)
 317      {
 318          // If they didn't specify a username leave blank so $lang->guest can be used on output
 319          if(!$mybb->get_input('username'))
 320          {
 321              $username = '';
 322          }
 323          // Otherwise use the name they specified.
 324          else
 325          {
 326              $username = $mybb->get_input('username');
 327          }
 328          $uid = 0;
 329  
 330  
 331          if($mybb->settings['stopforumspam_on_newreply'])
 332          {
 333              require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 334  
 335              $stop_forum_spam_checker = new StopForumSpamChecker(
 336                  $plugins,
 337                  $mybb->settings['stopforumspam_min_weighting_before_spam'],
 338                  $mybb->settings['stopforumspam_check_usernames'],
 339                  $mybb->settings['stopforumspam_check_emails'],
 340                  $mybb->settings['stopforumspam_check_ips'],
 341                  $mybb->settings['stopforumspam_log_blocks']
 342              );
 343  
 344              try {
 345                  if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip()))
 346                  {
 347                      error($lang->sprintf($lang->error_stop_forum_spam_spammer,
 348                          $stop_forum_spam_checker->getErrorText(array(
 349                              'stopforumspam_check_usernames',
 350                              'stopforumspam_check_ips'
 351                              ))));
 352                  }
 353              }
 354              catch (Exception $e)
 355              {
 356                  if($mybb->settings['stopforumspam_block_on_error'])
 357                  {
 358                      error($lang->error_stop_forum_spam_fetching);
 359                  }
 360              }
 361          }
 362      }
 363      // This user is logged in.
 364      else
 365      {
 366          $username = $mybb->user['username'];
 367          $uid = $mybb->user['uid'];
 368      }
 369  
 370      // Attempt to see if this post is a duplicate or not
 371      if($uid > 0)
 372      {
 373          $user_check = "p.uid='{$uid}'";
 374      }
 375      else
 376      {
 377          $user_check = "p.ipaddress=".$db->escape_binary($session->packedip);
 378      }
 379      if(!$mybb->get_input('savedraft'))
 380      {
 381          $query = $db->simple_select("posts p", "p.pid, p.visible", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.visible > -1 AND p.dateline>".(TIME_NOW-600));
 382          if($db->num_rows($query) > 0)
 383          {
 384              error($lang->error_post_already_submitted);
 385          }
 386      }
 387  
 388      // Set up posthandler.
 389      require_once  MYBB_ROOT."inc/datahandlers/post.php";
 390      $posthandler = new PostDataHandler("insert");
 391  
 392      // Set the post data that came from the input to the $post array.
 393      $post = array(
 394          "tid" => $mybb->get_input('tid', MyBB::INPUT_INT),
 395          "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT),
 396          "fid" => $thread['fid'],
 397          "subject" => $mybb->get_input('subject'),
 398          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 399          "uid" => $uid,
 400          "username" => $username,
 401          "message" => $mybb->get_input('message'),
 402          "ipaddress" => $session->packedip,
 403          "posthash" => $mybb->get_input('posthash')
 404      );
 405  
 406      if(isset($mybb->input['pid']))
 407      {
 408          $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
 409      }
 410  
 411      // Are we saving a draft post?
 412      if($mybb->get_input('savedraft') && $mybb->user['uid'])
 413      {
 414          $post['savedraft'] = 1;
 415      }
 416      else
 417      {
 418          $post['savedraft'] = 0;
 419      }
 420  
 421      $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 422      if(!isset($postoptions['signature']))
 423      {
 424          $postoptions['signature'] = 0;
 425      }
 426      if(!isset($postoptions['subscriptionmethod']))
 427      {
 428          $postoptions['subscriptionmethod'] = 0;
 429      }
 430      if(!isset($postoptions['disablesmilies']))
 431      {
 432          $postoptions['disablesmilies'] = 0;
 433      }
 434  
 435      // Set up the post options from the input.
 436      $post['options'] = array(
 437          "signature" => $postoptions['signature'],
 438          "subscriptionmethod" => $postoptions['subscriptionmethod'],
 439          "disablesmilies" => $postoptions['disablesmilies']
 440      );
 441  
 442      // Apply moderation options if we have them
 443      $post['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 444  
 445      $posthandler->set_data($post);
 446  
 447      // Now let the post handler do all the hard work.
 448      $valid_post = $posthandler->validate_post();
 449  
 450      $post_errors = array();
 451      // Fetch friendly error messages if this is an invalid post
 452      if(!$valid_post)
 453      {
 454          $post_errors = $posthandler->get_friendly_errors();
 455      }
 456  
 457      // Mark thread as read
 458      require_once  MYBB_ROOT."inc/functions_indicators.php";
 459      mark_thread_read($tid, $fid);
 460  
 461      $json_data = '';
 462  
 463      // Check captcha image
 464      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 465      {
 466          require_once  MYBB_ROOT.'inc/class_captcha.php';
 467          $post_captcha = new captcha(false, "post_captcha");
 468  
 469          if($post_captcha->validate_captcha() == false)
 470          {
 471              // CAPTCHA validation failed
 472              foreach($post_captcha->get_errors() as $error)
 473              {
 474                  $post_errors[] = $error;
 475              }
 476          }
 477          else
 478          {
 479              $hide_captcha = true;
 480          }
 481  
 482          if($mybb->get_input('ajax', MyBB::INPUT_INT) && $post_captcha->type == 1)
 483          {
 484              $randomstr = random_str(5);
 485              $imagehash = md5(random_str(12));
 486  
 487              $imagearray = array(
 488                  "imagehash" => $imagehash,
 489                  "imagestring" => $randomstr,
 490                  "dateline" => TIME_NOW
 491              );
 492  
 493              $db->insert_query("captcha", $imagearray);
 494  
 495              //header("Content-type: text/html; charset={$lang->settings['charset']}");
 496              $data = '';
 497              $data .= "<captcha>$imagehash";
 498  
 499              if($hide_captcha)
 500              {
 501                  $data .= "|$randomstr";
 502              }
 503  
 504              $data .= "</captcha>";
 505  
 506              //header("Content-type: application/json; charset={$lang->settings['charset']}");
 507              $json_data = array("data" => $data);
 508          }
 509      }
 510  
 511      // One or more errors returned, fetch error list and throw to newreply page
 512      if(count($post_errors) > 0)
 513      {
 514          $reply_errors = inline_error($post_errors, '', $json_data);
 515          $mybb->input['action'] = "newreply";
 516      }
 517      else
 518      {
 519          $postinfo = $posthandler->insert_post();
 520          $pid = $postinfo['pid'];
 521          $visible = $postinfo['visible'];
 522  
 523          if(isset($postinfo['closed']))
 524          {
 525              $closed = $postinfo['closed'];
 526          }
 527          else
 528          {
 529              $closed = '';
 530          }
 531  
 532          // Invalidate solved captcha
 533          if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 534          {
 535              $post_captcha->invalidate_captcha();
 536          }
 537  
 538          $force_redirect = false;
 539  
 540          // Deciding the fate
 541          if($visible == -2)
 542          {
 543              // Draft post
 544              $lang->redirect_newreply = $lang->draft_saved;
 545              $url = "usercp.php?action=drafts";
 546          }
 547          elseif($visible == 1)
 548          {
 549              // Visible post
 550              $lang->redirect_newreply .= $lang->redirect_newreply_post;
 551              $url = get_post_link($pid, $tid)."#pid{$pid}";
 552          }
 553          else
 554          {
 555              // Moderated post
 556              $lang->redirect_newreply .= '<br />'.$lang->redirect_newreply_moderation;
 557              $url = get_thread_link($tid);
 558  
 559              // User must see moderation notice, regardless of redirect settings
 560              $force_redirect = true;
 561          }
 562  
 563          // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected
 564          if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 565          {
 566              // We quoted all posts - remove the entire cookie
 567              if($mybb->get_input('quoted_ids') == "all")
 568              {
 569                  my_unsetcookie("multiquote");
 570              }
 571              // Only quoted a few - attempt to remove them from the cookie
 572              else
 573              {
 574                  $quoted_ids = explode("|", $mybb->get_input('quoted_ids'));
 575                  $multiquote = explode("|", $mybb->cookies['multiquote']);
 576                  if(!empty($multiquote) && !empty($quoted_ids))
 577                  {
 578                      foreach($multiquote as $key => $quoteid)
 579                      {
 580                          // If this ID was quoted, remove it from the multiquote list
 581                          if(in_array($quoteid, $quoted_ids))
 582                          {
 583                              unset($multiquote[$key]);
 584                          }
 585                      }
 586                      // Still have an array - set the new cookie
 587                      if(!empty($multiquote))
 588                      {
 589                          $new_multiquote = implode(",", $multiquote);
 590                          my_setcookie("multiquote", $new_multiquote);
 591                      }
 592                      // Otherwise, unset it
 593                      else
 594                      {
 595                          my_unsetcookie("multiquote");
 596                      }
 597                  }
 598              }
 599          }
 600  
 601          $plugins->run_hooks("newreply_do_newreply_end");
 602  
 603          // This was a post made via the ajax quick reply - we need to do some special things here
 604          if($mybb->get_input('ajax', MyBB::INPUT_INT))
 605          {
 606              // Visible post
 607              if($visible == 1)
 608              {
 609                  // Set post counter
 610                  $postcounter = $thread['replies'] + 1;
 611  
 612                  if(is_moderator($fid, "canviewunapprove"))
 613                  {
 614                      $postcounter += $thread['unapprovedposts'];
 615                  }
 616                  if(is_moderator($fid, "canviewdeleted"))
 617                  {
 618                      $postcounter += $thread['deletedposts'];
 619                  }
 620  
 621                  // Was there a new post since we hit the quick reply button?
 622                  if($mybb->get_input('lastpid', MyBB::INPUT_INT))
 623                  {
 624                      $query = $db->simple_select("posts", "pid", "tid = '{$tid}' AND pid != '{$pid}'", array("order_by" => "pid", "order_dir" => "desc"));
 625                      $new_post = $db->fetch_array($query);
 626                      if($new_post['pid'] != $mybb->get_input('lastpid', MyBB::INPUT_INT))
 627                      {
 628                          redirect(get_thread_link($tid, 0, "lastpost"));
 629                      }
 630                  }
 631  
 632                  // Lets see if this post is on the same page as the one we're viewing or not
 633                  // if it isn't, redirect us
 634                  if($mybb->settings['postsperpage'] > 0)
 635                  {
 636                      $post_page = ceil(($postcounter + 1) / $mybb->settings['postsperpage']);
 637                  }
 638                  else
 639                  {
 640                      $post_page = 1;
 641                  }
 642  
 643                  if($post_page > $mybb->get_input('from_page', MyBB::INPUT_INT))
 644                  {
 645                      redirect(get_thread_link($tid, 0, "lastpost"));
 646                      exit;
 647                  }
 648  
 649                  // Return the post HTML and display it inline
 650                  $query = $db->query("
 651                      SELECT u.*, u.username AS userusername, p.*, f.*, eu.username AS editusername
 652                      FROM ".TABLE_PREFIX."posts p
 653                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 654                      LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 655                      LEFT JOIN ".TABLE_PREFIX."users eu ON (eu.uid=p.edituid)
 656                      WHERE p.pid='{$pid}'
 657                  ");
 658                  $post = $db->fetch_array($query);
 659  
 660                  // Now lets fetch all of the attachments for this post
 661                  $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
 662                  while($attachment = $db->fetch_array($query))
 663                  {
 664                      $attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
 665                  }
 666  
 667                  // Establish altbg - may seem like this is backwards, but build_postbit reverses it
 668                  if(($postcounter - $mybb->settings['postsperpage']) % 2 != 0)
 669                  {
 670                      $altbg = "trow1";
 671                  }
 672                  else
 673                  {
 674                      $altbg = "trow2";
 675                  }
 676  
 677                  $charset = "UTF-8";
 678                  if($lang->settings['charset'])
 679                  {
 680                      $charset = $lang->settings['charset'];
 681                  }
 682  
 683                  require_once  MYBB_ROOT."inc/functions_post.php";
 684                  $pid = $post['pid'];
 685                  $post = build_postbit($post);
 686  
 687                  $data = '';
 688                  $data .= $post;
 689  
 690                  // Build a new posthash incase the user wishes to quick reply again
 691                  $new_posthash = md5($mybb->user['uid'].random_str());
 692                  $data .= "<script type=\"text/javascript\">\n";
 693                  $data .= "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n";
 694                  $data .= "if(typeof(inlineModeration) != 'undefined') {
 695                      $('#inlinemod_{$pid}').on(\"click\", function(e) {
 696                          inlineModeration.checkItem();
 697                      });
 698                  }\n";
 699  
 700                  if($closed == 1)
 701                  {
 702                      $data .= "$('#quick_reply_form .trow1').removeClass('trow1 trow2').addClass('trow_shaded');\n";
 703                  }
 704                  else
 705                  {
 706                      $data .= "$('#quick_reply_form .trow_shaded').removeClass('trow_shaded').addClass('trow1');\n";
 707                  }
 708  
 709                  $data .= "</script>\n";
 710  
 711                  header("Content-type: application/json; charset={$lang->settings['charset']}");
 712                  echo json_encode(array("data" => $data));
 713  
 714                  exit;
 715              }
 716              // Post is in the moderation queue
 717              else
 718              {
 719                  redirect(get_thread_link($tid, 0, "lastpost"), $lang->redirect_newreply_moderation, "", true);
 720                  exit;
 721              }
 722          }
 723          else
 724          {
 725              $lang->redirect_newreply .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid));
 726              redirect($url, $lang->redirect_newreply, "", $force_redirect);
 727              exit;
 728          }
 729      }
 730  }
 731  
 732  // Show the newreply form.
 733  if($mybb->input['action'] == "newreply" || $mybb->input['action'] == "editdraft")
 734  {
 735      $plugins->run_hooks("newreply_start");
 736  
 737      $quote_ids = $multiquote_external = '';
 738      // If this isn't a preview and we're not editing a draft, then handle quoted posts
 739      if(empty($mybb->input['previewpost']) && !$reply_errors && $mybb->input['action'] != "editdraft" && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && !$mybb->get_input('newattachment') && !$mybb->get_input('updateattachment'))
 740      {
 741          $message = '';
 742          $quoted_posts = array();
 743          // Handle multiquote
 744          if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 745          {
 746              $multiquoted = explode("|", $mybb->cookies['multiquote']);
 747              foreach($multiquoted as $post)
 748              {
 749                  $quoted_posts[$post] = (int)$post;
 750              }
 751          }
 752          // Handle incoming 'quote' button
 753          if($replyto)
 754          {
 755              $quoted_posts[$replyto] = $replyto;
 756          }
 757  
 758          // Quoting more than one post - fetch them
 759          if(count($quoted_posts) > 0)
 760          {
 761              $external_quotes = 0;
 762              $quoted_posts = implode(",", $quoted_posts);
 763              $quoted_ids = array();
 764              $unviewable_forums = get_unviewable_forums();
 765              $inactiveforums = get_inactive_forums();
 766              if($unviewable_forums)
 767              {
 768                  $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})";
 769              }
 770              if($inactiveforums)
 771              {
 772                  $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})";
 773              }
 774  
 775              // Check group permissions if we can't view threads not started by us
 776              $group_permissions = forum_permissions();
 777              $onlyusfids = array();
 778              $onlyusforums = '';
 779              foreach($group_permissions as $gpfid => $forum_permissions)
 780              {
 781                  if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 782                  {
 783                      $onlyusfids[] = $gpfid;
 784                  }
 785              }
 786              if(!empty($onlyusfids))
 787              {
 788                  $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 789              }
 790  
 791              if(is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted'))
 792              {
 793                  $visible_where = "AND p.visible IN (-1,0,1)";
 794              }
 795              elseif(is_moderator($fid, 'canviewunapprove') && !is_moderator($fid, 'canviewdeleted'))
 796              {
 797                  $visible_where = "AND p.visible IN (0,1)";
 798              }
 799              elseif(!is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted'))
 800              {
 801                  $visible_where = "AND p.visible IN (-1,1)";
 802              }
 803              else
 804              {
 805                  $visible_where = "AND p.visible=1";
 806              }
 807  
 808              require_once  MYBB_ROOT."inc/functions_posting.php";
 809              $query = $db->query("
 810                  SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername
 811                  FROM ".TABLE_PREFIX."posts p
 812                  LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 813                  LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 814                  WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 815              ");
 816              $load_all = $mybb->get_input('load_all_quotes', MyBB::INPUT_INT);
 817              while($quoted_post = $db->fetch_array($query))
 818              {
 819                  // Only show messages for the current thread
 820                  if($quoted_post['tid'] == $tid || $load_all == 1)
 821                  {
 822                      // If this post was the post for which a quote button was clicked, set the subject
 823                      if($replyto == $quoted_post['pid'])
 824                      {
 825                          $subject = preg_replace('#^RE:\s?#i', '', $quoted_post['subject']);
 826                          // Subject too long? Shorten it to avoid error message
 827                          if(my_strlen($subject) > 85)
 828                          {
 829                              $subject = my_substr($subject, 0, 82).'...';
 830                          }
 831                          $subject = "RE: ".$subject;
 832                      }
 833                      $message .= parse_quoted_message($quoted_post);
 834                      $quoted_ids[] = $quoted_post['pid'];
 835                  }
 836                  // Count the rest
 837                  else
 838                  {
 839                      ++$external_quotes;
 840                  }
 841              }
 842              if($mybb->settings['maxquotedepth'] != '0')
 843              {
 844                  $message = remove_message_quotes($message);
 845              }
 846              if($external_quotes > 0)
 847              {
 848                  if($external_quotes == 1)
 849                  {
 850                      $multiquote_text = $lang->multiquote_external_one;
 851                      $multiquote_deselect = $lang->multiquote_external_one_deselect;
 852                      $multiquote_quote = $lang->multiquote_external_one_quote;
 853                  }
 854                  else
 855                  {
 856                      $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes);
 857                      $multiquote_deselect = $lang->multiquote_external_deselect;
 858                      $multiquote_quote = $lang->multiquote_external_quote;
 859                  }
 860                  eval("\$multiquote_external = \"".$templates->get("newreply_multiquote_external")."\";");
 861              }
 862              $quoted_ids = implode("|", $quoted_ids);
 863          }
 864      }
 865  
 866      if(isset($mybb->input['quoted_ids']))
 867      {
 868          $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids'));
 869      }
 870  
 871      if(isset($mybb->input['previewpost']))
 872      {
 873          $previewmessage = $mybb->get_input('message');
 874      }
 875      if(empty($message))
 876      {
 877          $message = $mybb->get_input('message');
 878      }
 879      $message = htmlspecialchars_uni($message);
 880  
 881      $postoptionschecked = array('signature' => '', 'disablesmilies' => '');
 882      $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = '';
 883  
 884      // Set up the post options.
 885      if(!empty($mybb->input['previewpost']) || $reply_errors != '')
 886      {
 887          $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 888  
 889          if(isset($postoptions['signature']) && $postoptions['signature'] == 1)
 890          {
 891              $postoptionschecked['signature'] = " checked=\"checked\"";
 892          }
 893          if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1)
 894          {
 895              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 896          }
 897          $subscription_method = get_subscription_method($tid, $postoptions);
 898          $subject = $mybb->input['subject'];
 899      }
 900      elseif($mybb->input['action'] == "editdraft" && $mybb->user['uid'])
 901      {
 902          $message = htmlspecialchars_uni($post['message']);
 903          $subject = $post['subject'];
 904          if($post['includesig'] != 0)
 905          {
 906              $postoptionschecked['signature'] = " checked=\"checked\"";
 907          }
 908          if($post['smilieoff'] == 1)
 909          {
 910              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 911          }
 912          $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts
 913          $mybb->input['icon'] = $post['icon'];
 914      }
 915      else
 916      {
 917          if($mybb->user['signature'] != '')
 918          {
 919              $postoptionschecked['signature'] = " checked=\"checked\"";
 920          }
 921          $subscription_method = get_subscription_method($tid);
 922      }
 923      ${$subscription_method.'subscribe'} = "checked=\"checked\" ";
 924  
 925      if($forum['allowpicons'] != 0)
 926      {
 927          $posticons = get_post_icons();
 928      }
 929  
 930      // No subject?
 931      if(!isset($subject))
 932      {
 933          if(!empty($mybb->input['subject']))
 934          {
 935              $subject = $mybb->get_input('subject');
 936          }
 937          else
 938          {
 939              $subject = $thread_subject;
 940              // Subject too long? Shorten it to avoid error message
 941              if(my_strlen($subject) > 85)
 942              {
 943                  $subject = my_substr($subject, 0, 82).'...';
 944              }
 945              $subject = "RE: ".$subject;
 946          }
 947      }
 948  
 949      // Preview a post that was written.
 950      $preview = '';
 951      if(!empty($mybb->input['previewpost']))
 952      {
 953          // If this isn't a logged in user, then we need to do some special validation.
 954          if($mybb->user['uid'] == 0)
 955          {
 956              // If they didn't specify a username leave blank so $lang->guest can be used on output
 957              if(!$mybb->get_input('username'))
 958              {
 959                  $username = '';
 960              }
 961              // Otherwise use the name they specified.
 962              else
 963              {
 964                  $username = $mybb->get_input('username');
 965              }
 966              $uid = 0;
 967          }
 968          // This user is logged in.
 969          else
 970          {
 971              $username = $mybb->user['username'];
 972              $uid = $mybb->user['uid'];
 973          }
 974  
 975          // Set up posthandler.
 976          require_once  MYBB_ROOT."inc/datahandlers/post.php";
 977          $posthandler = new PostDataHandler("insert");
 978          $posthandler->action = "post";
 979  
 980          // Set the post data that came from the input to the $post array.
 981          $post = array(
 982              "tid" => $mybb->get_input('tid', MyBB::INPUT_INT),
 983              "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT),
 984              "fid" => $thread['fid'],
 985              "subject" => $mybb->get_input('subject'),
 986              "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 987              "uid" => $uid,
 988              "username" => $username,
 989              "message" => $mybb->get_input('message'),
 990              "ipaddress" => $session->packedip,
 991              "posthash" => $mybb->get_input('posthash')
 992          );
 993  
 994          if(isset($mybb->input['pid']))
 995          {
 996              $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
 997          }
 998  
 999          $posthandler->set_data($post);
1000  
1001          // Now let the post handler do all the hard work.
1002          $valid_post = $posthandler->verify_message();
1003          $valid_subject = $posthandler->verify_subject();
1004  
1005          // guest post --> verify author
1006          if($post['uid'] == 0)
1007          {
1008              $valid_username = $posthandler->verify_author();
1009          }
1010          else
1011          {
1012              $valid_username = true;
1013          }
1014  
1015          $post_errors = array();
1016          // Fetch friendly error messages if this is an invalid post
1017          if(!$valid_post || !$valid_subject || !$valid_username)
1018          {
1019              $post_errors = $posthandler->get_friendly_errors();
1020          }
1021  
1022          // One or more errors returned, fetch error list and throw to newreply page
1023          if(count($post_errors) > 0)
1024          {
1025              $reply_errors = inline_error($post_errors);
1026          }
1027          else
1028          {
1029              $quote_ids = htmlspecialchars_uni($mybb->get_input('quote_ids'));
1030              $mybb->input['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
1031              $query = $db->query("
1032                  SELECT u.*, f.*
1033                  FROM ".TABLE_PREFIX."users u
1034                  LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
1035                  WHERE u.uid='".$mybb->user['uid']."'
1036              ");
1037              $post = $db->fetch_array($query);
1038              $post['username'] = $username;
1039              if($mybb->user['uid'])
1040              {
1041                  $post['userusername'] = $mybb->user['username'];
1042              }
1043              $post['message'] = $previewmessage;
1044              $post['subject'] = $subject;
1045              $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
1046              $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
1047              if(isset($mybb->input['postoptions']['disablesmilies']))
1048              {
1049                  $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies'];
1050              }
1051              $post['dateline'] = TIME_NOW;
1052              if(isset($mybb->input['postoptions']['signature']))
1053              {
1054                  $post['includesig'] = $mybb->input['postoptions']['signature'];
1055              }
1056              if(!isset($post['includesig']) || $post['includesig'] != 1)
1057              {
1058                  $post['includesig'] = 0;
1059              }
1060  
1061              // Fetch attachments assigned to this post.
1062              if($mybb->get_input('pid', MyBB::INPUT_INT))
1063              {
1064                  $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'";
1065              }
1066              else
1067              {
1068                  $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
1069              }
1070  
1071              $query = $db->simple_select("attachments", "*", $attachwhere);
1072              while($attachment = $db->fetch_array($query))
1073              {
1074                  $attachcache[0][$attachment['aid']] = $attachment;
1075              }
1076  
1077              $postbit = build_postbit($post, 1);
1078              eval("\$preview = \"".$templates->get("previewpost")."\";");
1079          }
1080      }
1081  
1082      $subject = htmlspecialchars_uni($parser->parse_badwords($subject));
1083  
1084      $posthash = htmlspecialchars_uni($mybb->get_input('posthash'));
1085  
1086      // Do we have attachment errors?
1087      if(count($errors) > 0)
1088      {
1089          $reply_errors = inline_error($errors);
1090      }
1091  
1092      // Get a listing of the current attachments.
1093      if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0)
1094      {
1095          $attachcount = 0;
1096          if($pid)
1097          {
1098              $attachwhere = "pid='$pid'";
1099          }
1100          else
1101          {
1102              $attachwhere = "posthash='".$db->escape_string($posthash)."'";
1103          }
1104          $attachments = '';
1105          $query = $db->simple_select("attachments", "*", $attachwhere);
1106          while($attachment = $db->fetch_array($query))
1107          {
1108              $attachment['size'] = get_friendly_size($attachment['filesize']);
1109              $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
1110              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
1111  
1112              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
1113              {
1114                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
1115              }
1116  
1117              $attach_mod_options = '';
1118              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
1119  
1120              if($attachment['visible'] != 1)
1121              {
1122                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
1123              }
1124              else
1125              {
1126                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
1127              }
1128              $attachcount++;
1129          }
1130  
1131          $noshowattach = '';
1132          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
1133          $usage = $db->fetch_array($query);
1134  
1135          if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
1136          {
1137              $noshowattach = 1;
1138          }
1139  
1140          if($mybb->usergroup['attachquota'] == 0)
1141          {
1142              $friendlyquota = $lang->unlimited;
1143          }
1144          else
1145          {
1146              $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
1147          }
1148          $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota);
1149  
1150          $link_viewattachments = '';
1151          if($usage['ausage'] !== NULL)
1152          {
1153              $friendlyusage = get_friendly_size($usage['ausage']);
1154              $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage);
1155              eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";");
1156          }
1157          else
1158          {
1159              $lang->attach_usage = "";
1160          }
1161  
1162          $attach_add_options = '';
1163          if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach)
1164          {
1165              eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";");
1166          }
1167  
1168          $attach_update_options = '';
1169          if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0)
1170          {
1171              eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
1172          }
1173  
1174          if($attach_add_options || $attach_update_options)
1175          {
1176              eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
1177          }
1178  
1179          eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
1180      }
1181      else
1182      {
1183          $attachbox = '';
1184      }
1185  
1186      // If the user is logged in, provide a save draft button.
1187      $savedraftbutton = '';
1188      if($mybb->user['uid'])
1189      {
1190          eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
1191      }
1192  
1193      // Show captcha image for guests if enabled
1194      $captcha = '';
1195      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
1196      {
1197          $correct = false;
1198          require_once  MYBB_ROOT.'inc/class_captcha.php';
1199          $post_captcha = new captcha(false, "post_captcha");
1200  
1201          if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1)
1202          {
1203              // If previewing a post - check their current captcha input - if correct, hide the captcha input area
1204              // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits
1205              if($post_captcha->validate_captcha() == true)
1206              {
1207                  $correct = true;
1208  
1209                  // Generate a hidden list of items for our captcha
1210                  $captcha = $post_captcha->build_hidden_captcha();
1211              }
1212          }
1213  
1214          if(!$correct)
1215          {
1216              if($post_captcha->type == captcha::DEFAULT_CAPTCHA)
1217              {
1218                  $post_captcha->build_captcha();
1219              }
1220              elseif(in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3)))
1221              {
1222                  $post_captcha->build_recaptcha();
1223              }
1224              elseif(in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE)))
1225              {
1226                  $post_captcha->build_hcaptcha();
1227              }
1228          }
1229          else if($correct && (in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3))))
1230          {
1231              $post_captcha->build_recaptcha();
1232          }
1233          else if($correct && (in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE))))
1234          {
1235              $post_captcha->build_hcaptcha();
1236          }
1237  
1238          if($post_captcha->html)
1239          {
1240              $captcha = $post_captcha->html;
1241          }
1242      }
1243  
1244      $reviewmore = '';
1245      $threadreview = '';
1246      if($mybb->settings['threadreview'] != 0)
1247      {
1248          if(is_moderator($fid, "canviewunapprove") || $mybb->settings['showownunapproved'])
1249          {
1250              $visibility = "(visible='1' OR visible='0')";
1251          }
1252          else
1253          {
1254              $visibility = "visible='1'";
1255          }
1256          $query = $db->simple_select("posts", "COUNT(pid) AS post_count", "tid='{$tid}' AND {$visibility}");
1257          $numposts = $db->fetch_field($query, "post_count");
1258  
1259          if($numposts > $mybb->settings['postsperpage'])
1260          {
1261              $numposts = $mybb->settings['postsperpage'];
1262              $lang->thread_review_more = $lang->sprintf($lang->thread_review_more, $mybb->settings['postsperpage'], get_thread_link($tid));
1263              eval("\$reviewmore = \"".$templates->get("newreply_threadreview_more")."\";");
1264          }
1265  
1266          $pidin = array();
1267          $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND {$visibility}", array("order_by" => "dateline DESC, pid DESC", "limit" => $mybb->settings['postsperpage']));
1268          while($post = $db->fetch_array($query))
1269          {
1270              $pidin[] = $post['pid'];
1271          }
1272  
1273          if(!empty($pidin))
1274          {
1275              $pidin = implode(",", $pidin);
1276  
1277              // Fetch attachments
1278              $query = $db->simple_select("attachments", "*", "pid IN ($pidin)");
1279              while($attachment = $db->fetch_array($query))
1280              {
1281                  $attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
1282              }
1283              $query = $db->query("
1284                  SELECT p.*, u.username AS userusername
1285                  FROM ".TABLE_PREFIX."posts p
1286                  LEFT JOIN ".TABLE_PREFIX."users u ON (p.uid=u.uid)
1287                  WHERE pid IN ($pidin)
1288                  ORDER BY dateline DESC, pid DESC
1289              ");
1290              $postsdone = 0;
1291              $altbg = "trow1";
1292              $reviewbits = '';
1293              while($post = $db->fetch_array($query))
1294              {
1295                  if($post['userusername'])
1296                  {
1297                      $post['username'] = $post['userusername'];
1298                  }
1299                  $reviewpostdate = my_date('relative', $post['dateline']);
1300                  $parser_options = array(
1301                      "allow_html" => $forum['allowhtml'],
1302                      "allow_mycode" => $forum['allowmycode'],
1303                      "allow_smilies" => $forum['allowsmilies'],
1304                      "allow_imgcode" => $forum['allowimgcode'],
1305                      "allow_videocode" => $forum['allowvideocode'],
1306                      "me_username" => $post['username'],
1307                      "filter_badwords" => 1
1308                  );
1309                  if($post['smilieoff'] == 1)
1310                  {
1311                      $parser_options['allow_smilies'] = 0;
1312                  }
1313  
1314                  if($mybb->user['uid'] != 0 && $mybb->user['showimages'] != 1 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
1315                  {
1316                      $parser_options['allow_imgcode'] = 0;
1317                  }
1318  
1319                  if($mybb->user['uid'] != 0 && $mybb->user['showvideos'] != 1 || $mybb->settings['guestvideos'] != 1 && $mybb->user['uid'] == 0)
1320                  {
1321                      $parser_options['allow_videocode'] = 0;
1322                  }
1323  
1324                  $post['username'] = htmlspecialchars_uni($post['username']);
1325  
1326                  if($post['visible'] != 1)
1327                  {
1328                      $altbg = "trow_shaded";
1329                  }
1330  
1331                  $plugins->run_hooks("newreply_threadreview_post");
1332  
1333                  $post['message'] = $parser->parse_message($post['message'], $parser_options);
1334                  get_post_attachments($post['pid'], $post);
1335                  $reviewmessage = $post['message'];
1336                  eval("\$reviewbits .= \"".$templates->get("newreply_threadreview_post")."\";");
1337                  if($altbg == "trow1")
1338                  {
1339                      $altbg = "trow2";
1340                  }
1341                  else
1342                  {
1343                      $altbg = "trow1";
1344                  }
1345              }
1346              eval("\$threadreview = \"".$templates->get("newreply_threadreview")."\";");
1347          }
1348      }
1349  
1350      // Hide signature option if no permission
1351      $signature = '';
1352      if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature'])
1353      {
1354          eval("\$signature = \"".$templates->get('newreply_signature')."\";");
1355      }
1356  
1357      // Can we disable smilies or are they disabled already?
1358      $disablesmilies = '';
1359      if($forum['allowsmilies'] != 0)
1360      {
1361          eval("\$disablesmilies = \"".$templates->get("newreply_disablesmilies")."\";");
1362      }
1363  
1364      $postoptions = '';
1365      if(!empty($signature) || !empty($disablesmilies))
1366      {
1367          eval("\$postoptions = \"".$templates->get("newreply_postoptions")."\";");
1368          $bgcolor = "trow2";
1369      }
1370      else
1371      {
1372          $bgcolor = "trow1";
1373      }
1374  
1375      $modoptions = '';
1376      // Show the moderator options.
1377      if(is_moderator($fid))
1378      {
1379          if($mybb->get_input('processed', MyBB::INPUT_INT))
1380          {
1381              $mybb->input['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
1382              if(!isset($mybb->input['modoptions']['closethread']))
1383              {
1384                  $mybb->input['modoptions']['closethread'] = 0;
1385              }
1386              $closed = (int)$mybb->input['modoptions']['closethread'];
1387              if(!isset($mybb->input['modoptions']['stickthread']))
1388              {
1389                  $mybb->input['modoptions']['stickthread'] = 0;
1390              }
1391              $stuck = (int)$mybb->input['modoptions']['stickthread'];
1392          }
1393          else
1394          {
1395              $closed = $thread['closed'];
1396              $stuck = $thread['sticky'];
1397          }
1398  
1399          if($closed)
1400          {
1401              $closecheck = ' checked="checked"';
1402          }
1403          else
1404          {
1405              $closecheck = '';
1406          }
1407  
1408          if($stuck)
1409          {
1410              $stickycheck = ' checked="checked"';
1411          }
1412          else
1413          {
1414              $stickycheck = '';
1415          }
1416  
1417          $closeoption = '';
1418          if(is_moderator($thread['fid'], "canopenclosethreads"))
1419          {
1420              eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";");
1421          }
1422  
1423          $stickoption = '';
1424          if(is_moderator($thread['fid'], "canstickunstickthreads"))
1425          {
1426              eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";");
1427          }
1428  
1429          if(!empty($closeoption) || !empty($stickoption))
1430          {
1431              eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";");
1432              $bgcolor = "trow1";
1433          }
1434          else
1435          {
1436              $bgcolor = "trow2";
1437          }
1438      }
1439      else
1440      {
1441          $bgcolor = "trow2";
1442      }
1443  
1444      // Fetch subscription select box
1445      eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
1446  
1447      $lang->post_reply_to = $lang->sprintf($lang->post_reply_to, $thread['subject']);
1448      $lang->reply_to = $lang->sprintf($lang->reply_to, $thread['subject']);
1449  
1450      // Do we have any forum rules to show for this forum?
1451      $forumrules = '';
1452      if($forum['rulestype'] >= 2 && $forum['rules'])
1453      {
1454          if(!$forum['rulestitle'])
1455          {
1456              $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']);
1457          }
1458  
1459          if(!$parser)
1460          {
1461              require_once  MYBB_ROOT.'inc/class_parser.php';
1462              $parser = new postParser;
1463          }
1464  
1465          $rules_parser = array(
1466              "allow_html" => 1,
1467              "allow_mycode" => 1,
1468              "allow_smilies" => 1,
1469              "allow_imgcode" => 1
1470          );
1471  
1472          $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser);
1473          $foruminfo = $forum;
1474  
1475          if($forum['rulestype'] == 3)
1476          {
1477              eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";");
1478          }
1479          else if($forum['rulestype'] == 2)
1480          {
1481              eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";");
1482          }
1483      }
1484  
1485      $moderation_notice = '';
1486      if(!is_moderator($forum['fid'], "canapproveunapproveattachs"))
1487      {
1488          if($forumpermissions['modattachments'] == 1  && $forumpermissions['canpostattachments'] != 0)
1489          {
1490              $moderation_text = $lang->moderation_forum_attachments;
1491              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1492          }
1493      }
1494      if(!is_moderator($forum['fid'], "canapproveunapproveposts"))
1495      {
1496          if($forumpermissions['modposts'] == 1)
1497          {
1498              $moderation_text = $lang->moderation_forum_posts;
1499              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1500          }
1501  
1502          if($mybb->user['moderateposts'] == 1)
1503          {
1504              $moderation_text = $lang->moderation_user_posts;
1505              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1506          }
1507      }
1508  
1509      $php_max_upload_size = get_php_upload_limit();
1510      $php_max_file_uploads = (int)ini_get('max_file_uploads');
1511      eval("\$post_javascript = \"".$templates->get("post_javascript")."\";");
1512  
1513      $plugins->run_hooks("newreply_end");
1514  
1515      $forum['name'] = strip_tags($forum['name']);
1516  
1517      eval("\$newreply = \"".$templates->get("newreply")."\";");
1518      output_page($newreply);
1519  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref