| [ Index ] |
PHP Cross Reference of MyBB 1.8.40 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 define("IN_MYBB", 1); 12 define('THIS_SCRIPT', 'newreply.php'); 13 14 $templatelist = "newreply,previewpost,loginbox,changeuserbox,posticons,newreply_threadreview,newreply_threadreview_post,forumdisplay_rules_link,newreply_multiquote_external,post_attachments_add,post_subscription_method"; 15 $templatelist .= ",codebuttons,post_attachments_new,post_attachments,post_savedraftbutton,newreply_modoptions,newreply_threadreview_more,postbit_online,postbit_pm,newreply_disablesmilies_hidden,post_attachments_update"; 16 $templatelist .= ",postbit_warninglevel,postbit_author_user,postbit_edit,postbit_quickdelete,postbit_inlinecheck,postbit_posturl,postbit_quote,postbit_multiquote,newreply_modoptions_close,newreply_modoptions_stick"; 17 $templatelist .= ",post_attachments_attachment_postinsert,post_attachments_attachment_remove,post_attachments_attachment_unapproved,post_attachments_attachment,post_attachments_viewlink,postbit_attachments_attachment,newreply_signature"; 18 $templatelist .= ",post_captcha_recaptcha_invisible,post_captcha_hidden,post_captcha,post_captcha_nocaptcha,post_captcha_cfturnstile,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_javascript,postbit_groupimage,postbit_attachments,newreply_postoptions"; 19 $templatelist .= ",postbit_rep_button,postbit_author_guest,postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnailpostbit_attachments_images_image,postbit_attachments_attachment_unapproved"; 20 $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_gotopost,forumdisplay_password_wrongpass,forumdisplay_password,posticons_icon,attachment_icon,postbit_reputation_formatted_link"; 21 $templatelist .= ",global_moderation_notice,newreply_disablesmilies,postbit_userstar,newreply_draftinput,postbit_avatar,forumdisplay_rules,postbit_offline,postbit_find,postbit_warninglevel_formatted,postbit_ignored"; 22 $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,postbit_reputation,postbit_www,postbit_away,postbit_icon,postbit_email,postbit_report,postbit,postbit_warn"; 23 24 require_once "./global.php"; 25 require_once MYBB_ROOT."inc/functions_post.php"; 26 require_once MYBB_ROOT."inc/functions_user.php"; 27 require_once MYBB_ROOT."inc/functions_upload.php"; 28 require_once MYBB_ROOT."inc/class_parser.php"; 29 $parser = new postParser; 30 31 // Load global language phrases 32 $lang->load("newreply"); 33 34 // Get the pid and tid and replyto from the input. 35 $tid = $mybb->get_input('tid', MyBB::INPUT_INT); 36 $replyto = $mybb->get_input('replyto', MyBB::INPUT_INT); 37 38 // AJAX quick reply? 39 if(!empty($mybb->input['ajax'])) 40 { 41 unset($mybb->input['previewpost']); 42 } 43 44 // Edit a draft post. 45 $pid = 0; 46 $editdraftpid = ''; 47 $mybb->input['action'] = $mybb->get_input('action'); 48 if(($mybb->input['action'] == "editdraft" || $mybb->input['action'] == "do_newreply") && $mybb->get_input('pid', MyBB::INPUT_INT)) 49 { 50 $pid = $mybb->get_input('pid', MyBB::INPUT_INT); 51 $post = get_post($pid); 52 if(!$post) 53 { 54 error($lang->error_invalidpost); 55 } 56 else if($mybb->user['uid'] != $post['uid']) 57 { 58 error($lang->error_post_noperms); 59 } 60 $pid = (int)$post['pid']; 61 $tid = (int)$post['tid']; 62 eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";"); 63 } 64 65 // Set up $thread and $forum for later use. 66 $thread = get_thread($tid); 67 if(!$thread) 68 { 69 error($lang->error_invalidthread); 70 } 71 $fid = (int)$thread['fid']; 72 73 // Get forum info 74 $forum = get_forum($fid); 75 if(!$forum) 76 { 77 error($lang->error_invalidforum); 78 } 79 80 // Make navigation 81 build_forum_breadcrumb($fid); 82 $thread_subject = $thread['subject']; 83 $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject'])); 84 add_breadcrumb($thread['subject'], get_thread_link($thread['tid'])); 85 add_breadcrumb($lang->nav_newreply); 86 87 $forumpermissions = forum_permissions($fid); 88 89 // See if everything is valid up to here. 90 if(isset($post) && (($post['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || ($post['visible'] < 0 && $post['uid'] != $mybb->user['uid']))) 91 { 92 if($post['visible'] == 0 && !($mybb->settings['showownunapproved'] && $post['uid'] == $mybb->user['uid'])) 93 { 94 error($lang->error_invalidpost); 95 } 96 } 97 if(($thread['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || $thread['visible'] < 0) 98 { 99 if($thread['visible'] == 0 && !($mybb->settings['showownunapproved'] && $thread['uid'] == $mybb->user['uid'])) 100 { 101 error($lang->error_invalidthread); 102 } 103 } 104 if($forum['open'] == 0 || $forum['type'] != "f") 105 { 106 error($lang->error_closedinvalidforum); 107 } 108 if($forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0) 109 { 110 error_no_permission(); 111 } 112 113 if($mybb->user['suspendposting'] == 1) 114 { 115 $suspendedpostingtype = $lang->error_suspendedposting_permanent; 116 if($mybb->user['suspensiontime']) 117 { 118 $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime'])); 119 } 120 121 $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime'])); 122 123 error($lang->error_suspendedposting); 124 } 125 126 if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid']) 127 { 128 error_no_permission(); 129 } 130 131 if(isset($forumpermissions['canonlyreplyownthreads']) && $forumpermissions['canonlyreplyownthreads'] == 1 && $thread['uid'] != $mybb->user['uid']) 132 { 133 error_no_permission(); 134 } 135 136 // Coming from quick reply and not a preview call? Set subscription method 137 if($mybb->get_input('method') == "quickreply" && !isset($mybb->input['previewpost'])) 138 { 139 $mybb->input['postoptions']['subscriptionmethod'] = get_subscription_method($mybb->get_input('tid', MyBB::INPUT_INT)); 140 } 141 142 // Check if this forum is password protected and we have a valid password 143 check_forum_password($forum['fid']); 144 145 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 146 { 147 $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']); 148 if($forum['allowsmilies'] != 0) 149 { 150 $smilieinserter = build_clickable_smilies(); 151 } 152 } 153 154 // Display a login box or change user box? 155 if($mybb->user['uid'] != 0) 156 { 157 $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']); 158 eval("\$loginbox = \"".$templates->get("changeuserbox")."\";"); 159 } 160 else 161 { 162 if(empty($mybb->input['previewpost']) && $mybb->input['action'] != "do_newreply") 163 { 164 $username = ''; 165 } 166 else 167 { 168 $username = htmlspecialchars_uni($mybb->get_input('username')); 169 } 170 eval("\$loginbox = \"".$templates->get("loginbox")."\";"); 171 } 172 173 // Check to see if the thread is closed, and if the user is a mod. 174 if(!is_moderator($fid, "canpostclosedthreads")) 175 { 176 if($thread['closed'] == 1) 177 { 178 error($lang->redirect_threadclosed); 179 } 180 } 181 182 // No weird actions allowed, show new reply form if no regular action. 183 if($mybb->input['action'] != "do_newreply" && $mybb->input['action'] != "editdraft") 184 { 185 $mybb->input['action'] = "newreply"; 186 } 187 188 // Even if we are previewing, still show the new reply form. 189 if(!empty($mybb->input['previewpost'])) 190 { 191 $mybb->input['action'] = "newreply"; 192 } 193 194 // Setup a unique posthash for attachment management 195 if(!$mybb->get_input('posthash') && !$pid) 196 { 197 $mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].random_str()); 198 } 199 200 if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1) 201 { 202 error($lang->error_empty_post_input); 203 } 204 205 $errors = array(); 206 $maximageserror = $attacherror = ''; 207 if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_newreply" && $mybb->get_input('submit')) || ($mybb->input['action'] == "newreply" && isset($mybb->input['previewpost'])) || isset($mybb->input['savedraft'])) && !empty($_FILES['attachments'])))) 208 { 209 // Verify incoming POST request 210 verify_post_check($mybb->get_input('my_post_key')); 211 212 if($pid) 213 { 214 $attachwhere = "pid='{$pid}'"; 215 } 216 else 217 { 218 $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'"; 219 } 220 221 $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newreply"); 222 223 if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1) 224 { 225 if(isset($ret['success'])) 226 { 227 $attachment = array('aid'=>'{1}', 'icon'=>'{2}', 'filename'=>'{3}', 'size'=>'{4}'); 228 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0) 229 { 230 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 231 } 232 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 233 $attach_mod_options = ''; 234 eval("\$attemplate = \"".$templates->get("post_attachments_attachment")."\";"); 235 $ret['template'] = $attemplate; 236 237 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 238 $usage = $db->fetch_array($query); 239 $ret['usage'] = get_friendly_size($usage['ausage']); 240 } 241 242 header("Content-type: application/json; charset={$lang->settings['charset']}"); 243 echo json_encode($ret); 244 exit(); 245 } 246 247 if(!empty($ret['errors'])) 248 { 249 $errors = $ret['errors']; 250 } 251 252 // If we were dealing with an attachment but didn't click 'Post Reply' or 'Save as Draft', force the new reply page again. 253 if(!$mybb->get_input('submit') && !$mybb->get_input('savedraft')) 254 { 255 eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";"); 256 $mybb->input['action'] = "newreply"; 257 } 258 } 259 260 detect_attachmentact(); 261 262 // Remove an attachment. 263 if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove") 264 { 265 // Verify incoming POST request 266 verify_post_check($mybb->get_input('my_post_key')); 267 268 remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT)); 269 270 if(!$mybb->get_input('submit')) 271 { 272 eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";"); 273 $mybb->input['action'] = "newreply"; 274 } 275 276 if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1) 277 { 278 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 279 $usage = $db->fetch_array($query); 280 281 header("Content-type: application/json; charset={$lang->settings['charset']}"); 282 echo json_encode(array("success" => true, "usage" => get_friendly_size($usage['ausage']))); 283 exit(); 284 } 285 } 286 287 $reply_errors = $quoted_ids = ''; 288 $hide_captcha = false; 289 290 // Check the maximum posts per day for this user 291 if($mybb->usergroup['maxposts'] > 0) 292 { 293 $daycut = TIME_NOW-60*60*24; 294 $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible !='-1' AND dateline>{$daycut}"); 295 $post_count = $db->fetch_field($query, "posts_today"); 296 if($post_count >= $mybb->usergroup['maxposts']) 297 { 298 $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']); 299 error($lang->error_maxposts); 300 } 301 } 302 303 if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1) 304 { 305 $mybb->settings['postsperpage'] = 20; 306 } 307 308 if($mybb->input['action'] == "do_newreply" && $mybb->request_method == "post") 309 { 310 // Verify incoming POST request 311 verify_post_check($mybb->get_input('my_post_key')); 312 313 $plugins->run_hooks("newreply_do_newreply_start"); 314 315 // If this isn't a logged in user, then we need to do some special validation. 316 if($mybb->user['uid'] == 0) 317 { 318 // If they didn't specify a username leave blank so $lang->guest can be used on output 319 if(!$mybb->get_input('username')) 320 { 321 $username = ''; 322 } 323 // Otherwise use the name they specified. 324 else 325 { 326 $username = $mybb->get_input('username'); 327 } 328 $uid = 0; 329 330 331 if($mybb->settings['stopforumspam_on_newreply']) 332 { 333 require_once MYBB_ROOT . '/inc/class_stopforumspamchecker.php'; 334 335 $stop_forum_spam_checker = new StopForumSpamChecker( 336 $plugins, 337 $mybb->settings['stopforumspam_min_weighting_before_spam'], 338 $mybb->settings['stopforumspam_check_usernames'], 339 $mybb->settings['stopforumspam_check_emails'], 340 $mybb->settings['stopforumspam_check_ips'], 341 $mybb->settings['stopforumspam_log_blocks'] 342 ); 343 344 try { 345 if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip())) 346 { 347 error($lang->sprintf($lang->error_stop_forum_spam_spammer, 348 $stop_forum_spam_checker->getErrorText(array( 349 'stopforumspam_check_usernames', 350 'stopforumspam_check_ips' 351 )))); 352 } 353 } 354 catch (Exception $e) 355 { 356 if($mybb->settings['stopforumspam_block_on_error']) 357 { 358 error($lang->error_stop_forum_spam_fetching); 359 } 360 } 361 } 362 } 363 // This user is logged in. 364 else 365 { 366 $username = $mybb->user['username']; 367 $uid = $mybb->user['uid']; 368 } 369 370 // Attempt to see if this post is a duplicate or not 371 if($uid > 0) 372 { 373 $user_check = "p.uid='{$uid}'"; 374 } 375 else 376 { 377 $user_check = "p.ipaddress=".$db->escape_binary($session->packedip); 378 } 379 if(!$mybb->get_input('savedraft')) 380 { 381 $query = $db->simple_select("posts p", "p.pid, p.visible", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.visible > -1 AND p.dateline>".(TIME_NOW-600)); 382 if($db->num_rows($query) > 0) 383 { 384 error($lang->error_post_already_submitted); 385 } 386 } 387 388 // Set up posthandler. 389 require_once MYBB_ROOT."inc/datahandlers/post.php"; 390 $posthandler = new PostDataHandler("insert"); 391 392 // Set the post data that came from the input to the $post array. 393 $post = array( 394 "tid" => $mybb->get_input('tid', MyBB::INPUT_INT), 395 "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT), 396 "fid" => $thread['fid'], 397 "subject" => $mybb->get_input('subject'), 398 "icon" => $mybb->get_input('icon', MyBB::INPUT_INT), 399 "uid" => $uid, 400 "username" => $username, 401 "message" => $mybb->get_input('message'), 402 "ipaddress" => $session->packedip, 403 "posthash" => $mybb->get_input('posthash') 404 ); 405 406 if(isset($mybb->input['pid'])) 407 { 408 $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT); 409 } 410 411 // Are we saving a draft post? 412 if($mybb->get_input('savedraft') && $mybb->user['uid']) 413 { 414 $post['savedraft'] = 1; 415 } 416 else 417 { 418 $post['savedraft'] = 0; 419 } 420 421 $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 422 if(!isset($postoptions['signature'])) 423 { 424 $postoptions['signature'] = 0; 425 } 426 if(!isset($postoptions['subscriptionmethod'])) 427 { 428 $postoptions['subscriptionmethod'] = 0; 429 } 430 if(!isset($postoptions['disablesmilies'])) 431 { 432 $postoptions['disablesmilies'] = 0; 433 } 434 435 // Set up the post options from the input. 436 $post['options'] = array( 437 "signature" => $postoptions['signature'], 438 "subscriptionmethod" => $postoptions['subscriptionmethod'], 439 "disablesmilies" => $postoptions['disablesmilies'] 440 ); 441 442 // Apply moderation options if we have them 443 $post['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY); 444 445 $posthandler->set_data($post); 446 447 // Now let the post handler do all the hard work. 448 $valid_post = $posthandler->validate_post(); 449 450 $post_errors = array(); 451 // Fetch friendly error messages if this is an invalid post 452 if(!$valid_post) 453 { 454 $post_errors = $posthandler->get_friendly_errors(); 455 } 456 457 // Mark thread as read 458 require_once MYBB_ROOT."inc/functions_indicators.php"; 459 mark_thread_read($tid, $fid); 460 461 $json_data = ''; 462 463 // Check captcha image 464 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 465 { 466 require_once MYBB_ROOT.'inc/class_captcha.php'; 467 $post_captcha = new captcha(false, "post_captcha"); 468 469 if($post_captcha->validate_captcha() == false) 470 { 471 // CAPTCHA validation failed 472 foreach($post_captcha->get_errors() as $error) 473 { 474 $post_errors[] = $error; 475 } 476 } 477 else 478 { 479 $hide_captcha = true; 480 } 481 482 if($mybb->get_input('ajax', MyBB::INPUT_INT) && $post_captcha->type == 1) 483 { 484 $randomstr = random_str(5); 485 $imagehash = md5(random_str(12)); 486 487 $imagearray = array( 488 "imagehash" => $imagehash, 489 "imagestring" => $randomstr, 490 "dateline" => TIME_NOW 491 ); 492 493 $db->insert_query("captcha", $imagearray); 494 495 //header("Content-type: text/html; charset={$lang->settings['charset']}"); 496 $data = ''; 497 $data .= "<captcha>$imagehash"; 498 499 if($hide_captcha) 500 { 501 $data .= "|$randomstr"; 502 } 503 504 $data .= "</captcha>"; 505 506 //header("Content-type: application/json; charset={$lang->settings['charset']}"); 507 $json_data = array("data" => $data); 508 } 509 } 510 511 // One or more errors returned, fetch error list and throw to newreply page 512 if(count($post_errors) > 0) 513 { 514 $reply_errors = inline_error($post_errors, '', $json_data); 515 $mybb->input['action'] = "newreply"; 516 } 517 else 518 { 519 $postinfo = $posthandler->insert_post(); 520 $pid = $postinfo['pid']; 521 $visible = $postinfo['visible']; 522 523 if(isset($postinfo['closed'])) 524 { 525 $closed = $postinfo['closed']; 526 } 527 else 528 { 529 $closed = ''; 530 } 531 532 // Invalidate solved captcha 533 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 534 { 535 $post_captcha->invalidate_captcha(); 536 } 537 538 $force_redirect = false; 539 540 // Deciding the fate 541 if($visible == -2) 542 { 543 // Draft post 544 $lang->redirect_newreply = $lang->draft_saved; 545 $url = "usercp.php?action=drafts"; 546 } 547 elseif($visible == 1) 548 { 549 // Visible post 550 $lang->redirect_newreply .= $lang->redirect_newreply_post; 551 $url = get_post_link($pid, $tid)."#pid{$pid}"; 552 } 553 else 554 { 555 // Moderated post 556 $lang->redirect_newreply .= '<br />'.$lang->redirect_newreply_moderation; 557 $url = get_thread_link($tid); 558 559 // User must see moderation notice, regardless of redirect settings 560 $force_redirect = true; 561 } 562 563 // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected 564 if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0) 565 { 566 // We quoted all posts - remove the entire cookie 567 if($mybb->get_input('quoted_ids') == "all") 568 { 569 my_unsetcookie("multiquote"); 570 } 571 // Only quoted a few - attempt to remove them from the cookie 572 else 573 { 574 $quoted_ids = explode("|", $mybb->get_input('quoted_ids')); 575 $multiquote = explode("|", $mybb->cookies['multiquote']); 576 if(!empty($multiquote) && !empty($quoted_ids)) 577 { 578 foreach($multiquote as $key => $quoteid) 579 { 580 // If this ID was quoted, remove it from the multiquote list 581 if(in_array($quoteid, $quoted_ids)) 582 { 583 unset($multiquote[$key]); 584 } 585 } 586 // Still have an array - set the new cookie 587 if(!empty($multiquote)) 588 { 589 $new_multiquote = implode(",", $multiquote); 590 my_setcookie("multiquote", $new_multiquote); 591 } 592 // Otherwise, unset it 593 else 594 { 595 my_unsetcookie("multiquote"); 596 } 597 } 598 } 599 } 600 601 $plugins->run_hooks("newreply_do_newreply_end"); 602 603 // This was a post made via the ajax quick reply - we need to do some special things here 604 if($mybb->get_input('ajax', MyBB::INPUT_INT)) 605 { 606 // Visible post 607 if($visible == 1) 608 { 609 // Set post counter 610 $postcounter = $thread['replies'] + 1; 611 612 if(is_moderator($fid, "canviewunapprove")) 613 { 614 $postcounter += $thread['unapprovedposts']; 615 } 616 if(is_moderator($fid, "canviewdeleted")) 617 { 618 $postcounter += $thread['deletedposts']; 619 } 620 621 // Was there a new post since we hit the quick reply button? 622 if($mybb->get_input('lastpid', MyBB::INPUT_INT)) 623 { 624 $query = $db->simple_select("posts", "pid", "tid = '{$tid}' AND pid != '{$pid}'", array("order_by" => "pid", "order_dir" => "desc")); 625 $new_post = $db->fetch_array($query); 626 if($new_post['pid'] != $mybb->get_input('lastpid', MyBB::INPUT_INT)) 627 { 628 redirect(get_thread_link($tid, 0, "lastpost")); 629 } 630 } 631 632 // Lets see if this post is on the same page as the one we're viewing or not 633 // if it isn't, redirect us 634 if($mybb->settings['postsperpage'] > 0) 635 { 636 $post_page = ceil(($postcounter + 1) / $mybb->settings['postsperpage']); 637 } 638 else 639 { 640 $post_page = 1; 641 } 642 643 if($post_page > $mybb->get_input('from_page', MyBB::INPUT_INT)) 644 { 645 redirect(get_thread_link($tid, 0, "lastpost")); 646 exit; 647 } 648 649 // Return the post HTML and display it inline 650 $query = $db->query(" 651 SELECT u.*, u.username AS userusername, p.*, f.*, eu.username AS editusername 652 FROM ".TABLE_PREFIX."posts p 653 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 654 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 655 LEFT JOIN ".TABLE_PREFIX."users eu ON (eu.uid=p.edituid) 656 WHERE p.pid='{$pid}' 657 "); 658 $post = $db->fetch_array($query); 659 660 // Now lets fetch all of the attachments for this post 661 $query = $db->simple_select("attachments", "*", "pid='{$pid}'"); 662 while($attachment = $db->fetch_array($query)) 663 { 664 $attachcache[$attachment['pid']][$attachment['aid']] = $attachment; 665 } 666 667 // Establish altbg - may seem like this is backwards, but build_postbit reverses it 668 if(($postcounter - $mybb->settings['postsperpage']) % 2 != 0) 669 { 670 $altbg = "trow1"; 671 } 672 else 673 { 674 $altbg = "trow2"; 675 } 676 677 $charset = "UTF-8"; 678 if($lang->settings['charset']) 679 { 680 $charset = $lang->settings['charset']; 681 } 682 683 require_once MYBB_ROOT."inc/functions_post.php"; 684 $pid = $post['pid']; 685 $post = build_postbit($post); 686 687 $data = ''; 688 $data .= $post; 689 690 // Build a new posthash incase the user wishes to quick reply again 691 $new_posthash = md5($mybb->user['uid'].random_str()); 692 $data .= "<script type=\"text/javascript\">\n"; 693 $data .= "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n"; 694 $data .= "if(typeof(inlineModeration) != 'undefined') { 695 $('#inlinemod_{$pid}').on(\"click\", function(e) { 696 inlineModeration.checkItem(); 697 }); 698 }\n"; 699 700 if($closed == 1) 701 { 702 $data .= "$('#quick_reply_form .trow1').removeClass('trow1 trow2').addClass('trow_shaded');\n"; 703 } 704 else 705 { 706 $data .= "$('#quick_reply_form .trow_shaded').removeClass('trow_shaded').addClass('trow1');\n"; 707 } 708 709 $data .= "</script>\n"; 710 711 header("Content-type: application/json; charset={$lang->settings['charset']}"); 712 echo json_encode(array("data" => $data)); 713 714 exit; 715 } 716 // Post is in the moderation queue 717 else 718 { 719 redirect(get_thread_link($tid, 0, "lastpost"), $lang->redirect_newreply_moderation, "", true); 720 exit; 721 } 722 } 723 else 724 { 725 $lang->redirect_newreply .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid)); 726 redirect($url, $lang->redirect_newreply, "", $force_redirect); 727 exit; 728 } 729 } 730 } 731 732 // Show the newreply form. 733 if($mybb->input['action'] == "newreply" || $mybb->input['action'] == "editdraft") 734 { 735 $plugins->run_hooks("newreply_start"); 736 737 $quote_ids = $multiquote_external = ''; 738 // If this isn't a preview and we're not editing a draft, then handle quoted posts 739 if(empty($mybb->input['previewpost']) && !$reply_errors && $mybb->input['action'] != "editdraft" && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && !$mybb->get_input('newattachment') && !$mybb->get_input('updateattachment')) 740 { 741 $message = ''; 742 $quoted_posts = array(); 743 // Handle multiquote 744 if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0) 745 { 746 $multiquoted = explode("|", $mybb->cookies['multiquote']); 747 foreach($multiquoted as $post) 748 { 749 $quoted_posts[$post] = (int)$post; 750 } 751 } 752 // Handle incoming 'quote' button 753 if($replyto) 754 { 755 $quoted_posts[$replyto] = $replyto; 756 } 757 758 // Quoting more than one post - fetch them 759 if(count($quoted_posts) > 0) 760 { 761 $external_quotes = 0; 762 $quoted_posts = implode(",", $quoted_posts); 763 $quoted_ids = array(); 764 $unviewable_forums = get_unviewable_forums(); 765 $inactiveforums = get_inactive_forums(); 766 if($unviewable_forums) 767 { 768 $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})"; 769 } 770 if($inactiveforums) 771 { 772 $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})"; 773 } 774 775 // Check group permissions if we can't view threads not started by us 776 $group_permissions = forum_permissions(); 777 $onlyusfids = array(); 778 $onlyusforums = ''; 779 foreach($group_permissions as $gpfid => $forum_permissions) 780 { 781 if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1) 782 { 783 $onlyusfids[] = $gpfid; 784 } 785 } 786 if(!empty($onlyusfids)) 787 { 788 $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))"; 789 } 790 791 if(is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted')) 792 { 793 $visible_where = "AND p.visible IN (-1,0,1)"; 794 } 795 elseif(is_moderator($fid, 'canviewunapprove') && !is_moderator($fid, 'canviewdeleted')) 796 { 797 $visible_where = "AND p.visible IN (0,1)"; 798 } 799 elseif(!is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted')) 800 { 801 $visible_where = "AND p.visible IN (-1,1)"; 802 } 803 else 804 { 805 $visible_where = "AND p.visible=1"; 806 } 807 808 require_once MYBB_ROOT."inc/functions_posting.php"; 809 $query = $db->query(" 810 SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername 811 FROM ".TABLE_PREFIX."posts p 812 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 813 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 814 WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where} 815 "); 816 $load_all = $mybb->get_input('load_all_quotes', MyBB::INPUT_INT); 817 while($quoted_post = $db->fetch_array($query)) 818 { 819 // Only show messages for the current thread 820 if($quoted_post['tid'] == $tid || $load_all == 1) 821 { 822 // If this post was the post for which a quote button was clicked, set the subject 823 if($replyto == $quoted_post['pid']) 824 { 825 $subject = preg_replace('#^RE:\s?#i', '', $quoted_post['subject']); 826 // Subject too long? Shorten it to avoid error message 827 if(my_strlen($subject) > 85) 828 { 829 $subject = my_substr($subject, 0, 82).'...'; 830 } 831 $subject = "RE: ".$subject; 832 } 833 $message .= parse_quoted_message($quoted_post); 834 $quoted_ids[] = $quoted_post['pid']; 835 } 836 // Count the rest 837 else 838 { 839 ++$external_quotes; 840 } 841 } 842 if($mybb->settings['maxquotedepth'] != '0') 843 { 844 $message = remove_message_quotes($message); 845 } 846 if($external_quotes > 0) 847 { 848 if($external_quotes == 1) 849 { 850 $multiquote_text = $lang->multiquote_external_one; 851 $multiquote_deselect = $lang->multiquote_external_one_deselect; 852 $multiquote_quote = $lang->multiquote_external_one_quote; 853 } 854 else 855 { 856 $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes); 857 $multiquote_deselect = $lang->multiquote_external_deselect; 858 $multiquote_quote = $lang->multiquote_external_quote; 859 } 860 eval("\$multiquote_external = \"".$templates->get("newreply_multiquote_external")."\";"); 861 } 862 $quoted_ids = implode("|", $quoted_ids); 863 } 864 } 865 866 if(isset($mybb->input['quoted_ids'])) 867 { 868 $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids')); 869 } 870 871 if(isset($mybb->input['previewpost'])) 872 { 873 $previewmessage = $mybb->get_input('message'); 874 } 875 if(empty($message)) 876 { 877 $message = $mybb->get_input('message'); 878 } 879 $message = htmlspecialchars_uni($message); 880 881 $postoptionschecked = array('signature' => '', 'disablesmilies' => ''); 882 $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = ''; 883 884 // Set up the post options. 885 if(!empty($mybb->input['previewpost']) || $reply_errors != '') 886 { 887 $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 888 889 if(isset($postoptions['signature']) && $postoptions['signature'] == 1) 890 { 891 $postoptionschecked['signature'] = " checked=\"checked\""; 892 } 893 if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1) 894 { 895 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 896 } 897 $subscription_method = get_subscription_method($tid, $postoptions); 898 $subject = $mybb->input['subject']; 899 } 900 elseif($mybb->input['action'] == "editdraft" && $mybb->user['uid']) 901 { 902 $message = htmlspecialchars_uni($post['message']); 903 $subject = $post['subject']; 904 if($post['includesig'] != 0) 905 { 906 $postoptionschecked['signature'] = " checked=\"checked\""; 907 } 908 if($post['smilieoff'] == 1) 909 { 910 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 911 } 912 $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts 913 $mybb->input['icon'] = $post['icon']; 914 } 915 else 916 { 917 if($mybb->user['signature'] != '') 918 { 919 $postoptionschecked['signature'] = " checked=\"checked\""; 920 } 921 $subscription_method = get_subscription_method($tid); 922 } 923 ${$subscription_method.'subscribe'} = "checked=\"checked\" "; 924 925 $posticons = ''; 926 927 if($mybb->settings['allowposticons'] == 1 && $forum['allowpicons'] != 0) 928 { 929 $posticons = get_post_icons(); 930 } 931 932 // No subject? 933 if(!isset($subject)) 934 { 935 if(!empty($mybb->input['subject'])) 936 { 937 $subject = $mybb->get_input('subject'); 938 } 939 else 940 { 941 $subject = $thread_subject; 942 // Subject too long? Shorten it to avoid error message 943 if(my_strlen($subject) > 85) 944 { 945 $subject = my_substr($subject, 0, 82).'...'; 946 } 947 $subject = "RE: ".$subject; 948 } 949 } 950 951 // Preview a post that was written. 952 $preview = ''; 953 if(!empty($mybb->input['previewpost'])) 954 { 955 // If this isn't a logged in user, then we need to do some special validation. 956 if($mybb->user['uid'] == 0) 957 { 958 // If they didn't specify a username leave blank so $lang->guest can be used on output 959 if(!$mybb->get_input('username')) 960 { 961 $username = ''; 962 } 963 // Otherwise use the name they specified. 964 else 965 { 966 $username = $mybb->get_input('username'); 967 } 968 $uid = 0; 969 } 970 // This user is logged in. 971 else 972 { 973 $username = $mybb->user['username']; 974 $uid = $mybb->user['uid']; 975 } 976 977 // Set up posthandler. 978 require_once MYBB_ROOT."inc/datahandlers/post.php"; 979 $posthandler = new PostDataHandler("insert"); 980 $posthandler->action = "post"; 981 982 // Set the post data that came from the input to the $post array. 983 $post = array( 984 "tid" => $mybb->get_input('tid', MyBB::INPUT_INT), 985 "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT), 986 "fid" => $thread['fid'], 987 "subject" => $mybb->get_input('subject'), 988 "icon" => $mybb->get_input('icon', MyBB::INPUT_INT), 989 "uid" => $uid, 990 "username" => $username, 991 "message" => $mybb->get_input('message'), 992 "ipaddress" => $session->packedip, 993 "posthash" => $mybb->get_input('posthash') 994 ); 995 996 if(isset($mybb->input['pid'])) 997 { 998 $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT); 999 } 1000 1001 $posthandler->set_data($post); 1002 1003 // Now let the post handler do all the hard work. 1004 $valid_post = $posthandler->verify_message(); 1005 $valid_subject = $posthandler->verify_subject(); 1006 1007 // guest post --> verify author 1008 if($post['uid'] == 0) 1009 { 1010 $valid_username = $posthandler->verify_author(); 1011 } 1012 else 1013 { 1014 $valid_username = true; 1015 } 1016 1017 $post_errors = array(); 1018 // Fetch friendly error messages if this is an invalid post 1019 if(!$valid_post || !$valid_subject || !$valid_username) 1020 { 1021 $post_errors = $posthandler->get_friendly_errors(); 1022 } 1023 1024 // One or more errors returned, fetch error list and throw to newreply page 1025 if(count($post_errors) > 0) 1026 { 1027 $reply_errors = inline_error($post_errors); 1028 } 1029 else 1030 { 1031 $quote_ids = htmlspecialchars_uni($mybb->get_input('quote_ids')); 1032 $mybb->input['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT); 1033 $query = $db->query(" 1034 SELECT u.*, f.* 1035 FROM ".TABLE_PREFIX."users u 1036 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 1037 WHERE u.uid='".$mybb->user['uid']."' 1038 "); 1039 $post = $db->fetch_array($query); 1040 $post['username'] = $username; 1041 if($mybb->user['uid']) 1042 { 1043 $post['userusername'] = $mybb->user['username']; 1044 } 1045 $post['message'] = $previewmessage; 1046 $post['subject'] = $subject; 1047 $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT); 1048 $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 1049 if(isset($mybb->input['postoptions']['disablesmilies'])) 1050 { 1051 $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies']; 1052 } 1053 $post['dateline'] = TIME_NOW; 1054 if(isset($mybb->input['postoptions']['signature'])) 1055 { 1056 $post['includesig'] = $mybb->input['postoptions']['signature']; 1057 } 1058 if(!isset($post['includesig']) || $post['includesig'] != 1) 1059 { 1060 $post['includesig'] = 0; 1061 } 1062 1063 // Fetch attachments assigned to this post. 1064 if($mybb->get_input('pid', MyBB::INPUT_INT)) 1065 { 1066 $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'"; 1067 } 1068 else 1069 { 1070 $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'"; 1071 } 1072 1073 $query = $db->simple_select("attachments", "*", $attachwhere); 1074 while($attachment = $db->fetch_array($query)) 1075 { 1076 $attachcache[0][$attachment['aid']] = $attachment; 1077 } 1078 1079 $postbit = build_postbit($post, 1); 1080 eval("\$preview = \"".$templates->get("previewpost")."\";"); 1081 } 1082 } 1083 1084 $subject = htmlspecialchars_uni($parser->parse_badwords($subject)); 1085 1086 $posthash = htmlspecialchars_uni($mybb->get_input('posthash')); 1087 1088 // Do we have attachment errors? 1089 if(count($errors) > 0) 1090 { 1091 $reply_errors = inline_error($errors); 1092 } 1093 1094 // Get a listing of the current attachments. 1095 if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0) 1096 { 1097 $attachcount = 0; 1098 if($pid) 1099 { 1100 $attachwhere = "pid='$pid'"; 1101 } 1102 else 1103 { 1104 $attachwhere = "posthash='".$db->escape_string($posthash)."'"; 1105 } 1106 $attachments = ''; 1107 $query = $db->simple_select("attachments", "*", $attachwhere); 1108 while($attachment = $db->fetch_array($query)) 1109 { 1110 $attachment['size'] = get_friendly_size($attachment['filesize']); 1111 $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename'])); 1112 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 1113 1114 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 1115 { 1116 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 1117 } 1118 1119 $attach_mod_options = ''; 1120 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 1121 1122 if($attachment['visible'] != 1) 1123 { 1124 eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";"); 1125 } 1126 else 1127 { 1128 eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";"); 1129 } 1130 $attachcount++; 1131 } 1132 1133 $noshowattach = ''; 1134 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 1135 $usage = $db->fetch_array($query); 1136 1137 if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0) 1138 { 1139 $noshowattach = 1; 1140 } 1141 1142 if($mybb->usergroup['attachquota'] == 0) 1143 { 1144 $friendlyquota = $lang->unlimited; 1145 } 1146 else 1147 { 1148 $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024); 1149 } 1150 $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota); 1151 1152 $link_viewattachments = ''; 1153 if($usage['ausage'] !== NULL) 1154 { 1155 $friendlyusage = get_friendly_size($usage['ausage']); 1156 $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage); 1157 eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";"); 1158 } 1159 else 1160 { 1161 $lang->attach_usage = ""; 1162 } 1163 1164 $attach_add_options = ''; 1165 if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach) 1166 { 1167 eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";"); 1168 } 1169 1170 $attach_update_options = ''; 1171 if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0) 1172 { 1173 eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";"); 1174 } 1175 1176 if($attach_add_options || $attach_update_options) 1177 { 1178 eval("\$newattach = \"".$templates->get("post_attachments_new")."\";"); 1179 } 1180 1181 eval("\$attachbox = \"".$templates->get("post_attachments")."\";"); 1182 } 1183 else 1184 { 1185 $attachbox = ''; 1186 } 1187 1188 // If the user is logged in, provide a save draft button. 1189 $savedraftbutton = ''; 1190 if($mybb->user['uid']) 1191 { 1192 eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";"); 1193 } 1194 1195 // Show captcha image for guests if enabled 1196 $captcha = ''; 1197 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 1198 { 1199 $correct = false; 1200 require_once MYBB_ROOT.'inc/class_captcha.php'; 1201 $post_captcha = new captcha(false, "post_captcha"); 1202 1203 if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1) 1204 { 1205 // If previewing a post - check their current captcha input - if correct, hide the captcha input area 1206 // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits 1207 if($post_captcha->validate_captcha() == true) 1208 { 1209 $correct = true; 1210 1211 // Generate a hidden list of items for our captcha 1212 $captcha = $post_captcha->build_hidden_captcha(); 1213 } 1214 } 1215 1216 if(!$correct) 1217 { 1218 if($post_captcha->type == captcha::DEFAULT_CAPTCHA) 1219 { 1220 $post_captcha->build_captcha(); 1221 } 1222 elseif(in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3))) 1223 { 1224 $post_captcha->build_recaptcha(); 1225 } 1226 elseif(in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE))) 1227 { 1228 $post_captcha->build_hcaptcha(); 1229 } 1230 elseif($post_captcha->type == captcha::CFTURNSTILE) 1231 { 1232 $post_captcha->build_cfturnstile(); 1233 } 1234 } 1235 else if($correct && (in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3)))) 1236 { 1237 $post_captcha->build_recaptcha(); 1238 } 1239 else if($correct && (in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE)))) 1240 { 1241 $post_captcha->build_hcaptcha(); 1242 } 1243 else if($correct && ($post_captcha->type == captcha::CFTURNSTILE)) 1244 { 1245 $post_captcha->build_cfturnstile(); 1246 } 1247 1248 if($post_captcha->html) 1249 { 1250 $captcha = $post_captcha->html; 1251 } 1252 } 1253 1254 $reviewmore = ''; 1255 $threadreview = ''; 1256 if($mybb->settings['threadreview'] != 0) 1257 { 1258 if(is_moderator($fid, "canviewunapprove") || $mybb->settings['showownunapproved']) 1259 { 1260 $visibility = "(visible='1' OR visible='0')"; 1261 } 1262 else 1263 { 1264 $visibility = "visible='1'"; 1265 } 1266 $query = $db->simple_select("posts", "COUNT(pid) AS post_count", "tid='{$tid}' AND {$visibility}"); 1267 $numposts = $db->fetch_field($query, "post_count"); 1268 1269 if($numposts > $mybb->settings['postsperpage']) 1270 { 1271 $numposts = $mybb->settings['postsperpage']; 1272 $lang->thread_review_more = $lang->sprintf($lang->thread_review_more, $mybb->settings['postsperpage'], get_thread_link($tid)); 1273 eval("\$reviewmore = \"".$templates->get("newreply_threadreview_more")."\";"); 1274 } 1275 1276 $pidin = array(); 1277 $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND {$visibility}", array("order_by" => "dateline DESC, pid DESC", "limit" => $mybb->settings['postsperpage'])); 1278 while($post = $db->fetch_array($query)) 1279 { 1280 $pidin[] = $post['pid']; 1281 } 1282 1283 if(!empty($pidin)) 1284 { 1285 $pidin = implode(",", $pidin); 1286 1287 // Fetch attachments 1288 $query = $db->simple_select("attachments", "*", "pid IN ($pidin)"); 1289 while($attachment = $db->fetch_array($query)) 1290 { 1291 $attachcache[$attachment['pid']][$attachment['aid']] = $attachment; 1292 } 1293 $query = $db->query(" 1294 SELECT p.*, u.username AS userusername 1295 FROM ".TABLE_PREFIX."posts p 1296 LEFT JOIN ".TABLE_PREFIX."users u ON (p.uid=u.uid) 1297 WHERE pid IN ($pidin) 1298 ORDER BY dateline DESC, pid DESC 1299 "); 1300 $postsdone = 0; 1301 $altbg = "trow1"; 1302 $reviewbits = ''; 1303 while($post = $db->fetch_array($query)) 1304 { 1305 if($post['userusername']) 1306 { 1307 $post['username'] = $post['userusername']; 1308 } 1309 $reviewpostdate = my_date('relative', $post['dateline']); 1310 $parser_options = array( 1311 "allow_html" => $forum['allowhtml'], 1312 "allow_mycode" => $forum['allowmycode'], 1313 "allow_smilies" => $forum['allowsmilies'], 1314 "allow_imgcode" => $forum['allowimgcode'], 1315 "allow_videocode" => $forum['allowvideocode'], 1316 "me_username" => $post['username'], 1317 "filter_badwords" => 1 1318 ); 1319 if($post['smilieoff'] == 1) 1320 { 1321 $parser_options['allow_smilies'] = 0; 1322 } 1323 1324 if($mybb->user['uid'] != 0 && $mybb->user['showimages'] != 1 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0) 1325 { 1326 $parser_options['allow_imgcode'] = 0; 1327 } 1328 1329 if($mybb->user['uid'] != 0 && $mybb->user['showvideos'] != 1 || $mybb->settings['guestvideos'] != 1 && $mybb->user['uid'] == 0) 1330 { 1331 $parser_options['allow_videocode'] = 0; 1332 } 1333 1334 $post['username'] = htmlspecialchars_uni($post['username']); 1335 1336 if($post['visible'] != 1) 1337 { 1338 $altbg = "trow_shaded"; 1339 } 1340 1341 $plugins->run_hooks("newreply_threadreview_post"); 1342 1343 $post['message'] = $parser->parse_message($post['message'], $parser_options); 1344 get_post_attachments($post['pid'], $post); 1345 $reviewmessage = $post['message']; 1346 eval("\$reviewbits .= \"".$templates->get("newreply_threadreview_post")."\";"); 1347 if($altbg == "trow1") 1348 { 1349 $altbg = "trow2"; 1350 } 1351 else 1352 { 1353 $altbg = "trow1"; 1354 } 1355 } 1356 eval("\$threadreview = \"".$templates->get("newreply_threadreview")."\";"); 1357 } 1358 } 1359 1360 // Hide signature option if no permission 1361 $signature = ''; 1362 if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature']) 1363 { 1364 eval("\$signature = \"".$templates->get('newreply_signature')."\";"); 1365 } 1366 1367 // Can we disable smilies or are they disabled already? 1368 $disablesmilies = ''; 1369 if($forum['allowsmilies'] != 0) 1370 { 1371 eval("\$disablesmilies = \"".$templates->get("newreply_disablesmilies")."\";"); 1372 } 1373 1374 $postoptions = ''; 1375 if(!empty($signature) || !empty($disablesmilies)) 1376 { 1377 eval("\$postoptions = \"".$templates->get("newreply_postoptions")."\";"); 1378 $bgcolor = "trow2"; 1379 } 1380 else 1381 { 1382 $bgcolor = "trow1"; 1383 } 1384 1385 $modoptions = ''; 1386 // Show the moderator options. 1387 if(is_moderator($fid)) 1388 { 1389 if($mybb->get_input('processed', MyBB::INPUT_INT)) 1390 { 1391 $mybb->input['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY); 1392 if(!isset($mybb->input['modoptions']['closethread'])) 1393 { 1394 $mybb->input['modoptions']['closethread'] = 0; 1395 } 1396 $closed = (int)$mybb->input['modoptions']['closethread']; 1397 if(!isset($mybb->input['modoptions']['stickthread'])) 1398 { 1399 $mybb->input['modoptions']['stickthread'] = 0; 1400 } 1401 $stuck = (int)$mybb->input['modoptions']['stickthread']; 1402 } 1403 else 1404 { 1405 $closed = $thread['closed']; 1406 $stuck = $thread['sticky']; 1407 } 1408 1409 if($closed) 1410 { 1411 $closecheck = ' checked="checked"'; 1412 } 1413 else 1414 { 1415 $closecheck = ''; 1416 } 1417 1418 if($stuck) 1419 { 1420 $stickycheck = ' checked="checked"'; 1421 } 1422 else 1423 { 1424 $stickycheck = ''; 1425 } 1426 1427 $closeoption = ''; 1428 if(is_moderator($thread['fid'], "canopenclosethreads")) 1429 { 1430 eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";"); 1431 } 1432 1433 $stickoption = ''; 1434 if(is_moderator($thread['fid'], "canstickunstickthreads")) 1435 { 1436 eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";"); 1437 } 1438 1439 if(!empty($closeoption) || !empty($stickoption)) 1440 { 1441 eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";"); 1442 $bgcolor = "trow1"; 1443 } 1444 else 1445 { 1446 $bgcolor = "trow2"; 1447 } 1448 } 1449 else 1450 { 1451 $bgcolor = "trow2"; 1452 } 1453 1454 // Fetch subscription select box 1455 eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";"); 1456 1457 $lang->post_reply_to = $lang->sprintf($lang->post_reply_to, $thread['subject']); 1458 $lang->reply_to = $lang->sprintf($lang->reply_to, $thread['subject']); 1459 1460 // Do we have any forum rules to show for this forum? 1461 $forumrules = ''; 1462 if($forum['rulestype'] >= 2 && $forum['rules']) 1463 { 1464 if(!$forum['rulestitle']) 1465 { 1466 $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']); 1467 } 1468 1469 if(!$parser) 1470 { 1471 require_once MYBB_ROOT.'inc/class_parser.php'; 1472 $parser = new postParser; 1473 } 1474 1475 $rules_parser = array( 1476 "allow_html" => 1, 1477 "allow_mycode" => 1, 1478 "allow_smilies" => 1, 1479 "allow_imgcode" => 1 1480 ); 1481 1482 $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser); 1483 $foruminfo = $forum; 1484 1485 if($forum['rulestype'] == 3) 1486 { 1487 eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";"); 1488 } 1489 else if($forum['rulestype'] == 2) 1490 { 1491 eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";"); 1492 } 1493 } 1494 1495 $moderation_notice = ''; 1496 if(!is_moderator($forum['fid'], "canapproveunapproveattachs")) 1497 { 1498 if($forumpermissions['modattachments'] == 1 && $forumpermissions['canpostattachments'] != 0) 1499 { 1500 $moderation_text = $lang->moderation_forum_attachments; 1501 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 1502 } 1503 } 1504 if(!is_moderator($forum['fid'], "canapproveunapproveposts")) 1505 { 1506 if($forumpermissions['modposts'] == 1) 1507 { 1508 $moderation_text = $lang->moderation_forum_posts; 1509 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 1510 } 1511 1512 if($mybb->user['moderateposts'] == 1) 1513 { 1514 $moderation_text = $lang->moderation_user_posts; 1515 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 1516 } 1517 } 1518 1519 $php_max_upload_size = get_php_upload_limit(); 1520 $php_max_file_uploads = (int)ini_get('max_file_uploads'); 1521 eval("\$post_javascript = \"".$templates->get("post_javascript")."\";"); 1522 1523 $plugins->run_hooks("newreply_end"); 1524 1525 $forum['name'] = strip_tags($forum['name']); 1526 1527 eval("\$newreply = \"".$templates->get("newreply")."\";"); 1528 output_page($newreply); 1529 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |