[ Index ]

PHP Cross Reference of MyBB 1.8.36

title

Body

[close]

/ -> newreply.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'newreply.php');
  13  
  14  $templatelist = "newreply,previewpost,loginbox,changeuserbox,posticons,newreply_threadreview,newreply_threadreview_post,forumdisplay_rules_link,newreply_multiquote_external,post_attachments_add,post_subscription_method";
  15  $templatelist .= ",codebuttons,post_attachments_new,post_attachments,post_savedraftbutton,newreply_modoptions,newreply_threadreview_more,postbit_online,postbit_pm,newreply_disablesmilies_hidden,post_attachments_update";
  16  $templatelist .= ",postbit_warninglevel,postbit_author_user,postbit_edit,postbit_quickdelete,postbit_inlinecheck,postbit_posturl,postbit_quote,postbit_multiquote,newreply_modoptions_close,newreply_modoptions_stick";
  17  $templatelist .= ",post_attachments_attachment_postinsert,post_attachments_attachment_remove,post_attachments_attachment_unapproved,post_attachments_attachment,post_attachments_viewlink,postbit_attachments_attachment,newreply_signature";
  18  $templatelist .= ",post_captcha_recaptcha_invisible,post_captcha_hidden,post_captcha,post_captcha_nocaptcha,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_javascript,postbit_groupimage,postbit_attachments,newreply_postoptions";
  19  $templatelist .= ",postbit_rep_button,postbit_author_guest,postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnailpostbit_attachments_images_image,postbit_attachments_attachment_unapproved";
  20  $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_gotopost,forumdisplay_password_wrongpass,forumdisplay_password,posticons_icon,attachment_icon,postbit_reputation_formatted_link";
  21  $templatelist .= ",global_moderation_notice,newreply_disablesmilies,postbit_userstar,newreply_draftinput,postbit_avatar,forumdisplay_rules,postbit_offline,postbit_find,postbit_warninglevel_formatted,postbit_ignored";
  22  $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,postbit_reputation,postbit_www,postbit_away,postbit_icon,postbit_email,postbit_report,postbit,postbit_warn";
  23  
  24  require_once  "./global.php";
  25  require_once  MYBB_ROOT."inc/functions_post.php";
  26  require_once  MYBB_ROOT."inc/functions_user.php";
  27  require_once  MYBB_ROOT."inc/functions_upload.php";
  28  require_once  MYBB_ROOT."inc/class_parser.php";
  29  $parser = new postParser;
  30  
  31  // Load global language phrases
  32  $lang->load("newreply");
  33  
  34  // Get the pid and tid and replyto from the input.
  35  $tid = $mybb->get_input('tid', MyBB::INPUT_INT);
  36  $replyto = $mybb->get_input('replyto', MyBB::INPUT_INT);
  37  
  38  // AJAX quick reply?
  39  if(!empty($mybb->input['ajax']))
  40  {
  41      unset($mybb->input['previewpost']);
  42  }
  43  
  44  // Edit a draft post.
  45  $pid = 0;
  46  $editdraftpid = '';
  47  $mybb->input['action'] = $mybb->get_input('action');
  48  if(($mybb->input['action'] == "editdraft" || $mybb->input['action'] == "do_newreply") && $mybb->get_input('pid', MyBB::INPUT_INT))
  49  {
  50      $pid = $mybb->get_input('pid', MyBB::INPUT_INT);
  51      $post = get_post($pid);
  52      if(!$post)
  53      {
  54          error($lang->error_invalidpost);
  55      }
  56      else if($mybb->user['uid'] != $post['uid'])
  57      {
  58          error($lang->error_post_noperms);
  59      }
  60      $pid = (int)$post['pid'];
  61      $tid = (int)$post['tid'];
  62      eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
  63  }
  64  
  65  // Set up $thread and $forum for later use.
  66  $thread = get_thread($tid);
  67  if(!$thread)
  68  {
  69      error($lang->error_invalidthread);
  70  }
  71  $fid = (int)$thread['fid'];
  72  
  73  // Get forum info
  74  $forum = get_forum($fid);
  75  if(!$forum)
  76  {
  77      error($lang->error_invalidforum);
  78  }
  79  
  80  // Make navigation
  81  build_forum_breadcrumb($fid);
  82  $thread_subject = $thread['subject'];
  83  $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
  84  add_breadcrumb($thread['subject'], get_thread_link($thread['tid']));
  85  add_breadcrumb($lang->nav_newreply);
  86  
  87  $forumpermissions = forum_permissions($fid);
  88  
  89  // See if everything is valid up to here.
  90  if(isset($post) && (($post['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || ($post['visible'] < 0 && $post['uid'] != $mybb->user['uid'])))
  91  {
  92      if($post['visible'] == 0 && !($mybb->settings['showownunapproved'] && $post['uid'] == $mybb->user['uid']))
  93      {
  94          error($lang->error_invalidpost);
  95      }
  96  }
  97  if(($thread['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || $thread['visible'] < 0)
  98  {
  99      if($thread['visible'] == 0 && !($mybb->settings['showownunapproved'] && $thread['uid'] == $mybb->user['uid']))
 100      {
 101          error($lang->error_invalidthread);
 102      }
 103  }
 104  if($forum['open'] == 0 || $forum['type'] != "f")
 105  {
 106      error($lang->error_closedinvalidforum);
 107  }
 108  if($forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0)
 109  {
 110      error_no_permission();
 111  }
 112  
 113  if($mybb->user['suspendposting'] == 1)
 114  {
 115      $suspendedpostingtype = $lang->error_suspendedposting_permanent;
 116      if($mybb->user['suspensiontime'])
 117      {
 118          $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime']));
 119      }
 120  
 121      $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime']));
 122  
 123      error($lang->error_suspendedposting);
 124  }
 125  
 126  if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'])
 127  {
 128      error_no_permission();
 129  }
 130  
 131  if(isset($forumpermissions['canonlyreplyownthreads']) && $forumpermissions['canonlyreplyownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'])
 132  {
 133      error_no_permission();
 134  }
 135  
 136  // Coming from quick reply and not a preview call? Set subscription method
 137  if($mybb->get_input('method') == "quickreply" && !isset($mybb->input['previewpost']))
 138  {
 139      $mybb->input['postoptions']['subscriptionmethod'] = get_subscription_method($mybb->get_input('tid', MyBB::INPUT_INT));
 140  }
 141  
 142  // Check if this forum is password protected and we have a valid password
 143  check_forum_password($forum['fid']);
 144  
 145  if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 146  {
 147      $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']);
 148      if($forum['allowsmilies'] != 0)
 149      {
 150          $smilieinserter = build_clickable_smilies();
 151      }
 152  }
 153  
 154  // Display a login box or change user box?
 155  if($mybb->user['uid'] != 0)
 156  {
 157      $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
 158      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
 159  }
 160  else
 161  {
 162      if(empty($mybb->input['previewpost']) && $mybb->input['action'] != "do_newreply")
 163      {
 164          $username = '';
 165      }
 166      else
 167      {
 168          $username = htmlspecialchars_uni($mybb->get_input('username'));
 169      }
 170      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
 171  }
 172  
 173  // Check to see if the thread is closed, and if the user is a mod.
 174  if(!is_moderator($fid, "canpostclosedthreads"))
 175  {
 176      if($thread['closed'] == 1)
 177      {
 178          error($lang->redirect_threadclosed);
 179      }
 180  }
 181  
 182  // No weird actions allowed, show new reply form if no regular action.
 183  if($mybb->input['action'] != "do_newreply" && $mybb->input['action'] != "editdraft")
 184  {
 185      $mybb->input['action'] = "newreply";
 186  }
 187  
 188  // Even if we are previewing, still show the new reply form.
 189  if(!empty($mybb->input['previewpost']))
 190  {
 191      $mybb->input['action'] = "newreply";
 192  }
 193  
 194  // Setup a unique posthash for attachment management
 195  if(!$mybb->get_input('posthash') && !$pid)
 196  {
 197      $mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].random_str());
 198  }
 199  
 200  if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1)
 201  {
 202      error($lang->error_empty_post_input);
 203  }
 204  
 205  $errors = array();
 206  $maximageserror = $attacherror = '';
 207  if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_newreply" && $mybb->get_input('submit')) || ($mybb->input['action'] == "newreply" && isset($mybb->input['previewpost'])) || isset($mybb->input['savedraft'])) && !empty($_FILES['attachments']))))
 208  {
 209      // Verify incoming POST request
 210      verify_post_check($mybb->get_input('my_post_key'));
 211  
 212      if($pid)
 213      {
 214          $attachwhere = "pid='{$pid}'";
 215      }
 216      else
 217      {
 218          $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 219      }
 220  
 221      $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newreply");
 222  
 223      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 224      {
 225          if(isset($ret['success']))
 226          {
 227              $attachment = array('aid'=>'{1}', 'icon'=>'{2}', 'filename'=>'{3}', 'size'=>'{4}');
 228              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 229              {
 230                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
 231              }
 232              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
 233              $attach_mod_options = '';
 234              eval("\$attemplate = \"".$templates->get("post_attachments_attachment")."\";");
 235              $ret['template'] = $attemplate;
 236  
 237              $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 238              $usage = $db->fetch_array($query);
 239              $ret['usage'] = get_friendly_size($usage['ausage']);
 240          }
 241          
 242          header("Content-type: application/json; charset={$lang->settings['charset']}");
 243          echo json_encode($ret);
 244          exit();
 245      }
 246  
 247      if(!empty($ret['errors']))
 248      {
 249          $errors = $ret['errors'];
 250      }
 251  
 252      // If we were dealing with an attachment but didn't click 'Post Reply' or 'Save as Draft', force the new reply page again.
 253      if(!$mybb->get_input('submit') && !$mybb->get_input('savedraft'))
 254      {
 255          eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
 256          $mybb->input['action'] = "newreply";
 257      }
 258  }
 259  
 260  detect_attachmentact();
 261  
 262  // Remove an attachment.
 263  if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove")
 264  {
 265      // Verify incoming POST request
 266      verify_post_check($mybb->get_input('my_post_key'));
 267  
 268      remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT));
 269  
 270      if(!$mybb->get_input('submit'))
 271      {
 272          eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
 273          $mybb->input['action'] = "newreply";
 274      }
 275  
 276      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 277      {
 278          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 279          $usage = $db->fetch_array($query);
 280  
 281          header("Content-type: application/json; charset={$lang->settings['charset']}");
 282          echo json_encode(array("success" => true, "usage" => get_friendly_size($usage['ausage'])));
 283          exit();
 284      }
 285  }
 286  
 287  $reply_errors = $quoted_ids = '';
 288  $hide_captcha = false;
 289  
 290  // Check the maximum posts per day for this user
 291  if($mybb->usergroup['maxposts'] > 0)
 292  {
 293      $daycut = TIME_NOW-60*60*24;
 294      $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible !='-1' AND dateline>{$daycut}");
 295      $post_count = $db->fetch_field($query, "posts_today");
 296      if($post_count >= $mybb->usergroup['maxposts'])
 297      {
 298          $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']);
 299          error($lang->error_maxposts);
 300      }
 301  }
 302  
 303  if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
 304  {
 305      $mybb->settings['postsperpage'] = 20;
 306  }
 307  
 308  if($mybb->input['action'] == "do_newreply" && $mybb->request_method == "post")
 309  {
 310      // Verify incoming POST request
 311      verify_post_check($mybb->get_input('my_post_key'));
 312  
 313      $plugins->run_hooks("newreply_do_newreply_start");
 314  
 315      // If this isn't a logged in user, then we need to do some special validation.
 316      if($mybb->user['uid'] == 0)
 317      {
 318          // If they didn't specify a username leave blank so $lang->guest can be used on output
 319          if(!$mybb->get_input('username'))
 320          {
 321              $username = '';
 322          }
 323          // Otherwise use the name they specified.
 324          else
 325          {
 326              $username = $mybb->get_input('username');
 327          }
 328          $uid = 0;
 329  
 330  
 331          if($mybb->settings['stopforumspam_on_newreply'])
 332          {
 333              require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 334  
 335              $stop_forum_spam_checker = new StopForumSpamChecker(
 336                  $plugins,
 337                  $mybb->settings['stopforumspam_min_weighting_before_spam'],
 338                  $mybb->settings['stopforumspam_check_usernames'],
 339                  $mybb->settings['stopforumspam_check_emails'],
 340                  $mybb->settings['stopforumspam_check_ips'],
 341                  $mybb->settings['stopforumspam_log_blocks']
 342              );
 343  
 344              try {
 345                  if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip()))
 346                  {
 347                      error($lang->sprintf($lang->error_stop_forum_spam_spammer,
 348                          $stop_forum_spam_checker->getErrorText(array(
 349                              'stopforumspam_check_usernames',
 350                              'stopforumspam_check_ips'
 351                              ))));
 352                  }
 353              }
 354              catch (Exception $e)
 355              {
 356                  if($mybb->settings['stopforumspam_block_on_error'])
 357                  {
 358                      error($lang->error_stop_forum_spam_fetching);
 359                  }
 360              }
 361          }
 362      }
 363      // This user is logged in.
 364      else
 365      {
 366          $username = $mybb->user['username'];
 367          $uid = $mybb->user['uid'];
 368      }
 369  
 370      // Attempt to see if this post is a duplicate or not
 371      if($uid > 0)
 372      {
 373          $user_check = "p.uid='{$uid}'";
 374      }
 375      else
 376      {
 377          $user_check = "p.ipaddress=".$db->escape_binary($session->packedip);
 378      }
 379      if(!$mybb->get_input('savedraft'))
 380      {
 381          $query = $db->simple_select("posts p", "p.pid, p.visible", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.visible > -1 AND p.dateline>".(TIME_NOW-600));
 382          if($db->num_rows($query) > 0)
 383          {
 384              error($lang->error_post_already_submitted);
 385          }
 386      }
 387  
 388      // Set up posthandler.
 389      require_once  MYBB_ROOT."inc/datahandlers/post.php";
 390      $posthandler = new PostDataHandler("insert");
 391  
 392      // Set the post data that came from the input to the $post array.
 393      $post = array(
 394          "tid" => $mybb->get_input('tid', MyBB::INPUT_INT),
 395          "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT),
 396          "fid" => $thread['fid'],
 397          "subject" => $mybb->get_input('subject'),
 398          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 399          "uid" => $uid,
 400          "username" => $username,
 401          "message" => $mybb->get_input('message'),
 402          "ipaddress" => $session->packedip,
 403          "posthash" => $mybb->get_input('posthash')
 404      );
 405  
 406      if(isset($mybb->input['pid']))
 407      {
 408          $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
 409      }
 410  
 411      // Are we saving a draft post?
 412      if($mybb->get_input('savedraft') && $mybb->user['uid'])
 413      {
 414          $post['savedraft'] = 1;
 415      }
 416      else
 417      {
 418          $post['savedraft'] = 0;
 419      }
 420  
 421      $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 422      if(!isset($postoptions['signature']))
 423      {
 424          $postoptions['signature'] = 0;
 425      }
 426      if(!isset($postoptions['subscriptionmethod']))
 427      {
 428          $postoptions['subscriptionmethod'] = 0;
 429      }
 430      if(!isset($postoptions['disablesmilies']))
 431      {
 432          $postoptions['disablesmilies'] = 0;
 433      }
 434  
 435      // Set up the post options from the input.
 436      $post['options'] = array(
 437          "signature" => $postoptions['signature'],
 438          "subscriptionmethod" => $postoptions['subscriptionmethod'],
 439          "disablesmilies" => $postoptions['disablesmilies']
 440      );
 441  
 442      // Apply moderation options if we have them
 443      $post['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 444  
 445      $posthandler->set_data($post);
 446  
 447      // Now let the post handler do all the hard work.
 448      $valid_post = $posthandler->validate_post();
 449  
 450      $post_errors = array();
 451      // Fetch friendly error messages if this is an invalid post
 452      if(!$valid_post)
 453      {
 454          $post_errors = $posthandler->get_friendly_errors();
 455      }
 456  
 457      // Mark thread as read
 458      require_once  MYBB_ROOT."inc/functions_indicators.php";
 459      mark_thread_read($tid, $fid);
 460  
 461      $json_data = '';
 462  
 463      // Check captcha image
 464      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 465      {
 466          require_once  MYBB_ROOT.'inc/class_captcha.php';
 467          $post_captcha = new captcha(false, "post_captcha");
 468  
 469          if($post_captcha->validate_captcha() == false)
 470          {
 471              // CAPTCHA validation failed
 472              foreach($post_captcha->get_errors() as $error)
 473              {
 474                  $post_errors[] = $error;
 475              }
 476          }
 477          else
 478          {
 479              $hide_captcha = true;
 480          }
 481  
 482          if($mybb->get_input('ajax', MyBB::INPUT_INT) && $post_captcha->type == 1)
 483          {
 484              $randomstr = random_str(5);
 485              $imagehash = md5(random_str(12));
 486  
 487              $imagearray = array(
 488                  "imagehash" => $imagehash,
 489                  "imagestring" => $randomstr,
 490                  "dateline" => TIME_NOW
 491              );
 492  
 493              $db->insert_query("captcha", $imagearray);
 494  
 495              //header("Content-type: text/html; charset={$lang->settings['charset']}");
 496              $data = '';
 497              $data .= "<captcha>$imagehash";
 498  
 499              if($hide_captcha)
 500              {
 501                  $data .= "|$randomstr";
 502              }
 503  
 504              $data .= "</captcha>";
 505  
 506              //header("Content-type: application/json; charset={$lang->settings['charset']}");
 507              $json_data = array("data" => $data);
 508          }
 509      }
 510  
 511      // One or more errors returned, fetch error list and throw to newreply page
 512      if(count($post_errors) > 0)
 513      {
 514          $reply_errors = inline_error($post_errors, '', $json_data);
 515          $mybb->input['action'] = "newreply";
 516      }
 517      else
 518      {
 519          $postinfo = $posthandler->insert_post();
 520          $pid = $postinfo['pid'];
 521          $visible = $postinfo['visible'];
 522  
 523          if(isset($postinfo['closed']))
 524          {
 525              $closed = $postinfo['closed'];
 526          }
 527          else
 528          {
 529              $closed = '';
 530          }
 531  
 532          // Invalidate solved captcha
 533          if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 534          {
 535              $post_captcha->invalidate_captcha();
 536          }
 537  
 538          $force_redirect = false;
 539  
 540          // Deciding the fate
 541          if($visible == -2)
 542          {
 543              // Draft post
 544              $lang->redirect_newreply = $lang->draft_saved;
 545              $url = "usercp.php?action=drafts";
 546          }
 547          elseif($visible == 1)
 548          {
 549              // Visible post
 550              $lang->redirect_newreply .= $lang->redirect_newreply_post;
 551              $url = get_post_link($pid, $tid)."#pid{$pid}";
 552          }
 553          else
 554          {
 555              // Moderated post
 556              $lang->redirect_newreply .= '<br />'.$lang->redirect_newreply_moderation;
 557              $url = get_thread_link($tid);
 558  
 559              // User must see moderation notice, regardless of redirect settings
 560              $force_redirect = true;
 561          }
 562  
 563          // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected
 564          if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 565          {
 566              // We quoted all posts - remove the entire cookie
 567              if($mybb->get_input('quoted_ids') == "all")
 568              {
 569                  my_unsetcookie("multiquote");
 570              }
 571              // Only quoted a few - attempt to remove them from the cookie
 572              else
 573              {
 574                  $quoted_ids = explode("|", $mybb->get_input('quoted_ids'));
 575                  $multiquote = explode("|", $mybb->cookies['multiquote']);
 576                  if(is_array($multiquote) && is_array($quoted_ids))
 577                  {
 578                      foreach($multiquote as $key => $quoteid)
 579                      {
 580                          // If this ID was quoted, remove it from the multiquote list
 581                          if(in_array($quoteid, $quoted_ids))
 582                          {
 583                              unset($multiquote[$key]);
 584                          }
 585                      }
 586                      // Still have an array - set the new cookie
 587                      if(is_array($multiquote))
 588                      {
 589                          $new_multiquote = implode(",", $multiquote);
 590                          my_setcookie("multiquote", $new_multiquote);
 591                      }
 592                      // Otherwise, unset it
 593                      else
 594                      {
 595                          my_unsetcookie("multiquote");
 596                      }
 597                  }
 598              }
 599          }
 600  
 601          $plugins->run_hooks("newreply_do_newreply_end");
 602  
 603          // This was a post made via the ajax quick reply - we need to do some special things here
 604          if($mybb->get_input('ajax', MyBB::INPUT_INT))
 605          {
 606              // Visible post
 607              if($visible == 1)
 608              {
 609                  // Set post counter
 610                  $postcounter = $thread['replies'] + 1;
 611  
 612                  if(is_moderator($fid, "canviewunapprove"))
 613                  {
 614                      $postcounter += $thread['unapprovedposts'];
 615                  }
 616                  if(is_moderator($fid, "canviewdeleted"))
 617                  {
 618                      $postcounter += $thread['deletedposts'];
 619                  }
 620  
 621                  // Was there a new post since we hit the quick reply button?
 622                  if($mybb->get_input('lastpid', MyBB::INPUT_INT))
 623                  {
 624                      $query = $db->simple_select("posts", "pid", "tid = '{$tid}' AND pid != '{$pid}'", array("order_by" => "pid", "order_dir" => "desc"));
 625                      $new_post = $db->fetch_array($query);
 626                      if($new_post['pid'] != $mybb->get_input('lastpid', MyBB::INPUT_INT))
 627                      {
 628                          redirect(get_thread_link($tid, 0, "lastpost"));
 629                      }
 630                  }
 631  
 632                  // Lets see if this post is on the same page as the one we're viewing or not
 633                  // if it isn't, redirect us
 634                  if($mybb->settings['postsperpage'] > 0)
 635                  {
 636                      $post_page = ceil(($postcounter + 1) / $mybb->settings['postsperpage']);
 637                  }
 638                  else
 639                  {
 640                      $post_page = 1;
 641                  }
 642  
 643                  if($post_page > $mybb->get_input('from_page', MyBB::INPUT_INT))
 644                  {
 645                      redirect(get_thread_link($tid, 0, "lastpost"));
 646                      exit;
 647                  }
 648  
 649                  // Return the post HTML and display it inline
 650                  $query = $db->query("
 651                      SELECT u.*, u.username AS userusername, p.*, f.*, eu.username AS editusername
 652                      FROM ".TABLE_PREFIX."posts p
 653                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 654                      LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 655                      LEFT JOIN ".TABLE_PREFIX."users eu ON (eu.uid=p.edituid)
 656                      WHERE p.pid='{$pid}'
 657                  ");
 658                  $post = $db->fetch_array($query);
 659  
 660                  // Now lets fetch all of the attachments for this post
 661                  $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
 662                  while($attachment = $db->fetch_array($query))
 663                  {
 664                      $attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
 665                  }
 666  
 667                  // Establish altbg - may seem like this is backwards, but build_postbit reverses it
 668                  if(($postcounter - $mybb->settings['postsperpage']) % 2 != 0)
 669                  {
 670                      $altbg = "trow1";
 671                  }
 672                  else
 673                  {
 674                      $altbg = "trow2";
 675                  }
 676  
 677                  $charset = "UTF-8";
 678                  if($lang->settings['charset'])
 679                  {
 680                      $charset = $lang->settings['charset'];
 681                  }
 682  
 683                  require_once  MYBB_ROOT."inc/functions_post.php";
 684                  $pid = $post['pid'];
 685                  $post = build_postbit($post);
 686  
 687                  $data = '';
 688                  $data .= $post;
 689  
 690                  // Build a new posthash incase the user wishes to quick reply again
 691                  $new_posthash = md5($mybb->user['uid'].random_str());
 692                  $data .= "<script type=\"text/javascript\">\n";
 693                  $data .= "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n";
 694                  $data .= "if(typeof(inlineModeration) != 'undefined') {
 695                      $('#inlinemod_{$pid}').on(\"click\", function(e) {
 696                          inlineModeration.checkItem();
 697                      });
 698                  }\n";
 699  
 700                  if($closed == 1)
 701                  {
 702                      $data .= "$('#quick_reply_form .trow1').removeClass('trow1 trow2').addClass('trow_shaded');\n";
 703                  }
 704                  else
 705                  {
 706                      $data .= "$('#quick_reply_form .trow_shaded').removeClass('trow_shaded').addClass('trow1');\n";
 707                  }
 708  
 709                  $data .= "</script>\n";
 710  
 711                  header("Content-type: application/json; charset={$lang->settings['charset']}");
 712                  echo json_encode(array("data" => $data));
 713  
 714                  exit;
 715              }
 716              // Post is in the moderation queue
 717              else
 718              {
 719                  redirect(get_thread_link($tid, 0, "lastpost"), $lang->redirect_newreply_moderation, "", true);
 720                  exit;
 721              }
 722          }
 723          else
 724          {
 725              $lang->redirect_newreply .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid));
 726              redirect($url, $lang->redirect_newreply, "", $force_redirect);
 727              exit;
 728          }
 729      }
 730  }
 731  
 732  // Show the newreply form.
 733  if($mybb->input['action'] == "newreply" || $mybb->input['action'] == "editdraft")
 734  {
 735      $plugins->run_hooks("newreply_start");
 736  
 737      $quote_ids = $multiquote_external = '';
 738      // If this isn't a preview and we're not editing a draft, then handle quoted posts
 739      if(empty($mybb->input['previewpost']) && !$reply_errors && $mybb->input['action'] != "editdraft" && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && !$mybb->get_input('newattachment') && !$mybb->get_input('updateattachment'))
 740      {
 741          $message = '';
 742          $quoted_posts = array();
 743          // Handle multiquote
 744          if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 745          {
 746              $multiquoted = explode("|", $mybb->cookies['multiquote']);
 747              foreach($multiquoted as $post)
 748              {
 749                  $quoted_posts[$post] = (int)$post;
 750              }
 751          }
 752          // Handle incoming 'quote' button
 753          if($replyto)
 754          {
 755              $quoted_posts[$replyto] = $replyto;
 756          }
 757  
 758          // Quoting more than one post - fetch them
 759          if(count($quoted_posts) > 0)
 760          {
 761              $external_quotes = 0;
 762              $quoted_posts = implode(",", $quoted_posts);
 763              $quoted_ids = array();
 764              $unviewable_forums = get_unviewable_forums();
 765              $inactiveforums = get_inactive_forums();
 766              if($unviewable_forums)
 767              {
 768                  $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})";
 769              }
 770              if($inactiveforums)
 771              {
 772                  $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})";
 773              }
 774  
 775              // Check group permissions if we can't view threads not started by us
 776              $group_permissions = forum_permissions();
 777              $onlyusfids = array();
 778              $onlyusforums = '';
 779              foreach($group_permissions as $gpfid => $forum_permissions)
 780              {
 781                  if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 782                  {
 783                      $onlyusfids[] = $gpfid;
 784                  }
 785              }
 786              if(!empty($onlyusfids))
 787              {
 788                  $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 789              }
 790  
 791              if(is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted'))
 792              {
 793                  $visible_where = "AND p.visible IN (-1,0,1)";
 794              }
 795              elseif(is_moderator($fid, 'canviewunapprove') && !is_moderator($fid, 'canviewdeleted'))
 796              {
 797                  $visible_where = "AND p.visible IN (0,1)";
 798              }
 799              elseif(!is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted'))
 800              {
 801                  $visible_where = "AND p.visible IN (-1,1)";
 802              }
 803              else
 804              {
 805                  $visible_where = "AND p.visible=1";
 806              }
 807  
 808              require_once  MYBB_ROOT."inc/functions_posting.php";
 809              $query = $db->query("
 810                  SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername
 811                  FROM ".TABLE_PREFIX."posts p
 812                  LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 813                  LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 814                  WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 815              ");
 816              $load_all = $mybb->get_input('load_all_quotes', MyBB::INPUT_INT);
 817              while($quoted_post = $db->fetch_array($query))
 818              {
 819                  // Only show messages for the current thread
 820                  if($quoted_post['tid'] == $tid || $load_all == 1)
 821                  {
 822                      // If this post was the post for which a quote button was clicked, set the subject
 823                      if($replyto == $quoted_post['pid'])
 824                      {
 825                          $subject = preg_replace('#^RE:\s?#i', '', $quoted_post['subject']);
 826                          // Subject too long? Shorten it to avoid error message
 827                          if(my_strlen($subject) > 85)
 828                          {
 829                              $subject = my_substr($subject, 0, 82).'...';
 830                          }
 831                          $subject = "RE: ".$subject;
 832                      }
 833                      $message .= parse_quoted_message($quoted_post);
 834                      $quoted_ids[] = $quoted_post['pid'];
 835                  }
 836                  // Count the rest
 837                  else
 838                  {
 839                      ++$external_quotes;
 840                  }
 841              }
 842              if($mybb->settings['maxquotedepth'] != '0')
 843              {
 844                  $message = remove_message_quotes($message);
 845              }
 846              if($external_quotes > 0)
 847              {
 848                  if($external_quotes == 1)
 849                  {
 850                      $multiquote_text = $lang->multiquote_external_one;
 851                      $multiquote_deselect = $lang->multiquote_external_one_deselect;
 852                      $multiquote_quote = $lang->multiquote_external_one_quote;
 853                  }
 854                  else
 855                  {
 856                      $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes);
 857                      $multiquote_deselect = $lang->multiquote_external_deselect;
 858                      $multiquote_quote = $lang->multiquote_external_quote;
 859                  }
 860                  eval("\$multiquote_external = \"".$templates->get("newreply_multiquote_external")."\";");
 861              }
 862              if(is_array($quoted_ids) && count($quoted_ids) > 0)
 863              {
 864                  $quoted_ids = implode("|", $quoted_ids);
 865              }
 866          }
 867      }
 868  
 869      if(isset($mybb->input['quoted_ids']))
 870      {
 871          $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids', MyBB::INPUT_INT));
 872      }
 873  
 874      if(isset($mybb->input['previewpost']))
 875      {
 876          $previewmessage = $mybb->get_input('message');
 877      }
 878      if(empty($message))
 879      {
 880          $message = $mybb->get_input('message');
 881      }
 882      $message = htmlspecialchars_uni($message);
 883  
 884      $postoptionschecked = array('signature' => '', 'disablesmilies' => '');
 885      $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = '';
 886  
 887      // Set up the post options.
 888      if(!empty($mybb->input['previewpost']) || $reply_errors != '')
 889      {
 890          $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 891  
 892          if(isset($postoptions['signature']) && $postoptions['signature'] == 1)
 893          {
 894              $postoptionschecked['signature'] = " checked=\"checked\"";
 895          }
 896          if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1)
 897          {
 898              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 899          }
 900          $subscription_method = get_subscription_method($tid, $postoptions);
 901          $subject = $mybb->input['subject'];
 902      }
 903      elseif($mybb->input['action'] == "editdraft" && $mybb->user['uid'])
 904      {
 905          $message = htmlspecialchars_uni($post['message']);
 906          $subject = $post['subject'];
 907          if($post['includesig'] != 0)
 908          {
 909              $postoptionschecked['signature'] = " checked=\"checked\"";
 910          }
 911          if($post['smilieoff'] == 1)
 912          {
 913              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 914          }
 915          $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts
 916          $mybb->input['icon'] = $post['icon'];
 917      }
 918      else
 919      {
 920          if($mybb->user['signature'] != '')
 921          {
 922              $postoptionschecked['signature'] = " checked=\"checked\"";
 923          }
 924          $subscription_method = get_subscription_method($tid);
 925      }
 926      ${$subscription_method.'subscribe'} = "checked=\"checked\" ";
 927  
 928      if($forum['allowpicons'] != 0)
 929      {
 930          $posticons = get_post_icons();
 931      }
 932  
 933      // No subject?
 934      if(!isset($subject))
 935      {
 936          if(!empty($mybb->input['subject']))
 937          {
 938              $subject = $mybb->get_input('subject');
 939          }
 940          else
 941          {
 942              $subject = $thread_subject;
 943              // Subject too long? Shorten it to avoid error message
 944              if(my_strlen($subject) > 85)
 945              {
 946                  $subject = my_substr($subject, 0, 82).'...';
 947              }
 948              $subject = "RE: ".$subject;
 949          }
 950      }
 951  
 952      // Preview a post that was written.
 953      $preview = '';
 954      if(!empty($mybb->input['previewpost']))
 955      {
 956          // If this isn't a logged in user, then we need to do some special validation.
 957          if($mybb->user['uid'] == 0)
 958          {
 959              // If they didn't specify a username leave blank so $lang->guest can be used on output
 960              if(!$mybb->get_input('username'))
 961              {
 962                  $username = '';
 963              }
 964              // Otherwise use the name they specified.
 965              else
 966              {
 967                  $username = $mybb->get_input('username');
 968              }
 969              $uid = 0;
 970          }
 971          // This user is logged in.
 972          else
 973          {
 974              $username = $mybb->user['username'];
 975              $uid = $mybb->user['uid'];
 976          }
 977  
 978          // Set up posthandler.
 979          require_once  MYBB_ROOT."inc/datahandlers/post.php";
 980          $posthandler = new PostDataHandler("insert");
 981          $posthandler->action = "post";
 982  
 983          // Set the post data that came from the input to the $post array.
 984          $post = array(
 985              "tid" => $mybb->get_input('tid', MyBB::INPUT_INT),
 986              "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT),
 987              "fid" => $thread['fid'],
 988              "subject" => $mybb->get_input('subject'),
 989              "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 990              "uid" => $uid,
 991              "username" => $username,
 992              "message" => $mybb->get_input('message'),
 993              "ipaddress" => $session->packedip,
 994              "posthash" => $mybb->get_input('posthash')
 995          );
 996  
 997          if(isset($mybb->input['pid']))
 998          {
 999              $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
1000          }
1001  
1002          $posthandler->set_data($post);
1003  
1004          // Now let the post handler do all the hard work.
1005          $valid_post = $posthandler->verify_message();
1006          $valid_subject = $posthandler->verify_subject();
1007  
1008          // guest post --> verify author
1009          if($post['uid'] == 0)
1010          {
1011              $valid_username = $posthandler->verify_author();
1012          }
1013          else
1014          {
1015              $valid_username = true;
1016          }
1017  
1018          $post_errors = array();
1019          // Fetch friendly error messages if this is an invalid post
1020          if(!$valid_post || !$valid_subject || !$valid_username)
1021          {
1022              $post_errors = $posthandler->get_friendly_errors();
1023          }
1024  
1025          // One or more errors returned, fetch error list and throw to newreply page
1026          if(count($post_errors) > 0)
1027          {
1028              $reply_errors = inline_error($post_errors);
1029          }
1030          else
1031          {
1032              $quote_ids = htmlspecialchars_uni($mybb->get_input('quote_ids'));
1033              $mybb->input['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
1034              $query = $db->query("
1035                  SELECT u.*, f.*
1036                  FROM ".TABLE_PREFIX."users u
1037                  LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
1038                  WHERE u.uid='".$mybb->user['uid']."'
1039              ");
1040              $post = $db->fetch_array($query);
1041              $post['username'] = $username;
1042              if($mybb->user['uid'])
1043              {
1044                  $post['userusername'] = $mybb->user['username'];
1045              }
1046              $post['message'] = $previewmessage;
1047              $post['subject'] = $subject;
1048              $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
1049              $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
1050              if(isset($mybb->input['postoptions']['disablesmilies']))
1051              {
1052                  $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies'];
1053              }
1054              $post['dateline'] = TIME_NOW;
1055              if(isset($mybb->input['postoptions']['signature']))
1056              {
1057                  $post['includesig'] = $mybb->input['postoptions']['signature'];
1058              }
1059              if(!isset($post['includesig']) || $post['includesig'] != 1)
1060              {
1061                  $post['includesig'] = 0;
1062              }
1063  
1064              // Fetch attachments assigned to this post.
1065              if($mybb->get_input('pid', MyBB::INPUT_INT))
1066              {
1067                  $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'";
1068              }
1069              else
1070              {
1071                  $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
1072              }
1073  
1074              $query = $db->simple_select("attachments", "*", $attachwhere);
1075              while($attachment = $db->fetch_array($query))
1076              {
1077                  $attachcache[0][$attachment['aid']] = $attachment;
1078              }
1079  
1080              $postbit = build_postbit($post, 1);
1081              eval("\$preview = \"".$templates->get("previewpost")."\";");
1082          }
1083      }
1084  
1085      $subject = htmlspecialchars_uni($parser->parse_badwords($subject));
1086  
1087      $posthash = htmlspecialchars_uni($mybb->get_input('posthash'));
1088  
1089      // Do we have attachment errors?
1090      if(count($errors) > 0)
1091      {
1092          $reply_errors = inline_error($errors);
1093      }
1094  
1095      // Get a listing of the current attachments.
1096      if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0)
1097      {
1098          $attachcount = 0;
1099          if($pid)
1100          {
1101              $attachwhere = "pid='$pid'";
1102          }
1103          else
1104          {
1105              $attachwhere = "posthash='".$db->escape_string($posthash)."'";
1106          }
1107          $attachments = '';
1108          $query = $db->simple_select("attachments", "*", $attachwhere);
1109          while($attachment = $db->fetch_array($query))
1110          {
1111              $attachment['size'] = get_friendly_size($attachment['filesize']);
1112              $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
1113              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
1114  
1115              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
1116              {
1117                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
1118              }
1119  
1120              $attach_mod_options = '';
1121              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
1122  
1123              if($attachment['visible'] != 1)
1124              {
1125                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
1126              }
1127              else
1128              {
1129                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
1130              }
1131              $attachcount++;
1132          }
1133  
1134          $noshowattach = '';
1135          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
1136          $usage = $db->fetch_array($query);
1137  
1138          if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
1139          {
1140              $noshowattach = 1;
1141          }
1142  
1143          if($mybb->usergroup['attachquota'] == 0)
1144          {
1145              $friendlyquota = $lang->unlimited;
1146          }
1147          else
1148          {
1149              $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
1150          }
1151          $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota);
1152  
1153          $link_viewattachments = '';
1154          if($usage['ausage'] !== NULL)
1155          {
1156              $friendlyusage = get_friendly_size($usage['ausage']);
1157              $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage);
1158              eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";");
1159          }
1160          else
1161          {
1162              $lang->attach_usage = "";
1163          }
1164  
1165          $attach_add_options = '';
1166          if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach)
1167          {
1168              eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";");
1169          }
1170  
1171          $attach_update_options = '';
1172          if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0)
1173          {
1174              eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
1175          }
1176  
1177          if($attach_add_options || $attach_update_options)
1178          {
1179              eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
1180          }
1181  
1182          eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
1183      }
1184      else
1185      {
1186          $attachbox = '';
1187      }
1188  
1189      // If the user is logged in, provide a save draft button.
1190      if($mybb->user['uid'])
1191      {
1192          eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
1193      }
1194  
1195      // Show captcha image for guests if enabled
1196      $captcha = '';
1197      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
1198      {
1199          $correct = false;
1200          require_once  MYBB_ROOT.'inc/class_captcha.php';
1201          $post_captcha = new captcha(false, "post_captcha");
1202  
1203          if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1)
1204          {
1205              // If previewing a post - check their current captcha input - if correct, hide the captcha input area
1206              // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits
1207              if($post_captcha->validate_captcha() == true)
1208              {
1209                  $correct = true;
1210  
1211                  // Generate a hidden list of items for our captcha
1212                  $captcha = $post_captcha->build_hidden_captcha();
1213              }
1214          }
1215  
1216          if(!$correct)
1217          {
1218              if($post_captcha->type == captcha::DEFAULT_CAPTCHA)
1219              {
1220                  $post_captcha->build_captcha();
1221              }
1222              elseif(in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3)))
1223              {
1224                  $post_captcha->build_recaptcha();
1225              }
1226              elseif(in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE)))
1227              {
1228                  $post_captcha->build_hcaptcha();
1229              }
1230          }
1231          else if($correct && (in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3))))
1232          {
1233              $post_captcha->build_recaptcha();
1234          }
1235          else if($correct && (in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE))))
1236          {
1237              $post_captcha->build_hcaptcha();
1238          }
1239  
1240          if($post_captcha->html)
1241          {
1242              $captcha = $post_captcha->html;
1243          }
1244      }
1245  
1246      $reviewmore = '';
1247      $threadreview = '';
1248      if($mybb->settings['threadreview'] != 0)
1249      {
1250          if(is_moderator($fid, "canviewunapprove") || $mybb->settings['showownunapproved'])
1251          {
1252              $visibility = "(visible='1' OR visible='0')";
1253          }
1254          else
1255          {
1256              $visibility = "visible='1'";
1257          }
1258          $query = $db->simple_select("posts", "COUNT(pid) AS post_count", "tid='{$tid}' AND {$visibility}");
1259          $numposts = $db->fetch_field($query, "post_count");
1260  
1261          if($numposts > $mybb->settings['postsperpage'])
1262          {
1263              $numposts = $mybb->settings['postsperpage'];
1264              $lang->thread_review_more = $lang->sprintf($lang->thread_review_more, $mybb->settings['postsperpage'], get_thread_link($tid));
1265              eval("\$reviewmore = \"".$templates->get("newreply_threadreview_more")."\";");
1266          }
1267  
1268          $pidin = array();
1269          $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND {$visibility}", array("order_by" => "dateline DESC, pid DESC", "limit" => $mybb->settings['postsperpage']));
1270          while($post = $db->fetch_array($query))
1271          {
1272              $pidin[] = $post['pid'];
1273          }
1274  
1275          if(!empty($pidin))
1276          {
1277              $pidin = implode(",", $pidin);
1278  
1279              // Fetch attachments
1280              $query = $db->simple_select("attachments", "*", "pid IN ($pidin)");
1281              while($attachment = $db->fetch_array($query))
1282              {
1283                  $attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
1284              }
1285              $query = $db->query("
1286                  SELECT p.*, u.username AS userusername
1287                  FROM ".TABLE_PREFIX."posts p
1288                  LEFT JOIN ".TABLE_PREFIX."users u ON (p.uid=u.uid)
1289                  WHERE pid IN ($pidin)
1290                  ORDER BY dateline DESC, pid DESC
1291              ");
1292              $postsdone = 0;
1293              $altbg = "trow1";
1294              $reviewbits = '';
1295              while($post = $db->fetch_array($query))
1296              {
1297                  if($post['userusername'])
1298                  {
1299                      $post['username'] = $post['userusername'];
1300                  }
1301                  $reviewpostdate = my_date('relative', $post['dateline']);
1302                  $parser_options = array(
1303                      "allow_html" => $forum['allowhtml'],
1304                      "allow_mycode" => $forum['allowmycode'],
1305                      "allow_smilies" => $forum['allowsmilies'],
1306                      "allow_imgcode" => $forum['allowimgcode'],
1307                      "allow_videocode" => $forum['allowvideocode'],
1308                      "me_username" => $post['username'],
1309                      "filter_badwords" => 1
1310                  );
1311                  if($post['smilieoff'] == 1)
1312                  {
1313                      $parser_options['allow_smilies'] = 0;
1314                  }
1315  
1316                  if($mybb->user['uid'] != 0 && $mybb->user['showimages'] != 1 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
1317                  {
1318                      $parser_options['allow_imgcode'] = 0;
1319                  }
1320  
1321                  if($mybb->user['uid'] != 0 && $mybb->user['showvideos'] != 1 || $mybb->settings['guestvideos'] != 1 && $mybb->user['uid'] == 0)
1322                  {
1323                      $parser_options['allow_videocode'] = 0;
1324                  }
1325  
1326                  $post['username'] = htmlspecialchars_uni($post['username']);
1327  
1328                  if($post['visible'] != 1)
1329                  {
1330                      $altbg = "trow_shaded";
1331                  }
1332  
1333                  $plugins->run_hooks("newreply_threadreview_post");
1334  
1335                  $post['message'] = $parser->parse_message($post['message'], $parser_options);
1336                  get_post_attachments($post['pid'], $post);
1337                  $reviewmessage = $post['message'];
1338                  eval("\$reviewbits .= \"".$templates->get("newreply_threadreview_post")."\";");
1339                  if($altbg == "trow1")
1340                  {
1341                      $altbg = "trow2";
1342                  }
1343                  else
1344                  {
1345                      $altbg = "trow1";
1346                  }
1347              }
1348              eval("\$threadreview = \"".$templates->get("newreply_threadreview")."\";");
1349          }
1350      }
1351  
1352      // Hide signature option if no permission
1353      $signature = '';
1354      if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature'])
1355      {
1356          eval("\$signature = \"".$templates->get('newreply_signature')."\";");
1357      }
1358  
1359      // Can we disable smilies or are they disabled already?
1360      $disablesmilies = '';
1361      if($forum['allowsmilies'] != 0)
1362      {
1363          eval("\$disablesmilies = \"".$templates->get("newreply_disablesmilies")."\";");
1364      }
1365  
1366      $postoptions = '';
1367      if(!empty($signature) || !empty($disablesmilies))
1368      {
1369          eval("\$postoptions = \"".$templates->get("newreply_postoptions")."\";");
1370          $bgcolor = "trow2";
1371      }
1372      else
1373      {
1374          $bgcolor = "trow1";
1375      }
1376  
1377      $modoptions = '';
1378      // Show the moderator options.
1379      if(is_moderator($fid))
1380      {
1381          if($mybb->get_input('processed', MyBB::INPUT_INT))
1382          {
1383              $mybb->input['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
1384              if(!isset($mybb->input['modoptions']['closethread']))
1385              {
1386                  $mybb->input['modoptions']['closethread'] = 0;
1387              }
1388              $closed = (int)$mybb->input['modoptions']['closethread'];
1389              if(!isset($mybb->input['modoptions']['stickthread']))
1390              {
1391                  $mybb->input['modoptions']['stickthread'] = 0;
1392              }
1393              $stuck = (int)$mybb->input['modoptions']['stickthread'];
1394          }
1395          else
1396          {
1397              $closed = $thread['closed'];
1398              $stuck = $thread['sticky'];
1399          }
1400  
1401          if($closed)
1402          {
1403              $closecheck = ' checked="checked"';
1404          }
1405          else
1406          {
1407              $closecheck = '';
1408          }
1409  
1410          if($stuck)
1411          {
1412              $stickycheck = ' checked="checked"';
1413          }
1414          else
1415          {
1416              $stickycheck = '';
1417          }
1418  
1419          $closeoption = '';
1420          if(is_moderator($thread['fid'], "canopenclosethreads"))
1421          {
1422              eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";");
1423          }
1424  
1425          $stickoption = '';
1426          if(is_moderator($thread['fid'], "canstickunstickthreads"))
1427          {
1428              eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";");
1429          }
1430  
1431          if(!empty($closeoption) || !empty($stickoption))
1432          {
1433              eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";");
1434              $bgcolor = "trow1";
1435          }
1436          else
1437          {
1438              $bgcolor = "trow2";
1439          }
1440      }
1441      else
1442      {
1443          $bgcolor = "trow2";
1444      }
1445  
1446      // Fetch subscription select box
1447      eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
1448  
1449      $lang->post_reply_to = $lang->sprintf($lang->post_reply_to, $thread['subject']);
1450      $lang->reply_to = $lang->sprintf($lang->reply_to, $thread['subject']);
1451  
1452      // Do we have any forum rules to show for this forum?
1453      $forumrules = '';
1454      if($forum['rulestype'] >= 2 && $forum['rules'])
1455      {
1456          if(!$forum['rulestitle'])
1457          {
1458              $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']);
1459          }
1460  
1461          if(!$parser)
1462          {
1463              require_once  MYBB_ROOT.'inc/class_parser.php';
1464              $parser = new postParser;
1465          }
1466  
1467          $rules_parser = array(
1468              "allow_html" => 1,
1469              "allow_mycode" => 1,
1470              "allow_smilies" => 1,
1471              "allow_imgcode" => 1
1472          );
1473  
1474          $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser);
1475          $foruminfo = $forum;
1476  
1477          if($forum['rulestype'] == 3)
1478          {
1479              eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";");
1480          }
1481          else if($forum['rulestype'] == 2)
1482          {
1483              eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";");
1484          }
1485      }
1486  
1487      $moderation_notice = '';
1488      if(!is_moderator($forum['fid'], "canapproveunapproveattachs"))
1489      {
1490          if($forumpermissions['modattachments'] == 1  && $forumpermissions['canpostattachments'] != 0)
1491          {
1492              $moderation_text = $lang->moderation_forum_attachments;
1493              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1494          }
1495      }
1496      if(!is_moderator($forum['fid'], "canapproveunapproveposts"))
1497      {
1498          if($forumpermissions['modposts'] == 1)
1499          {
1500              $moderation_text = $lang->moderation_forum_posts;
1501              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1502          }
1503  
1504          if($mybb->user['moderateposts'] == 1)
1505          {
1506              $moderation_text = $lang->moderation_user_posts;
1507              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1508          }
1509      }
1510  
1511      $php_max_upload_size = get_php_upload_limit();
1512      $php_max_file_uploads = (int)ini_get('max_file_uploads');
1513      eval("\$post_javascript = \"".$templates->get("post_javascript")."\";");
1514  
1515      $plugins->run_hooks("newreply_end");
1516  
1517      $forum['name'] = strip_tags($forum['name']);
1518  
1519      eval("\$newreply = \"".$templates->get("newreply")."\";");
1520      output_page($newreply);
1521  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref