| [ Index ] |
PHP Cross Reference of MyBB 1.8.39 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 define("IN_MYBB", 1); 12 define('THIS_SCRIPT', 'newreply.php'); 13 14 $templatelist = "newreply,previewpost,loginbox,changeuserbox,posticons,newreply_threadreview,newreply_threadreview_post,forumdisplay_rules_link,newreply_multiquote_external,post_attachments_add,post_subscription_method"; 15 $templatelist .= ",codebuttons,post_attachments_new,post_attachments,post_savedraftbutton,newreply_modoptions,newreply_threadreview_more,postbit_online,postbit_pm,newreply_disablesmilies_hidden,post_attachments_update"; 16 $templatelist .= ",postbit_warninglevel,postbit_author_user,postbit_edit,postbit_quickdelete,postbit_inlinecheck,postbit_posturl,postbit_quote,postbit_multiquote,newreply_modoptions_close,newreply_modoptions_stick"; 17 $templatelist .= ",post_attachments_attachment_postinsert,post_attachments_attachment_remove,post_attachments_attachment_unapproved,post_attachments_attachment,post_attachments_viewlink,postbit_attachments_attachment,newreply_signature"; 18 $templatelist .= ",post_captcha_recaptcha_invisible,post_captcha_hidden,post_captcha,post_captcha_nocaptcha,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_javascript,postbit_groupimage,postbit_attachments,newreply_postoptions"; 19 $templatelist .= ",postbit_rep_button,postbit_author_guest,postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnailpostbit_attachments_images_image,postbit_attachments_attachment_unapproved"; 20 $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_gotopost,forumdisplay_password_wrongpass,forumdisplay_password,posticons_icon,attachment_icon,postbit_reputation_formatted_link"; 21 $templatelist .= ",global_moderation_notice,newreply_disablesmilies,postbit_userstar,newreply_draftinput,postbit_avatar,forumdisplay_rules,postbit_offline,postbit_find,postbit_warninglevel_formatted,postbit_ignored"; 22 $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,postbit_reputation,postbit_www,postbit_away,postbit_icon,postbit_email,postbit_report,postbit,postbit_warn"; 23 24 require_once "./global.php"; 25 require_once MYBB_ROOT."inc/functions_post.php"; 26 require_once MYBB_ROOT."inc/functions_user.php"; 27 require_once MYBB_ROOT."inc/functions_upload.php"; 28 require_once MYBB_ROOT."inc/class_parser.php"; 29 $parser = new postParser; 30 31 // Load global language phrases 32 $lang->load("newreply"); 33 34 // Get the pid and tid and replyto from the input. 35 $tid = $mybb->get_input('tid', MyBB::INPUT_INT); 36 $replyto = $mybb->get_input('replyto', MyBB::INPUT_INT); 37 38 // AJAX quick reply? 39 if(!empty($mybb->input['ajax'])) 40 { 41 unset($mybb->input['previewpost']); 42 } 43 44 // Edit a draft post. 45 $pid = 0; 46 $editdraftpid = ''; 47 $mybb->input['action'] = $mybb->get_input('action'); 48 if(($mybb->input['action'] == "editdraft" || $mybb->input['action'] == "do_newreply") && $mybb->get_input('pid', MyBB::INPUT_INT)) 49 { 50 $pid = $mybb->get_input('pid', MyBB::INPUT_INT); 51 $post = get_post($pid); 52 if(!$post) 53 { 54 error($lang->error_invalidpost); 55 } 56 else if($mybb->user['uid'] != $post['uid']) 57 { 58 error($lang->error_post_noperms); 59 } 60 $pid = (int)$post['pid']; 61 $tid = (int)$post['tid']; 62 eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";"); 63 } 64 65 // Set up $thread and $forum for later use. 66 $thread = get_thread($tid); 67 if(!$thread) 68 { 69 error($lang->error_invalidthread); 70 } 71 $fid = (int)$thread['fid']; 72 73 // Get forum info 74 $forum = get_forum($fid); 75 if(!$forum) 76 { 77 error($lang->error_invalidforum); 78 } 79 80 // Make navigation 81 build_forum_breadcrumb($fid); 82 $thread_subject = $thread['subject']; 83 $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject'])); 84 add_breadcrumb($thread['subject'], get_thread_link($thread['tid'])); 85 add_breadcrumb($lang->nav_newreply); 86 87 $forumpermissions = forum_permissions($fid); 88 89 // See if everything is valid up to here. 90 if(isset($post) && (($post['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || ($post['visible'] < 0 && $post['uid'] != $mybb->user['uid']))) 91 { 92 if($post['visible'] == 0 && !($mybb->settings['showownunapproved'] && $post['uid'] == $mybb->user['uid'])) 93 { 94 error($lang->error_invalidpost); 95 } 96 } 97 if(($thread['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || $thread['visible'] < 0) 98 { 99 if($thread['visible'] == 0 && !($mybb->settings['showownunapproved'] && $thread['uid'] == $mybb->user['uid'])) 100 { 101 error($lang->error_invalidthread); 102 } 103 } 104 if($forum['open'] == 0 || $forum['type'] != "f") 105 { 106 error($lang->error_closedinvalidforum); 107 } 108 if($forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0) 109 { 110 error_no_permission(); 111 } 112 113 if($mybb->user['suspendposting'] == 1) 114 { 115 $suspendedpostingtype = $lang->error_suspendedposting_permanent; 116 if($mybb->user['suspensiontime']) 117 { 118 $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime'])); 119 } 120 121 $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime'])); 122 123 error($lang->error_suspendedposting); 124 } 125 126 if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid']) 127 { 128 error_no_permission(); 129 } 130 131 if(isset($forumpermissions['canonlyreplyownthreads']) && $forumpermissions['canonlyreplyownthreads'] == 1 && $thread['uid'] != $mybb->user['uid']) 132 { 133 error_no_permission(); 134 } 135 136 // Coming from quick reply and not a preview call? Set subscription method 137 if($mybb->get_input('method') == "quickreply" && !isset($mybb->input['previewpost'])) 138 { 139 $mybb->input['postoptions']['subscriptionmethod'] = get_subscription_method($mybb->get_input('tid', MyBB::INPUT_INT)); 140 } 141 142 // Check if this forum is password protected and we have a valid password 143 check_forum_password($forum['fid']); 144 145 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 146 { 147 $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']); 148 if($forum['allowsmilies'] != 0) 149 { 150 $smilieinserter = build_clickable_smilies(); 151 } 152 } 153 154 // Display a login box or change user box? 155 if($mybb->user['uid'] != 0) 156 { 157 $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']); 158 eval("\$loginbox = \"".$templates->get("changeuserbox")."\";"); 159 } 160 else 161 { 162 if(empty($mybb->input['previewpost']) && $mybb->input['action'] != "do_newreply") 163 { 164 $username = ''; 165 } 166 else 167 { 168 $username = htmlspecialchars_uni($mybb->get_input('username')); 169 } 170 eval("\$loginbox = \"".$templates->get("loginbox")."\";"); 171 } 172 173 // Check to see if the thread is closed, and if the user is a mod. 174 if(!is_moderator($fid, "canpostclosedthreads")) 175 { 176 if($thread['closed'] == 1) 177 { 178 error($lang->redirect_threadclosed); 179 } 180 } 181 182 // No weird actions allowed, show new reply form if no regular action. 183 if($mybb->input['action'] != "do_newreply" && $mybb->input['action'] != "editdraft") 184 { 185 $mybb->input['action'] = "newreply"; 186 } 187 188 // Even if we are previewing, still show the new reply form. 189 if(!empty($mybb->input['previewpost'])) 190 { 191 $mybb->input['action'] = "newreply"; 192 } 193 194 // Setup a unique posthash for attachment management 195 if(!$mybb->get_input('posthash') && !$pid) 196 { 197 $mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].random_str()); 198 } 199 200 if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1) 201 { 202 error($lang->error_empty_post_input); 203 } 204 205 $errors = array(); 206 $maximageserror = $attacherror = ''; 207 if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_newreply" && $mybb->get_input('submit')) || ($mybb->input['action'] == "newreply" && isset($mybb->input['previewpost'])) || isset($mybb->input['savedraft'])) && !empty($_FILES['attachments'])))) 208 { 209 // Verify incoming POST request 210 verify_post_check($mybb->get_input('my_post_key')); 211 212 if($pid) 213 { 214 $attachwhere = "pid='{$pid}'"; 215 } 216 else 217 { 218 $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'"; 219 } 220 221 $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newreply"); 222 223 if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1) 224 { 225 if(isset($ret['success'])) 226 { 227 $attachment = array('aid'=>'{1}', 'icon'=>'{2}', 'filename'=>'{3}', 'size'=>'{4}'); 228 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0) 229 { 230 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 231 } 232 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 233 $attach_mod_options = ''; 234 eval("\$attemplate = \"".$templates->get("post_attachments_attachment")."\";"); 235 $ret['template'] = $attemplate; 236 237 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 238 $usage = $db->fetch_array($query); 239 $ret['usage'] = get_friendly_size($usage['ausage']); 240 } 241 242 header("Content-type: application/json; charset={$lang->settings['charset']}"); 243 echo json_encode($ret); 244 exit(); 245 } 246 247 if(!empty($ret['errors'])) 248 { 249 $errors = $ret['errors']; 250 } 251 252 // If we were dealing with an attachment but didn't click 'Post Reply' or 'Save as Draft', force the new reply page again. 253 if(!$mybb->get_input('submit') && !$mybb->get_input('savedraft')) 254 { 255 eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";"); 256 $mybb->input['action'] = "newreply"; 257 } 258 } 259 260 detect_attachmentact(); 261 262 // Remove an attachment. 263 if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove") 264 { 265 // Verify incoming POST request 266 verify_post_check($mybb->get_input('my_post_key')); 267 268 remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT)); 269 270 if(!$mybb->get_input('submit')) 271 { 272 eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";"); 273 $mybb->input['action'] = "newreply"; 274 } 275 276 if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1) 277 { 278 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 279 $usage = $db->fetch_array($query); 280 281 header("Content-type: application/json; charset={$lang->settings['charset']}"); 282 echo json_encode(array("success" => true, "usage" => get_friendly_size($usage['ausage']))); 283 exit(); 284 } 285 } 286 287 $reply_errors = $quoted_ids = ''; 288 $hide_captcha = false; 289 290 // Check the maximum posts per day for this user 291 if($mybb->usergroup['maxposts'] > 0) 292 { 293 $daycut = TIME_NOW-60*60*24; 294 $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible !='-1' AND dateline>{$daycut}"); 295 $post_count = $db->fetch_field($query, "posts_today"); 296 if($post_count >= $mybb->usergroup['maxposts']) 297 { 298 $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']); 299 error($lang->error_maxposts); 300 } 301 } 302 303 if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1) 304 { 305 $mybb->settings['postsperpage'] = 20; 306 } 307 308 if($mybb->input['action'] == "do_newreply" && $mybb->request_method == "post") 309 { 310 // Verify incoming POST request 311 verify_post_check($mybb->get_input('my_post_key')); 312 313 $plugins->run_hooks("newreply_do_newreply_start"); 314 315 // If this isn't a logged in user, then we need to do some special validation. 316 if($mybb->user['uid'] == 0) 317 { 318 // If they didn't specify a username leave blank so $lang->guest can be used on output 319 if(!$mybb->get_input('username')) 320 { 321 $username = ''; 322 } 323 // Otherwise use the name they specified. 324 else 325 { 326 $username = $mybb->get_input('username'); 327 } 328 $uid = 0; 329 330 331 if($mybb->settings['stopforumspam_on_newreply']) 332 { 333 require_once MYBB_ROOT . '/inc/class_stopforumspamchecker.php'; 334 335 $stop_forum_spam_checker = new StopForumSpamChecker( 336 $plugins, 337 $mybb->settings['stopforumspam_min_weighting_before_spam'], 338 $mybb->settings['stopforumspam_check_usernames'], 339 $mybb->settings['stopforumspam_check_emails'], 340 $mybb->settings['stopforumspam_check_ips'], 341 $mybb->settings['stopforumspam_log_blocks'] 342 ); 343 344 try { 345 if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip())) 346 { 347 error($lang->sprintf($lang->error_stop_forum_spam_spammer, 348 $stop_forum_spam_checker->getErrorText(array( 349 'stopforumspam_check_usernames', 350 'stopforumspam_check_ips' 351 )))); 352 } 353 } 354 catch (Exception $e) 355 { 356 if($mybb->settings['stopforumspam_block_on_error']) 357 { 358 error($lang->error_stop_forum_spam_fetching); 359 } 360 } 361 } 362 } 363 // This user is logged in. 364 else 365 { 366 $username = $mybb->user['username']; 367 $uid = $mybb->user['uid']; 368 } 369 370 // Attempt to see if this post is a duplicate or not 371 if($uid > 0) 372 { 373 $user_check = "p.uid='{$uid}'"; 374 } 375 else 376 { 377 $user_check = "p.ipaddress=".$db->escape_binary($session->packedip); 378 } 379 if(!$mybb->get_input('savedraft')) 380 { 381 $query = $db->simple_select("posts p", "p.pid, p.visible", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.visible > -1 AND p.dateline>".(TIME_NOW-600)); 382 if($db->num_rows($query) > 0) 383 { 384 error($lang->error_post_already_submitted); 385 } 386 } 387 388 // Set up posthandler. 389 require_once MYBB_ROOT."inc/datahandlers/post.php"; 390 $posthandler = new PostDataHandler("insert"); 391 392 // Set the post data that came from the input to the $post array. 393 $post = array( 394 "tid" => $mybb->get_input('tid', MyBB::INPUT_INT), 395 "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT), 396 "fid" => $thread['fid'], 397 "subject" => $mybb->get_input('subject'), 398 "icon" => $mybb->get_input('icon', MyBB::INPUT_INT), 399 "uid" => $uid, 400 "username" => $username, 401 "message" => $mybb->get_input('message'), 402 "ipaddress" => $session->packedip, 403 "posthash" => $mybb->get_input('posthash') 404 ); 405 406 if(isset($mybb->input['pid'])) 407 { 408 $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT); 409 } 410 411 // Are we saving a draft post? 412 if($mybb->get_input('savedraft') && $mybb->user['uid']) 413 { 414 $post['savedraft'] = 1; 415 } 416 else 417 { 418 $post['savedraft'] = 0; 419 } 420 421 $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 422 if(!isset($postoptions['signature'])) 423 { 424 $postoptions['signature'] = 0; 425 } 426 if(!isset($postoptions['subscriptionmethod'])) 427 { 428 $postoptions['subscriptionmethod'] = 0; 429 } 430 if(!isset($postoptions['disablesmilies'])) 431 { 432 $postoptions['disablesmilies'] = 0; 433 } 434 435 // Set up the post options from the input. 436 $post['options'] = array( 437 "signature" => $postoptions['signature'], 438 "subscriptionmethod" => $postoptions['subscriptionmethod'], 439 "disablesmilies" => $postoptions['disablesmilies'] 440 ); 441 442 // Apply moderation options if we have them 443 $post['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY); 444 445 $posthandler->set_data($post); 446 447 // Now let the post handler do all the hard work. 448 $valid_post = $posthandler->validate_post(); 449 450 $post_errors = array(); 451 // Fetch friendly error messages if this is an invalid post 452 if(!$valid_post) 453 { 454 $post_errors = $posthandler->get_friendly_errors(); 455 } 456 457 // Mark thread as read 458 require_once MYBB_ROOT."inc/functions_indicators.php"; 459 mark_thread_read($tid, $fid); 460 461 $json_data = ''; 462 463 // Check captcha image 464 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 465 { 466 require_once MYBB_ROOT.'inc/class_captcha.php'; 467 $post_captcha = new captcha(false, "post_captcha"); 468 469 if($post_captcha->validate_captcha() == false) 470 { 471 // CAPTCHA validation failed 472 foreach($post_captcha->get_errors() as $error) 473 { 474 $post_errors[] = $error; 475 } 476 } 477 else 478 { 479 $hide_captcha = true; 480 } 481 482 if($mybb->get_input('ajax', MyBB::INPUT_INT) && $post_captcha->type == 1) 483 { 484 $randomstr = random_str(5); 485 $imagehash = md5(random_str(12)); 486 487 $imagearray = array( 488 "imagehash" => $imagehash, 489 "imagestring" => $randomstr, 490 "dateline" => TIME_NOW 491 ); 492 493 $db->insert_query("captcha", $imagearray); 494 495 //header("Content-type: text/html; charset={$lang->settings['charset']}"); 496 $data = ''; 497 $data .= "<captcha>$imagehash"; 498 499 if($hide_captcha) 500 { 501 $data .= "|$randomstr"; 502 } 503 504 $data .= "</captcha>"; 505 506 //header("Content-type: application/json; charset={$lang->settings['charset']}"); 507 $json_data = array("data" => $data); 508 } 509 } 510 511 // One or more errors returned, fetch error list and throw to newreply page 512 if(count($post_errors) > 0) 513 { 514 $reply_errors = inline_error($post_errors, '', $json_data); 515 $mybb->input['action'] = "newreply"; 516 } 517 else 518 { 519 $postinfo = $posthandler->insert_post(); 520 $pid = $postinfo['pid']; 521 $visible = $postinfo['visible']; 522 523 if(isset($postinfo['closed'])) 524 { 525 $closed = $postinfo['closed']; 526 } 527 else 528 { 529 $closed = ''; 530 } 531 532 // Invalidate solved captcha 533 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 534 { 535 $post_captcha->invalidate_captcha(); 536 } 537 538 $force_redirect = false; 539 540 // Deciding the fate 541 if($visible == -2) 542 { 543 // Draft post 544 $lang->redirect_newreply = $lang->draft_saved; 545 $url = "usercp.php?action=drafts"; 546 } 547 elseif($visible == 1) 548 { 549 // Visible post 550 $lang->redirect_newreply .= $lang->redirect_newreply_post; 551 $url = get_post_link($pid, $tid)."#pid{$pid}"; 552 } 553 else 554 { 555 // Moderated post 556 $lang->redirect_newreply .= '<br />'.$lang->redirect_newreply_moderation; 557 $url = get_thread_link($tid); 558 559 // User must see moderation notice, regardless of redirect settings 560 $force_redirect = true; 561 } 562 563 // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected 564 if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0) 565 { 566 // We quoted all posts - remove the entire cookie 567 if($mybb->get_input('quoted_ids') == "all") 568 { 569 my_unsetcookie("multiquote"); 570 } 571 // Only quoted a few - attempt to remove them from the cookie 572 else 573 { 574 $quoted_ids = explode("|", $mybb->get_input('quoted_ids')); 575 $multiquote = explode("|", $mybb->cookies['multiquote']); 576 if(!empty($multiquote) && !empty($quoted_ids)) 577 { 578 foreach($multiquote as $key => $quoteid) 579 { 580 // If this ID was quoted, remove it from the multiquote list 581 if(in_array($quoteid, $quoted_ids)) 582 { 583 unset($multiquote[$key]); 584 } 585 } 586 // Still have an array - set the new cookie 587 if(!empty($multiquote)) 588 { 589 $new_multiquote = implode(",", $multiquote); 590 my_setcookie("multiquote", $new_multiquote); 591 } 592 // Otherwise, unset it 593 else 594 { 595 my_unsetcookie("multiquote"); 596 } 597 } 598 } 599 } 600 601 $plugins->run_hooks("newreply_do_newreply_end"); 602 603 // This was a post made via the ajax quick reply - we need to do some special things here 604 if($mybb->get_input('ajax', MyBB::INPUT_INT)) 605 { 606 // Visible post 607 if($visible == 1) 608 { 609 // Set post counter 610 $postcounter = $thread['replies'] + 1; 611 612 if(is_moderator($fid, "canviewunapprove")) 613 { 614 $postcounter += $thread['unapprovedposts']; 615 } 616 if(is_moderator($fid, "canviewdeleted")) 617 { 618 $postcounter += $thread['deletedposts']; 619 } 620 621 // Was there a new post since we hit the quick reply button? 622 if($mybb->get_input('lastpid', MyBB::INPUT_INT)) 623 { 624 $query = $db->simple_select("posts", "pid", "tid = '{$tid}' AND pid != '{$pid}'", array("order_by" => "pid", "order_dir" => "desc")); 625 $new_post = $db->fetch_array($query); 626 if($new_post['pid'] != $mybb->get_input('lastpid', MyBB::INPUT_INT)) 627 { 628 redirect(get_thread_link($tid, 0, "lastpost")); 629 } 630 } 631 632 // Lets see if this post is on the same page as the one we're viewing or not 633 // if it isn't, redirect us 634 if($mybb->settings['postsperpage'] > 0) 635 { 636 $post_page = ceil(($postcounter + 1) / $mybb->settings['postsperpage']); 637 } 638 else 639 { 640 $post_page = 1; 641 } 642 643 if($post_page > $mybb->get_input('from_page', MyBB::INPUT_INT)) 644 { 645 redirect(get_thread_link($tid, 0, "lastpost")); 646 exit; 647 } 648 649 // Return the post HTML and display it inline 650 $query = $db->query(" 651 SELECT u.*, u.username AS userusername, p.*, f.*, eu.username AS editusername 652 FROM ".TABLE_PREFIX."posts p 653 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 654 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 655 LEFT JOIN ".TABLE_PREFIX."users eu ON (eu.uid=p.edituid) 656 WHERE p.pid='{$pid}' 657 "); 658 $post = $db->fetch_array($query); 659 660 // Now lets fetch all of the attachments for this post 661 $query = $db->simple_select("attachments", "*", "pid='{$pid}'"); 662 while($attachment = $db->fetch_array($query)) 663 { 664 $attachcache[$attachment['pid']][$attachment['aid']] = $attachment; 665 } 666 667 // Establish altbg - may seem like this is backwards, but build_postbit reverses it 668 if(($postcounter - $mybb->settings['postsperpage']) % 2 != 0) 669 { 670 $altbg = "trow1"; 671 } 672 else 673 { 674 $altbg = "trow2"; 675 } 676 677 $charset = "UTF-8"; 678 if($lang->settings['charset']) 679 { 680 $charset = $lang->settings['charset']; 681 } 682 683 require_once MYBB_ROOT."inc/functions_post.php"; 684 $pid = $post['pid']; 685 $post = build_postbit($post); 686 687 $data = ''; 688 $data .= $post; 689 690 // Build a new posthash incase the user wishes to quick reply again 691 $new_posthash = md5($mybb->user['uid'].random_str()); 692 $data .= "<script type=\"text/javascript\">\n"; 693 $data .= "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n"; 694 $data .= "if(typeof(inlineModeration) != 'undefined') { 695 $('#inlinemod_{$pid}').on(\"click\", function(e) { 696 inlineModeration.checkItem(); 697 }); 698 }\n"; 699 700 if($closed == 1) 701 { 702 $data .= "$('#quick_reply_form .trow1').removeClass('trow1 trow2').addClass('trow_shaded');\n"; 703 } 704 else 705 { 706 $data .= "$('#quick_reply_form .trow_shaded').removeClass('trow_shaded').addClass('trow1');\n"; 707 } 708 709 $data .= "</script>\n"; 710 711 header("Content-type: application/json; charset={$lang->settings['charset']}"); 712 echo json_encode(array("data" => $data)); 713 714 exit; 715 } 716 // Post is in the moderation queue 717 else 718 { 719 redirect(get_thread_link($tid, 0, "lastpost"), $lang->redirect_newreply_moderation, "", true); 720 exit; 721 } 722 } 723 else 724 { 725 $lang->redirect_newreply .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid)); 726 redirect($url, $lang->redirect_newreply, "", $force_redirect); 727 exit; 728 } 729 } 730 } 731 732 // Show the newreply form. 733 if($mybb->input['action'] == "newreply" || $mybb->input['action'] == "editdraft") 734 { 735 $plugins->run_hooks("newreply_start"); 736 737 $quote_ids = $multiquote_external = ''; 738 // If this isn't a preview and we're not editing a draft, then handle quoted posts 739 if(empty($mybb->input['previewpost']) && !$reply_errors && $mybb->input['action'] != "editdraft" && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && !$mybb->get_input('newattachment') && !$mybb->get_input('updateattachment')) 740 { 741 $message = ''; 742 $quoted_posts = array(); 743 // Handle multiquote 744 if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0) 745 { 746 $multiquoted = explode("|", $mybb->cookies['multiquote']); 747 foreach($multiquoted as $post) 748 { 749 $quoted_posts[$post] = (int)$post; 750 } 751 } 752 // Handle incoming 'quote' button 753 if($replyto) 754 { 755 $quoted_posts[$replyto] = $replyto; 756 } 757 758 // Quoting more than one post - fetch them 759 if(count($quoted_posts) > 0) 760 { 761 $external_quotes = 0; 762 $quoted_posts = implode(",", $quoted_posts); 763 $quoted_ids = array(); 764 $unviewable_forums = get_unviewable_forums(); 765 $inactiveforums = get_inactive_forums(); 766 if($unviewable_forums) 767 { 768 $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})"; 769 } 770 if($inactiveforums) 771 { 772 $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})"; 773 } 774 775 // Check group permissions if we can't view threads not started by us 776 $group_permissions = forum_permissions(); 777 $onlyusfids = array(); 778 $onlyusforums = ''; 779 foreach($group_permissions as $gpfid => $forum_permissions) 780 { 781 if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1) 782 { 783 $onlyusfids[] = $gpfid; 784 } 785 } 786 if(!empty($onlyusfids)) 787 { 788 $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))"; 789 } 790 791 if(is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted')) 792 { 793 $visible_where = "AND p.visible IN (-1,0,1)"; 794 } 795 elseif(is_moderator($fid, 'canviewunapprove') && !is_moderator($fid, 'canviewdeleted')) 796 { 797 $visible_where = "AND p.visible IN (0,1)"; 798 } 799 elseif(!is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted')) 800 { 801 $visible_where = "AND p.visible IN (-1,1)"; 802 } 803 else 804 { 805 $visible_where = "AND p.visible=1"; 806 } 807 808 require_once MYBB_ROOT."inc/functions_posting.php"; 809 $query = $db->query(" 810 SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername 811 FROM ".TABLE_PREFIX."posts p 812 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 813 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 814 WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where} 815 "); 816 $load_all = $mybb->get_input('load_all_quotes', MyBB::INPUT_INT); 817 while($quoted_post = $db->fetch_array($query)) 818 { 819 // Only show messages for the current thread 820 if($quoted_post['tid'] == $tid || $load_all == 1) 821 { 822 // If this post was the post for which a quote button was clicked, set the subject 823 if($replyto == $quoted_post['pid']) 824 { 825 $subject = preg_replace('#^RE:\s?#i', '', $quoted_post['subject']); 826 // Subject too long? Shorten it to avoid error message 827 if(my_strlen($subject) > 85) 828 { 829 $subject = my_substr($subject, 0, 82).'...'; 830 } 831 $subject = "RE: ".$subject; 832 } 833 $message .= parse_quoted_message($quoted_post); 834 $quoted_ids[] = $quoted_post['pid']; 835 } 836 // Count the rest 837 else 838 { 839 ++$external_quotes; 840 } 841 } 842 if($mybb->settings['maxquotedepth'] != '0') 843 { 844 $message = remove_message_quotes($message); 845 } 846 if($external_quotes > 0) 847 { 848 if($external_quotes == 1) 849 { 850 $multiquote_text = $lang->multiquote_external_one; 851 $multiquote_deselect = $lang->multiquote_external_one_deselect; 852 $multiquote_quote = $lang->multiquote_external_one_quote; 853 } 854 else 855 { 856 $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes); 857 $multiquote_deselect = $lang->multiquote_external_deselect; 858 $multiquote_quote = $lang->multiquote_external_quote; 859 } 860 eval("\$multiquote_external = \"".$templates->get("newreply_multiquote_external")."\";"); 861 } 862 $quoted_ids = implode("|", $quoted_ids); 863 } 864 } 865 866 if(isset($mybb->input['quoted_ids'])) 867 { 868 $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids')); 869 } 870 871 if(isset($mybb->input['previewpost'])) 872 { 873 $previewmessage = $mybb->get_input('message'); 874 } 875 if(empty($message)) 876 { 877 $message = $mybb->get_input('message'); 878 } 879 $message = htmlspecialchars_uni($message); 880 881 $postoptionschecked = array('signature' => '', 'disablesmilies' => ''); 882 $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = ''; 883 884 // Set up the post options. 885 if(!empty($mybb->input['previewpost']) || $reply_errors != '') 886 { 887 $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 888 889 if(isset($postoptions['signature']) && $postoptions['signature'] == 1) 890 { 891 $postoptionschecked['signature'] = " checked=\"checked\""; 892 } 893 if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1) 894 { 895 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 896 } 897 $subscription_method = get_subscription_method($tid, $postoptions); 898 $subject = $mybb->input['subject']; 899 } 900 elseif($mybb->input['action'] == "editdraft" && $mybb->user['uid']) 901 { 902 $message = htmlspecialchars_uni($post['message']); 903 $subject = $post['subject']; 904 if($post['includesig'] != 0) 905 { 906 $postoptionschecked['signature'] = " checked=\"checked\""; 907 } 908 if($post['smilieoff'] == 1) 909 { 910 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 911 } 912 $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts 913 $mybb->input['icon'] = $post['icon']; 914 } 915 else 916 { 917 if($mybb->user['signature'] != '') 918 { 919 $postoptionschecked['signature'] = " checked=\"checked\""; 920 } 921 $subscription_method = get_subscription_method($tid); 922 } 923 ${$subscription_method.'subscribe'} = "checked=\"checked\" "; 924 925 $posticons = ''; 926 if($forum['allowpicons'] != 0) 927 { 928 $posticons = get_post_icons(); 929 } 930 931 // No subject? 932 if(!isset($subject)) 933 { 934 if(!empty($mybb->input['subject'])) 935 { 936 $subject = $mybb->get_input('subject'); 937 } 938 else 939 { 940 $subject = $thread_subject; 941 // Subject too long? Shorten it to avoid error message 942 if(my_strlen($subject) > 85) 943 { 944 $subject = my_substr($subject, 0, 82).'...'; 945 } 946 $subject = "RE: ".$subject; 947 } 948 } 949 950 // Preview a post that was written. 951 $preview = ''; 952 if(!empty($mybb->input['previewpost'])) 953 { 954 // If this isn't a logged in user, then we need to do some special validation. 955 if($mybb->user['uid'] == 0) 956 { 957 // If they didn't specify a username leave blank so $lang->guest can be used on output 958 if(!$mybb->get_input('username')) 959 { 960 $username = ''; 961 } 962 // Otherwise use the name they specified. 963 else 964 { 965 $username = $mybb->get_input('username'); 966 } 967 $uid = 0; 968 } 969 // This user is logged in. 970 else 971 { 972 $username = $mybb->user['username']; 973 $uid = $mybb->user['uid']; 974 } 975 976 // Set up posthandler. 977 require_once MYBB_ROOT."inc/datahandlers/post.php"; 978 $posthandler = new PostDataHandler("insert"); 979 $posthandler->action = "post"; 980 981 // Set the post data that came from the input to the $post array. 982 $post = array( 983 "tid" => $mybb->get_input('tid', MyBB::INPUT_INT), 984 "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT), 985 "fid" => $thread['fid'], 986 "subject" => $mybb->get_input('subject'), 987 "icon" => $mybb->get_input('icon', MyBB::INPUT_INT), 988 "uid" => $uid, 989 "username" => $username, 990 "message" => $mybb->get_input('message'), 991 "ipaddress" => $session->packedip, 992 "posthash" => $mybb->get_input('posthash') 993 ); 994 995 if(isset($mybb->input['pid'])) 996 { 997 $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT); 998 } 999 1000 $posthandler->set_data($post); 1001 1002 // Now let the post handler do all the hard work. 1003 $valid_post = $posthandler->verify_message(); 1004 $valid_subject = $posthandler->verify_subject(); 1005 1006 // guest post --> verify author 1007 if($post['uid'] == 0) 1008 { 1009 $valid_username = $posthandler->verify_author(); 1010 } 1011 else 1012 { 1013 $valid_username = true; 1014 } 1015 1016 $post_errors = array(); 1017 // Fetch friendly error messages if this is an invalid post 1018 if(!$valid_post || !$valid_subject || !$valid_username) 1019 { 1020 $post_errors = $posthandler->get_friendly_errors(); 1021 } 1022 1023 // One or more errors returned, fetch error list and throw to newreply page 1024 if(count($post_errors) > 0) 1025 { 1026 $reply_errors = inline_error($post_errors); 1027 } 1028 else 1029 { 1030 $quote_ids = htmlspecialchars_uni($mybb->get_input('quote_ids')); 1031 $mybb->input['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT); 1032 $query = $db->query(" 1033 SELECT u.*, f.* 1034 FROM ".TABLE_PREFIX."users u 1035 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 1036 WHERE u.uid='".$mybb->user['uid']."' 1037 "); 1038 $post = $db->fetch_array($query); 1039 $post['username'] = $username; 1040 if($mybb->user['uid']) 1041 { 1042 $post['userusername'] = $mybb->user['username']; 1043 } 1044 $post['message'] = $previewmessage; 1045 $post['subject'] = $subject; 1046 $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT); 1047 $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 1048 if(isset($mybb->input['postoptions']['disablesmilies'])) 1049 { 1050 $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies']; 1051 } 1052 $post['dateline'] = TIME_NOW; 1053 if(isset($mybb->input['postoptions']['signature'])) 1054 { 1055 $post['includesig'] = $mybb->input['postoptions']['signature']; 1056 } 1057 if(!isset($post['includesig']) || $post['includesig'] != 1) 1058 { 1059 $post['includesig'] = 0; 1060 } 1061 1062 // Fetch attachments assigned to this post. 1063 if($mybb->get_input('pid', MyBB::INPUT_INT)) 1064 { 1065 $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'"; 1066 } 1067 else 1068 { 1069 $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'"; 1070 } 1071 1072 $query = $db->simple_select("attachments", "*", $attachwhere); 1073 while($attachment = $db->fetch_array($query)) 1074 { 1075 $attachcache[0][$attachment['aid']] = $attachment; 1076 } 1077 1078 $postbit = build_postbit($post, 1); 1079 eval("\$preview = \"".$templates->get("previewpost")."\";"); 1080 } 1081 } 1082 1083 $subject = htmlspecialchars_uni($parser->parse_badwords($subject)); 1084 1085 $posthash = htmlspecialchars_uni($mybb->get_input('posthash')); 1086 1087 // Do we have attachment errors? 1088 if(count($errors) > 0) 1089 { 1090 $reply_errors = inline_error($errors); 1091 } 1092 1093 // Get a listing of the current attachments. 1094 if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0) 1095 { 1096 $attachcount = 0; 1097 if($pid) 1098 { 1099 $attachwhere = "pid='$pid'"; 1100 } 1101 else 1102 { 1103 $attachwhere = "posthash='".$db->escape_string($posthash)."'"; 1104 } 1105 $attachments = ''; 1106 $query = $db->simple_select("attachments", "*", $attachwhere); 1107 while($attachment = $db->fetch_array($query)) 1108 { 1109 $attachment['size'] = get_friendly_size($attachment['filesize']); 1110 $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename'])); 1111 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 1112 1113 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 1114 { 1115 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 1116 } 1117 1118 $attach_mod_options = ''; 1119 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 1120 1121 if($attachment['visible'] != 1) 1122 { 1123 eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";"); 1124 } 1125 else 1126 { 1127 eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";"); 1128 } 1129 $attachcount++; 1130 } 1131 1132 $noshowattach = ''; 1133 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 1134 $usage = $db->fetch_array($query); 1135 1136 if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0) 1137 { 1138 $noshowattach = 1; 1139 } 1140 1141 if($mybb->usergroup['attachquota'] == 0) 1142 { 1143 $friendlyquota = $lang->unlimited; 1144 } 1145 else 1146 { 1147 $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024); 1148 } 1149 $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota); 1150 1151 $link_viewattachments = ''; 1152 if($usage['ausage'] !== NULL) 1153 { 1154 $friendlyusage = get_friendly_size($usage['ausage']); 1155 $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage); 1156 eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";"); 1157 } 1158 else 1159 { 1160 $lang->attach_usage = ""; 1161 } 1162 1163 $attach_add_options = ''; 1164 if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach) 1165 { 1166 eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";"); 1167 } 1168 1169 $attach_update_options = ''; 1170 if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0) 1171 { 1172 eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";"); 1173 } 1174 1175 if($attach_add_options || $attach_update_options) 1176 { 1177 eval("\$newattach = \"".$templates->get("post_attachments_new")."\";"); 1178 } 1179 1180 eval("\$attachbox = \"".$templates->get("post_attachments")."\";"); 1181 } 1182 else 1183 { 1184 $attachbox = ''; 1185 } 1186 1187 // If the user is logged in, provide a save draft button. 1188 $savedraftbutton = ''; 1189 if($mybb->user['uid']) 1190 { 1191 eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";"); 1192 } 1193 1194 // Show captcha image for guests if enabled 1195 $captcha = ''; 1196 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 1197 { 1198 $correct = false; 1199 require_once MYBB_ROOT.'inc/class_captcha.php'; 1200 $post_captcha = new captcha(false, "post_captcha"); 1201 1202 if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1) 1203 { 1204 // If previewing a post - check their current captcha input - if correct, hide the captcha input area 1205 // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits 1206 if($post_captcha->validate_captcha() == true) 1207 { 1208 $correct = true; 1209 1210 // Generate a hidden list of items for our captcha 1211 $captcha = $post_captcha->build_hidden_captcha(); 1212 } 1213 } 1214 1215 if(!$correct) 1216 { 1217 if($post_captcha->type == captcha::DEFAULT_CAPTCHA) 1218 { 1219 $post_captcha->build_captcha(); 1220 } 1221 elseif(in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3))) 1222 { 1223 $post_captcha->build_recaptcha(); 1224 } 1225 elseif(in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE))) 1226 { 1227 $post_captcha->build_hcaptcha(); 1228 } 1229 } 1230 else if($correct && (in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3)))) 1231 { 1232 $post_captcha->build_recaptcha(); 1233 } 1234 else if($correct && (in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE)))) 1235 { 1236 $post_captcha->build_hcaptcha(); 1237 } 1238 1239 if($post_captcha->html) 1240 { 1241 $captcha = $post_captcha->html; 1242 } 1243 } 1244 1245 $reviewmore = ''; 1246 $threadreview = ''; 1247 if($mybb->settings['threadreview'] != 0) 1248 { 1249 if(is_moderator($fid, "canviewunapprove") || $mybb->settings['showownunapproved']) 1250 { 1251 $visibility = "(visible='1' OR visible='0')"; 1252 } 1253 else 1254 { 1255 $visibility = "visible='1'"; 1256 } 1257 $query = $db->simple_select("posts", "COUNT(pid) AS post_count", "tid='{$tid}' AND {$visibility}"); 1258 $numposts = $db->fetch_field($query, "post_count"); 1259 1260 if($numposts > $mybb->settings['postsperpage']) 1261 { 1262 $numposts = $mybb->settings['postsperpage']; 1263 $lang->thread_review_more = $lang->sprintf($lang->thread_review_more, $mybb->settings['postsperpage'], get_thread_link($tid)); 1264 eval("\$reviewmore = \"".$templates->get("newreply_threadreview_more")."\";"); 1265 } 1266 1267 $pidin = array(); 1268 $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND {$visibility}", array("order_by" => "dateline DESC, pid DESC", "limit" => $mybb->settings['postsperpage'])); 1269 while($post = $db->fetch_array($query)) 1270 { 1271 $pidin[] = $post['pid']; 1272 } 1273 1274 if(!empty($pidin)) 1275 { 1276 $pidin = implode(",", $pidin); 1277 1278 // Fetch attachments 1279 $query = $db->simple_select("attachments", "*", "pid IN ($pidin)"); 1280 while($attachment = $db->fetch_array($query)) 1281 { 1282 $attachcache[$attachment['pid']][$attachment['aid']] = $attachment; 1283 } 1284 $query = $db->query(" 1285 SELECT p.*, u.username AS userusername 1286 FROM ".TABLE_PREFIX."posts p 1287 LEFT JOIN ".TABLE_PREFIX."users u ON (p.uid=u.uid) 1288 WHERE pid IN ($pidin) 1289 ORDER BY dateline DESC, pid DESC 1290 "); 1291 $postsdone = 0; 1292 $altbg = "trow1"; 1293 $reviewbits = ''; 1294 while($post = $db->fetch_array($query)) 1295 { 1296 if($post['userusername']) 1297 { 1298 $post['username'] = $post['userusername']; 1299 } 1300 $reviewpostdate = my_date('relative', $post['dateline']); 1301 $parser_options = array( 1302 "allow_html" => $forum['allowhtml'], 1303 "allow_mycode" => $forum['allowmycode'], 1304 "allow_smilies" => $forum['allowsmilies'], 1305 "allow_imgcode" => $forum['allowimgcode'], 1306 "allow_videocode" => $forum['allowvideocode'], 1307 "me_username" => $post['username'], 1308 "filter_badwords" => 1 1309 ); 1310 if($post['smilieoff'] == 1) 1311 { 1312 $parser_options['allow_smilies'] = 0; 1313 } 1314 1315 if($mybb->user['uid'] != 0 && $mybb->user['showimages'] != 1 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0) 1316 { 1317 $parser_options['allow_imgcode'] = 0; 1318 } 1319 1320 if($mybb->user['uid'] != 0 && $mybb->user['showvideos'] != 1 || $mybb->settings['guestvideos'] != 1 && $mybb->user['uid'] == 0) 1321 { 1322 $parser_options['allow_videocode'] = 0; 1323 } 1324 1325 $post['username'] = htmlspecialchars_uni($post['username']); 1326 1327 if($post['visible'] != 1) 1328 { 1329 $altbg = "trow_shaded"; 1330 } 1331 1332 $plugins->run_hooks("newreply_threadreview_post"); 1333 1334 $post['message'] = $parser->parse_message($post['message'], $parser_options); 1335 get_post_attachments($post['pid'], $post); 1336 $reviewmessage = $post['message']; 1337 eval("\$reviewbits .= \"".$templates->get("newreply_threadreview_post")."\";"); 1338 if($altbg == "trow1") 1339 { 1340 $altbg = "trow2"; 1341 } 1342 else 1343 { 1344 $altbg = "trow1"; 1345 } 1346 } 1347 eval("\$threadreview = \"".$templates->get("newreply_threadreview")."\";"); 1348 } 1349 } 1350 1351 // Hide signature option if no permission 1352 $signature = ''; 1353 if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature']) 1354 { 1355 eval("\$signature = \"".$templates->get('newreply_signature')."\";"); 1356 } 1357 1358 // Can we disable smilies or are they disabled already? 1359 $disablesmilies = ''; 1360 if($forum['allowsmilies'] != 0) 1361 { 1362 eval("\$disablesmilies = \"".$templates->get("newreply_disablesmilies")."\";"); 1363 } 1364 1365 $postoptions = ''; 1366 if(!empty($signature) || !empty($disablesmilies)) 1367 { 1368 eval("\$postoptions = \"".$templates->get("newreply_postoptions")."\";"); 1369 $bgcolor = "trow2"; 1370 } 1371 else 1372 { 1373 $bgcolor = "trow1"; 1374 } 1375 1376 $modoptions = ''; 1377 // Show the moderator options. 1378 if(is_moderator($fid)) 1379 { 1380 if($mybb->get_input('processed', MyBB::INPUT_INT)) 1381 { 1382 $mybb->input['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY); 1383 if(!isset($mybb->input['modoptions']['closethread'])) 1384 { 1385 $mybb->input['modoptions']['closethread'] = 0; 1386 } 1387 $closed = (int)$mybb->input['modoptions']['closethread']; 1388 if(!isset($mybb->input['modoptions']['stickthread'])) 1389 { 1390 $mybb->input['modoptions']['stickthread'] = 0; 1391 } 1392 $stuck = (int)$mybb->input['modoptions']['stickthread']; 1393 } 1394 else 1395 { 1396 $closed = $thread['closed']; 1397 $stuck = $thread['sticky']; 1398 } 1399 1400 if($closed) 1401 { 1402 $closecheck = ' checked="checked"'; 1403 } 1404 else 1405 { 1406 $closecheck = ''; 1407 } 1408 1409 if($stuck) 1410 { 1411 $stickycheck = ' checked="checked"'; 1412 } 1413 else 1414 { 1415 $stickycheck = ''; 1416 } 1417 1418 $closeoption = ''; 1419 if(is_moderator($thread['fid'], "canopenclosethreads")) 1420 { 1421 eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";"); 1422 } 1423 1424 $stickoption = ''; 1425 if(is_moderator($thread['fid'], "canstickunstickthreads")) 1426 { 1427 eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";"); 1428 } 1429 1430 if(!empty($closeoption) || !empty($stickoption)) 1431 { 1432 eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";"); 1433 $bgcolor = "trow1"; 1434 } 1435 else 1436 { 1437 $bgcolor = "trow2"; 1438 } 1439 } 1440 else 1441 { 1442 $bgcolor = "trow2"; 1443 } 1444 1445 // Fetch subscription select box 1446 eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";"); 1447 1448 $lang->post_reply_to = $lang->sprintf($lang->post_reply_to, $thread['subject']); 1449 $lang->reply_to = $lang->sprintf($lang->reply_to, $thread['subject']); 1450 1451 // Do we have any forum rules to show for this forum? 1452 $forumrules = ''; 1453 if($forum['rulestype'] >= 2 && $forum['rules']) 1454 { 1455 if(!$forum['rulestitle']) 1456 { 1457 $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']); 1458 } 1459 1460 if(!$parser) 1461 { 1462 require_once MYBB_ROOT.'inc/class_parser.php'; 1463 $parser = new postParser; 1464 } 1465 1466 $rules_parser = array( 1467 "allow_html" => 1, 1468 "allow_mycode" => 1, 1469 "allow_smilies" => 1, 1470 "allow_imgcode" => 1 1471 ); 1472 1473 $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser); 1474 $foruminfo = $forum; 1475 1476 if($forum['rulestype'] == 3) 1477 { 1478 eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";"); 1479 } 1480 else if($forum['rulestype'] == 2) 1481 { 1482 eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";"); 1483 } 1484 } 1485 1486 $moderation_notice = ''; 1487 if(!is_moderator($forum['fid'], "canapproveunapproveattachs")) 1488 { 1489 if($forumpermissions['modattachments'] == 1 && $forumpermissions['canpostattachments'] != 0) 1490 { 1491 $moderation_text = $lang->moderation_forum_attachments; 1492 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 1493 } 1494 } 1495 if(!is_moderator($forum['fid'], "canapproveunapproveposts")) 1496 { 1497 if($forumpermissions['modposts'] == 1) 1498 { 1499 $moderation_text = $lang->moderation_forum_posts; 1500 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 1501 } 1502 1503 if($mybb->user['moderateposts'] == 1) 1504 { 1505 $moderation_text = $lang->moderation_user_posts; 1506 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 1507 } 1508 } 1509 1510 $php_max_upload_size = get_php_upload_limit(); 1511 $php_max_file_uploads = (int)ini_get('max_file_uploads'); 1512 eval("\$post_javascript = \"".$templates->get("post_javascript")."\";"); 1513 1514 $plugins->run_hooks("newreply_end"); 1515 1516 $forum['name'] = strip_tags($forum['name']); 1517 1518 eval("\$newreply = \"".$templates->get("newreply")."\";"); 1519 output_page($newreply); 1520 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |