[ Index ]

PHP Cross Reference of MyBB 1.8.27

title

Body

[close]

/ -> newreply.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'newreply.php');
  13  
  14  $templatelist = "newreply,previewpost,loginbox,changeuserbox,posticons,newreply_threadreview,newreply_threadreview_post,forumdisplay_rules_link,newreply_multiquote_external,post_attachments_add,post_subscription_method";
  15  $templatelist .= ",codebuttons,post_attachments_new,post_attachments,post_savedraftbutton,newreply_modoptions,newreply_threadreview_more,postbit_online,postbit_pm,newreply_disablesmilies_hidden,post_attachments_update";
  16  $templatelist .= ",postbit_warninglevel,postbit_author_user,postbit_edit,postbit_quickdelete,postbit_inlinecheck,postbit_posturl,postbit_quote,postbit_multiquote,newreply_modoptions_close,newreply_modoptions_stick";
  17  $templatelist .= ",post_attachments_attachment_postinsert,post_attachments_attachment_remove,post_attachments_attachment_unapproved,post_attachments_attachment,post_attachments_viewlink,postbit_attachments_attachment,newreply_signature";
  18  $templatelist .= ",post_captcha_recaptcha_invisible,post_captcha_hidden,post_captcha,post_captcha_nocaptcha,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_javascript,postbit_groupimage,postbit_attachments,newreply_postoptions";
  19  $templatelist .= ",postbit_rep_button,postbit_author_guest,postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnailpostbit_attachments_images_image,postbit_attachments_attachment_unapproved";
  20  $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_gotopost,forumdisplay_password_wrongpass,forumdisplay_password,posticons_icon,attachment_icon,postbit_reputation_formatted_link";
  21  $templatelist .= ",global_moderation_notice,newreply_disablesmilies,postbit_userstar,newreply_draftinput,postbit_avatar,forumdisplay_rules,postbit_offline,postbit_find,postbit_warninglevel_formatted,postbit_ignored";
  22  $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,postbit_reputation,postbit_www,postbit_away,postbit_icon,postbit_email,postbit_report,postbit,postbit_warn";
  23  
  24  require_once  "./global.php";
  25  require_once  MYBB_ROOT."inc/functions_post.php";
  26  require_once  MYBB_ROOT."inc/functions_user.php";
  27  require_once  MYBB_ROOT."inc/functions_upload.php";
  28  require_once  MYBB_ROOT."inc/class_parser.php";
  29  $parser = new postParser;
  30  
  31  // Load global language phrases
  32  $lang->load("newreply");
  33  
  34  // Get the pid and tid and replyto from the input.
  35  $tid = $mybb->get_input('tid', MyBB::INPUT_INT);
  36  $replyto = $mybb->get_input('replyto', MyBB::INPUT_INT);
  37  
  38  // AJAX quick reply?
  39  if(!empty($mybb->input['ajax']))
  40  {
  41      unset($mybb->input['previewpost']);
  42  }
  43  
  44  // Edit a draft post.
  45  $pid = 0;
  46  $editdraftpid = '';
  47  $mybb->input['action'] = $mybb->get_input('action');
  48  if(($mybb->input['action'] == "editdraft" || $mybb->input['action'] == "do_newreply") && $mybb->get_input('pid', MyBB::INPUT_INT))
  49  {
  50      $pid = $mybb->get_input('pid', MyBB::INPUT_INT);
  51      $post = get_post($pid);
  52      if(!$post)
  53      {
  54          error($lang->error_invalidpost);
  55      }
  56      else if($mybb->user['uid'] != $post['uid'])
  57      {
  58          error($lang->error_post_noperms);
  59      }
  60      $pid = (int)$post['pid'];
  61      $tid = (int)$post['tid'];
  62      eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
  63  }
  64  
  65  // Set up $thread and $forum for later use.
  66  $thread = get_thread($tid);
  67  if(!$thread)
  68  {
  69      error($lang->error_invalidthread);
  70  }
  71  $fid = (int)$thread['fid'];
  72  
  73  // Get forum info
  74  $forum = get_forum($fid);
  75  if(!$forum)
  76  {
  77      error($lang->error_invalidforum);
  78  }
  79  
  80  // Make navigation
  81  build_forum_breadcrumb($fid);
  82  $thread_subject = $thread['subject'];
  83  $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
  84  add_breadcrumb($thread['subject'], get_thread_link($thread['tid']));
  85  add_breadcrumb($lang->nav_newreply);
  86  
  87  $forumpermissions = forum_permissions($fid);
  88  
  89  // See if everything is valid up to here.
  90  if(isset($post) && (($post['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || ($post['visible'] < 0 && $post['uid'] != $mybb->user['uid'])))
  91  {
  92      if($post['visible'] == 0 && !($mybb->settings['showownunapproved'] && $post['uid'] == $mybb->user['uid']))
  93      {
  94          error($lang->error_invalidpost);
  95      }
  96  }
  97  if(($thread['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || $thread['visible'] < 0)
  98  {
  99      if($thread['visible'] == 0 && !($mybb->settings['showownunapproved'] && $thread['uid'] == $mybb->user['uid']))
 100      {
 101          error($lang->error_invalidthread);
 102      }
 103  }
 104  if($forum['open'] == 0 || $forum['type'] != "f")
 105  {
 106      error($lang->error_closedinvalidforum);
 107  }
 108  if($forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0)
 109  {
 110      error_no_permission();
 111  }
 112  
 113  if($mybb->user['suspendposting'] == 1)
 114  {
 115      $suspendedpostingtype = $lang->error_suspendedposting_permanent;
 116      if($mybb->user['suspensiontime'])
 117      {
 118          $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime']));
 119      }
 120  
 121      $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime']));
 122  
 123      error($lang->error_suspendedposting);
 124  }
 125  
 126  if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'])
 127  {
 128      error_no_permission();
 129  }
 130  
 131  if(isset($forumpermissions['canonlyreplyownthreads']) && $forumpermissions['canonlyreplyownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'])
 132  {
 133      error_no_permission();
 134  }
 135  
 136  // Coming from quick reply and not a preview call? Set subscription method
 137  if($mybb->get_input('method') == "quickreply" && !isset($mybb->input['previewpost']))
 138  {
 139      $mybb->input['postoptions']['subscriptionmethod'] = get_subscription_method($mybb->get_input('tid', MyBB::INPUT_INT));
 140  }
 141  
 142  // Check if this forum is password protected and we have a valid password
 143  check_forum_password($forum['fid']);
 144  
 145  if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 146  {
 147      $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']);
 148      if($forum['allowsmilies'] != 0)
 149      {
 150          $smilieinserter = build_clickable_smilies();
 151      }
 152  }
 153  
 154  // Display a login box or change user box?
 155  if($mybb->user['uid'] != 0)
 156  {
 157      $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
 158      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
 159  }
 160  else
 161  {
 162      if(empty($mybb->input['previewpost']) && $mybb->input['action'] != "do_newreply")
 163      {
 164          $username = '';
 165      }
 166      else
 167      {
 168          $username = htmlspecialchars_uni($mybb->get_input('username'));
 169      }
 170      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
 171  }
 172  
 173  // Check to see if the thread is closed, and if the user is a mod.
 174  if(!is_moderator($fid, "canpostclosedthreads"))
 175  {
 176      if($thread['closed'] == 1)
 177      {
 178          error($lang->redirect_threadclosed);
 179      }
 180  }
 181  
 182  // No weird actions allowed, show new reply form if no regular action.
 183  if($mybb->input['action'] != "do_newreply" && $mybb->input['action'] != "editdraft")
 184  {
 185      $mybb->input['action'] = "newreply";
 186  }
 187  
 188  // Even if we are previewing, still show the new reply form.
 189  if(!empty($mybb->input['previewpost']))
 190  {
 191      $mybb->input['action'] = "newreply";
 192  }
 193  
 194  // Setup a unique posthash for attachment management
 195  if(!$mybb->get_input('posthash') && !$pid)
 196  {
 197      $mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].random_str());
 198  }
 199  
 200  if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1)
 201  {
 202      error($lang->error_empty_post_input);
 203  }
 204  
 205  $errors = array();
 206  $maximageserror = $attacherror = '';
 207  if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_newreply" && $mybb->get_input('submit')) || ($mybb->input['action'] == "newreply" && isset($mybb->input['previewpost'])) || isset($mybb->input['savedraft'])) && !empty($_FILES['attachments']))))
 208  {
 209      // Verify incoming POST request
 210      verify_post_check($mybb->get_input('my_post_key'));
 211  
 212      if($pid)
 213      {
 214          $attachwhere = "pid='{$pid}'";
 215      }
 216      else
 217      {
 218          $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 219      }
 220  
 221      $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newreply");
 222  
 223      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 224      {
 225          if(isset($ret['success']))
 226          {
 227              $attachment = array('aid'=>'{1}', 'icon'=>'{2}', 'filename'=>'{3}', 'size'=>'{4}');
 228              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 229              {
 230                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
 231              }
 232              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
 233              eval("\$attemplate = \"".$templates->get("post_attachments_attachment")."\";");
 234              $ret['template'] = $attemplate;
 235  
 236              $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 237              $usage = $db->fetch_array($query);
 238              $ret['usage'] = get_friendly_size($usage['ausage']);
 239          }
 240          
 241          header("Content-type: application/json; charset={$lang->settings['charset']}");
 242          echo json_encode($ret);
 243          exit();
 244      }
 245  
 246      if(!empty($ret['errors']))
 247      {
 248          $errors = $ret['errors'];
 249      }
 250  
 251      // If we were dealing with an attachment but didn't click 'Post Reply' or 'Save as Draft', force the new reply page again.
 252      if(!$mybb->get_input('submit') && !$mybb->get_input('savedraft'))
 253      {
 254          eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
 255          $mybb->input['action'] = "newreply";
 256      }
 257  }
 258  
 259  detect_attachmentact();
 260  
 261  // Remove an attachment.
 262  if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove")
 263  {
 264      // Verify incoming POST request
 265      verify_post_check($mybb->get_input('my_post_key'));
 266  
 267      remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT));
 268  
 269      if(!$mybb->get_input('submit'))
 270      {
 271          eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
 272          $mybb->input['action'] = "newreply";
 273      }
 274  
 275      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 276      {
 277          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 278          $usage = $db->fetch_array($query);
 279  
 280          header("Content-type: application/json; charset={$lang->settings['charset']}");
 281          echo json_encode(array("success" => true, "usage" => get_friendly_size($usage['ausage'])));
 282          exit();
 283      }
 284  }
 285  
 286  $reply_errors = $quoted_ids = '';
 287  $hide_captcha = false;
 288  
 289  // Check the maximum posts per day for this user
 290  if($mybb->usergroup['maxposts'] > 0)
 291  {
 292      $daycut = TIME_NOW-60*60*24;
 293      $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible !='-1' AND dateline>{$daycut}");
 294      $post_count = $db->fetch_field($query, "posts_today");
 295      if($post_count >= $mybb->usergroup['maxposts'])
 296      {
 297          $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']);
 298          error($lang->error_maxposts);
 299      }
 300  }
 301  
 302  if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
 303  {
 304      $mybb->settings['postsperpage'] = 20;
 305  }
 306  
 307  if($mybb->input['action'] == "do_newreply" && $mybb->request_method == "post")
 308  {
 309      // Verify incoming POST request
 310      verify_post_check($mybb->get_input('my_post_key'));
 311  
 312      $plugins->run_hooks("newreply_do_newreply_start");
 313  
 314      // If this isn't a logged in user, then we need to do some special validation.
 315      if($mybb->user['uid'] == 0)
 316      {
 317          // If they didn't specify a username leave blank so $lang->guest can be used on output
 318          if(!$mybb->get_input('username'))
 319          {
 320              $username = '';
 321          }
 322          // Otherwise use the name they specified.
 323          else
 324          {
 325              $username = $mybb->get_input('username');
 326          }
 327          $uid = 0;
 328  
 329  
 330          if($mybb->settings['stopforumspam_on_newreply'])
 331          {
 332              require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 333  
 334              $stop_forum_spam_checker = new StopForumSpamChecker(
 335                  $plugins,
 336                  $mybb->settings['stopforumspam_min_weighting_before_spam'],
 337                  $mybb->settings['stopforumspam_check_usernames'],
 338                  $mybb->settings['stopforumspam_check_emails'],
 339                  $mybb->settings['stopforumspam_check_ips'],
 340                  $mybb->settings['stopforumspam_log_blocks']
 341              );
 342  
 343              try {
 344                  if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip()))
 345                  {
 346                      error($lang->sprintf($lang->error_stop_forum_spam_spammer,
 347                          $stop_forum_spam_checker->getErrorText(array(
 348                              'stopforumspam_check_usernames',
 349                              'stopforumspam_check_ips'
 350                              ))));
 351                  }
 352              }
 353              catch (Exception $e)
 354              {
 355                  if($mybb->settings['stopforumspam_block_on_error'])
 356                  {
 357                      error($lang->error_stop_forum_spam_fetching);
 358                  }
 359              }
 360          }
 361      }
 362      // This user is logged in.
 363      else
 364      {
 365          $username = $mybb->user['username'];
 366          $uid = $mybb->user['uid'];
 367      }
 368  
 369      // Attempt to see if this post is a duplicate or not
 370      if($uid > 0)
 371      {
 372          $user_check = "p.uid='{$uid}'";
 373      }
 374      else
 375      {
 376          $user_check = "p.ipaddress=".$db->escape_binary($session->packedip);
 377      }
 378      if(!$mybb->get_input('savedraft'))
 379      {
 380          $query = $db->simple_select("posts p", "p.pid, p.visible", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.visible > -1 AND p.dateline>".(TIME_NOW-600));
 381          if($db->num_rows($query) > 0)
 382          {
 383              error($lang->error_post_already_submitted);
 384          }
 385      }
 386  
 387      // Set up posthandler.
 388      require_once  MYBB_ROOT."inc/datahandlers/post.php";
 389      $posthandler = new PostDataHandler("insert");
 390  
 391      // Set the post data that came from the input to the $post array.
 392      $post = array(
 393          "tid" => $mybb->get_input('tid', MyBB::INPUT_INT),
 394          "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT),
 395          "fid" => $thread['fid'],
 396          "subject" => $mybb->get_input('subject'),
 397          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 398          "uid" => $uid,
 399          "username" => $username,
 400          "message" => $mybb->get_input('message'),
 401          "ipaddress" => $session->packedip,
 402          "posthash" => $mybb->get_input('posthash')
 403      );
 404  
 405      if(isset($mybb->input['pid']))
 406      {
 407          $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
 408      }
 409  
 410      // Are we saving a draft post?
 411      if($mybb->get_input('savedraft') && $mybb->user['uid'])
 412      {
 413          $post['savedraft'] = 1;
 414      }
 415      else
 416      {
 417          $post['savedraft'] = 0;
 418      }
 419  
 420      $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 421      if(!isset($postoptions['signature']))
 422      {
 423          $postoptions['signature'] = 0;
 424      }
 425      if(!isset($postoptions['subscriptionmethod']))
 426      {
 427          $postoptions['subscriptionmethod'] = 0;
 428      }
 429      if(!isset($postoptions['disablesmilies']))
 430      {
 431          $postoptions['disablesmilies'] = 0;
 432      }
 433  
 434      // Set up the post options from the input.
 435      $post['options'] = array(
 436          "signature" => $postoptions['signature'],
 437          "subscriptionmethod" => $postoptions['subscriptionmethod'],
 438          "disablesmilies" => $postoptions['disablesmilies']
 439      );
 440  
 441      // Apply moderation options if we have them
 442      $post['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 443  
 444      $posthandler->set_data($post);
 445  
 446      // Now let the post handler do all the hard work.
 447      $valid_post = $posthandler->validate_post();
 448  
 449      $post_errors = array();
 450      // Fetch friendly error messages if this is an invalid post
 451      if(!$valid_post)
 452      {
 453          $post_errors = $posthandler->get_friendly_errors();
 454      }
 455  
 456      // Mark thread as read
 457      require_once  MYBB_ROOT."inc/functions_indicators.php";
 458      mark_thread_read($tid, $fid);
 459  
 460      $json_data = '';
 461  
 462      // Check captcha image
 463      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 464      {
 465          require_once  MYBB_ROOT.'inc/class_captcha.php';
 466          $post_captcha = new captcha(false, "post_captcha");
 467  
 468          if($post_captcha->validate_captcha() == false)
 469          {
 470              // CAPTCHA validation failed
 471              foreach($post_captcha->get_errors() as $error)
 472              {
 473                  $post_errors[] = $error;
 474              }
 475          }
 476          else
 477          {
 478              $hide_captcha = true;
 479          }
 480  
 481          if($mybb->get_input('ajax', MyBB::INPUT_INT) && $post_captcha->type == 1)
 482          {
 483              $randomstr = random_str(5);
 484              $imagehash = md5(random_str(12));
 485  
 486              $imagearray = array(
 487                  "imagehash" => $imagehash,
 488                  "imagestring" => $randomstr,
 489                  "dateline" => TIME_NOW
 490              );
 491  
 492              $db->insert_query("captcha", $imagearray);
 493  
 494              //header("Content-type: text/html; charset={$lang->settings['charset']}");
 495              $data = '';
 496              $data .= "<captcha>$imagehash";
 497  
 498              if($hide_captcha)
 499              {
 500                  $data .= "|$randomstr";
 501              }
 502  
 503              $data .= "</captcha>";
 504  
 505              //header("Content-type: application/json; charset={$lang->settings['charset']}");
 506              $json_data = array("data" => $data);
 507          }
 508      }
 509  
 510      // One or more errors returned, fetch error list and throw to newreply page
 511      if(count($post_errors) > 0)
 512      {
 513          $reply_errors = inline_error($post_errors, '', $json_data);
 514          $mybb->input['action'] = "newreply";
 515      }
 516      else
 517      {
 518          $postinfo = $posthandler->insert_post();
 519          $pid = $postinfo['pid'];
 520          $visible = $postinfo['visible'];
 521  
 522          if(isset($postinfo['closed']))
 523          {
 524              $closed = $postinfo['closed'];
 525          }
 526          else
 527          {
 528              $closed = '';
 529          }
 530  
 531          // Invalidate solved captcha
 532          if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 533          {
 534              $post_captcha->invalidate_captcha();
 535          }
 536  
 537          $force_redirect = false;
 538  
 539          // Deciding the fate
 540          if($visible == -2)
 541          {
 542              // Draft post
 543              $lang->redirect_newreply = $lang->draft_saved;
 544              $url = "usercp.php?action=drafts";
 545          }
 546          elseif($visible == 1)
 547          {
 548              // Visible post
 549              $lang->redirect_newreply .= $lang->redirect_newreply_post;
 550              $url = get_post_link($pid, $tid)."#pid{$pid}";
 551          }
 552          else
 553          {
 554              // Moderated post
 555              $lang->redirect_newreply .= '<br />'.$lang->redirect_newreply_moderation;
 556              $url = get_thread_link($tid);
 557  
 558              // User must see moderation notice, regardless of redirect settings
 559              $force_redirect = true;
 560          }
 561  
 562          // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected
 563          if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 564          {
 565              // We quoted all posts - remove the entire cookie
 566              if($mybb->get_input('quoted_ids') == "all")
 567              {
 568                  my_unsetcookie("multiquote");
 569              }
 570              // Only quoted a few - attempt to remove them from the cookie
 571              else
 572              {
 573                  $quoted_ids = explode("|", $mybb->get_input('quoted_ids'));
 574                  $multiquote = explode("|", $mybb->cookies['multiquote']);
 575                  if(is_array($multiquote) && is_array($quoted_ids))
 576                  {
 577                      foreach($multiquote as $key => $quoteid)
 578                      {
 579                          // If this ID was quoted, remove it from the multiquote list
 580                          if(in_array($quoteid, $quoted_ids))
 581                          {
 582                              unset($multiquote[$key]);
 583                          }
 584                      }
 585                      // Still have an array - set the new cookie
 586                      if(is_array($multiquote))
 587                      {
 588                          $new_multiquote = implode(",", $multiquote);
 589                          my_setcookie("multiquote", $new_multiquote);
 590                      }
 591                      // Otherwise, unset it
 592                      else
 593                      {
 594                          my_unsetcookie("multiquote");
 595                      }
 596                  }
 597              }
 598          }
 599  
 600          $plugins->run_hooks("newreply_do_newreply_end");
 601  
 602          // This was a post made via the ajax quick reply - we need to do some special things here
 603          if($mybb->get_input('ajax', MyBB::INPUT_INT))
 604          {
 605              // Visible post
 606              if($visible == 1)
 607              {
 608                  // Set post counter
 609                  $postcounter = $thread['replies'] + 1;
 610  
 611                  if(is_moderator($fid, "canviewunapprove"))
 612                  {
 613                      $postcounter += $thread['unapprovedposts'];
 614                  }
 615                  if(is_moderator($fid, "canviewdeleted"))
 616                  {
 617                      $postcounter += $thread['deletedposts'];
 618                  }
 619  
 620                  // Was there a new post since we hit the quick reply button?
 621                  if($mybb->get_input('lastpid', MyBB::INPUT_INT))
 622                  {
 623                      $query = $db->simple_select("posts", "pid", "tid = '{$tid}' AND pid != '{$pid}'", array("order_by" => "pid", "order_dir" => "desc"));
 624                      $new_post = $db->fetch_array($query);
 625                      if($new_post['pid'] != $mybb->get_input('lastpid', MyBB::INPUT_INT))
 626                      {
 627                          redirect(get_thread_link($tid, 0, "lastpost"));
 628                      }
 629                  }
 630  
 631                  // Lets see if this post is on the same page as the one we're viewing or not
 632                  // if it isn't, redirect us
 633                  if($perpage > 0 && (($postcounter) % $perpage) == 0)
 634                  {
 635                      $post_page = ($postcounter) / $mybb->settings['postsperpage'];
 636                  }
 637                  else
 638                  {
 639                      $post_page = (int)($postcounter / $mybb->settings['postsperpage']) + 1;
 640                  }
 641  
 642                  if($post_page > $mybb->get_input('from_page', MyBB::INPUT_INT))
 643                  {
 644                      redirect(get_thread_link($tid, 0, "lastpost"));
 645                      exit;
 646                  }
 647  
 648                  // Return the post HTML and display it inline
 649                  $query = $db->query("
 650                      SELECT u.*, u.username AS userusername, p.*, f.*, eu.username AS editusername
 651                      FROM ".TABLE_PREFIX."posts p
 652                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 653                      LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 654                      LEFT JOIN ".TABLE_PREFIX."users eu ON (eu.uid=p.edituid)
 655                      WHERE p.pid='{$pid}'
 656                  ");
 657                  $post = $db->fetch_array($query);
 658  
 659                  // Now lets fetch all of the attachments for this post
 660                  $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
 661                  while($attachment = $db->fetch_array($query))
 662                  {
 663                      $attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
 664                  }
 665  
 666                  // Establish altbg - may seem like this is backwards, but build_postbit reverses it
 667                  if(($postcounter - $mybb->settings['postsperpage']) % 2 != 0)
 668                  {
 669                      $altbg = "trow1";
 670                  }
 671                  else
 672                  {
 673                      $altbg = "trow2";
 674                  }
 675  
 676                  $charset = "UTF-8";
 677                  if($lang->settings['charset'])
 678                  {
 679                      $charset = $lang->settings['charset'];
 680                  }
 681  
 682                  require_once  MYBB_ROOT."inc/functions_post.php";
 683                  $pid = $post['pid'];
 684                  $post = build_postbit($post);
 685  
 686                  $data = '';
 687                  $data .= $post;
 688  
 689                  // Build a new posthash incase the user wishes to quick reply again
 690                  $new_posthash = md5($mybb->user['uid'].random_str());
 691                  $data .= "<script type=\"text/javascript\">\n";
 692                  $data .= "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n";
 693                  $data .= "if(typeof(inlineModeration) != 'undefined') {
 694                      $('#inlinemod_{$pid}').on(\"click\", function(e) {
 695                          inlineModeration.checkItem();
 696                      });
 697                  }\n";
 698  
 699                  if($closed == 1)
 700                  {
 701                      $data .= "$('#quick_reply_form .trow1').removeClass('trow1 trow2').addClass('trow_shaded');\n";
 702                  }
 703                  else
 704                  {
 705                      $data .= "$('#quick_reply_form .trow_shaded').removeClass('trow_shaded').addClass('trow1');\n";
 706                  }
 707  
 708                  $data .= "</script>\n";
 709  
 710                  header("Content-type: application/json; charset={$lang->settings['charset']}");
 711                  echo json_encode(array("data" => $data));
 712  
 713                  exit;
 714              }
 715              // Post is in the moderation queue
 716              else
 717              {
 718                  redirect(get_thread_link($tid, 0, "lastpost"), $lang->redirect_newreply_moderation, "", true);
 719                  exit;
 720              }
 721          }
 722          else
 723          {
 724              $lang->redirect_newreply .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid));
 725              redirect($url, $lang->redirect_newreply, "", $force_redirect);
 726              exit;
 727          }
 728      }
 729  }
 730  
 731  // Show the newreply form.
 732  if($mybb->input['action'] == "newreply" || $mybb->input['action'] == "editdraft")
 733  {
 734      $plugins->run_hooks("newreply_start");
 735  
 736      $quote_ids = $multiquote_external = '';
 737      // If this isn't a preview and we're not editing a draft, then handle quoted posts
 738      if(empty($mybb->input['previewpost']) && !$reply_errors && $mybb->input['action'] != "editdraft" && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && !$mybb->get_input('newattachment') && !$mybb->get_input('updateattachment'))
 739      {
 740          $message = '';
 741          $quoted_posts = array();
 742          // Handle multiquote
 743          if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 744          {
 745              $multiquoted = explode("|", $mybb->cookies['multiquote']);
 746              foreach($multiquoted as $post)
 747              {
 748                  $quoted_posts[$post] = (int)$post;
 749              }
 750          }
 751          // Handle incoming 'quote' button
 752          if($replyto)
 753          {
 754              $quoted_posts[$replyto] = $replyto;
 755          }
 756  
 757          // Quoting more than one post - fetch them
 758          if(count($quoted_posts) > 0)
 759          {
 760              $external_quotes = 0;
 761              $quoted_posts = implode(",", $quoted_posts);
 762              $quoted_ids = array();
 763              $unviewable_forums = get_unviewable_forums();
 764              $inactiveforums = get_inactive_forums();
 765              if($unviewable_forums)
 766              {
 767                  $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})";
 768              }
 769              if($inactiveforums)
 770              {
 771                  $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})";
 772              }
 773  
 774              // Check group permissions if we can't view threads not started by us
 775              $group_permissions = forum_permissions();
 776              $onlyusfids = array();
 777              $onlyusforums = '';
 778              foreach($group_permissions as $gpfid => $forum_permissions)
 779              {
 780                  if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 781                  {
 782                      $onlyusfids[] = $gpfid;
 783                  }
 784              }
 785              if(!empty($onlyusfids))
 786              {
 787                  $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 788              }
 789  
 790              if(is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted'))
 791              {
 792                  $visible_where = "AND p.visible IN (-1,0,1)";
 793              }
 794              elseif(is_moderator($fid, 'canviewunapprove') && !is_moderator($fid, 'canviewdeleted'))
 795              {
 796                  $visible_where = "AND p.visible IN (0,1)";
 797              }
 798              elseif(!is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted'))
 799              {
 800                  $visible_where = "AND p.visible IN (-1,1)";
 801              }
 802              else
 803              {
 804                  $visible_where = "AND p.visible=1";
 805              }
 806  
 807              require_once  MYBB_ROOT."inc/functions_posting.php";
 808              $query = $db->query("
 809                  SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername
 810                  FROM ".TABLE_PREFIX."posts p
 811                  LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 812                  LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 813                  WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 814              ");
 815              $load_all = $mybb->get_input('load_all_quotes', MyBB::INPUT_INT);
 816              while($quoted_post = $db->fetch_array($query))
 817              {
 818                  // Only show messages for the current thread
 819                  if($quoted_post['tid'] == $tid || $load_all == 1)
 820                  {
 821                      // If this post was the post for which a quote button was clicked, set the subject
 822                      if($replyto == $quoted_post['pid'])
 823                      {
 824                          $subject = preg_replace('#^RE:\s?#i', '', $quoted_post['subject']);
 825                          // Subject too long? Shorten it to avoid error message
 826                          if(my_strlen($subject) > 85)
 827                          {
 828                              $subject = my_substr($subject, 0, 82).'...';
 829                          }
 830                          $subject = "RE: ".$subject;
 831                      }
 832                      $message .= parse_quoted_message($quoted_post);
 833                      $quoted_ids[] = $quoted_post['pid'];
 834                  }
 835                  // Count the rest
 836                  else
 837                  {
 838                      ++$external_quotes;
 839                  }
 840              }
 841              if($mybb->settings['maxquotedepth'] != '0')
 842              {
 843                  $message = remove_message_quotes($message);
 844              }
 845              if($external_quotes > 0)
 846              {
 847                  if($external_quotes == 1)
 848                  {
 849                      $multiquote_text = $lang->multiquote_external_one;
 850                      $multiquote_deselect = $lang->multiquote_external_one_deselect;
 851                      $multiquote_quote = $lang->multiquote_external_one_quote;
 852                  }
 853                  else
 854                  {
 855                      $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes);
 856                      $multiquote_deselect = $lang->multiquote_external_deselect;
 857                      $multiquote_quote = $lang->multiquote_external_quote;
 858                  }
 859                  eval("\$multiquote_external = \"".$templates->get("newreply_multiquote_external")."\";");
 860              }
 861              if(is_array($quoted_ids) && count($quoted_ids) > 0)
 862              {
 863                  $quoted_ids = implode("|", $quoted_ids);
 864              }
 865          }
 866      }
 867  
 868      if(isset($mybb->input['quoted_ids']))
 869      {
 870          $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids', MyBB::INPUT_INT));
 871      }
 872  
 873      if(isset($mybb->input['previewpost']))
 874      {
 875          $previewmessage = $mybb->get_input('message');
 876      }
 877      if(empty($message))
 878      {
 879          $message = $mybb->get_input('message');
 880      }
 881      $message = htmlspecialchars_uni($message);
 882  
 883      $postoptionschecked = array('signature' => '', 'disablesmilies' => '');
 884      $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = '';
 885  
 886      // Set up the post options.
 887      if(!empty($mybb->input['previewpost']) || $reply_errors != '')
 888      {
 889          $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 890  
 891          if(isset($postoptions['signature']) && $postoptions['signature'] == 1)
 892          {
 893              $postoptionschecked['signature'] = " checked=\"checked\"";
 894          }
 895          if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1)
 896          {
 897              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 898          }
 899          $subscription_method = get_subscription_method($tid, $postoptions);
 900          $subject = $mybb->input['subject'];
 901      }
 902      elseif($mybb->input['action'] == "editdraft" && $mybb->user['uid'])
 903      {
 904          $message = htmlspecialchars_uni($post['message']);
 905          $subject = $post['subject'];
 906          if($post['includesig'] != 0)
 907          {
 908              $postoptionschecked['signature'] = " checked=\"checked\"";
 909          }
 910          if($post['smilieoff'] == 1)
 911          {
 912              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 913          }
 914          $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts
 915          $mybb->input['icon'] = $post['icon'];
 916      }
 917      else
 918      {
 919          if($mybb->user['signature'] != '')
 920          {
 921              $postoptionschecked['signature'] = " checked=\"checked\"";
 922          }
 923          $subscription_method = get_subscription_method($tid);
 924      }
 925      ${$subscription_method.'subscribe'} = "checked=\"checked\" ";
 926  
 927      if($forum['allowpicons'] != 0)
 928      {
 929          $posticons = get_post_icons();
 930      }
 931  
 932      // No subject?
 933      if(!isset($subject))
 934      {
 935          if(!empty($mybb->input['subject']))
 936          {
 937              $subject = $mybb->get_input('subject');
 938          }
 939          else
 940          {
 941              $subject = $thread_subject;
 942              // Subject too long? Shorten it to avoid error message
 943              if(my_strlen($subject) > 85)
 944              {
 945                  $subject = my_substr($subject, 0, 82).'...';
 946              }
 947              $subject = "RE: ".$subject;
 948          }
 949      }
 950  
 951      // Preview a post that was written.
 952      $preview = '';
 953      if(!empty($mybb->input['previewpost']))
 954      {
 955          // If this isn't a logged in user, then we need to do some special validation.
 956          if($mybb->user['uid'] == 0)
 957          {
 958              // If they didn't specify a username leave blank so $lang->guest can be used on output
 959              if(!$mybb->get_input('username'))
 960              {
 961                  $username = '';
 962              }
 963              // Otherwise use the name they specified.
 964              else
 965              {
 966                  $username = $mybb->get_input('username');
 967              }
 968              $uid = 0;
 969          }
 970          // This user is logged in.
 971          else
 972          {
 973              $username = $mybb->user['username'];
 974              $uid = $mybb->user['uid'];
 975          }
 976  
 977          // Set up posthandler.
 978          require_once  MYBB_ROOT."inc/datahandlers/post.php";
 979          $posthandler = new PostDataHandler("insert");
 980          $posthandler->action = "post";
 981  
 982          // Set the post data that came from the input to the $post array.
 983          $post = array(
 984              "tid" => $mybb->get_input('tid', MyBB::INPUT_INT),
 985              "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT),
 986              "fid" => $thread['fid'],
 987              "subject" => $mybb->get_input('subject'),
 988              "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 989              "uid" => $uid,
 990              "username" => $username,
 991              "message" => $mybb->get_input('message'),
 992              "ipaddress" => $session->packedip,
 993              "posthash" => $mybb->get_input('posthash')
 994          );
 995  
 996          if(isset($mybb->input['pid']))
 997          {
 998              $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
 999          }
1000  
1001          $posthandler->set_data($post);
1002  
1003          // Now let the post handler do all the hard work.
1004          $valid_post = $posthandler->verify_message();
1005          $valid_subject = $posthandler->verify_subject();
1006  
1007          // guest post --> verify author
1008          if($post['uid'] == 0)
1009          {
1010              $valid_username = $posthandler->verify_author();
1011          }
1012          else
1013          {
1014              $valid_username = true;
1015          }
1016  
1017          $post_errors = array();
1018          // Fetch friendly error messages if this is an invalid post
1019          if(!$valid_post || !$valid_subject || !$valid_username)
1020          {
1021              $post_errors = $posthandler->get_friendly_errors();
1022          }
1023  
1024          // One or more errors returned, fetch error list and throw to newreply page
1025          if(count($post_errors) > 0)
1026          {
1027              $reply_errors = inline_error($post_errors);
1028          }
1029          else
1030          {
1031              $quote_ids = htmlspecialchars_uni($mybb->get_input('quote_ids'));
1032              $mybb->input['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
1033              $query = $db->query("
1034                  SELECT u.*, f.*
1035                  FROM ".TABLE_PREFIX."users u
1036                  LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
1037                  WHERE u.uid='".$mybb->user['uid']."'
1038              ");
1039              $post = $db->fetch_array($query);
1040              $post['username'] = $username;
1041              if($mybb->user['uid'])
1042              {
1043                  $post['userusername'] = $mybb->user['username'];
1044              }
1045              $post['message'] = $previewmessage;
1046              $post['subject'] = $subject;
1047              $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
1048              $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
1049              if(isset($mybb->input['postoptions']['disablesmilies']))
1050              {
1051                  $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies'];
1052              }
1053              $post['dateline'] = TIME_NOW;
1054              if(isset($mybb->input['postoptions']['signature']))
1055              {
1056                  $post['includesig'] = $mybb->input['postoptions']['signature'];
1057              }
1058              if(!isset($post['includesig']) || $post['includesig'] != 1)
1059              {
1060                  $post['includesig'] = 0;
1061              }
1062  
1063              // Fetch attachments assigned to this post.
1064              if($mybb->get_input('pid', MyBB::INPUT_INT))
1065              {
1066                  $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'";
1067              }
1068              else
1069              {
1070                  $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
1071              }
1072  
1073              $query = $db->simple_select("attachments", "*", $attachwhere);
1074              while($attachment = $db->fetch_array($query))
1075              {
1076                  $attachcache[0][$attachment['aid']] = $attachment;
1077              }
1078  
1079              $postbit = build_postbit($post, 1);
1080              eval("\$preview = \"".$templates->get("previewpost")."\";");
1081          }
1082      }
1083  
1084      $subject = htmlspecialchars_uni($parser->parse_badwords($subject));
1085  
1086      $posthash = htmlspecialchars_uni($mybb->get_input('posthash'));
1087  
1088      // Do we have attachment errors?
1089      if(count($errors) > 0)
1090      {
1091          $reply_errors = inline_error($errors);
1092      }
1093  
1094      // Get a listing of the current attachments.
1095      if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0)
1096      {
1097          $attachcount = 0;
1098          if($pid)
1099          {
1100              $attachwhere = "pid='$pid'";
1101          }
1102          else
1103          {
1104              $attachwhere = "posthash='".$db->escape_string($posthash)."'";
1105          }
1106          $attachments = '';
1107          $query = $db->simple_select("attachments", "*", $attachwhere);
1108          while($attachment = $db->fetch_array($query))
1109          {
1110              $attachment['size'] = get_friendly_size($attachment['filesize']);
1111              $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
1112              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
1113  
1114              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
1115              {
1116                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
1117              }
1118  
1119              $attach_mod_options = '';
1120              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
1121  
1122              if($attachment['visible'] != 1)
1123              {
1124                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
1125              }
1126              else
1127              {
1128                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
1129              }
1130              $attachcount++;
1131          }
1132  
1133          $noshowattach = '';
1134          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
1135          $usage = $db->fetch_array($query);
1136  
1137          if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
1138          {
1139              $noshowattach = 1;
1140          }
1141  
1142          if($mybb->usergroup['attachquota'] == 0)
1143          {
1144              $friendlyquota = $lang->unlimited;
1145          }
1146          else
1147          {
1148              $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
1149          }
1150          $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota);
1151  
1152          $link_viewattachments = '';
1153          if($usage['ausage'] !== NULL)
1154          {
1155              $friendlyusage = get_friendly_size($usage['ausage']);
1156              $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage);
1157              eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";");
1158          }
1159          else
1160          {
1161              $lang->attach_usage = "";
1162          }
1163  
1164          $attach_add_options = '';
1165          if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach)
1166          {
1167              eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";");
1168          }
1169  
1170          $attach_update_options = '';
1171          if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0)
1172          {
1173              eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
1174          }
1175  
1176          if($attach_add_options || $attach_update_options)
1177          {
1178              eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
1179          }
1180  
1181          eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
1182      }
1183  
1184      // If the user is logged in, provide a save draft button.
1185      if($mybb->user['uid'])
1186      {
1187          eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
1188      }
1189  
1190      // Show captcha image for guests if enabled
1191      $captcha = '';
1192      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
1193      {
1194          $correct = false;
1195          require_once  MYBB_ROOT.'inc/class_captcha.php';
1196          $post_captcha = new captcha(false, "post_captcha");
1197  
1198          if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1)
1199          {
1200              // If previewing a post - check their current captcha input - if correct, hide the captcha input area
1201              // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits
1202              if($post_captcha->validate_captcha() == true)
1203              {
1204                  $correct = true;
1205  
1206                  // Generate a hidden list of items for our captcha
1207                  $captcha = $post_captcha->build_hidden_captcha();
1208              }
1209          }
1210  
1211          if(!$correct)
1212          {
1213              if($post_captcha->type == captcha::DEFAULT_CAPTCHA)
1214              {
1215                  $post_captcha->build_captcha();
1216              }
1217              elseif(in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3)))
1218              {
1219                  $post_captcha->build_recaptcha();
1220              }
1221              elseif(in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE)))
1222              {
1223                  $post_captcha->build_hcaptcha();
1224              }
1225          }
1226          else if($correct && (in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3))))
1227          {
1228              $post_captcha->build_recaptcha();
1229          }
1230          else if($correct && (in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE))))
1231          {
1232              $post_captcha->build_hcaptcha();
1233          }
1234  
1235          if($post_captcha->html)
1236          {
1237              $captcha = $post_captcha->html;
1238          }
1239      }
1240  
1241      $reviewmore = '';
1242      if($mybb->settings['threadreview'] != 0)
1243      {
1244          if(is_moderator($fid, "canviewunapprove") || $mybb->settings['showownunapproved'])
1245          {
1246              $visibility = "(visible='1' OR visible='0')";
1247          }
1248          else
1249          {
1250              $visibility = "visible='1'";
1251          }
1252          $query = $db->simple_select("posts", "COUNT(pid) AS post_count", "tid='{$tid}' AND {$visibility}");
1253          $numposts = $db->fetch_field($query, "post_count");
1254  
1255          if($numposts > $mybb->settings['postsperpage'])
1256          {
1257              $numposts = $mybb->settings['postsperpage'];
1258              $lang->thread_review_more = $lang->sprintf($lang->thread_review_more, $mybb->settings['postsperpage'], get_thread_link($tid));
1259              eval("\$reviewmore = \"".$templates->get("newreply_threadreview_more")."\";");
1260          }
1261  
1262          $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND {$visibility}", array("order_by" => "dateline DESC, pid DESC", "limit" => $mybb->settings['postsperpage']));
1263          while($post = $db->fetch_array($query))
1264          {
1265              $pidin[] = $post['pid'];
1266          }
1267  
1268          $pidin = implode(",", $pidin);
1269  
1270          // Fetch attachments
1271          $query = $db->simple_select("attachments", "*", "pid IN ($pidin)");
1272          while($attachment = $db->fetch_array($query))
1273          {
1274              $attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
1275          }
1276          $query = $db->query("
1277              SELECT p.*, u.username AS userusername
1278              FROM ".TABLE_PREFIX."posts p
1279              LEFT JOIN ".TABLE_PREFIX."users u ON (p.uid=u.uid)
1280              WHERE pid IN ($pidin)
1281              ORDER BY dateline DESC, pid DESC
1282          ");
1283          $postsdone = 0;
1284          $altbg = "trow1";
1285          $reviewbits = '';
1286          while($post = $db->fetch_array($query))
1287          {
1288              if($post['userusername'])
1289              {
1290                  $post['username'] = $post['userusername'];
1291              }
1292              $reviewpostdate = my_date('relative', $post['dateline']);
1293              $parser_options = array(
1294                  "allow_html" => $forum['allowhtml'],
1295                  "allow_mycode" => $forum['allowmycode'],
1296                  "allow_smilies" => $forum['allowsmilies'],
1297                  "allow_imgcode" => $forum['allowimgcode'],
1298                  "allow_videocode" => $forum['allowvideocode'],
1299                  "me_username" => $post['username'],
1300                  "filter_badwords" => 1
1301              );
1302              if($post['smilieoff'] == 1)
1303              {
1304                  $parser_options['allow_smilies'] = 0;
1305              }
1306  
1307              if($mybb->user['uid'] != 0 && $mybb->user['showimages'] != 1 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
1308              {
1309                  $parser_options['allow_imgcode'] = 0;
1310              }
1311  
1312              if($mybb->user['uid'] != 0 && $mybb->user['showvideos'] != 1 || $mybb->settings['guestvideos'] != 1 && $mybb->user['uid'] == 0)
1313              {
1314                  $parser_options['allow_videocode'] = 0;
1315              }
1316  
1317              $post['username'] = htmlspecialchars_uni($post['username']);
1318  
1319              if($post['visible'] != 1)
1320              {
1321                  $altbg = "trow_shaded";
1322              }
1323  
1324              $plugins->run_hooks("newreply_threadreview_post");
1325  
1326              $post['message'] = $parser->parse_message($post['message'], $parser_options);
1327              get_post_attachments($post['pid'], $post);
1328              $reviewmessage = $post['message'];
1329              eval("\$reviewbits .= \"".$templates->get("newreply_threadreview_post")."\";");
1330              if($altbg == "trow1")
1331              {
1332                  $altbg = "trow2";
1333              }
1334              else
1335              {
1336                  $altbg = "trow1";
1337              }
1338          }
1339          eval("\$threadreview = \"".$templates->get("newreply_threadreview")."\";");
1340      }
1341  
1342      // Hide signature option if no permission
1343      $signature = '';
1344      if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature'])
1345      {
1346          eval("\$signature = \"".$templates->get('newreply_signature')."\";");
1347      }
1348  
1349      // Can we disable smilies or are they disabled already?
1350      $disablesmilies = '';
1351      if($forum['allowsmilies'] != 0)
1352      {
1353          eval("\$disablesmilies = \"".$templates->get("newreply_disablesmilies")."\";");
1354      }
1355  
1356      $postoptions = '';
1357      if(!empty($signature) || !empty($disablesmilies))
1358      {
1359          eval("\$postoptions = \"".$templates->get("newreply_postoptions")."\";");
1360          $bgcolor = "trow2";
1361      }
1362      else
1363      {
1364          $bgcolor = "trow1";
1365      }
1366  
1367      $modoptions = '';
1368      // Show the moderator options.
1369      if(is_moderator($fid))
1370      {
1371          if($mybb->get_input('processed', MyBB::INPUT_INT))
1372          {
1373              $mybb->input['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
1374              if(!isset($mybb->input['modoptions']['closethread']))
1375              {
1376                  $mybb->input['modoptions']['closethread'] = 0;
1377              }
1378              $closed = (int)$mybb->input['modoptions']['closethread'];
1379              if(!isset($mybb->input['modoptions']['stickthread']))
1380              {
1381                  $mybb->input['modoptions']['stickthread'] = 0;
1382              }
1383              $stuck = (int)$mybb->input['modoptions']['stickthread'];
1384          }
1385          else
1386          {
1387              $closed = $thread['closed'];
1388              $stuck = $thread['sticky'];
1389          }
1390  
1391          if($closed)
1392          {
1393              $closecheck = ' checked="checked"';
1394          }
1395          else
1396          {
1397              $closecheck = '';
1398          }
1399  
1400          if($stuck)
1401          {
1402              $stickycheck = ' checked="checked"';
1403          }
1404          else
1405          {
1406              $stickycheck = '';
1407          }
1408  
1409          $closeoption = '';
1410          if(is_moderator($thread['fid'], "canopenclosethreads"))
1411          {
1412              eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";");
1413          }
1414  
1415          $stickoption = '';
1416          if(is_moderator($thread['fid'], "canstickunstickthreads"))
1417          {
1418              eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";");
1419          }
1420  
1421          if(!empty($closeoption) || !empty($stickoption))
1422          {
1423              eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";");
1424              $bgcolor = "trow1";
1425          }
1426          else
1427          {
1428              $bgcolor = "trow2";
1429          }
1430      }
1431      else
1432      {
1433          $bgcolor = "trow2";
1434      }
1435  
1436      // Fetch subscription select box
1437      eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
1438  
1439      $lang->post_reply_to = $lang->sprintf($lang->post_reply_to, $thread['subject']);
1440      $lang->reply_to = $lang->sprintf($lang->reply_to, $thread['subject']);
1441  
1442      // Do we have any forum rules to show for this forum?
1443      $forumrules = '';
1444      if($forum['rulestype'] >= 2 && $forum['rules'])
1445      {
1446          if(!$forum['rulestitle'])
1447          {
1448              $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']);
1449          }
1450  
1451          if(!$parser)
1452          {
1453              require_once  MYBB_ROOT.'inc/class_parser.php';
1454              $parser = new postParser;
1455          }
1456  
1457          $rules_parser = array(
1458              "allow_html" => 1,
1459              "allow_mycode" => 1,
1460              "allow_smilies" => 1,
1461              "allow_imgcode" => 1
1462          );
1463  
1464          $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser);
1465          $foruminfo = $forum;
1466  
1467          if($forum['rulestype'] == 3)
1468          {
1469              eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";");
1470          }
1471          else if($forum['rulestype'] == 2)
1472          {
1473              eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";");
1474          }
1475      }
1476  
1477      $moderation_notice = '';
1478      if(!is_moderator($forum['fid'], "canapproveunapproveattachs"))
1479      {
1480          if($forumpermissions['modattachments'] == 1  && $forumpermissions['canpostattachments'] != 0)
1481          {
1482              $moderation_text = $lang->moderation_forum_attachments;
1483              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1484          }
1485      }
1486      if(!is_moderator($forum['fid'], "canapproveunapproveposts"))
1487      {
1488          if($forumpermissions['modposts'] == 1)
1489          {
1490              $moderation_text = $lang->moderation_forum_posts;
1491              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1492          }
1493  
1494          if($mybb->user['moderateposts'] == 1)
1495          {
1496              $moderation_text = $lang->moderation_user_posts;
1497              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1498          }
1499      }
1500  
1501      $php_max_upload_size = get_php_upload_limit();
1502      $php_max_file_uploads = (int)ini_get('max_file_uploads');
1503      eval("\$post_javascript = \"".$templates->get("post_javascript")."\";");
1504  
1505      $plugins->run_hooks("newreply_end");
1506  
1507      $forum['name'] = strip_tags($forum['name']);
1508  
1509      eval("\$newreply = \"".$templates->get("newreply")."\";");
1510      output_page($newreply);
1511  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref