[ Index ]

PHP Cross Reference of MyBB 1.8.15

title

Body

[close]

/ -> newreply.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'newreply.php');
  13  
  14  $templatelist = "newreply,previewpost,loginbox,changeuserbox,posticons,newreply_threadreview,newreply_threadreview_post,forumdisplay_rules_link,newreply_multiquote_external,post_attachments_add,post_subscription_method";
  15  $templatelist .= ",codebuttons,post_attachments_new,post_attachments,post_savedraftbutton,newreply_modoptions,newreply_threadreview_more,postbit_online,postbit_pm,newreply_disablesmilies_hidden,post_attachments_update";
  16  $templatelist .= ",postbit_warninglevel,postbit_author_user,postbit_edit,postbit_quickdelete,postbit_inlinecheck,postbit_posturl,postbit_quote,postbit_multiquote,newreply_modoptions_close,newreply_modoptions_stick";
  17  $templatelist .= ",post_attachments_attachment_postinsert,post_attachments_attachment_remove,post_attachments_attachment_unapproved,post_attachments_attachment,postbit_attachments_attachment,newreply_signature";
  18  $templatelist .= ",post_captcha_recaptcha_invisible,post_captcha_hidden,post_captcha,post_captcha_recaptcha,post_captcha_nocaptcha,postbit_groupimage,postbit_attachments,newreply_postoptions";
  19  $templatelist .= ",postbit_rep_button,postbit_author_guest,postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnailpostbit_attachments_images_image,postbit_attachments_attachment_unapproved";
  20  $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_gotopost,forumdisplay_password_wrongpass,forumdisplay_password,posticons_icon,attachment_icon,postbit_reputation_formatted_link";
  21  $templatelist .= ",global_moderation_notice,newreply_disablesmilies,postbit_userstar,newreply_draftinput,postbit_avatar,forumdisplay_rules,postbit_offline,postbit_find,postbit_warninglevel_formatted,postbit_ignored";
  22  $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,postbit_reputation,postbit_www,postbit_away,postbit_icon,postbit_email,postbit_report,postbit,postbit_warn";
  23  
  24  require_once  "./global.php";
  25  require_once  MYBB_ROOT."inc/functions_post.php";
  26  require_once  MYBB_ROOT."inc/functions_user.php";
  27  require_once  MYBB_ROOT."inc/class_parser.php";
  28  $parser = new postParser;
  29  
  30  // Load global language phrases
  31  $lang->load("newreply");
  32  
  33  // Get the pid and tid and replyto from the input.
  34  $tid = $mybb->get_input('tid', MyBB::INPUT_INT);
  35  $replyto = $mybb->get_input('replyto', MyBB::INPUT_INT);
  36  
  37  // AJAX quick reply?
  38  if(!empty($mybb->input['ajax']))
  39  {
  40      unset($mybb->input['previewpost']);
  41  }
  42  
  43  // Edit a draft post.
  44  $pid = 0;
  45  $editdraftpid = '';
  46  $mybb->input['action'] = $mybb->get_input('action');
  47  if(($mybb->input['action'] == "editdraft" || $mybb->input['action'] == "do_newreply") && $mybb->get_input('pid', MyBB::INPUT_INT))
  48  {
  49      $pid = $mybb->get_input('pid', MyBB::INPUT_INT);
  50      $post = get_post($pid);
  51      if(!$post)
  52      {
  53          error($lang->error_invalidpost);
  54      }
  55      else if($mybb->user['uid'] != $post['uid'])
  56      {
  57          error($lang->error_post_noperms);
  58      }
  59      $pid = $post['pid'];
  60      $tid = $post['tid'];
  61      eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
  62  }
  63  
  64  // Set up $thread and $forum for later use.
  65  $thread = get_thread($tid);
  66  if(!$thread)
  67  {
  68      error($lang->error_invalidthread);
  69  }
  70  $fid = $thread['fid'];
  71  
  72  // Get forum info
  73  $forum = get_forum($fid);
  74  if(!$forum)
  75  {
  76      error($lang->error_invalidforum);
  77  }
  78  
  79  // Make navigation
  80  build_forum_breadcrumb($fid);
  81  $thread_subject = $thread['subject'];
  82  $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
  83  add_breadcrumb($thread['subject'], get_thread_link($thread['tid']));
  84  add_breadcrumb($lang->nav_newreply);
  85  
  86  $forumpermissions = forum_permissions($fid);
  87  
  88  // See if everything is valid up to here.
  89  if(isset($post) && (($post['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || ($post['visible'] < 0 && $post['uid'] != $mybb->user['uid'])))
  90  {
  91      error($lang->error_invalidpost);
  92  }
  93  if(($thread['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || $thread['visible'] < 0)
  94  {
  95      error($lang->error_invalidthread);
  96  }
  97  if($forum['open'] == 0 || $forum['type'] != "f")
  98  {
  99      error($lang->error_closedinvalidforum);
 100  }
 101  if($forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0)
 102  {
 103      error_no_permission();
 104  }
 105  
 106  if($mybb->user['suspendposting'] == 1)
 107  {
 108      $suspendedpostingtype = $lang->error_suspendedposting_permanent;
 109      if($mybb->user['suspensiontime'])
 110      {
 111          $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime']));
 112      }
 113  
 114      $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime']));
 115  
 116      error($lang->error_suspendedposting);
 117  }
 118  
 119  if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'])
 120  {
 121      error_no_permission();
 122  }
 123  
 124  if(isset($forumpermissions['canonlyreplyownthreads']) && $forumpermissions['canonlyreplyownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'])
 125  {
 126      error_no_permission();
 127  }
 128  
 129  // Coming from quick reply? Set some defaults
 130  if($mybb->get_input('method') == "quickreply")
 131  {
 132      if($mybb->user['subscriptionmethod'] == 1)
 133      {
 134          $mybb->input['postoptions']['subscriptionmethod'] = "none";
 135      }
 136      else if($mybb->user['subscriptionmethod'] == 2)
 137      {
 138          $mybb->input['postoptions']['subscriptionmethod'] = "email";
 139      }
 140      else if($mybb->user['subscriptionmethod'] == 3)
 141      {
 142          $mybb->input['postoptions']['subscriptionmethod'] = "pm";
 143      }
 144  }
 145  
 146  // Check if this forum is password protected and we have a valid password
 147  check_forum_password($forum['fid']);
 148  
 149  if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 150  {
 151      $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']);
 152      if($forum['allowsmilies'] != 0)
 153      {
 154          $smilieinserter = build_clickable_smilies();
 155      }
 156  }
 157  
 158  // Display a login box or change user box?
 159  if($mybb->user['uid'] != 0)
 160  {
 161      $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
 162      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
 163  }
 164  else
 165  {
 166      if(empty($mybb->input['previewpost']) && $mybb->input['action'] != "do_newreply")
 167      {
 168          $username = '';
 169      }
 170      else
 171      {
 172          $username = htmlspecialchars_uni($mybb->get_input('username'));
 173      }
 174      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
 175  }
 176  
 177  // Check to see if the thread is closed, and if the user is a mod.
 178  if(!is_moderator($fid, "canpostclosedthreads"))
 179  {
 180      if($thread['closed'] == 1)
 181      {
 182          error($lang->redirect_threadclosed);
 183      }
 184  }
 185  
 186  // No weird actions allowed, show new reply form if no regular action.
 187  if($mybb->input['action'] != "do_newreply" && $mybb->input['action'] != "editdraft")
 188  {
 189      $mybb->input['action'] = "newreply";
 190  }
 191  
 192  // Even if we are previewing, still show the new reply form.
 193  if(!empty($mybb->input['previewpost']))
 194  {
 195      $mybb->input['action'] = "newreply";
 196  }
 197  
 198  // Setup a unique posthash for attachment management
 199  if(!$mybb->get_input('posthash') && !$pid)
 200  {
 201      $mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].random_str());
 202  }
 203  
 204  if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1)
 205  {
 206      error($lang->error_cannot_upload_php_post);
 207  }
 208  
 209  $errors = array();
 210  $maximageserror = $attacherror = '';
 211  if($mybb->settings['enableattachments'] == 1 && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ($mybb->input['action'] == "do_newreply" && $mybb->get_input('submit') && $_FILES['attachment'])))
 212  {
 213      // Verify incoming POST request
 214      verify_post_check($mybb->get_input('my_post_key'));
 215  
 216      if($pid)
 217      {
 218          $attachwhere = "pid='{$pid}'";
 219      }
 220      else
 221      {
 222          $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 223      }
 224  
 225      // If there's an attachment, check it and upload it
 226      if($forumpermissions['canpostattachments'] != 0)
 227      {
 228          // If attachment exists..
 229          if(!empty($_FILES['attachment']['name']) && !empty($_FILES['attachment']['type']))
 230          {
 231              if($_FILES['attachment']['size'] > 0)
 232              {
 233                  $query = $db->simple_select("attachments", "aid", "filename='".$db->escape_string($_FILES['attachment']['name'])."' AND {$attachwhere}");
 234                  $updateattach = $db->fetch_field($query, "aid");
 235  
 236                  require_once  MYBB_ROOT."inc/functions_upload.php";
 237  
 238                  $update_attachment = false;
 239                  if($updateattach > 0 && $mybb->get_input('updateattachment'))
 240                  {
 241                      $update_attachment = true;
 242                  }
 243                  $attachedfile = upload_attachment($_FILES['attachment'], $update_attachment);
 244              }
 245              else
 246              {
 247                  $errors[] = $lang->error_uploadempty;
 248                  $mybb->input['action'] = "newreply";
 249              }
 250          }
 251      }
 252  
 253      if(!empty($attachedfile['error']))
 254      {
 255          $errors[] = $attachedfile['error'];
 256          $mybb->input['action'] = "newreply";
 257      }
 258  
 259      if(!$mybb->get_input('submit'))
 260      {
 261          eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
 262          $mybb->input['action'] = "newreply";
 263      }
 264  }
 265  
 266  // Remove an attachment.
 267  if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove")
 268  {
 269      // Verify incoming POST request
 270      verify_post_check($mybb->get_input('my_post_key'));
 271  
 272      require_once  MYBB_ROOT."inc/functions_upload.php";
 273      remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT));
 274      if(!$mybb->get_input('submit'))
 275      {
 276          eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
 277          $mybb->input['action'] = "newreply";
 278      }
 279  }
 280  
 281  $reply_errors = '';
 282  $quoted_ids = array();
 283  $hide_captcha = false;
 284  
 285  // Check the maximum posts per day for this user
 286  if($mybb->usergroup['maxposts'] > 0 && $mybb->usergroup['cancp'] != 1)
 287  {
 288      $daycut = TIME_NOW-60*60*24;
 289      $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible='1' AND dateline>{$daycut}");
 290      $post_count = $db->fetch_field($query, "posts_today");
 291      if($post_count >= $mybb->usergroup['maxposts'])
 292      {
 293          $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']);
 294          error($lang->error_maxposts);
 295      }
 296  }
 297  
 298  if($mybb->input['action'] == "do_newreply" && $mybb->request_method == "post")
 299  {
 300      // Verify incoming POST request
 301      verify_post_check($mybb->get_input('my_post_key'));
 302  
 303      $plugins->run_hooks("newreply_do_newreply_start");
 304  
 305      // If this isn't a logged in user, then we need to do some special validation.
 306      if($mybb->user['uid'] == 0)
 307      {
 308          // If they didn't specify a username leave blank so $lang->guest can be used on output
 309          if(!$mybb->get_input('username'))
 310          {
 311              $username = '';
 312          }
 313          // Otherwise use the name they specified.
 314          else
 315          {
 316              $username = $mybb->get_input('username');
 317          }
 318          $uid = 0;
 319  
 320  
 321          if($mybb->settings['stopforumspam_on_newreply'])
 322          {
 323              require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 324  
 325              $stop_forum_spam_checker = new StopForumSpamChecker(
 326                  $plugins,
 327                  $mybb->settings['stopforumspam_min_weighting_before_spam'],
 328                  $mybb->settings['stopforumspam_check_usernames'],
 329                  $mybb->settings['stopforumspam_check_emails'],
 330                  $mybb->settings['stopforumspam_check_ips'],
 331                  $mybb->settings['stopforumspam_log_blocks']
 332              );
 333  
 334              try {
 335                  if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip()))
 336                  {
 337                      error($lang->sprintf($lang->error_stop_forum_spam_spammer,
 338                          $stop_forum_spam_checker->getErrorText(array(
 339                              'stopforumspam_check_usernames',
 340                              'stopforumspam_check_ips'
 341                              ))));
 342                  }
 343              }
 344              catch (Exception $e)
 345              {
 346                  if($mybb->settings['stopforumspam_block_on_error'])
 347                  {
 348                      error($lang->error_stop_forum_spam_fetching);
 349                  }
 350              }
 351          }
 352      }
 353      // This user is logged in.
 354      else
 355      {
 356          $username = $mybb->user['username'];
 357          $uid = $mybb->user['uid'];
 358      }
 359  
 360      // Attempt to see if this post is a duplicate or not
 361      if($uid > 0)
 362      {
 363          $user_check = "p.uid='{$uid}'";
 364      }
 365      else
 366      {
 367          $user_check = "p.ipaddress=".$db->escape_binary($session->packedip);
 368      }
 369      if(!$mybb->get_input('savedraft'))
 370      {
 371          $query = $db->simple_select("posts p", "p.pid, p.visible", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.visible != '-2' AND p.dateline>".(TIME_NOW-600));
 372          $duplicate_check = $db->fetch_field($query, "pid");
 373          if($duplicate_check)
 374          {
 375              error($lang->error_post_already_submitted);
 376          }
 377      }
 378  
 379      // Set up posthandler.
 380      require_once  MYBB_ROOT."inc/datahandlers/post.php";
 381      $posthandler = new PostDataHandler("insert");
 382  
 383      // Set the post data that came from the input to the $post array.
 384      $post = array(
 385          "tid" => $mybb->get_input('tid', MyBB::INPUT_INT),
 386          "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT),
 387          "fid" => $thread['fid'],
 388          "subject" => $mybb->get_input('subject'),
 389          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 390          "uid" => $uid,
 391          "username" => $username,
 392          "message" => $mybb->get_input('message'),
 393          "ipaddress" => $session->packedip,
 394          "posthash" => $mybb->get_input('posthash')
 395      );
 396  
 397      if(isset($mybb->input['pid']))
 398      {
 399          $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
 400      }
 401  
 402      // Are we saving a draft post?
 403      if($mybb->get_input('savedraft') && $mybb->user['uid'])
 404      {
 405          $post['savedraft'] = 1;
 406      }
 407      else
 408      {
 409          $post['savedraft'] = 0;
 410      }
 411  
 412      $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 413      if(!isset($postoptions['signature']))
 414      {
 415          $postoptions['signature'] = 0;
 416      }
 417      if(!isset($postoptions['subscriptionmethod']))
 418      {
 419          $postoptions['subscriptionmethod'] = 0;
 420      }
 421      if(!isset($postoptions['disablesmilies']))
 422      {
 423          $postoptions['disablesmilies'] = 0;
 424      }
 425  
 426      // Set up the post options from the input.
 427      $post['options'] = array(
 428          "signature" => $postoptions['signature'],
 429          "subscriptionmethod" => $postoptions['subscriptionmethod'],
 430          "disablesmilies" => $postoptions['disablesmilies']
 431      );
 432  
 433      // Apply moderation options if we have them
 434      $post['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 435  
 436      $posthandler->set_data($post);
 437  
 438      // Now let the post handler do all the hard work.
 439      $valid_post = $posthandler->validate_post();
 440  
 441      $post_errors = array();
 442      // Fetch friendly error messages if this is an invalid post
 443      if(!$valid_post)
 444      {
 445          $post_errors = $posthandler->get_friendly_errors();
 446      }
 447  
 448      // Mark thread as read
 449      require_once  MYBB_ROOT."inc/functions_indicators.php";
 450      mark_thread_read($tid, $fid);
 451  
 452      // Check captcha image
 453      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 454      {
 455          require_once  MYBB_ROOT.'inc/class_captcha.php';
 456          $post_captcha = new captcha(false, "post_captcha");
 457  
 458          if($post_captcha->validate_captcha() == false)
 459          {
 460              // CAPTCHA validation failed
 461              foreach($post_captcha->get_errors() as $error)
 462              {
 463                  $post_errors[] = $error;
 464              }
 465          }
 466          else
 467          {
 468              $hide_captcha = true;
 469          }
 470  
 471          if($mybb->get_input('ajax', MyBB::INPUT_INT))
 472          {
 473              if($post_captcha->type == 1)
 474              {
 475                  $randomstr = random_str(5);
 476                  $imagehash = md5(random_str(12));
 477  
 478                  $imagearray = array(
 479                      "imagehash" => $imagehash,
 480                      "imagestring" => $randomstr,
 481                      "dateline" => TIME_NOW
 482                  );
 483  
 484                  $db->insert_query("captcha", $imagearray);
 485  
 486                  //header("Content-type: text/html; charset={$lang->settings['charset']}");
 487                  $data = '';
 488                  $data .= "<captcha>$imagehash";
 489  
 490                  if($hide_captcha)
 491                  {
 492                      $data .= "|$randomstr";
 493                  }
 494  
 495                  $data .= "</captcha>";
 496  
 497                  //header("Content-type: application/json; charset={$lang->settings['charset']}");
 498                  $json_data = array("data" => $data);
 499              }
 500              else if($post_captcha->type == 2)
 501              {
 502                  //header("Content-type: text/html; charset={$lang->settings['charset']}");
 503                  $data = "<captcha>reload</captcha>";
 504  
 505                  //header("Content-type: application/json; charset={$lang->settings['charset']}");
 506                  $json_data = array("data" => $data);
 507              }
 508          }
 509      }
 510  
 511      // One or more errors returned, fetch error list and throw to newreply page
 512      if(count($post_errors) > 0)
 513      {
 514          $reply_errors = inline_error($post_errors, '', $json_data);
 515          $mybb->input['action'] = "newreply";
 516      }
 517      else
 518      {
 519          $postinfo = $posthandler->insert_post();
 520          $pid = $postinfo['pid'];
 521          $visible = $postinfo['visible'];
 522          $closed = $postinfo['closed'];
 523  
 524          // Invalidate solved captcha
 525          if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 526          {
 527              $post_captcha->invalidate_captcha();
 528          }
 529  
 530          $force_redirect = false;
 531  
 532          // Deciding the fate
 533          if($visible == -2)
 534          {
 535              // Draft post
 536              $lang->redirect_newreply = $lang->draft_saved;
 537              $url = "usercp.php?action=drafts";
 538          }
 539          elseif($visible == 1)
 540          {
 541              // Visible post
 542              $lang->redirect_newreply .= $lang->redirect_newreply_post;
 543              $url = get_post_link($pid, $tid)."#pid{$pid}";
 544          }
 545          else
 546          {
 547              // Moderated post
 548              $lang->redirect_newreply .= '<br />'.$lang->redirect_newreply_moderation;
 549              $url = get_thread_link($tid);
 550  
 551              // User must see moderation notice, regardless of redirect settings
 552              $force_redirect = true;
 553          }
 554  
 555          // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected
 556          if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 557          {
 558              // We quoted all posts - remove the entire cookie
 559              if($mybb->get_input('quoted_ids') == "all")
 560              {
 561                  my_unsetcookie("multiquote");
 562              }
 563              // Only quoted a few - attempt to remove them from the cookie
 564              else
 565              {
 566                  $quoted_ids = explode("|", $mybb->get_input('quoted_ids'));
 567                  $multiquote = explode("|", $mybb->cookies['multiquote']);
 568                  if(is_array($multiquote) && is_array($quoted_ids))
 569                  {
 570                      foreach($multiquote as $key => $quoteid)
 571                      {
 572                          // If this ID was quoted, remove it from the multiquote list
 573                          if(in_array($quoteid, $quoted_ids))
 574                          {
 575                              unset($multiquote[$key]);
 576                          }
 577                      }
 578                      // Still have an array - set the new cookie
 579                      if(is_array($multiquote))
 580                      {
 581                          $new_multiquote = implode(",", $multiquote);
 582                          my_setcookie("multiquote", $new_multiquote);
 583                      }
 584                      // Otherwise, unset it
 585                      else
 586                      {
 587                          my_unsetcookie("multiquote");
 588                      }
 589                  }
 590              }
 591          }
 592  
 593          $plugins->run_hooks("newreply_do_newreply_end");
 594  
 595          // This was a post made via the ajax quick reply - we need to do some special things here
 596          if($mybb->get_input('ajax', MyBB::INPUT_INT))
 597          {
 598              // Visible post
 599              if($visible == 1)
 600              {
 601                  // Set post counter
 602                  $postcounter = $thread['replies'] + 1;
 603  
 604                  if(is_moderator($fid, "canviewunapprove"))
 605                  {
 606                      $postcounter += $thread['unapprovedposts'];
 607                  }
 608                  if(is_moderator($fid, "canviewdeleted"))
 609                  {
 610                      $postcounter += $thread['deletedposts'];
 611                  }
 612  
 613                  // Was there a new post since we hit the quick reply button?
 614                  if($mybb->get_input('lastpid', MyBB::INPUT_INT))
 615                  {
 616                      $query = $db->simple_select("posts", "pid", "tid = '{$tid}' AND pid != '{$pid}'", array("order_by" => "pid", "order_dir" => "desc"));
 617                      $new_post = $db->fetch_array($query);
 618                      if($new_post['pid'] != $mybb->get_input('lastpid', MyBB::INPUT_INT))
 619                      {
 620                          redirect(get_thread_link($tid, 0, "lastpost"));
 621                      }
 622                  }
 623  
 624                  if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
 625                  {
 626                      $mybb->settings['postsperpage'] = 20;
 627                  }
 628  
 629                  // Lets see if this post is on the same page as the one we're viewing or not
 630                  // if it isn't, redirect us
 631                  if($perpage > 0 && (($postcounter) % $perpage) == 0)
 632                  {
 633                      $post_page = ($postcounter) / $mybb->settings['postsperpage'];
 634                  }
 635                  else
 636                  {
 637                      $post_page = (int)($postcounter / $mybb->settings['postsperpage']) + 1;
 638                  }
 639  
 640                  if($post_page > $mybb->get_input('from_page', MyBB::INPUT_INT))
 641                  {
 642                      redirect(get_thread_link($tid, 0, "lastpost"));
 643                      exit;
 644                  }
 645  
 646                  // Return the post HTML and display it inline
 647                  $query = $db->query("
 648                      SELECT u.*, u.username AS userusername, p.*, f.*, eu.username AS editusername
 649                      FROM ".TABLE_PREFIX."posts p
 650                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 651                      LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 652                      LEFT JOIN ".TABLE_PREFIX."users eu ON (eu.uid=p.edituid)
 653                      WHERE p.pid='{$pid}'
 654                  ");
 655                  $post = $db->fetch_array($query);
 656  
 657                  // Now lets fetch all of the attachments for this post
 658                  $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
 659                  while($attachment = $db->fetch_array($query))
 660                  {
 661                      $attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
 662                  }
 663  
 664                  // Establish altbg - may seem like this is backwards, but build_postbit reverses it
 665                  if(($postcounter - $mybb->settings['postsperpage']) % 2 != 0)
 666                  {
 667                      $altbg = "trow1";
 668                  }
 669                  else
 670                  {
 671                      $altbg = "trow2";
 672                  }
 673  
 674                  $charset = "UTF-8";
 675                  if($lang->settings['charset'])
 676                  {
 677                      $charset = $lang->settings['charset'];
 678                  }
 679  
 680                  require_once  MYBB_ROOT."inc/functions_post.php";
 681                  $pid = $post['pid'];
 682                  $post = build_postbit($post);
 683  
 684                  $data = '';
 685                  $data .= $post;
 686  
 687                  // Build a new posthash incase the user wishes to quick reply again
 688                  $new_posthash = md5($mybb->user['uid'].random_str());
 689                  $data .= "<script type=\"text/javascript\">\n";
 690                  $data .= "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n";
 691                  $data .= "if(typeof(inlineModeration) != 'undefined') {
 692                      $('#inlinemod_{$pid}').bind(\"click\", function(e) {
 693                          inlineModeration.checkItem();
 694                      });
 695                  }\n";
 696  
 697                  if($closed == 1)
 698                  {
 699                      $data .= "$('#quick_reply_form .trow1').removeClass('trow1 trow2').addClass('trow_shaded');\n";
 700                  }
 701                  else
 702                  {
 703                      $data .= "$('#quick_reply_form .trow_shaded').removeClass('trow_shaded').addClass('trow1');\n";
 704                  }
 705  
 706                  $data .= "</script>\n";
 707  
 708                  header("Content-type: application/json; charset={$lang->settings['charset']}");
 709                  echo json_encode(array("data" => $data));
 710  
 711                  exit;
 712              }
 713              // Post is in the moderation queue
 714              else
 715              {
 716                  redirect(get_thread_link($tid, 0, "lastpost"), $lang->redirect_newreply_moderation, "", true);
 717                  exit;
 718              }
 719          }
 720          else
 721          {
 722              $lang->redirect_newreply .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid));
 723              redirect($url, $lang->redirect_newreply, "", $force_redirect);
 724              exit;
 725          }
 726      }
 727  }
 728  
 729  // Show the newreply form.
 730  if($mybb->input['action'] == "newreply" || $mybb->input['action'] == "editdraft")
 731  {
 732      $plugins->run_hooks("newreply_start");
 733  
 734      $quote_ids = $multiquote_external = '';
 735      // If this isn't a preview and we're not editing a draft, then handle quoted posts
 736      if(empty($mybb->input['previewpost']) && !$reply_errors && $mybb->input['action'] != "editdraft" && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && !$mybb->get_input('newattachment') && !$mybb->get_input('updateattachment') && !$mybb->get_input('rem'))
 737      {
 738          $message = '';
 739          $quoted_posts = array();
 740          // Handle multiquote
 741          if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 742          {
 743              $multiquoted = explode("|", $mybb->cookies['multiquote']);
 744              foreach($multiquoted as $post)
 745              {
 746                  $quoted_posts[$post] = (int)$post;
 747              }
 748          }
 749          // Handle incoming 'quote' button
 750          if($replyto)
 751          {
 752              $quoted_posts[$replyto] = $replyto;
 753          }
 754  
 755          // Quoting more than one post - fetch them
 756          if(count($quoted_posts) > 0)
 757          {
 758              $external_quotes = 0;
 759              $quoted_posts = implode(",", $quoted_posts);
 760              $unviewable_forums = get_unviewable_forums();
 761              $inactiveforums = get_inactive_forums();
 762              if($unviewable_forums)
 763              {
 764                  $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})";
 765              }
 766              if($inactiveforums)
 767              {
 768                  $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})";
 769              }
 770  
 771              // Check group permissions if we can't view threads not started by us
 772              $group_permissions = forum_permissions();
 773              $onlyusfids = array();
 774              $onlyusforums = '';
 775              foreach($group_permissions as $gpfid => $forum_permissions)
 776              {
 777                  if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 778                  {
 779                      $onlyusfids[] = $gpfid;
 780                  }
 781              }
 782              if(!empty($onlyusfids))
 783              {
 784                  $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 785              }
 786  
 787              if(is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted'))
 788              {
 789                  $visible_where = "AND p.visible IN (-1,0,1)";
 790              }
 791              elseif(is_moderator($fid, 'canviewunapprove') && !is_moderator($fid, 'canviewdeleted'))
 792              {
 793                  $visible_where = "AND p.visible IN (0,1)";
 794              }
 795              elseif(!is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted'))
 796              {
 797                  $visible_where = "AND p.visible IN (-1,1)";
 798              }
 799              else
 800              {
 801                  $visible_where = "AND p.visible=1";
 802              }
 803  
 804              require_once  MYBB_ROOT."inc/functions_posting.php";
 805              $query = $db->query("
 806                  SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername
 807                  FROM ".TABLE_PREFIX."posts p
 808                  LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 809                  LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 810                  WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 811              ");
 812              $load_all = $mybb->get_input('load_all_quotes', MyBB::INPUT_INT);
 813              while($quoted_post = $db->fetch_array($query))
 814              {
 815                  // Only show messages for the current thread
 816                  if($quoted_post['tid'] == $tid || $load_all == 1)
 817                  {
 818                      // If this post was the post for which a quote button was clicked, set the subject
 819                      if($replyto == $quoted_post['pid'])
 820                      {
 821                          $subject = preg_replace('#^RE:\s?#i', '', $quoted_post['subject']);
 822                          // Subject too long? Shorten it to avoid error message
 823                          if(my_strlen($subject) > 85)
 824                          {
 825                              $subject = my_substr($subject, 0, 82).'...';
 826                          }
 827                          $subject = "RE: ".$subject;
 828                      }
 829                      $message .= parse_quoted_message($quoted_post);
 830                      $quoted_ids[] = $quoted_post['pid'];
 831                  }
 832                  // Count the rest
 833                  else
 834                  {
 835                      ++$external_quotes;
 836                  }
 837              }
 838              if($mybb->settings['maxquotedepth'] != '0')
 839              {
 840                  $message = remove_message_quotes($message);
 841              }
 842              if($external_quotes > 0)
 843              {
 844                  if($external_quotes == 1)
 845                  {
 846                      $multiquote_text = $lang->multiquote_external_one;
 847                      $multiquote_deselect = $lang->multiquote_external_one_deselect;
 848                      $multiquote_quote = $lang->multiquote_external_one_quote;
 849                  }
 850                  else
 851                  {
 852                      $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes);
 853                      $multiquote_deselect = $lang->multiquote_external_deselect;
 854                      $multiquote_quote = $lang->multiquote_external_quote;
 855                  }
 856                  eval("\$multiquote_external = \"".$templates->get("newreply_multiquote_external")."\";");
 857              }
 858              if(is_array($quoted_ids) && count($quoted_ids) > 0)
 859              {
 860                  $quoted_ids = implode("|", $quoted_ids);
 861              }
 862          }
 863      }
 864  
 865      if(isset($mybb->input['quoted_ids']))
 866      {
 867          $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids', MyBB::INPUT_INT));
 868      }
 869  
 870      if(isset($mybb->input['previewpost']))
 871      {
 872          $previewmessage = $mybb->get_input('message');
 873      }
 874      if(empty($message))
 875      {
 876          $message = $mybb->get_input('message');
 877      }
 878      $message = htmlspecialchars_uni($message);
 879  
 880      $postoptionschecked = array('signature' => '', 'disablesmilies' => '');
 881      $postoptions_subscriptionmethod_dont = $postoptions_subscriptionmethod_none = $postoptions_subscriptionmethod_email = $postoptions_subscriptionmethod_pm = '';
 882  
 883      // Set up the post options.
 884      if(!empty($mybb->input['previewpost']) || $reply_errors != '')
 885      {
 886          $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 887  
 888          if(isset($postoptions['signature']) && $postoptions['signature'] == 1)
 889          {
 890              $postoptionschecked['signature'] = " checked=\"checked\"";
 891          }
 892          if(isset($postoptions['subscriptionmethod']) && $postoptions['subscriptionmethod'] == "none")
 893          {
 894              $postoptions_subscriptionmethod_none = "checked=\"checked\"";
 895          }
 896          else if(isset($postoptions['subscriptionmethod']) && $postoptions['subscriptionmethod'] == "email")
 897          {
 898              $postoptions_subscriptionmethod_email = "checked=\"checked\"";
 899          }
 900          else if(isset($postoptions['subscriptionmethod']) && $postoptions['subscriptionmethod'] == "pm")
 901          {
 902              $postoptions_subscriptionmethod_pm = "checked=\"checked\"";
 903          }
 904          else
 905          {
 906              $postoptions_subscriptionmethod_dont = "checked=\"checked\"";
 907          }
 908          if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1)
 909          {
 910              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 911          }
 912          $subject = $mybb->input['subject'];
 913      }
 914      elseif($mybb->input['action'] == "editdraft" && $mybb->user['uid'])
 915      {
 916          $message = htmlspecialchars_uni($post['message']);
 917          $subject = $post['subject'];
 918          if($post['includesig'] != 0)
 919          {
 920              $postoptionschecked['signature'] = " checked=\"checked\"";
 921          }
 922          if($post['smilieoff'] == 1)
 923          {
 924              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 925          }
 926          if(isset($postoptions['subscriptionmethod']) && $postoptions['subscriptionmethod'] == "none")
 927          {
 928              $postoptions_subscriptionmethod_none = "checked=\"checked\"";
 929          }
 930          else if(isset($postoptions['subscriptionmethod']) && $postoptions['subscriptionmethod'] == "email")
 931          {
 932              $postoptions_subscriptionmethod_email = "checked=\"checked\"";
 933          }
 934          else if(isset($postoptions['subscriptionmethod']) && $postoptions['subscriptionmethod'] == "pm")
 935          {
 936              $postoptions_subscriptionmethod_pm = "checked=\"checked\"";
 937          }
 938          else
 939          {
 940              $postoptions_subscriptionmethod_dont = "checked=\"checked\"";
 941          }
 942          $mybb->input['icon'] = $post['icon'];
 943      }
 944      else
 945      {
 946          if($mybb->user['signature'] != '')
 947          {
 948              $postoptionschecked['signature'] = " checked=\"checked\"";
 949          }
 950          if($mybb->user['subscriptionmethod'] ==  1)
 951          {
 952              $postoptions_subscriptionmethod_none = "checked=\"checked\"";
 953          }
 954          else if($mybb->user['subscriptionmethod'] == 2)
 955          {
 956              $postoptions_subscriptionmethod_email = "checked=\"checked\"";
 957          }
 958          else if($mybb->user['subscriptionmethod'] == 3)
 959          {
 960              $postoptions_subscriptionmethod_pm = "checked=\"checked\"";
 961          }
 962          else
 963          {
 964              $postoptions_subscriptionmethod_dont = "checked=\"checked\"";
 965          }
 966      }
 967  
 968      if($forum['allowpicons'] != 0)
 969      {
 970          $posticons = get_post_icons();
 971      }
 972  
 973      // No subject?
 974      if(!isset($subject))
 975      {
 976          if(!empty($mybb->input['subject']))
 977          {
 978              $subject = $mybb->get_input('subject');
 979          }
 980          else
 981          {
 982              $subject = $thread_subject;
 983              // Subject too long? Shorten it to avoid error message
 984              if(my_strlen($subject) > 85)
 985              {
 986                  $subject = my_substr($subject, 0, 82).'...';
 987              }
 988              $subject = "RE: ".$subject;
 989          }
 990      }
 991  
 992      // Preview a post that was written.
 993      $preview = '';
 994      if(!empty($mybb->input['previewpost']))
 995      {
 996          // If this isn't a logged in user, then we need to do some special validation.
 997          if($mybb->user['uid'] == 0)
 998          {
 999              // If they didn't specify a username leave blank so $lang->guest can be used on output
1000              if(!$mybb->get_input('username'))
1001              {
1002                  $username = '';
1003              }
1004              // Otherwise use the name they specified.
1005              else
1006              {
1007                  $username = $mybb->get_input('username');
1008              }
1009              $uid = 0;
1010          }
1011          // This user is logged in.
1012          else
1013          {
1014              $username = $mybb->user['username'];
1015              $uid = $mybb->user['uid'];
1016          }
1017  
1018          // Set up posthandler.
1019          require_once  MYBB_ROOT."inc/datahandlers/post.php";
1020          $posthandler = new PostDataHandler("insert");
1021          $posthandler->action = "post";
1022  
1023          // Set the post data that came from the input to the $post array.
1024          $post = array(
1025              "tid" => $mybb->get_input('tid', MyBB::INPUT_INT),
1026              "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT),
1027              "fid" => $thread['fid'],
1028              "subject" => $mybb->get_input('subject'),
1029              "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
1030              "uid" => $uid,
1031              "username" => $username,
1032              "message" => $mybb->get_input('message'),
1033              "ipaddress" => $session->packedip,
1034              "posthash" => $mybb->get_input('posthash')
1035          );
1036  
1037          if(isset($mybb->input['pid']))
1038          {
1039              $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
1040          }
1041  
1042          $posthandler->set_data($post);
1043  
1044          // Now let the post handler do all the hard work.
1045          $valid_post = $posthandler->verify_message();
1046          $valid_subject = $posthandler->verify_subject();
1047  
1048          // guest post --> verify author
1049          if($post['uid'] == 0)
1050          {
1051              $valid_username = $posthandler->verify_author();
1052          }
1053          else
1054          {
1055              $valid_username = true;
1056          }
1057  
1058          $post_errors = array();
1059          // Fetch friendly error messages if this is an invalid post
1060          if(!$valid_post || !$valid_subject || !$valid_username)
1061          {
1062              $post_errors = $posthandler->get_friendly_errors();
1063          }
1064  
1065          // One or more errors returned, fetch error list and throw to newreply page
1066          if(count($post_errors) > 0)
1067          {
1068              $reply_errors = inline_error($post_errors);
1069          }
1070          else
1071          {
1072              $quote_ids = htmlspecialchars_uni($mybb->get_input('quote_ids'));
1073              $mybb->input['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
1074              $query = $db->query("
1075                  SELECT u.*, f.*
1076                  FROM ".TABLE_PREFIX."users u
1077                  LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
1078                  WHERE u.uid='".$mybb->user['uid']."'
1079              ");
1080              $post = $db->fetch_array($query);
1081              $post['username'] = $username;
1082              if($mybb->user['uid'])
1083              {
1084                  $post['userusername'] = $mybb->user['username'];
1085              }
1086              $post['message'] = $previewmessage;
1087              $post['subject'] = $subject;
1088              $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
1089              $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
1090              if(isset($mybb->input['postoptions']['disablesmilies']))
1091              {
1092                  $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies'];
1093              }
1094              $post['dateline'] = TIME_NOW;
1095              if(isset($mybb->input['postoptions']['signature']))
1096              {
1097                  $post['includesig'] = $mybb->input['postoptions']['signature'];
1098              }
1099              if(!isset($post['includesig']) || $post['includesig'] != 1)
1100              {
1101                  $post['includesig'] = 0;
1102              }
1103  
1104              // Fetch attachments assigned to this post.
1105              if($mybb->get_input('pid', MyBB::INPUT_INT))
1106              {
1107                  $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'";
1108              }
1109              else
1110              {
1111                  $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
1112              }
1113  
1114              $query = $db->simple_select("attachments", "*", $attachwhere);
1115              while($attachment = $db->fetch_array($query))
1116              {
1117                  $attachcache[0][$attachment['aid']] = $attachment;
1118              }
1119  
1120              $postbit = build_postbit($post, 1);
1121              eval("\$preview = \"".$templates->get("previewpost")."\";");
1122          }
1123      }
1124  
1125      $subject = htmlspecialchars_uni($parser->parse_badwords($subject));
1126  
1127      $posthash = htmlspecialchars_uni($mybb->get_input('posthash'));
1128  
1129      // Do we have attachment errors?
1130      if(count($errors) > 0)
1131      {
1132          $reply_errors = inline_error($errors);
1133      }
1134  
1135      // Get a listing of the current attachments.
1136      if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0)
1137      {
1138          $attachcount = 0;
1139          if($pid)
1140          {
1141              $attachwhere = "pid='$pid'";
1142          }
1143          else
1144          {
1145              $attachwhere = "posthash='".$db->escape_string($posthash)."'";
1146          }
1147          $attachments = '';
1148          $query = $db->simple_select("attachments", "*", $attachwhere);
1149          while($attachment = $db->fetch_array($query))
1150          {
1151              $attachment['size'] = get_friendly_size($attachment['filesize']);
1152              $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
1153              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
1154  
1155              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
1156              {
1157                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
1158              }
1159  
1160              $attach_mod_options = '';
1161              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
1162  
1163              if($attachment['visible'] != 1)
1164              {
1165                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
1166              }
1167              else
1168              {
1169                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
1170              }
1171              $attachcount++;
1172          }
1173  
1174          $noshowattach = '';
1175          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
1176          $usage = $db->fetch_array($query);
1177  
1178          if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
1179          {
1180              $noshowattach = 1;
1181          }
1182  
1183          if($mybb->usergroup['attachquota'] == 0)
1184          {
1185              $friendlyquota = $lang->unlimited;
1186          }
1187          else
1188          {
1189              $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
1190          }
1191  
1192          $friendlyusage = get_friendly_size($usage['ausage']);
1193          $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyusage, $friendlyquota);
1194  
1195          if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach)
1196          {
1197              eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";");
1198          }
1199  
1200          if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0)
1201          {
1202              eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
1203          }
1204  
1205          if($attach_add_options || $attach_update_options)
1206          {
1207              eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
1208          }
1209  
1210          eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
1211      }
1212  
1213      // If the user is logged in, provide a save draft button.
1214      if($mybb->user['uid'])
1215      {
1216          eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
1217      }
1218  
1219      // Show captcha image for guests if enabled
1220      $captcha = '';
1221      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
1222      {
1223          $correct = false;
1224          require_once  MYBB_ROOT.'inc/class_captcha.php';
1225          $post_captcha = new captcha(false, "post_captcha");
1226  
1227          if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1)
1228          {
1229              // If previewing a post - check their current captcha input - if correct, hide the captcha input area
1230              // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits
1231              if($post_captcha->validate_captcha() == true)
1232              {
1233                  $correct = true;
1234  
1235                  // Generate a hidden list of items for our captcha
1236                  $captcha = $post_captcha->build_hidden_captcha();
1237              }
1238          }
1239  
1240          if(!$correct)
1241          {
1242              if($post_captcha->type == 1)
1243              {
1244                  $post_captcha->build_captcha();
1245              }
1246              elseif(in_array($post_captcha->type, array(2, 4, 5)))
1247              {
1248                  $post_captcha->build_recaptcha();
1249              }
1250  
1251              if($post_captcha->html)
1252              {
1253                  $captcha = $post_captcha->html;
1254              }
1255          }
1256          else if($correct && (in_array($post_captcha->type, array(2, 4, 5))))
1257          {
1258              $post_captcha->build_recaptcha();
1259  
1260              if($post_captcha->html)
1261              {
1262                  $captcha = $post_captcha->html;
1263              }
1264          }
1265      }
1266  
1267      $reviewmore = '';
1268      if($mybb->settings['threadreview'] != 0)
1269      {
1270          if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
1271          {
1272              $mybb->settings['postsperpage'] = 20;
1273          }
1274  
1275          if(is_moderator($fid, "canviewunapprove"))
1276          {
1277              $visibility = "(visible='1' OR visible='0')";
1278          }
1279          else
1280          {
1281              $visibility = "visible='1'";
1282          }
1283          $query = $db->simple_select("posts", "COUNT(pid) AS post_count", "tid='{$tid}' AND {$visibility}");
1284          $numposts = $db->fetch_field($query, "post_count");
1285  
1286          if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
1287          {
1288              $mybb->settings['postsperpage'] = 20;
1289          }
1290  
1291          if($numposts > $mybb->settings['postsperpage'])
1292          {
1293              $numposts = $mybb->settings['postsperpage'];
1294              $lang->thread_review_more = $lang->sprintf($lang->thread_review_more, $mybb->settings['postsperpage'], get_thread_link($tid));
1295              eval("\$reviewmore = \"".$templates->get("newreply_threadreview_more")."\";");
1296          }
1297  
1298          $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND {$visibility}", array("order_by" => "dateline", "order_dir" => "desc", "limit" => $mybb->settings['postsperpage']));
1299          while($post = $db->fetch_array($query))
1300          {
1301              $pidin[] = $post['pid'];
1302          }
1303  
1304          $pidin = implode(",", $pidin);
1305  
1306          // Fetch attachments
1307          $query = $db->simple_select("attachments", "*", "pid IN ($pidin)");
1308          while($attachment = $db->fetch_array($query))
1309          {
1310              $attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
1311          }
1312          $query = $db->query("
1313              SELECT p.*, u.username AS userusername
1314              FROM ".TABLE_PREFIX."posts p
1315              LEFT JOIN ".TABLE_PREFIX."users u ON (p.uid=u.uid)
1316              WHERE pid IN ($pidin)
1317              ORDER BY dateline DESC
1318          ");
1319          $postsdone = 0;
1320          $altbg = "trow1";
1321          $reviewbits = '';
1322          while($post = $db->fetch_array($query))
1323          {
1324              if($post['userusername'])
1325              {
1326                  $post['username'] = $post['userusername'];
1327              }
1328              $reviewpostdate = my_date('relative', $post['dateline']);
1329              $parser_options = array(
1330                  "allow_html" => $forum['allowhtml'],
1331                  "allow_mycode" => $forum['allowmycode'],
1332                  "allow_smilies" => $forum['allowsmilies'],
1333                  "allow_imgcode" => $forum['allowimgcode'],
1334                  "allow_videocode" => $forum['allowvideocode'],
1335                  "me_username" => $post['username'],
1336                  "filter_badwords" => 1
1337              );
1338              if($post['smilieoff'] == 1)
1339              {
1340                  $parser_options['allow_smilies'] = 0;
1341              }
1342  
1343              if($mybb->user['showimages'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
1344              {
1345                  $parser_options['allow_imgcode'] = 0;
1346              }
1347  
1348              if($mybb->user['showvideos'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestvideos'] != 1 && $mybb->user['uid'] == 0)
1349              {
1350                  $parser_options['allow_videocode'] = 0;
1351              }
1352  
1353              $post['username'] = htmlspecialchars_uni($post['username']);
1354  
1355              if($post['visible'] != 1)
1356              {
1357                  $altbg = "trow_shaded";
1358              }
1359  
1360              $post['message'] = $parser->parse_message($post['message'], $parser_options);
1361              get_post_attachments($post['pid'], $post);
1362              $reviewmessage = $post['message'];
1363              eval("\$reviewbits .= \"".$templates->get("newreply_threadreview_post")."\";");
1364              if($altbg == "trow1")
1365              {
1366                  $altbg = "trow2";
1367              }
1368              else
1369              {
1370                  $altbg = "trow1";
1371              }
1372          }
1373          eval("\$threadreview = \"".$templates->get("newreply_threadreview")."\";");
1374      }
1375  
1376      // Hide signature option if no permission
1377      $signature = '';
1378      if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature'])
1379      {
1380          eval("\$signature = \"".$templates->get('newreply_signature')."\";");
1381      }
1382  
1383      // Can we disable smilies or are they disabled already?
1384      $disablesmilies = '';
1385      if($forum['allowsmilies'] != 0)
1386      {
1387          eval("\$disablesmilies = \"".$templates->get("newreply_disablesmilies")."\";");
1388      }
1389  
1390      $postoptions = '';
1391      if(!empty($signature) || !empty($disablesmilies))
1392      {
1393          eval("\$postoptions = \"".$templates->get("newreply_postoptions")."\";");
1394          $bgcolor = "trow2";
1395      }
1396      else
1397      {
1398          $bgcolor = "trow1";
1399      }
1400  
1401      $modoptions = '';
1402      // Show the moderator options.
1403      if(is_moderator($fid))
1404      {
1405          if($mybb->get_input('processed', MyBB::INPUT_INT))
1406          {
1407              $mybb->input['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
1408              if(!isset($mybb->input['modoptions']['closethread']))
1409              {
1410                  $mybb->input['modoptions']['closethread'] = 0;
1411              }
1412              $closed = (int)$mybb->input['modoptions']['closethread'];
1413              if(!isset($mybb->input['modoptions']['stickthread']))
1414              {
1415                  $mybb->input['modoptions']['stickthread'] = 0;
1416              }
1417              $stuck = (int)$mybb->input['modoptions']['stickthread'];
1418          }
1419          else
1420          {
1421              $closed = $thread['closed'];
1422              $stuck = $thread['sticky'];
1423          }
1424  
1425          if($closed)
1426          {
1427              $closecheck = ' checked="checked"';
1428          }
1429          else
1430          {
1431              $closecheck = '';
1432          }
1433  
1434          if($stuck)
1435          {
1436              $stickycheck = ' checked="checked"';
1437          }
1438          else
1439          {
1440              $stickycheck = '';
1441          }
1442  
1443          $closeoption = '';
1444          if(is_moderator($thread['fid'], "canopenclosethreads"))
1445          {
1446              eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";");
1447          }
1448  
1449          $stickoption = '';
1450          if(is_moderator($thread['fid'], "canstickunstickthreads"))
1451          {
1452              eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";");
1453          }
1454  
1455          if(!empty($closeoption) || !empty($stickoption))
1456          {
1457              eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";");
1458              $bgcolor = "trow1";
1459          }
1460          else
1461          {
1462              $bgcolor = "trow2";
1463          }
1464      }
1465      else
1466      {
1467          $bgcolor = "trow2";
1468      }
1469  
1470      // Fetch subscription select box
1471      eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
1472  
1473      $lang->post_reply_to = $lang->sprintf($lang->post_reply_to, $thread['subject']);
1474      $lang->reply_to = $lang->sprintf($lang->reply_to, $thread['subject']);
1475  
1476      // Do we have any forum rules to show for this forum?
1477      $forumrules = '';
1478      if($forum['rulestype'] >= 2 && $forum['rules'])
1479      {
1480          if(!$forum['rulestitle'])
1481          {
1482              $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']);
1483          }
1484  
1485          if(!$parser)
1486          {
1487              require_once  MYBB_ROOT.'inc/class_parser.php';
1488              $parser = new postParser;
1489          }
1490  
1491          $rules_parser = array(
1492              "allow_html" => 1,
1493              "allow_mycode" => 1,
1494              "allow_smilies" => 1,
1495              "allow_imgcode" => 1
1496          );
1497  
1498          $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser);
1499          $foruminfo = $forum;
1500  
1501          if($forum['rulestype'] == 3)
1502          {
1503              eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";");
1504          }
1505          else if($forum['rulestype'] == 2)
1506          {
1507              eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";");
1508          }
1509      }
1510  
1511      $moderation_notice = '';
1512      if(!is_moderator($forum['fid'], "canapproveunapproveattachs"))
1513      {
1514          if($forumpermissions['modattachments'] == 1  && $forumpermissions['canpostattachments'] != 0)
1515          {
1516              $moderation_text = $lang->moderation_forum_attachments;
1517              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1518          }
1519      }
1520      if(!is_moderator($forum['fid'], "canapproveunapproveposts"))
1521      {
1522          if($forumpermissions['modposts'] == 1)
1523          {
1524              $moderation_text = $lang->moderation_forum_posts;
1525              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1526          }
1527  
1528          if($mybb->user['moderateposts'] == 1)
1529          {
1530              $moderation_text = $lang->moderation_user_posts;
1531              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1532          }
1533      }
1534  
1535      $plugins->run_hooks("newreply_end");
1536  
1537      $forum['name'] = strip_tags($forum['name']);
1538  
1539      eval("\$newreply = \"".$templates->get("newreply")."\";");
1540      output_page($newreply);
1541  }


2005 - 2016 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1